MalScore
100/100
MalFamily
Msilperseus

3.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 17/64 Related 2238
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 1052.00 KB (1077248 bytes)
Compile time: 2018-05-14 16:56:28
MD5: 3744ffc1f6219702ac75d05265b4c092
SHA1: a608a970a5b3ef9ffb9b0e25e6778d12456aa8d9
SHA256: deebe21fd39ec206f1d3507370cee1c52fb60f98dc0557af839bf835e3ad2104
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-05-23 20:36:08
Last submission: 2018-05-23 20:36:08
Filename detected: - 3.exe (1)
URL file hosting
hXXp://lokipanelhostingpanel.gq/work/worknew/exe/3.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-05-23 10:38:26 [17/64] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x105aa4 1072128 ce7f8330c62e026b4b012854ec8966b1 efb90e62ddc480531a1158b26e240372abc69adb
.rsrc 0x108000 0xee8 4096 6b0333cd7963929405111915d3f15e8e a714fc030fd219b857f3df324928b698218dea38
.reloc 0x10a000 0xc 512 711ffb42fd8faa7f64531859d32c9c73 817eb494c9225205f1ed7d25aef91ea68e502e7b
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x1080a0 1220 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x108564 2432 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 by Diw@Dev
Assembly Version: 1.2.1.1
InternalName: RIMCIS.exe
FileVersion: 0.0.0.1
CompanyName: Diw@Dev
Comments: A System that will help all the Barangay Officials in doing their duties to become fast,reliable and more productive .
ProductName: Resident Information Management and Certificate Issuance System
ProductVersion: 0.0.0.1
FileDescription: Resident Information Management and Certificate Issuance System
Translation: 0x0000 0x04b0
OriginalFilename: RIMCIS.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
0.0.0.1
1.2.1.1
URL(s)
http://www.w3.org/2001/XMLSchema-instance
AccountsToolStripMenuItem
StringFileInfo
I Accept
prevbtn
Nueva Vizcaya
Certificates
Senior Citizen
Label8
Label9
InternalName
Label1
Label2
Label3
Label4
Label5
Label6
Label7
Company Name
TRY AGAIN
statbtn
HomeUpdate
RIMCIS.exe
RegisterToolStripMenuItem
Amount
ToolStripMenuItem8
ToolStripMenuItem9
ToolStripMenuItem6
ToolStripMenuItem7
ToolStripMenuItem2
addbtn
OR ANY PERSONAL INTEREST.
ToolStripMenuItem1
LegalCopyright
In Advance :3
RIMCIS Account Register
gender
brgy
Accounts
Population
Browse
State
Version
Male/Female
Porcodedio
HomeToolStripMenuItem
Unemployed
PictureBox1
'and password = '
insert into logs (accname,log,type) values ('
Age
HomeView
loginbtn
search
Last Name
'and type='Barangay Captain'
Dead
amount
RIMCIS Update
Home
Certificate
clrbtn
insert into resident (resno,fname,mname,lname,stno,stname,purok,brgy,mun,prov,bday,bplace,gender,age,religion,status ,type,income,pic,datereg) values ('
',stno='
Label14
My only wish is
A System that will help all the Barangay Officials in doing their duties to become fast,reliable and more productive .
Status
certificate
type
today
MenuStrip1
MenuStrip2
updatebtn
Connection
update resident set fname = '
AboutUsToolStripMenuItem
Bayombong
stado
Municipality
HasRows
... Diw@Dev ...
View Resident Info
',gender = '
select * from resident
complainant
OKButton
Barangay
Street Number
SystemToolStripMenuItem
',purok = '
1.2.1.1
About the System
User Created
FileVersion
bday
Log Out
Employed/
compbtn
Residents
0.0.0.1
ProfileToolStripMenuItem
OriginalFilename
View
About {0}
UsersToolStripMenuItem
The System
'and type='Administrator'
Fill
Purok Number
',mname = '
Dispose
TransactionToolStripMenuItem
Hi Everyone!
Copyright
FertilityRateToolStripMenuItem
Transactions
server = localhost; user id = root; password =;database = dbrimcis
ToolStripMenuItem3
Please Fill up all blanks.
','Barangay Captain')
LabelVersion
Register
Receiver
',stname = '
'+1
Add
',mun = '
Thank You for Your Cooperation
Label19
Label12
Label13
Label10
Label11
Label16
Label17
About RIMCIS
Label15
JPG Files (*.jpg)|*.jpg|GIF Files (*gif)|.gif|All Files(*.*)|*.*
status
Complainant
Middle Name
Save
Type
reguser
Product Name
Fertility Rate
Transaction
Copyright
viewbtn
Property can only be set to Nothing
Resident Information Has Been Updated
Male
select * from user where accname ='
LabelProductName
WinForms_RecursiveFormCreate
ProductVersion
',prov ='
Receipt #
' or lname = '
Mortality Rate
Entrypoint
repassword
Single Parent
TextBoxDescription.Text
Date
searchbtn
nextbtn
&OK
Search
purok
VS_VERSION_INFO
Password did not Match
Client
SelectCommand
TransactionsToolStripMenuItem
keyword
select * from resident where resno = '
Please Input a Password.
WinForms_SeeInnerException
Cancel
CrimeRateToolStripMenuItem
RIMCIS Registration
Can I Trust You ?
First Name
' or mname = '
select * from dbrimcis.transac
LogOutToolStripMenuItem
Administrator
Users
Invoke
RIMCIS Complaint
LabelCompanyName
Label20
Label27
fname
',lname = '
by Diw@Dev
Resident Information Not Been Found
TableLayoutPanel
@pic
Login
Street Name
Resident Number
dof
Living/
THIS SYSTEM WAS NOT
Single
transac
ToolStripMenuItem15
Comments
Religion
',age = '
RIMCIS.Resources
dateupd
Resident Information Management and Certificate Issuance System
ToolStripMenuItem11
Province
Update
Complaints
Translation
CheckBox1
HomeCapAdd
',type = '
Female
Confirm Password
Create
select accname from user where accname = '
Account Type
select * from resident where resno = '
RIMCIS Login
',bday = '
HomeTres
DeveloperToolStripMenuItem
AboutBox1
AddToolStripMenuItem1
mun
insert into complain (fname,mname,lname,kaso,status,complainant,dateaccused) values ('
Settings
comp
stname
RIMCIS VIEW
Barangay Captain
Close
StatisticsToolStripMenuItem
CommandText
accname
LabelCopyright
receiver
'-1
','Secretary')
dbrimConnectionString
trust
San Nicolas
Diw@Dev
pic
fgjfaieSDFAOKEfj
external madonna
Resident Information Saved
','Treasurer')
MortalityRateToolStripMenuItem
Secretary
caso
Accused
Student/
Open
' where resno = '
ResidentsToolStripMenuItem
ConnectionString
dbrimcisConnectionString
certibtn
Account Name
RIMCIS Transaction
Profile
ViewToolStripMenuItem
Not Been Updated
OpenFileDialog1
OpenFileDialog2
DataGridView1
INTENDED FOR REDISTRIBUTION
PopulationToolStripMenuItem
Clear
jks
000004b0
FileDescription
All Rights Reserved
'
login
Deceased
client
ToolStripMenuItem14
'and type='Treasurer'
ToolStripMenuItem16
ToolStripMenuItem17
ToolStripMenuItem10
bplace
ToolStripMenuItem12
ToolStripMenuItem13
stno
CapTransAdd
searchkey
GSr
Gay
GSrdofjksrgj
CapTrans
Treasurer
=*n
',status ='
insert into user (accname,password,type) values ('
ExecuteNonQuery
Married
The Developer
Button3
Button2
Button1
Button7
Button6
Button5
Button4
resno
password
',brgy='
select * from dbrimcis.resident
Parameters
VarFileInfo
',religion='
home
prov
religion
cancelbtn
Gender
receiptno
Lesbian
CertificateToolStripMenuItem
SettingsToolStripMenuItem
@Copyright
Divorced
mname
internal porcodio
ProductName
',bplace='
AddWithValue
Complaint Saved
savebtn
Statistics
Crime Rate
',dateupd='
','
Income/Month
Birthday
'and type='Secretary'
Account Name Exist.Try Another One
Version {0}
TextBoxDescription
I Hope This Project will Help You a Lot .
',income='
select * from resident order by resno desc
Assembly Version
','Unknown')
CompanyName
' Or fname = '
ViewToolStripMenuItem1
Last Updated :
HomeCap
Birthplace
AddToolStripMenuItem
RIMCIS Home
Employed
Read
Metsysoce
','Administrator')
select * from resident where resno =1
RIMCIS Adding Transaction
lname
HomeCapView
Student
income
Password
Case
stat
picxup
ExecuteReader
$this.Icon
=$_
age
select * from resident where resno='
',@pic,'
Comic Sans MS
T,e{
Y1`XR
AccountsToolStripMenuItem
S~8J
DateTime
K
?Resident Information Management and Certificate Issuance System
BOCE
ImageLayout
get_Forms
set_mname
///3,,,
PNG
"p @$
ToolStripMenuItem11
grSa6
_LogOutToolStripMenuItem
AktM
mmK)
PyEm
ee%Y
n
./{yC
[~MM}
set_StatisticsToolStripMenuItem
-xxNn
TextBoxBase
GetInstance
set_Button3
DUu9D
mXp\w=!
Button5_Click
Q aN
\ktM
M6|:
hQ (9
YJNnss3
0z\l| P
ToolStripMenuItem9
ToolStripMenuItem6
1`9@
ToolStripMenuItem2
ToolStripMenuItem3
9 !'
mK:x
set_Capacity
;AFEz
brgy
Oq;9
*
O{;|
-
((';
1/69
Qj{xA
get_Copyright
q-gv#
AQQ
mHL\r
_MortalityRateToolStripMenuItem
LateCall
get_Controls
Version
+{DD~
0
2BqOj
k1\x
.YF
4rs%t
!gPW$!
get_stat
39B0o
Copyright
bS47
DebuggerStepThroughAttribute
${A{
get_CapTransAdd
m_stat
ProfileToolStripMenuItem_Click
_ToolStripMenuItem16
_ToolStripMenuItem17
_ToolStripMenuItem14
_ToolStripMenuItem15
_ToolStripMenuItem12
01Of&
.t?M
_ToolStripMenuItem11
AssemblyTitleAttribute
uC 1KhSV
DebuggableAttribute
HomeView
get_OpenFileDialog1
p\ky
C r
get_OpenFileDialog2
_stno
#|{%u{
~z$4
6WB
ToolStripItem
I
_Label14
oD8\
TwR u K4nz
_Label17
_Label10
_Label11
_Label12
GOH!
_Label19
1,zo
CompilerGeneratedAttribute
op_Explicit
@ 6 `
X"dF
4 4
BHzg
Label6
C U%F
Label7
518O
518q
{ S
mscorlib
U1v8
get_keyword
10.0.0.0
FAoG{
get_Label9
get_Label8
get_Label3
vZm2
C `
C `
#h@0
get_Label5
u,(.G
Af|Ch
BrS`
(G/9
%b%E@
iP-x|
updatebtn
=mi?J
*dxs
ScrollBars
;:E#
~iqE
SetAttributeValue
$;0F
=AoG{
get_CapTrans
AboutUsToolStripMenuItem
certibtn
stado
RAV7
F[9TgzW
lAG7$
vi,Q
65Yh
_OKButton
IIIm===+
holD
S
0 ##
o?r64
Z}?:=i
E.5-
AssemblyCompanyAttribute
BJ!QY
Q5VO
`I{DD
KGSi
2sJ:
ListControl
`'1=
!_<E
get_Computer
5OxQ}
C ^)
Format
\(]S
SystemToolStripMenuItem
h1j`
_loginbtn
?s3<\
=AW7
{8qB}[
bday
tAo9|
}!e~
m_ThreadStaticValue
!84x
rOj{xA
`'1q
<07.
set_RowCount
1O&
NM+M
@ !!
Rt%IV5
FromStream
mAjG
PADPADP
&+#
{j3R
8c~(
pE@_{@0
searchbtn_Click
*|/D
P{%:N2Y
eUt,I
25fV
VI(^
ToolStripMenuItem8
6Q2B
`;9u
3 8
'6LG
get_stado
AnchorStyles
> cV"F
`:<C
.{C2@
get_Application
{pX@
>
$9n-
C n
&pHJ
LabelVersion
get_search
&Ti%
yrpG
Mvsw
c,&&&
`GMB
Path
&oEH
"QkeyA
set_DialogResult
set_clrbtn
4Data Source=|DataDirectory|\dbrimcis.sdf;Password=aj
3*pf^
9&26
RegisterToolStripMenuItem_Click
^@ V
Ovtr
set_HomeUpdate
#Blob
Control
|Ej
Kh*2
set_Item
`tea
+ +++#
SizeF
MySettings
set_MinimumSize
@VZt
W^I{c
set_gender
m_UserObjectProvider
CertificateToolStripMenuItem_Click
L%F
(}^ `
dxrG=%
get_UsersToolStripMenuItem
set_ToolStripMenuItem16
SB$uW
1Y!RE
Type
My.Settings
?s3<,`4g
UL|H
7@$A
1~d
- 6%-
IEnumerable
X{xAP
HelpKeywordAttribute
pHVc
1ZTF{
,B ?1A
}-IDSnI-e,
p, 4(
lAA;:
set_picxup
_RSq
<,IKL
set_savebtn
$:^E
c lm[9
*eyA9l
}qP&;
E
V>IQ
_DataGridView1
m_HomeUpdate
C &
NeutralResourcesLanguageAttribute
GD~lS
!o=7
E,H
set_transac
""`!##
Bfz<T
RIMCIS.trust.resources
LF(c
_DeveloperToolStripMenuItem
LateGet
=AB5
get_complainant
#9V%
6l,B
_mname
oD<6R
_statbtn
v+mG
FAC7+
ThreadStaticAttribute
@c&E
3o;!
Padding
^}88.
h9RK
searchbtn
get_compbtn
cccq
x!1q
/{xA
+L`d4
get_ProfileToolStripMenuItem
AssemblyInfo
f>t"
.$=6
:EHG
set_FormattingEnabled
set_AutoScaleDimensions
.NETFramework,Version=v4.0
">!`
1o;!bu
keyword
"s()
StandardModuleAttribute
set_FertilityRateToolStripMenuItem
OL]N
LG;A
o.nTr
nextbtn
set_AttributeValue
get_trust
e!N;;
RIMCIS.AboutBox1.resources
XObject
RowStyle
)jAV
fR?V7R
9 I@$
m_HomeCapView
z .^
W5Wp\w=!
DialogResult
'}6^
2:Uaa
d/w-
,<g=
W, ;J
'6ky
RMkV
<<V0!h6
List`1
LogOutToolStripMenuItem
GetString
set_Label16
ZA^5)
71Fx+
set_Label15
GetObject
P^v)c
K!SEB
`
%YJJ
ODml6
,
VAS7
76$-
2AD;-
9t~~B
$LNE
set_Label11
WindowsFormsApplicationBase
Gt5[
get_income
Button
8-XO
System.Configuration
OQ$
,9L[.
0>[LA
iVH3
`$1
Button2_Click
_ProfileToolStripMenuItem
set_HomeView
p+r~-|
,U
System.Windows.Forms.Form
An7s
R:.2
&9XvkKh
||d
set_AllowUserToDeleteRows
PerformLayout
tCo#
u+ i<
transac
Un H
>f x
-dxB
YI144
'}.|[
RIMCIS
GS%0}
c(^^V
m_MyFormsObjectProvider
){r 8C
set_AboutBox1
TmK=
6~k"
12-r
WithEventsValue
Resources
Z!?M
@ ""
get_Button7
)&le[
6 VU
get_Button2
get_Button3
get_Button1
TransactionsToolStripMenuItem
:"k0<
j4PA
rsn7
Kn4 5h
YAiE{
!!6!""
f[]LA
get_accname
p*-A
(yCE
9rD:d'
`G1
DesignerGeneratedAttribute
set_Label9
set_Label8
set_Label7
set_Label6
set_Label5
p\_~
set_Label3
set_Label2
set_Label1
.K42
Ai%M|fJP>
_age
C I$;
Conversions
stno
set_amount
set_AddToolStripMenuItem1
set_ReadOnly
Lb k1
`.rsrc
-yDC
4.0.0.0
*rN{x
_%!h
If;Y
BAFGf
XDbhh
get_Default
get_home
+3kz
f E
x/@.
x;At
Y F4
ikzF
_ToolStripMenuItem13
>$Fp
get_repassword
_ToolStripMenuItem10
f:*:
Y/~X
p418
Q=)b
JGS=
b{$.
L< s
clrbtn_Click
Y%.Ng3
set_Size
set_prevbtn
b]C+
o?n*
Settings
W# <
GetTypeFromHandle
$d15ce8c5-d170-43f7-bbbd-adbb524f0864
f$ x
NAFE{
J [g
9R]|
C ))
{^*W
JGSa
Or5r)
Computer
477chhH
receiver
get_SaveMySettingsOnExit
x%9
login
'}5RE
_OpenFileDialog2
tprd
_resno
-xxN
HIj
-xxA
AddToolStripMenuItem
.}ZIT
height
0 ""
H*"I
m_MyWebServicesObjectProvider
wI}z
kktM
trust
PictureBoxSizeMode
;97(
get_RegisterToolStripMenuItem
C '
_savebtn
Tc~V
get_lname
2M,
set_login
RIMCIS.reguser.resources
.G/}(
TableLayoutColumnStyleCollection
BAqEz
ThreadSafeObjectProvider`1
get_Transparent
set_CancelButton
3pzM
"YDY_
zcq
qUq}
x/M^V
Tw -
PPPC
set_MainMenuStrip
_gender
4P<P
"'! As
_updatebtn
QKxQ
s@@72t
7pmU
Culture
W$M|
b9`bN
d}v|
7*dx
B*+s
}gx?6
=Aq;q
Tw /
Vfa2
MMM+GGGIDDDSKKKARRR
_religion
]. q
ImageFormat
STAThreadAttribute
nX$(
u!u2
5`{
cV"F
set_MenuStrip2
set_MenuStrip1
xAR[
_Label15
p\w=!
p\w=#
_Label16
`ll,
N8f|
C n
N\:J<
_Label13
SKxB
gsgjIDJIGJIGJIGJIFDOSpl
Button3_Click
:3w|
get_Label1
get_ButtonFace
B*aX@
._Ra
_RegisterToolStripMenuItem
i3~D@
j<Hxtr
Pq_:
+dx u
-{EE
get_Now
set_Label17
BM,R
p\w={
;`Aa
set_Label13
set_Label12
hSo8
set_Label10
!##y
*Ztgb
set_Label19
6-.&uac
O">=
C \
s3<D
r5f%S
Forms
get_Label6
|/H HI
get_Label7
@5ci
_CheckBox1
AAc7
!oT
d3SE
/o4;
_AccountsToolStripMenuItem
X466
udxA
p\[ueF
get_CompanyName
Ao)>
<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app" /> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <!-- UAC Manifest Options If you want to change the Windows User Account Control level replace the requestedExecutionLevel node with one of the following. <requestedExecutionLevel level="asInvoker" uiAccess="false" /> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> <requestedExecutionLevel level="highestAvailable" uiAccess="false" /> Specifying requestedExecutionLevel node will disable file and registry virtualization. If you want to utilize File and Registry Virtualization for backward compatibility then delete the requestedExecutionLevel node. --> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> <applicationRequestMinimum> <defaultAssemblyRequest permissionSetReference="Custom" /> <PermissionSet ID="Custom" SameSite="site" /> </applicationRequestMinimum> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!-- A list of all Windows versions that this application is designed to work with. Windows will automatically select the most compatible environment.--> <!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node--> <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>--> </application> </compatibility> <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) --> <!-- <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency>--> </asmv1:assembly>
!?j%Y
*KO
dAv7-
set_cancelbtn
_wgn
<0h?6
[VLD
VM6Y
+%gk
IHDR
G ?S!
Y![sfD
Gslh
UDCFl
System.Globalization
XR`/
r_~H
!#Qvl
Instance
IconSize
@!##
?6 l$
8jm[9
m_HomeView
get_Jpeg
$ Wv
get_AboutUsToolStripMenuItem
!oTk
a)*Z
fjcsERIfjfiojsGHIsdifjksi
&pH2ki
3!ed
YP:/X
|zA
System
`tqm
Application
]! V@
Pw?;P
llIL
6nG1
System.Drawing.Icon
&rO&
C *&A
7{xA
H=o#
get_HomeTres
get_receiptno
uELh
_searchbtn
f!""
C C)
? ##
2Kfk
LZ_p%
get_Name
SettingsToolStripMenuItem
set_loginbtn
CreateInstance
-JDT
set_AddToolStripMenuItem
r=4t"3
#Strings
&rk
_TransactionsToolStripMenuItem
System.Collections
LAn7s
Hg|+
&rz
8f|/s
M[xAL\
^[xA
:uI9
%M| l
""
get_CrimeRateToolStripMenuItem
m_CapTransAdd
JJJP\\
:/<h,
|! KK
_ViewToolStripMenuItem1
5Aef
-}jKu
Mb k
&r
get_amount
M\:J
width
(%dn
`Y6%
System.Data
C 6)
_pE@
A\s%
@g&9
+dx qj
&,?,
set_HomeCap
BeginInit
^ABEx
Decimal
z Wp
EventArgs
get_Label2
NM~u
R4y#
-|DT
set_LabelProductName
[^++eXr
_AddToolStripMenuItem1
C%#O39g'
(uou
>?,
set_StartPosition
&=ES
|Hi y
get_mun
get_ViewToolStripMenuItem1
Color
get_Label4
Nd7o
b!us|I1_
W5ifb
]%M|&-/
gx?6
p
@$Ex
lJ6X
> xL
DateTimePicker
sV8Z%
# XxA
Activator
set_CapTrans
XAh;y
z^h8U
MenuStrip1
tw;v
_Label27
OT\
g\Zpq
set_Label14
viZ D;I
T9h69
:z> m
.G G
set_Anchor
get_ToolStripMenuItem8
FAA;8
get_MortalityRateToolStripMenuItem
=AE;)
get_ToolStripMenuItem11
j:*:
get_ToolStripMenuItem13
aB t
get_ToolStripMenuItem15
x'9u
:>Uaa
get_ToolStripMenuItem16
updatebtn
_CertificateToolStripMenuItem
__ENCList
_AddToolStripMenuItem
0 jk
ProjectData
~[(8
NgZ,
3Yh^
P:5c
9
2zUdZM_
4o;!~m
@ ~2
Oj{xA
sh^:}
+G~
82 Q~
ComponentResourceManager
4K}T
(&$B
s2vD$
_CorExeMain
4 ,H
9[TA
+J+
5nP@
3%/Av7|
BE17M
t$m\
1W%0}
NCwz
3%/Av7s
set_statbtn
or'x8
set_HomeCapAdd
C >%A
x0_
yEj;s
_receiptno
;_-=B$
m% U\
Utils
get_stname
2;s.
get_User
SystemColors
GCE,
n
pW|~
get_bday
+668
s3|yv`
]5DX7
EEE)}
sVB[
5vD/x8
System.Runtime.InteropServices
@V_0:=
I7w@
""K!""
get_LocalName
get_AccountsToolStripMenuItem
0`y-
3 f
x9RZ\5{!8
IEnumerator`1
$g(YX!
p
Twq_
System.ComponentModel.Design
<<< D
`&1'
9yD ~m
1i ?X
H-;8
get_ToolStripMenuItem1
`&19
.BP
3`xk
@aam]
+ex~
Form
`&1
add_CheckedChanged
8~ SW(
wcM6
AddToolStripMenuItem1_Click
QAv7s
PictureBox1
M*.&
au%M
bL9o
set_BackgroundColor
31Py
Zp\wx%
XNamespace
CapTrans_Load
set_today
ppEg
set_MainForm
Double
set_MinimizeBox
=9pE@
set_home
< nfi
3_J}%K
get_Settings
/ |/D7
O{;SE
ChangeType
S0555q
Q^>-'
D)HN
spE@
get_Capacity
b_7w(
1 #:
ml.B
t5[^3
i){
set_income
u.5-
3CCv
hFC.2bY`
set_DataSource
|I}:
In;:E#
r]8l
57gdK
m_inScopePrefixes
i{C*
*'&*
set_ScrollBars
p-.#P
get_FirstAttribute
3 k4
PictureBox1
`M)sj
!cjwg
today
vA System that will help all the Barangay Officials in doing their duties to become fast,reliable and more productive .
b;!d
MenuStrip1
,8/P
2 Bb
2o;!aw
Default
EEE`Y
w.0e
Round
1k;%
C 7
kXsw
>t,
DataGridViewColumnHeadersHeightSizeMode
?1Yb
get_StatisticsToolStripMenuItem
""Q !!
EndApp
M Y=
EYm}
set_Multiline
VYD
Image
m_login
set_CertificateToolStripMenuItem
C %'
\(vI
7b/K9I
wH!eRWmKI
ResumeLayout
6hSoHg
P!##
hbR
get_LabelCompanyName
complainant
-{xA
Ak|/D
E{xA
x<CR
System.CodeDom.Compiler
set_TabStop
GuidAttribute
c|Jj
GAv7
Microsoft.VisualBasic.CompilerServices
SetCompatibleTextRenderingDefault
AolD
A/kRf2
-{xAm
reguser
iXjbllL
p\wv
`(NJ
AU|P6|
bPkeyA
get_ToolStripMenuItem10
Bo$M
-{xA}
get_Count
0.0.0.1
get_caso
v @D
get_LogOutToolStripMenuItem
UsersToolStripMenuItem
set_nextbtn
GAr7w
Dr}@
SQRR
>O t4P
ButtonBase
6`ro
q+ `
N-lxA
DAb5
set_OpenFileDialog1
set_OpenFileDialog2
C :$6
LK2.x
( j
V-0;
2p\w=t
set_DeveloperToolStripMenuItem
\TZF
KJ*J
x:Ap
get_status
5Agf
WFh>
gAe5
t{hr
S4O^
HomeCapView_Load
zz?i
get_PopulationToolStripMenuItem
% h-
{W>
FormBorderStyle
9h CH
set_reguser
_1sW
mAqEz
a:g@
=AiKy
"P(0L
MsgBoxResult
VAC76
_caso
get_ToolStripMenuItem14
Wd 7
set_Dock
<p{0
ToString
VAC7+
OnQ
VAC7'
\YCv
rE/EO
CheckForSyncLockOnValueType
p}n\
name
UnmarriedToolStripMenuItem_Click
K1XV
set_purok
`D1
set_CapTransAdd
6Ach
cancelbtn
_SystemToolStripMenuItem
sxs5
-KD^|
_search
3
#*zJ
ClearProjectError
-t@L
get_ToolStripMenuItem3
(j{xA
K|Xq
Save
=AU;
^X*d
>>R;
x#1*
RegisterToolStripMenuItem
<ht
38x!
QMN/
^ABE
set_keyword
set_UsersToolStripMenuItem
x
Enumerable
R N
*k`U
1N\@$A
ShowDialog
$$$*
C(IT>Z
.cctor
_receiver
y
<ht@
YD*t
get_ViewToolStripMenuItem
nBYJt
_certibtn
set_FlatStyle
CompareString
D Ky9
L
EqK!
Tw:/
\Yqx
add_Load
Create__Instance__
k?ON3
c*jj
SettingsBase
gE/o>
]j %
kG
VEpE
DiDyu
sWGZ
l8&h
get_age
_TableLayoutPanel
_repassword
?1%"
EditorBrowsableAttribute
MDi,
set_FileName
U{xGy
get_DropDownItems
)v7Dj
set_TabIndex
<8/P
Data
_StatisticsToolStripMenuItem
User
`|2o;!o
-^gxU.
C F
_clrbtn
P@YN
WdRE
&Vp7
(F>S
=AnEz
qAgIf
>E|X
RIMCIS.login.resources
uD+
S-}^6
+r2b
0 L&#
pHYs
.ctor
7J{xGi
p\wx}
a5%M
MZ]:
get_receiver
mscoree.dll
Container
);3]
RIMCIS.CapTrans.resources
OyE*z@
;-=
/_C
1I.6
set_stat
get_HomeCap
Dwxe&
Main
yu$!
%cxq
OKButton_Click
| &Q
{WLT
2TTD_,e
1 M&
2 `
qIsj %
x&aY
AboutBox1_Load
v4.0.30319
_picxup
_today
ToolStripMenuItem
-{xn:
nAK7
>\6EO
<E"SP
*{xAODBBz5{
$31!2
O^}+
m_reguser
get_Version
Evk%
|Xl_
a%M|
""Q!##
QG=|p
remove_CheckedChanged
m_FormBeingCreated
UGk %
4dRE
m_AboutBox1
wg5l
M @)
set_Label27
t3,^
0OST
WrapNonExceptionThrows
`___
ProcessObject
LVB!Z
set_LabelCompanyName
get_religion
C B&F
//2p2
@.reloc
9pk{xA
get_MenuStrip2
get_MenuStrip1
dateupd
RIMCIS.stat.resources
8d'EiE
get_TransactionsToolStripMenuItem
4mN{
Q2j8
{v?13 Z
.X~3
(Z_#3{Y
HiL(
h-_P
CrAb
searchkey
{ YC
Byte
[xxM
MKhA
set_resno
J$cZ7
MoveNext
set_bday
_FertilityRateToolStripMenuItem
'7\2
v="j
ToBoolean
Zero
set_TextAlign
;4CC={
T/&q
System.Diagnostics
&-IKL
get_certibtn
5xxL
"~&<
NewLateBinding
ToolStrip
ToolStripMenuItem7
f36l
=dP(Yfo
Compare
AAP9!
UY1L
C $
m_CapTrans
C m
, 24
:9k
/{cL1
&S1*
"jr04~
^AFEd
MessageBox
qw%-A
HomeTres
_keyword
AboutBox1
~i-S
set_Label20
_An7
?s3<
ViewToolStripMenuItem_Click_1
Jm(
ZU /
AddToolStripMenuItem1
LAxz
@AjEy
ZA`K`
comp
l'y~
=AKGz
_searchkey
m~>(
Button1_Click
\p>e
MyForms
,reI
StatisticsToolStripMenuItem
C [
FrameworkDisplayName
?s3<lav`
_|/D
get_dbrimConnectionString
V1;xy
MsgBox
@s&H
ln&~
g=LK
searchkey
set_TransactionToolStripMenuItem
qA\;q
V Rd
get_Item
a%7F_Ps"
C q!
jZA
S
#{LW#
mbHJl
@j kv+VqO
rcj%Fl
Meqb
VAC7<
_ResidentsToolStripMenuItem
:|/D!=Z
O
#ylI
5rDW
C
hCz \
G #
LOO'F
}
u5S7|
ToolStripMenuItem1
_complainant
savebtn_Click
GTT'#~
GraphicsUnit
_d/r
_Label2
_Label3
_bday
_Label1
_Label6
_Label7
_Label4
_Label5
T Tn
_Label8
System.Drawing.Size
YAgIo
RIMCIS.HomeUpdate.resources
4H.'
-k5|/D
SuspendLayout
5yxF
C :
= *M
9
PZZ
_purok
!0|:s
caso
set_fname
Ai%M|
@o0B
*
+
,
-
m_attributes
w:s&8
-dxBnM
Size
get_FileName
set_trust
fX1o
C G
C G
gKwEGh
dbrimcisConnectionString
C,C%w
set_AutoScaleMode
BorderStyle
%I|r
13:G}
V 1\
QtzI`
rIsk
*c>^E
YS<j
LabelCopyright
sw{c
DataGridView1
Y7t=
LabelVersion
QtzIv
status
&##v
IContainer
3455a
`:9p
get_AboutBox1
#w@Rh
`i@
My.WebServices
0 Sd6
aCYKKKx
xN9
N/@B
J{3>
0c$RE
n .?
ay%M|:
components
1~o
xh!Z
ToolStripMenuItem14
2l8&h
ToolStripMenuItem16
ToolStripMenuItem17
ToolStripMenuItem10
:::Fgggqfffs777E
Ov2k
ToolStripMenuItem13
gx?67
ViewToolStripMenuItem
tB7WX
statbtn_Click
yqrDL
xP1Qf
*2s!
CultureInfo
@ ./~
-`xFn
+5bzw
xJ1;
@B8
wCY<
).044
get_resno
Annotation
MLM!
TableLayoutControlCollection
l6']
gAr+-
gx?6o
set_MaximizeBox
@ 5o
resno
set_password
ExtensionAttribute
C |
updatebtn_Click
ResourceManager
RuntimeCompatibilityAttribute
_ToolStripMenuItem3
!!!y ""
get_Description
ow\c
W^yI
r`iX
?s:pB~
""` !!
MG|
ContainerControl
gD(U#
6{av
get_Label10
_ToolStripMenuItem9
]0$x
c: !h
V. q
ArgumentException
*{xAv
fyqU
;dA!5Q
|YgA
0mZ%
0pO.
s!J
lAHIz
_cancelbtn
get_prevbtn
C o$F
RIMCIS.exe
S8Dl
%<0
xC4Z
get_ToolStripMenuItem12
1G>G
HomeToolStripMenuItem
z(O
6Aeh
mname
F} t
set_type
Ai%M|F
|yzG
get_ToolStripMenuItem17
Assembly
ywj%
3lcL1
SpecialSetting
R]8N
set_Text
W_}5
Pj{xA
=1K}
AssemblyCopyrightAttribute
RemoveRange
S!m\
-k8O
CM`*
BindingSource
ViewToolStripMenuItem_Click
resourceCulture
]aEu
=kLK
9U^$
F[}t
Equals
get_IsDisposed
m_HomeCapAdd
get_comp
%!TW>9
)n7
xA1
{zp/
set_IsSingleInstance
AAlIF
AAlIG
n9zD
<(i|5P
ColumnStyle
]?s>7
U Gx
Tm8 ~
-g*a
46gk
c6;
6A:|
RuntimeHelpers
get_ColumnStyles
~+`H8x
WSu
p&-{
;1!3
set_MaximumSize
ya"(
ToolStripDropDownItem
set_BorderStyle
_brgy
$}m}}=
set_Location
xJ1)
set_Margin
/ M%~
Sa6OEy
B3[=
fmKU
X*^X
q bw
Close
c&bV
Zp\w
PpRL(
r" @g
<svz
+v I@
X]]]:
tsB|
BSJB
+}|D
;=A
:E[=|
PSM
get_Label19
ViewToolStripMenuItem1_Click
.=JFYh
get_TableLayoutPanel
get_Label13
get_Label12
get_Label11
(u}a
get_Label17
get_Label16
get_Label15
get_Label14
-LxZ~
x|*
HomeCapView
nE[[[
4$1O
Stream
_type
_Label9
MD`W @xW
get_Value
r;3H
get_CertificateToolStripMenuItem
_income
WpDC
#R*B
.scF"6
BAn7s
_X_F=
}eq
(H.c
oitS
M[xA
Z dF
\AFG
{mgp
AddRange
p\wx}
&4DF
x T`
`!##
t{/f
:E\Y
AutoScaleMode
ZAk9r
prevbtn
;zNp,C
o#,c
get_Items
}Rz`
get_savebtn
Label8
Label9
1o;!~m
piii
Label1
Label2
Label3
Label4
Label5
8An7s
MortalityRateToolStripMenuItem
3G#(}
XAttribute
Nz=Y
P%@GR
Vx$}'
;+z~
-dhB
6YQ M
iWh
set_Button1
5W3'
<zWp,C(i
GetObjectValue
addbtn
_Button1
_Button3
_Button2
_Button5
_Button4
_Button7
_Button6
set_Button6
ControlCollection
9 *^.
_[5
,Y%;
_accname
q\w=!
'YGy@
M{xA
set_mun
get_UseCompatibleTextRendering
5+C{<
=rj:
C }!
value
",tq~
Y7;mR
|>s[
WsfTR
get_today
ContainsKey
System.Reflection
DefaultSettingValueAttribute
x%9u
8c
6J?U6
RuntimeTypeHandle
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
get_WhiteSmoke
Y"Vn{
set_PopulationToolStripMenuItem
E$_
"W)"
set_SettingsToolStripMenuItem
]@@@
""` ""
ReferenceEquals
Object
C Z&A
x%9
DU67
prevbtn_Click
Q,?,
===4
8bJb
huMf
loginbtn
SpecialSettingAttribute
search
%0@DPs:
@Plx
F2w-
SjjjQ
inScopePrefixes
amount
K Et
QKxA
System.Core
set_HomeCapView
1\iv
-CxY
kP]eK
x%70
CheckBox1
set_ShowInTaskbar
clrbtn
qOi4
op_Equality
iiA|_
8+j9
&.ji
4Kex
EKK
get_fname
zWG]H
f6bf
x-9
set_addbtn
get_DeveloperToolStripMenuItem
set_Padding
WfUC
)pE@_1-x
aO.
TextBox
-KxQ
AssemblyDescriptionAttribute
AA`9b
24-i
YAYE:
7sVj
yTVV
x-9s
B0|
#{BA
g7p}
w4yD
3uN=7w
V*n*
[,O~
f 6"
p
Y%.]
0!##
C Y!
AddAnnotation
o.4n
VAMK
get_ProductName
ef :
get_updatebtn
xxxL
iKm"
GetResourceString
x@Ay
-g*aDz
x@Aw
h3S
`Kwz
statbtn
add_Click
b N b
RIMCIS.comp.resources
OKButton
LogOutToolStripMenuItem_Click
GGub
91zh
HomeUpdate
Am%0F
`{QJ !C6
{Wd:
609p/
1
";s
O*;kg
m_comp
get_Assembly
\6+e
YJR?
RemoveNamespaceAttributes
get_AssemblyName
A,*+g
get_InnerException
rd6=
get_NamespaceName
ProfileToolStripMenuItem
set_complainant
-zDDnM
%pE8\C
_mEW_
GFFZ
Ho?{RD
get_Message
!This program cannot be run in DOS mode. $
mAc9
(ni
0n*
"444
get_LabelVersion
-rL<u
I{{W
h|/D!0
Func`2
Dispose
Fd Jh
-yDC~
Fo)
eqP
get_viewbtn
GetHashCode
.W""k
Ai%M|"
c F
-{x@
-{xA
-{xB
|aF&R:
set_repassword
-{xG
s-w6}d
,Y_\b
W&y#
.)1a
:VeR
OpenFileDialog2
e(^m?
set_status
ZA`Ky
8< cR
4Ps:
InternalXmlHelper
-NDP
pAH ~
4F},m
DataGridView
x,?,
set_ClientSize
& Kq
set_updatebtn
111i-+,
>SxB;
_ToolStripMenuItem6
_ToolStripMenuItem7
_ToolStripMenuItem1
_ToolStripMenuItem2
get_GetInstance
_ToolStripMenuItem8
Rj;d
au%.Jg
X,e,
Ai%M|J
WM"xV
<<<VSSS
]~gh
4Ps~
PopulationToolStripMenuItem
dl0V
3iP@
J G>$;
LH;}~v
NNgn
`p`8
W]J
uG_%*
5WQx}
+CUUR
SetProjectError
AiE[
fmKQ
VY fy
get_HomeUpdate
ay%M|
&&pE@_{
|#cA7S
My.User
gx?67
ComboBox
'l'k
:E_2
kIDATK4
_client
(G P
ContentAlignment
{844
KDJj
Button6_Click
oA[9
3AOG{
=AE;
z{{C
tp#}
{ H$
yk?j
CII
FlatStyle
set_ProfileToolStripMenuItem
a%;$
W%Wp\w=!
Kt0>
hN'T
m_trust
W .=
defaultInstance
ResidentsToolStripMenuItem
Eo N
1 cS
NM+1
Xuu5n
Select
System.IO
MKUQG_
GetBuffer
C z
GL~%
System.Threading
x"1
P["A
,yD'|_
=yDB
set_AboutUsToolStripMenuItem
SmK9
)Wr>
_s|Dn
Xt%IV5
set_CheckBox1
lfxA
-Q|
set_AccountsToolStripMenuItem
System.Linq
TDlO
get_NextAttribute
get_gender
RIMCIS.Resources.resources
get_ResidentsToolStripMenuItem
#0Rz.yZ
InvalidOperationException
G}48j
6o :X5
nextbtn_Click
\|/D
4 |&
mK!&y
Nnss>
j3C's
8<h
$MVB
Label
Nnss3
set_search
RF5H
EndInit
%?M*{
C
_ vf
@st-
I!n+
8RO:|
IAn7s
`%d=
Y 2F
SAv7x
-9MT+
addedHandlerLockObject
DockStyle
8#27
>H:K
EditorBrowsableState
zNj{xA
Qi%7v
CreateNamespaceAttribute
oEeg
set_PictureBox1
+)+
Wk~h1
Ex:0
client
_UsersToolStripMenuItem
LabelCompanyName
Label20
Label27
get_purok
DataGridViewAutoSizeRowsMode
5Aif
by Diw@Dev
`mK%0}
kf]7
[ktM
4;iX
9}9|
pzrj
XM"xV
get_AddToolStripMenuItem
"~Ap,C(i
]_QQ
?s34(
-Ck%
?E`
m_ComputerObjectProvider
hlll
J|N"
6n!T
(bpp0
'Ei=i
Boolean
-txR
ISupportInitialize
#R4O/0
Speed
*`jws
get_Checked
ToolStripMenuItem15
get_searchbtn
AddToolStripMenuItem_Click
//{@
cJ(R
g7]
[f)lT|
j2Qd+
+gh@
\ 2{ZP
ToolStripMenuItem12
ApplicationScopedSettingAttribute
ObjectCollection
CompilationRelaxationsAttribute
AK ]
get_WebServices
Xl 5'
WeakReference
T~bw
get_HomeCapView
MemoryStream
hQc
%Y_{f
set_BackColor
Value
lAKG
set_HomeTres
FAW7
m[u?
CheckBox1
get_brgy
???LFFFsEEE|CCCcDDD*
?JDC
_r>x
HomeCapAdd
PADPADPX
1Av7S
PADPADPC
-?,
IDATx
CUW
WebServices
P^^~tpp
5: /
set_ViewToolStripMenuItem1
compbtn_Click
set_OKButton
+++}RIJ
CommonDialog
/c9A
*{xA
DbH`
54t8
Wp\w=w
IpH8
get_searchkey
HideModuleNameAttribute
VK 3
set_searchbtn
IEND
PAv7s
_CrimeRateToolStripMenuItem
set_stname
Microsoft.VisualBasic
XM!{^
stname
'J*J
[Ak9p
^i='
_ep[
xOf|/D7
CrimeRateToolStripMenuItem
-k;q~
Rcyw
get_cancelbtn
.:l
, A'
AAr5W
`JJLX
<6mxA
accname
Wp\w=!
set_LogOutToolStripMenuItem
X
get_FertilityRateToolStripMenuItem
6Aff
O
__ENCAddToList
E
D +'
P ""
Diw@Dev
~
6cV
=}8_
C r&F
<:hr
LAFG
Concat
/p<
n'88
=vUM
_amount
Y!RE
get_HomeView
set_Visible
ybb"j$\Jj9~
Aw`yw
GAu5v
M T?p
sXOd?
set_Button2
Woxw
>
`\1o
set_Button7
set_Button4
set_Button5
?@MC
4;Uaa
`&H
>Xryt
rhGD
set_accname
m_inScopeNs
:<Uaa

?-q8
+dxA
+dx@
%I}C}`
q=xV
\}C-L
E---
_Label20
;ghp
6AhV
s
pA\;s
2o;!`
<JPb
remove_Click
get_LabelCopyright
get_OKButton
oc&bV
certibtn_Click
wctt4
Cp<(
dR?!
R-{5|/D
.text
]""
searchbtn
hk){
zC2$
set_ToolStripMenuItem15
set_ToolStripMenuItem14
HomeCap
mJHB
set_ToolStripMenuItem11
set_ToolStripMenuItem10
set_ToolStripMenuItem13
set_ToolStripMenuItem12
grc
xAaE|
JKKw^
System.Resources
get_PictureBox1
mx:9
C g
elem
{y6pE
gD8u
AAb5f
get_IsNamespaceDeclaration
get_HomeCapAdd
m_HomeCap
D[X)
#v@h
=AA;
MyTemplate
set_caso
wtTu
LP2
set_bplace
Component
a9%O|DD
/f z {
1+w
CapTransAdd
ed,=
fsiH
9MoUf
&+A=
T aV`
get_transac
CapTrans
AuthenticationMode
source
PEaG{
get_Info
-{xA2 X
FileDialog
Icon
{xAN
fname
xN9
@888
, (F
Button3
Button2
Button1
Button7
Button6
Button5
Button4
7%(K
JKaBw
!~}[t
*KxQ
get_Label20
/F[I
get_Label27
n:h=

Show
rA_9
4UW
NTRS
rdPJ|)vB
@Au;}
...jsss
5{xA
Font
,/S<hHp @
5{xE
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
My.MyProject.Forms
ConditionalCompareObjectEqual
`.`Y
ProcessXElement
oD<\GBc
Cl (
get_loginbtn
lp"1
set_brgy
MsgBoxStyle
My.Forms
BOy@
String
!NXCw
prov
get_nextbtn
DebuggerNonUserCodeAttribute
get_Title
religion
`99zv
receiptno
^0`b
LateIndexGet
""J !!
"w2A
e6F.
kzxM
_SettingsToolStripMenuItem
DebuggingModes
get_Text
(O(-C
,?,
get_picxup
_TextBoxDescription
8WU]
@;dY
UZ|/D7
Button4_Click
xFyCh
C 1
dO`6
DateAndTime
C 1
3; ;d
% ~(exY
y|jb;
J9q|
%x:L
L)1o
W0-j
|/D
MyApplication
set_UseSystemPasswordChar
'Z_Y9
gF-Q
-gxEn
IButtonControl
I4[k
System.Runtime.Versioning
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
CheckBox
>1Cv"
get_statbtn
LnjB
#l@4
#R",%
m_home
oAl;
set_MortalityRateToolStripMenuItem
vrDw?R
-w-
|/H?
|Hi[
`GWW
JD4\
|/H4
B{ so
k m]
9l6(
j*_*
XElement
resourceMan
ObjectFlowControl
O{zuB
Ggz
n `)
vAcG
R{xA
9[Z3Y
Rcy.T_g
D5DW
Load
set_ColumnHeadersHeightSizeMode
-*+g
QAe5
Attribute
set_ToolStripMenuItem17
System.Drawing
FAC78
r;w#
8/P
set_stado
94[LI_ E
sAm5w
mdn.
NAH9#
+2Pj{xA
'DUgR
Lp,C(
set_Name
CeuG
&$q%"
'DUgN
"#:fx
fgjfaieSDFAOKEfj.Resources
x$9p
Ek)o
Dispose__Instance__
3gx?67
RemoveNamespaceAttributesClosure
MenuStrip2
[~H>:
income
&r}%
&jlS
-.Mu~
I. S
,A
]IimU
set_FormBorderStyle
`'U
Cast
l8&|O
nw{Bn
u(t8
picxup_Click
JJJ:R
RNj{xAS
BVRA
KbyGd
`5
get_password
GWhB,
x 1
get_TransactionToolStripMenuItem
s|Py|
r $
ccc*]]];ggg)jjj
GetFileNameWithoutExtension
` `
75gU
95DB
7E E
get_prov
MyGroupCollectionAttribute
_LabelCopyright
lAE;-
1Ae5
bplace
q^@{{;
V*sj
V({\
?eqw
C M!
e2IE
Monitor
eYB+?
A3j /br
Args
get_clrbtn
C d
4 AxA
_dateupd
Am%0
N5[V
ComVisibleAttribute
Am%O
set_AcceptButton
3System.Resources.Tools.StronglyTypedResourceBuilder
set_UseVisualStyleBackColor
get_AddToolStripMenuItem1
]Jx^
m_HomeTres
8t:]
set_ResidentsToolStripMenuItem
gender
G{{;
v CpE@
83zxA
C R
C R
get_IsAlive
_PopulationToolStripMenuItem
,cqq
-%. I
U5 n !K
<Pl:
b6{RE0'(
){DA+
YI+F
5sIb
63
+(+
FM0R
Interaction
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
n"`m
6Tr"
1etDI
&nPl:
set_RegisterToolStripMenuItem
, (
&Lf5
lGE
;%(K
Hashtable
DataGridView1
.-.
set_AutoSizeColumnsMode
"w2A}
get_Button6
c?<{
j BT
oAdKm
get_Button4
j3C'
(d6r
)p^k
get_Button5
Fo{t
-{X@_
;BBB
:(29
Ic52
set_religion
s3<lav`
SystemToolStripMenuItem_Click
3gr(6^
kRf2
EEEx
/#[
_viewbtn
G[xC
DataTable
]xL>
SizeType
N|I}: ?
get_dateupd
AccessedThroughPropertyAttribute
$b-T
nII X
i}f[[
% (K
4w=!
Exit
qw}
-exB
ApplicationBase
VAMK`
/6VxA
$"pE@
C >
hlAU
>_3
2RPE*
_AboutUsToolStripMenuItem
GetType
*; %
:EHG'
LGo
get_Culture
n4zD
0
`.af
q WR6
o;{
ArrayList
28Uaa
jG<R
m_AppObjectProvider
-mxA
set_age
set_ToolStripMenuItem1
ShutdownEventHandler
set_ToolStripMenuItem3
set_ToolStripMenuItem2
set_ToolStripMenuItem7
set_ToolStripMenuItem6
set_ToolStripMenuItem9
set_ToolStripMenuItem8
`xxX
zIkp
RIMCIS.HomeCapView.resources
TRQ-
0AlIE
vip
C X$A
get_reguser
S%`OZm
MenuStrip2
WGS=
Qt{I
H'<L
e*zx|
u+(=;
FF'08
.NET Framework 4
FALId
LMd}
jW*pIo
Vq\
get_addbtn
iN-L
FormStartPosition
set_Label4
FAE;-
t;thY77gk
*eyq
PictureBox
RIMCIS.home.resources
CreateAttribute
compbtn
4f%L@t:
TableLayoutRowStyleCollection
2As9p
iNBu
`KNN
HomeView_Load
5WC<
set_certibtn
x9Au
CapTransAdd_Load
pj D
get_CheckBox1
y+d{
9ew+
;v a
*eyA
p,C(
\CtW
FJaioefgkaoeK
1~D@
set_comp
JK-}
Qr y
N@KJ
ToolStripItemCollection
ZCa.c[
4Psf-P
4Hml
A&$g
U[B
set_Filter
YYWG
_addbtn
FertilityRateToolStripMenuItem
aA%0F
get_Current
@P\\,{l
""p !!
Twz/
C w+
nX-+
UKzI
)S27~
_bplace
+|/D
C e!
set_client
Label19
get_mname
^>{/.
-ghE
!o=~DL
nz44
?s5y
DeveloperToolStripMenuItem
AttributeValue
C <
%Data Source=|DataDirectory|\dbrim.sdf
Microsoft.VisualBasic.ApplicationServices
wXVt6,
_stado
Label12
Label13
AccountsToolStripMenuItem_Click
Label11
Label16
Label17
Label14
!o=~Dh
get_HomeToolStripMenuItem
P `*
System.Drawing.Imaging
n 1KT
_compbtn
40T{
set_LabelCopyright
OnCreateMainForm
TargetInvocationException
login_Load
c;W;
e9x#=
;dzj
[ `
-$eg
DataGridViewAutoSizeColumnsMode
TableLayoutPanel
!GxA
@6av
Uh_v
repassword
RW^F
Math
*nD~hh
RIMCIS.HomeView.resources
QG.KT
0@.Y
set_Culture
get_ResourceManager
e=w?<
viewbtn
&pE@
LAk7d
RIMCIS.My.Resources
@HV5
set_SystemToolStripMenuItem
set_SaveMySettingsOnExit
set_searchkey
m38
LabelProductName
_prov
Point
My.Computer
MyComputer
3Bhg
^k2CU
(uou @
set_AutoSize
-{xA~
ojMV
Operators
3MGL&v
2ZRAh
"M'1
?0t7
set_ViewToolStripMenuItem
@,pE@
&(
'Ei}
IconData
repassword
type
YdxA
get_client
set_AutoSizeRowsMode
+G~*
O,;I
:,+e
JEM7
Q >v2
CSBL
IDisposable
b:;&#E{
Ae%0
get_LabelProductName
b];u<
_status
Exception
-{{Aw
purok
get_DataGridView1
f`9c
&(O
Ae%M
?-{xA
em 5'
get_Image
C l%A
T8@v
U]h6
set_receiver
rmEC
.>'s
1M\s
%q HG
RIMCIS.HomeCapAdd.resources
]KDS
:ghp
k.j
Ae^1
Gy;M
-cL7dR
set_Value
InitializeComponent
?F.'
get_SettingsToolStripMenuItem
Lp,C(i +,
OpenFileDialog
_mun
GetEnumerator
OCP,*
.|Ty=
!!b ##t
set_prov
rx!U/
RIMCIS.HomeCap.resources
D:VhC
bf#I
` pmD
/_/#
instance
r )C\
!-5-
3AC70
~2Z4
Label15
<Fb%
Qc*jj
0Ap9Q
set_CrimeRateToolStripMenuItem
D lG
Y-dW
1szG}
Enter
*{xE
zMx.WTA
@UIE
hh(k
5F<
addbtn_Click
jc*p
HAv7s
-dxBn
set_LabelVersion
TRVn
inScopeNs
V-Kx
0F<9
{\w_
I}rl
h kv+
I@!
Q.rD$zj
'&*
_password
$&ix
attributes
L4B
KAn7s
-uDW
n d&
6|Q
QEU9
ZEN=
YA_9
#)ZN
System.Runtime.CompilerServices
set_HomeToolStripMenuItem
V/77
+G~~
set_EnableVisualStyles
TransactionToolStripMenuItem
DAC77
get_ToolStripMenuItem9
|rpG
Ab e
get_ToolStripMenuItem7
get_ToolStripMenuItem6
8V]]
Y*4@$
get_ToolStripMenuItem2
T~iy
get_RowStyles
-
-vxO
`tELH!
H3?,
^Q #:
C w
d2eg
set_TableLayoutPanel
[,727
`0>
cp,!S
+G~h
-{xt(
:9k}
%9m%-A
ViewToolStripMenuItem1
set_Font
RmKI
F[Ui
-KxQ}
AftE
C '%F
s`d{
:k68
000y444
_TransactionToolStripMenuItem
LKi5
_LabelVersion
Synchronized
0xy`
kSw6
VA^2
0 !!
yyq(
cancelbtn
FontStyle
\%_v
G.Np
Tc~Vr
lZ=z
_LabelCompanyName
dbrimConnectionString
p*} U^
mAd;
My.Application
E5gxv
q}V
P
AssemblyProductAttribute
?q.?
6gcf
dHm-
Klh.
BNx
C P)
set_compbtn
+{zA
<Module>
set_dateupd
##G
43+)+
_nextbtn
-~G'hF
Am%0e
nUj
-~D@n
en-US
{dktM
TargetFrameworkAttribute
a%O|H8x
get_TextBoxDescription
|IU3g
set_ColumnCount
9olD
4D8v
get_login
set_DataGridView1
@nJ,
eLPB
1/)=
Pz&>Jq
@s)2Q
'0V|
QIyDp
l%"0+
receiptno
SEzg7
d]/p
4System.Web.Services.Protocols.SoapHttpClientProtocol
wOeV
QW <
T$JP
OpenFileDialog1
vv(-
ZZZ&[[[
get_SystemToolStripMenuItem
K^y
WWJT
q0w8
{0tI
-%dn
_lname
a &u
j} ~
Y r;w
^x}b
lSOC%vU
#GUID
y_a3
FqCx
:(ed
_stname
VAC73
a%M|6
set_SizeMode
get_AttributeValue
HeFGm
###$
###+
2 )
set_TextBoxDescription
{%0}
7Mxe
s
QGx\b9
MWfM
set_ShutdownStyle
set_viewbtn
w.;s
XName
a[E|
/a+I
_ViewToolStripMenuItem
_transac
ElOCP
-gxE
whkk
_OpenFileDialog1
[txQ
ApplicationSettingsBase
C w#
.CN,
Kqv
MenuStrip
set_Image
+M{x
System.Xml.Linq
%;P<J
diomadnfagaghagh
8}8|
1|@M
h1^{
=KxQ
Yo$ib
PrHT
AutoSaveSettings
YCPb
EventHandler
{pHg
EN;o
{pHa
{pH`
@Xtv
complainant
Description : (At runtime, the labels' text will be replaced with the application's assembly information. Customize the application's assembly information in the Application pane of Project Designer.)
set_TransactionsToolStripMenuItem
,fzA
Microsoft.VisualBasic.Devices
9+XxA
FFF'sss
*eyAw
password
set_ImageLocation
<
'8Kq
(utw]
<H*k
6%(K
biX'T
get_bplace
?sVB[
K~xA
get_dbrimcisConnectionString
!o=71
IEnumerable`1
$$jB
<~ky6
M#L-
fm r
stat
W-w-
-!Ss
"b{xD
get_stno
home
M>9_;UW
! `$
WPRc
_PictureBox1
MR{/h
_MenuStrip2
_MenuStrip1
|Hi{
$bhh
HomeToolStripMenuItem_Click
<`~-
F[-TkzW
YELm#H
picxup
0GW
CertificateToolStripMenuItem
StatisticsToolStripMenuItem_Click
)] 5
q{%-y
vx%U/
RIMCIS.My
;a~5
'SC|T
Label10
Dp 0
:z:7
EA[9X
2Zt
TE?67
set_Icon
viewbtn_Click
System.ComponentModel
AssemblyTrademarkAttribute
TWrX0
BWp y!
xrpG
?yAX
&8<
E)0C@
42Fk
(.*Ac
set_receiptno
MyWebServices
savebtn
get_type
sender
IEnumerator
&8,
R O>
LCY A
#JKD|
+G~:
3p\w
@.
dKh4
l?p+
*9 7
81sGx
addedHandler
Ai%#
Ai%"
TextBoxDescription
xxo"g
_LabelProductName
AAa;
+G~$
GFF2mRN
_HomeToolStripMenuItem
+G~^
C Q
C Q
#rNW
MyProject
pE@_{@
+G~H
{<WG
System.Collections.Generic
Ai%M
+G~C
Ai%O
&8o
u'vA
T^Vgx?6C
+G~x
?Gir
c-Jr
NK:h
&8\
VAC7
2 @*
AssemblyFileVersionAttribute
yR{xBw]
qAQC
&8@
System.Windows.Forms
+G~l
ir"V
|V{2^i
A1v$
[ExJ
ShutdownMode
]ktM
=AMK
wBRL!
%Oux
-zDD
Hp)+
:M 9
+{zA1t
=DHBs
add_Shutdown
-zDz
^AGGd
lname
Am%O3-
_prevbtn
>Gux
Ai%M| l>
GeneratedCodeAttribute
disposing
nPl"
pf3CT
} bz84
CheckBox1_CheckedChanged
set_lname
-gx?67
X@16
LateSet
b--,
Remove
2mqA
7 SP
qJ{xGi
MySettingsProperty
set_stno
B'$M
set_BackgroundImageLayout
=AC7
>B+j
_fname
VOP:s
DebuggerHiddenAttribute
,xu4
RIMCIS.CapTransAdd.resources
-0B
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2018-05-23 20:32:44 2018-05-23 20:35:36 172

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2018-05-23 20:32:44 2018-05-23 20:35:36 172

9 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\3.exe.config
C:\Users\Seven01\AppData\Local\Temp\3.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\RIMCIS\*
C:\Users\Seven01\AppData\Local\Temp\3.INI
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\feda2f569facd862b6e48c360371fd08\System.Runtime.Remoting.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\feda2f569facd862b6e48c360371fd08\System.Runtime.Remoting.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\504ad2f34aed94ab3fb047bd0c17110c\System.Data.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\504ad2f34aed94ab3fb047bd0c17110c\System.Data.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll.config
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\RIMCIS.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\RIMCIS.resources\RIMCIS.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\RIMCIS.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\RIMCIS.resources\RIMCIS.resources.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Users\Seven01\AppData\Local\Temp\it\RIMCIS.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\RIMCIS.resources\RIMCIS.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\RIMCIS.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\RIMCIS.resources\RIMCIS.resources.exe
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Users\Seven01\AppData\Local\Temp\it-IT\dll.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\dll.resources\dll.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\dll.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\dll.resources\dll.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\dll.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\dll.resources\dll.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\dll.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\dll.resources\dll.resources.exe
C:\Users\Seven01\AppData\Local\Temp\msvcrt.dll
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\remcos\logs.dat
C:\Users\Seven01\AppData\Roaming\remcos

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\3.exe.config
C:\Users\Seven01\AppData\Local\Temp\3.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\feda2f569facd862b6e48c360371fd08\System.Runtime.Remoting.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\feda2f569facd862b6e48c360371fd08\System.Runtime.Remoting.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\504ad2f34aed94ab3fb047bd0c17110c\System.Data.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\504ad2f34aed94ab3fb047bd0c17110c\System.Data.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll.config
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Users\Seven01\AppData\Roaming\remcos\logs.dat

Write Files

C:\Users\Seven01\AppData\Roaming\remcos\logs.dat

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Transactions__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Transactions__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\BidInterface\Loader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|3.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\3.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\102652ED
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\gfhghghjyyhgjhkjlljlkjhhj-5NEI9P\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_CURRENT_USER\Software\gfhghghjyyhgjhkjlljlkjhhj-5NEI9P\EXEpath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinSAT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winsat\PrimaryAdapterString

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\102652ED
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winsat\PrimaryAdapterString

Write Keys

HKEY_CURRENT_USER\Software\gfhghghjyyhgjhkjlljlkjhhj-5NEI9P\
HKEY_CURRENT_USER\Software\gfhghghjyyhgjhkjlljlkjhhj-5NEI9P\EXEpath

Delete Keys

Nothing to display

Mutexes

%MUTEX%
Remcos_Mutex_Inj
gfhghghjyyhgjhkjlljlkjhhj-5NEI9P

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
user32.dll.RegisterWindowMessageW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
user32.dll.GetSystemMetrics
kernel32.dll.GetModuleHandleW
kernel32.dll.LoadLibraryW
kernel32.dll.GetProcAddress
kernel32.dll.WideCharToMultiByte
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
user32.dll.RegisterClassW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.GetFullPathNameW
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
user32.dll.AdjustWindowRectEx
mscoreei.dll._CorDllMain
mscoree.dll.GetTokenForVTableEntry
mscoree.dll.SetTargetForVTableEntry
mscoree.dll.GetTargetForVTableEntry
mscoreei.dll.GetTokenForVTableEntry
mscoreei.dll.SetTargetForVTableEntry
mscoreei.dll.GetTargetForVTableEntry
kernel32.dll.GetLastError
kernel32.dll.LocalAlloc
kernel32.dll.CompareStringOrdinal
kernel32.dll.SetThreadErrorMode
kernel32.dll.GetFileAttributesExW
kernel32.dll.ResolveLocaleName
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptHashData
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptReleaseContext
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
kernel32.dll.OpenMutexW
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
clr.dll.CreateAssemblyEnum
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
kernel32.dll.GetTempPathW
kernel32.dll.FindFirstFileW
kernel32.dll.FindClose
kernel32.dll.FindNextFileW
kernel32.dll.GetSystemInfo
kernel32.dll.GetCurrentProcessId
kernel32.dll.OpenProcess
kernel32.dll.VirtualQueryEx
kernel32.dll.ReadProcessMemory
msvcrt.dll.memcmp
kernel32.dll.GetStdHandle
kernel32.dll.WriteProcessMemory
kernel32.dll.LoadLibraryA
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
ntdll.dll.NtSetContextThread
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
ntdll.dll.NtAlertResumeThread
ole32.dll.CoWaitForMultipleHandles
user32.dll.SetClassLongW
user32.dll.PostMessageW
user32.dll.UnregisterClassW
kernel32.dll.LocalFree
advapi32.dll.EventUnregister
clr.dll._CorDllMain
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
user32.dll.GetCursorInfo
user32.dll.GetLastInputInfo
kernel32.dll.GetConsoleWindow
psapi.dll.GetModuleFileNameExA
psapi.dll.GetModuleFileNameExW
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.IsWow64Process
kernel32.dll.GetComputerNameExW
shell32.dll.IsUserAnAdmin
kernel32.dll.SetProcessDEPPolicy

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-05-23 20:36:35

Detected family: #Msilperseus

TheSystem Itself @ 2018-05-23 20:48:02