MalScore
100/100
MalFamily
Ursu

sky.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 23/65 Related 2238
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 354.50 KB (363008 bytes)
Compile time: 2017-08-24 23:04:31
MD5: 6c61ba01924ba4afb3e2ae915d744c5a
SHA1: 77715c8ab5ef4d8c1e423c366ea3b3d1cbf15244
SHA256: dd4c0552a2630312b88a93ea37ff66924ad08ce2d8af45c2ceeca9ade3dd7b1b
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-04 05:00:03
Last submission: 2018-06-04 05:00:03
Filename detected: - sky.exe (1)
URL file hosting
hXXp://narenonline.org/sky.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-03 23:04:04 [23/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x57cf4 359936 d2a176e364b52c4cf52b73b2c3e796c1 073124fcf9cd40700e835e747461f378e5ee07d5
.rsrc 0x5a000 0x618 2048 f8de6647eafc0f89821e06b3c4f89693 a74f93da6a2306daa6dfaccf5e4803b6bc2b5773
.reloc 0x5c000 0xc 512 489a1361e2917eaecdfbb3e75f7d09a6 d7c9eb5deddbab03bc52247f9b5ad6915ff4f325
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5a0a0 908 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5a42c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2008 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: sky.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: sky.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
mLOJ
5f777604-cb58-801
VarFileInfo
Comments
ProductVersion
5f777604-cb58-807
5f777604-cb58-806
5f777604-cb58-805
5f777604-cb58-804
5f777604-cb58-803
5f777604-cb58-802
e2c4a01f-40b1-9d
5f777604-cb58-800
How is seen in task manager
5f777604-cb58-809
5f777604-cb58-808
:?P
InternalName
bc4519c8-fdeb-060
Segoe Print
tWH
Random comments
1.0.0.0
b@?Nm6
Company name
StringFileInfo
Translation
Assembly Version
FileVersion
Copyright
VS_VERSION_INFO
Form3
cd704963-e564-6e
Form1
CompanyName
mon
FileDescription
0.0.0.0
OriginalFilename
$this.Icon
LegalCopyright
2008 - 2018. All rights reserved.
Form2
sbY
000004b0
ProductName
sky.exe
Volatil.Properties.Resources
Same as in FIleDescription
MP<3C
wB3U
<F}AS
wB3P
C#K\
?2,*[) ,+od
wB3\
2xw$
k <Hd
~>E]
k]B*s
gZbJ
(J59
g[D?,
pffffffffffffffffffffff
wB3I
PNG
\;>9
Fg1i
";pC
awHV1
d\k^
{?E&i
Ah 4
wB3f
d!\G
wB3e
T_y+
wB3k
wB3i
>'21z
C_-
v Q_,
awB;C
[F>2
a%'X'
U@6A)
.T]uk
26N<h
R6UC
Volatil.Properties.Resources.resources
<N 8
aGB:B
7dP'
;tRv
K%.~O2
BiZc
k* :
tXN$
-(rS
ffffffffff
wB39
MqEVd
a4-T3
* jZS
-a^wk
W x@ >
1i'&
aqB#C
EZMxs
6`xC
;7L
%<(7
ffffffffffffff
=<777775422222,+))))))$
wB3@
cqD>C
>0z'
bV]f
nBRI
FormClosedEventHandler
Aavc
------
WwB9Co0"
e8g l
4*lOQ3Y
ulo?
kqBLL
Y|/r
& }Q
su5Hx
bwB4C
a2F9C
Assembly
UyE6
aqD?E
:{Qr
8y<,u$
`wB8C
<m/9
.+)l
PFY h
:y-u
<8VTI
Z9E(
\=h /{
6B7CB1F76B99023BEFA8EB2B530216F00916E4DF
K[/Q
dwB,C
\ovH
ZnM6
f>OX
aawBU
5EF
%8Ljp
VP0`t
U.1Qh
S5Ii
A~:D
$~7P
aMLYC
P-oQ
y+ 6v
V~bWD
a*B0C
sL:3
1(hEYd
CompilationRelaxationsAttribute
yfeB
vW{j
a}Q<cM0
RuntimeFieldHandle
Dsy_
System.Security
0ewB0C/4
/as4
a}B8C
FB9G
=ym
jE;)`e8
\]>!4
.=Je`
r Ti
10HS
z,nz
l-`4
ZXaCW
~$vm
JJMJ
MkHM
DfwB8CJ7
P7s
ppT(DpY
,2#N
2:Z&
n{8<
i3x^
I=8a
[ ;Gq
ifn8A
ssq
q`"W(J
{kW
CW,X.
dwB<C
bn &
h h)
e)5?
re[&
ESb7
fba%
csV/
Ii^*G
/^P1
b ]A*$
gw@?^
aJnf
aAB`@
EnableVisualStyles
`vC;E
Qt@R
'!E\
f' 6
C>0I
kwB=c 1
3/ka
&hicY
g?Ix
=_)H
mw"P
ResourceManager
awB*s
83T
: oV
resourceMan
1 qw-
%mk<;
|luc
"0w
x<6h5
~z]@
>@Y j
X^M%
w+W+
F LF
crt.
z#N1{
/?9cqw
YPX=
K-zrA }
ih9b
Gg"'(
vfffff
A+,+m
pdvp+
wB8k
-jlv
a{B8C
a{B8B
#XgJHF
JIoGd
R9t:
3!Oq
YG!
j6q
,B9B
Ma=A
VjuPoL}
3d ),v&
AppDomain
%|X F
fFTI
F&j0wR
?xrj3N
8\<19AA
s2XsY67
njS"P
}ihhhhhfffbbb```^^^^[YYYYYVVVVVVRQQ
&jDG
$sB{
a3B3C
#\woiiiiiiihhffYQQQNMMM????666
PADPADP
evC<F
/V:5
+uCb;!
sHy,
mR&x
Yh T
awB8C
7zt$]
^Qteo8Q
*83i
awB8S
!*#x
D_ +"
'= )
fwB9C
BCCGGGIIIIIC7777777777CIIIIIIIIHCB
asy9C
7MfFp
gW@+j
#fP
;Omfp
\aiJ
xY` K
^\~[k
\Q6`:
kpD3Q
set_Text
bIDATx^
gwB;C
f?1F
4Y@`
aEB C
{(pF P
}@Z Vb
#Blob
Control
( 7d
s0k0zF.
j$O/
SnlK=
{F?9
M~a"|
shffYYQQQNMMM????
Ey^p&
awH2=
Program
-y-[3H
)m9"
w*! 8
E Z'f
fffff`vfgwwwww
KH79P
Ge
<|[%J
`wB;C
tg /@
!yRVa
P3-4
S%3
awS;1
pawHCR
PB56
1$.y
e R>
8Y'=
K7-/
+hW1
11peY
`>g ~7
} ?",
C`/lCH@>
QQ^
]$_d
Q|<)8
awB\C
1>B>
uqxN/
J{fg
kdD(E
'4Wsj/
4g H
get_Default
za:
gYQ~
atC9C
HwB=<
awS;k
JfEUQ
8zrm(
hhhhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQO
&V._
/wu-
`e[+
!je(
~TeR
hYG/P
|r_<K
dm "O
z4"d
4ycE
|+V3f"
s Nz
vwB?0
jJ U
F.0'
S<]B
Form1_FormClosed
`caJ
T5!~
KFm0
Cn0u
c\LRE
hyA*B
15.3.0.0
)Hrj
+i-9;
3q'j>{z
OR/=I
:8$&
String
/}`.|
`u#r.
6 `
IdPB*
%wB9Ch0`
9k(X
f9C
Y/o$
wt4K G
Padding
.VqZ
/ X
d#a*1$
System.Resources
~6@Q
GA|W
%nnj<
\aEJ
C#d
~mhhhffYQQQNMMM????6
YE6c5iJ
kA/u$
l0 M1
tO\q
WaFn5RO
a3'_*
uL$q
=47YW
WkB_4
aw]y,
$U j
}pBl5=
_PO
~Iwgp[
PawB9C
|yL![
lEp"
Xr(V
f|lV
pWr4
"~3i
Ra0uO]
91Zn:
6y@}
asB8B
WrapNonExceptionThrows
OXzz
QvB;C
nx=1@
.text
\^,"+Uu
v{7=z
~qrX
9h}kZd{p MN
,(i
.k}n
%Q /
a}b9C
$*vq$
B4CT0
OkTs]
8sX g
h.AOV
Convert
c{}hn6w
~ \*iK
m]R&V
Hyhc
.O)Dm
O%zw}
|e s
System.Configuration
t<2b
IjB9I
+=]q
K%*!
m\W>,\0
i`~W
'Y7}
"fW72
/ #p.n
ERo}
|rW+N
o~*E=
4 }#@
&c{78
JrMn
ti(S
q?`U
-Nn/
o^^[[YYYYYV
CZ)L
ojG?C
, BK
O4*X1
Brc,Bbb\
dT|i'E
p i
Of.g
N'!@
avB1E
,:Lu
EvV`C
@VwB9Cm0Q
c<s(U
~ SO
|k^$_
pRwB=ihCw
adB-b
iWA8A
Hb0!
7#.
/+0kTnZ=
u`Q!C
-D[
]uw[
gau1
Q }>
}B9G
rjNY
a8IYC
I8Fu LC
k^^^^[YYYYYYVV
r ]D
r7e n
]"&n1C
`y*@l
g9Y1
14Hx
CS^=
`rb8B
3 (L[
@}:
a(BoC
v#m
{&H
qcbJ
:,$DVO
;;d{
p5c{
1+k [f
cwq~
cuZ$K
nf!;(2E
nwB=J
1|6n
QvB)C
#F[u
*ZZOz
rZ E
FV\JIStf
awj/C
IconData
!(!9+
lhRak
_NJT
a}BiC*
&gLP
K: D
w0\"
8E+ax
`cc9C
a,B,3
G94T
!0Fn
@\ XE
Z%"nJ
!`3BvEg2
pgwwwx
eWC8M
efG(U
eWC8K
.ctor
]+;aI
-whE
hhfffbbbb``^^^^[YYYYYVVVVVVRQ
pgwwww
9SZO
B8^v0L
a;-Z(
R[oH
K]n F<
!&HS&YA
awH30
c=6c
E*Iy#:
5V;Q
z Hi
>2b(
awF!k
O4-T3
{M7{
hfFV
OkvC5O
e7:X
GetTypeFromHandle
awB9B
awB9C
B8^|0P
^pxY<
`^ 3
fwB8C
mvy0r
5Ij#
|-nN
fb``^^^^[YYYYYYVVVV
awB9k
J-_sK
cDBuE
awB9c
+%JhV}
>(jd
Lfe+5
sdFl
dfB}C
gqB9C
qV\`N
/ED!~
b@j
yWx&
X+=?
.%1z
VueE P
a}ivD
height
=O(5
gVk%@,
\ sg
DaS+
OM)K
rG h
SuS]:
yhwf
@.#N
q'6S829;!=7
d^(_
` k#
:?vn
iA=[
uaCH
-gs"}
_h(%zC
q=.G
3H> e
Hs=n
u 'M5
nYx}
`~+B
\T5ea
v5PN
9CG8
ya3BLJ
VVVVVVSSFFFGGGGCBBBBB:118887
L_cx
`wB:C
1:]wq
SizeF
t_Xa}
Elg]T'[ey<
<2s5
JnJY
awi9C
akrUR
$T)aZ
);1X
kuI/O
*G=u
6 @S
O)Fh?
get_RawAssembly
;wB30
P:4Q
jz [3
f_tm
w I&
&lB?
\v L}>
2 2lf
Icon
uYr}l4I
WmT
b;|IX
P-<?e
g$m>`
wawDV
N:lX,
`jG$F
]Y?L
PXm1
wawDK
uS4#Mtm
sj@?J
Volatil
F?M j
ffffffff
Z- D
,wB?P
)rL1
Main
W\{ y==X
awBqC
nxY[N
iec%D
DWJ~l
x#bxoC
rwq}S
L?U4.?{
fu-AC
ajG?D
` X0
3c.F
#9iiiiiihhffYYQQNMMMM????66620
mscoree.dll
-a[BnC
H4?E{
;=]>
fWA8A
mf\xke[x\YW
auC2B
B{{v
awB9C~0
gwB9C
NTaf:
NbJ=
pgwwwwww
c giL
#J,
{cj0
hG#K
e__6o
q`GT]O:"
iqS<E
JnlSD#
zRA^j
AVTh
0CAT^
[Zzd
(GWvo
wwB=R
Xr;A
> C
zV.h
ffffff
kEcM
GpC?=i
{W&nN
K)hG
$' c
a/F9C
}|<~$
agB"C
awFK
|^.W
D0~>
lZLa
uW
bA"Q
yh]T
_3XKE
awB(C
Oj({
XlIgX
iq_<K
sFW+n
bH7W
~/"V0
a1TkU
VB'Y8
mD_^+
}At}
w'Z,
79"fw
ke=B
.8a5>
STAThreadAttribute
agB<A
#h*x
*kbZ
V:Hn
Xg|
krKN
Form3
IHDR
Form1
1|d"
e&C}C
XowB9C
k}H0R
B 0^
@<hj
System.Globalization
:a_B
&*8v
IconSize
&*8}
}.7[
6fTB=B
-oX
&*8e
0z+
:qG9
OC'w
uwB=J
`Cf}
. 2
&*8o
$awH
&*8i
HMGS
)d)X
r$SH
S0MD
b#
aeB8h|0P
/p!u&
bqPi@
4-]&
System
EventArgs
+tyC;
YH+T
l'(.pJk
!wB3I
w^^[YYYYYV
N&iy
Kq .
System.Drawing.Icon
Q!=WCE
@BQ`
\<i?M&
# $Lt
b6se
wawDGe
I`B9I
RwB=i
AUNQ
#-GUim
{5r|"
=-.S
oKQ):
9b)k
l&U&
?kk~
`|BGH
.Yp[
g[~.
0crC
WiL {
faTJ
y]Tk
vffffffffff
cp]x9
;@!
PUc;
aBB=C
{TMGx
#Strings
asjlC
@-+P
2=k;h
*U,%
awSK0
A\Z9
ck#W
MwB9Ch0
B8Z|0]
e| g
'^v^
5D9}
?awB9C~0
NuP%
*cwB0C
Volatil.Form1.resources
vwB=R
_Gmc p
G{qM
P?7n@
(#C<tC
%awB8C
r[#Z
u?5(
abG9C
p75^
add_FormClosed
}es;E
2lO:
|6aip
q}}}}}
hi=t:
:WHZ{
B#ctRI
a7n9C
NR!w-
7 B%M
ux)d"
aWs8
4a):
n07w
gB 3
get_EntryPoint
:J~N
a4-W5
~IsD
,5)o
_w,Sh
tvVw 9'
pfwwwwwwx
+vD H
UR5Z
lY&ldK
1\6q.
A> g@
)pqBdV90
aYBBC
g)gV&
sFO`Q
,Je4
a4#U/
eWC;K
TXvq
eWC;M
G* 3
D Lm
>,w0
set_StartPosition
_Y:I
cuL7I
,`vy
tro9']
(@s#
b}\
O[*
w4X/
fp7Ry
k]Q`
>-EC
hqA=T
s4Hb
f,9}
'Wjr
=<
v).}
xr+r
+@ E
Z b~?4
=8A\
KHS`JcQ(
nll@
1 #*
~mD%Q40
/x=eTV2?
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
rw uC
2:eJ
t(qs
g&Ie
`vC8G
`vC8@
`vC8A
`vC8B
YIX)
3FOJ
]\6^
2+ _
!Up@X
vTl/
phhhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQ
y.MA
pZFJ
Msjg
!|*j
!>)p
B8 R
}nhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQ
Sb%
ax
8AsH
@VU:
:}3U
Array
j(Tc
`wB7C
aYB C
k=;
J7pu_
pffwwwwwwx
[GUr
g_K9C
DE[
ComponentResourceManager
0tKNUC*p
C#?x
q.TQ
3k1O
&H<Eq
kRT?,
RAvSx
W/ K
2pCcT
MJ ;
"2768
R3@!
36ruL
p\ n
W:!E
E,yl
"}rw
l#l
oDv#
Wa5n
IF\G
.[:y
5z^L[H
q$)P3
R =Z-
+,(a95bJ
LeEK
M F+
OL35
Qw{U
hbe,w
~[S5R
ghFFNUb9
[Pyn
u[QQNMMMM?
BBsq
hW@8Q
_eU~
ucFB
lV4S
vffffffffffff
System.Runtime.InteropServices
ZwB9Co0
bvL%R|
Aw_:F
pfffffffwwwwwwwwwwx
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
rXxBWz
ToByte
C'0J
MP{|
7wB3k
lwB?k
E2>v
8 ~}
S?tZ
>lI7
G)MA
JV=(#
wB3H :
CL7RId]
i8j
;~F9
Otc")Dj
X<zbRu
% 4U
IJA1t
fGc':
Y9fU
f VO
32z>
UD]M
$OiT
w1\7
0
5YXy'
~t0V
p{S,
ig|]
Nudrm
<1XG
U!9Zz
,"+Pa3/
> ?z
%wB3,
gz,+R
xafB
5y/a
/a+t9C
tcLc
m5jurb
$bNKmqa
9':o#
&okM
] hWQ
^@?k
bXMA
KLSDz2
8p
l4lt
R y/L
awC*G
awC*H
hZFn
1L,5@
l;2%
gA@]
BJ p%
|}6V
CG0S
>i5~
uR 1
mf9C3X
?=:c
vy3B3C#0q
c~C%b
Volatil.Form2.resources
8_
*,ff
a%#W'
pfffwwwwwwx
*a@BoC
%P^/
H|sP[
m'RC1i$
awB)C
wB?X
m,L`
TyPYL
FNV|83S
Ihlk
QtB+C
XJ94
I~qQ
wB?K
Y9C9C
VbCC
ae3BII_1
N=6h
yn<@
3k7,
uDGg
f ~p&
!s
GbX5
|v+d
atB1C
wwB3
VO|y
14E9
u}T|
wB?k
gqD?C
gqD?E
EwB?=
aAMr`
7gV~
T|&H
#k8K
P';G3
set_Name
E/UgIh\
4=ne
}IBk
Default
awB?C
V.m5
ew=W
e*$y+B
<qu;
:3
=:@!*
<v9.(
*w}
@Ir@w)
pbq ~
atL7_
p"jP
i;49
'/!#
Mu`#
TpH'
avBMC
"6Yz
vffffff`vwwwwwx
#K&o
EwB?k
IHK6JIL
wH9C
~kO@
qUvzhM/
Vq4
norF+}
B8Z{0Q
gwtAw
GOHnI
r0Nra
1P<Jb*
%'X'
RXI
6l`YUC
J+,$s
A:+ .
EH@L?x
sc*E
ResumeLayout
;},Ja
LT>X:v
awS&S
s)U 1Zze
avBiC10I
Yt\p
XDwB9C
J(=3?
a~B Cx0
cdBNE
8fI ~[[
= PTW
4S'3
ValueType
\PP{
ZLWY
eqD?E
GuidAttribute
aRB8Xv0L
!B~'
b*<R
8tV@
I\1"
,%JW>
" W7
MQq
wj<tq
w]Bx_
x]9#Oy
]<`+
_und
Na3<
System.Runtime.CompilerServices
aoBGC#0
rXz"
:FS <
wB$ t
tmb
yo@0[
>8-&
*=%&
s=G#
T@e
t)`x
k8 *$/
&02*
mPv(
'`=Y9~X
hR.N
[IZN
:mK%j
y2T4"[0
Lu`u
P5 ),
= |e
RMZN
i_59C
x0UA
2Auk'
k0^jp
wwwwwwwwwwp
%3n=
nbb}X
SuppressIldasmAttribute
-%)H
X J6
IE[
4zSA
Q]Y&
&
FormBorderStyle
@s'Q
FJ$H
lfR]
mL#7
dWB+
`N+TsM
[jc5u
XNMMMM
q Dc
Q =D
%iM[
jfwB?C
C40W
o"p;
b5,r
t"xH
msS3Q
Num~^
Jd_C-
aWBoC
3c )
xhlO
PK o
rM? 'j
0Xa`:
?6]/
(AJG
Qs E
cqL:E
VewB>CJ4
B$;J7
||A9
6 -0~
f\st
\U7K-
aogDL
4:{)n
Qlw
Lz.l}t
L,z4~
WQai?
yD\M
I3;@
awH&L
Y>Sf
YWX@YWX
};sK
:lXU
vB9A
X[}P
'<kz
(K#r
|u1\0
Cs0q
Z`c
ifGV
UM $x
`rG8B
@uXv
B9Csu
awS;kR0
+B9I
ffffffffffffffff
}wB;C
r6y{
bqPY@
AP;;
r/%b

%!tX;
aw_7K
`aDF
4w'R
Bx_[oE
6`LF
h] N
XowB;C
vB9,
C$0E
w7$W
&1"'_
A{2v
+ B;
/[| LP
!BK/.
?aLBcC
BQqF8
}q==a
C$0T
[_Id
& qn
add_Load
pffffffffwwwwwwwwwwx
$zPNF
F?Q|)
BawH;,M0
,VW-
SettingsBase
*_4
j,4vV9
d%^X
!=] d y
:]H!
'i=7;
Boz?-
v=S+
{m e/
3wU{
}.)F
oK$!
EditorBrowsableAttribute
width
#r {
>-/mS
IDATx^
Ed0f
86OJ (/
Qz{~*
zYULC
YOzQ
$:lu
Data
)cZ2
dgdgse
;!xPP
~]O;
b~C}C
]>!Y
"awB5C
yjL \7G
xtb9M
G:$$
k=tzcD
sB&@
n]Eq`Q<J0)
nvYq3R
),z&
J n^
3wz3
9j0
*o'E
pHYs
j7c]
v[+
v8sIvQ
E N9
k_b9C
9]+)
]%S|+
fq-RC
`5B5C
aVB3h
>gMH
,l)0tZ
+h>
#Rc{
prS=,
EOO
"VN
QwB8
.]=u
uykU
fffff
uu0c .S
41(<kD'{
^B {
dc gi
]6R, l
6`sy
Invoke
.Y/i)
ha7r8
G>&@
V >*
"fq3
~]Yv
bwB9C
2CI
wA7)
bwB9F
a>BWC
}&5/O/
p*`Lu
;_.+
cX_f
M#i,
?,wj+ L
<R?O+v
o6t4~
QtB*C
bt a
Q5B69p:f
-EKu
b2`i
]N@{
a}jcC
iyb>Q
<V0"
p}B
uzby2
*M6q
f4jH1
oB;<
hK Y
S`$9
qNMMM
B9I[k
H`0K
x5dT
@.reloc
(2 }
!@%&#y
Y4v4
awBfC
UB *]
%2Co
JmEI
k w9C
Gb N
McRn
F8@\
IawB9C
0k>A
|a{OM`
txy
2B9h@
yK_
6%2D
Byte
SaNm
X41}
XFXU
apB4C
tCiqbc
nhhhhhhhfffbbbb``^^^^[YYYYYVVVVVVRQQQ
w#}G
nll@nll
sn_+Z
mt%W%TE
H f9C
^QojP
`sD?E
dGf:k
J J;T
wfffffffffff`vww
a}6 C
d{_)
hDj %
iVC -
M n\
.=dX~
9+#8C8
e] ;
ox1kV\:
wD,Q
u{8,
fpA+
P?$#
kbb``^^^^[[YYYYYVVVVV
a}808
3xcD
knjcC
ifffbbb``^^^^^[YYYYYVVVVVVQ
idX0~
a}g:,
hhhhhhhhhhhhhfffbbbb``^^^^[YYYYYYVVVVVRQQQQQ
a ei
jFL-
l:M
t'+\
&K !
k}H3J
0yc;#W
AuC*C
$D]5
tNwB
Z 0
J_ o
@7Y|:
rrIhar
FEwOi
"nQ2
%&"_v
[~'
4uT{
pDwB9C
A?b0
M?{yR
a3B<B
8;SA
y8B~k(
T`c\
I.B9I
l ,"
asKBT
asKBU
JLu0t
fd
>,O,
'K\
,4iz
n`%
k[CUNC1$
2lZ=
H^YD
x2(!^
S\Vcp
I_O)
FOOk
'gn7Q
}kF9B
eawB;C\0
F/\
iu_%E
aE5~
a6BJC
#Jx~~~
/*X/
<\Wa7
n>x*
5*xr
syFI
> PPulC9
EMt]%
<e0N
[=v?a
.Ps3
,q 3
"*6{
b0j~
F&j-
pupg'
Opse
+5'
U&g4D
awH31y3
Ls`H
zA5(_
K-lK.<7
N + d7
IckR
vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vwvffffffffffff`vw
fttT
6yVu
7_da$
7PIN
8 ?c
2as
!ArN
sg"8
~wB3k
&[ 73b
x!z[
iySqR
zjiiiihhfffYQQQNMMM????66
IDisposable
NKEu
ra3C
-{7
System.Drawing.Size
!Ghq<
i5&0
dWC;Q
`wB8C{5
41C3
SB9E
CSZ"
SuspendLayout
UZ57
a/C9C
_w1ZC
Synchronized
wMu2
{mL@'S
~vycu
/Bq
: No
Q u'
ON8<
Application
li#B
*#&h
8hF{
awB9CN4
|^ *
wwwwwwwwwwwwwwwwp
set_AutoScaleMode
#wB9C
cwB8C
J"bQ
a}jdC
w~x$
FFH6EEF
|zxS
.4 h
wB9C
Ub&'=
wB9G
SXO(
Wy1a
1.X$
aGG9C
@g}t
0%uJ
`vP$@
b5U7
>W}$
]B"s
awSJ
/B9I.Q
t_Ya~
orD*0P5N
ewC7M
ewC7K
V~S3
10rzK
defaultInstance
LCI"
awB=C
,dc U0
>P @I
nt+!
n{n
Volatil.Form3.resources
%[Hss
qa)('
4 g]
S#Aj2
IContainer
:`^p
. n>m
B:}
TTeYzzH$
d%.% B
Bi9
components
D`wB8C21
g*Ue
nysWA
flh\1P[l
4Q_P
|+
oOY5
uAd7
gWB$Q
a7'&
uw~G
{ |2?
Wo^N
!1T5
wi*y
lLU:
v"jq
ouP1
$,{F:X
HVhc
[.5>
z8=
e/C?C
A SxV40g2
|#
uEk<ze2@
X Y
v\A/h
8_Kv
vfffffff`vwwwwx
1wK
@Zxya
MethodBase
,/F
{w<
.=`
(IJn
M3Ay
RGAy
C aE
y8I@
SH~T
X /
0oHG
r&i2
lkRF
{jOe
w6H
RuntimeCompatibilityAttribute
9S`8M
RB9G
fXZF
wlvl
:Xa=
z^'-
wawB1B
7""t
x#4{
kqBDR
raQ-U
3 <_
{-LJ
awDGO
va_N
n_NEJ
3Kdyy
S1AH_
auB1B
vi2+
i 4
C.A>9
n=(O
=e_P
4
'rbQ
awDGj
Ke=j
g_ 9C
vff`vffffwwwwwww
k|E?U
{@M0
^nl!#y
Q 0e
pgwwwww
w_99C
+On{
F"=6
a2B9C
] " P
arB@F
;UcPN
C,yBx
}dse
vy3B
LD0;o
"vi #
+TGO7
awQ]B
vGY-
0 i
&NN8
.EJ|
GW0jD
0U$,uls
X]A1
JD69k
a*B8C
aCe*
Rzr
,YCuz
7|q x
_4Op
h<`}L5m
:Z 7t
o S3
C<0d
=:QH
?1;)
8Pu;
y!G<
53@':
3 IT
R+L<
tawB9C
3!X2Q7
`vC=E
l9u<
"o&`
;jpuC
B8^c0W
J.5c
!]Kw5G
Y"sfA
[B9I
fC S
8vb.C
Y-*T
iwB;C
aeQ9
<Arh
$+C&
I B9I
.e/[[
avI!
JEtG
ra "
@wB9Cx(
xxe
GEEP~|z
u6H?C
^Y4gf*di
a!B\C
CL0A
CvueH
j s4
awBA
HV,H
\rf9
ewB8C 4
Bb^C(CG3
awB9
a!B.C[0@
a(BpC
q\Pg
Z;:8
k'O3
qwB;C
&o<
GraphicsUnit
awB'
w}a|
H0B5
AvC+
,cu`
#X"O7
C 0A
5_`N
bqPIK
TWrO
Aza5
dT.'
qD|b;Q
!dx{
Close
yl C7Cm=
}b lZ
/FfG
1H7}
njx)h
awC11
]o{,
r`^^^^[[YYYYYVVV
P. ^
:9Iz
ZRB
a}H?@
36 X
q/9C
l%\#<
dp>J_
B$".
D
Type
\?6(uQE3
P)U &7
l L[
awSGu
jf'f
awSGk
v2.0.50727
wB3Ud
)* \.
Ao 9
|" '
u6>w
&Woy
X!%v>
SQ X
.fF@
|0_6
InitializeComponent
C"0R
BBWr
%WqB
QvB>C
+c7_V`
B[LmI
fLSg
:YbK
@2dK43
`B9G
OF$K
IL>e
C"0q
*L?B
y^rC"
[0 -
e]B*s
gAMA
t q?
C 0I
<155.
hC~9B
(}OK:({-a
\Tyo
awF(U
^iaG
;G}<c
awF(Q
lY)<@w
IWmV
xr3d
}Q
}NM8
|sQ0>
`oE6+W
awF(D
JG`sF
4mT(L`
xsj,
gK3D
#p1
V_0Q
shhhffffbbb``^^^^[[YYYYYVVVVVVQQ
.cctor
dhgS
skNk
&uXK
LLZe
T#2?
set_FormBorderStyle
QtB&C
mscorlib
R}Q'
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
09P0
u}S-
#% 8Qu
XY`_
IaB9I
-ewB:C
m6l:GX
/)"uY
ioK+j
psjSC
8wB3E
[fh(
#haG*
ofmW1
aqj&C
|3wB8k
u`X{r`\fb^
cwB9C
9{Q1
ptz T~
^N)e
& zW
awD2h
EBeO n
]B^L
Okrv
3O_.
KQOi
7F Z
apB$C
742si
]`{#
#9iiiiiiihhffYQQQNMMMM???66662
Taewuqasi.Resources.resources
R_9-Wpp1
5{w
N l

/C*335
'&"[
\S1g
?V=a
J/UE
HbNAs
j0XH
_Assembly
v&1-
}5K<
]0_Z
P|8t
System.Reflection
H&*~Q
`wBVg
ffff
GavW
V9{yUH
Hc;i
zB9G
Form2
RuntimeTypeHandle
}<*:
SY_&k1
:Jz9
wFT2
KwB*s
$% ~
auI9@
: <7U
_+:B
k}K(k
htL4
%9)P
2ZV~<Av
d|e&
QrBNB
1Sz8W%+
sender
Q2.51N
50FO
BWUBDFE
aWB9C
Ko1%
pxvffffffffffffffffffff
J'x%>J
6d !
sdkC
bai9o$
4>,Mp
set_ClientSize
>
7IqM
1N\-
G-P
hWA;S
g, Z
a;1&/
yqlN3
; H+
Pt i
%`G"
yavg
_!%*
#B-E
j,ccL&
C}7)
auB$F
b}6+YES
Xb}<
'J|\k
WGE9
?;]T
a'B9C
sF!4
BlBu
C~>S
vED_
S(lS
eo0^$
psqB
I|*V$S+:
"uyU
JK~
x> ~
1BD8
9lyQ
awB C
~|rF
D.,E0
a}1aC
#Hxxx~~~
*Oq7t{
SecuritySafeCriticalAttribute
m> ]
e Bd
^1of
$Ve6
HNC3
eA#rvrH)&F
6d6_
rfYQQQNMMM???
GhE)
$1 o
% ;:
aMPYC
&wB9Co(@
5p +U= 7
)FIY:&Z
BSJB
f$!d
aNB#C
"Lybk
xlgs_
-E+U>
Cb0X
sG"=
agf9C
~Aj6=
oawH
<wB3
psS<k
Q9/I
y2R6w
sWqe
=}Cq
UG5w
$.+ ]
ToS]
`rJl%
|FZmw
DQWd
M8.r
n ''A
YP ?
9#[
x_TZ
0.%m
sB+P
xu-&!
p:EXC
o `~
P2-G
get_Assembly
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
;}2&n`T
6 < v
nM$\
34NWwUN
wB?,a0
buffer
hhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQONN
_>]Xox
sjL+b
wg9&
nD-
7aF;
ieD4MoHk
(bn"
Mwl9k
crC9C
!This program cannot be run in DOS mode. $
_/9d
a&v
awCV
nS s
e_:9C
!3/B-
Bv( EE
jkM M7
nQEveJ
^I=T
1-U'
e}1q
y5qb
8P7_
Zr/4m
kL>c@e
Dispose
VRBWjsaoH
aKMCC
H Tv
b8Wv
=B5,
E_=;
Q'Eu
yXy;
otD+
TGu t
Vxq<
~8Xx
Ed'^
fffffffffffffffffff
o(mi
=*,h
wT{
n '<
BIky0
$2'E
;e VZ&
CA1bd2
p&V#
p1s
R1x=
v\8C
,s F*R
$: j
1hqB
fa]o
<!SK
[jax
/cz=L
X'+.
8{f@q
aP_@
JZ}%
hwB9C
)u+^
)s{b>G
N^>|y@w
z34
8e
iNb,1
}/Bc3m
8o
rv~7
$b_u
#GUID
W YV
fqjUC
Y3= Y;1
J;Y*ss
O>,M&
nFFT
qNWs
ahE9C
`&|5
4CSx;MG
EwRs
OU o
G}(/Bh3
M't]
2iGm
fMAy
[r*A
{Rbk
Df_ [
*wB:C
^Mg =Y
,W*j
h]9(#vdr8
resourceCulture
:v.W
Size
gvC<F
Y"BJ#Bg
c h{
Tb ]
PHE)
BfP?
sM~/
]$E' d
$awB*C
jawH
o_MF
A'7[/
5lu5
`wB2F
lA]|aB
a!B.C[0v
H\;#l
pfffffgwwwwwwww
enAEL
z]T"
vTMM
&WOR
B~P
`e"=I
q}^j
Resources
QW[}
Tj4;
H H9C
q ;}
`RMw
a%['=~
;*mV
awiV
GwRuC
Hc(?
kqo?0
y,`jOB
"2nE
CG^b
ybeU4
^;pC
cy^1K
:X.a
6Z[5C
Yova
n Eh@p!
*aYBnC
)peB
U3wB8
tj`Q
}v8a
4C
uU}1
6zQR
wU`>)1
C:0`
yA9h}8
6q]sy
``wB>E
phwB=
t~W %
yE'nU
J @
anBMC50
kz,(
9\7=ax
G9kEb
! y\
c@ U/s
taz8 Xd
Hy8.=
ve c
XJBA
a_J9C
\<2
P)3
@<~N
atB;C~0
A4?P
bwB C
a9'A7
dwB4C
b?iMb
A2?(
d!(8
O2M;.08
$$&:
!=#V
]ZK|
Cb?+
"+`vl
`Px
g:Hh
W#DM D@
iEbA@x:
qcDFl
\nE R
0*/L
<9k,
awByC
KwPc
avB,F
3}*8
*Mc<
i>0`
"J1F
).&
EH!h
&" }C
kY^(_
xQ~^
iwB9C
e6q
J^q:
zx*I8
J"Aj
rVH?C
:-]&
] ,i
~`=T
PAzU
|tHC
[G!l
a~B!b
!B9I
!AC,
W6Ju
J|Wx
}DLh
(5k,
`[O#e
@$Lj
@\mJ['l
zlMt
5ULA2
evB90
awDKx
I"B9I~
9=8}
{vFdn"
qwB9C
cEa
Form
t'b
5ZfR
0uS}nk
2n R)P\
R{1q
{$Dt0
v4J#
*d9
@RBZ
+2Z
agB*C
LhEO
aoB7C
*[_A
}kRH7p;%
qmEXC?
MethodInfo
h)KFJw9
,qpd
wO3C
awH*F
6!Z&
P#&`O>1/S}
7!v#x>
p_A?R
#P>\
}QZ38
SPl/
m |!
f3xF
'eCi
axG9C
3;:j
s Q>
v^^^^[YYYYYVV
nffbbb``^^^^[[YYYYYVVVVVV
E7 _
Ib:3
3sI&
5!wT
Kw)N0
vfff
avB:C
wmt@*
|%SB
^YYYY
\{za
H/t
IFUi
GC- 4,
wo Jcj
bS={^P;rWJ7cL@0P90$;
tx&<d
"\sE'
arb8^
~L:
Char
awB"s
ApplicationSettingsBase
pffffgwwwwww
FU>\
4dV:
KBS/
Qj}
ES"sw
#pR!
?49id
~E9, v
avBF@
sv2n
iQB)
pm@ ]
io)$
. 3_(
gqE9C
@R5l
`z%f
YdiM
}'h\
WwB=A
wsUo
t})Vr
r/$Wc
*D93
3;W"
&$w#
uQ^!
,F{l
IEND
DawHJ
GetObject
b(f3
fE@%
&@tg)/
{2Ti
BGz5
h%E.
;"7p
fffffffff
C?CE?@
) A"
Ee]
`uD?D
n v}sk
0&d'
6\U:
Z\|Hs
Rb=9
l*37x
Ak8~
aX-Fs2
~g:5y
lcw+Z.
oapPN|
gajBC
B?C>!X
,<%-:
&(C(
x*2
iaQ0=P0
awD(K
a3B\C
15.0.0.0
(sg
cVEf
u0ex$
wMzn
9g N
", Mu
t__a
H !F~
=Z ]
\yCsGll
H+(x
5K@E
ey-RH
awS/T
t4bmP
SY&U/
(~4
}? 9
g/2
\>/-9
Volatil.Properties
Q0-`
kVH?C
kmH9C
p@EXC
-;y5
Ow#z
{g_
}Tdb,4
1wp
_LW6
av@`M
^k L|
;[/R
x\^,
\a}J
iIyR2
Z5l~
P-oC
h_b9C
V`jbzM
} Cg
vawB9C
0d!K
(LV ;
avB8B
`wB=C
ILtV
t DT
avB8C
h@~B
dwB9C
@ <M
u Ox
$jF4W
:C@l"
dwB9J
Form1_Load
<#"#
"~ ,
q|qB8_
X0Pw
wB?@rb
oHt6 F
h9"8J
w8S(
@4I]
MlhX
& W@_,
wwww
zV7Q
wgyJ
UtiC3C'%
Vw<N}(
+A_a{b
`Mjq
AssemblyFileVersionAttribute
BO(V
5R B'>
sBIky0
\_@/
oy@;A
drG8B
V02#
cEI>Ll3)^YK-
C8zC5J^
T"ml
{ u5_a
Zbjv
r|T*O
X|W3
U9I,
6 46
Br&,'{
iC+h
}bRFd
$Ft&I
Dk*
za{P
:'M+
EOv,A
I=!R
I\3)<kTF.9
\_/S
-+-(
`Sc9C
fffffffff`vwwwx
]E&>
!r^-p
]{+Xv
awB#C
wK9
v*(
-XqZ
*=.,
Class1
t hpH
/&^|
yD9h}BL
0@Wm
avB9C
R>'%Ob
-y;r
kYQQQMMMM??
0l*B5
PzCi
r?b3
o[-< c
yd/f:
0IDATx^
qPs.
B(C|6
^WyT
'LK"ls
DZ"hN
T&_2K
XRi!
PI,J;
c7VA
MSH#
7K/
nJ-L
__StaticArrayInitTypeSize=16
qu;h|r0
Q}b
+WG/
LX+:U
W-Jocy
`F$.
wwwwp
%YI[`f
zWLZ
P5K
w7Z2
^I )J
m9c9
\{G-
Font
Rn]=>
4q^ (
.)3I
ra='t
oyL7F
5ZA(
fpBIky0
';>
x jc'
-#0IR
|Ai(
FD2L^
2Cfmf
r([>
cwB<C
B@'4
awBGl
IHa
xr+J
NQHL
=oS,/+
VXX
}R22
_CorExeMain
h}B}&
a7B9c
*w%y|
,a9tV
GTWJ
[d{[
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
J+r
5^Yr
cgw5W
e&T@8
?]d3
=qtD
\q_U
q[2\a
V+!o
3~=X
<LC
awB1c
&di&=
$zU
`ek1@
Bz_\
InitializeArray
AW]|
gpB9C
Auzi
D}M?
.*V?
w2X7
b4yL
awB1C
E%R&7I
/Y~y5.3rK/GW9
C?0`
wwwwwwwwwwww
\d"&
/~P*
pt__a
cah;k_0
?7h
4AJQW
Ut:}<j
aTBuC
;Z8'
W[cf
vh1C
JJ m
asS4\
p30v}
,jm%
Z\$q~
pw=
xB+!XMV5
ak["
rhD`
e*y7%
f-m)
kwA$F
zdvK9C
"hs~
($Q
tk~NNU
S1r=
W 0k/i%
Z|iW
avQ,G
\P )J
.7-9
dZ@(
{GUT
.,1I
`vL>C
>B]nhkC
!wB8C
5;M&
wwwwwwwwwwwwwww
Y}J7
wwwwwwwwwwwwwwq
8OQ^
%t(Cz
4o,io
Hhy'[
6<_)T[^l
x8zV
a5g%
;m""H
JR<?>G
9svl
s0~]
f[4|
%.
&v9
JT}5
M::bs
B8Xt0N
x`](k
Qx@;
' 9>
Load
;Oz&
z&!^!
9/Qu
hNm;%)
wIln
OK \
System.Drawing
qTQ=
VBI)
)RK=5
Rky6
-#qcg#
$X%n`7
sjZ+b
kK#J0
XUz
rN71
U\Uy,
awDGP
E@EFh
]Hh_
,F`<1L
ivB1C
kGk##*
'tL[G
a}UJ
~[I{"
z8x@
e[E(G
AxS?\
LS
7 `mp
aTB
Anlo
cIzu
8(yT@q
0 6f
ijG,Q
F:Gm0
m7ql
1E\W
#\8;rD
R zZ
<,_M
OQI>
3_l/4
N~G}.
9?$
t|g
]"v5
X]-H
{t-8:Oo
e\ [
RuntimeHelpers
PGh "uq
0bwB
q dJ
]mUR
kt.=
bC1z^
!LgW
C?0O
n]JbN<
#9iiiiiiiihhffYYQQNMMMM????666
f'$T
c_X9C
C80h
m+SG
{\U{
nqB
dHa.
}",7!
\g Gd
c$L [~\
wwF7+
VFz:
3Y<5
tY^@~
^TY^>=
*bx&
{'~-
Vnh?]
Object
SD0}
X::~F
+y\w
&d^`
XqwB9C
yL.
vfffffffffffffffff
{)M%G>ez
d2fH[u
ComVisibleAttribute
L\ n
?9T
x0]}
3System.Resources.Tools.StronglyTypedResourceBuilder
S#$u
>CL!
wawHV
!xZ<
Ukhb
b+mF
YO3C
0tbU
s^J7Q
/b /
BE$n
@UUY_
aqBZN90
D );m
n>M!C#cV
SdZ 7
y|U(w
qocy
9K^:
o5-!
Q8BR
k??
*zj]
>v2}^cUog
t'(U
}Hy72
!tt0k
>e%(
w+<M
/ KG
U+{;UV
EditorBrowsableState
*~s+
bn2RR
gmkC
v [s
NaEB9C
ewC:K
lWlZ
awB6C
P^2RH
CultureInfo
b/S`D
E<A4[
%'2) n
cSl:1n9
+>G]`B
1.0.0.0
B?Cd
adB4c
SetCompatibleTextRenderingDefault
Ch8Iw
zs-5
)99E
yj!~{a
sdMU
V2`t
+);c>
'`l-A{
QtBkC
7^Y3
WuH]
atBRB
%ue@
V ~
ContainerControl
PC3C
ffffffffff`vwww
hhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQO
1E&GK
7T1~
f%Cu
a C9C
ml@I_Ev
.xcWyC
evC8B
w;w+
ewB;C
awH2
a*E9C
ueJE6."
V/9-
sRGB
{\(7
3#si
mCM(y
whA6
unRa
xpA]
dZ?It
w"&9`
Hh[$
&Sfoxk
Hz4{
q!9C
0 )5
AutoScaleMode
OCeK
.S}Kp
5v`@
ZB9E
*NR
GFiQ
u[[YYYY
>Zfg
1~jo
QuB C
`wB-C
//xiQq
!pS
auBRB
0P"5YN?
P{IO
E5umo
}eR,qc
X(
aVB=C
get_Culture
e%C?C
aaC'B
hhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQOON
aSwz
J nuNp
fwF[r
|o/s
,,h{s!
WO`
_.sw uC
{ "s
8I@I
(Sfk
wLM e
wfV(G
I|jG
CaP]
?[O#
ua$w
aQD9C
/0``
t~Jo
/#>(
4[8>\
RRS*QQQwRRS{TSU{UUW{VVX{WWX{ZY[~fee
9k=jd
i`Q\h^MXf[JXcYFX`UBX^Q?X[O<XYM:XWJ8XUH6XRF4XPC3FZWR
|HwM
@wB1Co(@
z}}}}
Lh($
? 5D
4fB
$F?
|2o~
NetL
ex[
"v|Hn
1rr*
tI>3
'fKq@
?2'fO
T6l5
wB?P
MRe@
.7HR
lbbb```^^^^[YYYYYVVVVVV
p\y
iF;Q
qe$d
b7~W
jfzdq
<`wB8C
*IZA
FormStartPosition
,AAU
#z3&
yL3i
d8} o
]s[ kK
)8MM
6.^,
( {?'T
pgwx
)@Lx
&"B/
N/7~
fffffff
nQQNMMM?
E^~z
>S3RT
(V&\
2xXT~
(VZ
m[' s[
hFn\
avBRB
Y_D"2
8+ g
wM6
ib3B
u2o
-q/uA
#}k=
|0QG
rmf{
%B9B
%S|C+
dwB;C
a61J&
ojL<D
/JTB
(B<7Q6
Oww&
0~jo
vN/e5
aGB C
fff`vfffwwwwww
,DC_S
Z3%g
^av
MSLR#k
x!;@
[Z]~XW[{WVZ{VVY{SRV{NMP{IGIwJIK*JJL
s]yj
~B=P
>qiq
whE1
wawD
lZ6i\#
fM^X
e/,8
m$Z'
@o.-76
ri9t
q9`
S-MZ
HCEs
"^?;MXt
|5(|D
aanue
7cv`
BYMf2AL<
>#t?qi
Z0,
km8+
g{BPS 6
"B `"
<7U3
Q7>rB7iF
_ 7
`vF?E
WCBl
awl9C
$;J7
Z cR
R>Am
Sd4X5
Cz2!
a}8(G
`v@?E
GCU>Y
%)))))))))----------------22-)
&q.la
)B9B
7bJq
QDHQ8
a^G9C
-W:W
xDs
~s<f
PK
CC0F
`.rsrc
QEB{m/yW
B^4
VKAQI
ZY0
"YXtB
awB!C
t"8[
_~z&
Oz 'L"rU(
Qg} >.yR
9S0R
hWB6
80gi
(Y)j
Mfl*v
Wf&B
Z^i#
_p9.T
AwB9C
t19 P
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
=vHW
k}B3N
8B]lgV7
$98j
x4r|
ffffff`vgwwwww
x'x~
set_Culture
RwB9Ch0u
get_ResourceManager
5~ M
WKn0
FKv{2
Ep-U=
AwB95
|MQq
BB0{R
2M r
b28k
uMO
Ca|'*.
awC"s
mij
(6Ze
"+XL
,f]B8S
I,x:
P,;0
o!NfW
h3WZ
arC9C
1+U&
d%gr
j'E
|4up
!>tc
/?B7
}1Fh
w4w%OK
j =
5wB?e
Q#7E
O;{x
X4pP
C 0|
]H]X
eV@n[M9R?6(0
{XWK0!
_UzPE
Oc*!~ T)J
}8(I+
edB1e
g f9C
jT M
- /y
0 (V
["ZsZ
#9iiiiiiihhffYYQQQNMMM????6666
mbwBNC
3~jo
3'uTY
awBJ
kfQ^&
a;B\C
{ $_
<Z,k
2\-T
Y 3W
QEU*
-JpM
#@i:o
4R@eD
eYB C
C?C>(h
BbD(
mr zl
tj<w
`dO11
heV}
Ij)u
hhs.
p[>L
set_Margin
&n%GXm
|rJ)K
a?JrK
F&"SNp
T=_J
3mL3t
I}3x
dgdgse.exe
8Bx)
i?."
$'MA
<+W'
XEa
L((i
R;}MQ]
D=5}
sN+B
hefZ
dYYY
U&h{
(L0,+(
rBIky0
I2rw
_<hD
] 52E]z
-B9B
gqD9C
66M1
offYYQQNMMMM???
G#+}F
gvC8B
2awB.
jG!"
"nty
K5!)
```^^^^[YYYYYVVVV
,s9n
{zz9|
9pBz
RC0@
MU89
`wI\
=csBG
oiC?C
fad;BG
S ~Q[4
'w S#
T<AraM
u) l_k
w2cv
=wB3{
k(/
HR|E
B 96
bwB
e m9C
8)T ="P
?QWL
#9OJ
M(G
oawHMA
T>4&bMA0oVI6{]O:
VHxw
}#i?
:dB pr
%ud2
%z=DC
RF93
lEwB9Cm0_
&40,
6`FC{C
wgdp8|
'f4]>
c^[YYYYY
F l;
Z 6-!
n%1,
Fnn=|
B0
ajB<B
o Dk
1%8Sx
snJ+Z
a40\"
OOrH
y@d_
m|\1
*2*g
6<3q"
a B?C?0F
C00i
%-va
a*q;?GB
`wB>E
T;MO
.YAI`
!!&&&&)***&
A$z
Ey6
|3Si+F
QQ35
(y?&
a#nQj&
_"T$
GwB9Ch08
mjcIit
d MDb<
nKbks
]+(O2
pavM
Yr)*
t&eW}Es
wJ>Sq
+peK
awBYC
<`wB;C
kVH?C
-{H0
gZDJ
28B\
isDo7
)r%js
tC`a
set_AutoScaleDimensions
+>dD
y (flj
.1I>
awB}C
}C {H
;+;C
v OC
?Tq;p
U(U
a}d08
awB:C81
Settings
>B9E
<PrivateImplementationDetails>
_y/=
a{d9C
awY=A
!\H(
HiY"
eKip
Y?gI
/w^;ZVo
set_Font
a}h*s
a'0V
aP%4
ffff`vffgwwwww
15Gl
fffffffffffffff
dwB:C
DY_6
a5.V
&7B#\
7~jo
avj`C
ng2E
byteArray
-njQ
ph8S
c/0J
7VP5
:vBIky0
f[C E
b%q^
2wB3@
XJc\k
''Go
;dwB;C+5
TZv
?b;u
Y";A
;r!i
4rp
DjQr6
avJK0
agB.C
^ V%
w,Pt
q`[P
5E{H
guC8B
L<z
9~5B
uU 9
C@0_
avC9C
dgD0
{D9Y
sn=0
bWB>E
6`xC$A40
PAwB
'0V$
a%'^*
ef{2
l\2b
ZX&[
P[yyGn
` c$i
Gi6t
AvC(
j7]"
<Module>
cwB;C
ukk]
BWQ
$])_
x<aP
Hp b
pfffgwwwwww
hXOC
?,Y
awB&\
WjKL
q2>B
pfffffffffgwwwwwwwwww
lTrC/p
hhhhhhhhhhhffffbbb``^^^^[YYYYYYVVVVVRQQQQQON
{JR5
*:`4
Uxab
}$;X
%w@X`
`y@!9VP
>(p.a
^{piQ
*g'f
pz-E_/
$5a710473-52e7-4c9a-9488-1ce24c322d48
Nm Vy
*n497
value
TE%o'GN>tbH+>,
'ffTWBE
T2mEG
ewB9C
avL$F
$ k+)
,eim
AtJ$F
;%%(X
%` B?C"1h
BX >
f'L\
\e(#q
*aqD
}5kq0D-|
awB:C
3;h[_
T`=u
uB9B
Y;_A
svP;Q
awC4=P0
vvK2
awH0T
'D>u
l6Ca
O h6,o
pffffffffgwwwwwwwwww
W%#m
RS|S$
+^_d
6HS@Q}~
CN `sT|
k>e0X
P*?j
\Kj[
g9oc8
9Oq.
$6@/
awD:0
,]";
de`Bb
4E/P
SU1\
C`0l
awC9C
1`,O3C
get_mon
c5I.
X }?'#^Jl
xmiihhffYYQQNMMMM????6
X`Wv
7J}[
7z<2
wM,H
k[B_*
20i0
YWX@
U R6
C][R
iKn@O
VL]
q7.?G
Zq30!
IuP%
Bp_;
w)Wl
HawB9C
9Yi~
D/*r
`wB9C
yB9G
\sFs}
3@ww
#X`P ?
$Bkh
=wB3{$1
hhhhhhhhhffffbbb``^^^^[[YYYYYVVVVVVQQQQQONNN
aRB9C
set_Icon
k[0!
wHZw
^OKl
cU^%>
,JaQ
A$c0
4AuZ
Q;^#O(
STui
:6nC
EventHandler
d=z?
}.zT
+2t^U+P
,Q-z
avP K
tawHGQ
AS`Y
XiwB9C
gj L
! >G
?7(k
ESFJ
{n0/Z^gF
pzj:C
$fx8
awS9C
~aRQ
NE-z
get_CurrentDomain
<l B
4*|}
Y0n1
a6f3a7fb-c693-ca.Resources.resources
ewB:C
IWB9I
=](n
2T]g
%]<N
M f9
disposing
3k5(
$.V`r
Z'8[_
dwB=C
k/xz
-f@?E
M#J.
8{mh
,.wG
VaXE
kvPmG
o="W:H6
e%6%
>HJJ
_E>}
nyX[
':r
WEr Y
jT0
Oha7 ;Cw9
&aTBoC
+A C
6pna'
C10`
m F%
_oRf
f?H}
irb;B
`G|f
C10w
C10p
gez<c
W~&
GT|PG
ie3B3C_4
}{h5
8pgD
*WBa
@wjWP1
%\wk
+VS%
s;x
tE0#
iArH^
m+nuyP
U3(A
E
r<pH
^N=s
/Mt
acA9C
)*t8
N)[8
' !?*k
qOY^
Bptv
System.ComponentModel
SVym"
FormClosedEventArgs
Kav[
)s3nw
R_<Q
8$ l
>B93
pBIky0
<|ds#F.
BzI<
awB'C
q Z0?JHe
py]o:
*_ n5
&r}-
bawB2C
awB9CC1
)EJ<
+"Oq
X:=i
b" 67
o]b_7L
guB:C
, +|
A^sa
2}qZ
v578
A,|03
mykey
._#S
avB<D
$*`y
n"Zu#
}kO
gN 6
ff`vfffffwwwwwwwwf`vfffffgwwwwwwxv`tfffffffffgwwww@
<"FA
#J~~~
8463
2tq
Ug=
?xdNt^&
lF:e
1koF
. ]p/7
aEB$C
cGns
%<m;d&E
^/-7
_#O;
(34)e
vfffffffffff
8NB1
W^Tm
yc( c
`tHt
<4pLC
Culture
wAY7
%Np
B7K_2
System.Windows.Forms
a1FkB
C}%p#
b l)G
%Tp|
>B9I
t#[k&.<
/ z%Q
j])@
ASg@
dt E
E>4f
xadC9C
B9I
CMN;5P
a~B8C
Io0T
"N"JP
_uv6
System.Drawing.Bitmap
$Rz[
teo8_
CG<.
H&}z
Q4Cj
%y=I
]u{"
wH9N
System.CodeDom.Compiler
FontStyle
_5F
`qb8^
GeneratedCodeAttribute
}awB)C
,]=Gr'
('+h:
pffffffwwwwwwwwwwx
(K,Q
)~\[?j/
zpCC
aqjXC
dnoq
=>K$
-'_MOk7
:(j?
.n,J
qXv\9F
fSB}C
C xtZs
>f
atB)S
iyJ1^
cB=zJ
JQUUX
awB5C
jPhu
vBIky0
YenF
awk8C
XcwB<CF2
-~T
3XXc
7f^%
vjDo
pgwwx
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 04:58:01 2018-06-04 05:00:53 172

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 04:58:01 2018-06-04 05:00:53 172

4 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-04 05:00:19

Detected family: #Ursu

TheSystem Itself @ 2018-06-04 05:12:01