Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-10-18 06:39:14 2020-10-18 06:44:11 297 seconds Show Options Show Log
route = tor
2020-05-13 09:25:38,211 [root] INFO: Date set to: 20201018T06:37:00, timeout set to: 200
2020-10-18 06:37:00,062 [root] DEBUG: Starting analyzer from: C:\tmp2ssujfce
2020-10-18 06:37:00,062 [root] DEBUG: Storing results at: C:\MXCHyKPu
2020-10-18 06:37:00,062 [root] DEBUG: Pipe server name: \\.\PIPE\ClnMmBHaLq
2020-10-18 06:37:00,062 [root] DEBUG: Python path: C:\Users\Louise\AppData\Local\Programs\Python\Python38-32
2020-10-18 06:37:00,062 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-10-18 06:37:00,062 [root] INFO: Automatically selected analysis package "exe"
2020-10-18 06:37:00,062 [root] DEBUG: Importing analysis package "exe"...
2020-10-18 06:37:00,109 [root] DEBUG: Initializing analysis package "exe"...
2020-10-18 06:37:00,218 [root] DEBUG: Importing auxiliary module "modules.auxiliary.browser"...
2020-10-18 06:37:00,218 [root] DEBUG: Importing auxiliary module "modules.auxiliary.curtain"...
2020-10-18 06:37:00,234 [root] DEBUG: Importing auxiliary module "modules.auxiliary.digisig"...
2020-10-18 06:37:00,249 [root] DEBUG: Importing auxiliary module "modules.auxiliary.disguise"...
2020-10-18 06:37:00,281 [root] DEBUG: Importing auxiliary module "modules.auxiliary.human"...
2020-10-18 06:37:00,296 [root] DEBUG: Importing auxiliary module "modules.auxiliary.procmon"...
2020-10-18 06:37:00,296 [root] DEBUG: Importing auxiliary module "modules.auxiliary.screenshots"...
2020-10-18 06:37:00,312 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-10-18 06:37:00,312 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-10-18 06:37:00,312 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-10-18 06:37:00,312 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-10-18 06:37:00,312 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-10-18 06:37:00,312 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-10-18 06:37:00,312 [lib.api.screenshot] DEBUG: Importing 'math'
2020-10-18 06:37:00,312 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-10-18 06:37:01,265 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-10-18 06:37:01,453 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-10-18 06:37:01,484 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-10-18 06:37:01,484 [root] DEBUG: Importing auxiliary module "modules.auxiliary.sysmon"...
2020-10-18 06:37:01,484 [root] DEBUG: Importing auxiliary module "modules.auxiliary.usage"...
2020-10-18 06:37:01,500 [root] DEBUG: Initializing auxiliary module "Browser"...
2020-10-18 06:37:01,500 [root] DEBUG: Started auxiliary module Browser
2020-10-18 06:37:01,500 [root] DEBUG: Initializing auxiliary module "Curtain"...
2020-10-18 06:37:01,515 [root] DEBUG: Started auxiliary module Curtain
2020-10-18 06:37:01,515 [root] DEBUG: Initializing auxiliary module "DigiSig"...
2020-10-18 06:37:01,515 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-10-18 06:37:02,625 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-10-18 06:37:02,640 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-10-18 06:37:02,640 [root] DEBUG: Started auxiliary module DigiSig
2020-10-18 06:37:02,640 [root] DEBUG: Initializing auxiliary module "Disguise"...
2020-10-18 06:37:02,656 [modules.auxiliary.disguise] INFO: Disguising GUID to b989f623-3af2-4fb5-9c07-553ca3507d2a
2020-10-18 06:37:02,656 [root] DEBUG: Started auxiliary module Disguise
2020-10-18 06:37:02,656 [root] DEBUG: Initializing auxiliary module "Human"...
2020-10-18 06:37:02,671 [root] DEBUG: Started auxiliary module Human
2020-10-18 06:37:02,671 [root] DEBUG: Initializing auxiliary module "Procmon"...
2020-10-18 06:37:02,671 [root] DEBUG: Started auxiliary module Procmon
2020-10-18 06:37:02,671 [root] DEBUG: Initializing auxiliary module "Screenshots"...
2020-10-18 06:37:02,671 [root] DEBUG: Started auxiliary module Screenshots
2020-10-18 06:37:02,671 [root] DEBUG: Initializing auxiliary module "Sysmon"...
2020-10-18 06:37:02,687 [root] DEBUG: Started auxiliary module Sysmon
2020-10-18 06:37:02,687 [root] DEBUG: Initializing auxiliary module "Usage"...
2020-10-18 06:37:02,687 [root] DEBUG: Started auxiliary module Usage
2020-10-18 06:37:02,687 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-10-18 06:37:02,687 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-10-18 06:37:02,687 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-10-18 06:37:02,687 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-10-18 06:37:02,812 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe" with arguments "" with pid 1384
2020-10-18 06:37:02,812 [lib.api.process] INFO: Monitor config for process 1384: C:\tmp2ssujfce\dll\1384.ini
2020-10-18 06:37:02,812 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:02,875 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:02,890 [root] DEBUG: Loader: Injecting process 1384 (thread 840) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:02,890 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:02,890 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:02,890 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:04,906 [lib.api.process] INFO: Successfully resumed process with pid 1384
2020-10-18 06:37:06,328 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:37:06,328 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:37:06,343 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 1384 at 0x70380000, image base 0x380000, stack from 0x2e5000-0x2f0000
2020-10-18 06:37:06,343 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe"
2020-10-18 06:37:06,406 [root] INFO: Loaded monitor into process with pid 1384
2020-10-18 06:37:06,406 [root] DEBUG: set_caller_info: Adding region at 0x001F0000 to caller regions list (advapi32::RegQueryInfoKeyW).
2020-10-18 06:37:06,406 [root] DEBUG: DumpPEsInRange: Scanning range 0x1f0000 - 0x2f0000.
2020-10-18 06:37:06,406 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x1f0000
2020-10-18 06:37:06,421 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x1f0000
2020-10-18 06:37:06,421 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x001F0000 size 0x100000.
2020-10-18 06:37:06,593 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\MXCHyKPu\CAPE\1384_175515267963715180102020 (size 0x878)
2020-10-18 06:37:06,593 [root] DEBUG: DumpRegion: Dumped region at 0x002EF000, size 0x1000.
2020-10-18 06:37:06,593 [root] DEBUG: set_caller_info: Adding region at 0x02060000 to caller regions list (advapi32::RegOpenKeyExW).
2020-10-18 06:37:06,609 [root] DEBUG: DumpPEsInRange: Scanning range 0x2060000 - 0x2460000.
2020-10-18 06:37:06,625 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x20a5fc1
2020-10-18 06:37:06,640 [root] DEBUG: DumpMemory: Exception occurred reading memory address 0x2060000
2020-10-18 06:37:06,656 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x02060000 size 0x400000.
2020-10-18 06:37:06,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\MXCHyKPu\CAPE\1384_123119444863715180102020 (size 0x1a41)
2020-10-18 06:37:06,687 [root] DEBUG: DumpRegion: Dumped region at 0x0241D000, size 0x10000.
2020-10-18 06:37:06,687 [root] DEBUG: set_caller_info: Adding region at 0x00410000 to caller regions list (kernel32::FindFirstFileExW).
2020-10-18 06:37:06,703 [root] DEBUG: DumpPEsInRange: Scanning range 0x410000 - 0x598000.
2020-10-18 06:37:06,703 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x417ff5
2020-10-18 06:37:06,703 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x41800d
2020-10-18 06:37:06,703 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x418025
2020-10-18 06:37:06,703 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x41803d
2020-10-18 06:37:06,703 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x418055
2020-10-18 06:37:06,718 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x41806d
2020-10-18 06:37:06,718 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x418085
2020-10-18 06:37:06,718 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x41809d
2020-10-18 06:37:06,718 [root] DEBUG: TestPERequirements: Exception occurred reading region at 0x4180b5
2020-10-18 06:37:06,718 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x417fc1
2020-10-18 06:37:06,718 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x598000
2020-10-18 06:37:06,718 [root] DEBUG: DumpMemory: Nothing to dump at 0x00410000!
2020-10-18 06:37:06,734 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00410000 size 0x188000.
2020-10-18 06:37:06,750 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x590000
2020-10-18 06:37:06,750 [root] DEBUG: DumpMemory: Nothing to dump at 0x00570000!
2020-10-18 06:37:06,750 [root] DEBUG: DumpRegion: Failed to dump region at 0x00570000 size 0x20000.
2020-10-18 06:37:06,765 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xd4 and local view 0x72D60000 to global list.
2020-10-18 06:37:06,765 [root] DEBUG: DLL loaded at 0x72D60000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7d000 bytes).
2020-10-18 06:37:06,781 [root] DEBUG: DLL unloaded from 0x760C0000.
2020-10-18 06:37:06,890 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe4 and local view 0x002F0000 to global list.
2020-10-18 06:37:06,906 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe0 and local view 0x002F0000 to global list.
2020-10-18 06:37:06,921 [root] DEBUG: DLL loaded at 0x73590000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-10-18 06:37:06,921 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x72670000 for section view with handle 0xe4.
2020-10-18 06:37:06,937 [root] DEBUG: DLL loaded at 0x72670000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr (0x6ef000 bytes).
2020-10-18 06:37:06,937 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x73380000 for section view with handle 0xe4.
2020-10-18 06:37:06,953 [root] DEBUG: DLL loaded at 0x73380000: C:\Windows\system32\MSVCR120_CLR0400 (0xf5000 bytes).
2020-10-18 06:37:07,421 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x108 and local view 0x00170000 to global list.
2020-10-18 06:37:07,437 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x10c and local view 0x00180000 to global list.
2020-10-18 06:37:07,453 [root] INFO: Disabling sleep skipping.
2020-10-18 06:37:07,515 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1c8 and local view 0x05D80000 to global list.
2020-10-18 06:37:07,750 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x208 and local view 0x6D680000 to global list.
2020-10-18 06:37:07,765 [root] DEBUG: DLL loaded at 0x6D680000: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni (0x1393000 bytes).
2020-10-18 06:37:08,312 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x228 and local view 0x6EF90000 to global list.
2020-10-18 06:37:08,312 [root] DEBUG: DLL loaded at 0x6EF90000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni (0xa10000 bytes).
2020-10-18 06:37:08,406 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6CEA0000 for section view with handle 0x228.
2020-10-18 06:37:08,421 [root] DEBUG: DLL loaded at 0x6CEA0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni (0x7e0000 bytes).
2020-10-18 06:37:08,484 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x224 and local view 0x6EDB0000 to global list.
2020-10-18 06:37:08,500 [root] DEBUG: DLL loaded at 0x6EDB0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni (0x1d1000 bytes).
2020-10-18 06:37:08,656 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x220 and local view 0x6ED30000 to global list.
2020-10-18 06:37:08,656 [root] DEBUG: DLL loaded at 0x6ED30000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit (0x80000 bytes).
2020-10-18 06:37:08,781 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6EB90000 for section view with handle 0x228.
2020-10-18 06:37:08,781 [root] DEBUG: DLL loaded at 0x6EB90000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni (0x194000 bytes).
2020-10-18 06:37:08,828 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6C180000 for section view with handle 0x224.
2020-10-18 06:37:08,843 [root] DEBUG: DLL loaded at 0x6C180000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni (0xd1d000 bytes).
2020-10-18 06:37:09,156 [root] DEBUG: set_caller_info: Adding region at 0x005B0000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-10-18 06:37:09,156 [root] DEBUG: DumpPEsInRange: Scanning range 0x5b0000 - 0x5c0000.
2020-10-18 06:37:09,156 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x5b0fc1
2020-10-18 06:37:09,156 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x5c0000
2020-10-18 06:37:09,218 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\MXCHyKPu\CAPE\1384_58260908293715180102020 (size 0x4c7)
2020-10-18 06:37:09,234 [root] DEBUG: DumpRegion: Dumped region at 0x005B0000, size 0x1000.
2020-10-18 06:37:09,687 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x22c and local view 0x6C080000 to global list.
2020-10-18 06:37:09,687 [root] DEBUG: DLL loaded at 0x6C080000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni (0xfc000 bytes).
2020-10-18 06:37:09,750 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x234 and local view 0x704D0000 to global list.
2020-10-18 06:37:09,765 [root] DEBUG: DLL loaded at 0x704D0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting (0x13000 bytes).
2020-10-18 06:37:09,781 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x062D0000 for section view with handle 0x234.
2020-10-18 06:37:09,906 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6B940000 for section view with handle 0x234.
2020-10-18 06:37:09,937 [root] DEBUG: DLL loaded at 0x6B940000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni (0x73e000 bytes).
2020-10-18 06:37:10,046 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\syswow64\shell32 (0xc4c000 bytes).
2020-10-18 06:37:10,046 [root] DEBUG: DLL loaded at 0x74440000: C:\Windows\system32\profapi (0xb000 bytes).
2020-10-18 06:37:10,078 [root] DEBUG: set_caller_info: Adding region at 0x001A0000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-10-18 06:37:10,078 [root] DEBUG: DumpPEsInRange: Scanning range 0x1a0000 - 0x1b0000.
2020-10-18 06:37:10,078 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x1a0fc1
2020-10-18 06:37:10,078 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x1b0000
2020-10-18 06:37:10,078 [root] DEBUG: DumpMemory: Nothing to dump at 0x001A0000!
2020-10-18 06:37:10,078 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x001A0000 size 0x10000.
2020-10-18 06:37:10,125 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\MXCHyKPu\CAPE\1384_946351378303715180102020 (size 0x5b7)
2020-10-18 06:37:10,125 [root] DEBUG: DumpRegion: Dumped region at 0x001AD000, size 0x1000.
2020-10-18 06:37:10,156 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\bcrypt (0x17000 bytes).
2020-10-18 06:37:10,171 [root] DEBUG: DLL loaded at 0x744D0000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-10-18 06:37:10,187 [root] DEBUG: DLL loaded at 0x74400000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-10-18 06:37:10,265 [root] DEBUG: DLL loaded at 0x6EB00000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32 (0x84000 bytes).
2020-10-18 06:37:10,265 [root] DEBUG: set_caller_info: Adding region at 0x002F0000 to caller regions list (ntdll::LdrGetProcedureAddress).
2020-10-18 06:37:10,265 [root] DEBUG: DumpPEsInRange: Scanning range 0x2f0000 - 0x300000.
2020-10-18 06:37:10,265 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x2f9fc1
2020-10-18 06:37:10,265 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x300000
2020-10-18 06:37:10,265 [root] DEBUG: DumpMemory: Nothing to dump at 0x002F0000!
2020-10-18 06:37:10,265 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x002F0000 size 0x10000.
2020-10-18 06:37:10,328 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\MXCHyKPu\CAPE\1384_1649890728303715180102020 (size 0xf6)
2020-10-18 06:37:10,328 [root] DEBUG: DumpRegion: Dumped region at 0x002FD000, size 0x1000.
2020-10-18 06:37:10,437 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x274 and local view 0x6B870000 to global list.
2020-10-18 06:37:10,453 [root] DEBUG: DLL loaded at 0x6B870000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\badfff92e7e4f52c948920e4a4975073\System.Runtime.Remoting.ni (0xc9000 bytes).
2020-10-18 06:37:10,484 [root] DEBUG: DLL loaded at 0x736C0000: C:\Windows\system32\uxtheme (0x80000 bytes).
2020-10-18 06:37:10,500 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x26c and local view 0x6B370000 to global list.
2020-10-18 06:37:10,671 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x278 and local view 0x03510000 to global list.
2020-10-18 06:37:10,781 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x00800000 for section view with handle 0x278.
2020-10-18 06:37:21,421 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x27c and local view 0x71170000 to global list.
2020-10-18 06:37:21,437 [root] DEBUG: DLL loaded at 0x71170000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\gdiplus (0x192000 bytes).
2020-10-18 06:37:21,500 [root] DEBUG: DLL loaded at 0x71030000: C:\Windows\system32\WindowsCodecs (0x131000 bytes).
2020-10-18 06:37:21,500 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x284 and local view 0x01FF0000 to global list.
2020-10-18 06:37:21,500 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x02000000 for section view with handle 0x284.
2020-10-18 06:37:21,500 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x02010000 for section view with handle 0x284.
2020-10-18 06:37:21,750 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x28c and local view 0x039D0000 to global list.
2020-10-18 06:37:21,843 [root] DEBUG: set_caller_info: Adding region at 0x05C60000 to caller regions list (ntdll::NtQueryPerformanceCounter).
2020-10-18 06:37:21,843 [root] DEBUG: DumpPEsInRange: Scanning range 0x5c60000 - 0x5c70000.
2020-10-18 06:37:21,843 [root] DEBUG: ScanForDisguisedPE: Exception occurred scanning buffer at 0x5c65fc1
2020-10-18 06:37:21,859 [root] DEBUG: ScanForNonZero: Exception occurred reading memory address 0x5c70000
2020-10-18 06:37:21,859 [root] DEBUG: DumpMemory: Nothing to dump at 0x05C60000!
2020-10-18 06:37:21,859 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x05C60000 size 0x10000.
2020-10-18 06:37:21,890 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\MXCHyKPu\CAPE\1384_511301010233815180102020 (size 0x1914)
2020-10-18 06:37:21,890 [root] DEBUG: DumpRegion: Dumped region at 0x05C64000, size 0x2000.
2020-10-18 06:37:21,921 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x03770000 for section view with handle 0x28c.
2020-10-18 06:37:22,078 [root] DEBUG: DLL loaded at 0x74380000: C:\Windows\system32\ntmarta (0x21000 bytes).
2020-10-18 06:37:22,078 [root] DEBUG: DLL loaded at 0x76E50000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2020-10-18 06:37:22,109 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\Roaming\qScnmZGp.exe
2020-10-18 06:37:22,187 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp
2020-10-18 06:37:22,203 [root] DEBUG: DLL loaded at 0x70F30000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2020-10-18 06:37:22,218 [root] DEBUG: DLL loaded at 0x73A10000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-10-18 06:37:22,218 [root] DEBUG: DLL loaded at 0x74CD0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-10-18 06:37:22,312 [root] DEBUG: DLL loaded at 0x76170000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-10-18 06:37:22,328 [root] DEBUG: DLL loaded at 0x6A2F0000: C:\Windows\SysWOW64\ieframe (0xaba000 bytes).
2020-10-18 06:37:22,328 [root] DEBUG: DLL loaded at 0x76EF0000: C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-10-18 06:37:22,328 [root] DEBUG: DLL loaded at 0x74E90000: C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-10-18 06:37:22,343 [root] DEBUG: DLL loaded at 0x76E40000: C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-10-18 06:37:22,343 [root] DEBUG: DLL loaded at 0x73D80000: C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2020-10-18 06:37:22,343 [root] DEBUG: DLL loaded at 0x76EE0000: C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-10-18 06:37:22,343 [root] DEBUG: DLL loaded at 0x767F0000: C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-10-18 06:37:22,343 [root] DEBUG: DLL loaded at 0x766F0000: C:\Windows\syswow64\normaliz (0x3000 bytes).
2020-10-18 06:37:22,359 [root] DEBUG: DLL loaded at 0x76BA0000: C:\Windows\syswow64\iertutil (0x215000 bytes).
2020-10-18 06:37:22,375 [root] DEBUG: DLL loaded at 0x76800000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2020-10-18 06:37:22,390 [root] DEBUG: DLL loaded at 0x76200000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2020-10-18 06:37:22,390 [root] DEBUG: DLL loaded at 0x76EC0000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2020-10-18 06:37:22,421 [root] DEBUG: DLL unloaded from 0x74F40000.
2020-10-18 06:37:22,421 [root] DEBUG: DLL loaded at 0x75B90000: C:\Windows\SysWOW64\urlmon (0x124000 bytes).
2020-10-18 06:37:22,421 [root] DEBUG: DLL loaded at 0x76EB0000: C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-10-18 06:37:22,437 [root] DEBUG: DLL loaded at 0x75CC0000: C:\Windows\syswow64\WININET (0x1c4000 bytes).
2020-10-18 06:37:22,453 [root] DEBUG: DLL loaded at 0x73230000: C:\Windows\system32\Secur32 (0x8000 bytes).
2020-10-18 06:37:22,468 [root] INFO: Announced 32-bit process name: schtasks.exe pid: 3444
2020-10-18 06:37:22,468 [lib.api.process] INFO: Monitor config for process 3444: C:\tmp2ssujfce\dll\3444.ini
2020-10-18 06:37:22,484 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:22,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:22,515 [root] DEBUG: Loader: Injecting process 3444 (thread 4024) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:22,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:22,531 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-10-18 06:37:22,531 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:22,593 [root] DEBUG: CreateProcessHandler: Injection info set for new process 3444, ImageBase: 0x00670000
2020-10-18 06:37:22,593 [root] INFO: Announced 32-bit process name: schtasks.exe pid: 3444
2020-10-18 06:37:22,593 [lib.api.process] INFO: Monitor config for process 3444: C:\tmp2ssujfce\dll\3444.ini
2020-10-18 06:37:22,593 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:22,609 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:22,609 [root] DEBUG: Loader: Injecting process 3444 (thread 4024) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:22,609 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:22,625 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-10-18 06:37:22,625 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:22,640 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-10-18 06:37:22,703 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:37:22,703 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:37:22,703 [root] INFO: Disabling sleep skipping.
2020-10-18 06:37:22,718 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-10-18 06:37:22,718 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 3444 at 0x70380000, image base 0x670000, stack from 0x86000-0x90000
2020-10-18 06:37:22,718 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\Windows\System32\schtasks.exe" \Create \TN "Updates\qScnmZGp" \XML "C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp"
2020-10-18 06:37:22,796 [root] INFO: Loaded monitor into process with pid 3444
2020-10-18 06:37:22,859 [root] DEBUG: DLL loaded at 0x73590000: C:\Windows\SysWOW64\VERSION (0x9000 bytes).
2020-10-18 06:37:22,875 [root] DEBUG: DLL unloaded from 0x00670000.
2020-10-18 06:37:22,875 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xd0 and local view 0x036E0000 to global list.
2020-10-18 06:37:22,890 [root] INFO: Stopping Task Scheduler Service
2020-10-18 06:37:23,531 [root] INFO: Stopped Task Scheduler Service
2020-10-18 06:37:23,593 [root] INFO: Starting Task Scheduler Service
2020-10-18 06:37:23,718 [root] INFO: Started Task Scheduler Service
2020-10-18 06:37:23,718 [lib.api.process] INFO: Monitor config for process 844: C:\tmp2ssujfce\dll\844.ini
2020-10-18 06:37:23,734 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp2ssujfce\dll\jARmiIZ.dll, loader C:\tmp2ssujfce\bin\VTuXfxvm.exe
2020-10-18 06:37:23,781 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:23,781 [root] DEBUG: Loader: Injecting process 844 (thread 0) with C:\tmp2ssujfce\dll\jARmiIZ.dll.
2020-10-18 06:37:23,781 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-10-18 06:37:23,796 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed, falling back to thread injection.
2020-10-18 06:37:23,796 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-10-18 06:37:23,796 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-10-18 06:37:23,812 [root] DEBUG: Dropped file limit defaulting to 100.
2020-10-18 06:37:23,812 [root] INFO: Disabling sleep skipping.
2020-10-18 06:37:23,812 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 844 at 0x000007FEEF640000, image base 0x00000000FFEF0000, stack from 0x0000000004166000-0x0000000004170000
2020-10-18 06:37:23,828 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k netsvcs
2020-10-18 06:37:23,921 [root] WARNING: b'Unable to place hook on LockResource'
2020-10-18 06:37:23,937 [root] WARNING: b'Unable to hook LockResource'
2020-10-18 06:37:23,984 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6F70000 to caller regions list (ntdll::NtSetInformationThread).
2020-10-18 06:37:24,000 [root] INFO: Loaded monitor into process with pid 844
2020-10-18 06:37:24,000 [root] DEBUG: set_caller_info: Calling region at 0x000007FEF6F70000 skipped.
2020-10-18 06:37:24,000 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-10-18 06:37:24,015 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-10-18 06:37:24,015 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\jARmiIZ.dll.
2020-10-18 06:37:24,015 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFC4E0000 to caller regions list (ncrypt::SslDecryptPacket).
2020-10-18 06:37:24,015 [root] DEBUG: set_caller_info: Calling region at 0x000007FEFC4E0000 skipped.
2020-10-18 06:37:24,015 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 844
2020-10-18 06:37:24,031 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF1E20000 to caller regions list (msvcrt::memcpy).
2020-10-18 06:37:24,031 [root] DEBUG: set_caller_info: Calling region at 0x000007FEF1E20000 skipped.
2020-10-18 06:37:24,031 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6FF0000 to caller regions list (msvcrt::memcpy).
2020-10-18 06:37:24,031 [root] DEBUG: set_caller_info: Calling region at 0x000007FEF6FF0000 skipped.
2020-10-18 06:37:26,015 [root] DEBUG: DLL loaded at 0x76170000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-10-18 06:37:26,859 [root] DEBUG: DLL loaded at 0x73640000: C:\Windows\SysWOW64\taskschd (0x7d000 bytes).
2020-10-18 06:37:36,953 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 3444
2020-10-18 06:37:36,953 [root] DEBUG: GetHookCallerBase: thread 4024 (handle 0x0), return address 0x00687569, allocation base 0x00670000.
2020-10-18 06:37:36,968 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00670000.
2020-10-18 06:37:36,968 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-10-18 06:37:36,968 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00670000.
2020-10-18 06:37:36,968 [root] DEBUG: DumpProcess: Module entry point VA is 0x00017683.
2020-10-18 06:37:37,234 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x2b400.
2020-10-18 06:37:37,234 [root] DEBUG: DLL unloaded from 0x76680000.
2020-10-18 06:37:37,328 [root] INFO: Process with pid 3444 has terminated
2020-10-18 06:37:37,562 [root] INFO: Announced 32-bit process name: AlvOBUxH6fcUHuy.exe pid: 2060
2020-10-18 06:37:37,562 [lib.api.process] INFO: Monitor config for process 2060: C:\tmp2ssujfce\dll\2060.ini
2020-10-18 06:37:37,609 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:37,812 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:37,812 [root] DEBUG: Loader: Injecting process 2060 (thread 3872) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:37,859 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:37,859 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:37,906 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:38,046 [root] DEBUG: CreateProcessHandler: Injection info set for new process 2060, ImageBase: 0x00380000
2020-10-18 06:37:38,093 [root] INFO: Announced 32-bit process name: AlvOBUxH6fcUHuy.exe pid: 2060
2020-10-18 06:37:38,093 [lib.api.process] INFO: Monitor config for process 2060: C:\tmp2ssujfce\dll\2060.ini
2020-10-18 06:37:38,093 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:38,203 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:38,249 [root] DEBUG: Loader: Injecting process 2060 (thread 3872) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:38,249 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:38,281 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:38,281 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:38,468 [root] INFO: Process with pid 2060 has terminated
2020-10-18 06:37:38,500 [root] DEBUG: CreateProcessHandler: Injection info set for new process 1408, ImageBase: 0x00380000
2020-10-18 06:37:38,515 [root] INFO: Announced 32-bit process name: AlvOBUxH6fcUHuy.exe pid: 1408
2020-10-18 06:37:38,515 [lib.api.process] INFO: Monitor config for process 1408: C:\tmp2ssujfce\dll\1408.ini
2020-10-18 06:37:38,609 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:38,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:38,750 [root] DEBUG: Loader: Injecting process 1408 (thread 608) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:38,796 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:38,812 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:38,812 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:38,875 [root] INFO: Process with pid 1408 has terminated
2020-10-18 06:37:38,921 [root] INFO: Announced 32-bit process name: AlvOBUxH6fcUHuy.exe pid: 1124
2020-10-18 06:37:38,921 [lib.api.process] INFO: Monitor config for process 1124: C:\tmp2ssujfce\dll\1124.ini
2020-10-18 06:37:38,968 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:39,109 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:39,125 [root] DEBUG: Loader: Injecting process 1124 (thread 2816) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:39,156 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:39,156 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:39,156 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:39,328 [root] DEBUG: CreateProcessHandler: Injection info set for new process 1124, ImageBase: 0x00380000
2020-10-18 06:37:39,390 [root] INFO: Announced 32-bit process name: AlvOBUxH6fcUHuy.exe pid: 1124
2020-10-18 06:37:39,390 [lib.api.process] INFO: Monitor config for process 1124: C:\tmp2ssujfce\dll\1124.ini
2020-10-18 06:37:39,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:39,609 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:39,656 [root] DEBUG: Loader: Injecting process 1124 (thread 2816) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:39,656 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:39,671 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:39,671 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:39,687 [root] INFO: Process with pid 1124 has terminated
2020-10-18 06:37:39,687 [root] INFO: Announced 32-bit process name: AlvOBUxH6fcUHuy.exe pid: 4268
2020-10-18 06:37:39,687 [lib.api.process] INFO: Monitor config for process 4268: C:\tmp2ssujfce\dll\4268.ini
2020-10-18 06:37:39,796 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:39,843 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:39,843 [root] DEBUG: Loader: Injecting process 4268 (thread 2064) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:39,875 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:39,906 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:39,906 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:40,031 [root] DEBUG: CreateProcessHandler: Injection info set for new process 4268, ImageBase: 0x00380000
2020-10-18 06:37:40,046 [root] INFO: Announced 32-bit process name: AlvOBUxH6fcUHuy.exe pid: 4268
2020-10-18 06:37:40,046 [lib.api.process] INFO: Monitor config for process 4268: C:\tmp2ssujfce\dll\4268.ini
2020-10-18 06:37:40,046 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:40,218 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:40,218 [root] DEBUG: Loader: Injecting process 4268 (thread 2064) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:40,265 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:40,265 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:40,265 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:40,281 [root] INFO: Process with pid 4268 has terminated
2020-10-18 06:37:40,281 [root] INFO: Announced 32-bit process name: AlvOBUxH6fcUHuy.exe pid: 2352
2020-10-18 06:37:40,281 [lib.api.process] INFO: Monitor config for process 2352: C:\tmp2ssujfce\dll\2352.ini
2020-10-18 06:37:40,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:40,531 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:40,593 [root] DEBUG: Loader: Injecting process 2352 (thread 1528) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:40,640 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:40,640 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:40,640 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:40,812 [root] DEBUG: CreateProcessHandler: Injection info set for new process 2352, ImageBase: 0x00380000
2020-10-18 06:37:40,859 [root] INFO: Announced 32-bit process name: AlvOBUxH6fcUHuy.exe pid: 2352
2020-10-18 06:37:40,859 [lib.api.process] INFO: Monitor config for process 2352: C:\tmp2ssujfce\dll\2352.ini
2020-10-18 06:37:40,859 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\lacvONT.dll, loader C:\tmp2ssujfce\bin\SwQdUdh.exe
2020-10-18 06:37:40,984 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\ClnMmBHaLq.
2020-10-18 06:37:41,015 [root] DEBUG: Loader: Injecting process 2352 (thread 1528) with C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:41,015 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-10-18 06:37:41,015 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-10-18 06:37:41,015 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\lacvONT.dll.
2020-10-18 06:37:41,156 [root] INFO: Process with pid 2352 has terminated
2020-10-18 06:37:41,390 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1384
2020-10-18 06:37:41,437 [root] DEBUG: GetHookCallerBase: thread 840 (handle 0x0), return address 0x005B23FB, allocation base 0x005B0000.
2020-10-18 06:37:41,437 [root] DEBUG: LooksLikeSectionBoundary: Exception occured reading around suspected boundary at 0x00382000
2020-10-18 06:37:41,484 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-10-18 06:37:41,578 [root] DEBUG: DLL unloaded from 0x76680000.
2020-10-18 06:37:41,593 [root] DEBUG: DLL unloaded from 0x74380000.
2020-10-18 06:37:41,593 [root] DEBUG: DLL unloaded from 0x72670000.
2020-10-18 06:37:41,593 [root] DEBUG: DLL unloaded from 0x72D60000.
2020-10-18 06:37:41,593 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1384
2020-10-18 06:37:41,593 [root] DEBUG: GetHookCallerBase: thread 840 (handle 0x0), return address 0x005B23FB, allocation base 0x005B0000.
2020-10-18 06:37:41,593 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00380000.
2020-10-18 06:37:41,609 [root] DEBUG: LooksLikeSectionBoundary: Exception occured reading around suspected boundary at 0x00382000
2020-10-18 06:37:41,609 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-10-18 06:37:41,609 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x00380000.
2020-10-18 06:37:41,609 [root] DEBUG: DumpPE: Empty or inaccessible last section, file image seems incomplete (from 0x00406600 to 0x00406800).
2020-10-18 06:37:41,671 [root] DEBUG: DumpPE: Error: Cannot dump PE file from memory.
2020-10-18 06:37:41,671 [root] DEBUG: DumpImageInCurrentProcess: Failed to dump 'raw' PE image from 0x00380000, dumping memory region.
2020-10-18 06:37:41,687 [root] INFO: Process with pid 1384 has terminated
2020-10-18 06:37:42,781 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF55A0000 to caller regions list (ntdll::NtWaitForSingleObject).
2020-10-18 06:38:16,953 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF5D60000 to caller regions list (msvcrt::memcpy).
2020-10-18 06:38:17,078 [root] DEBUG: set_caller_info: Calling region at 0x000007FEF5D60000 skipped.
2020-10-18 06:38:20,734 [root] DEBUG: DLL unloaded from 0x000007FEFD5B0000.
2020-10-18 06:40:25,500 [root] INFO: Analysis timeout hit, terminating analysis.
2020-10-18 06:40:25,500 [lib.api.process] INFO: Terminate event set for process 844
2020-10-18 06:40:25,625 [root] DEBUG: Terminate Event: Attempting to dump process 844
2020-10-18 06:40:25,781 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x6800.
2020-10-18 06:40:25,781 [lib.api.process] INFO: Termination confirmed for process 844
2020-10-18 06:40:25,781 [root] INFO: Terminate event set for process 844.
2020-10-18 06:40:25,781 [root] INFO: Created shutdown mutex.
2020-10-18 06:40:26,781 [root] INFO: Shutting down package.
2020-10-18 06:40:26,781 [root] INFO: Stopping auxiliary modules.
2020-10-18 06:40:26,812 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4000000 to caller regions list (msvcrt::memcpy).
2020-10-18 06:40:26,906 [root] DEBUG: set_caller_info: Calling region at 0x000007FEF4000000 skipped.
2020-10-18 06:40:27,156 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x60c and local view 0x0000000005290000 to global list.
2020-10-18 06:40:27,453 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1388 and local view 0x0000000000BE0000 to global list.
2020-10-18 06:40:27,484 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1178 and local view 0x0000000000BB0000 to global list.
2020-10-18 06:40:27,578 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf1c and local view 0x0000000005680000 to global list.
2020-10-18 06:40:27,625 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x13d8 and local view 0x0000000049D40000 to global list.
2020-10-18 06:40:27,640 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000BE0000 for section view with handle 0x13d8.
2020-10-18 06:40:27,640 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000049D40000 for section view with handle 0x13d8.
2020-10-18 06:40:27,765 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000BE0000 for section view with handle 0x13d8.
2020-10-18 06:40:27,812 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xd8 and local view 0x0000000049D40000 to global list.
2020-10-18 06:40:27,843 [lib.common.results] WARNING: File C:\MXCHyKPu\bin\procmon.xml doesn't exist anymore
2020-10-18 06:40:27,859 [root] INFO: Finishing auxiliary modules.
2020-10-18 06:40:27,859 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-10-18 06:40:27,859 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0000000000BE0000 for section view with handle 0x1388.
2020-10-18 06:40:27,875 [root] WARNING: Folder at path "C:\MXCHyKPu\debugger" does not exist, skip.
2020-10-18 06:40:27,890 [root] WARNING: Monitor injection attempted but failed for process 2060.
2020-10-18 06:40:27,890 [root] WARNING: Monitor injection attempted but failed for process 1408.
2020-10-18 06:40:27,890 [root] WARNING: Monitor injection attempted but failed for process 1124.
2020-10-18 06:40:27,890 [root] WARNING: Monitor injection attempted but failed for process 4268.
2020-10-18 06:40:27,890 [root] WARNING: Monitor injection attempted but failed for process 2352.
2020-10-18 06:40:27,906 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7x64_1 win7x64_5 KVM 2020-10-18 06:39:15 2020-10-18 06:44:11

File Details

File Name AlvOBUxH6fcUHuy.exe
File Size 550912 bytes
File Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
PE timestamp 2020-10-17 16:46:12
MD5 52dbee14b2cf2f52d895cf8372c7444e
SHA1 9a836a0370a7df3b3769ddc54454a0936035226e
SHA256 6d51ffc87335d671ff7414bfdfa7509ae28b4b654ccbab49171ba8751a0c9d06
SHA512 68d0796c34f8e82e43378b385e717660a892caf4c46e7966c8aed56f57884f2e68bfcaf34c90fcc2e2973304d07714c7fd6de1da734776c2cd28da4e78ce741b
CRC32 9A10116F
Ssdeep 6144:Pxj58RJhpyG9zxJozXXN2yQ5pIfd24K5aDK4evB3DH0FTPrv4F0Gu7Q8WFEu33Fr:Ku/RhH59PRV3KZt6koElLZhncdWg9
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction - unpacking
Creates RWX memory
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: clr.dll/SetRuntimeInfo
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: clr.dll/_CorExeMain
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: MSCOREE.DLL/CreateConfigStream
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
DynamicLoader: KERNEL32.dll/RaiseException
DynamicLoader: MSCOREE.DLL/
DynamicLoader: mscoreei.dll/
DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
DynamicLoader: ntdll.dll/NtSetSystemInformation
DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/SortGetHandle
DynamicLoader: KERNEL32.dll/SortCloseHandle
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: clrjit.dll/sxsJitStartup
DynamicLoader: clrjit.dll/jitStartup
DynamicLoader: clrjit.dll/getJit
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: USER32.dll/RegisterWindowMessage
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentProcessW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentThread
DynamicLoader: KERNEL32.dll/DuplicateHandle
DynamicLoader: KERNEL32.dll/GetCurrentThreadId
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/LocaleNameToLCID
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/LCIDToLocaleName
DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
DynamicLoader: nlssorting.dll/SortGetHandle
DynamicLoader: nlssorting.dll/SortCloseHandle
DynamicLoader: KERNEL32.dll/CompareStringOrdinal
DynamicLoader: KERNEL32.dll/GetFullPathName
DynamicLoader: KERNEL32.dll/GetFullPathNameW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: KERNEL32.dll/SetThreadErrorMode
DynamicLoader: KERNEL32.dll/CreateFile
DynamicLoader: KERNEL32.dll/CreateFileW
DynamicLoader: KERNEL32.dll/GetFileType
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: bcrypt.dll/BCryptGetFipsAlgorithmMode
DynamicLoader: CRYPTSP.dll/CryptGetDefaultProviderW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: KERNEL32.dll/GetFileSize
DynamicLoader: KERNEL32.dll/ReadFile
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: KERNEL32.dll/GetModuleHandle
DynamicLoader: KERNEL32.dll/GetModuleHandleW
DynamicLoader: KERNEL32.dll/GetProcAddress
DynamicLoader: KERNEL32.dll/WideCharToMultiByte
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/LoadLibraryEx
DynamicLoader: KERNEL32.dll/LoadLibraryExW
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: GDI32.dll/GetStockObject
DynamicLoader: USER32.dll/RegisterClass
DynamicLoader: USER32.dll/RegisterClassW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: USER32.dll/CreateWindowEx
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/GetWindowLong
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/CallWindowProc
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/GetClientRect
DynamicLoader: USER32.dll/GetWindowRect
DynamicLoader: USER32.dll/GetParent
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: uxtheme.dll/IsAppThemed
DynamicLoader: uxtheme.dll/IsAppThemedW
DynamicLoader: KERNEL32.dll/CreateActCtx
DynamicLoader: KERNEL32.dll/CreateActCtxA
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: USER32.dll/AdjustWindowRectEx
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: KERNEL32.dll/ResolveLocaleName
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptExportKey
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: gdiplus.dll/GdiplusStartup
DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: GDI32.dll/ExtTextOutW
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: gdiplus.dll/GdipLoadImageFromStream
DynamicLoader: WindowsCodecs.dll/DllGetClassObject
DynamicLoader: gdiplus.dll/GdipImageForceValidation
DynamicLoader: gdiplus.dll/GdipGetImageType
DynamicLoader: gdiplus.dll/GdipGetImageRawFormat
DynamicLoader: gdiplus.dll/GdipGetImageWidth
DynamicLoader: gdiplus.dll/GdipGetImageHeight
DynamicLoader: gdiplus.dll/GdipBitmapGetPixel
DynamicLoader: KERNEL32.dll/LoadLibraryA
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: KERNEL32.dll/GetProcAddress
DynamicLoader: KERNEL32.dll/ResumeThread
DynamicLoader: KERNEL32.dll/Wow64SetThreadContext
DynamicLoader: KERNEL32.dll/SetThreadContext
DynamicLoader: KERNEL32.dll/Wow64GetThreadContext
DynamicLoader: KERNEL32.dll/GetThreadContext
DynamicLoader: KERNEL32.dll/VirtualAllocEx
DynamicLoader: KERNEL32.dll/WriteProcessMemory
DynamicLoader: KERNEL32.dll/ReadProcessMemory
DynamicLoader: ntdll.dll/ZwUnmapViewOfSection
DynamicLoader: KERNEL32.dll/CreateProcessA
DynamicLoader: shell32.dll/SHGetFolderPath
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: ADVAPI32.dll/SetNamedSecurityInfoW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: KERNEL32.dll/CopyFile
DynamicLoader: KERNEL32.dll/CopyFileW
DynamicLoader: ADVAPI32.dll/GetUserName
DynamicLoader: ADVAPI32.dll/GetUserNameW
DynamicLoader: KERNEL32.dll/SetFileAttributes
DynamicLoader: KERNEL32.dll/SetFileAttributesW
DynamicLoader: ADVAPI32.dll/LsaClose
DynamicLoader: ADVAPI32.dll/LsaFreeMemory
DynamicLoader: ADVAPI32.dll/LsaOpenPolicy
DynamicLoader: ADVAPI32.dll/LsaLookupNames2
DynamicLoader: KERNEL32.dll/LocalFree
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/GetTokenInformationW
DynamicLoader: KERNEL32.dll/LocalAlloc
DynamicLoader: KERNEL32.dll/LocalAllocW
DynamicLoader: ADVAPI32.dll/LsaLookupSids
DynamicLoader: KERNEL32.dll/GetTempPath
DynamicLoader: KERNEL32.dll/GetTempPathW
DynamicLoader: KERNEL32.dll/GetTempFileName
DynamicLoader: KERNEL32.dll/GetTempFileNameW
DynamicLoader: KERNEL32.dll/WriteFile
DynamicLoader: KERNEL32.dll/LocalAlloc
DynamicLoader: shell32.dll/ShellExecuteEx
DynamicLoader: shell32.dll/ShellExecuteExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/DuplicateHandle
DynamicLoader: ole32.dll/CoWaitForMultipleHandles
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: KERNEL32.dll/DeleteFile
DynamicLoader: KERNEL32.dll/DeleteFileW
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: PSAPI.DLL/EnumProcesses
DynamicLoader: PSAPI.DLL/EnumProcessesW
DynamicLoader: KERNEL32.dll/OpenProcess
DynamicLoader: KERNEL32.dll/OpenProcessW
DynamicLoader: KERNEL32.dll/TerminateProcess
DynamicLoader: KERNEL32.dll/TerminateProcessW
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: USER32.dll/SetClassLong
DynamicLoader: USER32.dll/SetClassLongW
DynamicLoader: USER32.dll/PostMessage
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/UnregisterClass
DynamicLoader: USER32.dll/UnregisterClassW
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: gdiplus.dll/GdipDisposeImage
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/UnregisterTraceGuids
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: comctl32.dll/
DynamicLoader: KERNEL32.dll/CreateActCtxW
DynamicLoader: KERNEL32.dll/AddRefActCtx
DynamicLoader: KERNEL32.dll/ReleaseActCtx
DynamicLoader: KERNEL32.dll/ActivateActCtx
DynamicLoader: KERNEL32.dll/DeactivateActCtx
DynamicLoader: KERNEL32.dll/GetCurrentActCtx
DynamicLoader: KERNEL32.dll/QueryActCtxW
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: SspiCli.dll/GetUserNameExW
DynamicLoader: ole32.dll/CoTaskMemAlloc
A process created a hidden window
Process: AlvOBUxH6fcUHuy.exe -> schtasks.exe
Process: AlvOBUxH6fcUHuy.exe -> C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Process: AlvOBUxH6fcUHuy.exe -> C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Process: AlvOBUxH6fcUHuy.exe -> C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Process: AlvOBUxH6fcUHuy.exe -> C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Process: AlvOBUxH6fcUHuy.exe -> C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
CAPE extracted potentially suspicious content
AlvOBUxH6fcUHuy.exe: Unpacked Shellcode
AlvOBUxH6fcUHuy.exe: Unpacked Shellcode
AlvOBUxH6fcUHuy.exe: Unpacked Shellcode
AlvOBUxH6fcUHuy.exe: Unpacked Shellcode
AlvOBUxH6fcUHuy.exe: Unpacked Shellcode
AlvOBUxH6fcUHuy.exe: Unpacked Shellcode
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
Performs some HTTP requests
url: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
The binary likely contains encrypted or compressed data.
section: name: .text, entropy: 7.44, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00085e00, virtual_size: 0x00085d08
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Uses Windows utilities for basic functionality
command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qScnmZGp" /XML "C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp"
command: schtasks.exe /Create /TN "Updates\qScnmZGp" /XML "C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp"
Created a process from a suspicious location
File executed: C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Commandline executed:
File executed: C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Commandline executed:
File executed: C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Commandline executed:
File executed: C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Commandline executed:
File executed: C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
Commandline executed:
File has been identified by 11 Antiviruses on VirusTotal as malicious
Elastic: malicious (high confidence)
Sangfor: Malware
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
Kaspersky: UDS:DangerousObject.Multi.Generic
McAfee-GW-Edition: BehavesLike.Win32.Generic.hc
ZoneAlarm: UDS:DangerousObject.Multi.Generic
Microsoft: Trojan:Win32/AgentTesla!ml
McAfee: PWS-FCRK!52DBEE14B2CF
Fortinet: MSIL/Kryptik.YFO!tr
Qihoo-360: HEUR/QVM03.0.A727.Malware.Gen
Creates a copy of itself
copy: C:\Users\Louise\AppData\Roaming\qScnmZGp.exe
Created network traffic indicative of malicious activity
signature: ET JA3 Hash - Possible Malware - RigEK
signature: ET JA3 Hash - Possible Malware - Various Eitest

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 72.21.91.29 [VT] United States
Y 40.119.6.228 [VT] United States
N 104.18.10.39 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

Name Response Post-Analysis Lookup
cacerts.digicert.com [VT] A 104.18.10.39 [VT] 104.18.10.39 [VT]

Summary

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe.config
C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-2.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\System32\api-ms-win-core-quirks-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Users
C:\Users\Louise
C:\Users\Louise\AppData
C:\Users\Louise\AppData\Local
C:\Users\Louise\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\c15P\*
C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.INI
C:\Windows\assembly\pubpol214.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll.aux
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\badfff92e7e4f52c948920e4a4975073\System.Runtime.Remoting.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\badfff92e7e4f52c948920e4a4975073\System.Runtime.Remoting.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Users\Louise\AppData\Local\Temp\en-US\c15P.resources.dll
C:\Users\Louise\AppData\Local\Temp\en-US\c15P.resources\c15P.resources.dll
C:\Users\Louise\AppData\Local\Temp\en-US\c15P.resources.exe
C:\Users\Louise\AppData\Local\Temp\en-US\c15P.resources\c15P.resources.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Users\Louise\AppData\Local\Temp\en\c15P.resources.dll
C:\Users\Louise\AppData\Local\Temp\en\c15P.resources\c15P.resources.dll
C:\Users\Louise\AppData\Local\Temp\en\c15P.resources.exe
C:\Users\Louise\AppData\Local\Temp\en\c15P.resources\c15P.resources.exe
C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\Louise\AppData\Roaming\qScnmZGp.exe
C:\Users\Louise\AppData\Roaming\
C:\Users\Louise\AppData\Local\Temp\en-US\Kedermister.resources.dll
C:\Users\Louise\AppData\Local\Temp\en-US\Kedermister.resources\Kedermister.resources.dll
C:\Users\Louise\AppData\Local\Temp\en-US\Kedermister.resources.exe
C:\Users\Louise\AppData\Local\Temp\en-US\Kedermister.resources\Kedermister.resources.exe
C:\Users\Louise\AppData\Local\Temp\en\Kedermister.resources.dll
C:\Users\Louise\AppData\Local\Temp\en\Kedermister.resources\Kedermister.resources.dll
C:\Users\Louise\AppData\Local\Temp\en\Kedermister.resources.exe
C:\Users\Louise\AppData\Local\Temp\en\Kedermister.resources\Kedermister.resources.exe
C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp
\??\MountPointManager
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll
\Device\KsecDD
C:\Windows\sysnative\Tasks
C:\Windows\sysnative\Tasks\*
C:\Windows\sysnative\Tasks\AutoKMS
C:\Windows\sysnative\Tasks\Updates\qScnmZGp
C:\Windows\sysnative\Tasks\Updates
C:\Windows\sysnative\Tasks\Updates\
C:\Windows\SysWOW64\wevtutil.exe
C:\Windows
C:\Windows\SysWOW64
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\*.*
C:\Windows\SysWOW64\en-US\wevtutil.exe.mui
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\ui\SwDRM.dll
C:\Windows\SysWOW64\en-US\cmd.exe.mui
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe.config
C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\assembly\pubpol214.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\badfff92e7e4f52c948920e4a4975073\System.Runtime.Remoting.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\badfff92e7e4f52c948920e4a4975073\System.Runtime.Remoting.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp
\Device\KsecDD
C:\Windows\SysWOW64\wevtutil.exe
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\en-US\wevtutil.exe.mui
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\en-US\cmd.exe.mui
C:\Users\Louise\AppData\Roaming\qScnmZGp.exe
C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp
C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlvOBUxH6fcUHuy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1339698970-4093829097-1161395185-1000
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1339698970-4093829097-1161395185-1000\Installer\Assemblies\C:|Users|Louise|AppData|Local|Temp|AlvOBUxH6fcUHuy.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Louise|AppData|Local|Temp|AlvOBUxH6fcUHuy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Louise|AppData|Local|Temp|AlvOBUxH6fcUHuy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1339698970-4093829097-1161395185-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\AlvOBUxH6fcUHuy.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
DisableUserModeCallbackFilter
HKEY_CURRENT_USER\Software\Classes\AppID\schtasks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS\StateIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS\Id
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Control Panel\International
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\qScnmZGp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\qScnmZGp\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\qScnmZGp\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\RepositoryRestoreInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\wevtutil.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a0b8d7d-300f-11ea-b342-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a657-2730-11e9-8620-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{80b5a658-2730-11e9-8620-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\DynamicInfo
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS\StateIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\qScnmZGp\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updates\qScnmZGp\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A108A0FA-F294-4C68-BBBB-829B10A15F18}\DynamicInfo
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.SetDefaultDllDirectories
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
advapi32.dll.EventRegister
advapi32.dll.EventSetInformation
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationW
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.AddDllDirectory
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
user32.dll.RegisterWindowMessageW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.CompareStringOrdinal
kernel32.dll.GetFullPathNameW
ntdll.dll.NtQuerySystemInformation
kernel32.dll.GetFileAttributesExW
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
user32.dll.GetSystemMetrics
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
kernel32.dll.WideCharToMultiByte
kernel32.dll.LoadLibraryExW
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
user32.dll.AdjustWindowRectEx
kernel32.dll.ResolveLocaleName
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptHashData
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptReleaseContext
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
kernel32.dll.LoadLibraryA
kernel32.dll.ResumeThread
kernel32.dll.Wow64SetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.Wow64GetThreadContext
kernel32.dll.GetThreadContext
kernel32.dll.VirtualAllocEx
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
ntdll.dll.ZwUnmapViewOfSection
kernel32.dll.CreateProcessA
advapi32.dll.AdjustTokenPrivileges
advapi32.dll.SetNamedSecurityInfoW
ntmarta.dll.GetMartaExtensionInterface
kernel32.dll.CopyFileW
advapi32.dll.GetUserNameW
kernel32.dll.SetFileAttributesW
advapi32.dll.LsaClose
advapi32.dll.LsaFreeMemory
advapi32.dll.LsaOpenPolicy
advapi32.dll.LsaLookupNames2
kernel32.dll.LocalFree
kernel32.dll.LocalAlloc
advapi32.dll.LsaLookupSids
kernel32.dll.GetTempPathW
kernel32.dll.GetTempFileNameW
kernel32.dll.WriteFile
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#332
comctl32.dll.#386
ole32.dll.CoWaitForMultipleHandles
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.DeleteFileW
advapi32.dll.LookupPrivilegeValueW
psapi.dll.EnumProcesses
kernel32.dll.OpenProcess
kernel32.dll.TerminateProcess
ole32.dll.CoGetContextToken
user32.dll.SetClassLongW
user32.dll.PostMessageW
user32.dll.UnregisterClassW
advapi32.dll.EventUnregister
gdiplus.dll.GdipDisposeImage
api-ms-win-downlevel-advapi32-l1-1-0.dll.UnregisterTraceGuids
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
sspicli.dll.GetUserNameExW
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qScnmZGp" /XML "C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp"
schtasks.exe /Create /TN "Updates\qScnmZGp" /XML "C:\Users\Louise\AppData\Local\Temp\tmp51D3.tmp"
"C:\Users\Louise\AppData\Local\Temp\AlvOBUxH6fcUHuy.exe"

BinGraph Download graph

2020-10-18T07:02:07.402773 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash
0x00400000 0x00487d02 0x00000000 0x00089ef4 4.0 2020-10-17 16:46:12 f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000200 0x00002000 0x00085d08 0x00085e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.44
.rsrc 0x00086000 0x00088000 0x0000059c 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.06
.reloc 0x00086600 0x0008a000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

Resources

Name Offset Size Language Sub-language Entropy File type
RT_VERSION 0x00088090 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL 3.28 None
RT_MANIFEST 0x000883ac 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL 5.00 None

Imports


Assembly Information

Name c15P
Version 1.0.0.0

Assembly References

Name Version
mscorlib 4.0.0.0
System 4.0.0.0
Microsoft.VisualBasic 10.0.0.0
System.Windows.Forms 4.0.0.0
System.Drawing 4.0.0.0
System.Data 4.0.0.0
System.Xml 4.0.0.0
System.Data.DataSetExtensions 4.0.0.0

Custom Attributes

Type Name Value
Property [System]System.ComponentModel.Design.HelpKeywordAttribute My.Comput
Assembly [mscorlib]System.Reflection.AssemblyTitleAttribute ScrapBo
Assembly [mscorlib]System.Reflection.AssemblyProductAttribute ScrapBo
Assembly [mscorlib]System.Reflection.AssemblyCopyrightAttribute Copyright \xa9 20
Assembly [mscorlib]System.Runtime.InteropServices.GuidAttribute 1c6213db-06c8-4009-b436-92604df147
Assembly [mscorlib]System.Reflection.AssemblyFileVersionAttribute 1.0.0
Property [System]System.ComponentModel.Design.HelpKeywordAttribute My.Applicati
Property [System]System.ComponentModel.Design.HelpKeywordAttribute My.Us
Property [System]System.ComponentModel.Design.HelpKeywordAttribute My.For
Property [System]System.Configuration.DefaultSettingValueAttribute Data Source=(localdb)\ProjectsV13;Initial Catalog=ScrapDB;Integrated Security=Tr
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
TypeDef [System]System.ComponentModel.DesignerCategoryAttribute co
TypeDef [System.Xml]System.Xml.Serialization.XmlSchemaProviderAttribute GetTypedDataSetSche
TypeDef [System.Xml]System.Xml.Serialization.XmlRootAttribute ScrapDBDataS
TypeDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.DataS
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
TypeDef [System]System.ComponentModel.DesignerCategoryAttribute co
TypeDef [System]System.ComponentModel.DesignerAttribute Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a
TypeDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
TypeDef [System]System.ComponentModel.DesignerCategoryAttribute co
TypeDef [System]System.ComponentModel.DesignerAttribute Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a
TypeDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
TypeDef [System]System.ComponentModel.DesignerCategoryAttribute co
TypeDef [System]System.ComponentModel.DesignerAttribute Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a
TypeDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
TypeDef [System]System.ComponentModel.DesignerCategoryAttribute co
TypeDef [System]System.ComponentModel.DesignerAttribute Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a
TypeDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
TypeDef [System]System.ComponentModel.DesignerCategoryAttribute co
TypeDef [System]System.ComponentModel.DesignerAttribute Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a
TypeDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
TypeDef [System]System.ComponentModel.DesignerCategoryAttribute co
TypeDef [System]System.ComponentModel.DesignerAttribute Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a
TypeDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapterManag
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
TypeDef [mscorlib]System.Reflection.DefaultMemberAttribute It
TypeDef [System.Xml]System.Xml.Serialization.XmlSchemaProviderAttribute GetTypedTableSche
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
TypeDef [mscorlib]System.Reflection.DefaultMemberAttribute It
TypeDef [System.Xml]System.Xml.Serialization.XmlSchemaProviderAttribute GetTypedTableSche
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
TypeDef [mscorlib]System.Reflection.DefaultMemberAttribute It
TypeDef [System.Xml]System.Xml.Serialization.XmlSchemaProviderAttribute GetTypedTableSche
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
TypeDef [mscorlib]System.Reflection.DefaultMemberAttribute It
TypeDef [System.Xml]System.Xml.Serialization.XmlSchemaProviderAttribute GetTypedTableSche
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
TypeDef [mscorlib]System.Reflection.DefaultMemberAttribute It
TypeDef [System.Xml]System.Xml.Serialization.XmlSchemaProviderAttribute GetTypedTableSche
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DataGridVie
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ScrapDBDataS
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute BooksBindingSour
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute BooksTableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TitleDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DetailsDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute AuthorDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ContextMenuStri
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DeleteRowToolStripMenuIt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute _adapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute _adapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute _adapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute _adapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute _adapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DataGridVie
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ScrapDBDataS
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute SupportBindingSour
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute SupportTableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute UserNameDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute MessagesDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ReplyDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DataGridVie
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ScrapDBDataS
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute SupportBindingSour
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute SupportTableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute UserNameDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute MessagesDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ReplyDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ContextMenuStri
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DeleteRowToolStripMenuIt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DataGridVie
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ScrapDBDataS
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute LoginBindingSour
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute LoginTableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute UserNameDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PasswordDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute AboutDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute EmailDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute OccupationDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PhoneDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ContextMenuStri
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DeleteRowToolStripMenuIt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DataGridVie
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ScrapDBDataS
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ChatsBindingSour
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ChatsTableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute UserNameDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute MessagesDataGridViewTextBoxColu
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ComboBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DataGridVie
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute ScrapDBDataS
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute BooksBindingSour
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute BooksTableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TitleDataGridViewTextBoxColu
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute DetailsDataGridViewTextBoxColu
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute AuthorDataGridViewTextBoxColu
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute LinkLabe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute TextBo
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute PictureBo
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute GroupBo
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Labe
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute Butto
FieldDef [mscorlib]System.Runtime.CompilerServices.AccessedThroughPropertyAttribute MainLayoutPan
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt
MethodDef [System]System.ComponentModel.Design.HelpKeywordAttribute vs.data.TableAdapt

Type References

Assembly Type Name
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Diagnostics.DebuggableAttribute
mscorlib System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.Runtime.InteropServices.ComVisibleAttribute
mscorlib System.Runtime.InteropServices.GuidAttribute
mscorlib System.Reflection.AssemblyFileVersionAttribute
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute
System System.CodeDom.Compiler.GeneratedCodeAttribute
System System.ComponentModel.EditorBrowsableState
System System.ComponentModel.EditorBrowsableAttribute
Microsoft.VisualBasic Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase
mscorlib System.STAThreadAttribute
mscorlib System.Diagnostics.DebuggerHiddenAttribute
mscorlib System.Diagnostics.DebuggerStepThroughAttribute
Microsoft.VisualBasic Microsoft.VisualBasic.Devices.Computer
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute
Microsoft.VisualBasic Microsoft.VisualBasic.HideModuleNameAttribute
mscorlib System.Object
Microsoft.VisualBasic Microsoft.VisualBasic.ApplicationServices.User
Microsoft.VisualBasic Microsoft.VisualBasic.MyGroupCollectionAttribute
mscorlib System.ThreadStaticAttribute
mscorlib System.Collections.Hashtable
System.Windows.Forms System.Windows.Forms.Form
mscorlib System.Reflection.TargetInvocationException
mscorlib System.Type
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
System System.ComponentModel.Design.HelpKeywordAttribute
mscorlib System.Diagnostics.DebuggerNonUserCodeAttribute
mscorlib System.Resources.ResourceManager
mscorlib System.Globalization.CultureInfo
System.Drawing System.Drawing.Bitmap
System System.Configuration.ApplicationSettingsBase
mscorlib System.EventArgs
System System.Configuration.ApplicationScopedSettingAttribute
System System.Configuration.SpecialSetting
System System.Configuration.SpecialSettingAttribute
System System.Configuration.DefaultSettingValueAttribute
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.DesignerGeneratedAttribute
System System.ComponentModel.IContainer
mscorlib System.Diagnostics.DebuggerBrowsableState
mscorlib System.Diagnostics.DebuggerBrowsableAttribute
mscorlib System.Runtime.CompilerServices.AccessedThroughPropertyAttribute
System.Windows.Forms System.Windows.Forms.Label
System.Windows.Forms System.Windows.Forms.Button
System.Windows.Forms System.Windows.Forms.TextBox
mscorlib System.EventHandler
System.Data System.Data.SqlClient.SqlException
System System.Text.RegularExpressions.Match
System.Windows.Forms System.Windows.Forms.PictureBox
System.Windows.Forms System.Windows.Forms.DataGridView
System.Windows.Forms System.Windows.Forms.BindingSource
System.Windows.Forms System.Windows.Forms.DataGridViewTextBoxColumn
System.Windows.Forms System.Windows.Forms.ContextMenuStrip
System.Windows.Forms System.Windows.Forms.ToolStripMenuItem
System.Windows.Forms System.Windows.Forms.DataGridViewCellMouseEventHandler
System.Windows.Forms System.Windows.Forms.DataGridViewCellMouseEventArgs
mscorlib System.Reflection.Assembly
System.Windows.Forms System.Windows.Forms.GroupBox
System System.ComponentModel.DesignerCategoryAttribute
System System.ComponentModel.ToolboxItemAttribute
System.Xml System.Xml.Serialization.XmlSchemaProviderAttribute
System.Xml System.Xml.Serialization.XmlRootAttribute
System.Data System.Data.DataSet
System.Data System.Data.SchemaSerializationMode
System System.ComponentModel.CollectionChangeEventHandler
mscorlib System.Runtime.Serialization.SerializationInfo
mscorlib System.Runtime.Serialization.StreamingContext
System.Data System.Data.DataTableCollection
System.Data System.Data.DataRelationCollection
System.Xml System.Xml.XmlReader
System.Xml System.Xml.Schema.XmlSchema
mscorlib System.IO.MemoryStream
System System.ComponentModel.CollectionChangeEventArgs
System.Xml System.Xml.Schema.XmlSchemaComplexType
System.Xml System.Xml.Schema.XmlSchemaSet
System.Xml System.Xml.Schema.XmlSchemaSequence
System.Xml System.Xml.Schema.XmlSchemaAny
mscorlib System.Collections.IEnumerator
mscorlib System.MulticastDelegate
mscorlib System.IAsyncResult
mscorlib System.AsyncCallback
mscorlib System.Reflection.DefaultMemberAttribute
System.Data.DataSetExtensions System.Data.TypedTableBase`1
System.Data System.Data.DataColumn
System.Data System.Data.DataTable
System.Data System.Data.DataRow
System.Data System.Data.DataRowBuilder
System.Data System.Data.DataRowChangeEventArgs
System.Xml System.Xml.Schema.XmlSchemaAttribute
System System.ComponentModel.BrowsableAttribute
mscorlib System.Decimal
mscorlib System.InvalidCastException
System.Data System.Data.DataRowAction
System System.ComponentModel.DesignerSerializationVisibility
System System.ComponentModel.DesignerSerializationVisibilityAttribute
System System.ComponentModel.DataObjectAttribute
System System.ComponentModel.DesignerAttribute
System System.ComponentModel.Component
System.Data System.Data.SqlClient.SqlDataAdapter
System.Data System.Data.SqlClient.SqlConnection
System.Data System.Data.SqlClient.SqlTransaction
System.Data System.Data.SqlClient.SqlCommand
System.Data System.Data.Common.DataTableMapping
System System.ComponentModel.DataObjectMethodType
System System.ComponentModel.DataObjectMethodAttribute
System.Data System.Data.ConnectionState
mscorlib System.Nullable`1
System.Data System.Data.IDbConnection
mscorlib System.Collections.Generic.List`1
System.Data System.Data.IDbTransaction
System.Data System.Data.Common.DataAdapter
mscorlib System.Collections.Generic.Dictionary`2
mscorlib System.Exception
System.Data System.Data.DataRelation
mscorlib System.Enum
mscorlib System.Collections.Generic.IComparer`1
mscorlib System.Collections.Generic.IDictionary`2
System System.ComponentModel.EditorAttribute
System.Data System.Data.SqlClient.SqlDataReader
System.Windows.Forms System.Windows.Forms.ComboBox
System System.ComponentModel.ComponentResourceManager
System.Windows.Forms System.Windows.Forms.LinkLabel
System.Windows.Forms System.Windows.Forms.LinkLabelLinkClickedEventArgs
System.Windows.Forms System.Windows.Forms.LinkLabelLinkClickedEventHandler
System.Windows.Forms System.Windows.Forms.TableLayoutPanel
System.Windows.Forms System.Windows.Forms.Application
Microsoft.VisualBasic Microsoft.VisualBasic.ApplicationServices.AuthenticationMode
Microsoft.VisualBasic Microsoft.VisualBasic.ApplicationServices.ShutdownMode
mscorlib System.RuntimeTypeHandle
mscorlib System.Runtime.CompilerServices.RuntimeHelpers
System System.Configuration.SettingsBase
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.ObjectFlowControl
mscorlib System.Threading.Monitor
Microsoft.VisualBasic Microsoft.VisualBasic.ApplicationServices.ShutdownEventHandler
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.Conversions
mscorlib System.IDisposable
System.Windows.Forms System.Windows.Forms.Control
System.Drawing System.Drawing.Point
System.Drawing System.Drawing.Size
System.Windows.Forms System.Windows.Forms.ButtonBase
System.Drawing System.Drawing.SizeF
System.Windows.Forms System.Windows.Forms.ContainerControl
System.Windows.Forms System.Windows.Forms.AutoScaleMode
System.Drawing System.Drawing.Color
System.Windows.Forms System.Windows.Forms.Control/ControlCollection
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.Operators
Microsoft.VisualBasic Microsoft.VisualBasic.Interaction
Microsoft.VisualBasic Microsoft.VisualBasic.MsgBoxResult
Microsoft.VisualBasic Microsoft.VisualBasic.MsgBoxStyle
mscorlib System.String
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.ProjectData
System.Windows.Forms System.Windows.Forms.MessageBox
System.Windows.Forms System.Windows.Forms.DialogResult
System.Drawing System.Drawing.SystemColors
System System.Text.RegularExpressions.Regex
System System.Text.RegularExpressions.Group
System System.ComponentModel.ISupportInitialize
System.Drawing System.Drawing.Font
System.Drawing System.Drawing.FontStyle
System.Drawing System.Drawing.GraphicsUnit
System.Windows.Forms System.Windows.Forms.BorderStyle
System System.ComponentModel.Container
System.Windows.Forms System.Windows.Forms.DataGridViewAutoSizeColumnsMode
System.Windows.Forms System.Windows.Forms.DataGridViewAutoSizeRowsMode
System.Windows.Forms System.Windows.Forms.DataGridViewColumnHeadersHeightSizeMode
System.Windows.Forms System.Windows.Forms.DataGridViewColumnCollection
System.Windows.Forms System.Windows.Forms.DataGridViewColumn
System.Windows.Forms System.Windows.Forms.ToolStrip
System.Windows.Forms System.Windows.Forms.ToolStripItemCollection
System.Windows.Forms System.Windows.Forms.ToolStripItem
System.Windows.Forms System.Windows.Forms.DataGridViewRowCollection
System.Windows.Forms System.Windows.Forms.DataGridViewRow
System.Windows.Forms System.Windows.Forms.MouseEventArgs
System.Windows.Forms System.Windows.Forms.MouseButtons
System.Windows.Forms System.Windows.Forms.DataGridViewCellCollection
System.Windows.Forms System.Windows.Forms.DataGridViewCell
System.Windows.Forms System.Windows.Forms.ToolStripDropDown
System.Windows.Forms System.Windows.Forms.Cursor
mscorlib System.Text.Encoding
mscorlib System.Byte
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.Utils
mscorlib System.Array
mscorlib System.Activator
mscorlib System.Int32
Microsoft.VisualBasic Microsoft.VisualBasic.CompilerServices.NewLateBinding
mscorlib System.Boolean
System.Windows.Forms System.Windows.Forms.PictureBoxSizeMode
System.Windows.Forms System.Windows.Forms.ImageLayout
mscorlib System.IO.StringReader
System.Xml System.Xml.XmlTextReader
mscorlib System.IO.TextReader
System.Data System.Data.MissingSchemaAction
System.Data System.Data.XmlReadMode
System.Xml System.Xml.XmlTextWriter
mscorlib System.IO.Stream
System.Xml System.Xml.XmlWriter
System.Xml System.Xml.Schema.ValidationEventHandler
System System.ComponentModel.CollectionChangeAction
System.Xml System.Xml.Schema.XmlSchemaObjectCollection
System.Xml System.Xml.Schema.XmlSchemaObject
System.Xml System.Xml.Schema.XmlSchemaParticle
mscorlib System.Collections.ICollection
mscorlib System.Collections.IEnumerable
System.Data System.Data.Common.DataColumnMappingCollection
System.Data System.Data.Common.DataColumnMapping
System.Data System.Data.Common.DataTableMappingCollection
System.Data System.Data.CommandType
System.Data System.Data.SqlClient.SqlParameterCollection
System.Data System.Data.SqlClient.SqlParameter
System.Data System.Data.SqlDbType
System.Data System.Data.ParameterDirection
System.Data System.Data.DataRowVersion
System.Data System.Data.Common.DbDataAdapter
mscorlib System.ArgumentNullException
mscorlib System.DBNull
System.Data System.Data.DataViewRowState
mscorlib System.Collections.Generic.IEnumerable`1
mscorlib System.ArgumentException
mscorlib System.ApplicationException
System System.Diagnostics.Debug
mscorlib System.StringComparison
System.Windows.Forms System.Windows.Forms.DataGridViewClipboardCopyMode
System.Windows.Forms System.Windows.Forms.ComboBox/ObjectCollection
System.Windows.Forms System.Windows.Forms.DataGridViewCellBorderStyle
System.Drawing System.Drawing.Icon
System.Windows.Forms System.Windows.Forms.TextBoxBase
System.Drawing System.Drawing.ContentAlignment
System.Windows.Forms System.Windows.Forms.TableLayoutColumnStyleCollection
System.Windows.Forms System.Windows.Forms.ColumnStyle
System.Windows.Forms System.Windows.Forms.SizeType
System.Windows.Forms System.Windows.Forms.DockStyle
System.Windows.Forms System.Windows.Forms.TableLayoutRowStyleCollection
System.Windows.Forms System.Windows.Forms.RowStyle
System.Windows.Forms System.Windows.Forms.FormBorderStyle
System.Windows.Forms System.Windows.Forms.FormStartPosition
Microsoft.VisualBasic Microsoft.VisualBasic.ApplicationServices.ApplicationBase
Microsoft.VisualBasic Microsoft.VisualBasic.ApplicationServices.AssemblyInfo
mscorlib System.InvalidOperationException
System.Data System.Data.DataRowCollection
mscorlib System.Delegate
mscorlib System.Threading.Interlocked
System.Data System.Data.DataColumnCollection
System.Data System.Data.MappingType
System.Data System.Data.ConstraintCollection
System.Data System.Data.UniqueConstraint
System.Data System.Data.Constraint
System.Xml System.Xml.Schema.XmlSchemaContentProcessing
System.Data System.Data.StrongTypingException
mscorlib System.Convert
mscorlib System.Collections.Generic.ICollection`1
mscorlib System.Collections.Generic.KeyValuePair`2

!This program cannot be run in DOS mode.
.text
`.rsrc
@.reloc
v4.0.30319
#Strings
#GUID
#Blob
P'YFI
V>YFe
?GYFe
Button3_Click_1
Nullable`1
IEnumerable`1
TypedTableBase`1
ICollection`1
ThreadSafeObjectProvider`1
IComparer`1
List`1
get_Label1
set_Label1
get_LinkLabel1
set_LinkLabel1
m_SplashScreen1
get_SplashScreen1
set_SplashScreen1
get_Button1
set_Button1
get_ContextMenuStrip1
set_ContextMenuStrip1
get_DataGridView1
set_DataGridView1
get_PictureBox1
set_PictureBox1
get_ComboBox1
set_ComboBox1
get_GroupBox1
set_GroupBox1
get_TextBox1
set_TextBox1
Int32
KeyValuePair`2
IDictionary`2
get_Label2
set_Label2
get_Button2
set_Button2
get_PictureBox2
set_PictureBox2
get_GroupBox2
set_GroupBox2
get_TextBox2
set_TextBox2
get_Label3
set_Label3
get_Button3
set_Button3
get_PictureBox3
set_PictureBox3
get_GroupBox3
set_GroupBox3
get_TextBox3
set_TextBox3
get_Label4
set_Label4
get_Button4
set_Button4
get_GroupBox4
set_GroupBox4
get_TextBox4
set_TextBox4
get_Label5
set_Label5
get_Button5
set_Button5
get_GroupBox5
set_GroupBox5
get_TextBox5
set_TextBox5
get_Label6
set_Label6
get_Button6
set_Button6
get_TextBox6
set_TextBox6
get_Label7
set_Label7
get_Button7
set_Button7
get_Label8
set_Label8
<Module>
SizeF
System.IO
Dispose__Instance__
Create__Instance__
value__
System.Xml.Schema
GetTypedTableSchema
ReadXmlSchema
WriteXmlSchema
GetTypedDataSetSchema
System.Data
GetSerializationData
ProjectData
GetData
Xosh_Maza
FromArgb
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
SplashScreen1_Load
add_Load
ProfilePage_Load
HomePage_Load
AdminLoginPage_Load
SettingsPage_Load
ChatPage_Load
ForgotPage_Load
PostPage_Load
AdminHandler_Load
BooksHandler_Load
SupportHandler_Load
AddUpdateUser_Load
AddUpdateBooks_Load
Credits_Load
AddUpdateSupport_Load
ChatPost_Load
get_Red
get_DarkRed
SetAdded
SchemaChanged
add_CollectionChanged
OnRowChanged
add_LoginRowChanged
remove_LoginRowChanged
add_AdminRowChanged
remove_AdminRowChanged
add_BooksRowChanged
remove_BooksRowChanged
add_ChatsRowChanged
remove_ChatsRowChanged
add_SupportRowChanged
remove_SupportRowChanged
LinkLabel1_LinkClicked
add_LinkClicked
remove_LinkClicked
Interlocked
set_DoubleBuffered
get_IsDisposed
m_FormBeingCreated
set_Selected
OnRowDeleted
add_LoginRowDeleted
remove_LoginRowDeleted
add_AdminRowDeleted
remove_AdminRowDeleted
add_BooksRowDeleted
remove_BooksRowDeleted
add_ChatsRowDeleted
remove_ChatsRowDeleted
add_SupportRowDeleted
remove_SupportRowDeleted
IsBinarySerialized
Synchronized
get_UpdateCommand
set_UpdateCommand
get_DeleteCommand
set_DeleteCommand
SqlCommand
set_SelectCommand
get_InsertCommand
set_InsertCommand
TargetMethod
Original_Password
get_Password
set_Password
columnPassword
get_ButtonFace
get_Namespace
set_Namespace
get_TargetNamespace
get_AppWorkspace
StackTrace
distance
set_IsSingleInstance
CreateInstance
get_GetInstance
defaultInstance
instance
XmlSchemaSequence
set_DataSource
get_LoginBindingSource
set_LoginBindingSource
get_BooksBindingSource
set_BooksBindingSource
get_ChatsBindingSource
set_ChatsBindingSource
get_SupportBindingSource
set_SupportBindingSource
GetHashCode
XmlReadMode
set_AutoScaleMode
set_SizeMode
set_ColumnHeadersHeightSizeMode
DataGridViewColumnHeadersHeightSizeMode
PictureBoxSizeMode
AuthenticationMode
get_SchemaSerializationMode
set_SchemaSerializationMode
DetermineSchemaSerializationMode
_schemaSerializationMode
ShutdownMode
set_AutoSizeColumnsMode
DataGridViewAutoSizeColumnsMode
set_AutoSizeRowsMode
DataGridViewAutoSizeRowsMode
set_ClipboardCopyMode
DataGridViewClipboardCopyMode
get_BigEndianUnicode
m_DeactivateSubPage
get_DeactivateSubPage
set_DeactivateSubPage
m_ProfilePage
get_ProfilePage
set_ProfilePage
m_HomePage
get_HomePage
set_HomePage
m_MainPage
get_MainPage
set_MainPage
m_AdminLoginPage
get_AdminLoginPage
set_AdminLoginPage
m_SettingsPage
get_SettingsPage
set_SettingsPage
m_ChatPage
get_ChatPage
set_ChatPage
m_ForgotPage
get_ForgotPage
set_ForgotPage
m_PostPage
get_PostPage
set_PostPage
get_Message
AddRange
CompareExchange
Merge
get_WhiteSmoke
EndInvoke
BeginInvoke
get_Locale
set_Locale
get_Table
LoginDataTable
AdminDataTable
BooksDataTable
ChatsDataTable
SupportDataTable
dataTable
set_SourceTable
set_DataSetTable
initTable
IEnumerable
IDisposable
Hashtable
GetSchemaSerializable
ReadXmlSerializable
set_Particle
XmlSchemaParticle
RuntimeTypeHandle
GetTypeFromHandle
Original_Title
get_Title
set_Title
columnTitle
FindByTitle
DockStyle
ColumnStyle
set_ShutdownStyle
set_BorderStyle
set_CellBorderStyle
DataGridViewCellBorderStyle
set_FormBorderStyle
FontStyle
RowStyle
MsgBoxStyle
set_Name
get_TableName
set_TableName
Original_UserName
get_UserName
set_UserName
columnUserName
FindByUserName
get_DataSetName
set_DataSetName
set_DataPropertyName
get_Lime
m_AdminHome
get_AdminHome
set_AdminHome
Combine
set_Multiline
Original_Phone
get_Phone
set_Phone
columnPhone
Clone
SqlDbType
set_CommandType
DataObjectMethodType
CheckForSyncLockOnValueType
SizeType
MappingType
GetType
GetRowType
XmlSchemaComplexType
Compare
get_Culture
set_Culture
resourceCulture
WindowsFormsApplicationBase
ButtonBase
ApplicationSettingsBase
TextBoxBase
Close
Dispose
get_BackupDataSetBeforeUpdate
set_BackupDataSetBeforeUpdate
_backupDataSetBeforeUpdate
get_AcceptChangesDuringUpdate
set_AcceptChangesDuringUpdate
MulticastDelegate
get_Chocolate
get_State
DelegateAsyncState
DebuggerBrowsableState
EditorBrowsableState
ConnectionState
DataViewRowState
InsertUpdateDelete
UpdateInsertDelete
get_White
Write
XmlSchemaAttribute
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
DesignerGeneratedAttribute
GuidAttribute
DataObjectMethodAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
DefaultSettingValueAttribute
ApplicationScopedSettingAttribute
SpecialSettingAttribute
DebuggerStepThroughAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
ToolboxItemAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
XmlSchemaProviderAttribute
DesignerAttribute
EditorAttribute
CompilationRelaxationsAttribute
DataObjectAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
XmlRootAttribute
AssemblyCompanyAttribute
DesignerCategoryAttribute
DesignerSerializationVisibilityAttribute
RuntimeCompatibilityAttribute
AccessedThroughPropertyAttribute
ReadByte
get_Blue
get_SteelBlue
get_MidnightBlue
get_Value
set_Value
m_ThreadStaticValue
set_FixedValue
get_HasValue
WithEventsValue
GetObjectValue
GetValue
set_Unique
TextBox2_Leave
TextBox4_Leave
TextBox5_Leave
add_Leave
remove_Leave
get_Olive
get_CaseSensitive
set_CaseSensitive
Remove
c15P.exe
set_Size
set_AutoSize
set_ClientSize
ISupportInitialize
IndexOf
System.Threading
NewLateBinding
Encoding
OnRowChanging
add_LoginRowChanging
remove_LoginRowChanging
add_AdminRowChanging
remove_AdminRowChanging
add_BooksRowChanging
remove_BooksRowChanging
add_ChatsRowChanging
remove_ChatsRowChanging
add_SupportRowChanging
remove_SupportRowChanging
System.Runtime.Versioning
DataTableMapping
DataColumnMapping
get_UseCompatibleTextRendering
GetResourceString
CompareString
get_ScrapDBConnectionString
get_ConnectionString
set_ConnectionString
ToString
connectionstring
disposing
XmlSchemaContentProcessing
OnRowDeleting
add_LoginRowDeleting
remove_LoginRowDeleting
add_AdminRowDeleting
remove_AdminRowDeleting
add_BooksRowDeleting
remove_BooksRowDeleting
add_ChatsRowDeleting
remove_ChatsRowDeleting
add_SupportRowDeleting
remove_SupportRowDeleting
SpecialSetting
System.Drawing
Debug
Match
set_Width
get_Length
SetLength
set_MaxLength
AsyncCallback
DelegateCallback
Rollback
get_Black
EmailAddressCheck
Label1_Click
Button1_Click
ContextMenuStrip1_Click
PictureBox1_Click
Label2_Click
Button2_Click
PictureBox2_Click
Button3_Click
PictureBox3_Click
Button4_Click
Button5_Click
Button6_Click
Button7_Click
Label8_Click
add_Click
remove_Click
set_Dock
NextSink
ScrapBook
get_Teal
ToDecimal
LinkLabel
writelabeltolabel
writetextboxtolabel
System.ComponentModel
TableLayoutPanel
get_MainLayoutPanel
set_MainLayoutPanel
Original_Email
get_Email
set_Email
columnEmail
UpdateAll
set_CurrentCell
DataGridViewCell
get_ClearBeforeFill
set_ClearBeforeFill
_clearBeforeFill
set_AllowDBNull
IsPhoneNull
SetPhoneNull
IsEmailNull
SetEmailNull
IsOccupationNull
SetOccupationNull
IsNull
IsAboutNull
SetAboutNull
IsReplyNull
SetReplyNull
System.Xml
ReadXml
get_Control
ContainerControl
ObjectFlowControl
MemoryStream
get_Item
set_Item
ToolStripItem
get_DeleteRowToolStripMenuItem
set_DeleteRowToolStripMenuItem
System
set_MainForm
OnCreateMainForm
resourceMan
get_Tan
Boolean
get_DarkOliveGreen
get_DarkGreen
set_SplashScreen
OnCreateSplashScreen
set_ImageAlign
System.ComponentModel.Design
get_Login
tableLogin
ShouldSerializeLogin
Original_Admin
get_Admin
set_Admin
tableAdmin
ShouldSerializeAdmin
columnAdmin
FindByAdmin
DataColumn
get_PasswordColumn
get_TitleColumn
get_UserNameColumn
get_PhoneColumn
get_EmailColumn
get_AdminColumn
get_OccupationColumn
get_AuthorColumn
get_MessagesColumn
get_DetailsColumn
get_AboutColumn
DataGridViewColumn
get_PasswordDataGridViewTextBoxColumn
set_PasswordDataGridViewTextBoxColumn
get_TitleDataGridViewTextBoxColumn
set_TitleDataGridViewTextBoxColumn
get_UserNameDataGridViewTextBoxColumn
set_UserNameDataGridViewTextBoxColumn
get_PhoneDataGridViewTextBoxColumn
set_PhoneDataGridViewTextBoxColumn
get_EmailDataGridViewTextBoxColumn
set_EmailDataGridViewTextBoxColumn
get_OccupationDataGridViewTextBoxColumn
set_OccupationDataGridViewTextBoxColumn
get_AuthorDataGridViewTextBoxColumn
set_AuthorDataGridViewTextBoxColumn
get_MessagesDataGridViewTextBoxColumn
set_MessagesDataGridViewTextBoxColumn
get_DetailsDataGridViewTextBoxColumn
set_DetailsDataGridViewTextBoxColumn
get_AboutDataGridViewTextBoxColumn
set_AboutDataGridViewTextBoxColumn
get_ReplyDataGridViewTextBoxColumn
set_ReplyDataGridViewTextBoxColumn
get_ReplyColumn
dBconn
set_Icon
DataRowVersion
get_Application
MyApplication
get_Location
set_Location
DataRelation
_relation
Original_Occupation
get_Occupation
set_Occupation
columnOccupation
System.Configuration
System.Globalization
System.Runtime.Serialization
System.Xml.Serialization
get_Action
MissingSchemaAction
CollectionChangeAction
eventAction
DataRowAction
Interaction
get_Transaction
set_Transaction
IDbTransaction
SqlTransaction
BeginTransaction
_transaction
System.Reflection
ICollection
get_CommandCollection
InitCommandCollection
_commandCollection
DataTableCollection
TableLayoutColumnStyleCollection
TableLayoutRowStyleCollection
DataTableMappingCollection
DataColumnMappingCollection
DataGridViewCellCollection
ControlCollection
ToolStripItemCollection
DataColumnCollection
DataGridViewColumnCollection
DataRelationCollection
SqlParameterCollection
XmlSchemaObjectCollection
ConstraintCollection
DataRowCollection
DataGridViewRowCollection
get_Connection
set_Connection
IDbConnection
SqlConnection
MatchTableAdapterConnection
InitConnection
inputConnection
_connection
ParameterDirection
get_Position
set_Position
set_StartPosition
FormStartPosition
UpdateOrderOption
StrongTypingException
ArgumentNullException
SqlException
ApplicationException
TargetInvocationException
InvalidOperationException
get_InnerException
ArgumentException
InvalidCastException
get_Salmon
get_LightSalmon
System.Data.Common
StringComparison
get_Crimson
get_Button
ToolStripDropDown
add_Shutdown
get_Brown
get_SandyBrown
get_RosyBrown
CompareTo
CopyTo
get_Info
CultureInfo
SerializationInfo
AssemblyInfo
get_Tomato
DataGridView1_CellMouseUp
add_CellMouseUp
remove_CellMouseUp
Bitmap
ToolStrip
ContextMenuStrip
set_TabStop
Group
set_ShowInTaskbar
Clear
set_PasswordChar
set_DataMember
SqlDataReader
ExecuteReader
StringReader
XmlReader
XmlTextReader
reader
m_AppObjectProvider
m_UserObjectProvider
m_ComputerObjectProvider
m_MyWebServicesObjectProvider
m_MyFormsObjectProvider
NewRowFromBuilder
DataRowBuilder
builder
sender
get_UpdateOrder
set_UpdateOrder
_updateOrder
get_ResourceManager
ComponentResourceManager
TableAdapterManager
addedHandler
m_BooksHandler
get_BooksHandler
set_BooksHandler
m_UsersHandler
get_UsersHandler
set_UsersHandler
LinkLabelLinkClickedEventHandler
CollectionChangeEventHandler
LoginRowChangeEventHandler
AdminRowChangeEventHandler
BooksRowChangeEventHandler
ChatsRowChangeEventHandler
SupportRowChangeEventHandler
DataGridViewCellMouseEventHandler
ValidationEventHandler
ShutdownEventHandler
m_SupportHandler
get_SupportHandler
set_SupportHandler
System.CodeDom.Compiler
IContainer
SelfReferenceComparer
get_User
m_AddUpdateUser
get_AddUpdateUser
set_AddUpdateUser
SqlParameter
XmlWriter
XmlTextWriter
GroupBox1_Enter
add_Enter
remove_Enter
get_Adapter
DbDataAdapter
SqlDataAdapter
get_LoginTableAdapter
set_LoginTableAdapter
_loginTableAdapter
get_AdminTableAdapter
set_AdminTableAdapter
_adminTableAdapter
get_BooksTableAdapter
set_BooksTableAdapter
_booksTableAdapter
get_ChatsTableAdapter
set_ChatsTableAdapter
_chatsTableAdapter
get_SupportTableAdapter
set_SupportTableAdapter
_supportTableAdapter
InitAdapter
get__adapter
set__adapter
get_Computer
MyComputer
Original_Author
get_Author
set_Author
columnAuthor
set_GridColor
set_BackgroundColor
set_ForeColor
set_BackColor
set_UseVisualStyleBackColor
set_LinkColor
set_VisitedLinkColor
ClearProjectError
SetProjectError
Cursor
Compressor
IEnumerator
InternalPartitionEnumerator
GetEnumerator
Activator
.ctor
.cctor
Monitor
get_DxIhBs
Schemas
System.Diagnostics
Microsoft.VisualBasic.Devices
get_WebServices
MyWebServices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
ScrapBook.My.Resources
ScrapBook.SplashScreen1.resources
ScrapBook.DeactivateSubPage.resources
ScrapBook.ProfilePage.resources
ScrapBook.HomePage.resources
ScrapBook.MainPage.resources
ScrapBook.AdminLoginPage.resources
ScrapBook.SettingsPage.resources
ScrapBook.ChatPage.resources
ScrapBook.ForgotPage.resources
ScrapBook.PostPage.resources
ScrapBook.AdminHome.resources
ScrapBook.BooksHandler.resources
ScrapBook.UsersHandler.resources
ScrapBook.SupportHandler.resources
ScrapBook.AddUpdateUser.resources
ScrapBook.Resources.resources
ScrapBook.AddUpdateBooks.resources
ScrapBook.Credits.resources
ScrapBook.Support.resources
ScrapBook.AddUpdateSupport.resources
ScrapBook.ChatPost.resources
DebuggingModes
get_Messages
set_Messages
columnMessages
HasChanges
AcceptChanges
get_Tables
ShouldSerializeTables
set_EnableVisualStyles
get_ColumnStyles
get_RowStyles
GetTypes
get_Attributes
GetBytes
get_TableMappings
get_ColumnMappings
get_Settings
AutoSaveSettings
MySettings
LinkLabelLinkClickedEventArgs
CollectionChangeEventArgs
DataRowChangeEventArgs
DataGridViewCellMouseEventArgs
get_Books
tableBooks
m_AddUpdateBooks
get_AddUpdateBooks
set_AddUpdateBooks
ShouldSerializeBooks
ReferenceEquals
get_Details
set_Details
columnDetails
Utils
get_Cells
get_Controls
get_Items
System.Windows.Forms
get_Forms
MyForms
Contains
get_Columns
set_AutoGenerateColumns
set_AllowUserToOrderColumns
set_AutoScaleDimensions
System.Data.DataSetExtensions
Conversions
System.Text.RegularExpressions
get_Relations
ShouldSerializeRelations
System.Collections
MouseButtons
InitVars
RuntimeHelpers
get_Parameters
ScrapBook.ScrapDBDataSetTableAdapters
SystemColors
Operators
set_MinOccurs
set_MaxOccurs
InitClass
get_Success
emailaddress
get_Chats
tableChats
ShouldSerializeChats
m_Credits
get_Credits
set_Credits
components
set_ProcessContents
get_Constraints
get_EnforceConstraints
set_EnforceConstraints
Focus
get_Rows
dataRows
set_AllowUserToAddRows
allAddedRows
allChangedRows
UpdateUpdatedRows
GetRealUpdatedRows
updatedRows
UpdateDeletedRows
UpdateInsertedRows
SortSelfReferenceRows
set_AllowUserToDeleteRows
RemoveAt
Concat
XmlSchemaObject
addedHandlerLockObject
GetObject
TargetObject
MyProject
Select
LateGet
LateIndexGet
XmlSchemaSet
get_ScrapDBDataSet
set_ScrapDBDataSet
get_DataSet
InitializeDerivedDataSet
dataSet
get_Violet
get_DarkViolet
Reset
get_ButtonHighlight
get_MenuHighlight
Commit
EndInit
BeginInit
GraphicsUnit
get_SaveMySettingsOnExit
set_SaveMySettingsOnExit
get_Default
SetCompatibleTextRenderingDefault
IAsyncResult
DelegateAsyncResult
DialogResult
MsgBoxResult
executesqlstmt
System.Data.SqlClient
ContentAlignment
InitializeComponent
get_Transparent
get_Current
LoginRowChangedEvent
AdminRowChangedEvent
BooksRowChangedEvent
ChatsRowChangedEvent
SupportRowChangedEvent
LoginRowDeletedEvent
AdminRowDeletedEvent
BooksRowDeletedEvent
ChatsRowDeletedEvent
SupportRowDeletedEvent
LoginRowChangeEvent
AdminRowChangeEvent
BooksRowChangeEvent
ChatsRowChangeEvent
SupportRowChangeEvent
LoginRowChangingEvent
AdminRowChangingEvent
BooksRowChangingEvent
ChatsRowChangingEvent
SupportRowChangingEvent
LoginRowDeletingEvent
AdminRowDeletingEvent
BooksRowDeletingEvent
ChatsRowDeletingEvent
SupportRowDeletingEvent
UniqueConstraint
Point
set_Font
get_Count
get_TableAdapterInstanceCount
set_ColumnCount
GetRoot
Insert
Assert
Convert
m_Support
get_Support
set_Support
tableSupport
m_AddUpdateSupport
get_AddUpdateSupport
set_AddUpdateSupport
ShouldSerializeSupport
m_ChatPost
get_ChatPost
set_ChatPost
_childFirst
get_About
set_About
columnAbout
SuspendLayout
set_BackgroundImageLayout
ResumeLayout
PerformLayout
MoveNext
System.Text
get_Text
set_Text
set_CommandText
get_ActiveCaptionText
set_HeaderText
StreamingContext
context
get_Peru
DataGridView
get_Row
DataRow
dataRow
AddLoginRow
RemoveLoginRow
NewLoginRow
AddAdminRow
RemoveAdminRow
NewAdminRow
AddBooksRow
RemoveBooksRow
NewBooksRow
AddChatsRow
RemoveChatsRow
NewChatsRow
GetParentRow
eventRow
AddSupportRow
RemoveSupportRow
NewSupportRow
get_IsNewRow
DataGridViewRow
get_Yellow
set_TabIndex
get_RowIndex
rowIndex
index
Regex
get_Prefix
set_Prefix
MessageBox
PictureBox
set_MinimizeBox
set_MaximizeBox
MsgBox
set_ControlBox
ComboBox
GroupBox
TextBox
ScrapBook.My
get_SlateGray
set_ItemArray
ToArray
CopyArray
ContainsKey
get_Assembly
set_ReadOnly
get_Reply
set_Reply
columnReply
XmlSchemaAny
ExecuteNonQuery
get_MinimumCapacity
set_MinimumCapacity
DesignerSerializationVisibility
MySettingsProperty
WrapNonExceptionThrows
ScrapBook
Copyright
2017
$1c6213db-06c8-4009-b436-92604df14741
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
(System.Data.Design.TypedDataSetGenerator
16.0.0.0
vs.data.TableAdapter
Label3
Label2
Label1
Button2
Button1
TextBox3
TextBox2
TextBox1
Button3
TextBox4
TextBox5
TextBox6
Label4
Label5
Label6
PictureBox1
Button4
Button6
Button5
DataGridView1
Button7
ScrapDBDataSet
BooksBindingSource
BooksTableAdapter
TitleDataGridViewTextBoxColumn
DetailsDataGridViewTextBoxColumn
AuthorDataGridViewTextBoxColumn
ContextMenuStrip1
DeleteRowToolStripMenuItem
GroupBox1
GroupBox3
GroupBox4
GroupBox5
PictureBox3
PictureBox2
_adapter
SupportBindingSource
SupportTableAdapter
!UserNameDataGridViewTextBoxColumn
!MessagesDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
LoginBindingSource
LoginTableAdapter
!PasswordDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
EmailDataGridViewTextBoxColumn
#OccupationDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
GroupBox2
ChatsBindingSource
ChatsTableAdapter
ComboBox1
LinkLabel1
Label7
Label8
MainLayoutPanel
MyTemplate
11.0.0.0
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
16.7.0.0
GetTypedDataSetSchema
vs.data.DataSet
Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
vs.data.TableAdapterManager
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
GetTypedTableSchema
My.Computer
My.Application
My.User
My.Forms
My.WebServices
RData Source=(localdb)\ProjectsV13;Initial Catalog=ScrapDB;Integrated Security=True
My.Settings
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerPropertyEditor, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"System.Drawing.Design.UITypeEditor
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
width
height
DDDDD
DDDDDDDDDDDDDDDDDDD3333
DDDDDDDDDDDDDD
DGwww?
wwwwwwwwwwwtD
DDDDDD
DDDDDDDDDDDDDDDDD
DDDDDD
DDDDD
wwwxw
wwwwxw
wwwwwxw
wwwwwxw
wwwwwxw
wwwwwx
wwwww
wwwwww
wwwww
DDDDD
DDDDDDD
DDDDDD
DDDDDD
pDDDDDD
DDDDD
pDDDDD
DDDDH
DDDDD
DDDDDH
DDDDDD
DDDDDDH
DDDDDDD
DDDDDDDD
DDDDDDDDD
DDDDDDDDDH
DDDDDDDD
wwwwwwww
wwwxx
xwwwxx
xwwwx
prtustq
wjklxv
mfnzey
|good{
YYXYXXXXYXXYYXYWS
Y[TT[ZYYYYYYYYYYY
(FE871-,,,./45;6
>LLLLLLLLLLLLLKI$
HMMMMMMMMMMMMMMM
NNNNNNNNNNNNNNNN
%UUUUUUUUUUUUUUU?
0VVVVVVVVVVVVVVV0
BOOOOOOOOOOOOOOO&
PPPPPPPPPPPPPPPP
'QQQQQQQQQQQQQQQ<
:RRRRRRRRRRRRRRR)
***+999=R
UVVYXW
IKMLJR
QGFONS
===;;==><
@?>=======
y`cfi
\`cfil
[\`cfilo
\`cfil
usuy|hp
losuy~sfohiju
xlosuy~{d
~nklp
losuy~
vsuy~
cdefghir
uy~yr
~acdefghijklt
zfghijkl
"iqz|z
-1/,*)'&(+%
0444444432-
5555555555#
8888888888
$6666666666
.777777777.
9999999999!
::::::::::
szzzs
dooo*++-,uooooowwwww"$%#)wwwwwu_
'&!(.
wo___qU2Q
;Jg__
HT429ScxugM8L
O01?ap`QWbehi
V?Y^GTfnlZJ
qW>???=DK\h k
RBIUXD357>y
LK6QNRPLr
:~/I/
888`777
9990999
===p===
@@@@???
BBB AAA
BBB0BBB
ZZZPccc
]]] ^^^
fffPfff
<<<@;;;
>>> ===
___`www
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADI
*X*\m*XA*m*
*X*Hm*X
FY**B
&+X*.l*X
+m*"+*m
&o*X+(m*
**miX**s*X*
m*X\*m*
+m*x+*m>Y**
+m*y+*m:Y**
*X*@m*XH*m*
**mQX**
M+*m/Y**
>*miL**
*Xq:m*
'X**`*X
&m*{&*mpS**
"m*\"*m
_**<,X*
-}LH-%+
12!DXb
`{saz
-d(`*
Ilj*Gd
4XEa$*Y
X(~=+
eQ2*Q
UXn[6
hP*&5
3hTBcf
~-Y%#
V.%|33
~-Y%#
V.%|33
oMLKc
>wTv]3(C
]to1~
dTea$`
7Cl>z
sO+ulAUNl
Lxa}8
`>}pGS
Fs /+
ku>-f
2-U1g
TWUyY
TI(`m-
-p4([x
E&;('*_
3CY1eG
_&!(']
m57WGqerq;
56SGq
g56qGpRrq
GqCrp,5q
k56qGpR
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^l
[ZZJ]
%;$-$
iI\=c
%%kZ&
o7 ([
HE}!(Br
w2I;]
/h(<`l
9z?{t_
,t*,~
=:+j4
ehL2N
tde!:
&29$$
Za<|H
Ys*O4
Wp<eg`~
h,W6 yl
/2E^G&
"j&Qw
?%K=w
fS7G \
B$+t\
pL1>vC|
{ry_oSW
ceRq`{
(:X5h
=,6y6
HL"R!
hj(.c
b/ayR
scf4IG
wkM}r
G$?O~
atdFO
Y#^Hl
VOi#p
>"GE!
lH2Av
~,t=>
n!<BS
5#K^}
9[P}r
"N>B-
ln1/+
yuzw&&
b5X q
E4Y,x
jY|Z$q
9l[ vN
O>B#7
;dwxF
\gVh1
RXW/6
9mN5I
yb{/y
dCR}4
CVh)p
#(z?,
9iBNKr
~KOdc
:$%;pR[
.S/4$
oU{QsQrH{
Whc#Ge"
pil:i
a"F)w
rCiG;
+K3CV
MSwx2ep
gnDxU
p/^Ln
-vXs{
l"Sm`j
)h_.rpd
LS/"jB
,f1`6
O:rDJ
h*iwj
qkuRk{
]J{=\
:''%I
\^2u\
8SshNv
StLew__
#t<>[
`+:YqCU
Sa_RW
eg/yO
3Jr2?E
_c[zuP
PmlL\
{0RBX
,m2YF
P{N{\
>}d,c
9!U8rf
Y2rlp
&)@^7
Z2zQU
C><}~~
9gg-,>}L
aRY\]/
H0+K)
Jw_{DN
%VQ6'
2aP<C
}Sh8.
Z o*Lw
O|f{@VJm
i^7qc
W}jgO>i
_AtS:
q1z!S
pfH.Ndt
lb):/t=5e
bn(BCM
/c (6+
LJ6#;
P}\dj
#U8j#
Dis"h
:wyGo|Ms
8zE!B
v2I6a
^=&})
us>5L
8)CmB
<W;XJ
,b{]{gC
}V4t'z+
"%mebh
&Bw4v&
hE(T#
AUo7(
X5F4V
a(.&1%
R+Mcc
Bn]{:Tt5
q_^f6=
,BHZl
YwLzfL
_V\uN7
Z$O<3
Q,d!b
i8al:N
DBocj&2{].
\3[}Fe
w>X2!d
l'{tVwn
u`o$-
~a44E
6H,=O^Q
y:oqV
XB}7/
|8ui9
<G[j5
Ampr"
w0^aDCX
L3Vz.N"
=^{EK
dC*lC
aEG{'
zFH{U
QyFfj
_+K[
'$Jpt
3tnT\
HU{%^
}7%,}_
<M]D+{
/<fR|
Mmle~
-bHq"
I\IWd}p
_p[Bg
5&^{5
T>*8%
!B&:<
,4?!r
=G/dI
VA8)$/
&_f9y[e-|
mv[g9
QMYhv
.bb$z
6QPVK
1,C!\
*1q;*
| 1p)
SBy^T
y%L[3*c;
5:F`k
PQ'~B
ib\#tw
QgDtc
M//76
e~cDT
AD]s3
`]M<.+\
:zYEc
4Nc.d
Nr-BN*
7GC{Qx
2!="_
DsP8Bfu
}3~~V
skV)10
?IyBV(Wk
i'?6m
&%z9v
AE\z2
>j8R3
joh:r*2
"= o6
jDdTzd
8WMs5
2zo]6
qM#M]
U'>5gbd
|G[s4
WMN#)C
4I31Zm
qNIi:
4*i8
G21"!kUDVK`
B $AR
C*smQ
'^L<*4
/^e`#Dv
|HcgG
@*o6h
]EaUo
Q9"\6
,2f9(N[j
XI}ra
ZZ[r~
Da,#_qq
!3[1{
RHH>F
~G6X5
UrN,\`
0{I'z
04u$JRc
kq|\DgLSP
m'bO^
O<c_63d
c`1xt
d_bMpyC
pYB[@u_K
FO1K#
;rLz)I
(CCp;_
vC%1}
-Uj&K
o[t:d
al(NP
OWXs$O
kX#3d/
NB_&~
lEs)0?
m{L#:n
6x_%oXN
e%zpy
SHVJ)%
IZW4n
\FXG#n
#vrR;B
pogTx
]S\3[
$P\>$ry
"V&O4W
26jK%
UxUUF=
6~Xpx
|8'Ed
7Fu#B
:'5OO
.+<*m
Olb ,
x3!.f
Ax6yk
m=RuKtHc
?:jZO
9:,u\j
\*Q1[
JWQ]y
siTDdJ
*m0lI
0pU?6A
pT+~4q
bqg +C
'5>ar
!e&9l
&Syde
39RR.
pDm/H
9y-l!
$)I33
(5<}S
,qyLl
$aSe"
j`RUWtM?
+j&z/
'V\|9
:wks#
a"a47
/m)dl.
xnzp-
H`m(\i
Ac~10+-w
G3\Wiu
\|irM
>gt3,0
rLLp$
/|L2r<
D,kNV
-g;*s
Vz]3f
^2|Q6
0m{twN
=/nNI.K
,bFaqy|N
[L%&
)av,ma
Y(QVDY3
IDATK
LjZ'4
Om-+^
2!hlo
F54vp
xkR>i
|2P?"mz
:Bf.z+
3n/>.
=u7Z[
kj!g'
~f]tgt
uasS]S
Pv,&"E
=Pqb
(bB1X
=z#lA
?2SsX
ppX-m
@Kp"Z
^+j\o
a|sNB
CQAQw
;'Yrw
"lp10G}
HDcfc
f_B}F
t6I.t
Bz>/};k
gpszO
C9|@w
s!|%[
OD{&$
Lr|1G
UR?R[
&?,<W;
*N(DN
0z0!q
qr`L(B
8c/9<t
(>#hN
,T[[$
~?-&J
`vHyb
SS&L(
Q'}:Rn
AkXzr
@{NpSf
i7#gw,
*Ok'NN
(!FQt
@}kb4b
V7&4O
|kV.4
O4N2i
vgXYK
zVgF~
=P0<M
xlLo?%
':AHC
RKy#y
>y3)p.B
Cx3N'u6
71Be#
>YY/3\
]3%nG/
N&}YIF
][* 5
avu '
x3o<aB(t
ASSP]K
SCM2-
y6tK.
K"(+b
X#JAAyS
$3="}
pbcl> ^p
gV[F#dM
zW&mq.
<OsJC
{n2?L
JvRMa
f<x"l
l({xD
6JN9{
1:f:jc
|yV~:
d%h&V
xykr2
P,&wD
+-bG4
#Ys'6
RK~w,}
(z)dS*
tMRaE
p]N#^zG
n<5wR
;i:P9
ysdklM*
b!(Gx
PgNl4{4
}Rz`\#/
ahegAtNZ
Ir,.X
D6Gh5
?HM0j
9.?s.
zH3+qb
AV>Al
[w%.#l
W><jQ
n}gfgNQ
UpqgY
,~c/r
d5k2y
>``EA
zcRti
W/^5~
{ U{E
8?o^Y
/MEbK
ET#P`
^bV'/n<
y[tN8LxP
"H~`O"?
@|3F.
KgZPxF
YGcbBMC((
Vv]4S
fnfce
KJjSk-u
-dF~eHnU
6WN|>I
7GN`1
fvFYTevz
[/WU;
#iov*/
]LzFV
yVaKJ}R
eySE]i
~Wvk~{
qr^C
lpr ^x
Oc Lt
%Xy4u
?.Zoxfd
?9T}W
#7q`{
-=]!0ab%
o-4b
g>bVa
k&1.,:
W>c1{q
a>`29`
h8jGoN
y; /|M
LP+;ej
^fy66
dR`,h
}uX\B
p=,<n+
Tds[a
Vu>:4s
u>nMn3
;+]*9
qF>#72
@}Y`_7
;6l,i
Oi>zf1w
eB-uc
@#f?7
c?]\<U
`*Nd$Sq
5I)sp-
xsP<l
})yhL
7[\WsC
PB}WGN
FCI0-
Lq$Kj
U>PA,
7N,*2o
b7NnK\Gz
H|ipu
%_7OK
!<A3R
/[;o~Sv{
"&m8h
p\@cO`
`46B>
-\I/8
YBQMl[
5)|Z3
9?y)i
+|'C`
at=*$
{v<wZm
lVZCC
!B9k6W
#cCf8
:,[A7
]4nc,
e2b p
OzYvPM,
<#'+*I
xmpgZMt\3
j_EvH
6 B>n1k
uTX/yz
~PXu!
I#:3j
R,o(F
HpL;W
B6DO7M
\RxG3
J\p|Bnc
:<:8o
):{tyl
30N`Lp'C
D<YD">
no}}d
H;ME}
e\oy<h
g~<iJ|
9A]f'
:eJkK
&)btJ
0p }e
k?q O
#8?FB
&MGcb
:4Ad
2I+)%?
,m=Ukl
8V$!3a|
2`R}sh{
xJE ?=
w'l_z
=?Zfh
o6B!{
(.9L-0<
'ZL?\
R\763
*h[s:U
O`UlF0
+vNDk
BYV);$
jx#:e
J~}Q&
V|_^$
W9ie]w]u>+
W&G^9
2O0hG
M}hodL
W/]~e
()4tP4
FID>
#(1+.
{hJFS
%4a02
:Z]='
bA=`wUQ)fy
p4h>0
/t\Y
o[K?+F
"Q[C l
Bm <*
AJ{\lkM\K
m[u&j
"D%rR
S,aHQ
Kw`D+G
^5C9#kh3
[DPX6d
>.!/i
d$Miy<
Xntah
R8 5m
-nwyDo
/9NQg>
`]|B\n
7(hF~s
E[fI.
g6x}`d
nH[5]
0tt1}
yA4GH
70hKx`
(zf?X
4 )hmus
6/?1}
E6O%^
,^,Aa
Z7BLc!|
&z0v&F
p1v6N
bQtB5
-6 vY
2h'E`;
Y^Yn\s
5mIWYZ
4k&T'
`\FA8
'gak%
tQ1lO
Nk~es
!4c,X|
Ze2,.
Xmy#c
nZ` S
rxq&!
9te>"6d
>Z!J(i
:!w,C~g
7O:)A
V?JTN
5zOV7
av-z'
yy{}RMC
pwGM#
ko]lY
lz~lf
:NBlPcL6
Bc4F:
4>CnW`
'hc${
xnUZ$,
mVcBfttV}
&PdiQ "
1PM70
9Ld34
IGh)%
_D69r'
I_~q;
\@%H_Q9
Src$X5
X[J"[
wDt2t
e'`RJt5
GvNwM
EO\+S
"[P5=
7M_~\8R
<IQ+v
.U+Cy
,,OQu
r,Y;|
y9dm~7o~
B&(,0
7e[!h
/^5!<
9'qTX
]EA-9
As|LQ
fMZr7
VW>iO
}:!1Nv]q
k-B<Zv[G
~ttCD
aiDm5
kC2'k
@]H 7
SXq`S
rzOnh<
N*M#Ke
U.Fm GM
T&Xd5%
PYs[.S
yg&;}vV0[
;9`{I
Uo=x&
Du K3
p6tI(
cq*Wm
qTY*`f
=5)%Kwul
4;JmQ
-b/q(
c#_Nz
4s0.1
5L"gQ
i9jkc
K[`Atb
,2rO?
z9srF
*@H$:(lPm
HJoVTZ|fHI'?
Y{rV4}
owLY7o
+oO<B
hd'MD
C}Ge9
dUJ(_
PqjshV
-n12]
m)8Bd
a2FAId.
0cd,:
}*=;C}
*G<{l
Wr[hS
tChD|
b4rCm
N62U N2
AEuCon
xm%~=-
;7S[c
KLo}=0
eqYd(F
.EX5l
4g`Av
ug)wc
35RC!
F}m^%
CO0rRt
eJPMH
MJRC/
j`, j
~qex=
cdQ=<r
.XwZl
[ZHe5
-sJ<e94]
r?"HZg
9m9Zh
"S|Jy
Es4lH_
46N^l
l<'sF
xzXNmp
Dmt"G
g?Ghd
i}pd4(s
0lL:x
(I{?Q
6g^!'
Z6s^(
AJn_I
H"V47j?
\wC O
>`.E3
<78,]
lL{>ta
;>wkd
m|O*@
P`#?'*
'_{`n
xOi,?fd
'5RAn
QyTW&^
`UiU.m
rwNCa
|rCP>
z.B3di
>%jYZp
:O}>2t
efLjIY
,_n_i
`^MFH
SaI|E
j? ,5
#[E;k&?
(bL2A
`dY~L
hM#H$
.da ^Z
riMA0
8g06x0
h>r}yS
G"u?Uk
fS4nh
_sp"b$.
q{7XTZ
4KrR=
c4p\t
ISIU`
~cfY)
+.Gr?
8zua:A
8s7!B'Nu
V]0SN
9{>9g
aNxq*
6jFm!
OTTO}
k^.d4l
x$::3I
9'QX%0
^OQyO
GU!{
AC|wrMlVUrPZu
,xM7{
h9sQ8
U?pmK
d[N-L
V}~pe
JdqQQ
11.NE
mR*+w
o0nj\
0>5FZ
GKbN
>{Qs_odG52
!w_\^
dWS,k
(K`D4
Cle55
JV3BW
D}&f`y
okg^7
kq.N\
o*r"j
HVd3[
O~X[)
{M+&G
4*=.(
gxab~
E|X'=
d#`ZI
2`tJ\OR4
+6|Uu
ji}{vzL5
U-A9r
R"u)X
Ved{K
S.<%`
>wa^G
Nm}5C
K90jJ
m+|_s
JY<@/g
:dEp"
)@w1
bl#(w
DbG*Y
`Y%K0f
KortO
PS`4(
+LiyI
i7x;X
b>`b)
>=}JeK-
e:rZ,
M4By8Zea
dRc*BI
<-r.Y
s]tmUG`Q
'Qs"W
+VU(G}
-"4TD8Z
_B&%fBGn
~kBVr
f`"W:
y{!O
{]_KPcUUD
1mR}t
d|UY6
v+Ly|
bXad"v~A8"
Dgptj
$=2Z$
ftOy3
7%DGg
E{'<j
0qB_;
cUDt=
nVsuK
r]3hk
n^*xxK~Z
F_UNt
yolUL
<@P^ts
?$V-7
=g4^{>9x
zD>:m^
jyA)J
0F'd)
u/s'_C
9jW}N
*3V$D.
)=MbZ
a$z''
PUmTmF
z[_\l
dG11V
;' .O
+MsJ?5
A~L#/@
nrnT6
R*'Ml
[abt_l
E+Lhzy
c_LJq\
D`r|Y
gj`,:
U%DFW
DI`os
iDrmLEJ
>3LzL>
1.?M]*
?~Z+&
h?EA*
;6u$(E_
>3VWg
WwSM~;
N,4}H
adUFlj\
~DJVbtSK^Dw
.75Rh
fzrlT|
gS|zPlK
tNlZq4
>c^Num
S-9w\
a!_M?
a=$Jt!
Xu.`*
mZ$r1
<`]"t
5}KhT
xiuEYtUW
J`TMt`b
o^}_eo
NjmKw
d%5B#N
2hB7U
?Rw9}
IFw^l<m0z
ocZ~k%
Wh-2`w
Bf,CB
^>QbN5
:YtSf
@I-u
z'xSv
x&j\UT
F6tvg
!4*q"
c=:Hy
'gyk{
>4Uzx
0BqI4
hk^P9
DH>rV
39|~B
aVC`_"
ZKx=a
\IwvO
#E+>H
gCm)X
O`L;C
3(THY
%C`nT~
+9lD"
|`a$cc
a4A:x
p|BMu
^O>1oU
A,"q"S!
}'fB
.rYMK
[u>;Y9
UL}?=
x'<Xx
CX8y0
N Gh^
QC>^6
poY[h
1yL/I9
1/m[t
s.==dr
iGGk-:
xs8^3G1
Ec(Ac
UNG|~
_K4Zu
~wX[>of
"!F0{!
hAx6;
%i;]n
"FB}o
Ubwke
1X1;LD
EExD0
A~sJ3
d^y)8
]O%kU
e!_ 5
w^R]k
~)<;F#
!hBh{W
|K9xJ
?1"hRIF
_YaUj
n89h #n
){lGm
Q;k^)
wR'4V
$~hCH
V*?i8
OsVuv
|?z}hS4
De7!T
e>_2v
](!];I
1jee3
7~[~i/
s%VqSY
xzq/m
WSqr
Es5$Sg
8V.'%
@|wn7
*@Bc{L
nd0hM
{_xw|
TP5C1
GD>lw
b1%'-q(;
HD6+#e
Ha1Ik
S!vwf'h)<
(dXP]
VzlM"
X)&D}]
WO&zo`
]a7N6
:.rl`
@Hrqzl
='M`R
7cC7=
kf)KS
vs(q294
i=TL,
"BwV1
N%.,dmB
)1s5a#!
efTxmv
&ZZza
tH-/N4
q8QpK+k
9j~u:
( @$D
r,K:y
Et}-#1V
A(48.
ubh<6;
#bih^
Zb\1Z
bxf |
pt9r"
e'%:O*
*^EJkI
?z8-77
*'/K+9K
3}l9&
*c(-
0e2%N
+_3/x
wkoo68 ;
@XAmC
OkW"\
th=\T
XXH6]
Iuo'1
5LF ?
', pfZ
bOmcI
1h},`
ELOd19v
U6}NNW(
t#IV:
|qIa\
r2rDZ
4_poYw
Xnty4
ty 3ek
ZcASk4W
qXm~EV
r_((N
bpOmEx
t*j_7
js`_c
H'iyE
mEt%g
7h3,B
K~PA^
Ex%Fx
Qy<Go
]~na$
kgK7_
5I/Nj,*
o4LHs=
kg7DE
^u9 U{u)
Wc1&!
'&=y7<=}
UG1ni
e>}A!7(
V>*5AK
"WsN>
ycRltwR_k
v[grH
0G1p-
3_\j*!oye{
r(v6|
MdJnD
#tB(r
&gV!K8
ol4A,n
DknHt
Z$e1c
.5 8(+
}2,2PwV
flY{u
x=^[8+
>W}4{
L?0mq
[oM[$
}_Sx_s
cYIDAT
df#_f
iln5u
='h-W<GC
wOEp'(\?
6BY4n
UA"I{
qHYyq
no5J2
_p;'6X
GzU~wY
q2$PAA2
ROIE`
~uG}s
V~G?w;
iA3b<
g3CMJ
uT"@T"G
{dL"^b4
HLuMLd
T?!>OXz<
!R.Az
G^ qn4
ZymoD
|VjElI
xN%ycO
2t^cB
'B,@9
Oy->
|2y=95
J`-{m
arRaB
rexelmVH
ss6NS+
6 XaE
2UBd)
y*a'Q
^-Bxu
@>PD'
N}hfsu(
{GcAS
!s%\~e
-6YoJ5
M;;/~
$aMLLc
dPnkj
<kAS|}_
$%d[0
u|pza
\~^X1
Jlg $`
^):bT
TghqI
<sv$
> (AD
WCUXD
LZct>o
,"t-K#
U>APa
;Y&m|G&
a,O1Li
6SduZ
zMAemw=
1+W;\
)"Kh
FDsA8
x]/W4~
d;Xs`
VnCxE
c=7q0AZm\
neraZt
fj}>zt
k>~V18>
A?K9p
z`34|I
2zI45<
+`+:&
,SoI&;0{
XewlM
S4x6f
6cOaM{
)icUy
9nkRMe
4_xj.vY
?kY};N#
Yh{m=
e*P;P
-[*MMZ
[V6KwM
>W6N|
p[]\e$
5Uws,
]*C>M>
k81p q
?a_^n
NqbNZ=
u-AK]O*
9dm$`"^
Kr#HU
ID%'{
r`Cep
&gQe2
PWqM|B#
|uMQ/
E3.9Q
C+3C.
`ERVb
(sw]4?
uW2!t
c,<us
i+hkf
=%?&)'m
eAjy1
Hh\an
=/;xv
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
U<ENW`x
ScrapBook.Resources
DxIhBs
ScrapDBConnectionString
Label3
Author
Label2
AboutBook
Label1
BookTitle
Button2
Delete
Button1
TextBox3
TextBox2
TextBox1
Button3
Update
AddUpdateBooks
Don't keep blank Credentials for Title
Don't keep blank Credentials for Details
Don't keep blank Credentials for Author
insert into Books (Title, Details, Author) values ('
Book Posted
Delete From Books Where Title='
Book Deleted
Update Books Set Details='
', Author = '
' WHERE Title='
Book Updated
Message
UserName
Reply
AddUpdateSupport
Don't keep blank Credentials for User
Don't keep blank Credentials for message
Update Support Set Reply='
' WHERE UserName='
Replied User
Delete From Support Where UserName='
Messages Deleted
TextBox4
TextBox5
TextBox6
Password
About
Label4
Email
Label5
Occupation
Label6
Phone
AddUpdateUser
Don't keep blank Credentials for UserName
Don't keep blank Credentials for Password
Update Login Set Password='
', Email = '
' , About = '
', Occupation = '
', Phone = '
Profile Updated
Delete From login Where UserName='
Profile Deleted
insert into Login (UserName, Password, About, Email, Phone, Occupation) values ('
Profile Added
Enter a Valid Email
Warning
^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$
Microsoft Sans Serif
PictureBox1
UsersHandler DB
SupportHandler DB
BooksHandler DB
Button4
SignOut
AdminHome
Button6
Users DB
Button5
Refresh
Sign Out
DataGridView1
Title
TitleDataGridViewTextBoxColumn
Details
DetailsDataGridViewTextBoxColumn
AuthorDataGridViewTextBoxColumn
Books
ScrapDBDataSet
Support DB
Button7
ContextMenuStrip1
DeleteRowToolStripMenuItem
Delete Row
BooksHandler
BooksHandlerDB
UserName:
Message:
ChatPost
ChatForm
Please fill the blank boxes
insert into Chats (UserName,Messages) values ('
CreateInstance
Green
ScrapBook
GroupBox1
GroupBox3
Georgia
Vishnu KP
15YASB7137
PictureBox3
GroupBox4
Tejram Patel
15YASB7128
PictureBox2
GroupBox5
Sarvesh Kumar Modi
15YASB7111
Credits
XmlSchema
Admin
Chats
Login
Support
http://tempuri.org/ScrapDBDataSet.xsd
Table
DELETE FROM [dbo].[Admin] WHERE (([Admin] = @Original_Admin) AND ([Password] = @Original_Password))
@Original_Admin
@Original_Password
INSERT INTO [dbo].[Admin] ([Admin], [Password]) VALUES (@Admin, @Password);
SELECT Admin, Password FROM Admin WHERE (Admin = @Admin)
@Admin
@Password
UPDATE [dbo].[Admin] SET [Admin] = @Admin, [Password] = @Password WHERE (([Admin] = @Original_Admin) AND ([Password] = @Original_Password));
SELECT Admin, Password FROM Admin WHERE (Admin = @Admin)
SELECT Admin, Password FROM dbo.Admin
Original_Admin
Original_Password
DELETE FROM [dbo].[Books] WHERE (([Title] = @Original_Title) AND ([Author] = @Original_Author))
@Original_Title
@Original_Author
INSERT INTO [dbo].[Books] ([Title], [Details], [Author]) VALUES (@Title, @Details, @Author);
SELECT Title, Details, Author FROM Books WHERE (Title = @Title)
@Title
@Details
@Author
UPDATE [dbo].[Books] SET [Title] = @Title, [Details] = @Details, [Author] = @Author WHERE (([Title] = @Original_Title) AND ([Author] = @Original_Author));
SELECT Title, Details, Author FROM Books WHERE (Title = @Title)
SELECT Title, Details, Author FROM dbo.Books
Original_Title
Original_Author
Messages
DELETE FROM [dbo].[Chats] WHERE (([UserName] = @Original_UserName))
@Original_UserName
INSERT INTO [dbo].[Chats] ([UserName], [Messages]) VALUES (@UserName, @Messages);
SELECT UserName, Messages FROM Chats WHERE (UserName = @UserName)
@UserName
@Messages
UPDATE [dbo].[Chats] SET [UserName] = @UserName, [Messages] = @Messages WHERE (([UserName] = @Original_UserName));
SELECT UserName, Messages FROM Chats WHERE (UserName = @UserName)
SELECT UserName, Messages FROM dbo.Chats
Original_UserName
DELETE FROM [dbo].[Login] WHERE (([UserName] = @Original_UserName) AND ([Password] = @Original_Password) AND ((@IsNull_Email = 1 AND [Email] IS NULL) OR ([Email] = @Original_Email)) AND ((@IsNull_Occupation = 1 AND [Occupation] IS NULL) OR ([Occupation] = @Original_Occupation)) AND ((@IsNull_Phone = 1 AND [Phone] IS NULL) OR ([Phone] = @Original_Phone)))
@IsNull_Email
@Original_Email
@IsNull_Occupation
@Original_Occupation
@IsNull_Phone
@Original_Phone
INSERT INTO [dbo].[Login] ([UserName], [Password], [About], [Email], [Occupation], [Phone]) VALUES (@UserName, @Password, @About, @Email, @Occupation, @Phone);
SELECT UserName, Password, About, Email, Occupation, Phone FROM Login WHERE (UserName = @UserName)
@About
@Email
@Occupation
@Phone
UPDATE [dbo].[Login] SET [UserName] = @UserName, [Password] = @Password, [About] = @About, [Email] = @Email, [Occupation] = @Occupation, [Phone] = @Phone WHERE (([UserName] = @Original_UserName) AND ([Password] = @Original_Password) AND ((@IsNull_Email = 1 AND [Email] IS NULL) OR ([Email] = @Original_Email)) AND ((@IsNull_Occupation = 1 AND [Occupation] IS NULL) OR ([Occupation] = @Original_Occupation)) AND ((@IsNull_Phone = 1 AND [Phone] IS NULL) OR ([Phone] = @Original_Phone)));
SELECT UserName, Password, About, Email, Occupation, Phone FROM Login WHERE (UserName = @UserName)
SELECT UserName, Password, About, Email, Occupation, Phone FROM dbo.Login
DELETE FROM [dbo].[Support] WHERE (([UserName] = @Original_UserName))
INSERT INTO [dbo].[Support] ([UserName], [Messages], [Reply]) VALUES (@UserName, @Messages, @Reply);
SELECT UserName, Messages, Reply FROM Support WHERE (UserName = @UserName)
@Reply
UPDATE [dbo].[Support] SET [UserName] = @UserName, [Messages] = @Messages, [Reply] = @Reply WHERE (([UserName] = @Original_UserName));
SELECT UserName, Messages, Reply FROM Support WHERE (UserName = @UserName)
SELECT UserName, Messages, Reply FROM dbo.Support
dataSet
All TableAdapters managed by a TableAdapterManager must use the same connection string.
TableAdapterManager contains no connection information. Set each TableAdapterManager TableAdapter property to a valid TableAdapter instance.
The transaction cannot begin. The current data connection does not support transactions or the current state is not allowing the transaction to begin.
Post to Support
UserNameDataGridViewTextBoxColumn
MessagesDataGridViewTextBoxColumn
ReplyDataGridViewTextBoxColumn
Please fill the blank boxe
insert into Support (UserName, Messages) values ('
Support Message Sent
Books DB
SupportHandler
PasswordDataGridViewTextBoxColumn
AboutDataGridViewTextBoxColumn
EmailDataGridViewTextBoxColumn
OccupationDataGridViewTextBoxColumn
PhoneDataGridViewTextBoxColumn
UsersHandler
UserHandlerDB
ScrapBook Admin
Log In
Go Back
AdminLoginPage
Don't leave Blank Credentials
select Admin, Password from Admin where Admin = '
'AND Password = '
OOOps login failed
GroupBox2
ChatPage
Integrated Security=true; Initial Catalog = ScrapDB ; Data source=(localdb)\ProjectsV13;
Your Account is Deactivated
Sign Up Again
DeactivateSubPage
Deactivation
Reset
NewPassWord
ForgotPage
Forgot Password
Update login Set Password = '
' WHERE Email ='
Passowrd Resest Done!!!
About The Book
Book Title
PostPage
Don't keep blank credentials
insert into Books (Title, Details, Author) values ('
Book Posted!!!
Server= (localdb)\ProjectsV13; Database = ScrapDB; Integrated Security = true
Reader
Publisher
ComboBox1
About you
Save/Update
ProfilePage
Profile Page
Update login Set Email = '
', Phone =
WHERE UserName='
Profile
Settings
$this.Icon
HomePage
Home
select UserName, Password from Login where UserName = '
Ooops!! Login Failed
Welcome Back...!!!
insert into Login (UserName, Password, Email) values ('
Welcome New User...!!!
LinkLabel1
User Name*
Password*
Label8
Forgot Password ?
Create An Account
Email*
Label7
Sign Up
Welcome to ScrapBook
helps you learn and share with the people in your life.
MainPage
Login/SignUp
Deactivate Account
Update Profile
Ask For Support
SettingsPage
Profile Deactivated
MainLayoutPanel
SplashScreen1
WinForms_RecursiveFormCreate
WinForms_SeeInnerException
Property can only be set to Nothing
Constraint1
http://www.w3.org/2001/XMLSchema
urn:schemas-microsoft-com:xml-diffgram-v1
namespace
tableTypeName
AdminDataTable
BooksDataTable
ChatsDataTable
LoginDataTable
SupportDataTable
The value for column 'About' in table 'Login' is DBNull.
The value for column 'Email' in table 'Login' is DBNull.
The value for column 'Occupation' in table 'Login' is DBNull.
The value for column 'Phone' in table 'Login' is DBNull.
The value for column 'Reply' in table 'Support' is DBNull.
$this.Icon
DxIhBs
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
ScrapBook
FileVersion
1.0.0.0
InternalName
c15P.exe
LegalCopyright
Copyright
2017
LegalTrademarks
OriginalFilename
c15P.exe
ProductName
ScrapBook
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0

Full Results

Engine Signature Engine Signature Engine Signature
Bkav Clean Elastic malicious (high confidence) MicroWorld-eScan Clean
FireEye Clean CAT-QuickHeal Clean ALYac Clean
Cylance Clean Zillya Clean SUPERAntiSpyware Clean
Sangfor Malware K7AntiVirus Clean Alibaba Clean
K7GW Clean Cybereason Clean Invincea Clean
BitDefenderTheta Clean Cyren Clean Symantec ML.Attribute.HighConfidence
TotalDefense Clean Baidu Clean APEX Malicious
Avast Clean ClamAV Clean Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Clean NANO-Antivirus Clean Paloalto Clean
AegisLab Clean Tencent Clean Ad-Aware Clean
Emsisoft Clean Comodo Clean F-Secure Clean
DrWeb Clean VIPRE Clean TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.hc CMC Clean Sophos Clean
SentinelOne Clean GData Clean Jiangmin Clean
Webroot Clean Avira Clean MAX Clean
Antiy-AVL Clean Kingsoft Clean Arcabit Clean
ViRobot Clean ZoneAlarm UDS:DangerousObject.Multi.Generic Microsoft Trojan:Win32/AgentTesla!ml
Cynet Clean AhnLab-V3 Clean Acronis Clean
McAfee PWS-FCRK!52DBEE14B2CF TACHYON Clean VBA32 Clean
Malwarebytes Clean Zoner Clean ESET-NOD32 Clean
TrendMicro-HouseCall Clean Rising Clean Yandex Clean
Ikarus Clean eGambit Clean Fortinet MSIL/Kryptik.YFO!tr
AVG Clean Panda Clean CrowdStrike Clean
Qihoo-360 HEUR/QVM03.0.A727.Malware.Gen
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 72.21.91.29 [VT] United States
Y 40.119.6.228 [VT] United States
N 104.18.10.39 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

Source Source Port Destination Destination Port
192.168.1.6 49210 104.18.10.39 cacerts.digicert.com 80
192.168.1.6 49192 13.107.42.23 443
192.168.1.6 13608 52.114.159.112 48175
192.168.1.6 29213 52.114.159.112 40497
192.168.1.6 49209 52.114.159.112 443
192.168.1.6 49212 72.21.91.29 80
192.168.1.6 49211 8.249.163.254 80
192.168.1.6 49196 96.6.97.60 443

UDP

Source Source Port Destination Destination Port
192.168.1.6 52555 1.1.1.1 53
192.168.1.6 65048 1.1.1.1 53
192.168.1.6 137 192.168.1.255 137
192.168.1.6 50764 8.8.8.8 53
192.168.1.6 52555 8.8.8.8 53
192.168.1.6 56304 8.8.8.8 53
192.168.1.6 57593 8.8.8.8 53
192.168.1.6 58697 8.8.8.8 53
192.168.1.6 63241 8.8.8.8 53
192.168.1.6 63713 8.8.8.8 53
192.168.1.6 64201 8.8.8.8 53
192.168.1.6 65048 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
cacerts.digicert.com [VT] A 104.18.10.39 [VT] 104.18.10.39 [VT]

HTTP Requests

URI Data
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
GET /DigiCertGlobalRootG2.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cacerts.digicert.com

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

Source Destination ICMP Type Data
192.168.1.6 1.1.1.1 3
192.168.1.6 1.1.1.1 3
192.168.1.6 8.8.8.8 3
192.168.1.6 8.8.8.8 3
192.168.1.6 8.8.8.8 3
192.168.1.6 8.8.8.8 3
192.168.1.6 8.8.8.8 3
192.168.1.6 8.8.8.8 3
192.168.1.6 8.8.8.8 3

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-10-18 06:40:49.019 192.168.1.6 [VT] 49185 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:40:53.340 192.168.1.6 [VT] 49192 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:41:02.341 192.168.1.6 [VT] 49196 96.6.97.60 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-10-18 06:41:04.952 192.168.1.6 [VT] 49198 96.6.97.60 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3

Suricata TLS

Timestamp Source IP Source Port Destination IP Destination Port Subject Issuer Fingerprint Version
2020-10-18 06:40:44.785 192.168.1.6 [VT] 49181 40.81.47.231 [VT] 443 CN=g.msn.com ff:27:b1:2a:2d:fd:c6:ad:80:fe:57:c9:11:a1:d4:31:13:86:1d:5f TLS 1.2
2020-10-18 06:40:49.585 192.168.1.6 [VT] 49185 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:40:53.416 192.168.1.6 [VT] 49192 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-10-18 06:41:00.360 192.168.1.6 [VT] 49195 96.6.97.60 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=*.sfx.ms 78:96:8d:01:cb:1f:96:98:b9:a2:8d:b4:f2:de:b2:3f:85:db:da:15 TLS 1.2
2020-10-18 06:41:02.662 192.168.1.6 [VT] 49196 96.6.97.60 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=*.sfx.ms 78:96:8d:01:cb:1f:96:98:b9:a2:8d:b4:f2:de:b2:3f:85:db:da:15 TLSv1
2020-10-18 06:41:04.955 192.168.1.6 [VT] 49198 96.6.97.60 [VT] 443 TLSv1
2020-10-18 06:43:03.845 192.168.1.6 [VT] 49209 52.114.159.112 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.events.data.microsoft.com 1e:c4:c7:d6:8d:8d:a2:4a:82:99:22:21:5c:35:03:96:bd:05:43:b6 TLS 1.2

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
2020-10-18 06:40:52.743 192.168.1.6 [VT] 49190 8.249.163.254 [VT] 80 200 ctldl.windowsupdate.com [VT] /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c05362e6e894290d application/vnd.ms-cab-compressed Microsoft-CryptoAPI/6.1 None 4776
2020-10-18 06:40:57.401 192.168.1.6 [VT] 49194 72.21.91.29 [VT] 80 200 ocsp.digicert.com [VT] /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D application/ocsp-response Microsoft-CryptoAPI/6.1 None 471
2020-10-18 06:43:08.877 192.168.1.6 [VT] 49210 104.18.10.39 [VT] 80 403 cacerts.digicert.com [VT] /DigiCertGlobalRootG2.crt text/html Microsoft-CryptoAPI/6.1 None 2894
2020-10-18 06:43:14.405 192.168.1.6 [VT] 49211 8.249.163.254 [VT] 80 200 ctldl.windowsupdate.com [VT] /msdownload/update/v3/static/trustedr/en/authrootstl.cab?52962785364408f6 application/vnd.ms-cab-compressed Microsoft-CryptoAPI/6.1 None 58918
2020-10-18 06:43:18.178 192.168.1.6 [VT] 49211 8.249.163.254 [VT] 80 200 ctldl.windowsupdate.com [VT] /msdownload/update/v3/static/trustedr/en/DF3C24F9BFD666761B268073FE06D1CC8D4F82A4.crt?4ccd7e0da03be9da application/x-x509-ca-cert Microsoft-CryptoAPI/6.1 None 914
2020-10-18 06:43:21.629 192.168.1.6 [VT] 49212 72.21.91.29 [VT] 80 200 ocsp.digicert.com [VT] /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D application/ocsp-response Microsoft-CryptoAPI/6.1 None 471
Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.1.6 49185 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.6 49192 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.6 49181 40.81.47.231 443 d124ae14809abde3528a479fe01a12bd unknown
192.168.1.6 49209 52.114.159.112 443 d124ae14809abde3528a479fe01a12bd unknown
192.168.1.6 49195 96.6.97.60 443 d124ae14809abde3528a479fe01a12bd unknown
192.168.1.6 49196 96.6.97.60 443 bafc6b01eae6f4350f5db6805ace208e unknown
192.168.1.6 49198 96.6.97.60 443 bafc6b01eae6f4350f5db6805ace208e unknown
Sorry! No dropped files.
Sorry! No CAPE files.
Process Name schtasks.exe
PID 3444
Dump Size 177152 bytes
Module Path C:\Windows\SysWOW64\schtasks.exe
Type PE image: 32-bit executable
PE timestamp 2010-11-20 09:20:03
MD5 3e2d69760dc39084e3fefdeb71dc3a45
SHA1 f3c51ab1955cc4cfbcaaff0f7c7df7850ad153e1
SHA256 c1b5fa19ecafb210ec5a8f3710307a7323e182612a2fa506baf9af548dc4a7af
CRC32 FEBA59C7
Ssdeep 3072:RhCEcxqRAUf+BKd+gRXphxywntrLWT9d5DoKdqxRHMkxGBGAkCx:RhRcxqRGmb8gNLy9AUqP+GAX
Dump Filename c1b5fa19ecafb210ec5a8f3710307a7323e182612a2fa506baf9af548dc4a7af
Download Download Zip Submit file

BinGraph Download graph

2020-10-18T07:02:09.637004 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/
Process Name svchost.exe
PID 844
Dump Size 26624 bytes
Module Path C:\Windows\sysnative\svchost.exe
Type PE image: 64-bit executable
PE timestamp 2009-07-13 23:31:13
MD5 6b54e3dd59fde6f96cead0c119159ff1
SHA1 4071fe655deddc57af85f91c56383d234a7ed98d
SHA256 6f4bc6782b9be714f9dc8fb33e94397dabeff343141f43f5c004ea9fc3a6fba7
CRC32 B968F87B
Ssdeep 384:ivvWkXZVq+1t5TYGaVeAYMq1n+Rfk4ue//wCENlWcSsEsj45RCOvoj8PKW9C5bW:6WkX7q+f5TYvVeZMmn+0C4xbEbvK8PK
Dump Filename 6f4bc6782b9be714f9dc8fb33e94397dabeff343141f43f5c004ea9fc3a6fba7
Download Download Zip Submit file

BinGraph Download graph

2020-10-18T07:02:11.168177 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/
Defense Evasion Execution Persistence Privilege Escalation
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1045 - Software Packing
    • Signature - packer_entropy
  • T1106 - Execution through API
    • Signature - process_creation_suspicious_location
  • T1053 - Scheduled Task
    • Signature - uses_windows_utilities_to_create_scheduled_task
  • T1053 - Scheduled Task
    • Signature - uses_windows_utilities_to_create_scheduled_task
  • T1053 - Scheduled Task
    • Signature - uses_windows_utilities_to_create_scheduled_task

    Processing ( 17.006999999999998 seconds )

    • 5.26 NetworkAnalysis
    • 5.249 Suricata
    • 2.909 CAPE
    • 2.037 BehaviorAnalysis
    • 0.58 Static
    • 0.462 VirusTotal
    • 0.158 static_dotnet
    • 0.092 AnalysisInfo
    • 0.066 Dropped
    • 0.055 TargetInfo
    • 0.053 Deduplicate
    • 0.034 ProcDump
    • 0.022 Strings
    • 0.015 Debug
    • 0.009 Curtain
    • 0.006 peid

    Signatures ( 1.1069999999999982 seconds )

    • 0.107 antiav_detectreg
    • 0.056 decoy_document
    • 0.055 antivm_generic_disk
    • 0.054 api_spamming
    • 0.048 stealth_timeout
    • 0.042 infostealer_ftp
    • 0.041 mimics_filetime
    • 0.039 NewtWire Behavior
    • 0.037 virus
    • 0.037 territorial_disputes_sigs
    • 0.036 guloader_apis
    • 0.036 reads_self
    • 0.03 stealth_file
    • 0.029 bootkit
    • 0.027 hancitor_behavior
    • 0.025 infostealer_im
    • 0.025 masquerade_process_name
    • 0.022 antianalysis_detectreg
    • 0.021 antiav_detectfile
    • 0.015 ransomware_files
    • 0.014 masslogger_artifacts
    • 0.013 PlugX
    • 0.013 antidbg_windows
    • 0.013 infostealer_bitcoin
    • 0.012 antivm_vbox_keys
    • 0.011 antianalysis_detectfile
    • 0.011 ransomware_extensions
    • 0.01 masslogger_version
    • 0.01 accesses_recyclebin
    • 0.01 infostealer_mail
    • 0.008 sets_autoconfig_url
    • 0.008 antivm_vbox_files
    • 0.008 antivm_vmware_keys
    • 0.007 Doppelganging
    • 0.007 stealth_network
    • 0.006 antivm_parallels_keys
    • 0.005 persistence_autorun
    • 0.005 antivm_xen_keys
    • 0.005 geodo_banking_trojan
    • 0.005 predatorthethief_files
    • 0.005 qulab_files
    • 0.004 InjectionCreateRemoteThread
    • 0.004 antiemu_wine_func
    • 0.004 dynamic_function_loading
    • 0.004 exec_crash
    • 0.004 injection_createremotethread
    • 0.004 Locky_behavior
    • 0.004 antivm_generic_diskreg
    • 0.004 antivm_vpc_keys
    • 0.003 InjectionProcessHollowing
    • 0.003 antidebug_guardpages
    • 0.003 betabot_behavior
    • 0.003 dyre_behavior
    • 0.003 infostealer_browser_password
    • 0.003 injection_runpe
    • 0.003 kibex_behavior
    • 0.003 malicious_dynamic_function_loading
    • 0.003 antidbg_devices
    • 0.003 antivm_vmware_files
    • 0.002 InjectionInterProcess
    • 0.002 Unpacker
    • 0.002 antiav_360_libs
    • 0.002 antivm_generic_scsi
    • 0.002 antivm_vbox_libs
    • 0.002 encrypted_ioc
    • 0.002 exploit_heapspray
    • 0.002 hawkeye_behavior
    • 0.002 infostealer_browser
    • 0.002 kovter_behavior
    • 0.002 network_tor
    • 0.002 ransomware_message
    • 0.002 shifu_behavior
    • 0.002 antivm_hyperv_keys
    • 0.002 browser_security
    • 0.002 bypass_firewall
    • 0.002 disables_backups
    • 0.002 disables_browser_warn
    • 0.002 network_torgateway
    • 0.001 InjectionSetWindowLong
    • 0.001 antiav_ahnlab_libs
    • 0.001 antisandbox_sunbelt_libs
    • 0.001 antivm_generic_services
    • 0.001 exploit_getbasekerneladdress
    • 0.001 exploit_gethaldispatchtable
    • 0.001 Raccoon Behavior
    • 0.001 Vidar Behavior
    • 0.001 kazybot_behavior
    • 0.001 office_com_load
    • 0.001 rat_nanocore
    • 0.001 OrcusRAT Behavior
    • 0.001 securityxploded_modules
    • 0.001 stack_pivot
    • 0.001 tinba_behavior
    • 0.001 vawtrak_behavior
    • 0.001 antivm_xen_keys
    • 0.001 antivm_vbox_devices
    • 0.001 ketrican_regkeys
    • 0.001 modify_proxy
    • 0.001 codelux_behavior
    • 0.001 file_credential_store_access
    • 0.001 darkcomet_regkeys
    • 0.001 azorult_mutexes
    • 0.001 network_cnc_http
    • 0.001 network_dns_opennic
    • 0.001 medusalocker_regkeys
    • 0.001 revil_mutexes
    • 0.001 limerat_regkeys
    • 0.001 modirat_behavior
    • 0.001 obliquerat_files
    • 0.001 rat_pcclient
    • 0.001 warzonerat_regkeys
    • 0.001 recon_fingerprint
    • 0.001 remcos_regkeys
    • 0.001 sniffer_winpcap
    • 0.001 tampers_etw
    • 0.001 targeted_flame
    • 0.001 ursnif_behavior

    Reporting ( 14.278000000000002 seconds )

    • 10.858 BinGraph
    • 3.149 PCAP2CERT
    • 0.271 MITRE_TTPS