MalScore
100/100
MalFamily
Ursu

ring.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 26/66 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 354.50 KB (363008 bytes)
Compile time: 2017-08-25 04:20:07
MD5: 75f7c142b1d77f3f8fb0446390ecebe0
SHA1: bee7eb9695d20eaca8ae61c50f8b8439ea64786a
SHA256: 546d8db3038d2306218bae10362e219d26a8507f0837d7208d8b119ea8f6b290
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-04 20:51:02
Last submission: 2018-06-04 20:51:02
Filename detected: - ring.exe (1)
URL file hosting
hXXp://narenonline.org/ring.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-04 07:51:27 [26/66] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x57c64 359936 afc9733de768737843cd1e3a3973460a 4bdd631f28748e2b261d67f478365e1b5d54b276
.rsrc 0x5a000 0x620 2048 f6b2a105094ce2aa673e4bec71ab3d47 2d41e067adbc8464d463d1fdbee394e10f3756ba
.reloc 0x5c000 0xc 512 40b824c59d20bbf4fe2ba1cecee64cc9 7e680a2d4278b3216ad177778dc64cc73abc1090
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5a0a0 916 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5a434 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2008 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: ring.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: ring.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
VarFileInfo
(7.O8ZDZF7He
Volatil.Properties.Resources
ring.exe
Same as in FIleDescription
e2c4a01f-40b1-9d
How is seen in task manager
Company name
eEb
96ca5c27-325c-b33
InternalName
2Pv
Segoe Print
FileVersion
1.0.0.0
Random comments
StringFileInfo
Translation
Assembly Version
Comments
Copyright
VS_VERSION_INFO
Form3
Form2
Form1
mon
FileDescription
0.0.0.0
OriginalFilename
$this.Icon
LegalCopyright
2008 - 2018. All rights reserved.
bc4519c8-fdeb-060
CompanyName
000004b0
ProductName
aa0b84ad-905b-a0
96ca5c27-325c-b32
96ca5c27-325c-b31
96ca5c27-325c-b30
96ca5c27-325c-b37
96ca5c27-325c-b36
96ca5c27-325c-b35
96ca5c27-325c-b34
96ca5c27-325c-b39
96ca5c27-325c-b38
eqAi
ProductVersion
_`IzE
MP<3C
wB3U
wB3P
lYn(
lc p
wB3\
?|}q(
,&$@
k]B*s
gZbJ
g[D?,
u UX56L#x
G^T;p
pffffffffffffffffffffff
dgdgse
wB3I
PNG
DyW>
w;3y
Fg1i
awHV1
~q9
kg?O
wB3f
wB3e
3$'l%
>?*^
wB3k
X/r8|
wB3i
$Ln`
Culture
i5@8
]1%B
7;[C
awB;C
3]#a~:3
a%'X'
H'o
5f <
<sa-
k}B3N
Volatil.Properties.Resources.resources
)Pnv:
aGB:B
iAoiF
H{.4:
_%C$
ZtmaF
jm"s
cBfY
0W %
-(rS
ffffffffff
wB39
MqEVd
a4-T3
Md6(n&
I8u=H
3jx_
aqB#C
6`xC
o1ls
.}VV(
ffffffffffffff
=<777775422222,+))))))$
wB3@
3_e6{
cqD>C
(%Y^T
&44[
RO %`
Sh{J
Aavc
------
WwB9Co0"
3tPX=
0-$
x7u\
3l^7
Lf{0K
kqBLL
Gj#u
l>YO
wxMax)
a2F9C
AXWwR
aqD?E
akAR
]qNp
`wB8C
C_\6M_
L@2h
D3 &
SPi@x
7'\
]4F ;a
"P6]6
rHv}
z8|*
VueE P
u=Xg
> !6{
?edp
7t f
aawBU
Fhq>
/XP
dE]n;
=ru
aMLYC
?r Y
j&ihV
a*B0C
? #i
yfeB
3yJ?jT2
>r`.
a}Q<cM0
j80c
RuntimeFieldHandle
Ik3A
}HEb
0ewB0C/4
G4,x
ns8~tw
+)s6
=i'&
a}B8C
FB9G
4x]
0Tr
H?1"o
wqcGM@,
Ng!+kd
RQ" ,
mscorlib
[&DN
U9fr
%bcX{=
DfwB8CJ7
9fLq
ppT(DpY
2:Z&
3G L.
{1?Kw
+29;
%89?X
ifn8A
j1Cg
&TD^"
q`"W(J
KlB(
CW,X.
*y4!
c^E#
dwB<C
Ac{"
g0rd.S
Nt^k
{gE$
gw@?^
LeEK
,\V
aAB`@
p'k)
BpWe
`vC;E
O!aoHU
w )
%Ts/
0ju(
C>0I
.GI
kwB=c 1
>f 9
set_AutoScaleDimensions
d?L'R
Y'XQ8
%+5z
Lu4Q
V{J[/
#kC
V@DYN
awB*s
G&>v
-y>44IP
BcO-
WD)1
F$ILn
$><vr
+]ki
Jsu
KoR9
w+W+
gJQ s
Z94bk
&LO.K
\h5. r
(_p
<bln
Y?gX
R8_}
)k:}
vfffff
j5 |v
v2.0.50727
]_+r
wB8k
9>Q}
a{B8C
a{B8B
/I"O=
dd@u
a#GH'+
cGmW_n[
N_H@
,B9B
zth=
AppDomain
# O~
YQ0
ys~2
fUf*
,s!
$UsC+
cixz!^
m[2+8A
get_CurrentDomain
}ihhhhhfffbbb```^^^^[YYYYYVVVVVVRQQ
a3B3C
#\woiiiiiiihhffYQQQNMMM????666
o^@_!]6
PADPADP
evC<F
~1],
KuN(M
:nn}
Cd<\
E24T)
;{{q"
3Ch
awB8C
WAl!G
[ =%
S79y
^Qteo8Q
.\,
:0H0
)LcY
awB8S
wnxl*
V2#I.
fwB9C
wrvt
BCCGGGIIIIIC7777777777CIIIIIIIIHCB
asy9C
pXN6
gW@+j
V/J.;
6P#=
)i*dq99
T}!o:V0
4uPua}f
Om6M
\aiJ
kpD3Q
01o0]0<?
,Vv9T
gwB;C
A(lxE
:S^["u
@F)0
3X!Bo
L B"
v&]9W
] cO5G
mgmh
H6kNN
aEB C
Jr8s4u
MT,8
}"bTX
aa
FWkhQ
+#b^
#Blob
Control
T(gIo
P7@_
d>UH5Ba
u:$
q6 4:
shffYYQQQNMMM????
Kar/
{v&5
awH2=
Program
AT5~v
'hEI
yql^
fffff`vfgwwwww
YU1z
<=be6S
_TxEW
u#DR
xfe.K
&gyPh
zkt|
#c.^
`wB;C
<v"&
p6Y
I<B&kt
CompilationRelaxationsAttribute
awS;1
-zte
pawHCR
9uO`
Type
=?Dq
*9T.ks
?*|g
m9C;:
;Y_"0+
C`/lCH@>
awB\C
StDU
LP6e~1
kdD(E
D^Dl
get_Default
g,!y
atC9C
@q@g>;lQ?
HwB=<
uS&S0
awS;k
LU.+<
hhhhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQO
`e[+
46Vu
u-QK
hYG/P
\S/w
|r_<K
3 kmF>
Td+GQ0
^1of
-z \
:%rL R
vwB?0
1-U'
<PrivateImplementationDetails>
Char
Form1_FormClosed
cl1
v(-i
U M:
'^V0c
V q+
Cn0u
qQzO
c\LRE
hyA*B
AXBGmG
^.t;
4&~ok58rW
E/7L
VeR#
?[_+
qUri f
yal
@m}F'
VI)Y
= },%
%wB9Ch0`
f9C
06D
|=]}
;jPWT
(,^L
wt4K G
Padding
Ja5T
R"0Hp
-Ur~
G !D
\aEJ
~mhhhffYQQQNMMM????6
G,vP
i UO
wY;a
DRhY
C. 7
\` ~q
{y b
7-^4-
@WJt
/=I*C
ZyF I
a3'_*
q`GT]O:"
aw]y,
rLE]C
$gbs
4oIe
}n}kg
PawB9C
LD<z
|yL![
Tz*9Cf C^
oU5 Q;
SyLK
D) D
Volatil.Form1.resources
asB8B
:'M+
JABbh
QvB;C
_f9O
m o<
.text
N ud)w
B;(8
Q3eI
m3*pZ
s uOxy2
? 9+
m/%
=i*z
GetObject
J$Ys`H
a}b9C
o,t Y
uA26X
B4CT0
h.AOV
Convert
z,He
'n,(
p$ 2
?ohW
System.Configuration
kGz-
IjB9I
n)f=
=`DI
oHf'
m\W>,\0
i`~W
Ctom
] {Y`Z
d_478X
8hlg
|rW+N
wpPe
6@>#
&c{78
kOpzj
Qu(GK
W[3
l^a>
ojG?C
gsd3
719
\JQbP
O4*X1
#W( h
;K@F
RNdON
p i
hw\%)
b|QB5
d-kl
Lq44
avB1E
EvV`C
Du(#
'li;
opRo
|A[U
KNj
|k^$_
pRwB=ihCw
adB-b
iWA8A
ffffffffff`vwww
(B[+<
Form2
KeNz\
st_"
L1k%
}B9G
[eKr
a8IYC
P:6[Bp
G:|<<
k^^^^[YYYYYYVV
n`[,
CiadI
vL\F
34t\
fEF/
;-na
jt*w
t_B=X
upYv
`rb8B
Y~pD
nO,<
: ZkM
a(BoC
5d}
+KG*1
IwMgm
"wJ2
Qnf6
3w`X
Xd_v
cuZ$K
nwB=J
wQZ:/`#F
qLu;g
QvB)C
$L1.R%
RQQF
I>^g
6Q#Y
SuppressIldasmAttribute
6onj
q?C6Z
*ZZOz
i*Py
awj/C
zeKy
!(!9+
/Nu6
lhRak
^5n'
a}BiC*
E1d&<
w0\"
`cc9C
-+lf)
a,B,3
N:ANG^
;'dr
r1%k
!`3BvEg2
1,8;
pgwwwx
`< z
efG(U
eWC8K
q <
hhfffbbbb``^^^^[YYYYYVVVVVVRQ
pgwwww
B8^v0L
a;-Z(
V_ZP
v%ty
\7Qb-
awH30
#!^m
GkoF
g v=
FAiu
awF!k
O4-T3
hfFV
t%{s
'q9~.
+HSU
GetTypeFromHandle
y#z6x
awB9B
awB9C
X-oo B
lmrM
q5" }
B8^|0P
Ijo
fwB8C
C@|,
!y4
~ [ T
(bM#n!
iz|t<
2.4wO
fb``^^^^[YYYYYYVVVV
awB9k
)p$"
cDBuE
awB9c
B4 "
oN, _
>(jd
RL)+HSJ;`
vQE$Pp
N;]7
3n ;
dfB}C
1a')
gqB9C
c4U`5
='*
{z VZg
b)~:M
V`*)
a}ivD
a5N<\w
height
DaS+
@MW`B
yhwf
d^(_
mdB
~D,`
elzu
r} J
_iUq
qMVP
j>PE
nX2;
J]j4&
@4vL
m D
|K4$
u%Y`
ya3BLJ
VVVVVVSSFFFGGGGCBBBBB:118887
"j#&[v
{|)g
B%pE
X $)
SizeF
t_Xa}
hefZ
NY ^,
awi9C
Dn7Sp
b}YJ
=4_]
kuI/O
sender
j3$s
?Jo!+a
,g[t
get_RawAssembly
;wB30
^2\qx
Sf(w
jz [3
{*B5O
p&p]
aPy3]Z
w I&
bwB4C
dwB,C
!5,ew
3l^9
U bM
"^;
zR{+
cCe
|C68
:ivUFEy
24 \
cfZj
wawDV
kVAJ
`jG$F
!>8Y
wawDK
sj@?J
Volatil
%9^=k
o% R
(XgF
ffffffff
,wB?P
|>Dk
Main
B(C|6
!c[2
]OMc
ki4<
iec%D
6n[U
q3GK
k<!#'
X oJ
+.`KW
6T9jS
o27[r
15.3.0.0
fu-AC
ajG?D
BU#.O
#9iiiiiihhffYYQQNMMMM????66620
zCG*>
Z{#v
mscoree.dll
-a[BnC
_ @|
.w`ln
fWA8A
mf\xke[x\YW
auC2B
awB9C~0
gwB9C
B5%]
pgwwwwww
Form3
@Aq,I
A% L
Invoke
4Crl@
iqS<E
nSe%
h1al
6 k 8
1U 4=
wwB=R
=@xWJe
`r4B
ffffff
5!`O
v W
8=lu
GpC?=i
{om/
Sbg
ByBk
() <
>x~V&
o*dAK
HQ1#
a/F9C
\9h|
n`4G
agB"C
awFK
~ Nu
sW_'G
9Ngp
@g~
awB(C
iq_<K
sFW+n
;L}*y\
6>8v
a1TkU
VB'Y8
mD_^+
w'Z,
-=y) lt cX6
al:D
<J6Bn2
=2tw
STAThreadAttribute
&N\y
agB<A
u`u by
$QQ %
haw4
4tZwi,#9
]/3&l
]8uT<
E/\`
IHDR
^=Sd
{k)R
System.Security
"t('j
e&C}C
XowB9C
k}H0R
9!~:
:a_B
&*8w
XzYuA`
IconSize
6fTB=B
&*8d
AbDu,*
L>:k#f
$|3zb
uwB=J
4yWT
%Kv5
$awH
d5~q
aeB8h|0P
bqPi@
KF"?c
7oQ*
System
%Kc1_
/@vx
LnO<
Application
!wB3I
w^^[YYYYYV
*uL^
System.Drawing.Icon
wso#
G MU
1|vda
"$ C
3X$zmqe
:: s
wawDGe
I`B9I
/U=iI
~\>s4
)RnyS3
]#kV
fgfw
e4 .
PZ%q2K
*]8H
P ^{
AyP1%
`|BGH
Ku)p
D).B
0crC
faTJ
($ D
:auB
vffffffffff
7(C5*@
zH,q]
aBB=C
B*:
#Strings
asjlC
WiXq
Font
nHoKp
s`2H
awSK0
!5-a
Gxl_Br
Rt%
m0Z\Pr
MwB9Ch0
h.-{
*)(P
B8Z|0]
|+&0l!9
F8/R"S
C/G\
Qu3<XM
?awB9C~0
5J{6-
*cwB0C
vwB=R
3 3F
-w"l`
mhh{4
\x<wxg
bZJ<,3
%awB8C
u?5(
@ch5Yd
abG9C
OB;
}es;E
+B9I
4r.6
s2"n
wRf,
q}}}}}
>&AQ
a7n9C
s=W[W
?jL7.
4-]&
;)5@
MH6O)
XT (.
lw*%
#XoI
;)\lvo
I,!t
a4-W5
6B(<V
vpX.
H+Gaw
pfwwwwwwx
.h\f
8f7ab9af-2df1-52.Resources.resources
k2s1
-p#y
xZ$B
)pqBdV90
aYBBC
$N9
kk:V
a4#U/
RRZF
gb6?
W"ix:
eWC;M
>,w0
9A#A
oXh.
cuL7I
)*8u
vhUA
*w@'N
+MQC
S\
w4X/
fp7Ry
bVAw
5G";
k.|)i
:xG`
b\h^&Vm
S!jd
hqA=T
3rQ
1I I
#%\=>]
V}]0
8F\G_
+@ E
x,6
p5W0
nll@
)~Px
._*$p
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
rw uC
'*V
`vC8G
`vC8@
`vC8A
`vC8B
kfk6/
I ;:o
[C#E
%W({
BKg-HLd
phhhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQ
7Wavrd
ht)j
o*A)
_IDATx^
u(1m&
}nhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQ
=?tKz
ax
^E\U}.
=nMz
{#cX)
,F/}
`wB7C
aYB C
qKea
rYk_A
UL@+
W'GJ
1eOe
DG>2
pffwwwwwwx
MK;T
oawHMA
=H?r1
g_K9C
ComponentResourceManager
KR~
`olx
3y%*RC$
kRT?,
_CorExeMain
X` 2 8"
re@
Bt>)=
gmwi
D"^q3
sr?v|
1<[(
9 +ZB:
Y@iE
Nn'0?
Oi)D
V1qY
.`-_
?3<!
q$)P3
T!x2,
d JTOG
:3$u
~[S5R
7x0v#'
lzqSl
ghFFNUb9
u[QQNMMMM?
hW@8Q
Dl)
ucFB
vffffffffffff
y#V;
ZwB9Co0
bvL%R|
Aw_:F
pfffffffwwwwwwwwwwx
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
rXxBWz
lfm;
EnableVisualStyles
C'0J
7wB3k
lwB?k
a}1aC
1AZ= Bp
fxjp
QZfc
/oD@.`
N**N
t2:j
wB3H :
{v}K
, l3
wydlL
-gCpaz
hjuI
fMp%
[\ TP
r!xzej
wWJG
UYi!4%
`B:A
y><KQ
w1\7
$mAsDB
pW%B
hW4x
| >
_19(
p{S,
SNBW
d%.<
/l@D
~% EM
%wB3,
I'Z~
xafB
/a+t9C
V^^n
w_Ct
NaP h
V?
l"doH
4Nwx
_n1:H
.72K
awC*G
awC*H
l;2%
LJU{
mkhS
V Wu
|{Y ^?
KWZU
CG0S
Bu-Xz^:K0
Q .X
}5pm5
;.`AF
Y^g.
gXpS
vy3B3C#0q
c~C%b
Volatil.Form2.resources
a%#W'
}$d4Q
1IDATx^
+ ov_F5|!D
pfffwwwwwwx
*a@BoC
RVRgn
j7_"v
awB)C
wB?X
cKLs
- 2q
QtB+C
Fg-_
&>_X
wB?K
I!;x
Y9C9C
ae3BII_1
&:U{
KtD,
rny-
H~Mb
7eU%W
?vNV
7.2P?+
k$ j
zx
B \
ZpoR
atB1C
wwB3
rfyR
wB?k
V7m
gqD?C
gqD?E
Uf;.K
& 'i~
EwB?=
~FHDu
#2l i
xMc>j
&x5
awB?C
Fpwg
h-+cZ-
CmWy
%a AV
B)G]Gu
OkDI
#1%_
atL7_
zr>Z
UM6@D
(5<'D
]c@u
!$yf
avBMC
o5-!
}XgR$A
ApplicationSettingsBase
EwB?k
IHK6JIL
wH9C
~kO@
qUvzhM/
B8Z{0Q
<G<*
wsbS
S,!L
?f K
pxbA
NpcVB.WU
%'X'
E:v?
K.U"Pgb
yU'W
$^3=
v[D
fw(:
EH@L?x
2))u
xTP}8
ResumeLayout
L@5^
~bo#
G@'u?%$
awS&S
IEvidenceFactory
avBiC10I
XDwB9C
TfMl
a~B Cx0
cdBNE
F?Q|)
'IZ`d!
FRg[
System.CodeDom.Compiler
eqD?E
GuidAttribute
aRB8Xv0L
HJ`u
SetCompatibleTextRenderingDefault
{})j
A`u] N
WPh
t~q>
#n&%$7
y#am
" W7
w]Bx_
{A<7
u/{
f8y?
System.Runtime.CompilerServices
aoBGC#0
R2+
`S)A
vl7D
@-~v
oq/LH
K zA0J
[ .;
yo@0[
B|aO
N1XT@&
p ]r
`-zy
J>mUc
N',
cBYE0.
hc~:
?-/!
=X'D
: -Q1
W U|
OQCk
$JJ"
e?]n
i_59C
f(>E
x0UA
wwwwwwwwwwp
O!7R
w@N7$
| HM
P@s
W<C3
5n0y3
$gGP
^Q9d
ID+R
$T/uN
|rA
Z "+
+,P
dWB+
FormClosedEventHandler
wfffffffffff`vww
XNMMMM
1TL2
Z2LR
7[Byn.
T\Xm
jfwB?C
C40W
lW>V
?@Y=(
QVWe
xK ]u?
gXH$
msS3Q
=@m8
3MH
]5t&
P1Wv
nMri
aWBoC
9?-%{M/
c$F<
)_HM:
}HY)Z
cqL:E
VewB>CJ4
0SP/M
B$;J7
CpyEW~
mFlLo
nC-
\U7K-
<ZIp
n&W
zEvF
9zP[
%b\B
mpoe
~d .
?pRD
FormClosedEventArgs
%{CJ
|!or
YWX@YWX
~MUA=
\PL
# $K
vB9A
S")d
Cs0q
[3%u@D
7UH|
ifGV
GD~P5iD
`rG8B
@uXv
A :O
iD~K*
B9Csu
awS;kR0
oy3:M
x$,Mg
ffffffffffffffff
}wB;C
[6(f
bqPY@
l tv
5U? @
nW_`
T#uMd
) Nf
/ hH
B d]
^[WE*
LI"wB_
~F~rI
B Y#)dC

oqtT
aw_7K
K ;^
?_0(_
Z% >
Pp.R^(&
XowB;C
vB9,
C$0E
=%Ze
eT6ULK
4~CutB
+ B;
s@,p
wxiQ
023
?aLBcC
7MlL
C$0T
!-h5
*:Ed29
S .R
Z3 5T
W[yT3
pffffffffwwwwwwwwwwx
XHqS
[ Y2
Hdxa
BawH;,M0
X#g&E3<Wo w
zBNhc
SettingsBase
NZ:w
YpLe|
#uHo,
iq@J
9U|C
a3qQ
L8lh
g'V~
)fUr\
A$!WfW
EditorBrowsableAttribute
aWs8
@rx$
N1Q~T
.& %;1by
IDATx^
Ed0f
(r#A
YOzQ
{Da!
Data
,E*~
}Gap
bV%D$Z
viKtW
)M;6|
8)k,('n
tI2s
~]O;
b~C}C
"awB5C
c>N3
/bS
iC]i?
xtb9M
*qI"U
Cdzl
oL'x
]]I`ech3U5
55=.
QM a
n]Eq`Q<J0)
ic}=
7|Z\o
0Nk{3
)\+q
pHYs
.ctor
l lEW
k_b9C
OeDy8
fq-RC
`5B5C
aVB3h
Im_ 'b3
%(fX
=A-n
L|19>
prS=,
UjO D
a(?M
t6zRJ
QwB8
fffff
r.Hx
k_X g\
/:)>
$jh/
$tp
M @~
,Amd
}q,X
disposing
Resources
+uL_
# R5
duEv?
ha7r8
@wB9Cx(
7 0+
M!Mm
k+GY
bwB9C
wA7)
bwB9F
a>BWC
';6o W
{_I
$2ca75161-3a26-41ca-a099-ad7a3e4c5498
buffer
Xe *
r K
QtB*C
'XP
E2eg
kWCX
a}jcC
iyb>Q
'GNU
]Gk-;
a&1X
_!b!
HQe*\
:fo
k}}4
@vX,
AiYV
zP?>
] `akR
Array
d~_D
hY}"
width
aap [W=
qNMMM
B9I[k
v)d
;W+F
-qo)
56DxA
ikXw%
@.reloc
(2 }
awBfC
D5:t
vgN@[
k w9C
IawB9C
R\t=
0k>A
v`Dn
53WO
Yjm'+Pt
3(.M
T(;%
Byte
SaNm
=Z `jK6}Y
eWC;K
p]6)S
( AY
apB4C
@E"I
NSs%
nhhhhhhhfffbbbb``^^^^[YYYYYVVVVVVRQQQ
b3XWn
"yz?
nll@nll
sn_+Z
H f9C
^QojP
:5x)
`sD?E
L;2U
h\T1
fq);
I@~)
a}6 C
I='P
|g&<
t%du
Yq! ;
[ d &f
M]'k
?;nY
wD,Q
nl/BA
fpA+
kbb``^^^^[[YYYYYVVVVV
a}808
knjcC
ifffbbb``^^^^^[YYYYYVVVVVVQ
t~J}o
6,J.
a}g:,
set_StartPosition
hhhhhhhhhhhhhfffbbbb``^^^^[YYYYYYVVVVVRQQQQQ
}kf?~[
b;Ck
] w9
+,>p
k}H3J
@<+{
AuC*C
t 69{
Sa"X
vF9h
~s'A[N]
$T\s
#$t&u
/OA 6
p0"1
.! s4
pDwB9C
a3B<B
y8B~k(
l1|kcT
KL8#?
|^rb
I.B9I
asKBT
asKBU
Np )z
>,O,
+-^+!+~k
x5-?
[z7?
k77!
5 JF
k[CUNC1$
2*1u
UiMI
KWlE0!
a{7Z
:-m
[y r
]Z~N
Z{ h
}kF9B
eawB;C\0
iu_%E
Xh*u
a6BJC
#Jx~~~
=s)XT
EZK3
v` "
AU)Xs
tP~_
pebp
C5dKp
^sJP
)~=X_0R\
6H%]k
x~xS
W Nv
A Ila
qN}9u6oO
RuntimeCompatibilityAttribute
awH31y3
*%P M
%{ q
cSMoe&]0
R{+:
IckR
vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vwvffffffffffff`vw
nK]z
3'z5
ddWA
X!P'X
paZnj
yzFi(l
~wB3k
iySqR
zjiiiihhfffYQQQNMMM????66
)|o_
FQ=>b
Rb*vZ
W>Ns
System.Drawing.Size
NY.l
A0s\Q
`Wh
fmco
;G'I)
dWC;Q
`wB8C{5
41C3
SB9E
YN{N(
*goI6
set_Text
lTai
SnF,
a/C9C
_w1ZC
Synchronized
8&*b
Form1_Load
;6`|
sL|c
W) p
QC{V
Q u'
Size
L'5sEu
+-%c
Op,t
awB9CN4
LHp'cJ%v
[dJ1a
e_Yru
wwwwwwwwwwwwwwwwp
xhx/
set_AutoScaleMode
#wB9C
cwB8C
a}jdC
w~x$
FFH6EEF
ZqJH
|zxS
m*N|
FR2T
wB9G
H!fJ+
QqSP
1.X$
aGG9C
| 7p?06$
cORT
9FNm
`vP$@
C\?A
awSJ
/B9I.Q
I%t(
t_Ya~
ewC7M
Kwir
ewC7K
defaultInstance
6 bs!
awB=C
eyJ {
o`jkvG
Volatil.Form3.resources
5|2J
..m+e"F
,Tg-A
IContainer
F*?>Q
ZSd1
$#5;q
<"w5
:`Q
'z6 t0x
components
D`wB8C21
,_V)
Zd$3
sm("
ajkiS
ma$G
KSV/
xMh
h/j
[s$Ic
gWB$Q
OXp/
X f
D^"+
>g'C
OIH0
N${s
|p3Z/
RKb+d
96>@h4-[
e/C?C
jWq<
Ed]c
q="P
m{b
Jux\
v\A/h
vfffffff`vwwwwx
/1M0
X H
cwC e
3/j\
X 4
0d=eT
=d(9S
X <
:!pX
C&LEm&
akt}
#i~m
,GYYk
KTcc>
r3}"`
}qL7_
RWs*
<N33
H ei>k%N
lD`i}
J\?
m$%N
9S`8M
h>kDa
RB9G
NU ;
v^/4
3"[N
*::4r
cxC<w
38jS9]
!8$QK
wawB1B
n L1
SQht
kqBDR
%H`.4
QAw$
We+0r
RKB; #
awDGO
PT`rQgdD;
`m]c
[1t:
n+Ks
auB1B
awDGP
DDyU
\"j@
6Cq/
N?0.
7 2[
WZ]a
g_ 9C
vff`vffffwwwwwww
k|E?U
n^<H/
pgwwwww
w_99C
+On{
a2B9C
arB@F
wsrK
&8Gz
vy3B
ys*}_
Kj^|
d hK!N
VKe_
,=(E
E !<L
0 i
JKyX
g #u
.Uj4
BU KX
Assembly
5<_{
a*B8C
/NZ-
wp$ n
Kiq5
awH&L
C<0d
T=gF
04-t
1Iq U
j9?L
tawB9C
`vC=E
q H2
|6L
B8^c0W
5#BWKw
e )z>
3_=Q
@v"bWh"k
AZjmXLN+?,
iwB;C
aeQ9
$+C&
I B9I
yC ;8
W/nQ
aBFM
] ,yyQ
fe65
=T8\
rNb@
Hw j<
GG,=+
GEEP~|z
u6H?C
h& }
a!B\C
!}a "
CL0A
,ouVs^
a1uJ
awBA
A7}&
ewB8C 4
Bb^C(CG3
awB9
4>,Mp
&B;*_
< "!
a(BpC
1< 0
Z;:8
qwB;C
&o<
GraphicsUnit
awB'
ycZOE
,P 3,
Al,F
AvC+
[][]
)+ESQ?
C 0A
$J fD
bqPIK
*M7&/
;Vb0
&L\D
g\&g
A \
!_Qlz
qD|b;Q
Close
zXu=
9VDD
yl C7Cm=
GIwm
!:(,
]lX<%T
RwB=i
Kkb7
t#$)J.
awC11
u\!m
/jy#
.cnF{
r`^^^^[[YYYYYVVV
mMH]
a}H?@
q/9C
|?:4
nRnNZf
o{4a
ROM'`q
\?6(uQE3
P)U &7
awSGu
AkG~wa
awSGk
k&IA
xF% #
wB3Ud
3O_g g
t]iQ<
R tc;I
UE&b
K@9J
7g28
.fF@
InitializeComponent
C"0R
E9du{
Rw
QvB>C
mBi}[
e..
(l:2
`B9G
avB<D
-L@=>
C"0q
">\b7
T.rlL
Q2l"
|CH3
=0x"[
e]B*s
fwa\2
gAMA
C 0I
b2z,
F 1J
awF(U
DtAz
awF(Q
.Bnw
%v4Xa
$<?1\
3Y%%
#+VY
(7b_>UX
awF(D
# Cq'
CS7w
ba_c]
l*c!
[VFx
shhhffffbbb``^^^^[[YYYYYVVVVVVQQ
SuspendLayout
Vdc
aK^~'
nn@f>mw
p57$
e=W*t
[7fT
set_FormBorderStyle
QtB&C
'CjX]!
'\\8Z
1"<AP
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
#pI:
!.9*
IaB9I
-ewB:C
edA$
5WfB&
bY/v
ioK+j
psjSC
l]"v
8wB3E
]b{#
#haG*
Jg^9
aqj&C
|3wB8k
u`X{r`\fb^
]l")V
c[1e
cwB9C
Bv9i
j-,l
s]cDQ
!\m
]9Q"<
awD2h
nJ0p
{wll%U
F]LO
T-RWs
*~n#
t<@{
Y;*9x%g
apB$C
#9iiiiiiihhffYQQQNMMMM???66662
/{Wg.*PN)n#
6&h
OU
1{=`
F "?B
HQsy
}['k

k QC
{.=Mmk
O{8>
value
|RZf
Xk7P
j,euM
H&'D_
yh'*
System.Reflection
v14Jd
:tP?
qtacY
tTof&
`wBVg
ffff
GavW
@VwB9Cm0Q
zH~C@
MH|d
zB9G
b)/D6
I;FK~~r
RuntimeTypeHandle
WrapNonExceptionThrows
FormBorderStyle
X4U
:Jz9
Li[
dDt$
KwB*s
Um?S
auI9@
k}K(k
Form1
XUX'
W{At
~Lc\
N~jX
QrBNB
d yT
4tT#
Y\b:M
%` B?C"1h
50FO
BWUBDFE
aWB9C
Ko1%
pxvffffffffffffffffffff
x.wY
9YHf
bai9o$
V{*m
94 A
iCMj
]n:1
#6{*J
G-P
O;/
hWA;S
A=~E
`9f
C#hU
Pt i
aYPk
+/[@#1
J{O
LSbL
4& !JE
nSr[A/ 0
f eJ
>;[@
3,~O
C}7)
auB$F
U'6L
6a/B
OsZGdb
,4h)=
a'B9C
_ynX]
pi$j
a Q?
@#H+
psqB
UFeQ#}
") 7
Q!I9Q
?_Y }|
awB C
C H $E
D.,E0
D~I?
#Hxxx~~~
SecuritySafeCriticalAttribute
Jg B;
_"<7
IE2
n(_<
$>O0"
F|-I
rfYQQQNMMM???
Xb &
'9 A
-|>(
aMPYC
&wB9Co(@
{IdGkrM
*u!C
BSJB
aNB#C
Cb0X
agf9C
oawH
<wB3
,Q#%n&
psS<k
qwF#
wae$
Wi @%
5UbR
[]Vx
=R@"
?hjT
\;!K[
,c>i
3System.Resources.Tools.StronglyTypedResourceBuilder
sB+P
p:EXC
o `~
m;il
!UyD[k
RnFz7'U
d^RM
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
=2J(
i:A/
2o-$!&
Wa3y9
:vBIky0
wB?,a0
>t0Cv
YOOC
hhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQONN
sjL+b
'.LqK1
Rk/w[]xm!
Vg35
>G}9
rg9^
U>pr
9Z^
Mwl9k
crC9C
!This program cannot be run in DOS mode. $
91z5
awCV
hwp a
e_:9C
Q,G
s.~nG
nQEveJ
emn
!)<B
Hni%
o@ @
J:#-D
LIdA4
Jmwn9s
I94%
Dispose
z34b
aKMCC
0IzB
f7j<
7<w*
TmC
(][V:
otD+
TGu t
o+g^
/~3m
fffffffffffffffffff
,i#{,
_\kQ
?I+O
0:V+
!)]<
BIky0
o.'
kc
jiR8
D& ]
R1x=
: vXx
v\8C
8D
$: j
RJ;,
1hqB
6rIc
(g-n4
*R(6
w8l8
set_ClientSize
a7_{'
z B6
System.ComponentModel
hwB9C
)>E@D
-haf|
b6o5]
lKs<
tk!s
| &X| 1Q
KA7h
Oc'8u
8H8dn
fqjUC
O>,M&
@oa
ahE9C
lA !
N8s t
/{fC
m~i@
66R
lho
avI!
h?")
\EHf
a!B.C[0@
|x)OAc
B.>
*wB:C
F5*!bR
$^Fm
Cw&
G1b3
sfB{w
5]> A
Fd2tm
gvC<F
k$H\
t >BS
$awB*C
jawH
o_MF
A'7[/
`wB2F
j7T;
jt7F
a!B.C[0v
=4GU
pfffffgwwwwwwww
uf>D
L'1m
vTMM
-e}R
]J1>
;;Ri
CmO'
B~P
`e"=I
&V 7
;#?J
1,r~
{&jS
>;:r
H H9C
6A;
'nn=:(
wW7y.
;*mV
!r^j
! #VS\
awiV
KA~p
GwRuC
QJ<xC
kqo?0
' -z
Fzf'
Fo59
g*u3c+tl
^;pC
cy^1K
jkTf
o TF
byteArray
,AR^kQ,:
~B6xPm+
n Eh@p!
*aYBnC
)peB
U3wB8
$ZKSU
l i5
a~-0
(.YN
Tqq=%
C:0`
yA9h}8
0/:0
``wB>E
phwB=
!; _Z
;\G.
_GH ,
dinR
Io?a%
anBMC50
2 s"
I>P}
O9-2
Tf eyu
gw+
a_J9C
w}<N
atB;C~0
A4?P
bwB C
a9'A7
gMYw
dwB4C
KF!
A2?(
[KJS
QK r}
*wU\
,NG$?
XaN\
:U p
>I;f
"U.xD
fFL=
8aq
]l}'
awByC
ukw
jY%W!
avB,F
LE Y
*Mc<
6"y%k
o!~R
"J1F
nTPjG
&" }C
kY^(_
B[<`
Aq\0)
iwB9C
C/m1
4?NE
g3]E
Q= Y
7/&\
rVH?C
:-]&
GF<?
,% F
a~B!b
mG- oK
!B9I
*BUzK
CC'a
@\mJ['l
/U9X2_$
evB90
awDKx
I"B9I~
VQSl
<yT"#
xiw;i
\oK1
K8l&hE
qwB9C
9JK_
Form
!oRN
iA:iFuw
$+&
ISerializable
O:Gw%
4 z?
TJ*i
-QaZ
Ds"_
/rD(w
<Qq
A Sk
25~T<.
agB*C
Ln$-
#>98
aoB7C
GQei}
T:\]/
{0kwx
s2<k
vPo,
qmEXC?
+0,
MethodInfo
I) B\
y\}mt
{y~@
wO3C
awH*F
&9`%
6!Z&
P#&`O>1/S}
sF<B
p_A?R
get_EntryPoint
+p8)
7QyE
\IW4
tp"<
axG9C
v^^^^[YYYYYVV
nffbbb``^^^^[[YYYYYVVVVVV
Ib:3
Drc&G
<e4pU"
i2>`
pKDv
M'<b
s"g<|
WkHB_
2:7mA
vfff
lU9?
avB:C
]<` o
+R?3
^YYYY
t6Wm/
%8HH
0IL0t{
|9K-
eaAK4
bS={^P;rWJ7cL@0P90$;
+H(TFxXy^
z[ht
arb8^
&q ` C
awB"s
Pw@n
Sg?fWb
pffffgwwwwww
eV@n[M9R?6(0
_wdg6
S Bw,K
k 20
|SQ|g
i,q
iz3@
q}_n
avBF@
-,Xop
iQB)
xO~q8x
GNo!
gqE9C
i| 8
_Ml
WwB=A
ui}5
*D93
3;W"
t1,r
Ya" (
IEND
(%`72t
t- Z
DawHJ
,3~
LO$!
S:YT
?Zdg
m1c2'
q9t9
:P k#
NA7?
nK+f
tPgBR{}
fffffffff
C?CE?@
zd@w
`uD?D
XDr_
ucuE0
adb*Z
!Q)=}5-Y2
09Vw
ocXK
@m@*
YM`G
$lul]H
BL<I
`D,z=
gajBC
>#b/`U
A[%o
^5.g
utOe
iaQ0=P0
awD(K
:yGLT
}r1/
.=8A
4;L:
QFL L
4bo=T
a3B\C
F}6/
7b&aq
x)*e
M#J.
g R
Wwh,#
[kGY
t__a
=Z ]
,b
awS/T
JuO }g
Wu"2BK
Ys!b
SY&U/
i=FX
K84[4
Volatil.Properties
So>9%
1 Hd{
|]pi
kVH?C
kmH9C
p@EXC
dy F
4}qe
`f2$S
lcjmb_
av@`M
](=?
U@4O
[mxa
iOF=
X[ =
\a}J
)rB#
BID8^
P-oC
h_b9C
&WTA
c5AN
vawB9C
\Gn6
QYt&
avB8B
`wB=C
s{"_
EventHandler
avB8C
.O@,
dwB9C
N-|u
^t'DN
dwB9J
pYr-
T5(K
q|qB8_
,-):9
65RX
GpANS
wB?@rb
PY53
V_hg
\;&)
9
{P:m
la K
iC,
A6*3qMX
qC5%
qXih10c
wwww
N'z2T
UtiC3C'%
0f9h
D9O5
AssemblyFileVersionAttribute
WWCP
J;9==
sBIky0
xHz
oy@;A
drG8B
mt$coBo0
/vrP@
q B"
;?P|
Mt'R I?,
MyZQ,
System.Resources
LlE3
_m'G
U2YT
IBw)y
;05K
U# (
IVLv
-"sVu
cFA7u]
6i,%*>
@{yc
7u=V
'0YD
`Sc9C
fffffffff`vwwwx
resourceCulture
;]:?
4r8O
f\_w
awB#C
wK9
m`P?
D8u)
>VLJuxL
Icon
ykS'
Class1
kkS D
w^}B
&4g|
yD9h}BL
I?|gj
?C4)
avB9C
x G&u
YyBW
xM$U
J) cL
Q.LMb
kYQQQMMMM??
jO;u
kISHyy
r?b3
}[92
XQH;@B2
dC`
n+l/
;@Xa
d [P`
A7[ZvNx
sO)
Zl%t
A+(-
Dm"H
0*
W iN%Lz
:~7p
k j]
ResourceManager
wwwwp
QHot
aY3~
$`yiQ
S y 3Tc
r6i
6;>(
g[~.
_\[%
{f2Z
oyL7F
fpBIky0
)>QT /
<R^W
Z!}4
>FQ%
Vx}r
BFu
1QrN
OrS7
J>{c
cwB<C
awBGl
L4<@
xr+J
< ]
sE0L
String
'+#WW
c /A p
h}B}&
e!D
a7B9c
x-FC
uy^r
XnNC
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
&qcC
``W;
<Module>
e_1v9
& )_=
*-D6
, H
K'.;L*
KV;$Hpp
awB1c
o>j1w
tEM}
tK$w
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
`ek1@
ec3Px
uM_j
'{Gg
InitializeArray
gpB9C
*!a *]
Auzi
UEkLL(
$uM4L
w2X7
awB1C
xtX?h
g[ &
6UnET
C?0`
wwwwwwwwwwww
t.W4
pt__a
QjWlT[
cah;k_0
Ua|L
]v<
Pc5VF
\K~>c6
aTBuC
:;ZM+
t[Of
vh1C
jUSVb
gVt^
asS4\
n ucW
raQ-U
EIK!
6\z5B
)-q:
;J\X
kc-_U<(
\hF
I-'`xg&=
K=gfY
kwA$F
zdvK9C
F&(i
Ox :
ti)g
`Yq}3
avQ,G
ContainerControl
Ca9PH.m5
XW:I
`vL>C
!wB8C
5;M&
wwwwwwwwwwwwwww
wwwwwwwwwwwwwwq
|l7~
>nPH
resourceMan
lDwo
?\3
{6"s
%[=2
]Sd
B8Xt0N
x`](k
%KgcLI
Load
#J L
>#\z
j#lga
9tXb
T 0"
nLSqA
,R4I
System.Drawing
)97i
%W%V)<
WPo?kn
c;Pq7
)ZvFn
sjZ+b
kK#J0
Ch!~+
&%{Ey
<5eBy
]C@z
Q:lj
set_Name
$q7k
i 4
(UVE5
d!7)]
Q\GN
add_FormClosed
=.to+
or#kO
ivB1C
Vrs0
]B"s
a}UJ
`YzW
e[E(G
xO Fs
Default
!}{
gK4c-
CnG'
T0kQ
:Hw2
aTB
* +"
STf'
>>B4i]
ijG,Q
F:Gm0
6) H
Fd0x
o^^[[YYYYYV
!s| E
awDGj
3Kg
FK|x
i%oA
0|I&]
ht}%h}
THav#
}SdE
RuntimeHelpers
PGh "uq
v/ Jq1
0bwB
!d 6
Q22fr
O*]kw
U_o2Dl uI
Y u3
C?0O
xv'W"p
>iwv"
;:q
-`D`
#9iiiiiiiihhffYYQQNMMMM????666
; /?N
{P:~Z
c_X9C
C80h
Q*($
(0=<6
nqB
dHa.
A]PU
3?c0
gB '
sw*7
E SL
{f=z
^*f-q
h}x9
rrkA
55Dp
b[ q
MsOA
3zT6
hc?o
lJ-u
/k]O
^R*;%
Pxjz
Vnh?]
Object
B)__
; <jK
K4UI
XqwB9C
vfffffffffffffffff
&~l`
)4_
ComVisibleAttribute
Lk|1
|S0*
&(*!
!JS2
wawHV
-6nP
aO5@(
%WE@N p
$s|>
bwB
}Wu8
_:4<
gY0}
^R8C
x#Y[`
s^J7Q
'{=*
Z w,
!wsC@6
p/q-
aqBZN90
zQN Ty
x*^9
zPOebs8
vffffff`vwwwwwx
EESb
<:3
EditorBrowsableState
l<($<
*~s,
S o
UXwv;T"
.qL/V
NaEB9C
eA Y
ewC:K
L):c
awB6C
h)KFJw9
CultureInfo
?Dcm
b/S`D
"+!'9n
M FL
1.0.0.0
B?Cd
R
adB4c
U_H
k,q+
$/+LB
bz lQ
lo [
/YIn
.!B
ZIj m
_T4od
QtBkC
{H&3
atBRB
`GG
q+-fGV
hhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQO
+{|)
sD>#
x5 hK
a C9C
}OPyP
evC8B
ewB;C
awH2
a*E9C
ueJE6."
h<jG
sRGB
= KS
Zt3d
/aF{
z@<s
{. Yz
\emy
rf`]
q!9C
;'N D
AutoScaleMode
.NV^
D6?8
Ju%9
O!@;
`?f
ZB9E
J)cO
uX.[O!9F
m #T
%k\
uT5,j8
5UHDh
u[[YYYY
8mE zq=V_
szR\
1~jo
QuB C
`wB-C
Y$[6
auBRB
ToByte
o:30
aVB=C
d&.
get_Culture
e%C?C
aaC'B
hhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQOON
.dqH/
MethodBase
Ru2N3
W[L^"Cc
J nuNp
HZ"!
;Z;
j9cm
V l~uN
nsq
M\G7
ZE]#
_.sw uC
Ay9J0
:!]H
wfV(G
~=;j
c i6
y%P5E
dgdgse.exe
aQD9C
bWj`H
!$pF
zaGd;
RRS*QQQwRRS{TSU{UUW{VVX{WWX{ZY[~fee
z64G
# W
i`Q\h^MXf[JXcYFX`UBX^Q?X[O<XYM:XWJ8XUH6XRF4XPC3FZWR
t|%4
8J}$U$
7MCg9
_P(g[
@wB1Co(@
z}}}}
IconData
@Xia6Q@D
7?26
YhPn
[F.o R|l
(8%QV
#F*<
NetL
:gSD
ex[
]E ,
o* d
Z FH
*<nby!i
Ujn,
w;Yh
wB?P
|yWyW
=O= u
lbbb```^^^^[YYYYYVVVVVV
7)'6UJ
b[{`<
<`wB8C
FormStartPosition
!8a[_
S^?g
__StaticArrayInitTypeSize=16
d8} o
cYXC_
6.^,
PJ`O
pgwx
)@Lx
rYi(H
Z<k
8y,V
D/{1
fffffff
nQQNMMM?
` #'K<
1'I4
9&Aj
t<V){V
VO,|8
m>` nB3jf
SwK?3
CuXjoJ
b<-
avBRB
;WyN
ib3B
V'dg*
E*}#d
|s69
%B9B
DSHF
d%#=
dwB;C
a61J&
ojL<D
Z\&"
0~jo
aGB C
,@0a
fff`vfffwwwwww
A:"
zqF@c
^av
[8eq
O\5j
w`[f
&9$
~$[
CZ#i
x!;@
t4S%L
[Z]~XW[{WVZ{VVY{SRV{NMP{IGIwJIK*JJL
jN@
*9rr
~B=P
lx+UY
xcg9
wawD
@o.-76
'Ww [
CQt2
j6b.
Dd<%8
<}7a
-Pc)o4
FOG8
j)V
[B9I
g{BPS 6
m>wh
oVD.
=A*bBU
hhhhhhhhhffffbbb``^^^^[[YYYYYVVVVVVQQQQQONNN
WCBl
awl9C
$;J7
J.E$
j[ @
Cz2!
< 85dg
{}u
9 eY
a}8(G
`v@?E
9d]x
ITVxs
%)))))))))----------------22-)
)B9B
?5(&
X&[@
7<!B
!i%&}
uWi
rFLu
1=R
*z/R3
CC0F
`.rsrc
kjt ;
s+Y
WJs3
7 ^'
VKAQI
rI@@
L8"w
awB!C
/j/EZm
mQ-n
Wf&B
vx<~
_p9.T
VAjl
AwB9C
8._Cv
M |x
<~-*
1CQ:fy
EaMb\
q m&
ffffff`vgwwwww
JDaE]
sV+W
x}4n
'5Qs
set_Culture
RwB9Ch0u
get_ResourceManager
x_
Q` M_Q
RYd62
VRrSh
FKv{2
!cz
AwB95
{ml7
HwL&
Y,OH3
[u~Q
wU?n
)eLt>;
awC"s
&NT&E
~Eob }
yo{bx
DD*(3.
n&Ot\Q
,f]B8S
{[~3
mIwk
P,;0
Y-} J
p<Yo
arC9C
1+U&
vR.>
wO.5
jC9.
-CBm
1D#w
\"=g<
{1ca
+Hi
5wB?e
v#qK
C 0|
.|{L
w4\L
:PX>
u`EM
;];Z
h21O
g"8X.
edB1e
5IQNJ
g f9C
IDisposable
#9iiiiiiihhffYYQQQNMMM????6666
-ERL
mbwBNC
3~jo
ValueType
awBJ
@2W}
z[UE
Gw^?|
0"uS
a;B\C
-d' zi
r|T*O
dU}A
$Nu5
rO,tM
*Yfs
eYB C
C?C>(h
)sh>Z
Yv%+
U?7.dS
/b@l
`dO11
ODD'
+F$Q
C&kCV,
nz Ft%
|rJ)K
&:][]]|4
=Sc9D
Z }"==
mykey
a?JrK
}d h`mLm
uI@(7
4Rm-
s0C|D
:!Mr2t
c0s
$'MA
<+W'
).IUI.Kf&
=$FA\x
OpY#
dYYY
$de"
XY1@D
AXI0
7PlaC
_vBU
rBIky0
FFFJ
bv K
:D')uu
-B9B
gqD9C
66M1
U/Paw
p:b:
<Wwh8
offYYQQNMMMM???
NHJ^9
P%P:
gvC8B
2awB.
hebu=4
?E6VK
```^^^^[YYYYYVVVV
P m4
U8Ou
,*5=
RC0@
QkPG
`wI\
=csBG
oiC?C
eWC8M
seP";
System.Runtime.Serialization
0+am
\] 2/
:B$"^
7z["
vD To
=wB3{
5 /y&K
HR|E
WS-a
3;%$
e m9C
IkU&
z874
zD`.
)\;FS=
l(/n
sm0<
$g9q
T>4&bMA0oVI6{]O:
=j!A
<:z_
`rCWFW$
`A5E
gtZeH
RF93
lEwB9Cm0_
System.Runtime.InteropServices
*f8b
~TZd
6`FC{C
c^[YYYYY
EventArgs
kxP1
\PS<<
]([)
g;hk"
j> o
ajB<B
o Dk
+Wp8
snJ+Z
a40\"
*/|t
c:50
|&9Eb<
[fa"8
a B?C?0F
C00i
)!xWZ
`wB>E
#a+X
0&]nz
!!&&&&)***&
qD d
DQK^
[7Y=
']*#_h
/C#
Awce>3
J"t^
HZm
GwB9Ch08
add_Load
mr/3M
w99a
C]N
DZ7.3
pavM
Ce\I<\
_dp0O
9ch?
&2t
awBYC
(Y
slhP
<`wB;C
kVH?C
/7W1yI=
gZDJ
S?}
9>b
t gyr
9vw O
|RB_
.ICJ
awB}C
OyL]L
OB}ix
!=4T
S 83q
a}d08
awB:C81
(T y
Settings
>B9E
\pXE
a{d9C
awY=A
@uB
A,8
set_Font
iO=f
a}h*s
a'0V
ffff`vffgwwwww
:>^U57
6D^
fffffffffffffff
dwB:C
$3b)
7"1;
a5.V
So-TUI
cD1Ki
AqWc
7~jo
avj`C
Ar2y
FontStyle
0NCL0
mr*}
0@z|
ph8S
A OV
6qn-@
)GA)
2wB3@
b8fF
6f#~
ws2l
-Uw~
n vD*
AyF~m;
`!7Z
UKh3
M$} 7W
Wew
avJK0
agB.C
`6wP
}i p
"6QcJ
q`[P
guC8B
5}p9!
w)NZ>
_\xm
C@0_
get_Assembly
4|my
}BGv_
avC9C
UlCK
BAnh(
bWB>E
6`xC$A40
PAwB
'0V$
a%'^*
a_a
AvC(
,J:t5
cwB;C
36 l
FCTpJ
/b9g!5
?git
set_Margin
l |
pfffgwwwwww
awB&\
lE% 3oyO>
z?`r
10'^ )c^
pfffffffffgwwwwwwwwww
(CD8
hhhhhhhhhhhffffbbb``^^^^[YYYYYYVVVVVRQQQQQON
Aw/^H
E-TI
3!1Y;>
( 2!
o78%
*==%UX
OGbv
y+ F
f)dr
FO5Bc
)j{;
M&}H=
SF(C:i
ewB9C
avL$F
??8g{
AtJ$F
;Lnk1
dE&/
|_QI
v^/j
ulP3&
k^+e
*aqD
8% &
awB:C
0 W^
f 5D
uB9B
<gb?,9
svP;Q
awC4=P0
awH0T
SvDi
6 EI
:?Ahc
pffffffffgwwwwwwwwww
9l!G
T\h?
vfO
xbE#y
,LaB
ugu#
k.o*
s"#@
u%X
cMAt
&E^L
g9oc8
uD@K
#GUID
x2^-
$6@/
awD:0
z@S
C`0l
awC9C
1`,O3C
$;J$
get_mon
xmiihhffYYQQNMMMM????6
}sG*
x8kI
k[B_*
20i0
YWX@
"m)8
PY
kA^#
r`CO
.goO
HawB9C
9+aeXm
s91H
DrC&
H!l;
`wB9C
BJ8S
yB9G
%|N&f
Su/'
4U3#dT&+
`Px D
=wB3{$1
I ;s
`vF?E
aRB9C
^!DB
set_Icon
)Z\
5hu\e
4>kF
zKc]F
C W
B?C>!X
=`2^u
[ pS
\cIIx4
<BZY&
,JaQ
S3lk
h},r
System.Globalization
[
T9;"x
LQRL
wg %C
6QUb)2
p({V
avP K
tawHGQ
n^KfG
XiwB9C
wI;G&
"EXX
?b2p"
pzj:C
)U Z
=(==nMl
awS9C
m ;o
EFx|
ewB:C
IWB9I
5;-)
6(31
['a^
FD7o
uCkO
Naridiqi.Resources.resources
6 H0
'wRx
V-n.
>148
KYBs
dwB=C
GPYV/4
^,B+
~j}QIh-
Nr|
xd7n
kvPmG
_z9MaQ
VAo-
,Ln0*t"/n
~H!|
93O1
he2ab.
18,a
Oha7 ;Cw9
&aTBoC
15.0.0.0
>_sd>
C10`
4{cB
rK!+F= !
irb;B
)0w/;
C10w
C10p
gez<c
-9hf4
d LK
awBqC
ie3B3C_4
l%OH
ZC{Z
Pt~s
+QuZ
X!f:W$
N1rx
W,];B
4 AL
8zwe
| J} d
E
<N6+v<
acA9C
Z\ |o
'V@R
^&t*
a^G9C
I\ .
+'lo
}RX*i
]&/D
7Y-w
rMa|
Kav[
R_<Q
.SM\9=
>B93
.y|n
pBIky0
M( /
o{/_c
I}Y
awB'C
*.(*
B[Ye9H
/'6*Sbt;
)L);
bawB2C
awB9CC1
W2~.g
-Vp2
guB:C
D+1
xQqs
pa{-J#
g|0hC
c[\d
ff`vfffffwwwwwwwwf`vfffffgwwwwwwxv`tfffffffffgwwww@
#J~~~
`5K'Z%
h}qd
>,wj MZ
dNn
fd/M
D 0z
s,sd
aEB$C
z g!
-*>
#5-p
T(!Cf
vfffffffffff
xlro
6`W
h/;T
{{)&!
L>-C
z=&$
B7K_2
System.Windows.Forms
a1FkB
p! $
.Nvj
>B9I
;dwB;C+5
G]YkOa
Nb@-/
.cctor
8 OS*
r?x$
4_&
xadC9C
wB9C
B9I
CMN;5P
a~B8C
Io0T
YenF
~1[p
System.Drawing.Bitmap
T2]}
vtMt
d'm
teo8_
CG<.
3XNJ
S(C0=^-
eO9a
Dua5
1MR,
wH9N
){&#{
Lcy8
`qb8^
-(uN?T%
o-H>;@
GeneratedCodeAttribute
}awB)C
1s[f=tS
o.@T
`wB:C
qh>/
B(Ps5
pffffffwwwwwwwwwwx
7Zbn
aqjXC
+p'KVq
&||z<
e !
qXv\9F
b';5
m k
o-`\J
fSB}C
7kPVE_
SVJ4
atB)S
6B7CB1F76B99023BEFA8EB2B530216F00916E4DF
iyJ1^
`\w$
awB5C
M-tV
vBIky0
Q<>S
| @fY
awk8C
XcwB<CF2
x*$V
R1fj
Uy@f
)nv_5
pgwwx
^r`s
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 20:48:59 2018-06-04 20:51:52 173

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 20:48:59 2018-06-04 20:51:52 173

7 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll
C:\Users\Seven01\AppData\Local\Temp
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui

Read Files

C:\Windows\SysWOW64\ntdll.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui

Write Files

Nothing to display

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW

Execute Commands

C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-04 20:51:18

Detected family: #Ursu

TheSystem Itself @ 2018-06-04 20:56:01