MalScore
100/100
MalFamily
Ursu

nice.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 21/66 Related 2617
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 354.00 KB (362496 bytes)
Compile time: 2017-08-25 04:19:29
MD5: 798b126c3c91770ea6e044e02aa81a97
SHA1: f57ce92d9ab724292ce8a977ba8aa91c105d67aa
SHA256: 51ae3ff9f7bfbcca9e31ae3451530bc1782eadeb3e245c11703e939cd01d5aea
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-04 05:09:01
Last submission: 2018-06-04 05:09:01
Filename detected: - nice.exe (1)
URL file hosting
hXXp://narenonline.org/nice.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-03 23:04:04 [21/66] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x57ba4 359424 abe0999aa166e57970f9535e8bec39eb 6cdd5f124b57d5d1abfb6642cc09e1217db85562
.rsrc 0x5a000 0x620 2048 8975aa042d1ec24cefc2da275d73f9c9 de7940a23a242312f839727c4089523720d34e82
.reloc 0x5c000 0xc 512 73b3568c296d8641e7190cf8865490fd 1fd433df6b8ac60a8e88debde4987a78b8e51eb3
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5a0a0 916 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5a434 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2008 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: nice.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: nice.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Z&Z>7*e(
VarFileInfo
Comments
Volatil.Properties.Resources
Same as in FIleDescription
e2c4a01f-40b1-9d
Form3
How is seen in task manager
nice.exe
Company name
InternalName
Segoe Print
F7@
0.0.0.0
1.0.0.0
Random comments
OriginalFilename
StringFileInfo
Translation
$this.Icon
2008 - 2018. All rights reserved.
msb
838cfd56-4c94-09
Assembly Version
FileVersion
Copyright
VS_VERSION_INFO
sTh
tpW
Form2
Form1
mon
FileDescription
704ad6d0-ee95-1c1
704ad6d0-ee95-1c0
704ad6d0-ee95-1c3
704ad6d0-ee95-1c2
704ad6d0-ee95-1c5
704ad6d0-ee95-1c4
704ad6d0-ee95-1c7
704ad6d0-ee95-1c6
LegalCopyright
704ad6d0-ee95-1c9
bc4519c8-fdeb-060
CompanyName
000004b0
ProductName
704ad6d0-ee95-1c8
ProductVersion
MP<3C
lu5
wB3U
=7PR
wB3P
E,)vFk
5#uO
#LqW
wB3\
k]B*s
ODSN1
gZbJ
g[D?,
m7i8
7Ez4F
pffffffffffffffffffffff
#~8t
wB3I
Q0 _
PNG
2lB"
Fg1i
awHV1
R`Tk
)7yl)
wB3f
L55$
wB3e
TY'*
"6pW
7sy(H[
wB3i
wp,!H
ZPlx
hyM~\o
a%'X'
QOL(
@^8MJi
AutoScaleMode
>%\W
6jAK> L:
Volatil.Properties.Resources.resources
1`I`
8hN%=
6k^]
aGB:B
o Z2
s{M_
-!L#
dgB2
v'G=
fffff`vfgwwwww
}6o7
ffffffffff
wB39
WA).
MqEVd
a4-T3
c4O\J
M.0;
~l 1
A1.E
aqB#C
6`xC
Zyt,as
ffffffffffffff
=<777775422222,+))))))$
]v16
wB3@
cqD>C
sGA^
1)R]
Kc#En
JE7`
Aavc
------
WwB9Co0"
(n}e
NA,
yOt-3w
kqBLL
2?Yg
(~:P
*th>#
a2F9C
dg!2
aqD?E
tFszlZ
.Zg>
b77tm
`wB8C
)|qm
d Kx
09[#&
Ni=
]O|;
e4 Qwg
}i.x s9H, UM4
VueE P
r jn<D
klNu-
aawBU
/Fgp
n8x)
fXFo<
aMLYC
5hot
qY4H
86fC
a*B0C
vg4L
,*9&
3h-y
yfeB
a}Q<cM0
T:(b
J%4i
};(.
0ewB0C/4
a}B8C
k[-:
FB9G
'e%"
]V^<
'E6*
,Dv;
v'W-
{8Qv
nNZ$
GJ}
1HI*
DfwB8CJ7
ppT(DpY
42o]V
2:Z&
ifn8A
hHH |
#W1_3e
q`"W(J
l9g<j
CW,X.
dwB<C
[^92
Hl ;
^`{6
St0@[
@[%K
{^6S7
tDm%
v:?iE
X$T^
gw@?^
LeEK
aAB`@
EnableVisualStyles
H,ak6
`vC;E
|f /
w/\(
BsO+
wB3k
uGvg0C
C>0I
kwB=c 1
o4L|*Mc
o6v'
x2]E
C7fi
u*o1$)
%a2r
~ ~9
awC"s
wRxV
awB*s
:?O8
resourceMan
QttU
NY+]
OKI,1In
K^D=
Nb-O&
w+W+
^/AD
{LhB
WX3u
#1ETB
awB;C
Su_- $|y
HJ02
.rEk
wB?@rb
vfffff
K8Wa
W R_
m+;V
wB8k
6k0 O0
by'Y
a{B8C
a{B8B
*I}{
G%R4
s= b
,B9B
Q8{_Kb
@>`j}>
AppDomain
I<;
.-&2
^|>*]r
v2.0.50727
Ga[
get_CurrentDomain
AGQs
Ey=`m * O
}ihhhhhfffbbb```^^^^[YYYYYVVVVVVRQQ
) o_
V'J:
`c&!
a3B3C
#\woiiiiiiihhffYQQQNMMM????666
PADPADP
evC<F
]" th$
|h{r2S
ctk
9mT*lv
~Ptd
awB8C
rws8[
^Qteo8Q
u2[9M[A
/#_q
>(l]
+:M
awB8S
m[M]
Wg&W
~E1WI
(v<>j
fwB9C
bP}C
Nf W
BCCGGGIIIIIC7777777777CIIIIIIIIHCB
asy9C
|Arb
gW@+j
^(#|
*=lB
I|`Q
Hy %
\aiJ
RDTo
T_4!
zH;*
kpD3Q
bfUr
set_Text
gwB;C
n&UB
:|Dw =
.fb5T
etDb
&9^X
mHvz*\
{ !:_;
aEB C
~F\-5
DNo/
':E/
:z_ ~
mQX1.
S)@
0v-F
Control
qVl~ YQ
D54p
T`B,
shffYYQQQNMMM????
awH2=
J A"I
T}QD
A3]|K?
?YI
n .:
<bb^
p3kh
: `Y.W
-Mfd
oCJSU
`wB;C
ydtB
AcE{
oeG(
qKq=
awS;1
r`^^^^[[YYYYYVVV
OP^e
Type
gwvI
J&u
s^Y@
*8`3
j2DV^t
hKh>
C`/lCH@>
I%V_
awB\C
F^dr
] *-
m1TC$
t]%[E
2ajcS
4w%U
get_Default
atC9C
Urn&*
HwB=<
q_t~
awS;k
hhhhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQO
`e[+
3|u]
xc.=EJa
`x!e
B)![
hYG/P
E/pj
|r_<K
m85
Trj'
G(-_+
4`c^
OC lo
^1of
acQ^
&aE-rA
vwB?0
1-U'
<PrivateImplementationDetails>
Char
Form1_FormClosed
AJO o
Uiwc
:No}
YXG Qg
Cn0u
c\LRE
hyA*B
15.3.0.0
#wXD
/1ay
N+F!Ub
b]nV
_ 2#
tP@9
!H0CS}
bW%2
Dg/[
UG9Wp
p#1g
qx%u
`m /
%wB9Ch0`
d'GP
f9C
c=[5
& 1
pR H
wt4K G
Padding
BkE3
0S>R
System.Resources
=?)!
~+CR!
n=_7u
KV!5
1@uJd9
\aEJ
<HiOhn,
~mhhhffYQQQNMMM????6
k_%O
7zTT_Dv
u 3+g%s
OFKv7
hvxhS
cC(V
IContainer
Ba*8 2
^=+
~'5t
,&F3
01f^o
Og~8
a3'_*
b"g(]
3.+K
aw]y,
|KGC
4cHJP
\fiR
=)*"|
I78A{Z
j%X
0 zwJ
PawB9C
O_83
|yL![
B}(]G
~.eo-
Uve?}V
Nygozhulae.Resources.resources
Da j
s8rPg
4 M#
asB8B
m~_V
m7Z7
Zb~:
N<&m^
QvB;C
D3!D
&-3W
% oE
KLCcko
LS*F9
.text
v@6U
/tSp(
p>Q3
'_(a
P4F0
~(\uC
h'h J
a}b9C
A:Za
< ]_
B4CT0
w7E!2
+t9
h.AOV
3\$]4$
v,E
Vs8:s
r x-
H#6[c
System.Configuration
IjB9I
3:{g
ComponentResourceManager
9 ^+
$&rZ
m\W>,\0
-M{B$3
i`~W
r/>M
V/Zv
${,V
|rW+N
!}9@
{.3s
&c{78
m@uU
c$X`P&
o^^[[YYYYYV
N_G4
QN=-%
Q /|f
ojG?C
4gB2
|f>
O4*X1
(P_6
CS*D
p i
Mp(.
sCuAEi
avB1E
EvV`C
{R*$
F4}{
{Lek
$741609e5-33c7-450d-a37f-df5d10d6bea1
|k^$_
pRwB=ihCw
adB-b
iWA8A
ffffffffff`vwww
m9qf6
oP "
=]N:
gpJ3^
}B9G
WT? Mw
a8IYC
l>Ng
& EX
k^^^^[YYYYYYVV
t#x*9<
wLVU
NetL
<Jn|
x7<
NYIs
+RF1
`rb8B
?Vz+G
w %
[Y +
*qM5
#Ogi
a(BoC
@o4z
UoE<
VE15
~fOWGmQ
cuZ$K
O+&~
ZZXZO
nwB=J
QvB)C
D6j`
hmS)
*ZZOz
bm:o
M* m
V eu
#=T!
awj/C
IconData
!(!9+
O@vX"
lhRak
*s4_>
Qg1{,$
K)K6
a}BiC*
A6)k
J'ofu
w0\"
vCp,
1y_XH?
`cc9C
a,B,3
iRY:
;Z>"
!`3BvEg2
pgwwwx
eWC8M
efG(U
eWC8K
hhfffbbbb``^^^^[YYYYYVVVVVVRQ
pgwwww
y{K[
B8^v0L
a;-Z(
w/ouZ
awH30
kSLa]
#- di
awF!k
O4-T3
L<2
hfFV
Settings
GetTypeFromHandle
awB9B
1ZG^V
77-)
D;^g
j*Ku
z8ED
B8^|0P
n2[ vE
fwB8C
|]i.
H<I6
&=J/
9\YP
fb``^^^^[YYYYYYVVVV
awB9k
:N6*
A/?
cDBuE
awB9c
_5.4
hpGj
>(jd
RG,L
4kNK
6*C]]
dfB}C
y)D<
gqB9C
QN6Hd
3`!\
(=e\
? GV
a}ivD
!ZcJ`"
Y97i
height
ms 6N
/ v
DaS+
o6b@W$
yhwf
u$;C
xR|h
H >zA
# +UR
+T M
d^(_
<j(R-",[
lv8-
V4h^
R@Q?k%
}#8&
H3_,
S9ag3
[a)R
Program
y!TqGX
|N?4
"AoN
ya3BLJ
VVVVVVSSFFFGGGGCBBBBB:118887
!(~fR
`wB:C
8_Ov
t_Xa}
Mw|o
kK|nL
awi9C
ucK!
/\8|
kuI/O
K H6
GsKH
get_RawAssembly
;wB30
N*N'
jz [3
w I&
bwB4C
e[0fW
dwB,C
Q{`-
IF_cJ4
FADK6
u4 <fP
w"/b
wawDV
`jG$F
y*ef6
wawDK
sj@?J
Volatil
O,)#
ffffffff
\'e]E&
3 <|
X' LP
,wB?P
x9Zgd
Main
whKpo
B(C|6
awBqC
lXbju
a Xw
iec%D
!+vb
qt;C
Form2
Uf7E
x|E0
fu-AC
ajG?D
zmo5
#9iiiiiihhffYYQQNMMMM????66620
31~w
c1D)
-a[BnC
fWA8A
mf\xke[x\YW
auC2B
awB9C~0
gwB9C
Q5F#
< ]G
pgwwwwww
zDxH
}>1x_D
@lFi>O
q`GT]O:"
iqS<E
vDK@8
HWn&
Volatil.Form1.resources
dnOm
fG.8
pp9Ec<rN
32`N/
wwB=R
W`PL
"I6L
O%dI
RuntimeTypeHandle
}%PnX!v
`,<W*c
csXD
ffffff
$)E^
(ms%
,E6R
GpC?=i
v,nn
+D=Z2
~5h
G__hQ
g T
a/F9C
agB"C
awFK
%Z <(
9GK
t-&s
k;ohx{e
awB(C
RuntimeFieldHandle
iq_<K
sFW+n
a1TkU
VB'Y8
mD_^+
AH>F
w'Z,
;:t
Sn&/
]{>i
STAThreadAttribute
agB<A
Jj{f
VFbG
tVQb
G?_j
t< P
*LEm
IHDR
Form1
DP&1
%0} Y
System.Security
e&C}C
XowB9C
k}H0R
System.Globalization
Y_x(
:a_B
o0y81
&*8w
J SY
Y 45
IconSize
&*8x
6fTB=B
D^ VtDFM
&*8d
set_AutoScaleDimensions
V-B^(
uwB=J
=&q+
&*8l
YE]5
A!`g
$awH
KRJ3e
&*8k
{6+~
`pW2
aeB8h|0P
EJ [
bqPi@
4-]&
E`<;
R8 E!B
FsWU
[w8T
[_n>B
JuFE
PZHH
UO%ga
!wB3I
w^^[YYYYYV
< Cdf2
1T^wc
\GB(
System.Drawing.Icon
bS A
..>U7
P B>
]~Ud
wawDGe
{/2BG
<8H
v+$K
\WhM:
aT=:
|56b
8vy'
5C/uGcA
`|BGH
D{+%
6cm
0crC
A4U e{
faTJ
Zgwj
Md,`
'rP)
vffffffffff
ZpX0
o _G_
_MEL
lR W-d
@6B/r
(;
aBB=C
MethodBase
#Strings
asjlC
+B$N}
awSK0
'f@`""
59B:
NA|i
MwB9Ch0
Mhe/
$gih
B8Z|0]
@s
<y=5
9v6J\G,
.bi6
JEgaH
?awB9C~0
*cwB0C
3GZ
vwB=R
a "A
9 S_
)q#=
tC~O
d& aO
u?5(
}\6u
Bu[[
abG9C
SuspendLayout
HAs%9
}es;E
+B9I
bY;V<RbI
VwZ*
!w?/
Dl'Y:
q}}}}}
?\H,
a7n9C
YP60
KDOJ
aWs8
Y>9LLW
s}`T
H c]
H3a
$~~`
a4-W5
j2%
pfwwwwwwx
m:I[zF
^-p:h
Kx"mV4
System
#0|p
I`wXhwh$[.
)pqBdV90
aYBBC
^Rv[
lQOW L
, }(
a4#U/
eWC;K
L'T%fu
b;0U
<Da1
Application
mnB_s
>,w0
\[TC
set_StartPosition
cuL7I
)bN !
UU!`
>#dN@g
Fmb&
w4X/
fp7Ry
REOc
t8U*
hqA=T
Amk-
WQ c
p'z!d
{dJL*
+@ E
w^<z
n^'
]X*o8[C
nll@
z" B
tx~"
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
rw uC
gx(j
`vC8G
`vC8@
`vC8A
`vC8B
G~
k~R0
c-Tp
G?B ~
so gg
aL tl
phhhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQ
3Ia7J
d 92
q7//
^Vk/
}nhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQ
ax
!76N i
"\W
l.+"
/5R'J)
PEMVx
`wB7C
aYB C
'B$4
L)[|
pffwwwwwwx
ki)_
Vdz.
*Dd)
9?-u#
R4Vy
EunP
gK@l %
).i9
#r+o8
kRT?,
]eh|
#~Qk]e
=Gv3
7 aO
X 6:1
I`B9I
{Z
FmQt
4KYF
t58L
cx- /
a#EU
Li u:
HUnnz
AOl9
<jCi
q$)P3
Twdf
U9{M
KI;P8
#Xa o
~[S5R
anJx
2uU
uhxm
ghFFNUb9
sh]
o (
28?]
.?s
hW@8Q
mxYb
?GaK
ucFB
vffffffffffff
ZwB9Co0
bvL%R|
Aw_:F
pfffffffwwwwwwwwwwx
J~[D8/
rXxBWz
&l %
!c5~
C'0J
\34%
7wB3k
lwB?k
3Z_nf
IiKmL
G K#J
9 hd
k7T
x$2w
wB3H :
Cn TM
JsW7
W + E
n=c\
s$%
)ShTd
'~3<
UJIa
O8K
w1\7
Tj{Rqm8
U*&X
s_2<
&|b
p{S,
/6*5
h$wJN
"/;G
Form
n)jj
YyJ9
_M#W
]V .
%wB3,
>`ER(9$
xafB
/a+t9C
l)fP
Q@c"Z
xxsG
@(8.O
AMKsrsZ
]) h=H
awC*G
awC*H
h{au
mU35
l;2%
XnfZ
"K!f
NbB[
i'^
(m !
Dn5e
CG0S
2f3be8d5-8480-58.Resources.resources
yr@%
e6r)
8Z
c~C%b
BOcG
s&w\
SJ5m
a%#W'
)x@o
pfffwwwwwwx
udS;
*a@BoC
.Yaz
T1u&
awB)C
wB?X
jQ15
wk*M
QtB+C
wB?K
wi J
ECof
Y9C9C
ae3BII_1
8I^k
`vB]
,ng/2
2>*n
b=Kj7
dCO,?/#
Zg/P
atB1C
wwB3
r"eB
Yk::
wB?k
gqD?C
4>FP
gqD?E
cAE
EwB?=
AszF
R5% ]
C&
j9DEe
d+__
6nqtRc f?
HCRJ
Default
awB?C
XstF
rX=O
wCEq
jlnC
atL7_
19 9
\:99
avBMC
F3Tm!
o5-!
;x 6
ApplicationSettingsBase
EwB?k
IHK6JIL
wH9C
~kO@
qUvzhM/
e?|
B8Z{0Q
?3t&
3 u#
Dt\&
s` 3*
z!q>
EH@L?x
LQyy
M05
?Lo
fm&iN
J};&
@3@Y
awS&S
avBiC10I
XDwB9C
K~nC
a~B Cx0
cdBNE
lK C
T,i(
.$\.
ValueType
RkX)N
MI0G
System.CodeDom.Compiler
eqD?E
GuidAttribute
aRB8Xv0L
SetCompatibleTextRenderingDefault
Qs!.
(wN2
$PN}A
NK]:o
LG<;
]'L u~
" W7
_ z>
) SBng
w]Bx_
:tqs
`$Y1nx9
i ;t
aoBGC#0
5he$}
ac2C;]
;bEl
MY|}U
W)K7
F=NR
aO,<)
yo@0[
%]9o
Resources
C ~9
^m '
xO C
DBh:
Ct'?CU(
=}1?
ftZk
8ue>|
%g/4\
AS!%9
UX n
nr19^{.
M|S'&
.Hy&
%@uo
&tcq6Q4e
Tna$
6ZHi
i_59C
x0UA
gZDJ
K80VVG
/"*`JJ83
SuppressIldasmAttribute
7?.*[h
Kg j0Of
\n#@,
|<h>
8H`o
2mEt
s`+)
K &M
iz)2
dWB+
z`RT
z`s62
*.o
XNMMMM
-y"q
N1 f
aum
jfwB?C
C40W
(!o.
LMs
msS3Q
ICustomAttributeProvider
PZ)"
^-^h_
`N m
@'B9
aWBoC
DIeu
pVQHZ
]+?x
]l
%awB8C
cqL:E
VewB>CJ4
<.w*
B$;J7
zu|e
;lXOK
\U7K-
fV/=
V] ve
l 1-
qnQ;(
4%j4W
c"3K
FormClosedEventArgs
+%&g.
YWX@YWX
bH'
B)GUn
u)y^
vB9A
U@11
FormClosedEventHandler
m@l5)
"quL
Cs0q
J&#9
3?Q^}
C ySs
ifGV
`rG8B
]1
@uXv
K:(G
GB'b'@
awS;kR0
0l\S
ffffffffffffffff
}wB;C
ChS"
bqPY@
t,X{T
f~wC
LQ,OE
hGI&
8;[W\Q*
ca/@
Y'@@
jg 9

aw_7K
c; f
7=
@>=J
I`D'q
q% N})4
XowB;C
^Dd.
Y? +\
vB9,
C$0E
*C}|
z|el
OTwy
<~2*
+ B;
vd a
9Y< z&
?aLBcC
ei+|s
C$0T
/YGKB
:1yW
add_Load
#&5/
pffffffffwwwwwwwwwwx
p`Gj
)'I"K>
[ Y2
G}M.P
BawH;,M0
RE<G
qs0>
SettingsBase
s&1m
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD'
J
b.q3N
Zy+:
H:1/
F -:|
* Sp
-{c\
s+7~L
wq^XBk
dfAIotA
|nJx1"
(xiZ
width
l%-E
N%4=
; QV
IDATx^
Ed0f
sZ{kLD
:G;fLr/h`*
<.fJ
YOzQ
#!7 q
OkWp
Data
9 w}l
dgdgse
?WV8
&/-E
@+8?
~]O;
b~C}C
"awB5C
ftLr+
'Q2Jb
xtb9M
3fB#<D*
R+.J
Ye)=
get_EntryPoint
n]Eq`Q<J0)
b*#7
q:H8N
?D }A
;/iynGkg
#I'>
pHYs
.ctor
%Z#B
k_b9C
7 U~
$S;9~
fq-RC
7H;NV
`5B5C
aVB3h
+PI(
mscoree.dll
SH&u~
.qL:
prS=,
[r O
W iw
^X!'
QwB8
nbN>
}S>
fffff
h&Bsk
Invoke
0PVn
V~gbQo
[H
P7(X
GoJE
ha7r8
q>8
-( ]
Uu-*
bwB9C
JI9%i
wA7)
bwB9F
a>BWC
wZx@c
B!vF,
ld+c
j 6,
O9`BR
QtB*C
0Ie@
b+$LG
$I)]x
k/o:
z7F{r
6 O
\dZL
AY(!
4&/di
G5oq
a}jcC
)&n%8POdP
uwW&
iyb>Q
ii56
lIxH
6k'Y
gW+I
TK9a'Z
,fr
C0.h
Array
WrapNonExceptionThrows
9<EoQl
qNMMM
B9I[k
w P
P]kP
@.reloc
(2 }
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
awBfC
ed6o
36'a
O0b,@
k w9C
/s\^
Nu/#IA
4<kG
IawB9C
Hi'|
0k>A
!yB
|13
l ~(
uj5i7&
Byte
SaNm
r >zg|
\!r a
fVK4
apB4C
nhhhhhhhfffbbbb``^^^^[YYYYYVVVVVVRQQQ
$4?m
nll@nll
sn_+Z
Yca^
Cq^
yf}f
H f9C
^QojP
i,2v
`sD?E
dnBR
fo_Zo
5+ {
wfffffffffff`vww
%z;o+]
a}6 C
]xr]
eWC;M
V|3w
(;.
(AI
u*nL
((aOE
wD,Q
veBx
fpA+
,!QA
kbb``^^^^[[YYYYYVVVVV
{Kv2
a}808
|v_N
sT3;
knjcC
ifffbbb``^^^^^[YYYYYVVVVVVQ
' "!P
a}g:,
hhhhhhhhhhhhhfffbbbb``^^^^[YYYYYYVVVVVRQQQQQ
4G$
<#OBB
k}H3J
AuC*C
N}A
5r3z
|v_j
v9|fO3
X_Lu
}s]
x`<]f
' :9
pDwB9C
|N'k
a3B<B
9:NF*z@k
dfQIir
y8B~k(
.psE
"\} FB[&
$y!_
i \^
I.B9I
asKBT
asKBU
2+9fh
m)l_Ml;
!\6)
>,O,
v6o/
#noY5
?~eV
#OU(
r 6S{
k[CUNC1$
/v%o!
l>N;
M4>y
}kF9B
eawB;C\0
Of`}\&
iu_%E
NTBPb7
a6BJC
#Jx~~~
ve j
z/qBc#
zqQ\T
6qOL
4?~C
&h9Bo
|{",
^B J
,Q]
,lgS
lQ6F[.
uT.g
dxvg})
LKBx
?#,4
awH31y3
z Sz
SE[<
t-9b
Leqn7
IckR
vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vwvffffffffffff`vw
F2?)
avj`C
Assembly
YA{N
$8_F
B?,G
3H*H
E I31-
r`EB
Zo 8
Z]L.
~wB3k
j#0
iySqR
zjiiiihhfffYQQQNMMM????66
IDisposable
E y'
/wBdi
System.Drawing.Size
~4LM4
OZG Z
\n>:
tP`.s
Tl6D
dWC;Q
t%L%
`wB8C{5
41C3
SB9E
ig~!
j{zG
LxJ0
k.<w
]f -
_w1ZC
4:,IZ
Form1_Load
yF;X
!]*_!
[`xn
6v[3
h{cU
Q u'
f_BtL
&(z!
L=%e2
z8[3
r jVk
Size
/F{J
[\Y~
xFE*
!BNG
i t#
awB9CN4
~X>LC
n}}@
!"XMng
!SuF
wwwwwwwwwwwwwwwwp
p<% 3u
0 sy
#wB9C
cwB8C
3R]'
a}jdC
w~x$
FFH6EEF
m|g&
|zxS
f,K}
wB9C
wB9G
?$FK
BLq)eA
7(0-
1.X$
aGG9C
) +h
8F;Yj
`vP$@
Qd7Ws
_Qe
p8R
Q|@9
]RX:
w"_&
w44
awSJ
/B9I.Q
Oe* F
t_Ya~
*msS
ewC7M
ewC7K
<ubs0H
W&4+
$*'I
awB=C
keP$
L;#'
JGWJ
BU,[
#;|D*
Vk9
5IxI
3oN=;
8fIH
6O2=E
a:?B]8
j^}9
8tE'U
htsl
TB` m
*enV
dedj
!q'es
2e
D`wB8C21
{x,i
yXhh
.MAz
X)=X
8x
m:e;
8k;!j
gWB$Q
x\OQ7
FontStyle
8e
?\C2
Auzi
!<:0V
e*\"
g}q0
e/C?C
i&x e
(2M`X
]K:}
v\A/h
vfffffff`vwwwwx
#Blob
>@R:
zQVp
BSJB
'tE+
u>R\
`gN8r@[
?^e/
L?-
XA R
&dVy_
na^z&
<@u|
N H2
R oA -!
|N;$
ResourceManager
RuntimeCompatibilityAttribute
9S`8M
2aW@NK
RB9G
e~Qp
DM//~|
Hy*(l
6q_G
Pz1;
{V c
'&e9
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
wawB1B
B >R.t
kqBDR
raQ-U
B1#J
T6*]
awDGO
ContainerControl
Ju5O
c?f8
c\ (h
w4m)p?X
auB1B
3*mO
i 4
?sW*
L.`!
awDGj
Df$)
]f@X
g_ 9C
)mr %
vff`vffffwwwwwww
/BTE
k|E?U
X}JAjD
?,$.
pgwwwww
w_99C
+On{
\(RfL
yN#eq
a2B9C
arB@F
>N 2
5iTY
vy3B
GetObject
sb*R6Z
0N
'{ ,
0 i
o(ft?
;1=|
*]/n
*ySr7Q
-ilb
Z D UQ
^H;uS "
ResumeLayout
a*B8C
IYbdy
set_AutoScaleMode
ah%/
MK01
-K"|
awH&L
C<0d
c8g+
V'mz
tawB9C
`vC=E
{L)%
><:G:
Q5XY
9pb#.
B8^c0W
a:S N
fZOAMY
[B9I
wvUN
SHyxIpa/
<<-O
x;}^
{ &Y
KjZ 6
iwB;C
aeQ9
;0[
$+C&
tTAn
^W!4
I B9I
8Khb
#V2N
#'o@tI)
K',b
avI!
B*s~;
>)2
GEEP~|z
u6H?C
LOATL
a!B\C
CL0A
_b<=
@KES
f\d0
awBA
/)"n
!Mc{%
ewB8C 4
Bb^C(CG3
"rf;]E
^9:;
awB9
4>,Mp
XfkHnd
a(BpC
n*<n"
Pc/
Z;:8
qwB;C
&o<
GraphicsUnit
awB'
C4id
|rkHH
AvC+
G-K
4<3|6
,rpeGW&
eNoe%k$
C 0A
&*7U
bqPIK
=_=;
$lGG
qD|b;Q
'85`MUk
Close
[xrS'
G/$a
,H4M
yl C7Cm=
G5H
RwB=i
n 9
/6j#W)
a<dc
)640
awC11
<[}E
q7i0j21
}ENZ
pawHCR
cLav
Gx_Fv
a}H?@
q/9C
ll;)
O`7 A0
pH f
D=X
\?6(uQE3
P)U &7
awSGu
N[Sk
awSGk
2 xms,
wB3Ud
ig> .
g_K9C
f+~!
XyDh|
I/:I
d~1P
.fF@
InitializeComponent
C"0R
N?sA
xj*EN 1
%oWH
p^Fp:k
L9iu
QvB>C
M"+z
X< m
rDa%D
`B9G
4kkK
avB<D
6B7CB1F76B99023BEFA8EB2B530216F00916E4DF
C"0q
$cmc
Ga>J
^YS=7
. G}
?\_"
e]B*s
gAMA
q`%H
C 0I
MQ|$
*9bB B
3okc
gWnc
W],(
awF(U
awF(Q
HA55
<2u_R#jY
PcdXE3
<\SN'
te8e
awF(D
^|{
MarshalByRefObject
9jT#
~j:(;
k1qx
shhhffffbbb``^^^^[[YYYYYVVVVVVQQ
Y*'k
,OySRk
.cctor
:Ak^p
9]pZ
(0.L
:RTc
!yc/
set_FormBorderStyle
QtB&C
mscorlib
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
SEF}
7MqP-V
IaB9I
-ewB:C
P7*9
c*;)&\
o&R9
ioK+j
1NJ{G
psjSC
x""9
8wB3E
#haG*
a/C9C
Ie8V{
aqj&C
|3wB8k
u`X{r`\fb^
$/bWd
cwB9C
wGhF~ WCf
6'y|
vV/8
71Rn
awD2h
<zRH
>M&n
CB"*
&g,v35
a`{~
~E_ 9
zeC_
wi-l
n=(}
apB$C
#9iiiiiiihhffYQQQNMMMM???66662
bEQ]
@q;?V
[;V`

CHuh
M;vWF
+(^M2
B?f7
p_7d
Form3
@rOR
I.xRo
"`Pe
System.Reflection
U/8:
`wBVg
ffff
GavW
@VwB9Cm0Q
/ ;O
*ufc
zB9G
h^MQt
Y:#"
Yub;
azw(U
?_;Ti_
^PVaT
:Jz9
_pK#^'
;zBJ-
G&?0#WRc
(d;?
u+RbZ
KwB*s
auI9@
k}K(k
hwa8
;X01
+U}\
K\z~
QrBNB
sender
wZ~q
50FO
R ,)>R:
BWUBDFE
aWB9C
Ko1%
pxvffffffffffffffffffff
zIdu%
p`$
_jDQ
Y%N!
%_:C
bai9o$
kScv%
ldC-
G-P
}IZi?c n
hWA;S
>A,
M a9~v
Pt i
I'Z
0}hxn:
mZ{Z
"{x(
9 Ay|g(
4Je'\]
_nHQ
x p&O
OB;
0/qQ1
C}7)
cQ=7s
auB$F
xmxW#
rv'Ajv
{n60
(gIq
Z}AJ)" }
\.}b
a'B9C
-'3t
`IDATx^
A^ bj
psqB
6C:/94+
#g&!+;
Tz*'>
N=lh
N^W~
}93%<sh
awB C
,g(CMq
HpjP
D.,E0
B9Csu
a}1aC
#Hxxx~~~
g0|
\LN:
b Q;4
wJ| i
a3^y
0\{a
rfYQQQNMMM???
.%]K
'u>~
8 R7
aMPYC
&wB9Co(@
PN.>
9)FE
m= &
NmYq3
aNB#C
WLQ$6B
Ph0b
Cb0X
agf9C
oawH
<wB3
psS<k
SecuritySafeCriticalAttribute
u[QQNMMMM?
km
WY!.
('1`^
lS_~l
sB+P
p:EXC
o `~
_Zg-
>]aD2`|
#T(~.
get_Assembly
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
&WMcC
z%8C
T1n1pa
:i'cW
y U
6!o1]
-j70w
wB?,a0
buffer
hhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQONN
enW`
t 4|
sjL+b
dEr}
C`?
B([R
nI4R
"h7q
X0@Y
'CCoP|
Mwl9k
crC9C
!This program cannot be run in DOS mode. $
awCV
defaultInstance
e_:9C
+G E
phHR
(]f6
{ G{~
\#kU
nQEveJ
F?Q|)
:$j'
[ kf
kdD(E
;@6c
;n=Y'N
-v>
Dispose
~tOd
}w p
aKMCC
b$n?
FxXb
Fo'a
Rgzmc 8
jv
j`96
X<@ln4
otD+
rTtYK
TGu t
(a +
v :d
fffffffffffffffffff
} |
e|;E
_ lc
\| s
G% $
^j|1
\d g
BIky0
~VePi
`!Vt.
C.Eh
G.a>
R1x=
v\8C
h=g?
$: j
5TBOr
1hqB
Vmgs
Dtf5
&yU7D~
X@)[
set_ClientSize
>p:{
Rtp1
System.ComponentModel
hwB9C
V"xS
U((d;K@s
8b7mjn
d4 6
f(V]
8o
w~rBj
Qb&
fqjUC
O>,M&
m*)6
ahE9C
rR#CR
mdHY
AyA"
H:Ek
$6@/
+Q~e
a!B.C[0@
S[4aN
PC9+
4^:`
|uW6
get_Culture
*wB:C
uGq#
)4;d
Q:0A
7x/7
]iA)
resourceCulture
9KvY
S](9QMR
iR b
b{_>
l3Wv
gvC<F
P= )
EJsX
-GV,
.8Ez
$awB*C
jawH
o_MF
A'7[/
,$[@
`wB2F
')opq
+@p<S
a!B.C[0v
A^lWO
pfffffgwwwwwwww
%+Wk
A wu
5 fcQ
vTMM
_Assembly
B~P
`e"=I
>Q'`
bcOA/
F`<(
NA&%
{%
Ujjc
4}|@
(~,b
H H9C
zJG9sa
=)zE
AFg_
n31/
;*mV
V)
h^O)7
O&^KN
4xcg|
awiV
GwRuC
xrNt
kqo?0
V%#;X
e!z<[
CTP*
T3\p]f
^;pC
cy^1K
q.}jY
tjc0
L0*U0"
;:MG
n Eh@p!
*aYBnC
)peB
Lz6y^
U3wB8
;(mb
0TA0
xb<{
Volatil.Form3.resources
$UhS
C:0`
yA9h}8
%nC
``wB>E
>peX|7
phwB=
^VN}
pTmJ
N"/b>
xFv_
WT64D
q[~k
O~[@
anBMC50
{606t
Ur-&
awBGl
y4Ph$=
4y5L
"8 |
a_J9C
bT3;
qdk?
\*H+
mTzX
FXc'
atB;C~0
A4?P
bwB C
a9'A7
|9fY
, .
dwB4C
W 3$
A2?(
|qx
__[fk
MEVDI
GNB
5EHa
RiW6
Kw$r:S
'Swv
jQk9|n
Gn}
EditorBrowsableState
-FvE
awByC
[E1F6
avB,F
esn $
:iY4`
*Mc<
"J1F
%gYX
&" }C
kY^(_
)`n\
3P4/
iwB9C
M{q*
:bi
yX(1k
rVH?C
:-]&
hhlf
\v[@7
?c8V
fa *4
%s'`f\
H&V?
kfTf
p<$
!B9I
9JKx
components
>5E E
3 L*N6
r7|n
ZYJ%
0f%3
@\mJ['l
evB90
awDKx
I"B9I~
t }aF
Wy.q
>Vmb
2O&]
qwB9C
OC[@<
5Kc8
3w2}
^4XU
|N>f
j7io
"Q(Q
(#:,
!Feu&J
~3Y9
;j3{n
ExC6
agB*C
(#;y
Uows~
B Xn
EHj
(FId#
cF$y
2cF-"
qmEXC?
MethodInfo
h)KFJw9
PVc404
<; =
wO3C
<=qol:
6!Z&
P#&`O>1/S}
p_A?R
!u$Q
~ *q0
yr%0B
dS|-
!& '
CompilationRelaxationsAttribute
E2!
1b
axG9C
Ll tg
*mjf
Bv)R
#!#gy
v^^^^[YYYYYVV
u ~k=
nffbbb``^^^^[[YYYYYVVVVVV
Ib:3
1V0X
6i_'NSoq
|/eT
PzP>
E+4G{
pU4a
/x,J
dtgS
F19/
vfff
gh&^
avB:C
$dYe
`|Ck4
^YYYY
Ao~
0l[zz,
bS={^P;rWJ7cL@0P90$;
E! N`
%t#%
arb8^
awB"s
?O0c
pffffgwwwwww
x2vn
<!nt
eV@n[M9R?6(0
znt4
\A`W
W ug
o c^K
#Y9m
do&]
avBF@
U0a
iQB)
4fDa
8OE
gqE9C
U-{h
ofF(W
RU 2
Ss5xx
@7:A8
WwB=A
[K:i
*D93
*tt^9:`
3;W"
cm\C
hf"X
IEND
JeDNMMr|]
DawHJ
>ZvJ
-*+nq
Y*JH
H<;Q
sJQT
@!v#
Qh(Q0E
BO-<
t u,
fffffffff
C?CE?@
!~F
*[g5
`uD?D
<?*H
3/i
vt/q
f `,Q
*Uw[
Viv_
g#gk
rp4T
gajBC
B?C>!X
!Ob!
iaQ0=P0
awD(K
;?<
vWda
Aw6/
F;oG"
#>28
a3B\C
j o6
'ic_q
15.0.0.0
---:]X
-V@x
t__a
y~~-
}cDtF[
=Z ]
HD)c'+
T,&E`!c
awS/T
-)m.V)
}q&c
SY&U/
84@X
OD[!
XVrIy4>.
rB-{
*'12l%
kVH?C
,kz,
EQ1
kmH9C
p@EXC
fE^>o#
,e'~?
Mqh5
av@`M
@h{g)
1#\B
2Rwz
\a}J
UIXC
L<GD
P-oC
wN^(
h_b9C
A`S_
vawB9C
vy3B3C#0q
<5%
.s=:
awH2
`wB=C
?lui
2F 5
avB8C
Ao0\
dwB9C
WA=_
waue
2qA:
dwB9J
!W$`$"
fFP;y
m og@\*
ueJE6."
q|qB8_
-.Qb
a9&,b
W\[R/;{
x( Bi
iVT%0
iyk+
?Cs-
k0tj ~
,D ~x~
wwww
k,s*
emCO6
Hh$,
UtiC3C'%
Xp<B
ck-Z
s ^(CC
Oz j
AssemblyFileVersionAttribute
sBIky0
oy@;A
drG8B
aE9j
brNkd
vnKX
*yy8
<<B>@
nT37'2jq
/-x[s
qyVb
V1 W
7~2N
cGO
mp_L
Ud,[
Vi D
~pV0
:'M+
.3"o
<L0}
. rD
ii^5&
AkP .T[d
y64P
k2.^
5w%S
`Sc9C
fffffffff`vwwwx
s `q
O#/b
y>5P
awB#C
wK9
]`@7Y
cT+\|q
rlqG
Class1
8#39JS,3
bNND
ZGM"
yD9h}BL
* f$
@Ldo
avB9C
1t47$j
mLz\M
2URd
bv*9
d,k1
np;
kYQQQMMMM??
=rI;W
%$7?
rKx3
r?b3
Icon
`1d-
?(5Y
* ;1m
aQUK
HQr \
H45G
>J#H
?gj?
6 8)&
m3,O
YJby
Bc20o
jowHk
wwwwp
__StaticArrayInitTypeSize=16
ApF2
rgZ2
< z*
a~B!b
Tg80:#
g[~.
lG0IV=
e V?9
Font
!.Ir
je9Sn
S4xg
"csM
oyL7F
%[ROl
fpBIky0
U pfL'
a$(x
Convert
q}0]755
9-(y
= 08^
5'M=
cwB<C
%=%p1
cBpI
\e*L?]
xr+J
ON0~
$SrJ
String
ArDg
&`Xi
:u@_
,%*C
_CorExeMain
h}B}&
a7B9c
f ^k
8 $
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
# H8
^:81
*"Rh`
EYe5
M4Xa
awB1c
[In<
)miJ
`ek1@
^,EW7
!1(
f&,_
N@iY
InitializeArray
gpB9C
U!e
<{y'
Uu}L
w2X7
awB1C
19I)M
C?0`
''r&
wwwwwwwwwwww
0 0B
RGl*
xs0
pt__a
t!#S
cah;k_0
~ m
/ZPYV%
aTBuC
p'Sg
wT@$
vh1C
EditorBrowsableAttribute
asS4\
o%{B
b>[m
add_FormClosed
g8J,tO
ij ER
4IDATx^
x]Df0?I-9z
kwA$F
zdvK9C
$fyV
5.[p
avQ,G
~rM|._
Km|T
[~s
JA/$
`vL>C
"W{G
[u]YWG-
'T0kF
!wB8C
5;M&
wwwwwwwwwwwwwww
Fd,z_a
wwwwwwwwwwwwwwq
;su
k I
@wB9Cx(
aj1s
C-Ps[
Xn+B
!f( )
-u9|iK
B8Xt0N
x`](k
hye7YB[
/x,^g
G #I:
Load
RaD<
B:61RG
ncZYS4
.{XC
GY:w
fJo]3Vi
2g*c?]
System.Drawing
V`VQ0
GyqGn@oJ
{xwT
<fW]
[+x9TV
`mkA.9
#.HN"\&
sjZ+b
kK#J0
tf`tI
`mYy
H#=,
set_Name
awDGP
p NL
`Iu8
s; K-
AM{Hg
xC85
G:J}
ivB1C
wwf)
]B"s
EKU"]D
a}UJ
qLk'n
x$k
TJ:f
e[E(G
,|:<E/m
: OXli
s[LAw
xN{i
aTB
ijG,Q
F:Gm0
DqRm
3K~~
'H`
DH"-|
Ls:7
OY?=
"R >
LHg;
/2)A
rg8u%u
Aaj:
R4U
FpB6
&aTBoC
RuntimeHelpers
PGh "uq
AV/W
qOG!
0bwB
I|")
`{g{2
C?0O
"E1`
Ai o
SD/U3HP
27;6
#9iiiiiiiihhffYYQQNMMMM????666
;e W
c_X9C
_puB}
C80h
]%PM
BLx1
Y#A'
OLN
srW=r
nqB
dHa.
4 %x
%%hq
hVrb^
^=MX5
n7~>
_*?e+cw
Vnh?]
Object
&_6/E'
O4(z
wfV(G
&|
g}*y;
XqwB9C
vfffffffffffffffff
aoB7C
bdwk
C{Z^
ComVisibleAttribute
v)JF
3System.Resources.Tools.StronglyTypedResourceBuilder
8afx
o,rU
xSnW
C<fb
wawHV
(&3m
T].IY
x 9
T64g
tQC6
C10p
s^J7Q
k 'c
pjEi
b7$BU[D
)G
aqBZN90
't5
;$ tW
="B
9QZ/
+t0u
vffffff`vwwwwwx
f&;D
Q<$t
;7eg
cfN*
mi>P
s X
>psU^
*~s+
@68&o
(e'Q
NaEB9C
>30P{C
ewC:K
7i6B
awB6C
CultureInfo
pzZ[F
ks0
b/S`D
Mn|o
e}q>
1.0.0.0
B?Cd
J!ny
adB4c
_KBQaH
r@D/
zk 3
t<tC
p&R~
b`>~
4X]PY
) 5Q2
} -0
FI=y\B:]A
awH*F
QtBkC
atBRB
Uh\[
hhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQO
K2h*
\5Wa
a C9C
F`A%
evC8B
ewB;C
%3-E
a*E9C
_[T;
YADaf
sRGB
%'X'
P I
|&5s
M - ]
H ~F
YVon
spR:
q!9C
R:M4
-_"Vqu(izO
`>u]Id
,7au2
]Ibv
ZB9E
0dd7
m,U%
%avp
7x^>
8fj_
u[[YYYY
4/#an
qDBz
1~jo
QuB C
`wB-C
auBRB
ToByte
pU.S
aVB=C
N>_r
*J#%1
e%C?C
aaC'B
hhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQOON
XMf<
BW!7
J nuNp
Y?S
Ty,Z
A]:)
jb&A
l^@~
]CVj>Jc
wzIl
_.sw uC
zBo_
5^HM
gVZ_
0JCC
'k}a
*Sup
^Nxk
Csgp
9 + 29
KZBw
aQD9C
%Wi(
~,fY
g`:;
:rZA7
RRS*QQQwRRS{TSU{UUW{VVX{WWX{ZY[~fee
i`Q\h^MXf[JXcYFX`UBX^Q?X[O<XYM:XWJ8XUH6XRF4XPC3FZWR
^`6r
@wB1Co(@
z}}}}
> q3i
1GB&
k_ -n{F|
ex[
rlNfd ,
R+v
wB?P
1} P
lbbb```^^^^[YYYYYVVVVVV
<j `
>gBJK `
{%KM
<`wB8C
!}S(
R6{Q\
FormStartPosition
d8} o
\PW+h
6.^,
DbHqA
]E x
pgwx
)@Lx
4MW$P
,'x[yJ
J-~ h
fffffff
tab*qP~
nQQNMMM?
NhOF
Q+4+
X9J
j^9_
djT
Volatil.Properties
:}rt
avBRB
=+1@d
ib3B
!sY8#
ZR]o
,kLtR
Pl"dtX{t
2]-X
%B9B
v4wf
dwB;C
a61J&
ojL<D
4i_(b
0~jo
usQv
aGB C
n#5K6
jmh&
fff`vfffwwwwww
IQIJ;
zAC6
aLD881
^av
k(b-G9
x!;@
[Z]~XW[{WVZ{VVY{SRV{NMP{IGIwJIK*JJL
H3SC
}Ns^[
~B=P
wawD
4{N@
@o.-76
"S^{
:>!J
0Dr,
Nx&8?n2
x [t3|
n0v.
g{BPS 6
'PNs
hhhhhhhhhffffbbb``^^^^[[YYYYYVVVVVVQQQQQONNN
V>fOI
WCBl
awl9C
$;J7
#V"~
CStJ
Cz2!
]= :
a}8(G
`v@?E
uEZj
%)))))))))----------------22-)
D %A
)B9B
E^ENO#d
l$|^
~Eu{
Qs 7
Lr5R\
a^G9C
ZclM!
mNQL
CC0F
`.rsrc
TW@"w7
!yE7H
VKAQI
Q>&D
awB!C
7pY%X
@y<Z
[R1pQ
V{{i
T */&6
Z9$z^
^>;Z
e/\
2qC T
Wf&B
_p9.T
AwB9C
2e)$
6y!g
k}B3N
<[QU;
ffffff`vgwwwww
E!Z
4UU*
`L44
set_Culture
RwB9Ch0u
get_ResourceManager
FKv{2
&D X
Ma5/%Mt
AwB95
N e97Xj
6Mozp
? O_pz
7 arR
**XSNKW
zQt4
J*pR
. X
^"(
+48j
,f]B8S
P,;0
Z;X-
arC9C
=s/;M
1+U&
2 u)
zGx[
1"WN
[6=[
~_ a
H5vE
[Whg
5wB?e
2};>
Dd Q
uzKgW21
C 0|
3QKOb
?dN-
edB1e
pH !
g f9C
y`tN9
#9iiiiiiihhffYYQQQNMMM????6666
mbwBNC
3~jo
awBJ
yD-_
`G>[q^
!P.T
a;B\C
oD&0
r|T*O
Ll[K
[Ir;2
a4D
>~Z<!D7
eYB C
}Dm<U
C?C>(h
XqO&N
cMiqgcBzF
`dO11
!(B >
Nh7?!7
D"8za
?bW4^
Md'i
set_Margin
|rJ)K
~;1z
a?JrK
kmC&
?rz7k
wI)x
dgdgse.exe
$'MA
Ri{Wh
<+W'
MasDu
eo&Rx
hefZ
dYYY
>{Q&`
rBIky0
LrN
O0I0g
uAbr
wwq
_EC#
$+6
D?7-
-B9B
gqD9C
66M1
-nLV5
o@?tv
5jC|
offYYQQNMMMM???
+f.;
Qb}s
nnWG
gvC8B
2awB.
0K/9wsA
```^^^^[YYYYYVVVV
hEwGp
t}=)
%>u`
RC0@
`wI\
=csBG
oiC?C
AeK
&!;Q
Mw y
Volatil.Form2.resources
E9zT
Znbf
":[~
eT<~
9>D
=wB3{
(-]D
HR|E
0#,}K
bwB
e m9C
qvJZ
wAbjS@_
D)l+}
oawHMA
T>4&bMA0oVI6{]O:
x{E0
YlxY)
W]%/
RF93
lEwB9Cm0_
System.Runtime.InteropServices
v((
6`FC{C
n}2U
c^[YYYYY
EventArgs
hFQ)
eg$/
fOcA1y
ajB<B
o Dk
~:]}
snJ+Z
a40\"
^DPi
G '^l
a B?C?0F
C00i
O.9J
B%(W9
`wB>E
L}Zn.I*j
!!&&&&)***&
*Nop
Yps{mB
4"%n+
System.Runtime.CompilerServices
Fy .S
NiTC
ABin
TmyC
K/\<
GwB9Ch08
V'n|e
i1x)
oW/)]
pavM
:S,)
3<o#a4
D|POz
awBYC
D~QI
<`wB;C
(ve@
kVH?C
:n(+`lN
wwwwwwwwwwp
R]MX(Q
:te)A`_5
(_Hl8
# V%
M!%C
a{!
h4t{
RB9>
GmoC
awB}C
ql\Zy
b29S
8tRO
"I::
N2np_
&"jW
([P1
ZE3 R
;bck
a}d08
awB:C81
wS<9
>B9E
@5.y
a{d9C
awY=A
IA'0k-
y/o[
dX_z
yEGv N"
T1;o
set_Font
SZR4
a}h*s
a'0V
ffff`vffgwwwww
SI7nH
[^"4'i>
dfg:
}mGS
fffffffffffffff
dwB:C
qLFG
a5.V
OECAY4
.(Rx
7~jo
awB9C
si N
byteArray
~v3Q
\fc}
Synchronized
ph8S
p!O
:vBIky0
(LZ9
Ekp`
\1?E
hxWu
2wB3@
Wc)|
!N%
v_}`
[[ceZp
10e]
crxF'
3sEu
sQ 8
kfP z
<.rE
avJK0
agB.C
AG<_
Culture
A}Qh
q`[P
4mn9<
guC8B
)GS'
7 xZ
'+V >L
C@0_
eb[+
avC9C
FuCs1mn +
bWB>E
6`xC$A40
PAwB
'0V$
a%'^*
cu;&
9{Fn
Z rF
AvC(
<Module>
cwB;C
p\{9
{_ms
^ t
pfffgwwwwww
&cl!{
awB&\
ry_|
pfffffffffgwwwwwwwwww
P6)k_
aauK
hhhhhhhhhhhffffbbb``^^^^[YYYYYYVVVVVRQQQQQON
3X2
lQn+
Vh3<
cz6ox
lb!\lL.
Y/>dY5S
.T=V
value
8=zLq
X {q]
wtqg
SizeF
ewB9C
avL$F
62u|
AtJ$F
Q&LI
[%u4W
%` B?C"1h
yQ>c~
o (d =
*aqD
awB:C
9yW`
p1@Y
\iyd
uB9B
QXo0f
svP;Q
awC4=P0
|b.
awH0T
TY p
NU_z
f_3*>
sp\^
pffffffffgwwwwwwwwww
2PO3
G>h$
8:o=C
jJ=XQ
w.-H
7UwX
H [
T== fCf
[|xO
g9oc8
#GUID
o~aS
-"rS
mZom
awD:0
BYI?
C`0l
awC9C
`o%Q7TK
1`,O3C
>.op
get_mon
|o2S
F5Q]rq
Z\6>*8
xmiihhffYYQQNMMMM????6
n%zw+
mH`bWW
L7m#
k[B_*
20i0
YWX@
Gejz
Dw;?
gG[@~cg
vBY#3
m`I#,
&)d&
HawB9C
ssrI
RwA}
7m?L
+X5~7
#v`
H-oUJ
NCJ4
`wB9C
yB9G
UX(T
@H{:
U|2z
=wB3{$1
`vF?E
aRB9C
+ _i
set_Icon
Hajg
-MhG
+ZQ`
E-n:
%G1pl
) NeV-
Kq+f
,JaQ
ZA,r
avB8B
&&g_S
S6*/
LKgq]
EventHandler
b\5R
FK~
1(Qg
U/>h
avP K
tawHGQ
XiwB9C
Kj;(
pzj:C
css%
kDrd
awS9C
R68EM
lQ'Q
,m
k;8#
]b [
bW/
~Imp
`m@PC
34A<
ewB:C
IWB9I
+$<R
Fyi
IV(z
-Ty:
X3aB
N!;3
w{)j&
disposing
1S.z(
)_Cw
'o`O
l'+]WP
@i{8h
dwB=C
l}{v
M#J.
a+<0
^L.#s
kvPmG
x^@eKFi
^ "(
rKG+Bf
C}%[6 -
_/L
dXN,
wUV'z
-"9'
Oha7 ;Cw9
ZZsL
p$[w
0+;p
C10`
l ]b
irb;B
@]/
C10w
=piSL
<wq,t
gez<c
XCpu
_j|L
ie3B3C_4
f t8
5ub=7
"?CV
x#^w
Rxh=f
?R~0`C
O(4
y*.T
E*a ]mh
#-C/]
R%1C
6uWTC
E
acA9C
+Y<3
.'8U
U47k
JC n
H?f
rU(sY
Tq 9
6Jh
Kav[
R_<Q
r.;<
fI=.
>B93
u-x"R=
pBIky0
awB'C
rF#^$
rUo
yxOp
a#Y!
p]",
bawB2C
awB9CC1
0ydX2V
:<T
,hyF
B,h,
%,FG
\?y >Eqpn
guB:C
b|Sg
Tq9+
`0dq
X%Yf
x(6\
xdvH
"`RN
mykey
J6i\L
u{J%Z9JkoM
Z5 rTNX
ff`vfffffwwwwwwwwf`vfffffgwwwwwwxv`tfffffffffgwwww@
G":Sg
#J~~~
_xZ,
\%qg
6z|3byx)
19w
FormBorderStyle
WEB(x
i/XVW
VYr9l
aEB$C
vfffffffffff
]|mf
p}Q!
'[Bu
V @Ir}*b
`r/r
Ll]c
B7K_2
System.Windows.Forms
a1FkB
nxq
%f^4
i(Awd
>B9I
pVV7
;dwB;C+5
&uwc
S _o
%f}>
CD9I
xadC9C
G`kV
B9I
CMN;5P
a~B8C
Io0T
Ft51
System.Drawing.Bitmap
w|LaX [
SP7/
teo8_
L. r
CG<.
NMyI
G7 H
dS-ph
AlyE
[#aQ
wH9N
`qb8^
fXDQ
-45=
GeneratedCodeAttribute
}awB)C
TWEI
THP"
@+fq/d
=7+s
pffffffwwwwwwwwwwx
5I_vC*
aqjXC
\l8$
z<P^f8VxI
3,`w
qXv\9F
IxUg
fSB}C
tSh+
atB)S
VVH{
iyJ1^
P{F{
9+=b
t[
awB5C
n"b <
vBIky0
YenF
awk8C
c0:e
XcwB<CF2
QltI
G 49w;
66"%
wg:
pgwwx
O7a6
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-04 05:05:08 2018-06-04 05:08:02 174

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-04 05:05:08 2018-06-04 05:08:02 174

4 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-04 05:09:18

Detected family: #Ursu

TheSystem Itself @ 2018-06-04 05:22:01