2433943c4923202b365878098a999589
PE Executable | MD5: 2433943c4923202b365878098a999589 | Size: 49.16 KB | application/x-dosexec
Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 2433943c4923202b365878098a999589
|
| Sha1 | eb3640f250ee558d6e59941c3ff6aa9397138b87
|
| Sha256 | c3ea61cdb82de35eed9c7fcf698ec79cfbc4e98459a8ad10ecf472e14e7daa62
|
| Sha384 | f0f2bb7ead1f6fbe0b39eea285028b022882e194a44cec61472e55f04ea67eabc51870e9222a3389b44c4d7c8c6233e1
|
| Sha512 | b1c9b8f57709da44c799d2bcbfa4529d673fc213d4ccdb6b338f8fcf7d6024a516b3edfb3a6e35ada5f010fd26d2886457cb2ca568cdc82193bddfe97edd30ad
|
| SSDeep | 384:1zxiHABz9q3FxmHu+JjOdb4bQUFRCOHu419awgncpMQiW4zmkZXOfq1aK2rkLp97:VCIFqb4cUTCOOuKXbOfq1ck+iP
|
| TLSH | 95235B18AB6CC65FE1EF0E7D64631A21127293911303DBCA4ECC64FEADAB78406257D7
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_5ceb1398.exe |
| Module Name | svchost.exe |
| Full Name | svchost.exe |
| EntryPoint | System.Int32 ModuleNameSpace.MainApp::Main(System.String[]) |
| Scope Name | svchost.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | svchost |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 79 |
| Main Method | System.Int32 ModuleNameSpace.MainApp::Main(System.String[]) |
| Main IL Instruction Count | 452 |
| Main IL | ldnull <null> stloc.s V_22 ldnull <null> stloc.s V_23 ldnull <null> stloc.s V_24 newobj System.Void ModuleNameSpace.MainApp/<>c__DisplayClass6::.ctor() stloc.s V_25 call System.Void System.Windows.Forms.Application::EnableVisualStyles() newobj System.Void ModuleNameSpace.MainApp::.ctor() stloc.0 <null> ldc.i4.0 <null> stloc.1 <null> ldsfld System.String System.String::Empty stloc.2 <null> ldloc.s V_25 newobj System.Void ModuleNameSpace.MainModuleUI::.ctor() stfld ModuleNameSpace.MainModuleUI ModuleNameSpace.MainApp/<>c__DisplayClass6::ui ldloc.0 <null> ldloc.s V_25 ldfld ModuleNameSpace.MainModuleUI ModuleNameSpace.MainApp/<>c__DisplayClass6::ui newobj System.Void ModuleNameSpace.MainModule::.ctor(ModuleNameSpace.MainAppInterface,ModuleNameSpace.MainModuleUI) stloc.3 <null> ldloc.s V_25 ldc.i4.0 <null> newobj System.Void System.Threading.ManualResetEvent::.ctor(System.Boolean) stfld System.Threading.ManualResetEvent ModuleNameSpace.MainApp/<>c__DisplayClass6::mre call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ModuleNameSpace.MainApp::CurrentDomain_UnhandledException(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) ldloc.3 <null> call System.Management.Automation.Runspaces.Runspace System.Management.Automation.Runspaces.RunspaceFactory::CreateRunspace(System.Management.Automation.Host.PSHost) stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> callvirt System.Void System.Management.Automation.Runspaces.Runspace::set_ApartmentState(System.Threading.ApartmentState) ldloc.s V_4 callvirt System.Void System.Management.Automation.Runspaces.Runspace::Open() call System.Management.Automation.PowerShell System.Management.Automation.PowerShell::Create() stloc.s V_5 ldloc.s V_5 ldloc.s V_4 callvirt System.Void System.Management.Automation.PowerShell::set_Runspace(System.Management.Automation.Runspaces.Runspace) ldloc.s V_5 callvirt System.Management.Automation.PSDataStreams System.Management.Automation.PowerShell::get_Streams() callvirt System.Management.Automation.PSDataCollection`1<System.Management.Automation.ErrorRecord> System.Management.Automation.PSDataStreams::get_Error() ldloc.s V_22 brtrue.s IL_00A6: ldloc.s V_22 ldloc.s V_25 ldftn System.Void ModuleNameSpace.MainApp/<>c__DisplayClass6::<Main>b__0(System.Object,System.Management.Automation.DataAddedEventArgs) newobj System.Void System.EventHandler`1<System.Management.Automation.DataAddedEventArgs>::.ctor(System.Object,System.IntPtr) stloc.s V_22 ldloc.s V_22 callvirt System.Void System.Management.Automation.PSDataCollection`1<System.Management.Automation.ErrorRecord>::add_DataAdded(System.EventHandler`1<System.Management.Automation.DataAddedEventArgs>) newobj System.Void System.Management.Automation.PSDataCollection`1<System.String>::.ctor() stloc.s V_6 call System.Boolean ModuleNameSpace.Console_Info::IsInputRedirected() brfalse.s IL_00D7: ldloc.s V_6 ldstr stloc.s V_7 br.s IL_00CD: call System.String System.Console::ReadLine() ldloc.s V_6 ldloc.s V_7 callvirt System.Void System.Management.Automation.PSDataCollection`1<System.String>::Add(System.String) call System.String System.Console::ReadLine() dup <null> stloc.s V_7 brtrue.s IL_00C4: ldloc.s V_6 ldloc.s V_6 callvirt System.Void System.Management.Automation.PSDataCollection`1<System.String>::Complete() newobj System.Void System.Management.Automation.PSDataCollection`1<System.Management.Automation.PSObject>::.ctor() stloc.s V_8 ldloc.s V_8 ldloc.s V_23 brtrue.s IL_00FA: ldloc.s V_23 ldloc.s V_25 ldftn System.Void ModuleNameSpace.MainApp/<>c__DisplayClass6::<Main>b__1(System.Object,System.Management.Automation.DataAddedEventArgs) newobj System.Void System.EventHandler`1<System.Management.Automation.DataAddedEventArgs>::.ctor(System.Object,System.IntPtr) stloc.s V_23 ldloc.s V_23 callvirt System.Void System.Management.Automation.PSDataCollection`1<System.Management.Automation.PSObject>::add_DataAdded(System.EventHandler`1<System.Management.Automation.DataAddedEventArgs>) ldc.i4.0 <null> stloc.s V_9 ldc.i4.0 <null> stloc.s V_10 ldarg.0 <null> stloc.s V_27 ldc.i4.0 <null> stloc.s V_28 br IL_01D9: ldloc.s V_28 ldloc.s V_27 ldloc.s V_28 ldelem.ref <null> stloc.s V_11 ldloc.s V_11 ldstr -wait ldc.i4.1 <null> call System.Int32 System.String::Compare(System.String,System.String,System.Boolean) brtrue.s IL_012F: ldloc.s V_11 ldc.i4.1 <null> stloc.1 <null> br IL_01CD: ldloc.s V_10 ldloc.s V_11 ldstr -extract ldc.i4.3 <null> callvirt System.Boolean System.String::StartsWith(System.String,System.StringComparison) brfalse.s IL_019F: ldloc.s V_11 ldloc.s V_11 ldc.i4.1 <null> newarr System.String stloc.s V_29 ldloc.s V_29 ldc.i4.0 <null> ldstr : stelem.ref <null> ldloc.s V_29 ldc.i4.2 <null> ldc.i4.1 <null> callvirt System.String[] System.String::Split(System.String[],System.Int32,System.StringSplitOptions) stloc.s V_12 ldloc.s V_12 ldlen <null> conv.i4 <null> ldc.i4.2 <null> beq.s IL_0183: ldloc.s V_12 ldstr If you specify the -extract option you need to add a file for extraction in this way -extract:"<filename>" call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_FriendlyName() ldc.i4.0 <null> ldc.i4.s 16 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) pop <null> ldc.i4.1 <null> stloc.s V_26 leave IL_04FB: ldloc.s V_26 ldloc.s V_12 ldc.i4.1 <null> ldelem.ref <null> ldc.i4.1 <null> newarr System.Char stloc.s V_30 ldloc.s V_30 ldc.i4.0 <null> ldc.i4.s 34 stelem.i2 <null> ldloc.s V_30 callvirt System.String System.String::Trim(System.Char[]) stloc.2 <null> br.s IL_01CD: ldloc.s V_10 ldloc.s V_11 ldstr -end ldc.i4.1 <null> call System.Int32 System.String::Compare(System.String,System.String,System.Boolean) brtrue.s IL_01B6: ldloc.s V_11 ldloc.s V_10 ldc.i4.1 <null> add <null> stloc.s V_9 br.s IL_01E4: call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldloc.s V_11 ldstr -debug ldc.i4.1 <null> call System.Int32 System.String::Compare(System.String,System.String,System.Boolean) brtrue.s IL_01CD: ldloc.s V_10 call System.Boolean System.Diagnostics.Debugger::Launch() pop <null> br.s IL_01E4: call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldloc.s V_10 ldc.i4.1 <null> add <null> stloc.s V_10 ldloc.s V_28 ldc.i4.1 <null> add <null> stloc.s V_28 ldloc.s V_28 ldloc.s V_27 ldlen <null> conv.i4 <null> blt IL_0112: ldloc.s V_27 call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() stloc.s V_13 ldloc.s V_13 ldstr epta.ps1 callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.s V_14 ldloc.s V_14 call System.Text.Encoding System.Text.Encoding::get_UTF8() newobj System.Void System.IO.StreamReader::.ctor(System.IO.Stream,System.Text.Encoding) stloc.s V_15 ldloc.s V_15 callvirt System.String System.IO.TextReader::ReadToEnd() stloc.s V_16 ldloc.2 <null> call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_0228: ldloc.s V_5 ldloc.2 <null> ldloc.s V_16 call System.Void System.IO.File::WriteAllText(System.String,System.String) ldc.i4.0 <null> stloc.s V_26 leave IL_04FB: ldloc.s V_26 ldloc.s V_5 ldloc.s V_16 callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddScript(System.String) pop <null> leave.s IL_0240: leave.s IL_024E ldloc.s V_15 brfalse.s IL_023F: endfinally ldloc.s V_15 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_024E: ldnull ldloc.s V_14 brfalse.s IL_024D: endfinally ldloc.s V_14 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldnull <null> stloc.s V_17 ldstr ^-([^: ]+)[ :]?([^:]*)$ newobj System.Void System.Text.RegularExpressions.Regex::.ctor(System.String) stloc.s V_18 ldloc.s V_9 stloc.s V_19 br IL_0414: ldloc.s V_19 ldloc.s V_18 ldarg.0 <null> ldloc.s V_19 ldelem.ref <null> callvirt System.Text.RegularExpressions.Match System.Text.RegularExpressions.Regex::Match(System.String) stloc.s V_20 ldloc.s V_20 callvirt System.Boolean System.Text.RegularExpressions.Group::get_Success() brfalse IL_03EB: ldloc.s V_17 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() callvirt System.Int32 System.Text.RegularExpressions.GroupCollection::get_Count() ldc.i4.3 <null> bne.un IL_03EB: ldloc.s V_17 ldarg.0 <null> ldloc.s V_19 ldelem.ref <null> ldloca.s V_21 call System.Boolean System.Double::TryParse(System.String,System.Double&) brtrue IL_03EB: ldloc.s V_17 ldloc.s V_17 brfalse.s IL_02AF: ldloc.s V_20 ldloc.s V_5 ldloc.s V_17 callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String) pop <null> ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() callvirt System.String System.String::Trim() ldstr call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_02EB: ldloc.s V_20 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.1 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() stloc.s V_17 br IL_040E: ldloc.s V_19 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_032C: ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() callvirt System.String System.String::ToUpper() ldstr $TRUE call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0354: ldloc.s V_20 ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.1 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldc.i4.1 <null> box System.Boolean callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String,System.Object) pop <null> ldnull <null> stloc.s V_17 br IL_040E: ldloc.s V_19 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldstr False call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0395: ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() callvirt System.String System.String::ToUpper() ldstr $FALSE call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_03BA: ldloc.s V_5 ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.1 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldc.i4.0 <null> box System.Boolean callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String,System.Object) pop <null> ldnull <null> stloc.s V_17 br.s IL_040E: ldloc.s V_19 ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.1 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String,System.Object) pop <null> ldnull <null> stloc.s V_17 br.s IL_040E: ldloc.s V_19 ldloc.s V_17 brfalse.s IL_0402: ldloc.s V_5 ldloc.s V_5 ldloc.s V_17 ldarg.0 <null> ldloc.s V_19 ldelem.ref <null> callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String,System.Object) pop <null> ldnull <null> stloc.s V_17 br.s IL_040E: ldloc.s V_19 ldloc.s V_5 ldarg.0 <null> ldloc.s V_19 ldelem.ref <null> callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddArgument(System.Object) pop <null> ldloc.s V_19 ldc.i4.1 <null> add <null> stloc.s V_19 ldloc.s V_19 ldarg.0 <null> ldlen <null> conv.i4 <null> blt IL_0266: ldloc.s V_18 ldloc.s V_17 brfalse.s IL_042C: ldloc.s V_5 ldloc.s V_5 ldloc.s V_17 callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String) pop <null> ldloc.s V_5 ldstr Out-String callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddCommand(System.String) pop <null> ldloc.s V_5 ldstr Stream callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String) pop <null> ldloc.s V_5 ldloc.s V_6 ldloc.s V_8 ldnull <null> ldloc.s V_24 brtrue.s IL_0460: ldloc.s V_24 ldloc.s V_25 ldftn System.Void ModuleNameSpace.MainApp/<>c__DisplayClass6::<Main>b__2(System.IAsyncResult) newobj System.Void System.AsyncCallback::.ctor(System.Object,System.IntPtr) stloc.s V_24 ldloc.s V_24 ldnull <null> callvirt System.IAsyncResult System.Management.Automation.PowerShell::BeginInvoke<System.String,System.Management.Automation.PSObject>(System.Management.Automation.PSDataCollection`1<System.String>,System.Management.Automation.PSDataCollection`1<System.Management.Automation.PSObject>,System.Management.Automation.PSInvocationSettings,System.AsyncCallback,System.Object) pop <null> ldloc.0 <null> callvirt System.Boolean ModuleNameSpace.MainApp::get_ShouldExit() brtrue.s IL_0481: ldloc.s V_5 ldloc.s V_25 ldfld System.Threading.ManualResetEvent ModuleNameSpace.MainApp/<>c__DisplayClass6::mre ldc.i4.s 100 callvirt System.Boolean System.Threading.WaitHandle::WaitOne(System.Int32) brfalse.s IL_0469: ldloc.0 ldloc.s V_5 callvirt System.Void System.Management.Automation.PowerShell::Stop() ldloc.s V_5 callvirt System.Management.Automation.PSInvocationStateInfo System.Management.Automation.PowerShell::get_InvocationStateInfo() callvirt System.Management.Automation.PSInvocationState System.Management.Automation.PSInvocationStateInfo::get_State() ldc.i4.5 <null> bne.un.s IL_04B4: leave.s IL_04C2 ldloc.s V_25 ldfld ModuleNameSpace.MainModuleUI ModuleNameSpace.MainApp/<>c__DisplayClass6::ui ldloc.s V_5 callvirt System.Management.Automation.PSInvocationStateInfo System.Management.Automation.PowerShell::get_InvocationStateInfo() callvirt System.Exception System.Management.Automation.PSInvocationStateInfo::get_Reason() callvirt System.String System.Exception::get_Message() callvirt System.Void System.Management.Automation.Host.PSHostUserInterface::WriteErrorLine(System.String) leave.s IL_04C2: ldloc.s V_4 ldloc.s V_5 brfalse.s IL_04C1: endfinally ldloc.s V_5 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.s V_4 callvirt System.Void System.Management.Automation.Runspaces.Runspace::Close() leave.s IL_04D7: leave.s IL_04DC ldloc.s V_4 brfalse.s IL_04D6: endfinally ldloc.s V_4 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_04DC: ldloc.1 pop <null> leave.s IL_04DC: ldloc.1 ldloc.1 <null> brfalse.s IL_04F4: ldloc.0 ldstr Click OK to exit... call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_FriendlyName() call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String) pop <null> ldloc.0 <null> callvirt System.Int32 ModuleNameSpace.MainApp::get_ExitCode() ret <null> ldloc.s V_26 ret <null> |
| Module Name | svchost.exe |
| Full Name | svchost.exe |
| EntryPoint | System.Int32 ModuleNameSpace.MainApp::Main(System.String[]) |
| Scope Name | svchost.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | svchost |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 79 |
| Main Method | System.Int32 ModuleNameSpace.MainApp::Main(System.String[]) |
| Main IL Instruction Count | 452 |
| Main IL | ldnull <null> stloc.s V_22 ldnull <null> stloc.s V_23 ldnull <null> stloc.s V_24 newobj System.Void ModuleNameSpace.MainApp/<>c__DisplayClass6::.ctor() stloc.s V_25 call System.Void System.Windows.Forms.Application::EnableVisualStyles() newobj System.Void ModuleNameSpace.MainApp::.ctor() stloc.0 <null> ldc.i4.0 <null> stloc.1 <null> ldsfld System.String System.String::Empty stloc.2 <null> ldloc.s V_25 newobj System.Void ModuleNameSpace.MainModuleUI::.ctor() stfld ModuleNameSpace.MainModuleUI ModuleNameSpace.MainApp/<>c__DisplayClass6::ui ldloc.0 <null> ldloc.s V_25 ldfld ModuleNameSpace.MainModuleUI ModuleNameSpace.MainApp/<>c__DisplayClass6::ui newobj System.Void ModuleNameSpace.MainModule::.ctor(ModuleNameSpace.MainAppInterface,ModuleNameSpace.MainModuleUI) stloc.3 <null> ldloc.s V_25 ldc.i4.0 <null> newobj System.Void System.Threading.ManualResetEvent::.ctor(System.Boolean) stfld System.Threading.ManualResetEvent ModuleNameSpace.MainApp/<>c__DisplayClass6::mre call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ModuleNameSpace.MainApp::CurrentDomain_UnhandledException(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) ldloc.3 <null> call System.Management.Automation.Runspaces.Runspace System.Management.Automation.Runspaces.RunspaceFactory::CreateRunspace(System.Management.Automation.Host.PSHost) stloc.s V_4 ldloc.s V_4 ldc.i4.0 <null> callvirt System.Void System.Management.Automation.Runspaces.Runspace::set_ApartmentState(System.Threading.ApartmentState) ldloc.s V_4 callvirt System.Void System.Management.Automation.Runspaces.Runspace::Open() call System.Management.Automation.PowerShell System.Management.Automation.PowerShell::Create() stloc.s V_5 ldloc.s V_5 ldloc.s V_4 callvirt System.Void System.Management.Automation.PowerShell::set_Runspace(System.Management.Automation.Runspaces.Runspace) ldloc.s V_5 callvirt System.Management.Automation.PSDataStreams System.Management.Automation.PowerShell::get_Streams() callvirt System.Management.Automation.PSDataCollection`1<System.Management.Automation.ErrorRecord> System.Management.Automation.PSDataStreams::get_Error() ldloc.s V_22 brtrue.s IL_00A6: ldloc.s V_22 ldloc.s V_25 ldftn System.Void ModuleNameSpace.MainApp/<>c__DisplayClass6::<Main>b__0(System.Object,System.Management.Automation.DataAddedEventArgs) newobj System.Void System.EventHandler`1<System.Management.Automation.DataAddedEventArgs>::.ctor(System.Object,System.IntPtr) stloc.s V_22 ldloc.s V_22 callvirt System.Void System.Management.Automation.PSDataCollection`1<System.Management.Automation.ErrorRecord>::add_DataAdded(System.EventHandler`1<System.Management.Automation.DataAddedEventArgs>) newobj System.Void System.Management.Automation.PSDataCollection`1<System.String>::.ctor() stloc.s V_6 call System.Boolean ModuleNameSpace.Console_Info::IsInputRedirected() brfalse.s IL_00D7: ldloc.s V_6 ldstr stloc.s V_7 br.s IL_00CD: call System.String System.Console::ReadLine() ldloc.s V_6 ldloc.s V_7 callvirt System.Void System.Management.Automation.PSDataCollection`1<System.String>::Add(System.String) call System.String System.Console::ReadLine() dup <null> stloc.s V_7 brtrue.s IL_00C4: ldloc.s V_6 ldloc.s V_6 callvirt System.Void System.Management.Automation.PSDataCollection`1<System.String>::Complete() newobj System.Void System.Management.Automation.PSDataCollection`1<System.Management.Automation.PSObject>::.ctor() stloc.s V_8 ldloc.s V_8 ldloc.s V_23 brtrue.s IL_00FA: ldloc.s V_23 ldloc.s V_25 ldftn System.Void ModuleNameSpace.MainApp/<>c__DisplayClass6::<Main>b__1(System.Object,System.Management.Automation.DataAddedEventArgs) newobj System.Void System.EventHandler`1<System.Management.Automation.DataAddedEventArgs>::.ctor(System.Object,System.IntPtr) stloc.s V_23 ldloc.s V_23 callvirt System.Void System.Management.Automation.PSDataCollection`1<System.Management.Automation.PSObject>::add_DataAdded(System.EventHandler`1<System.Management.Automation.DataAddedEventArgs>) ldc.i4.0 <null> stloc.s V_9 ldc.i4.0 <null> stloc.s V_10 ldarg.0 <null> stloc.s V_27 ldc.i4.0 <null> stloc.s V_28 br IL_01D9: ldloc.s V_28 ldloc.s V_27 ldloc.s V_28 ldelem.ref <null> stloc.s V_11 ldloc.s V_11 ldstr -wait ldc.i4.1 <null> call System.Int32 System.String::Compare(System.String,System.String,System.Boolean) brtrue.s IL_012F: ldloc.s V_11 ldc.i4.1 <null> stloc.1 <null> br IL_01CD: ldloc.s V_10 ldloc.s V_11 ldstr -extract ldc.i4.3 <null> callvirt System.Boolean System.String::StartsWith(System.String,System.StringComparison) brfalse.s IL_019F: ldloc.s V_11 ldloc.s V_11 ldc.i4.1 <null> newarr System.String stloc.s V_29 ldloc.s V_29 ldc.i4.0 <null> ldstr : stelem.ref <null> ldloc.s V_29 ldc.i4.2 <null> ldc.i4.1 <null> callvirt System.String[] System.String::Split(System.String[],System.Int32,System.StringSplitOptions) stloc.s V_12 ldloc.s V_12 ldlen <null> conv.i4 <null> ldc.i4.2 <null> beq.s IL_0183: ldloc.s V_12 ldstr If you specify the -extract option you need to add a file for extraction in this way -extract:"<filename>" call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_FriendlyName() ldc.i4.0 <null> ldc.i4.s 16 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) pop <null> ldc.i4.1 <null> stloc.s V_26 leave IL_04FB: ldloc.s V_26 ldloc.s V_12 ldc.i4.1 <null> ldelem.ref <null> ldc.i4.1 <null> newarr System.Char stloc.s V_30 ldloc.s V_30 ldc.i4.0 <null> ldc.i4.s 34 stelem.i2 <null> ldloc.s V_30 callvirt System.String System.String::Trim(System.Char[]) stloc.2 <null> br.s IL_01CD: ldloc.s V_10 ldloc.s V_11 ldstr -end ldc.i4.1 <null> call System.Int32 System.String::Compare(System.String,System.String,System.Boolean) brtrue.s IL_01B6: ldloc.s V_11 ldloc.s V_10 ldc.i4.1 <null> add <null> stloc.s V_9 br.s IL_01E4: call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldloc.s V_11 ldstr -debug ldc.i4.1 <null> call System.Int32 System.String::Compare(System.String,System.String,System.Boolean) brtrue.s IL_01CD: ldloc.s V_10 call System.Boolean System.Diagnostics.Debugger::Launch() pop <null> br.s IL_01E4: call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() ldloc.s V_10 ldc.i4.1 <null> add <null> stloc.s V_10 ldloc.s V_28 ldc.i4.1 <null> add <null> stloc.s V_28 ldloc.s V_28 ldloc.s V_27 ldlen <null> conv.i4 <null> blt IL_0112: ldloc.s V_27 call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() stloc.s V_13 ldloc.s V_13 ldstr epta.ps1 callvirt System.IO.Stream System.Reflection.Assembly::GetManifestResourceStream(System.String) stloc.s V_14 ldloc.s V_14 call System.Text.Encoding System.Text.Encoding::get_UTF8() newobj System.Void System.IO.StreamReader::.ctor(System.IO.Stream,System.Text.Encoding) stloc.s V_15 ldloc.s V_15 callvirt System.String System.IO.TextReader::ReadToEnd() stloc.s V_16 ldloc.2 <null> call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_0228: ldloc.s V_5 ldloc.2 <null> ldloc.s V_16 call System.Void System.IO.File::WriteAllText(System.String,System.String) ldc.i4.0 <null> stloc.s V_26 leave IL_04FB: ldloc.s V_26 ldloc.s V_5 ldloc.s V_16 callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddScript(System.String) pop <null> leave.s IL_0240: leave.s IL_024E ldloc.s V_15 brfalse.s IL_023F: endfinally ldloc.s V_15 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_024E: ldnull ldloc.s V_14 brfalse.s IL_024D: endfinally ldloc.s V_14 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldnull <null> stloc.s V_17 ldstr ^-([^: ]+)[ :]?([^:]*)$ newobj System.Void System.Text.RegularExpressions.Regex::.ctor(System.String) stloc.s V_18 ldloc.s V_9 stloc.s V_19 br IL_0414: ldloc.s V_19 ldloc.s V_18 ldarg.0 <null> ldloc.s V_19 ldelem.ref <null> callvirt System.Text.RegularExpressions.Match System.Text.RegularExpressions.Regex::Match(System.String) stloc.s V_20 ldloc.s V_20 callvirt System.Boolean System.Text.RegularExpressions.Group::get_Success() brfalse IL_03EB: ldloc.s V_17 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() callvirt System.Int32 System.Text.RegularExpressions.GroupCollection::get_Count() ldc.i4.3 <null> bne.un IL_03EB: ldloc.s V_17 ldarg.0 <null> ldloc.s V_19 ldelem.ref <null> ldloca.s V_21 call System.Boolean System.Double::TryParse(System.String,System.Double&) brtrue IL_03EB: ldloc.s V_17 ldloc.s V_17 brfalse.s IL_02AF: ldloc.s V_20 ldloc.s V_5 ldloc.s V_17 callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String) pop <null> ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() callvirt System.String System.String::Trim() ldstr call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_02EB: ldloc.s V_20 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.1 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() stloc.s V_17 br IL_040E: ldloc.s V_19 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_032C: ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() callvirt System.String System.String::ToUpper() ldstr $TRUE call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0354: ldloc.s V_20 ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.1 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldc.i4.1 <null> box System.Boolean callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String,System.Object) pop <null> ldnull <null> stloc.s V_17 br IL_040E: ldloc.s V_19 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldstr False call System.Boolean System.String::op_Equality(System.String,System.String) brtrue.s IL_0395: ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() callvirt System.String System.String::ToUpper() ldstr $FALSE call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_03BA: ldloc.s V_5 ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.1 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldc.i4.0 <null> box System.Boolean callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String,System.Object) pop <null> ldnull <null> stloc.s V_17 br.s IL_040E: ldloc.s V_19 ldloc.s V_5 ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.1 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() ldloc.s V_20 callvirt System.Text.RegularExpressions.GroupCollection System.Text.RegularExpressions.Match::get_Groups() ldc.i4.2 <null> callvirt System.Text.RegularExpressions.Group System.Text.RegularExpressions.GroupCollection::get_Item(System.Int32) callvirt System.String System.Text.RegularExpressions.Capture::get_Value() callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String,System.Object) pop <null> ldnull <null> stloc.s V_17 br.s IL_040E: ldloc.s V_19 ldloc.s V_17 brfalse.s IL_0402: ldloc.s V_5 ldloc.s V_5 ldloc.s V_17 ldarg.0 <null> ldloc.s V_19 ldelem.ref <null> callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String,System.Object) pop <null> ldnull <null> stloc.s V_17 br.s IL_040E: ldloc.s V_19 ldloc.s V_5 ldarg.0 <null> ldloc.s V_19 ldelem.ref <null> callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddArgument(System.Object) pop <null> ldloc.s V_19 ldc.i4.1 <null> add <null> stloc.s V_19 ldloc.s V_19 ldarg.0 <null> ldlen <null> conv.i4 <null> blt IL_0266: ldloc.s V_18 ldloc.s V_17 brfalse.s IL_042C: ldloc.s V_5 ldloc.s V_5 ldloc.s V_17 callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String) pop <null> ldloc.s V_5 ldstr Out-String callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddCommand(System.String) pop <null> ldloc.s V_5 ldstr Stream callvirt System.Management.Automation.PowerShell System.Management.Automation.PowerShell::AddParameter(System.String) pop <null> ldloc.s V_5 ldloc.s V_6 ldloc.s V_8 ldnull <null> ldloc.s V_24 brtrue.s IL_0460: ldloc.s V_24 ldloc.s V_25 ldftn System.Void ModuleNameSpace.MainApp/<>c__DisplayClass6::<Main>b__2(System.IAsyncResult) newobj System.Void System.AsyncCallback::.ctor(System.Object,System.IntPtr) stloc.s V_24 ldloc.s V_24 ldnull <null> callvirt System.IAsyncResult System.Management.Automation.PowerShell::BeginInvoke<System.String,System.Management.Automation.PSObject>(System.Management.Automation.PSDataCollection`1<System.String>,System.Management.Automation.PSDataCollection`1<System.Management.Automation.PSObject>,System.Management.Automation.PSInvocationSettings,System.AsyncCallback,System.Object) pop <null> ldloc.0 <null> callvirt System.Boolean ModuleNameSpace.MainApp::get_ShouldExit() brtrue.s IL_0481: ldloc.s V_5 ldloc.s V_25 ldfld System.Threading.ManualResetEvent ModuleNameSpace.MainApp/<>c__DisplayClass6::mre ldc.i4.s 100 callvirt System.Boolean System.Threading.WaitHandle::WaitOne(System.Int32) brfalse.s IL_0469: ldloc.0 ldloc.s V_5 callvirt System.Void System.Management.Automation.PowerShell::Stop() ldloc.s V_5 callvirt System.Management.Automation.PSInvocationStateInfo System.Management.Automation.PowerShell::get_InvocationStateInfo() callvirt System.Management.Automation.PSInvocationState System.Management.Automation.PSInvocationStateInfo::get_State() ldc.i4.5 <null> bne.un.s IL_04B4: leave.s IL_04C2 ldloc.s V_25 ldfld ModuleNameSpace.MainModuleUI ModuleNameSpace.MainApp/<>c__DisplayClass6::ui ldloc.s V_5 callvirt System.Management.Automation.PSInvocationStateInfo System.Management.Automation.PowerShell::get_InvocationStateInfo() callvirt System.Exception System.Management.Automation.PSInvocationStateInfo::get_Reason() callvirt System.String System.Exception::get_Message() callvirt System.Void System.Management.Automation.Host.PSHostUserInterface::WriteErrorLine(System.String) leave.s IL_04C2: ldloc.s V_4 ldloc.s V_5 brfalse.s IL_04C1: endfinally ldloc.s V_5 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.s V_4 callvirt System.Void System.Management.Automation.Runspaces.Runspace::Close() leave.s IL_04D7: leave.s IL_04DC ldloc.s V_4 brfalse.s IL_04D6: endfinally ldloc.s V_4 callvirt System.Void System.IDisposable::Dispose() endfinally <null> leave.s IL_04DC: ldloc.1 pop <null> leave.s IL_04DC: ldloc.1 ldloc.1 <null> brfalse.s IL_04F4: ldloc.0 ldstr Click OK to exit... call System.AppDomain System.AppDomain::get_CurrentDomain() callvirt System.String System.AppDomain::get_FriendlyName() call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String) pop <null> ldloc.0 <null> callvirt System.Int32 ModuleNameSpace.MainApp::get_ExitCode() ret <null> ldloc.s V_26 ret <null> |
|
Name0 | Value |
|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
| PE Layout | MemoryMapped (process dump suspected) |
|
Name0 | Value | Location |
|---|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
2433943c4923202b365878098a999589 |
| PE Layout | MemoryMapped (process dump suspected) |
2433943c4923202b365878098a999589 > [Rebuild from dump]_5ceb1398.exe |