sigma-rules/rta/bin/PsRunner.exe

MZ�ÿÿ¸@€º´	Í!¸
LÍ!This program cannot be run in DOS mode.
$PEL
:ñ»Yà"
0š2 @@ €@…H2O@¬`1  H.text   `.rsrc¬@@@.reloc`@B|2HD"Ì
0}
(

o
s
&o
%o
o
%o
r
po
o
o
s
o
+o

	o
&o
-éÞ
,o
Üo
o
*
Lg
.rp( 
*0
Ži.rŽp(!
(*ššrØp("
,(#

ݸ&rÞp(!

ݶrp("
,#s$
o%

݈&rp(!

݆r@p("
,8(&
o'
o(
(#
�
%¢o)
š
Þ@&rFp(!

ÞAr~p("
,
Þ &r„p(!

Þ!r´p(!
(*,(
( 
*	*
4,8
Wh
‡)°
ÌÐ
(*
*BSJB

v4.0.30319l(#~”¤#Strings8è#US 
#GUID0
œ
#Blob
G	ú
3
"*
[
Ð
¿=¿
Yß,
ô³
ô”
ô$ôð
ô	ôC
ô
 ö w
ô^
h-Á
ny"n>
+×
†y
w×
Ùy
y
š9ó†Á“Á—Á’%E4#Y®YÁ

¹0A

P ‘/ƒ
ì ‘µø ‘Ò¹<"†S
]
î	S
SS
)S1S9SASISQSYSaSiSqSyS©h)‰Í±S.‰Ó4¹l9Á[ÁY¹>‰â‘SENO^‘acÑeiÙè�‘máÈméðqéÉqá–}ñzƒùSù‚ˆ

�

Ÿ“	
¼má?™�S.¿.È.ç.#ð.+þ.3þ.;þ.Cð.K
.Sþ.[þ.c
.kF
.sS
vGW€
0£5
¬×£ÁCollection`1IEnumerator`1<Module>System.IORunPSmscorlibSystem.Collections.GenericAddcmdAppendCreateRunspaceRunspaceInvokeIDisposableFileConsoleget_MainModuleProcessModuleget_FileNameWriteLineCreatePipelineCloseDisposeWriteGuidAttributeDebuggableAttributeComVisibleAttributeAssemblyTitleAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributePsRunner.exeSystem.Runtime.VersioningDownloadStringToStringSystem.Collections.ObjectModelProgramSystemTrimOpenMainSystem.Management.AutomationSystem.ReflectionCommandCollectionPrintHelpStringBuilderPsRunnerIEnumeratorGetEnumerator.ctorSystem.Diagnosticsget_CommandsSystem.Management.Automation.RunspacesSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesDebuggingModesargsSystem.CollectionsStringSplitOptionsGetCurrentProcessPSObjectSystem.NetSplitWebClientget_CurrentAddScriptMoveNextSystem.TextReadAllTextRunspaceFactoryop_EqualityOut-String
ƒuInexorablePoSH
Workaround for AppLocker deny of Powershell using .NET

inexorableposh.exe [<flag> <argument>]
flags:
-f <file> : Read script from specified file
-r <resource name> : Read script from specified resource
-d <url> : Read script from URL
-a <delimeter> : Read script appended to current binary after specified delimeter. Delimeter should be very very unique string
-c <command> : PowerShell command to execute, enclosed on quotes.
I[!] Error: Proper arguments required-f
)[!] Error: File Fail-d
1[!] Error: Download Fail-a
7[!] Error: Append Read fail-c
/[!] Error: Command fail1[!] Error: Improper flag]#·¬ù·ºFžŠE½ÀÂ@ô 

 
 

 

 

EIM
QQE 

E ] a e
Qe
Q M
M
Q  
I  


 
€� €…	 €‰·z\V4à‰1¿8V­6N5




TWrapNonExceptionThrows



PsRunner

Copyright ©  2017)
$83775b1c-2c73-4023-a00c-8bc0ca080cda
1.0.0.0G
.NETFramework,Version=v4.0
TFrameworkDisplayName.NET Framework 4:ñ»Y
,1,RSDS$3Oܽ¼K´’“JcŒå)
C:\GIT\rta\red_ttp\myapp\PsRunner\obj\Release\PsRunner.pdbp2Š2 |2_CorExeMainmscoree.dllÿ% @ €P€

8€
€

h€
¬�@4VS_VERSION_INFO½ïþ


?
D
VarFileInfo$Translation°|
StringFileInfoX
000004b0

Comments"

CompanyName:	
FileDescriptionPsRunner0
FileVersion1.0.0.0:

InternalNamePsRunner.exeH
LegalCopyrightCopyright ©  2017*

LegalTrademarksB

OriginalFilenamePsRunner.exe2	
ProductNamePsRunner4
ProductVersion1.0.0.08
Assembly Version1.0.0.0¼Cê
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>