MalScore
100/100
MalFamily
Ispy

agent.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 8/57 Related 2617
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 398.50 KB (408064 bytes)
Compile time: 2017-01-24 16:23:03
MD5: 6c18dbf7112b9a1a41c718612d4a53c1
SHA1: 37991721e0a0d378c7035aae1b4b0bd62d2274cc
SHA256: e924834d545e981db6f058ba7ac8175972cf695c5e8cd9cd49f8f87455570c6b
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-01-24 19:06:04
Last submission: 2017-01-24 19:06:04
Filename detected: - agent.exe (1)
URL file hosting
hXXp://spymenowornever.com/1/agent.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-01-24 13:52:40 [8/57] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x40914 264704 2bb12c26436a66600df162d846efdaf7 bfe95f09ff6b1f80525de26ef9c4a8c1111bf73d
.rsrc 0x44000 0x22b08 142336 f6074b7de9100dfd0afda0f1dfc5bca5 71da1659626ae9803107e89977fa2ad8c0f0eee3
.reloc 0x68000 0xc 512 65284d4d67227f840db04d899041c8cb c21e1401eb7a714fda6185026089a6d531da1263
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x66120 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x66588 118 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x66600 796 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x6691c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017
Assembly Version: 1.0.0.0
InternalName: PhotoAcq.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName: PhotoAcq
ProductVersion: 1.0.0.0
FileDescription: PhotoAcq
Translation: 0x0000 0x04b0
OriginalFilename: PhotoAcq.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
KERNEL32.dll
credui.dll
ntdll.dll
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
2017
Profiler detected
VarFileInfo
Loop broken
Comments
InternalName
1.0.0.0
<Unknown>
User
StringFileInfo
COR_PROFILER
e92195801
e92195802
e92195803
e92195804
e92195805
e92195806
e92195807
Assembly Version
Debugger detected (Managed)
FileVersion
Copyright
VS_VERSION_INFO
#Kn
PhotoAcq.Properties.Resources
e92195800
Form1
ProductVersion
FileDescription
Translation
OriginalFilename
LegalCopyright
CompanyName
PhotoAcq.exe
LegalTrademarks
000004b0
eb0388d4
ProductName
CNX[
COR_ENABLE_PROFILING
PhotoAcq
MW#R%
GNkk
}#Ya
oY"*3$
R9}Ot
cu3\
"Z _{
BV!d
Q(6e`
^__b
c0 h~!
60<@
N^8/
3?|N
PNG
RuntimeHelpers
%gis
UDC
% -&
eU%W
=u?y@})
^OJ @Z
yf.g
=weR
h,6H<
Thn*S.
fY1*
`6jw(
A-5XL6:
bms1
Nt^>
=}e@P
Lj#S
?UQu
Sds$
h?(c
+f`D
aCIh
598B
{`P6
R-m>=Tm
C2aj
U^J`
pK&p
,W`<L
`ZOe8
$*=y
>`F-
k~N@
OK1^
= 21 #
g (R
d#.w
t[')
$4SGj "8(v)
#_>n
Qxv@
-bT6
62,F
X^O%
wAq[
}B@5
8Y2h3
L<>'E
Hx-1
h*L>b
5rq>
z_=U
P\"j
UA_a i
RQ 2
ypi
o)im
g%w
d'Ru
J& F
[p"k
!?:+K
51
Wk ,B
lN_5
n V
Duwibebebakasedaholy
z&q~
B ~ni
gh'NAaP
D{kb
oW]t
']}A
4v2W
wOg ^
B,[:
UAxiZ
?[a.
o7B |
<o[L
viJ] r=, 2
bJl
Marshal
o{26
Ajdz
Q!k^
uEShHIn3woHlnTvPf4
=rQ6
M4X &
R PP
TF]m
O)}e
rr=B
G~ Q
RY:^
b"zL
Tv.W
(b4i
c"/+
klJ$
+4;`
HeWp;
*!?
VKw8r
Dznt
[A [
Q_Yk}J
*2g8
'PyY
,G2U
ogFi"D
45\%W
@7 z
0~i
O51{\
AhB"
gWJ0
uQku
"c~d
?>2A
~N8]
g WD\
t*Vw<
y^2z
O+_k[
)0B'
R#R:M
q?9E
x[aM
E o7
)!j_s2
M6%J
jFbWO
qV+:
[{:w'
=7:>
K=yt
872-
YJBt
vgerBb
$>x>
xQe=;
EnableVisualStyles
&R.L
`@A@&07
1"DfA
4Oxi
IP$9
j2~:jU
0?!)
Rd0o
ego#
AssemblyCompanyAttribute
o_h/gj
]~JAv
' tY
6l> [
I H5
H79u<
#?Xt%
#N@T
k3Z
5X\|"
nIZn
[-n_
zE%4
E\vR%
@FE_
XJIqN
{hpi
Pk>h
:g#7
OpXVB;+
_U iRD
Y[l9
5z,3)ZcL
V=Fq*
{[i]|
Q}b(
<l`
-7-
97m[
bwni
l`;z
!-h7
o2<9k
1 CW
Lgp+
3{J!
aD 1
NtSetInformationProcess
3q/S
mK{ u
E<=e
lbyhAsSWPnSKeYeFWf
1~ p
v2.0.50727
#bq-
?&}Z
T2%\J
E9K
"ev<)
z`.8z
e!+b
]|^~
VO8u
PADPADP
@x1%`
bh2|
8e#z
|oOj
~}.xp
Q4p\
H>1YL
*`.'rs
NtQueryInformationProcess
kPi$
i37yX
V#%mr)
6Q:w_"G
c{`hDEO
A c0
g0jEt
War
-NDJ9'?d=/D
imuz
) ZY8 ;M
lU
AssemblyTrademarkAttribute
!\5'#
c+Jm:
zt&IG|
?z,
<*VE;
OI_xn
vCq@
1G@D
zp5?
Ac :
0NB}\X;w?
YaGyWZ
(q!C
9zB7/
4?_&_:
IPX@
Pbc(H
SettingsBase
` C[
ct 1~
5u:E
(o%4
rbtm
aSg
=cCm
\t0Q3
$nvm
Q]<%12
_:_ o*
Dize
#Blob
Control
7[ f(
Start
y&9K
H"2'7
M'4t
v.G?
m bHZ
F 6s
mq H\}
.i9
mJPAR
e wgBoi8
p]*]
i0NO
r8O]
9I G
^+$M
Qw!
e%OnyG
{a;6
Duwibebebakaseda
?DA}8.
^7%E&=
wQ[1
O-)$
k!l<
rE[}
*I?5s#
=[3E
y+C11
e;-8N
Q i
*J+
~ "EO
c6&i5
Z&q# _
v%V0
Um?_
".Yg
It ph
=~&MJ
w[-
y6 XO
0r^A
L43B
c?H~7
Midaehegi
5 ,@
2017
.^B(ku
6?w
tL!Z28YD
+-7fg
<\mZ
*RB-
!l6 JWB}
Td |]N
JmTVg ,
/1Fx
3 &%/
]o|{
@ cfu
4t'i
\zFR
'[&.
KS7
PAPL6
9Gm*
'^J
+m`.
}[/
T"q
`%ke
.]#%
Ut(J

PpH}
!@o4
AP"6
AKxB
OrVIyNG
%V-+xu
gSS
g7BN
$X_#
}Nz?
OutputDebugString
d`f1
|qq
knW
l's
bnSMC
D)x'
#ijq,
c`?`
air
35ew
nt7A%
B 8\
zpDxIj
xw)cL,
E}wC
+n 8
H}Pei
|ZH%
kA$A
U}P-
AEw/l
(,",
{G7b$
:k}w_
xSCh
Jc8R
G@EdGWu
Dc/_
"Y]g
*HdR
&pQts+,
u-Ik,
.:3!
WrapNonExceptionThrows
T*e`
q'VH
2+U!
E4<:
#OQq
#8Z8Q
.text
#Fi
Zo\T
IZ#KY
{8\|
rLTT
8+ j
U7a O
H+:Y
CryptoStream
=PD+
{xf
(z#Iu
reNef
yv Z
bQNC
'LqC
_,RM
System.Configuration
p'F=
c"4X
& <7
System.Threading
pqi
xU]5|
xam;U
0O%
0Zi4h
System.Reflection
mJ[oXVp
L.u&
P?kOu
+'gmy
AllocCoTaskMem
7wH;j
0/ /
8VtZ
ETCF"
OEsJ}
l%qH
cHC%6
GlKOu
^%|9
P1zz
PLwgO
OYroo
laLk
Rxfm
?=0F
]]6q]
H ^UW
\j:_
:*'X
Resources
Uv`&Ui
IzwY
P[xM
Ka#I
<D?k$Ak
4; E
kk/Z
ZX~_
*R9xX
Rdvu
x#vs
Wv&
ApplicationSettingsBase
STx+r
>;|J=
[>a{
#Z]B
W7,+
$(n!
@J +E
waog
%P 5vm
2S07
[?(/
Okr^o
t: =
,cFi C
E3lZ
=a8Ii
A("b
rb 2B5
hGCD
)<<3 f
8: i
Y[yRK\
91`+
F1kk
rz>@
U(1s
`.rsrc
1 6Q
I )qI
1<vO
}zni
+00v*
k[S)
Z ' !
(]5 $8G
}w4:
CreateDecryptor
KT'@
z`7oa
x$q5U
X ZoO
kernel32.dll
l18ske" -
Q uE
n*[)
System.Runtime.CompilerServices
{gar4
L)b
vo};
EBSH~
\^e:}<
2kx4!
=G&I4
,6S?
P $pv
!aQr}8.
L(:$
/lx>Tv
4J`h
s{K<
a" I
CPb|
J*di
Bmdm
set_IsBackground
k<nD
l[hW
+.iu3wU
"/=U
*s_|,
8K*W
8[J
/qd|g8
_7MB
-k+)
&@D"
)[7<l
[AvfH
F#^s3@
0jWC6TQ
iCdhL
F5GxoY
n5\QpK]
FPbms
lk#mo
)iaE2
D\azg
myk
m)&~
.hV+
fbdK"
n=<{c\
=TkDM#
oYZ.ht1
i[31
qHhb
;}]?
{)@GI
=2(B2
s.6.
jU+o
[9 zP41
cPA`
.Hh!
{YGr5
1(
j1#I
5KF6
L$Q\
9$zm
BC#?
PeJu
&1kgb}r
kLq&Y
D"Cn
? .>
"" []
3X @t
y8gb
6@eN
NJq0
!Ryv
SizeF
/L?=
YC*u6
LgC&s
|Z\c
11.0.0.0
0hK C[
Gza%
0!at
5&@ tJ
]?f{
:3\x8s
>e-L
H>cF
HWrk
gwGR_
`_lN
G}(N
1KE{*
`o
AP7.
H{oW
*?AF
RaV TE
>jd>
p`<
U%PU
Dk-A
P9/n>
Write
]Jp`
kMe~`
fu| @
set_AutoScaleDimensions
b<(X
{[J
hs;:
Y;! %'
)0}M
F%s:r(
'iIr
upVJ7
ysn[Z
get_Assembly
Y\v5
Da%f
$*mM:
nbo7
@ /Z
CloseHandle
f~:44
7 h\
1E};
31 %
e4\_9=
8$h
V)e9
mqo1
Z?gK
Pn;)
e}(60vG
0sQv
@d*
-D |
System.IO
\#u=u[
H9UJ
pKhB
jv^x
4),<E
]^9q>F
KB_3
L 5!n
X5p s
[qBgjQ
TP7\
`*Ru|
`uvH
I8Ja
@p^^Po
P7[j
j]8'
KK]S:
/,P'+'
ruaO
8-1:'g
bITt
sRCHnq
x5U8qx|p
X)X?*
]:(i
e#_T
K4`qb
]?P3@
`I2cH
5Dq
Wq@Tn
A| (
2*&:
[">.'
7`-`
oSYx
Hx3
\#lc
[_M1
STAThreadAttribute
NB\-
xFWC
IHDR
YZB4
}P6X
iJWR
6"; ,
System.Globalization
L5 <
YK9
~+%%
9qxY!wv
a|e/x
r!Pr
HuKK
4 q:n
iSt
ay09FQ/+
u 9X
!DAl
C~Np
b 6~ p^OY
%ksp,
i]"u
y?^!
H,j!
. jg
Q}bbcRU
EventArgs
Application
qE}B
PSI>
Xj+]QL
-/tf
W<:W
qj0%>A
-i _
L1&~
7fRB.+
6Mu_
64-Dq
idSC
OwHx
XSW
~6C
f s-
Ct6+
V)"
1 9n
Y$Q<o7+
w=]WA
jOP0
:3!f
qeX+
G^v`
~3;-
`#H
.8D,*&
PwQ&6
m .N
YB`:
X[=Z
o&`)H
^Vqv
gQp$
ejL4
Ew)_
(BM6
D( 6
Me4'I
OW2V#
h^wi
:wgh
'T>?
BpO$B
4QoVRA
D3YX
V@^=
*ZH{s
+4.;I
hJ(J$
x@Le
u<p~$
fXQ
xMd#
D,ps
VZ)
=OW#U
>^=|
sAvs
jwh x
_V],
Environment
*n.L
^=wKkW
+rssv
t*d
9{q{{
s Jg
K>y0
27aF
$"*O,,P
+3I6
]ZRF
1B{=
mL<1
|$ M
FC'Z_
I ~
mLSy
6 H]ni<
Gnx0
C&:9`
`[&4
`5&w
_ZVt
~ L<e.
!Fd:
0. v
>-Y-
ValueType
p|g-
jWla
rr%r
g *?
Sj,<G
\c$
System
,ue8[
OK4G
RU)V
3e#U
Y1XBs
8fxj
pRx
g[YX
_Ya._
QhM2
cFM ^
;<=.
System.Diagnostics
GetEnvironmentVariable
x qU
A<;1
N[ r
set_StartPosition
uYiN
{^pB
?``R
zI})
y~V
`35W&
` d1
/Mb^
s5{^-g
B%^y5K}
I5jC9C]
3Boo
p6/oc`
sC ]
GV%9}
&FqES
0'`Z
`W\C/
Module
h-k|
-y9n*
/$VYN)e
6E,
1:LY
V3%F
]k+zR
QxmE
C(B@
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
NWW
E>g4
D,bm
xP9me3
bcV}
se22@W~O`
G.yOv
!EBm
_=VZ
i'`e
`2;]
x[^$
fcz^
eGN7"ga
0] .2
clGxi
credui.dll
r#TVD.
#a &8
2'eh
DoP 8
R0RjC
"tl)
&*Ev
'3. b
Og|9
THf7
@99Y
H/:y
x vz
#W U3V3
'/#oX
!fi.@\
\hbi#
? 9|
,!C2@
2 <)
aq~2
Up_/
{(Jv{[Q
b?._
=?+j
U9f
f }x
zvLw
D+-
'FwO
_CorExeMain
IhbTF
6>{K
4,oC5$
U1{'
-J%A
*@2{x
L8n3
) 4/
i.}m
%:e6
f~Dz
Xs4KN_
h1yjOCZPpTeNHRm5ql
/vvs
P,q
u`x-
)|^
qO}vO
C=~lt
-uD% 8n
+ S
d@d.\
N ?%
18yU
Id+|
Qw 0
<MH3}#
(?`$
Ur}J
Q*PLFk\C$v=
zD>A
_^m^
`M}-
Kh4"
2~A80
`g!W
T+_zM
bw*Z
K\4>{
b;E-
U6T=
IhOb
!Q`q-
~$^t
d.Y7
nl:a
';^(
>5YP39
fV{7
\]^f
>m0q
IjOn
cCbQ
y6s*
w\q
>}"
6FwP
N]GRKK
T<^W
W4aE
MH@:iq
%-6no
/QuI
t<5 q
ntdll.dll
l8~:
~W4g^
EaS,
Form
upx<
^m a
|-Zmt
MdcN{1z
C|2^
]{nHW~!
HX/,Q
02|s
tDgmz
r 3*
?1$y
$efff41f8-b0e7-420b-8425-1efad9e105bb
[=BV
d dA
$:Q!.x
~b}YY
b/np33
{4 9A
3*9ePq
*mB/I
set_MinimizeBox
k.Y-]T
pq~t^<
p}(U
h592hV
F_'"
ewfi
*{:O
%0-}
X6~"
zT MH
$!qfD
Y3kB,;=
:$3>
lhh0
NUH)
Z?==
W},R&q~
x "Y
|Air
QPdT
112G
!{xT
@.OO
H<>8
9BMk
;u@o
) D`
09>X
t:9ZTtO
Pms vk
Z` w=
< 3
:~\"
#\u@[
9~Lx
E+7=i
(Fb'
3>cvg
>5"l7
{ugv
MethodBase
# , H
1f<U
w1N-
#Strings
FrW
e+~'
set_Name
#XS6!
][G'
"s^l
Wg$
_)\TLX
\|w$
,y'd
GX =?
4(mL
*#T *
'+qv8
<Nza
U0eF
t /,Y
=`!6
h fN:
E4-z-
4.0.0.0
Tp~(cFxW
+Xsu
@u?4T
}d6lKp
J& O&
J oq
B+Du
^j-J
R=nS
<[`x
>6?i
r"SY-(
N0BE'
%/)/&
V4 A
=WSO+
[C#LV
@(TL
j ~
ResumeLayout
dC"L
7sl4\Z
Kg-}
x$t.
=2H2,
P42c
n)mko
'^6a)
A"4[>
mrG/
xq{q
c':R
cT(/{
H#XU
X ,
,U&V
System.CodeDom.Compiler
NhvI
GuidAttribute
&q_t
Zro!
zBLi
Hc$
' ;|
{9dL
/.fT
E}|:
;N?b
7Rz[
%UU6
{kB%
z'x{u
~JtA{D[
L? f%@
pm+\
HPxk
3 Dc
\M;w
R2,
WZQ5
!wYhJ
C!k[CGS,
Fg|b
IsLogging
:Q4z9xWr
5;*~
tLUL
+Cz@t
-W6y
8Ohb
_ j;
X s
Z g,
WDv#
\EUO
qaRs
<5Ar6]qu
rIrJ
@n%n+z&
-y:;QTM)G
[HyS
J+~19)
3`&u
O`a
ZQuJj
8nU
KUg|
0Xpr
\tRw)
Dc(4D
,;_wc
$ )E
"?)=
Gs+w*
)&pW
fDm8|(
?BSJB
FormBorderStyle
. R%{
5K~qO\O
P3&y
^.w5
C#.17
K9 q
jK:d
(?<_ ^
&+XF
*qC
'Lvl
m}wo
IqZn
~ T-g
^(a
uHO_hT/w
S6O3
Vz2X
Ol>{\
Midaehe
f`y?
CiK]
0c?*
&HP
XlL{
G=(&g
<LLq
1+VX
a<o)
HOgc
B3D"g>
zUIA
E>;
GdO>
f8QVa
K8 l
TD$\
3F71481BB30CB13793782D4499C048F31B10F136
[Yn8t
{n,",NHoB@+
4!%(!
1Py1Q<
k7U+
5i!@
W4F5
VirtualProtect
|o}. M
|^~G
I[N;
!rPN&
;;FIQ
?{0{
VQ:V
{:j<N
,aBY
dZ &8>
FCFD
bJ7=
CPJaA
op_Inequality
1t;
Z6lw2
_jv+U
rWtL0O
, jg1
OvVN
W h9o
{kN0b?
i7n(
ICryptoTransform
tsaI
2 z Vk
OyBz
r 6 T
eJH=
AssemblyTitleAttribute
[IW;
=dl5
X\-hbiX
.1S3
GowMt
<M{!
-oHC
w e_P
W~a$
21e$cVs
!c8
v\J0
ZH [:(
4UNU
PhotoAcq
`_5
q;;^
b|Z
" 4!
Kl|-
iBE.nz
C(j9|P"
_dI-0
g{Y42p_
wT7
+r ?
F JA
\n!-
5v5(
PN9E
/>?}
+{bl
) p-N0
Tryo
tDY: 9
Kd|
Ua8a
]J(m
dwkPi
=B9
P_oz
.ps
r&1?%O
!dH*:z
xG@$VG
(@?
? h
(6gA
u7GZ
PO.kW
DLBD
fmrn
!jGMf
&ax#
XGR L
JhoR
Cj C
IDATx^
t%]60S
-8\"5
xbMT
z-)^
y`oN
Data
`*Vi
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADh
gP$&
gq+u
AssemblyConfigurationAttribute
^D!+$4
* ax
Lm~8P
:fa
x1<r
/Tw$
''{v
Mg))
TSs
"lek
get_EntryPoint
*i w5
P_Z*/
@\iAK
pHYs
.ctor
o65<
O tO
OwF"
>$D$
y0^*
9W T_Fc
^zyH
H-*S
/"\[
Lcw-
6jMt
't{|
nLR\
dv5`
6u4PxoVwc
Z'-[
*P~
FormStartPosition
TG/^z[9
\E[H=$
Invoke
n Q
i.
gI *,
whuC
X&;$
RW+*
5UUie
jO:bw
<Bw!
%Ly+
Ck7H
TI2,VB
<9w
Uw!i
,eE1D
"S s,
p9G|
;g33(
js!,K[
' "
01kWn\+
*n+
wshwH
M ~*%^Z
UED&
Shh5
l~7j
Jt3fn
;E_[Xp
eCRh
aT[O
2Y%i
h2r
&<;O
6of7`
sC+Q
"0yO
u_(A
RGd&.3
?1q-
B2b6
f_o6
}XlE
Y<Fa
@.reloc
J 3s
HfaC
C=$;
a !e
&CV]86
5Pe3
&F Mt
"nN_`C
o%b4
2['.
@<_;@
5qr;g1
CjP@
?-"A
&^t`
Byte
5~)&
;l;U;B4
BF\Tp)
i^]{
CryptoStreamMode
Thls0n
.%1oP
k^A
Dispose
xHR^
c*0"
xa1<13
!C mr/
a ")
[0&_
9I`TY
'p_"
ak5'
!`4a
Qoj%
KMP/_ -
IaAEB
ntdlT M
"tK
I~b0(
8.use
8,$
2<O.
)-X0
Midaehegibydoso
#0V.
eOTf
{\^p6yE
#~XZ"
lJVqI
l E8
uzy@
p|u{
<r N
,Rh6
V2L 7DE
06lO
rc5,
EN=Yu
m3vLH
mP]Q
o-J M
JH't
mNg s;1*`
boTJS
dn b
Z]Q!
`(5r
`!eL
HJh"*<
:$?h(_K
(d-n
uKG0
~:<:9x
*>+
Z&P6
z Z9
{L '
IviA
t.r[5
+=HaRV
esfK
yg. :
d1dB
%/CP[V
<3 *AQ
zh.r6I
VgLH
T=A}-u
9cC>
%:na2yuG
I:&~#%
3u)5
>>at
<GfB
*:^N
`1,]{
E`Lt_
Lw,:
Yt&2
2X `
MCQ;
p|L{%
Kn{
A06vc
Pp"m
BZ &82
RuntimeCompatibilityAttribute
e+e<
&
&
GA"
a f)
;J|z0
a0AO
Assembly
'bw#
Bm$"
NbVB
Nzz
pD[,
g>O|
!]p}
\n>@
46fy
[`F8'
=w2*
>KiP
c{0B
9Y2T
d{}6Q&
J2VM 6+
v ~U
?UE1
Ft9>
p a
jtquj
a``
Zlz@
eAqV
AppDomain
ToO~
ih<R
OlyP
^#|]
l !>
#MWP
."$p
K HY+
'Fv u
"91L~
M/9B
)}j
|=2)]
8YZ"
j+x
.!.}
Duwibebeba
-HE_}"
Size
m+a)
K4->_
&\xd4c
JS
ZdAx
,C*
Ca6$
"]e3
5 Lb
NWXD
["QR
fY)s
l}R 5
nAX}
ktHR
E\W*1
%VSz
t3=
M/p%
_sT6EO&T
j`Q>
G= 3
$_,j
D&1u
B<'4
8_Y\
:NX$
* ]_
NryI
1PT+(j
3J(
s&BG
g~!HB-C)1)
o9=d
0:5c
IContainer
8VhE
b=h{:
"XF"
LV}za
J} :
I*4*
'w]i1
_abW
.b;^%
t+z?
w]%-b]V
7vAG
Q :KN
L5?O
Uqo;
set_ClientSize
C!PI#
),[d
S7QN
+ :c
RuntimeFieldHandle
/D[
1}9Y
s{04QY
2DB$c<
FLtNOS3DFsSRRhukD1
,VyMl
W19<
gnxSq
lm X
_y5]
W0xd
V'9d`
~uBDG
Z1M
LzBQ
qnnd.W#
5a-!
xjRY
sn3e
ZW!k'H
x4
XC"j
R^ p
=InMHK
2LIRS'2
GMZC
g>e{
|5P@
ELQhXV
YAW&
gH0
N'*X
auNsCV
Z_1G
Midaehegibydosoka
}c_0G
.S/rM
O%sI
BTh23
:q V
qduL
)3,; `_
> K
7}6%
}x0N
2ZlS4
ResourceManager
?j,W
) E%tax
;Y?t
a[p|
yVI
kpi`N\
zAhW
ZTVq
=%gb
8y?'
ContainerControl
/Bd3
,dm)
i{ n
m6&Ns
P/|4
Wo|ps
}fj2}j
q=SV
zp'
xY
Xk- $
>uh)
IE/~
zT*!
set_MaximizeBox
p=~
GQa1
\ Au
xj@f
B<q(
u4h
m%N:w
(0DkJU
B)8O|
m, e
k2HL
kwpx
3r9S
3* 0
k`\=
v&"
)4ys
bCHc
aP(>/
4qmn
}d,X
zULAj
n9+
5(\r
zvSTT
+}F3
NZtJ
_;Ih@
R96x
UHg-
{V-@]9
; dE
AssemblyCopyrightAttribute
Yf^{
9Ci^
P% Ml
)Dr:TdB
So3V
X ntinT
]`,(
g-l!
Nda.
BSvS
|%A
1&&B
3? Jgs
-3+3
G '.
%Zu&[
7':r
d&,p.J
rwmg{
K*C Z
}82"&
0~Q
2UC o-
MO%0
g u@
oM!I
! K2
#4]
k.=289[
_fNO
w[^_
\}Tr
60q-
m2lW
&zH4
_6YM
F~9+U
4! }
k )&
}[ h`
e$)
e U=l
wk`M
1'j~
xx<6
>To^s
$>(pZ
X1#>
cWN0
kVMu
HaX7
2f)m
jNzex
Sx';s
.JDcH
+z:U
[ F{
-DUC
{~h~
(Cp0
Close
k_Q{t
Oi31!
?3|Q}
W<>y
sEH7$
-Bo\H{
&a5j
M8*UC4
'W\g
d+%E
i|]
UTKL
Vx>_Y"
_T<1
6U_p
nO.gf
BZ]Q
]"IB
Type
hEne
)M\]/'`
OuX[
W E+
(mWC _
aFQa
E%x)
wj'%7H
WaaZ)
0+cs*^
ytC$
<- O
W,ASM
`x5#
lcWs
J'IDt
1rJ'
4xaz
&\KZ
wG=%y
ntdlT
H"YD
!lMX
>S}}
IbY"
x>TU
gAMA
(ua?
;/pB
! Y]
W2Wzvf
OB@
}epJs
'|y
+& 8
6WmV
+& =
+& 3
WEZ !Rw
!l"c
41f9e8fd.Resources.resources
AutoScaleMode
\Ab\
+& *
+& )
+& (
+& /
* pbbK
+& #
#.g
+& !
SuspendLayout
TP
.cctor
oIn?-
?NV@
hg{\
&E&!
G*h
S'j:
+&
+&
FS8j
$>Ka5C
+& y
%elQ
+& }
2|0i
xK*k*
nF{Y*
dYG|
+& t
'V$s
d0&j
, #,5+
+& h
+& o
+& n
H%>
+& a
+& g
+& f
+& e
+& d
+& [
+& Z
C5 oldC\
Wnj&
(\ax~
+& \
+m0>
Ih4dG
+& W
+& V
]('$
+& I
w4&b |
+& N
:JvN
+& L
+& D
'> *3
<\u
8oSQH
{2Fl
]~6O
EO.G
cn*z
wnmv
\-877
S?HE8
{W=t
Q"PgX
9s$p
_?7T
dPS\Ve
=OzW
RSj-
h~L0J
wq-+
fs{h.
K1MRG
&Z_ S<
Gele_{K
m#t
/Z0t
RuntimeTypeHandle
UGLQ
HJHD
S\56
c=kVtxg
4@ohkY
#ETu
%H#(=
7-{
7%@W
HZsU
:Se"
V{ 4"
9G 1
y.IB
Nbb?
H3Ta
*S2G
{V0b16f
l4:d
m`8|
[Qz:
6,N
a\P6s
|gL'
=+yARl
+NYs
e LG
g5#Uc
sx;(
tE\
z>zn
l4:L
-W(5K
8z uB
Object
set_ShowInTaskbar
UInt32
5, p
Gz
A437D18D978EB384B4824B90F5A8716592803F8C
xOAH
h!ADY
\phK
!G@X
>cG=
`-O
iCMN
+oBt
{9i>
`r4h
L~Gt
F` 9
N7^r
U)mg
LP 1l
S2Pg
}6X.b$e2p
!|W(
PV w
*.+
OP eJ`67
wS;p
sxGx9v-
AssemblyDescriptionAttribute
}.Dm
$[mZ
[B6n
H.sW
|yw~
#X I
5K5n
@/A.
C`QHLtm@
&43d+
9 B{J
OA@]
g[|{7
-&-7
xzf.
io~M
@-gx
x=2 he
@$Ag
j8E+*
c(Bm
>mFb(EV
7'+{?
HJF:
mr.&
kxO
5n+f[
5=/6
set_AutoScaleMode
[eeU
&BGh?
BT
#^)vk%3'
`Pmr
Q1W_*9
<OmE0
7Z;t&r
U+6t
x.YEd
m=
Z*Dm
GZk\
:?FN
K=&D
2>wp
Y?tg
U_L]
`Jcp
;nmp
7 e'+
xxf/
IQSrP
hf1{v"
t,O
yp #
0i{E
!XGR $
q&'_
`wvj
BTN?
b$B
i= z
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
$5/d
set_IV
"{Dv
o/gff
Ur*.P
oZX@
wk8'
\Rgb=
N,|g^
m&.
#L-#
&MRcl
R=@
!This program cannot be run in DOS mode. $
,v%e
;k?y
VWjK
(.>
u 2|
9Cb=
tNG{
#<hz
K}%+
E4q
e I
le17
O2A<{
#<[oK
phl@
\ fa
` wl
q Tm
-}h%0
22[:
?B2;
Y &8
'9F6
ty{5#
d^!3P
2+ p
SqNZ
(En q
u9xRQ
/m f
{93gwj
T6cW
fn2p
ofV*.
; U$E!O
6Jvj.
kRwB
]`3K0
S}|'
XR 4
n"cb
LdWz
PJ['
bh)0
x+|[
"a"M|
O&7D
D{<
0+Z4\
L Fh
{R (
ra`Y
GrffU
*1WOt
#bhL
d9*@l
cVX
.~[x
IO|_
shTE)
l9tQm6
d_}H
5dNi
:?MeDi
.ib4T
Sm#u
Ahti
L7(&O
hoCn
2JQVZ
SC"^
xG}+
TNLv
!uN
OPGU
`^D;
x&d(
'?4 a
J3 3
N#ej
Sg-v
W!k
zu L
>YN|>`7
`x85
%I6]
v$*J
%Mz:
l:nI
aH21
CE"
8;.s
R=d0
U*>;
A7~`j
\2+2[
FWYer
Zgz
f+G%
i)9 ]]
\zfX&M;ud
!q*LSj:
owH;
\-!>4t
4}R<1z=
#^JX
y.Q%k
bR:CA(
O=3`0
-i"~5h
9C+`
0@3/`n
4e}g
jCL<Sx
<w m
)W
~HJ{
~8vphfo
AJ7b2YvAZMZ1MaSH74
6cN
fCL/
G.zhxc.
4! N
7& A
.&V
BMKEYnMv1AgGrQApQP
X7"{FL
vIBJ
}Vw4
dGa)
qo |
yv6s
.G Jv`
[J
S]+i-
,pw@
PN3K
9q\j2
}'8:
q{'(
fR3W
&Q| H hp
8tJ2
2V#]
O)g4
_(?y=
t#"-
<q}plj
@N*=
!3~T
sMGH
TP+,Y
{7x'O
2fn*w
ezCt
I-vl~
H3@vH
zXWL
`[db
]t/L
+TsgR
P,\C<OI
^d6p
8 )m
/)\^7 x
gKk^
@"9r
1kvr
J%A:
x-Jz
_~>t
8$,
n/|%t_
} Y
^<!=
KsPs
}f1A
<:hQA
C3zq
52H;Dbh*
get_FullyQualifiedName
&B-}
F;7q
<y<,1
:+;:#
!}e.
/m/]B(
7 >G
Duwibe
qX-=
Vy>a
"=8C2
jZ77
ep'
X?e=tN#
~ 3[FS
?`
*w[7
\pZL7
xK#NS
q&{W
YV6S@p
t,`S
R]lyv
b(96
2OsC`l;G
}]b@
oIta!
I| ;~
9<DO;L
0`<$}
t! X
5_T$
.f#/
hDB' G(
>uI|
p>4.
sR.
HG4jr(W
<`$l6\
vglu3
;BX,a
z5`8
5P T
)Dy9
WUcI
hofW
W't
WG0Z
FLe%p
<FPh
$q/M@K
dPTl
cG!_Z*
IO}M
0hBu
6 8mC
NbI%
_kNS
IF+
W)NVn3
] \N
uZW1z8"
VcZnQ
S\L0
V)"O
wONp
Exit
QY!>
~3/0
Mr0n
?;0OS
d/$(f
|Mvvyy?}!
Y1gh
fT>jT
F|@2|
\.:Sj
ms<d
}HXK
W_XV{
MemoryStream
\m$!
9Cc\
"XGR
"FN\# H
z1f8S
>kHwEM
NX w
0*k4=7
~:|
f>S*0
\po
P5~L
]Ze]
^hqP
whq@!
f[43d
G['a
|nN,f
' HG
f9bS,
Y9y%
TfNBc|FT`
o#N&
\8^z
kd,e
[Tut
1_qM
KzHx
<env_
Ji[C
l+h@+
/=Y_
xVaT
NG %w
0 |/+
ty=^
?X;^)
44}G
B#kXWH
~82K
\8g@(
a,T8
Ex=Sun
F/'.
P_,,
#F>B
k9N2'
Y4`v
` D]F81
u@ ~+
G@a7
M2t(U
p=.*'Q
Ll<E
l\IZ
P O
PA4B
cYDm
mybv
Z!E'
IEND
U\wa
M98c
XGR
w3~ O
5uDb
MYq(T
nfb}
Confuser v1.9.0.0
&"?f
Midaehegibydosokaxizhazhaeshi
XYxQ,#
IvDT
``HF
M(A[
{UmZ
? N):hbn
` t8
DOVd,
'}&<0
3S@ZaO
{8Cee
{ r~
(,g'H
?+A}
PhotoAcq.Properties.Resources.resources
6LR?
RV6p
> O
:IF'
TzCH
. Ms
sd]E
c'?;
Fz/A
P tR
< HV?
Y'>b
^k
IG ``
E <|r
Or Hw
e+X:(
\L-26
II6m
avS-%v
[`r
5+5Q
9#Hs#
RIm?G
:ju]
+"i7
v|+n
u1Q
8Eh@b
|M?9
60c6
1.hE,i
2lw
/POA
Midaehegibydosokaxizhazhae
znk<"
@j7M
Azk'
0RU
h~!D
U0,Y
[CS
ll 6s
2t<.
ParameterizedThreadStart
1S|POD
21]Q
uJK7
6 O@
I+kG
i5kT
YsD4
&jY;IK
t fM
e _j
1xuJ~
nr06
flt]8
CompilerGeneratedAttribute
ezABn
y=^T
gL\g
6(B4$
R:9Z9Vi
!>!-
|{fH2
<g6d
=tp
0&9
th'g
Y%IX
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
,M{]
b_t@
!HsyS
G!^_
b+@Lk
,b(
; ?<
@7 _
Thread
3TP=+
?>Mo
SetCompatibleTextRenderingDefault
zWN{+Z1
I6z{e
PJeKI
00"m
SD^O
;\ RhH ON
yDEh
G0F]dr
1e/*
5h)Y
Copy
pB*l
/ `O
DSKc
*QME
AssemblyFileVersionAttribute
@2(:
W(Z$j
8{gT
Wy@/
S^QJ
,XAH(/
\=_x
8T n
Pz_$
~7bW
*:+
System.Resources
5g8T
iuPr4D
~X_
RX&h
&2,p>
+r-5
Buh9
4#nT2
$^hei
;$H#`"
%'hH $<\t8
e1>5q q0.
(__M
ju3N
k] 3
2NZgv
G=Xe
w;LP0
X ue
[x4c
F6Tg
cJ{4O
<l-##
)^{7
08v>
WNy:yY
AO]B
nrM
.Hfy
+Aq
\d5n
Midaehegibydo
DIxt)0f
@f
{5oF
tsmH
c &1
3BYs
SM4
axA6#mI
|Q)%W
Array
.>:m
b/a3M
A ar41
~ Wl
']Y 3
]Jwd
)gdwu
*"C.M
%s#-
.({\
DXu'
wm"S
Zy6
$QUN#
qJ4[
vmCm
QxN)
$LJ
% "
?`
[HPFr
i|.F
L`*7|
d!kX
& Q1
6QJr+'
$Gor
1K1/
c}/|
h2U2~
[%nVA
e34a
Djo!.
zNaH
>(7T
"]04v
M u
6[\>
om|DC>S
)7Q8
String
D8EL7
eT}RqW
W6Jz
i`.U
o1hG
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
(%,qW
fZf_
Sco[
j~{lP
set_Key
zl$$
4]ga
=k6h
d/}vu
tqOgh
I8xet @{
DebuggingModes
`"z'
#vu
InitializeArray
m:ti/p
T{_i}
UmQNj
aj#
]7af
F &D
c@;Xe
Ni~
lMBdd
GU(2
Ym\s
"GC$%Rs`
>IsH
NWP%@
8u $
:wnQ
H9Hq;
-UXpJ]h
r.)z
@TG08
h>xz
ToArray
n>Sm
k'Mpd
$VF
Fs|S
bG:vy
taV+
jw(W"
6<+;s
@uhq
FJ>
:~1XG
J#kI
LT{
S>?
b Zo#;
QHn%p
Synchronized
"~V|
Ji ~:
9qWnN
M,:
BeiDU
GW:_
lhLl
z: jnIt8
I$'!z
Oj0 LM
{hATCGA
^>NZ
[VhJ
f39Q
J]8UH
zQ@1
0M!P
+oHd%
EvE/
p+M;
cFZM
8 'F
'.c}C$.
I;3
NXDVwR
N|V^p
}Pgf
VAvc
^b'FY
J6\v
4 ?(U
Load
syMb
ul\i
\{m
?uBo
mD5V
CPhJ
g </
/]B8
System.Drawing
D,0tyJ
BB[ @8
J?>$
"q_5
XKp2
ID-mv
gbPVo@W3A
6A Q*
W2-|.
3{"
&o${f3M
IsDebuggerPresent
&"}
/ Q
vh f
XlJ*
r&
`6J>
EJHNO
L8}F4
vK<M
DebuggableAttribute
qOXL
?LY*
-OtyC
K!E][r
LQAk
xgx
O4+]
3PGn
O1w
vt^IZa
tZmx
a}GQ
n99'
V=
SY &8
r&Y
C)/b
set_FormBorderStyle
lE)^k
&W$*
Bh5[Hx
#R<c\
E=@.W
9u)G
ah/ +
1+Tl
keY
N-RA
6r9z
KsqNIh
7Z;1
;S<v
t3n] ^"
?(>(
on[XEGH
Y.pl
CV0
VT80'
R6rl?
_az'Y
m'B
k~<uzs
Sl>r3X
9io
/o?O
55Dn
M 9AM
O~S
3?&
i!R*0
fL3
B>s
dBy
\Q9`R&
wOUqK
g{XM
@uD4
o!<j
p8u.z
+Bv\
EP0Xr
%ii|I
,DdD
NtCoT
7a`s
e}60
e`rG
!JSG
xvIA
Z^-Y
+=0v
OY {
ComVisibleAttribute
@kx,
<SnQ
BTn:
xA5f
3System.Resources.Tools.StronglyTypedResourceBuilder
op_Explicit
iLh*'<Q
sg n
;Bpn
;(6a
Y&$x
=G ]t
x&#E
#bU#c
Fv|k
pKzu9
Zvk.
=GiD
NVIT
V#xi
nu\L
?Z=+
Kg:I
TC
Za[|
get_IsAlive
Fs_q
*?!ij
Ee l_
FDx.
X)UgUm+
BA%Kr>J
I1`W
or].
MXGag
@65Q
= gwD{
T5,"
s9d\
MethodInfo
*0X
( (
ou1R
*] A
o,0?MN
?UZ+Y8`
iL]7
E[peR+jJ
CultureInfo
[Q)+N$J/nx
RHrT9.E.
1.0.0.0
L&,,M
n2HV
NP$%L
_6A}
xiN
Y6F" "
HOah
2go1
H ZV
?Jp>
#46 :
_vE:\5
_>*0%
Hu [
!75J
)pE3L
,|kYcj
sd'M
h$V[
TIIB
p'hf|
h Km
`w}Z2
U@d,
Stream
5&Iay
{;Z"
{f/V
=Vrp
d8:f
elHo
>Oe1
0G /
?X=G
Duwibebe
Ot3yU/)
> G.0
ZKb
ix%B
ct}9
1`)Q
P:@Y
QEJv
)3mo
pKKs?
Midaehegiby
O!%T
Znk1
CompilationRelaxationsAttribute
3</R
v,<@
A@_[)=
GL%:
XC7Y
cP$
CWHKC
Rijndael
k9=z`
RPXQ
/xn
S4>~
gi'(
< }4;=Z &
SE}4
~FkRz?
fM(q
Zpt A`
4%d*}q
<u;h
brWs
dbLz
nC~zv
RB$a
{iF
-@(a
dTjzbb<
uD{/k
=*Y(c
]b+{%T
@(tt
sw5),^
a<_|
_Ey*E
=,6}q
get_IsAttached
FzW'
QO _
N6pY
T|tK
wTN&
8@|AO6;M
+!cu
Z? 6
am V
DZYi
-~U)%o
FailFast
(?Q7
aJ"
2k9{
}7Hvb
E,]@
M3HK
^1>!
#Fqi
YJ]xy
3.^)
X[9+Y
g|v\
{|0"
9f=j
C;Rn
5( #
RzV:j
%}t,
5t=w~
o[MHY
~!#g
Zm6o
e>'jN
i /
oD;^
QrY@
\gsx
6U _&
1rrq
sh`Ww0
d-JV9T
o2iq
lS `
c{YD
HdAT
O9 G
y|_>%M
%Y>F
7-Md
.^t@
8h(m
V_3
alO7
P ^
8n`w
vh<
)K})
/DR3
+4TK
v_6xn+
=su+t
jG7Rd
73J+
(7^g
HSoF>
I4L;
\ _Z
z$y8I
)R!&}MaD
[<swRy
\:ob
;o3u
A^vp
d_6G
XAN+
jqpG
W=CP
9^Lj
vE'*
@+r]$'
b/!t
&/4r
Ld05
j[;Z
#4,Q
38S3
%;ef
\9Oy
9 n
5"i.
/~li
8@9mDn8
se F
U,;)
Q.?yF?l
{6J~
Ws
|2_*+c
jjOF\
19Y4
&BLV
w/9P
KYd A
EH*+iSM7
`xd
c?9\
D\Vf
s_$3
RvF9]
/,.`L
Xj,G
='RXog
aoF}
Mz]9-^
"vo?
jW-`
set_Opacity
@YG\
t|hv
M12A
4" '
B NM
B\gG
87Y4
:z85
| cRJ*F
a & "
$sP
i8AX
cGh%
xk+N
" X/Q
t<.
#BL\
g"xk
2_^}}T
~$A@
Cn6L
X,Hq
{r)I
Ao'v
4dL.
sD*
IyS1
ZEPA_
O {l
z(g-*D
g{&;
B}%E
XlTru
N_6@
:h99m
@|^V|
HkA:P
uuZot
Copyright
= 2ml2K
u?Ed
2#2*
uCGk
)"y]eW
" Qs}-
;'B%
;\p>3
jFs|
Dk]W
fV}[
N2,:D9
"t48P
fA+`
:&f
-Y+#`
N{l0
Wh\A
hxHg
Lm"/
Ibg6
lE+:
ZRr>
*J?f
c*c6
MSDN
fgkv
|$!q$2
'6,x
4B~?
`=kjH
iuB%
rh}
E+q
e>r6z
=RHA
rC<.
FNO1
9C1C%
_:*xv
R}owc
Adulu
XHjO
/ee|c)
VlJ=
d=)x]@
2./5O7
Create
TB'YQ
0 ^Q
s'?Yx"g
`]Z|q
a=qC
g1v[xq
aaba
LkiB
[On/
z& {
KG,AD
b_&?X
G@P^
q g$
,r@QOnLW|
;0q%B
W*K7
'X .
yL$Zo
t[|W
Midaehegibydosokaxi
";3@
][]P??
Pu <
B7""
>j&q
Xb#k
>"\g
!J /
<>AY
E/ T4
a0[
P*`J
"5qsR
tmdYM$
SymmetricAlgorithm
isqh
]DW, /l8%
C{yF
XUMY
Y;]
BKO w[
tXL]
zw-l
@?bCD
Va%|
zTVv
rM.f
{nKo
nL $:&
E),8
2 Yu
kT| f
r+3O
<Dd-
VzeS
]h-/i
8;,)u
3jF*
.<N]
~Jv
^}f=
qc70
TwYh
u{Js
@P_N
QV3\
A)XT
4W?
nBaVf
oH4"
N td)
rXLj
ZYx.
7N)#}g
-zbgI%
Debugger
0-uy
kn9nS m
5G`}!$
umG
UctH
^O7a
Ug3xN
.K&X
EJ*.zW
(cwL
O>'=rH/
>*r@
C;F_
Y? E
VzE)
>f0d
System.Runtime.InteropServices
Z(#'
`n v
+tCC
O6n-
q4Ig
pnT #
9C~9
FIX;|N
zLFa
chgI
rr9G)_v
^ Lnn
CredPackAuthenticationBuffer
vCb+
ywfK?
Z 4 ]
`'^hl
:*k}.
YV^A
;6.R%
tgj)
.qhE
""EJI
&; s
Q?xeA6
~l>7
0c%}
b,!6
MNif
},ME
c@<^
{2dy
add_Load
8bGP
g-+M
FO|5z
_#`V)
ue!L
niApCq
)pkD#
| '?
< 1:
@]-E
$7$k
X l.dlT 2
X l.dlT 7
|ZGV
+{)8
cgM
'&(#
ijjt
LA!3d
.)y{q
Fv s
]`Ku;
J7 T
~0y8
.fRH
(+<\
Gq@Y
A+C~9b
sQW?7
fN%-
dQN-
@F2i
#s9n_#
) d;
a;iLi
N2T ,
-^a1M
~RW\P
^CY=I
Is9w
'`;YeiC
G48!
kr2}
i<!$xL
#.s<
System.Windows.Forms
0|83
YQru
GetHINSTANCE
'$+D
mo4{cw
](w
S& N'
Midaehegibydosokaxizha
Duwibebebakasedaho
.Jw>
IDisposable
DebuggerNonUserCodeAttribute
,zl"
eA~>
V9YT4.U
\ [
wmhx
-Ww|
TWO0%
B<g,
*99t
){ T
4UF+
go=`
&s({
BaSI
|(E7
V\W
79C 3I
S v6
|%W.
&^~;dMZW&fs
0Tlm
cJ,G
@3gs
8v>f
UG<w
m$=i[:
+9,Z
M. b
v{&=s
|w3s
!<qZ
mscorlib
bi&g7
AssemblyProductAttribute
*u9A;
>Oy}\$
+O-
95Es
jNZ
Rx(-
i8~eM
Zbg$
<Module>
%<_P_P
y6z=
bqkt}' lW]
9J}S
L{I7
{9B[
lZHa
{-VW
G%SP
C;f
q0>a
SJ>P
IntPtr
X[7H
~LA
TDeK
4 )R
, '/
kzkf
Y4''
xr 0
\f+C
@b")n
F+ZU$
M}RAN
5J4by
X&g>\
>XR6
>%JWI
`rV@' 9
V2d'
NdK&
Y@v
> /;
f>1x
/:hC/
4>RP$O
&;DF*"2
~%+k
B)5"
h74"
WzA
wvqM
#]P6
,R;x
SGoa
v|gh
SS&S
cy/$
X/#6
b a`t
(j))
f%nl
^,_pP=
V wN @Q
L= {
eiMb
#GUID
taER
2 S
cGMU
;v$Ota
}V G
`&w
zR]/5
}P`4
mB""
kr}y
<f Jg
1 >X
g:1\D
SVAi8
-ynHV
&VsE
w0|t/
?
h\kw
7a?:
pe.
LRjth
+7^[
V*8vu
MbA3
K2|:
q Fn
1f34
~MM
9-"BPC=
NJXT
9wa"
=M7u
%BtR;7
K,[d&x
VHL<eEqOBz
S.pd
` IeTm
nWl8
~EWf^
`>"Bo
C`$e8
C\a^^
8QWg
A<DK
\mgF
\])5
aE/y
Tn^lz9
Zane
Sb/L
cYzd
|^N-
bp,Q
X$ )o
4g&m
S|=,
EventHandler
#\CQj
(>G{J
mM,d
recHq
Q.!m
Z<T_C
6gPlF;b"eH
> S!q
Cw)g
gpt.
ajYKXM27k7VxtcLtii
XSB#
4C5Y
XA~
$ <I
g wvot
aFq+8
7I_m@
um]WU
]~ !#
D aT
get_CurrentThread
$[Jv7,
.resources
`pT "
<,)g
-U)Y
g$<m
Ltj
c:n[&{
La%
#[\]a
get_Module
FcNGg
{(F Q
[@(@
jEM !
o/9B
0K$-
*8;`
<qD.H
p$JY5
&8eV
d[n b
4HoM
i,&^
wJD+
:stj;
T:vT
GetTypeFromHandle
/Mw!^1
wn ~1
|#$#
6'F)
g-qf
H$?\|
"'
7}w7
,CGcp=
q|Bf
:?/j
Zl)6
}jaH[
E[%Pr
Z Vu,
L,kZ+
System.ComponentModel
R;X n
)~T/
p/j>
tl1DXA
o8GM
7 5.
# ?\
z{Bf|
2&%P
5}xR
wgu_
&8:
L1 D
:/L1
9w3
z +Oc
v_ 2H
' ]X6
mscoree.dll
% 5j
93&
gP:en
p.XK
0 rA
od`h:G
System.Security.Cryptography
0v-
&d])
L^[(
PV4a
R)RP
get_CurrentDomain
:nm~
gr^[
^ 1
U(.%
nb|2 S
S=d{
!_tM
Duz&C>
K,%
!tX~/
\7>T
tYrC
TV06
\"c^
':G)~Vn
[ `^
1fkp
2R`]"
?miNX
"0f
O`(U\*
qWFk
\Dn,
k>]z8
}1|:
x736
a@OO
w<|[
b$>9Z
E\M$
W@Gc
<P 1
d'<R
}Q3Q
4UYD
W1Sa
\!3?>
gy{U
5 cnEH<
4@Af;Y
KX
'Y,/
K L|
;h.=
%+q+
b)5\`
System.Drawing.Bitmap
S-M
;'lqM-/
H(BO
N{ht{J;k
0AX,
X?\E
=RU
Z>n@Cr(\
glMb
pY&
%z,=j
Sleep
`}dO}
5:8~%oC
GeneratedCodeAttribute
disposing
}1vj
afk4H
3C4#
} =[
+ W'
7w[L
__Si
cQWj
~.I
rX\>
o]~w
hqLd
'f:f(
Y*[|
-nEG
Q<^\{
/B5^
\}=?l
5\Q<
JC|TK
{xs
=3n1
]7(
jG12
0$C%
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven07_64 Seven07_64 VirtualBox 2017-02-09 16:44:54 2017-02-09 16:45:22 28

5 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven07_64 Seven07_64 VirtualBox 2017-02-09 16:44:54 2017-02-09 16:45:22 28

3 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

C:\Users\Seven01\AppData\Local\Temp\6c18dbf7112b9a1a41c718612d4a53c1.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2420.36039734
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2420.36039734
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2420.36039781

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
Global\.net clr networking
Local\MSCTF.Asm.MutexDefault1

Resolved APIs

Nothing to display

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\6c18dbf7112b9a1a41c718612d4a53c1.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2017-01-24 19:06:04

Detected family: #Ispy

TheSystem Itself @ 2017-02-24 15:59:02