MalScore
100/100

windows.exe

Is DLL Packer Anti Debug Anti VM Signed XOR Related 2393
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 572.50 KB (586240 bytes)
Compile time: 2018-06-10 21:51:02
MD5: 5c81e05a54c2fb0f041983a1c3d88e5e
SHA1: 7263d7577f09098bd88d9aa47560fb4bf7787f77
SHA256: 6370e5732f928623a39098a18dd92b980d9661684995b4af0176702dc4071616
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 4 .text .sdata .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-11 07:45:08
Last submission: 2018-06-11 07:45:08
Filename detected: - windows.exe (1)
URL file hosting
hXXp://gulzarhomestay.com/images/windows.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x23e84 147456 db04cef35ca7892f77c7be66f171db3b 1632bc622cb45ee97f8cfaa880af7069b7b9c66b
.sdata 0x26000 0x1e8 512 db9e4704ffbe8b1221088abdef84239b 529578388b4b02002209ce8ada691cc1d25934c7
.rsrc 0x28000 0x6a85a 436736 eb959d555b8dbb3fbc7a9184450a9d3e 189001e0ecfb9b405c6ac8267a7c9f823f56f6d3
.reloc 0x94000 0xc 512 38b640f8a5655646d49c68a43f4e5248 3ab3b27f474462b37aab0717f0076d531a74b067
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x76c98 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x77100 328 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_HTML 0x77248 111655 LANG_GERMAN SUBLANG_GERMAN
RT_MANIFEST 0x92670 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
file:///
!F"9FFAFPQFPYFPaFFiFPqFPyFP
{11111-22222-20001-00001}
Location
$this.TrayHeight
{11111-22222-50001-00000}
GetDelegateForFunctionPointer
{11111-22222-30001-00001}
{11111-22222-40001-00002}
.#J.;U.3J.+J
$this.DrawGrid
086pQVDXaVrLoBJfUs.gStHs3XeVpyN1Va5yn
.{J.sJ.kJ.CJ.
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
{11111-22222-20001-00002}
file:///
$this.GridSize
$this.Locked
{11111-22222-30001-00002}
$this.Localizable
{11111-22222-50001-00001}
$this.Icon
{11111-22222-50001-00002}
FF]
$this.SnapToGrid
{11111-22222-40001-00001}
FF.[J.SJ.KZ.c
System.Security.Cryptography.AesCryptoServiceProvider
$this.TrayLargeIcon
{11111-22222-10009-11112}
progressBar1.Locked
FFE
FFC
FFB
$this.Language
progressBar1.Modifiers
vN[r
V&-$bR
vBJc
Int32
4kqP
3zD*
f{a@
Y5ikPHH11
m}o|&jE
,Jp
UO):
\9>~
B" dr
0\=8G
ooo~
ooo}
ooo|
-V53
dj6N
ooox
ooov
d3?HsF
s?`4m
y!<I>
oa6(
`Cr~
9p(l
NpaY
f+ (yk(`
b d\
LlhM
pl)c}(I=qz Ng
l1EchHIu8R4c7
IhpherCLW9vRUC08koY
CryptoStream
< A:
System.Globalization.CultureInfo
3%
tQ#t
>+ (
_6
PNG
.81
Q? #SD*+_P}
9WQ0
5+ybr
</17
|~T3
^y@b$
%{::
6P/%^
3%K
s"4u
dxJ@7
.MT 3
tWV
]5hE
(Kv{
$0`f
L0pb
bu)~
;#7+
XQ$U
7B~H
.PZkn
v+ (5UCZ
a0# {
hQAQ
{dK_
T:>Q
E7pRC5
,&eZ
1_S
Dazh
5LG
F5UBupdtv
/dsy
Format
:f37
zUix
V+ (]9;b
8jQ9
TGmk
gEuT
0%
4sK6e
Vmrt
'
J:3V
{+#g
GD\
x7QO
Ug>Y
PdV5n8qcV
XaD/
Asin
AAAD
DotWaYT0Y5NBwqrxcy
C[Yk
((sn
f+ (Bt
8 U\
bE;K
BX-QvC
q^b6
^#oJ
ZQkm
L9_&
tp/+Y
/H{q
0v-a
!X >dS%
'-v<k
6FU[]
+_U`
~/~
cohfS2y89
4d b|
^vg
e8O2
[j/7
veFP
I]O;5
Gy"Lp.
f+ (G(o4
^Rt>
6uEG
A???
_Z[T
ZWqL
D4jIpXg3Iq
Char
9:ml
Qmt.U
d*0b9Mr9
<~|b
" 4j
hwSQKmpOyf0Deid8dBC
X56QxbXLa2iSrTYvCpo
GetValue
~ K1
HashAlgorithm
! gO[}XZ
vOnbFddbAmImrPsor0
rK7X
'''6
'''2
'''1
z8}~
PfEs:
QI0\]2$s
$m(T
{\tH
AtB)
4EnBPHQJ
0p}=2y3
ONQI
"ABBLL?5!!
n&Z5
ouCb8
iPp,
tB>*j
v_en?a
yQae{h
qkr_
(000
.text
ce4DmfsmSrOT856tDgfrkMb
'i:JZn
oJvC
w79T
I1Oi
positiveInfinitySymbol
object
CH x -
percentGroupSeparator percentSymbol
FlushFinalBlock
dt/iXjj7x
g{]@
V!03N
.3%H
EphP
ubP
o?|`j
$$method0x6000020-1
$$method0x6000020-2
S+"T$BD
b{IZ
*f+ (
xutFrgCU6IYkHltGLGK
S1ZX
CipherMode
D3D)
BeOQV
\g1G
K5uFU2Ury
<}<Oc%
WP]Co
@&]bC
j+ (#X|I
Cjb2
FMtUrDCS7iJs4yUe43E
G0+bFE
C!|~
yKq@
47?I'
C9Bkn
\K x
1H&t
CreateDecryptor
+"NW%
result
i!NR
cw8i8kXXMij8WXSqlrx
BfX
^hb@8
K|Y
get_CodeBase
d),A
0]/1
+,Um
Pa{,
>{Cw
1)61
aU'
TIGLXfzmsKmXFrZSNF
aJ\[Z
koGF
YhBm
DG5pA4CsCjA8FyILY16
gz8FF
JlytYsglc
!] Nj
m m!A
cf>:
zgyk
e9qeN9
T?a'
Bi-9
6tdw*
culture m_SortVersion
I_Pa
;<>=
eQDmn9
ldqn
hr nu
HiL0xXuML
5fm[
spif
>s/9 u
mjAzd]
TargetFrameworkAttribute
3hR ;
FD(S
/,BK
8 r1
ReadAllBytes
TlLG@v
FAj.G
bZGH
el8oijXtvgkOaQVIO5y
l`~)
H4V$/
;Z
W%po
h b9
get_Assembly
71s;w3
rs5W
$DH(
Ytgb3KCEnQv7KZNpKUn
?%0
j*fU\+N;
61]>
~}ii
~A9
8uemUZ
4r:^\
812.v
0x}v
K #V
@?mw
kDL+=X
D>{>?
r[lw
2Idv
V$-m7
Vey-y
'E
0k
8#^@
f +uu
IHDR
uaN2k
x5 ~
A7A7
Ex@x5q
EcPK8GwoO
V{+t
japWywCZdwP5JLQdtQf
xi6
r|i}
__StaticArrayInitTypeSize=16
i1PP
WdeCoS
P4,p|
System
2m;O&
T&NW
,Vga
OMf!<>
a~J%w1&
L -}
i44 Z
r-#(B
uKB
}F Qr[
! e
,57}m
$GJR
?}] /
1rF+
`Phm
h8=>]
H =H
urk
vs
MethodBase
3&3*
-N&\
1s t.
hcdp3WnXa
fAMz
CK^ ^3
>Y2Q
V_4j
D.lP
ae!V
@} ;
BYmzmtwYb
8^0g
K}]85
I[40\
b+ (x
VAMKbWZR5u84HgLQ6j
width
$'& <==
3 m M
t"k(
rv& o
g ,2
G5qgq
C( al
QA12LPXexaiQ2W9Ly40
ZzU{e
T Gj( jm
.k_<
Y6x$
bkAmH
E5 $
Y`\\
331K-h
b+ (W
)???
PE9Y g
/,3Z
h95-
;$]I7t_
1`\`;<
_|&GG
yt9s
< ^J
+9x]
yn9lPB4PNITaBmhRwC
u=U(
@l]J
IUosfy
Bq0["
hL@^
!&G/S+
x)7f~
usI{
#"^g
T6P
2x4R
AssemblyKeyNameAttribute
=Li,
ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
D{UQ
&#0W |e
j+ (
[ d
-hY0/
nzp8l E
~)M;
zK~
)zZN0
NEwU
L\Kj
?(~
/82H
uC)b
ZuU?
ICmchHIzqL2CE
:->?
d/mI
XY*+
.*hS$x
i k]
V4feynn8S
S+.y
jB(.
B"|5
T5 =
n ?
X@vjv
C'&Z
-^_X
zw]`
sE.@
/?L;
o*s
4EC`
2 1#
jc~SQr
$~l\T
}b6v
ikxku0A3uaLxynauEr
`V c
XC<=
4|ho
3%<
LtR7KLXuhQwVOqMGbXb
MU*N
>~N7
+ (Ng`G
'>$Z
vCv[
%5$^
" C&
cy]@{ ;
XstB]
N"T@/$9%
rrl
>mnT
I)kE=
BK0Z
CompileAssemblyFromSource
TprRP
DY=h
q-`V>
]V+
^hP*
ToLower
Wk*q)A
54ci
NX|w
*g~K
]=.EB
#?@]
g[=3
$p&<
8vxM
oka32ulOicKRD5Q8QG
] S`
9I5:
jvA&A
e=1
EMoH<
h %|?
0E0A
1"f7
m&h(s
/'n's
+KPZ
Mf4U
kQWZ2
ToInt32
x)<=
a EJ!_&
Jd:s
L)hg
Qo~*k
R&M/Z
,k2CP\
VvO,^
/>G{
NYhDxGXR8yuPRNP3mUX
0Q7
nXIemjCQ0WXgwkNMu60
Y]\ >BA APK
[ad\
4' '
IDAT[P;m
aj:A
H4JKrGC1RKHwmFKKXoO
}U+A
3ZSi
Kg0
5^rh
`'=|
SS'
m4,Y
;G 5
LTSG
s P4
dDW,|
+S'al
nZR83
g" c
Kfu61ApuMGV4mOJxC2o
20Gv@
+UK^
ssf
yN?nU
F 8p
_,n'
${`p
O;9?>JxCB
QCuFP
5&
'v"p
9I4
F6_%
zW=?>
W_{u|Q
ToBase64String
numberGroupSizes
[Kg`
B1=)
g{tx
numberDecimalSeparator
{6r|s
WYz-B
hMb@
J"\lJ54
kJ=,
npo|tttruuupuuuptttprrrp!!!
"&tn l
$ =%0
-\NnQ
P532bSpXGZ78AniCbBE
5!/.
`G^]
Invoke
f+ (
,TY %
RPZbKYmmmtwYbEF4cB
;3 f<
.{ce9a
Y r
7xTW
a 4%(
%W6A
?=hjQ
p#>@}
L0oON
*l,$
B~0
2;'S
Array
#!>G'
A M^=
rNm/
>$J{ n
*jgD
6z/5
Xs"TY
:6;<<$6O
`Il)
@)W$Mvb
]>KV
S }%
+b;k
]]B|
DUj
2F@e
v!Lq
f+ (4MGU
I}<$
/5Dt
!V(w
/r/n
QF:4
uIr v
N+mB|9^
t<6a
get_Location
33
MZNOwDAl9
oeNi0GvIYhpiZSx8GB
NPP&
zXFj
ZE{I
caai
Fq0MX5pkt5hcQFLeOH
jsyZlJ5ZuH6MPEQwFJ
AYQ<
=<M0
vi%?
!UTMq
get_CompiledAssembly
vRnV^b8
MoAr
pBLO8pXp0qwCVZ07urU
:CuR
p} 0cM>
eGAg
\
RuntimeCompatibilityAttribute
QhJ8eKppYL8VA86kEQZ
LW_
U$=2
1<Mfb
\}U3
{<}
-]HT
,a8$,
8*"%
|ku.DD
mXi
VDOD
?(|U
%+"T
Round
S[P6S4M
wiM1v
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
UF!fbo
75%C
Fy|s
`a\c>
;]=h
*$+
77{x
]t B
7777
+RLe
>Mi!
A?H=
M|H[
**('
&O+iS
Nkz
ii`m
v60
XCZs8
LXQIemDkvSslSCmfEv
ad9I
8s% #
'7 B
ie1&
ox[J3
v5H:u
/* o<
ni}O
e& 82
f...
`gF{
` PB
)"
-Fdk
#}v\ct
-kYLwS
m L[
dnC6
! gK.}
gLVMZdXIo9lr1kUpwYd
-" !
F;%Hh
a 9f
?777
wGs/ty
# r,0.
CQpw0YgTiACGLnK9Ny
D3BN#
]s k
J:S7WpM
V7sAF
k .
NL82
X(:f
Eu0WM
X !R
4VR^^n
#Q2bE
?15;
5" }
5n+
9wP<
5^pe
H1C
j(ElStC>&$H
FileShare
> [
1qH^)
SzcZ
\ kD
#D(
!],q
Close
gjPmkAY6nLOy131UlR
[`ht
}7}=
c&k
^*q*]
Read
1111
y[Z/
^SBw
v<}H
2AE8
]nM5
AoDB
@Y_gS
Pk6x
DTWU
-|efW
@ |u
%u4M
PZ[G
b*3l
!grN
_sCMr
J{&v
\aa ht
@\_yAZ
qaQ[
!D{%
.j[;
B+ (b
23UB
hznS
*R;I
mscorlib
FileMode
uB{i:
p0|-p!.
9Wtx
qn5A
*f%G
B-M
pHl&
S&&&
"{?*
B)?J
U6gqtS
"#>
+ (/W
.uNn
colri
SyL3jj6Jy
JC02
=!kl
xe\Dz{c
Wp<K'
rsLp
6~N.
DgFw6ah36WxDTPTUrJ
^69Vn1i
b76Eo
4 +
["!Dx
method
n6=!
q6nIUTp6iC
#y&D
o-m
k6 /
set_GenerateExecutable
UInt64
1^8;
6)iv
`n
'Za
;(J-
\Eh,
&O!2 Uw
j?E)w
B+ (
P>S~
wjpk33CAUCwWr5HGOlD
uxg-
ddZ-e
vdE
I,{}
skZ,5
$1 !
l*22
|_C&ej>M
?peG
c33
k<c#k
K@wA
Rfhn M
/YjlN
dumLQxX47KhJb8jj6re
0j&QO^Pb
$~fyvhC
percentDecimalSeparator
F) 7%J
viTW
%Ida
po Q
kMG
6&
iEaC
3UeMQ
* #%
fYUS5MCTebQ3v3aR8DG
9vr<
pHrth
`3V)M
[ []k
y.~?
!This program cannot be run in DOS mode. $
yp c
nq%ab
Y&w^V
~6X}`
yDuiN4CWduaZqmZ3kmv
Dispose
gu;^Xl
r+ (
\JEA
@06+
-&b@
Ra2M
YBw6Kb
)pj,
#=&
} xf'
+!O
R|N&
$$method0x600027b-1
#qj-
Xm9+*0cOm,
XapjfFohK30xUxYeMp
/:J
>Ugq2 #
MG:6
\\\)UUU.ZZZ.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.ZZZ0MNN4-<7L8iY
J:'g
5RJE
*j+ (
>.>y*
1kan[Y
+f<I
T&''
hFki
Ax<|
RJBmJ
cVyfKQCCFHOZCvMZdAR
y3y|
e'zL
op_Inequality
\c#U
nJmWmfxLu
Ye-h1
W 8
u>vW?Q
System.Collections.Specialized
cg-Z
xELB
lY/@qS
gNO(
{MsO
`C7eV1
|2CA+
+ (K_#Y
pnaM.?
@QCL
Pf2"qGV?.
?82-
,9\,
/CBW
rwS'
GetProperty
$0[D
sDwt
^F*$
3{po
PaXv
m_name
\-ba
+|0W
set_Key
A]LI
")"zX
FROu
)"|~
(\
(H
xsl/<
typemdt
Boolean
eXkH\
# g!
MethodInfo
1DG`
Eb(m
(DWD
CompilationRelaxationsAttribute
>`$~1
kIUT
QOVX
4 {?
k\A:.
MemoryStream
dgF'9
&[93>.
L7.N
B\DJ
YNi'h
eJ@_
C2 '
uY:e
LvF~l
ibkO
Lg7
0< l83
)8"v%
:c|Mcd
VC,A
AC8Y S<[
MBPVT
|IANK~f
[[CM
0Q0y
xyLqFZV
N2fh
?=F>
!|u9
w9wb
vS0?
~Igg
0 0"
e#\*y
I]y1
oYVPy
vYlc5?3
C(]L-

YCTIaKcon8
;|90
CO186g8ghoHRdeD11M
V+ ( FHg
A|j`
7ws{{
}">#
p>Ge
p-B0
j:rl,{
dL?R
D d=z
,,, ... 111 222 000 *1/
hvjUZ
7K d
ndF1B
@l[[
4 Sb
$],>
gM` _Om
)rx(
s`<V2
.Lpp
bsEswUXDwnyvyj3UMwj
$x"H
_Ni)
cnTg
r0XCPjXS83wTMuSCnm9
1%Qv
3437
k~gUf
1O`.
701>|
System.Text
=iDQ M
^Gw+
yVB[ft@
?R)r
TcsOFxC0d7qAkOomsSt
vRvB
BZG
#2"-!
G|n}
8w}:pv$
OQZrc9X5OrL64GqITSk
R !_
aagKm
+Is|'
nechdUuvK`
szhY
wJnk
]]6T
&(7
mFWAY2aFNpXTXApejC
5b:w7
Cq_/
IUZL
%7_w/s
kvTH
__StaticArrayInitTypeSize=18
%~y0
Zht
\lm:
h. w
<]c89y
6H
R~~.
9g~zC
vuTJYN
)=6K
G~l57
_CorExeMain
Ks}]
J. 6
Pk/u
)8X=
YZS8
G b2
{ Op
n~Sf
D4,0
DebuggingModes
fQXk!$
HG2-
.}Fd!2
kkz#fl
'1p!n
ToArray
a8NZZ8XhY15m7R1V2jM
I`b3
/&Jt.e
)222
9}2E,*
#R'GP
FUT w
CompilerParameters
vr?*
s777
U^EWEEz
HNb<
,T`W
nmGOLGQyHLvkbvCiOq`1
1;]=fP
n0swi8f1ytJlnxdNsk
goI<
pc2CDX3tQ
K\uC
xss!
Re1B]
AvKGkgsm[
?n{n3
{j+z
NeS*
'!K9
ufG[
i 7h9
fIM\
CallingConvention
<zu/
!!%2,
193A,"
[m14|
I]B{
228)`
IPqBb:
_[ x
validForParseAsNumber
*06o
Bp.&U?
W :=
L@g[
PQ_d
7i`,q(Q Z% M
ac"~
1NW[
(noe
l0G\~
'{=k
/"
D qJ
;kQ.
V+ (
a`)f
rrTjb)
}(9,
M+,cyvT
779w77
r=M>
M5"C]
g01V
qye$
dRP
gw`^;
> E:
[R=Z
bx5-
.M/h[
p JY^Z
V@h,
|s\z
<blK
cxJ<
7;VO
$eFh
%System.Globalization.NumberFormatInfo"
Stream
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
KHCE
sRGB
Jw3dqxC7Tq8fSfV5Cy5
4RL 2
# .7z
s9 |:
b+ (" y8
BTO
PF]9x."d
>>_hll
r ]
Uyp
`ta0a
CDCu
O /Mp
mZaH
tJnGK0XMNUxJEJdrXkR
2!_V
eF~d
! L.
-MjI
iidvBWPrMM
N2j?}r
bvDLfRdWy7xuVsIRtF
gcV&
##3a
k4Zlif8vqSO7QgNmTG
kXBBRMJmA
+{ LN
$y f
K*I)l],7
I 2Mu
l O
}Q?
mpdtvOal0YxX5DKRmE
@KG m
3w3w7737{
WHf5:
FXOiJxhF8nVHFNT1rX
<@(*
<tC;
Xo7?
im.A
J8L)
RWd
~D9n
9)N5
Q8S?
h0F.*
c3Zyr
derelict
34b4
7w#n//
8%76
DJ~ a
AesCryptoServiceProvider
_...
:(/#
!I$f)
4Hm-
K8_&
(=3
? N
set_IV
3}(3M
Q WU
qw--
&YrY
X?6+
|_3s
~ O$7`/
++ 3
$Q6)
+ &N
rw!7
S Vj
u >5
JV]h1
X< *
h::
,yP}@
Eg<+
#\_#
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=30
m#TA
s<v
;FiW+d
84wW
EFsFeOXrmiDH6v8jdQN
8z 0
LeZ}MWJ
cisufF:
P*)>
2{3
9+ %
negativeInfinitySymbol
F#~W,JW3
MzMR|g"7w
PH:4
rX^u
=.8+
mfHr
g,^o='
WZ7S
@o*<
!P 6P
aEg%
ON rx
zSZID
v+ (A%h;
Elq>
{bNY
r^;,
SSb z
=0Xuw
Y_f
KEdE
~NPz
9\Oa
.i[n--
{"@Y
32-@u
y_/n[C
-=J)
m2p?
ZE\{
A0z~
m"S$
# #:
(W.0
Jkjr!
2s:)-
5Jfy
!Zra~
*+i
lHu,
EL<u
vT2
do7wxqpSC
uZ]H
==6q
R c.~Q
8^\1
#uqKSsM
Y5iPHH011WQf8Hvrso
`- &
pxJu
|UG}]CQN!U
nlTWb/r
_V&b
Tpgv
=,-p
?nE
BpeDj '|
C#i$
qAPQ
r=OF
`Iy+
Cw$?:
Y<QgY
t|0B
EbpUOXS6W
M_oIN
((( )))
oO|/|D
r+ (;8#1
']D9
E6@N"
qt*DZ
IDisposable
H)}di
/TbXP
u<n|
i$a@
PtXlJ
ziVLKv0i5jZhMNYVW3
HUpIdMStYV
P2q4vw'~0
wkY$1
;B+W
Y Qq
V 8e
zdn@
*9pu
p!I+YP8
I!QSe
xC0qJmi0eWGReeg4pU
cyYsglkcGsOJNTHipo
:_1hP+
rJi7
xpi+
|q(c+-
IVyho?
5552
0:,(
l5($UZv
555:
$h7}!vl
f, 16
aUXK|bnYg
\?h9
5 x|}.
A"vhN
GTTT
|KKb
0xW\}s
S)))
N)GC
'Y?
<MXU
??? >
_av~
#GUID
ZCH0;\
A`5WJ
lBw5BuCD2nmvUueTerD
L/[U%
pHw
H[Z%&H
FjCja
fo&D'
:ZB7
,(+_
pzHV+
;;!6==422%%$
aqdr
"=1 Y!
3vSY
XYW l
X 8
llij
Slv=
SSS+
'fLWt
xzQy
-H(zD
System.Globalization.TextInfo
shfPVm7OO79sCPLQS5
" x+y
M?"~
t&s!G&
>Z<w~
B"kyG]m
nqrz
"'&s
w'(W
3 ,
!y _
K;t"w\
_43vvHGv
9V|
.R95G
CX In
X 8o
VUe+"
FSv\
BlnIB
L9[+
pe*b<
ccxN
Z /1
n[*j
&*|h
mYfC
bAN)(<
ul2v89v
bN%"g
:8&m
%_ #bch
?J d
(cZ~
u JeuC&Zo
Kyej
%1u"
E*MO
Replace
Efhsa
'L#_k
Sqrt
"]t7{p
eyvb E
2omu[&g
svOvW
zk zd
I/rvz
pgZ(
\^`j
B)Xn
6qPt"M
~fmLW
e9nTVH+K`e
*5!O
FGRTC
AM8rnPCILeG6Ub3mEut
vQ)T
"f?}
LMxGj
customCultureName m_nDataItem
sqao
BmIu!
-S[Y
=.>)
:KkkG
Shk
m|aK
*g,mCg
orO
; 8@
x<u(
#GUlD
"B 2
Pj.>BY]]_Zm
+em3
D($w
Bs7L
E^:-
iihm
huah,
V+ (o
52^@i
a}u\
":>W
1D.j
2@kb%82Q
textInfo
^q=[
pGOf
POIY
g+l/
\)fKg
~]R<
h(+E
;]ET
<`c@
u&'Z_
qY}K
u)v<.
Sd1Cy
} 1;}c
NHCQ
LZ )
(h]
+1I:A
MidpointRounding
gi4M.
yT >
J k.
LVS {
3vM2!
D,mc
lyr1irCg5ArHugeRMlT
ab`c
Marshal
vj3!
oV?1]
._DH
OP{m
] zK
8 l*sN'
w{@>=
fXxdcjshs
aVWjaLy7DF5WHe5csC
,bK
N~}B
7.R*
R0%n
(g
n$< Zd
Hc_(>
Jq5
currencyDecimalSeparator
,! #
os~q
L#H(
{iH8
dbLEP&
AssemblyCompanyAttribute
T+|h
q715s7
? 1
Rj<
F`!"
=%l]
{zdy]Z
553A
kl6|
)8{&
TpqbgNXBnveNiOU78Wc
7c/D
IYUhNNNMOOOKOOOK<<<6
z-Aw=
qI4j
z#+e
,iV{
T1\=TTX
l@r+
1!E#R
?6V'a
PADPADP
*z/[
YdFLeqVl5o4ZnXvek2
c,VN
VM8gQDCl5KXifDrHRC3
v3*bm
unTeaYCcPsWxuMOj48v
Aze\
8JGT
p X0
cS"na
w ^*
R .C
C @Y)
fQfE8Hvrs
iJh.
fj8YB
E2k2
W&\8
fc8i2kCVLpx5LUHYlhZ
*)/i+
~zO[
CSA]
:j*#
dA
_`~\
"]pA
zh'
~{W2
5rpn
yIEg24t3J
Type
kqg|
81}y
6 /"
/Ux }
.rkq
T'7t
]&_8
fcff
71v@d
!$%%
numberNegativePattern
dhJu
Kk?c
C5
\Gv.
: *j/
Xm1#{
"^0[
k'XKE
t_*M
'j(OW
>Ls|M
|!VW
&9nX3
u.4^
p7E%
ResolveType
kW<w
Y</J
*=Yhwtra
#q E
h>>V
_<6f
dX+A
dh5&
>%f_
mMUoB
.*%x
S G=
_x{5c
c,yc
!kcm
2;u
GetString
k%)z
"8JX
)9)
yfA
A#Gc
numInfo dateTimeInfo
#tZ7
uRs20itY6ajTXZwIVm
,nOL
tx+O
#9z:
rxF<_3
k9NZatmxfCnDFkiNVP
aV&R
HDva
q o!FN
.^(>M
rE4,
eN1v]
8N3]
Dzj`*T]R
hhm^83
Z9Wu
silhuCCh28bvJwsdM1S
GNi"W@p
^g)h"
e ]'
N *A`
QB Z
v"DD
gEDgPqXApOtUsTd6Gn1
9)
PdVn8qOcVJpaTmk9Vo
1-\Z%
VIZo
:!Lj
y k:
cdG
SKiD@^w
nZnh
{kK #}uX
T`? d
X 82
918NO
mU2UryeHJrQZJ8oEDA
8^mhh%
W-y}5
e&J.
X 8"
]+6
n "Q
&" OO
;* R;s
adHiSCCeeQuRVmee27V
|w&7
I\(0
G8+
o8pPFnXG2fxuRrP7pl8
X 8W
=hB5
S !cc
qg1x
pyf/
FFF3O_Y\[
:kIA
(^qY
b+ (/~c6
"K}5
3.]
jko@
lfR/
/Ni$
EsObJNTHi
H3Q'
5 fsU
n[|mZ
&p59
:gVD
06[<
sp!F@K
,7VHNb
$
?t7L
lll.xxxCxxxCwxxCg
AHw wZ
glnt
^Ur{
4&5:c
o$==
z7cVhrXO4hSrO24r1E7
-MCe
/E r<
WH/b
6,"^
8m5b
C qB
(.J^Y
0 x\!h
d:n}v

=R K
>"=s
%!;XQi%
numberDecimalDigits
_{qS7
~Fa;
<Eg^
L-P"
System.Globalization.SortVersion
pOL8
{Vt=O
percentNegativePattern
7?q?
=mZBN

W* E
CZ_x
System.Runtime.Versioning
(bE?
;abj ! )
9En7r
IconSize
[s{|
04`^E5
0#j
eVta
W+i{v
+|&!8
^G7*
`E$=
@,?(
HaL
>9kR1
v+ (o
r Uf
v+ (g
^YnO
WpH>
[[{+
ysr6K
Tp@o
.Rg
$$method0x6000039-1
4;Gc
?"[N
37s3
#Strings
v+ (=
v+ (/
Kd~o
v+ (%
vEw9
+ (Wjin
4Uet
[|rU
|jE8:
.Gj:
E|Io
qTJi61BIcG0WkQYJYP
G>$B
rtcf
=t|u
[2OMM
Pf &J
Je,w'
57ssqqqq
VAq&
S`s/
tEP4
0#j )
Cg`Pi
GetType
(hz
<[]
09b5
cExy
> (t
r 6w
v%<.
GX/^DV
EFFF
[6`m
+~<jg
K}Ye
lM)z
s v>X
Km@w
(>;pY
ltxIRkxLv9
C8+$
)Q +
+Z'i
.r2Z
? `4
6}H"
E;%
Qts\
e>@r
g)YL|'E
-wM&
iu y
\ys$
8h`n
ho[Q
rO+r
5j$F?P
!T R
r}pw
`,/R2,.6asJ
N:\"
8~i,
# 4%
Ps3
Iuj-F
QDMB
get_ManifestModule
]a-7
^H[+
xde05
b+ (^($C
/L-
~]\WF0
BitConverter
aC79
3K]y
4PK6
09~AkS
___jll
t8`t-
%0?{
$]~Y
+ (|s|S
k -
b(C
X]NJk
x>b%a+
#_iR
&caSBz
:0Bq
v[}Wsk
m]Z i!
;$VMh
Wn0'.43
Delegate
VVV"
S8PGZ
u?}z
& di
]Xd"
8ge/
Kig
get_Unicode
FUrHlaeKKbuWhUNx0J
^0]Ua}
*Rb m
na O
/ktnEV^
&IWR
%AlS
,.s{}
K5DB
?A/&
11}b
m$h>
hl3tohC6ZRYKGU5F8Jr
~ScAY
htMP43WCKVsWkpRbRh
j=r
3{>V
G;IK~u
8-~pq
2& $
)jkh
,0/3
2z,S
acbR
p$jQ
$uIF
Qof4Ldek5O4JAo890M
UiE=v
{UMjO
ensOM
`iP<
vh44A
!+1
zp-~p
~~em_7
ValueType
System.CodeDom.Compiler
UJKI
^6I/41
?6b6
!p98
J5A05
<o_|
EIYMhpiZS
p z<
T|MB3L
=+t
sc3b{
"S&H
&$$I
Hn-k
9cp:
il0I5WCr5n8JVbNjrLR
T/)8
Y1AQ
?2]H
bGV4`>
"f B
>xG[}
7dlaaX
E%-/p
240:
,D= t}z
Tg`U
Dz|Z
z/S2
E Sf-
&a0-wV,
ToString
d)t+
u~m$d
0rb1U
YpaGTmk9V
!888
=JR,T
~,xT
UKupJ2XmeLJp2sqvmpQ
^#Je`B
*l.o
h[^1
))?;
i&bYr
TIL bQ
2\{@
whu
R_Tq
7 ?#
System.Security.Cryptography
N@Pr
R 1X
&<8>Z
; Qp
/.S
}{A&
G, *
W46ifCT4ZQgSQcbFcO
peC)kMg
(jL+
ni7ITYXUPLe1nwwbUb1
_" +
L'n|
U4#
eFjj
WE,-\
\pu8q
.ctor
bLq#
VUgm
"B&I
I$6
bVs1WoIkv
r,tT
`rdm6XaW
9n=b
v4.0.30319
0"
`9/8
7 /1
=!lo
2=~
WJ\W
H$pm
$I[5
Module
.I-KF
0.] w4
5%==
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
3T~
ejmo
@.reloc
Ix`P
Wk*s
PtL]
_%|#
?4'.
u #>
heKf
G%v
)666
=]-xO
$6 ETz
Xi-<
3,dm
G"B^
lPc9cOpZq
bXgQoGXsmrMr4vP02t8
50 A
columnhardhappy
SE8g
D#UE*
kK~k
)/."
/ zz4
#<p
Q.b9
K ,
000{{s7041%2
iI8!
Iaw>
wX}+Z4
UE -
3wv2
h ZQnI
qqghlerLCbYWtTGiPi
cMeVgVCfbeXBWkqo5s0
ueTeThUde*,
m#,-
$ 3m
|1G)
RSS
</}<
VK%A
System.CodeDom.MemberAttributes
) 1#
7ra0P
FileStream
c NJ6u
tHG"
cU"z
'iul(
}hJ7]05
:'%
nx{K
"r)v
::z
^h;Nx
>W6?
>(F[
F%ln
,]bK
lpJ~
SfZels :
GZV0
U5]
zpaDsFC9FNp9ppVJo0r
A[A)
{07x
"Ufm~
2/(w*
q%#HFj
b[E)|
&#@t
-[PPD
hc0[)
[WnVr=
KO3=
O h
C(QG
(;4V
W$Q?
+ ( c
s\Xy
kriskbxyCWsoBFyRWV
v<BD
VrsvnZNTKfutnYDecm
early
Qx|
fl bsH
g 9~
A_5@
Cimmmmmm
PropertyInfo
O'ha
g63w
c/&wy-
,!$*
@W6$9#
} $JBA
`YrQ
8d0X
9w;A@
%nOB
&=b
sOSeoAXgq2HPRCCcSOI
hf25
QH%u
Sro \[k`>
P\(V
o9F]
ri[Bq
AP+[
~,(3I
]}r$
R W)UJ
: ib
{&_z@
4jk}
U'Wl2
ndpL
[.,*i
==?fc
4wk
K YbB
~t o
1tFU
B2I+
s"Ps
twFih
7%}p
JmuPccROpZqFrrLyA6
(-Bn]
DUytytCuLiZwacQmWIX
M_:f
H"F_
=Slz
8"Jx
currencyGroupSeparator
H6mIE214t3JSLXe88w
.NETFramework,Version=v4.0
ngdaka]]99
CqNF
value__
]5 6
h_ t
j$$u
NZf149Cpm8yxbW48n55
`iqm
j*8A[^^\\m
RYx=
Jf}\
gAMA
h9p]
GE7 N
6665
b+ (}t
]slYkKp}
AsyncCallback
E y8<4
YqoY'
.g&PIGUWGlN8
XMw1IB97q0rY0xWLxj
QKvf
fWlv
*TUV>
!|iX
k.lNYx
79sw{s
093[
_)bm
ceOwFgXOeiw9Ds9A4N
fVJ:@
#&;?-
_)b_
+ 9-ls
w/md
iJ ib
XJEEE///
,W^y
>wki
:Pkb{
tZ5*
V5`k
$f[|mx
_C6c
TO5<E
.Xi]h
m@ 6
NT&&^/
?\-k1
O:P(
b [ u
\|Ao
ge?8}
T6~2
Q=es
"j { }E
\\]#
@|iA<_gWfsQ
?cD*fQ
j5>.
]}WA
g"nG_#
OCuEroFyh8WeGnhsqa
s5f-y
F4LHGnXce4QhnTx3GUu
B,`4
SMME
OaQpawpE5lnTtesKHEa
lvz|
,rU'
3vjP
f~@'
IDATr^
y]#&|
/#n
e7jE
f$^;
p^qI=
2S?[Y
t\+:
@;*@4
k$R'1
L0&
P[~q
O>G3
P\im-)3
4.,0
w WAb Z
qxp;
h^xu
R_:s
jb0W
MHW
>dzb
2E"R
]]! 4
0c
+s.b
h(Pr
z-hNt5
mscoree.dll
^CW<
*???
File
3tEu
KT0qlvX9ma7294bH1Tv
Q^In
ucgwqbM6Vtc9S1LYSf
E8r7hp
(#*#Ji
, j
|]8|
}Jg:e
m$lK
&iE$L
Rj;K
QP~F
*roo
l@e2
\A?|?
WDm7eKCjhPCi2JTAmxI
pXgX
+3|
G6`t
HR s
{&xK
Js"vw
?{~;
Lt^2
^g_C
W>3
PhKDts
13X;/
J5o8tWaY0
.Zo
e~rX
6662
6663
M\TG
x.tY
GetManifestResourceStream
iY/16
~e/@
a ).
KBB%
:Qf6
b/ A%
cnH
wxj
Ba0coepZJhJay5DvFeK
j22H
r XP
dXpB3jUDS3CWdcHdhM
zC-O|c"#
f|Gx
<ec!7!J
~8DJ
RijndaelManaged
4|]y9
JLK ZZZ ]]] OOO DDD eee
*.*|#cSX
k6IIC4shaB
cjB4@
Ku\g
]td+
/"p (
m_useUserOverride
_K+e
0x]64'
1$?Q:
s{ j
9Z/\T_x
7lu!
6f'6
t:n*
U)`]
q2@?^
XDu,
< "G
[_QS
2`jt
DM72
~Sg]uUu
cHiqF43fynn8S2oNpd
1V #t
q0A;
$"%al
\e&U
IDAT
)Ye~0
U0= 3
IDAT*
a8
3oig
6ag
yv`*
O`W'n
ryi@S
BPI[s
%D/FY(
nC)r2
rj-,
IDAT[
5= &
IDATb
E>7B
nLa ^
IDATk
n-.048
IDATx
]lvWuVeeFdl
.Eb,nRs
]C~Q
lki{}NR}
X/GE
B,V
T!Rc
B!2
7 3e0
#3 :&S
sss!TTTLUUUNWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWPVWWSGHHYNkb
%5Bv
eNN]
AqimNsX1Hfo3jDEdxIK
e*csNSACN~}M|%
?}AT
4|l\Y
X 8>
S%]Q`
C<g
\s!~
z s1
u0+5
5eU.
1>>>
b/jn
P<l&
Y&d
#"bj *U
wV^\
ET%
ZH?W
x~CQf
Jr;z
oJ13
.wh?
+ (I]%Y
ca.K
V| S :
^[~[3
F"2#
@S;\D
Tv[qm
!_+L
L3_]
`f$&
Y b
GetName
R'9N
{1}Vg*/
@$M9
?[|O
ls&a
Z/Z_
X#lj
KP`c
lrTSQ
BD{8
r%<'
1q=G
wfMIRYR8tDJXSkGNsA
f+ (,c9J
5An1
itGopkpG6dWkGRhwbAe
uN2z
C~HjE
p\7] |
$$method0x600002a-1
$$method0x600002a-2
9MP/
:DOG
BO7#
oXE7
?<~#
KTTT
{7,N
{QJ@
4* v
l~cfz
uVuH
d,O
u%I|CE
ChtXa4Zli
S;/y-
HnZ46
WYR=
Fjt&
34Xe
^?x|
T[ZH
obDY)@
nbC:
;,3hj
KX\L&qy<
ryi}+
?Lwx
4'OZ
WE!A
Y<
=FpA
>)g#
'WI
9~Mr/
7z;~
.9Ln
=%]
4P6U
8JhD
sei5nrcmiSHFKwfngM
z]D|:
$+,>tEUmUwvOdz
sg_
]=p(
2;EO
IDAT
8Q"
97v\=
)_Bra;*
info
.h!0
~Gr)
Attribute
uH_$
EK={?,
K`Oc
vvvB
Gq3gr
2{ZH
lpk<
H0sFG
'l+a
}41%
ZtwE
A'H%
O_V'i
&u(o V
T///
H,Y&
4wu(
oO 1b>v{
3&t
L:m#
W) h
@ NI
3inR
tX{*
ih3V
'2'4-
kt<<
/KG?J.N
<xmE
[Z !
3>td
rhn\
`LG*Fn
vGcP8GVwoOUohS2y89
U Cx
^r m2
aN&"7
t&h#
C5j(
;,&,
XXX
ComVisibleAttribute
@AEIE2k
{)?.,
Pfx|
n3~c
5+b1
9gb1
44}U!
Yk*M
[ K y+\
A%G
"RMx$C
YR6`
{'o`&
Y%wn
;[dn
!yOB!
*ciU
*x~]
Z&g.
6;#D
-;M/
MQ6K*
"$hB
ZGs0DE
fKMk
c_cei
^ A Dop
[M}[
Vr f
SKkk}@
lc62
,|7]
zP1l
Qo)x
LKFIWaA9rV
MeMKja7LZ493rUVYV3
RRR
0'
"0ZZL
UybU
YHE)(
3nwb
}v~FG
Tz u
0,|cX\
tfs
@0 !
MOx?O
q~C7
7OOO
H)*q
.NET Framework 4
87s{w
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
fU=v
D-WU+9
YF|%
Nek#b
OXO>
; 1#
f <
07(;B
@r}@
=F8f4yH
BAW@
sSK,
6O,-
IlARRsCRT0xXO5d6vJe
YYY
Qd=N~Es m
U Fm
_ZSRa?
8O}5
;6 |
Sinh
2Ys
EXAp`u
!IKC@
- k
:>/M
+ (W|nd
G'NR
rR
RA[]
kc{5
KN*i7BC
KHF2Kwfng
{)aM
QBaonKCOQ2mYq7oTc7j
\$b C]N
Random
I7[T
.]60]
C+qd
>901U
>gjl
H]Sf
3FfF`
(r~`
~'T$J
oP3f
/j1G
k"&T0
; @
B(p[
Zt=N
W_R&
3#p"
q`
9@9o
0~_9
ue.^YG
+Z&[)yD!
3D!3
6GY0
]@B"w
PUdtVTCuykkGvra07x
Si1Z
$j70.
>&&&
AwhY
Exception
WBl*
>__jlll
k.KN
IDATx^T
T4Xq
0T]
IqTn
\Y]n
;(| D
K$x)A
',:v
dWwC:^8
}#. (8J
epu
y1as
X 8&
xyadKjB
pCc2vX
iJir61IcG
G|V8p|
WA\*
nj5d
._BH
FileAccess
aJrNLPnNC
k[y9Q
IDAT
NxD-3
ERS@k
\ 4
ol3$//
Math
k]=
UnmanagedFunctionPointerAttribute
r}G
a55p_M
'S{1
CFn"
@&%4
A1"%
__`
I #
&6]"z
*+=Q
N6/-
0EE0
LDjE
;,I9
D{6V
yz4j(C:a~
] xG
S&_o2
L@[q
#0CM
9STe
S Vv
)
Q@+7
<m_r{8On
:Akk?h
mb{QL
Im Gnl
R8RZ z(,
^z=nb i
7]QL
wWGxZtXbIBgu3USBV3P
`oA6
currencyGroupSizes
4q!#
set_Mode
]Ez3G
KJ7+W
>][ZX
DVQ
sU_l
`zdRZ
& p
^sQZ
AssemblyProductAttribute
Wp)O
+}l#n
[_="{
kRV=
gsm0
IjQRLIuZP
<Module>
{aeDH
& ^AQ
f5gQ
P#<1
g%Lw
MulticastDelegate
PBbqNg
/}]|
|cmW
sss{ssz
d"03
I (S
~0T~`
r|2G
ORNZoXXP29YGO7ypXEt
VGyyHLvkb
C!.)
{ sLC"
*# $
,FB>
XBF
Vn S
u{nHo
03sss
^99"et69
c"M
@`46
NBjd
sL@@
|!rmNVY
7LU
X:go
eiC2
QUZ4
~>(#
;&zi
7<n?
Nullable`1
>@hahkklllnn
{n&3
GetPublicKeyToken
)FNo
definitive
;t2u
EH9Wu
3<+0:
7df
3sss
+qtJ
SetValue
<Fr B
e+nS6
rq2MwbWy2MP92yLjj6
]<\
`A&p
}OgScIk
={2L
- 3%
;rm'7
V+ ( Q;]
C:7x
AS0h:
j$vf
N1v//c9/
J6DY2YCyLjiQoH2bLTI
7b|};W~(
)YeJV
lO g
s78v
Q1>plO
}yz8[a
9=AoO
JK
) X
mihm
,uM7W
HG#O
b+ (Xd
;[\f
HcWm
+E Pi.
g(UT}
@| `{
#Idy
k!Rmh
ya~J
j+ (t
^ieX^^^0
OIm4
j+ (c
9 )
S!0g7
#$$1
j+ (f
$(AhW
;p.C
j(j,
w'}P:
?q=n
JSn5
C=Xc'
iPZy8
I 8d
{ULnd
kIiQFQ0UvIy7umw0PJ
];M/L
kH0S
Sh<~
elO
1r.}
?_d
\qhG
o2Glk0XZadEIcYKxkdy
3>JT
eSB_
Q[$j
awU<
[4?%
WBn)
2N'dc
J@o
O|m{
8]*=
jZ SH
>+ (:
:{i.
7!]7?
)S%d
>Ku>
r52;25
>IKh
?dAdq
7pO+ry6
}J&D
yWlchHIIflEWI
q9&_y
`wTKm2
+ (sc
&92t8:93QRQ.YYY.[[[.TTT.LLL-DDD
?zb4
PI H
j8GJBqPZb
<:*b
g <,s
rHF/
^15Y
=zi2Qi"
2j+Q
Bl4lv/
j9'F
pY!b6
QC 7l=k0
B+ (0
O;](
M*B:}:
? Yd
CvqoSO7Qg
nMRRTNL<;m
v+ (x#-?
r ^<
GcOFEB
'#l+
pR69~i
W0~
x\l:
u7ucu[%
7aSW
jg\MK
i_N+8
2+?{
6!'b
j>,?[
EndInvoke
)NiZ
B]jmW
<MC{
vl.33
Oy&s1WD
tgOot
+ VxG
%& f'
>( Z
}?cS
`S|
j{s.~
"O P
j|?T
q\`.
yTuJ
74D6
f[`
mW|9
#4*fS
Jvv
!S!"
s@oD
?IF'
I9.j
hq-o
(55jU
/A|I
xWC0V
93m<m
BSe+xQ
c&@n7lw
.UH.
b -e
Pw\P?
Q.uB
m6GS
zb?h
.,Q](
o}~{
JcEm
%5aHg
m_listSeparator m_isReadOnly m_cultureName
kw u
xTVVi
iigw
#Blop
yPSVQTXYh3BYf0bYXH9
#Blob
)&'
fg"#=_

O008
swy{y
t)Ml
83 =
S>:'
4;J
+ (8pDk
v% e
V7)Y
r64HmrX0YonC23A8iv2
t.i-
iw$Q
SGz
|J(S
$$method0x6000007-1
#8/|G
ccc:
ccc8
F7ep]
%\ '
?^~|2
;+%
%/NFh6 q
-Buv?
XC.MQ
%!a}0V
'8!Osk
B+ ({h0M
WMN

3M2v
&
W+Lr
BZ2Q#1
cpL
7xl<oo
0`|w
rj6lGd6H8
bE_]
RSqqww}
%2UE
90:
JqY?]
4zABdP\!y
b4GA_
]%AjId
N66Y
S>b+
T ~p ~u
+Y
& *A
@0,'
9ZpG
q6XL
VBt +"0
$$method0x600005f-1
:?W<
xq>[
1S+M
_<"
2Rs
SWWC
yz>>
System.Globalization.Calendar
+Amw1
deHKGh|
Llcrb
%/&A
wy?txI
2442
j:ik
IconData
T xq
+???
T =9
BN_6
wvbwAQyihh7rPAbiQh
.xd"
Q<TW
wnBP
O]:K
fDO\M
$5a&
O<Q=
|`;e!5
>s?5Az
xKK
wKDu$
*a*l4
G8Z&
Z6BF'T
GJ/Q
]8^;
QQQ&
^cK,
jq h
height
(QB?
[):c
dw?Z
}Adft}Q
W 4S
]>Vc
T4dBwQ
Yq$1
MjSBmNX61WR7ZOnoGbS
IV(V
{w8x
%yx$
6">(>
$IL=
p95nX
@SK@
=g=:
X:Nu%P
^H e
36d39666-5ca8-45e0-9119-2a0233d3ce81
[~W d`
:DJY
6i(_
~FP}8d
Hd77NUBLDXKS5oROfg
z$.xm
"IIa|t
wNKF
FIoTUvWGb
X|)2
UInt16
K0JU
bGL
H?yEaZ^
ZO-@
dmnNCV
t.r3
FdO_
System.IO
WrapNonExceptionThrows
uBsr/
q( @
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo
=E{v
SJj q zH
u8Ja
^W_fHve
ansiCurrencySymbol nanSymbol
W/\`~
+Zx$m
ndcpdQCiCgR7Mw3C72x
9>i2
>.O&
$9fZM
\ fu
qbIH
C Vh@
!}P{x
'MN(
c Oj#
&AKB
%kK#
G***
.Xh]d_
#<\7K&]"
;8YY
$ 6EA
\4t^=
>#i w
gb1ViO
}9k)
[E{)
bQg~
~0:k
?WX=
P^09M
|C12!
z1Cxqe8q2
X_nnwz
B6AxWq
Reverse
y'lG~
7.\[
[KFK P)
0Bc
JdeW
^-JYz!
(N_D
T1R=c0
k~ViC
ysbE
X
di6 3
2r0F
IF}cH
hR1M
>+[P
JI;{>
,08Q
2?<]'
;G}e
bKtghoCPFImYlH1WOc8
J1mF/@o1
XR
#QU'
=SQqWP>Sp
, F"
B&$ibsKr
{+J )
System.Diagnostics
;m9Nr
MN0}l
#<~6d
N:J+
FTTT
Iv)
|V;K\
f+ (Eo /
kwi~
]>fV
'7<bA
A5MPv
wn ^`~
.qr6K
}s]B
(g(a
ev\WbG
"j5L9
,Dy"
<N"0
MidgX0CvE0D6JrLv0ov
CompilerResults
8 sC
[6 0
|X|sn
MX^Yf
xgJTTZpvHQHGecReSkR
N>n8
ifNc3GCYft1HX42fS7Q
get_UTF8
jkxS3sCHYT2j9w768fj
M /"
!?#|
Gdl:d
VP:&
b <[
pCN
R+++
H?|=
72@<
a2ps
W{#
r[4b[
; \<k
EIrs
M=~
;W_c
)reX
Upa
*1ia
>Xq
4a W^Mg 7k
MI2,
#%2,,=cc==,;4,o
JuMLtIdoUvWGbn1Cqe
Su (
;nZ|Z
*|*[
-xL7
nll___
KNZ-
ut-m
hCJ4ikbiB
f7Vx
,QEu
y {0
OF5muHgsF
D666
>+9H1
3X&I%
BF t
M=3U
"IlLn
LR$b
IUd[
D1pN&^
hRa{w
OaK&
t18n
vlw/'$
{iZn
Uo4h
YQhifPVmO
E&)[
;hj=6
!<3Uu
2ckgO
!hZ
s9%6
cIPP
E@a.
Mh(1,
,l7pJ
{ m
a4>O"
Trim
[Q7|k
System.Runtime.Remoting
9nAA
N~LBH
>P_J<
c1Fj
GY?yx
) !
qeS_
#:(
- #
lP\*
:V*P
z1r]
^-+P
KKK
S)7wC
OucO4ZCqvYGDbQKPghh
mBF~G
;>Q}p
oi^}
w/j0z
UInt32
5m`ujpbx
gt}j
utHF
TM;X
3.&'
<pe;
>b)/'
1!(Pi
#3CT{u
N h0$
, 0#
$S+X6O~M
76^^
? (
ICryptoTransform
gGg.
AssemblyTitleAttribute
<b $
h ]U
AssemblyDelaySignAttribute
O?^i
`nx .
`*]w
muMK
v kt
rC;6
=703
NbC;
vrr-
/S7w
j.}[
(^+#)
0v20
6Lm8>0
MemberInfo
Qqdl
Q-#E\
Sax@
/U9
dKK ~
>O@u
[Eu*
^sK,
yv9hHmbbwgp7KJ57vr
{b"P
@cbi
['RY
Int64
cYWD
currencySymbol
>]_hllkllnll
zl#`E
AoEkv[
=0(4$>
\ NK
Pk`u=
?X|6
+@`
^l3<f
;ZP`
Z-r`O
uI@X
/ 6
=q6N1^
,lzs
q%?'
OcxrtnvIyho9naVdBa
qqw77
[t'_
RR4b~
~Xl]
/_CU
FKLnz
I$8xw
$#_'L
KXN5
kOwbx
FrameworkDisplayName
5iUUb
yM*0
W ??
gAfz
RCF U
_d`q
8? |
6A;]
Z;td
4*t!
kVLDs4lIA
*GXs
?Y@/
LICEtYCz8KggMQZy7I4
get_Chars
(999
CryptoStreamMode
.gC
currencyNegativePattern
{05.
l'EK
L6jXl03xRACgaR91ZK
#zSn$
Q* 2J
^3'
V>$Q
[<LC
QcS]
CT3\&
Bo)I
GDkr
>
uqbGd5mP9mkH8jMrvZ
6{b1
H?~w
Ns<w
0E//
:A!h J
9P#2f
Ji2q
)C j
^<,$
34Z:>
juPR
'vNbf
_PKK
AV6 z
0E/W
7. p o
zfjaCDCk6RhuxPo2mmH
@=%H
Cz<T
PE+V
d q6$
{%JB
95~VN
rrry
c?E8
fg8|
A>zW
6!K4
0-v?F
m% 6
System.Drawing.Size
TkFkdcKj
?b]&T@:
xvT~
Z08Q
ykmID6SCVB
kpv>o
U5Ol
73777377:
P+zbD
1_:
gN@3gn
hZ`W
qDAZVeNi0
Dh_P
H;*L)
BI M
(-8d
GX/^b55K~
}&s )
/[(n
Tvs]
J\8[
{_c?a
{bX)
1% j
:#V"
R`Cj>
UK26_E
-u~w E
CGNq
@`}
(x\
rM(s
i<9FD"
OJ34PfCXL7rSuO6iV1y
sEa=
H!u6+
Qdnq
s73S535
R3-{ (M
b+ (XfJd
xTNf
6 \G
&Z+n
4M5O
srBYdBXz8BSoFtA5tYh
awd{0Q
bC,z
3z+{
Zk 5/Fj
oOR=
e]Ibk'`
m_useUserOverride m_isInvariant
gJr},
F\n2])
{kN_
wGKF
Q 96Ai2
I6G@`
C8Kj
^i!]
.81\
K`T5z
RP Pm
Hc8'
`g"]
bK{ A
')k0
!.u29
Assembly
TA]$
W@=#
_AP0aK
AssemblyCopyrightAttribute
Lb|:
s3y3snXi9Zmfvb5BELX
zd- b4|.@
g]J9I
q~d/lw@*
,m;
}T[ds
$ vv]
NgU:
\t3
;JK8v
6qlQ}
>=5-
6heM
}|Xa!|
8k!7
cE&
`F@[1
Rs
4)O@$
ST]_A
=r$}
LV7CYEXk0OfuC0IWDHD
z7DeyvKUpKarTdnV.SDK.exe
$[%O
,$aV
X-upl
4[Z
~q;
(/.
`<2:0
z}F$Qg
YhYb
D$3CY
S6eZ
Gge*
r /
!8fCN
EZj&G;
Rl:9
- 86
8jG0
\.<K
R rj
8{fYt
z7DeyvKUpKarTdnV.SDK.g.resources
a#sE
TIl}LE
.cctor
7*)/
V)y7\-
p8Y*.
U>ab,%
IiboI1
GetMethod
>xEmg6
#7^+P:
set_IncludeDebugInformation
o.R@J
%*p4~
%0q+
lBw1
RSACryptoServiceProvider
{dah
!?Zr-0
System.Reflection
KehZ
~< 8
j15vG
*/_{
pN^A
OP]1#
%myNKe
nuGr
Yj5anRCdCMPA9DKVI85
"K>T-m
E9)\/
tC,2
qvwtjMLExMfJbbVy7d
pu909s
086pQVDXaVrLoBJfUs.gStHs3XeVpyN1Va5yn
}R!O
|3 ,8
'76
Z^eQ
$S:
kXH~
LLL&
C<=c
AssemblyDescriptionAttribute
n'((
PO4CNcDxud4ZNwDAl9
gJRiC3kWvg9eD22lD8
m"L4
d )|
wcGv
b+ (({N.
o4CVNcxud
6_8c0
ue@-
_Lu2
lm\! "b
U), ,
)B=7/
5hYr
ptqU
GdRT
X4NW*Z
nkihiCiCCCCCC@
z-85
o "eEv
~XOW
al=`G
93;M*7
e2X2sw
V'f#Q
} Gv#.IV$
Yy71IbCrVSoXjQLIuZ
7,>$
f[ L
pHd m
abLokL882rexfCJLT3
}zf8
MF3>
"cX=|
& >
"*"
FS#(y
84v KDB
_Vkj
PQPm+
B[WP
Rxn2
k,^~a
F4P\
ir81vjCMUSRZpqLbMUd
:$TU
vL.z
Z{Og
!@ J
]U$D
RHoQs
D"r{4z-
Tk5Dx6CwDa487hMvEEW
B%x1
.!rU^[
Mq()
xD?-
M#dg
III
AKEhu1XoM5YtiKTRxNB
|EMvy
a,[2
K=r
Tvm7Zlp2A1MZK9hhRXU
UUU'
UUU&
>c{\D
0x]5
7Rbi
C\.L
|Sw~
A Sb
wSGhY
1I Z
0 ?1M
8.%:
P]*.c
JEs%z?
Eg7CewCN4cJE6tujM8i
WoXW J
R,Q7
r] u
0<("\t
::O`
X%`1
Og~N$B]
[iil
$+) %*)
9K})5
fSXy
?=bl
o[?|
bN5Q5
Y8OZOWXJsK8Qw4M2Lg5
26$S
_ ?;
5Y]j9
^GH7
s16P
3ss77
ghZ M
ua ,{Cd
:+0np
n5IwJAJNyL7kCVykui
2ZGt
\LON
FU&jo+\
hxE*
BWMBTASSHkn60yjr4x
7* +
* Ee
j;6{
4S^]JWueuAA
\5;2
V+ (<
<Y$(
2d D
L>}
P+[8n
a%T-
djCSz
4+g"
/Hsrv
T!DX
]^ A!
?`3-6
l[aM
zmY
sk$K-
V+ (~
;e@e#4
:<yj
V+ (t
o_fDhm
V+ (p
VzI
LQ_Q
EaZm
V+ (b
7K(<
U@j+
MlHgS(aKyFG
V+ (O
npxh"[
_vO;
KvXUKoWPcs9ZG6FxEt
_ex
-#n%z9b
kI9IP
}=)M
;vKo
i/ T
%G&^2
xI~o
NInR
_C&5
?%n])
v+ ()mI?
%[EA
xCisOqqRr
u"!%
f=9'6_ @
9!T@
991u
nl) )mi
\{ZsJ
B3v
4kx+
x~S&n
sR2QDSKgAtLdcJgFXj
IO@ RE
E9> [T R
^67V
hWkqQYJYP
S13IVWmB8B
c ^ble
nx<Y
s[8iJ
3A +Y-
VB$=J
444-
4441
L%ha
()X^
0vRy
} 3 !"
-+%l-
@+!4
PD4cyI
a! 1oB2S
gY/]
-94}
D '`
T Uw0
g rk
LrC~T
( )es`
-(#c
<HJ
Copy
.@H{
&]{w{
i|s0
IP/g
^B@Jb
5gpu
w/Uy
yW.k
|#.a
h:4w
f1HsZACnIBAVAk1ywET
d{}W
flags
!FwL
a2Sd@
?' ?d
]G?B
ZEcO
y,Krs
Kf$$/
get_ReferencedAssemblies
mCuM
6lX1
YCz$
yRZ1
5cP|Wx
bi$i
n6bHWDp4Q15xhstVKyn
?;Qs
yssSSS
^7 l
mdSC_
Q###
{fQ^
0 0
h/!ydp
^X~=AP
yt D'
G*CL
FieldInfo
9vnK_
2&3.
#70d(r
3NC^
M*l)R
owwp/
.\W%
`b1T6
"oCWT?
ii]bH
{R@
-L^}O
16=: kon
7~Mw
! wR
NlZFmNEARdKfp5apcs
~i<?m1h
(fkR
'bj9S
61l#
4Z]|
.DM*K_
ri"o
Ha [
H pE
]W8g
Ln1RC
anxI&
\@;v
bl4FCpX3tufBEgELeQx
{UEg
DebuggableAttribute
pa+A
#,-JM)4$7
R<&Py
B+ (`giF
GqU|
Z{fn|
]U3C
7qFnby
n(ug
7DV@
*?oS
f+ (pt>/
lZzq:f
l(\X3
eqOq
ZCl)
m9?\
=c~^
H6])
CSi^
O'/e
xB.lg
>LC'1
b+ (2@v0
F5G"[
sSXR
dXbQB
P@{]
-???
GP
{~db
HNvlIr
<CDI
s.F'
*Z )
AssemblyConfigurationAttribute
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
)~3'
e|~qR
EEE
pn9
kw)
8q^P
fr}bU
Hashtable
y8rrE
'@IklnotwmG@
45_]Y
'i]O
pSi0
Cdo2J%
%BCY\
9n~;
P(w1W
l"'LdK&Wi
zn~x
QpJ0c
ufm8GYCttUfnrXCqXj5
Hnb]
pgl
a $#
( aO
V7ta
vTE'X
$Cg(5
Iwh;
PPUAAE2CTFUIP3ZemJ
x#6
{<|g7
0 E`
Z[{
anv}r
-579:7,m
!RX,Yva
SFU4mbT3GMret7THonf
Pku/
t+mT
x=nzBn"
^mDl
Pd2sE!
/C<V
9/)y
7WG-
P S<
EOOO
6r(&
!Pt,
t0U_1
RmvD
AlY wZnW
r!`<
T J
c"5L
f*<X4
^qYM5
RF&g
vyb6I5ueq
NXg~
#'\
Vx5'
zcKSusFn
hl n
mL!K.
QZ^&
CryptoConfig
h1KrW
Cx2_d
~ut[m
GQkA-
qfH`
|-O"
U7?[b
B&Ha
o`ku
73h3
s}7Q}
q^{q@(r='|
U5m
Z9xY
Il=B w
z`Ug
ow2d0
RsTTBA
urgJjJC8YVwuktTeMlu
gdZ9Z9]9997
b+ (
erJ0DyXf4LXrr0Wio7c
fv^ CyE
'&(X
4f~A
R(Lp
Mw0F
#X_s
nUQQM
5uj J
bym7
?22fd6??c=;6c;^|
ar~Q
Rc|
IL?:
jcjshslVJmmfxLukc2
<;3E
J`*R
beB{
;Zk
Au) A
99|c
^atD,l
F,f1
BRm7EUHiq
;2Z[,y]
0_B)
&( `m
U, s
P nG
d`42
$c7B
CO1L>8
5{dR
bG:A
F1:d
u8Yr{
~vN;+
=Rqn(>
C:'*)[P
\x8=o
V+ (EI
2233:
3h`f
>a}lk>
7=knT
SymmetricAlgorithm
\}%9!
Wwhg
VX!?s
j54dw
L2#15{
c6;}
O>-3a
F;
H v+`]]/
gG~h
#`^^
9 *
hX3tQapVLs4lIANiLx
ADsh
/(py
Woik
f}KX
md_K1/
orxr
set_Position
$cU>;
qrvz
ZQT]
*1Dz
"G&B
1AUb
^S=b
^guX
@aEk}k@z
+':5
]j/!
J*|h2
79jN
n[ps
A%R$
XNK
~M
>Wed
H,6}
Hm" :
KMWYJ5
'ku\
:8!1
qK`Z
o%4
R;5otz$
T nU0q@
]|V<l^
{B[]
AmD
!|*s
oVGh
W5XLV
Pm"k
;-;{
sx{x
[qas(
Vv{
<d5UJ
7_]R
z7DeyvKUpKarTdnV.SDK
]ug#fOB
b+ (C(RH
f`aX
o"0{;
AW T
K//.
Exists
ave.FS
779{s773
Hn&f~*
SP+ 2cp
o0#L}x
17 W
[7)fSd
f4)Fg
I<f0
<+ o%
?,]/u
AqmL
cC;
#)"#
J"=38
ComputeHash
4 1(
6mm#
0#1'
dS <
y#Qj
v8w(
+2#:1
Cz
./&H
f@qt
cGGY]
@<_f
:akz
`Pv@
<3SU
\ v"
4,$4:
qg6u
I#:n
}(B<
e@f*
???eNOOPTTTOWWWOWWWOUUUORRRN777)[[[
\ SR O
S\b$s
v1Y6`v
[[fpbc
LkS!
iN~P^
3>@k:
b2[,
*Ll[
)>>>
YK/q
t2Kr<_
+EVw)b
Xg;gi
c#N_
=.
=.
xlYN
b+ (QM.0
4}8?
[[[
bYl2
calendar m_dataItem cultureID
r+ (?
ou8KRiCF5vkcPpCQ1h0
+e,+
__StaticArrayInitTypeSize=256
N{,5M|M
&c]%
e_G~X
8fx G
StringCollection
8vf5,oN1
y19g
r+ (k
r+ (n
QDPfq
PXE(:
hX
Pe6IxLbemY
+rzD
r+ (Y
c13KoxwPYjIFokhMak
r+ (N
SeCt
-wmo ~
VX L
&8>
:,M*
6\Z\$
???y???s???n???l???k???k???k???k???k???k???k???k???k???k???k???k???j
k$.,.
u#p`
NxTo2
h^ ))
'gD'/G
F
F
,@u%a!
NJ5r
0$E(
LVsy
zZxd
PQy'l
d#gC
Next
*>;h
sOfH
#48L
p')N
.e
C?uC
&wy/
(n)BN
<24x
AT}>
WriteLine
VnP!
Z`\e
zyBEQ
3xs<zB
CaE2W8SkfajgytnTie
gNN(Jmk7
scmgF5uuHgsFUA9ohe
k$5%K
PI?.
CC $
QNx!K
5hU
yt|'Rd
6WWYY]]]]SHFE0/.
YGA\Rd
Td>~
":FB
'/,
6$5VD
ObjectHandle
9O X
]jr~
0 Nw
6[FC
^e8
tsqEQ
]@ny D
OC '
9f2\
t(z6#
GX?<
yyE#
-T]a
M"|P
7P)h
Ka7<OX
\hnS
.]60
2+v}
=^.G
{t+V
XBg%
A7,[
P7?,
V%d&"
.4M#onP-X
q(Eq
%|Jw
WWW
/)U.
^Ih0
RuntimeFieldHandle
V+ (s%3^
3WgSV
I?&bUu
v+ (
gTx]
33)
F/wk
qsw77878877
Vgqh
kf L
ep2)
?0(+
UYS0
?'W 7
+ (FTXY
uQS69CigmVYJ0wCWbi
m2P\O
v1IubrVSo
__StaticArrayInitTypeSize=40
m_useUserOverride m_win32LangID
-0SM
$AX(
,`3-
EwW?
AxEWAtZcS1ElQl7Tce
I 7X;~
tVSr
gJ8IlZQH7n
<PrivateImplementationDetails>{0F1F349A-BA54-4C96-B9BC-557DE1B0C9CB}
!?RJ
5X%4
nativeSizeOfCode
ZRcF
,[(q
qHJ{
eZvP
- 5oNx
Ng V
x.{y6
u[\/q5
&! "|]
.V82X
BM0rYNuhPuD9AKiNvR
jAI`=
o5Me
|M+o]
FromBase64String
yE&-u3
AssemblyTrademarkAttribute
M:%0
Yr:N`m
bmM`Y
NG6ITROHja
6yS0
Eb;
ayRaIs
srlK
nyt
3{.
U5NQBwqrx
vUFW+
5'{ )
~CO6
;#&+
h9 }
"y%O
%^VndM]~l-
y1ty0
?(!0qZ
L]_Bi
?f%o
HJ{^
J[[F
P\e*Sf5
E]MmX
_QU
qF4IAcBUe0
FG/\
qE9X1nCBDEwmAELa7Yk
l7[[
lsg8
&T&8
V8W5P3Ogp7stQBO0uA
yzex_A<D
xBna
cf }
syajTYC5i4SAsfweBwI
\|7,#^M\
sFmG
- 8j
Gep
Ku
\>Cr
~JIxU
'^sX<H
?*E
CreateDelegate
GzPF
Fng6yHX8mTqwiRcygdK
9O8v?
RMY[
AI\C'
U*S3
zsQ[kkNfm
99c8
< |kQGL
fl:.
j8LXU3
"t ^o6
tEt">g
cA9noheom
Y&t\]
pTdf
#7767
"~"_
;f3^LE
P@r )"0
N~4VO6q
v{KE
|jN0'
Rz/o
2D)V
ImC>
t_ ny
NO.j
'Bw]
)k?^D!Q
J@6 ~H
Convert
6G'4
FlagsAttribute
T,?X
k}iE{
bd.^*
n 0@(P
NJrLQZJ8o
S///
2\;? Y
]x
:*
N+f.
o[*6
RuntimeTypeHandle
f[=,3
U=uS
W=%
=k<h
Ge'|
0:~a
Y9!{
TgckvbCKCFyk54pv6pM
$Sh
WUHi"sM
Y]98!
CO3LjdXlHvk7ae71tmp
"kPz
T,=
nIYE
-Infinity
gHyfGuXWkNMOkPBxR3t
PD
<I9e
G|/?
nW>q
r=>?
IAsyncResult
r'yn
Y9'=Z
{Z@^
98D}c+
W8n+
N"#E
HH`
X7%
bJ|+
" 6'O )
o79YsCPLQ
b|rk
B+ (h8k`
7BHOD
)elI
SuYB
p a9.
XxEtz\DX
Gu=fW
#7u
k77qd
lllv
dZm:
y',D
GetBytes
]Aen
"6 T
Xwbay2MP9
T/F]
bB%//5*d
FFL&
^t9h
!---
(<V7
6Gf=5
I}+
Write
PW8v
@/X&
uUQv
CJTr
TWmcKTsplnAiUuRS4x
,8^ z
p<t$
92V!
kT'{
F59+
Wrozm
sYxd
1ss7
4Q'I
<xy\
-!
uW{y
yp#KG
I_/5
q/^]7
# 5&
H$j
ui6al
'^#b
H[n3
Console
#VSD
/&g9
7777;{z
1gq *
[^!6P
HFd8
p o<
5jbZ
1q2O
0#pb;j
__StaticArrayInitTypeSize=64
P/\y
%PYk&
YaE>
!{>t
o*fa
(Qtv
U Qt
$+Q8
7q;/
($
F6"%
VVU1
u=n
Microsoft.CSharp
System.Drawing.Icon
7X{2p
~5fc}
LD1jN
|aSF
&A(ON51
l!%4r
CreateInstance
<t:%
h\`
System.Collections
set_UseMachineKeyStore
8n.O
xR"
d]D@
~?S6g
Environment
[;zY
VTAxE*
N<m{}
currencyPositivePattern
I67u
<-N(
digitSubstitution isReadOnly
[MQb
>?OA*
get_EntryPoint
=A&3D
8/Ow.
:X Ru
`i{e[
z"D=
sM.)
-$pS
28}|
$J!_
9}$]a
7b%+^
S7@Q
<` Q
d2F; sm
hRL/
Vkns
aA9S
qva"
" 0#
0}T3
+Wd),!
Activator
]RkVeb
Wy<7m
u6HH+h
$L'HZ%"
!k\&
v27
iO(,
InAV
Double
%GF4
;dM U
hd->
WaLkntJbSgwBSdjt2e
6.<2
MD5CryptoServiceProvider
ND59#f~
get_BaseStream
G~%xeQ6
6i,B*\
,tUt\`
?s-Wg@
K\MC>
rC}/
($"
)243
81n`
*"-)
Urk'
.q`|
~WiC
M=pp
1~te
System.Runtime.InteropServices
v#ic7
+7 c
W#~.&
<qg`
adfy
*B.f
System.Core
2m38
UO&@
LRK7
vlmX
^'wxT|
6X(7
|8tq^
AssemblyName
AtZxm
!xU|
NEax
,\N,
+1/M7xz`
un@<
0zw4
L[kC
FiFyOvCxrmask6lnqfe
_?p@m
4[+z&,
yl*}
Vqd
?qlv
Enum
/8kt
(PQ<}
=#",
&B i
EEFF
6xwi
-0-S
;zzL
_q&=
get_Length
perMilleSymbol nativeDigits m_dataItem
46vu
uy19
EP +-
eb6lYhXCP8IrcJJpaFk
>16>
TuG7cAXnOfaKWAjLQZy
0O?2
;z yc
RUf8.(
r+ (L->H
h16%
G__N
f_`X
o&w/<H #
2222
2221
_Wrt
YN{R
b7gr
Ov06
~1
@X X
! /"
validForParseAsCurrency
I\}%o
e3@Q+
]AkH
U82
nlkh_]>
bRd\xB
t{h[
`{uI=vEW
'7D:b
[e=1
SuppressIldasmAttribute
O;p 2&@
)^a7E@
ae%A&m
W=5
K |5
4vIl]
i'a_
TpgA>y
&`p5
o:@r
$|~~
AgB]e
~X-u

Kw1eMFQxPHoQ6dg1hB
,dkX
`E{G
.rsrc
gfHXs
e3#y
Hgbu$
f+ (.
f+ (,
Rg3
f+ ()
Unwrap
f+ ($
f+ (6
f+ (4
HmTSGRmGO
I~&V
g8@"
bD:
s9{H
f+ (j
5X!>
f+ (h
=J<#j
aT V
] :
f+ (c
w~n&:
mE-(L
fmy'8&4
f+ (z
qiyv
f+ (v
<q"q(
i+Aq. >^
;9sQ
P:j
$fiLYv
So1
\rMwQu
t,eXz
rK;7
+l1h#
0$ &
EKk
W| v
^ O g
W"X
-;h 2
pHYs
z_67|
q'$|2 $
b+ (*
6OF
/O
b+ (,
@6P!vm
SKil
}c:J
qe>2
=APt
p\g^gW
b+ (b
b+ (f
2BCpG!
b+ (h
~,\S
+ /
b+ (q
b+ (w
UrrjLyA6c
L'<
D C_
\\bs
1*<]
b+ (|
8~6x
7 P
0N7,
b+ (R
I]y~y~
,)Vs
0!^[;7ND
j3F3vZ
[. ql
DaqY!
JLXPe88w8
:YUs
WY.X
&x?sG
Se$!Og
sWiz
Byte
NInLxI1JDNqgE4Jddb
7Z|+(ckA
vVxi
LD$Y8
1U++
"kni
get_MetadataToken
J!j 4
CP.=
F3X)P
=ZIO
7[T*
%)+.f
?Mi/
JSP
@]mc
W@A
TP5N
Gevj
7U%F
numberGroupSeparator
5"}b
gOb\
+%pP
comp
fi7c
gUIg
r=Tb
I5k<
<=&!R_V
!K~sy
zC/o"
8Fb'2
.3D6
O"%U
V///
e29[
9sIP
T f
x]s*
.i!(x
8bl9@
;7nQEc|zfF
/L.hI
aO8HueSw6
GetFields
=nY
>|"c
Z3Ij
shA%
esHF .
}!\2
}NN8/
e^i^
usE1
{=3_s
mUJ+1x
`Js"
N}$6
,%MZ
Io]a
Void
^==JB
v#k
m_name win32LCID
IIcm7GqWV2WKlpg9xJ
s[ )%3
}y ;
6;M.
3U$Q
cuN0

v\oV
zK%t
z,-v
m] dT
Y0E%
gf&]
5|A:
B
#c7
?0 #
B7-J-!
ufrdC=
0%CL
*;Gv
]yh
hMKM
Ep.K
2%=+
c{1i
[,6
-q~+
I.X$U
b dl
KlJaHuXxeEs2pblsgdj
yRhn
puBg
(v<#
piVx8yCYT9YhsOKqlx
?~r
w\_&C\l
%E d
X
KXs
wYDsPJCoV8C7Ds82Tnx
IJ@"/#a
8Mv-y
OYV
,gc-D C
:%L ;
+x]V
ism "
]QI}
V5<b
}k)L
-0Wm3
wxqpSCEAJrLPnNCfht.cyYsglkcGsOJNTHipo+k4Zlif8vqSO7QgNmTG+nmGOLGQyHLvkbvCiOq`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
CodeDomProvider
ReadBytes
-RP-O|A
]QCUn
}Fr=
xD/
p9
yJ'HjJ
classthis
D&^4
OhMQ
2xt6u-3e
,K,[
Infinity
{zMAz
LNC4=
b5k;
ah3WEWILLa3EPowUGw
H0% r+P
d999
A_<')
jtc
#}|/G&S
g-lV
ef
xP7m4CXjiEpwnqU2FqT
k3EmjJCJwuHTm0xjJ8u
V5JNscnmspAZRVnaBS
8+
P)B{
`2F'
V%iry9
FLJ
*V+ (
wmISQLuxk9gNVa4lA9
x)3kr
D4 (
5'&'
2UC1
/-Oy
x 1v
0q{6
FJ\<
MIby
111 222 222 222 222 222 222 222 222 222 222 222 222 222 ... ''' ***
]1<C
Ceiling
SortedList
vfV;
\;[
<1Cg3
^A Q
Zoy
+Y A
TQTSWVcipWHRARFafl
$.P B
D>Q.\b
F4aZ
gA)2
+ (L#
8.r\
m /Vu
~j lq
`H~)
n6]
7,p
Eew2FPPStb2edQbt5o
p;Um
5 B%
Wr%S
bT8bg
Zc|/&P
>}yh
['?c
*!{C
mI[G#
* -
>}y}
'fHO.
$ ^i
4X+7
t;4?
KTz7
keM:
s&zK5
.D f< !)
rsG4JNXdHZFLkW5F1vY
&cEH
Append
KF"G
?;]I
Fjlx"g
["m}
#xQ+r;
Kgyho?
/O.1
iKj1tUBoUar5Op5YhZ
)15
-qcm
7DGX
+jH.o
${$'
9; )U^
*Aw#f
d{ ~!
ReadLine
N:d%
|Xv+yM
!S<
WOrG0NOnqu2BUl6kuK
Mj+a
|g "1
GI5ueqxUVsWoIkvb5U
D=&?|
9F;-
da c
get_Message
callback
]*|_
.&jN
s4z|yli
gi$X
b T;585r
*B+ (X]O.
043w
_|v K4
>d^y
rikt
K*U"
set_GenerateInMemory
#%~fi
yT|R
'omf?
&AGLLlkkLG8"
kxqiDCCaENIRXb3md4E
a;0o,
*j+ (#
(/ypJ
3{&A
[J8/
BSJB
~>F9
0iyLZ
% W=d
[_hn
pX{@
p$Bj
%%%@
f+ (ho17
! 3
3||s
*j+ (r
'RS'
IntPtr
m)sH
} l|
o74{5On)&
+ (06RK
wE@
0 sd
958b
A0?:
Y?A7s
HQr!
}.[k
faaWdL
$ek5+-
ResolveMethod
."B
/ue
8`US
KJD1rWpCNc1mQl0urYH
k@uZ
qGDo
`.kO0
QL7H
a&*s
'" K
#[{v9Sn
#!q~
UJ#4
;CPZ
0$=7
qN=F|
=ZB86
:#97
RRrDCJ6ikbiBAO8ueS
Yc-
XwqT
2O&?
1B|#P
s^<{
3 .Mm
b3:j
j;+J
;!j+
tHH"
N]uo,
~zsb
^Y[U(
qo8IG
4-:q
MPn,p
!t/"
vtZU
6$$$
Atan
ft,T
9P4
l!d
6? r
h9355ZXK7gYyXMefd3i
~+ ((
\(W+
R3wfFLCbdJo2UBndZca
VVi{P
&&&1
Hdjx6FCm7nCeUwwaBC3
Wg0u
nUtyBwC2HU70jIvbj7i
qEE4sDQoHYqPx34koa
y d%^
uuV4:
`foG
IEND
0\/f
+ .!
J[KXPLVUFvD
bH O
3}%o
,RA~
su7u7
s @
N^RKynZ
-@p3S
P 'p*>
cA&&8*
t}%T^
-0cF
qwyw{w
gPTl
;TSn
lBD
DX?`
qf|\
BqMysbX2hIbLQWknZRu
~d;\
L </
CSharpCodeProvider
StringBuilder
~d;(
E<mB
8/r\
$mSB
G{V9
L(_
(L 0
CompilerGeneratedAttribute
nLhIO0uCkB
FC;L
TTT \\\ ]]] ]]] ]]] ]]] ]]] ]]] ]]] ]]] ]]] ]]] \\\ Z[Z
He]b
ZzK~/
pGx)
c8i*
_3b]
tDVv
0rx2
irAdv3
Z.08s
WX^_
4h|3
rs-^
[\*DZ5
-rilX}
System.Globalization.CompareInfo
#---
WOx&
a{jF|
."
oms8
%8Y2
H`(-
QTxM
H7jv3sC36xxcXWdA6IG
$Ub{
)d{A
9>AWy
;N@M
R;LF
a4^]
BQ?V=
*1. bZ
G',r
G4!>"F
xoT|
BinaryReader
5#SG
;II"l
EUUU
2DbgA:
"""@
String
YrK[64
ZTf;bo
gtu3QK
D3V(
h)u!
:xZ5
V]R)
M|^+
Lr;d
o2NA20XFOWfr5ZxsVRS
InitializeArray
drX
szCb5
/L+"Wj
t"Hy
3&
3[6g
3[6a
;Tk2
&RBH
wxqpSCEAJrLPnNCfht
$IDAT
Sk 0
xbkGlOplM5gKIKjRMHD
s$)6%
.^dIl;@
D|?o
] !n1
@0 &
FN4
uXcsD
`.sdata
R=f&
u'OU |
= mK
k{z}
#;Ai
8xs@0
;?@ni
L,U7o=x
AgX2*
!Ra:
0/#]J)
(((,???c???k???k???k???k???k???sV
MRRNONQ,MM`
p>g`AE
-YsC
vE$v
Tv,]Km5
4Am]hm<W
BeginInvoke
=/Z2P
79aakaadkllgdZ9999995755
B+ (!
G: n
=}bX
B+ (*
B+ (.
_n e
g [B
B+ (C
A^cx
B+ (M
0U`^
Jux3
|/=DX
*I[`
B+ (c
RuntimeHelpers
Jc=8
O1`:Qp +
7g/>.
qC8yWmXQxgDry8fvDW6
B+ (e
B+ (j
%1`A
LPWV
f.Ob
B+ ({
r0McC7
h!9,T
^Wx^
Vv f
&y2 Y
gS|9
peb[?bf
sw7{x
qM"7
mV?{
L& D
Object
BMJ 2jW
A j#
}H"S*
seih5nrmi
I_]:z
5=>>
S)o `S
oNDHMF6LPIUjVvY7ax
))|
:3Me
L~"
Fne':
AB=0
e><&4
]F>1
j - (q
M:+)
'Pk!
o</_0>
E;cnwX
f 9T
MvkM
K)ry
'E t1
}CJ
y K!w9
9:||x
];]>R5
I7ZC
<- !
0-RL
9A*3@
<6XO0Yv
.O;i
b+5/6
|:%P
zZvDQ{
o/Bj
,:Yk
<~~3
Exit
!6=U
f+ (nB.8
r:GS
Q#6'
WJf'b
m_isReadOnly compareInfo
O(e W
&*j+ (
$@(_
QIL
HwLvA4peixIWd6SgB0f
xXP6
8M5D.
j+ (Jk<U
$@(w
|x9fj
HHbyI )*n
`G m
,tT)k
'|7=6]
C~RzI
percentDecimalDigits
T7m.H
"TTT
~[UF
b7vY0s
^3 >
W.4p
rR,I
%?.q
xQ)p
q jYK*,
^PJ
/ba
ACIjl
P`+
0z;As
XYxg
34k
Ct:'
mvDc>
H>hZ
KBiI3vXwyV
GGG
GFsI5Qdyq
s[g'0R
04:10-
Ap/D
/qp+
)777
=WM+
kGE.(
s3lN
83Aa
[*Q2
ETTT
8JpaxY
2(Vm
zMg1g
Jj1z
C05>W
Ar=d
?Hxp
Ez7;
currencyDecimalDigits
}%z5
O!')kte
fYgT
1^2]
c7Yb
fleH
w<%|
qSwIuuKiLb
FiUYY
9,F+6
8R! l
_g[;Li
e.9>
~h ^
zxCLq
R+=&8M
rho$
15SBLB
Qm"
Poi
BeWw7m
M9Dn
0=Z(
3S`%W%
%<]W
6i%X
vi]a
4/-
]-Rm
iQxI
oI7>s ^
?63Q
;.[GS
:k$_5
tttnsutpq
+ (R
+ (\
IhO8'
F8rr
+ (C
avPI0ZhTv3
+ (H
1maRzl]
b>GII
nhn8
+ (r
+ (s
RRSR
oDZ5xBjwovHCcbBZTp
+ (g
Z_%}
+ (i
BAvG
~0TN
+ (
+ (4
+ (5
+ (6
SBKMHlHOWFlMVIA0ny
+ (<
+ (8
+ (9
+ (%
+ ('
GetTypeFromHandle
+ (,
+ (/
+ (*
+ (+
:kl}
xVgc4ZXvZhAFAQpvyIw
percentPositivePattern
get_AllowOnlyFipsAlgorithms
MR+2
Wylw
@0 '
;Erp
RG(v
FFF%
A6Gd6HU80cd3WnXaWX
B; F
[Vfo{
a;y ,
sa6EYk
xLXl]c`
( =G:
VA%z
' 4%
/:%/5
x sE
(hC E`
V3$#
IJgv
`qGL
Z"s;
mXO;@
B!]b{g
~z"G
@O}y5
]L!'
jBjj
s3330
Z Q3
i
FKrh
@ s2
System.Runtime.CompilerServices
sV85
eqtqIiC4CO164NT7nmX
:sY4>
>f0
J];
+!:<
SB6bg7v2Ux9AcwdHxp
e^Cr)
*
wsap9"e %z
c^K< 3$
set_CompilerOptions
:m6j
C@Y
ol0cYxX5D
sq)_
`kYA
16#p
o_cM
#30B
HhgKYLXTj5nP1Fe6vZx
zjEN
J&;i
qm'/4H
{7 S
YQt
fGDvMgCGFqf588B3ZZU
&~n"
$SAO
i3i57
knqY8PXEdkyiJAJGhOA
YNP(U
< /"
}"'6
YQny
bl f
3%G
zw4n2
smZkVLlK5QVY20pvQd
>7ECsS
6)Ye
}?\/EP"
GIDw2
VXO-r
'?A[
L9a%
+n!!b
h6cTceph9nGSZlj50ZP
WDIm
80?:
vy
cZu
CreateEncryptor
:<{yD0
fUkeH
k3y<
_b`*
s56o3AXV3yjj9s4Irqc
nativeEntry
1rB*
<
-5Q,p
CO?d
*e2F
uHMsi
3 5BR|
percentGroupSizes positiveSign negativeSign
_/j1
N5x-
/CQ'
#GQ)R}
v*1]
KVIYNA-w
77771
dt6BG
3~di&

tP)Y
dQ1}6
ePnVhHM
S%t,
Bx|
6FY[]]]
>01OW
N?nn
!T%^
"Q|o
hY{-
QkCG
1*Q6|<
Encoding
,r;'
7777s
7777w
.{F v
I"Q_
zR13
*ql;
)I[`
KsOg
P=KJ
+"Bo3~
+5Y_/
dMhIIvxS2F
M uFj
={BLK 8
!5qt
e t"
lUcea
bSVLEUXNlWiuc2B6mIS
TtZu
*aFsf+~
_4Vy
J!;U
8*!(
1{yY+>
Fse
an3w
<M9_
@Z 86
Zero
(G""
XX I
QQda2
5O@]
Z///
Y `u
|7AN
<E*?l
9\de
= |5
*<3=
WBW*
K/p
DWV-
LP.[
bnw
DADDV
_ ~eL
i*T*
4C[amUfj
QvJrR4
h_D?
&<lrN
cyUoh
? m
2FRZlOry
UUUU_
3lv7
fwB0
V92<N
+K3^
Qx %
3L"C
C8NOA
;,/lB
Kt>
y\/K
.ETTWY\SG//..''&
dQ!Xn b
hN;
dZ[|tc
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-11 07:42:59 2018-06-11 07:45:51 172

10 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-11 07:42:59 2018-06-11 07:45:51 172

9 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\windows.exe.config
C:\Users\Seven01\AppData\Local\Temp\windows.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\z7DeyvKUpKarTdnV.SDK\*
C:\Users\Seven01\AppData\Local\Temp\windows.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.tmp
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.0.cs
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.dll
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.out
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.err
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.pdb
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Users\Seven01\AppData\Local\Temp\windows.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\Seven01\windows.exe
C:\Users\Seven01\windows.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\System32\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\System.Management.dll
C:\Windows
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Users\Seven01\AppData\Local\Temp\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Users\Seven01\AppData\Local\Temp\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Users\Seven01\AppData\Local\Temp\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Users\Seven01\AppData\Local\Temp\CSC238844109BEE4DD8ADB75BD8CB0FB35.TMP
C:\Users\Seven01\AppData\Local\Temp\RESFADA.tmp
C:\Windows\System32\tzres.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\.IgHiJkLiO

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\windows.exe.config
C:\Users\Seven01\AppData\Local\Temp\windows.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.dll
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.pdb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.0.cs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Users\Seven01\AppData\Local\Temp\CSC238844109BEE4DD8ADB75BD8CB0FB35.TMP
C:\Users\Seven01\AppData\Local\Temp\RESFADA.tmp
C:\Windows\System32\tzres.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Write Files

C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.tmp
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.0.cs
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.dll
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.cmdline
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.out
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.err
C:\Users\Seven01\windows.exe
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.pdb
C:\Users\Seven01\AppData\Local\Temp\CSC238844109BEE4DD8ADB75BD8CB0FB35.TMP
C:\Users\Seven01\AppData\Local\Temp\RESFADA.tmp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\.IgHiJkLiO

Delete Files

C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.cmdline
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.out
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.err
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.tmp
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.dll
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.pdb
C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.0.cs
C:\Users\Seven01\windows.exe:Zone.Identifier
C:\Users\Seven01\AppData\Local\Temp\RESFADA.tmp
C:\Users\Seven01\AppData\Local\Temp\CSC238844109BEE4DD8ADB75BD8CB0FB35.TMP

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\windows.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\3A4F894F
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\3A4F894F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

-

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.GetTempPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.GetStdHandle
kernel32.dll.GetEnvironmentStrings
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateProcessW
kernel32.dll.DuplicateHandle
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.DeleteFileW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.LockResource
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateBitmapFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
shell32.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.DeleteFileA
kernel32.dll.WideCharToMultiByte
kernel32.dll.CompareStringOrdinal
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
clr.dll.CreateAssemblyEnum
kernel32.dll.ResolveLocaleName
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
kernel32.dll.ResumeThread
ole32.dll.CoUninitialize
oleaut32.dll.#500
advapi32.dll.EventUnregister
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptReleaseContext
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
kernel32.dll.GetProcessPreferredUILanguages
kernel32.dll.GetUserDefaultUILanguage
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
version.dll.VerQueryValueA
alink.dll.CreateALink
mscoree.dll.CLRCreateInstance
mscoreei.dll.CLRCreateInstance
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
clr.dll.DllGetClassObjectInternal
clr.dll.StrongNameTokenFromPublicKey
clr.dll.StrongNameFreeBuffer
clr.dll.CompareAssemblyIdentityWithConfig
clr.dll.CreateAssemblyConfigCookie
clr.dll.DestroyAssemblyConfigCookie
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
mscorpehost.dll.InitializeSxS
mscorpehost.dll.CreateICeeFileGen
mscorpehost.dll.DestroyICeeFileGen
ole32.dll.CoCreateGuid
diasymreader.dll.DllGetClassObject
rpcrt4.dll.UuidCreate
kernel32.dll.NlsGetCacheUpdateCount
ole32.dll.CreateStreamOnHGlobal
mscoree.dll.CorExitProcess
mscoreei.dll.CorExitProcess
user32.dll.RegisterRawInputDevices
user32.dll.GetRawInputData
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Seven01\AppData\Local\Temp\s51cbyhf.cmdline"
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Seven01\AppData\Local\Temp\RESFADA.tmp" "c:\Users\Seven01\AppData\Local\Temp\CSC238844109BEE4DD8ADB75BD8CB0FB35.TMP"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-11 07:45:13