Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-10-18 06:33:02 2020-10-18 06:39:18 376 seconds Show Options Show Log
route = tor
2020-05-13 09:09:59,196 [root] INFO: Date set to: 20201018T06:33:01, timeout set to: 200
2020-10-18 06:33:01,046 [root] DEBUG: Starting analyzer from: C:\tmp2ylp3rhi
2020-10-18 06:33:01,046 [root] DEBUG: Storing results at: C:\DANIkz
2020-10-18 06:33:01,046 [root] DEBUG: Pipe server name: \\.\PIPE\CsUQuS
2020-10-18 06:33:01,046 [root] DEBUG: Python path: C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32
2020-10-18 06:33:01,046 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-10-18 06:33:01,062 [root] INFO: Automatically selected analysis package "exe"
2020-10-18 06:33:01,062 [root] DEBUG: Importing analysis package "exe"...
2020-10-18 06:33:01,265 [root] DEBUG: Initializing analysis package "exe"...
2020-10-18 06:33:01,437 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"...
2020-10-18 06:33:01,484 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"...
2020-10-18 06:33:01,562 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"...
2020-10-18 06:33:01,625 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"...
2020-10-18 06:33:01,734 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"...
2020-10-18 06:33:01,750 [root] DEBUG: Importing auxiliary module "modules.auxiliary.procmon"...
2020-10-18 06:33:01,750 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"...
2020-10-18 06:33:01,750 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-10-18 06:33:01,750 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-10-18 06:33:01,750 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-10-18 06:33:01,750 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-10-18 06:33:01,750 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-10-18 06:33:01,750 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-10-18 06:33:01,765 [lib.api.screenshot] DEBUG: Importing 'math'
2020-10-18 06:33:01,765 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-10-18 06:33:04,000 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-10-18 06:33:04,031 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-10-18 06:33:04,093 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-10-18 06:33:04,093 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"...
2020-10-18 06:33:04,093 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"...
2020-10-18 06:33:04,109 [root] DEBUG: Initializing auxiliary module "Browser"...
2020-10-18 06:33:04,109 [root] DEBUG: Started auxiliary module Browser
2020-10-18 06:33:04,109 [root] DEBUG: Initializing auxiliary module "Curtain"...
2020-10-18 06:33:04,125 [root] DEBUG: Started auxiliary module Curtain
2020-10-18 06:33:04,125 [root] DEBUG: Initializing auxiliary module "DigiSig"...
2020-10-18 06:33:04,125 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-10-18 06:33:05,140 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-10-18 06:33:05,140 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-10-18 06:33:05,140 [root] DEBUG: Started auxiliary module DigiSig
2020-10-18 06:33:05,140 [root] DEBUG: Initializing auxiliary module "Disguise"...
2020-10-18 06:33:05,171 [modules.auxiliary.disguise] INFO: Disguising GUID to e6d157b1-537a-4cb8-b163-b537d5d546de
2020-10-18 06:33:05,171 [root] DEBUG: Started auxiliary module Disguise
2020-10-18 06:33:05,171 [root] DEBUG: Initializing auxiliary module "Human"...
2020-10-18 06:33:05,171 [root] DEBUG: Started auxiliary module Human
2020-10-18 06:33:05,171 [root] DEBUG: Initializing auxiliary module "Procmon"...
2020-10-18 06:33:05,187 [root] DEBUG: Started auxiliary module Procmon
2020-10-18 06:33:05,187 [root] DEBUG: Initializing auxiliary module "Screenshots"...
2020-10-18 06:33:05,187 [root] DEBUG: Started auxiliary module Screenshots
2020-10-18 06:33:05,187 [root] DEBUG: Initializing auxiliary module "Sysmon"...
2020-10-18 06:33:05,187 [root] DEBUG: Started auxiliary module Sysmon
2020-10-18 06:33:05,187 [root] DEBUG: Initializing auxiliary module "Usage"...
2020-10-18 06:33:05,187 [root] DEBUG: Started auxiliary module Usage
2020-10-18 06:33:05,187 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-10-18 06:33:05,187 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-10-18 06:33:05,187 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-10-18 06:33:05,187 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-10-18 06:33:05,406 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Rebecca\AppData\Local\Temp\NEW PO6487382.exe" with arguments "" with pid 4504
2020-10-18 06:33:05,406 [lib.api.process] INFO: Monitor config for process 4504: C:\tmp2ylp3rhi\dll\4504.ini
2020-10-18 06:33:05,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ylp3rhi\dll\AtkcLz.dll, loader C:\tmp2ylp3rhi\bin\bPXqAAx.exe
2020-10-18 06:33:05,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\CsUQuS.
2020-10-18 06:33:05,578 [root] DEBUG: Loader: Injecting process 4504 (thread 3436) with C:\tmp2ylp3rhi\dll\AtkcLz.dll.
2020-10-18 06:33:05,578 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:05,578 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:05,578 [root] DEBUG: Successfully injected DLL C:\tmp2ylp3rhi\dll\AtkcLz.dll.
2020-10-18 06:33:07,578 [lib.api.process] INFO: Successfully resumed process with pid 4504
2020-10-18 06:33:07,984 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:33:08,000 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:33:08,000 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 4504 at 0x69620000, image base 0x170000, stack from 0x486000-0x490000
2020-10-18 06:33:08,015 [root] INFO: Loaded monitor into process with pid 4504
2020-10-18 06:33:08,031 [root] DEBUG: set_caller_info: Adding region at 0x00390000 to caller regions list (advapi32::RegQueryInfoKeyW).
2020-10-18 06:33:08,031 [root] DEBUG: DumpPEsInRange: Scanning range 0x390000 - 0x490000.
2020-10-18 06:33:08,031 [root] DEBUG: DLL loaded at 0x751E0000: C:\Windows\system32\cryptbase (0xc000 bytes).
2020-10-18 06:33:08,031 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x390000
2020-10-18 06:33:08,031 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00390000 size 0x100000.
2020-10-18 06:33:08,109 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\DANIkz\CAPE\4504_136981222381313180102020 (size 0xde4)
2020-10-18 06:33:08,125 [root] DEBUG: DumpRegion: Dumped region at 0x0048F000, size 0x1000.
2020-10-18 06:33:08,125 [root] DEBUG: set_caller_info: Adding region at 0x01570000 to caller regions list (advapi32::RegOpenKeyExW).
2020-10-18 06:33:08,140 [root] DEBUG: DumpPEsInRange: Scanning range 0x1570000 - 0x1970000.
2020-10-18 06:33:08,140 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x15b5fc1
2020-10-18 06:33:08,171 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x1570000
2020-10-18 06:33:08,171 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x01570000 size 0x400000.
2020-10-18 06:33:08,328 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\DANIkz\CAPE\4504_90654357181313180102020 (size 0x1a41)
2020-10-18 06:33:08,328 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x561fc1
2020-10-18 06:33:08,328 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x630000
2020-10-18 06:33:08,328 [root] DEBUG: DumpMemory: Nothing to dump at 0x00530000!
2020-10-18 06:33:08,328 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00530000 size 0x100000.
2020-10-18 06:33:08,328 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x630000
2020-10-18 06:33:08,343 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xbc and local view 0x6B910000 to global list.
2020-10-18 06:33:08,343 [root] DEBUG: DLL loaded at 0x6B910000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7d000 bytes).
2020-10-18 06:33:08,343 [root] DEBUG: DLL unloaded from 0x76560000.
2020-10-18 06:33:08,359 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xcc and local view 0x02FA0000 to global list.
2020-10-18 06:33:08,375 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xc8 and local view 0x02FA0000 to global list.
2020-10-18 06:33:08,375 [root] DEBUG: DLL loaded at 0x74760000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-10-18 06:33:08,390 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0FE60000 for section view with handle 0xcc.
2020-10-18 06:33:08,390 [root] DEBUG: DLL loaded at 0x0FE60000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr (0x6ef000 bytes).
2020-10-18 06:33:08,390 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6E2C0000 for section view with handle 0xcc.
2020-10-18 06:33:08,406 [root] DEBUG: DLL loaded at 0x6E2C0000: C:\Windows\system32\MSVCR120_CLR0400 (0xf5000 bytes).
2020-10-18 06:33:08,453 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf0 and local view 0x00100000 to global list.
2020-10-18 06:33:08,609 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1ac and local view 0x65320000 to global list.
2020-10-18 06:33:08,609 [root] DEBUG: DLL loaded at 0x65320000: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni (0x1393000 bytes).
2020-10-18 06:33:09,000 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x204 and local view 0x695A0000 to global list.
2020-10-18 06:33:09,000 [root] DEBUG: DLL loaded at 0x695A0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit (0x80000 bytes).
2020-10-18 06:33:09,000 [root] DEBUG: set_caller_info: Adding region at 0x002B0000 to caller regions list (ntdll::NtQueryPerformanceCounter).
2020-10-18 06:33:09,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x2b0000 - 0x2c0000.
2020-10-18 06:33:09,000 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x2b0fc1
2020-10-18 06:33:09,015 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x2c0000
2020-10-18 06:33:09,015 [root] DEBUG: DumpMemory: Nothing to dump at 0x002B0000!
2020-10-18 06:33:09,015 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x002B0000 size 0x10000.
2020-10-18 06:33:09,046 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\DANIkz\CAPE\4504_1602155346291313180102020 (size 0x46a)
2020-10-18 06:33:09,046 [root] DEBUG: DumpRegion: Dumped region at 0x002B0000, size 0x1000.
2020-10-18 06:33:09,078 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x214 and local view 0x68150000 to global list.
2020-10-18 06:33:09,078 [root] DEBUG: DLL loaded at 0x68150000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni (0xa10000 bytes).
2020-10-18 06:33:09,312 [root] DEBUG: DLL unloaded from 0x00170000.
2020-10-18 06:33:09,328 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x254 and local view 0x00320000 to global list.
2020-10-18 06:33:09,359 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x268 and local view 0x64B40000 to global list.
2020-10-18 06:33:09,359 [root] DEBUG: DLL loaded at 0x64B40000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni (0x7e0000 bytes).
2020-10-18 06:33:09,468 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x264 and local view 0x68EB0000 to global list.
2020-10-18 06:33:09,500 [root] DEBUG: DLL loaded at 0x68EB0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni (0x1d1000 bytes).
2020-10-18 06:33:09,796 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 4504
2020-10-18 06:33:09,796 [root] DEBUG: GetHookCallerBase: thread 4668 (handle 0x0), return address 0x002B1664, allocation base 0x002B0000.
2020-10-18 06:33:09,796 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00170000.
2020-10-18 06:33:09,796 [root] DEBUG: LooksLikeSectionBoundary: Exception occured reading around suspected boundary at 0x00172000
2020-10-18 06:33:09,796 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-10-18 06:33:09,812 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x00170000.
2020-10-18 06:33:09,812 [root] DEBUG: DumpPE: Empty or inaccessible last section, file image seems incomplete (from 0x0026D200 to 0x0026D400).
2020-10-18 06:33:09,843 [root] DEBUG: DumpPE: Error: Cannot dump PE file from memory.
2020-10-18 06:36:28,203 [root] INFO: Analysis timeout hit, terminating analysis.
2020-10-18 06:36:28,218 [lib.api.process] ERROR: Failed to open terminate event for pid 4504
2020-10-18 06:36:28,218 [root] INFO: Terminate event set for process 4504.
2020-10-18 06:36:28,218 [root] INFO: Created shutdown mutex.
2020-10-18 06:36:29,218 [root] INFO: Shutting down package.
2020-10-18 06:36:29,234 [root] INFO: Stopping auxiliary modules.
2020-10-18 06:36:29,453 [lib.common.results] WARNING: File C:\DANIkz\bin\procmon.xml doesn't exist anymore
2020-10-18 06:36:29,453 [root] INFO: Finishing auxiliary modules.
2020-10-18 06:36:29,453 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-10-18 06:36:29,468 [root] WARNING: Folder at path "C:\DANIkz\debugger" does not exist, skip.
2020-10-18 06:36:29,468 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7_2 win7_2 KVM 2020-10-18 06:33:02 2020-10-18 06:39:18

File Details

File Name NEW PO6487382.exe
File Size 1037312 bytes
File Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
PE timestamp 2020-10-18 05:21:37
MD5 d36c198adab9d2a96a54e7cb3ee601a8
SHA1 d7d26774a678127ceb5e3848672f7415a1f06830
SHA256 d166706c018f01a7a4d9ac1fdb359d3e25620df2192896207c4bd851a3e3b888
SHA512 7ac18127afe43b9984e89c56afb686fa4174ab6acd777c54648105c5c7d7c7cdf4a7e71eb7d3e701c89eec4ec5303142cfb092c5daa792222f45b40a3db9e1cb
CRC32 7543E7DA
Ssdeep 12288:nqvi+lkBF43ttPxU12pQDqXnhq/3EkoGSJZjqK1QsQj7txN4QhWz+CzHMKLUHg/1:qviuWF43TPVwvhoM4QHj7t74Q2H
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: clr.dll/SetRuntimeInfo
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: clr.dll/_CorExeMain
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: MSCOREE.DLL/CreateConfigStream
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
DynamicLoader: KERNEL32.dll/RaiseException
DynamicLoader: MSCOREE.DLL/
DynamicLoader: mscoreei.dll/
DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
DynamicLoader: ntdll.dll/NtSetSystemInformation
DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/SortGetHandle
DynamicLoader: KERNEL32.dll/SortCloseHandle
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: cryptbase.dll/SystemFunction036
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: clrjit.dll/sxsJitStartup
DynamicLoader: clrjit.dll/jitStartup
DynamicLoader: clrjit.dll/getJit
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
DynamicLoader: KERNEL32.dll/GetCurrentProcessId
DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: KERNEL32.dll/OpenProcess
DynamicLoader: KERNEL32.dll/OpenProcessW
DynamicLoader: KERNEL32.dll/GetExitCodeProcess
DynamicLoader: KERNEL32.dll/GetExitCodeProcessW
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: PSAPI.DLL/EnumProcesses
DynamicLoader: PSAPI.DLL/EnumProcessesW
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/LocaleNameToLCID
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/LCIDToLocaleName
DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: KERNEL32.dll/IsDebuggerPresent
DynamicLoader: KERNEL32.dll/OutputDebugString
DynamicLoader: KERNEL32.dll/OutputDebugStringW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/RaiseFailFastException
DynamicLoader: KERNEL32.dll/GetThreadErrorMode
DynamicLoader: KERNEL32.dll/SetThreadErrorMode
CAPE extracted potentially suspicious content
NEW PO6487382.exe: Unpacked Shellcode
NEW PO6487382.exe: Unpacked Shellcode
NEW PO6487382.exe: Unpacked Shellcode
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
The binary likely contains encrypted or compressed data.
section: name: .text, entropy: 6.95, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x000fca00, virtual_size: 0x000fc994
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Rebecca\AppData\Local\Temp\NEW PO6487382.exe
Network activity detected but not expressed in API logs

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

No domains contacted.


Summary

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Rebecca\AppData\Local\Temp\NEW PO6487382.exe.config
C:\Users\Rebecca\AppData\Local\Temp\NEW PO6487382.exe
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-2.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\System32\api-ms-win-core-quirks-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Users
C:\Users\Rebecca
C:\Users\Rebecca\AppData
C:\Users\Rebecca\AppData\Local
C:\Users\Rebecca\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\QYJd\*
C:\Users\Rebecca\AppData\Local\Temp\NEW PO6487382.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol224.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Users\Rebecca\AppData\Local\Temp\ntdll.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\VERSION.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll.DLL
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Rebecca\AppData\Local\Temp\NEW PO6487382.exe.config
C:\Users\Rebecca\AppData\Local\Temp\NEW PO6487382.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol224.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEW PO6487382.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.SetDefaultDllDirectories
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
advapi32.dll.EventRegister
advapi32.dll.EventSetInformation
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationW
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.AddDllDirectory
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.GetCurrentProcessId
kernel32.dll.CloseHandle
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
kernel32.dll.GetExitCodeProcess
ntdll.dll.NtQueryInformationProcess
psapi.dll.EnumProcesses
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
kernel32.dll.IsDebuggerPresent
kernel32.dll.OutputDebugStringW
kernel32.dll.RaiseFailFastException
kernel32.dll.GetThreadErrorMode
kernel32.dll.SetThreadErrorMode

BinGraph Download graph

2020-10-18T06:49:07.857812 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash
0x00400000 0x004fe98e 0x00000000 0x001055c1 4.0 2020-10-18 05:21:37 f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000200 0x00002000 0x000fc994 0x000fca00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.95
.rsrc 0x000fcc00 0x00100000 0x00000598 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.06
.reloc 0x000fd200 0x00102000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

Resources

Name Offset Size Language Sub-language Entropy File type
RT_VERSION 0x001000a0 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL 3.29 None
RT_MANIFEST 0x001003ac 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL 5.00 None

Imports


!This program cannot be run in DOS mode.
.text
`.rsrc
@.reloc
t%o%&8L
Vh&Za8
Z /Fi
Z Iz3Fa+
[IqFZ a`
ida8t
xj2 F(
(' l]
<aps8T
o`a88
bOa8$
b*]Z
B+O%&
Z + c"a+
%l=%+
Qw:%&+
Z X*c
,= 71
+ 4>s
\|%&+
Y1Z a
1SZ /
RMxa%
+Z q<
v.S{+
nZa8N
wXCa%
mhE9Z
P&)2 w
e#PDZ
1Z *(?
\qlZ
gKO(Z
8+Z L:
[vq(Z
RLja8S
<P0a8E
<pZ -
]N-a8T
f[,tZ
?fZ Hu
s-a8k
Tt\IZ
@e#a8l
g:2Z
g Z V
EZ |D
DZ z-W8a8
Z cn#
#JZa86
LZ (-
@eZa+
2}N%&
jOc%&+
PO}m%+
nq]E I
Z :j\
4eZ s
*(rZ
93A%&
FZa8|
e[mq !
Sd%&8g
Z >I(5a+
?~hsZ
t{suZ Q/
^hZ G
Q~a8z
~ O#R
' O#R
k&Z ~
ni}Z 99
\=Z *
XZ 2J
Z x^p
}FZ 0O
Z @2z9a8
ohZ 00mSa81
Z ieW
c,adZ
Z +<9?a8
,}1AZ
RO|Z
@eSa8T
Z wup
8ia85
V%ea8
YLh|Z
N6|a8
g]wa%
a1aa8
oMZ %
!Z O4
c~Z %
.Ra8b
Z 5Z^
>Awa89
#Z YaQ
/PlZ
uQwZ !
mZ \P
Z cdy
FZ c&L
Z YGB#a8
eWIzZ
IuZ 0
?`#Z
C/xa8
VFFZ '
^na8M
4/Ua8&
ioZ 1
;Ra8U
|?Z wC
x/EZ
<2]a8
3QZ M
/Zya8
E<!Z
Z i0V
k#x<Z
7d5a8
M5<Za8v
mAZa+
a<)Za84
=akZ
&[a8W
'HZa+
Z ==k
{?yu+
a2Ua8L
OyZZa8
BZi~Z
7__zZ ,TUca8
usqXZ
s'58i
n~Z 3
\`ma8a
Z `$g}a8N
0;*Z LF
v%jZ
D).a8
7Z ,5
R5VZ ~"
pzZ s
4#Z ?$9
W .IZ *
}Z XjR
@d;Z dB
hIMa8
Aqa8J
pZ uJs
(hG%&
6|bZ B
P~Oa%
CZ XA
J6Z e
o!EZ
;VMZ
|"`_Z tL
5lZ I
b[yZ F
Z n})
fU)Z <j
GrXa8
EZ Q*
Tsa8>
7Z |P
Hxq'Z
>]a8$
tQa8n
cWa8[
Z ??3
Z 6</$a8w
oZ 4l=Qa8
E|>Z
UEZ dY
AZ 1;
wveyZ 6/h
%,MZ h
O%a8L
,Q DP
|Za8[
d|-%+
GZa8J
M=Z !Q
/+Z D5o
9vna+
kN]%&
GDaZ
KZ :z
TLeZa+
/O%a%
*G 0X*
7~Ha+
m0FZ
w#Nt
FZ ;jE
yEja8
RTa8!
8^4a8
(Zja8
jcoa8{
":a8`
E^a8H
u9rmZ B
,Z 9ZR[a8
UWX(Z b
nZ zz%ka8v
;Ga8`
`Z _Vj
IZ .?
kS>0Z !O
m\Xa8g
uz=a8T
^Ga8;
`Z +lD
sA U&
<'Z M
g66a8q
w'Z $*
+fZ {
<Z L;w
`Z |A,
-gqZ +,
gTZ #
Z>Q\Z
vOZa8
tiZ =m
MV1a8[
Z '07
YZ 0s
h-UGZ ^
Wza8m
yIa8(
Z (xo=a8
c?a8e
w7Xa8R
Qhsa8
o4Z Q
"Z prvCa8
"s/a8
(za8m
|cZ x\
/h+oZ
lkZ ji
a\da8
6[a8V
%Ra8z
wZ "\
YZ tw
h|=%&
;/Za8;
nxr.%&
fZa8n
f[RZ
> (8O a%
;6Z >
lqTa%
^c.a8/
eaY%&8
QpdZ
LA=a8
WJZ y
#|"Z
\A+ mC
iZa8-
KH3Z
5Z \3
sce%+
0 QZa8
1Z <h7
Z 82Tya8
&Z O,
mwoE%&
[28a8
/j,;8
Z .Aiwa8
'EZ ~
Z i,m!a+
)i1a+
fZ hh
Z [Fw
]2Za8
o3`Z
:zLa+
3<cZ
eN*cZa+
5sZa+
>~La%
IZ Se
Z tA{
eyUZ
?LQZ
%pMQZ
Z ik]
kZ >o[
#Aa%
Z ,QYua8a
JsZ n
aZXZ
lcZa8
bE#a8
lmZa8|
Kpa8i
Z qkK
NZ cN}
pZ 4U"
_Q4K%&
AGZa8L
JyXa8&
^ZZa8Q
?.9a8
hdJ%+
zZa8x
@Za8W
Z {MB
&pfT%&
5'Z N
j%,,
{'p%+
.Z ]0o
yQZ Y
MZ O#
\]Qa8
6YZa8
*)a8"
"db`Z
Z I[8[a+
-JR!Z +
6_fa%
J$Z 7
Is\%+
~>Za+
@[Z =
Z :Xlra+
zSka8Z
Z mgy
F6Z %w2da8
Ju-Z
q_5Z a
.0yZ
TZa8K
hZa8%
P'U u343a%
_Y>Z j
J[z8p
+!fZ
uSgZ
VZ P:
1Za8f
E|a8B
G}OZ g
W9Z |VI
Z 2%r|a81
to.|Z _
Ixca8
ewa8[
rCa8G
ZZ PMz
uMa%&
@P\a%
v_ UH
Z cC]5a8
I<Z <b_
XRv !
jJ:%&
^>Za+
&<MG+
dZa8u
F`Z M
sHa8f
U Q:Z
Z >3_
Z sm^
p:3eZ sFh
Z /%i
t0&a8
2tMa8w
bXaa%
&qra+
KDXSZa+
Z;a8t
%1;C%+
re)oZ
GZa8?
7giKZa+
Fa8C
Z +q]
[d<Z
KwmZ s
6++Za8
)Ja8Q
1fa8`
$_a8$
(Z zM
VHZ r
u5Z Us
iU;XZ
0V6"Z 66{
LF rB9[a%
^Z 9$
HdZa8u
>}qZ ?
`DWa+
.]Z [
@Z 3<
|Za8b
y]|Za8
~4gtZ
}_g&Za81
%-<Z
USh" >
>0Ra%
K5a8O
Z KP3
#9>Z
e6=a8
=ACZ q8
eJZ j?Q*a80
,3 D*
>Z w*(
lX}Z
)Y ivTFa%
AMk}a%
Z }Tc0a+
[3Z &
<Z A]
WgG3Z
%m::Z 7
Z 9PV
fYZ '
g^a8x
|2a8Z
? 1sm
2Hn%&
cEZa+
_Z D&
RQZa+
tZa89
'Z 2!
>qZ %H0za8A
jZ Zc^
{ua8G
^SNa8
0a8t
nP-Z %
C~pa8
&3Za+
abKZ
BP#a+
8I IFe
BUwZ
w|Ka+
<NV9Z
otwX
Z ,N\
-$pa+
2&H 0q
UJ)A d
E7-a+
UZ &3
,nsZ u
PZ NB>'a+
EZ 6}
mDZa+
?"%a83
8BZ v
Z a)u
2W>YZ
O]Ha8.
g^Za8A
2Z c~lSa8
Z [}b
SZa8|
%ma8c
Zb4a+
?z~a%
Z /%S
i$Z x
Z kOV9a8
%Z "88
d}a8x
(g"PZ
QZ ;4
+;a8e
Ox^gZ
YCZ 9)dda8
4SZ fc
Z_Z M
X4k=Za8|
r`Za8
b"$Z yq
Z 'iu9a8a
&%Z ^'
s[Z -
^ULa+
K0Za8
7Za8^
eZ aCuta8
<JZ &X
cZa8f
+?(Z
@uma8
I(Q%&
8Bn%+
YZa8t
x6%a8
_^Ya8r
D#Z "Z
9Z 7\
:(3Z
@%&8e
PYGZ AZ
:MXW%&
>Z N\<
4~& +
6Z rO
~,(Z %5
Z W3W-a+
@}aZ
3Za8e
9Z L0
a?Z Q'
"]l"Z
DX!Z
ZZ _i
35 Z
!Pa8c
0Za8B
4(c1%&
/Z L1G
Rc1Za8y
Ub'8N
~[Z J
@iiZ .
qXZ cR
v15Za8
bZa81
w6]%&
ti|8m
Z nb<
~,WuZ
iza8^
vZ )6q
g`z#Za8
[F$a%
zV=8;
h8Z S
AC$%&
6zDZ u$
Z m&^
.Z &J
d<a8T
"Z lQ
G1Z 4
|k0a+
T#pZ F
oB_a%
;Za8a
a)Z *h
Z t"E
Z ho{ya+
/hQZ ~
Z &$N
dZ Ry
+.= L~"
.57a8
vgAa8
\va8v
1|: L~"
{RZa+
Kja8V
<G#a%
bv=a8
|/{a8
"Pa8<
=zSa8
5xV)Z
!Za8o
|EZa8
Z /^P
`9jZ
Tr#7Z ((
Z #VR
Z ,Ek
f6a8}
U4YZ ~l
oCZ t&
NZ 'uq
sZ J\tKa+
Z Y,c
yY\*Z :h
A?W5%+
h(ea8
4Za8}
j(a8i
WZa8k
I3Z v0Hda8=
iVa8)
Z r+m
'Ska8
tt|Z ]
&!Z %^
|<Za+
iOZ "
K(ut
.7a8h
r5kZa8
?ga_%&8
[|Z l}
(kza81
d9za8
u2~Z *k
Z mk^
Mxa8
E`9Za8b
qYZ F
S5a8>
?&9MZ
wZ N6
Z nbG
n`l"Z ,B
@T/0Z v
Z "Bw
x2:Z
Z .<<la+
FJZa8Z
G$xZa8
uZ wG
[ffZa8y
TN-a%
~%&8K
Rx2Z
yia8-
,3&a8
_Z SD59a8
Z .:!
Z '3.
s5a8Y
0fa8%
C)a8)
@^Z H
;Z ^kG
Z f2!
*_a8\
CVZ ROl
Z nH Pa8O
Q^XZ Lp
=}"-%&
ZfwDZa8
{Z _/
yR=a8Q
a*Za8
G<}Z
PKa8%
Eh5a+
ds"'Z D
w4Z >
z{a8[
TZ iB
|7Q\%+
4Z N"
$ma8n
[1SZa8
gbxa+
R2w6a%
Z agU
o2Ja+
nAZ .j9
'|a8K
U7Y%+
L%&8*
EX-Za8
@RZ u
oxa8o
_}Za8
(0Z 8*q7a8B
/V:%+
A{Za8
Ol\Z
o?=Z
VZa8?
GmZa8
w%&8G
huFa8
5(%&8
@Obx8
y%&8g
S-8%+
YNa8z
-:J'Z
'Za8L
kd!%&
:Z S<
?6Za8
qZ `wy
Z 3d*
9Z l3
u^#NZ
Uy;a8
&rSZ zc
iTZ \@
M5Z n
-Za8I
dTZ X
FZ |F
WR$8b
Z {7dNa8
= :m[
= c5}
&%&8E
Z TsEoa8
'_)%&8w
&Za8K
8Z 4*
^Z_a8K
+Z .?
IT+a8
L.a8L
mT(a8
= 0F19Z F
/.`%&
-3YZa8
_x0a8
P9Za8
rZa84
O-Za8
5Xf)8t
zZ Ne|
4X(R8
QEZ Q
= )Sd
f|Z N
= h.IrZ
STYZ 2
v^Z $
y&a8P
@|,a8
-yxS%+
Z 8TlRa8
= $9fqZ b
}<a8K
\nZa8<
= vwN
X.<Z t
[|a8^
7OiZ B
/,`a8
{Z PVD
K%&8"
J#Z t
fuZ 1{7
#Z #W
U)8s8I
= l4xmZ /)
pKZZa8
z7;%&
qbZ b
zDZa8
=Z :b
VZa8t
o"v%&
?qa8\
Z m~t\a85
,T k)048%
AZa83
Xlwa8
V %4x3a%
KWLa%
Gia8Q
KWLa%
V}tZ k
Z @-#
\Ua8:
MZ +]
wZ :l
Tpa8u
7A"Z
jFZ R8
Z JgM6a8
DZ 00.
0Z Ga
lv)Z $
Z rQ>
J1'a8
<.Z +
.8MdZ ;[~/a8C
~h>Z
Z 76](a8
\Z .l
bZ ITS2a8
YvZa8
PZ ;Q
2-vZ
9F Tp|Fa%
.>[%&
> |~<"a%
,o _=
Ay9a8m
1eZ 3
M=a8I
Z F.o=a8
A4rZ
Z c;m
k.a8H
A}Ha8
y,NZ
5`_Z
Zkza8x
~+3a8<
Z JA[
?ea8X
VyZ Z
I-a8j
/LT4Z q
AZ ]Q
XYZ %:
z!i]Z
$6C{Z 0
Z h:
hHZ @:Iza8
A&Z t
'-a8;
7^Z :
&KT>Z j,
]ZrZ
L8;a8t
Z p.E
j4a8"
yZ Si
Ja8,
r'yZ
&Z Y
Z |}C
3*a8[
,2}%+
>hZa8<
P9}Za+
4 cn8p
}Za8J
Z 5};ya+
~6Z _
$gFZ
1paE%+
Yd0 a
A$Z .S
!Za8T
Z _>d
e"HZ
v>l%&
EQ6Z
cZ cz
{Z x`9
Z (R )a8!
+{J[Z
'si0Z
^eDa8
Z 5`N_a8n
xl'YZ
B5Ca8H
pDZ C
/Fa8
ewZ b
;=Z K-
6Ia8I
p#a86
Z XuS
qZ x0
g[eZ }C
eZ bv
ARKa8
j|q(Z ]
@Z "h]
8*[Z
dtRZ +
)mKa8
M2Z Z
T}a8P
b;Ha8
?Ya88
Z y'T
Z bqj
5$TvZ
F>,Z
Z HAv
Z >_t4a8Y
DJAa8
Z #^.
7*Z AV
>Za8J
&NZ i
'A<U%&
K9hZa8T
_nZ Cl;*a%
Z X:oKa+
bZa8E
D^.PZ 1
Z{Za+
e 1|<Ia%
j!-j
WaZ O
@w`a8a
[6a8N
'#a8"
T^0a8
_9Za+
Z ']J
KZ G/
z<%a8`
Ql*lZ 3
-ia8>
ZaoZ
] &a8
Z bbR
eYZ 7
2.Z c
#kPa8
Z *FE
Z xVA
"1[a8w
`Z "y
YxZ H
|Z ZF<
eZa8r
|Za8l
iA]a8'
Z VCT
:XZa8G
~b]Z 8`
JVsZ
A-*d%+
/pT#Z
Ze&Z
Q3M,Z
3Ua8m
^Z /JcVa8(
ZZ CmMGa8
E}\\Z
+Z C>
K+OZ
v8Z #
k\Z 7
Z +2[
rtB5Z &GONa8;
Asa8i
zkLa8
:/!Z
l/Z K
Z tBc[a8
AgZ 2u
:Z ?m
Z w'qIa8
ODoa8
q,pZ
{Ya8r
e%a8_
LK5H+
-Z 4rb_a8y
(Za8Z
0ipZ
t9Za8S
VZ ;$
)*{Z
-7zZ W
Qda8c
`.Z KW
fzwa8
evZ Z
J{Z ~
NgKZZ F$
?NZ `
FMZ sJ
xpcuZ
$=a8s
,Za8T
,o J?X
XRZ z
'"wZ F
Z ;mgQa81
nH7AZ k
S/7Z g
Z O:9
!+zZ
^Bsa8Y
gZ Al
GJ6Z u0
X'JZ
h4a8y
!pN\Z
Z or Xa8
CX>TZ ~
qDZ m
s a8k
]hnZ
{H%&+
-:!AZ 1
`08%&
[!na8O
(FOa+
OZa8L
[Za8o
Uz&a80
Z g"8
+Z c^O
rZ ow
'vZa8
''a83
^C=a8
{BZ '{N
VK5a8N
wb=a8
3'a8e
JZ +c
%P$Z x
"*a8A
mF+a8
QZ 'aU
Z "rI
,C~Z _c
\`Z V
@W9Z
ed5a8g
FnTa8
*Z Ha
lga8q
Z D^V1a8^
_lVa8
9Z ih;
uZ2a8
zR-a87
po^Z
C0,a8
"Z \#
J}Sa8q
wT)a+
Y%a8;
w})&%&
UZ OUqla+
Z js/
0Pma8
|:Z 9
.Z QY
>!Z 1
=W*X%+
I'Za+
Z ]1J
/~Z G,
i;a8-
e-$fZ
pza83
Z N{L7a8
f(Z -Q_
(RZ X
[Pa8g
Z d9/>a8
Z 'iQ
v)FZ
*5c%Z
>Sa8#
:t'@Z
82ka8
Z Um{
XZ *"
0[Z !c
3jZ T
Z,a8D
Z svR
}?Z R
2u;Z
TZ si
^\Z '
]pa8Z
Z `.Zea8
b~a8T
QbPZ
:tMa8{
1mZ ]$?Ma8
"Fa8;
|]Z qe
nRZ N
_JDZ
Z Df$
5VSZ
0aZa+
T`a8J
gxxa8M
Qs<U
BHZ #
:2ha+
.Lu H
/oZ TjV
wSGfZ
VE7a8
.%ga8
Xaa8{
#ma8]
%tZ Y
nG3aZ
;rSa89
T4va8q
v\LZ 05Sya8_
lRZ @
sZ V;
]7a8
kSta8
^hZ iK
ugHa8
:^Oa8&
QZha8v
VZ Z!'ja8
+-oZ D
_Z {C
N"Z z
I'+a8+
q'RYZ
65la8
5Z j>
K,Fa89
{ALa8&
LZZ ^
nZZ C
qZ +8g
iqMZ
Z gbE}a8J
Z Sq]
<1a8J
?ia8e
Z P,l
Z MwVBa8
rzUP
BZa8e
uHhYZ
t;oa8<
Qn/a%
q=|x+
DZa8T
v}K 8
UnrZ 2
aga8M
$fZa+
@PC
8;(a%
EZ !G
uN&Z
0Rta8C
UeZa8=
(Iu/Z
YEZ ]k
!hZ 6
*8a8]
Y/a9%&
bZ myY&a+
>!a8[
fg!8y
?pa8f
K3AZ A
qQKQZ C
dZ tR
Zxaa8
n:%a8q
hWa8N
\6GsZ
EcZ N
zGxZ F
Z 3l9
QZ [J'
=da8P
@jDZ
}>ua8f
^$7Z
E9a8n
55fZ /
`Z `?
YRnUZ
{Ia8J
OZ h-I
X]Z Mv
vO6Z
Z ^<(ca8Q
QsiZ
VZ ,#>
"9a8F
&7Z 0
2G{Z
2_kZ
d;5Z
:Z SW4
*F8a8
IZ vzR
3b?a8
Z !\5
:,Z 5=
%&Z /N*
<eAa8x
Z #'>&a8t
nL;5Z 0
p0a8x
K<Z sP
\oa8r
Ns.MZ &
2rZ u
'AvZ
wpHZ
)wa8X
~yva84
/usa%
v\Ya8m
d#{8p
#4$X%&
Z QO<
9FZa+
|3Z 3
'Xa8\
JZ B_
KG=a8C
UZ^a8x
Z QN[
x0qZ
[WmZ
FwZ K
%Z 4OM
?Nwa89
9Z s64
Z oK>
uiZWZ
tEa8Z
Z HK-
s'Z 6
y}2a8
hKa8R
Z WN}
FZ -1
fLEKZ
%{ka8:
YO1Z ,
a!Z K
TNa8%
i)Z%&
~YEZa8|
?IKZ f
mxZ Yxk
O8 s cBa%
|Za8E
:`%&+
]$Z J
Z yDo
C2a8w
E?a8q
Ria8^
O'Z V
Z 0{*
Ic|7Z ,
0yZ 5
8la8k
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
width
height
DDDDD
DDDDDDDDDDDDDDDDDDD3333
DDDDDDDDDDDDDD
DGwww?
wwwwwwwwwwwtD
DDDDDD
DDDDDDDDDDDDDDDDD
DDDDDD
DDDDD
wwwxw
wwwwxw
wwwwwxw
wwwwwxw
wwwwwxw
wwwwwx
wwwww
wwwwww
wwwww
DDDDD
DDDDDDD
DDDDDD
DDDDDD
pDDDDDD
DDDDD
pDDDDD
DDDDH
DDDDD
DDDDDH
DDDDDD
DDDDDDH
DDDDDDD
DDDDDDDD
DDDDDDDDD
DDDDDDDDDH
DDDDDDDD
wwwwwwww
wwwxx
xwwwxx
xwwwx
prtustq
wjklxv
mfnzey
|good{
YYXYXXXXYXXYYXYWS
Y[TT[ZYYYYYYYYYYY
(FE871-,,,./45;6
>LLLLLLLLLLLLLKI$
HMMMMMMMMMMMMMMM
NNNNNNNNNNNNNNNN
%UUUUUUUUUUUUUUU?
0VVVVVVVVVVVVVVV0
BOOOOOOOOOOOOOOO&
PPPPPPPPPPPPPPPP
'QQQQQQQQQQQQQQQ<
:RRRRRRRRRRRRRRR)
***+999=R
UVVYXW
IKMLJR
QGFONS
===;;==><
@?>=======
y`cfi
\`cfil
[\`cfilo
\`cfil
usuy|hp
losuy~sfohiju
xlosuy~{d
~nklp
losuy~
vsuy~
cdefghir
uy~yr
~acdefghijklt
zfghijkl
"iqz|z
-1/,*)'&(+%
0444444432-
5555555555#
8888888888
$6666666666
.777777777.
9999999999!
::::::::::
szzzs
dooo*++-,uooooowwwww"$%#)wwwwwu_
'&!(.
wo___qU2Q
;Jg__
HT429ScxugM8L
O01?ap`QWbehi
V?Y^GTfnlZJ
qW>???=DK\h k
RBIUXD357>y
LK6QNRPLr
:~/I/
888`777
9990999
===p===
@@@@???
BBB AAA
BBB0BBB
ZZZPccc
]]] ^^^
fffPfff
<<<@;;;
>>> ===
___`www
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
*X*\m*XA*m*
*X*Hm*X
FY**B
&+X*.l*X
+m*"+*m
&o*X+(m*
**miX**s*X*
m*X\*m*
+m*x+*m>Y**
+m*y+*m:Y**
*X*@m*XH*m*
**mQX**
M+*m/Y**
>*miL**
*Xq:m*
'X**`*X
&m*{&*mpS**
"m*\"*m
_**<,X*
-}LH-%+
12!DXb
`{saz
-d(`*
Ilj*Gd
4XEa$*Y
X(~=+
eQ2*Q
UXn[6
hP*&5
3hTBcf
~-Y%#
V.%|33
~-Y%#
V.%|33
oMLKc
>wTv]3(C
]to1~
dTea$`
7Cl>z
sO+ulAUNl
Lxa}8
`>}pGS
Fs /+
ku>-f
2-U1g
TWUyY
TI(`m-
-p4([x
E&;('*_
3CY1eG
_&!(']
m57WGqerq;
56SGq
g56qGpRrq
GqCrp,5q
k56qGpR
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^l
}:!sx
tY3.p
R.BJM+
jqWEJ,
'Hb*i,
WKwdy,
oXr=m
&Hu-%H
XFLl<
h5R=6
!VAxM7
'.^J<
6F)y_
f\m4lR
b\6?,x
X4UQxk
t<oil
z9mVf
q4B^L$lf79%
eYjog=s
C_,3mn
mz1bB
>2?>9
|L4o+
5=EMqb
{Mm~;
^:9rQ
&gmn-
<"k -
8blTa
R[tZM
'.(h;
VlybT
$qj2l
:V.TC9wh*
^=e )
#"}4%a
[zz9gT>v
A-~0OD
m}u6k
J#"?E
uFy];
Y{N2E0o
w<hjMG
e1sO}X
|7zYT
,S[5v
7)V6xQ
6uL~8
L/=gi
EGtC2
IXIkb
=PW!g
+ZW7f
8^B:7
uvZItt
~%;wws
];^X8+*
z|5(M+
c#Oi2
yLWU3
=.; )
e?VRm
wTN]R
f,kl5DrF
:L?{;
%x*}o
,`b|H
:nctp
Xj!Ie
}c\ye
cU0FP
\Me8x+
]*39qV?
jOgdg
FUbToX~C
YvPlu
}c*_,
!6xNp
<P[R2L
t`SIb:
.8l;vi
run"F
<z/_Wm
fGB;`
7Wmsx
`gfMww
*dRa|
W_Qw|
|l82h
Y'N`D
c)q5-
?kBbi
Wi9k3
.\-"A
V|$~W
-$e"=
s]-.S=
n +n8
s\3whg
X;a;G
ryM(Z7
:@K`o
Ul:at
Igo{o
ZiA`A;
\TwL^o
S2"tG-a
><@JVl
<J5-i
TcAbL
F;.< LW
FDY8O
=vEy
ItljM`
.a\#f
v<k2e
RAcEy
"] %Q
*[85S
?g&3|o
=T3YN
#iZy_
:Kgi_
`tr8}
!a1ax
a8f$0`
C%!VR
`3YEI
7v^p0
B[1R#@
@*kBJN28T
FJV1!n<
.H;*1
66&GN
!xp'h
/,6`Y
+C4O
~gLMx)}
4Fzv5
~97.{
d"nxq
5x#G\a
1 V5 uJ!
PMEG
]c:bcC
8=!_o
sbN4O
}M7_^
<Ukd
aNp?D
@2*n8z
":B;!
lmIM`F\E
jlIze
9 $0Eq
3i=Y/s
+7.XzR
=U(LJ!
.xT|D
mXsZ]
cBRA{
U8T1#
r4CMRET!Z
O3>E]{
)\`8R
f-)ur
.k]<\
-:dn0%
R;;bZ
c?!m^
Dc]\>
G7(*ra!RL
qKUb1
[3;oF=&
S yqD
Sq]Y
(k)u_,
~K-~l_{}m
][tir
3_WD=
]14cM
'J`k}
[/?d,
aeSTy
@U/o1~
lVaP!.
{m?ym
B @^p
^3SQ`
eR;tL
5P(X>+
]{|qs
{<wn-
.YWW'
SA[0^
/.!eZ;
YRm[s
w)FUU
~-;g"
7OkOS
iy*bO
:1&pS
{867M
E)X#}
kl\9U
TIMh34
\f0Rs
/|Lhnn;u
LTHq0
M]~#s9wh|
EA(+h
_'fVD
]>g]]
>xNx]^
054M4
fz#C#%1
x!u(D
zT2UE>
Knk=:
*=+uJ
2B^m'
iK74[
>Cgh\
1h|<U
@0Lq"=1
K7NLZiyQ
w>>fw
D~\|"
&UrpZ0|
VEghG
Fr6%z
d1.,E*
z#B;0
y,\s[
hYjDF
X9<9B
8:#~q
S(=^0D
rrv;V
525 5
7IxN<m
[Xon|
:V*V?4
~vz498
>>&iC
zmNyZww
us-F2
k(lz8&
1a\SX
h8zCT
N:CJ}
'<O==
<-XI~
}, nf
5>BsW9
Ff 87
ku*bFE
l'\/__
Ojz)+
NGFk\
UK[N:8.
C]JAkD
)p2i1oi)
EKK[5
)iq61h
2vxFy
U4:FZ
Z]]SK
I[V|A%
4.T2>p
W$e2R+h
59F .
e{5a3i
jw_n~Wx
8ZA;S]s
E5}3|wc
(B.<K
6p4&"x
M..1#
,3e\$`
B"\c
i+t~N4
h.V>b3s
y*m"2z,
-6]8b
Kz&fFV
Uo>jhT;
fbWWH?
$[Ht(
D>,I0
,.DKQ
5tH":
z_ZE:
_ pST
?E}=+:
.;wTu
?Q/&D)BGn)
w)|:Z
:`&Ug
^+^kj
WA2Ui
n?PaZ
UpICN
, ""rDRe
?]*\Y
5OK|WUj
+v0UW
*Cx*P
KQ!BT
o'h#o
,)dw*k
.T*@Peo
ez["E
Yx c~O
v)RxoR[
$B=BG
~(|jg
-s#[w0
#0u],
PQKc,Q
i{/[w5
LlZ+Fu
W-C[S~
&-"Rz|
u _z%
sQ-5t
dnn}z^
=vF(H
yjG|Y
Tp=XS&
,HlHF
e$`-f
zs[%\Ei
w>])cPt
^w><[
#aA\ !t
tU.Y;
5l6HX
-o oV
8X"n=
"A1K<
hu|>q
rc&<o
Qp'"oRR#.
eBn;?
WPkg86i
<E!!n
)K1f\"<
2<{5.
/s~6V
6HR\vh
z,6=f
\Tt[g0y[
\M)(RFy
IlP=H
mH;zc
_7<[yb
r|6z,JW
r/NE33
3ba{|
pFa{e
>)u#!
@<VK#
17\?:
Ql5<P
q+Q{D
NR)3~
~*x[s
W9yl{
t)x8"
/9{o:uj
/c_3
d>RNV
\]q4Q
Z8N|p
)h9SJ
#m]QR
>G!WAj,
k~ms[
Js 6#W
'>I]`
Q"CKD
*o]]Q%[
H*MN8
LzLlqI4
IqpHa|
+h|MT+
]bl<Si
i[[L7
S/}sF
ys1Nh
"jdVz
KcOGA
pT:cv
P<@kZ
7<{s&M
^b"*%
w54Knq
,]CeW
.j2:W
%A RR
Db{US
Gr. G
45Vx9y
]ULoJ
zu{YcR
9uh]e
;8!ym
CwB/%{
1l#%2
EG7z_
.$*FvQ
/A,I%J
xh<QJ
aw ,B
DKLRN
dB|}[
e[FF0
P)A(<v.
%/<rw
+Xja*
%1Jsy
+(je5.
MUBI3
eQWw0=
&q8]O\&H
\<kFM8r
BG3j=
QqiT{}##
^Gj(t
3h$Xy
?N_f1>nMV.
7>02`uV
yoom(
x]M95
1Gx~h
F,G,O
Xba!r
WL1.
xgd[[N
[m<":
"u;L+
2,T7m
fO]/NdL4
j5<&k
cWo>R9bt*@
N3v|zY}
/I~Gk
?c{?j_n
-Yzoa6
qHEw4$
7+9Z*T
]tkw<
6\;?[}
K5`r_
jxO;p
L6^P<
QM-/9D
2;[h$
alun?
D"L)DD
+hx5D
Hc44E
[Sml.o~
O\zgD
s)!<N
>1`@`
\*]qW
(1KGML
.?-\YC-
TFl/9
&.zH0
@*Vqz
bcKAL
gZ69h
KIR1GL
Oc:-er
|v0)H
6I6s;AK
1M?I#U
LfINV6
\e[uH
yu{xjw
E#Z0yCx
^]hTQ
^MQob
"*.-P
e}G{m
D!9/K$l
"#[Yj4
'.b~'
-p<lK
kd{z{
KI/a=
_)jn{UV
MSMB6
q$^H|
R=)et
#]+LV
xU%~1
P#Dx:
b4^n:R
ZWT/d
{G?+A
)x^:2p
G,OTX
0Q'Yo
sKGr
oTcI3j
7}`^b
sC5y7
f?k~PK
3P~T~;u
G`I-K
$}sD`
pU?`;2^
A^=+Y
z<.If)
X7[f#
Lm_q}D
1)#GW
t8/(~<
ZL1-HS
kF?,=
x2oD0
sjhztg:O
/7-zzl
-jzio+
. W(Csx
BVt G
Ih;b
k5jy5
v)kPWl\
.=:|:#sylg
$PPEQ
L1B8T
U~$uT
dO(PZ
l43^9
eYo*3
N\^/*/u
@Hmq1
Q$RKG
V?Lp=
5G\>c
GI=Sm
v\~92
Ut^,^
5j7j7
|[DWo
i<hR37
fVCRC
Y#14e
EJI.1v
%m]pt
V!bka
PB?A*
V"\(2k
Ty5hF
g`F^Y
nqCxL;
jR}dy
07;WI
+}9a4e
oz2x~%
3xIt%
pl29b
0_*am
,J'vl
e#]ULy&
SWI0P
inLqB9
W2T[O~0
"!eX1
1!3WL*$
~$K*/
L-Q6]
8mxbgN}
Yjx&voD
Iv*Z*
G!dEt
$KT/rj
Fg6 ~
h<"$Q
#84C)
eaNl`
O* *Xr
=Gyv>
>A3A-*
%-j[2C
9t90w
qZ3gTk{
*q\BiP
BboY
+iWxW
/ilLS
g+v5P
CoOBJ
&B`YZ
;`5!4e
2'bbM
Jtpr$D
Rz:*A
4Fqt&
z'&ss
~h,'pr
-P{.^
>7pkeB|/
MVS^.
Ig?Xi?~
<kA`=Zb
yz6zd$
iMS`@
wzJ{f
F+ni+
OtT+S{K
L"D/;
D2!{b
OYM(t
b=z$Sto|=
#n o!'
w_t}X
#_*U64~r
4wt%M
:o&:"
BcKFd
BX(r[
y(.[X"T
EFBax
W:VfP+
>o5cQv
XycJ<Ioo
OCG].
[)mi+jz
D%\rb
{kLyP_,
k^- ~lJA
AT&+9
._O?I
7$BGI;
!8:DUl
RWmr.
:iOU;
'>||Y
?Un$.Y
=_5KB
6)@\Iq
KtEH)
"tbn`
&V)^
RZwg9Z
lK.L99s
iewt7S
#"xD)
RkS!J
((AS|
sp?fa
jPi=b
5Rki)
g=_&j
ow9:R
\~ ^{r
3wwCD`
y=Uyv
l0l=c
kJptc
g~O?-
C42T2]4
A;SHv
8h-4h
.xQH3
FPyK.
(@7UG
$T]35,
O+:v>
s*^-k
EVBKU
TZ\MD
ZGaQS
ZQtmF
|r)]e
g\N=|
P!f$2
c7Am9"
3n W|8g
w{}^zb
;N:\uao
pGH1p
0.!*X
.fqYj!
,*W+X
kRGOZI\
$~S~bKwP
Wq}S{3
pFPu6
k,9<zB
M"b~DWHe^'
?L%"u
h4MB!
k']7qZ
oQOf0
8E*(*%~
72V!
%Oz%La
p8Z?I
B'-~'2
k\Grl
2qFE,
a:Z;A
znK[w
m{Ze]
7\KhG
Gy: Z
(,N/2O
d&~kj
8%DNy
) >ID
9X&$>
kMp.4
4~0(s
z[,6F
$y<lP
UDI 0
g?dxp
??MzS
3&O`m
*tY!i
,[uywK
~MyPw
kr/vo
uOt2Zr_t
@7B~3D
Sv xJ
A}.:;
pnzRLB
\`RM%
s*xJ
}XxM/%
^9^(<
s'2au
T7O1]
3P_M%Y[{
&l9nHD
{|-)5
Cl#*X
V1%\Cu
kN/%7
@2#]hl
~P1C9
hdt8P
[]>OZ
Sv?[yv
@5^+IH
y5**_
u3?yYB
ZyyJT
pZ:x!
Y$S``
k<`#8
>%>Q7
1jz/v
]<~..
zE\./
lR$me
fspd.
e-;8g
t#jFos
T|-~{f^9
+mTYR
K'"ue\:Z4^
x"a2t
8:Z{#
*IRBh
sao~!
'R.0|C
p->2h
R(r\.
jR}(aIn
Ke1C"
Z(z8k`
c7r2}
GQ2{>
0;x!U
KS S&
)hk$Hf
v=)PCzt
}ozKz
08g[X7
|pn\9
1ORcu
"7]f.%Z+6
hFzDDE,
)^/"K?
cNkf6
Xm|~y
q?n7C
[Dtk-qv
49hK
UY;d\
1i6kV
y~f??g
mFp>(P
J#C[+"
mugl<
66M}p
7=:w?f
2u17B$
0F0b-H
GxKBB"
z(4[^
:5?yN
)ED~zz
ROO=j
)p$PM
IdiX,
s%t^a
ucPkc
/^!}alu<w
JU3N+
DO'R#
7,_sr`m
;:yOS
5M?_jn
bh)ZDT
SW(y{
OIsBo
!AEz~
&G9f5jJt
JPD\DDV-)
IDAT/{oi
l}i{h
2"{l-{
-qf[bh
pn(q/
}6ewP
_~%Ar6!
q=7;9
g.}Sox
>|F%:3
$; aOF%
h&2mu5
@KI/3
$;h:9
gE8SLB
m=jW.~
y9!J/F
0Y]%N
mVW3~
O;G']LdV
RR.<<c9
|r+NR
{m5G.
+1O^/l
GN~}t
FpC-3Lw{
g;SS>1];(>
{U6O}
M"%d)
ro-wls
$"rvX
NfF2j
W_w5`
']-75ST
YYH"sv\nu
D2k"a
6\K &
U/0X5
`HE1`
hU(t%&@
_GrprD
pEFh]@
UA`*rL
#O4;|
m[{mtv
$iwj$
@Impr
W+=V}
P7H 1!*
r(N)>V
Hj+s[
b[ODer
Jez+r
or%ofL
<n PR
K7,H,-
{Y?sy
wr^w=g
>MYGu=A
5l0hx
t(Fzs
#-zWO
gO2=v
C;);e
dZ|A0O
oKJZvr
Kw&Q\
G[r\4
$cB6?
dj|\l
?:v\I
i?^_4
JUJ|L
zqn^nB
jrcQn
skj7wI
Jz~He8
Cw(:p
| rPs
}.|O$
1ipB`i
'E_Zfo
6THn?
roXU7
p7-5=
7C+et
1SN9~>
:\8kp
|%S-]F
eV41T,
zl=Wk
MbS8t!
LOe+D
XBg+a`x
M>%Zi
7ODhp j
9Y"[@
ml<px4
0\Mb~'V
9.fp-
'3 n%
3jRlN
'=\6I
pJEmr
fHl<4
9=|gn
`:l* }1
%$FN
`ZD8`
,1` hZ
=KGgW
,w_XT"
:<>l?
x%LW`
UFg~=
mTlYJS&Z
DDu6jO
N*BMd
-DaN%V
r:e}L
}~1k8
9Z<U'
z^oST
@+551Y
6x$-J_
rAU0x
~&B;
qZ-7]
LW0S-w
Z~87<wiq
Dzd4%E
?-sxS7y?|
+r}V3Kj
<!+]7
0aS>a
HS.^c
x}ZR=v
}]NX4?oK
|r=r=
y#a$7\
,v'1k:
8TYYU
~5Oaa
pnb8]<Y
r6zoe"
JNU5!
{_)BK=
T478Y
3|T" 6
!T$&TT
\3UM-,
5|o-?
xq,jj
(dG.&p
q%q#]hU
b}wwS
k??u<
KFSMJ/
RzJ9Y2
g|z5re
4n%)Y
U2LKD
(/vS0:
fzP"=
P++eXn\%
|~va=O7
DP~%HWb
>>yubS
-L[h,
,Lb.S
x+gB`
<EH`i
z"<=-
M9B/r
YBNlW!
#4e{rX
>u4<^
"O9F4
GQ OA
,=PzW
>4miK
X\GlN
gE:|d
1kpC8
.k\ZC
YZvQi
W/`!e
#/^Rn;
4sdZc
zjO1x.NM
kO#ts
p(*eT
n16Qu4`
m2hU_
_zd7m
"r'qYH
[_)F6
}zW3mE
$k{t4
~(}2e
7wMb4_
>8V2rq
:m[8A
{"H49Z
QeK/A5
DZplxM6`
pL9Ip
L7_]
RV`GS/
#4wc_
a-UF)u]
f~/]znh
'ZFwy
K\vb49
?(ls^
gv\w~,h,28
~vq2k
IPd;e
V45hL1?
5>\|}E
&^^;W
vNSGu
`yyJ1
Dx7n=
#uj3uk
6}u[m
XzfafNZ
gGO^^
Z$dw/
w)]5&
i|~%+
%qZX8t
Z >HJ
>cn1z
O_Q^9<
_u`N*
\v3L|
}aQaw
|xO?vI
V*51z2;
/_+Wo0
vuLZl
p{!&d
)XeC1
O)~\4
/NlMT
SG5]G
(=g-I
v3G#x
C|R @'D
eA[U)
103(q0
RKPk(
;DZ~j
:El9%y
5~kYA
x.)?&/HV
B[+YO
q%gYO>oN
x:5>l
@s^xV
o_Kzg
|F#x(
||0<5
5{Mfb
Y\UEN)I
~smo^
T/{t"
j!n)B
p-J,)p
QQbam
7xx)I
7.P^^
($}`|PM
,>5%|v
"&-v:
J|93 `
<5Y(2vA
"^R5we
6xo#?
''s{@A
w%pGG
{\MP-
1!IvNM3
4P*KjXQ
a5(qR
+5:@R
:Sh`+
I??D~
(Zz&`
2EBl
6fIOgX
Gt=m.E
/,!i?
5k#W^g
sS|au
tz~(un
ZTc0Z
!eKPUI`B
#mHy()_
KJj9u
,8d0]
t4|vWi
@Wh$<
b 5(L
@Ht2+i
|eom4s^
\~Ymo
|Rs-7V
0kF+7
`;s'N7
R=[3{
OXl`j|os
^\6*l;
7_m3-
*puw0
U"x"\
?}5Gw
#|E`t
}L,]P
EKs\>_]
NI?oW5
G{-RE&
Xq")G*)
JhaXXhx
}yicn
7u}NL:xdB
3Hwn,N
Q$p1>
B'F8%Da
dTlw..LI.
3?=pB
jvKX1U
B<ht>
e UCJU
UL]9PZ
>a}z]8
0PDKS
OM&G#{
,@QD)
2B2Ti
8GL)&
lpM3+
8fLlP
S`^c"
&s\@QSM}
C*J&Bc
;(G59.
Zg_9.B
!)AK)V
fn{eY
gN;Fc
Q>NvQ
?6[lo
!227(<&(
6 9)]
-?_-t
K<LEj
w'CSe*S
*<jOt|
e2&o^
[K.6=
Y[4m_
7^d]|u
k4l!lD
yg~+R-nX
WC}x!X
2:{7Hc
.Oj]Z
0t_&{qP
iuxx<
>O9uW
K&&MX8
Wd'V/2
0OVOO
On-gJ
/#t-.f)
!:uob
D:5~+U
Rd4LU
nF.!{)4
HU3J4
bTI?<P4
Tk#IV
0S)!B
]|=&zn
5jX)3>^O;
Ov{:j
Tfl<p{
ni=2{
|?\D
xja>uZ
a_} vl
>|3h&d1
Ttn%r
gH>^o
odKJ(
?Vgg&
E'E'(
\f9nEw
(A&=
<UdHj
vh>x2xK
4,HEc
hoM^h
77Eh$
BG:_O
Qr<,y
^o>:I
)c\+'
ac|C]aeb
`+|z+
&{[_&
'M&R17
ODI{@>m
*%/e0v
]D4#_
l&=)0Ye
nb^s~
z{mt<29
6*G]Z
&[HdT
[4cP,
iC0ql
?jk+L
L^rdUB
qc}8}3
<d:rl
h4g9f
uS_sfju
VRe+w
u#8g}]
{nIIk
us`0gQZ)
2~%\G/
p.F,;F
\3/,8
exwL]
_~M6\f
j*xcP8
d'yTD+
1>[Ho
pC>&9
"b*[=7a
j~DX7
G5C2+
F/SU,
:3Y=w
nnw"O$
(v>T_
t|7BD
(Di\m*
"ps>d#
vH40,
@w`yyc
3nll4i
7-cW6
WU<uQHk
zNv[Z
cjJ.D
mi7+^
izHuD^
76+4+D
alX^s
h'2q=
kgR%Rb
R_['A
$/{H4..|
=\~|x.
na4!,L
i042R
1N<7j
VOw,H.sc
,/}:4
=FozCN
`sDxE
>70|t
4+[P(hA
`N9Zy
VFNFXq
@Jp/c
Q9x"\
4sv3bpc(
q#l8u.
$uK6+'
N86fb
3[[+n
@& HE
2KN^N+>
8$<1k
R/5SW
pBl(b
t6lx,
IK/d-
I:.:-
i5^IT
]Y2S5
%))z&
%fW&L
l`![p6
r+d-J
wb^Oz
9J^~Q
6wT?;H
:)bCZ":
+1pN0
GF-Ip/K
Cm?Kx
MFp+RB
d>?Sdyz
Pg.se"~
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
#GUID
#Blob
#GUID
#Strings
#Blob
#Schema
7 > T ] c m
!G!Q!
"K"Q"W"]"c"i"p"w"~"
"i#p#w#~#
#c$j$y$
%$%:%B%S%Z%b%j%t%{%
%.&6&D&T&\&h&~&
&''Q'
()(m(
E Q j u&
'D(P(\(
ZAkA-z
W:I0:f
yYLH2q
QYJd.exe
mscorlib
SuppressIldasmAttribute
System.Runtime.CompilerServices
.ctor
<Module>
.cctor
System
Process
System.Diagnostics
CloseHandle
kernel32.dll
IsDebuggerPresent
OutputDebugString
Thread
System.Threading
ParameterizedThreadStart
ValueType
NtQueryInformationProcess
ntdll.dll
Win32Exception
System.ComponentModel
MyApplication
ScrapBook.My
Microsoft.VisualBasic
WindowsFormsApplicationBase
Microsoft.VisualBasic.ApplicationServices
OnCreateMainForm
OnCreateSplashScreen
System.Windows.Forms
MyComputer
Computer
Microsoft.VisualBasic.Devices
MyProject
Object
m_ComputerObjectProvider
m_AppObjectProvider
m_UserObjectProvider
m_MyFormsObjectProvider
m_MyWebServicesObjectProvider
get_Computer
get_Application
get_User
get_Forms
get_WebServices
Application
Forms
WebServices
MyForms
m_FormBeingCreated
Hashtable
System.Collections
m_AddUpdateBooks
m_AddUpdateSupport
m_AddUpdateUser
m_AdminHome
m_AdminLoginPage
m_BooksHandler
m_ChatPage
m_ChatPost
m_Credits
m_DeactivateSubPage
m_ForgotPage
m_HomePage
m_MainPage
m_PostPage
m_ProfilePage
m_SettingsPage
m_SplashScreen1
m_Support
m_SupportHandler
m_UsersHandler
Create__Instance__
Instance
Dispose__Instance__
instance
Equals
GetHashCode
GetType
ToString
get_AddUpdateBooks
get_AddUpdateSupport
get_AddUpdateUser
get_AdminHome
get_AdminLoginPage
get_BooksHandler
get_ChatPage
get_ChatPost
get_Credits
get_DeactivateSubPage
get_ForgotPage
get_HomePage
get_MainPage
get_PostPage
get_ProfilePage
get_SettingsPage
get_SplashScreen1
get_Support
get_SupportHandler
get_UsersHandler
set_AddUpdateBooks
Value
set_AddUpdateSupport
set_AddUpdateUser
set_AdminHome
set_AdminLoginPage
set_BooksHandler
set_ChatPage
set_ChatPost
set_Credits
set_DeactivateSubPage
set_ForgotPage
set_HomePage
set_MainPage
set_PostPage
set_ProfilePage
set_SettingsPage
set_SplashScreen1
set_Support
set_SupportHandler
set_UsersHandler
RuntimeTypeHandle
InvalidOperationException
Exception
ArgumentException
AddUpdateBooks
AddUpdateSupport
AddUpdateUser
AdminHome
AdminLoginPage
BooksHandler
ChatPage
ChatPost
Credits
DeactivateSubPage
ForgotPage
HomePage
MainPage
PostPage
ProfilePage
SettingsPage
SplashScreen1
Support
SupportHandler
UsersHandler
MyWebServices
ThreadSafeObjectProvider`1
m_ThreadStaticValue
get_GetInstance
GetInstance
Resources
ScrapBook.My.Resources
resourceMan
ResourceManager
System.Resources
resourceCulture
CultureInfo
System.Globalization
get_ResourceManager
get_Culture
set_Culture
get_Blue
get_aETTbsqHa
System.Drawing
Bitmap
Assembly
System.Reflection
Culture
aETTbsqHa
MySettings
ApplicationSettingsBase
System.Configuration
defaultInstance
addedHandler
addedHandlerLockObject
AutoSaveSettings
EventArgs
sender
get_Default
get_ScrapDBConnectionString
SettingsBase
ShutdownEventHandler
Default
ScrapDBConnectionString
MySettingsProperty
get_Settings
Settings
ScrapBook
components
IContainer
_Label3
Label
_Label2
_Label1
_Button2
Button
_Button1
_TextBox3
TextBox
_TextBox2
_TextBox1
_Button3
Dispose
disposing
InitializeComponent
get_Label3
set_Label3
WithEventsValue
get_Label2
set_Label2
get_Label1
set_Label1
get_Button2
set_Button2
get_Button1
set_Button1
get_TextBox3
set_TextBox3
get_TextBox2
set_TextBox2
get_TextBox1
set_TextBox1
get_Button3
set_Button3
Button1_Click
AddUpdateBooks_Load
Button2_Click
Button3_Click
EventHandler
IDisposable
Control
Point
ButtonBase
ContainerControl
SizeF
AutoScaleMode
Color
ControlCollection
MsgBoxResult
MsgBoxStyle
System.Data
SqlCommand
System.Data.SqlClient
SqlConnection
DialogResult
Label3
Label2
Label1
Button2
Button1
TextBox3
TextBox2
TextBox1
Button3
AddUpdateSupport_Load
_TextBox4
_TextBox5
_TextBox6
_Label4
_Label5
_Label6
get_TextBox4
set_TextBox4
get_TextBox5
set_TextBox5
get_TextBox6
set_TextBox6
get_Label4
set_Label4
get_Label5
set_Label5
get_Label6
set_Label6
AddUpdateUser_Load
TextBox4_Leave
EmailAddressCheck
emailaddress
Match
System.Text.RegularExpressions
Group
TextBox4
TextBox5
TextBox6
Label4
Label5
Label6
_PictureBox1
PictureBox
_Button4
get_PictureBox1
set_PictureBox1
get_Button4
set_Button4
writetextboxtolabel
Button4_Click
ISupportInitialize
FontStyle
GraphicsUnit
BorderStyle
PictureBox1
Button4
_Button6
_Button5
_DataGridView1
DataGridView
_Button7
_ScrapDBDataSet
_BooksBindingSource
BindingSource
_BooksTableAdapter
_TitleDataGridViewTextBoxColumn
DataGridViewTextBoxColumn
_DetailsDataGridViewTextBoxColumn
_AuthorDataGridViewTextBoxColumn
_ContextMenuStrip1
ContextMenuStrip
_DeleteRowToolStripMenuItem
ToolStripMenuItem
rowIndex
get_Button6
set_Button6
get_Button5
set_Button5
get_DataGridView1
set_DataGridView1
get_Button7
set_Button7
get_ScrapDBDataSet
set_ScrapDBDataSet
get_BooksBindingSource
set_BooksBindingSource
get_BooksTableAdapter
set_BooksTableAdapter
get_TitleDataGridViewTextBoxColumn
set_TitleDataGridViewTextBoxColumn
get_DetailsDataGridViewTextBoxColumn
set_DetailsDataGridViewTextBoxColumn
get_AuthorDataGridViewTextBoxColumn
set_AuthorDataGridViewTextBoxColumn
get_ContextMenuStrip1
set_ContextMenuStrip1
get_DeleteRowToolStripMenuItem
set_DeleteRowToolStripMenuItem
BooksHandler_Load
ContextMenuStrip1_Click
DataGridView1_CellMouseUp
DataGridViewCellMouseEventArgs
Button6_Click
Button5_Click
Button7_Click
Container
DataGridViewAutoSizeColumnsMode
DataGridViewAutoSizeRowsMode
DataGridViewColumnHeadersHeightSizeMode
DataGridViewColumnCollection
DataGridViewColumn
DataSet
ToolStripItemCollection
ToolStrip
ToolStripItem
DataGridViewCellMouseEventHandler
DataGridViewRowCollection
DataGridViewRow
MouseButtons
MouseEventArgs
DataGridViewCellCollection
DataGridViewCell
ToolStripDropDown
Button6
Button5
DataGridView1
Button7
ScrapDBDataSet
BooksBindingSource
BooksTableAdapter
TitleDataGridViewTextBoxColumn
DetailsDataGridViewTextBoxColumn
AuthorDataGridViewTextBoxColumn
ContextMenuStrip1
DeleteRowToolStripMenuItem
ChatPost_Load
writelabeltolabel
InternalPartitionEnumerator
StackTrace
NextSink
Compressor
Xosh_Maza
Encoding
System.Text
Array
_GroupBox1
GroupBox
_GroupBox3
_GroupBox4
_GroupBox5
_PictureBox3
_PictureBox2
get_GroupBox1
set_GroupBox1
get_GroupBox3
set_GroupBox3
get_GroupBox4
set_GroupBox4
get_GroupBox5
set_GroupBox5
get_PictureBox3
set_PictureBox3
get_PictureBox2
set_PictureBox2
Credits_Load
PictureBoxSizeMode
ImageLayout
GroupBox1
GroupBox3
GroupBox4
GroupBox5
PictureBox3
PictureBox2
tableAdmin
tableBooks
tableChats
tableLogin
tableSupport
_schemaSerializationMode
SchemaSerializationMode
SerializationInfo
System.Runtime.Serialization
StreamingContext
context
get_Admin
get_Books
get_Chats
get_Login
get_SchemaSerializationMode
set_SchemaSerializationMode
get_Tables
DataTableCollection
get_Relations
DataRelationCollection
InitializeDerivedDataSet
Clone
ShouldSerializeTables
ShouldSerializeRelations
ReadXmlSerializable
System.Xml
XmlReader
reader
GetSchemaSerializable
XmlSchema
System.Xml.Schema
InitVars
initTable
InitClass
ShouldSerializeAdmin
ShouldSerializeBooks
ShouldSerializeChats
ShouldSerializeLogin
ShouldSerializeSupport
SchemaChanged
CollectionChangeEventArgs
GetTypedDataSetSchema
XmlSchemaComplexType
XmlSchemaSet
CollectionChangeEventHandler
StringReader
System.IO
XmlTextReader
TextReader
DataTable
MissingSchemaAction
XmlReadMode
MemoryStream
XmlTextWriter
Stream
XmlWriter
ValidationEventHandler
CollectionChangeAction
XmlSchemaSequence
XmlSchemaAny
XmlSchemaObjectCollection
XmlSchemaObject
XmlSchemaParticle
ICollection
IEnumerator
IEnumerable
Admin
Books
Chats
Login
Tables
Relations
AdminRowChangeEventHandler
MulticastDelegate
TargetObject
TargetMethod
BeginInvoke
IAsyncResult
AsyncCallback
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
BooksRowChangeEventHandler
ChatsRowChangeEventHandler
LoginRowChangeEventHandler
SupportRowChangeEventHandler
AdminDataTable
System.Data.DataSetExtensions
TypedTableBase`1
columnAdmin
DataColumn
columnPassword
AdminRowChangingEvent
AdminRowChangedEvent
AdminRowDeletingEvent
AdminRowDeletedEvent
table
get_AdminColumn
get_PasswordColumn
get_Count
get_Item
index
add_AdminRowChanging
remove_AdminRowChanging
add_AdminRowChanged
remove_AdminRowChanged
add_AdminRowDeleting
remove_AdminRowDeleting
add_AdminRowDeleted
remove_AdminRowDeleted
AddAdminRow
Password
FindByAdmin
CreateInstance
NewAdminRow
NewRowFromBuilder
DataRow
DataRowBuilder
builder
GetRowType
OnRowChanged
DataRowChangeEventArgs
OnRowChanging
OnRowDeleted
OnRowDeleting
RemoveAdminRow
GetTypedTableSchema
DataRowCollection
Delegate
DataColumnCollection
MappingType
ConstraintCollection
UniqueConstraint
Constraint
DataRowAction
Decimal
XmlSchemaContentProcessing
XmlSchemaAttribute
AdminRowChanging
AdminRowChanged
AdminRowDeleting
AdminRowDeleted
AdminColumn
PasswordColumn
Count
BooksDataTable
columnTitle
columnDetails
columnAuthor
BooksRowChangingEvent
BooksRowChangedEvent
BooksRowDeletingEvent
BooksRowDeletedEvent
get_TitleColumn
get_DetailsColumn
get_AuthorColumn
add_BooksRowChanging
remove_BooksRowChanging
add_BooksRowChanged
remove_BooksRowChanged
add_BooksRowDeleting
remove_BooksRowDeleting
add_BooksRowDeleted
remove_BooksRowDeleted
AddBooksRow
Title
Details
Author
FindByTitle
NewBooksRow
RemoveBooksRow
BooksRowChanging
BooksRowChanged
BooksRowDeleting
BooksRowDeleted
TitleColumn
DetailsColumn
AuthorColumn
ChatsDataTable
columnUserName
columnMessages
ChatsRowChangingEvent
ChatsRowChangedEvent
ChatsRowDeletingEvent
ChatsRowDeletedEvent
get_UserNameColumn
get_MessagesColumn
add_ChatsRowChanging
remove_ChatsRowChanging
add_ChatsRowChanged
remove_ChatsRowChanged
add_ChatsRowDeleting
remove_ChatsRowDeleting
add_ChatsRowDeleted
remove_ChatsRowDeleted
AddChatsRow
UserName
Messages
FindByUserName
NewChatsRow
RemoveChatsRow
ChatsRowChanging
ChatsRowChanged
ChatsRowDeleting
ChatsRowDeleted
UserNameColumn
MessagesColumn
LoginDataTable
columnAbout
columnEmail
columnOccupation
columnPhone
LoginRowChangingEvent
LoginRowChangedEvent
LoginRowDeletingEvent
LoginRowDeletedEvent
get_AboutColumn
get_EmailColumn
get_OccupationColumn
get_PhoneColumn
add_LoginRowChanging
remove_LoginRowChanging
add_LoginRowChanged
remove_LoginRowChanged
add_LoginRowDeleting
remove_LoginRowDeleting
add_LoginRowDeleted
remove_LoginRowDeleted
AddLoginRow
About
Email
Occupation
Phone
NewLoginRow
RemoveLoginRow
LoginRowChanging
LoginRowChanged
LoginRowDeleting
LoginRowDeleted
AboutColumn
EmailColumn
OccupationColumn
PhoneColumn
SupportDataTable
columnReply
SupportRowChangingEvent
SupportRowChangedEvent
SupportRowDeletingEvent
SupportRowDeletedEvent
get_ReplyColumn
add_SupportRowChanging
remove_SupportRowChanging
add_SupportRowChanged
remove_SupportRowChanged
add_SupportRowDeleting
remove_SupportRowDeleting
add_SupportRowDeleted
remove_SupportRowDeleted
AddSupportRow
Reply
NewSupportRow
RemoveSupportRow
SupportRowChanging
SupportRowChanged
SupportRowDeleting
SupportRowDeleted
ReplyColumn
AdminRow
set_Admin
get_Password
set_Password
BooksRow
get_Title
set_Title
get_Details
set_Details
get_Author
set_Author
ChatsRow
get_UserName
set_UserName
get_Messages
set_Messages
LoginRow
get_About
set_About
get_Email
set_Email
get_Occupation
set_Occupation
get_Phone
set_Phone
IsAboutNull
SetAboutNull
IsEmailNull
SetEmailNull
IsOccupationNull
SetOccupationNull
IsPhoneNull
SetPhoneNull
StrongTypingException
SupportRow
get_Reply
set_Reply
IsReplyNull
SetReplyNull
AdminRowChangeEvent
eventRow
eventAction
action
get_Row
get_Action
Action
BooksRowChangeEvent
ChatsRowChangeEvent
LoginRowChangeEvent
SupportRowChangeEvent
AdminTableAdapter
ScrapBook.ScrapDBDataSetTableAdapters
Component
__adapter
SqlDataAdapter
_connection
_transaction
SqlTransaction
_commandCollection
_clearBeforeFill
get__adapter
set__adapter
get_Adapter
get_Connection
set_Connection
get_Transaction
set_Transaction
get_CommandCollection
get_ClearBeforeFill
set_ClearBeforeFill
InitAdapter
InitConnection
InitCommandCollection
dataTable
GetData
Update
dataSet
dataRow
dataRows
Delete
Original_Admin
Original_Password
Insert
DataTableMapping
System.Data.Common
DataColumnMappingCollection
DataColumnMapping
DataTableMappingCollection
DataAdapter
CommandType
SqlParameterCollection
SqlParameter
SqlDbType
ParameterDirection
DataRowVersion
DbDataAdapter
ArgumentNullException
ConnectionState
_adapter
Adapter
Connection
Transaction
CommandCollection
ClearBeforeFill
Original_Title
Original_Author
ChatsTableAdapter
Original_UserName
LoginTableAdapter
Nullable`1
Original_Email
Original_Occupation
Original_Phone
SupportTableAdapter
TableAdapterManager
_updateOrder
_adminTableAdapter
_booksTableAdapter
_chatsTableAdapter
_loginTableAdapter
_supportTableAdapter
_backupDataSetBeforeUpdate
IDbConnection
get_UpdateOrder
set_UpdateOrder
get_AdminTableAdapter
set_AdminTableAdapter
get_ChatsTableAdapter
set_ChatsTableAdapter
get_LoginTableAdapter
set_LoginTableAdapter
get_SupportTableAdapter
set_SupportTableAdapter
get_BackupDataSetBeforeUpdate
set_BackupDataSetBeforeUpdate
get_TableAdapterInstanceCount
UpdateUpdatedRows
List`1
System.Collections.Generic
allChangedRows
allAddedRows
UpdateInsertedRows
UpdateDeletedRows
GetRealUpdatedRows
updatedRows
UpdateAll
SortSelfReferenceRows
DataRelation
relation
childFirst
MatchTableAdapterConnection
inputConnection
DataViewRowState
ApplicationException
IDbTransaction
StringComparison
UpdateOrder
BackupDataSetBeforeUpdate
TableAdapterInstanceCount
UpdateOrderOption
value__
InsertUpdateDelete
UpdateInsertDelete
SelfReferenceComparer
IComparer`1
_relation
_childFirst
GetRoot
distance
Compare
_SupportBindingSource
_SupportTableAdapter
_UserNameDataGridViewTextBoxColumn
_MessagesDataGridViewTextBoxColumn
_ReplyDataGridViewTextBoxColumn
get_SupportBindingSource
set_SupportBindingSource
get_UserNameDataGridViewTextBoxColumn
set_UserNameDataGridViewTextBoxColumn
get_MessagesDataGridViewTextBoxColumn
set_MessagesDataGridViewTextBoxColumn
get_ReplyDataGridViewTextBoxColumn
set_ReplyDataGridViewTextBoxColumn
Support_Load
DataGridViewClipboardCopyMode
SupportBindingSource
UserNameDataGridViewTextBoxColumn
MessagesDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
SupportHandler_Load
_LoginBindingSource
_LoginTableAdapter
_PasswordDataGridViewTextBoxColumn
_AboutDataGridViewTextBoxColumn
_EmailDataGridViewTextBoxColumn
_OccupationDataGridViewTextBoxColumn
_PhoneDataGridViewTextBoxColumn
get_LoginBindingSource
set_LoginBindingSource
get_PasswordDataGridViewTextBoxColumn
set_PasswordDataGridViewTextBoxColumn
get_AboutDataGridViewTextBoxColumn
set_AboutDataGridViewTextBoxColumn
get_EmailDataGridViewTextBoxColumn
set_EmailDataGridViewTextBoxColumn
get_OccupationDataGridViewTextBoxColumn
set_OccupationDataGridViewTextBoxColumn
get_PhoneDataGridViewTextBoxColumn
set_PhoneDataGridViewTextBoxColumn
AdminHandler_Load
LoginBindingSource
PasswordDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
EmailDataGridViewTextBoxColumn
OccupationDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
AdminLoginPage_Load
SqlDataReader
_GroupBox2
_ChatsBindingSource
_ChatsTableAdapter
get_GroupBox2
set_GroupBox2
get_ChatsBindingSource
set_ChatsBindingSource
ChatPage_Load
GroupBox2
ChatsBindingSource
dBconn
connectionstring
executesqlstmt
ForgotPage_Load
TextBox2_Leave
PostPage_Load
_ComboBox1
ComboBox
connection
get_ComboBox1
set_ComboBox1
ProfilePage_Load
ObjectCollection
ComboBox1
PictureBox1_Click
Label1_Click
PictureBox3_Click
Label2_Click
HomePage_Load
PictureBox2_Click
Button3_Click_1
ComponentResourceManager
DataGridViewCellBorderStyle
_LinkLabel1
LinkLabel
_Label7
_Label8
LinkLabel1_LinkClicked
LinkLabelLinkClickedEventArgs
Label8_Click
TextBox5_Leave
GroupBox1_Enter
get_LinkLabel1
set_LinkLabel1
get_Label7
set_Label7
get_Label8
set_Label8
TextBoxBase
ContentAlignment
LinkLabelLinkClickedEventHandler
LinkLabel1
Label7
Label8
SettingsPage_Load
_MainLayoutPanel
TableLayoutPanel
get_MainLayoutPanel
set_MainLayoutPanel
SplashScreen1_Load
TableLayoutColumnStyleCollection
ColumnStyle
SizeType
DockStyle
TableLayoutRowStyleCollection
RowStyle
FormBorderStyle
FormStartPosition
AssemblyInfo
ApplicationBase
MainLayoutPanel
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
GeneratedCodeAttribute
System.CodeDom.Compiler
EditorBrowsableAttribute
EditorBrowsableState
STAThreadAttribute
DebuggerHiddenAttribute
DebuggerStepThroughAttribute
StandardModuleAttribute
Microsoft.VisualBasic.CompilerServices
HideModuleNameAttribute
HelpKeywordAttribute
System.ComponentModel.Design
MyGroupCollectionAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
DebuggerNonUserCodeAttribute
ApplicationScopedSettingAttribute
SpecialSettingAttribute
SpecialSetting
DefaultSettingValueAttribute
DesignerGeneratedAttribute
DebuggerBrowsableAttribute
DebuggerBrowsableState
AccessedThroughPropertyAttribute
DesignerCategoryAttribute
ToolboxItemAttribute
XmlSchemaProviderAttribute
System.Xml.Serialization
XmlRootAttribute
BrowsableAttribute
DesignerSerializationVisibilityAttribute
DesignerSerializationVisibility
DefaultMemberAttribute
DataObjectAttribute
DesignerAttribute
DataObjectMethodAttribute
DataObjectMethodType
EditorAttribute
ScrapBook.AddUpdateBooks.resources
ScrapBook.AddUpdateSupport.resources
ScrapBook.AddUpdateUser.resources
ScrapBook.AdminHome.resources
ScrapBook.BooksHandler.resources
ScrapBook.ChatPost.resources
ScrapBook.Credits.resources
ScrapBook.Support.resources
ScrapBook.SupportHandler.resources
ScrapBook.UsersHandler.resources
ScrapBook.AdminLoginPage.resources
ScrapBook.ChatPage.resources
ScrapBook.DeactivateSubPage.resources
ScrapBook.ForgotPage.resources
ScrapBook.PostPage.resources
ScrapBook.ProfilePage.resources
ScrapBook.HomePage.resources
ScrapBook.MainPage.resources
ScrapBook.Resources.resources
ScrapBook.SettingsPage.resources
ScrapBook.SplashScreen1.resources
IntPtr
op_Equality
get_Size
String
Concat
Environment
GetEnvironmentVariable
FailFast
get_ProcessName
ToLower
Contains
set_IsBackground
Start
get_CurrentThread
Sleep
Debugger
get_IsAttached
IsLogging
GetCurrentProcess
get_Handle
Close
get_IsAlive
ToInt32
GetProcessById
Marshal
SizeOf
get_UseCompatibleTextRendering
AuthenticationMode
set_IsSingleInstance
set_EnableVisualStyles
set_ShutdownStyle
ShutdownMode
set_MainForm
SetCompatibleTextRenderingDefault
set_SaveMySettingsOnExit
set_SplashScreen
TargetInvocationException
get_IsDisposed
Activator
GetTypeFromHandle
ContainsKey
Utils
GetResourceString
ProjectData
SetProjectError
get_InnerException
get_Message
Remove
RuntimeHelpers
GetObjectValue
ReferenceEquals
get_Assembly
GetObject
Synchronized
get_SaveMySettingsOnExit
ObjectFlowControl
CheckForSyncLockOnValueType
Monitor
Enter
add_Shutdown
Conversions
get_Tomato
SqlException
add_Load
SuspendLayout
set_AutoSize
set_Location
set_Name
set_Size
set_TabIndex
set_Text
set_UseVisualStyleBackColor
set_Multiline
set_AutoScaleDimensions
set_AutoScaleMode
set_BackColor
set_ClientSize
get_Controls
ResumeLayout
PerformLayout
remove_Click
add_Click
get_Text
Operators
CompareString
Interaction
MsgBox
ExecuteNonQuery
MessageBox
ClearProjectError
SystemColors
get_MenuHighlight
set_PasswordChar
get_AppWorkspace
remove_Leave
add_Leave
Focus
Regex
get_Success
get_SandyBrown
BeginInit
set_Font
set_BorderStyle
set_TabStop
EndInit
get_White
get_RosyBrown
get_SlateGray
set_AutoGenerateColumns
set_AutoSizeColumnsMode
set_AutoSizeRowsMode
set_BackgroundColor
set_ColumnHeadersHeightSizeMode
get_Columns
AddRange
set_DataSource
set_GridColor
set_DataPropertyName
set_HeaderText
set_Width
set_DataMember
set_DataSetName
get_Items
remove_CellMouseUp
add_CellMouseUp
get_Rows
get_IsNewRow
RemoveAt
get_Button
get_RowIndex
set_Selected
get_Cells
set_CurrentCell
get_Location
Cursor
get_Position
get_Teal
get_ButtonHighlight
set_ForeColor
Int32
Boolean
get_BigEndianUnicode
GetBytes
get_Length
CopyArray
NewLateBinding
LateIndexGet
LateGet
GetTypes
get_DarkViolet
get_Violet
set_SizeMode
set_BackgroundImageLayout
GetSerializationData
IsBinarySerialized
DetermineSchemaSerializationMode
add_CollectionChanged
GetValue
ReadXmlSchema
get_DataSetName
get_Prefix
set_Prefix
get_Namespace
set_Namespace
get_Locale
set_Locale
get_CaseSensitive
set_CaseSensitive
get_EnforceConstraints
set_EnforceConstraints
Merge
Reset
ReadXml
WriteXmlSchema
set_Position
set_Particle
get_TargetNamespace
Write
Schemas
GetEnumerator
get_Current
SetLength
ReadByte
MoveNext
Interlocked
CompareExchange
set_TableName
get_TableName
get_DataSet
get_MinimumCapacity
set_MinimumCapacity
Combine
NewRow
set_ItemArray
get_Constraints
set_AllowDBNull
set_Unique
set_MaxLength
set_MinOccurs
set_MaxOccurs
set_ProcessContents
set_FixedValue
get_Attributes
get_Table
set_Item
InvalidCastException
Convert
DBNull
ToDecimal
IsNull
get_InsertCommand
get_DeleteCommand
get_UpdateCommand
set_SourceTable
set_DataSetTable
get_ColumnMappings
get_TableMappings
set_DeleteCommand
set_CommandText
set_CommandType
get_Parameters
set_InsertCommand
set_UpdateCommand
set_ConnectionString
set_SelectCommand
Clear
set_Value
get_State
get_HasValue
get_Value
IEnumerable`1
ToArray
Dictionary`2
CopyTo
Select
HasChanges
BeginTransaction
get_AcceptChangesDuringUpdate
set_AcceptChangesDuringUpdate
Commit
AcceptChanges
Rollback
Debug
Assert
SetAdded
get_ConnectionString
IDictionary`2
ICollection`1
KeyValuePair`2
CompareTo
GetParentRow
IndexOf
get_Olive
set_AllowUserToAddRows
set_AllowUserToDeleteRows
set_AllowUserToOrderColumns
set_ClipboardCopyMode
get_LightSalmon
get_Red
get_Chocolate
get_Yellow
get_Transparent
set_DoubleBuffered
get_DarkGreen
ExecuteReader
get_SteelBlue
get_ButtonFace
get_Peru
get_Crimson
get_Tan
get_Brown
get_Salmon
get_MidnightBlue
get_WhiteSmoke
get_ActiveCaptionText
set_CellBorderStyle
set_ReadOnly
set_Icon
get_DarkOliveGreen
get_Black
FromArgb
get_Lime
set_LinkColor
set_VisitedLinkColor
get_Control
set_ImageAlign
remove_LinkClicked
add_LinkClicked
remove_Enter
add_Enter
get_DarkRed
set_ColumnCount
get_ColumnStyles
set_Dock
get_RowStyles
set_ControlBox
set_FormBorderStyle
set_MaximizeBox
set_MinimizeBox
set_ShowInTaskbar
set_StartPosition
get_Info
!eFx.
WrapNonExceptionThrows
ScrapBook
Copyright
2017
$1c6213db-06c8-4009-b436-92604df14741
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
MyTemplate
11.0.0.0
My.Computer
My.Application
My.User
My.Forms
My.WebServices
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.7.0.0
RData Source=(localdb)\ProjectsV13;Initial Catalog=ScrapDB;Integrated Security=True
My.Settings
Label3
Label2
Label1
Button2
Button1
TextBox3
TextBox2
TextBox1
Button3
TextBox4
TextBox5
TextBox6
Label4
Label5
Label6
PictureBox1
Button4
Button6
Button5
DataGridView1
Button7
ScrapDBDataSet
BooksBindingSource
BooksTableAdapter
TitleDataGridViewTextBoxColumn
DetailsDataGridViewTextBoxColumn
AuthorDataGridViewTextBoxColumn
ContextMenuStrip1
DeleteRowToolStripMenuItem
GroupBox1
GroupBox3
GroupBox4
GroupBox5
PictureBox3
PictureBox2
GetTypedDataSetSchema
vs.data.DataSet
(System.Data.Design.TypedDataSetGenerator
16.0.0.0
GetTypedTableSchema
Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
vs.data.TableAdapter
_adapter
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
vs.data.TableAdapterManager
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerPropertyEditor, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"System.Drawing.Design.UITypeEditor
SupportBindingSource
SupportTableAdapter
!UserNameDataGridViewTextBoxColumn
!MessagesDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
LoginBindingSource
LoginTableAdapter
!PasswordDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
EmailDataGridViewTextBoxColumn
#OccupationDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
GroupBox2
ChatsBindingSource
ChatsTableAdapter
ComboBox1
LinkLabel1
Label7
Label8
MainLayoutPanel
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
$this.Icon
aETTbsqHa
_PROFILER
dnspy
_ENABLE_PROFILING
WinForms_RecursiveFormCreate
WinForms_SeeInnerException
Property can only be set to Nothing
ScrapBook.Resources
aETTbsqHa
ScrapDBConnectionString
BookTitle
Button3
Button2
AboutBook
Label2
Delete
TextBox2
AddUpdateBooks
Button1
TextBox1
Label3
Update
Label1
TextBox3
Author
Don't keep blank Credentials for Author
Don't keep blank Credentials for Title
Don't keep blank Credentials for Details
insert into Books (Title, Details, Author) values ('
Book Posted
Delete From Books Where Title='
Book Deleted
Update Books Set Details='
', Author = '
' WHERE Title='
Book Updated
UserName
AddUpdateSupport
Message
Reply
Update Support Set Reply='
' WHERE UserName='
Don't keep blank Credentials for message
Don't keep blank Credentials for User
Replied User
Delete From Support Where UserName='
Messages Deleted
TextBox5
About
Email
TextBox4
AddUpdateUser
Password
Occupation
TextBox6
Label5
Label4
Phone
Label6
Don't keep blank Credentials for Password
Don't keep blank Credentials for UserName
Update Login Set Password='
', Email = '
' , About = '
', Occupation = '
', Phone = '
Profile Updated
Delete From login Where UserName='
Profile Deleted
insert into Login (UserName, Password, About, Email, Phone, Occupation) values ('
Profile Added
Enter a Valid Email
Warning
^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$
AdminHome
Microsoft Sans Serif
SupportHandler DB
UsersHandler DB
PictureBox1
Button4
BooksHandler DB
SignOut
Details
Books
TitleDataGridViewTextBoxColumn
Delete Row
Support DB
Button5
ScrapDBDataSet
Refresh
Button7
Sign Out
Users DB
BooksHandler
Title
BooksHandlerDB
AuthorDataGridViewTextBoxColumn
Button6
DeleteRowToolStripMenuItem
DataGridView1
ContextMenuStrip1
DetailsDataGridViewTextBoxColumn
UserName:
ChatForm
ChatPost
Message:
Please fill the blank boxes
insert into Chats (UserName,Messages) values ('
bbDgElqPG
CreateInstance
Green
ScrapBook
Sarvesh Kumar Modi
15YASB7111
GroupBox5
Tejram Patel
15YASB7128
Georgia
GroupBox1
PictureBox3
Vishnu KP
15YASB7137
PictureBox2
Credits
GroupBox4
GroupBox3
Support
Login
Chats
Admin
XmlSchema
http://tempuri.org/ScrapDBDataSet.xsd
Constraint1
AdminDataTable
urn:schemas-microsoft-com:xml-diffgram-v1
namespace
tableTypeName
http://www.w3.org/2001/XMLSchema
BooksDataTable
Messages
ChatsDataTable
LoginDataTable
SupportDataTable
The value for column 'About' in table 'Login' is DBNull.
The value for column 'Email' in table 'Login' is DBNull.
The value for column 'Occupation' in table 'Login' is DBNull.
The value for column 'Phone' in table 'Login' is DBNull.
The value for column 'Reply' in table 'Support' is DBNull.
@Password
@Original_Admin
@Original_Password
@Admin
Table
INSERT INTO [dbo].[Admin] ([Admin], [Password]) VALUES (@Admin, @Password);
SELECT Admin, Password FROM Admin WHERE (Admin = @Admin)
DELETE FROM [dbo].[Admin] WHERE (([Admin] = @Original_Admin) AND ([Password] = @Original_Password))
UPDATE [dbo].[Admin] SET [Admin] = @Admin, [Password] = @Password WHERE (([Admin] = @Original_Admin) AND ([Password] = @Original_Password));
SELECT Admin, Password FROM Admin WHERE (Admin = @Admin)
SELECT Admin, Password FROM dbo.Admin
Original_Admin
Original_Password
@Title
@Details
@Author
INSERT INTO [dbo].[Books] ([Title], [Details], [Author]) VALUES (@Title, @Details, @Author);
SELECT Title, Details, Author FROM Books WHERE (Title = @Title)
@Original_Title
@Original_Author
DELETE FROM [dbo].[Books] WHERE (([Title] = @Original_Title) AND ([Author] = @Original_Author))
UPDATE [dbo].[Books] SET [Title] = @Title, [Details] = @Details, [Author] = @Author WHERE (([Title] = @Original_Title) AND ([Author] = @Original_Author));
SELECT Title, Details, Author FROM Books WHERE (Title = @Title)
SELECT Title, Details, Author FROM dbo.Books
Original_Title
Original_Author
@Original_UserName
@UserName
@Messages
UPDATE [dbo].[Chats] SET [UserName] = @UserName, [Messages] = @Messages WHERE (([UserName] = @Original_UserName));
SELECT UserName, Messages FROM Chats WHERE (UserName = @UserName)
INSERT INTO [dbo].[Chats] ([UserName], [Messages]) VALUES (@UserName, @Messages);
SELECT UserName, Messages FROM Chats WHERE (UserName = @UserName)
DELETE FROM [dbo].[Chats] WHERE (([UserName] = @Original_UserName))
SELECT UserName, Messages FROM dbo.Chats
Original_UserName
@About
@Email
DELETE FROM [dbo].[Login] WHERE (([UserName] = @Original_UserName) AND ([Password] = @Original_Password) AND ((@IsNull_Email = 1 AND [Email] IS NULL) OR ([Email] = @Original_Email)) AND ((@IsNull_Occupation = 1 AND [Occupation] IS NULL) OR ([Occupation] = @Original_Occupation)) AND ((@IsNull_Phone = 1 AND [Phone] IS NULL) OR ([Phone] = @Original_Phone)))
@IsNull_Email
INSERT INTO [dbo].[Login] ([UserName], [Password], [About], [Email], [Occupation], [Phone]) VALUES (@UserName, @Password, @About, @Email, @Occupation, @Phone);
SELECT UserName, Password, About, Email, Occupation, Phone FROM Login WHERE (UserName = @UserName)
@Phone
@Original_Occupation
@IsNull_Occupation
@IsNull_Phone
@Original_Phone
@Original_Email
UPDATE [dbo].[Login] SET [UserName] = @UserName, [Password] = @Password, [About] = @About, [Email] = @Email, [Occupation] = @Occupation, [Phone] = @Phone WHERE (([UserName] = @Original_UserName) AND ([Password] = @Original_Password) AND ((@IsNull_Email = 1 AND [Email] IS NULL) OR ([Email] = @Original_Email)) AND ((@IsNull_Occupation = 1 AND [Occupation] IS NULL) OR ([Occupation] = @Original_Occupation)) AND ((@IsNull_Phone = 1 AND [Phone] IS NULL) OR ([Phone] = @Original_Phone)));
SELECT UserName, Password, About, Email, Occupation, Phone FROM Login WHERE (UserName = @UserName)
@Occupation
SELECT UserName, Password, About, Email, Occupation, Phone FROM dbo.Login
DELETE FROM [dbo].[Support] WHERE (([UserName] = @Original_UserName))
INSERT INTO [dbo].[Support] ([UserName], [Messages], [Reply]) VALUES (@UserName, @Messages, @Reply);
SELECT UserName, Messages, Reply FROM Support WHERE (UserName = @UserName)
@Reply
UPDATE [dbo].[Support] SET [UserName] = @UserName, [Messages] = @Messages, [Reply] = @Reply WHERE (([UserName] = @Original_UserName));
SELECT UserName, Messages, Reply FROM Support WHERE (UserName = @UserName)
SELECT UserName, Messages, Reply FROM dbo.Support
The transaction cannot begin. The current data connection does not support transactions or the current state is not allowing the transaction to begin.
All TableAdapters managed by a TableAdapterManager must use the same connection string.
TableAdapterManager contains no connection information. Set each TableAdapterManager TableAdapter property to a valid TableAdapter instance.
dataSet
Post to Support
ReplyDataGridViewTextBoxColumn
UserNameDataGridViewTextBoxColumn
MessagesDataGridViewTextBoxColumn
Please fill the blank boxe
insert into Support (UserName, Messages) values ('
Support Message Sent
SupportHandler
Books DB
UsersHandler
EmailDataGridViewTextBoxColumn
OccupationDataGridViewTextBoxColumn
PasswordDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
UserHandlerDB
AdminLoginPage
Log In
ScrapBook Admin
Go Back
select Admin, Password from Admin where Admin = '
'AND Password = '
Don't leave Blank Credentials
OOOps login failed
ChatPage
GroupBox2
Integrated Security=true; Initial Catalog = ScrapDB ; Data source=(localdb)\ProjectsV13;
Your Account is Deactivated
DeactivateSubPage
Sign Up Again
Deactivation
Forgot Password
ForgotPage
NewPassWord
Reset
Update login Set Password = '
' WHERE Email ='
Passowrd Resest Done!!!
PostPage
Book Title
About The Book
Don't keep blank credentials
insert into Books (Title, Details, Author) values ('
Book Posted!!!
Server= (localdb)\ProjectsV13; Database = ScrapDB; Integrated Security = true
Reader
Publisher
Profile Page
About you
ProfilePage
Save/Update
ComboBox1
Update login Set Email = '
', Phone =
WHERE UserName='
Home
HomePage
$this.Icon
Profile
Settings
select UserName, Password from Login where UserName = '
Ooops!! Login Failed
Welcome Back...!!!
insert into Login (UserName, Password, Email) values ('
Welcome New User...!!!
MainPage
Login/SignUp
User Name*
Password*
Create An Account
Label7
helps you learn and share with the people in your life.
Welcome to ScrapBook
Sign Up
LinkLabel1
Label8
Forgot Password ?
Email*
Update Profile
Deactivate Account
SettingsPage
Ask For Support
Profile Deactivated
SplashScreen1
MainLayoutPanel
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
ScrapBook
FileVersion
1.0.0.0
InternalName
QYJd.exe
LegalCopyright
Copyright
2017
LegalTrademarks
OriginalFilename
QYJd.exe
ProductName
ScrapBook
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
No antivirus signatures available.
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.1.3 60886 1.1.1.1 53
192.168.1.3 60886 8.8.8.8 53

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

Source Destination ICMP Type Data
192.168.1.3 1.1.1.1 3
192.168.1.3 8.8.8.8 3

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
Defense Evasion
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1045 - Software Packing
    • Signature - packer_entropy

    Processing ( 8.734 seconds )

    • 5.233 Suricata
    • 1.306 CAPE
    • 0.902 Static
    • 0.355 VirusTotal
    • 0.251 NetworkAnalysis
    • 0.176 BehaviorAnalysis
    • 0.13 AnalysisInfo
    • 0.128 static_dotnet
    • 0.112 Deduplicate
    • 0.101 TargetInfo
    • 0.027 Strings
    • 0.007 peid
    • 0.005 Debug
    • 0.001 ProcDump

    Signatures ( 0.2960000000000001 seconds )

    • 0.05 antiav_detectreg
    • 0.021 infostealer_ftp
    • 0.018 territorial_disputes_sigs
    • 0.014 antiav_detectfile
    • 0.013 masquerade_process_name
    • 0.012 infostealer_im
    • 0.011 guloader_apis
    • 0.011 ransomware_files
    • 0.01 antianalysis_detectreg
    • 0.008 antianalysis_detectfile
    • 0.008 infostealer_bitcoin
    • 0.008 ransomware_extensions
    • 0.006 infostealer_mail
    • 0.005 antivm_vbox_files
    • 0.005 antivm_vbox_keys
    • 0.004 decoy_document
    • 0.004 masslogger_artifacts
    • 0.004 stealth_timeout
    • 0.004 geodo_banking_trojan
    • 0.003 api_spamming
    • 0.003 persistence_autorun
    • 0.003 NewtWire Behavior
    • 0.003 accesses_recyclebin
    • 0.003 antivm_vmware_keys
    • 0.003 predatorthethief_files
    • 0.003 qulab_files
    • 0.002 Doppelganging
    • 0.002 antiemu_wine_func
    • 0.002 betabot_behavior
    • 0.002 dynamic_function_loading
    • 0.002 exec_crash
    • 0.002 kibex_behavior
    • 0.002 antidbg_devices
    • 0.002 antivm_parallels_keys
    • 0.002 antivm_vmware_files
    • 0.002 antivm_xen_keys
    • 0.001 InjectionCreateRemoteThread
    • 0.001 InjectionProcessHollowing
    • 0.001 Unpacker
    • 0.001 antidebug_guardpages
    • 0.001 antivm_generic_disk
    • 0.001 antivm_generic_scsi
    • 0.001 antivm_generic_services
    • 0.001 antivm_vbox_libs
    • 0.001 hawkeye_behavior
    • 0.001 infostealer_browser
    • 0.001 infostealer_browser_password
    • 0.001 injection_createremotethread
    • 0.001 injection_runpe
    • 0.001 kazybot_behavior
    • 0.001 kovter_behavior
    • 0.001 malicious_dynamic_function_loading
    • 0.001 mimics_filetime
    • 0.001 network_tor
    • 0.001 reads_self
    • 0.001 shifu_behavior
    • 0.001 stealth_file
    • 0.001 tinba_behavior
    • 0.001 vawtrak_behavior
    • 0.001 virus
    • 0.001 antivm_generic_diskreg
    • 0.001 antivm_vbox_devices
    • 0.001 antivm_vpc_keys
    • 0.001 ketrican_regkeys
    • 0.001 browser_security
    • 0.001 bypass_firewall
    • 0.001 codelux_behavior
    • 0.001 disables_backups
    • 0.001 disables_browser_warn
    • 0.001 azorult_mutexes
    • 0.001 revil_mutexes
    • 0.001 limerat_regkeys
    • 0.001 rat_pcclient
    • 0.001 recon_fingerprint
    • 0.001 ursnif_behavior

    Reporting ( 5.179 seconds )

    • 4.481 BinGraph
    • 0.697 MITRE_TTPS
    • 0.001 PCAP2CERT