Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-10-18 06:35:07 2020-10-18 06:37:47 160 seconds Show Options Show Log
route = tor
2020-05-13 09:11:32,188 [root] INFO: Date set to: 20201018T06:35:06, timeout set to: 200
2020-10-18 06:35:06,062 [root] DEBUG: Starting analyzer from: C:\tmp52sk_on6
2020-10-18 06:35:06,062 [root] DEBUG: Storing results at: C:\UtHBvB
2020-10-18 06:35:06,062 [root] DEBUG: Pipe server name: \\.\PIPE\seZjOAB
2020-10-18 06:35:06,062 [root] DEBUG: Python path: C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32
2020-10-18 06:35:06,062 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-10-18 06:35:06,078 [root] INFO: Automatically selected analysis package "exe"
2020-10-18 06:35:06,078 [root] DEBUG: Importing analysis package "exe"...
2020-10-18 06:35:06,234 [root] DEBUG: Initializing analysis package "exe"...
2020-10-18 06:35:06,359 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"...
2020-10-18 06:35:06,359 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"...
2020-10-18 06:35:06,421 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"...
2020-10-18 06:35:06,562 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"...
2020-10-18 06:35:06,593 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"...
2020-10-18 06:35:06,609 [root] DEBUG: Importing auxiliary module "modules.auxiliary.procmon"...
2020-10-18 06:35:06,609 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"...
2020-10-18 06:35:06,625 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-10-18 06:35:06,625 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-10-18 06:35:06,625 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-10-18 06:35:06,625 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-10-18 06:35:06,625 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-10-18 06:35:06,625 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-10-18 06:35:06,625 [lib.api.screenshot] DEBUG: Importing 'math'
2020-10-18 06:35:06,625 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-10-18 06:35:08,046 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-10-18 06:35:08,125 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-10-18 06:35:08,187 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-10-18 06:35:08,187 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"...
2020-10-18 06:35:08,187 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"...
2020-10-18 06:35:08,218 [root] DEBUG: Initializing auxiliary module "Browser"...
2020-10-18 06:35:08,218 [root] DEBUG: Started auxiliary module Browser
2020-10-18 06:35:08,218 [root] DEBUG: Initializing auxiliary module "Curtain"...
2020-10-18 06:35:08,218 [root] DEBUG: Started auxiliary module Curtain
2020-10-18 06:35:08,218 [root] DEBUG: Initializing auxiliary module "DigiSig"...
2020-10-18 06:35:08,218 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-10-18 06:35:08,593 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-10-18 06:35:08,593 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-10-18 06:35:08,593 [root] DEBUG: Started auxiliary module DigiSig
2020-10-18 06:35:08,593 [root] DEBUG: Initializing auxiliary module "Disguise"...
2020-10-18 06:35:08,609 [modules.auxiliary.disguise] INFO: Disguising GUID to b0072f22-cae9-45a1-a182-f99a05ab4966
2020-10-18 06:35:08,609 [root] DEBUG: Started auxiliary module Disguise
2020-10-18 06:35:08,609 [root] DEBUG: Initializing auxiliary module "Human"...
2020-10-18 06:35:08,625 [root] DEBUG: Started auxiliary module Human
2020-10-18 06:35:08,625 [root] DEBUG: Initializing auxiliary module "Procmon"...
2020-10-18 06:35:08,640 [root] DEBUG: Started auxiliary module Procmon
2020-10-18 06:35:08,640 [root] DEBUG: Initializing auxiliary module "Screenshots"...
2020-10-18 06:35:08,640 [root] DEBUG: Started auxiliary module Screenshots
2020-10-18 06:35:08,640 [root] DEBUG: Initializing auxiliary module "Sysmon"...
2020-10-18 06:35:08,640 [root] DEBUG: Started auxiliary module Sysmon
2020-10-18 06:35:08,640 [root] DEBUG: Initializing auxiliary module "Usage"...
2020-10-18 06:35:08,640 [root] DEBUG: Started auxiliary module Usage
2020-10-18 06:35:08,640 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-10-18 06:35:08,640 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-10-18 06:35:08,640 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-10-18 06:35:08,640 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-10-18 06:35:08,890 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Rebecca\AppData\Local\Temp\YTLFsQdK4Hb0Qse.exe" with arguments "" with pid 556
2020-10-18 06:35:08,890 [lib.api.process] INFO: Monitor config for process 556: C:\tmp52sk_on6\dll\556.ini
2020-10-18 06:35:08,906 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp52sk_on6\dll\BdYlBMj.dll, loader C:\tmp52sk_on6\bin\LsGEtpu.exe
2020-10-18 06:35:09,234 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\seZjOAB.
2020-10-18 06:35:09,234 [root] DEBUG: Loader: Injecting process 556 (thread 2788) with C:\tmp52sk_on6\dll\BdYlBMj.dll.
2020-10-18 06:35:09,249 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:35:09,249 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:35:09,249 [root] DEBUG: Successfully injected DLL C:\tmp52sk_on6\dll\BdYlBMj.dll.
2020-10-18 06:35:11,249 [lib.api.process] INFO: Successfully resumed process with pid 556
2020-10-18 06:35:11,828 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:35:11,828 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:35:11,828 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 556 at 0x6ae60000, image base 0x3b0000, stack from 0x2d6000-0x2e0000
2020-10-18 06:35:11,828 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\"C:\Users\Rebecca\AppData\Local\Temp\YTLFsQdK4Hb0Qse.exe"
2020-10-18 06:35:11,843 [root] INFO: Loaded monitor into process with pid 556
2020-10-18 06:35:11,859 [root] DEBUG: set_caller_info: Adding region at 0x001E0000 to caller regions list (advapi32::RegQueryInfoKeyW).
2020-10-18 06:35:11,859 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x2e0000.
2020-10-18 06:35:11,859 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x1e0000
2020-10-18 06:35:11,859 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\cryptbase (0xc000 bytes).
2020-10-18 06:35:11,859 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x1e0000
2020-10-18 06:35:11,859 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x001E0000 size 0x100000.
2020-10-18 06:35:11,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\UtHBvB\CAPE\556_1258660640113512180102020 (size 0xe20)
2020-10-18 06:35:11,921 [root] DEBUG: DumpRegion: Dumped region at 0x002DF000, size 0x1000.
2020-10-18 06:35:11,921 [root] DEBUG: set_caller_info: Adding region at 0x01780000 to caller regions list (advapi32::RegOpenKeyExW).
2020-10-18 06:35:11,937 [root] DEBUG: DumpPEsInRange: Scanning range 0x1780000 - 0x1b80000.
2020-10-18 06:35:11,937 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x17c5fc1
2020-10-18 06:35:11,968 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x1780000
2020-10-18 06:35:11,968 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x01780000 size 0x400000.
2020-10-18 06:35:12,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\UtHBvB\CAPE\556_158027328113512180102020 (size 0x1a41)
2020-10-18 06:35:12,000 [root] DEBUG: DumpRegion: Dumped region at 0x01B3D000, size 0x10000.
2020-10-18 06:35:12,000 [root] DEBUG: set_caller_info: Adding region at 0x004D0000 to caller regions list (kernel32::FindFirstFileExW).
2020-10-18 06:35:12,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x4d0000 - 0x5d1000.
2020-10-18 06:35:12,015 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x4d0000-0x5d1000.
2020-10-18 06:35:12,093 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\UtHBvB\CAPE\556_945873467123512180102020 (size 0x10009a)
2020-10-18 06:35:12,093 [root] DEBUG: DumpRegion: Dumped entire allocation from 0x004D0000, size 0x101000.
2020-10-18 06:35:12,109 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xbc and local view 0x6BE30000 to global list.
2020-10-18 06:35:12,109 [root] DEBUG: DLL loaded at 0x6BE30000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7d000 bytes).
2020-10-18 06:35:12,109 [root] DEBUG: DLL unloaded from 0x76970000.
2020-10-18 06:35:12,125 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xcc and local view 0x02EB0000 to global list.
2020-10-18 06:35:12,140 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xc8 and local view 0x02EB0000 to global list.
2020-10-18 06:35:12,140 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-10-18 06:35:12,156 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0FFB0000 for section view with handle 0xcc.
2020-10-18 06:35:12,156 [root] DEBUG: DLL loaded at 0x0FFB0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr (0x6ef000 bytes).
2020-10-18 06:35:12,156 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6E9E0000 for section view with handle 0xcc.
2020-10-18 06:35:12,171 [root] DEBUG: DLL loaded at 0x6E9E0000: C:\Windows\system32\MSVCR120_CLR0400 (0xf5000 bytes).
2020-10-18 06:35:12,187 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf0 and local view 0x00100000 to global list.
2020-10-18 06:35:12,187 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf4 and local view 0x00110000 to global list.
2020-10-18 06:35:12,187 [root] INFO: Disabling sleep skipping.
2020-10-18 06:35:12,203 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1ec and local view 0x05450000 to global list.
2020-10-18 06:35:12,234 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1f0 and local view 0x65E60000 to global list.
2020-10-18 06:35:12,234 [root] DEBUG: DLL loaded at 0x65E60000: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni (0x1393000 bytes).
2020-10-18 06:35:12,765 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x204 and local view 0x6A900000 to global list.
2020-10-18 06:35:12,765 [root] DEBUG: DLL loaded at 0x6A900000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit (0x80000 bytes).
2020-10-18 06:35:12,765 [root] DEBUG: set_caller_info: Adding region at 0x005E0000 to caller regions list (ntdll::NtQueryPerformanceCounter).
2020-10-18 06:35:12,765 [root] DEBUG: DumpPEsInRange: Scanning range 0x5e0000 - 0x5f0000.
2020-10-18 06:35:12,765 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x5e0fc1
2020-10-18 06:35:12,765 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x5f0000
2020-10-18 06:35:12,765 [root] DEBUG: DumpMemory: Nothing to dump at 0x005E0000!
2020-10-18 06:35:12,765 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x005E0000 size 0x10000.
2020-10-18 06:35:12,796 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\UtHBvB\CAPE\556_171564617323512180102020 (size 0x46a)
2020-10-18 06:35:12,796 [root] DEBUG: DumpRegion: Dumped region at 0x005E0000, size 0x1000.
2020-10-18 06:35:12,828 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x214 and local view 0x68060000 to global list.
2020-10-18 06:35:12,828 [root] DEBUG: DLL loaded at 0x68060000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni (0xa10000 bytes).
2020-10-18 06:35:13,015 [root] DEBUG: DLL unloaded from 0x003B0000.
2020-10-18 06:35:13,046 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x260 and local view 0x67880000 to global list.
2020-10-18 06:35:13,046 [root] DEBUG: DLL loaded at 0x67880000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni (0x7e0000 bytes).
2020-10-18 06:35:13,062 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x02CC0000 for section view with handle 0x260.
2020-10-18 06:35:13,109 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x26c and local view 0x68BD0000 to global list.
2020-10-18 06:35:13,125 [root] DEBUG: DLL loaded at 0x68BD0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni (0x1d1000 bytes).
2020-10-18 06:35:13,203 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x274 and local view 0x65CC0000 to global list.
2020-10-18 06:35:13,203 [root] DEBUG: DLL loaded at 0x65CC0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni (0x194000 bytes).
2020-10-18 06:35:13,218 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x270 and local view 0x64FA0000 to global list.
2020-10-18 06:35:13,218 [root] DEBUG: DLL loaded at 0x64FA0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni (0xd1d000 bytes).
2020-10-18 06:35:13,359 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x278 and local view 0x6A110000 to global list.
2020-10-18 06:35:13,359 [root] DEBUG: DLL loaded at 0x6A110000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni (0xfc000 bytes).
2020-10-18 06:35:13,375 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x73460000 for section view with handle 0x274.
2020-10-18 06:35:13,375 [root] DEBUG: DLL loaded at 0x73460000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting (0x13000 bytes).
2020-10-18 06:35:13,390 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x05AD0000 for section view with handle 0x274.
2020-10-18 06:35:13,406 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x64860000 for section view with handle 0x274.
2020-10-18 06:35:13,406 [root] DEBUG: DLL loaded at 0x64860000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni (0x73e000 bytes).
2020-10-18 06:35:13,421 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 556
2020-10-18 06:35:13,421 [root] DEBUG: GetHookCallerBase: thread 5840 (handle 0x0), return address 0x005E1604, allocation base 0x005E0000.
2020-10-18 06:35:13,421 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x003B0000.
2020-10-18 06:35:13,421 [root] DEBUG: LooksLikeSectionBoundary: Exception occured reading around suspected boundary at 0x003B2000
2020-10-18 06:35:13,421 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-10-18 06:35:13,437 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x003B0000.
2020-10-18 06:35:13,468 [root] DEBUG: DumpPE: Error: Cannot dump PE file from memory.
2020-10-18 06:35:13,468 [root] DEBUG: DumpImageInCurrentProcess: Failed to dump 'raw' PE image from 0x003B0000, dumping memory region.
2020-10-18 06:35:13,468 [root] DEBUG: DLL unloaded from 0x75C80000.
2020-10-18 06:35:13,484 [root] DEBUG: DLL unloaded from 0x0FFB0000.
2020-10-18 06:35:13,484 [root] DEBUG: DLL unloaded from 0x6BE30000.
2020-10-18 06:35:13,500 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 556
2020-10-18 06:35:13,515 [root] DEBUG: GetHookCallerBase: thread 5840 (handle 0x0), return address 0x005E1604, allocation base 0x005E0000.
2020-10-18 06:35:13,515 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x003B0000.
2020-10-18 06:35:13,531 [root] DEBUG: LooksLikeSectionBoundary: Exception occured reading around suspected boundary at 0x003B2000
2020-10-18 06:35:13,531 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-10-18 06:35:13,531 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x003B0000.
2020-10-18 06:35:13,546 [root] DEBUG: DumpPE: Empty or inaccessible last section, file image seems incomplete (from 0x004C6C00 to 0x004C6E00).
2020-10-18 06:35:13,562 [root] DEBUG: DumpPE: Error: Cannot dump PE file from memory.
2020-10-18 06:35:13,562 [root] DEBUG: DumpImageInCurrentProcess: Failed to dump 'raw' PE image from 0x003B0000, dumping memory region.
2020-10-18 06:35:13,562 [root] INFO: Process with pid 556 has terminated
2020-10-18 06:35:19,265 [root] INFO: Process list is empty, terminating analysis.
2020-10-18 06:35:20,312 [root] INFO: Created shutdown mutex.
2020-10-18 06:35:21,328 [root] INFO: Shutting down package.
2020-10-18 06:35:21,328 [root] INFO: Stopping auxiliary modules.
2020-10-18 06:35:21,640 [lib.common.results] WARNING: File C:\UtHBvB\bin\procmon.xml doesn't exist anymore
2020-10-18 06:35:21,640 [root] INFO: Finishing auxiliary modules.
2020-10-18 06:35:21,640 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-10-18 06:35:21,640 [root] WARNING: Folder at path "C:\UtHBvB\debugger" does not exist, skip.
2020-10-18 06:35:21,640 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7_3 win7_3 KVM 2020-10-18 06:35:07 2020-10-18 06:37:47

File Details

File Name YTLFsQdK4Hb0Qse.exe
File Size 1142272 bytes
File Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
PE timestamp 2020-10-18 03:26:30
MD5 7f86cf4be708f18d8d51c2c7c7225ec0
SHA1 31a2fd8461f5ea1551d5945b182dcfc660629a96
SHA256 8f28bf16d28e463f009f14d0fdbd022ce9efd486666be096665ab84ab5fedf47
SHA512 a6e5dc52f74dcf15a98d8301cc12b64f6093eb7a8e04c7a19407745bdd3dad965c455ec906856ccc1f22abc1bf2902b36a55f19f8c1bb1a9156fe0a11291de5d
CRC32 596B16DB
Ssdeep 24576:je8L+P6MgOPvzv2OJj2XqNL3En3iYi0Xj0O:aZ6YPvzvRtZNQZY
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: clr.dll/SetRuntimeInfo
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: clr.dll/_CorExeMain
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: MSCOREE.DLL/CreateConfigStream
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
DynamicLoader: KERNEL32.dll/RaiseException
DynamicLoader: MSCOREE.DLL/
DynamicLoader: mscoreei.dll/
DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
DynamicLoader: ntdll.dll/NtSetSystemInformation
DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/SortGetHandle
DynamicLoader: KERNEL32.dll/SortCloseHandle
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: cryptbase.dll/SystemFunction036
DynamicLoader: clrjit.dll/sxsJitStartup
DynamicLoader: clrjit.dll/jitStartup
DynamicLoader: clrjit.dll/getJit
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
DynamicLoader: KERNEL32.dll/GetCurrentProcessId
DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: KERNEL32.dll/OpenProcess
DynamicLoader: KERNEL32.dll/OpenProcessW
DynamicLoader: KERNEL32.dll/GetExitCodeProcess
DynamicLoader: KERNEL32.dll/GetExitCodeProcessW
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: PSAPI.DLL/EnumProcesses
DynamicLoader: PSAPI.DLL/EnumProcessesW
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/LocaleNameToLCID
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/LCIDToLocaleName
DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: KERNEL32.dll/IsDebuggerPresent
DynamicLoader: KERNEL32.dll/OutputDebugString
DynamicLoader: KERNEL32.dll/OutputDebugStringW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/RaiseFailFastException
DynamicLoader: USER32.dll/RegisterWindowMessage
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentProcessW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentThread
DynamicLoader: KERNEL32.dll/DuplicateHandle
DynamicLoader: KERNEL32.dll/GetCurrentThreadId
DynamicLoader: nlssorting.dll/SortGetHandle
DynamicLoader: nlssorting.dll/SortCloseHandle
DynamicLoader: KERNEL32.dll/CompareStringOrdinal
DynamicLoader: KERNEL32.dll/GetFullPathName
DynamicLoader: KERNEL32.dll/GetFullPathNameW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: KERNEL32.dll/GetThreadErrorMode
DynamicLoader: KERNEL32.dll/SetThreadErrorMode
DynamicLoader: ADVAPI32.dll/EventUnregister
File has been identified by 6 Antiviruses on VirusTotal as malicious
Cylance: Unsafe
Sangfor: Malware
APEX: Malicious
McAfee-GW-Edition: PWS-FCRK!7F86CF4BE708
BitDefenderTheta: Gen:[email protected]
Qihoo-360: HEUR/QVM03.0.A943.Malware.Gen
CAPE extracted potentially suspicious content
YTLFsQdK4Hb0Qse.exe: Unpacked Shellcode
YTLFsQdK4Hb0Qse.exe: Unpacked Shellcode
YTLFsQdK4Hb0Qse.exe: Unpacked Shellcode
YTLFsQdK4Hb0Qse.exe: Unpacked Shellcode
The binary likely contains encrypted or compressed data.
section: name: .text, entropy: 7.08, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00112800, virtual_size: 0x001127b4
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Rebecca\AppData\Local\Temp\YTLFsQdK4Hb0Qse.exe

Screenshots


Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Rebecca\AppData\Local\Temp\YTLFsQdK4Hb0Qse.exe.config
C:\Users\Rebecca\AppData\Local\Temp\YTLFsQdK4Hb0Qse.exe
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-2.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\System32\api-ms-win-core-quirks-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Users
C:\Users\Rebecca
C:\Users\Rebecca\AppData
C:\Users\Rebecca\AppData\Local
C:\Users\Rebecca\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\HfoZ\*
C:\Users\Rebecca\AppData\Local\Temp\YTLFsQdK4Hb0Qse.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol224.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Users\Rebecca\AppData\Local\Temp\ntdll.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\Microsoft.NET\Framework\v4.0.30319\VERSION.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll.aux
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Rebecca\AppData\Local\Temp\YTLFsQdK4Hb0Qse.exe.config
C:\Users\Rebecca\AppData\Local\Temp\YTLFsQdK4Hb0Qse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol224.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YTLFsQdK4Hb0Qse.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.SetDefaultDllDirectories
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
advapi32.dll.EventRegister
advapi32.dll.EventSetInformation
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationW
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.AddDllDirectory
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.GetCurrentProcessId
kernel32.dll.CloseHandle
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
kernel32.dll.GetExitCodeProcess
ntdll.dll.NtQueryInformationProcess
psapi.dll.EnumProcesses
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
kernel32.dll.IsDebuggerPresent
kernel32.dll.OutputDebugStringW
kernel32.dll.RaiseFailFastException
user32.dll.RegisterWindowMessageW
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.CompareStringOrdinal
kernel32.dll.GetFullPathNameW
kernel32.dll.GetThreadErrorMode
kernel32.dll.SetThreadErrorMode
advapi32.dll.EventUnregister

BinGraph Download graph

2020-10-18T06:38:05.153352 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash Icon Icon Exact Hash Icon Similarity Hash
0x00400000 0x005147ae 0x00000000 0x0011c0cc 4.0 2020-10-18 03:26:30 f34d5f2d4577ed6d9ceec516c1f5a744 767a13e54bf6738175ce6a7d6b4f1039 a469ecde64b479f79ac8ea548aa5e316

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000200 0x00002000 0x001127b4 0x00112800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.08
.rsrc 0x00112a00 0x00116000 0x00004170 0x00004200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.28
.reloc 0x00116c00 0x0011c000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

Resources

Name Offset Size Language Sub-language Entropy File type
RT_ICON 0x001176a0 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL 3.83 None
RT_ICON 0x001176a0 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL 3.83 None
RT_ICON 0x001176a0 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL 3.83 None
RT_GROUP_ICON 0x00119c48 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL 2.08 None
RT_VERSION 0x00119c78 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL 3.28 None
RT_MANIFEST 0x00119f84 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL 5.00 None

Imports


!This program cannot be run in DOS mode.
.text
`.rsrc
@.reloc
%/[-%&
dZa8j
'% a8
^%&8k
s!Ta%
L1Ra+
;Z z.
etGa+
8LSa+
Z '+S<a8o
'"Za8
h=U e
:JZ B
3v_ua%
l\%&+
,= a!P
,6ONZ
4$Z 0
?N%&+
,H 2szn
8P#%&+
-' KJ
{Z ujM
@>%&+
PZ HI=
qbcpZ
we}Z
,A fl
rA5%+
Oj0a+
reZa+
g/{a%
g/{a%
J%Z (
@jZa8J
g/{a%
d`Na+
g/{a%
K%&8{
758Z
{IKZ
Z =E|
c?Ba8,
#Z <*P
3JZ zz
Z ~PC
JZ <]`
VsZ lK
!VZ OZ
s8=Z
j2xZ uz
]YPa8%
}4na%
\(&k%&
*Z 3z*na+
'Za8m
.gJ J=%ya%
bZ Fl
R}zzZa8o
=%&8J
3&5%+
pbxE%+
+%&8u
pCZa85
szVa+
'>kZ L
aZ 2~
zZZNZ U
*Za8B
#KZ J
-qWZa+
5Z On
hZ &Q
~IyZ
5n{Z 6
h3a8B
iT^a8
uZ \<
za&a8
bP|a8_
Z Z|T
zs_a8
ZZ c#
bZ 2N
REm%&
Z b&h
n`8fZ
?<Z 0>
LUZ r
HbrZ |7
Z QrZ
AY}a8
Z >(g
VRa8R
eea8y
)}Z $D
9NEZ
x~Z _5
/~`Z
`Qa87
t =2Z 1
9a8W
%Z #b
a47Z
4*Z $x
wK~Z
Z YuL
UZZ OB7
upha84
h}wZ Kq
Z h9}1a8n
Z |-:na8,
9Z oG
@HZ "
&Z C\{Na8
VZ xI6ja80
e\fa8
RUX8Za+
i- v%+
5V4[%&
Eq_Y%+
4~^%&
:&?Z v
EfXX%+
qH%&8=
ra3a8&
zZ DM"
W5Z F
L.,bZ
jqOa+
{#'a%
{#'a%
{#'a%
{#'a%
Z \Lm%a+
^P(a8^
Z [Up
Z_a8t
qnZ 5
TZ !Z
MZ GC
nZ <+
r,a8b
>6a8O
3.a8<
TnZ n$$^a8
.7Z ]
ov^a8|
tZ |K
|Z Jz
@va8m
HZ FU
VCSa8
*X3NZ t
,D tZ
AZa8w
"t}7Z
Z d^X
Z k:8;a8M
PZa8x
`<a8y
fva8`
q$Z Y
+Ma8!
V4Qa8
'0`a8
Z 5!\Ma84
]0Z a
`=m_Z
6ROa8
Z @='Ya8
1_a8g
KL;a8
>Z lS
&*a80
`4a86
%)Z \e
CZ ]l
nW=Z
jp a8j
R$a8W
Z l39Ha8
Z pG)
dZ l8
i(a8B
pva8
[nyZ
2ra8+
w?a8
L_4Z
FZ $
.XZ '
"HQZ
2hua8
UjZ Ol|ha8l
JZ 9`t
uZ !S
Z hKD#a8
wkZa8
|l~`Z
aZ @ {
,Qa8%
c!!a8
nyZ Y)
N#Fa8"
JZ NT
Q6wn
u8Za+
bZa8T
!Z @v
Z PVx<a8|
cUN-Z l
ka*Za+
`rUA%&
Qma8M
8Z 6}
o?a81
cZa8x
JZ L8
[1VXZa84
74,Z @bl-a8M
!7!'%&
Z g.3
oHbZ
)uZ >
\GfNZ
*J'u MN
c. nu<
Z B+J
Z 6V|
8&9a+
j|~g%+
XUAa8Q
Z x>S[a8
wZ|a8
V.Z F
Wha8y
Z (x
p^\!Z
;Za8;
Z )sV9a8(
6hWa8
^*GZ
9Z HC!%a8O
UZ ~6
F$6Z
AsMZ }#!za+
-:a8o
DvX~%+
w%&8J
hIa8q
Z "Z(
'y3Z s
Z 6zq
Z hDL
6."a+
Z @p{8a+
`vZ ^z
]Z 3j
R$$tZ "
gla8!
=(a8c
Z w)H
7%Z R<
EkZ 9?
Z }@:
z-_Z
SvZ 5
"Z G?h
Z s8j
L[a8[
.!Z l6
N_o!Z [B
<Z( Z
e4jZ k
Z |zn
rnZ N
Z ,fj4a8
EYua8d
Z .,%
!7Z 8
Z ]8v>a8t
p4a8=
V$a8W
HLY?Z S(
yRza8r
VEZ r
Mfa8B
IZ "Q
Tta8D
S{_a8
Z %<o
<4Z 'z
jHa88
Z .S
ygZ ,
Z a1'
Z m8c
ipZ y,
my~a+
Z WL
I,2Z
M=ga%
:!sa+
=/Z 46
Z RmD
/i'Z
Z 81H
Z G>3
FGFa8
47a8v
SROZ
KI/eZa81
& BJW
RBa8W
~q.Z
l)-%&
0Za8X
I#ja8
_O6Z Oeh
G/a86
c>Z \
d7Ta8
6ZZ {
=}Z I
#~PZ
;XEa8m
U+(Za8
TeZa8
Z uFO
;:cY%&
JZa8E
}Ya8q
aMZ P
;pa8r
t/a8Z
tZa8N
Bia8;
T+*Y%&
Z |"9
=A?Z
LvZa8.
F8Z u;y
%Z z"m
[>t K
sYZa+
hMZ lM
<Z +7
9! 2+
7SBa%
Pa87
9WWV
,C<Z
,Z OEg
L}Ka8/
Q!,LZ @]
eqgZ Z
)NE%&
YZa8-
dZ #3_
~ca82
Nra8C
Z *%iFa8
vZ %+
T[Z L
?$1)Z
uZ lo
uxjZ
]Z 1U
z-Qa8E
LH]#%+
g4Z %
"^a89
,Z tL
I{PpZ ^
O Za8]
OZ 2h
& ICG
QCaZ
UlCZ
q8a8W
@`Z c(,
Z [)#
k+=%+
4_ k~x5a%
~3Z \
bKya%
9Za8u
.:<da%
OSXZ o
jQa8x
uRZ 4$
:Z bKI
SJUZ '
%Z UU
pca8\
-5Z m
qZ %<[
O_MkZ
2Xmj%&
+Za8E
$}BQ%&
^O2YZ
L8 hH
\Z B2
zZ h-*aa8&
<Z \H
5k8VZa+
vT_a8i
F;U?Z z
[Za8'
o(a83
jUa8d
Z "V$Za8
,k&VZ I0
Yvla8k
Z F>Z
tZa8#
Z7a8!
\wlZa8
CRSa8m
$5Va8
tZ !A
"Z %%W
jwT%&
F:Za85
^iZa8x
MH[DZ
?g%a8Z
w: a8u
2I3[Z <
9jZ B)%
Z gHs
QZ }u
)Z 8`%]a8]
kmZ
`8Za8n
a-a82
2Z %eP
Pppa+
Z hAz
"xua8%
~Za8:
$oZ Lfh
SZ X^>
OZa8>
Z ?nf
~x95
V[Z n
GI`RZ QP
9Z Zzo(a+
vta8u
!48 Y&
#OLa+
DG{Z *E
/)\Z
1Z y2
rZ yQ
Z 0t_3a8
FFa8N
(ZZ -
XgkZ XV
Oa1a%
mrt%+
]7^Z
q2R%+
$Za8.
Z gMu
w9Z 9
itVa8
X9a8,
8Z )M
iQZ -
"0xa8
i,}a8
nSa8q
J%Aa86
LaYZ H
I/a8N
\LZ ]
=0Z r
ZZ kx8ga+
u%a8{
.Z Cu#
{G{a83
DAeZ
ao{%&
8Na8.
UZ @Ye
x*Z b
f5la+
-%Za8u
<xZa+
j78%&
ZZ X6O%a+
#H^.Za+
)>Za8u
!r p.
YBa8|
qZ HhR\a8
_=a8m
;<(a8K
*#a86
X<a8#
V7 TZ
jZ l'
Q:w7
Z T'u
?Jfa8x
j*a8<
p:#0Z
@wK%+
7Vr%&
8<eZ S
BLbE
Z %%"Ia+
Z \QC%a+
A0| T
yZ y5
Z 0;/
G+2a%
A FMK<a%
4l0a%
[r6a+
D`47Z
i:Z 8
8KcEZ
qp-Z m
$UTZ
p!a8g
tSZa8
HGZ Oq
Z #eVna8
-;6Z s
5%&8|
TGO%+
6Za8b
'mu81
wDa8
CxWZ
b1$i8
PlZ R
bGXa8}
ZZ -e
+Z BN
`FZ O
Zvza8t
G;a86
^2a8<
h,Z E
A=\%&
iZ G)
.Z S/MSa8
y5a8j
.QZa8
PZ }Z
Z R7}
*Z o[[
~<Ha84
KIpa%
N#5>Z e
6/Z &$kIa8{
`qa Q
P r-(Ia%
_Za8v
Eo1a8
-6a85
r"# Q
Z T$1
"%a8G
/g<a8
n{a8O
HV1DZ 4
Ema8b
8[ma8F
EQDa8
PsZ SX
<>&Z K
U4$Z K
}OQZ
,t(aZ
iWeZ
j1a8h
SZ NA
KGZ #5
qZa8n
Y<mZa8M
FzZ M
={3Z
Ds[%+
1DZa8N
`Za8V
neH"Z
)TZ z|
CL.Za8t
X"[8i
Z \oE
Z hfq
"(Z T
vc:Za8
aZa8U
dZ lJ
~,WZ
G=2Z
+2a8c
Z 47f
Z /(e
m(!%&
;_Z C
rgC2Z
@ra8x
%*Z N
o-8SZ
h<a8t
?Z Y%}$a+
V<a8J
`ia8,
0Z ^1
fbZ L&
Dd$%&
EZa8j
[Za8E
qQoa8
zcZ d$
kM^a+
4Za8D
Z OEM9a8H
&P*a8
\Z Ac
Z 7_)ja84
Z ;\Yba8
,iZ p
Z p|h
T[Za8|
:Qa8B
aMja+
bcZa8f
,_Pz8g
Z {1I8a8
hZ !O
BI}a8#
sZa85
fJZa8
xt }w
!Z r/0
T<a8#
O%&85
#uZ
.A8CZa8
P.a88
w;Za8k
/FbZa8f
ygZ t
0xZ p!K
Z fd'
Z 2,O
Z THJQa8h
gKp~Z
s;eZ
PTZ i
so4Z !p%ma8
LW(iZ
1L FTv/a%
QPYZ #
MJa8Y
;Z aV
rZ [\
`3Z p
ugZ O
{u'*%+
&Za8Q
;&a83
Z H]cJa8P
Z :Y)_a8
MdoZa8
mZ r/{
JZa8j
e}Z %
_)/%+
^{h8L
qZ %Q,
nZ 6_
\Z ^03xa8
8Z oB
]%&8u
:Z ]NYYa8
_xa8N
b7Z Q^
3BZa8
,%&8O
6K PZ
luZa8
Z h{XOa8Z
2a9%&8G
!sRa8
S-Q%+
.4Z q
((qPZ @
p(a8u
,^ n|
Z "@j*a+
,v w&
{(/a+
>Z oU
qDZ V
I)Za8K
Z Kkb
+lZ c,_"a8
Z _f6
4K5lZ
X2a8{
4Z 7K.4a8g
aoIa8
rZa8{
@#CiZ ]
Z [rf9a8
3xZ l
aEwlZ
^Sa8}
8CGa8I
;$Ba8
xuua+
%Pxa%
^jCZ a
5q YO
#W~NZ
)C&KZ
KrZ ?x
xU\a8
OP{Za8
sZa8U
h{Z I
lwa8|
zZa8\
Z Xyt
yZZ r
QXuZa+
qX%Z
)qZa8
5}wZ
GZ p.
k/nZ
oZ gt
2<Va+
3H. s
WVZ XG?Fa+
| Kcn
rMGa8
~j8_%+
]rZ d
YZa8p
h0%&8E
w-fB%&
BZa8q
9QCZ
@Y%&8i
KZ (=
XhrZ
>JlZ Zd
TjtZa8
+Z BO
GZ 7[3
{+%&8
JI}2Z W
__s%&8C
lpI.Z V
Q%*%+
hza8y
5Sa8c
Z QSv
yxU>Z
ykTa8
o~fa8
!rz%+
Z j3-
/6Za8
}Ci"Za8
(4Z K
9Ma8!
&Mp%&
3K"Za8q
fzeZ
m*a8v
0Z dZ
sZa8r
Z .7w
n<tZ
:cJZa8'
/}aZ h!"pa8
iy\ "RuIa%
*aAa8
sgZ Mb
= nf+PZ E
= mc>AZ
BxgY%+
f$Za8
.2N%&
>Za88
= (I]
[^a8_
<pZ aG_Xa8,
= AK+FZa8
<7(18
qYZa8
>Za8>
H "RuIa%
SA.Z
o=Oa8=
]L3Z
_Za8#
oZ "NC
XZ {Y
ls2Z :
qZa8g
L4ka8S
O|Nu%+
evZ ~6
= ~{CzZ
Z W`.
aZ -
= NXL
PZa8&
WW\Z @
8QZ R
= dSx
GP'a89
8gZ z
{Z ,;
'uZ ,k
a&Z E
jOP%&8
x6Xk8
c "RuIa%
= 9/i^Z
Tha8H
Z 0yE
PZ WU
n?a8S
3Za8!
-d "RuIa%
wZ =A
= :4o
= yrm
^fa8S
BHe%&8
= eR4|Z ;Whoa8Y
z"hq8
7 XoMS8
Fqa8A
NZa8H
Hy "RuIa%
= y~A
x_ka%
%Za8q
1ID:Z 17
Z zEH
Z 6YO
bIAa+
,6,Za8f
Z EDY
WZa81
0Q+Z \
?Qya8J
rZ V>
Z =kx?a8
i>aZ
,< ~Dz
'Z /L
>5Z T`
^EbZ
A Za8
UTZ f
]Z D]>
K#G%+
,Qv%&8c
^Z y$fUa8M
aXZ f
hLZ %
$("Z
lTOa8{
?Z P7d
0w*a89
,&a8+
Z <-}
Z "f|!a8
\>xa8Z
q +a8)
9$=a8
z^hxZ
-\S|Z Z
V{rzZ
-Z @1}
Dua8B
w[%UZ K
"Z R&3
Gola8
bZ BW
(Z ot
[AxnZ i"&Ea8!
Z w)A
\<Z '/
Bea8
g&Ea84
%Z !a
=h(Z F
m;a8|
&}X9
nlVB J
EfS ][+_a%
eB5%&8j
][+_a%
Z k)H
;8Z 8)#
Z 0`<
-Z }R
\3LZ gH
Vea8>
yZ ;{
kZ }rJ
]VZ o
'a~Z U
.w&a8
oeNa8
Z Bq~ea8
9NVa8
.Z 3#X
5OkZ
#;*a8u
!za8N
[OC{Z
Z usHoa8
AJja8
n#)a8
D*>a8
NzJa8$
Z znO
0Ra8z
Z qyp
|[Z ,@
VZa8Z
5Za8;
Z +N6|a+
`|Za8{
L`a8b
!lOMZa+
Za8J
HZ !_8
Yo`%+
CZa8w
zZ kX
fIdZ
jrZ |
/:Z ;
juZ 6
~SZa+
<LnFZ
nZ NH
'u(a+
FPHZ
Z W?T(a8
o5a8V
mZ Mu
FnCZ
Z |B;
Fj1DZ
TM Z
j$RZ
]Z fK
'EZ rbv
Dk9Z
{a8q
Z ]).
@rGZ
~X>a8+
\\RZ
xkma8
Z {SOSa8
mRCZ fT
|2Ma8
w|ea8
Z /h>
'R*kZ 6w
A)a88
/GMZ
G;0#Z
.+a8F
<E]Z
(Bu>Z HA
6Wa8#
Z )OeYa8+
UN 'h
TZa8M
]Za8<
>^Za8
,CkAZa+
C*a8]
s^Z >
Z UCP
AO!Z
(.Za8t
h8a8[
2Em%&
/LZ E
/ _Z y
(Y)8w
,H <F
xZa8z
E a8a
> 5Mv
?lX%&
;9K*%+
qInZ >6_\a+
`Z aY
/Z ;?3{a+
Z V$h
Z vu^Ba+
kmmZ oen
:Z yH
DZ =,QBa8
x3e%+
&Z ON)da8u
Z m4&oa8[
Z wtS
!$bZ
*4V~Z
=PW~Z
.,Z :v
TZ .~
Z ?`)Sa8
Cha8\
5W`Z 1
Z sGO
.[6a8
*}nZ %"4
i3a8:
qo|VZ Bz
2Z pt
VHu K
l%&8y
rltCZ
i)6a+
Zv.F%+
W|Za+
Z Jmf
p[9 O
v6_#Z
gZ %f
|Z <c
cZa8:
foZ Q
~M4Z
d:G5 E
sZ NPaIa+
Z \CL
=sZ 2
S!a8M
7MZ D
[Z ^p`
ES3a8
7Z 4T
jweZ
UGZ >
#9Z cI
LFoa8
Z 8YfNa8
el5Z
Z ,y^
J)XZ T
>('Z
zpEnZ
Z \~>
N_Ya8
V0ia8d
vya8Q
AdV%+
~Q3Z E
niua+
s"Z c
LNa84
Z tqd
m(Z xi
JZ Tr;
41TZ +R
Z {1}
EQ`Z x
lh%&+
RqZ "
;Ba8J
Z T+/
zka8X
0Z -;
irGzZ
a)Z 8AH
Z MG,
YZ J4X,a8
j~!a84
.aWZ ]
_`$Z
RTaa8|
|2ZZ
aWZ >}b
dAa8o
#`Z )
W|Z j.
Z #H?|a8h
`nKZ V
{>a8B
[ Z~vZa%
7:zZ
eo,f
+;\86
Z -L`
gZ QJ
8}a8{
OZ w-
=[8Z
,X)Z l
zI6a8
HZ O<x
=\vKZ
*Z Lw
iZ Lcx
D68Z L
QYZ _
hb/Z
yV7a8H
61a85
Z ;[z
hia8i
fFa8E
]tka8g
>z$a8-
!#Z gzQ4a8
.uZ I
Z nNQWa8
7eWZ
zZ baRQa8^
>]a8K
Z ?zn<a8
s^Da8X
.M0Z
Z :)D
L`xZ Y
}KOZ
v]U^Z
Egca8
7"wUZ
eZa8t
Z bCn{a+
pWWa+
~fa8k
T4^,8Z
5Kra+
HASZ
Z &%^va+
*kl%+
FlMl%&
LZ [4
[VZ n
6-a82
inKa%
inKa%
Bra8g
=wUa8
Z VF]
ETdZ
EUjZ
XZ $U
1Wa80
J:Z i
)K/&Z H)+
mZ uF
eZ $m
,ita8b
jDa8C
|!Z M
HlkZ $
R6ntZ
vnZ XS4
Z 6,2La8z
Z |KfHa8P
aL&a8
Z W.h
eUha8r
[*%Z
$k2Z .
fAWa8,
\atZ ds
E}`Z
CqMa8
3Z ,t
>Wa8C
DnU%&
;V-%+
cZa8U
DrLZ
P{pZ
GZ :J
NePa+
Z 3u
'.< &
"^a8!
ftC"Z
);a8m
{wta8
YKZ I
V.nsZ
T3a8S
eLZ =
>qa8!
Z (5K
}?Z =
~Z 9WK*a8
v'a8w
7<%a8
Z o:T
R*$a84
Yqa8]
^za8J
18bZ
(-XZ
)']Z
QiVa8-
8[bZ
GlkZ
q7Fa8
6ba8n
/Z )s5ja8O
BZ 6:k<a8
KZ c0d
Z MkdEa8
%Z 4]S1a8
_Z br
Z :2WQa8I
$6_a88
D~a8D
s?fa8
O<ja8
j+$a8
7Fa8I
:=YCZ
_RZ n
-za8^
d2Z }y
hra8.
0Z PR?
Z 0I/
|FtqZ
Bxa8C
o{Z j
:SiUZ Mn
MIa8n
'5Z 2hm
Z ^zm
C0Z f
4vPa+
qiZZa8M
ut'a8J
f8NZ
Q5Za+
x#a8;
,D Og
s_`a%
Z ;b/
rQ0Za+
|5Za+
Z zgQ
%X5a%
Z ]iq
gZ j"
]pZ A
Z |~Oia+
<va8$
9{Z Y
[Z o$
DZa88
Z O%]Wa+
: wK 7
Ie7a%
NuZa+
niRa8
Ie7a%
Ie7a%
Ie7a%
2Z S~
Cc/)Z
|Za8f
Z pLV
!$a8f
1)7Z $
y]Fa8
Z _qE
z/?a8
weZ (
UFJa8Y
79a83
nZ 1?dCa8
^pa8J
Z A2a
Z C#?/a8V
Voa8]
@N a8o
Z .,v
oJZ 8
6Z x6
XY4a8)
x)Z <
`mduZ
CZ 81
]wZ W
YZ +i
4m^RZ ?y'Ra8
,%a8W
Rda8^
'qMZ
3YZ >
Y\a8g
<}Z ?S
kZ j=v
}oa85
/ba8{
IgZ D%M?a8L
MIZ
MMdZ
2\oZ
Z T3|'a81
qAyZ
1fZ ~
0s4Z
pZ 6_
${a8v
EHa8M
vD2Z
C,a8T
5SSa8
Z Z )
Z ILtIa8
8ma84
^lAZ
HZ {5~ta8
_Ta8&
mZ rF
}&a8!
Z <DJ
#=(6 o
Z .5=ga+
bl,d%+
cZa8S
w=S%+
LZ flK
cZa8U
Z L,E
Z +'\
&NZ s
",a8S
c"a8A
Z k*R
tVi9Z VT
;p2a8
JZ 0)
oZ x'
Z @:`qa8+
IyVa8[
%WBa8
vGa8!
;-ytZ y
Z cqJ
mAOa8{
:O$OZ
VCLa8
}fa8H
Fqa8%
GGWfZ H
|D7a8
J\Z J"~3a8
q\=(Z
-Za84
SHWZ
pZ uhD.a8x
aF'%+
=fa81
aZa8z
$iZ bQ
tT]Z
RZ L|O,a+
w? fD
z#Ha%
's>%+
vfa8W
=Z %-
}Z ($h
MZ Y.
KUa8y
*J\Z
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
width
height
DDDDD
DDDDDDDDDDDDDDDDDDD3333
DDDDDDDDDDDDDD
DGwww?
wwwwwwwwwwwtD
DDDDDD
DDDDDDDDDDDDDDDDD
DDDDDD
DDDDD
wwwxw
wwwwxw
wwwwwxw
wwwwwxw
wwwwwxw
wwwwwx
wwwww
wwwwww
wwwww
DDDDD
DDDDDDD
DDDDDD
DDDDDD
pDDDDDD
DDDDD
pDDDDD
DDDDH
DDDDD
DDDDDH
DDDDDD
DDDDDDH
DDDDDDD
DDDDDDDD
DDDDDDDDD
DDDDDDDDDH
DDDDDDDD
wwwwwwww
wwwxx
xwwwxx
xwwwx
prtustq
wjklxv
mfnzey
|good{
YYXYXXXXYXXYYXYWS
Y[TT[ZYYYYYYYYYYY
(FE871-,,,./45;6
>LLLLLLLLLLLLLKI$
HMMMMMMMMMMMMMMM
NNNNNNNNNNNNNNNN
%UUUUUUUUUUUUUUU?
0VVVVVVVVVVVVVVV0
BOOOOOOOOOOOOOOO&
PPPPPPPPPPPPPPPP
'QQQQQQQQQQQQQQQ<
:RRRRRRRRRRRRRRR)
***+999=R
UVVYXW
IKMLJR
QGFONS
===;;==><
@?>=======
y`cfi
\`cfil
[\`cfilo
\`cfil
usuy|hp
losuy~sfohiju
xlosuy~{d
~nklp
losuy~
vsuy~
cdefghir
uy~yr
~acdefghijklt
zfghijkl
"iqz|z
-1/,*)'&(+%
0444444432-
5555555555#
8888888888
$6666666666
.777777777.
9999999999!
::::::::::
szzzs
dooo*++-,uooooowwwww"$%#)wwwwwu_
'&!(.
wo___qU2Q
;Jg__
HT429ScxugM8L
O01?ap`QWbehi
V?Y^GTfnlZJ
qW>???=DK\h k
RBIUXD357>y
LK6QNRPLr
:~/I/
888`777
9990999
===p===
@@@@???
BBB AAA
BBB0BBB
ZZZPccc
]]] ^^^
fffPfff
<<<@;;;
>>> ===
___`www
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
*X*\m*XA*m*
*X*Hm*X
FY**B
&+X*.l*X
+m*"+*m
&o*X+(m*
**miX**s*X*
m*X\*m*
+m*x+*m>Y**
+m*y+*m:Y**
*X*@m*XH*m*
**mQX**
M+*m/Y**
>*miL**
*Xq:m*
'X**`*X
&m*{&*mpS**
"m*\"*m
_**<,X*
-}LH-%+
12!DXb
`{saz
-d(`*
Ilj*Gd
4XEa$*Y
X(~=+
eQ2*Q
UXn[6
hP*&5
3hTBcf
~-Y%#
V.%|33
~-Y%#
V.%|33
oMLKc
>wTv]3(C
]to1~
dTea$`
7Cl>z
sO+ulAUNl
Lxa}8
`>}pGS
Fs /+
ku>-f
2-U1g
TWUyY
TI(`m-
-p4([x
E&;('*_
3CY1eG
_&!(']
m57WGqerq;
56SGq
g56qGpRrq
GqCrp,5q
k56qGpR
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^l
!I#@=
e-c!%
6Omo%7
t4Y K
M0[[L
G]r>F
n0g~:
T5$3Z2
?vf$4
t~"f(
T/UV12
DZN[dV}
rBv^q&
~"'xT
(>y4DPH
X[:RjZ
_b{.dO
K nCt
S'!jK
JA\8a
hl;mH
MA`^:
y\?uo
8-ksL
mImig,
3%8f8
Qz"ky
]]z&#
1'lz!
mZp3."
kQLhh
F0J5OgK
X:oIx
g95Kl
}z6Rb
S2'/I8Y
MzS8}
R\1?lKQ
?R`p2
7K~9G.
fSO+27
<!W}{
5l9WO
2u?f]
T0O36ql.4
c3stt
c&>#^
r xT+
q{ytK
w5\DtK
Lg}QD
q#KFZ
Q()dg<
yT/G1
.j`<bbV
u0fzj
?x11]`
f6OI)
dTI#YO
|N):nJ?%z y
Yh w_
uUU#T
`K3uCK
:)HT7
\u`,u
sWVRU:_M
.4$u{
v5v#.
!Y]-|s
rHm[HX?
Z'Pb]D
jAho/
y|~:C`m
X7Y-:
yGS}c
>"8hc
/IG'P
<72K%
.t5/8
&/1vDW
_zu(H
VB5]8
i(F&<
&1=~1yJo
biW~q
UgM(1^
G`[\u
?b4=*
sXm|95
&*%vW
e^F_$
JM1-Rc
,a:.}
<q27bJ
5?jZ:
?&8o?
"'nyy
+~dG%
%^-9d
<T.i~
iIAS"
[O#Cg
ip3Qj
OoX%d
_RR8\01zmk99A
YsZr!
Ho=In7
O$Z&r
S*B60_
QK5*Do
?Y7y7>/
~-^=e'
?b8lY
jvj/'u
icK1gI
'oPD!
T*{'f
[_8}a
11lIB
D4w&y
a-ms3
Wvr'B[S
~Vz7h{:
>J|yx
-=%[0."
;V87>GJ
t#jkN
^Gg7^
2::[iD
|#0{4
QUY7Yw
7p~tq
iKiJED=
Lf)Wp
qm=*z?
f^F}O2
47b6L7;
4#zq^
rVeLK^
xViX3
%JY?!Q
=i^JJ
Jei<`!
<-Xpr
=PXt:
D3'~3
{6pq1'
Vk:Xf
CJhWr
gO4]Q
05|dRL[C
QBaA)
6wdl}
vW85>
7]ec[
uWt92
f#pva
9-ZXS
Z27<F
xz\dNb4
?uiH<
*)NYP
4*/z^
6rp3'
MBe+C
99rd<[
5 ``,'
Mz51a
%wE-}
t]cW]
u)B9Z
8:fRu
Gqv/;~jJ
9,?:g
j_!+&7
VUJs|
G\Bu7
-SW!z
_V([}
fD]eJ
'FK}y
L.{1l
Q|23S
k_0{)/
@[2*:
g6Rm_
PpL1k
o.v/\V
G<iEN
Trc`t
n!1!R
b{pq1ic
#db`c
fMG:R
8_tr|
V{?2c*%
Gk{r^
A-&`k
dceq(pF
R+T4'
m?dIL\
|O.<E_
4F~%{
0[G=4,
c/<f|
ipd>D!
hl)(N!g
B<<n.
M:P8J?^
[Z7,Z
oW'Y]
@s!)@X
y6cB-N
gL%)4
r=6+`
^Y?q3x
d]Ir!
/ho1$sr
P<}dw
Z3$KF!0
V:iao
JiL,2
HOj4S6
BOFo8
i:Lan
CuNLW
A]KGB
yP&lz
$,INh
_#!K0
g&!C)
8MNN
tLIVA
b#pq1
\FxZ.V
_Nn=0M
~}KY3l
)t.qp
0Y&g
n)W`0=
=Idfl~qb'
);E+:
lRzO=
}8c1#
VHbJV
{"arFN9
(]7->
]^~uI
+}zb;
Si_A7
+NCeB
eIsVg
74ZQ=g
!p]oT
@:CX\4
u%3YVE}
N%?6z
LN/tT
2Q#'o
)/_Y~
-?F>C
4 }w::S
h$G>v)
jEFz8
oC.VF
0rry!
zZyL)
wAZ,1
0dvd8
1I=y#p{8
5h.7R
~Ss-u
YA`=z
TX7Qs
<a/_M1Wf
,O4;hX0\sy
=vV0E
_(5tSf
Ny-R{19
"PZH0
t!?^/
EOXfM7
\VocOua-
B1!l`
DE1HQQ
_Q+^G)
so>@j
`h1045
^:BX{}W*
^ ]@P!
7~dJRo%
`pQ\*
ujEQm
>[bN/
&> E)
zxVc*
x-1|I8
uLccT
|}%Kg
Q8S"w
+27=$
Cv(OdF
t!=Y5
RZNK*
'W\{]
?b#)O
SP9l`
jW"sB
#E1GJ
iR,u[
0mivG
.\=x^e
y#&S*
4kQ8"
DodyIV
wGUo1
#k7)4U
4q?!;y
NOh \=
O/F:E
-AKmo
G)|Op
D#H]\
hFtY1
W4IBU
d`V%T
@txYG
%}X-|
xr{k$u
dm?ZQ
83(;&9
l})j*v
_z5_>
,kCNV!6
/2N`q
!c#mP
gB>v_
P%u/=
|*#hx
3MR'M
jXU=_!+
UtW{?
ttomN
VC6G*
P6!TIE
}Q'l]
L3HE2H14[
LoKF{
,eXJ|df
_1|^ZDX
=2cYK
pCv',
H?4G}
9 ',+Q
{wtit
AGhQ'
C6(I$
].LdhB
||5]ys
_j]#v
yG7MY4/
Z+>_|
%I&,|
KxR^8
w{]wu
8~oy{
3)e\9
y*G{t
aRuM+
%~cDV/
_<7Y%'
(!kIu4
z]O2G3
^7Nq<
JS<Oz
5%2/d
}QB?H
4P'v
!k?8V
j?.Z:
w<L'[c
?bBE~
alT.z
z#XjCv
{0Dl|4
NQ])t
Jp9`F
hI52P1
t"nagn
c2]f.
wg%+}
p?3CLy
`KA`
oOw%o~~l
'YD^k
5nzN>
59bt\
Od^FLh
F7~\`t
<c<Tj
'/JXN
Pd1*y
Oqo[a
7[,RH9WU
(\]{pcl"~
eCFC;^
D>^)3
2DMo0
B7\B=k
_;I:k_
CJYWz
<1p&\
8]V.M
;s$nWj
ECgTE
/R&v0
fnL<9Z\Pk
mcFtB
j*hLq|7
0`HVH
O-1I!
mrvyIH}
i'&^|Z
1_Vp:
H{r[an
r*l'%
pF_g8t
a)K#H
o} 7h
2ixI<
/{MYdB
o-Y:lCurO.g
::!KW
,M#knd
awo]/}
!sDZd-
<>/d\!
|:+A5
|'FSp{&
\%!\1
\7-nv
I_~s9>
8I)Q?V
052Z^
WU^:v
FeB-'
FzpkJ
a!0*q
f8{sn
^tVf%l
X;J`:
Q$8J7[!
|VfHF
\C6~xtR
K>:#0
y<Q{~
Q$m38
O14EmL
^m7u0
.q#@jT
_s1Gh;wP
rE ![Q?}O`B
<sZ(Vp|
401Fmp
m_W0<tPm3
949;g
VgxYa
+/KOW
u0{t6
(<:#)
f\g]W
{Pd6D??N
Q#8kv
5?3x[j C
h?ka~
)'vn=
%PlOwC
OVGmj
p&$L`
KC-vS>p
s\n4J
9cyMX
Q;\+\
D\8UKL:
n~Dh!Ve
[Q]17q
d|Q{0z
-)8M.B
'Z"E3
,J*y{y
6N_42gN(.dPz
k-r\x
~J(Y`
h#LAR
3B!#d
w5YVTgo
K:9/t)Y
AO::N
Q%yG?
^U'U'
<67T!L
QX:Qb
5;'z^
~ L2s
;|8->
@PkM${
V,@;]
^$E#N
x8RW-
'5KAG
O(HQ2N
M%?n+
b!kt?
iiy(z'C
#SyyqL|
q+mN/
`?ae7g
+\Pib
BbdAB
n+6nd
!nVHpdo
e"rq\VV
QD'=%
Qv,W\
M.1)Ic
\]%S/
u7BYE
FN9e'
/L~pM
x"8,~
{X_X|{
-6o-H
#jSR<
7f"lm{
J+<|M
;1=Ewv
jb?wa:
<aXUs
^WF?J
0 tP<
<ec4S
)W_?wop
xtHuU
~:u2D
(nCut
1YrVs
p4D~qe
'@-p.
vWr#e
_bme.r
zh\]2
?|e^5
Hn8SS(eh
eEm:'
j(N3F
-0;6{
x8xJa`&
v,gp/
':"ff
O=,z*
NW}4u`
98c4P
'F}o?e
h)"LbeDe
wG\S=
~~2(u
;MJ5=
=i_YX
2kaai
^A>l*
ap"yb
zl\9,
_9{-.
sy+^Sy[q
p!4fL& B?
43]X9
"wBH&^
arG9%
r,`3H7U
2c2j3
C:RNC
hNo4O6
p(2&bu&P
slqF~(
&- \/
`A[Tj
PgNAF
9:_L;
PE0r(y
Xu8 F
~{$9v
&P\%;
!T%G#
vlV"A
vD/\[r
9Y\Rd
8{]z1
tIzt?
I5A75
'zK!?e
0vzbX2;
5q:n\
'OwuT
UsuQu
$=<=&
<mru?
U;D8>
~-~^p
ErS=S
xp>wQ
E c+y`TX
q.q7lPg{-
/G<DT
&yw{?O
+XJ_;
.r*px
||O5P
<>1s'
^+y/l
-UF|p
R](n'
RGD9R
&42kj{
n=p~g
xH&[j
r"{#<zb
n\s9h
BWD4;R
X <%5
?G-(mtzC=\
`rQu{
Jq&GP
3}.6G
^rU8s
Vk;O(
bicnF
JPu<V
Cs$Wij
\,NnO
A"jDE
8Q?R'Z
e>Hgc[
wc'J9
Oi^67
,I;[5
Y6|m`
=O|/G/
\9":>
\!bm;
qU.uz
xP'k
J32[4
FiWC^w
_>=[ 4'Y
ZNtIl
|:I- 8
x)d~,
E|l1Y
/Qh"8^
Vf^RW
B3.%g
>Kt}7
q:POu
si0PC
?GsSzs
"n&%~
>??)f
_ts,f
2WL8.
($<:a
MI.vCs
KCti>
@I/&K
pjVS5s
I;L'p
2JDNYx
Mrzes
p]`LW
y2a:@
LZ>~f}o_
`y9;bp
(m#tb
9wm4<
Bm}^e*
@!h{1
M< O(
#HWPTH
}Yz#+n
/Ks5E
H/v^"x!
J8GT^{
Q\El9
DAMp(
9gz6
;z~5Ue
0s8 W
!/]%t
td3CvA
cB]}1`
-Bi{w=
.I.R-Q
>/}khQ
/$B]^
;9+k X
64rn1
G)EjG
*LEhga
X9zFFa>
oI?_f
8WD.*
d$x}
{yGOfR
NC~M!t
GUn+<
P<e!w
O h.
EF738
#0((N>
hR#%L
OGr-"sy&,
w<v_3u
^YY}a
V|Rv_m
rg)&N[
;xZO0
ydRE}
|$9/2
_>Y2}\
u:GlS
A\8p
pzF#6S
21%sV\
(>TdM%0D
dcnjl
xp{!Z
vSl-}
@kzq[
)|Ai'
0GI%G
: s`BQ
pSI1I5
F921mx
]vQ-s'
JGXMG
cjpHg
swKPO
9Gez3
Q\rD-
O"=.j
.[\)C
,xm'm
E[V1m
@I;B#\6
Sb.]R
R>0ZQ
yx7oI
Bn+I
=85B+
u`_oh_(
ZRo;9
{H/d?
>AF^iU3
Twdk0S1
!n}snQ
E_,{.kc
\a+U>
+BH.$
br#Hp
hqcJ4
:c_fy7h
g4(#W
,r`Bu
=u6B~x
.2hTx
OO|z)
.%ZEm
mIFSP
bb=fC1L
($X3uK7v
'zeEvK
F?wGR
1. H*P
7S \'D:[
66etjzQ
#vm$Fj
`*jhn^3
'!Dv~C
I1[6[2
a`G/Fo
NX{qo
21*c{
rzrK)
X?V-V
<4$,\f-+<
uds1!d
mafZ]wfg
x3;R,[
_2=BM(
HK-}x
CDq%LB
{{Ckd
HOrP-
6O^AM
b<}K<+
W5*1nwz
p`9;9
CXLpT
yxBeA
F8:JK
7Z6*3
Z\VcO
K3_0t
/mX7)
W?|Xso
c:+tL>z
x$i.}
|Yz|,
Hm>4io<
?LW]{
$bRfg
Bp*RO%
pr`c*O(90
r[X"7
+y%Tj#
51~.yw
.bH?V
1)-Jw
nI;8a
f<wf#_r
[:c!_bH
u^CGU
*_9HQ55
y2(3>
8tE5f
AkH.`
1:B{Z
v659o*0
1|%\h
}I3wE
D~GfG1,
9G^R-W6
qk.QS
iSIJ
P6h*U
8iSJ3C{/'&c9
Ss#K2
~7Cg_
6g @Eesl
sm<:L$
aK_&$
>^;\;^r
^3mM;
Y#~)G
I3_{`
p~y 97
B|- u
>&Bzv
(bZ6&S;
;jW9a
Y18j2
fbLIBD}
B'E>L<
|8R28qO
pl-Ps
m}j&w
-(Izwt
tq;%b<
D}m}+bD
1y$19
C`_o,q
_&={H
CqI&H
-F]O^
P]AfOl<0
z^}@w
y">Cr
zfY]Ml
;CzAV
kkC8M
TrI68h
hp%V-T
~K^uG>
P%PXH
TARQ2
<f:Az{
@;?"Y
{~92D;[
rkI~F(
|rx]|
$B$Dt=
x3A60'
7fW45
,wGlo
_>-6<
6~y<k
40&Jw.
{Nvib
\/m{W7
NbVQ_F
cCw[/t
(ihMHc
v%vdy
Ids1X
*\<^>Z
D1}NVc|"
g9Kkj
CDq3f
c*hR\csi
B]*w,
Z8M0:C1
GF+1s
Sne'y
(JK*e
'LKep$
hLJb9
`^-ZL-%
uN7y$M
M*fI]d'w
QZ$Z6Q0_
Ox>ei+
R.y*{
D.1]b
s$)w&>&
(yX&W!
_ln}|
]TwyMYy
Im*o,
(nf~N
Xp"o"
s]~D>k
g<(uO
GzW/a
2ULw8
%<d5M
[=G%GU
9j+*?
)j{UbE
}-2ok
O]hh3
c!%8(
<r\@t8
ydq_W
Z*t1|
$;u#8
5P$GQWx
CxZW!"
%]iMa#zl
!'h$T
U0 $_
0$9Mz
7MzNV
bbI<h
:W#)R
6N.{&o
TeTuF
@},_2
=Q1n1
ycQ^c
id+^U
DAG!_8
oOn{=
NR-fp
z 4k9
g)qXf%IH
SW8~:
9H]{:
5l16\
F&ZmC
'}jC~^
G)1mq
IVUAqD
}X=v({
Yo&G6
F|r2zK
*<XJW
@h]o2
ew6_:G
^8S,@
G:_JwiQe7
,Ec5u
:NkN/
W|`{|
'd.XG
-d=(*
S%1yKz
yUAi475$
.GuXL
{4KzIG
b:.eA
k>ESw
OKj !
8.'u:1
B+2*2>0
v>osMF9h/_
([$v0
~57(\>v(
U\1>+{IL
me*Wt
pvFxjw
D7Yg3
8+~}#
.H<vm
__d7&
yvi}j
;h #3m
$9zx6
u"{/x
sz9*9jn
H!]&]:K
"7nHw
Lx)_A
gbW{Nu<
|n[bu)
Caj(c
\\,F-I
IXAD?{
wLr6M
er+\>9
Jxl3=
hq1/8'
e9y%G
07O6Vs.
(~KrP
\A$[g-{
TZo~{s
|;>t#r-T"H
d^?d,
`erq1k
y,=9t9)
Y8;Yx
,VF,O
<is|/
R;Wn'
+#Gqd+
T!uM-Z74a
r9qde3
SJ^pr
9gL({
%Gq^x
k7q&]
&g&c6
5U(k0e<
rP]x|]
U?U:z
m #I>
Ic%X
vW`_N
*kO3j#
$m|1U7
&1I^#
JG<|2
#\=7~
%d-gx4
|7)+IY
'dKeE
1'ul[
#9S$H?ose
&Jsa|
H&G!sa
>1Qp{
,="M,
yw*U~4
4YVRh
?5Hws
yo$hM
_Yp'oiX
amO67
AgtlK
^NtV~
B+_rk
y~5!9
COondc
O:tg.
-CzSj
XHcp!
%Qe'a
T.2v
STbw}
7D6=DJ
&oVTC
lShSQD1
T74\s
,$qO>_
;`\r)
~ga&{
N[?|R
B|[Z/
e+OS)"
00<)[
1%eZbH
v^kP[
yz?iP
^HVrB~
|H{i\
BU5.g
N}z -b
fYsV7
P?;`$
Q;4|ms[U
o55m:
7/.8T
;3+zn1
(/@P=X#V
`6sEw)cZg
7Fz<m
W*Wlawh+Z
^<4!3
%=LNp
}IG^;^
n(a?kk
*@h}oKC
]J11/
6tS+C
..idvIG<
989hb
xoX5s
rE9cyO\
s1D8H
La+*G!
HULU4
2;!j6
&tm^C
^<Rvx#Y
k1%/=n
d:g#A
G^w6N
Zajs_
fkGlZ
H?C?
Y5y}s5S52'#oI>
54Q?k
Af|SY$
V](d;id
@GFUl
%cfTm
%|R+-
uVsQ'
m","h
{6wAE_e%<_t
7z[k!
D/s&AC+
`_9Omf
h_R6k
Pbx6#
z+_TQ
|.r;Pd
S<G/^0
f7XE4
grTli
$x1h*]
AotN4e
lEg. Kq
m/nIe
1;,~CP
(",(=t
+7^l9
~($,V#Y#
PP<:zN
w[j+\
;|mZi
<z=z:B
lsn_b
$!mbQ
GUem4
^^K|e
4vx2f
Bd#}S
T}F0Z
!z4%S9
O:+'M
?7'"p*
g^Qa\
N,A8;E
m.^!=
wh)&vT
rV|vCD
myPT'H
qthj8
$F*8+
.491U
p6)@}
6w.zV,
-7i}5
V_=>w)
)[J\4
hZ3_z
'hz*rQ
2 qM&<
|/~?m
?T&jO
bh+x}
Q3n\i
muy<S
u8!vvT
n3NQG
T<0aSdL
\!n8z
tq!JF
d`|A +
2t!8+
2bDx=BF
^lVjl?k+VC
z#'M^
Z`bJf
'hsxo
Xz'tX
97#;g
.6>_4>
EQHc|
gIGmzy
3SHzu
p!cZa
x n+
Q:`ly`hO
~|ob;
;]=23
hJW%d
]XZsr
,^5+W]
ov,S:
9I;_)
eqps:
eIe/#RP
I$t4+
M+T.Ao;Y
35.~3
(z;!8W1
U{*<y")z7,(
1%d;m
]_Q -[
b0z-W
gaCyu
0ZoIlE^s
!NDT|e
JwUR|
s3IYk
t%'6wF
>N:FN(Z
.<85Y
w$'3nT
wylf(
z`v/
2%fKj
uct<0
PP2E:
*>Nu7>
$'#}m
6Wj^h
8D?O{~
Q_a}z
_q[A+
_3H*|Z!
)~Uc>}
X8i_s+
dmy,sSu2lw
{7~-3iH
i%$+J
JFNxx
N~;6!
^l8vH
UK0Bs
2-^"B
8R0A`
G,=_
lPt&U
[>c>H
O"8*[
'~]t?
\[2b{
;v:|J
]_Hwx
ZsFTci
Q!k"V=w
i?>H$
KB]f/
*%6_"
=ug_l\%<=kwY
bA0#Q
{VY%l
Vp612
KD)A$,
zD'q.
)j6|1g
d."54|s
E[Z!2[
0ME0'
xp=9y
<h[x3u
/131t
i;@zp
9%o:,g
mY6k~
SCl/W
:]T+6R
'FL)n
AnX=p
/}_4'
|64*C
N4(&3
mZ-kt
@9_N.6+.6Y[
7W8_8
V/e)-
2x)62~
A_X2J<
'o.fgov.
~r(Ukb
JaI:X?
_[gG/}rx
8`e;3
MNNU&
ZZ6vZl
%^HMR
FE/Dd
{Qe$0
k(r_(Y>8
QdDQZ
#:f/ZV
!(.!`
,v\Dv7
o|w2~
rC\)\!
}]}?D
4e=),
,hSlY
>]y7(a
/<9"d*y
'x$E}g
".2=_-
f~}Rn
jX>2)
:XvsA
#D+R5
Xq13s
'5lJX/ ~
UJ,\g
Yye>]
c^Ms&W
!:^a,
+>B7R
~o`DK
mN'\4
4dfO3
1v;|u
x!dq-tL
ZJf&AWb
\!!$c'%o
$v7\8`
Z$Z]o
onhST
$4~ug
N"^2I
=+Q1x
uv 'l
9{Rqv
6v_pE<
Qrt?y
9RnBy&q;
N!J8\8
)uy2Z
'z-)r
N&NG\
7k6#W
XuH_("
`\h?PTE2
4_\--
u^Qd(
v'sH)
P#s7wX
ZCvh;)W
.v};9
|\.3}
Autp6N
C`dOg'
pvQ\:
~7S1eA
4=kz;|
|w>|#
Vxa]Wy
O%74[t\
e=!2:
dM.6?Mk
5G+}c
j4,KV
uw=tg
Z??+<
J9rD2
BY^l*+
p}cN/U
KI<,~
$Wx`A
"Y"T7]
|06B!Jq
U&xft
QBl8o
qxvA^
xl/F(:|T
Zmxe?O
&N#6zBX
UX_,)
<![Ou
/28le
MM>^H
d.Yw_
'3a~5
IDATTo
)3=0>g
?>\!1{/
/4\;^G
Y=xDV
qR'@m]
At&h^`
iZ3A
)h.N+&
+8n];Z6
iN%?i
krC5_
]Wlv8
(_wFb
dByv`
Xv3VSI
m4J^XJ"m
O)v_%
-Hq1#
OwOFU
l4<n8
GDsN=S
P$jPH
?yc,X:C
].<RR
EUZ'2c
}0/=T&S
Z^9.0
\;o%*
&GUIR^
OEwJ#
$48eI
*Lu\]
A&KW''
&-;1u
]\=Sr$
^f\V0
~f2%=
?qhtC
6Q:7]
^A=&>
C1=cs
H_4{85U
!k[A^
4&JuX
[;+u!++K
Co{(G&
w4vGHB
M{'PI
+|6\7
?PTh'
RfNRlf(
)giKE,
Vnll /
,-NIy
qq9V8
(O,UKq
>BNzBZXP
3pr0vy
u#%`>#
~NiCR
*GZAD
VQx2}
kwr"l^:t*
5Wxde
%n>t;E
g?RLb)
##J20
`A8<_
,%NAd
{3W~%
rtT)x
`3P$,Y
xX\7~H
ym}7[
6Ht[>
]P_99"
ooufI
O|89~
uFx-*
R\i85
an-W&
\<iKxnOIq|
Dj=pE
cm+}~
\b+6l|
vKQI\*k
<~&*5
Cf+jw)
H:z^-
*z??x
@`$>W
d(V.V!V
w~">[
kq69G
cGX+/
-0 x;
'zDy#p
Gfz!E
K<#1h;
|N/2wx
^\3nO
`72_7
^MZrM
$W]Lyg
i11YJ
}o?y%
2{/H^
x$%_4
J^|r%
d?OEb
hq#u.
?U_\['u|KH_bv
d.QiVu
_VXvL
kqtMM
kcz~;
-}x82
LL o#
5Q'/w
Pwv~A8ei
OjZ'_
@M%{g(B]
S'z&1s
cHJ2Z
$Z\x3
:w$?J
913;Ppt
+bs#F
9n0Hy
\xKG#
1L4E;
KS7[m
Zbxv\
IBKON>
SY9g$w
lN~N$
vsT2&
ZUH|7^n
6L0>&x?
L6}J0
@'yj5
G>JJ_[
PX=kY
C_.]:
_{9C=
d4pFj
H,9<&
a&,P]"
6eojA
jeT~8
x'S(;
aY(>y
]gK-,J
TCP0V
S?/Koihf
$.jl.
*o:wYA
A/m&V
RPC4L;q
N&f?{g
OCQ_t
:Y{eW
2D/yB:6d$[
t,&*iU(S
402T%
$>2UxO
zy~j<
rZNR/_E
[):W.H
B#~_1
ji\Di
H7])9
u|=j>hrF)
Vs->lF%
li~%qG4
oT(ad
y3xX1}xj|L
JRUV-
w.Nfy
RC^E c
r`$SJ
5&>pNK
jmC2t
I(S*=r]d
ol w4s
}=\*%
B0bK x
&*^T2
"Q6X5
m2*6Dd
eog-?
>9S7nAN
>Q/G&A
pde>`
Ht^xh
>K/ztkJ
Fjy#E
Ld?</x
hc-(>
nbqx^I
}2Y)M
#-gFp
yK3.,u
4/1!S
i*<|>
>R\LO
8vy%cT.
mw4[.
IV<pG
6bbAh
OlZIi
THA1e
G9]7c
2d];.Q
tH!iQ
hvNu4
zhkv<
71wG]
k}B2.
-?2_x
Y"Ec!D
N:S1U
MrPo(
tBScd74iv
l#D9F
Z+:H#
}",P]
4uRp3uU
.J2J6
pVnbTm]
2B*D.[U
'zE\_
?`%Bp{
W?(/JGm'
1Sm.O
o~f8\
[(=js
[*LI<
+~U_I
[,j+s
@{;>~
+MUOS
'n? \
V[|PJZ
aI&`X,
mi#o8
mo{Qq
=>Q~0
U>35W
{c&>S
&*1/
{=0zIr
{*Be2-
Fd'x|
w%|_t(4
-BIDAT
lfQc=
7{6}g
/?-3-
CZ6T&
Q^i,x;
`E[)o
%= 1#^l
mUyU$
{"Ov$
\o9>dnL
G6(u<
1rc|%
L&9Y^
(U2]/JJ
Llx:6
?^oD|K
):]*]
n?>0J~
0>XZxyI
71Q9]/
^sH'U
_BmW~
rO9|}5
aP$'N
FIRh>
Om6cA
:I9.|<Y,
^EIjU
3$y:;<
ZoBxE$?
Jrbb6
hj-?
r2%p0&1"
M0[_p
%*ab<b
Ff0N~zn"
`sl3f
<}04Q
Pw{=SW
Yzn=]
+n~|W
r6[|[
:im$j
M}o)3l
hi[V"*
c5h(*
Vfnq]A
rdf?/
s%63k
?=]zX
7oxW(
hk_pE
kkh}r
r8BBC
6'W3Ud
S.I?7=
xZ~s5
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
#GUID
#Blob
#GUID
#Strings
#Blob
#Schema
7 > T ] c m
!G!Q!
"K"Q"W"]"c"i"p"w"~"
"i#p#w#~#
#c$j$y$
%$%:%B%S%Z%b%j%t%{%
%.&6&D&T&\&h&~&
&''Q'
()(m(
E Q j p&
'D(P(\(
(OK4M
HfoZ.exe
mscorlib
SuppressIldasmAttribute
System.Runtime.CompilerServices
.ctor
<Module>
.cctor
System
Process
System.Diagnostics
CloseHandle
kernel32.dll
IsDebuggerPresent
OutputDebugString
Thread
System.Threading
ParameterizedThreadStart
ValueType
NtQueryInformationProcess
ntdll.dll
Win32Exception
System.ComponentModel
MyApplication
ScrapBook.My
Microsoft.VisualBasic
WindowsFormsApplicationBase
Microsoft.VisualBasic.ApplicationServices
OnCreateMainForm
OnCreateSplashScreen
System.Windows.Forms
MyComputer
Computer
Microsoft.VisualBasic.Devices
MyProject
Object
m_ComputerObjectProvider
m_AppObjectProvider
m_UserObjectProvider
m_MyFormsObjectProvider
m_MyWebServicesObjectProvider
get_Computer
get_Application
get_User
get_Forms
get_WebServices
Application
Forms
WebServices
MyForms
m_FormBeingCreated
Hashtable
System.Collections
m_AddUpdateBooks
m_AddUpdateSupport
m_AddUpdateUser
m_AdminHome
m_AdminLoginPage
m_BooksHandler
m_ChatPage
m_ChatPost
m_Credits
m_DeactivateSubPage
m_ForgotPage
m_HomePage
m_MainPage
m_PostPage
m_ProfilePage
m_SettingsPage
m_SplashScreen1
m_Support
m_SupportHandler
m_UsersHandler
Create__Instance__
Instance
Dispose__Instance__
instance
Equals
GetHashCode
GetType
ToString
get_AddUpdateBooks
get_AddUpdateSupport
get_AddUpdateUser
get_AdminHome
get_AdminLoginPage
get_BooksHandler
get_ChatPage
get_ChatPost
get_Credits
get_DeactivateSubPage
get_ForgotPage
get_HomePage
get_MainPage
get_PostPage
get_ProfilePage
get_SettingsPage
get_SplashScreen1
get_Support
get_SupportHandler
get_UsersHandler
set_AddUpdateBooks
Value
set_AddUpdateSupport
set_AddUpdateUser
set_AdminHome
set_AdminLoginPage
set_BooksHandler
set_ChatPage
set_ChatPost
set_Credits
set_DeactivateSubPage
set_ForgotPage
set_HomePage
set_MainPage
set_PostPage
set_ProfilePage
set_SettingsPage
set_SplashScreen1
set_Support
set_SupportHandler
set_UsersHandler
RuntimeTypeHandle
InvalidOperationException
Exception
ArgumentException
AddUpdateBooks
AddUpdateSupport
AddUpdateUser
AdminHome
AdminLoginPage
BooksHandler
ChatPage
ChatPost
Credits
DeactivateSubPage
ForgotPage
HomePage
MainPage
PostPage
ProfilePage
SettingsPage
SplashScreen1
Support
SupportHandler
UsersHandler
MyWebServices
ThreadSafeObjectProvider`1
m_ThreadStaticValue
get_GetInstance
GetInstance
Resources
ScrapBook.My.Resources
resourceMan
ResourceManager
System.Resources
resourceCulture
CultureInfo
System.Globalization
get_ResourceManager
get_Culture
set_Culture
get_Blue
get_StNcHX
System.Drawing
Bitmap
Assembly
System.Reflection
Culture
StNcHX
MySettings
ApplicationSettingsBase
System.Configuration
defaultInstance
addedHandler
addedHandlerLockObject
AutoSaveSettings
EventArgs
sender
get_Default
get_ScrapDBConnectionString
SettingsBase
ShutdownEventHandler
Default
ScrapDBConnectionString
MySettingsProperty
get_Settings
Settings
ScrapBook
components
IContainer
_Label3
Label
_Label2
_Label1
_Button2
Button
_Button1
_TextBox3
TextBox
_TextBox2
_TextBox1
_Button3
Dispose
disposing
InitializeComponent
get_Label3
set_Label3
WithEventsValue
get_Label2
set_Label2
get_Label1
set_Label1
get_Button2
set_Button2
get_Button1
set_Button1
get_TextBox3
set_TextBox3
get_TextBox2
set_TextBox2
get_TextBox1
set_TextBox1
get_Button3
set_Button3
Button1_Click
AddUpdateBooks_Load
Button2_Click
Button3_Click
EventHandler
IDisposable
Control
Point
ButtonBase
ContainerControl
SizeF
AutoScaleMode
Color
ControlCollection
MsgBoxResult
MsgBoxStyle
System.Data
SqlCommand
System.Data.SqlClient
SqlConnection
DialogResult
Label3
Label2
Label1
Button2
Button1
TextBox3
TextBox2
TextBox1
Button3
AddUpdateSupport_Load
_TextBox4
_TextBox5
_TextBox6
_Label4
_Label5
_Label6
get_TextBox4
set_TextBox4
get_TextBox5
set_TextBox5
get_TextBox6
set_TextBox6
get_Label4
set_Label4
get_Label5
set_Label5
get_Label6
set_Label6
AddUpdateUser_Load
TextBox4_Leave
EmailAddressCheck
emailaddress
Match
System.Text.RegularExpressions
Group
TextBox4
TextBox5
TextBox6
Label4
Label5
Label6
_PictureBox1
PictureBox
_Button4
get_PictureBox1
set_PictureBox1
get_Button4
set_Button4
writetextboxtolabel
Button4_Click
ISupportInitialize
FontStyle
GraphicsUnit
BorderStyle
PictureBox1
Button4
_Button6
_Button5
_DataGridView1
DataGridView
_Button7
_ScrapDBDataSet
_BooksBindingSource
BindingSource
_BooksTableAdapter
_TitleDataGridViewTextBoxColumn
DataGridViewTextBoxColumn
_DetailsDataGridViewTextBoxColumn
_AuthorDataGridViewTextBoxColumn
_ContextMenuStrip1
ContextMenuStrip
_DeleteRowToolStripMenuItem
ToolStripMenuItem
rowIndex
get_Button6
set_Button6
get_Button5
set_Button5
get_DataGridView1
set_DataGridView1
get_Button7
set_Button7
get_ScrapDBDataSet
set_ScrapDBDataSet
get_BooksBindingSource
set_BooksBindingSource
get_BooksTableAdapter
set_BooksTableAdapter
get_TitleDataGridViewTextBoxColumn
set_TitleDataGridViewTextBoxColumn
get_DetailsDataGridViewTextBoxColumn
set_DetailsDataGridViewTextBoxColumn
get_AuthorDataGridViewTextBoxColumn
set_AuthorDataGridViewTextBoxColumn
get_ContextMenuStrip1
set_ContextMenuStrip1
get_DeleteRowToolStripMenuItem
set_DeleteRowToolStripMenuItem
BooksHandler_Load
ContextMenuStrip1_Click
DataGridView1_CellMouseUp
DataGridViewCellMouseEventArgs
Button6_Click
Button5_Click
Button7_Click
Container
DataGridViewAutoSizeColumnsMode
DataGridViewAutoSizeRowsMode
DataGridViewColumnHeadersHeightSizeMode
DataGridViewColumnCollection
DataGridViewColumn
DataSet
ToolStripItemCollection
ToolStrip
ToolStripItem
DataGridViewCellMouseEventHandler
DataGridViewRowCollection
DataGridViewRow
MouseButtons
MouseEventArgs
DataGridViewCellCollection
DataGridViewCell
ToolStripDropDown
Button6
Button5
DataGridView1
Button7
ScrapDBDataSet
BooksBindingSource
BooksTableAdapter
TitleDataGridViewTextBoxColumn
DetailsDataGridViewTextBoxColumn
AuthorDataGridViewTextBoxColumn
ContextMenuStrip1
DeleteRowToolStripMenuItem
ChatPost_Load
writelabeltolabel
InternalPartitionEnumerator
StackTrace
NextSink
Compressor
Xosh_Maza
Encoding
System.Text
Array
_GroupBox1
GroupBox
_GroupBox3
_GroupBox4
_GroupBox5
_PictureBox3
_PictureBox2
get_GroupBox1
set_GroupBox1
get_GroupBox3
set_GroupBox3
get_GroupBox4
set_GroupBox4
get_GroupBox5
set_GroupBox5
get_PictureBox3
set_PictureBox3
get_PictureBox2
set_PictureBox2
Credits_Load
PictureBoxSizeMode
ImageLayout
GroupBox1
GroupBox3
GroupBox4
GroupBox5
PictureBox3
PictureBox2
tableAdmin
tableBooks
tableChats
tableLogin
tableSupport
_schemaSerializationMode
SchemaSerializationMode
SerializationInfo
System.Runtime.Serialization
StreamingContext
context
get_Admin
get_Books
get_Chats
get_Login
get_SchemaSerializationMode
set_SchemaSerializationMode
get_Tables
DataTableCollection
get_Relations
DataRelationCollection
InitializeDerivedDataSet
Clone
ShouldSerializeTables
ShouldSerializeRelations
ReadXmlSerializable
System.Xml
XmlReader
reader
GetSchemaSerializable
XmlSchema
System.Xml.Schema
InitVars
initTable
InitClass
ShouldSerializeAdmin
ShouldSerializeBooks
ShouldSerializeChats
ShouldSerializeLogin
ShouldSerializeSupport
SchemaChanged
CollectionChangeEventArgs
GetTypedDataSetSchema
XmlSchemaComplexType
XmlSchemaSet
CollectionChangeEventHandler
StringReader
System.IO
XmlTextReader
TextReader
DataTable
MissingSchemaAction
XmlReadMode
MemoryStream
XmlTextWriter
Stream
XmlWriter
ValidationEventHandler
CollectionChangeAction
XmlSchemaSequence
XmlSchemaAny
XmlSchemaObjectCollection
XmlSchemaObject
XmlSchemaParticle
ICollection
IEnumerator
IEnumerable
Admin
Books
Chats
Login
Tables
Relations
AdminRowChangeEventHandler
MulticastDelegate
TargetObject
TargetMethod
BeginInvoke
IAsyncResult
AsyncCallback
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
BooksRowChangeEventHandler
ChatsRowChangeEventHandler
LoginRowChangeEventHandler
SupportRowChangeEventHandler
AdminDataTable
System.Data.DataSetExtensions
TypedTableBase`1
columnAdmin
DataColumn
columnPassword
AdminRowChangingEvent
AdminRowChangedEvent
AdminRowDeletingEvent
AdminRowDeletedEvent
table
get_AdminColumn
get_PasswordColumn
get_Count
get_Item
index
add_AdminRowChanging
remove_AdminRowChanging
add_AdminRowChanged
remove_AdminRowChanged
add_AdminRowDeleting
remove_AdminRowDeleting
add_AdminRowDeleted
remove_AdminRowDeleted
AddAdminRow
Password
FindByAdmin
CreateInstance
NewAdminRow
NewRowFromBuilder
DataRow
DataRowBuilder
builder
GetRowType
OnRowChanged
DataRowChangeEventArgs
OnRowChanging
OnRowDeleted
OnRowDeleting
RemoveAdminRow
GetTypedTableSchema
DataRowCollection
Delegate
DataColumnCollection
MappingType
ConstraintCollection
UniqueConstraint
Constraint
DataRowAction
Decimal
XmlSchemaContentProcessing
XmlSchemaAttribute
AdminRowChanging
AdminRowChanged
AdminRowDeleting
AdminRowDeleted
AdminColumn
PasswordColumn
Count
BooksDataTable
columnTitle
columnDetails
columnAuthor
BooksRowChangingEvent
BooksRowChangedEvent
BooksRowDeletingEvent
BooksRowDeletedEvent
get_TitleColumn
get_DetailsColumn
get_AuthorColumn
add_BooksRowChanging
remove_BooksRowChanging
add_BooksRowChanged
remove_BooksRowChanged
add_BooksRowDeleting
remove_BooksRowDeleting
add_BooksRowDeleted
remove_BooksRowDeleted
AddBooksRow
Title
Details
Author
FindByTitle
NewBooksRow
RemoveBooksRow
BooksRowChanging
BooksRowChanged
BooksRowDeleting
BooksRowDeleted
TitleColumn
DetailsColumn
AuthorColumn
ChatsDataTable
columnUserName
columnMessages
ChatsRowChangingEvent
ChatsRowChangedEvent
ChatsRowDeletingEvent
ChatsRowDeletedEvent
get_UserNameColumn
get_MessagesColumn
add_ChatsRowChanging
remove_ChatsRowChanging
add_ChatsRowChanged
remove_ChatsRowChanged
add_ChatsRowDeleting
remove_ChatsRowDeleting
add_ChatsRowDeleted
remove_ChatsRowDeleted
AddChatsRow
UserName
Messages
FindByUserName
NewChatsRow
RemoveChatsRow
ChatsRowChanging
ChatsRowChanged
ChatsRowDeleting
ChatsRowDeleted
UserNameColumn
MessagesColumn
LoginDataTable
columnAbout
columnEmail
columnOccupation
columnPhone
LoginRowChangingEvent
LoginRowChangedEvent
LoginRowDeletingEvent
LoginRowDeletedEvent
get_AboutColumn
get_EmailColumn
get_OccupationColumn
get_PhoneColumn
add_LoginRowChanging
remove_LoginRowChanging
add_LoginRowChanged
remove_LoginRowChanged
add_LoginRowDeleting
remove_LoginRowDeleting
add_LoginRowDeleted
remove_LoginRowDeleted
AddLoginRow
About
Email
Occupation
Phone
NewLoginRow
RemoveLoginRow
LoginRowChanging
LoginRowChanged
LoginRowDeleting
LoginRowDeleted
AboutColumn
EmailColumn
OccupationColumn
PhoneColumn
SupportDataTable
columnReply
SupportRowChangingEvent
SupportRowChangedEvent
SupportRowDeletingEvent
SupportRowDeletedEvent
get_ReplyColumn
add_SupportRowChanging
remove_SupportRowChanging
add_SupportRowChanged
remove_SupportRowChanged
add_SupportRowDeleting
remove_SupportRowDeleting
add_SupportRowDeleted
remove_SupportRowDeleted
AddSupportRow
Reply
NewSupportRow
RemoveSupportRow
SupportRowChanging
SupportRowChanged
SupportRowDeleting
SupportRowDeleted
ReplyColumn
AdminRow
set_Admin
get_Password
set_Password
BooksRow
get_Title
set_Title
get_Details
set_Details
get_Author
set_Author
ChatsRow
get_UserName
set_UserName
get_Messages
set_Messages
LoginRow
get_About
set_About
get_Email
set_Email
get_Occupation
set_Occupation
get_Phone
set_Phone
IsAboutNull
SetAboutNull
IsEmailNull
SetEmailNull
IsOccupationNull
SetOccupationNull
IsPhoneNull
SetPhoneNull
StrongTypingException
SupportRow
get_Reply
set_Reply
IsReplyNull
SetReplyNull
AdminRowChangeEvent
eventRow
eventAction
action
get_Row
get_Action
Action
BooksRowChangeEvent
ChatsRowChangeEvent
LoginRowChangeEvent
SupportRowChangeEvent
AdminTableAdapter
ScrapBook.ScrapDBDataSetTableAdapters
Component
__adapter
SqlDataAdapter
_connection
_transaction
SqlTransaction
_commandCollection
_clearBeforeFill
get__adapter
set__adapter
get_Adapter
get_Connection
set_Connection
get_Transaction
set_Transaction
get_CommandCollection
get_ClearBeforeFill
set_ClearBeforeFill
InitAdapter
InitConnection
InitCommandCollection
dataTable
GetData
Update
dataSet
dataRow
dataRows
Delete
Original_Admin
Original_Password
Insert
DataTableMapping
System.Data.Common
DataColumnMappingCollection
DataColumnMapping
DataTableMappingCollection
DataAdapter
CommandType
SqlParameterCollection
SqlParameter
SqlDbType
ParameterDirection
DataRowVersion
DbDataAdapter
ArgumentNullException
ConnectionState
_adapter
Adapter
Connection
Transaction
CommandCollection
ClearBeforeFill
Original_Title
Original_Author
ChatsTableAdapter
Original_UserName
LoginTableAdapter
Nullable`1
Original_Email
Original_Occupation
Original_Phone
SupportTableAdapter
TableAdapterManager
_updateOrder
_adminTableAdapter
_booksTableAdapter
_chatsTableAdapter
_loginTableAdapter
_supportTableAdapter
_backupDataSetBeforeUpdate
IDbConnection
get_UpdateOrder
set_UpdateOrder
get_AdminTableAdapter
set_AdminTableAdapter
get_ChatsTableAdapter
set_ChatsTableAdapter
get_LoginTableAdapter
set_LoginTableAdapter
get_SupportTableAdapter
set_SupportTableAdapter
get_BackupDataSetBeforeUpdate
set_BackupDataSetBeforeUpdate
get_TableAdapterInstanceCount
UpdateUpdatedRows
List`1
System.Collections.Generic
allChangedRows
allAddedRows
UpdateInsertedRows
UpdateDeletedRows
GetRealUpdatedRows
updatedRows
UpdateAll
SortSelfReferenceRows
DataRelation
relation
childFirst
MatchTableAdapterConnection
inputConnection
DataViewRowState
ApplicationException
IDbTransaction
StringComparison
UpdateOrder
BackupDataSetBeforeUpdate
TableAdapterInstanceCount
UpdateOrderOption
value__
InsertUpdateDelete
UpdateInsertDelete
SelfReferenceComparer
IComparer`1
_relation
_childFirst
GetRoot
distance
Compare
_SupportBindingSource
_SupportTableAdapter
_UserNameDataGridViewTextBoxColumn
_MessagesDataGridViewTextBoxColumn
_ReplyDataGridViewTextBoxColumn
get_SupportBindingSource
set_SupportBindingSource
get_UserNameDataGridViewTextBoxColumn
set_UserNameDataGridViewTextBoxColumn
get_MessagesDataGridViewTextBoxColumn
set_MessagesDataGridViewTextBoxColumn
get_ReplyDataGridViewTextBoxColumn
set_ReplyDataGridViewTextBoxColumn
Support_Load
DataGridViewClipboardCopyMode
SupportBindingSource
UserNameDataGridViewTextBoxColumn
MessagesDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
SupportHandler_Load
_LoginBindingSource
_LoginTableAdapter
_PasswordDataGridViewTextBoxColumn
_AboutDataGridViewTextBoxColumn
_EmailDataGridViewTextBoxColumn
_OccupationDataGridViewTextBoxColumn
_PhoneDataGridViewTextBoxColumn
get_LoginBindingSource
set_LoginBindingSource
get_PasswordDataGridViewTextBoxColumn
set_PasswordDataGridViewTextBoxColumn
get_AboutDataGridViewTextBoxColumn
set_AboutDataGridViewTextBoxColumn
get_EmailDataGridViewTextBoxColumn
set_EmailDataGridViewTextBoxColumn
get_OccupationDataGridViewTextBoxColumn
set_OccupationDataGridViewTextBoxColumn
get_PhoneDataGridViewTextBoxColumn
set_PhoneDataGridViewTextBoxColumn
AdminHandler_Load
LoginBindingSource
PasswordDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
EmailDataGridViewTextBoxColumn
OccupationDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
AdminLoginPage_Load
SqlDataReader
_GroupBox2
_ChatsBindingSource
_ChatsTableAdapter
get_GroupBox2
set_GroupBox2
get_ChatsBindingSource
set_ChatsBindingSource
ChatPage_Load
GroupBox2
ChatsBindingSource
dBconn
connectionstring
executesqlstmt
ForgotPage_Load
TextBox2_Leave
PostPage_Load
_ComboBox1
ComboBox
connection
get_ComboBox1
set_ComboBox1
ProfilePage_Load
ObjectCollection
ComboBox1
PictureBox1_Click
Label1_Click
PictureBox3_Click
Label2_Click
HomePage_Load
PictureBox2_Click
Button3_Click_1
ComponentResourceManager
DataGridViewCellBorderStyle
_LinkLabel1
LinkLabel
_Label7
_Label8
LinkLabel1_LinkClicked
LinkLabelLinkClickedEventArgs
Label8_Click
TextBox5_Leave
GroupBox1_Enter
get_LinkLabel1
set_LinkLabel1
get_Label7
set_Label7
get_Label8
set_Label8
TextBoxBase
ContentAlignment
LinkLabelLinkClickedEventHandler
LinkLabel1
Label7
Label8
SettingsPage_Load
_MainLayoutPanel
TableLayoutPanel
get_MainLayoutPanel
set_MainLayoutPanel
SplashScreen1_Load
TableLayoutColumnStyleCollection
ColumnStyle
SizeType
DockStyle
TableLayoutRowStyleCollection
RowStyle
FormBorderStyle
FormStartPosition
AssemblyInfo
ApplicationBase
MainLayoutPanel
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
GeneratedCodeAttribute
System.CodeDom.Compiler
EditorBrowsableAttribute
EditorBrowsableState
STAThreadAttribute
DebuggerHiddenAttribute
DebuggerStepThroughAttribute
StandardModuleAttribute
Microsoft.VisualBasic.CompilerServices
HideModuleNameAttribute
HelpKeywordAttribute
System.ComponentModel.Design
MyGroupCollectionAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
DebuggerNonUserCodeAttribute
ApplicationScopedSettingAttribute
SpecialSettingAttribute
SpecialSetting
DefaultSettingValueAttribute
DesignerGeneratedAttribute
DebuggerBrowsableAttribute
DebuggerBrowsableState
AccessedThroughPropertyAttribute
DesignerCategoryAttribute
ToolboxItemAttribute
XmlSchemaProviderAttribute
System.Xml.Serialization
XmlRootAttribute
BrowsableAttribute
DesignerSerializationVisibilityAttribute
DesignerSerializationVisibility
DefaultMemberAttribute
DataObjectAttribute
DesignerAttribute
DataObjectMethodAttribute
DataObjectMethodType
EditorAttribute
ScrapBook.AddUpdateBooks.resources
ScrapBook.AddUpdateSupport.resources
ScrapBook.AddUpdateUser.resources
ScrapBook.AdminHome.resources
ScrapBook.BooksHandler.resources
ScrapBook.ChatPost.resources
ScrapBook.Credits.resources
ScrapBook.Support.resources
ScrapBook.SupportHandler.resources
ScrapBook.UsersHandler.resources
ScrapBook.AdminLoginPage.resources
ScrapBook.ChatPage.resources
ScrapBook.DeactivateSubPage.resources
ScrapBook.ForgotPage.resources
ScrapBook.PostPage.resources
ScrapBook.ProfilePage.resources
ScrapBook.HomePage.resources
ScrapBook.MainPage.resources
ScrapBook.Resources.resources
ScrapBook.SettingsPage.resources
ScrapBook.SplashScreen1.resources
IntPtr
get_Size
op_Equality
String
Concat
Environment
GetEnvironmentVariable
FailFast
get_ProcessName
ToLower
Contains
set_IsBackground
Start
get_CurrentThread
Sleep
Debugger
get_IsAttached
IsLogging
GetCurrentProcess
get_Handle
Close
get_IsAlive
ToInt32
GetProcessById
Marshal
SizeOf
get_UseCompatibleTextRendering
AuthenticationMode
set_IsSingleInstance
set_EnableVisualStyles
set_ShutdownStyle
ShutdownMode
set_MainForm
SetCompatibleTextRenderingDefault
set_SaveMySettingsOnExit
set_SplashScreen
TargetInvocationException
get_IsDisposed
Activator
GetTypeFromHandle
ContainsKey
Utils
GetResourceString
ProjectData
SetProjectError
get_InnerException
get_Message
Remove
RuntimeHelpers
GetObjectValue
ReferenceEquals
get_Assembly
GetObject
Synchronized
get_SaveMySettingsOnExit
ObjectFlowControl
CheckForSyncLockOnValueType
Monitor
Enter
add_Shutdown
Conversions
get_Tomato
SqlException
add_Load
SuspendLayout
set_AutoSize
set_Location
set_Name
set_Size
set_TabIndex
set_Text
set_UseVisualStyleBackColor
set_Multiline
set_AutoScaleDimensions
set_AutoScaleMode
set_BackColor
set_ClientSize
get_Controls
ResumeLayout
PerformLayout
remove_Click
add_Click
get_Text
Operators
CompareString
Interaction
MsgBox
ExecuteNonQuery
MessageBox
ClearProjectError
SystemColors
get_MenuHighlight
set_PasswordChar
get_AppWorkspace
remove_Leave
add_Leave
Focus
Regex
get_Success
get_SandyBrown
BeginInit
set_Font
set_BorderStyle
set_TabStop
EndInit
get_RosyBrown
get_White
get_SlateGray
set_AutoGenerateColumns
set_AutoSizeColumnsMode
set_AutoSizeRowsMode
set_BackgroundColor
set_ColumnHeadersHeightSizeMode
get_Columns
AddRange
set_DataSource
set_GridColor
set_DataPropertyName
set_HeaderText
set_Width
set_DataMember
set_DataSetName
get_Items
remove_CellMouseUp
add_CellMouseUp
get_Rows
get_IsNewRow
RemoveAt
get_Button
get_RowIndex
set_Selected
get_Cells
set_CurrentCell
get_Location
Cursor
get_Position
get_Teal
get_ButtonHighlight
set_ForeColor
Int32
Boolean
get_BigEndianUnicode
GetBytes
get_Length
CopyArray
NewLateBinding
LateIndexGet
LateGet
GetTypes
get_Violet
get_DarkViolet
set_SizeMode
set_BackgroundImageLayout
IsBinarySerialized
DetermineSchemaSerializationMode
GetSerializationData
add_CollectionChanged
GetValue
ReadXmlSchema
get_DataSetName
get_Prefix
set_Prefix
get_Namespace
set_Namespace
get_Locale
set_Locale
get_CaseSensitive
set_CaseSensitive
get_EnforceConstraints
set_EnforceConstraints
Merge
Reset
ReadXml
WriteXmlSchema
set_Position
set_Particle
get_TargetNamespace
Write
Schemas
GetEnumerator
get_Current
SetLength
ReadByte
MoveNext
Interlocked
CompareExchange
set_TableName
get_TableName
get_DataSet
get_MinimumCapacity
set_MinimumCapacity
Combine
NewRow
set_ItemArray
get_Constraints
set_AllowDBNull
set_Unique
set_MaxLength
set_MinOccurs
set_MaxOccurs
set_ProcessContents
set_FixedValue
get_Attributes
get_Table
set_Item
InvalidCastException
Convert
DBNull
ToDecimal
IsNull
get_InsertCommand
get_DeleteCommand
get_UpdateCommand
set_SourceTable
set_DataSetTable
get_ColumnMappings
get_TableMappings
set_DeleteCommand
set_CommandText
set_CommandType
get_Parameters
set_InsertCommand
set_UpdateCommand
set_ConnectionString
set_SelectCommand
Clear
set_Value
get_State
get_Value
get_HasValue
IEnumerable`1
ToArray
Dictionary`2
CopyTo
Select
HasChanges
BeginTransaction
get_AcceptChangesDuringUpdate
set_AcceptChangesDuringUpdate
Commit
AcceptChanges
Rollback
Debug
Assert
SetAdded
get_ConnectionString
IDictionary`2
ICollection`1
KeyValuePair`2
CompareTo
GetParentRow
IndexOf
get_Olive
set_AllowUserToAddRows
set_AllowUserToDeleteRows
set_AllowUserToOrderColumns
set_ClipboardCopyMode
get_LightSalmon
get_Red
get_Chocolate
get_Yellow
get_Transparent
set_DoubleBuffered
get_DarkGreen
ExecuteReader
get_SteelBlue
get_ButtonFace
get_Peru
get_Crimson
get_Tan
get_Brown
get_Salmon
get_MidnightBlue
get_WhiteSmoke
get_ActiveCaptionText
set_CellBorderStyle
set_ReadOnly
set_Icon
get_Black
get_Lime
FromArgb
get_DarkOliveGreen
set_LinkColor
set_VisitedLinkColor
get_Control
set_ImageAlign
remove_LinkClicked
add_LinkClicked
remove_Enter
add_Enter
get_DarkRed
set_ColumnCount
get_ColumnStyles
set_Dock
get_RowStyles
set_ControlBox
set_FormBorderStyle
set_MaximizeBox
set_MinimizeBox
set_ShowInTaskbar
set_StartPosition
get_Info
WrapNonExceptionThrows
ScrapBook
Copyright
2017
$1c6213db-06c8-4009-b436-92604df14741
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
MyTemplate
11.0.0.0
My.Computer
My.Application
My.User
My.Forms
My.WebServices
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.7.0.0
RData Source=(localdb)\ProjectsV13;Initial Catalog=ScrapDB;Integrated Security=True
My.Settings
Label3
Label2
Label1
Button2
Button1
TextBox3
TextBox2
TextBox1
Button3
TextBox4
TextBox5
TextBox6
Label4
Label5
Label6
PictureBox1
Button4
Button6
Button5
DataGridView1
Button7
ScrapDBDataSet
BooksBindingSource
BooksTableAdapter
TitleDataGridViewTextBoxColumn
DetailsDataGridViewTextBoxColumn
AuthorDataGridViewTextBoxColumn
ContextMenuStrip1
DeleteRowToolStripMenuItem
GroupBox1
GroupBox3
GroupBox4
GroupBox5
PictureBox3
PictureBox2
GetTypedDataSetSchema
vs.data.DataSet
(System.Data.Design.TypedDataSetGenerator
16.0.0.0
GetTypedTableSchema
Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
vs.data.TableAdapter
_adapter
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
vs.data.TableAdapterManager
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerPropertyEditor, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"System.Drawing.Design.UITypeEditor
SupportBindingSource
SupportTableAdapter
!UserNameDataGridViewTextBoxColumn
!MessagesDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
LoginBindingSource
LoginTableAdapter
!PasswordDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
EmailDataGridViewTextBoxColumn
#OccupationDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
GroupBox2
ChatsBindingSource
ChatsTableAdapter
ComboBox1
LinkLabel1
Label7
Label8
MainLayoutPanel
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
$this.Icon
StNcHX
_PROFILER
dnspy
_ENABLE_PROFILING
WinForms_RecursiveFormCreate
WinForms_SeeInnerException
Property can only be set to Nothing
ScrapBook.Resources
StNcHX
ScrapDBConnectionString
AboutBook
Update
AddUpdateBooks
Label1
Author
TextBox2
Label2
Button3
Button1
TextBox1
BookTitle
Button2
Label3
Delete
TextBox3
Don't keep blank Credentials for Title
Don't keep blank Credentials for Details
Don't keep blank Credentials for Author
insert into Books (Title, Details, Author) values ('
Book Posted
Delete From Books Where Title='
Book Deleted
Update Books Set Details='
', Author = '
' WHERE Title='
Book Updated
AddUpdateSupport
UserName
Reply
Message
Don't keep blank Credentials for User
Don't keep blank Credentials for message
Update Support Set Reply='
' WHERE UserName='
Replied User
Delete From Support Where UserName='
Messages Deleted
Label6
About
Occupation
Label5
TextBox6
Email
TextBox5
TextBox4
AddUpdateUser
Label4
Phone
Password
Don't keep blank Credentials for Password
Don't keep blank Credentials for UserName
Update Login Set Password='
', Email = '
' , About = '
', Occupation = '
', Phone = '
Profile Updated
Delete From login Where UserName='
Profile Deleted
insert into Login (UserName, Password, About, Email, Phone, Occupation) values ('
Profile Added
Enter a Valid Email
Warning
^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$
Microsoft Sans Serif
SignOut
SupportHandler DB
PictureBox1
AdminHome
UsersHandler DB
BooksHandler DB
Button4
Sign Out
Button5
Books
BooksHandler
Details
Refresh
Users DB
DeleteRowToolStripMenuItem
Button6
Title
TitleDataGridViewTextBoxColumn
ScrapDBDataSet
AuthorDataGridViewTextBoxColumn
DetailsDataGridViewTextBoxColumn
Delete Row
ContextMenuStrip1
Button7
BooksHandlerDB
DataGridView1
Support DB
Message:
UserName:
ChatPost
ChatForm
Please fill the blank boxes
insert into Chats (UserName,Messages) values ('
REKlks
CreateInstance
Green
ScrapBook
GroupBox3
PictureBox2
Georgia
Credits
Sarvesh Kumar Modi
15YASB7111
GroupBox4
Vishnu KP
15YASB7137
Tejram Patel
15YASB7128
GroupBox1
PictureBox3
GroupBox5
XmlSchema
Admin
Chats
Login
Support
http://tempuri.org/ScrapDBDataSet.xsd
Constraint1
tableTypeName
AdminDataTable
http://www.w3.org/2001/XMLSchema
namespace
urn:schemas-microsoft-com:xml-diffgram-v1
BooksDataTable
Messages
ChatsDataTable
LoginDataTable
SupportDataTable
The value for column 'About' in table 'Login' is DBNull.
The value for column 'Email' in table 'Login' is DBNull.
The value for column 'Occupation' in table 'Login' is DBNull.
The value for column 'Phone' in table 'Login' is DBNull.
The value for column 'Reply' in table 'Support' is DBNull.
@Original_Admin
DELETE FROM [dbo].[Admin] WHERE (([Admin] = @Original_Admin) AND ([Password] = @Original_Password))
@Admin
@Password
@Original_Password
Table
INSERT INTO [dbo].[Admin] ([Admin], [Password]) VALUES (@Admin, @Password);
SELECT Admin, Password FROM Admin WHERE (Admin = @Admin)
UPDATE [dbo].[Admin] SET [Admin] = @Admin, [Password] = @Password WHERE (([Admin] = @Original_Admin) AND ([Password] = @Original_Password));
SELECT Admin, Password FROM Admin WHERE (Admin = @Admin)
SELECT Admin, Password FROM dbo.Admin
Original_Password
Original_Admin
@Title
@Details
INSERT INTO [dbo].[Books] ([Title], [Details], [Author]) VALUES (@Title, @Details, @Author);
SELECT Title, Details, Author FROM Books WHERE (Title = @Title)
UPDATE [dbo].[Books] SET [Title] = @Title, [Details] = @Details, [Author] = @Author WHERE (([Title] = @Original_Title) AND ([Author] = @Original_Author));
SELECT Title, Details, Author FROM Books WHERE (Title = @Title)
DELETE FROM [dbo].[Books] WHERE (([Title] = @Original_Title) AND ([Author] = @Original_Author))
@Author
@Original_Author
@Original_Title
SELECT Title, Details, Author FROM dbo.Books
Original_Title
Original_Author
@UserName
@Original_UserName
DELETE FROM [dbo].[Chats] WHERE (([UserName] = @Original_UserName))
UPDATE [dbo].[Chats] SET [UserName] = @UserName, [Messages] = @Messages WHERE (([UserName] = @Original_UserName));
SELECT UserName, Messages FROM Chats WHERE (UserName = @UserName)
@Messages
INSERT INTO [dbo].[Chats] ([UserName], [Messages]) VALUES (@UserName, @Messages);
SELECT UserName, Messages FROM Chats WHERE (UserName = @UserName)
SELECT UserName, Messages FROM dbo.Chats
Original_UserName
@About
@IsNull_Email
@Original_Email
@IsNull_Occupation
@Email
DELETE FROM [dbo].[Login] WHERE (([UserName] = @Original_UserName) AND ([Password] = @Original_Password) AND ((@IsNull_Email = 1 AND [Email] IS NULL) OR ([Email] = @Original_Email)) AND ((@IsNull_Occupation = 1 AND [Occupation] IS NULL) OR ([Occupation] = @Original_Occupation)) AND ((@IsNull_Phone = 1 AND [Phone] IS NULL) OR ([Phone] = @Original_Phone)))
@Original_Phone
@Original_Occupation
@Occupation
@IsNull_Phone
@Phone
INSERT INTO [dbo].[Login] ([UserName], [Password], [About], [Email], [Occupation], [Phone]) VALUES (@UserName, @Password, @About, @Email, @Occupation, @Phone);
SELECT UserName, Password, About, Email, Occupation, Phone FROM Login WHERE (UserName = @UserName)
UPDATE [dbo].[Login] SET [UserName] = @UserName, [Password] = @Password, [About] = @About, [Email] = @Email, [Occupation] = @Occupation, [Phone] = @Phone WHERE (([UserName] = @Original_UserName) AND ([Password] = @Original_Password) AND ((@IsNull_Email = 1 AND [Email] IS NULL) OR ([Email] = @Original_Email)) AND ((@IsNull_Occupation = 1 AND [Occupation] IS NULL) OR ([Occupation] = @Original_Occupation)) AND ((@IsNull_Phone = 1 AND [Phone] IS NULL) OR ([Phone] = @Original_Phone)));
SELECT UserName, Password, About, Email, Occupation, Phone FROM Login WHERE (UserName = @UserName)
SELECT UserName, Password, About, Email, Occupation, Phone FROM dbo.Login
DELETE FROM [dbo].[Support] WHERE (([UserName] = @Original_UserName))
UPDATE [dbo].[Support] SET [UserName] = @UserName, [Messages] = @Messages, [Reply] = @Reply WHERE (([UserName] = @Original_UserName));
SELECT UserName, Messages, Reply FROM Support WHERE (UserName = @UserName)
@Reply
INSERT INTO [dbo].[Support] ([UserName], [Messages], [Reply]) VALUES (@UserName, @Messages, @Reply);
SELECT UserName, Messages, Reply FROM Support WHERE (UserName = @UserName)
SELECT UserName, Messages, Reply FROM dbo.Support
All TableAdapters managed by a TableAdapterManager must use the same connection string.
The transaction cannot begin. The current data connection does not support transactions or the current state is not allowing the transaction to begin.
dataSet
TableAdapterManager contains no connection information. Set each TableAdapterManager TableAdapter property to a valid TableAdapter instance.
Post to Support
UserNameDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
MessagesDataGridViewTextBoxColumn
Please fill the blank boxe
insert into Support (UserName, Messages) values ('
Support Message Sent
SupportHandler
Books DB
EmailDataGridViewTextBoxColumn
UserHandlerDB
PhoneDataGridViewTextBoxColumn
PasswordDataGridViewTextBoxColumn
UsersHandler
OccupationDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
Log In
AdminLoginPage
ScrapBook Admin
Go Back
Don't leave Blank Credentials
select Admin, Password from Admin where Admin = '
'AND Password = '
OOOps login failed
ChatPage
GroupBox2
Integrated Security=true; Initial Catalog = ScrapDB ; Data source=(localdb)\ProjectsV13;
Your Account is Deactivated
Sign Up Again
DeactivateSubPage
Deactivation
Forgot Password
Reset
ForgotPage
NewPassWord
Update login Set Password = '
' WHERE Email ='
Passowrd Resest Done!!!
PostPage
About The Book
Book Title
Don't keep blank credentials
insert into Books (Title, Details, Author) values ('
Book Posted!!!
Server= (localdb)\ProjectsV13; Database = ScrapDB; Integrated Security = true
Profile Page
ProfilePage
Reader
Publisher
Save/Update
About you
ComboBox1
Update login Set Email = '
', Phone =
WHERE UserName='
Settings
Profile
HomePage
Home
$this.Icon
select UserName, Password from Login where UserName = '
Ooops!! Login Failed
Welcome Back...!!!
insert into Login (UserName, Password, Email) values ('
Welcome New User...!!!
Create An Account
LinkLabel1
helps you learn and share with the people in your life.
Label8
Email*
Label7
User Name*
Welcome to ScrapBook
Password*
Login/SignUp
MainPage
Sign Up
Forgot Password ?
Ask For Support
Deactivate Account
Update Profile
SettingsPage
Profile Deactivated
SplashScreen1
MainLayoutPanel
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
ScrapBook
FileVersion
1.0.0.0
InternalName
HfoZ.exe
LegalCopyright
Copyright
2017
LegalTrademarks
OriginalFilename
HfoZ.exe
ProductName
ScrapBook
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0

Full Results

Engine Signature Engine Signature Engine Signature
Bkav Clean MicroWorld-eScan Clean CMC Clean
McAfee Clean Cylance Unsafe VIPRE Clean
SUPERAntiSpyware Clean Sangfor Malware K7AntiVirus Clean
Alibaba Clean K7GW Clean Cybereason Clean
Invincea Clean Baidu Clean Cyren Clean
Symantec Clean TotalDefense Clean APEX Malicious
Avast Clean ClamAV Clean Kaspersky Clean
BitDefender Clean NANO-Antivirus Clean Paloalto Clean
ViRobot Clean Tencent Clean Ad-Aware Clean
Emsisoft Clean Comodo Clean F-Secure Clean
DrWeb Clean Zillya Clean TrendMicro Clean
McAfee-GW-Edition PWS-FCRK!7F86CF4BE708 Sophos Clean Ikarus Clean
Jiangmin Clean Webroot Clean Avira Clean
Antiy-AVL Clean Kingsoft Clean Arcabit Clean
AegisLab Clean ZoneAlarm Clean Microsoft Clean
Cynet Clean AhnLab-V3 Clean Acronis Clean
ALYac Clean TACHYON Clean Malwarebytes Clean
Zoner Clean ESET-NOD32 Clean TrendMicro-HouseCall Clean
Rising Clean Yandex Clean SentinelOne Clean
eGambit Clean Fortinet Clean BitDefenderTheta Gen:[email protected]
AVG Clean Panda Clean CrowdStrike Clean
Qihoo-360 HEUR/QVM03.0.A943.Malware.Gen
Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
Defense Evasion
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1045 - Software Packing
    • Signature - packer_entropy

    Processing ( 10.079 seconds )

    • 5.253 Suricata
    • 2.929 CAPE
    • 0.954 Static
    • 0.359 VirusTotal
    • 0.189 BehaviorAnalysis
    • 0.121 static_dotnet
    • 0.101 TargetInfo
    • 0.084 AnalysisInfo
    • 0.04 Deduplicate
    • 0.033 Strings
    • 0.007 peid
    • 0.006 Debug
    • 0.002 NetworkAnalysis
    • 0.001 ProcDump

    Signatures ( 0.41100000000000014 seconds )

    • 0.068 antiav_detectreg
    • 0.032 territorial_disputes_sigs
    • 0.029 infostealer_ftp
    • 0.022 masquerade_process_name
    • 0.02 antiav_detectfile
    • 0.017 infostealer_im
    • 0.015 antianalysis_detectreg
    • 0.014 ransomware_files
    • 0.012 infostealer_bitcoin
    • 0.01 antianalysis_detectfile
    • 0.01 ransomware_extensions
    • 0.008 antivm_vbox_files
    • 0.008 infostealer_mail
    • 0.007 antivm_vbox_keys
    • 0.005 decoy_document
    • 0.005 NewtWire Behavior
    • 0.005 stealth_timeout
    • 0.005 antivm_vmware_keys
    • 0.005 geodo_banking_trojan
    • 0.004 api_spamming
    • 0.004 persistence_autorun
    • 0.004 antivm_parallels_keys
    • 0.004 antivm_xen_keys
    • 0.004 predatorthethief_files
    • 0.004 qulab_files
    • 0.003 Doppelganging
    • 0.003 betabot_behavior
    • 0.003 dynamic_function_loading
    • 0.003 antidbg_devices
    • 0.003 antivm_vmware_files
    • 0.002 InjectionCreateRemoteThread
    • 0.002 Unpacker
    • 0.002 antiemu_wine_func
    • 0.002 antivm_generic_disk
    • 0.002 antivm_generic_scsi
    • 0.002 hawkeye_behavior
    • 0.002 infostealer_browser
    • 0.002 injection_createremotethread
    • 0.002 kibex_behavior
    • 0.002 malicious_dynamic_function_loading
    • 0.002 network_tor
    • 0.002 antivm_generic_diskreg
    • 0.002 antivm_vpc_keys
    • 0.002 disables_backups
    • 0.002 revil_mutexes
    • 0.002 ursnif_behavior
    • 0.001 InjectionInterProcess
    • 0.001 InjectionProcessHollowing
    • 0.001 antiav_360_libs
    • 0.001 antidebug_guardpages
    • 0.001 antivm_generic_services
    • 0.001 antivm_vbox_libs
    • 0.001 bootkit
    • 0.001 guloader_apis
    • 0.001 exec_crash
    • 0.001 exploit_gethaldispatchtable
    • 0.001 exploit_heapspray
    • 0.001 hancitor_behavior
    • 0.001 infostealer_browser_password
    • 0.001 masslogger_artifacts
    • 0.001 injection_runpe
    • 0.001 kazybot_behavior
    • 0.001 kovter_behavior
    • 0.001 mimics_filetime
    • 0.001 rat_nanocore
    • 0.001 OrcusRAT Behavior
    • 0.001 reads_self
    • 0.001 accesses_recyclebin
    • 0.001 shifu_behavior
    • 0.001 stealth_file
    • 0.001 tinba_behavior
    • 0.001 virus
    • 0.001 antivm_xen_keys
    • 0.001 antivm_hyperv_keys
    • 0.001 antivm_vbox_devices
    • 0.001 ketrican_regkeys
    • 0.001 browser_security
    • 0.001 bypass_firewall
    • 0.001 codelux_behavior
    • 0.001 darkcomet_regkeys
    • 0.001 disables_browser_warn
    • 0.001 azorult_mutexes
    • 0.001 limerat_regkeys
    • 0.001 obliquerat_files
    • 0.001 rat_pcclient
    • 0.001 warzonerat_regkeys
    • 0.001 recon_fingerprint
    • 0.001 targeted_flame
    • 0.001 lokibot_mutexes

    Reporting ( 7.949 seconds )

    • 7.128 BinGraph
    • 0.821 MITRE_TTPS