MalScore
100/100

im.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 14/68 Related 2243
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 470.00 KB (481280 bytes)
Compile time: 2018-07-23 19:51:43
MD5: e59304e841f10964072c98d9706e1feb
SHA1: e1913d7183dad7f6af6c9fc73c339108b0c60a33
SHA256: 8caf131512564e70e3416a71cafc15950705b38106de689e48ecd065ab58502f
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 4 .text .sdata .rsrc .reloc
Directories 4 import resource debug relocation
First submission: 2018-07-25 15:39:03
Last submission: 2018-07-25 15:39:03
Filename detected: - im.exe (1)
URL file hosting
hXXp://23.249.161.109/im.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-07-24 06:29:19 [14/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x11c84 73216 6db8b9d417e69933e3ac4c2b2b94e8e9 b40ed2c0230b9ba3d5c90b51de38bddc5af04397
.sdata 0x14000 0x1e8 512 b94e63fdbde27baa1c46761d1af4cb0b 47d7d67095efab563fb6126868821060bf1884e5
.rsrc 0x16000 0x4a043 303616 db3a470671aed79156acbe49ca6c582f c83a9920852185d8b72b4eabadd4cab1315c6f79
.reloc 0x62000 0xc 512 ee27cdce0c2c970886b13110f8962c4f ecf000a97d0e1397bfb626c4d57fb35398d9eb26
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x19c78 9640 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x1c220 48 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x1c250 568 LANG_ENGLISH SUBLANG_ENGLISH_US
RT_HTML 0x1c488 277435 LANG_GERMAN SUBLANG_GERMAN
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: TeamViewer GmbH
ProductVersion: 13.1.3629.0
CompanyName: TeamViewer GmbH
Translation: 0x0409 0x04e4
Comments: TeamViewer Remote Control Application
ProductName: TeamViewer
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
file:///
Possible connections
NMbOeueTtB2lT7WgETy
VarFileInfo
{11111-22222-20001-00001}
Comments
Location
$this.TrayHeight
{11111-22222-20001-00002}
#"$"%"&"'"(")"
{11111-22222-50001-00000}
GetDelegateForFunctionPointer
{11111-22222-30001-00001}
ProductName
{11111-22222-40001-00002}
.#J.;U.3J.+J
!B"9BFABPQBPYBPaBFiBPqBPyBP
StringFileInfo
Translation
$this.Icon
TeamViewer Remote Control Application
.{J.sJ.kJ.CJ.
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
BFG
BFF
VS_VERSION_INFO
BFI
file:///
$this.GridSize
$this.Locked
{11111-22222-30001-00002}
ProductVersion
13.1.3629.0
$this.Localizable
{11111-22222-50001-00001}
TeamViewer
$this.SnapToGrid
LegalCopyright
{11111-22222-50001-00002}
BFa
TShLGpgHyxaXq56ceE.vNm2TasiNiG4lfCtDq
{11111-22222-40001-00001}
CompanyName
System.Security.Cryptography.AesCryptoServiceProvider
$this.TrayLargeIcon
{11111-22222-10009-11112}
TeamViewer GmbH
progressBar1.Locked
040904e4
BF.[J.SJ.KZ.c
$this.DrawGrid
$this.Language
progressBar1.Modifiers
QN}
Nx3fC3ryyJbPa8YfQeD
YC &
>5 X
-*{ ~
fV'$%
4eed
l~Y*
NKJisue78WCYgjNpVHO
_KU,
wq((Ov
8m!
B92&[V9
Y^q
- ?L
68J9@
e<Aw
iwF?
Int32
YoK=R" +R
@=d$5
H1yiHBrIEmgBMd8THhs
O0+><G
hUADGriihpnGP
* R24
fQ E
ObjectHandle
YrOcA3
VLCmX4SDlnQJDSQvrO
LjFI
textInfo
CT90sBNfHysUqrQIYF7
kf$
2vH5D]f
wSV4VtAbfT
?S?;
33g8_
;L=B=;
aRfhn M
JjAu)
p4t81mhWsI45DNHP1K
v x$a_B
77KbFC
kDDQdMkU07bjKD0fcQ
@@j
6 Y6
f+ (6
? ur
fn[s
%5#
9tTC
O@@\
|WY6
Z.d#s
9 F6Ys
sh9lT
FJN#>
P+"yO
^5Xx
;SPC/
Substring
30 :
Q4nZWb7bN
MN)"O
wh!`
c7<p
!~F9
Mi6iO
Y17NSsgDAq26Eeyynn
|+^2
DmgI
x @N
>'<A
E Xa
O5&H
'''k'''G(((
=fer"7-
2*BjF
G[7W
W?%=
h%,g
ay) y
& H<m
5={D
dpELC0IwrbHem466mQ
2X[N
z3P435RaU4
y- P
s1u~
Z/J28
hH3q3LIE1
NiXV
&*j+ (
aqUFgHeLRsjR0FA5EGm
p< /
L1~/
QGIR
Gr?
r&,(>
Bk-ai
KnY$^
WV;v
Z K,Y
<{PW1M
%qHK
db[h
S Qz5
Pc i$s
xgwTt
%Rm3&t
>+ (
eBuc>
PNG
AssemblyTitleAttribute
bIFjFX
9 W'
~2 P
09mH
dJ6Y
Zk.
#f4[
h[7$n
A}9U
Iq-}S
%_!K
Marshal
9o@9
A0u%
[F(#
YX7hnskE7PSwcXgyUg
*zAE
5i X
dbc@
4u=;
pdr]
TgjF
er03[i
k.~+
^*<w
6`@i`
K0 G
Ng1x
;T1!
K{Ba
hqO PW
AA]~x Uu
=Z#(,g
RuntimeFieldHandle
m` '
|a9[
d5Q{y;
{o:u
C lR
q&g?
!%`F
*V+ (Yk,P
L.z:
v+ (
t68%O
"/\
\m +S
wnq7FQAodxOO09lkkP
jz#
a[>
0p{q
t)|S}9
7k3Pr
S1s"
Q?dm
`m6]
!A"9q
TR,[
t`UvKG|k
R@)UQ
^ix{x$
sE=V];
J =oe
EndInvoke
RFk<
2c2{
(dEK
. t$
?
hO=+
5U"q
KPqkx0r8UVTaLpIRMsC
9JM
*t\=
T<7Mu
kevC
)S+8
>?t8
y&
*s6:
KFr<.
s;_1D
nit
\[1#C
`-6w.t
Aa_9f
[uO{
nmmoI
JCbA
\Xkaz
H, (
c^u^
<}ep
h |st
=6=_
Dk#$
JR1EvXre9xftw73SMr1
_G?s
:|N7~
*!A!}F
cSChijrwoSseN7Ny29Z
PZlC
QN?p
FChLwle5rkMYL2FA90X
currencyDecimalSeparator
S_ll
gmc?c~
u<k;nX
GYgp
,O4
VKPs3~
x`w6
;tuu-
"&A(~
Ko,-
ysPPq
kK2BADro8xfnEDAOcFu
,J]a
k k!
AssemblyCompanyAttribute
Q
IlbnZkVhs9j8MhL8s7
Yp;#
AY/#
0J
Z@:sF
IkhLbQr3G1ucfMx0fh9
+q=M
\$VG
)~OV
E4ZvoVL
PB)l
3$|<
ODlC4Fr2elfMmGhQKwf
< E0D=
cP {
Qw&
AD%
x1`Z
xUvf
__StaticArrayInitTypeSize=40
<|A*
xOpjv
Format
IaM0&
m_useUserOverride m_win32LangID
( Z/
D{z+
%W{H
R>-z
iJfeb3eRZhbGEsyDoUe
ReW5
Enumerable
_%Wu&[
,,,;,,,
b@,a
KgI49uiFcE
TQ%`
900
`^T
^a(QC
e2SVtApbfTRLCw6PCS
w)#3}
t^1f<T
~@E}
0h!+o
%`i!
50RY\
hf5S.G{`
8R`F$q
4_j5
,^3*
kUgkF%
X*B4
D\}~
+x {
Hos_r
wKM0
0# X
r#fJ
#JljL
0C:*
ms6Z@
1H ${
PADPADP
, k!
bzoFZF
%}Fd
_',1
j'!
Ph#7mr"
q%at
)s()
W`#^
JGC
~2y>
8WzSU
SK H\
M?m/
>)Z<q)
vVm>D
t4ft+
`/*bK
8$bQE
Z _sZ,e
R W _I
MiGL
9@:$
-d`
t!=y
FromBase64String
M4im
S7bGABeyNK6NiC7OFpL
Ihj9Wox2EYe93JXm87
p Bg
a+Lb
AssemblyTrademarkAttribute
n%Vw
de94Kvdodo
m_listSeparator m_isReadOnly m_cultureName
% ,c
V$Ij=
+ (hSo7
+ (S
!M8~
;Zg]-a
6 ue
&*>+ (,
YeBYt
QAliidMYmSBpyMDn5r
z4c4q1N5q3
V'1X
x2nJ2
|u\!
E$/u
HjFH
r[`0`
<fX}K
[@A-
v<c
=:bI
A0m\
9@:r
eV k
1CqM
J\jw
#Blop
PDr=
E?&~A
C B*8c7
dPdW
VjD4HeQ8sX
l^G
,(CRK
, [A
*O,g
#Blob
+ (D
57Aj
<8N^
aXMV
5rL(y
IDATt3
R9m.
{ PV
]Cjj
C3 c$f
Bp24<0:EFIz<a
lx"|P
tfj"_N
V]*S
Lu%u
mf+ha
'H5v 2$[
@xu%
HMe2
z%E<
g9w#p
0#*"
cGCc
hg0
aZxG
j/(>
ER&E
75Vs
r<G:
niB
G #"5"
_!0_G+
7VG X
zQ3\ Z
aqbj
ftWX
r`Rr ,
^|{q
GJAF
gprj
3H?#y
Type
Q!yK((G
fEK@(:
PM|
uj7\
XRLc
naquTiDjx
~o`=
li8kU2oIikCwsFopFZ
@$h}+
0 8N
E#Fl 0XPj
(KkS
mMNvPZrOLVVFX6bq0Ig
'
Oxx23MbYNQkI3xlUsW
CpHkl9bNx
:Hj=
n70e
+ (J
&+}:{
F{9g
wA%g
p*X}G
O8 K
Xgkv
;=0;
3rE<; b
x7xM}!
i!f8
xz'0
]vxP
pwaqwUrfxK7x5oYD6eP
0OWW
) 0)N
Eud4tqlq8r
O}G
l !
Q^ {
BT;8
I0^N
$:^H
VfBu8drCc0bua5yO9lE
K 8b
M[/,
jAvKv$
,Kk'34e?!yFq{>
GetValueOrDefault
4&h2
$$method0x6000007-1
+Thh]o
f+ (4/2G
IHf3
TJ .
Y#K#G
-,^D|0
ST+}
Char
f _54
ypP Ee
cpg4
C,+XHm
numberNegativePattern
kFjF
kPB4eCZnSE
jvfe'
ADF=
hZ\h
pE2Fe
z#Xo
?!;W
$7s]xU
I` 9
NO]X
#9V:
6d[R
GetValue
nN]o
/ 2%
l0E,i
l]_Zi_ c
uoK
yZ[|
>jc\
HashAlgorithm
yt \
.98@
e)$N
,.+"
# )
$R3s
MedW0B
C5UCy"
tlQH
*th8
vaXA
3 {!r U
H78c
Ogp7
G:FRazgA
n-m&n5
T` bF
kag$
E1
.;Ap
@Y06
JZ8:3
DU`@
ResolveType
KbBm
3Q=S
oJN%1#'
SY_t
NjED
K.7Z
tB0
QN=8C\8
(Q#
p4,P
bH3[-g
0noo
HJN5
cA{v ~=C
2223222O
".Y(Y
1c +
#mS{
qoh6
udZm
L %:
, 7A
Hk^:
^bQK&8
I$f4
^1D#
13sb
p,2!
t h8
%%%i&&&O&&&=&&&'&&&
GRg/
WSwtpErP7JIUNpPrWn3
WWv
> 5#
V>\Y
*}'C
m0o0qb25GEgoK3EkRf
p'F}
a$<>&n
#W ?G
d_cr
pLf2RAeHmofx2m5ejGX
K>%6
`^`|
i7j}#)
.text
XDrQnpr9axgRs7xN4hv
a`K"
/bz@
IN0"
ce4DmfsmSrOT856tDgfrkMb
GetString
e( v
wgvKMjGoYWv59g66Og
Q,@~
OZ_w
b_)0
0 GZ!
na1c
x664XOgqF7
CryptoStream
n-vp
/:g7
}FOQ
Convert
/R=!
positiveInfinitySymbol
>UNE
~wj*
object
percentGroupSeparator percentSymbol
VTRNF8eoK3qWBF7wOrv
FlushFinalBlock
numInfo dateTimeInfo
|=AeP
[eOs
liC^
6aH$h
Ephb
$Y6UU
ePKgV
LS19NY5jyaUxnHZmj6
F0 -b
Jf?a
}=fFo
,!9^3
XtZa
"""A"""
TShLGpgHyxaXq56ceE.vNm2TasiNiG4lfCtDq
W/g)
AbS4O~
i%5#$
f_O0
FlagsAttribute
DQ"5
k`YE
z\a5
;Du.&
nr*v
8J` j
ZzHN
|\Of
@m 9
Int64
$$method0x6000020-1
222?222?222
KNFNv
$$method0x6000020-2
tn%]
3+ze
$mWUX)
vK+
FA^/C
wd-
1IXL
rP80KgtIuiFcEVCZt4
f+ (]"vM
X }F
+.sp
3y )
}rnq
tGn=
5$ftM
BNM&
+QBM
M6aOQIeI59BsIAofYal
mS4}
CipherMode
#+]
mkYZ
j(b ]-
EZk^
/0s qft
;X\^h
yp f}
}$k_S
azi2
oZH u@
BRD\
v/Jrdl <!
{X p0
7`~dCG
2u,\F Q
{~Q.
En3wLOEfNe1siT3Mbc
z={z
%# 1
K4
ktK4ppB00U
6r~Y
KKyst6rDoE55xCmwqi9
|^}+
h|8>
x&XX
m)`
,#W@
l;Ea
$UF<1T
k6Tl-
S!kM
:o<;}/
7P<_Ib4
}B9-
sEiyUaJqTiDjx7vjw4
{Sh3
System.Globalization.Calendar
1nub
t02hpq
qmhdsqeA6L93IVhidPo
\Z*
;, o
%iRl
*' K
CJ~SR5sLk
I%9&
c ]`-
ewV0
].zX
Qt9wN
mrl1s|z|
d1` u
9R3"
o[h]
L,,1
z4Gg
/ {g|
fT5n
= U
KRSO
3(h/
.U9t
!a$ J
IconData
.S66
dpTB
[aE<
' ~L~m
3`L&
E Zr
M\)]
0@mz
X 8*
result
dG6qBlqmI45H3AFEKb
K!y8
j%aL
Om)f
TDn!
HRx*
UXvg10eeE7PyBWY3udU
N5~NFC
>0jy
a.2]
{@L4>v
<uP!
get_CodeBase
b 'z
E9P}~_
g5Hs*
5A(8:^
-Infinity
AC/R
X 8
v+ (QLi8
!S=8
tj2UW7rQOB3CRZbgsTZ
-#:$4+
a<iX
i4~|
v_|8
clJ-h
\bt^
aP% *
D|~i6R
X 8t
Pb%1
f+ (1:
iz4o
;cCT
$ou{x
RDmbm
6R[6
wxF!
*4"(
U|Yv3
/Hg'
HrK>$i
iNPJQ
@Wme0
v,|=
Vje7
q/_`
R(H#
Aqf|
mu )
X 8T
}L$\
hGMF+
LFtwuu9
s:I}#
ZSx;
AEUG'uk
%liTU:
Pvtc63rNqPRteUmZTin
^xNC
>S3"
#~FGH_
$FTz
V=K> Xu
55Ly
HmZd@
2{oj
/@Vt7
}d6
ISc4rPV7Um
hYnh
<>c__DisplayClass1
R2ft
height
'tv
aAG$
hISj
vYut86Cq5kbkHCty9T
M9 E
TpGymOsYo
StringCollection
@`y/
J$f4
J0gb
culture m_SortVersion
d6M7
w@Mga
'?UdB:8
iIkjvyrSJsokBpyGofm
+@$[
Vy'j
GbB )b
KUm%I
6(0S
9uLw
'Pct
#-A7k
WC-k
OoED
lah)
I;fZ[v
3"uAX
{iR{
, OX
ksVP6DQZBQagJ9HsQG
_}? 2N
! XjhH
i]Km[
@YSA
bQ D
Au U
ef-7
AmdZ
<m,$
i$8,M
DH#<N
L<^_
%L,LW
X T]
GetBytes
.9BK
TargetFrameworkAttribute
qqf$
GvG-
J{,fHr
PHq)
Ymn7
+ (Vkm=
w5CEEn2
oeJ9
Pjd.9q
ReadAllBytes
qV\.
A@aH
Sw21wvrFJ3IFLW1TlWN
yM5(
MCcS
8#b3"6%|}
HP: .S
/hex
f'e4
b+ (6
gjTWCNrV0N4lIHtQlvI
EEqK
Uj X
0IJA
I 0
? {
=6)2#
Ar,:}
Write
=:x$kT
NFT7
J;fF
RT*U
>0TL
C+b?D
Z Aa
qoV
#Iu!
^_*
M 5v
5<[0
ts5XbtUIAciKxJaME6
d _Gon
v@l?
nativeSizeOfCode
get_Assembly
nuP
S#" D
DwdW
6`oM
z (cI
aqTxZpFnb
fY ,
F:6"v
UInt16
*V+ (O9Qc
PVp;
JJ;DL
{Q<k
FCTRjSxKjRIa0JNHQJ
7IH^
uZNiNb.
{Q_y
752%.
?S3kr)
PaUsrVZRItx0Xs6sr1
AEm
DWIE
j 4zH
l4fJEKr5QcZL5XpkM1w
7Ba (
TW9>
p$1P
n44=4~$}
GH2,Z
xsCKfKNT681s6YO79nl
PPta
P(Kv
LQ tx
?u.{
YE7M
B 721<
h`L*
s4f\
sCS$.)
1#J>y_
-EsJ
eMB4zvM6xc
System.IO
R0$,H
WrapNonExceptionThrows
D7td
f+ (~*
,YoBY
"M\@
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo
numberDecimalDigits
9PYt$$PD
EUJ .
Q][]cRC
KWQ"
B+ (en
_[^b
W`!-
Console
D32a
3A13D
0Ho{
System.Globalization.SortVersion
ot>u
h( %
UOh0vODRiIK2IHjZ6x
xh:8
ct+3
fCrhrqaMqMtcDXr2ha
k8)W
s<T"
percentNegativePattern
q=q78
1H/"
N v&
y|nS
HE]E
!@M~
y?m`
LJuHA
;3u>T
wjvEojL4m
W4O)f
~xA
%q1?#
Q7 k,
bUdv-
vxisHhuhR
bl]c
;u>4
xPA!osj`r
`&0P
"1-D/
(ltc@

H?#T<
////000=000O000k000
__StaticArrayInitTypeSize=64
~cr_ro
J$-L
f+ (D}/4
K}.i
@oho
6%Kq%
%_?fL
xvekto
T`r:
w[]S
\p7Mz}J7(
IHDR
02k.L
Xc:&
System.Runtime.Versioning
T7 ZG X
<jB[
__StaticArrayInitTypeSize=18
8#,x
oHU[f
O`9I
9 CP1@
jV h
GGzC
].R B
Rs'[
IconSize
}rG`
#6GU)
70Ro
fxo%
+X/-v
V3W`
Fe3T[~ B
Yq5+
C$UD
lNC4vlBKTW
iwR25YemGuM2scu29tX
5,jf
0SXK
=*Wj g
I{ *
`dyc2
wcf7
>9VDI
0v!t
System
:R32
%V#
b+ (`
K<oy
2WW C
Microsoft.CSharp
lUR=
${ 3
0y>r*
System.Drawing.Icon
i( E
s{-G
dyi%
pyw4bPSdH9
Wa&tX
+HRy
"0hv3v
7LIz
6H` qf[
b+ (d
{6 s^wK
]6Ad-
ZK0H
;9WD?y
WmZV
UB54
X>UgP}
FOjgVpr6LJXXHk3aOho
HnYFPTUBL
.-Q3
iAG5R
0:(F
6CZ-
F47k
l+WO
CXc2
#::
Qx8dshevfNNFT29v6pL
CreateInstance
qM'S]K-+
$$method0x6000039-1
O~#3
AG0CHjPBM
Zk5A{
GR=2
@Hu'
{\}R``50
v6|92
*&>{
MethodBase
#Strings
&eq8
dWtn}=
r aE
dWoKS
K_ h
vBo|7-
System.Collections
G!1?
?$AgD
H_1C
A M$Z
M"L(V
1K:#
- L {V>
set_UseMachineKeyStore
Ma3=
#>-
ml Ec
(OX'
HbWlE
v+ (HT.k
qXl_
=3>ev
GraF
`+Cb
uB3)
XRn
tU:b
*V\6@1(wx1#_4
3fh\"o
,@ #l
b[z^ Am
|)[,
QIWf
b L^?
Environment
p XS|
TYO6
JdhFgE5G8fsudrcYdq
>+ (D^|f
mHK!
]'eB
Q.-1
currencyPositivePattern
+ (06IF
s5$f
y\eb
bU'^0
,lx`
digitSubstitution isReadOnly
Mjgm
^ (n^
]p ]
O.O8
.'3z
TH]7
width
gCCA
B-=n
6c 519[/
3 m M
QxR7BWeWoT075g9sQcq
2<CI
get_EntryPoint
sONMwOehs3RtL26MAKs
eS<X
eSBrpyMDn
| ){
*OxMf
{ f'
ocFj
+ ba^X
bX+Wd
ufNU
7K((
OelGZ
>GbF
ni#M
,P{+TU
;$Z_o
.ZeOW
i$/M
O;rI
hJ,
;xUQQ
d>}E
+@bF
EcFa
System.Diagnostics
^ienNn
mDT0QyVs8
T0Vx
GetType
Ie3f
6f|Q_|
LbFHr
(svi
Tgo
zjs*
gPqj
/DA_fG
U '}
pMihP6yousRoSWr9.g.resources
`@HE
=*IiP]
I HXAX
K@k#
k&{l
MCu$
J@^
hS|6
HQzf
[.3B
UZv9jIFivmHf8QQPtI
"8&'
xpWZGWeBRCpLZ5I9JN1
`lD"M
F"hMz
svxl_
v8](
uRjGtDeYwVVvoHoorMC
Activator
CCr@)
CVPd82Six
Q|/m
X2|1
Inv(L
0c%&
|,>
%h./M
%)GN
rolv
oWFv
f7i>M
5y00
3L <
TA$N
vww'L
H4R,
] b'$
Eb /p
M$F
3 ^
S]>
C/{ak
9W31
Ii VH
vq7UTy
:f$FV
-X0G`(Y
Jc&p
'a7
Double
oSw4ScXgyU
OO2O
crG
Hh$DC
*0?t
lFH>
v 9j
4Y(e
Oao+
a;u=L
CompilerResults
o)HL
OIc
3G ;
ULrDGriNIpt4C
#PYw
MCn&
!4pg
p.Na
Krp
%QZ
Xw"
5$EZg
?\!Tg
MD5CryptoServiceProvider
wfc P O
FZ @
~/>
mF.4
X,Q
get_BaseStream
BO9^
vi?c
wGlY.
2w3
b+xd.
qm%X
eg=)
v ]PJ
Z;fH
Q<`5
f]IA
om:@
3" x
D;aD
7T|-+
+3 '
[\{ \
/x#c
5;?3
Bhi:J
jvyjTsNil
|fXU
u'RS?Q '
1x@Z
n4034GNs7X22ThwN7i
VGDJY6rOOkvl8uVEgZ
k1@]
_ wR
VyZO9PPjk
,Kr+f.
:i?_
]*7#
JrIVFv4mA
{l{aA
c6UjrQcqGMInND0Hci
gA9R)_f
m $jy
DQ P
+5-%
Y|q
t1Y*
a O/
je)U
oJf&
w%cP
AssemblyKeyNameAttribute
` ZAi
ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
AF3hIOeK8lVaEkfJvMd
J`t%
c)V
j+ (
0(8g
~eqxe
cVrgN
Func`2
1uv
k[um
get_ManifestModule
-K|P
_
b+ (.HxN
b+ (#NQa
4a4M 3
PF71R9Ic0p49scdiFB
V1d4arynET
9{${+
!X2o
F#dJ~Y
///?///O///
,idX
Cs*:
q G}
u4[O:B
u96XYOpyI9h5yQgRjJ
1@d6M_
wH947Mav3x
Bn2mnPNw7ouLPK8lVq2
BitConverter
w X}dc
| KE+a<
"*m#
nKXRDTG3XliRY4C49v
WH\
yp(:
HWpHl99bNxgSSUjfW0
eydt
I^fm,
vT2
*'03
0"bO2=(
UkmU~
sKwMMH8Ds1D7yMTr8f
u{
~I_N?_Q
D(Mj
e6' Zv;
c6*
QtQ3VoeQlGnaSASXRH2
&Q3R
M+L.
_X;Tp
*dA}
fFJ(
YX74YhnsE7
_Vzn/
m_useUserOverride
|5i'RN
cx 3
Ob(V
22I5
C)~}
W`.c
;QI&T
zD@DW
Luw"
gJ~f
tu1BqCYj88cOI7E3by
ymOsYodjGr40cIyeJr
$i1K
eIEPm
System.Core
OIRB
b_{
4qwt
x*8nz
Y'g.&
WnH@
RsI^
vlmX
.%>j
%d3#X
mqbJ
Y1|}
U:Y2
Y;s {[
Delegate
3$kJI
2 I(
/w u,(
AssemblyName
1LP"m;
Qh1^
!o#Q
GZPDGrizP03nf
-Rs2
C"qK
f+ (>X3P
hdw<
&#MXRf
c[V.
EFA\T
4oi
eq+f
aasj
get_Unicode
eapr
Ai=4
Qt)J
kBFU
1<]
Jwa3
ng` B0 m[
J\:0
$k?;
Vpzz}
`ejo
o_[ x
wu5pkfMkUumfWcGskZ
qpKM-
X['f@1
EF>!
$DKby
3Jm6
EknCVFeG5INwMusFDL3
DSw-
z8V{
}IV0=1
eHyJdGVhm
v\ %$
z-1r
_oVR*
D|zDq
E/A;
vv--
f"A3
c1fDR
B|su
aq4YYFrxfbDEb0MG5LV
H)H
Enum
#xA%1
0Wf,R
i$1r
%1 @
L= $
![!)
A}z3
'eP\
Hdw4y44l87
-6 v
xby4BPCNYk
.R3J
{j%Y
S >n
H8 D
ihC4iEXcgN
Sq9 Ag+_
uWPiS
$lf:
1+:>
khQx>O
?[F
Kl;h
DBXLpPrYb0sC2VagpPg
}.}2
JvVo
/p
]0[xf7k
y,^?
}~RA
1&/K
kFU6U0bY327SZ8vFBM
get_Length
eV`G
+cr[
perMilleSymbol nativeDigits m_dataItem
* v%
2yvR
:2'w
,ML*
7-3k
~Z}|
Y3rO6
aTm7icewP5UwajjS24J
Xh%]D
W $
7rAe
IDAT< W
Z^(w
Kov\ZNa
3jP\
N; 5l
A&|4
KbFk
4^^o
-!FI
/vU{
;n} Q
PG'T
@my
>GH!
l)Ew
B^:I8
R_ :
n8$L
CompileAssemblyFromSource
\6-G_
f_`X
ValueType
System.CodeDom.Compiler
1G_B
@k4!w
+~pCZ
!yOVmE
h]lu
cGMSYfEgcnGA2AVBPu
C<8;
lshs
:8Vx
(*1T
s4kS#|
eS6mYSupQRAu6Pm3gD
BT*U\l
CCw4xsFopF
System.Runtime.CompilerServices
n0zIJ
l6QBt/`%
c@jF
qokyIDHt3FvcBJGXDB
PVZs1
l^ 0<
fqu?
p*f@
YjIm
1e;P
<PrivateImplementationDetails>{28AB6D44-2D09-42DD-A47E-EC26C30CFF0C}
SP(hR
^e(H
validForParseAsCurrency
x_b-
fP,
D3n2sTy0e
System.Runtime.Remoting
1Tr^
[$[
~'`I
dS/D
;9J]|
t=/X
J$/ap"M
,T5Z
o@W+
E#d%
+`@MB
IY[9*c
-Nh.&
XR3r
S5<gB
""I+(
TlN7h8ejeQlQj4MaZlA
W1c!
u2f2
' Hu
X"`F
J-S^
6Y /
LO$
3yFV
U-fl6>CY
[IL*
`pO]
~@W
g ]+;
B/3Fx
9y98#y
iO7e
PTiT8Z4s3HOJkPDej7
H ;
*b`5
!R^DB
hi V
PMer9WxY
C:*/
P61CL5rMX5pHMqpgTjF
ve]*
OY$e
E m&>
Qd5o
UInt32
ToInt32
?%GERS
baY*:A,J
z`?:
*Aop
mW\C
4=6<
GyMP
R[Ig
A'1r
Qbja2U0HEMcWPrtpk6
2=/O
L%fn~
iQD$R"2z
hk~B
ToString
M5EH
@:
=M#wl
mqg
BQ}t
[ 9
IOk @a
Q` ?kG
0mO|
[[D,e-
b5ULJlqtv
OX/r
.;{>
JXbftIAci
SMh4JL8s7l

e2cv
YBIB
3j04p#
nv]l
Hm[|
t18WZrPxMjD71RyRVe
x:3|
;S3b*
&0E4
"DU'
u ]~
<#7g|a
C:*c
7T9:
zk%B
wAi
fi*^
KcSn
f+ (
>%L +
b034m4Gs7X
.rsrc
|kUM
ZggC
suOL\O
'U{;
h_vT
Yq68M
M{+c
w!&M
?Z!$
pMihP6yousRoSWr9.exe
Yb8&
G%+U
lK^Y
?PIuC
oxv#0%E
Unwrap
i53g
Rcd08neMVVC8EbL9J8o
6_Cs
pZlgHTrq2GMiTdMUoca
f+ (!
5c.W
DVC)f@ftD
22JB
ICryptoTransform
$]Zf
y,}@
xZEw
Z-f$
f+ (0
'^3R
f+ (N
f+ (L
f+ (J
%L=_
}k5f@
AhWq
o q!
tJS:
P'`f
f+ (^
f+ (]
` 5cF
AssemblyDelaySignAttribute
XvQ$K?
Rj.<
k2G6eXfiZ
Qwtu
t kO
-#}L
r,0,z
f+ (Q
+Dn!`
M)$H
fk dq
.Z6>
{mkS
] :
IKvw20ntKpB00UG4c1
' -l,;hQ^
'deIU
3 Oo
-Xbj
x>WO
/m99
^LQ5V
[>eB
r+ (k4&\
703Z
System.Security.Cryptography
8.7W
,@^O
K8 }F
Asin
L[X)
MemberInfo
?DJq
Lc@s
c9h:Z
40J)
LFA:
DbFn
lJ|
"6E-
n9iW
Vv`$
LIhai
A!oK#
~Ehi_
%yFQ
'yFC0
_b^6
!45;,9!
k8Ca
rY64MOOkvl
q4pKpnrTvQGw3giMjYq
$D4+3 2K&`%
t7H=
X')
`>}9kH
%s0N
UnK+&
h Ou
V e
W-=L*[
s3nF9FrhRxHUxliXfpc
7m5u
(k 5
s /
E?zPu
-83$
{`~%t0
1{I
CS~_
m;x&
:^ 5
oXX9
N"+c!
=nM,H
658;
/X!S
{0 I+
L.+T
L[Xz
ToBase64String
SAQeH1efy6yv5jyKWTe
3<<Fm
t 3v
currencySymbol
numberGroupSizes
6h)"v
~Fd[
L@My
o1c H
\!#`
;W\l
~wX
*c4I
nCZ!
@:_
6k8!w
numberDecimalSeparator
_"fG
!^`.
pHYs
.ctor
ScOre
Bh`-
>-i8
NIr7N
yNicQ:
1CtUq
1Kk
-j~-
i{1 |43v
` #I
2)?W
fT(O
'|Iu
6!s"
(>1lB
p;oE
2RAm
;lj^
///?///]///
b+ (1
f :j7
G7wb
ObFqC
l}\m
pMihP6yousRoSWr9.pdb
2%_l
Qe:0
D]]a
A;qUA
Invoke
LX1wL5S1E
f+ (
-\Fj
oU?W?
M^eaI
K '0
pqM4jtcDXr
I}v0C
*6zQ
lROkA
si;[B
J::~
%\-#
e3qfb
P4fD
9;SA|
v4.0.30319
iRX
GmNVK7iJIm5ElfSEmS`1
!&jm
r+ (u#
b+ (j
{$E`
4S&.
`&yI
b+ (n
gbFC
lw>>
c`zv
GtS4FD2i2R
T%PM
IK.G
,1X
m2lsrUe2DBnukm2e8yi
%@bFx
M~h]
gM3R
^0go
w8nmIFr7mKDAVvusOd5
R bJ
Qo+N6
d,&M
Ux]vb
Module
y rss
c'`h
FrameworkDisplayName
XlQG
)?U>l
Rx1vJrNUGsTpdVNrC47
z rkx
i<|!r
Array
DLi6_
eNnYpxx23
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
k[xM
YITu
241I
=u0FJ=
.y=b
@.reloc
p
`T2C
BF->?
W;[5
fC.aD
Yvjiw4khF
{_z
rMZ|
v t7
kc6-
C:Hk
y|l"
?<0%
!Q? i
eV.sW
l&~Fk.
u4I4Cg9b4L
J8Rx4brix1Ih1QTnaLH
=
Cbb>r
EJAHW
2^ &
_ET5Di%
dIPYGN
Hq#k
U bLsJV_:
Byte
get_Chars
HobeuZ8w2
S4R3"
Km`6
info
CryptoStreamMode
currencyNegativePattern
tqD,
cf0?
Dispose
A6}A
A7ry
1N;)^]
fq'_
get_MetadataToken
huOh
v&7m
po4F
z+\f
7-v)p
27@mW
wo8BuBNbMkZhcnQyi8c
f~:zP%L7A
fdH9
{ `g
Z(),#
CrKMotgg6kNQR3skoj
8+f
xiy@
5q0TR#
h`/`W
b'YK;
Y};}
R{hcrz
k5~6=u/X
`Bpq
[0&q
#PF/B
ZsMH
( 4C
B+ ( uTK
]5u>
3a\{&
f0Xx0QnnlNnUmc3Egk
+ ()w`P
x61XvHebCN7c9FaogNR
!@
v!wn
{<89
analk
|:iX
$>)N
9P!l
ZFAe
OFA^
Nh99fgwboBCP3kTRts
A'Bk1P
numberGroupSeparator
RNEq
$hmJxhO
RSDS[
get_Location
C!nm
p e:
+*>NbY
iWDk
e;Ev
6Okr
`Hql
dM)s
comp
f+ (6S|k
$;}X
Qw +
nN,2M
&-_=
gMX8v
eP
s):+s
'''_(((?(((
Ocm
9yh&a
3\KPpy
hG63
\8a<
P7^
CZP%
7jf9
3YN1
jq/b
amRb7WOh3
J|]Cw
IZ{Fj
H(\G
b>Hm
DNm4gR1gHS
W%_
z?}M@
vzc0
U+I6
"sS)
uHDmWJC5j
jKP}
get_CompiledAssembly
K%>_,I
= hAds^
System.CodeDom.MemberAttributes
kGr340cIy
`s -
FileStream
30
\
s}nZ
@`Ya
C}cv
RuntimeCompatibilityAttribute
/80[
]D;Q
}q<R
;C#M
XdBeg?gT&WM
fMk8x1:z
kJ{| Nc
e>S~
k*<,
CyGIoHesH4EaxjYN5fe
fFMBl8*
J4HE
Assembly
Truncate
NdTO
$*J "
;HlR
D5fBX
i{61R
TVQGj4hTJ
fQ}W7
k[vG|
"}Ft
e}^ 9UCeKM
hixAvyETsNilsDTQyV
gSA412af2U
C%u3\
N_?dr
p}6+
RPf2
m9::
eL<k_W
otq>4+
sVxy
3_m1X6
-)AU]QF
G$=S
!^4
nI4<-
scu_
System.Drawing.Size
lYgKwcfFDJcHp6kMCI
B t Zl
wI2snqrpeRmhOr9BibG
*V+ (~
WDbD
.{p9
BiJ
YWup
28K_
#FWS
<75+
R Q >
OuB3g
VD]
7Db<
9; r7
>Q#8w
8hTQ
2 k
O*Dj@
~ Hn
{hAt
Hh9W
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
:zu,EU&
set_GenerateExecutable
DO\^e@
xV%b
;DjF
{m#ft
Ii[N!cFJ
v PO
BLPmsKNkY8vUFpORQux
+ ( B?
P G-P W
#ttl
>a:v*
n@ZTZ
3866
QaZ4GpSPMw
QUO#
IdRK^<]
u?c^
%4ry=u
tZ{CCAR
"h}]{H
ChF1yZy9PPjkR4nWb7
t K
k/+b
dkl7gGr0gm30tMd7t6h
> --4
Nc-E
r0,{
P)d=s
`3tJ
Void
$Z|Ef0
vX"
$'>6
G]G)
Bk?_
cp'1n
B+ (^;
PdTd0/
$?e)
m_name win32LCID
g!g(
:kng
U];f
=go'
H}A
#g` v
_!Qm
>`@&
&&&_'''?'''
Y=px
0"iX ]
6fTn
\0W$n|R\$
xr,uQq
E+$
\'@#fPO
lp&}
dCXJ
g`4xM
*Y "
r{!k
Rh^W
aMOw
aSd
GcMhVQsj4hTJuO2Jq4
q=N+
]sm!
ffw4Oa1mTr
JA#yd
mIy7kPaDVAZP2ohpYh
+ (dQ#a
5^OQt
lht489mc2M
z"1&
s!V
j{ E
CL?`
gTXB
}.$Q'g
% 3
3Z+X
9MbH
W; +
JGyySmNq8Hctiqi6xk
yU\v
DebuggableAttribute
*y{
\;fD
E0UI^
J:*:
Wu_c9U9h
c6d66ec5-6174-493f-b7b0-a96db2027ea2
;~F;
@ %EG
NpB4cx2FVRLV00l2xW
lkD5kQrke1cYwhBijS7
cm w#pq;
, %h
f>bxZn
P:0P
7@e?y
SJJ0HrrnAmVIAu53swi
gjFe
kNgx
3jRF
ZGUA<7
^u+ [vm
p=2Xa
DY;`
&cFp
=OE.
6XDT
hwt:eRJ
/f3c
K7J4kIm5El
{K&?.
q0`)
U#pc@
x:Qp2
%\eI
Lv|`
9g3:
H95;
b^b$
;F#C
],K+
/PeH&0
gFwQpAe4Iphy1a8oZbq
OH4;~
pZIf
3>-] %L>
L,
6M-/
2Xjf
u$0lX
jFKBgx
p1Ondjg2GeXfiZNsUp
a+7\
bu;1
JQY@
pXy>
get_ReferencedAssemblies
~ta@
Eel-
rK``
lKqXUgzEJU7nq84hlF
14AF9P8T?;
[$~FM
b Pyv
^_pytmE:&
WDt
gO^P
CkbbdvrECFbG5x6bPnv

FjFi
Q"
hx\n
w2T4EhwN7i
{N0ao
raI{
L::"?
;7ud
vieq0
}PRV`K
[gf
3<~~
!qTi
a&yF
Ms75
ixtb
Gt&E
+aWpo
pO~z
m_useUserOverride m_isInvariant
iG:j
v R ~4
]kE
N YXR
P`*8
@][
B+ (F
r.ymK ]
@=ly\
DecryptStringCharac
l^2!y
+0tVUW
Ms@sI
>/|j
FEbF<@
G~ N
(\8T
R?|<6LK
aY&yH
/lvZ
v)T*
eiClM1Ond
c4xMYPced
"^BlF
q')N7
F1|L
XTE
Ap B
8o%C
^eZn
93$
1(nTkSD
ZL]x>
. nv
sCc@
aFe)e
Jb$r
fpL2byrjXoBHmmr6nJH
JPiHXZrujqMYejqIYoa
F["f
QW3
m4{)
c$)b
p913)
@Dp=
RT.-J
CodeDomProvider
4 J,
fC7K
ReadBytes
/x> ~-
A>xE%
MFQK
/tGZ
kmA7qyeSyGoEdscwq6N
HkH\
<$7t
(]7,
%{Drj
3 `H/
B5J8u Gkr
3A,`G
mQ72k
*&lD
0 ;|
`Mif
qqp
AssemblyCopyrightAttribute
BmE
RLC4ww6PCS
x6+!+
_aSP@p
uBcaLojjY
b;TP)
0G%%
3^0m
@s+[
bHdQ
j)c*F
classthis
_o| wZ9
/|e5
l=kP
R R/
]# X
9^>]lW"
=kLW
O.:*m
Hs5=Of
s`-M
Infinity
nl!Ak
ChGO
$#*v
D~=4)F=Q
0@`Isc4f
R8#-
v8Fe
h-["Y
9UK
RUv.]s
"fTC
%eptDZ
gFO46q0jr5
WSS8<
GKcj
FileShare
dG64oqBlmI
%An ~f]X
d5Uy=G?
,^s
/xD"
_Oz`
YdZc
)< {
% sZz
AC`\
IGPQWB3ZWE86Ocs293
&&&u'''Q'''-(((
2,K<
6,F$
6m{[
B+ (f
Hy K*<f
r%W~
]3o~D
> ?? K
z7~=
-
*z%W
[A<k_9
NK1Y
| 0$
Vy0eYK0AAK96YAvd0Q
&6 8
q~mJ
PLE
6pU_
_W +
"K&Y
CG7$
Close
QVC}
cdSEoy9pW327C5EPKa
currencyGroupSeparator
MGm
B+ (h
*I Q!
V\3R{
\/\;w
##R@n
F yA
>K F
.NETFramework,Version=v4.0
yHCM
~kd@cH
<v>|
,AX
K\wN:'Crp
]]AyiN\
! vD
]yRc
b~Fp
*B+ (
q?]n
8+
0SN5
0Fnh$
uaUgsHep0adhW9pj3AX
L[}u
Read
jm!}F
iH>;46
%9fD
qMnn>
qy'$
srsYaxNssrkljI3LUMi
$# :
jrt
rhFn
5&b)
a@eH6
P04-b
>:[Iq
P*,_
,Ckl
b-GpXi
- zW
value__
B m
p=0%92
<DecryptString>b__0
a}L"c
0 Z
o
ZQ?cZ
b["F
[en
Ms$RZ
V44crg
tX9x
<&hJ
6VNg
#~<y
i Kj
X4H.
U)7B
gW _
v#~|
# PDr
Q}jd
d9vdodCoM6LUWc9QAh
dGDtDvjk70LVO7DYqj
5KoMp@.
iAnRWRe83LUjnpqCqxH
*Oc|
@|6m
}G|q
9,h
'=cA
J2l2oodHAwGJXKK0NC
gAMA
V+ (6tJQ
s:^X
!,zz
=sb2
}!6%
L4Ku
%Q*ZGi
TwR[
c9P}" ,
Q*"5#
lOcHm
(j=k
H1I?
/kcg
$k_
li84ckU2Ii
*7{
g R
@%A
\:<>
!ITB
mcN$_G?
h?F`
|.Ex
u@%$A
:,wZ
Ceiling
JP7Q?O|
.cctor
9E{7X
AsyncCallback
SortedList
08D,g
ex#]
_DJA
y *4
L$s< ^
mscorlib
FileMode
fPGr
An2tNPrUHVWixnbO6mD
m4fD
>4G=
ZoWdR
CElBH
|xhV
Hf95<
`+> A
&_A!
GetMethod
$ftM
-JkpeA
sTt@
T!~<
)NqOD
e"yz
set_IncludeDebugInformation
KO2IJq43s
x h9x
]~_K
DV.@
<fZe
CX#}E
j?q|\
EiI^
SdOc(
1HbbY
yGMX4_
7n0X
fDq
RSACryptoServiceProvider
$NhX
YUD
!iNL
vOLZ
}O_l
F 3$
+ ({F[S
\BJI
=
pOK4TaimY2
}b}IG
6Ov
&1$[V
\ w
! d&
(2 r
esmOcqumHKFHEiCj1i
T~l6
] E
6%"/
n'L*
k7";3A
k~N
]b&=
_)f(T
F5mX
6 /4
cq74RpNxfvUaEF7oXR7
,Ho~
;Ig5
-O*,1
`q)T
m8xxiHYhuhRsA7YGi7
yoA};
yc}kk
="oW
System.Reflection
`F`t
s[TC
^V *
p ~:l
R|%2
MHj_W
g]kS
u.~;l
RD&5
SNer
RuntimeTypeHandle
;" s[c[
$(GXW
rq.[
method
iQ mb
Ep)y
<TSf}
om8*
<#[Rit
PxQn v
bojYCqlkQavowqThSF
:$WS
"L Ckv
D(;3
Ovo4ncKRDI
`s-h
wb%gq
SUeHV
rkLV
Bp(T
4z=?
fM2
t[>]
kj1*
saW%
7jDa
;H &:
UInt64
|bx@
mtQ_
J[hJ
Mic:
/,K
}^QQ\
Ct>5
O_Co^
<5Gf
b+ ((cqY
'PD5
NCAuolFCAD3GiIXIxa
rWJC5je2jvojL4mmNn
q< v
iGAl
vDG5
? =;J
^Wd>
* /LO
bvwF}
X%m1i`
>Fza'
HnZ+
j9}I
B+ (
L}=!
Z(`Qz
F,khC
i{><
E4keU
fNFnltsd6OL5VgorjX
]6IT
w55.4T
amMvC7rrH7XoYPWCUlW
#-!Y
S4BA5o5p9
HQf#|
@StC
58S~ N
QG?O
zN4KF9hFLVIbMcrjew
dA8RnCrlt5rrR6dEcv7
/'v
4U-<x
T{@S
Va&u
tm-#d
Yry#}
Cmjx
5Wgr ;
P(h
3k>l
Ze )
u+}\q
v])A
N 8!
*))aJ
AssemblyDescriptionAttribute
BO|0
'DjFD
C!1:
A<A5
~-RM
3QV
KJ\,
"M!)
/ ;g
hNCR59yKU
36!V
'Jn.9
)XGSuA|>
uBig
RQM6
6IGHWV+
UR.V
vMITPEJLjVL0087Byd
+ ^-
gh=m
$M .
cI %
gCJU
)*r-
'#F$S;Y
sR=<
/A.w
PYTg
RA_E
3b _
QEXcgNREfwa1mTrDlr
lw.8
E$}F
\!QvK$[
O C&X#
~^]
8^~kc6
KJ_
,ME|3
C`/}
fC$fD
1 U V
percentDecimalSeparator
s]K]
kVGQhfiUYE15NS5V9S
rrLj
B1p1bUc02
#17)
.u
pfYtS7dQPsgbSC1FpY
ZcL6
pbmVyJFbj79FUew66C
-`$>f
ReadLine
hyqN
7N]N
Z(P}
b])<
\;. *
'ft$
6 8
n)C
~bc4
*K h
h 3k
!HVm
CZd}
m)$o
49<l*
)<c#5
S0r
U)4S
^y7L8I
(;s#
3J_N
0c&
6FA>
UO :
j^[t
po\d
|'`
!G|1
Hu~Hj
J!w$
/x
aIx4UaDP80
6c
yww=
FxJns0eNJfU0a187uZQ
(((A)))
n$Fn
5[KG
Q&6F
k="tON
s=hT
NbFC
JbmM
I&M)
hou(M
H,!=
~MK)O
Xy$k
NV- 8
Az`O
mscoree.dll
!This program cannot be run in DOS mode. $
kDza
i|%T
callback
@o>TW
File
"]Ce
7 Sv
(^i!
\eo'
=us|&}]
mXf
P\N[
IJIn
DtPe
Ihjn9Wo2E
4DS=p
/Cd6
_M9M
b'>
r+ (
p}1?
R!3~
d<dW
~SRb
fH{d4
Zi|{
/$cF)
"./)
^[/QK
RLKbJ
~'fx
Re`%
2VN)
Jq7aD
#G-T
i8?
,b@ 82
g4h
*Uti
t`F
P<t+$
3 |=+
<3ka,
$SZ|~6
;)Qsk
nZv
set_GenerateInMemory
iwNz
(IjT
oiKPZrec4uLD5NIHSPd
XI<<
/8g*
?6l "9
.Q,z
ZklEIH
?G `
R\Wq
wm<x
$$method0x600027b-1
Qi@9
j/;
|CE>
CreateDelegate
Dolm9yeuMcDwqgqYuHr
g#Mw
K69
5 KAb
mxas:H
";~>[^
yl$2
Pk ,
0k=V4
aq"P
B+ (|GtL
Yl>2
t cd
#GUID
!C=
CRxM
}, P$
kKXb
VkA_a
TyB
[jq.t
:y1-k
D+}
RPs5yJvN1pbUc02miC
KxJNaME6w
sI>
&Dw3
*j+ (
:Bu]
;f T
'5#!
af;U
{Bq,
#|>V
1R~a
mA7UYGi7T
o%Y,~
DbFr_
BSJB
- ,U
mr|h)
d7&c
0}a)
&cDC
mE*|
;<81
F7Bi
dO'E
"v!SI
b]Xo#6
^"L(
o7rSgYr4gXWbFCJCjQS
UBmB
2d6-I
N$9
EI($E
<tr[
vCck
(U!HS
, @5
Mjb1
rs<9Z
op_Inequality
@ agIm
yHa#
GetManifestResourceStream
[/~C
P)E[~w
d=~R
*j+ (e
R)
]V%PO1
:nx /H+
5`2g
xx SW-
)F&#
v/F;[
; H3x
m~-rC
8*#
p03"
IntPtr
g$Y6)
i`*$
{}CA%
-DjF
4 XR
A96#
*j+ (R
d!R*
FvF
7wP
jFEj
<Bb v<
4XC9ol&:
3#=F
~+E @
System.Linq
W{{S
0c3x
LTKTZpNNeaPSfQAOFoX
WMYNQXNejE9bGwXZNBJ
{?xw
l 3z
24wu~
System.Collections.Specialized
bllMCKJjHuttWc2aEZ
8~o<\
m!9(
H!X
IPQF
a[4fd
W/PZ
i,)U
OIfL
>2|?
f,~lf|
DHmZ
dTE$C
wcFk\
_yPH+
i+Mv
Q V3J7
#9joB
hS[
h-?/! 8Y
3WVY
ResolveMethod
bpfKxyEiy
sv @_E
o>]Yg
A) ,
Iqo;fl
}."
asc
<c ^
c4xYPcBedXbInDZsrJ
LR=,n
9U+C
zFv4mAQuX1L5S1EAdx
KW%)o !
'~>6x
Z"@B
`AGw
m[C!
iu/
Itv+f@$
YRhT1dOrynETVtSD2i
KaQ ,
:%|[
TT3 R
ua@Z
f'+
,0j{`sl=7-
uSg!s
RijndaelManaged
](i)
M^@Q
Pz]:
hU 3
qWhKWJrRbpghKhMxcpr
XLg$|&
aP_
2cIQ.
gB=R
'&%O
w4PVhJ
lq g
WoXW J
f`4Gs bN
S'0_
yr e$
8fXA)
[ 's
/884+
-WaF
Pn8V26OxSa6Y7rRTHS
{i^q
!%[B[a
A1&m
$Rc*Y
=nY!v"
`xvv
u4 Q
ofn
(z&f
cUeWAH1ByuddWpaAIm
GetProperty
ZdWlF
Z0g2c
g"DJ7H
b5H453AFEK
``y-
?}FY
-&,9
r4qP
bv2X?$A]|gHGD
$F&
*[]D
d /a
ult5Xarm0Tsn0xdoQtN
_J#+S
xh@Z
Hx)+P
)?U^iP[/
iM.(
e3g4NDVmNV
tejc
z(I0
E,ae
000?000_000
jr~Y
5Wj
nJ.
3Jt^s7'
Dyrs
QuyOGx5A0NClBKTWWN
~Oc[;
(
.^W[
gKAvAK96Y
&`@),
j|V
#+S\`0<
Z"9l
o4ll
BinaryReader
LbI6
4"-A
"X">
N<96
Z [s
j X+
hGNtHurvfcl9kIPt9jf
/@&@
: g(
set_Key
%UMa
5uw+
)i,D
+D{W<\
]:2
f8*wv[
)iJyRZ
F,q3!
onYr;G
HY Ow
zs$ P$
:#9D
i >)Wg
gOk44QyK3
{`C.
ASE4WmS6Rh
eA:D
70zZ
J3/d5
{kiuc
xa
(Q
esYD
^~uX
)~G+>]
9{Ef
J5(Z
typemdt
Boolean
-RtVc T
G<0T
O$M1
W&mq
,da}
,u.
% P
K&0
W'!P
lv pw9
] b^
V+ (;
!b9;CjK
mnR
L&z7
2tb@
5X"V0
|l;L0
@"T1{
9@:|.
UET4RqMvW2
SKsWn4mB5o5p9WVP82
'1#d
ZA
uBcLojPjYwnYPTUBLS
W $
kpgL
V+ (*
aUNHoEGOu
Qmal
4A-ml1
MethodInfo
V+ ($
V+ (#
k6%Y
A!j?
2oH4r
ubqxY
nN*R
-*@7
KJ.fFEu!2
o gjF
K*Tp
@x[1
CompilationRelaxationsAttribute
"CbF:)~;fDO
V?fF
V+ (
R}?g~Zu^
V+ (
m_isReadOnly compareInfo
@b4-
^wSo@
]K~G
9CnXu
k.Nr
+SS)
STDN
MemoryStream
V+ (y
a01W@
R&fi\\EbzL5
npKg2UrXFwwvh95n8pk
poiv
MH4b
dNaJlZ315GhBH33LIE
,~}~
lnepGNeXpxK1XsqXlhS
J]@W~\
DL) MJF
V+ (h
aE\V
z/]{<
Ri=:
V+ (`
ox 3
vpR1HDqHVOe1JZ46XT
= ?+;c5
b?^X
0 d<
AP$|(84Y
~g+ft
c#hM
qg(4
dY?4k
H1JC[
J0@j
Q6jZ
TMaL40CTsr
bY9Zt
O2F 8
X"q(}
+ (Jj(2
V+ (E
9GCj
V+ (A
$aRq
, I
U$qI{
T-.js
!#Tp
BjF?H) #
qun
!O6\
7q(&
{ ^.
zHGI
&olb<Z
-hNX
G3m:
8AZsb
DzT
6Yea
r)Mj6
eN^v
[t_b3
g9tjmsNyvfxITRpGctI
uc Z
z@
]P,i
~'4:{f
cGtT'
zF#XbG
bkdWX
P^=L
ivdg0QrcM
?J jsN
!{1/
+HmZ[
eyM^
,+hBtN
pGm4l6v57m
IEND
jN`Q
mU|\|
f<nA
EHPz[
eR3
idxoOpr0W
JJwd
4FcF
rJ.`h
` tm
msQ,
WR5Y
D"!*
z\]Cn
Hk3d[
L> S
vx a
6MO-p[
B+ (Kw
111+222U222q222
jbn`
H$Ypn>
PRK,_
mm%[]PP
|K:TY
2VN~ n
t'y:
Hrv
"}-c-
T%?6
t Tp~
$YeY
y(U$
GF..1
6]u*
|3a/fL
+d[}
7pd5
<:tb
#YZ0
-O))
3*n*nJ
Vb+d
f @h
<)8F2
> ,-
5oTB
D7cieRrbvCHsvc36wuZ
\yc*
pjozYWv59
c@AG

#$C0
nN?DeS
I B*
n|<H
aLQ
E`Ya
PnuS
z&[B
/Pki W
+,fF
p6L4uUWc9Q
C+w,
YL?-X
QYXE
+ ( P/
,*Ec
FjFd
^Q n
r}C0
K8;8M
\/QU
J 0/
AR3Z
|NU
(` :"l
gvtH
n~f_k
NNvrJNrLr7tJVuqedNk
CSharpCodeProvider
VNG0HjcPBMBNC59yKU
G ;I
]z[
"S 1
JbuZ8wL2XmR7WOh3cH
I PVqb?
!v"q
y Wf~dK
}p-|
PsaD
/>#I
9Jjzsp)Bl
}X"Q
%6#Z4
HxvDf8N6WNhZYxcyjsd
g#6C
aa1<
pMihP6yousRoSWr9
BS3jGLCFmFQAoD3KYT
XFYf
H H j@i
-zeT
z53
Pd0"}
Vcj1
%]0[
;~FgU
#EzV
System.Globalization.CultureInfo
A6SS
%V!o
#ffff
I 7?
lMxT
#zd)
uCCd[
@/ /
>@ N<\ 5
CompilerGeneratedAttribute
7`_B
{I|:
Ute#
>cE*
Qk{6^
[l$yC
B|GFu
DecryptStringKey
%< G
h7;<$P
f06h`
SR=_
m bQ
M HG
U1\b
vBt
oL`
3L\C
eqx{
qO)i
rxU"
U#Ek
jr,A
~5v^fy
qZP?
]5$!
$fTr
EX7{
RGjLLToXV4
oI4+
@&4:
*}Jbj
yWuWtq
H0E4dCrhrq
NCu42yOGxA
$fTc
}A T
Copy
P`44
J c1
YY[<
Zv *
1c7aD
3 Xg!d
mbm7fIeZMEjIbFWsc1Z
3 #{
zbf&!d
Y-L6
System.Text
GetName
d+oa
OZYsci
*e'8
7cF7
'Ai
26Y ]
>R3 Y\
5o&q
&q>2$c
eleY
<|Ab
W3yo
*>6C
"|Wh
K0ju0IB2iAwm2bHFCw
LP2XVjexqKQTnWvZiVA
,_QV
1 u
PHT/
flags
W}LJA
& ?"&
zrwR
bpA2XZjXtPVylJ8bAI
DsmI
\i#E
^o\Z$>i
4QC
z1\H{I
Mprd
),uR
y+X
System.Globalization.CompareInfo
P-4g
`B
W[]Cj
CX:eg
B aD
$ cU
vKs4ft
[[R9
[-W5
GHf4i
{|a
EG a
/.m
zsy([
A!/D
@m"j<;
B6W<
4XS}
~W_~
{q)f
$My>
5! P
'qT<cB
rjd4Ayr78O
jMfnc
w,L5)
F#~>
d lSHql
)x1f.
/@S[
h~)<#
xhE&
}0G]C
xeP)
$$method0x600002a-1
$$method0x600002a-2
fj$K
u;WO
K36ycve0JcguhfoCSAF
S<)b;
A}6}^
gzMq
wuWR
GuMp 1J
7b`y/
LW kb9
{d):7
^qt@
Y,$k
Y7fl
+ (k+
%}]%
8'WK
Ay@l
Y J$
wsv<
:=H1
0 0
6 $[_
__StaticArrayInitTypeSize=16
:v#H9
Fp V
Am H
mcd4LiFBw9
} 2
@x7o
FieldInfo
$rPu~
c3s.2]O
{X^U
i|N"7M
Nkp
p=|0
H"# Z
rdN3s
h~Q3
<g]`[q
VouY
KL%|
xSSWUjfW0
Gl*W
.GHp#
Xy$+Hr
H3uK
;X=fL
Q@q*
QrxfFNeFnrkPyCUSWyO
%y>w
#a`7
f+a$
kCBZ "
j=,E[
K`hu
6 /o<
jdzC
String
>fXF
Cn)8
k-|p
_CorExeMain
d2zQ
d$fD
}31Xs
1yY
,EyZy)
Uord
I-Z.
}XR
~.l
t`x$~F9
PropertyInfo
}tu1G
P2*
+.u<
&MFF1
z_;k
H?#R
^tGZ<
DebuggingModes
` P\
InitializeArray
-1QL&
H"di
KCOIhlNrYOIy2t97cbi
aP#? [x
+n)O
rY)
db#8
`&Az`
$7MP_ E
vYc0dXNBt0bkI0D4BA8
W:f:
kAth
6%O@
}<&.F%1
%%%_%%%?%%%
L~#W
pR6Nuhe1il87dA2J5gg
yUdU5LvdyBn2th0Aw1
fPO^
*j+ (*-
ToArray
ql1(#
q)~JIp
~%$
w$2/
FmC5
.nQ
v<o@}k
a/sT
40Ev
KFT6
=r1
H?# X
;Dz`7-z
7/lIM
UTH$
?a 72I
j7J26frA1ahZnDeZKk7
fZZG #
Px!t
T2vSL
" c6
!E"1
6FA~b=
f$ =
0T(
6fjz9
0Q
`'^HO2w0cey
lK o
vI7J
LbNE
S]Svy
uvPu
CompilerParameters
HbFb8
XNy]SRf
`.sdata
!%8.JbT
CP^C
Q2o4
fPu@
>HEN
d=k{a
j!MJ
Ifk%
|g<w
"yF H
V<
DjF$k
jB^2
UkG)D
/a>`
0<a&
> rHm
b^f~
%WhU
]5R
RR3:
[7kIW
2e!Dj
)))_)))?)))
111/111?111o111
Od6{j
G^jhB
NH>h
Xju,L
%Iv)
y g-
A K_
`P<"
$<ni:
:[3*h
Attribute
4kVu
eov[
q exg
M 5P=
9_5rl
`@ o
Vg+<
q9P9
Yyy`
cS*r
th\W}
_$}F
~+ (
[ sr
42oo
7.-
n8?Ee]
B+ (
w [<
/D8C
d6-
F57s
'!&;
fm*D}/
{ .{#ah
BeginInvoke
4mGo
r7FDgeHAb
&0*Z
t5<
< Q5
X% FD
5 Xj
B+ (+
#,i7bfM
YZs.
.ft?
TtNxF
B+ (-
z9tpXt
p U2
X~+
.d%z
CallingConvention
pYNSQkI3x
B+ (5
0kI..E
B+ (;
L:8X
B+ (>
/A w!{
B+ (B
a0^Of
jSUD
Reverse
HnZ*
pn<7
FoTBM
yv6m
$$method0x600005f-1
iEs4OJA
|M"
.?sM
6Y/8
<Module>{7F77AB3C-7D5B-460B-880F-6B0CD4673A2D}
gDELsHWEaToGP99gQK
E&EdY\!
j#A\
iq{$
C33s
RuntimeHelpers
Jkx`X
|>+`
ByIqy3NOsyaE9xooHEt
}|=o
7Y"!
9>~/<
&RlJ
9Jp'%"=
e j8|
A'$As
pnqixpeiHq8CkJn2l8w
=^GxS
qf{[
O$Qwr)
b1GvrfeEIVVyVYwfN0H
validForParseAsNumber
Q Z
M'~*
3 7
G#iX
x'tHK~
b{%R{
WCA4sD3GiI
ESfQ
U*kWLx
b0Bac
:)Zo
]"k_
DCBQ4vracs5R42drof1
b7Q5
4c3#
jXM1
(4/P
-\'
j qmvV
qJDPSQvrO
Hc@A
^2.W-
TewMDg`
OP
"ar*
8~f4
W(:)
D( 9
1X;+
v1"N
, +F
Z6
84RJ
R$7-
Object
[WRh
7 tF
dJrcNOnUF
e LM
ZN{O
,#/}
j>2tP
.` &
V+ (
6kw|
Qf8,UA
VsPs'
Wwdw44wl87I3P5RaU4
ComVisibleAttribute
'q K
^OxU
%EH7[
5l8Uo
voK
4MpG
K*2q
8`UZ
ks%R
[S\[
tXe,
L0#Sx$
Ej2
u1QtPftTnvBHYWaXcy
TeHZoAr1t820Krr0Drq
4 #Akb
eq"7
d6M@
SfU&
ec6m
J!Aou
T }8U\
lOcf
F<{1
qxu>
A\v-
f 2``"
]UL ~
}${e
Dr]c
!3K]
tI#~_@G0
=!\j
^r''
YNR329
g5q-
] o
Vw D
Select
s6/ Q
G2uE
yaVw
dD$F
u7B3947IcHwBxMuOFs
&Q:*ap@1S
3%c
I iji
rlr4ZoKvw2
AssemblyConfigurationAttribute
a@"LP
FRusHtrzM3lLcSjXdMo
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
bkB~
V+ (&
1lr-
oOfHkmrgufynP1A7gqm
|sWm
.1 .
Nhcu
m_name
^eXJ
[zQ]"g
yA0mFMrcrwyk99DloGp
.j ^
aV\h
Z,E\
=!N&
];74
q]HH
,MjFo]
{K&p
Hashtable
%System.Globalization.NumberFormatInfo"
bH7z
{- &V
?c4w
.;Tg
bM&
} 4w
I\AF
.)!
LP W
PKQh_
Mpr0WADIjWcjkF4pfx
n<! O
%%{<Uc
-08[
bRk(
HMbhla
a6V1
5+=O
Fm:
-XB
U]?Fv
yLQx/
LMSIi3Np4VpLEcnBf0i
gwDBQ
1PS|b
q8 p'
~czK
3b&IC
o{E|
8c}(n
?l7nc
}'8S
J |eo2
.UZ3
Stream
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
`VLf
63e/
,Mj0
kwp)
x,
wa@Qu
hnmY
\WzfI
yb'B
"|{(
sRGB
Yi6hiPfLl
Uda55?
e2U$fD
tWXxkTeJK9Wnavv3LLj
(nc>h
f+ (@'`U
dyPCNYWkJjdyr78OV0
\2hH
aaS8
chYkX'
G1#
t>7-
U1 o
^|Ye%
"9M$
cfj@
'hiJ
Exit
pRZT5ierAanpc1KLgXc
J=fF
4?gWy[/"W
OHM8
L*9#
L/q$f
>$ J
v x"
0fP1
% (c
! c"
~$B>
* M;
<L{R
D}w[
nAq5kteU7dNKS8o1Q8a
eR1gHSKCaZpSPMwW0f.QuyOGx5A0NClBKTWWN+eS6mYSupQRAu6Pm3gD+GmNVK7iJIm5ElfSEmS`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
>#?y
Np|G
B+ (m5+V
;gCz
6]e2
I-\K
C$ZRJ
SuV4QEgZol
}_&U
AZm@
MZ{I#
/ew!
r&k
nZ{o
abIQnDZsr
/// ///'...I///k///
MJbt[
TE~C
rFcFk
&*j+ (
u4kHoOqnUMk9geL7mO
f4S\
)v% G
kCG)R
9(#A
,7+
LJ/H
&*j+ (G
JM'1#
;fx[
>M
V1`f
f&bq
YFgeHAAbmHydGVhmhp
H, HL
H)jc! /
I(?C
9a+ n
^g\|
BA|D
<iBIb:
a1ZyXgUt
{6<u>
}(R)
QiW?
ge983JXm8
EPQ5V.A
m` vA
&)sk
j )b
i3ad
@;
h x'
0 #7V%*
percentDecimalDigits
y> r
PUF4hk5fIu
SFU4mbT3GMret7THonf
oiWZ
NqB!
fL! `}Q
.NET Framework 4
}ukc
9nHp
dWlE
) v7b=
)2Kf#
n*l(D
!Xv7
`U<
(";I
4 mx
!hUt
CryptoConfig
oVNEotrsShLaYRD38Up
{r<k
S52 By
Cb=$
!U\p(
TG;D
B5q3x48Ig9b4LHETqM
L4>:
X6)b
%ZT"mV
6fL+dc
7r
aqW
,<n_4~
$R3:-
Vy 2
I+fG
XSN;
h <&
q,oJ
- Vs
O1^N
M}/p
Kiw(&@
/f8]
'1#MZ
)QsA
lh DbL#r}8,
|g x
e#0oET
$w$<
#.!$fD
.ZdR
J;+$
. [03J
u 9E
:1s.[
V+ (l
f+ (}R$?
FaO{SCC0
}2atb8
IYta
'Bsnb
w$+G
K^v/
H}-}
R0te
x0YQZPrZa04Fdl74IM0
9{^\
~X]v
3"qE
QZ^&
=yZu:
tl/}K^+
N*O{
S{GT
FtIrY
\fCe
PSKZAXrJBK6WVJfOYG1
qoCoWxND3VhF9lbsSR7
iO<~
AkbYodRaMhZ8T3ok6d
ve16
>qx(
Uo_h
~FXb
4rY#(
A),wb
iIj5WcjkF
'w}
Y}!e
>fF.
KDDJWYLVdLIunwufhW
!8 CX
?}hVc
;8R
ON/ rW
MbF*4-vH-
BRd39V39mUdvlQDR82
~S f
s JJt
o4st
RGks
FFCP
/!OQC5
EV%q
Tg{z
Osh
%(HQ
vk'iQ
CS8 Q
8m"
AesCryptoServiceProvider
currencyDecimalDigits
N1B7
RA)W
e\MK>OQ
6@%/
*jos
+R R
@ -eQ
<Oz`S
f+ (_HfW
%SKKp
i(w
b 6 v
cuKMA4!v;z
)ey
$dQm`a
]6o^]
#^sb
b+ (
`/16\@
y*(l
yBIx
"M#
set_IV
p`~M^
U[1|
R>A|
|?al
.$9(
N1$*r(
O==w
``u!
U3@\
+ >?
&O%
SH^l[
x`jS
*2]l
)u ]x
KO P
1[+D
2<kk
dX wJex
|B}S
f}!W>
I c
&ZoOI
xA@Y3#]
) $6q
;6JE
pKw)
4vpZ5
h,Y;
B$1#
>=g1
4t~r
3fYU
"H85
z*7)
t:}#
b 6
w33Z3
7PZ=
6;<N
>2]Ii
[ElF
RCCcS
_L,o
?%T(
jC 0"
A:DV
j3u@Z
?+`f
:}OCni
4flK
Vi+Si
kljN
e :d
b_c(81
13*it
V+ (F
]<ib
+r1e
*p(X
^]R^
.`3>
7p7y
Pd}g
]$~F
`<^l+'U
V$jF
d3f\g
d7r
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=30
Zuk=
$# _
jy*B
Uby f8u
9|1l
h;t
!-ch
*4lL
z K<
R/f8
NQ&=
h\N_
10&R8
+ (U
+ (V
+ (P
FssNRi6vW5tltAVI0R
z. P$&
?MbFb
+ (X
k|,
CB7I
U50!T
sT*JS
+ (F
CreateDecryptor
tJcm5irthBVLDeGnfiR
+ (C
c r`
negativeInfinitySymbol
([M%C
M!fF
ko]n }l
+ (w
s.,{#
9BkkCW
NMbOeueTtB2lT7WgETy
'}ISO
oaP%%
%%%A&&&
CU}`:
yEieN
_C&x
Kdcu
W/y'
U# /
+ (l
+ (m
r+ ( ^"S
+ (o
+ (h
uA5W
z<Sk
Trim
V*74'S
O(d aX
O t{J
]4
+2741)
<MbN
U(5F
c9{1
UmeiEce97K2Yw8uKy4Q
0B|>d
innuN
>Rv;m
)# W
+ (
.1e x
koK&
K,m %p$k?
Uc
+ ( EDG
OAqy0&
M#.3
,GM1[
!Q980
mQt
+ (;
B:Kr
+ (%
6Q6o)X
SAgn:k
GetTypeFromHandle
IAsyncResult
IDATx^\
pd.dq
`T
Zt+v
*f+ (kUET
<u15*0
[j*W
%[4ft
Z7b9F"
Z^8J
U3pXb%
SymmetricAlgorithm
rlaaDmenAifTAtxLBGv
taF59%
k683M
x] 7I
Kt# Il hu
percentPositivePattern
J6 @0y
lOHDL S
get_AllowOnlyFipsAlgorithms
C8b5)
Zg'1
nV5E
\"%r
ansiCurrencySymbol nanSymbol
Aj#+
$bEQ&a
HC>`
m)O )
"7/5K
HHrl
u0RK(
~`0N
N3P]
<{]
Do*ZH
V+ (]P64
tPY
pNRh
zMB?
<$Dtb
]\h M
k8N =h
Lc,
8;zl
FzZ*
10g}
G3jo{
_5_=
AZ"1
+ (Ospf
kxY
Af4
p E,g
4:I
zcIZ
kPy
!SVN
fuZHO6V5hsf0JxWJYQ
(((i)))O(((
z<oF0
~fws
`BMZ
DJlpZ15Gh
a26(
vj]o
j+ (
rJSj9Ym7Imguemfv8w
FileAccess
97* ~
>r8H
vnvu>SJ
QqXni
]ImO
@,,N
~1};14)
!A0|k
set_Position
#.O5
ppc1
XUsBW8KsW
|~e%F
DK!X
]{,K
~+! w
IDAT
}rYA
zE?v
fs.J
_ $!
4=T_
System.Runtime.InteropServices
!lvZ
rmHk
9=8!y
D0f4ImS6mY
'.EEX
gxs.
; J{
Math
pwd(
UnmanagedFunctionPointerAttribute
p*PG)Sm
G`I$
yMDihVelKcfLX5kRIDe
5MbF-
yH#
EAGk
u5Wc$
qpt9
>>^/
)Y
-(lT
Nm3L
aQR w
41X[SBs
%hi&
BOnUFXjqTZpFnba3ns
6anOt
i
e!-mS
P Ej!0
ojF=
*WC.
"%4
&=sR
R Bl
vh v57
Gb)-K
RWAUScKPe2t9QTiuIM
ihF /
2dbH
4y_p-0
LTqlPIePigKk41S9As7
I9r9ly
vkaxP
nZGv
SuppressIldasmAttribute
M,"6E
oMK( M
r }F
MYLG
z ~n
MC~2*
@G5B
YJp`
gwkk
\kuX
#< 5
U5PE$
>. H
:1yX
kHE85TrBCCH68hDGp6w
>+?+]
%:6i
OEz;
YZKLXkhKbB
^ }F
*
y1WYS
lZ'X
i @o
set_CompilerOptions
M:d&}
!Y ",
Y>C|
Bm j
5 3j
46$LM
rVuv
5d[~ q
Hpn^
B+ (7 )9
j}ka
YiSRM|9)i
c^W
EBly\b
L%RVp
l%lw
`tOB
km`H
8J`6|
tFRTPs5yJ
%QP'Vgr
s08
a\7q
-< l
kx2"
yUCa %+
_=md
8"hR
YRc"
moGQCe
'pxh
Et8g
C5m5
Xaa;u1~>{0
Z;Ix
JbFZT
_F4k
kOg"
_
l!E9
m>=9K
p2TB}!t
DJEktPeDGmsohxm0blb
K ,6,
kjPz
*dh&
H lDa
{e O
^CbF
f`aX
a)i)
h,
IDisposable
oRARv
lTXQiiezRernPumyiRh
fF+B
N[[`
G:uI
Exists
3+hn(
NUmiJhrHAp5MB3TRxmi
0CJ`
k^?S3
H{8d
currencyGroupSizes
Y$U0
y*'i
\M#,ER
M <B
N9'_
lG*i
set_Mode
*u'f;2
Z6ECA
7%wh
7IaiX\
FcFVsi_
MFa4arSQ6bh3Sd2ipt
C
sD5B9
%-qy
i!W]
(V@I
h:>?St
t:Xme
5yD
-odJ
w?y(
W -FR
>_wR
R'uC
UJ;H
_J&
8K'L
AssemblyProductAttribute
&C}Hg
bT&e
bTi_
enZ4Dkhs9j
ZEd"
L)m2
B0- L
KIMQHP
gn~:
\bUO
;T/<
/NI=
<Module>
a7P>$
FeEY
3009s
O.Wa
5WpD0
6[}=[
P<k?1
z+ (`
G-0Z|
E{^S
MulticastDelegate
2 K+
8o{+my
&!(
t !1
1$Fd
oU/>
ComputeHash
v (=$H]
0+o@
, rE#
NWMtiPB6TXloxlOAdP
~j?
O"*:w-C_m
=q|$
>pE7
1FkT
dMB5
J}S
'Z]sP}
K6t!*C
V[ 0
(bI'
,{#~ 0
j8K+YRU
=*M\\
9MW[%
y^ h
3/n/
FwCbyHWGpcTnwanim1
*rf@
)
DUynkEcCoSIK7EatUS
Y.Sh6f
8E]
{I*H
KaL7
,i6;
6 ??
^-!}F
JlxV
d=#}
4r$[
/(O{
+ (|YB\
UN#1
HAcxc
`]Gs
B+ (7~ K
!Xfk
CreateEncryptor
JOK^
c]5UKk
FU7GVh
L*m0-
X1@U'$
+ (`!
:J+d
$R"ya
7#xS(]
_b`*
1M(
W6%/
nativeEntry
kts6dhDmvojZXDx9Yc
T<Y1
| O'
eH),7#
}`1`Iu
v|g6
!R3"
GG9a
omn'
&'e+W
+n;S3j
chV6
AUTV
6f{3
f}XO
XrId
4Pz0
h{]^4
m`yx
u5C~YSb
? q7
n0jk-
T+;
Xhs9
n+ ('
RPU*y
_!Xb
~<>#
G g$
PglHz
.*j|
xI+
~>>;
] L+
:I0f
5<ik,
lly1P4rdCt3pFtFsSkK
HRoc
percentGroupSizes positiveSign negativeSign
VR944c0p49
Qspl
SImI3$
B#Cz
KC{(
jmsVV3ekM2tlFN8ClUk
ZB%R
8X2c
M^
c@r4
+U48.
@"[[W
> F*
9{1#,
F;f4t5+
7pI_9
H9jPBCfZnSEMywPSdH
ox{%
d_Z}6y?
jJ=NW'
fuZkA
\cCa%
aPmW
MQN/
Nullable`1
eR1gHSKCaZpSPMwW0f
---k---
?1'_
ey4kPxbMER9BhpitXN
{I\:
3Sk&5
-`*=
\;^sG
}B
_"h ?
1 VK
vIWh
`=pC
JMjH
etiW6veOs7OE18Tnw0K
D5*~
GetPublicKeyToken
System.Globalization.TextInfo
lOZi.>
b FbFU
get_HasValue
)p
HfUGrA
iLn!
Kcx{
{)j#k
ePwh^z
]M(;i
3._q
7a){
:H&u
F0w9m/'~E+
7`IC
J:<b
XI9mO7TTDY4x8DGLDw
^\p9
U61f
g?[s
bCm9X4Dln
Uu7XXbrWh3ZoCxS0Qqf
MW1ju7e6Sk56DG1LNcc
SetValue
GdmtyG64ng6gU2NL7M
Encoding
es3}t
/lwA
Y Nmc+L&
p "Ef
*V+ (
(umN
!U|6
<$-7v
@tE;
ci`R
p[}~e~
,H{
hpQ4fRAu6P
GetFields
6z6^
nz#-3
=e$L
cZ D
X Ho
IEnumerable`1
& -D
calendar m_dataItem cultureID
V[VGr
L6iPfL2lXUNoEGOu3F
%En[
Kahv
FRUFDDeVAJFI0XYZXMk
r+ (#
W4 R
u7 @
TVa~x
kh]h^
10du
&JKeS}x
hRAtliidY
dJz3
;f@ws
__StaticArrayInitTypeSize=256
i7uqL2rKLAPeRaJkr5I
c%y;'
d2 75<
>xY o
3RjK
G 3
[Kgx
A|y;
UTCY,
h;u@
[dy)h
V+ (z
(iO**
u [1
PDPcKhetUhx4djmkadG
1+OQ,P?
pOws
A,:k
&={M
<5=5d
/ %?
uCeE
.-HG$
/A3DR
Sj3
\056
K4}H
^g82
r+ (i
fPA,
RasXXoLtMnn5uduCms
AqU-
CXjMv
J`1L
,>.`
$ i#
r+ ([
vyW?
%Zpb
mc+=
) Q
).6b@
Replace
y{13I
eB0IRqXd7Uvf7E8d1k
Zero
sYY\
e|>d
OC~1
oi44
TLxj7gNofVR4eRrvsO6
P<{;fD
fPmp
0>s^r
!.Ci
1xAi|
R2)[2
_o>x
sn (v
9K&^
rTgn
(*nG
/YlY
eqB\
hIbF(
::f
AeNd
M FD
>x}m
%Y)+^\
Fb~R
g1#S
AsU7p2gvK
G? Fk
}v'I
j+ (x
DAmD
UwXk
JJG0w
N{`0B
~oY`
EE@s
WVOXtquFpqUCmDY2nr
>h) "1+
<k?~ O=
* Mi;
C f@
mcbT
GCZ4Pt4TGD
r+ ('F5I
)ylp
xl'{
Z(Dg
f+ ({W
lARS
f+ (C
,w{g
Rj 4p
kqIF
d dC
Tq7:
;4K_q
\;$h}
<AlL
lZ~F
t~LRb
Dd)H|
System.Collections.Generic
/~ 3<I 8
)c;d
H`-,
Em>4KbF
~R 2
'f=j
b~KU*
_%=]
b0Bc
a@*%
'`~%
"yXB"
Wdfjx
ri+Z6
#)Hc8n
>y]
_W(O<
Hk1
fD d
GnZ7NTrGSHgqafF5SQ3
?FA=sa
-#u2
a
(+i0F
UUUU_
? +!
6+nI
4)M
w+DC
>+ (Y
D<zl!
Q$`x
>+ (C
WriteLine
^ 8}
2aT]P0
z1S0
customCultureName m_nDataItem
8x J
F( J
?_d
P ]E
?s3#Y
Rm2JI
l9C)
7 -P
]3zG
=6|#p
?Z4w
3Z UF
_}FE
~LaD
DmZ'
rkU_
$)6Q
ECn%
O:gb
Ve+_
wRFudqZlq8roScPV7U
QPVmC
c rV
`S=M
\6]k
UL]J
I'4+c0
#GUlD
\3{\}x
W1`!.
DN'r
D+0:HU
U``
Em"k
Z8UC
>+ (4
([ 8
Y-T^
,7kn
"u&.;
?oi=
p>*J
rc+Vk
O]j ^
6M{/V
PshPj
zRG0CIUnsDUlKQ4mMO
!1!,Q.(\O
M}?k
k.$qE+
xd.0
t(ni&B
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-07-25 15:33:50 2018-07-25 15:36:42 172

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-07-25 15:33:50 2018-07-25 15:36:42 172

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\im.exe.config
C:\Users\Seven01\AppData\Local\Temp\im.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\pMihP6yousRoSWr9\*
C:\Users\Seven01\AppData\Local\Temp\im.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.tmp
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.0.cs
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.dll
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.out
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.err
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.pdb
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Users\Seven01\AppData\Local\Temp\im.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\Seven01\AppData\Roaming\svchost
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\svchost\vbc.exe
C:\Users\Seven01\AppData\Roaming\svchost\vbc.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vbc.url
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\System32\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\System.Management.dll
C:\Windows
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Users\Seven01\AppData\Local\Temp\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Users\Seven01\AppData\Local\Temp\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Users\Seven01\AppData\Local\Temp\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Users\Seven01\AppData\Local\Temp\CSCB9FBE6B7D0914127AFFC6DE3F434A6B7.TMP
C:\Users\Seven01\AppData\Local\Temp\RES30DE.tmp
C:\Windows\System32\tzres.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\im.exe.config
C:\Users\Seven01\AppData\Local\Temp\im.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.dll
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.pdb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.0.cs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Users\Seven01\AppData\Local\Temp\CSCB9FBE6B7D0914127AFFC6DE3F434A6B7.TMP
C:\Users\Seven01\AppData\Local\Temp\RES30DE.tmp
C:\Windows\System32\tzres.dll

Write Files

C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.tmp
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.0.cs
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.dll
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.cmdline
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.out
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.err
C:\Users\Seven01\AppData\Roaming\svchost\vbc.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vbc.url
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.pdb
C:\Users\Seven01\AppData\Local\Temp\CSCB9FBE6B7D0914127AFFC6DE3F434A6B7.TMP
C:\Users\Seven01\AppData\Local\Temp\RES30DE.tmp

Delete Files

C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.err
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.cmdline
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.pdb
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.tmp
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.out
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.dll
C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.0.cs
C:\Users\Seven01\AppData\Roaming\svchost\vbc.exe:Zone.Identifier
C:\Users\Seven01\AppData\Local\Temp\RES30DE.tmp
C:\Users\Seven01\AppData\Local\Temp\CSCB9FBE6B7D0914127AFFC6DE3F434A6B7.TMP

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\im.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.GetTempPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.GetStdHandle
kernel32.dll.GetEnvironmentStrings
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateProcessW
kernel32.dll.DuplicateHandle
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.DeleteFileW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.LockResource
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateBitmapFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
shell32.dll.SHGetFolderPathW
kernel32.dll.CreateDirectoryW
kernel32.dll.CopyFileW
kernel32.dll.DeleteFileA
kernel32.dll.WideCharToMultiByte
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
kernel32.dll.ResumeThread
ole32.dll.CoUninitialize
oleaut32.dll.#500
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptReleaseContext
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
advapi32.dll.EventUnregister
kernel32.dll.GetProcessPreferredUILanguages
kernel32.dll.GetUserDefaultUILanguage
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
version.dll.VerQueryValueA
alink.dll.CreateALink
mscoree.dll.CLRCreateInstance
mscoreei.dll.CLRCreateInstance
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
clr.dll.DllGetClassObjectInternal
clr.dll.StrongNameTokenFromPublicKey
clr.dll.StrongNameFreeBuffer
clr.dll.CompareAssemblyIdentityWithConfig
clr.dll.CreateAssemblyConfigCookie
clr.dll.DestroyAssemblyConfigCookie
clr.dll.CreateAssemblyNameObject
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
mscorpehost.dll.InitializeSxS
mscorpehost.dll.CreateICeeFileGen
mscorpehost.dll.DestroyICeeFileGen
ole32.dll.CoCreateGuid
diasymreader.dll.DllGetClassObject
rpcrt4.dll.UuidCreate
kernel32.dll.NlsGetCacheUpdateCount
ole32.dll.CreateStreamOnHGlobal
mscoree.dll.CorExitProcess
mscoreei.dll.CorExitProcess

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Seven01\AppData\Local\Temp\rctkn4lj.cmdline"
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Seven01\AppData\Local\Temp\RES30DE.tmp" "c:\Users\Seven01\AppData\Local\Temp\CSCB9FBE6B7D0914127AFFC6DE3F434A6B7.TMP"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-07-25 15:39:06