MalScore
100/100
MalFamily
Malicious

res.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 16/66 Related 2056
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 340.50 KB (348672 bytes)
Compile time: 2017-08-20 16:24:34
MD5: 1856ba7de4a465c9b1a7959cd3e02551
SHA1: 83ade2f3d75ad66885130ee09ee8b3fadcd84fee
SHA256: ca945c9ce0dbf6c1d47a4be4a98278c6661defaf6e4c44c37e632768706d4d13
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 |=:?=$a5 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-01 09:09:04
Last submission: 2018-06-01 09:09:04
Filename detected: - res.exe (1)
URL file hosting
hXXp://alseal.ga/dew/res.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-01 05:04:05 [16/66] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
|=:?=$a5 0x2000 0x4b548 308736 e9a9a79c7d49314ef53ff6bb9d0b2319 ea865eb4185b57056e7b9b434580479d978b1729
.text 0x4e000 0x4848 18944 c265db692616d1987f6d13d952c320d6 bdb6946c8b77a2f0ba8fe25afe7ac2bb3b6a2977
.rsrc 0x54000 0x48f0 18944 e12ef18a69522a4ca86df581f3076db6 bfa6c6679751fea8bea7c878fe6cb574a75abcb1
.reloc 0x5a000 0xc 512 8e315e7289dfe45e8ab44953ac185ce8 616b8665282e75dd3263da67f62ab20d4a31bf60
0x5c000 0x10 512 29fa7049d70d2da40e0e7f86d2e0caba a30cdbd2908ec16b7332526b323303ba235d1d97
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x54130 16936 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x58358 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x5836c 916 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x58700 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 AmSouth Bancorp.
Assembly Version: 0.0.0.0
InternalName: paulnewongty.exe
FileVersion: 9.8.29.2
CompanyName: AmSouth Bancorp.
Comments: 0qol0mjivxt
ProductName: Ashampoo Snap Business
ProductVersion: 9.8.29.2
FileDescription: Ashampoo Snap Business
Translation: 0x0000 0x04b0
OriginalFilename: paulnewongty.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
9.8.29.2
URL(s)
No URL found 
VarFileInfo
Comments
0qol0mjivxt
InternalName
paulnewongty.exe
Ashampoo Snap Business
StringFileInfo
Translation
Assembly Version
FileVersion
Copyright
VS_VERSION_INFO
000004b0
ProductVersion
FileDescription
0.0.0.0
OriginalFilename
LegalCopyright
CompanyName
2018 AmSouth Bancorp.
ProductName
9.8.29.2
AmSouth Bancorp.
k#I
),O_
{_F'
Q8Ch'
fC!Dy
UpV>
|rW&
hL
'
?	IbJ
W^aG
\T!I
N4\GCl(~
W5]t
GetHINSTANCE
*,DVh
4eV)
yzNd'
>z.
dc\kp
Vb>@
'WCK
h;|p
]]m;
[,!n
Ghwo
jZg
(}y`l
QV1.
G4oG$
05"P
5njCI
WqZj&P^
R_@6k
KeaJ
&*Cy
'/=2
"H!qUK
sWhqmlS
[|+pS
6l#h
x6y
Aik #
F{Z/2
sZjZ
ZfEe
}lJ,
ZD8n
ljli
6xJB8j
7=[a
Z;g^O{
`p	O
quJ
vP:b
yK&R&
H-!Z
|(k_
!PMV
-]	v
5@5B
do=q
5mT=e
Y 9U4"
,U }rd
5SDT
r<
ryS}C
e#x$
5SDQ
0Gs2
4JD
lP
18K&
@F(W
z6
P*XhD
C=F8[-
#*)8nwJ
m}5B)']5
rL)!?
1O+#W
H$2\
mj}}
vU_'
}@*j/&xu
di5D4
<L1cm
D?n0
/Qb4
9m1>
iC44k3
OFHr9.
pC3FZ
01(|
mjllm
mm0/P
A%B6
MD];
,q%=Z
WZK!
N$tpt0
q94t
%\
Q
6G}}<
6RYB
IZiV`[
Xcb\
RBhk
W~\z
k<)$
c0-
%ty;
z$vD`'v
}2nc
U\`)
z1O5m
Fv\Y
U'7,8
`Q!B
BviV
vh{4
/;tf0
n KT
qQdp%/
Marshal
.cctor
'?gj
9o%\
P-u%i
h%^x
J;;\
#Tpw(=D{
fe\QUu)U
YNwQ
nw0a
R
VF-
Df*
I!YZ
J*++6.S
y&3f
4'i6
RdAZ
CompilationRelaxationsAttribute
|(2
i'wm
,G2t
'bl
uu ]
.d-v
oI*1
a^%|
`bBw%
'VuB
to~"
:'Vw
G`#%
:+3h
yeOmG
5 TP
!!/!
k}gJJ>
%~MuTqy
G+!1
12}@m
nBvOm
,BDn
3@jN
**N9
ma(yM
\`n#
HM;z
MRwcx
lc4E
^P=d[
M>B?'
]*eO
LkxE
0ID0m
t#.p>
knJS
N`
|
FG
}5>k
Q++%
,94J
&*dh	*
fPNq
}pf~
,FvM
N':f<#B
x
,wE
aC8i
ma}P<h=
oMmh/C
uE*4KY,&
W}l"
q'GkE
6_(q
m#,
r\T)
62`
ujCu
aJ#
0g*v#l
|=/r
%6P*
Usq[qe$`+
xqIC
w"F~
uHeE
kGu4
^	j{
?=ZB
%>^J
kp6'
{5*
yrK #ziW
\Qe*
/%i&
dQI=
NJO+#
b@?'R
#u?^
gh,i
:^,]#
Do@_
8Pw=
C=pe
X6C+"
6-$ot
i4ZdB*
vh_O
\7."
X(%
7
h{4UV
~PqZY
JoR}
OR0
B4CE
Nho@
y6v&
Z)hHZ
;C>}
u{9KQ
9@M'je
C[=n
;h?T
%)GTYb
RV
k
\F}3
)on
F s
o^D*]
t`U:
get_CurrentDomain
!
g#
4gB|
#Uu<
}:S}
Vbiu
!X#Y
_2"
6fX
8T[Mv
U(6(
*d3E
F\4rat
(c:0l
U^%-
G'tj
}"={
{{
F MdL
Wmgy/
KfNR
E7(
GLVC%D
F?e(
'sHhT
|7$pn
CT{=V\
2!{E
8Ob%_j
05P+
=DM-
sn&
5wbK
6$4sB
@>y	_
]1*W
^VDx
Q{9z
Q(M!_
j7o9
c>WXW
Ayy"
[jx{
i0l
4q=
z'v$
)$\.
tb	.
faR.
c562U
(lTa
3H;o
p8Wn!h
_a !%
f{=N
h>H
BFl{
O~I7:
h5~
So#,
XWtuIj
t2'b
n%[
{WA
?pBH
B3w)I
4kF:
mG|i
_YvW5
xHbQXAY
()Ld
|?U:R
P}FG
Mnq*
j1yZ
<lRi
uktJv
0B)8
pZhw
x?S/
RG]
okAM85y
N"}D
JO'
,+QuW
KZX
}`LS#
5|V@
&"Q
D
8D0/#
9={R
8pAb;
,VA|eL
jE*IM
usL
7cmg*i
nfTp
N]OfK
z}_
i`6_9^
1w^MZ
S@dd)}
(Lj^!
7B0Y
vl6f
T4d%
u%=k
{fKsY
3;:^
j].yX
gY%p
WV~K
Y9=0I
"Pea
j;	On
zG5u%}
4@\6i
_c]"1
kT
x$Cnvbh
-> ;;
afW{
vP	!
^W|Z.
+jE6
$Q{e
/_2&=
F<67
Nu=DU
f4xv
9|Q5
6qv#
bL}-;
paeu
ssGbpS
gq"
(ob*
V <V
`z-p
BAe,8|
--MB
+vBQ
]O)7
<2ARg
`C(c
9b9G
E-C
$X*w
[GkC
M		j
w;0V
-"l#
a:q;*I
8:<@m
p
{1y$9
z:v|]
t:MN
'	S
E &~A
@_Xq
XUJh
s3rw)J
s&1J
7(l%
kmml
oPUs
-s-']
3Jpmm*
[H9{
.Lzu
x#?U
y TW
get_Name
Q8W)
/!/(.
4WI-
j{%h
eGi}lG
Wed[B<k
\#8[
y}FW
zOix
4?3i
=vhn
ICzVA
TS-eOk
yR	L
b4;.w
avNlH
LH}8
J8
gznx
^GgRx
@OBu
z):Hw
zf}u
Hxe1
get_FullyQualifiedName
+:Q\Wa
%Omg
Qc"`Pv
MAc
mKK+
01/n
v`AImn0
h!HW
~``<Q
qe^g
2yQH
\L@8
r
An
Zj`2
85KL
XZbf
hg`YRQ
$13H
n-8(
z*}
J|-O
23;?'
Mq'H
bqnf_
IcAO
C2&R
aG0wR
y&H^n
V8[`
z(;~
^&p9
hT2
;
Rlx!
]Jq>
9wh8+
XI
%
3LfXF7
.>
}$HT}p
D8k
Q&0pE2FF
Zai0
+$DV
!|<
jqJh
<!*,
iTDF
R+r6
.text
!	Zw
N
zJ
IWx&B\n@
'f?5
\eK(
4w	9
HR4A^
~h,m
lO=8
@D`i
|<I\
%93
(pVU[Z
;o/h
;wp	|
'Fuv
+-v%
:/eN
s
o$
gWk.
O
;0#_
7, I
<JVh|
%)q2j
S"?Y|
w=(e
kORca
^-wfT
UdCz
iIir
+n5!
Zzp"'
&Fi~7
QWC*
4X+R
ZN	Oa>h
,o}%
?lw,
@d[;
%vP(8+pi:d
y6H
~5S
System.Reflection
4tkj\
j?4@
IE*w
}v7|
7>H)
35)|LV
T,^d%
wLr4
R\LJ}
prYEJpW
KIxX<
)1$X
9N/w
d[<{
amn>
'cl9
2&Ur
nD!h;
Z#!L.
-8<]t
06wC
_}Hy
toU'
}/?)
2,|{
%_jNbK
Q0md
mnDN)[
;y*m(b
=B-C
-%u.
qE2
c(c_-
g@R
"wDHZ
A!p/c0
0)?+9Yo
TiEjT
X*Hw,
pefO
/@BV-7q
{)Kn
A	lGXX
9#n
cw
R
;dTt
9.Er
}w>U
F`XD
b+1*
H5su
]C
W	g
td$
}U$&j/YY.
_p	0x_C
H^?1_
j`#P@
Eg;(y<
.8F|6u
uY3Y
|8>J
Q#*U@w
KR"6
kernel32.dll
Cgyev
M1xH8
~\eH
`xz
d[sYY
]xAb
o=wH
iqf6
[P<e
c
~-
eEQ*
gfDLL
LJ*3Z
mB>!:
H~vc
`.rsrc
_lP
tK|
!	"?
)r<@
Z~{z}&s
lLkn
V/#\
Qg=n
5lJ:u
M[s+
^ZbJ}
cvs_%u
hrq\
Zj3Y
M6ZT
u&\V8a
L",Xj$
goF?7
U*(+C
1>F$>
--JW
4Td4
D+!S`Y
i;2@
np]^
1krx
hdv5
&:N|&
B*^Q
,RJ%
ZpY?=$
Ev
3$
qoML
z9Fn
l!-3
w;Ln
&d8rx
L+NG
XCAc
*]
ofLY*X
@ i0
A_?u
kwiWo
eq$sm
tr	-Z.V
9D2h
z>cJ
;`Y2Y
cOcaG
3#_N]3d5d.r.
CD!-
Q1ti*S{
rBZ"n\
Y^SRF
LJ)qN
U:k,
BSJB
!#":t
jllk
>>|
C
PN?1UaJ
E|\aA-
*vC"
>ih{
OM%+
kK$	=
&(`>
:`a+
U"-?ai
NM=j
|Ee_c'
>0U
nl.exe
h	7K
i7l:
0Db8
,^,
`	!Sx
n^1~:uyhLd
0O
j
ubC5
N|LS
EtZ
G:
Hd!
@X'Qi
[dC+
5N%j
<o,N
WyPV
=/yB
xuu"
Z9G`
aM/o.g
j^XEK
@t
tn
~!E$C
/u}4
H,Wu
]<	D
Ns[f
B$][.
?k[	J
}$<9#
9ieB
=!
w
G6Uo
gk&
!>*R
)w7
9Oh-
|1`.
0%8:+
^^gl
4P1b{5x
pjQ
\czQ
CAE
>OEv6
3^y
\c%?
yQXPo
[`f9C+
[w4p#
aFtB=
m16\g
"odr
*r
{
h7#b
&@&Q&Jp
x1=8D
(
CTfX
9^L,
w?Zo
8M|%
g5
>
W8rvd_
j*_ig
G8Vl3dv
A)S:G2
3
#AG"
xnV
f'F{\
A|cp
YjvJ
lu
A?C/
}xC;
[P3_\#
Bv Yi
6F"|
NsUg
xA]x
nl^|f
yWx]
UtKj
>?
q|cJ
b\Wj
[C_x
c>vV
c:t/
{\a;
U~vH-
34\#@
e#3P
^X>y
Rt(
9I'^
mAW1nYq
O7
Gx
bM:h
~h.Z-
\Q`5V
}\)iwwk
Hfb.
vw\
b1A
F}[e5ND
yG87
!](^
U+Y4+E
0O
Uy-
DUTqZ{
g|
r)5/
3I=U
5ygA
x W
QcRy
8FL)
5J)D
IOYn
2H"d'
#Ye88
>HIS
,&K4
{h^7
klil
:.bm
>ZC<
gHAi
b<_X
&oc:IN
&\HtK
Q~bQ
gfF"
WDfw
I4r&
(.9x
p>5X
H>Y,
DKR2
O'[o
IC&/HD
LG-co
Fp37u
cL{$D
System.IO
WrapNonExceptionThrows
yBRK
s/C(Lt
~^nF3
UR31
D<NTT
aaFs!E
AXl
4JDV
<O/~k
MR,U"
jgg
t36p
fWF9
QY
\
$sDG
Y|T
L
.s%&
2XxVj
{ad*
p	tj
=ul^
fp2d;
<'!CSG
9A\f
&qvc
u)p(
OsRC
W`$~4$
9.Vm
V3W,
>)5F
w#b
Ok&q
ML-+
9FL9
lkx
RuntimeFieldHandle
d
kh
uLnt
3tHw}
F=Ss9[
&u]
ydn27o
L*
L
K_Ih
6MXz
FDpu!h
tlL2<
[DIk
C]TD~
G0uZ
F%e
jX&6
h-K3Ay=
S=g_
op_Equality
Fvr/M.
g|4nEA
nd+F
!Bk4}O
Z
O"'
z_C%
IB2H
L^oQ
G	Pa
{%"4
R|ZT
'
9<B=
*RL6"
@4Sr
X9 3j
Y>^_f
Y7}S
>.s?H
NLJ?|
) L9
:Tt
g8pA
3Wfa
E(X@@^`
$}N{
uF5w
>OBY
nswm@L
5
M2
System
&^1U
ac6:\
z6A!9
"?}5
6}bm
<i/z
]*D
lY0)
A@oRT4
E*m-
~#7hM
J-R87,
hAe+
p
-J
H'S'!
]?QW
\-`KR
r$](
7>M[E
:G8"
-vV{
_,N(
_mh^
'=	]<
k8_,
}'1
S31q
vY9l
B_sV
KsI5f
[
W1
;%&J
(^=
X
Ka
bv\K
[y.ehT
@Ix!_
&,_-)
`tDi0Yu.I
x9c
^A~_b
*ay<f
lU^L
->SL'
5uv%$*^
}`D~
ZC[*
qN	B
~(H`
`3xb&l
im{
c%Ni{
,=l5
p}8J
>~P8
}I
5zTZ
M3hP
!7.@
>#
4
%.In
;[n
K<4[
:!9
i1E
2jyc
L`UXVJ
?[s<:
C.i33
mNch
z5PB
s6+<
Z;hk
8-
\
%{+L
De2r
n)?K
3n:K
jlX4
>(1Y4
*S\
VirtualProtect
Lx}%
!-S4
_^@
*b
?7jVE
aG'P*r
z><6e\
y(_`
m\wQ
*tx`
Hr[!B
9+bH
70|&
vAit
@k7[f
&:[#
X- Z
e,s:O
AA*I
Qt
WsKD
f;]*
tJJZ6\
PXx;E$
KOo,s#
\nLD\
w2TV
S;A[
{25=
pk}n
EJ-3
_(X/x
^*}(S
p0;nPn(f
:6G
-6pShuh
oM]qh
BXk4
]:x%)
4Y*i2
-xr(\Y
$J!Z
?kO
z4 d
GetType
3XAn
8fH4(
,gM?^
\lV
sN[z
s QRaF
|=:?=$a5H
VRS$h}
&p p
9k|1
oKzh=
2s49
$W*_
+>QK
Pw^i
.e>U
kwRy
+O"a6
*gm%
[e<r
CRD
.qn@
wL\7rXT
P30r
?	MoN
%m.b+
ciw
xXs
,GS.
IT-B
S}Mo
%4gIq
@Ni'%
-mIL
'X5fg+^
$Bx~R
SH]_
s\fa
ei+U
~Q30
l
MEnb
I?
I|_
D
iU
OO"K
XH(y
HkNG
GTm[~
6]2_bV:)
L4Yo
O(f
n'
VFq'
\YK_OJ
!Lb|
?;)`n
t9#<
,:w~
{kE{
n!+pp
}*!6Y
EU15<
^F9e
;!LT
}F>
x^Od
7D:e
a9C'L
M8V
mn(Dw7
hSP>Wd
7.rN
_\D&
mlkk
uzOV
Z-RI
:oeH
P%u%
'z98
?V+pl
O/Vq
P"_8
\::
X_/4
C>/U
't$r
8M+r,
Wn!1
?<e=]
g}0d
;8:#
lx@w
)9Rd
7]%}
dP1+
?y9}
![a[,
zonn
t9Gc!
7UQ5
P5R`
xJ/"
_.XY
^[m#H
`+g/
/PQ\
@1Q|
ry7*
pp*Q
8&K!
op_Explicit
B[#P
)(#@
>31
SuTX
yF@jZ
d|jG
5vE.
BY&#"
j")a
(oHp
System.Runtime.InteropServices
y_\>i
tqVN
vS]9&
o-'Dh
-1.
8&7]Bi
eVg#>g
Mi0m
DRB$
0}Bb
g{<,
U<~>
8<sE
?\ }t
.{n]
3;HD_
Au@z:$
Q
8q
S &6
eSsu^g
/}{o
%aN4s
2A+1
*9x1'
Jan|
W,[UX
V0J,;
9Kgs
}cbm
get_Version
*\9bt
oFj(
Ulp:7
$F_=
RH/
<?Kp6
>Nj%
}NRNQ
4i<We
=%yM
U(-Z
v
2^
mE%p
(5!bc3
N_>H
dRoK
c[FT!
KV)%c!
.	K|X
`8E~:
>_`\
UM@~
a6$,
4qg
/cXLQ
~tk
f	@Sp
V%M.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
hvl?Ih
UWz
:sfL9
!.NE]
@uxH
8@Xu
<,sED
%BhZ
%,j^
]9)
V
"w
T5
(
3?;Q3
wshK:M
kyow
~#|0
CC%}
QJ<7<D
'xHe
(0f31
%Y
9KOqC
Kge/29C
x0[9Gy
rC6i
htq
~p-4z
yr(
k.=6m!
0IMi
=7/u
~#4h
~
I/
;iUpcSv
8'Ajd
jijil
sLEl
9[
M
YVh4
Y,sQ
:L4#
dsX6=
WQ19
5qS8
$W(x%
1s-;
$2LlTLA
X]yL
|#+a
W&;d
n5/,
?i6
)W,+'
=4LTp
5V\W
tu%x
sq(~peaY
mQ
sZ~
Dp.
-	v"m+
xOCPH,
>2dA
WHx+
LCeemJ-
|rdP
|gG7
$JjJ;
|cU+
"*&}
Qe+Z>X+
a;-Xc
BatB
]F9Z\&2^
:Z`<
tRWx
h@!S
6OG
;9'i
YOyJ
}OiX@
_%yEr
mlmi
hr9/S
mU?Z9
!6D/
utJ9B
J(D+
E8T
get_Length
_Wd
omsX
:w%
u`0
16$WvV
SuR0]
FHI!
&_Pu
"lr5
5qe~
"SJv&
^3~r
R\~H
{"4X
'6Ab
yd*.
uJ?)?
Mb
yT.x
~z(z
}*Yf
gcm%
8$L*O'
nljSy|
wOq'
Dg>6
U_Xx%
*:l'
!.4+
dot-\
OL,1
.w0fUc}
.,wga
V%[0v
grl;k
}Z1>!
f?
nA/MK_
ZU,v"
@M:e5
(IS#
ES
uW
eOeW
ValueType
/7qQJ
mULw S '
jR_:
3px=
JF*
0i[
XxojW
pZ$
%[Z
C.zl?
LJy&
nX#1
sGEg
cF+t
51e
x
p
dSZ4
QGx7pc
d^}
l _Sg$
n8KX
/O(2e
{vI/
n!]B
rb$,Z
8ijyElb\
cScm
/+
gcYM
HeQJJy
)6-U>
!o*5
gTHX1:'
-IEk
?4R|
q.Et
t,G	p
RW}:EC
:~5,
ag]s
2p%l
-5X
I[V.2
x1%0
_bg:/
1k-<
9
Vx
9h>^
C<7	W
buuDm
n,L}T
~`KL
zw"|
FszEc)F
cadA1@
@%z,1
{u(8
@*.7
aKL.y
IReflect
EUC'
~@W5
.eHQ
mmjk
Z]
|
{*A2`
ZM78
n{s'%#x
l$be
OWxG8
W
Zib&
z&w7
00
e
 dcj
XCio
(v,
+*UO
7wXz
V7iNz
UInt32
Bz.9a
"rEm
&9%L
Zx}\
N&#W
S-utA
:Igx
GER/
!G[n
kKP
.2p4
W1bm
ToString
pXIb
y!"
DBO0
!=!OO
+#G:
]oSk
Environment
37L
k:+i
r/k
L=Vv
[16~
qAD,FY
dWf)Wbe;
9;

Q)!{
G[-}
7TpZ
XWR2Wa
}bTC9
-3T
Y5}Q
/e1YB
xh.A
qu\h
N|i
+p4x
Fh,z}
@sTh
%)m{
{|M*T
6;
?C4$=
j 
Q
Lgtf
Dh0
FyZ-,
DrE'
,lT_
@.z0
eQ?#
of-q
;
 ]
{i>
_CorExeMain
rM
;
qb$/t

W D<P
/tX
[31%Q
Dta_3
`+/Y
BSxi
3q=+
+lk;
9.X
(6&
bUXm
5U:+
vD5W
ko[
YiO
MrqeAS
yE5r
"7$L
x
mZ_
:qB!I
9^t!w
wfEhr
7:)?9
@8b`K,
:iy/\
;)I
`{u7
7lh&+~S
lM$
GS(o!
~H(&9
5S:4
v,1r
,O{eh
\I5p
Gw.l
bNGH
BS82D
a[
K}
|vkhS
oT_E
y"O8
N]+k
7Xb<p*
q'-Ka
3_x]S
SU?>

aL[~*O
fMm6Y
ObvZ
c,RC
C-C$o
D[9'
HxLYUM2
VI%I/s
egGN
fq:-A
KR''
z~LvTk
,NLL
,N*
Gqe;
%Fjl>
bFRc
R(`@
U
s*
5J@R(
*/EU
X*#x
2M$t>
U{oKx
ur/v
gv*S
*<oG
$a 9C
!r[
@ !&
#P:?
)cZ9
,gU3)
1K
>4
5J_+
kua!
Jo	^
( 'Z
PHp
#Strings
-#n"
N_J
Lc<L
g('0
H|9 m"`O
=;=Zg
&YTac
|P$JY
^T.90Y
6$I;
\CHq7
WI`p@
F6E;V
(Z~e
[;\U
/%=
CD.t2
!c.dr
?o0&g
a_h,
J7Z
]F
/u+I
^=G,.GW
_zbf
9#Z$o
XbcC
4';4
<o^s
r%[}k
zf@%
">3W
]+
b
Invoke
|?#`M>?B
mK9du
Lkpu8w
nnu!V
+N-k
bj%9QG[
y21
i=~gn3
himP
{ ij<}^
16;X
9=xt()
Au{L
.EdX
c-4a3v
4SH'
'#8!
ZE[
!'k0D
4I~blN&5
GetTypeFromHandle
#	sC3a
KU:`
e,_~kb
R/oG3?X
JlJ_
NF2z
|;k
!P~.
f{cX!4
]P(H
leGL
"L.Mjt
j*+i
NBrp
fE*E#:}&C
}1_O
Module
vPS
^g`1
!
SkB
"!t~a
Y^w^"
<Module>
p`
~v!1
*MU[
g|SxDD
DDU\
D#OIYe,
|4K
^>d.<P2
X8LT
:`Ix3
I]h7,5
a!jS#5
6Qq4
"z!'
&Mv2
xn+b
@.reloc
zH`e3
dqG8
1<qb
&]>yI
\`4d\
)0]P>
rF
i
k
h{
n^(;
PM+/i
xN,
{I$us
QX}
59Q[1
GE\]m
pkJ
5Ckv%l
buAD
W
X2
3m!|N
MrH"
[{hh
7
Q\Y{
ebm*
QFm:6a
bVdF
++a
Byte
FjUl
@]V8
Load
L.c1
1plH
F-a
rNml
[.aX
\Gjw
FDD>6
0`r.
mBw!
{):jp
+R.;.
Tzo??cS
exIu$z
Rhfi
RBeu
w`SfO'_
]"ou
([mPj
$g5tN]kN
pvC0
q;y*
VX	(
?vuJ
J%,&}e
AT*q
QSR+
6[c"
]"uSJTV
cw(I*
>sz"=*
0^cY
,V.s3
bzI[
C{:si
Vr5a
tzdQ
?bFt
-nqK
P
xT
-F%u
3QVQa
W(wC
Fy&i
clLQ
D/jP
|'\u
%96#}
(gc^
*:+R
DGn^~$Q
KXAK
bT4
b0aE
]mG_.
1!k[7
WP-o
PBDB
a08SI
/)\f
!%p\
0*4=G*
E+uTo
~i
/k1'6
e-fWZ
Ej^nI
k<0-
[Zq
joJZ
]kVb
w2#X9
_Qo`
8!;/
D=Ew;
$cv\
'Cm@="
j*%"u
g[#r
R88ZN
;@Wp
Rj`K
5_A8S4
zG#
$|9
un;a
^BF;j
G1|N
Zk*U
Yi{L
nDG
'(]
/2"{
zm`cn
/me/
#Z
r
hpW
;*Ly
@	JC>
jPL
p{qy
l("G
@0{6
(Runrc
\74j
tnJDvmADHpKJoHuQEAnhJjimBpSwB
?XL}
Z
pQy
t
Or
W'41
)<(;$
C]K1U
d]@1TNu
zq%<
RuntimeCompatibilityAttribute
EMz#
<RSR*9
Gb4b
p;70
*Rl+
?X"{
i>3*
+O|d+
rG$\
GR`<3
Assembly
/4oN
sM>
-Q7<
$2gD4
xc4gQ
rH`^X2
w#W$
uzg,
1LQ(S
RlW<
qO?q
J}D:l!
'Tz8
zc#r
/O-$
;mR+
oj>?H
|&h
~'xg;
ZP;)L2
9i==%F
h9
(
T -tp`
3X
vJ
'0:R
pda9
}cS"
Zf
P&9$
-f`.b
tq'v]"
AppDomain
+nTY
>_rb#
y>
e4~{z
<Wp
y(9
xj/^
Y
U
N6
8G
Jm2O
<L-l5t
)"G\
'vi
t /<#`M
KC;|
PB!Di
8S&}0f
]W^l
}W(o5E
Ys'@6
A%;
yVU
}KsiH
@TxM,>%
]2}O
buen
*bB(gL
iTjXAigN
SCw6w
7*?
z
D5
e.x9
g^XJ
IoU#b
0doL
.}`H
W1[E
)c!:S
|cV+
+az
I(U:
T//\
aAO!
_Y73
]4c=
3kP|
_ex3
o0Wu
|
"XgN
x2 ?
d8}D
#=~1
{hH"-
SZ:78
*K5
@m F
def
V\0F
=941^&
z3[`
{Dm%<
nKQy
&#6^
-??AF
rbXr
9}?
k+!
zy8j1
\j%7n
,w0
sC=S<8E
"?s
:
R"pz
P
c%
KP$?
_{,U
l}P4j
itUW
x{"
R1H5
Pj,J
ml5
b&:D
q(]w
.yl2
6C_B
q( d
#Q4d
l&w
%Q7U
m]
*I
Q'v
_'q
v<zB
g)`Y
wK~6
;^)J3
~L=/
8StZ.R/
NWV*
>ap)
2~ol
S*_g
Zj"rNW
9H[*mg
1#_>*
s)Wf
e
@M/G
ia'b
Q(">
%
U2"[X
H<*5
AaB
_49g
+q(
g@Xv
zZ.;
r)$?\
L`!h
jlV~r
|(4T
LH|y~S
f/w0
B_&J
\U&5J
#
Az
nOGc>Q
P]\.
MethodBase
.\Kq[
v5A3
^zl%
|D~=
I{2>
P]J(
7jT$`
dPuS{
iE14
J+Sh%KK
$IZL
vZ;"j
6r#g
.,Jp
[M?X
5QxX
P
[E&
q^Eq
h~"0
!(".6iH
s
&m^j
5X`iO
m0r	H
({/(
H?*FP]v
}~aW
IuO;
t'}
1?{j
@\_\L
qGrv;=
6>H
Yw
8&t'
i~
}
<fkm
hwi[Fq#V
p8Et
eZ$S"
jHC8}K,b
>
k*
a.Yqa
@|-nl
y%`"x
D4cr
v:F`
"Zbzb
_^8"
jGh]
+s-f
8@p2
'oif
Om<j4U
'2+d
|/WQ
f=O|
WN3m
[/`S1
aN&
Qj L0+
:ovB{
wWdB>
m*y\
ReadByte
."np
mxZF
!itH#}
~<iL
'\_[Z
Vx&`
]M(
NC3"
d
10$d
R-}A
A
>*V#5
I\e!e
uCeRA
./fW
J=,A
o22Tc
=Uri
g>|['J.\k+n#
EA}}>
G8D9,
@~An
aP)
mkiil
0IN+
xGKw
&Mwe9Bj
m$/!"R
Qk>@
R-B|+9T
0E!{N
$@dN
!#C`
}iA"Ok
Ga"@[
pZF_
,gs>
#y`J
9l5P"
9I3C
kVwA9
}bsgtZeE\
Gr7<
"]<\
oEdVu]yP5"
jQ+&y
UPAb
!mJ`
18C72B62DF4D9D39E9FDE7EC6423BB46A8AD3EB9
#j.6
cFV2%
^kAx
NDDe
bwPa
~lL)c
(gH@*
*6(
.N6~
.C?}
imiik
0^`
#ROb
\D
u
S~K>
td'Y
1Q>
{J]hKNI
uM4j
r"<<
&
<S
N9p72
'}vzZ3n
3SRO1
8m?%
IOg&
8hV?
PS[h
f6t3
-]q
h/@K
xXM4.
`}w'
Version
[4'>r
e9[
Z>YW
/bqy
Kpbz
#k7Y
j=!m
Ipb?
Xj1b
d(3oqG
>o6
+y%5
*sR/
uKp/
k<N x
@` ~
V)2
d.Yq9{B
Type
\ZMc{N
9Q5q
x_="S$
`Mz[
.vS[
"M7{o8
Ye|+#
pbiI
j+i7
UqZ`
!XJC
QH,MmP
^
rDL\k
RHd
o=r:Q
Uf/*
7|F3w$
pi{"
DS(v8
v:,o
XaCn\
eBl"`
l&On
^h,y
]0>}4s
iK~Y
0t
UGxn
_p0:
Qna9
L}<o:
EQ@)
~i4e
-3q2
Read
Xn;C
m3	s
.Ke z0nf(E
&\?K
D_6
4+V@
kh?/]
x{m
8;d
URch/5
MqX<%
QSi'
IConvertible
1.0.0.0
q.zDm
"Nhy]
+[[+M!7\jz@
b{B<
add_AssemblyResolve
Y g0
(^:L_$
.{F0#I
%#t$
R70/H
v7'T
m+Ok
XTz j
]C`J
{%(c
3xn
1s>A
J?m
f`SUb
4JT}W
EpsD'
o41x
Z/FMg3
+*#19
1]gX
H4$Y
qN5\
ymEti
#Ipt
|\2H'
ZC(o
ni')
2]X'
aK'T
^0lT3
Y6;3
:NP@
y#gU(
4 rL
t
?;
[9RzO~.5
;frE
n>!-
+|zB
Ry{d
Ux=iR
O5hA
=F4[
YYV#
oGG"
"1w"
|'S2
&7/x
6C61A2AAB9DEDA384120B3D6595C214F06494695
?zk
;QFL
D#8`
vbf
}KGc
6'g=
h||V
]Sr=
emc/
O5>P
,RCO
AQ`
ltbc
AF4U\Y
o
ICfOR8
:yayB
bl0d]
l"`FA
=L=F5
."9^
ol8&z
'Hk
O[W1
l~^
Wgt
T
{[m_7)
;^'[
hB&Od
Gk3"
Wp=D
O^_1
T`}O
DnPMb
)	"{1
vGW`$>k
SVy,
k'i|
4##ltP(*
na|
yP0zQ
RJEk
/dXB
OZ&}f
zs.U>
pm{92+
rr&Y
.^mb]
_cRG.x
`ahp
3Z:Iz
p@
tX|L
.HWDw$
~,F^
b6+j,
R4'a%6
\6
X
~
Hl
:E#Bw
s+
}Ns-
gH@C
("@M
R !
|BW
<L[f
<2s\
A.i:<
24?e
u`mcS?
;Qx`
nHW
2Iv-?o9
p>,E
51x&
Y 
?)
RuntimeTypeHandle
IsC
J',N
19MWWP
QId$
ITN-
QwN@
`"Bj
x"s;4
"ZAS
#HQQ2
^w!8
8ww(
&eF.
\e_v*JGJ
?}a1
)
( h
#@)*
ppl+"\RQ
_kC7p
8>}sx.
J{B
2ZZ\
EYTb
fo	8
klmk
V
>6"
^
GN
ML.#'p
=/yb
O
/_
'-M2
@Ix!_`
dtW	3
Append
(Y!'Y
F9Y\4#5
(9ULb
A}m%
a O*dB
\fAc
KLDCU
?)J
ur~
qT09
5!4Z|Q
i(-/
O.|{
MJ,d
xF
P{w<wT}
vP>TA,
Gi-i
ETP`
7>C`97}
RoJX}
7|?x
oR,
buUl
ybHuL
|Ns}
HwT
x0$.J
?F[^V
7}9"
Cvwl
JihUQ
J'^'
:pLK
)'%D~
8Mi#
.)*-
2%"v
ldxz
^y3
m WwW
5Oc1
6DGQ
eL^F
-;}d
zL_
#kj#f
.kG?
A$j
GeB#u
Jv[q
wh#
<$qw!Q
30 4
oo]W
;Kk"73
:~'v4
'q.D
dt(
~ac/
-GK07:
*1IY
:jeM
6ddzx(-J8
nH17D
R"DV
rya?
@iq%
!q<7>
\TAC
B
N/
5r/:
'sF
)Jh=
"?0Y
3T!\
%94
1>o3
?C$@[
a9	I
?/R{
2V	eQJs
8gav
^vaMrD6
VxCY
jt`%
@sI(
(zrE
Char
7
)K
GRiOS
bD;\
x~;KNCu
7|9e
'GJ3'[
<NzGN
L\'0}
it	`
UiA?
sF3}
<y6B
*k=}B
6C/X
4lM#
n`9T:
@MvI
_jGjT
$C_r
T)1!%
|+!2
.I}q
4
y
BRB9
(I}D
G1Tb
|!lo
tg>z
(H/-
j0.F
KMYel,lXm
NZ"D)
A&z&
a8`-
ob_L	R
qfZi
Q@m;
%Q{WP
u40}
mscoree.dll
!This program cannot be run in DOS mode.

$
\@&j{
f6lJ
#YA\5
+:d
;a E
Z";n`L^<j
jx*Rv#1m
:RG,c
3{a+
N6iH
auMyE
yF'N
IO
i
tHa
System.Threading
clUeP^
;b>
r5dd
KlH^
>*d+L
^4\
q-9ct
DHf+
,BCeQ
UTH
Mi1Q"^6
]rP#
^.:Y
z}v-
Mpj2PK~
,fCt
3dD =d
M\%frS
^2Z@
A CZ
MQbF
$d<O
!3%S
+RNK
d7b=>/g
(;Ry
l2,xw*
WjYUO
=k"7
n%YM
kJUn
Po'u
rC|=
)f{
`(;yk
%G^n;d;
IkjmL
p)Fc
L{1
C|EN
Uxbae{
i\,)Gb
U)*t
v8on)
-?pdfL
o	RJ
Hks/
H	=[ooI
ZP5fD
f!Ifo9
_2t
&mQZc
a.Y#
*@0E
{ }/*
(L9O
U{Hn
zY*8
c	!*
>PKu
Umgp6T
r
Nz
R"FW_
$59a0792d-c900-44c9-b17e-db7e6b899c55
rIG#
:i-E
i,v$
4LiR
e|p$
YBzkg
rS
T@%
.e<:"I
dJ>%
asQj
^[g&
A t\
X|zd
WgMV
JM5n
uVx)
[g{(M7
|~~?
gOW3
9mI
srlDI
SM>6
0!n5
B$u=!f
/2*@AF
@
9j>
?MS#
H8*Q
)Z:8
Y/t:
YXq${_
:[-/
TPXa$
3jT\
2F1G
!
oK
~dQ!
D9zCD
+`
y
yt*f
_gmE
I,^9
mo71^
Wj*#
f[D*
M"t#
-BRK
b
f{
Hb;s}
(
Rx
IntPtr
o\[^
ty%\8
2|-6
+K@)
}%Et
p~	IN
51u+
VXE*a g3
uz?3+TO
p=$#2r
)5Pn
~g:424
bR'A
I|@
!goZ
_ua
/SA`m
'&r4F
+@#
#GoYg
@E)
\Mc~
xXfe
lN3G
vzt5
GetDomain
:&ZJ
/}}(`
_AppDomain
,uzYd
}4~
!a/mt(4
an'V
"UPo
4<;H2x
9(Y:M
1{6`[$ F?
#yIW*
A(1{W
F:^3
^eLZG2
?Bcn
(g'
lN<
bM+TGK
c[w[
I
%rdv
~/j=.
(z$)
N:Ax
! =SX
)/%.Ki;
6Ifl4
BO_3
U
w@
eOoO3Y
0hNJv^
ge%=
)`	Ls#h'
Juv*
HQ`H"
2hKf=
NJwU
wTM]H
xn.k
u-$N
pBm	7
.cv<
2gnSI
1Km;
5]eOMw"
bo_,
<@RK
Cw;;
'_Zfg
/P^s
M
r
d#/*
7$"S
vpji
A][0"M
UWIi
pD-1<
BlockCopy
GEy1
-3:
:
gm
l_[:
] IJ
G_ld_
5s@=
t+*q
4j2Kf
iAI2
8<#nGOV
VuLtX7
0Y,y
{n<9DA
Nz
M6u
B<6 g
T&ltl
x0q.
,fWg
A4r.g
t{xUv
4wjXh
*NF@k
O]Z1
<.M*t=
Q0rEk
fvV
jjd%-
u
3{
Q}rZC(
3$RC3
:geM
aec#
%;4U
&MFM
N!m
YK?E
!0t^
nw
U
HT
L
lmiii
lG2p
AssemblyFileVersionAttribute
xdUP
</p/
!oRj
G|Y/
hU
sw
|-CQ
>}v
<
KD1O
[B{ux
h1b<
84zX
qo#s~
wmt[
T\NS
9[++
TE4y6
N5i9J
Z&S$
iljl
v>9#3z{id
@a@
i<&+9
[uq|
Boolean
9L-+P|
gP>^
|eF=
q!A;
TCs
4,D:?T
FK@%
z2(2
Q[gt
&N!w(()
W1'=
OoMLow
v-i?u
ji>8
URAX
q!-z
cy
:
R25{vL
=W5)
6	5[
ZQ2P
MNBw
MethodInfo
Y-C8
k-,c
cmDFUOA
1MLTsBU
#3l7
!42"
;iOw
uVmW
gJ/y
)2AE8
Y4g
"]&QARBc
0:8q
XSh_
,!$:
Y1y3
)r8j7
11-S
<}JZ.
Cn5f
5Wmr>
AE7-
B'>[*
[EfGV
t"Uf
vjdrP
c-_`
spW"3
y]eM(v
h+1\Z
ZP
PaQ
_e
bY9
wxq/
4"C_<#7(
D/V%
"tmo
Zl;
Py2N8
&-c]
|Wuv
:91nB
e
$O
`pocep
+giy
{Y{`
K{6B
uru=
:7]v
DejF
N?+K
GoXT&
>b{e
$
DH
oQI1M
e7t
U
zVmv
6A.o
E\:cm
laU[
&?9Ax
77@-
D`LP
Q:m5
M\EW
7>/l
{(E
rv-k
Iu22@z
@:M4
4wDZ~
\Inu
|,C>
]t1lK2^(1vr,
g#NA5
3%(0
L?i
get_EntryPoint
L]H1
m:bP
xu~S
(IVd
7D/{h
xPy_p
RL#7F
3"F<'7
M/
@PmL-
/%L!
]`K2
SK7-
#+R;
\R:I
,YQ2
.ZP'
PA47
1`@H
|[nZ
bbA~\
Fn97
nZyJ
W%Ks)m
M`sa
"AmI_
h@6Q
1jg}+1+
Jx'Z
%hL-
7RA
Jxrc
*I<'
B+^dce
nr4N!
{v 0
>24l
QCIs/}
K6(2
+fNA
jSg
q$27
5Le(
#Q+^6
3cBk(w]
%tra
$%fN
(&H
}MT7
TQPcB#
%?O=
KWw
?-qO
[B&P
/
:Y
w(Ad
trP
t
Vl
x^G}
0;M9
E=E$
jHYo
eW;1cl
IDz-
8?s{
Q3q
3@(2
@$6j
^o31{
\bWy
B5v
D!+?S
($^t
9($l
RLE5
-'2:
KNz1
Xn8/
(F{1
r;f^
Z]$L
PtHv
h.	g
lC||
Ua"ca
i/y
}xX\
e Rp
jHpyE;Z;
XRNs
>PRmr
q YI
8wOMN\h'
,~t)
m3FY
pI`&
~|BO
N`h0
c4aq
ZJ)3
N0Wsi^
~htD.3pd
2i%,
uhZX
777d1534-cb45-76.Resources.resources
;a!K1+P|
^cJ$Ky
":1L
n<?"
=>&v%-n
yA<w
!/0O
NL\sf
}>t]L
P1PF
!gwF`
+o%"
=V_x&
MX!|bC:J<
dILB$
y
3
J=S$
>lWr-
qLk{]
0AbB
>i`2
tG8S%
?GO7
UBMv
'bl
o<
E7kuTC
7]JS
>:F$N
C#VKH_
ljpA
/(o(
4)qrX
/a
3
W:Hu
L
r,
c!\<
(9_%H
jt+R
9?uf
c"M~
CT?b4
nlo
@X7x
6*9e
kUs?7
Ly1C*<E
qM-)
System.Text
6+6.QO
.q3N
)bwv]2c
.eP&X
k+?J
*mS*
U| m
j	X=
VvGi
(tGB.
7[013]o
0EH~
8wqa
mWz^/Io
HE#_Tyb
0e:O
Z/\P}
@Q+y
DIB.u
6I K
G.	>
W|E`
!8-@
y}
%u
<_G%
tyrWq
_|Ph
8si[
X
GKD
s6lr
za/@
a1x+
=OX
r6!k
25k=
0
 c
H^_SX~_T7<u=
=%v:mt
^Tej
=h=p
=+
le
xYo&
M)#
e~J}I
}CIb
_L#
,=wK
d`0
LU.Np^t
,7+Gz|
crUx;
7	W^
P=}.
gs4S
op|
'
<3S}9
{
RO_g.
GH1D
aIkV
5jL?"y
Q,0t
o19Q
+v`")*
'yOjr
+,0V
8N;g
;?tg
K|>D
X-oz
5P]7
c"q0
9Jnzq1
@spG6
+jht
XM^y
>F5V
&1rJ:
}IpY)
U/Z^
Z3ytE
_;r&
lDeq2
8
g#
JZ:7
>uq%>
})]'
uX8)
kC%
R93
}
Rl~e
Y];[
sqId
u9e?
f<-plB]
MGS5}
OPpl
1yE4
;A!_
?n+0Mw
oS16
Xa,M
Nl;
2k|
a-^
sU
qe
a:~5
Xiw!
AYI
q^IF<
p'j7
A>cB:
v$/C
i	Ga8M
|AwRYKY
String
M)r}
hl6}
_RHcLV
{'Ad
kD+- kj
:s9b
~ /
<5;B
@=
~b
2]ivH
gL~rQ
0B=P#
Xvbz
K:3Z
_s(Y
SIBC
$CS~)
&wk*
e>rD
E"Ik
>	Bu
tjW:2Y
ehh:
I]
b2a
B2;nX
6jSK
58O;l
!6Nmr
Y&r{x
TNJB
#Blob
m]!6`
r.4^
<JlYB
DW6f
InitializeArray
?6#Y
\=
yZ
{x
eXW(]
iHY&G=
bE2<
vv#s
5jIry
[Kn
U"D%>
8}(%6T
D4i6
<p5|
<c1f
T_3
8h
]
!l}+"
d{g
[!=5j
Lef](
|Ze#
{3]+
@iL!
7sq\
GN`U
zS1U
+VRE
$QIh
<^t\
$4B_A
aM/'
Pwui
"Nstt
3geV
G}VYl
d//?s
]DY~
ukDY
$8.x
z"C&
$6CJ-
5pK]4
=.kV:
=Qhh
^'M
,uPj8u
9->e
]7ZM
vg|sR
V.4-
jRd
TjWW
7"iB
9'@q=
!Q0Y
:2	b
:pt
P+nM
iPbs
`7;fQS$
j7HE
&^'2.
Ht'
5p,%
a;e=
|~|c
hPoJ+
C 7[{
+^k
du	r
q:\Y
YeOy+
Ajz^]
-y8qJVn
^^=n
N{[]
G6}I
c4`9
<f!6G
xGYK|
/8F91I
v>@&
m@%K
==*8
D<>/
{AZ!
Itf5
:wB:
,6'?
f=/+
CAjp\
c<Ti
Zz{F
Pgd(Jn5
_8qL4t7
$1,A
izMY
(hGY
LhpFQ
\E,&
get_FullName
)p8>
^
7.
r5|R},
y|h^
ism
kymu
'szu
[nL]
"0(q
jq*^
-(7bp
A{9%
aF9U
#a;u
W%h0$
0bhu
E;C$
3|}$
@a^)
iA5
	xY
?,mlF
gg);
oS_
M_fh
F:U8P
6SEqNR+
mcK\
'rA`
62*6)*
xRbS
7le
Ub&_
+KJB
ga%2
!
(!
7
V|
)]jL
-uH_
/7&Hv
,,-M
y!uB
:U4ZDPm
"lHM
Pj>1u
vc\Ly
}?(G
ee;[
Gmr\
5EFK
#0_#
ZMroC
RuntimeHelpers
@mX420d
m$95
=8=]
3g#	?JN
MI?<
/qkJn
U{U9`
gL-"
v_P"
F"[
y$	y:>
kSmm
W=1X
*';Tu
wevW}
O=NU
+-{=
J86`i<0
pjsT
\)#p
v2.0.50727
SM+,
U-XcWET
#6(
_[#~M
98Gk
X`!hM|
]E5<#>
t|
,
1
WZO
:
a~
tE32
BD/
(Oz;
~*\x"cG
}]`:
&5Hu
u/i_~
5*N?
Object
Z&Bm
=,F)6?
/
MR
X0nx
dQoKV2nW
9(__
PMt
Hp'
JCf*
aMe<
="t
ComVisibleAttribute
nF}(/
?=q5
]>bG
>l9WeJ
.ctor
jqq[
uj8?U
x:M./	y
GFx?f
J^DK
eC'w
CWS
T!HZ
#rLS,
AuIU
\+6?=
'3,[
{d|vP
#Ulp
C=,?#
3>t+
O<Ds
.^qFH
q(xs
B\Ug
Y	u
1m
GdW<
'6Gtj
%]AE3
D+$@
={!2
#b;n
pYH_b
{Bc!Z
SMA$Y
f
%p_7?r
M<SE
N	ZU
}e2r6
-Nyh
2xACh
bc'p
%~j"
KWsg
4FX
I.{6
.qvL
lDy:n
usao
~~A9
%a-f_O
d$ 2
^ZO
:
4wu:[
r3X'
!t)f
Gh3/
PoI	2
j	r(
P45[~
Zl{fAIH:
Y#Z?
drDw
[VG<*
mg"0
p>B(
tu}
Et3tVF>HKefw
Ak]R
QKui5
}f7d"
[naE
v$VO
?a9v
o\c"S+K
A0++_|
4Y:2
Js%5
.oGof%
[^0+:
G -g
yX
0
klmjk
2_6^	O
Xr]
~D1?L
#UT
P~$Z
YG@w
Y_?*
11=p
Stream
[+Y^
qi0/2
2.Gb
7k\
&`%[e"
lkjl
(~yu
xM,e
Q`:?
:&e@
m_#\b
`A<.
?.wD
Z4'ms
sr8P
c45\
{;(&
#N`x
]"U^
6* -
Co9l
C2sWJ)9"
bPwu
C7yIL0
*+MA
p{-n
rwiveD)
FlV^
[Nc:e
y~Ew/
u*
)
uIT#
!{C*B
wA%cu`
8A
N5|
$5.c
r<e
\Et$z
18
$
\EuV5
'\Ja
y|wcp3
xasF
pjoF
?V	m<-
4x%5
q2"Q.
LVi'
`Y'gD
j|i
RjU
`:E(
J]0`
bHq!
{x:fvqOu
l{F,
"h\7
<{,c8
7O|A
l?X
Di~S
qT\e
mlki
$2Z/
;T5d
`Hr4
,cZ8
l @~
Me@a
rTD:
ResolveEventHandler
SgcYS
YQmrV
v'i@Lr
q0iC
y.)!
[Y9@i
I>s
98>;@
7
\
.$E:
xfVf
~vD<
G4#
4KJ[
&VmY
MemoryStream
k)=*
K/0[
=m9kt
5IW_
zF-Q_
m^Q;
3=mc
T?HK/?
<g=Z-
Hx{
\(}.
3 `n{W
08/0.
H 5M
(hZ
Hlz
b$%~y
/DLA
i,_
Fiv:L
VVmN7
)qbx
LtMi
K$2D
w8@~9
udj-
Y8dFk<
vwd
r
SuppressIldasmAttribute
^O[}
kkmj
e]AGMf
:3`}
pGBO
^pD
1Tu
!xRu[
f9]yI
`\3}
jmX
,CK5V
>v!d
[JkB
ResolveEventArgs
7;8
tu
4OS
_oF
H6fgR
O@[m
&:^h
Op	K
Jl%]
XGn
^f	1
?29;
HJ's
:hJ._^M
)<d]
|'@$
n(V>t
:r"Gd
Q@_{
L Wa
ztU xN{
o);R
atJ0
9HBe3
c&O>
>95O1[
GuidAttribute
&lHwXp
Buffer
$X-B*
~ur5
57QDV
9eMZ
pKg
5L{6
-,R#U:O
V.-w
2W5L@
z[\x
MyT-
h-g
IUGO
EfK^
0l0?
(gee/
A`.CH
9i.
k.}E
Wq U9
E$'"V
0Y8'+SQ>
O/``
b[0h
LLPo,e
U!W?
hwa=
lv
u
h2ot
\M`!
`'O/
(Vy{
j (]=u
%zcx
&
6
]	
^
m$Zv
#o8V
a2@0S
z`6>
|'/)
HExy
u;KC
Q&71
lSC?
nr$X
sS4@
;@Ai$
-Oq=zck
h$Kg
X~*7w5)
zNqw
_EY!
}:5:c
h'
x<`U
5Ch6
F4FP
HaEb
M7D@Z
R)*n/
ql\
=nIS
!RZ
j"hKA
cT#a
\8n
|}<o
d
/n=!1
%+*T
J"^\
w}TIu
fDF,m
i6dyWZfC
go}v
FAg,
R
m
$+TM
2)H p
G&ca
3pPv
~Pye
h5yE-
ubSIU>,e
IWN@
jljk
RA>qY
ugB:
E>_^*
mcS
M[(\e:
j!u0Y
7QS+Ay
}~vD
mP "
A[U
:/R'4
Y/uPD
+R?.
<fI+
get_Major
B@SI
.^v'8
#Schema
`])	JG
W=uO
x|V}v
9k/I;3Q6
u
[Ohr
t`=>
&h(T
L,qO:
u0Kr
vRJo
gAPmGUL
K"Rq|z
u	P<r
;mfO$
#	x2L
rt^]
JK'@/
i$~Gm
9q9.
9l`r
%a}{
p*.\bo Lu
I<
20
7Pg3i
a	h
a&I(dg
pO#>
yc{U7^O%
yX
<
y!mK
z4K
WT`plb
^*V^
&ex9
` /B
get_Chars
L%c^q
Gc'??\d
e21%
/9?y
S;h`
>*nI
<mk`
<]43
BtWmJ
1n~
n"gx
OJFY^?
FH\xH
HV+o
RKu(
_"jW
-(.Zw
"(6(
fd+1+
G~H.
#q.D
HjMa
J4k"
uBGt@
g
I`
'V;K
zVXB4;
7!ef"%
&"dQY)
<ou(
=@v#J
8E`M(
W'KG
MSD8
4J-
!ZhX
lPP7
N= D
5D.(
Gdr6
l-@9S
M]y[
IZvG
P&O
*(GU
;IG
QC6W
<HCH'D
&,jo
]~/\
0de
.k4P
XA%76_+n
N?i:A
9vF%
hd0_2
8m
r6
OFEV:
`&}Xw(
V}
c
ML\G
,fk5
.Vb
f7Tdd
m-!&
Dp`y
%Q,$s
#HU
ECo0>
ogHo
J"z$
smyP
`W
~
ut[
f1h7
A_U$#
i<rd
@QQ.K
*;S
Zbxr"h3
+[<IiG
++H
=Sjfy
}<z4
i{
WLa
"Uk1
<<k9
EfM90Q
Q6n"
N!}?l
3lTI
PugQ
I(c
~h
0#qO
-f
P
N(`C
nkC
@C3]
Qz+f_
lu1-92
ruUM
^SC
2{%r
a;i'
h6]2A
^F,cf
NJI|
]^E?
^+=
]Iiu
kKs%h
OP&:
_@,;
Mp@{
3|-
3q
R~F=
P~yg7
,wM7
,R('
jt%k
G(\h~.E
F^oG
lKy]
Ppoo
>
z[
XrOyb
`ebi
zhjfC
jk:&
sH3/5
I<[Ld
IGI'
?SGZ
qoA!
_4-z
#JHV/
B&#(dS
ygQZ
=C8
J>-g
,8QQ:
(x>?
AZxZ0
3&&Vo
NAJ5h7
3>dy
|1RB
}p
/p7
\%Cu$
CiE}
owu.`
6Cvd
zlNt
TayhgX
SG1/l
/b[dAo
Y&9!6
DKJ:
0xP
)Al*
V:Oc`
>a?e
\^+,
g?KK
.))5
83Nk
J9<`
D$7+o
}\%S
G
G'Zo
%K6lA
##0M
0
+-
//Q@
,hW4
\otA
%OxG
)iaM
System.Runtime.CompilerServices
5H7[kw0
mjmj
)EG&
DPzCU`
)b[c
imjkm
iYAU
x5mp
!9@o
MF[p
.RG
yL"
IEEs
35Z?
rR t7
Math
.>pR-
^7++
0g8N#
rk.!
k zj.\
{
OdW-
Fnc3
t<6
)mAx
cqoX
R%>)
]=n;]
Nm	`<$
)6u6
dFh6X
+y	/
ul7/
]!`
c:Qg]
t(O(;
Eyh
Z|<j@#
b Y7
@%,W
sJi`
5T{S
<lf!
gnJI
p#<
}():
"kc
8m'X
1uQ$$
y%a]
Ih[/Y
~Bq9
62h
)
!xJ9
tj
]\{d
?wH>,
xX/=b9m)
+s%n
u=D)
62
zX
mklimijj
~C16
(e_1Y
N+}?
_>x!0
yam=R8
'	w
?Q-y
:,^K
C:4K
GvvU
uAdgX
#w#<e>Q
b3D%
<%wY
PQh[Q5
G wS
v=Os_
=mU
k\(v
-yi
		q
howq;g1U
1_6R
	PtMy
7S>7
~	jn*
Lx?l
s8eL5
_]rW*
/fb7
p/1
yr:e
k9>5
"|Y-V
/!=w
6.{"
cx'-
C'KAF
s0fU
5/'
zvbq
5lfu
Pk9j
c43;
JfsA
ST:|5l
P
o_
xbA@
Hv||
jO^?
mscorlib
eMIR0fni|
U*+Y
Z#gF
l}}c
jlll
(w_
TNIv
owj	z
4*XY
R0{
|m_O
|mz0q
dFH\
FL^W
]a(&
.`O*
B0p]
g72g
11 vk
{\pklUV
B1)v
d'
O"
U'Z{
87En}
s *0
mg!.-
I8+S{
g5:%
nC0G
i_u]
A&B`
m-u1
uH({];@\p_
|oG
f"J3
^~O6
v.@6
L2";
a".[1
X>.
B7S
h.74!
^y1k
A$G:
.<"m
?=;_
IQT
9Npd
t]Fg
}y\"v
?yV1,C
QLzf
-oPxIe
-p7
]WIL:
23B.q
lX/I
TV3]
(eve
?AAp
AF4g
V,fH
|SSZ
T2\,
m\\2^i
T,"0
7*)Rr
oAgE0
Rk (0
NO4<
oyta{
((zUG8i:
W1]!;
X5!B
Af
5S{E
r'tl
-H4Q
9khcze
?2eG
RlGw
ig"BF
bpNK
fOIQh
nm=1
hi<G
q3
\<2jAa
K?_FT"
{n.IL
,Ac{
#GUID
bN_j
UF^<l
$~|K{N
:w$f	"x?|~S
aM<`
3uiD
LRs[
n*X
y?p1k
]6tR
m\ok
"g\A
wvo\
MsGF/
.T>5
$S^:z0S?
S>M,
eR!g
;x$[
U9a,!
m*WS
WCK'
EDO"T
UH5X
{{NI
`Hbz
=jaA
.nQ<?14
64.3
l^=i
L)S-
aW
<
t,fe/
s3Nh
@;+o[
7s	`
`V=[DQ
ntk%
JQ@B
,lJNO
3U
*"A*
Yb3U;W
Xc=cF
[WMP
[5(Qx@
z9)M
h8Q_O
qo\l
fOCThG
Write
G(xz
/>}o
C<Ld
Y}w6Rr
/'JD
2(:;[
"~sA
gK;g
lyBx
f_w~
_ZIb
3]VNS+^
zc?k[!
aOMb
2"h
GPy_{
9g4
N,cc
*-0e
U3kI
L1bf
3`kD
vO4\
F 5f
@*-t
dt$vau>
Thread
[<mBcJ
wMfT
/
TK
f$|s
xbDU
g#:~
Z,:s
]1YQ
9xXtYa
G[U/
G$7ZY-
89fx
*R(
PDl
@<	WE
X<!c
;7'
W>mz
Pov
b:&yZ
4l
d
lzf`
j#t|f~
_u2Q.qY
rGU
TBF!Z
P
F7I
lK#o
lnl
'Ue^Q
g8S+7
dbys
get_Module
5u;t&
|\c!V
K<_2
R_,I
-Hm
36)s
0Uk4
HnY(
$a5_@(
cd/x
x&&E
eRiy
3=V;&$
1/*Y
|tso
{-un
iH'G]
;pD83
d__\,g
z
y-&
,}{A
1>\Z+i<tB
3~l0
1jgj
GLg?
zX-?Jr
2o'
+)`H
hc@P
ZLJf
$VX!
T}x=
)	0M1
'HX]>
Z nf
wFb(
NI_4
4WGb
)<f
u,4X
8Grg
=JA
(},
O=EJ
S~(8J
]y}:{
tLx9
U1,q
Q6GX
%@[
G$;$	A8
lbew
8z,#
A]A-
h^;&
2.11
;i~[
o)ToO
h5+k
.=
,O5>
Dq{)
8n>yy
C'"q
?Xbj
\laM
idX6}
>P

Ig
n
id*8
;D(({
|f1K
]h-Xa
u&Zw
dA2z
@a&h
r(_
@!5\6aA
J&M
M?

<DSc
}SOe
05H)
)t0`
uM?*
r~A%U
)
>8
AAv(
BLK'G
mc=B
5/;E
khiq
?mRg
|V}}a#%
t`-H
/"a>
a#gqj8
c$i!
0Lrd
$UX>
1y9E
QbNe
;o]7R
[fw:V
S
0#
vx7H1
s2'h
>_On01e
J't9
w'_-
mzIE
L_'b
?Y=Q
k@g9
/n;[
Hd7)^
uk#
eE?<
Ce?G
!;nW^
T6'5cS
&<K^
pB$N
a`*B
j:)T
j$
Sckj
r3Arse
ab||
Ll
!yi1@
B"`j
\Z2F|&fZ
xj%#
wi4{
Pk1t
V"a3G
=/G
?.C
%J	rz
nm!_|
O
8w[5
%1,qz
|v1F
DmMe
,w_y
Array
V[
5
xUww
D%I'
7{|[*
StringBuilder
kyAe'
Z	e-
T[%
v:x'`
2P3y
)(r.
#8-gD
,:	+ #
mrcx
MP@=8
)Xyx
&BD["N
~AE
)-}(
'z
`b5<S
SQhgY
/~T=
V>k&
w.a
:K5k
f`'T
`dM#
U"b}
830K	=
(<L#
/B$Z`He'z
Da{@
Anrj
9LFN
\%K:
|Rvq
~xP}
X
	 .
bPafx-.
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-01 09:07:05 2018-06-01 09:10:08 183

1 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-01 09:07:05 2018-06-01 09:10:08 183

0 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-01 09:09:09

Detected family: #Malicious

TheSystem Itself @ 2018-06-01 09:18:02