Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-10-18 06:33:03 2020-10-18 06:36:31 208 seconds Show Options Show Log
route = tor
2020-05-13 09:28:08,974 [root] INFO: Date set to: 20201018T06:33:02, timeout set to: 200
2020-10-18 06:33:02,078 [root] DEBUG: Starting analyzer from: C:\tmpt2nfl3rg
2020-10-18 06:33:02,078 [root] DEBUG: Storing results at: C:\npBkrIkA
2020-10-18 06:33:02,078 [root] DEBUG: Pipe server name: \\.\PIPE\RpmePKd
2020-10-18 06:33:02,078 [root] DEBUG: Python path: C:\Users\Louise\AppData\Local\Programs\Python\Python38-32
2020-10-18 06:33:02,093 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-10-18 06:33:02,093 [root] INFO: Automatically selected analysis package "exe"
2020-10-18 06:33:02,093 [root] DEBUG: Importing analysis package "exe"...
2020-10-18 06:33:02,187 [root] DEBUG: Initializing analysis package "exe"...
2020-10-18 06:33:02,640 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"...
2020-10-18 06:33:02,640 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"...
2020-10-18 06:33:03,375 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"...
2020-10-18 06:33:03,390 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"...
2020-10-18 06:33:03,656 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"...
2020-10-18 06:33:03,734 [root] DEBUG: Importing auxiliary module "modules.auxiliary.procmon"...
2020-10-18 06:33:03,796 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"...
2020-10-18 06:33:03,812 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-10-18 06:33:03,812 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-10-18 06:33:03,812 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-10-18 06:33:03,812 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-10-18 06:33:03,812 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-10-18 06:33:03,812 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-10-18 06:33:03,843 [lib.api.screenshot] DEBUG: Importing 'math'
2020-10-18 06:33:03,843 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-10-18 06:33:06,203 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-10-18 06:33:06,218 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-10-18 06:33:06,249 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-10-18 06:33:06,265 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"...
2020-10-18 06:33:06,281 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"...
2020-10-18 06:33:06,296 [root] DEBUG: Initializing auxiliary module "Browser"...
2020-10-18 06:33:06,296 [root] DEBUG: Started auxiliary module Browser
2020-10-18 06:33:06,296 [root] DEBUG: Initializing auxiliary module "Curtain"...
2020-10-18 06:33:06,328 [root] DEBUG: Started auxiliary module Curtain
2020-10-18 06:33:06,328 [root] DEBUG: Initializing auxiliary module "DigiSig"...
2020-10-18 06:33:06,328 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-10-18 06:33:11,468 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-10-18 06:33:11,484 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-10-18 06:33:11,515 [root] DEBUG: Started auxiliary module DigiSig
2020-10-18 06:33:11,515 [root] DEBUG: Initializing auxiliary module "Disguise"...
2020-10-18 06:33:11,531 [modules.auxiliary.disguise] INFO: Disguising GUID to e50f1acc-aa2a-47ca-9ff6-3928b35200cb
2020-10-18 06:33:11,531 [root] DEBUG: Started auxiliary module Disguise
2020-10-18 06:33:11,531 [root] DEBUG: Initializing auxiliary module "Human"...
2020-10-18 06:33:11,546 [root] DEBUG: Started auxiliary module Human
2020-10-18 06:33:11,546 [root] DEBUG: Initializing auxiliary module "Procmon"...
2020-10-18 06:33:11,546 [root] DEBUG: Started auxiliary module Procmon
2020-10-18 06:33:11,546 [root] DEBUG: Initializing auxiliary module "Screenshots"...
2020-10-18 06:33:11,546 [root] DEBUG: Started auxiliary module Screenshots
2020-10-18 06:33:11,546 [root] DEBUG: Initializing auxiliary module "Sysmon"...
2020-10-18 06:33:11,546 [root] DEBUG: Started auxiliary module Sysmon
2020-10-18 06:33:11,546 [root] DEBUG: Initializing auxiliary module "Usage"...
2020-10-18 06:33:11,562 [root] DEBUG: Started auxiliary module Usage
2020-10-18 06:33:11,562 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-10-18 06:33:11,562 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-10-18 06:33:11,562 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-10-18 06:33:11,562 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-10-18 06:33:12,046 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Louise\AppData\Local\Temp\Quotation 52908.exe" with arguments "" with pid 5012
2020-10-18 06:33:12,046 [lib.api.process] INFO: Monitor config for process 5012: C:\tmpt2nfl3rg\dll\5012.ini
2020-10-18 06:33:12,046 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpt2nfl3rg\dll\tJRpfGH.dll, loader C:\tmpt2nfl3rg\bin\hAPkOzX.exe
2020-10-18 06:33:12,093 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\RpmePKd.
2020-10-18 06:33:12,109 [root] DEBUG: Loader: Injecting process 5012 (thread 2836) with C:\tmpt2nfl3rg\dll\tJRpfGH.dll.
2020-10-18 06:33:12,109 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:33:12,109 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:33:12,109 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\tJRpfGH.dll.
2020-10-18 06:33:14,109 [lib.api.process] INFO: Successfully resumed process with pid 5012
2020-10-18 06:33:14,546 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:33:14,546 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:33:14,562 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 5012 at 0x73640000, image base 0x8e0000, stack from 0x3a5000-0x3b0000
2020-10-18 06:33:14,562 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\Users\Louise\AppData\Local\Temp\Quotation 52908.exe"
2020-10-18 06:33:14,609 [root] INFO: Loaded monitor into process with pid 5012
2020-10-18 06:33:14,609 [root] DEBUG: set_caller_info: Adding region at 0x002B0000 to caller regions list (advapi32::RegQueryInfoKeyW).
2020-10-18 06:33:14,609 [root] DEBUG: DumpPEsInRange: Scanning range 0x2b0000 - 0x3b0000.
2020-10-18 06:33:14,625 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x2b0000
2020-10-18 06:33:14,625 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x2b0000
2020-10-18 06:33:14,625 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x002B0000 size 0x100000.
2020-10-18 06:33:15,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\npBkrIkA\CAPE\5012_2130135174143315180102020 (size 0x854)
2020-10-18 06:33:15,312 [root] DEBUG: DumpRegion: Dumped region at 0x003AF000, size 0x1000.
2020-10-18 06:33:15,312 [root] DEBUG: set_caller_info: Adding region at 0x02180000 to caller regions list (advapi32::RegOpenKeyExW).
2020-10-18 06:33:15,328 [root] DEBUG: DumpPEsInRange: Scanning range 0x2180000 - 0x2580000.
2020-10-18 06:33:15,328 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x21c5fc1
2020-10-18 06:33:15,328 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x2180000
2020-10-18 06:33:15,328 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x02180000 size 0x400000.
2020-10-18 06:33:15,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\npBkrIkA\CAPE\5012_950518016153315180102020 (size 0x1a41)
2020-10-18 06:33:15,375 [root] DEBUG: DumpRegion: Dumped region at 0x0253D000, size 0x10000.
2020-10-18 06:33:15,375 [root] DEBUG: set_caller_info: Adding region at 0x00120000 to caller regions list (advapi32::RegOpenKeyExW).
2020-10-18 06:33:15,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x120000 - 0x1a0000.
2020-10-18 06:33:15,375 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x136fc1
2020-10-18 06:33:15,375 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x1a0000
2020-10-18 06:33:15,375 [root] DEBUG: DumpMemory: Nothing to dump at 0x00120000!
2020-10-18 06:33:15,375 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00120000 size 0x80000.
2020-10-18 06:33:15,421 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\npBkrIkA\CAPE\5012_1170836054153315180102020 (size 0x6ffb)
2020-10-18 06:33:15,421 [root] DEBUG: DumpRegion: Dumped region at 0x00130000, size 0x7000.
2020-10-18 06:33:15,421 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xd4 and local view 0x73720000 to global list.
2020-10-18 06:33:15,421 [root] DEBUG: DLL loaded at 0x73720000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7d000 bytes).
2020-10-18 06:33:15,437 [root] DEBUG: DLL unloaded from 0x754B0000.
2020-10-18 06:33:15,453 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe4 and local view 0x00610000 to global list.
2020-10-18 06:33:15,453 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe0 and local view 0x00610000 to global list.
2020-10-18 06:33:15,453 [root] DEBUG: DLL loaded at 0x73D80000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-10-18 06:33:15,468 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x72DA0000 for section view with handle 0xe4.
2020-10-18 06:33:15,468 [root] DEBUG: DLL loaded at 0x72DA0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr (0x6ef000 bytes).
2020-10-18 06:33:15,468 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x73AA0000 for section view with handle 0xe4.
2020-10-18 06:33:15,468 [root] DEBUG: DLL loaded at 0x73AA0000: C:\Windows\system32\MSVCR120_CLR0400 (0xf5000 bytes).
2020-10-18 06:33:16,093 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x108 and local view 0x000E0000 to global list.
2020-10-18 06:33:16,109 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x10c and local view 0x000F0000 to global list.
2020-10-18 06:33:16,140 [root] INFO: Disabling sleep skipping.
2020-10-18 06:33:16,249 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1c4 and local view 0x06050000 to global list.
2020-10-18 06:33:17,140 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x208 and local view 0x70640000 to global list.
2020-10-18 06:33:17,171 [root] DEBUG: DLL loaded at 0x70640000: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni (0x1393000 bytes).
2020-10-18 06:33:18,031 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x21c and local view 0x737B0000 to global list.
2020-10-18 06:33:18,062 [root] DEBUG: DLL loaded at 0x737B0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit (0x80000 bytes).
2020-10-18 06:33:18,203 [root] DEBUG: set_caller_info: Adding region at 0x003B0000 to caller regions list (ntdll::NtQueryPerformanceCounter).
2020-10-18 06:33:18,203 [root] DEBUG: DumpPEsInRange: Scanning range 0x3b0000 - 0x3c0000.
2020-10-18 06:33:18,218 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x3b0fc1
2020-10-18 06:33:18,218 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x3c0000
2020-10-18 06:33:18,218 [root] DEBUG: DumpMemory: Nothing to dump at 0x003B0000!
2020-10-18 06:33:18,249 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\npBkrIkA\CAPE\5012_1013652014383315180102020 (size 0x46a)
2020-10-18 06:33:18,249 [root] DEBUG: DumpRegion: Dumped region at 0x003B0000, size 0x1000.
2020-10-18 06:33:18,421 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x22c and local view 0x6F7A0000 to global list.
2020-10-18 06:33:18,437 [root] DEBUG: DLL loaded at 0x6F7A0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni (0xa10000 bytes).
2020-10-18 06:33:19,375 [root] DEBUG: DLL unloaded from 0x008E0000.
2020-10-18 06:33:19,421 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x264 and local view 0x6EFC0000 to global list.
2020-10-18 06:33:19,453 [root] DEBUG: DLL loaded at 0x6EFC0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni (0x7e0000 bytes).
2020-10-18 06:33:19,515 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x270 and local view 0x70460000 to global list.
2020-10-18 06:33:19,515 [root] DEBUG: DLL loaded at 0x70460000: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni (0x1d1000 bytes).
2020-10-18 06:33:19,578 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x268 and local view 0x03D00000 to global list.
2020-10-18 06:33:19,718 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x27c and local view 0x734A0000 to global list.
2020-10-18 06:33:19,734 [root] DEBUG: DLL loaded at 0x734A0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni (0x194000 bytes).
2020-10-18 06:33:19,796 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6E2A0000 for section view with handle 0x27c.
2020-10-18 06:33:19,812 [root] DEBUG: DLL loaded at 0x6E2A0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni (0xd1d000 bytes).
2020-10-18 06:33:19,812 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 5012
2020-10-18 06:33:19,812 [root] DEBUG: GetHookCallerBase: thread 4020 (handle 0x0), return address 0x003B167C, allocation base 0x003B0000.
2020-10-18 06:33:19,812 [root] DEBUG: LooksLikeSectionBoundary: Exception occured reading around suspected boundary at 0x008E2000
2020-10-18 06:33:19,812 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-10-18 06:33:19,812 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x008E0000.
2020-10-18 06:33:19,812 [root] DEBUG: DumpPE: Empty or inaccessible last section, file image seems incomplete (from 0x009DE800 to 0x009DEA00).
2020-10-18 06:33:19,859 [root] DEBUG: DumpPE: Error: Cannot dump PE file from memory.
2020-10-18 06:33:19,859 [root] DEBUG: DumpImageInCurrentProcess: Failed to dump 'raw' PE image from 0x008E0000, dumping memory region.
2020-10-18 06:33:19,859 [root] DEBUG: DLL unloaded from 0x75770000.
2020-10-18 06:33:19,875 [root] DEBUG: DLL unloaded from 0x72DA0000.
2020-10-18 06:33:19,875 [root] DEBUG: DLL unloaded from 0x73720000.
2020-10-18 06:33:19,875 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 5012
2020-10-18 06:33:19,875 [root] DEBUG: GetHookCallerBase: thread 4020 (handle 0x0), return address 0x003B167C, allocation base 0x003B0000.
2020-10-18 06:33:19,875 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x008E0000.
2020-10-18 06:33:19,875 [root] DEBUG: LooksLikeSectionBoundary: Exception occured reading around suspected boundary at 0x008E2000
2020-10-18 06:33:19,875 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-10-18 06:33:19,890 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x008E0000.
2020-10-18 06:33:19,921 [root] DEBUG: DumpPE: Error: Cannot dump PE file from memory.
2020-10-18 06:33:19,937 [root] DEBUG: DumpImageInCurrentProcess: Failed to dump 'raw' PE image from 0x008E0000, dumping memory region.
2020-10-18 06:33:19,937 [root] INFO: Process with pid 5012 has terminated
2020-10-18 06:33:25,312 [root] INFO: Process list is empty, terminating analysis.
2020-10-18 06:33:26,312 [root] INFO: Created shutdown mutex.
2020-10-18 06:33:27,312 [root] INFO: Shutting down package.
2020-10-18 06:33:27,328 [root] INFO: Stopping auxiliary modules.
2020-10-18 06:33:27,640 [lib.common.results] WARNING: File C:\npBkrIkA\bin\procmon.xml doesn't exist anymore
2020-10-18 06:33:27,640 [root] INFO: Finishing auxiliary modules.
2020-10-18 06:33:27,640 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-10-18 06:33:27,640 [root] WARNING: Folder at path "C:\npBkrIkA\debugger" does not exist, skip.
2020-10-18 06:33:27,640 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7x64_2 win7x64_6 KVM 2020-10-18 06:33:04 2020-10-18 06:36:31

File Details

File Name Quotation 52908.exe
File Size 1042944 bytes
File Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
PE timestamp 2020-10-18 05:31:43
MD5 9f8a60d211c762bb6af8f4441a33c0ad
SHA1 75feba369cef93187874c2ad85862c6140a6ff8e
SHA256 23bf6df40f89cc44f1d0d99c6419f8f239531b80d16097f5b1ef6aa49b9d8b47
SHA512 5a8244e331cd9c44734e0d0caa88cb51e14d68faa20bfd86bfc3daef411fe7f6abecbd5140ecf5db9ca2683e12b6db98c18513061a4cd09a15e64ac1960ddb5a
CRC32 AAB40213
Ssdeep 12288:Dn0f++XzW/8iaWCPMyd4FZA2Zr2Pu9p7Pd/WAjs61COQiycF782cSlZdVZ3fLhOx:Dn0WtdLCPMyduPZvpBV418A2cS8H
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: clr.dll/SetRuntimeInfo
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: clr.dll/_CorExeMain
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: MSCOREE.DLL/CreateConfigStream
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
DynamicLoader: KERNEL32.dll/RaiseException
DynamicLoader: MSCOREE.DLL/
DynamicLoader: mscoreei.dll/
DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
DynamicLoader: ntdll.dll/NtSetSystemInformation
DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/SortGetHandle
DynamicLoader: KERNEL32.dll/SortCloseHandle
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: clrjit.dll/sxsJitStartup
DynamicLoader: clrjit.dll/jitStartup
DynamicLoader: clrjit.dll/getJit
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
DynamicLoader: KERNEL32.dll/GetCurrentProcessId
DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: KERNEL32.dll/OpenProcess
DynamicLoader: KERNEL32.dll/OpenProcessW
DynamicLoader: KERNEL32.dll/GetExitCodeProcess
DynamicLoader: KERNEL32.dll/GetExitCodeProcessW
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: PSAPI.DLL/EnumProcesses
DynamicLoader: PSAPI.DLL/EnumProcessesW
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/LocaleNameToLCID
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/LCIDToLocaleName
DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/IsDebuggerPresent
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/OutputDebugString
DynamicLoader: KERNEL32.dll/OutputDebugStringW
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/RaiseFailFastException
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetThreadErrorMode
DynamicLoader: KERNEL32.dll/SetThreadErrorMode
DynamicLoader: ADVAPI32.dll/EventUnregister
CAPE extracted potentially suspicious content
Quotation 52908.exe: Unpacked Shellcode
Quotation 52908.exe: Unpacked Shellcode
Quotation 52908.exe: Unpacked Shellcode
Quotation 52908.exe: Unpacked Shellcode
The binary likely contains encrypted or compressed data.
section: name: .text, entropy: 6.95, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x000fe000, virtual_size: 0x000fde14
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Louise\AppData\Local\Temp\Quotation 52908.exe
Network activity detected but not expressed in API logs
Created network traffic indicative of malicious activity
signature: ET JA3 Hash - Possible Malware - Various Eitest

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 13.107.42.23 [VT] United States

DNS

No domains contacted.


Summary

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Louise\AppData\Local\Temp\Quotation 52908.exe.config
C:\Users\Louise\AppData\Local\Temp\Quotation 52908.exe
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-2.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\System32\api-ms-win-core-quirks-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Users
C:\Users\Louise
C:\Users\Louise\AppData
C:\Users\Louise\AppData\Local
C:\Users\Louise\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\phlS\*
C:\Users\Louise\AppData\Local\Temp\Quotation 52908.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol214.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Users\Louise\AppData\Local\Temp\ntdll.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\VERSION.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Louise\AppData\Local\Temp\Quotation 52908.exe.config
C:\Users\Louise\AppData\Local\Temp\Quotation 52908.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol214.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quotation 52908.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.SetDefaultDllDirectories
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
advapi32.dll.EventRegister
advapi32.dll.EventSetInformation
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationW
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.AddDllDirectory
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.GetCurrentProcessId
kernel32.dll.CloseHandle
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
kernel32.dll.GetExitCodeProcess
ntdll.dll.NtQueryInformationProcess
psapi.dll.EnumProcesses
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
kernel32.dll.IsDebuggerPresent
kernel32.dll.OutputDebugStringW
kernel32.dll.RaiseFailFastException
kernel32.dll.GetThreadErrorMode
kernel32.dll.SetThreadErrorMode
advapi32.dll.EventUnregister

BinGraph Download graph

2020-10-18T06:36:41.932531 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash
0x00400000 0x004ffe0e 0x00000000 0x00103bfd 4.0 2020-10-18 05:31:43 f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000200 0x00002000 0x000fde14 0x000fe000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.95
.rsrc 0x000fe200 0x00100000 0x00000598 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.05
.reloc 0x000fe800 0x00102000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

Resources

Name Offset Size Language Sub-language Entropy File type
RT_VERSION 0x001000a0 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL 3.27 None
RT_MANIFEST 0x001003ac 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL 5.00 None

Imports


!This program cannot be run in DOS mode.
.text
`.rsrc
@.reloc
S2Wea%
5<a8_
D,9]%+
Z 5}!
,: hH
^DZ !l+3a+
3:ha%
wZ v$
3:ha%
FrZ q
JZ :i
[,Z R
}vA6%&
Xq"UZ
$Z i"
,W <?M]
MRua%
IgT e
gh^a+
,A ^~
M;m%&+
Z .8K
{pZ z'
9eZ E4Y}a+
,= 7J
,A @:
GW*Z R
9aO%&+
,[ DDU
g3qa+
Z >3#Wa+
4~>Z 2
?;}a+
Z r8DTa8\
EvN%+
?FZa84
aZ iN2
0 fJQ|a%
Z 1q,
,:IZ 7
JZ NV
Z ^x'
!Z OqAja8
IZ &7J
Z _D_la83
ro,Z
Gqw6Z
6Z &-s/a8t
;Z LM
<knZ
s'[Z
iZ jU
LZ #(
;zyZ q
jzZ w
?lZ E
uIZ {
Z 4NF
sZ g8-
0ma8s
AEa8U
N3a8N
mEMKZ
Y<^5Z
Z Vo)
Z 7X}3a8
{tW%+
5Za8:
Tpa8z
e7`Z
mKa8\
#"Z vc
-{a82
zQg%&
q"a8u
5*+(%+
Jca8O
&e4Z 6Z?
fl|x88
SZ wS
`1'a+
{Wa/ -
Z {Sq/a8
n{ia8
OQ_Z
<?4Z s
I5a8j
&Z e=
Z |nI
.UYa8
V~EZ *
Z qtT^a8
dIa8k
9{-BZ
)}{<Z
VLZ ^
Q]a8c
72_a8
n\HZ !4L
&Z R~
PZa8|
u0a8J
bw^Z
S|AZ V
~n4 $
lP_Za+
Z F:T
98A8>
YkZ mCT
!{C%&
Z "*w
<qa81
n-BmZ
(_? 3oiKa%
FTca8
l6Z a
GZ Xws
%Z q$
Z 0w1
1 a8j
Z $[^
./hZ
];5Z )|
yTZ oQXKa8
vZ /_
C_Fa8
luua8
(sa8V
pP#a8)
Z B-z0a8
)Ni\Z
ZZ tS
|qa8*
9Z q^KTa8
,+<6Z
`1Z ]X
Z @ra
d<Z Zq
5 Pa8O
~EZ C
4JZ hf
~#MZ
+ :a8W
tdesZ
B0"a8
\?Z 9
Rcia8}
-5Ja8M
j(a88
r'+}Z
*Z wb
Z Jav
M-a8a
YJZa+
h>a8L
-O|%+
?Za8d
;Za8y
a+>a%
?Za8{
=Za8O
`Z |Vo(a8
e{Z E
Z ^_Q
iBZ 2%
YKOZ tWW
nY}Z
Z Px<
xna8U
{Z nA
GZ U&%
eS(jZ JG
\Z Y74
huZ O
?uZ 'f
PZ S"
4(=a8
Z IK3
z5Z ;
-ya8N
Z .~a
eiFa8/
!4,Z
Z ;dc=a87
,J PV$
!5C+Z
wZ ^w
/VZ ~G
a+TZ
CIZ f!
IZ "u,
_Z $O
aQZ 4
S"D[Z :
W8}UZ K
g\)Z :Bg6a8q
P3Z
w;a8V
..-Z
]eLa8,
pO_pZ q
Z kvc
/dpIZ t
7Z s0
Z 1y:Pa8
o9{nZ
uEa8"
v2Z Z
Z >1A
Z skXta8
!:Ta8
4fbZ w
n0TZ P
_~nZ U&^
;}&a8
xos8Za+
+va81
%nca8y
?Za8Z
>1+Za8;
/0ra%
LZ Kjpka+
kpZa+
fHa8O
`pva+
k6B%+
UPa84
fEJ^Z
tMZa+
1HTa8c
zia84
AkZ 7|
y,tCa%
'YBZ Gz
Z =27
O|Za8n
}kZ H
Z yx*aa8
d}a8V
Z %;b
w/gZ s>
@ta8q
ila8K
RDRZ S
u^YZ H9
Y,Z cC
Z %7h
u[w%a%
`Z c'
Iy?y+
97rP+
GZ 5,
:VZ f
)Aa8?
~7XE
<\Z -It
{sZa8c
A:ca+
V-Qa8Z
sieZ F
RQ<a8
%K>Z
Z PS-
@PZ h
J6gZ
Z bmUXa8
?334Z
1vla8
Z jOd
BqZ DE-
Z O73
I^Z E
_";EZ ^
IZ +
M0vZ
uiCZ d.z
=+a8f
xIZ 2
'qoZ
}Z 3
w_a8w
6`Z E^~
7Na8L
2lqa+
mb ha%
Z ;jo
#DD_Z
Z /H5
3Za8H
U}Z M
*OZ S
5La8F
Dd}$Za8
Z 8Hr
CB+Z%+
[b a8
cZa82
_WDZ ]
F27kZ
<Z IP
VJa8R
F<Z Y
qZ T"H
LZ o
(ueZ R [
lqGZ ,Y
b?Z >Yk
PiBZ
DZ uM
ACaa8
lZ #S
GKZ V
k,_LZa8#
U^a86
X,I>Z
DDZ U
9~Z [2
x9Z {
vSZ R
Z .Bna+
X03%&
)kZa+
VhK%+
c!-%+
-`Z ]
Z slT;a+
gPsZ
f0Xa+
/pa8
~Z }&
*Zoa+
Z Z3L
:FZ j
^{Za8
#-]%&
Q*Za8
c~Z 7
:Z ,)
Z #m}
xZ _WC
;gfa8
LZ cAs
Z w$1
aVWZa8
DZ QC
/Za8[
]exa8H
QZa8P
%rZ T
KkVa8
j[la+
nZ }s*+a88
12Z I
"rxa8
za?PZ
PZ UD
Z q|Q
n<' >
bY*a+
8A %&
rxc%&
Kt%+
-&Za+
zV"a%
HD!Za+
kX,a+
U)8Z {H
Z Bgp
A1Ja+
Z +zr
VOa8B
.<Z /
eZ .\
5=Za+
~bzZ
7rRZa8J
uJ,RZ ?
jo3%&
sZ fKA
@`|a+
.GZ x
}<{Z Rx"2a8
[@Ia8p
eka8!
=HCa8
cY4a8l
;o`a8
74KZ
woLZa8
4.Z p]
L<Za+
8qHZ
aba88
yZa84
:&,Z
ONa89
~VZa+
m10Za+
kUZ. ?
^LNa%
,]%a+
B9 _8
Z `.Y&a+
F&a8J
n&a87
>Z DI
I<Za+
%r4%+
nZa8&
.UZa8<
a0a8)
[]Z%+
Z a'K6a8
!Noa8
UcZFZ
$4TZ
<Ba8$
Z F"[wa8p
,W!%+
&zja8
Z K_
KYa8{
p0Z E
FZ FTX/a8Y
To.QZ
B#a8%
A?BZ 1(
oZ 1:
0pSZ
dl(a%
'3-<%+
]K%&+
UHFZ
iv/Z ~_
(>a8M
@Z d)
Z *+P]a8
c9cZ E
/Z C'
-FXh8M
#XJ%&
2Za8t
4JZa+
gxZ ^
!(ia%
e%^Z >
sZ u)
u7}a8u
~98Z
!(ia%
[Dg+%+
1%&81
JVZ c
Wb%&84
wZya8
!(ia%
:5*Za+
xWa8J
w#Za8"
!(ia%
C;Z X
]7?Z
,Z e0
H*~a%
Z qK
^2:Z +Q
}S%a%
A{<Za+
sZ~Z
!1kZ
Z v`e~a+
Rd${Z
Z Vz1fa8c
ghza8"
Z *t,
>MJ8%
!a3a+
fZ d}
]Z )F^wa8v
EZa8M
#Za8#
&~za8B
`FWYZ I
qHJZ >
2[4Z
pi_a8
)Z @f
Z Nc=
=>{Z
%Z ^M-
bZ xL
wpa8G
vOa8(
00I,Z w
yW)%&
vZ T5
7xqa+
hv1D
+{Z e
pVaa%
|Z p.
Z \#@
IF,a+
#Z e
KOFZ
<9C=Z
qZ 'H
9WfZ -
Z lR;
Y 6g[
Cy_Z )bB
_Za83
'z2a8
H<qa8
(Z B
QZMZ
-7*Z &
'mZa+
8=t<Z
LVma%
Z {&Q
w+,a8
KZ 6x
AZ ^f
9Z h!F
PZ {;
9bZ H
6Ta84
)vZZa+
jgtrZ
49#Z ,
SgMa%
;6l%+
x0Z a
C.XH%&
sW2Z
!%'%+
i(Za+
k#yZ j?WMa+
1Z 6g
zdZ F
FPZ <
N\a84
Y~bZ
Hf&Z
I=8a8
\Z &d
'Z q0,
[RExZ *
m"tZ
Wm-\%&
"Z aW
~(@a8
lLLZ
KSa8]
Mc.Z p
|$%&8
Z $]e}a8
8hla8H
[Za8t
h=a8J
.mKa%
Z 6=8
$:Z [l
Z 3(<
o>za89
iZ 8Y
;!Z g
`Z YS
/6wZ
jZ H}
zmZa8
A^Za8
4}a8j
$KZ c
4Za8V
;?Ha8
thva+
,sZ ?
W7IZ \
"fya8
Z 5F Ka+
,b eR
VFa8p
sZ Wv
=!Z @F
aZa84
ACla8
-m&%+
Z'%&8
Y=g{Z
Z 8\"
jIPLZ 05WZa8
$HZa8}
\!ia8=
JZa8d
JyZ
8`2Z
Z bNG
,Z YY
0#na8
bZa8x
1I8Z u\
sg$a8Y
Z j-*
ri7/
n\WZ
)Z "K
Z lca
{$yMZ }dR
n?X*Z
tBZa88
,Q ~A4
7$N<Z
fZa8o
HZ J.
3|Q u
RZa8y
Z tu\ba8
a?Za8
+6Z w
dVFa8
\`Y|8Q
erYa8
Q_Za8N
WB5Z ic=wa8
bE!a8~
'H`Z RN
wWq=Z
'-a8f
Z B 4la8y
DP7Z XM
>Z t\
Z iM;da8
\Za8B
EK(a+
Qb(Z N
j-Z \F9ra8
JhLZ
*LOZ ,_f$a8#
i3Z 1
cbZ 9
*'%&8
ek;Za8
&+\a8
@Z ht
CQa8_
xO-a8
ptZa8
MaZ b
&Za8?
~Q"%&
Z fe#
k1a8v
0CZZ
imQa+
y~Za8
4[t%Z
Z >-I|a8
vZ 9;
U<Wa8
B}wa8
MO]"Z 1
o8Xa8
0+[a8y
dZa81
-E CZ F
c^ta88
iZ jCq
K1Z W
V;tZ N
yZ fN
)PZa+
m%t%&
YF[Z
b]`a83
@7Z .
w,m"Z
)KZa8
BZa8*
Z .$7 a8k
WOz|Z
~m}%+
xt%&8a
9Z 2,)Ha8/
M?Z n9^
Aaaa8d
EZ $t
Z 0)M
Z *)l
y2>Za+
;\RZ
nZ Mj
2.Z T
;XZ E
CdZ ]
SZ N:
KRTa8Y
e4SZ%+
WLn%&
LZa8Y
%20Z
,7Za8
G%ua8
mZ t%
Z l9:
G"J8O
aUoa8
m1Z 1
Z T?[
C%&8$
=LZ xi:
VZ ?4u)a+
R1h+a%
%Z J
iNIa+
wjNZ
9CPa8[
#;Z X
,%;!Z ]YL
,&a8Y
&7ypZ
JEPZ
rZ 'n
eXZa8
HtwZ
Z TAL
,,.Za8
8Fa87
Ea_E%+
6Z Ly
DmqTZ
3Za8"
C$RZ
&Ua8s
W3n7%+
b0Z @
Z \`zla8k
Z1.W%+
3O[Za8
G>6sZ l
CD8a%
2Ka8v
AbENZ
Z w[K
\FO%+
MUnZ }l
t$hZ n
= w$8
Z 4jDFa8=
fPZ z
= $~V
@Bnz%+
"(a8x
= Ghm
mlHZ
UH:a8+
+8Z D5S\a8
= c)}eZ
Z NJN*a8
Y:#a8(
jdia8
= f6qXZ
ns>Za8
,Za8]
{`Za8
b`a85
Y~(Z
E"Aa8
}$YZ
Y6Z e
z3Ha8+
= [sX\Z
{[a8~
m!Z =
= 9x9BZa8
uZa8l
1IZ I_j
(1Z s
M3Z
Z EhuCa8
e3~a8
|YZ DX
= 3:,
Dna85
RCa8!
[^Za8|
Z j-
6cZ B
,n ,r
2'GZZa8>
%La8$
Z j2
rhZ }
eqa8+
>{a8<
wmCa8
,dZ n
d[ JJ
nZ }$03a8e
hTp#Z 1
L3a8H
)R]Z
JZ l{
,!8Z nI
56fkZ
QVtZ 4
vZ p{M
-ltzZ
}Z 8+
dVa8C
Uha86
?r3a8
~#U%+
G;Za8c
Z C`v
n-]a8E
prIZ
*3A5
zZ r
VWZ g9
3Z .6
<^a8w
CZ Jw
0|a8$
Z qfWGa8
Z 6RZ1a8W
1ZZ Ovg
Z NlB-a8.
gs{Z
n}8Z *b
|Z _(
y[NZ EBX
oWe)Z #)
DZ 1f
mZ i#
Z +LM
}b$Z
29a8^
&Z 07Q
_FIa8
uua8]
tZ ?Q
2,Ha8
Z `B(
Z -ZNDa8
C&Ta8c
Z Mo>
5Z +v
zs"Z NNv
;gZ FW
#{a8s
Bwa8!
qE6a8
_Z 0
)7*a8
,/Z w)
\K[`Z
7v*.Z |
,ea8k
Z cy`
UZa8v
{aa8+
$+B0Za8z
yZa8[
^.Z i1J
BZa84
JZa8J
a%Za+
s(Za+
c-!8l
%Za8M
-t.Z #
@DH[Z BYd
vvZ jxp]a+
cKa8x
-Y9Z 2
%1Z *F(|a+
Z /i/
L+`a+
bZ !~
>Z UE
CZ "M
+Z _O
Z TK+
L[xa8=
Z l$=
Z /IA$a86
Z Uf+
=|pa8
aw=hZ "
j{a8P
1QZ +"
Z x""Ca8~
]y1a8C
!;Z '
gk3a8
Dsa8N
+4PZ l
v4\lZ
o2))Z su
(1ia8
IZa8r
AHa8F
Z vN4_a8
($Z j
;>a8>
Z 3&~
FZ L9
NZ jwe;a8
cx?%+
Z ~U1
O~O%+
,} O
pZ EZqfa+
4y5%+
0G4Za+
"7Za+
R[i%&
CgJa%
!csZ
U#Za8
NZa8m
M5ixZa+
>Ra8a
^K#Z
x>^a+
T"Za+
\n,a8`
Z svdfa8|
tT4FZ 7
A pZ r
5q|Z
P.Z .
6!,a8
eSKOZ
Z bQ"ba8$
Z $0l
4'Z n
+5P1Z
:)f"Z h
~q`a8
P7Z L
nqa8z
1_dZ
qoC%&
tUZa+
~m[a8
ja8R
Z )=yva8!
?u" Cs
L 7QbIa%
VM%&+
l{#!Z
#1Z *
OLVZ
Z C;Nla8
u$AZ L
4ga8X
15Ea8
Z ?^gsa8
J-la8|
bNZ H
n w{Z
H{Z *
h$a8%
eL#.Z g;
9Z 3w
]Z P-
z7Qa8F
/;a8O
b8gZ
KRNZ
3Sa8g
%/1-Z
] ~a8k
Z IY>
VG2a8
+TZ 2
(aa8-
]|"a8
~{GO%&
R'Z 0
E))%+
]\dKZa8m
i-a8T
hZa8J
w#Z i=
,Z x6&/a+
a_Z gyD
c^JZ C'%
=*+Z
=sha+
0Z 5w
Z ?Q"
Z VjE
d(Va8Y
1Z Jfo
ACZ AQ
L8Z cs
>7 mc
{ZTa%
-Z Z=
2!ya8
Z /F}
wZ NYR
*dZ J<i
Z kqt
vsa8x
>Z 6W
pWa8S
pU_Z
UZ WA
7Z '`+
Z xNP
Z [`X
T-La8
MQ7Z
,{Z C
d7 Z
7}^a8b
*GZa8c
0Z Gl
.J a+
Z<yZ
2)pa+
x8(a8
7yOa8^
T!a84
Z dLpDa8
$ixa8>
c%+0Z
8iGa8~
~Ba8k
|!l}Z
CZ m|*
"2}bZ
Z 5J2
^{3a8
Z %n0ka8o
ZU3Z ?t
xZ 8>
;mZ %w
[Z 9m
LI^Z
6Z nV
Uca81
Z N"#
'"Z zTf(a8
xz%a8}
]VZ 9~
.mCBZ
JNZa8
q]a8{
!Za8|
[GZ z6
'#Z j;
LZ II
&Z I/(3a+
Z VWj
K>Za8c
Fk2"Z
'Z _b
6<9a8/
!Z VW
TnZ*Z
H3rZ
:*Z =
p,a8&
DgdHZ
$5!a8
JUa8f
~Ma84
-mZ M
%x5vZ
>>3|Z
dTZ e
?%Z {
CZ1cZ p
3jia8n
w reZ
u8rZ
rU;!Z
Z YoW?a8
gZ b?]
0LgZ W
z5a8w
Z $+;
8Z EY
uRZ F
mZ >?
QZZ +
?+s'
4r7%+
@kZa+
OWZa+
cZa84
NY6a+
LZa8z
FlZ 4
7/Z dN
)'a8/
IZ px*Na8
;Z ic
6+a8~
;Z n^
JZ },
RZ r}
% Z W
Z ZWa\a8I
)szZ
#RZ Z
MiZ ;
gfcZ
<^_a8
2)Z &
Z jWaoa8z
h_Z -
;<XZ 2
VZ R<
[pa8X
+glZ
Z .3W
Nua8
F)REZ
Z tPu
Z $}"
FRa8^
,n&'Z B
KZKZ
?ua8l
Q^a8#
IpZ r
.Z r)S
=9ipZ k
iW+$Z
,=Z 7
6Z ~q
7xjZZ
Z J`w"a8U
4+Za+
1`Za8c
}2%&
H&q<%&
7o?$Z H
`!qgZ
+F nYN,a%
fjpa8]
Z #@=.a+
A6la%
uZ ^~r
ihH_Z *
<9a8U
?AZ !
ASZ *
GDa8y
![Va+
{wa8s
N7Z X
Z q?\
EbZ X
*ca8-
-jaaZa+
kJ^Z
69-a+
rRQn
5*\Z
bUJa8
>2Z y
Z eWG
H`a8Y
Z fIc
Tp`Z
Z q(.pa8x
*>Z G
q`?Z '
E-Z K~
LCWa8P
ngZ k
i Z `7
NZ }f
kFa8X
_h?xZ
~'Z nG
Z Nl8
Z x:8
Jx?Z 5$s%a8
UcPa8
La8*
Z $y-
JZ %"y
.Z e/_9a8
2q#a8
9>nDZ
~~z2Z I
;Z rk
pXZ d
EpYZ r
$ 9Z
`%Aa8
z,2Z
^.ia8
w5ANZ q
fYa8`
d2a8:
Z #wE
Z NVQ,a8
Z >#*@a8
lb\Z P
Z ONJ
|Z Cz
**BZ
v<&Z K
8Z KL
3Pa8c
Z |I8
6HZ +
Z x}R
SGa8A
cua8.
Wj(6Z TVRda8D
Z ,JbAa8
RMa8>
:uZ <7
'=Ka8U
6Z \J
=,Z f\
F08a8r
FuSZ q
4Za8z
B(M8i
tZa81
EJ{%&
CZa8T
BD(Z
;w}3%&
ZZa84
:rS%+
!;~Z 5
4zZ 3
i`a86
,;a8B
Z ]/@
sKZ l
3eZ y!
E{Z Q#
!F`a8
&U7a8
?Z v
H8LZ
Z )_P0a8`
VwZiZ ~U
/J:vZ
Z wMp>a8-
Z 2<%Ga8
h!|a8
Z 4uq>a8J
,La8i
K'DZ D
3"0Z
;LsUZ
=|Z ]!l
)0a8n
tZ Eb0
T5a8t
3mda8
7Z UF
.% @A
Rc:p%&
}Z yqB
%@Z l
Z W!H
4Z YU3
Z G4U
YZa8c
`@Fa+
+j0j (n
& ZILe @
Z xX1
00J;Z j(
vZ lN
{ OB.Ma%
JZ 4l
KVZ `
}Z Jn.
#Da88
I|a8'
2<:Z
?]Ta8c
SwG 5
TODZ
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
width
height
DDDDD
DDDDDDDDDDDDDDDDDDD3333
DDDDDDDDDDDDDD
DGwww?
wwwwwwwwwwwtD
DDDDDD
DDDDDDDDDDDDDDDDD
DDDDDD
DDDDD
wwwxw
wwwwxw
wwwwwxw
wwwwwxw
wwwwwxw
wwwwwx
wwwww
wwwwww
wwwww
DDDDD
DDDDDDD
DDDDDD
DDDDDD
pDDDDDD
DDDDD
pDDDDD
DDDDH
DDDDD
DDDDDH
DDDDDD
DDDDDDH
DDDDDDD
DDDDDDDD
DDDDDDDDD
DDDDDDDDDH
DDDDDDDD
wwwwwwww
wwwxx
xwwwxx
xwwwx
prtustq
wjklxv
mfnzey
|good{
YYXYXXXXYXXYYXYWS
Y[TT[ZYYYYYYYYYYY
(FE871-,,,./45;6
>LLLLLLLLLLLLLKI$
HMMMMMMMMMMMMMMM
NNNNNNNNNNNNNNNN
%UUUUUUUUUUUUUUU?
0VVVVVVVVVVVVVVV0
BOOOOOOOOOOOOOOO&
PPPPPPPPPPPPPPPP
'QQQQQQQQQQQQQQQ<
:RRRRRRRRRRRRRRR)
***+999=R
UVVYXW
IKMLJR
QGFONS
===;;==><
@?>=======
y`cfi
\`cfil
[\`cfilo
\`cfil
usuy|hp
losuy~sfohiju
xlosuy~{d
~nklp
losuy~
vsuy~
cdefghir
uy~yr
~acdefghijklt
zfghijkl
"iqz|z
-1/,*)'&(+%
0444444432-
5555555555#
8888888888
$6666666666
.777777777.
9999999999!
::::::::::
szzzs
dooo*++-,uooooowwwww"$%#)wwwwwu_
'&!(.
wo___qU2Q
;Jg__
HT429ScxugM8L
O01?ap`QWbehi
V?Y^GTfnlZJ
qW>???=DK\h k
RBIUXD357>y
LK6QNRPLr
:~/I/
888`777
9990999
===p===
@@@@???
BBB AAA
BBB0BBB
ZZZPccc
]]] ^^^
fffPfff
<<<@;;;
>>> ===
___`www
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD-
*X*\m*XA*m*
*X*Hm*X
FY**B
&+X*.l*X
+m*"+*m
&o*X+(m*
**miX**s*X*
m*X\*m*
+m*x+*m>Y**
+m*y+*m:Y**
*X*@m*XH*m*
**mQX**
M+*m/Y**
>*miL**
*Xq:m*
'X**`*X
&m*{&*mpS**
"m*\"*m
_**<,X*
-}LH-%+
12!DXb
`{saz
-d(`*
Ilj*Gd
4XEa$*Y
X(~=+
eQ2*Q
UXn[6
hP*&5
3hTBcf
~-Y%#
V.%|33
~-Y%#
V.%|33
oMLKc
>wTv]3(C
]to1~
dTea$`
7Cl>z
sO+ulAUNl
Lxa}8
`>}pGS
Fs /+
ku>-f
2-U1g
TWUyY
TI(`m-
-p4([x
E&;('*_
3CY1eG
_&!(']
m57WGqerq;
56SGq
g56qGpRrq
GqCrp,5q
k56qGpR
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^\
66=>_
CB=ZY
,<v{Kp
p<0Q"M
]|4bsI
A]w]="
R.~6,
5Usw|
g?Mpw
'p dLE*
-YAokq[
kf_1/
9KURG
7\ez^
`juD$9
f,3f.zu
/I|]o
y/w&g
(Fd#F
kWv|f?
TI$>)
j1ExO
K4g%<
RQhyn
+ikPp
MnL<'
p`+01
D^5WM
n|~Y8
[&Qeo
yuW)-
_!jQ^
)J/v^
5iC",
Z ws,
o>ogM
|v33n
z]Pvc
;#$j
\D( ]
T"VEy
avw-5
5(Y~H
pqf9]
,7{<{
(C.?S
U7y^vh<j$
gbRB}T
`9|b/
;?BM'
Z?Gbe"
-7)3"cU
6Nk9a
O+u1[
n;;Kt
>N~qG
GX?a^Z
/.h]X
_xR2#i
Z{lyC
Pg+'#|8
O](rW
POgPr
Z^Au6
wT|59
52>-X
g/0B~vq
<=w4W
YLv"j]A
k'^wN
V'q#(
tDMv79z
}EA7q]h
5;nH{
&GV<0I9
5CZW8
VG*w;
8a'Yr
Ev,2{
^e|;.*
EH?v{
D-Be8
"\DL Pv]
M5)5Z
./u2)
nqxzg
G.]$}
O,3&U
aA,<F)
BVl6W
m Vd[ldI
p53Mc=s
[7xH5f
?{^^D
'4*u?
SYhSLU
rkSy`[
=g-i>
W|}>X
FweDw
"CHAE
WJ|Z64D
LGNbi
6>;w=2
#LYE?
;8HrV
0%!Q.
D&6Dh1!
!/ng)
-m_Rt&
5v:|l?r
{eIUxz
a10*;
{27~{
+R"//
-;R7C
ZByaD
)d,uk9<#
Z KXE3D<
"='^DK
/_Xz7l
}7_k&]
U6^#e~
m~M;%
8_\`/
TXQy(
tWci`[
|x;Ib[
@5D9q>
/o4m_-]
&I.OQ
Ds*z)QO\YA
ebKw..pH
,5q%B
XezF;
PyAM9|[
yVJrq^x
h4I/[
,G,.!l
phuEq2D
YXzEkdiTz
RMubq.
/i~rX&
7/16i
#6w`a
)gfRjm7{
!Ve[(
z\pVt
;[?6Q!
RwD"T
5N*P;
\9ih5vX
U?i~hs
kzSP7
~/ddy
IJCY??MJ
~x<Bo0*q
{9VY?
iv1NQE
'9g2Rw?
~tdk`
<1Q9We
Q Y9A
9>vO8
0,y(n
; Bmg
te_4Nj
L_(dO
`'|^S>
?:E~H
nuj*!
:??<@
{+o]x
;W.ks
OSq=*
RPO2F
DRQpNT
J_&""`s
f#*&P/
g]b=RI
P5Yt9/
nU_%,$
69.3<
+[T0Y#
LeBmRm
P/9Xe
}!-^s
}::pb
rnls!
mTx6'd
3|c},]I
o4&?i
D+E%E
GF~hU
~f2zv
<q>%c
[1#jI?
IWHGLx
%](yBeb
~Td4*
SdqjL
l[|yg
>M|vyG
Uv\K1
Jd8|"
(n)'?
u*[#Z.
hif3Ys
"pW~^
`P<+!3=
O8Um7
yWFCs
J*K*!
w SQlHP
yN}]Ni
SR%?f
UHw.KUU]
Lv4Ik
,Kx0w
Rtnn4
mkO<Y
HN>`Pb
zkD6Z
R$dCH^
J$gRqZ
bq5;"
y[3QV
bo[Z>
]Iool
utpyyRh
./:JI
hV;'h
8D}%`Q
P")!\
~VtyC
3; @QALP`
rD#i8
$F,(0
{^}xI`
eO^]b
NI$\m
u|tSt
vWu_)
=^7?z
o+znwZ
aKZ`9
wF7(%
Ii/xL:
"FZ5?G
t`[Fy
%67;#Q
#pGFw`
`yKFK
gT8_Z
l~0Zpx
k~6~%N
%a=vX
5L<kC
!\,@mJ
{2"9F
%L2tN
@"`RI
IDATN
ZW\LA
BKCA*)
Wj3A4
j$+u+
j"I;P
rK6bj
y{<qoZ{
)\\N]
Bdxc1U
@ SnB
%%$ 3EY?x
uO];"
+pn,v
^} ]X5
|>5zyv
IsIZO
?-/*(
Iw(;r^
1Zqbe
Wb*dJ
gx-P0
.\Y IX
]~#cuI
kAO~J
2[x^2
`=:~6K
Zx7rU
Vs/Ds
y?==S
n$U5N
<b8a
J!$mf
s)UpS
,U&ZE
QBK~6
/y2D;;
]uP-X
Q\x(Q
q/65zk
z~DFc
|Vh;{
oK7X<
qy2q]
c5up}z=/Y
1YGnB
o}Vcxm
\tSQP
eHdl7
R-7f3,]B
coOH_
3A/zplC
!)t"U\
z^/*H
,d`?!
YX0%dc
2/^k}
[<j]*PM
Z!C)w
0z*H!
nx]`I
xl?'d
7m<`~E
QK?]%Q
~T>dgP
XQB<K
Jsj|1j1
TU_F=
#7O_R
J|W:r
y~/.wZ
yr6]h
~_*CY*
_hh05
fvG$-
2``wlk
#2}%9(x
[DQR4
w|sf^
%.b2Jy"
)<S)N5X
rqaeRe
,T6n:*
sI|&2
y6x5{
CLC!g
AY?F/
1 b0M
JZj&d/
OajxYd
~`?*N
~#uF"
1}Mal
s_Qn>
XL'x-
:G4q|
$]y<[
.q=;|G
^uydo
6pKcu
ED$"FF
Yq4I#
YSisE
:o~fvlQ
GoV$z
wVf<o
><F[i
lN={xgZ
PEPec
OJ\-w~r
w<;"7
Ys,]*
Z%)+3U
f`l(K
TIC%O
%."V}
zI4qs<g
Bp*12
eGYWLDj{
|3SBR
0&x\Z'
pMM>h"
|<V-V
?277K
u%$'u$
(g=+`]e
]'s7{
.tNRj
gU;@0
czpR3b
3OTPr
BhsI(8
i&5SM
u4Wh+Z
2U}3|G
Z*<o%
ST.r0Q
.d49VP
a/<r6
T.^9a
n(\>!
I[O[(
91?+\f^t4n
T,|`Wc
ak6>u
lk5==Yd
jm'W?
sW|Jy?$hd1
&WvcBM
%^/dd
uKl?#
5zB8H
"2LR*
cL+XV
eQBEv
.{_qG
^;K;T
3qLX3
9 TaT
ed`Z$
k+\m~%
`$lG^n{
>*4ub
8(?T'
v|y_C
}&-7?
)R\=?Mhf
3V7U8
Hq>Fq
p;n|Y
gu9s{
'>]z<
GDkb>
#'Sey
((NuE
wE%6l`
9?_t9
xv6qw
7czpnP
h_yWs
/w7`d
uHNaxi
|>ehw
U:~x7U
#KW%|
$eJ4y
^XsLj:
|?*s$
B&NGl
~].;P
$1pHT
,/o>8
=';sA
WWJ8{{
b"H*f
r=f:x
"\_=)
|M?1o
g?\!S
ud(g {
8;gt.
~WL-yg]=0"c
9D)r5f
mZj\E/
${ru8:
&v^;\
5bbAJ
qX)zG
GOB^}
r4/2p5
=C5*fd
kzRE'O
VW+6D
+7;El
yR;qL
w2`%l
$g2A#
d U&[
9\By%
_}w?m
Gi/"~
~1,Sb
'Vq^tT
9Dz-6`
BQMnFh
uP>]<
:[G1A
< Uo,
|*_kqr
0Jy)A
]W+Jppm
+Db.d
Tk$a<J
X;kz4
m^,?,1vN),
A%b(p
Mp1[v
J2PLA0
NWG,x
o,xalb
m;Mrr
01f>Z
8F&C1
i:.hx
8#FFv
?!od=
kjc{a
if~Qk
D" cVS
H*Qk[M
$c7G~xt
'J"yH
'0It+
z3L_^
SP|tHk
UqOM{
`r(#O
d d.|
:WtE$
9d[?P
|^6y5Z
ftacQz
N"3I^
U`~);+T
nm`s~
6nST7&
z+#q`_T
+K-;SkB
ks]r^
MT?Yu
8ST'_
_|S{tF
\^eA4A
ZZO0E<6`
-e){>
4Uy}(
x<x6Ns
5a`jE
R+2WV
}Qp}G*
'D?^T
[\R?D?
7<_<g*
#A)u_
koiff
;XFNo
@8Ko#
5zo,N
)/4|f
WS8ZeN
Ht+o7
,0eV &_o
7RRo5q
zlB]>s
_xqWF
eMo/_
mv6i[
ZwnQe
gS=.dI
~=wh7
z,r.3o
~sKI~ZAq
p-UMweIg
=Y7E!
<&]DJ
Or!c3
ud4g[&
|#8Oj2
6iF&j
fqi>ne
9I.9e
y[6'M
XqQNY
+{#fv
v( u:
-HTMe>+=
8'|b+
*v*>y
WR*yz
\:3nje?
!b[,(!o
[%@%ej
N?/;Y\
bs~.7w[v
I}yQ}
[zN_MO:
P.a(JrF
z5=)`T$Uk
WQx&F
?k 7\3'
W fgoq
j?mb#
Ys''$
&@%2F
j'@9f
/{0{C
z9'<0
6+<3tha
{KK]Ii
LZBUX
U/SOU.V
)m)wUC
m}${(
P_?8gx]
*M.m/
dUX#d^
gfZqx5
++O\|
:2aHv
t'k#f
LJ9d.
FA(j8
V8N$U2
$&%Wn
.[<g8
!P5bh
Jm(BU
~*w{r
P>=|f
nay$b
^36/J2{
abeGX
SF!dJ
?>2c[
-}(-!
vI3Q^[%
g>&-9
Gb363
LTqGyU
L_bd(
l.Gm=C
!{T#:v
m#` v
ZuyND
0[}L_
a!XLD
%3#c]
|G+>MZ}
cJHZJ
vXN9y
U:iL|
/.<?+
Xt-}po
e&(7dC
Z,w M
L'PD(E
|K9ur
iOg>*
y. 9Q
y`NI$
my2`wq
~5`#PF
yCQpP
i"6$h| l
<j)uR
EetTx\a
g1E:u3
SfDs=
aR$PPq2
:J,h~
~FE|'
@*bUpa``
DdA>5F
J3ao"~`
Gwm}>
\-*F/
h1rV(!
,kF6k.
f/_D4=
CkI+.{R
Nn0o.
w&U72
OqQp}
@!K<G
,5ree
:8qrv
ggz7^
&h3eb4B6^
lC9SH^
`uqQR
nu1U
t -{j
l}{UBc
<rxt#
bLt]A
whktS%
gLxRY
3fWO5P
8Xmj(
@{C"H
\9'$|
%43TjTY
U6T1-
0K%2<"t
*Df!k`
NSmB;
2>OS1F
_q+Wv
|6+en
-~(b=6
3^pws
!F('cS>t
gs^Zj_c
d6l|[c
3KK#-
35vec
&TX3(
|y{Un
;2Vo7
Pk/Az
M'*w[_
/Wyti
l2{rOu
m^;?O
cAyEug
M^]I]
f#9~'I
}wPS$P|
9B10!
u:Wp#
hWKss
&uv{^
>_Uvg
s'd7)
LI3Qn-K
eZjQj[
+,+T9vl
\W|bQ_
{~.Hr]
)GjMs
OZ;CL
5dvYt
;U156p
wGYT|-
]~scs
x8d=~
wB_v<H
X7CK=
u!k.WO
pg3vm]
:\[*:
a][/b
q ;z*
.!WiM
.hjm6!
6li7)
/;-~J:'T
ED)JA
!X1Qm'bFT
~7<vWY
<+6Hq
Lt39cy
|qB.we
7k:PnGS
/t2He
xT9Fh6
kl4N,xBU
uw?LX{
0|f7#
X+dFT.
e|$M"L
>B2<e
[T`GjHj
DJ2*~C
b#S(H
?1,vi
IofDm
)@ @%d
PBrGS
<NoVC
b&qO$sdc
NQt_4
P%p:t
V_hXq
wRsW+
?PS43V
' VcG
>\aE^m5
F%VO,
W1??9
C K*N
4tl%|
OWZ&=
T&QSo3
9eizmN
n6-9w
SD>#$IP
<EyUh
5T%BY
(/9HM!%m
e/yyg
SSbZL
+H[.;
O$-!{B
|W.%x/F
w*?km
"hU,\
lz;d!x
M=s0r
Q*)!!
{Ce>}
b(<&F[.
I&+1!
3DYQSri&d[
IDATPV
(gbV8
3lk,E1/
7u]gw3
%*|$g*e
G.q&q,G8
DlNt"V
`Ya4S
k2q0;
B-`zV
3Klk$
i<1%]
2|1vtp4
m%T~jY
)2j2p
QO1pJ
JkAC;
O\HKA
@yP*=V?Z;
:YSce
P69d[
k,6&0~u
5szDlj
N6wn0EZ
{mO'$%
oi{Wa!e
TJ:KbL
LY::e
:~B&X
xw>/0
;6PJK
=<u5q
7\rPn
PY_w/
0;;6/FE
tn\lG
#UvsWA
t.p~;
kns~?
jm=>q
\!}k
D}-qj
?*FTU
d3pE6
{=Y=C
n;~-2
Z<tey
7q4|A
-Acb5
`&bXS
C?v*I
nEg2/x
-%(TK
1 {@hU
>y]L&
>ukfh
%\z~?~f
;MygF
l9'uP
pj-pn_b
|D87?
EP8U<
~j9Lt}
,`Byh
o*<o/
B%Z.
iefsJ3
7xxeG
*G`6Sf~
w^a|k
!oB-5
zzBv6
jRha
?lXvn
v>{pfX
&^{S#
E,{lN
m-dIPZ
U"|_7rE
\OBjXU
6|5si
=(+J}9
vuR-l
nU,UK5
~>p!-
J[%*(
-uGZZh
uk)5*('
,b!c<
dd.(q
7nBq7m
6vdlj{
.;4ZI"B}x
Y;|,_
bUc<z;
IH'Hf!
=s!]fI
w<8xW
:$IvC
+V#_S
c7[6}d
WLZ[k
IAOD#
jZ45w
eu}oN
xmLU+i
b^l)T
YBM2L(
@$uFJA
_(XSNSD
.eQjr
e~+gS
d3t>Anf!
>*ys\BD2
84=>J
d?\vx
M~/9y!
S3Sv\
7GS>(
S+>JY\
Jr9.l
F:g4G
*dULY
/>%A4
}FrEAeYe1_5
R|lcl
Ogajl
9.?;$
8*Kt8
K4cm2
ATuX7#
;r3xfG
x*]>0
UEb7F+
vrMNT
0 /iVz+
\pHte
er2-W
6.bg_
GxO>i
kQ+p\
_-K\K
T:{}I
<w|hn
]kN]a
;jOQN
7{mnu[4
G8kj$
~uS#D
o}sHU
O4A #
y*ugw
)2e#W
qOE+Z
yyJob
14{&Q
^D$dC
dxNJmI
9L7whF6/Md0
VCF&y
Y7itE
S1.kE
WSG#'
TL/{U
\|W|U
l_V3S
Q?M!T
\kJcf
SMx3CM
B&eGP
JXs%*
Ty#5s
^P)3S
cilC7
tYPBPa
_$4uz
?^^Ry\
W]m+~
,+3hu,
m=^?<
ch[qT
z;(KmC
Td%|'
/EMRE
YRM#~
?z/f~
|sj3[
{E&LWV8
J{7G_
]&da
,L4`\
s\dzMv
0.kv8
[a/?t]
1]2g4
I}~Eo
*!'I[
Vz9O*
C1(da
,O|2~
&Y'J~
yo~VC
9cbEQ'
"R%2e
M-1)QM
mRV3;
JwnM)
"f'rl
f+Sdq
T2/$Zv.*HVW
+H?~~
EWg\0
q`JW|
|O%tL
&@\2K\`
+]]+\W
JRJ"S
S~M %I
Qya9VM
PP7=y
nwBb6
MZ" d'
{~6!1W
V"/oYU
Ao51+Z
Lg KD
a8K?H
[&thJ
sh_4]
>%L3X4
AGJz~
&;M8<
\@h`/
%ez12
+$9EX
ws.}D
Kx"fl{r
j\y>)
/>%C4
,_*tg
X ]qC
,;egK
;PVH
($h%L
mtQbE
%:qh*
RGNt|
aC\@`Sj
EYy1"-
(z_{S
!ruzi
j5~D5
2u}Be
w_ZU)Yo
~9V&W
Zf4Jw
J+6_}
pL,jJ
j'`[N
>3/mg
t5WF{
k}\~^
(swE6
|+!3x|
^30Q{I
par17
:3xzm
i&;sv
VS:eOw}
>gfJIS
^ah;`
yp0[Q
hLQtQ
B 2+BR
~=.BF
h{a*8
dpQsc
*3J[%
BZX9U/ZIRm
'sh/'
v0Q1a
j6)&\M3
s)[p-
&H-DU7S
PHa[e
op'Qg\P7k
UV]mX
\gj6"
]%^p`BH
3*wr>
"bwG5
J2MRM
-2x3n"z5:
]n`RW{
]G#?U
RCrP/
5JQMT
bo;E3
=*ZP$
y]~'[="=
(~O1;
"{A02|"
8Qy6u
x- oj
?3B9)
0?=B?
Q`:ru
(AQ&rts
`|idY
/Syc!
(BW__)
j-^g.
P%JS\
Mu;yj
Mo71g
N~2bC
F.I6yj
c|jLR
!P#^2S^
Z{@*bw
sTHbe
\?8U0p
qs%*f
cSp=z
6wvw9
QrDm~
*|Z0X/
l1`#_$/dt
{m1x!
6qMV4
^m_&_
^?5V3N2
qDGSp
ZuM8B
[oH7f
;6j3m
(v#S7
1j*7x
C);(A
NV0X&Z
iUK?<
/k;13|
Yg5]2
}f9cD
,{+Xx^,
Nx8^X
d_?;}
NPQd*
#DX#D2
J?^S$
}C[N.
F U-W
\peqE
=V?}Y
%{v\~{
DJV~e
+N|$'
3KYJ+
lqURr
'8<GU
l{}sj.~
HU:p3
3;E(m%
T Osd
*HH~>,
|*$PL
bVHP!
w~N @
8/*&X9
Lq,5/%Uk
CTt+u:
(Xy+p
7M;vD
foqP,
1r{#C&
/ PMt
gEJn?nb
%V}aHZ;e
[Vem'_LK
UbunP
f~uCHy
3|V!T;
`96(N
@*bU45&
Ph)%5
tQP<ue
^U,3J)<=G
DFj|4
h7Sivd
R_V_;
Y-|?S
n_~:N
D4*%i
\BqpA:q
k8NNh
Q-!|&
f5Knr
iSm^P
IB<V1
6G)J*^>
}=38Gf
fwn<"
hamBI(
-[I-VE
]2/4X
=*s+.
%'n'}
S,UV[
E>}qt\
K5KI\
;,[|l
u/_+N
g:,x~!
E+?py
hOtzm
TB&U$l|
Z~*$?ei
#`#\N
h^8<w
wK-NY
@K6KR2
jk^L\
f6}~x
h(J"o
iWE";
u14}#
)_,Ls
?4:2&W>
BZ~mQ?
l,wXI=
#-TO12
06b$h
=l1H'g]
N^Uo\1
10Z>u
4v5,)Q
O:N?64
9^qsi
QS/J$
xx]8g
_v`FC
E5Gm^h
bmrb8
$>NX0
nv2&x0
HqwLFg
u$(3E
od$Hl
9Y|sDZ2
dybWy
<6/wA
,emke\
J_=L?#
sXUuph
^.6-i~
=;|r2
Xv?fY
RvSK
/g6Mln
3nt\>2_
(sp2r$
l'Z1)&
+qPH)
GT- _
aT{h$
bLpqf
=88fR=W<
"VU!l
H9<-?`^
y&l91)
R{u28
.on!*
A1a7J
0;Q=`
$2wH$
FxDyE
sg0fZ
]C~jW
jacF5)g*
Jptk.c
5%0+)]J
; 0E^
x*jGC
$&l\yA
DV8)[
8;r"Cr
<Rfx0
tknN&
AupSyIj
3E,JE
1mZwn
4KNBn+
CV]V&A
unN[UH
WT_^I
$Fw]3
wgM$n
~<=I[
"*dOr
nnVjg
'-({\
/$6?j^lk
SkPV7+
JAx[6
(wwXf
dsX=[
C1>Vu
mO/]{
Fa2(/"
491j\
CcA]_-w
u;t|t
u5Vzmg
Dm^dq-"
2;0o}
)hCm^PBl
/eGI:
J3>XE
KOt>|
E,]S-
dyhPj
|17$]
X%YKM
\V(+~
.|5FnI
MZ?hvl
OAN0
C+/Y#6m
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
#GUID
#Blob
#GUID
#Strings
#Blob
#Schema
7 > T ] c m
!G!Q!
"K"Q"W"]"c"i"p"w"~"
"i#p#w#~#
#c$j$y$
%$%:%B%S%Z%b%j%t%{%
%.&6&D&T&\&h&~&
&''Q'
()(m(
J Q j u&
'D(U(a(
N,RDz
DbT71
phlS.exe
mscorlib
SuppressIldasmAttribute
System.Runtime.CompilerServices
.ctor
<Module>
.cctor
System
Process
System.Diagnostics
CloseHandle
kernel32.dll
IsDebuggerPresent
OutputDebugString
Thread
System.Threading
ParameterizedThreadStart
ValueType
NtQueryInformationProcess
ntdll.dll
Win32Exception
System.ComponentModel
MyApplication
ScrapBook.My
Microsoft.VisualBasic
WindowsFormsApplicationBase
Microsoft.VisualBasic.ApplicationServices
OnCreateMainForm
OnCreateSplashScreen
System.Windows.Forms
MyComputer
Computer
Microsoft.VisualBasic.Devices
MyProject
Object
m_ComputerObjectProvider
m_AppObjectProvider
m_UserObjectProvider
m_MyFormsObjectProvider
m_MyWebServicesObjectProvider
get_Computer
get_Application
get_User
get_Forms
get_WebServices
Application
Forms
WebServices
MyForms
m_FormBeingCreated
Hashtable
System.Collections
m_AddUpdateBooks
m_AddUpdateSupport
m_AddUpdateUser
m_AdminHome
m_AdminLoginPage
m_BooksHandler
m_ChatPage
m_ChatPost
m_Credits
m_DeactivateSubPage
m_ForgotPage
m_HomePage
m_MainPage
m_PostPage
m_ProfilePage
m_SettingsPage
m_SplashScreen1
m_Support
m_SupportHandler
m_UsersHandler
Create__Instance__
Instance
Dispose__Instance__
instance
Equals
GetHashCode
GetType
ToString
get_AddUpdateBooks
get_AddUpdateSupport
get_AddUpdateUser
get_AdminHome
get_AdminLoginPage
get_BooksHandler
get_ChatPage
get_ChatPost
get_Credits
get_DeactivateSubPage
get_ForgotPage
get_HomePage
get_MainPage
get_PostPage
get_ProfilePage
get_SettingsPage
get_SplashScreen1
get_Support
get_SupportHandler
get_UsersHandler
set_AddUpdateBooks
Value
set_AddUpdateSupport
set_AddUpdateUser
set_AdminHome
set_AdminLoginPage
set_BooksHandler
set_ChatPage
set_ChatPost
set_Credits
set_DeactivateSubPage
set_ForgotPage
set_HomePage
set_MainPage
set_PostPage
set_ProfilePage
set_SettingsPage
set_SplashScreen1
set_Support
set_SupportHandler
set_UsersHandler
RuntimeTypeHandle
InvalidOperationException
Exception
ArgumentException
AddUpdateBooks
AddUpdateSupport
AddUpdateUser
AdminHome
AdminLoginPage
BooksHandler
ChatPage
ChatPost
Credits
DeactivateSubPage
ForgotPage
HomePage
MainPage
PostPage
ProfilePage
SettingsPage
SplashScreen1
Support
SupportHandler
UsersHandler
MyWebServices
ThreadSafeObjectProvider`1
m_ThreadStaticValue
get_GetInstance
GetInstance
Resources
ScrapBook.My.Resources
resourceMan
ResourceManager
System.Resources
resourceCulture
CultureInfo
System.Globalization
get_ResourceManager
get_Culture
set_Culture
get_Blue
get_iXsvNjCZA
System.Drawing
Bitmap
Assembly
System.Reflection
Culture
iXsvNjCZA
MySettings
ApplicationSettingsBase
System.Configuration
defaultInstance
addedHandler
addedHandlerLockObject
AutoSaveSettings
EventArgs
sender
get_Default
get_ScrapDBConnectionString
SettingsBase
ShutdownEventHandler
Default
ScrapDBConnectionString
MySettingsProperty
get_Settings
Settings
ScrapBook
components
IContainer
_Label3
Label
_Label2
_Label1
_Button2
Button
_Button1
_TextBox3
TextBox
_TextBox2
_TextBox1
_Button3
Dispose
disposing
InitializeComponent
get_Label3
set_Label3
WithEventsValue
get_Label2
set_Label2
get_Label1
set_Label1
get_Button2
set_Button2
get_Button1
set_Button1
get_TextBox3
set_TextBox3
get_TextBox2
set_TextBox2
get_TextBox1
set_TextBox1
get_Button3
set_Button3
Button1_Click
AddUpdateBooks_Load
Button2_Click
Button3_Click
EventHandler
IDisposable
Control
Point
ButtonBase
ContainerControl
SizeF
AutoScaleMode
Color
ControlCollection
MsgBoxResult
MsgBoxStyle
System.Data
SqlCommand
System.Data.SqlClient
SqlConnection
DialogResult
Label3
Label2
Label1
Button2
Button1
TextBox3
TextBox2
TextBox1
Button3
AddUpdateSupport_Load
_TextBox4
_TextBox5
_TextBox6
_Label4
_Label5
_Label6
get_TextBox4
set_TextBox4
get_TextBox5
set_TextBox5
get_TextBox6
set_TextBox6
get_Label4
set_Label4
get_Label5
set_Label5
get_Label6
set_Label6
AddUpdateUser_Load
TextBox4_Leave
EmailAddressCheck
emailaddress
Match
System.Text.RegularExpressions
Group
TextBox4
TextBox5
TextBox6
Label4
Label5
Label6
_PictureBox1
PictureBox
_Button4
get_PictureBox1
set_PictureBox1
get_Button4
set_Button4
writetextboxtolabel
Button4_Click
ISupportInitialize
FontStyle
GraphicsUnit
BorderStyle
PictureBox1
Button4
_Button6
_Button5
_DataGridView1
DataGridView
_Button7
_ScrapDBDataSet
_BooksBindingSource
BindingSource
_BooksTableAdapter
_TitleDataGridViewTextBoxColumn
DataGridViewTextBoxColumn
_DetailsDataGridViewTextBoxColumn
_AuthorDataGridViewTextBoxColumn
_ContextMenuStrip1
ContextMenuStrip
_DeleteRowToolStripMenuItem
ToolStripMenuItem
rowIndex
get_Button6
set_Button6
get_Button5
set_Button5
get_DataGridView1
set_DataGridView1
get_Button7
set_Button7
get_ScrapDBDataSet
set_ScrapDBDataSet
get_BooksBindingSource
set_BooksBindingSource
get_BooksTableAdapter
set_BooksTableAdapter
get_TitleDataGridViewTextBoxColumn
set_TitleDataGridViewTextBoxColumn
get_DetailsDataGridViewTextBoxColumn
set_DetailsDataGridViewTextBoxColumn
get_AuthorDataGridViewTextBoxColumn
set_AuthorDataGridViewTextBoxColumn
get_ContextMenuStrip1
set_ContextMenuStrip1
get_DeleteRowToolStripMenuItem
set_DeleteRowToolStripMenuItem
BooksHandler_Load
ContextMenuStrip1_Click
DataGridView1_CellMouseUp
DataGridViewCellMouseEventArgs
Button6_Click
Button5_Click
Button7_Click
Container
DataGridViewAutoSizeColumnsMode
DataGridViewAutoSizeRowsMode
DataGridViewColumnHeadersHeightSizeMode
DataGridViewColumnCollection
DataGridViewColumn
DataSet
ToolStripItemCollection
ToolStrip
ToolStripItem
DataGridViewCellMouseEventHandler
DataGridViewRowCollection
DataGridViewRow
MouseButtons
MouseEventArgs
DataGridViewCellCollection
DataGridViewCell
ToolStripDropDown
Button6
Button5
DataGridView1
Button7
ScrapDBDataSet
BooksBindingSource
BooksTableAdapter
TitleDataGridViewTextBoxColumn
DetailsDataGridViewTextBoxColumn
AuthorDataGridViewTextBoxColumn
ContextMenuStrip1
DeleteRowToolStripMenuItem
ChatPost_Load
writelabeltolabel
InternalPartitionEnumerator
StackTrace
NextSink
Compressor
Xosh_Maza
Encoding
System.Text
Array
_GroupBox1
GroupBox
_GroupBox3
_GroupBox4
_GroupBox5
_PictureBox3
_PictureBox2
get_GroupBox1
set_GroupBox1
get_GroupBox3
set_GroupBox3
get_GroupBox4
set_GroupBox4
get_GroupBox5
set_GroupBox5
get_PictureBox3
set_PictureBox3
get_PictureBox2
set_PictureBox2
Credits_Load
PictureBoxSizeMode
ImageLayout
GroupBox1
GroupBox3
GroupBox4
GroupBox5
PictureBox3
PictureBox2
tableAdmin
tableBooks
tableChats
tableLogin
tableSupport
_schemaSerializationMode
SchemaSerializationMode
SerializationInfo
System.Runtime.Serialization
StreamingContext
context
get_Admin
get_Books
get_Chats
get_Login
get_SchemaSerializationMode
set_SchemaSerializationMode
get_Tables
DataTableCollection
get_Relations
DataRelationCollection
InitializeDerivedDataSet
Clone
ShouldSerializeTables
ShouldSerializeRelations
ReadXmlSerializable
System.Xml
XmlReader
reader
GetSchemaSerializable
XmlSchema
System.Xml.Schema
InitVars
initTable
InitClass
ShouldSerializeAdmin
ShouldSerializeBooks
ShouldSerializeChats
ShouldSerializeLogin
ShouldSerializeSupport
SchemaChanged
CollectionChangeEventArgs
GetTypedDataSetSchema
XmlSchemaComplexType
XmlSchemaSet
CollectionChangeEventHandler
StringReader
System.IO
XmlTextReader
TextReader
DataTable
MissingSchemaAction
XmlReadMode
MemoryStream
XmlTextWriter
Stream
XmlWriter
ValidationEventHandler
CollectionChangeAction
XmlSchemaSequence
XmlSchemaAny
XmlSchemaObjectCollection
XmlSchemaObject
XmlSchemaParticle
ICollection
IEnumerator
IEnumerable
Admin
Books
Chats
Login
Tables
Relations
AdminRowChangeEventHandler
MulticastDelegate
TargetObject
TargetMethod
BeginInvoke
IAsyncResult
AsyncCallback
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
BooksRowChangeEventHandler
ChatsRowChangeEventHandler
LoginRowChangeEventHandler
SupportRowChangeEventHandler
AdminDataTable
System.Data.DataSetExtensions
TypedTableBase`1
columnAdmin
DataColumn
columnPassword
AdminRowChangingEvent
AdminRowChangedEvent
AdminRowDeletingEvent
AdminRowDeletedEvent
table
get_AdminColumn
get_PasswordColumn
get_Count
get_Item
index
add_AdminRowChanging
remove_AdminRowChanging
add_AdminRowChanged
remove_AdminRowChanged
add_AdminRowDeleting
remove_AdminRowDeleting
add_AdminRowDeleted
remove_AdminRowDeleted
AddAdminRow
Password
FindByAdmin
CreateInstance
NewAdminRow
NewRowFromBuilder
DataRow
DataRowBuilder
builder
GetRowType
OnRowChanged
DataRowChangeEventArgs
OnRowChanging
OnRowDeleted
OnRowDeleting
RemoveAdminRow
GetTypedTableSchema
DataRowCollection
Delegate
DataColumnCollection
MappingType
ConstraintCollection
UniqueConstraint
Constraint
DataRowAction
Decimal
XmlSchemaContentProcessing
XmlSchemaAttribute
AdminRowChanging
AdminRowChanged
AdminRowDeleting
AdminRowDeleted
AdminColumn
PasswordColumn
Count
BooksDataTable
columnTitle
columnDetails
columnAuthor
BooksRowChangingEvent
BooksRowChangedEvent
BooksRowDeletingEvent
BooksRowDeletedEvent
get_TitleColumn
get_DetailsColumn
get_AuthorColumn
add_BooksRowChanging
remove_BooksRowChanging
add_BooksRowChanged
remove_BooksRowChanged
add_BooksRowDeleting
remove_BooksRowDeleting
add_BooksRowDeleted
remove_BooksRowDeleted
AddBooksRow
Title
Details
Author
FindByTitle
NewBooksRow
RemoveBooksRow
BooksRowChanging
BooksRowChanged
BooksRowDeleting
BooksRowDeleted
TitleColumn
DetailsColumn
AuthorColumn
ChatsDataTable
columnUserName
columnMessages
ChatsRowChangingEvent
ChatsRowChangedEvent
ChatsRowDeletingEvent
ChatsRowDeletedEvent
get_UserNameColumn
get_MessagesColumn
add_ChatsRowChanging
remove_ChatsRowChanging
add_ChatsRowChanged
remove_ChatsRowChanged
add_ChatsRowDeleting
remove_ChatsRowDeleting
add_ChatsRowDeleted
remove_ChatsRowDeleted
AddChatsRow
UserName
Messages
FindByUserName
NewChatsRow
RemoveChatsRow
ChatsRowChanging
ChatsRowChanged
ChatsRowDeleting
ChatsRowDeleted
UserNameColumn
MessagesColumn
LoginDataTable
columnAbout
columnEmail
columnOccupation
columnPhone
LoginRowChangingEvent
LoginRowChangedEvent
LoginRowDeletingEvent
LoginRowDeletedEvent
get_AboutColumn
get_EmailColumn
get_OccupationColumn
get_PhoneColumn
add_LoginRowChanging
remove_LoginRowChanging
add_LoginRowChanged
remove_LoginRowChanged
add_LoginRowDeleting
remove_LoginRowDeleting
add_LoginRowDeleted
remove_LoginRowDeleted
AddLoginRow
About
Email
Occupation
Phone
NewLoginRow
RemoveLoginRow
LoginRowChanging
LoginRowChanged
LoginRowDeleting
LoginRowDeleted
AboutColumn
EmailColumn
OccupationColumn
PhoneColumn
SupportDataTable
columnReply
SupportRowChangingEvent
SupportRowChangedEvent
SupportRowDeletingEvent
SupportRowDeletedEvent
get_ReplyColumn
add_SupportRowChanging
remove_SupportRowChanging
add_SupportRowChanged
remove_SupportRowChanged
add_SupportRowDeleting
remove_SupportRowDeleting
add_SupportRowDeleted
remove_SupportRowDeleted
AddSupportRow
Reply
NewSupportRow
RemoveSupportRow
SupportRowChanging
SupportRowChanged
SupportRowDeleting
SupportRowDeleted
ReplyColumn
AdminRow
set_Admin
get_Password
set_Password
BooksRow
get_Title
set_Title
get_Details
set_Details
get_Author
set_Author
ChatsRow
get_UserName
set_UserName
get_Messages
set_Messages
LoginRow
get_About
set_About
get_Email
set_Email
get_Occupation
set_Occupation
get_Phone
set_Phone
IsAboutNull
SetAboutNull
IsEmailNull
SetEmailNull
IsOccupationNull
SetOccupationNull
IsPhoneNull
SetPhoneNull
StrongTypingException
SupportRow
get_Reply
set_Reply
IsReplyNull
SetReplyNull
AdminRowChangeEvent
eventRow
eventAction
action
get_Row
get_Action
Action
BooksRowChangeEvent
ChatsRowChangeEvent
LoginRowChangeEvent
SupportRowChangeEvent
AdminTableAdapter
ScrapBook.ScrapDBDataSetTableAdapters
Component
__adapter
SqlDataAdapter
_connection
_transaction
SqlTransaction
_commandCollection
_clearBeforeFill
get__adapter
set__adapter
get_Adapter
get_Connection
set_Connection
get_Transaction
set_Transaction
get_CommandCollection
get_ClearBeforeFill
set_ClearBeforeFill
InitAdapter
InitConnection
InitCommandCollection
dataTable
GetData
Update
dataSet
dataRow
dataRows
Delete
Original_Admin
Original_Password
Insert
DataTableMapping
System.Data.Common
DataColumnMappingCollection
DataColumnMapping
DataTableMappingCollection
DataAdapter
CommandType
SqlParameterCollection
SqlParameter
SqlDbType
ParameterDirection
DataRowVersion
DbDataAdapter
ArgumentNullException
ConnectionState
_adapter
Adapter
Connection
Transaction
CommandCollection
ClearBeforeFill
Original_Title
Original_Author
ChatsTableAdapter
Original_UserName
LoginTableAdapter
Nullable`1
Original_Email
Original_Occupation
Original_Phone
SupportTableAdapter
TableAdapterManager
_updateOrder
_adminTableAdapter
_booksTableAdapter
_chatsTableAdapter
_loginTableAdapter
_supportTableAdapter
_backupDataSetBeforeUpdate
IDbConnection
get_UpdateOrder
set_UpdateOrder
get_AdminTableAdapter
set_AdminTableAdapter
get_ChatsTableAdapter
set_ChatsTableAdapter
get_LoginTableAdapter
set_LoginTableAdapter
get_SupportTableAdapter
set_SupportTableAdapter
get_BackupDataSetBeforeUpdate
set_BackupDataSetBeforeUpdate
get_TableAdapterInstanceCount
UpdateUpdatedRows
List`1
System.Collections.Generic
allChangedRows
allAddedRows
UpdateInsertedRows
UpdateDeletedRows
GetRealUpdatedRows
updatedRows
UpdateAll
SortSelfReferenceRows
DataRelation
relation
childFirst
MatchTableAdapterConnection
inputConnection
DataViewRowState
ApplicationException
IDbTransaction
StringComparison
UpdateOrder
BackupDataSetBeforeUpdate
TableAdapterInstanceCount
UpdateOrderOption
value__
InsertUpdateDelete
UpdateInsertDelete
SelfReferenceComparer
IComparer`1
_relation
_childFirst
GetRoot
distance
Compare
_SupportBindingSource
_SupportTableAdapter
_UserNameDataGridViewTextBoxColumn
_MessagesDataGridViewTextBoxColumn
_ReplyDataGridViewTextBoxColumn
get_SupportBindingSource
set_SupportBindingSource
get_UserNameDataGridViewTextBoxColumn
set_UserNameDataGridViewTextBoxColumn
get_MessagesDataGridViewTextBoxColumn
set_MessagesDataGridViewTextBoxColumn
get_ReplyDataGridViewTextBoxColumn
set_ReplyDataGridViewTextBoxColumn
Support_Load
DataGridViewClipboardCopyMode
SupportBindingSource
UserNameDataGridViewTextBoxColumn
MessagesDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
SupportHandler_Load
_LoginBindingSource
_LoginTableAdapter
_PasswordDataGridViewTextBoxColumn
_AboutDataGridViewTextBoxColumn
_EmailDataGridViewTextBoxColumn
_OccupationDataGridViewTextBoxColumn
_PhoneDataGridViewTextBoxColumn
get_LoginBindingSource
set_LoginBindingSource
get_PasswordDataGridViewTextBoxColumn
set_PasswordDataGridViewTextBoxColumn
get_AboutDataGridViewTextBoxColumn
set_AboutDataGridViewTextBoxColumn
get_EmailDataGridViewTextBoxColumn
set_EmailDataGridViewTextBoxColumn
get_OccupationDataGridViewTextBoxColumn
set_OccupationDataGridViewTextBoxColumn
get_PhoneDataGridViewTextBoxColumn
set_PhoneDataGridViewTextBoxColumn
AdminHandler_Load
LoginBindingSource
PasswordDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
EmailDataGridViewTextBoxColumn
OccupationDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
AdminLoginPage_Load
SqlDataReader
_GroupBox2
_ChatsBindingSource
_ChatsTableAdapter
get_GroupBox2
set_GroupBox2
get_ChatsBindingSource
set_ChatsBindingSource
ChatPage_Load
GroupBox2
ChatsBindingSource
dBconn
connectionstring
executesqlstmt
ForgotPage_Load
TextBox2_Leave
PostPage_Load
_ComboBox1
ComboBox
connection
get_ComboBox1
set_ComboBox1
ProfilePage_Load
ObjectCollection
ComboBox1
PictureBox1_Click
Label1_Click
PictureBox3_Click
Label2_Click
HomePage_Load
PictureBox2_Click
Button3_Click_1
ComponentResourceManager
DataGridViewCellBorderStyle
_LinkLabel1
LinkLabel
_Label7
_Label8
LinkLabel1_LinkClicked
LinkLabelLinkClickedEventArgs
Label8_Click
TextBox5_Leave
GroupBox1_Enter
get_LinkLabel1
set_LinkLabel1
get_Label7
set_Label7
get_Label8
set_Label8
TextBoxBase
ContentAlignment
LinkLabelLinkClickedEventHandler
LinkLabel1
Label7
Label8
SettingsPage_Load
_MainLayoutPanel
TableLayoutPanel
get_MainLayoutPanel
set_MainLayoutPanel
SplashScreen1_Load
TableLayoutColumnStyleCollection
ColumnStyle
SizeType
DockStyle
TableLayoutRowStyleCollection
RowStyle
FormBorderStyle
FormStartPosition
AssemblyInfo
ApplicationBase
MainLayoutPanel
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
GeneratedCodeAttribute
System.CodeDom.Compiler
EditorBrowsableAttribute
EditorBrowsableState
STAThreadAttribute
DebuggerHiddenAttribute
DebuggerStepThroughAttribute
StandardModuleAttribute
Microsoft.VisualBasic.CompilerServices
HideModuleNameAttribute
HelpKeywordAttribute
System.ComponentModel.Design
MyGroupCollectionAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
DebuggerNonUserCodeAttribute
ApplicationScopedSettingAttribute
SpecialSettingAttribute
SpecialSetting
DefaultSettingValueAttribute
DesignerGeneratedAttribute
DebuggerBrowsableAttribute
DebuggerBrowsableState
AccessedThroughPropertyAttribute
DesignerCategoryAttribute
ToolboxItemAttribute
XmlSchemaProviderAttribute
System.Xml.Serialization
XmlRootAttribute
BrowsableAttribute
DesignerSerializationVisibilityAttribute
DesignerSerializationVisibility
DefaultMemberAttribute
DataObjectAttribute
DesignerAttribute
DataObjectMethodAttribute
DataObjectMethodType
EditorAttribute
ScrapBook.AddUpdateBooks.resources
ScrapBook.AddUpdateSupport.resources
ScrapBook.AddUpdateUser.resources
ScrapBook.AdminHome.resources
ScrapBook.BooksHandler.resources
ScrapBook.ChatPost.resources
ScrapBook.Credits.resources
ScrapBook.Support.resources
ScrapBook.SupportHandler.resources
ScrapBook.UsersHandler.resources
ScrapBook.AdminLoginPage.resources
ScrapBook.ChatPage.resources
ScrapBook.DeactivateSubPage.resources
ScrapBook.ForgotPage.resources
ScrapBook.PostPage.resources
ScrapBook.ProfilePage.resources
ScrapBook.HomePage.resources
ScrapBook.MainPage.resources
ScrapBook.Resources.resources
ScrapBook.SettingsPage.resources
ScrapBook.SplashScreen1.resources
IntPtr
op_Equality
get_Size
String
Concat
Environment
GetEnvironmentVariable
FailFast
get_ProcessName
ToLower
Contains
set_IsBackground
Start
get_CurrentThread
Sleep
Debugger
get_IsAttached
IsLogging
GetCurrentProcess
get_Handle
Close
get_IsAlive
ToInt32
GetProcessById
Marshal
SizeOf
get_UseCompatibleTextRendering
AuthenticationMode
set_IsSingleInstance
set_EnableVisualStyles
set_ShutdownStyle
ShutdownMode
set_MainForm
SetCompatibleTextRenderingDefault
set_SaveMySettingsOnExit
set_SplashScreen
TargetInvocationException
get_IsDisposed
Activator
GetTypeFromHandle
ContainsKey
Utils
GetResourceString
ProjectData
SetProjectError
get_InnerException
get_Message
Remove
RuntimeHelpers
GetObjectValue
ReferenceEquals
get_Assembly
GetObject
Synchronized
get_SaveMySettingsOnExit
ObjectFlowControl
CheckForSyncLockOnValueType
Monitor
Enter
add_Shutdown
Conversions
get_Tomato
SqlException
add_Load
SuspendLayout
set_AutoSize
set_Location
set_Name
set_Size
set_TabIndex
set_Text
set_UseVisualStyleBackColor
set_Multiline
set_AutoScaleDimensions
set_AutoScaleMode
set_BackColor
set_ClientSize
get_Controls
ResumeLayout
PerformLayout
remove_Click
add_Click
get_Text
Operators
CompareString
Interaction
MsgBox
ExecuteNonQuery
MessageBox
ClearProjectError
SystemColors
get_MenuHighlight
set_PasswordChar
get_AppWorkspace
remove_Leave
add_Leave
Focus
Regex
get_Success
get_SandyBrown
BeginInit
set_Font
set_BorderStyle
set_TabStop
EndInit
get_White
get_SlateGray
get_RosyBrown
set_AutoGenerateColumns
set_AutoSizeColumnsMode
set_AutoSizeRowsMode
set_BackgroundColor
set_ColumnHeadersHeightSizeMode
get_Columns
AddRange
set_DataSource
set_GridColor
set_DataPropertyName
set_HeaderText
set_Width
set_DataMember
set_DataSetName
get_Items
remove_CellMouseUp
add_CellMouseUp
get_Rows
get_IsNewRow
RemoveAt
get_Button
get_RowIndex
set_Selected
get_Cells
set_CurrentCell
get_Location
Cursor
get_Position
get_Teal
get_ButtonHighlight
set_ForeColor
Int32
Boolean
get_BigEndianUnicode
GetBytes
get_Length
CopyArray
NewLateBinding
LateIndexGet
LateGet
GetTypes
get_DarkViolet
get_Violet
set_SizeMode
set_BackgroundImageLayout
IsBinarySerialized
DetermineSchemaSerializationMode
GetSerializationData
add_CollectionChanged
GetValue
ReadXmlSchema
get_DataSetName
get_Prefix
set_Prefix
get_Namespace
set_Namespace
get_Locale
set_Locale
get_CaseSensitive
set_CaseSensitive
get_EnforceConstraints
set_EnforceConstraints
Merge
Reset
ReadXml
WriteXmlSchema
set_Position
set_Particle
get_TargetNamespace
Write
Schemas
GetEnumerator
get_Current
SetLength
ReadByte
MoveNext
Interlocked
CompareExchange
set_TableName
get_TableName
get_DataSet
get_MinimumCapacity
set_MinimumCapacity
Combine
NewRow
set_ItemArray
get_Constraints
set_AllowDBNull
set_Unique
set_MaxLength
set_MinOccurs
set_MaxOccurs
set_ProcessContents
set_FixedValue
get_Attributes
get_Table
set_Item
InvalidCastException
Convert
DBNull
ToDecimal
IsNull
get_InsertCommand
get_DeleteCommand
get_UpdateCommand
set_SourceTable
set_DataSetTable
get_ColumnMappings
get_TableMappings
set_DeleteCommand
set_CommandText
set_CommandType
get_Parameters
set_InsertCommand
set_UpdateCommand
set_ConnectionString
set_SelectCommand
Clear
set_Value
get_State
get_Value
get_HasValue
IEnumerable`1
ToArray
Dictionary`2
CopyTo
Select
HasChanges
BeginTransaction
get_AcceptChangesDuringUpdate
set_AcceptChangesDuringUpdate
Commit
AcceptChanges
Rollback
Debug
Assert
SetAdded
get_ConnectionString
IDictionary`2
ICollection`1
KeyValuePair`2
CompareTo
GetParentRow
IndexOf
get_Olive
set_AllowUserToAddRows
set_AllowUserToDeleteRows
set_AllowUserToOrderColumns
set_ClipboardCopyMode
get_LightSalmon
get_Red
get_Yellow
get_Chocolate
get_Transparent
get_DarkGreen
set_DoubleBuffered
ExecuteReader
get_SteelBlue
get_ButtonFace
get_Peru
get_Tan
get_Crimson
get_MidnightBlue
get_WhiteSmoke
get_Salmon
get_Brown
get_ActiveCaptionText
set_CellBorderStyle
set_ReadOnly
set_Icon
FromArgb
get_Lime
get_Black
get_DarkOliveGreen
set_LinkColor
set_VisitedLinkColor
get_Control
set_ImageAlign
remove_LinkClicked
add_LinkClicked
remove_Enter
add_Enter
get_DarkRed
set_ColumnCount
get_ColumnStyles
set_Dock
get_RowStyles
set_ControlBox
set_FormBorderStyle
set_MaximizeBox
set_MinimizeBox
set_ShowInTaskbar
set_StartPosition
get_Info
WrapNonExceptionThrows
ScrapBook
Copyright
2017
$1c6213db-06c8-4009-b436-92604df14741
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
MyTemplate
11.0.0.0
My.Computer
My.Application
My.User
My.Forms
My.WebServices
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.7.0.0
RData Source=(localdb)\ProjectsV13;Initial Catalog=ScrapDB;Integrated Security=True
My.Settings
Label3
Label2
Label1
Button2
Button1
TextBox3
TextBox2
TextBox1
Button3
TextBox4
TextBox5
TextBox6
Label4
Label5
Label6
PictureBox1
Button4
Button6
Button5
DataGridView1
Button7
ScrapDBDataSet
BooksBindingSource
BooksTableAdapter
TitleDataGridViewTextBoxColumn
DetailsDataGridViewTextBoxColumn
AuthorDataGridViewTextBoxColumn
ContextMenuStrip1
DeleteRowToolStripMenuItem
GroupBox1
GroupBox3
GroupBox4
GroupBox5
PictureBox3
PictureBox2
GetTypedDataSetSchema
vs.data.DataSet
(System.Data.Design.TypedDataSetGenerator
16.0.0.0
GetTypedTableSchema
Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
vs.data.TableAdapter
_adapter
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
vs.data.TableAdapterManager
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerPropertyEditor, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"System.Drawing.Design.UITypeEditor
SupportBindingSource
SupportTableAdapter
!UserNameDataGridViewTextBoxColumn
!MessagesDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
LoginBindingSource
LoginTableAdapter
!PasswordDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
EmailDataGridViewTextBoxColumn
#OccupationDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
GroupBox2
ChatsBindingSource
ChatsTableAdapter
ComboBox1
LinkLabel1
Label7
Label8
MainLayoutPanel
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
$this.Icon
iXsvNjCZA
dnspy
_ENABLE_PROFILING
_PROFILER
WinForms_RecursiveFormCreate
WinForms_SeeInnerException
Property can only be set to Nothing
ScrapBook.Resources
iXsvNjCZA
ScrapDBConnectionString
Author
Button1
Label3
AddUpdateBooks
Label1
BookTitle
Label2
TextBox3
Button3
Update
TextBox1
Button2
AboutBook
Delete
TextBox2
Don't keep blank Credentials for Details
Don't keep blank Credentials for Title
insert into Books (Title, Details, Author) values ('
Don't keep blank Credentials for Author
Book Posted
Delete From Books Where Title='
Book Deleted
Update Books Set Details='
', Author = '
' WHERE Title='
Book Updated
AddUpdateSupport
Reply
Message
UserName
Don't keep blank Credentials for message
Don't keep blank Credentials for User
Update Support Set Reply='
' WHERE UserName='
Replied User
Delete From Support Where UserName='
Messages Deleted
Email
TextBox4
About
Label4
Label6
Occupation
Phone
Label5
AddUpdateUser
TextBox5
Password
TextBox6
Don't keep blank Credentials for Password
Don't keep blank Credentials for UserName
Update Login Set Password='
', Email = '
' , About = '
', Occupation = '
', Phone = '
Profile Updated
Delete From login Where UserName='
Profile Deleted
insert into Login (UserName, Password, About, Email, Phone, Occupation) values ('
Profile Added
Enter a Valid Email
Warning
^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$
Microsoft Sans Serif
SignOut
AdminHome
SupportHandler DB
UsersHandler DB
Button4
BooksHandler DB
PictureBox1
BooksHandler
Button5
DeleteRowToolStripMenuItem
Title
Details
Sign Out
Delete Row
AuthorDataGridViewTextBoxColumn
DataGridView1
ContextMenuStrip1
Button7
Books
ScrapDBDataSet
Users DB
BooksHandlerDB
Support DB
Button6
DetailsDataGridViewTextBoxColumn
TitleDataGridViewTextBoxColumn
Refresh
ChatPost
Message:
ChatForm
UserName:
Please fill the blank boxes
insert into Chats (UserName,Messages) values ('
HpiZCL
CreateInstance
Green
ScrapBook
GroupBox1
Georgia
Sarvesh Kumar Modi
15YASB7111
GroupBox3
Tejram Patel
15YASB7128
PictureBox3
PictureBox2
Credits
Vishnu KP
15YASB7137
GroupBox5
GroupBox4
XmlSchema
Admin
Chats
Login
Support
http://tempuri.org/ScrapDBDataSet.xsd
Constraint1
AdminDataTable
tableTypeName
namespace
http://www.w3.org/2001/XMLSchema
urn:schemas-microsoft-com:xml-diffgram-v1
BooksDataTable
Messages
ChatsDataTable
LoginDataTable
SupportDataTable
The value for column 'About' in table 'Login' is DBNull.
The value for column 'Email' in table 'Login' is DBNull.
The value for column 'Occupation' in table 'Login' is DBNull.
The value for column 'Phone' in table 'Login' is DBNull.
The value for column 'Reply' in table 'Support' is DBNull.
@Password
@Original_Admin
@Original_Password
DELETE FROM [dbo].[Admin] WHERE (([Admin] = @Original_Admin) AND ([Password] = @Original_Password))
@Admin
UPDATE [dbo].[Admin] SET [Admin] = @Admin, [Password] = @Password WHERE (([Admin] = @Original_Admin) AND ([Password] = @Original_Password));
SELECT Admin, Password FROM Admin WHERE (Admin = @Admin)
Table
INSERT INTO [dbo].[Admin] ([Admin], [Password]) VALUES (@Admin, @Password);
SELECT Admin, Password FROM Admin WHERE (Admin = @Admin)
SELECT Admin, Password FROM dbo.Admin
Original_Admin
Original_Password
@Author
@Details
@Original_Author
@Original_Title
@Title
DELETE FROM [dbo].[Books] WHERE (([Title] = @Original_Title) AND ([Author] = @Original_Author))
UPDATE [dbo].[Books] SET [Title] = @Title, [Details] = @Details, [Author] = @Author WHERE (([Title] = @Original_Title) AND ([Author] = @Original_Author));
SELECT Title, Details, Author FROM Books WHERE (Title = @Title)
INSERT INTO [dbo].[Books] ([Title], [Details], [Author]) VALUES (@Title, @Details, @Author);
SELECT Title, Details, Author FROM Books WHERE (Title = @Title)
SELECT Title, Details, Author FROM dbo.Books
Original_Title
Original_Author
@Messages
DELETE FROM [dbo].[Chats] WHERE (([UserName] = @Original_UserName))
@UserName
@Original_UserName
INSERT INTO [dbo].[Chats] ([UserName], [Messages]) VALUES (@UserName, @Messages);
SELECT UserName, Messages FROM Chats WHERE (UserName = @UserName)
UPDATE [dbo].[Chats] SET [UserName] = @UserName, [Messages] = @Messages WHERE (([UserName] = @Original_UserName));
SELECT UserName, Messages FROM Chats WHERE (UserName = @UserName)
SELECT UserName, Messages FROM dbo.Chats
Original_UserName
UPDATE [dbo].[Login] SET [UserName] = @UserName, [Password] = @Password, [About] = @About, [Email] = @Email, [Occupation] = @Occupation, [Phone] = @Phone WHERE (([UserName] = @Original_UserName) AND ([Password] = @Original_Password) AND ((@IsNull_Email = 1 AND [Email] IS NULL) OR ([Email] = @Original_Email)) AND ((@IsNull_Occupation = 1 AND [Occupation] IS NULL) OR ([Occupation] = @Original_Occupation)) AND ((@IsNull_Phone = 1 AND [Phone] IS NULL) OR ([Phone] = @Original_Phone)));
SELECT UserName, Password, About, Email, Occupation, Phone FROM Login WHERE (UserName = @UserName)
INSERT INTO [dbo].[Login] ([UserName], [Password], [About], [Email], [Occupation], [Phone]) VALUES (@UserName, @Password, @About, @Email, @Occupation, @Phone);
SELECT UserName, Password, About, Email, Occupation, Phone FROM Login WHERE (UserName = @UserName)
@IsNull_Occupation
@Original_Phone
@IsNull_Email
DELETE FROM [dbo].[Login] WHERE (([UserName] = @Original_UserName) AND ([Password] = @Original_Password) AND ((@IsNull_Email = 1 AND [Email] IS NULL) OR ([Email] = @Original_Email)) AND ((@IsNull_Occupation = 1 AND [Occupation] IS NULL) OR ([Occupation] = @Original_Occupation)) AND ((@IsNull_Phone = 1 AND [Phone] IS NULL) OR ([Phone] = @Original_Phone)))
@IsNull_Phone
@Original_Email
@About
@Original_Occupation
@Email
@Occupation
@Phone
SELECT UserName, Password, About, Email, Occupation, Phone FROM dbo.Login
@Reply
UPDATE [dbo].[Support] SET [UserName] = @UserName, [Messages] = @Messages, [Reply] = @Reply WHERE (([UserName] = @Original_UserName));
SELECT UserName, Messages, Reply FROM Support WHERE (UserName = @UserName)
INSERT INTO [dbo].[Support] ([UserName], [Messages], [Reply]) VALUES (@UserName, @Messages, @Reply);
SELECT UserName, Messages, Reply FROM Support WHERE (UserName = @UserName)
DELETE FROM [dbo].[Support] WHERE (([UserName] = @Original_UserName))
SELECT UserName, Messages, Reply FROM dbo.Support
All TableAdapters managed by a TableAdapterManager must use the same connection string.
The transaction cannot begin. The current data connection does not support transactions or the current state is not allowing the transaction to begin.
dataSet
TableAdapterManager contains no connection information. Set each TableAdapterManager TableAdapter property to a valid TableAdapter instance.
UserNameDataGridViewTextBoxColumn
MessagesDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
Post to Support
Please fill the blank boxe
insert into Support (UserName, Messages) values ('
Support Message Sent
SupportHandler
Books DB
AboutDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
OccupationDataGridViewTextBoxColumn
UsersHandler
UserHandlerDB
EmailDataGridViewTextBoxColumn
PasswordDataGridViewTextBoxColumn
Go Back
AdminLoginPage
ScrapBook Admin
Log In
Don't leave Blank Credentials
select Admin, Password from Admin where Admin = '
'AND Password = '
OOOps login failed
ChatPage
GroupBox2
Integrated Security=true; Initial Catalog = ScrapDB ; Data source=(localdb)\ProjectsV13;
Your Account is Deactivated
Sign Up Again
DeactivateSubPage
Deactivation
Forgot Password
Reset
NewPassWord
ForgotPage
Update login Set Password = '
' WHERE Email ='
Passowrd Resest Done!!!
Book Title
About The Book
PostPage
insert into Books (Title, Details, Author) values ('
Don't keep blank credentials
Book Posted!!!
Server= (localdb)\ProjectsV13; Database = ScrapDB; Integrated Security = true
Reader
Publisher
ComboBox1
Save/Update
ProfilePage
About you
Profile Page
Update login Set Email = '
', Phone =
WHERE UserName='
$this.Icon
HomePage
Home
Profile
Settings
select UserName, Password from Login where UserName = '
Welcome Back...!!!
Ooops!! Login Failed
insert into Login (UserName, Password, Email) values ('
Welcome New User...!!!
Sign Up
MainPage
Label8
Label7
Password*
Email*
Login/SignUp
Create An Account
User Name*
Welcome to ScrapBook
Forgot Password ?
LinkLabel1
helps you learn and share with the people in your life.
Deactivate Account
Update Profile
Ask For Support
SettingsPage
Profile Deactivated
SplashScreen1
MainLayoutPanel
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
ScrapBook
FileVersion
1.0.0.0
InternalName
phlS.exe
LegalCopyright
Copyright
2017
LegalTrademarks
OriginalFilename
phlS.exe
ProductName
ScrapBook
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
No antivirus signatures available.
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 13.107.42.23 [VT] United States

TCP

Source Source Port Destination Destination Port
192.168.1.7 49174 13.107.42.23 443
192.168.1.7 49176 13.107.42.23 443

UDP

Source Source Port Destination Destination Port
192.168.1.7 137 192.168.1.255 137
192.168.1.7 55169 8.8.8.8 53
192.168.1.7 56221 8.8.8.8 53
192.168.1.7 57251 8.8.8.8 53

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-10-18 06:36:06.866 192.168.1.7 [VT] 49173 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:36:07.281 192.168.1.7 [VT] 49177 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:36:07.308 192.168.1.7 [VT] 49175 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:36:07.431 192.168.1.7 [VT] 49176 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:36:07.605 192.168.1.7 [VT] 49174 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3

Suricata TLS

Timestamp Source IP Source Port Destination IP Destination Port Subject Issuer Fingerprint Version
2020-10-18 06:36:06.868 192.168.1.7 [VT] 49173 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:36:07.308 192.168.1.7 [VT] 49177 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:36:07.330 192.168.1.7 [VT] 49175 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:36:07.655 192.168.1.7 [VT] 49176 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:36:07.813 192.168.1.7 [VT] 49174 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.1.7 49173 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.7 49174 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.7 49175 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.7 49176 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.7 49177 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
Defense Evasion
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1045 - Software Packing
    • Signature - packer_entropy

    Processing ( 8.374999999999998 seconds )

    • 5.23 Suricata
    • 1.168 CAPE
    • 0.982 Static
    • 0.254 VirusTotal
    • 0.2 BehaviorAnalysis
    • 0.158 NetworkAnalysis
    • 0.12 static_dotnet
    • 0.084 TargetInfo
    • 0.079 AnalysisInfo
    • 0.046 Deduplicate
    • 0.04 Strings
    • 0.007 peid
    • 0.006 Debug
    • 0.001 ProcDump

    Signatures ( 0.3300000000000001 seconds )

    • 0.055 antiav_detectreg
    • 0.023 infostealer_ftp
    • 0.02 territorial_disputes_sigs
    • 0.016 masquerade_process_name
    • 0.015 antiav_detectfile
    • 0.014 infostealer_im
    • 0.012 guloader_apis
    • 0.011 antianalysis_detectreg
    • 0.011 ransomware_files
    • 0.009 infostealer_bitcoin
    • 0.008 antianalysis_detectfile
    • 0.008 ransomware_extensions
    • 0.006 masslogger_artifacts
    • 0.006 antivm_vbox_files
    • 0.006 antivm_vbox_keys
    • 0.006 infostealer_mail
    • 0.005 decoy_document
    • 0.004 api_spamming
    • 0.004 stealth_timeout
    • 0.004 antivm_vmware_keys
    • 0.004 geodo_banking_trojan
    • 0.003 persistence_autorun
    • 0.003 NewtWire Behavior
    • 0.003 accesses_recyclebin
    • 0.003 antivm_parallels_keys
    • 0.003 antivm_xen_keys
    • 0.003 predatorthethief_files
    • 0.003 qulab_files
    • 0.002 Doppelganging
    • 0.002 Unpacker
    • 0.002 antiemu_wine_func
    • 0.002 antivm_generic_disk
    • 0.002 betabot_behavior
    • 0.002 dynamic_function_loading
    • 0.002 exec_crash
    • 0.002 kibex_behavior
    • 0.002 antidbg_devices
    • 0.002 antivm_generic_diskreg
    • 0.002 antivm_vmware_files
    • 0.002 antivm_vpc_keys
    • 0.001 InjectionCreateRemoteThread
    • 0.001 InjectionProcessHollowing
    • 0.001 antiav_360_libs
    • 0.001 antidebug_guardpages
    • 0.001 antivm_generic_scsi
    • 0.001 antivm_generic_services
    • 0.001 antivm_vbox_libs
    • 0.001 bootkit
    • 0.001 hawkeye_behavior
    • 0.001 infostealer_browser
    • 0.001 infostealer_browser_password
    • 0.001 injection_createremotethread
    • 0.001 injection_runpe
    • 0.001 kazybot_behavior
    • 0.001 kovter_behavior
    • 0.001 malicious_dynamic_function_loading
    • 0.001 mimics_filetime
    • 0.001 network_tor
    • 0.001 reads_self
    • 0.001 shifu_behavior
    • 0.001 stealth_file
    • 0.001 tinba_behavior
    • 0.001 virus
    • 0.001 antivm_xen_keys
    • 0.001 antivm_hyperv_keys
    • 0.001 antivm_vbox_devices
    • 0.001 ketrican_regkeys
    • 0.001 browser_security
    • 0.001 bypass_firewall
    • 0.001 codelux_behavior
    • 0.001 disables_backups
    • 0.001 disables_browser_warn
    • 0.001 azorult_mutexes
    • 0.001 revil_mutexes
    • 0.001 limerat_regkeys
    • 0.001 rat_pcclient
    • 0.001 recon_fingerprint
    • 0.001 ursnif_behavior

    Reporting ( 5.783 seconds )

    • 5.059 BinGraph
    • 0.711 MITRE_TTPS
    • 0.013 PCAP2CERT