MalScore
100/100

qury.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 23/69 Related 2391
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 274.50 KB (281088 bytes)
Compile time: 2018-06-20 23:54:35
MD5: 0dbf58d174e22519f799125bfebac6f4
SHA1: 894bfb6da76db8696451ebc8aecff101f6f0d3e9
SHA256: 9f9da6c42a96d465bb7a2da62eb14c4fe1c5b1c57d5ea62a5ef85dfd1d33ebdd
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 4 .text .sdata .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-21 22:51:05
Last submission: 2018-06-21 22:51:05
Filename detected: - qury.exe (1)
URL file hosting
hXXp://rvaginfra.com/include/qury.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-21 07:14:21 [23/69] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x1fc04 130560 615f1c29556e46b3e15e558ac34ce25d af943afe5cfd3d68668997373a4fe80df73e00d1
.sdata 0x22000 0x1e8 512 c253f19e060e7a7bf9f9d3743b340ca9 3cdf0ae0d7c90e632332783137db8be177007286
.rsrc 0x24000 0x24212 148480 2b3b44d5d8190e4f86b14bcaa4a6739c 7744862237bab9dc7ab7ec9dca4a7af497e9aa62
.reloc 0x4a000 0xc 512 4ce75362f1f6d9a2d71d1c69a9096979 9131c6e1b837a9dd2d76f3aedc074746cb1774f4
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x24490 744 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x24778 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x2478c 696 LANG_ENGLISH SUBLANG_ENGLISH_US
RT_HTML 0x24a44 144866 LANG_GERMAN SUBLANG_GERMAN
RT_MANIFEST 0x48028 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
InternalName: Twunk_32
FileVersion: 1,7,1,0
CompanyName: Twain Working Group
ProductVersion: 1,7,1,0
FileDescription: Twain.dll Client's 32-Bit Thunking Server
Translation: 0x0409 0x04b4
OriginalFilename: Twunk_32.exe
ProductName: Twain Thunker
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
file:///
Twunk_32.exe
VarFileInfo
FileDescription
{11111-22222-20001-00001}
Twain Working Group
Location
$this.TrayHeight
{11111-22222-50001-00000}
GetDelegateForFunctionPointer
{11111-22222-30001-00001}
ProductName
{11111-22222-40001-00002}
.#J.;U.3J.+J
Twain Thunker
!B"9BFABPQBPYBPaBFiBPqBPyBP
StringFileInfo
Translation
Twunk_32
1,7,1,0
.{J.sJ.kJ.CJ.
"!#"$!%!&!'!(!+*,*-*.*/*0*1*
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
InternalName
{11111-22222-20001-00002}
FileVersion
Twain.dll Client's 32-Bit Thunking Server
VS_VERSION_INFO
BFO
file:///
$this.GridSize
$this.Locked
BFR
BFP
ProductVersion
$this.Localizable
{11111-22222-50001-00001}
040904b4
OriginalFilename
$this.Icon
{11111-22222-50001-00002}
$this.SnapToGrid
{11111-22222-40001-00001}
BFj
CompanyName
System.Security.Cryptography.AesCryptoServiceProvider
$this.TrayLargeIcon
{11111-22222-10009-11112}
{11111-22222-30001-00002}
progressBar1.Locked
BF.[J.SJ.KZ.c
progressBar1.Modifiers
$this.DrawGrid
$this.Language
hkmGgc9xmg3oAYcShC.RfNUIVlUqbr4HJ5vbD
V+ (VC
f1wGEmZt84swhyWWkqK
H'/9
lUVFyKZ0pFcMjCb6eAp
booFDwVhjhSr775Adw
M9cHNK551s
MZ5,n
TI+O
PAN8sexefcXtQy5WEHU
l96tFjRZs
vFI.
Int32
poZMX5EkdkBvjT77h7V
k<~|
r}Be
TEPxRlZMqNgxaTZbHcF
>mDx(vP7
ObjectHandle
wvB%1
f+ (<
<<^1Z
textInfo
TargetFrameworkAttribute
!kE.
)KY
evxe6or8pVOZTv1kVXP
zk]{c
M*i
>ccw
ICryptoTransform
wwFR
CF3tG
I r ,6N
M^F
? *zo
L6J~
/h+l(
?63
uwdI
o}`/$
cMNu';{
jgN1AiWA05hZrdwiM8
oNB+7N
gU<r
UtmfecE3sgxPtji04Mx
/rMq
w3ZSkbZROyQSUqUhcD9
A1j#*
h!YG+|
*MMK
bsFm4sYVubEVDDHph98
AbyR]7
"6x-d
Ux+I
vg(r3O
s^L0
l%NB
l9pBMVroGvXXFB3TlZa
Q*H
/g-8
@(t^890
V) ap
+ (>+U.
Omup8wXUAGHwLgsrpL
ffop
K_T 0
`~
A11OhMZDIGErix1kvOF
~mG^
CryptoStream
bp8Z
MidpointRounding
<4Mzz
Uz'U
Ax4g
z |'
>Z-$#
wXWNCBZTsVAcCWL5fKa
i!|
*{fI`
w{t
>+ (
'EA4
PNG
f+ (C
C9wh
2RfM9l.
U7 Gq
;d[<
ujGQOxEfO4fNRRWZlug
Marshal
.cctor
I^<<
\;Z'
ih5aTEECMcPrNW7sjr
L=/z
dghQHOE6IAbGJWqiZ2P
SortedList
WG9R3
X'yXgm
q<N3
wcuH0uu8hB
MH4XHjXevW3b2gaiEx
l5R0u7dRQoLTSPqJPGo
VDZHhDElsS
^k{9
>&6#
RuntimeFieldHandle
;,0|
zLyrH7s2eiJWOIrKPd
msvJqEZncFfKUdXOVWN
JTYHYGjh4u
L/eF]V
Nj1wFJBU14IsKG834K
RcAOrLddZb7dcDhJ0VF
v+ (
XwEHdVGWaY
jKSe
]9o-
9e!T
rYr1
h\_0
iNQ
Od7G=
EndInvoke
)}5>Do$
nYHkR0QvE3
;.^U
*q$#
4xIa
nfL`0
W7mH)
4~2p
NeK<
Q` Z
DnqO
O0lHHgZISJ`1
dHkw
m3rL
E4r *
!G*kX\_
(.\`Gd
;YR3i6
u#ga
LB3Y
cy0HCW1mdP
MKp0M4EOWRxboPtKm6
`B-5tBm
f+ (i
%#P?
pA{w
&eQm
L8Ue8WZOooYgpvbrPv0
currencyDecimalSeparator
z6Q'
~[+i
kV;*
pH<U|J
knTbkT7EO
U^6x
1cM9
$T]X]
!nR
+ (r=VS
AssemblyCompanyAttribute
Bt2XkusUPRZJvWPbpT
*kro
,q$\U
P7vw
S6XTstRxcZ
E6yhsXaQ2YRhZhBuYR
. s
Uspb2y9NtqgyHgEgUq
__StaticArrayInitTypeSize=40
JMpwMJrS8fZI6BYFCYK
B+ ( )b5
Format
1>4
m_useUserOverride m_win32LangID
uktObHSSFkRLXIIG2PC.FmJoJfST0HXYDfWAwQG+WGHCc1SGYTXjlgxAxq4+CcxTF4Sb88sQhmknkRI`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
\L9x
@N#yS
e87HJkWjkr
q0ZHpHMMO0Sb6V9slQ
R]R5
& ~+
e<5 9
Q7ip#
=%Zu
Fa?
G*N
YSxkdlhRX8
u4+~
]eRn<
pVHrA3iL1UbipIIonE
SEv4_
Lm'=
@;Yr
r/!U
4#J3
C>GmlH
'_;D#
zYoRpdYoQyreSr4rxIY
=g]gSVC1
o~y
QjNKSvVOn4WeFFLk1s
aI9}b
B4wHk0L5pD
B+ (Bw>A
{ZzYX
lSKEP4d5gucBiBf23pB
6\o{<
eMZTrdfuS2
PADPADP
?rQ_
6\o{< 8
pHLGV
Dk;tl
,iMR
>_u2
z0vsm3YnmaBFV9ng6KD
sgv9Sgr3L9bNMI7eoZQ
jiERr
;yP]
e1nR
Y?RAz5
f9OWs0Yf6cxksh6l5Jv
H UKdh_
Uh!:
FromBase64String
\F-9'FN
v{sq
bw`8
AssemblyTrademarkAttribute
cZl:
&6~4
m_listSeparator m_isReadOnly m_cultureName
8Y'>wDO
n6~4
D(r1
CVnT
uB&Z
m42LBdYv1dLqU3YmkRI
j{[O
56I
,8L]
iMj`
hpbfaCrb38WPxZ0A30f
_|W8>p
w "K
\a ?
+yqD
hk2#
4S6t
:CxIn
#Blop
Rk~ua
5fx2
D=d
#c *
ae_t
#Blob
r+ (;L 0
?3C]
#@=m
#_?7
pIX[
';*c
H[%(
H~84
u$aF
g@st
t8PSF
Q4h7JpYj3ZIWQ62ruIF
+ (OlMa
zTSwVhYkqOsEbp7xjMx
z7jY
A7-U
E
6{*q
*y6,
s?Pk
ibPKObE2SbnZgSSIS8d
<+>!
rGS{zs
~9+r
PuJMXAI2u
-M_bE
v+4_
@6 Cf 3
4g m
B G{^>
Type
)g 9
negativeInfinitySymbol
ic>r>H$+
TFK69K8TVCFnrI2mga
GQ9Vr7mlK
r(mMq
:V`s]
+ (I
}ZFV
ad0WGVYupEurvhOqI3d
f+ (%p[E
TDDOcsBPT1K8I9EZb2
Q6.h{
RSACryptoServiceProvider
I~tT
^^7o]
(B+m'
H>s%KiG
&Dl%
YhsXmurEU3l1HDjug49
~aTX
($WC
$'@0
}f!j
"X.SR
GetValueOrDefault
Bhp2c@
X YP
$$method0x6000007-1
5GiN
D\C1
<-q$6
eYTTaHGQn
wGT
numberNegativePattern
FSChR2dz6WqLxebdYxP
`|'?H
hG({
gKCT8SfG0G
[4H4
ZN7)
yGh2UImWG
4fz5
CreateDelegate
tYdkcuZG4GJnLg9qexm
YhfBIDdvHmsLWt6LHJC
@E]Eei}I}/T
sUaQ
+ ({
4}<D
YY&+
HashAlgorithm
K)s\v
FimRYQdmBVwDjYKjvCM
SpAIB6Yp0gF2f0YTueZ
lElqT5KVpYuPPYxCLl
kX3WI1xCwOyTInu5yB9
bx2kAVM2k0
NOp$
/%Vu
uAwC
50:
m2eb62xzHlMpPjEol5g
C[<x
ResolveType
sT5MDOdblyHHiCyb9Sa
a2Mknax1gO
k91kyfTH3g
zFtnOISNNxc9BFl5KCU
JYl>

'')M
~'c!
_NyN^B
1(q
DB'9
eZf
)!#e
v,m
&\$>r
3|?
,KU'*"
__*r
V2FquIZJDKwtgyhJjOP
j@
;!J_
@D)S
wfOVHoYUwjYLY4yDbvF
ygQ0QqYgn0wCrcX4Gu0
@TmS
aXcO
I}G'|
IIHz
9 (
gImWl8E8Ug9nrAt71UO
MP$+
B0Zu%Z
>@$
'%D,UD
[8%),::
{` U
nrLk7CNNTg
BGDI
C7,u|
.text
Ya6|
QQ|+
pkqYNydwaCGfRiom5fA
z'YY
ce4DmfsmSrOT856tDgfrkMb
GetString
'3x<
_s Q
V6xkZ0FSrQ
CA U
Gn>S
-yCZ
Convert
*EjV
a[V8
positiveInfinitySymbol
object
percentGroupSeparator percentSymbol
FlushFinalBlock
numInfo dateTimeInfo
*z(=
w@'r,
7Z'^-
- _\S
ziLkP2WTc2
|z2c
2N61
V+ (Fw36
EW&m
_3dk
U'kK
Ctoe
sO^QrZ
FlagsAttribute
YfAy
uMue
Nqx,
F!rY=-
P:]_9
$$method0x600005f-1
Vi6T=4
C!jK
$$method0x6000020-1
~G4s
$$method0x6000020-2
.i6X
v1q?r
:I=_
6'#
(izW
zeX1c
_g@#
*f+ (
]yTkW
H :ITe
#y6l3O
JvH3LFAOFiy1vx0PEf
,_M=d
<p7.
z"_i
vfop
\jP2y%y%
{JTXP
CipherMode
gtRW/
UI?u
G,
S;5,
JPCo5SZQR4UrmuA6cv
&[EI
q-I-
/F|WJ+
K}?q
H|f-
LW81k4ZmKfgPvwvlFwV
sKZ:
',k.
U03F02wOo
dVjYNWm0heGJYKmw43
l}^b[b
Ffp
z|,|
33^m
f+ (EV1B
659dc7e6-e862-4281-a976-8ff6cf5c8568
V+ ()<;E
"]]R
jn"Z
8-/i6l
EQ~RcU
@FJU
>AiP
System.Globalization.Calendar
; R
.Ic|!
#u =
oRfhn M
aUEA7WZVNc3qXAA9pUJ
^X@y
Z~MS
wplxRVYWKJWFwMCJEXB
bywsVBEs0C1RClgJVvM
Q~ZI
{_8#
boeOuddlletGlf5XXrp
CreateDecryptor
Q q$
YdbVUJZdxn0DZD7Olyt
V+ (`R0c
LZ U
ujIj
OLZlr6Ut6UC1GKstRb
X 82
M~;Y
cjvkw1997A
"GY{
result
WJ|4I
2jn]
aVlxdvfqe5U4FRBmaO
:08C})
+d 0
zlxYx3XYe`1
J~S3y
.ctor
LQYuEHdq7j99ZYsjiAq
yJud
UhhP%
J3tIf2ryD92cNxbS5Od
#$)g
LsCReid1tWsCOsxN1RK
get_CodeBase
vY)b
)oo.m
-Infinity
=/y_
zgj9kUYTuBUvyIyDbxr
BkZ@u
gQC9kcrsRPyvGHTfp5k
Ya3d6
*w4{x
i75C&Y
T-7B
LbfHxq2kNe
=B^
GetTypeFromHandle
G51DaASfaYRLUCxeOO1
*zAn
+ (,
@u0*
G02
.zz#
DDVHWLlXMO`5
e: G
xoxTdYwgPU
v+ (c6*^
A=MH
Btb6P
R6BhVyHlD5hhA26voB
sSDO85b22Y9FwiosGv
}$E9r
X 8O
DZ7i
/A ?
a$G[
;[zfC
kgPv
X 8E
DA9HMvdTA6
1pk@
ATYN6s5Sy80xBWtdY9
b+ (|$2g
:|+^
height
d@.K:x!
\]<%
HGsY
:gV:
fuYCL[M
NvH3JfrRf29VuDXs6l0
StringCollection
`i U
culture m_SortVersion
sKhs5Irl8CmRGxGmTu5
>st
Hj4p4xEJHQH1x9XSLtO
g}V[
i T.x}l
& B(
[-2d
6;b9%Zm
d8i,u
/$+L
f+ (,r.8
)( B
NMNq
G ro
L}Fe
N wp
dTvVUqqNtroJgujSGy
qlxTINTLjP
N
pQB
_}lp
) ,'
. 3S
BeBhXOUU1
:z~Y
/i -
GetBytes
oWUK3ggDU
UqlExdJj2JkC8bBtEh
7O>gr
h2VGyDxI4XJK2lRxBuZ
Lc64qN1gb1IXj
E%EK;@
znojCZNk7gPS39el6Y
b._qX
ReadAllBytes
XR}Y0
sDuzhoeWP
pR{I
B+ (4UG_
V#*!
i@s}
H\z%{
jz+v
8
|;C
Write
sy_/
{}qiu{
Xk0tb
ZyZ
q.v V;
zdm]V
NrQTwWmiOB
uV@N
Y9dNUWx8SkS7K5kllfv
nativeSizeOfCode
get_Assembly
O+wc24M
O-cG
(m-l^
UInt16
q1eNZAeGK0T71oOnkl
\/HoX
rGPB6FrjMiQe77YcDcS
dK7Vd9dyrYBpybUbE63
V+ (qf
'q$C
ryOkJBxigg
_)S,
SpnGasjXk
yJWHKcMLp4
ggQppaDAT
bV@a
sPwkucYxHD
GJO+N
f%2,A
u%u5
Invoke
u#4b
Z6Q
System.IO
Oh "n
WrapNonExceptionThrows
QWcCMVx7gb8mRrqec9C
JYkAr K[
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo
numberDecimalDigits
.L,
W1YPLLxw3McFQvW2Wp3

jM3cNnC90Exhrm8cmQ
~DFZ
D 8
Console
Gcue1ufxjIIHYa14n0K
;
K KR
l}q@
System.Globalization.SortVersion
F4$J
jIkwJYYkYFZvsif7kt
JsuH3Z4OEH
zMB+
d>$%
+ ([8mm
YXqjrxGRamxjXZabBu
percentNegativePattern
f+ ( k
m1au8dZ4vxBF3D0aFCa
5_\6
JLSkTcbF5K
T60UfFrdBfIStCAurZP
HPNWV1ECuh8Ekfb72jQ
2P}\S 1Rtaz5
} '
3fw(/
KWvcY5dBg4AF2pkaJIW
##Y`)
zne8x

d==U
Di\!
__StaticArrayInitTypeSize=64
e-!O
KEYTKxUpxp
& ?@
vsHs@
oL"c
Z>U@
Go",
%r$u[T
z*WE
IHDR
System.Runtime.Versioning
H \e
S&rP
@.dU
<zhg
+ (HuVE
YIY"G
3chP|
;M \
Z!|F
IconSize
8$sl {
3f y
tTMT
:?q
xt ,
$g% r
DQUV
v3pq
MuU-
23D
bicZ2yYB4eSC9cx9N9t
};r$6N
U{ Kq$'(
n1kT1I1aWg
Njx5xXdw4
&%).
WriteLine
6~4
v+ (D
kGI
j+ (S 3`
System.Drawing.Icon
Rc@s#g6.
SRRGjVkqq2WtNdcbZu
aoKlxUlYA
=O=\
rHJ5KOZrsAF3rTV1CDD
Baun
FnGZ
!ZD%
[[{D
Ril_
mYO
R=%kU:
&#G(j">
M0yxOxxJxKgM9a4Hv23
Cc+&
J6tSvxhOkOqMJolLrE
nN"1
|)M
w} L
j!_y
wOTr
CreateInstance
$$method0x6000039-1
PCZ'
6w~&d
dy 4,
MethodBase
T5~4
C42CW3rMtEirwWS7pnp
M(^C
+ (<0`T
System.Collections
KQjO6bxX9FVvb2cYd7o
FHV&
JZvtj22Pfxb4WUWJIk
9OMI
x]Dd
W{0i
v+ (+
wvHTyvMY6u
Z x+
g:n B|B
pXCr7XxDFMErNAnax0P
BFRx
t n;
Cj#$1Gd
Environment
hjHnxwBqDjGcNDQIpo
wNvfLhxhITj1HaWYKG5
Cn?4A(
~~Eu[
{n}q
q!1'
tNT5
GZLq$cB'
YR77xgKFY
MQ6C7srmjtP9pTHKRqb
currencyPositivePattern
{!Ss
7(!4
2&^_
ApUHfgWWkP
digitSubstitution isReadOnly
/KPm
width
guP9xvrwTWFgdMLfV7Q
tLX
3 m M
Ww19WCx0uRfK477WdXj
EdvebUxapxER9ftjD3o
get_EntryPoint
b819
vCeh
cUn5
BuEHn0xpDY
9RB{
<U3<
2b]R
s#I<
System
lea 4
6uGT
_ .8e
G(d$
UR5H
Vjx7vHxLp4HPDZCVQUF
;jn
7.@9
(Lokh]
DjGTURWDFu
l $H
lx99MjdrZX9L9h4QKkA
System.Diagnostics
GetType
)h9u#
GT-3
"jHS
iU^
}kp_
fAZuxRxxKHf2UjQ7fX5
g.XYV3q
LXrEBT3jafUpiWF74q
3**6
Microsoft.CSharp
cC9xAOq7K
iyXYtp6fYybbXl94wa
f+ ({E[R
b9I8Z
oOY
Activator
w J
_8Ri
M7qh
UNZsWsovlQWpSVEaXb
O7qyybEnPuqDEVgwKJV
bR@lk
3!#A uE
o h3;O~8"F
G0Ca88f1c
ss s
<.#3
-- J2
bA96@
j38HiEEwSDMcKJm6mWi
IPr7gsYlUP4dr7kkXB5
+ (va"m
G;X8
.*i6<
l4xn5DrCwFM0u7gay0c
im_W
MZWPP0DSbUkHdFwjJJ
y>)CA
?e4q C
Double
:\9Y
QS-2
ziyTnmKOJV
JJHCGTYJFP4D7AOXqvH
CompilerResults
@[&8
fnaShSWjUT24nlefa0
String
4> r[k,
kfi3Fixk0GbXnODvQwM
3qJi
Ca|,
F C*
M0Cf0KYHbk4S3w0kFCI
_GQs
!.##
m *i
q(z.
>KE:
csyT6DUg9B
f+ ($}
MD5CryptoServiceProvider
{|&2
&EFZ
get_BaseStream
JB)L
ePJ06mrOhOVxOBjpHE
*{Yq
G!.%jkK
_: v
r -'
Jk7HsrZPC1
fcIU8PodjTp4J0tP.g.resources
O}w@u
d%{u
get_UTF8
k n
F6GTNh25qR
-tEI
% VC
V+ (,rI^
f+ (40nF
:&+U
dfvb3Org3ZTTUecrHKS
vf (
FP6TFwMw7N
MVLCu
8&E"
-o{Sg
ncxbU3dgeKcsHS5O50D
x3YRdD78CwuxyiWMik
:sxx
Zfn5
9nzjH:
0z|H
AssemblyKeyNameAttribute
0j'^
ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

);
f}l_X
5sW.J
u9y.
f+ (=bYN
j+ (
,2_0
^Fzr 2
z. _%
r5FHMaZyum3gBN7GtDD
zR1H3qZUWadGRmAbt3k
f+ (m+
[:@^
get_ManifestModule
`Rd(
z5*7
$4"T
6$mTflaf+
a:D
nBV0h
kjackBO2SqF3bjBZKQ
Jpr C3[
{-,~/
[:@m
u~1
'`=m
U@S>
$LmI~
9A3_S
BitConverter
qemH=H
u +
->*x
9 j@
|p36fv
gyGl
j1iBGM6vWcfHZcYnWh
\;oe
tD%
f+ (e ,d
Jh`\
u.lk
:W>ne
IJV87iuDxeM8bgYOKA
O?oY
U!y4
bupynaZXK3sTToHuoYi
m_useUserOverride
aT-N&0
7JhD
DwI5
/+~}
5LJC
sP +
aYBa
;"4"nD97
70$S[(
4wT_"ty
xWe8JGY5Jkh8gPtO3w8
ZGYh
YWK5
f+ (^]P<
MgTgYyZ6V17rCTl3gu0
tD%;
System.Core
kYMPBVdKjKPUxwibE54
HI8ePKZwuls15sZxMs6
g`qK[
"S,=
yF{h
OPvC
J9RTjrkDvr
KQZfbprGAU4NH55VL67
vlmX
kamh
TEdDIh0N1dPaIhyjKI
G4<:`
s1 C
Delegate
IJLT 1
AssemblyName
9:Nh
aAf~
zk2TBo2w5V
@[&8:
( \tj:
#%ZK:
Janm^]
#`B>
YbbbH
get_Unicode
R%x,4
hfJw
+ ({H38
HCIt46ZCtQ3hsVCjdws
><Tm
KfM|?c
$Gi.
RFuGGQxYVAimdp6OM8N
FNcJVbdO07CUObg3JJp
iFhOKfsajbmkDBeAa6
fWVnW
+ (,n
8+o
h 9QC
NktB
w >n
a*^?oEP7C
Qz6
>emiA
Enum
cvqHgZlSFK`5
+ (}e4\
:gF}
i6|z
Q%D
hFufSPdGIyXKmwmLiO
# '(
#Strings
sbw
C,2R
,e5D
v+ (9m6e
\;d5j
i~S]
pM+d
w'G\
V7mO
mgkLsmZK66UpnMGQZFP
ui|i<
get_Length
jG;V
Ty!.J
perMilleSymbol nativeDigits m_dataItem
4% C
OwFlBJd2TItiPGXwsQj
qb6D8
/H^0g
i
O/2j
/kc`
wKKF9kdE0F4K0SddQUb
XKSO27PapeWqSsgFa7
B8W?
j"*R
n\;.
r=)O\
"G:
X3vYThdCjm1xFI1HuuU
WOoHljDNaL
k6(4
S?oq
:lN@rf
\a ~UwsL
TEF9YFxGQ7ey62Fd9tH
Z%%;
]4-o r
wO0m
!
FMfM1JxWd4VmZrZmM2T
CompileAssemblyFromSource
?@4/
J}2usri
rEx^7
n@V{
f_`X
ValueType
M w
System.CodeDom.Compiler
<IwY
EiQEuWZjUNvFUdvM83e
Q\A(
'` HE
B_Vf
fE$3
JR
@ju`GCc
set_UseMachineKeyStore
ToLower
Tanh
_;y_6
Mq$<
!'aI"
v+ (b: :
+ (lJ9^
zsF<:
aK6~o
!4hZ
MQAXsARpUghSkORe1j
/0_
oOcm5WErEQQcG1pGc1p
v3MUgfr0hNQU2Cqg9ln
Trim
K[+j
jjFY
B+ (3ClD
validForParseAsCurrency
eBX<N
I}9h
SN1TDch9cf
EaRiuZESGH0logcC0YW
System.Runtime.Remoting
%AL@Bu
<l;-
duX
$vzX;
b$R%9
]7?`
S0eBSUhxDT8hLL0ZnU
Eij_v#
oRC
wGSd
a^7q
^g5Ce
hQIktbesde
Pio-d6
pZU#
*Y:/>o
SwX87PEpLxFeN99vMIA
ci\b
[K*
) mh[5_
k;W4
~ka.
K:u=i
f+ (`taU
>IviG&
T{',20
V!Jh;)Bv FX
ansTZfdFAS
aFRH96oUnk
vZJ96wniH
X=Y{Y
]7`xW
mu%\K
zrV7bMxgpbF8SqXffxX
+ (hv1k
^@@^
#(9Y
[Hyf
l?SN;b
\t y
UInt32
ToInt32
HMUDMad9t24BaxkDpRr
M8k0lornN2G5i5ypJwU
X=i8
SKk1JIYNoYq97hESUAC
g&7f
w3 +Q
cA)d
ToString
+2%e
X5bpIlZSUI3WqQYBg6Z
IK#RK
[&5i
M6jNk7ZeMkYWKYCLUGv
dGxTOOf0fG`1
jl5o4oZZVmmZTBUIXS6
SI u(
SOc9EMrWcYFXRAKos12
ZAL
`J}@u

wmC+F
QTnH7inRMO
#%KSf
GFzv
!;yU
f+ (
+ (l'HP
f+ (
f+ (
\wVp
X[N*
DLxLx4
.rsrc
9?,NqY{i
f+ (dBfg
*) n}Oh
SDS?
'cav
"md Y
1"JQ
HOOey>
f+ (.
f+ (*
p{R[
Unwrap
f+ ('
aI`w
f+ (%
b+ (` YH
f+ (!
f+ (
f+ (?
YLgmnNKIVRfRlQgsHY
f+ (;
f+ (:
f+ (9
h6hu
f+ (7
o9XNDIrcgnrVqUB4d3H
phT&I
S6A
f+ (2
f+ (1
f+ (0
NFIT58s1jY
f+ (M
f+ (L
f+ (J
f+ (I
pLNHUo0Mly
U%)8

`i%I
e4kyBFYOktGUTnwnWBO
[1NlXi
f+ (]
f+ (\
AssemblyDelaySignAttribute
i'dE-
f+ (W
Q=RK
PD8bDLZsxM0HOasuRMV
f+ (T
f+ (S
f+ (R
eKNkhVThfM
f+ (o
f+ (n
f+ (m
AWo]DhS
UiGdGAOwS
vdekGReJ93
iCyQFME5QVgiAUKDB8S
B+ (i|+J
] :
M0[=
q?wm
\6,+
d>_
f+ ({
w?qH
AQqpPkdVe6fj3RvQ8v8
f+ (x
\7'V
E6#&
System.Security.Cryptography
f+ (r
f+ (q
Asin
MemberInfo
[cDYM
S_ $
qa j
b:q+<
R*?J
ji,o
BQarjdaAy
S3srxQYzFLgVIvaMWye
;eg{
b+ (4&
Wq6m
oaTTxiIhSt
p!y!
7<'.'
(DkTe!
set_CompilerOptions
eu>w
SF;U7
=@
ROV0BgrYNGEevJdh7Nh
r(NE
=@ 8
RR4C;z
b+ (vx N
GI7Pny
(/ab
Ff:h
A?@3L
&#.V
7r5F
hOOmVFdUkIVyT0HZJl5
"O;Rt
faV@
:eik
)|%Y
OXE[
ToBase64String
Int64
DdM:?
currencySymbol
PTvFNQFmEqlEK4rR4t
numberGroupSizes
Xkly3sO9OKWGR14Nl1
d"_D
3z&
}qG08
Y,q&BQ
!t@E[m
>HW!
numberDecimalSeparator
z.[y
V+s
;H3c
pHYs
{6~4
C!r
nQMN~
s9i6
l5P7WsYbkACBHLAjF5G
67e^
7UkO
v!`l}
ueVplwNKIUDaJDyk5U
b+ (#
b+ (
b+ ($
sQQHQQakXg
UHfD5IV
# GZ
b+ ((
VgB4gwlKx
PQfH4w1u0I
NaleS0xTYpUWCQOeBCD
k9[3o
b+ (5
b+ (;
b+ (9
XnxDWsDO3
$]KV
b+ (=
kWj4yBrL1yAGecDdNXf
-<ui
}<\U2
kUcTQU7VOu
8RPuY
f+ (
LJGV5cEukCHIq973Vc
{!dmq|
PRmWYvx9wEBtPGcWlkS
b+ (
Wp J
JU^M
r36Ti5CkMOEvgd0y8q
b+ (c
b+ (b
oOsJWLY3CmxXlA72Dqt
b+ (f
"Gb i
mp""g
wfmQHcrDcF5eq94RWwb
~ukJG
ml/T
6~r{
wTusQ>
jl*_
MmFWKGSBCXvT5xrZJb
b+ (q
Cv G
CLy:
b+ (B
Z*e<
YwfJG5YaSZh3BZYsLJA
b+ (D
Y37
yfRRAWfBh
Che}
Module
p (~
brbudsZv55EAsxayuxc
9{]r
FrameworkDisplayName
X
082-5
Array
e4BDneEHk1VqqhKC5mx
eaXd9
A0&F
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
INp,
Ne}
[{<GC5Q
oI<^
H$?(
@.reloc
R$<J
Kp_Q
eq`8
oYqZZYx0GpGf9HATeO
67>t7
>w oLM
ConsoleKeyInfo
(z?t
#Bg
rC |`x
(>[z
xB%|
z.&u%
Q;KY
K_gG
#:#J{
>d`j7C
i2}h
/!Gz
E3LU
Byte
TSKPoyEiU
<C;`
CryptoStreamMode
b+ (pDi:
B+ (C
currencyNegativePattern
6</7q
X|$
H%G6
get_MetadataToken
Tg2
+ (\{
1_X,
_wbj
.2.w4
~]k~
!w0O
d<ui
W5A6NQETWInYTVBCmcF
p]@V
mmS7iZ8eav3aIFOcF4
4~ s
+YmD
C9UTpbY75a
GbqrEBdPm7K9fX7rmat
bF*l
'F(#<
_Tt8bM
$uP%'
AMFk
[3/(f!G:)n
YR s D
|iJ_
k{&R
+V-l
8Re{
T8w<x8p
(HIU
<T8sh
/*Hl
numberGroupSeparator
ObPWCrQTjRq4JH1JI1
C98U
get_Location
OH|:
3ge+
{A81q
9r#I
vqRUS5Yy7qoGgY825HJ
8jZk
Jc@>U
&'2G
Tp M
5 z(
V=sP;/r
comp
RkiHmqK4RG
ZG{h
ftIQaJEASLRGIJUkKiG
Yqx2ujE92IrV56AP1a8
im$k
tt5kpAIajd
-\s_3j sD8
Dqp
)mV^
+ (x"D>
xRjDnDAJ6vMQ2IqSO3
eIt}
j]U=f^R
QJE!
&kKSeN{Af :i
5B|s
get_CompiledAssembly
1'7z
qP&5
[G"Y
?TGj!
hkmGgc9xmg3oAYcShC.RfNUIVlUqbr4HJ5vbD
System.CodeDom.MemberAttributes
7/9s
<PrivateImplementationDetails>{C0DD902B-C7DD-4B54-9666-45256BE1613C}
FileStream
7wSa
qN2Kx1rNN5BipumHdeJ
\
:G=[
!#5U6
RuntimeCompatibilityAttribute
O8m!iN
bO Jn-
b{$-
-%bg
hn3K
A51X>1
Assembly
Truncate
_ULz!x
o0HS
#E}B
iNa}M
={V^Ucy
fW4
s8xgSYhGlkndtVxtsR
ccFTHn0BSc
NUVnobr8u
4?79
/>)!
Hkw%Yp}
3SG( c
-JQvK
Y 6Y]
QH7HAkUi3S
System.Drawing.Size
cJ5haLEZ4iEK2K94UQr
XH46tBrvveesSafY3Aq
9-[`eMTMN
<:>h
HunvdtjJv0XBelEghr
v7!
g3kCKIrFBMMeRodNnaS
_|pe
*V+ (w
iQ~^
Round
8at!_
Tf5l,h
;D:
p,lB
z ];u%
EOKrW99vUvWwwLFpsE
SoQY@
>) E
8(~DV
M5noW6YAhvSowTKaUDq
GYMg~
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
:st[
set_GenerateExecutable
uoLLOGE4cXbavN6VgT6
tUb1aZYFNsh0hk0R7ln
ZNuY
:o)]/
+ (.z
iREPMqZYnZHR4fMKubC
_\e~
yZI3{
drCxtUZotj05c9CW3V0
}a&f
px0S
xPLkV9x4k7
xV9^
%TCF
OPNnKirkEYGkDwy9Jah
'I^ a/
(]m[
Y47H2psNoO
fc6W
k&Hv
f+ ()JKN
ojFQbLeAaCYVFjNsPU
B+ (K`oB
9q d
+1u#
M0lKxLxyDcLsNQBE0wP
V3rtKnAlnfCxkELubE
KDFT'
m_name win32LCID
3R]p
zd8d
|`*i2
M Ur
@y(D
oY3b
+ (6Zj<
e#nF\
4f;e5
9/ "q
otV63RENJLMYtbpk7PT
Enb9B0dWVkbJ0doern
\r]s
}iui
=WDk>
f+ (()uk
7$tRI
J2a~ui{[
`HkM
fi +J
$$method0x600027b-1
z<[D8
psEMk^wSIZz
i>Rz
-{lt
CB3f
H}A}e{
d|NA
#G&@
-ZSI
VQgNN*
lsi7mkvMBIJuGt3aGu
F
c73MdhERUSUROESYTwy
Wj1VLGxpxyhjXDCmF2s
J:;
)WV}4
=jnw
f+ (vSz1
gF)A
[q,WtRn
B`|9
me?:
U'YI
}MDY
]=t~
Xd0^
wIyT
+JRo`j
#g1~7 JD;|
th<7m
-rNG
akyssax5pJ5cJHawi0X
V)n_&
I+h[
CTOEBcfNj
Pk7|
}]-<
{>e?r
AssemblyTitleAttribute
aD<i
/il
C}I<
J:;I
{!^.
CHy*
N51HIWxPRdHQMiFpW4g
get_ReferencedAssemblies
6f|H
J6'm5
>u~\
nWBdrqYG12KkyPsjw0b
gesCBgaIQymQjac6rd
+4Y<
L~ ^'
Fhw"Z
}x_#
BPU0iLZW7gePaBXr204
z4k&m
PropertyInfo
pa58boxdstsk6PTpgL2
X
"f)D
-]RO
X
G$5P
Nsxd4dpLK7pnr0fQSF
`&dZ -
vqTG
@[&
&[k}
g4wkE5ZxOqM9ckxqbTa
+ (E)HR
CY3WUfYEm36ox5JjKRa
JkRTVxHlGlvmosn6td
TVHLXkUJiCXj38phmw
ft(5@
* }4
m_useUserOverride m_isInvariant
/pe+
kW7A
"nDU
A4/x
VffMPfwdOuMIQt4vk7
%eF&
zIEHcxYEIs
AKXsJyEq6q4RjpifVNJ
LZK5AtdLSqajO0v9dl5
)*az
v=tP6
zQS9
H59tJ2dIaiQeoUPfHpU
V")%
hwaTiUg9Ul
H.2I
UC~M
rYJMx47THkxEsFc2iv
!G:
CodeDomProvider
hf,u
ReadBytes
;Uf;e
h<n<d\b
O [b
J`KMa{r\
yrqUQ7d7Ev7WSphWJk1
h p}
t<a/p0
GBdg9urfM7iR2THF12v
vE.x
RF3\
AssemblyCopyrightAttribute
iYiGrVk47F8VTqDFtw
P?@t
!G:?
w Qt
&q$|
.|EJ8
%GK}+
DRZT7MG3Fu
fDADsqEzOaiMv2lqNA3
classthis
?dASm
'& #-
N6 :P
`R}}ESsG^~N
4klF
5Esk
f+ (`"
bFcF8lQ
gfVy6IZNyDrpM6fphN1
kgt$?4O
m2<O
mDLkBkIfaR
Infinity
8TIT
i/G]
^QN#
|s#M
kuFu
lu,+i
bwP]
o:|;
+ ( .?m
Wxtw
xZDN
+ks^
D@gO&/
S1{E@
w P
g3kd
+ .*]
FileShare
Nk>R
;,0i9
fcIU8PodjTp4J0tP
x _*
MYaKBTxtldIrgk1RHXP
b+o nF&8
rPkHaDB8X9
lXlBF:
a6!
Ma5)
[CI]
VCYaEG^^
8O*r+.jxt
d\~0F[
:C:+z
BEL16ZzZxaR8sK2cjk
D@EA@@
J7r)
`1MF
Close
}7A8K
E9oTmLPEB1
f+ (V!Dd
Ewtbv
{(*'
ZG,`
Txe3ShEUtmI2BrPlkUL
v?g2'
* f9
>%_8
y=0]
nSCU
-"e P.
.NETFramework,Version=v4.0
,RM9
g0knmIEECVXkXGxZHTy
!"t i
P5FA26dnugIJxgWLAtl
ly.S
X}(*N
@*5FWe
pXIkHEVUXl
mn16SaZpUvoTceFWque
8+
a`%T8F9
@}Ix
Read
zy+DN
F Lc
B+ (q
|p25|[
krj+j
rwChk
k,q-S
s<LQ
J+,U>
Yu+6
value__
Jy$N1
kvxTXTZfCkQaKnZXDiM
!t"=
<:@v
Ia=s
d6I3d
J _6W
BJAGxMTpe13Ms3tTjB
X4ctw
]2j+
- jNn/
%T3@y$
gEGT0QmHtl
c8jH1HyqbI
o6#*y
k3BxUlZ7wmMqflw243C
4K|
Xx 9
5rEl|
L8ta1cGR0AZ0fDTEZp
_S6?
gAMA
tAx~
ipETJJOIow
v[*7`
L)[
z <e;
& ?@V
tTBSl2RqkS8TTcZ9X2
& ?@S
+F=9
G{i
disz
]Ta
iecG?y
{Z+j
z)c
lCNt
Ljc-~
;LE
))}Vz
z'ZSk
hs]
Ceiling
xn8AB58GY
r5iO2hxZBwTTSYpXe4v
%qo<
AsyncCallback
BelS4jdNukMHuF3xAoK
Fkm;
VPwRBsxju1kxp07Owwb
mscorlib
$/#I
FileMode
J}:ZkoRy
fa6KTGrJtWcKwiDmhpJ
]OG(5
wcCHZZiAnt
n=~Y
mP1MDIEBPMg0H0hwB30
tw+
||}'
GetMethod
B+ (@s M
7wn]
uktObHSSFkRLXIIG2PC
MSVa
set_IncludeDebugInformation
{ul:
tbVy3qEIikLAiTxqIID
qcgJ1K3Y3
)m-r
JfmT<
+ (i$Ba
v-BDRq
+ (L<
)*<
;/v{uo
lBDE5er57Gj1JpXsDtx
5T!3
~F.G\)
h*8P
5H/z
q$\m
nuEluKZPgO2FppNhb3E
DhpwVrEVXPdTZlUFfvh
h lU
i2sTNlxVca0QXOIkYx9
>Y#8
:ZW'
XA9kp
uFG}W
;(GnB
g0kosKrqkMXhZ8XKjs1
bq\.
z|zK5Cd
`r{H[g
tFVa9hxfQOMWxuRdH02
System.Reflection
CBEa
>C n
qOOHp5fUKg
imMK 1RmV
i42kaHNn7P
fwI6mF3x7stcod6K4m
RuntimeTypeHandle
vRcTu6lDIi
method
VCI7jgY9dBWX7sDhBqR
+ (=(5.
zopW6udaKZ35pcoZk4w
+ }>hjmW
q a;dU
o}u]
yOoHhrx3gcgAVnZ204E
s4T,
ID'=
hghuUbB67
UInt64
Gt1VZmY7yvWYOabp2AK
qo@ W
I)s
jnU]
=z,%
vxYTtisvr0
cb6xfCxstU2I2WnmUX0
9mLnp
$NF]
f }?
@scP
D\t7
QZJK4DraRo4leAyeuXh
TwDU
ch7Y
<3~@
B+ (
.vB!
ww5O4dSb2
HgU-
hgNmR5Y4Bc2tHXllDQM
[k*j
;` p
5L];m
<aU*
rvienwr71meXQkh0gSQ
uvo8ALdJ7esgA5Nhgn5
vJwB
bwAD
\3]"
8OSs
o*3Kn
zEVA4bYM7J1nKGDYq6u
th85H
fZ8OSkx4K189OyFq8b6
G_9M
Y5Afq8dE7
''?q
G Qh
n0Vr'U
`Q/ZE
H;H s
AssemblyDescriptionAttribute
"ZE+ X
YoZG
%\vA
~!Uzk
c7Ik1OmWqa
7T6,]
D7*
k"J!
jIoo86xbnXAbMNIbhZr
Ey`\@B
IT q!
f027
Acos
n S/
lD81rtdxiWNXRGLV4gh
kHpnSixoXx3taj22qL3
i/ZSXh
oILUHMFSR
D(2<
r1[5
Iieaca4dyVqxvn6wXu
+ (a#hG
jWPZ
PCOUWII9ILNVhUytgj
&W's
!VX`
>D=d
!M =
ibQjkLxmFRkrrgmb1Uf
e4~4
TvcHE1OxDW
b 0a
ofSv
l~Nd8DJ
OG3d
percentDecimalSeparator
YK>5
OR7Bs0ZuZD0xWOUiG6P
?q$M34
1z[4
,0O,
]P#t
4!G
dSQe{mi
ReadLine
THY2jbE1yRaH6uj2pvh
iUEOcMEm68qqnRk9LNY
u#
i$t
*${k
IGOkxIEL6j
A5~4
WVgfxWbh87vFUheLso
&8R
W-om
os[U
9aW1
A5~?
.>zI|
xkxiMM\
4+d}
lRKHwVSNZ7
Uq 34
Uy}Z
\e7H
\#kl
?^<?
14>B$
wb?;h
yZppSvZIaIWPiBvtr1A
YQqwYnM2hve8hkJdef
-Zn%}
y/\.
$];ZW
O{g
MIwTCDEbaZvQ0LapPHt
i8M-
Lds{
get_Message
!This program cannot be run in DOS mode. $
N1wR11Z5U6Lo5jxjrki
SjM7
callback
m5JO&
I\JFg
File
krLUklYKE6tcrokN1SO
yWIoICBVB
Void
d=."Cm
SQDr
&]H:b^mN
4: t
+HU&
&Tf3
Dispose
"e>.
w#JT
ECw
Id84ho6vVNNFn0QosY
^uOl
r+ (
H/xu
mDGVa#
-cy`
|w[,
"5 u`
yG(b
ou>-
7`En$
cItFteEWWst2QYJ3odc
eIkG
"K<=U.
kZ={N
System.Collections.Specialized
ZuEl-
qci^c
a(@m
set_GenerateInMemory
\GNa
he0:#
&xF
4n+x
MvLT4kwy8l
t[dI@;>
q.K_O
fR'3
]l(_ K0g
wl9yvGz5U3kheq1F0R
H:Ym
C3k\
GQoklb895T
GetValue
xNlk8knqa0
8
LWnYmAd4d5QngRcqaWJ
G8Zq
gEjU5HXE4FWH3sWAFT
M4j8qoZqxtksb2wDGg8
"u3?w
V3dNClx2ToosykqFeKb
((/5
g |W
,HRV
uv6koDLKCW
Fm\aP7
QShTRnLyCF`3
@:&nldU
,cOQ
zW0PsJxR03PM42mG6fS
8JNA
b|Ga
:#w!
& L*
}*Eq
GbRJVS
U7T3EbveYbhMw6DjJY
>:5]
*j+ (
0K#Y
/#)}
GE76WuugWLrdqCNWl8
caJk
w4AsgJjnoyFueOS2Fb
BSJB
UaBS77Zi5Wt3bOfvONt
^EFz
{62m
RDgHFpDAFu
JyI71bIFcfRJ4pIohv
YK6Nd
<2*@q;
Tn Gv '
Q k!
@F EFJQ
{Ce@
CRnHIoQOOC
667
K~jU
V6jh0IjAqa6YlPnl80
|c&e \r<
op_Inequality
{^SzUEFYu
KV{3
GetManifestResourceStream
f+ (DqMT
uOnAsMnYr5PlDg1PTf
I4pTovGGvk
[e]I
Pb3e6
{umw
;jqr
lpoQy0dtinXp6Wxmfwu
|v+?
U`T?cq
hFk)
qNTgPm
IntPtr
Lj0FeaZH9E9AoaUnDGR
;HZ;
1!9y
MiS8S
l:iQ4CB
x^nz
) .
) 6{D
IJ$~
60a@
V~PI.
PM =
VeihtLrZ5qUbotf8fvf
6\{?&
XucsrNpBL
j+ ((Jwj
~Qx~
f+ (/3
KJ77
UrKkv4ePPY
BcJp9jcRNOqbnG0hhD
<X\?
[U8BIK"w
+ (Mr(7
[DuRG
{.,n.
ResolveMethod
& Z+
:f.YZ
A
E5;<9
o26eIbY63FAvrw7fZfy
NHrZ
M}KTcW
YwILj8xKo9q2ullA5kq
zE;(
+ (m>/X
arU0
)'~v
yDU6VkEq8
98M*
RijndaelManaged
23GeH
Tm2VJFxEfdu2oY0WaM2
zE;1
otq<]G
KPa3
mnFtBgZchnmgWXIfhLn
w1F5xmYPDvRHfjMQxRW
X|D&
G3x#
HdcZGcQGv
;7Qf9
?yD)
%lAZj
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
>9K|
K"];
GetProperty
oy5'#
u5An
lX\"J+^
2;lU
}*.UvaD-u
.Pwl
>3r*
YdjAD7Ymext2OUZFflM
=>|l
0AD5+
2OA:
eMPHeZWCH
(G:
fOttdlYwAFodcbVJ403
73@3
"{}sNa
chiRItxv55kZgvo1hlq
or=oU"
vxUCPpPvgCHaLraUQY
|h<C=z
FgbN2YdKd`1
2>`yUVc6
:.Z>
\p7L
zqtJYod31M75ACcZDFX
m_name
aXdd1kf6lN0UckNjLf
{Bb^7
I~"c
S4KA
!( D
779wKM
5-e+
vfAm21yUSV4H8vDwyn
cXqqWpSLdT3Pp5NuP6G
set_Key
#(XD
gH9
Uq-_
LO{s
rND{
vR4
|c_,1&
(^
_i7"
I}T^
(U
Cosh
f+ (C+=>
typemdt
Boolean
bDs2nsrA6Z474PPnOKr
V7y
&F z
([66G
8kyw1
Jp*l
'Up
ljTWVOZz8WrDqpb1dsd
X]^^A*
V+ (0
V+ (.
V+ (,
^B,i2(
V+ ((
V+ ('
MethodInfo
vqUFOBduBagwJ3f2o9d
"7^4-G
CpAuM2EcIXEQXajqsNN
%@?XK
Atan
9RZU@c1.b
%'R];x
E6zp
C{6=Fu <?
(vb4
CompilationRelaxationsAttribute
}M9n
4d$R
go([X
F
qN5 z
25S^,
B L$oi
3}n=
4VrB
MemoryStream
V+ (x
V+ (w
V+ (t
[597
~ q7
WoXW J
<j
V+ (j
gPT
K?*RZ
39&Cn
Bx9jLoZ2GE3FU3w5nMG
/ Q'
c4WmNwZgg5yf0yCp1QJ
jPbSyn1SB
eAF3vXE0nATFCUWZI6R
V+ (W
f+ (Tu
#G(j">
Random
E SW
V+ (P
L3SUZTrKVP12v0FMNIX
V+ (N
b2xMlPExOe3UDgwqj5a
Xn2Hu1mch9
j Dc
|$7f
I%W{
#G #
V+ (D
cp`@
V+ (A
< fu
OYgBabY1E9cB8jBNkIf
: (C
"psZ
^ WB3
P1nH8xBeph
(0Mm
GDtT2aAVrs
k)i\S
ZdI$2
F C[
Eqb2aBdGubJPxeJWLJe
>}$)M
#u\.
E`1w<
Z6R[m
5/l"
cuPnaoEaTtRlIYQ0PEx
nx}L
V7byY8P1I
IEND
+CFz
<5n9Ut
9Lx>,x
IgoVjPYS1dBjGkOL6HF
|o#r
&`[D
QWP2jsElHAmcpr0joUu
GUMsdNZLHFmHiAXYklG
GhCU
R~o.~N
X|D5
=a1D
~=r4
D4L|j
}X<7
Zex
Y} &
]"Ic
a O=d
=kZ|

]w("
v ;P
WpgwePmM0`1
},de
pch3vbdsgaCex3mjUDS
2nyt
,/UkJ
|25&
pmfm4iClB78XZFXvaQ

mY[
K0=z
@|?|J`L
XSyr
xyT3JALnP
gLqG7uwKvXIvFiQSug
"G3.
/xm
"Gz/
<)$I
A77l
Sgs
o;ur
=Gj_
x\1!
Z^{hW
8Rl$[
]3'Cn
QWb
CSharpCodeProvider
[ymB^|
96,q
!Gjp
Ei7^>
I?=;
(jb4
E0WimgdDDC1NiGuCw2h

QfNcEYFoC
RG9e
7'~TF+`
]&U3
wP W
\<>/U
]]~J
7'5B]uD
8 i+
System.Globalization.CultureInfo
kdlTzxfDOm
LRnOr!
*V}<
CompilerGeneratedAttribute
f+ (_ksd
ComVisibleAttribute
zf|Pt
qOpbwoZkfQfnU5YaIgK
-,v[x
B02R
-x[]
b8ca
TJ+P
hd4r$
ahf1KhYdZ7amoJfswmj
I6 {
]iZ8
Im2HeKMHJN
%GuQx
ne!e
v=(=
<7pE
<B/Z
=4H4
62iz
A;Lde
.`Q}
Copy
y,nI
BiKH5P34Jf
PxfHLQnXoO
r$+u
NXDHqLVTaq
System.Text
GetName
~4c4C
F5ZV
HUjI-
sb8QIE1or
GqYe3HYIuiVT2Q4hSVy
"Fj*J
Ww{W
=}5b^GP2
ShuTbolmGG
>fuEN}
*#yS
J~+z
8QdI
<%r&
I .Lv
^ 8x
fkQVKi
dZ >
Jsuy
u))
:t ;
flags
dhSXw0gWXCt9wcykwb
$7P>
sS6F
8u3O5iN
yaYk
System.Globalization.CompareInfo
m(Xw
Qu,q
gvZm
akIjPnSiAhk2MNAmcAv
"t:6SF
5RQ]
o>$,
v4.0.30319
=4,
xX4kIH86b5
8
h[PC
F8UNEJE7SAjQ17lRsy0
<GyM{]
}}!1
i,BFJ
K\MR
Btqsyc1cNt7C5WpiP8
! R7
TgcqY7DJCJbNUqDTdF
N;yE*
3A"Z
c~V~V
JqMc56de05SN2lRCpjo
$$method0x600002a-1
$$method0x600002a-2
&ulX
t#- f
c"q$
u}r9'[A+uF|
NnFkxeruCKLaScMImen
d(]m
eY4N29YD638PEmustF0
TP7cv
\H:o
__StaticArrayInitTypeSize=18
sk0kkBqypc
QMTu_
0 0
__StaticArrayInitTypeSize=16
Encoding
@7X]
tD% (Z
BinaryReader
w}>%'
FieldInfo
$Z=
G\Q&
qA0HOTHLT5
+ (b\4>
uN W
KlFnhy7GotGN0ka0Vy
F4dNqndoOVpo2fNwxD5
yh_$d
H>Um
s6pk6IrQS
k$3ig
lUGJnil1yFK8vnIf2g
cP$2
kO6SY6YZvqx6YDqlBno
d7sZZYrTMkkCU5ywXAI
G e@G
_CorExeMain
#uA
,5uE
: euG2{
J57TP
wWuQm7EL7pxaUtGNBQK
0\fE 8
yKd8q49gwBE2gDDhTW
vS: !JxvF
:6VoU[
:5RI
M3d7
dG|e4
mTYaw2xNauH3tUPHXYC
>e!<
&\t\
i =]J
b+ (>]kd
DebuggingModes
InitializeArray
t/FNG}I
f"/3S
R}R8
|b|P
#]<y[E
Ja90QRjLo
MS
z~T}L
YWp7wdxBEUkxTcgleH9
^uB3CUa
R{msS%1
hlAYIlYqwhxtDKImtDd
VQ6eW5YtLMX1yVDsJTE
ToArray
KI)}
OFHZHEL9PUy5Oay03Z
mTkRh
GdZTP30iOL
P z{
5w}^Uv
l9kHruoNxM
}TwN
FJpg:
3ZSO
h8aupdJvockKlrUT5f
\(|J
R\ E
;4st
ecdDcDrpHOQoigCpWfO
^Y[R
NDBTEYH3Jp
AM 4%
QvZeJBsdb
9| 4
&VJY
J3dC
CompilerParameters
`.sdata
YuHHXoGEvR
[Q@5#
%_;D
ydGdGZd6tCdIe6LHj5o
ua5k
tM|]V
LPuTeOgmJo
wwwwwwwwwwwwwwp
qgkmDfG0H
/~r
`v[k
0P[X
bu^]N
:]~|1
fDukrUl5M1
qF3y
a1T+x
info
>E!1
v4,5
+ (ZJpG
#+MU
Tw,?+
Attribute
SJD9
nUmLZkt2c
2.l:
laEQ~
=q^<w
kHu5
YJ9OandX2WQwhu541k6
pd4}
~+ (
AY3TM8BjtB
=5EKB
O5GTLLyUtQ
<o*L 3
B+ (
xPNitfYQA76AVs9tJo3
d{LQVN
X~
u)_!
BeginInvoke
>]O=
y3QW.^O
n0Lqo
otGQuxEheU6Yej3C2t2
-&i8
B+ ('
Z pU
S]Bh
#]4@E
WtS-
r ZO
DebuggableAttribute
I'SJT
+ ( +QL
XTDHzcpUlu
CallingConvention
EsJV5
B+ (9
S2ekgriHFakc7UnPLE
&&fv
+H`H
xcvTq3njxs
B+ (B
kaYk
Reverse
B+ (E
B+ (D
B+ (K
akc~
o.,o)
B+ (M
`v}v
B+ (S
j6<9
QA13bgEosxTWGSrXbMN
&N$=GTM
_V9k}: N
3 W '
_\r G
brw4nYZQpfmEoKwOdYb
irg-Q
RuntimeHelpers
oWkTGGoJwU
YG (
vt\$${
& V
@>=2Z
NoFwj
B+ (o
B+ (n
ah7h
bYk9KVrVCh36pVRSbFj
validForParseAsNumber
O $?
Miv,Fa|
B+ (x
bf6i
rQZSlrOYFb2s3VXqPX
yMz]
<!0K
x/+/ ]
F9AHBij1tR
vMmFDKcrdFJO0ThRLC
Y]1
bZ9pLMxHbIKHQ89csp5
Fu3iLxZaAkc4CZ1V1hT
?{NY2
A1Vl2PYeDQqWmWnWxQt
a3S8
N2LH6TkYXR
hKli0gEvprf1sANwgQb
OfaNwEZAZX7hur01eJd
~^_8
EYBAvNEyHlvpxUGu1nP
ysK:l
ATkGy
6&"*
|+e
w3PHtS554H
Object
8 "FX>
f+ (HdN]
uh$i
]Oy?_C
lL*mhE
9TRd
%4za!r
N_)^
|4[!9k&>
V+ (
o]VS_-
% UW
GyIL2YpSyeLqdhR6sO
j+ (x`J>
l8e1
xik[k
WFJVP
0WY'G
z! 4'T
b4i:>
q$r
fgyTysSDKFT7yvsNoX
LPO NR#Z
qqlqB4x6bZ0qLk56uYY
I(hz
m_>I
wf!wx^II@\
).2{
@~x w/
|YlN#1
p[w$
V+ (r }L
r| <
5D';
f~CV
r1SHGrsSF6
V(;l
b)4#
G i5
E59NsVdjbm6xliFZ2Sm
`"g|
`f x_
lc4Wrr4irJnO4FsBL5
dsPF]
O'tP
#}(!D6v&
.B+Z41
0w_BZ
i^ e
(a/`
j)/7
DF9v7jZ8VkbbvJhetMb
AssemblyConfigurationAttribute
XWx6CAxUHVGTjUOj09H
F @H
h>@e
O8KTSeIVck
`Kx5
zvMC9SED81ft7up3egE
jpKXYWxq6TFfYl6m6rl
,b|l5
Cy#.{
z#-o
?95zV@
@P).
5 %
nFW/
Hashtable
%System.Globalization.NumberFormatInfo"
Hmf88vr2KBJh6A3hB24
"\hm
qSXyIZresRF4g8mvpee
b.?p
/GDI
/5rY
HKAe
g'Ug*]g
BY(
nghg4
`ti)
ydZ36artI2IvTG6Ng8
h>@&
I.T3
E;A*
sjmglixuaoDevAHA4hS
='g["
f+ (&?jX
QTUT3QYxibtjI0a5IKI
Stream
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
GZTS
FmJoJfST0HXYDfWAwQG
fC:L
sRGB
'byF
0\fE 8
xD{|~
}-Y}
2_EsISv
{Uo
X 8"
TWHAlpxcr7PbhcQiSnI
k6]ye m
HYHk
X 83
Exit
wd6N
G_;}
.Q#J
js a
o5iwG
e^FZ
V+ (7C
WNjWKkdZ3GB4GHiwKuw
n+4g
&*j+ (
$@(*
>\hzk
loq,r@
O=8/
RUB8uGYrb01GdU5OhEy
fcUuIsYCu4qa97ZYRHG
IXifQOt0pJoyUHBfIf
b'$K
$@(;
4N:^i
j^!78
m_isReadOnly compareInfo
'u%'
]"q(
d?MM
\@z/
FUWi]R9
cPEQ
XxlqNccUC
1, 2
CE/D
C9vT
GJ8AhF
;q_3
zVKHDJf9hg`1
R4Cv
n56Thwwudi
i;;F
rn0TTwTSgK
?w7"w
$@(|
~I}h
fK0Q1JowxeOTPh0ody
h(o]
! /3
1)Yn
percentDecimalDigits
~c{\T
]=q<
SFU4mbT3GMret7THonf
os=oF4"M
,k]MUKY
AudDEaQTrYb5H57cfg
/Hl0
$O+_@
V+ (z
hIiinJEKfCkiqU9BHfy
Ed-@o
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
C U9
WGHCc1SGYTXjlgxAxq4
CryptoConfig
) ]
4T5,
LE5kc570TN
8y,,
o2VlJhZho3UakUAFpQG
8?vi
.NET Framework 4
FA+I
C,DE
dOlmZYmApT8lSyoQnB
> [2
~D%R
Y4#f}
Q57iCNf0N
Ppy8Pwrgi
$} .
B4 EN
j b~
]Q ,
dO6ylk1jk6SS4AQ5JU
9n%l
flQ> O
`tT4x5K
p"*.
$,04
y0mmx7dF01hYU1ILyLl
}6{J
mv),R
J0jIQV63j
NLzu
)6J(
2 skr
xU4tGqrQMDT6fj80UWe
G W`
r+ (7Bl4
XEp2
&# '(
Q6yHvO6QQi
jGtTgfIoE9
v=ku>
IBHxqqYRoT9mpVbhvbC
pYeCrFdH9Zjv8jor68J
t0 &
d?$3Kq$}@
//Wq
n0byirZFOweBkM7Xxap
?K`34
QZ^&
gUFTVdXjZv
f+ (JHt^
k) Q
q#Aa&
[&tz `
fg*r(<
aujd
MItbIAEPqYeaDZb0iwN
gag}
e2GMn
@}5h%
3N B
v+ (akqY
Gkx7
Sinh
fQ8BAWLnhxqAxeEeKF
r+ ( @E<
KKHk2x0ulV
R$R!W
#Mh'Nds=
v;I_.
w}+y0
#m3,1
AesCryptoServiceProvider
currencyDecimalDigits
bBp45gYYOP7Za4ajJ5s
CLI1uNg4i
tD% 8
D@EEv
hZ8kSKSOn1
Sqrt
j+ (T
bcpWZv
VqF<
Igmo
MLyV
ikgqqcdArb1rCGiNF6q
2j:
b+ (
set_IV
$_;D/3
A7!ja
PRiwsnYs9i6MSP8xfIm
:R[?
l 4w
Sc <o
!bJ (!
y'|r
HKwn
)A?Ko
r/r$
}|k<
Jaqqvix1ePAm6y3Aa9n
?9
Next
Pf6eExxrXL0xHXHPI02
U#QS
nb!V
9R%u
W9CkePPoOU
!RWR
<Jq$';
YrN
bCgdGEZEqoWqo8rGryL
HH9u
_!*L
$R Z
G XuS
=A3`I
o5TIkiEjjC5hUFGmZvY
Rg6dBZuTBbvoOqo3dQ
!mb6
DgsElVdfc7CRsgrcLmy
Iy %!
i98iRkY0DtQCFqJeCI9
9R>d
":[^
"e}U
R~n(
GSe
K`BW*
2Lua
M^)
T4yyD}c|G
d,mX
E: U
?/|8*
u0I
U<z3[
K"%!
i/X_'
soItNYEt4BnjsvKkrgb
ZW$o
\GB{<
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=30
*<3<
2E&t
~$Bq
DDLk4VxMiAf1xfGolfk
@B\H"
U1g
I~-;
tV9TfDGyYX
TW2f
i=O;
+ (U
WEd#t
$s!;C
!UX|
+ (_
+ (Y
K3B~
MOBZmUxAxQvjh3OVaxa
+ (F
IconData
+ (@
+ (A
+ (B
Hr[r
+ (L
WE?i
+ (O
r4aBqnEiiWSHJh5JBvp
+ (J
+ (K
+ (t
+ (u
7H(+
& ,)
+ (r
+ (s
<siY
+ (x
+ (y
xF *
NnFHyNqt6w
+ (e
+ (`
( *p
kUOk
+ (l
+ (m
+ (n
{?< C
+ (i
+ (k
&ekrM
Exception
Dq8GXmEuwEO1HJZ8KFB
& :*
>@
V4Lsy9EdqchkrMAOcyW
X 80
+ (
b+ (?T
GDXLwAEMMU5iV8aI0cs
+ (
+ (4
+ (5
+ (6
+ (7
+ (2
+ (<
+ (=
+ (>
+ (?
+ (9
) I|
IDATx^T
+ (
+ (!
+ (#
IAsyncResult
+ (-
+ (.
qF;r
+ (*
+ (+
Rq8XnTYLc9KBgOxGR9v
JKiTxGd8Uxh7nK4bCuD
*}Vzr
:m,YMB
SymmetricAlgorithm
V<u|t
9)S
#0 `6
: O%
percentPositivePattern
YOioS4Yi2y4cdQaYsE8
`|| F
get_AllowOnlyFipsAlgorithms
mF^EY x~
*9'aQ
Oh2E3
C!i|s
ansiCurrencySymbol nanSymbol
%(!7@
L3aeN
ENL3RNZbWQLTOPy3WQR
X 8"
t23rF4EgcRCclFbLMGN
o -ii
W~6!
C3MWOwdSLNV2PSr9o7g
aKPjgpEe2CuI54h9j61
E*W$W
^Kx=!.
X 8"
h1MY
5k`]
)ct ?
{~X\
Z/b S
&pMk
PnPh*
oGNa
uSiHPQgqyE
[o^
P<o=
+u0GM
FHE1AXZB8d6lB388Jkw
Kb&
GzZ@
j<dA
$k;e-
=qN6
F1 <
FileAccess
o`-3I
qU\F]2k
0@;VP
?g-E
$%i
OEfk
MQiL
7:3&/ Z
set_Position
oFoWvSlUq
maME
G(8|
UPoTCA2qhs
OA8p
vhfn
4r)F
IDAT
& 'B
@Nk :
+u'~
&>&O
System.Runtime.InteropServices
C48:
vT2
b+ (%7\b
R}bI
_z4\
Math
UnmanagedFunctionPointerAttribute
2DCk
2N3W
j4v4qN11LEt9p
inMEcdM|C
ReadKey
w/PF
nACkfd9K0W
vG"
V+ (:+
Rb]I
QV6OQr5yepcAh2x1Ir
f+ (1D
orDNmDYXWruD5LEaaoy
0PAp
bP?j
#kdX
bEcdcW27q6V54yD3rQ
hZD8MwZ12TLgGED2U9j
E7l1nuYhPm1nPsPmyaK
]OG(
VCe3t6xOGkAvdBEwPj0
M=_]
p [p
}1|i?r
Wzb_
&K}H%0
z<&<
System.Runtime.CompilerServices
1f(h L
.|dF
tx>#
d#gy
Ja6TCFrHtnPQ8VttSpT
?QAS
SuppressIldasmAttribute
BE.~
l5i6
Wuy@
> Q6N+
(5vR
S(3|!
lAU
#5e<
DNL4
m03A?K
rEhplAdYlly3l2LYnIs
C+-S
#*nH
*
23D
2`n!
hZO}
=xZb
JFKI
TvXcoMdiY4Tol8spron
wAa*
D53K7nZ353yl8LtrxaB
'(s?
bZ9TkBIW5N`1
Et]N
u|Y
M
2rr
QcoHVHgKJU
M
GYR<
<-xr
!.uV8
!R~+x;{+
lNfN
iYKf
{I;BD_g
zv[~
XuL7lxxnJ0OfWBLU1PJ
]1Lc
/Gz[
h i"
ig 6\
(^)ZZ
2gVJ
NfLiL1dcoLr3LLGQix8
jAFZ@
Qy7YmbdTAncf6STmwBd
HPX2AhnqO4hMJ6PPHW
uWR^
wgEUys0hexPZZ4XO1C
Lv}~MES
Uhjk
vA7LjkEQGlRwcG1ZEIf
&ct%-
oa2DBX
+ (UM2b
f`aX
e!'|
IDisposable
g6O7
#yaf
n69581rivMpAVXSDOyj
Exists
4kAy
S,up
CcxTF4Sb88sQhmknkRI`1
& 4d
+Pz/
i 0S
currencyGroupSizes
+ ($Wb1
nopsXad0DDo5SEE4pNA
c9 0
aP7J
set_Mode
currencyGroupSeparator
$:tn
iDjHSwh0wd
\PSZ_R
Y= }^
o$Tc
.Y@Nd
obhTWOPMf0
s$rY
{3Zw 3
C'vh
$Tzv
[}!0
f+ (zC D
AssemblyProductAttribute
j+ ((g!g
_vo(
v^Gw;q
1Yy):
-S[j
#N q3]
f+ (ZFCD
.<&Xq
Jr.H
+u^x
>QCS
%x>x
H36&4
<Module>
9.:bkMS
& $Z=
lmBTAyoxa4
dZiSr0DD2AutVHYZtn
RNK^[|
qeFloQtoZO2lGl9rXP
b+ ([w
uON0>
T4<b
BYQbNbSWfcrq9OFUToZ
MulticastDelegate
>},<
|)eJ
4U)hBH
P$ln
ComputeHash
^{3)
r zmm
+ (1;Ml
ZkAe[%
3WNO
j+ (^n
r 8<
=MaT
vxbHocFvy4
=q}tB
qnN]
P&U7P
iLodupEO9rX9T1fmGSu
u+C5K
d:@x
Z8IkG
Tv@
iYeN
vPRtGREXqwkW4oiNKk0
oaXX
y7mw[
oTDlP0Z9AltFSh0UNaT
n+ (S
u|Gig{[K`U'
po `RKH
tEZoFi
w~s~
!8-NpG
+ (4d]`
G!l}
CreateEncryptor
~Hy%
B0'-.s
QFr4qN1zIveg5
N)U!
_b`*
KY r
nativeEntry
#GUID
s,Ll\MCU#u
*B+ (
VL]#
~z?=
1j c
6!
g qF
gdi=
^vOC
po5Hi3Y2XvvWR7vKim9
feE)l
mYK`
ZU!s
y5~4
C9x\
Es80
UT0"m
oGPlyPdMrDaF05UamxW
@Z
U}xW
a9r$+
h$vQ
MF0TX3LrN1
v+ (*
iAfJaFdWU5c23FXQavE
percentGroupSizes positiveSign negativeSign
:kG WH
qvff
Replace
&kN]
lnu5cQYcOwK2xEvOf81
|)<
gFsyB
<skP
_;5<M2
_J(YE
Nullable`1
PERnbsr130NEptlOR7w
Ofr#
Q 3V'7
R{=iR
v^rr
Hmis
H\kW
Xc6nV6yTWY2U5L61Mf
)?xr
<$ma
mhiX0nEFADV6ej3276j
X 8'
X 8"
GetPublicKeyToken
System.Globalization.TextInfo
:S4p
get_HasValue
X 8V
f+ (;M|8
uD7r
vx QH
#E=f
i/P0S
O5}l
JFh(
1\4#5g
VhA3DxxiHso8hNuLVU9
l_^gQt3q
!T%V
HD=d
X 8A
pYnoB
sJ4l
AB=dA
~"L(
u1>ix
SetValue
q<Mb
X 8p
rzSt
m+%T
;nVS
)tf\
GetFields
vI!d#
v t4
t#+F
h^T~c
N ;v
%5up
calendar m_dataItem cultureID
<Z[b o
/TZ[
YdRCehDnY
YKpMihWBDe34EIaAub
nW~lQ
vAbkOqFhMF
m{?DZ
>D76
bwK{
X</D
uJZvZvSwvpvpos1KZ5Y
r+ (-
__StaticArrayInitTypeSize=256
YfJTanmZF1
GqPmLCFmCjrWTP9uC6
_G>q
"Op
HK@>}
{c ^
MowUBUxllDabYRBJZCZ
PEkjRqSt80o0CSYyEA2
GlAydMlvKiiNV2wCkh
A+}
w> f
f+ (K#`1
;o}.
%7;?
S R?R`
Qd2ZDqqSSojuJY3rRp
r+ (s
ABsIhGcflvGMoaNTrM
wuiJ
E1-G
% s<
NPEHj701hW
g&H`
(jX )+
QpXUCOrrNQdXm74nJH8
hz3K
Hz^}
=cnk
nW35RAxScTrD0cbx25V
iriE
}~{n{y'q
a;?m8;
V/na
'>+~
YB
3mn3
&*j+ (
d1l\
+ ( :
vTKoKFrOtoQhftWGf6r
pSv
V )zO
Zero
L^Z7/y
{O!#
;fPL
7y +
r+ (J
G[[+
P6EEcbdQwGjtOAuq4Aq
j!=d
j+ (Y
& (
;C+v
*aK zp
+ (or
SFygVSRL6
D77EFhY8dAJtmpMrYVi
mIGsWavNavin3ACHTY
wTUsGBSJkwNdBsF24oI
HV;g
:i,i5\
yONHiVWmdH
^&4BT
7* )
oq$i
mscoree.dll
< <>B
WB~cA
HZ:k
.}!,
:ELH-
buSMJ7ZlDbHE3hAQI25
PaYvIMD1A
& (%
2Hy@
r<*e~
j+ (j
j+ (i
SnNQ
j+ (g
EC|s
Vu}l
/.8u
,@Fz
GPp,1
PW?R
jAGHRgTyR4
b+ (.B}Z
' -{;q+r
hETQ9DrxBQDhfC7rZ88
uCAh
%`}}8
&8h
A=c)~
Rg`
jVWv
9TC_
NbId
$wB:/
j+ (?
K2x
,_sPS|l
VBUjiRlvG
Es4(
xgMr7GxQ74beSYda5O2
h-sQ
k)
7/#G
o58HTteON6
T3dOgKdpEemCI2ByFbI
fcIU8PodjTp4J0tP.exe
k) (
Q>m!G
d<>D
GJG
SnlgQPm9XFWOeUuf6K
daGT31soAG
A}%[
y * {
UUUU_
]<N^L\
7 "G
WK9f]O
g,n %I
&#+A
Wpr7jJEY0IcMhnU329o
oX+U
X]Wli
1mc!/
+m<9
ohxHb2XSBT
w9nTlhLNdM
vh>
*n+ (=
*n+ (:
customCultureName m_nDataItem
XgGTcbuV96`1
?_d
LjVmjgEGkXlaHR2KKYl
UYxUL
zQ5i6,)r
CBaTvbekZQ
uVuAYEdhrGuWMC3BMha
Nl}?
t_~S
8"q#I
jRroH5rI5koGy7ChYnW
PSwer
~U| 4
,u_"
pJ8TY6p7Zx
g`}/9v
&GJ^AP#
NR3\
#GUlD
>K'.$</
2Rh?
}dX?F,
2CX e
E|}-&
ogo(D
i'L|:
LmC)
B7Ra
GOZXHsQhE
f%q$
xAq0
'SHM
OI/0;lZN?s;
NIFRJydk1phGBHagdon
Bhr?
Im.I
nDoJp2QOKQFbPidoHT
QvMuPJxFGblqf1jeTFl
aMikWc6IU8
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-06-21 22:46:45 2018-06-21 22:49:35 170

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-06-21 22:46:45 2018-06-21 22:49:35 170

9 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\qury.exe.config
C:\Users\Seven01\AppData\Local\Temp\qury.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\fcIU8PodjTp4J0tP\*
C:\Users\Seven01\AppData\Local\Temp\qury.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.tmp
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.0.cs
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.dll
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.out
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.err
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.pdb
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Users\Seven01\AppData\Local\Temp\qury.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\System32\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\System.Management.dll
C:\Windows
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Users\Seven01\AppData\Local\Temp\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Users\Seven01\AppData\Local\Temp\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Users\Seven01\AppData\Local\Temp\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Users\Seven01\AppData\Local\Temp\CSC9BC75CB6F4FC476BB4EFE8F197AB30B6.TMP
C:\Users\Seven01\AppData\Local\Temp\RES2620.tmp
C:\Windows\System32\tzres.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\qury.exe.config
C:\Users\Seven01\AppData\Local\Temp\qury.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.dll
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.pdb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.0.cs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Users\Seven01\AppData\Local\Temp\CSC9BC75CB6F4FC476BB4EFE8F197AB30B6.TMP
C:\Users\Seven01\AppData\Local\Temp\RES2620.tmp
C:\Windows\System32\tzres.dll

Write Files

C:\Users\Seven01\AppData\Local\Temp\25yyci1t.tmp
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.0.cs
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.dll
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.cmdline
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.out
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.err
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.pdb
C:\Users\Seven01\AppData\Local\Temp\CSC9BC75CB6F4FC476BB4EFE8F197AB30B6.TMP
C:\Users\Seven01\AppData\Local\Temp\RES2620.tmp

Delete Files

C:\Users\Seven01\AppData\Local\Temp\25yyci1t.err
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.out
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.dll
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.pdb
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.0.cs
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.tmp
C:\Users\Seven01\AppData\Local\Temp\25yyci1t.cmdline
C:\Users\Seven01\AppData\Local\Temp\RES2620.tmp
C:\Users\Seven01\AppData\Local\Temp\CSC9BC75CB6F4FC476BB4EFE8F197AB30B6.TMP

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qury.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\qury.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D5DF2731
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D5DF2731
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

-

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.GetTempPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.GetStdHandle
kernel32.dll.GetEnvironmentStrings
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateProcessW
kernel32.dll.DuplicateHandle
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.DeleteFileW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.LockResource
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateBitmapFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
shell32.dll.SHGetFolderPathW
kernel32.dll.CompareStringOrdinal
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
clr.dll.CreateAssemblyEnum
kernel32.dll.ResolveLocaleName
kernel32.dll.LoadLibraryA
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
kernel32.dll.ResumeThread
ole32.dll.CoUninitialize
oleaut32.dll.#500
advapi32.dll.EventUnregister
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptReleaseContext
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
kernel32.dll.GetProcessPreferredUILanguages
kernel32.dll.GetUserDefaultUILanguage
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
version.dll.VerQueryValueA
alink.dll.CreateALink
mscoree.dll.CLRCreateInstance
mscoreei.dll.CLRCreateInstance
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
clr.dll.DllGetClassObjectInternal
clr.dll.StrongNameTokenFromPublicKey
clr.dll.StrongNameFreeBuffer
clr.dll.CompareAssemblyIdentityWithConfig
clr.dll.CreateAssemblyConfigCookie
clr.dll.DestroyAssemblyConfigCookie
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
mscorpehost.dll.InitializeSxS
mscorpehost.dll.CreateICeeFileGen
mscorpehost.dll.DestroyICeeFileGen
ole32.dll.CoCreateGuid
diasymreader.dll.DllGetClassObject
rpcrt4.dll.UuidCreate
ole32.dll.CreateStreamOnHGlobal
mscoree.dll.CorExitProcess
mscoreei.dll.CorExitProcess
user32.dll.RegisterRawInputDevices
user32.dll.GetRawInputData
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Seven01\AppData\Local\Temp\25yyci1t.cmdline"
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Seven01\AppData\Local\Temp\RES2620.tmp" "c:\Users\Seven01\AppData\Local\Temp\CSC9BC75CB6F4FC476BB4EFE8F197AB30B6.TMP"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-06-21 22:46:45 2018-06-21 22:49:35 170

1 Host(s) detected

IP Address Hostname Reverse DNS
185.208.211.61 unknown

Host(s) by Country

Hosts Country 1
1 unknown unknown

#infosec #automation

TheSystem Itself @ 2018-06-21 22:51:12