Detect Confuser 1.9 r75725 methods encrypter

de4dot.code/deobfuscators/Confuser/MemoryMethodsDecrypter.cs

@@ -41,6 +41,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			// Removed in Confuser 1.7 r73404 and restored in Confuser 1.7 r73605
 			v17_r73605,
 			v18_r75288,
+			v19_r75725,
 		}
 
 		public MemoryMethodsDecrypter(ModuleDefinition module, ISimpleDeobfuscator simpleDeobfuscator)
@@ -91,8 +92,10 @@ namespace de4dot.code.deobfuscators.Confuser {
 			}
 			else if (DotNetUtils.callsMethod(decryptMethod, "System.Security.Cryptography.Rijndael System.Security.Cryptography.Rijndael::Create()"))
 				version = ConfuserVersion.v17_r73605;
-			else
+			else if (DotNetUtils.hasString(initMethod, "<Unknown>"))
 				version = ConfuserVersion.v18_r75288;
+			else
+				version = ConfuserVersion.v19_r75725;
 
 			return true;
 		}
@@ -136,6 +139,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 
 			case ConfuserVersion.v17_r73605:
 			case ConfuserVersion.v18_r75288:
+			case ConfuserVersion.v19_r75725:
 				return initializeKeys_v17_r73605();
 
 			default:
@@ -290,6 +294,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			case ConfuserVersion.v17_r72989: return decrypt_v16_r71742(peImage, fileData);
 			case ConfuserVersion.v17_r73605: return decrypt_v17_r73605(peImage, fileData);
 			case ConfuserVersion.v18_r75288: return decrypt_v17_r73605(peImage, fileData);
+			case ConfuserVersion.v19_r75725: return decrypt_v17_r73605(peImage, fileData);
 			default: throw new ApplicationException("Unknown version");
 			}
 		}
@@ -449,6 +454,11 @@ namespace de4dot.code.deobfuscators.Confuser {
 
 			case ConfuserVersion.v18_r75288:
 				minRev = 75288;
+				maxRev = 75720;
+				return true;
+
+			case ConfuserVersion.v19_r75725:
+				minRev = 75725;
 				maxRev = int.MaxValue;
 				return true;