MalScore
100/100
MalFamily
Ursu

ritz.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 24/67 Related 2012
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 354.50 KB (363008 bytes)
Compile time: 2017-08-24 23:49:23
MD5: 7c049e9f1b7f0cfd03611890cc916aef
SHA1: 7b337258cff1b3bf479e46a61355c3ab800847cb
SHA256: 77fd71c1595f72a3ae2a59e8b8a162c84e3a49126fd2d871488037bd9576f331
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-04 05:03:02
Last submission: 2018-06-04 05:03:02
Filename detected: - ritz.exe (1)
URL file hosting
hXXp://narenonline.org/ritz.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-03 23:04:12 [24/67] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x57c94 359936 27455a791fe5e5abc688af704db46463 f910c03661c3bd745d61adef4bdefa817737dce1
.rsrc 0x5a000 0x620 2048 bf7a19b8e2c5f97373b691e668c8c96d 6e8c10ed3add1e14dc9907fa261e880fc00e1f50
.reloc 0x5c000 0xc 512 e193c6e4466ab2d43208a341cd85fb95 990bf0c66cc95726273042ee9e554bfaf5d2acb7
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5a0a0 916 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5a434 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2008 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: ritz.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: ritz.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
nRC
VarFileInfo
FileDescription
sxm
Comments
Volatil.Properties.Resources
Same as in FIleDescription
e2c4a01f-40b1-9d
ritz.exe
How is seen in task manager
Z47
Company name
InternalName
Segoe Print
Random comments
0.0.0.0
1.0.0.0
c755e60e-9ddb-888
c755e60e-9ddb-889
StringFileInfo
c755e60e-9ddb-882
c755e60e-9ddb-883
c755e60e-9ddb-880
c755e60e-9ddb-881
c755e60e-9ddb-886
c755e60e-9ddb-887
c755e60e-9ddb-884
c755e60e-9ddb-885
Assembly Version
FileVersion
Copyright
VS_VERSION_INFO
Form3
Form2
Form1
J7LO&Z
mon
7c7d351e-428c-c6
Translation
OriginalFilename
$this.Icon
LegalCopyright
2008 - 2018. All rights reserved.
bc4519c8-fdeb-060
CompanyName
000004b0
6iL
ProductName
ProductVersion
MP<3C
wB3U
x_JX
wB3P
Z-=kG
wB3\
#xE/T="
k]B*s
t.I4
h?O[
A"-*
gZbJ
M xaD
g[D?,
M2z/8?;K
GbE>
pffffffffffffffffffffff
dgdgse
wB3I
PNG
H@V}
Fg1i
awHV1
K-0US
wB3f
wB3e
h;},
vE-s*a
'6M0
.7em};
^jC;x
#5g]
wB3k
J%&l
wB3i
gL r
awB;C
{9V(
a%'X'
~.]E-V
0'udFx
Volatil.Properties.Resources.resources
f55G
:SP%
=e@3
aGB:B
NcTb("
Y >4
{!Xg'
;S[-k
eiJsW
qVSt
i8h4b
-(rS
ffffffffff
wB39
MqEVd
a4-T3
MK?
;"IsE
aqB#C
6`xC
8i.go3c
ffffffffffffff
=<777775422222,+))))))$
wB3@
cqD>C
Vu^$
&s8&
1659c0d1-573b-79.Resources.resources
FormClosedEventHandler
Aavc
------
WwB9Co0"
%"'P^
ZNl |
HE*/.
kqBLL
*xU;
k>?% D
%l!L)D8
.6M.W
(y=O
bwB4C
a2F9C
,wJ
aqD?E
`fuv1
;@ y
`wB8C
cc9r
Modb!DD
1!(*0
'FYe
o7mJD
>?)Rh
4 ci
VueE P
HmQw
9,no
)8k
E3[=
[1*x
aawBU
[(jNbl
a>(^
]K(@X\.
{f(m
jr?M;
Twy Te
aMLYC
/~,r
wpI[b(
a*B0C
D^q;
yfeB
}<#
a}Q<cM0
RuntimeFieldHandle
_{t3q
c2+f
RkA
]V;x;
~WE#%
0ewB0C/4
=]Cg
a}B8C
L!qb[&
FB9G
c4Fn
-PGb
pE3]O
Z~`|!6f
[ES"
2%-h
DfwB8CJ7
ppT(DpY
2:Z&
ifn8A
8s
q`"W(J
CW,X.
dwB<C
l{ j
2iE|c
CEo\ 1
Z3"k
C7E&9/
c34I
X* .F$
_m-)
gw@?^
LeEK
"5I4
aAB`@
B,<`
E1z(8Pw>
EnableVisualStyles
`vC;E
xAn|e
( H]
w}68o
ewD +Q
C>0I
J14|
kwB=c 1
G#Gj<
La b
BMgO+
' Tq
):(eW
=L.Y
|E3Y
awB*s
5k'd^
:zp\f
l"'l?
}TI{s
w+W+
gp(j
B_$W
U( ,
Qb>B
r?U.K
6wPO
S`M0
UBV[1
vfffff
o ;7+a
@<\`
wB8k
KI>$
a{B8C
a{B8B
~;H
12e)
] VHw
+hX
g(rm
,B9B
AppDomain
p v>
+>E
g\2
v2.0.50727
9CC*
h)jQ
A*0:
9M
}ihhhhhfffbbb```^^^^[YYYYYVVVVVVRQQ
-jl"
?F>iP
a3B3C
#\woiiiiiiihhffYQQQNMMM????666
PADPADP
evC<F
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADxj
Afn0
C2\:
;k+<=q
gH]F/$i
awB8C
&JZ4&
^+q
^Qteo8Q
UNnTe
8 gY QH
;SNp
\Q3!H:W
y)ru
awB8S
-lTj
~t!Qt9
ueeq
Z/>=
VP6XM^
T.hF
_\<zM
fwB9C
F Z{
BCCGGGIIIIIC7777777777CIIIIIIIIHCB
asy9C
F6Z
i3jY
gW@+j
Oh[q$)
ToByte
\aiJ
\/F #
ugp-{2
2Tmw
N k>l_
vT<{
kpD3Q
<P6r
Bz_+B
X~Fkj
gwB;C
A!b5
~Tz3
v&r~
6)|s
@CDhvoU
{-f
aEB C
FuUj
j^Fg
JqX%cR
*2] |"
m/Tt.$
y">4
Control
gH|mC
1p!{
shffYYQQQNMMM????
S(x"c
]$ R
awH2=
Program
-mtn
Q|(3
NS|MD
bWA
a7n;
fffff`vfgwwwww
65r p
F($^
>s1'K
`wB;C
Sd 9W
[GWj
%dhaS
)g,o[_K
c'M
awS;1
&@~49
pawHCR
)s R
Type
5H~ykA
z#},A
5;/i
(T,Y
SNm{
9_N[
C`/lCH@>
QS\@
@Gn|E
:L.wc?
awB\C
PP&u \ b
){L;/
^V1Jv
kdD(E
-a[BnC
Wc 9
get_Default
yd)K
6p @
atC9C
HwB=<
awS;k
hhhhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQO
$@ ~hk
`e[+
hYG/P
ScVR
|r_<K
U!!zE
}: d
^1of
Zutb
vwB?0
1-U'
wUjE
Char
<4D`
*Uo|
VATUp
o]*nB
W1^z
@{m*
?}:mnKkF
Cn0u
a+:0G
c\LRE
hyA*B
rr(C
hJj=
'B.j
GM7e
j a!
~=WbH
%wB9Ch0`
?_FA
f9C
~7l
wt4K G
Padding
;S ;
;xr
7)N+
#'Bl
~k|P
yDCU
%;ao
pI\t
\aEJ
~mhhhffYQQQNMMM????6
H_}9
'.eS!
B75i^
J^x#
=g_Y
^.u1
!h$
xIdJ
TQ[
a3'_*
6'8G
aw]y,
<lXH
a.!}
ff M
b@L*X
2#E:
K&;<
eqr
saOR
PawB9C
nEa]
|yL![
7TA3
n2@*<N
c>an
Volatil.Form1.resources
Q2"p
g:(X
asB8B
:DWq
WrapNonExceptionThrows
JA|3\
QvB;C
a<"tu"
SfM-
R}4!
.text
@VJY
HUpq
NpQl
X!(;
]w!+
GetObject
K%8*
&Cgk
<*~\!
a}b9C
[{G&
B4CT0
}/Dzi$
)zXi
h.AOV
Convert
l2\H
o'lx)
oe|)&
c g
p] u
\LITEW
IjB9I
#plh
m\W>,\0
GEoE
i`~W
I_S
2>C3
i2Z9F[
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
D4KE
|rW+N
FJf\
&c{78
W!\=p
WeRWJN
o^^[[YYYYYV
@Js{
WD:T
e>fG
ojG?C
qOJQq
t Oyc
t!`C
O4*X1
N`jt
;F|Z<
p i
avB1E
EvV`C
_B!
|k^$_
pRwB=ihCw
adB-b
iWA8A
ffffffffff`vwww
PED0
orYO
r:d>7
[g473
<UbWb:K
K:'
{O;)
}B9G
a8IYC
k^^^^[YYYYYYVV
Y*e-
.nTP
)t>VX9
aL0p
bRw $
nct"!
`rb8B
z 8o
a(BoC
"Re"<$
tZ^8
= .C
3HGD
|I>y}
O?a
cuZ$K
E$Y}K
nwB=J
agnI
QvB)C
G`xY"
_>?jO
E=+v/
*ZZOz
-5<@
^f#:
%6K8
wmQ"
4)^8
awj/C
IconData
'bGcn
!(!9+
lhRak
*<yq
]<z<
a}BiC*
w0\"
O ["
`cc9C
vP6p
a,B,3
D|]L
!`3BvEg2
wi8`
pgwwwx
eWC8M
efG(U
eWC8K
^J@
{]& i
hhfffbbbb``^^^^[YYYYYVVVVVVRQ
pgwwww
B8^v0L
%@+>
a;-Z(
awH30
v3NY
LS uR
/|'yj
awF!k
O4-T3
**y=
hfFV
Settings
,2
&b\
GetTypeFromHandle
awB9B
awB9C
K{]@|
Bc lKT\E
bq_'+
B8^|0P
Ug;2u!5=Ry
fwB8C
Mnc!B
sraz
II#d
$+}Nt$
fb``^^^^[YYYYYYVVVV
awB9k
!D9$,
cDBuE
awB9c
J4?6
>(jd
#(2>
fnaW%
dfB}C
gqB9C
`6!n
22`
<3=
o^wd
a}ivD
height
DaS+
yhwf
C?R_~7w
=[.e
gX]y@
d^(_
^e}`
oe/=
m"]u
K_IZ
;s0z!
ri$,^
twI3
e(.E
P##E
$qH(9B
;BdD
u<pr
[$/+
bv}"
z92%G
ya3BLJ
VVVVVVSSFFFGGGGCBBBBB:118887
set_AutoScaleMode
|VO
`wB:C
]6N[
SizeF
t_Xa}
Q I_
awi9C
qB)n
/4s[
A[v&
fX[n`v
=db,5Jx
kuI/O
Gr/i
`&Hn
xmd#
get_RawAssembly
r?b3
^`]6
jz [3
e|oHt
w I&
lyO_
IV:f
/#Bj
dwB,C
7XR,7
a^UFe
85te
%*UO
kG)e8
u>T6
wawDV
`jG$F
wawDK
sj@?J
Volatil
QWy.
3t)X
EFP|g37
ffffffff
: 6J
6d B
3|!Z5w
,wB?P
?( \&
w>{Pn
Main
]5vP
awBqC
}fi"
yqr2#P'
y1 Y^;e
iec%D
AyJW#:
iXq"
Jw/=i
[NC-
7u l:<
+yRS
fu-AC
ajG?D
Ari+
#9iiiiiihhffYYQQNMMMM????66620
get_CurrentDomain
>!VXk
m+#Z8X J
p0t4
K.^j
@:\;
D-ww
fWA8A
mf\xke[x\YW
auC2B
bFY.
awB9C~0
gwB9C
pgwwwwww
$}Z
bY*|o.
@,c^"
q`GT]O:"
iqS<E
F{\gY
vvvB=
Form1
x1 Fjj
(ms,
; x5 "
wwB=R
<A>]
Su_
9:smB
ffffff
v;9V
Zs\
Rg[v
GpC?=i
eCtX
v?AD
7Qg;
JC;
D=F)
zdX0d
GsiQ
NjbHU
a/F9C
C,p~,U
agB"C
awFK
8wJ"
y"]66#
y?1O
E P=
awB(C
%j/V
iq_<K
sFW+n
a1TkU
VB'Y8
mD_^+
w'Z,
"\=9vUmm
OsTsO
zJfZ
y1-f
STAThreadAttribute
agB<A
,@),
set_FormBorderStyle
RuntimeHelpers
U n;-
Form3
IHDR
_IKs
|sHF
HwE>
)W3y
e&C}C
XowB9C
k}H0R
System.Globalization
i #I
:a_B
-\7BU;
&*8p
&o{J`](
IconSize
'gpm)V
6fTB=B
.oj$
|A"^'z
z5=U2p
uwB=J
O%.O
!Iyj
$awH
CbOD$|
aeB8h|0P
& '1
bqPi@
4-]&
2 h9
^g0o
IR]Z
aGLi
EventArgs
|7^Y
Ob.^c!
L<m}
!wB3I
w^^[YYYYYV
5l>
&`Qj
^'"]
SjXy
System.Drawing.Icon
~Z|p
srp*jd
zp"?b
2ve.
9<a06
8E8w
wawDGe
I`B9I
vVbP
!,C 3
buffer
Z_(
S)?_
tM,-n
hT>V
`|BGH
Pu{7
0crC
faTJ
[qGzE
vffffffffff
*?"^|
4Caf
>~3n
K^k!v
=csBG
aBB=C
MethodBase
#Strings
asjlC
~kqy
je 1
awSK0
dq0MQ
IpP]
obLl
MwB9Ch0
egId
B8Z|0]
|sT=
Ffd$
)wTq
w+[h
u"$<
#giO
gb `F
?awB9C~0
*cwB0C
BmYD
vwB=R
S wz
iz6UT
%awB8C
u?5(
6;ld
vwz$
|+20j
abG9C
IKQKoz`
add_FormClosed
}es;E
+B9I
9c9Ux
%tB%0
N<ll
q}}}}}
X?=Xs
460G
a7n9C
=]tW
aWs8
@Bqv2EY
Sw^PW
mscoree.dll
get_EntryPoint
a4-W5
cdbt
?bx
pfwwwwwwx
.m+S
|I'jE/
<ez*2
$uDb
T0V^
k_,h
System
)pqBdV90
aYBBC
\G3B
a4#U/
eWC;K
rUjo'jRJ
eWC;M
G3Z
O\[5
(Y-N?
>,w0
set_StartPosition
y?kP
cuL7I
kZ9?
i)W^
w4X/
fp7Ry
Y 3d
r{SI7}
hqA=T
= Xzp10
d:7Y
x'-|c
+@ E
&^%o=
FWpHG
nll@
<a.W
_g @
V"&u
.O $
YEe5
rw uC
`vC8G
`vC8@
`vC8A
`vC8B
k-_b
Zp7 l
Okav5 /
phhhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQ
U BX
vhkGJ
yz %
RM]A
Yp@5W
}nhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQ
_M| o
ax
,a &N],
^5ED
pFlk<
usmd
`wB7C
aYB C
=>|^?
#NN>F _
pffwwwwwwx
WG06K
g_K9C
PbOQ
ComponentResourceManager
8ZHw
qNM-
felC
v9o<j
kRT?,
_CorExeMain
x;v/
\H<{
7DC-
.C4B
Yq\P a1
RUC<
Qg2~
&*1p
(y&y
/_ a
X8%M
z7@DHDAr|"G
]vmM
q$)P3
@Z+@
DZX/AM
Nbx
0#c
nE 8
Pm)69SB
~[S5R
u]qJr
"%[-
JfFs
8^J<
ghFFNUb9
u[QQNMMMM?
:'bzp.
hW@8Q
m IB
+U/3
+JVl
ucFB
}64p
Uy]m
vffffffffffff
ZwB9Co0
bvL%R|
Aw_:F
pfffffffwwwwwwwwwwx
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
rXxBWz
lJT(-
&2HC
C'0J
7wB3k
lwB?k
Ytde
T _Rd)
) R&
wB3H :
(e37#
q4:X"
*H6|>
,D|_
M(X[
!{v}
C B
5V6
$ E~W
w1\7
ISc}
p{S,
kM #
j{|<
+Zvvn
<TJ!
@^03G
Form
o!wl
A2ew?t
%wB3,
J2OU
xafB
/a+t9C
(ie'_
cA N 4@
oty^kH
PCLG
;wB30
j 9|g
!Yi'
Z@}G
awC*G
awC*H
<JU>
l;2%
2,_
dT+B
[Qi\
@RCU
B"PvU
qlWm
CG0S
='Sw
L \$
w5\&
>od2
vy3B3C#0q
c~C%b
Volatil.Form2.resources
>%*F_
a%#W'
3ZGH
pfffwwwwwwx
*a@BoC
g+[q
XuWAK
c,yE
awB)C
D66
wB?X
X\aziI
QtB+C
?SY0
kqv[
wB?K
| }
) zhr4
Y9C9C
Y$w[
ae3BII_1
%)9
q&\P
D'MB
[37[WM
/L F$[
atB1C
wwB3
>U59j!
wB?k
gqD?C
gqD?E
k,C?
}j*<\
EwB?=
Zh }u:S7~k
Mg(|
\I?\
set_Name
Default
awB?C
xGm.
6 sY
{]WCf
lslWK9=e
aQ8i
rB/[^
]V55
egu bh
+xO>
~=2i
Cb0X
-EF\
atL7_
;dA0{
PJ_q
avBMC
o5-!
Oi '
ApplicationSettingsBase
EwB?k
IHK6JIL
wH9C
~kO@
qUvzhM/
B8Z{0Q
G63hI
#-:"5.
ED,?# $
%'X'
I$]p^
]1nQ
=@Cp'-
#jTWi
:\&_
t5erq
F'<"
!] D
{ Wu
hihC
awS&S
E r<&
~{/Y
avBiC10I
XDwB9C
F}^]
wwwwwwwwwwww
a~B Cx0
cdBNE
~Oz
fAnP
F?Q|)
ValueType
q3T5)
Zv|93#(M{
System.CodeDom.Compiler
eqD?E
GuidAttribute
aRB8Xv0L
==bLh5
SetCompatibleTextRenderingDefault
<C I
"_a#
tup'
=)fo
C^xPDYd
?9MO&0;
iNIy
" W7
ud(I
w]Bx_
0h7*Ej
[U^cbD
ueEr
System.Runtime.CompilerServices
'?V
aoBGC#0
d W
"R{u v
&Vp)
Fwv>\*neh^&
\ 's/c
id[s
yo@0[
#m|w
S l<'
! Y:1I
zP>`
nn-l
nD'W{
)"1Y
qEv.
i6j[
VmG
n\;S
O-n[o+G
6[}S
9XE{w(
~b&O
gtO8U
6C%{a ty
)~o#
+@ 3
fD t
h$P0qh
V/'l2*
i_59C
x0UA
F <
wwwwwwwwwwp
FKO J
#DGf
bg A>#Y
9\ S
hjX
6TDG
6q3GNiF
`k1
iYy.i
dWB+
<1M
u80
R%3Z
k-JT
XNMMMM
c$T~E
a@K7
jfwB?C
!Mw7
C40W
EditorBrowsableAttribute
}aVK*
DtpG
387'
msS3Q
Icon
B.bsf
aWBoC
``|m
t$GY
cqL:E
VewB>CJ4
GxGwd!
B$;J7
Zfo&
E=-@>
8I\]yd
\U7K-
:}v)
3yTi
JEnL
;,A0
\_8&V^<
FormClosedEventArgs
i{d+/
2o"\
YWX@YWX
Uo 8
vB9A
Form1_FormClosed
n!lz"
Rw InR
bO
6]LY
9B\h
2hKX|
<l>B<
Cs0q
cobK
ifGV
`rG8B
@uXv
'[(
(1OR
B9Csu
awS;kR0
ffffffffffffffff
}wB;C
y8c9
B[;q.
({Eh'9
bqPY@
a:8'
Hj+/{
}r<SR
Z_V b
HEMG
-Zl{

51`B@
aw_7K
qfZE
vC>D
"TX~d
wI\=IZ
XowB;C
-CtA_
vB9,
C$0E
poc7
+ B;
Z2X&O
^~
F*|T@
Y*hR
?aLBcC
T }V
C$0T
I.L
2N-Q
:0 wr
add_Load
pffffffffwwwwwwwwwwx
pGh O
mk0\
[ Y2
dwi+
BawH;,M0
SettingsBase
A';P
k-4%L
%-|}
5y"l
bD+Eg
P1.xc
Tw,?
'+A
=}RF
width
\m2%
F,$2
[bbf-
}E@h
IDATx^
Ed0f
CIp'
oORM#
YOzQ
1=f;
Z${p
Data
1dJg}r
#%?TlS
8k
Y:*~Y6
hZF`
eJ'Z
FN=7
g_r*d
~]O;
b~C}C
"awB5C
^#>jb
xtb9M
kg^z
q iq
ckJ%f
n]Eq`Q<J0)
#6P`
@zu2
r_\
"#T ;
|~gD
< t0
X@6!
pHYs
.ctor
rm<v^s
=u<9
k_b9C
8\
r}8X
LFf]+
O)#3
fq-RC
#PTt>g\z
=hlZS!
`5B5C
aVB3h
NCCn
ld IK
aj>o
`kX/nVP
u !
prS=,
V oz6
QwB8
O:vIH2fg
fffff
15.3.0.0
^h5b
G~5>
u<1n^
Resources
Tkgql
ha7r8
J pO&<
bwB9C
N@R@p
nZ@K
wA7)
bwB9F
a>BWC
3I h
<yr}
-* v
]FX
k6E.
QtB*C
84TI
_A*0
A\p`
~YQ9
BZm8
./+eW
yl;W
[\,Vz
I{xP
a}jcC
.wKZo
iyb>Q
jgK`
]JT*
%$Ce
*KYq
S:~PFg
q~Z.
B[wU
a|dCB
Au 9
Array
<4k3m
Eea&
qNMMM
0YKw
B9I[k
b[qB2
@.reloc
(2 }
awBfC
Y zz
+>S[
n|U-
$] -1
'T'MZ
k w9C
cv.P[
^"-$&
IawB9C
bSuz
=??T
0k>A
f1{`bC%
WbIH
kKb
Byte
SaNm
Vt 5
*4=S
rP{@
d2=^
5Tn$
apB4C
XJ"b
nhhhhhhhfffbbbb``^^^^[YYYYYVVVVVVRQQQ
Hg<WG#?
nll@nll
sn_+Z
`-HL
H f9C
^QojP
`sD?E
wfffffffffff`vww
a}6 C
AWh.
"Y8XH3c.
rK3
2DXM>
g!/P
_)Y(#
ZKxW@
\+YG2
wD,Q
fpA+
Xz&k
kbb``^^^^[[YYYYYVVVVV
]k:mn
a}808
w)|N(q{BZ
knjcC
ifffbbb``^^^^^[YYYYYVVVVVVQ
=rU/M
>BXh,
8')A
R<-5C
a}g:,
^4s?
hhhhhhhhhhhhhfffbbbb``^^^^[YYYYYYVVVVVRQQQQQ
)8x"U
;u/:
k}H3J
AuC*C
Qp
pG
PAU
asrd
Assembly
$^-/k%9
6x =3
7DrNu
Y TjRWBnv|V
< Vh
8n!3
pDwB9C
a3B<B
Re8<
y8B~k(
2R!SF
i-x*
~hNW %
3 $#m+
I.B9I
Dk8$
asKBT
asKBU
+-rl
>,O,
GTy8
u S?
*X]m
x6$d
k[CUNC1$
n*DM;
?dP4
9 ,A
}kF9B
eawB;C\0
iu_%E
a6BJC
#Jx~~~
<C5
g +~
;~@?
d z1
p`b@"NM
Z|F6
MxP`
eQ&Ovw
q-]P"
$f&%
RuntimeCompatibilityAttribute
Hhym
awH31y3
$#[p
>*Q)L
IckR
vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vwvffffffffffff`vw
rfT}`
4pp>
+iX8
HaOD
#!PVH
".Qq
}jVv
#tax3
GraphicsUnit
~wB3k
YV$2 "
iySqR
zjiiiihhfffYQQQNMMM????66
td')
byteArray
vUZ\b
?u [*
2Li
6gj#
System.Drawing.Size
vEfs
6B7CB1F76B99023BEFA8EB2B530216F00916E4DF
x6!
dWC;Q
**gA
`wB8C{5
41C3
SB9E
- OX<
\sS+
6h{q@
q09U
a/C9C
_w1ZC
""jy
#ZY"
&?Y%I
{ "$
tvc|
zf.N
]QK]
Q u'
.=aU8
j@0#
Application
OUnNuI
Size
v;xK
nf!
Q O]!dB
awB9CN4
]TFc
#KqJ
#A'9
00 p
wwwwwwwwwwwwwwwwp
=X7~
#wB9C
T~$t
I I}
a}jdC
w~x$
`:Z$
FFH6EEF
|zxS
wB9C
2x<9f*n%
{ !H/\
wB9G
w\CmTj
L~/Q@(
1.X$
aGG9C
%3Wb
System.Security
Q 0<J
`vP$@
(dd
%^=rjQ
ZPVW
uU8 C
,(-J
DZm !
:8pP
awSJ
/B9I.Q
#PL7
4 \h
iQG'
ewC7M
ewC7K
9$:
Wh2+
defaultInstance
awB=C
Volatil.Form3.resources
.a qT
etaH-
E|"
@^"v<
IContainer
yK:l
(q} R
set_ClientSize
`@\ X
D`wB8C21
F9l{
Za*N
5_1jn
(}t L'D
X t
j5Ah q
& \r
j=Wr
|M4S
(/OM
gWB$Q
W<TjB/k
wEuE{
a^ff
2[+D0
-0t!
Cl-U
/VJM
8j
S/@X
}}8
d E%
CultureInfo
e/C?C
sJ&?
=' X
+!Ck0
O=u?
v\A/h
vfffffff`vwwwwx
#Blob
$@jp
_SM9
WgO|
D,s{
V zYY
wZ}mu
]y^4
G P;-
M$v7
[N)N
=@:0
O `c
aeMl
of'(
z^._
-K0[
6Ux6
ResourceManager
9S`8M
HR?}u
RB9G
mCG
E@$w
' Yv
vZq7
tUHwcd
ZUz?
]kA$
wawB1B
-ZS6
DA`.
kqBDR
a}4M
+M|'
u9nV
awDGO
ContainerControl
S{+
+\me
".:Y
)c!-
&zUy
auB1B
iuj)k
i 4
wl]af`u5
O?Np
#Y.,&
awDGj
9+,c
g_ 9C
vff`vffffwwwwwww
k|E?U
[-+
pgwwwww
w_99C
+On{
/ "{
a2B9C
e7i^
arB@F
w[fO
]iQ8
oGk
;nDu
*[Q>
vy3B
K~|s>
f%tq
; Js<%A
Sd4&
0 i
nX
[C0[Ph
[(DZ
sLyb
c/\m
n<]a(
l-/!
a*B8C
R7P]
3H&Z
set_Text
j.8x
`rD4
? *dy
awH&L
C<0d
`4c6
a~/]
:,mV
tawB9C
`vC=E
L~b
aIDATx^
pLRA
$&SH
B8^c0W
{*0
[+q]O
[B9I
pde=
ko93
9Afh<
~ u}w
f&/g
:9m
iwB;C
aeQ9
$+C&
I B9I
>hr,
ax!1
$ d/
B@2jLZ
\h^qD
cG,~
GEEP~|z
*i #\
u6H?C
a!B\C
WYK.
CL0A
B=o D)X
awBA
Yz EQ
:n C
ewB8C 4
G%2?C]
Bb^C(CG3
z}8A
awB9
4>,Mp
a(BpC
C` MQ
J5:%
Xjj1
Z;:8
qwB;C
&o<
9@s+
awB'
lEpH,
JfYL
8rH
A<Fe
qq<(
AvC+
C 0A
bqPIK
I=X) s
X%Q{
,g-Y
~AD?
WIOw
GM>S
qD|b;Q
~\NAb
Close
os+J
,-Hc
yl C7Cm=
.B`pj!
qf)%
RwB=i
/G?K
^ +[7
awC11
#} b
h;!&~)
(QDAe
P k:
r`^^^^[[YYYYYVVV
M=4s
}hJi
a}H?@
q/9C
8A <xI7
1n+2
)%t)
:#q
Z]Wd
\?6(uQE3
P)U &7
}j~M
awSGu
J0B3
awSGk
,};
wB3Ud
c,Pn
o)DF
K +vB|
b*-a
`d gH
PH/;
.fF@
InitializeComponent
C"0R
DAs(q
wi`v"
QvB>C
T<-kg 7
H}Rb
%1{=
nFqTW
b`:h
TIkM
j"0~
`B9G
A%X_
avB<D
'j&e
5 Fn
hcFG
:gu*
C"0q
[rsW)
l{G
*#V+
miY/
/<bj
J;^ n
e]B*s
gAMA
7f[+z(
C 0I
x +D
zv^F
awF(U
2Cr'
awF(Q
lR;(
Y.~N{
AutoScaleMode
b4bZ
awF(D
ResumeLayout
Aq*e
er`7
MarshalByRefObject
K+ e_-
M&P'
:;x7
shhhffffbbb``^^^^[[YYYYYVVVVVVQQ
SuspendLayout
JU@C
.cctor
u;.Cl
08<d
>$M"}s
QtB&C
mscorlib
Z]I8
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
IaB9I
"#y[
-ewB:C
#. D
ioK+j
+)3#
psjSC
8wB3E
2[xn
#haG*
aqj&C
|3wB8k
u`X{r`\fb^
Qx &
sn_>
cwB9C
3System.Resources.Tools.StronglyTypedResourceBuilder
?xz$
K&')7
(Zu@
/OJ[u$
sX 6
awD2h
PQ}UM
+BbdAd
.` NS
R.+1!
)`'
vj+8
$r'G
c#%@
apB$C
#9iiiiiiihhffYQQQNMMMM???66662
O"ew

^W'>2
npK
=ZW"
Rya4"
1CO/w
Pc
System.Reflection
`wBVg
ffff
GavW
@VwB9Cm0Q
JR|
ewB9C
zB9G
Form2
RuntimeTypeHandle
G[SW
-N {
=CO"
:Jz9
S}I
A8' +
{XW.=
)RKS
KwB*s
P8K1
ljCt
auI9@
8jD&
iO5_!3
k}K(k
[sQQB@*
!1co
99e
;-P|O
QrBNB
sender
xPJ
50FO
:m T
BWUBDFE
aWB9C
Ko1%
pxvffffffffffffffffffff
E .4
bai9o$
Vy*i
pb8$
0B.
{ (P
E7uWpT
Object
4eoD
G-P
hWA;S
ZsG[
]Zhy
P)md
Pt i
gKxZ
`oJh
7Z6ps
4qZL
Volatil.Properties
67\
zv(
U5=M
4/tFL
Q]d%
C}7)
I>"N
auB$F
}1h^
2PDO
lI%>U
QG_y
a'B9C
s&7<g
q_ ~
gw\M
aoNW4
ito
psqB
'Iw()
| 6~/
q0 0
g!xh
`hn\ZS
yAyO
awB C
87(`
D.,E0
a}1aC
#Hxxx~~~
g*!+0
H8zz
-j#@
qVTF
\QO-
rfYQQQNMMM???
)Ii5"
aMPYC
&wB9Co(@
cwB8C
aNB#C
}^>2}
Bjel).
agf9C
oawH
<wB3
psS<k
SecuritySafeCriticalAttribute
1Rf{i<
,a32
eMAaQ
V'}!`~
Eu5@X
EYR;
tFgoJ
y~Q
;Pydr
Imi\
sB+P
{h<bEs7I
hmdA
p:EXC
o `~
t ",
mB_4
SguH
get_Assembly
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
wT@J
X$3-
t!?Q
s.K@
5q&R
wB?,a0
z*cX4
hhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQONN
ttoVk
O C*h
xPT9x
sjL+b
~~F9
Mwl9k
crC9C
!This program cannot be run in DOS mode. $
awCV
e_:9C
Mpp'
nQEveJ
`SG`
Lp^"
<W4Q
Q JX
/O>;>
4*E{
7a A
Dispose
Nq6;lM7
aKMCC
A>5|8
g'co
gS0l
=d&B
\a0K7
0%e
otD+
$g%lF
TGu t
lLRH|
"!
fffffffffffffffffff
bKbE
jD5X1e
|Ds@
BIky0
*aYBnC
/X\`
>mxH
7N0*
R1x=
fQqs
y$ <^
v\8C
k*Ol
p(FM
$: j
1hqB
"+JD
VP)`
y=`o
)<ab_z
J!3mF
LT)([
IO/r|
A<YI
hwB9C
6wr,
Mf3I
S^CmM
VOC<c%5
S[av
&MX"cb
i}5A
QS F7
fqjUC
O>,M&
Vhc%
ahE9C
HBv~UY//)
iCac
SIP.e
mFCD
t "T
&&Zr
avI!
G}A'
a!B.C[0@
5)6
xyP~nH
Vfcqa
*wB:C
BSJB
resourceCulture
{p2x
x.f;
)dU8
gvC<F
n8/:P
"ZBM
sfO;,
_=)3Vc
$awB*C
jawH
o_MF
A'7[/
`wB2F
_L\_
a!B.C[0v
pfffffgwwwwwwww
IlNE
vTMM
u*R%
m =)B
n:wx
cZ7w-B
B~P
NpWH]j
bG2z
cg F8L\
"a[<
E*Vx
On=4K
"VCg
cw%eQ
H H9C
E
d g
8|&o
;*mV
Jn+ \
Ab[
oIR2
awiV
GwRuC
kqo?0
@(#a
iQS6
FG}t
VpV@<
F@m*
#=Su
^;pC
cy^1K
@g%
tgg0V
|})8I
n Eh@p!
F8Q.&S4
)peB
U3wB8
}by[
u`wT
7P+]JaX] qk
Q` .>
\{./li
pe5"
N:AL
C:0`
yA9h}8
``wB>E
b6NZ
phwB=
YC>a
cfP^
YR.p!k
B4%s
anBMC50
o rj`
sVYd
86r=
gI6F
KO~'j c
,LQ<2_
/M=>
a_J9C
2j_IO
DZ^8Ta
atB;C~0
KNsQ
A4?P
9h$X
a9'A7
}}"l
}] z&=I
=Q:
dwB4C
U3N^
txfxQ
utLD
A2?(
BH)$
3Y q
~rpJ<
^ 7#
494`
c#_(
@$AG
H| `sh
#~ me
{I"ew
@>Gv
x8Hw^
$yCj^
:p%u
awByC
avB,F
*Mc<
!GsN
)g:J
-=Q=a
i4>a
"J1F
&" }C
kY^(_
iwB9C
;OSV
^D05:
rVH?C
P@5eo
:-]&
z*:P
W$sp|
2xd4
z0^s
a~B!b
.md8
{D Cq
!B9I
components
@kY
8;!X2
/jhrFp^3(
*J2'i.
@\mJ['l
N;.k
evB90
awDKx
I"B9I~
x9Mk-
pDVd
qwB9C
{#O{xqo\y
x?AwGgC
U'=6R
{(:&
%.ou
blH|+!
U!P`
BxH/
SOn_
'_A1!
`l]j
agB*C
bD'xs
aoB7C
VsoE
>o_*
,#~=C
j4K/
2 C0
qmEXC?
7 O\
5Km.
h)KFJw9
,^s #YVK
wO3C
awH*F
bwB C
P#&`O>1/S}
p_A?R
{; ]
7=VmcSh
u]WZ
CompilationRelaxationsAttribute
8kDi
axG9C
Vq 4{U
v^^^^[YYYYYVV
nffbbb``^^^^[[YYYYYVVVVVV
V/y5
Ib:3
4\o w)t
>(J"G@
~V,2
G}#'p
vfff
avB:C
Cb%
fGF\f
^YYYY
Hnq )
,if
g5gqGHR
!s`
bS={^P;rWJ7cL@0P90$;
uY^|e
3gHn6q3
Invoke
Us)"2
arb8^
D#z'a
p3ps
awB"s
FormBorderStyle
pffffgwwwwww
eV@n[M9R?6(0
]EPw
yN =
ckb%
8Xs=
h)Soy
8AAi
avBF@
q&@]
`e"=I
w'uA]h)
gqE9C
Q2r=k
}/*
WwB=A
g{lz
N v)
E?e+
*D93
N 0{]v
3;W"
U2bs
_<cp
s\(i*
IEND
*6#^U
b="b
DawHJ
9+vl
IJHd
*Ia5M
@yA"
i+M<
%3QKOR
fffffffff
C?CE?@
^~}R
r<98
`uD?D
v}}J
7uPV
/O
\]pRQJ
FH^A
System.Configuration
L&=[
D5yw
gajBC
B?C>!X
!@ f
iaQ0=P0
awD(K
-3d.
* [
a3B\C
w)w$
15.0.0.0
03X
0G:'
pqMl
73&aA
ZSMn
t__a
b=;y
=Z ]
5XCqi
awS/T
cXQ;
0H^@~
SY&U/
(Vux
NG%f
p7Mj
:$.gh
;"9M
/yy\
O?5Cy
kVH?C
kmH9C
p@EXC
- 95
jwn;$
60 z
d9 A
av@`M
Unl5]
jto3G
usk*
\a}J
G) E
\<!%
dvKT9
P-oC
h_b9C
0fdIj
vawB9C
@=J
ki+MW}
avB8B
`wB=C
EventHandler
avB8C
dwB9C
MethodInfo
Pk(>r7BI
6D&5
dwB9J
Form1_Load
@8T.Y
{aY,
6#Y_
j6j
q|qB8_
wB?@rb
*k&G;
l^Z=X
@Q.#
uhT:
s/-n o
wwww
F)u__@
UtiC3C'%
1GpX
T$aC
5OJW
AssemblyFileVersionAttribute
sBIky0
NU*
oy@;A
drG8B
[d&qk
#E@G
rxHa
lbS)M
;ltud>
VwxU
{U?cf$
System.Resources
m`kLb
:'M+
P(j6
&^bA
iHAA&
pzj:C
*:-zt
K b#[
_abR
I+i 6
5[7t
5,!xw
`Sc9C
fffffffff`vwwwx
,<eG.
awB#C
S}=Y
/;v7
wK9
k*'7X
+_D/
wh9J
dJ[M
\g>1
U @{
!5h
qm_eA
.d!9w
Class1
yD9h}BL
in<$
w2YA
avB9C
. Jw
^ FD
kYQQQMMMM??
:H(r
^?Rw|
Dwwy[
0#r=73
U4IC
uCnD8
j^G
B(C|6
bLe{Q:
n+~Z
6!Z&
heSF
F;D)
!y'm
*,3
bE%#P^
MIw5!nbI
L~e!
Mykifihaehe.Resources.resources
-2=<
q18A
? m3
ePI~
B01,
->K1
wwwwp
__StaticArrayInitTypeSize=16
"<T;1
( #Z
m}7p{h
Y"b8C
=;E/T
g[~.
Font
jskml;
^Q[1
Q_+
oyL7F
fpBIky0
gI^V
kptz
S]g,n
7 U1
a~1#k'_
R}RJ
cwB<C
5Z,q
awBGl
xr+J
$D>
yRcq
String
# {T
:roD
IRzRJ
DLxG
h}B}&
a7B9c
PLE&
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
3ZJt
Z'EE
TWA9
URtl$
t %f
awB1c
Q-n/)l
L6{w4C
7I4MF9
&^\J5=
op5L
oWnt+qJ
`ek1@
Me.j
3!ou
InitializeArray
n\zw
gpB9C
waQN
V[nB]
U *te
VY!F$
w2X7
awB1C
C?0`
jM+[M
ou0|
~+9*
1<]y0u'K
o ;p k
&V<?]
pt__a
D`S6
cah;k_0
KB-
Xov}d
.Duw;
],b=6f
r{Fl
aTBuC
:&Ju
9}I"
~!x+n0
vh1C
s">"
0b1-2cU3j
asS4\
JT}}
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
`A\spW^
raQ-U
kj{D
J1PE
9'({
:Dy
#5(wR
kwA$F
zdvK9C
=r&)T
:*`i
Jp(~CJ
U&[75U %
avQ,G
ShaC
(7_f
uyl)
`vL>C
i<,0
Nm^+;T
MuarP'
[.\X
!wB8C
5;M&
wwwwwwwwwwwwwww
wwwwwwwwwwwwwwq
DTNS
@wB9Cx(
]DE-G
resourceMan
uk'd
mZ
B8Xt0N
x`](k
$O],
Load
o+ee
c)~P]
z]+5
System.Drawing
5yj#A4
/].`
K^e{
NG*X{
8_;a
>Jk
I{X
ko!;>*2|
sjZ+b
kK#J0
W\ B
m D)
_;HQI
}6ecx
r QaeC;
\H_5
awDGP
@ZPqP
bOd
I7U0Z
.;^t
ivB1C
l_Eb
UuRjp
]B"s
8jH(.]
o"Os8
a}UJ
ob#C;
_QQ%
YFVU
e[E(G
Bit
KY]j
1y&.rrb
aTB
BXh&_
'c ]
:%~Y
sdI;D
dwPl
ijG,Q
F:Gm0
&#~d
Pm=
p/Rj6^`
O+0j
3Pb"
2|t
F.?kx
/\6\
dbFY
<PrivateImplementationDetails>
JH(
Hc<B
PGh "uq
k\M o
0bwB
*P7d:
iwf+
Zf0p
C?0O
+WxQk
s\BV
' 6
S*Ftp>
#9iiiiiiiihhffYYQQNMMMM????666
7BmMw
!Es`l
!p?!]
c_X9C
C80h
*6: z
nqB
-2.[
dHa.
.izs
b&[Z
7P}{,V&
-WNSOG
)};z
5:rLw
(oCs
@u%[
Vnh?]
L !tdnob
2ZRWM
Q1zp%
\JdQ
XqwB9C
I7Q3hn,
vfffffffffffffffff
v<j]
>#X
O]?2
# -Qa
w$9F
Y*c#X:
ComVisibleAttribute
/bw@
V~fa
o;Xf
>>z&:
V)mP
wawHV
0qfg
BpNjY
zA/u
bwB
uQy\R.R
}9}%
q L#
s^J7Q
-IDATx^
aqBZN90
Jp4O
2v%?
~2s0
QvX7
3ZB+Z
mD5u~
h-c$A
biVO
vffffff`vwwwwwx
Dq~!
XW @
pH J
ARF9Q*
5g59
mGDrQ ll
EditorBrowsableState
*~s+
(m$G
)1bc
h3T
"$fr
8czB
,5fA
NaEB9C
J(Yk
ewC:K
awB6C
x*88
b/S`D
_[rf{
1.0.0.0
B?Cd
D]
adB4c
mgJp3{
+t
>M}x
|aYL
C/KZj
b'-$
ZG9T
NxJ1
Z3~9v s
G4C`
|81~
XN
DxDRC
:qeU{
7joI
QtBkC
(rOz
K1T 8
atBRB
Sv 7
rOR*iM
hhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQO
k[hm
tb$}
^r$?[
a C9C
6'oI_&=
evC8B
ewB;C
awH2
a*E9C
j|yJ
ueJE6."
`ti
aS%z_~
a0#8
sRGB
mZ Yi
0/XIN
#U!A
S$!Ix
5# L
x(TdI
lw"3
`F/]\
;*`qj
q!9C
9B" `^
rM]o
/RIl
R-L=
ZB9E
W u[
>5Bd"
w, V
u[[YYYY
i4H2w
P 4qi.
1~jo
QuB C
`wB-C
tu~ws
auBRB
]-,mv
Lt ,x
~_:L
aVB=C
get_Culture
e%C?C
aaC'B
hhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQOON
nW3-
?X+N
J nuNp
EH@L?x
Z}lW
?rF6^(N2
%U)P>rv
0LSD
_.sw uC
6p$%
5#x{
wfV(G
n]&
x{&0
aQD9C
*cg$
!'H
RRS*QQQwRRS{TSU{UUW{VVX{WWX{ZY[~fee
5Z+_
) eY2
i`Q\h^MXf[JXcYFX`UBX^Q?X[O<XYM:XWJ8XUH6XRF4XPC3FZWR
jw_7
@wB1Co(@
z}}}}
9('K
IEvidenceFactory
Q1$p
NetL
ex[
S!ba
a0IB.
dl@Rm
PL`T
2(Dr<
[2,)
O3Mwf5
/tZr
mW1!
gM@M
wB?P
lbbb```^^^^[YYYYYVVVVVV
IgR
Xj>~
+kf7
<`wB8C
_. ,
FormStartPosition
:5 v
d8} o
g?d
+R}KY)
6.^,
F'`q
E]XG
pgwx
)@Lx
^*n1
_( )
8 5 B
aQw3
fffffff
XC)J
6k/O
nQQNMMM?
j3:
r\8u
S+<&r
4F|[?o
v#181
avBRB
ib3B
6cOH
sdim
p8R6RR]
%B9B
*EB#
bi;Lpw
dwB;C
a61J&
ojL<D
rkZaPL
0~jo
w|vP2
aGB C
fff`vfffwwwwww
Hx\$
>S\'
^av
=fv7q
Zm8(
'0{8
'bg
(%H;
x!;@
&j2O
[Z]~XW[{WVZ{VVY{SRV{NMP{IGIwJIK*JJL
Ff%by
~B=P
wawD
fA]a/
LQ+`
&QNH
;:@]
@o.-76
u OeV
EVjyTD
PMlX
g{BPS 6
(%F%
M*mI
Er0D$
hhhhhhhhhffffbbb``^^^^[[YYYYYVVVVVVQQQQQONNN
WCBl
?vm|
awl9C
$;J7
=xXWB
Cz2!
`^_N
]z5L,
a}8(G
_B *Oy
`v@?E
:z8$
h T1
%)))))))))----------------22-)
[k&s
)B9B
aWr_N<
a^G9C
[l;Lh
#8+NS
nCX.u
+{Oa
CC0F
`.rsrc
U;et
iM..
VKAQI
Ei<m
awB!C
DP/-
~FmU
5cd3,
Iz?<M)
e*`V?d
|R!
Wf&B
_p9.T
AwB9C
nUT-
UYl-
*3q
_`'@G3,
k}B3N
/i\1
Ud *
ffffff`vgwwwww
'y:_
Y4_q
Auzi
E `|S
set_Culture
{oBI}f$pD b
RwB9Ch0u
get_ResourceManager
`bgk
^ A\
6 a%@
o#fQ+
FKv{2
RUS?
4?!J
Z)x{
AwB95
=}xGy
g' h-W
pZ(N
RA}0
awC"s
, *|
dRQ+
G=Hd
g:z?
,f]B8S
P,;0
arC9C
|vWI
1+U&
I">9
[nDf4
x yfr
v:# M
_6_]Gx
m`fQ2Sl
/5?N
5wB?e
.NN 6
C 0|
&qs6
KoM/
Q7n&~y
U%CS
68#
< l1
6YB8
AilT
edB1e
g f9C
B@Em
"|qK
#9iiiiiiihhffYYQQQNMMM????6666
mbwBNC
3~jo
awBJ
a2 G
a;B\C
"C Fy
MS4
r|T*O
n[lz6
x,0vJ
S!uq\
<x5{
`2r4
Il%t
N,di
Ic6N
eYB C
C?C>(h
&,vb".
q/&k
`dO11
A#qM
PQ#66X
|`ah
k0K]=(
8 vF9Z
set_Margin
O~oj
|rJ)K
=DN,er
JLm:
Qz+d
1|Ss
by4
13S|e
~x?D!1m
a?JrK
A |Dg.g,
dgdgse.exe
XP_T
>85]
$'MA
<+W'
ES/p
AB *
s@#5
-qvt
hefZ
l3Kt
dYYY
'<{)
iQB)
$HD
rBIky0
yTCa
'`Itg
,wk}
-B9B
gqD9C
66M1
;.S/`
LC$\
offYYQQNMMMM???
h=Qp
{y6~
fI9*Gz-
|]EZ$<$
R3Ta
gvC8B
5}f2
2awB.
$|2:
%Yj&
--!"C
```^^^^[YYYYYVVVV
<0".
~_o~z
52cn
RC0@
`wI\
[X7
oiC?C
!<R}
u(QwQ
ci3B
0 9m{
=wB3{
X-S h
A_W(E
t_Ya~
.3n.
HR|E
tGID'
\8]]6yA
e m9C
uMk}
s%wvE
&<{ML
kujQ
LIz>fxU
oawHMA
2T\4
T>4&bMA0oVI6{]O:
68 (/
tKG[>
]LC
RF93
lEwB9Cm0_
System.Runtime.InteropServices
5|I+
iFyPz
6`FC{C
c^[YYYYY
Odt3%
' !]
X kY
ajB<B
o Dk
.}%
) /Ww
l}{
snJ+Z
a40\"
@Fm
fN+a
] ;)I[
a B?C?0F
C00i
mBpy
`wB>E
q&0
!!&&&&)***&
t+lW
wOS
gCYx
tg|-
=\iBj.6l
3ek,C
!hQC+
SuppressIldasmAttribute
>c.d
GwB9Ch08
=\15
E3(3
MDM
pavM
jp9V
+$saqa
awBYC
<`wB;C
gG$d
d n-
dgrE
kVH?C
"~ZH
5Gj]
gZ\
'`\({
gZDJ
Nh"0
'L|E
^1%/
&" :
set_AutoScaleDimensions
awB}C
gWzE
O|Hu^
y mQ
a}d08
awB:C81
az:[;
9o *sH
(Xca
>B9E
K8 LF
a{d9C
awY=A
n\8_nG
\s(`$?
Zg_41
System.Windows.Forms
set_Font
b./
a}h*s
a'0V
ffff`vffgwwwww
-d6 Ay
!2Va
LG(
fffffffffffffff
/Ul&
dwB:C
OlW)
a5.V
2hA-
7~jo
avj`C
eYl3
nfxg#
6~SN-w
>H;~_
*tl7
Synchronized
ph8S
dq!AE
:vBIky0
jrwl
A!^0<
2wB3@
i2w!HE
+%j-
&5UCf
^\:C
n Y[x
T;;
FontStyle
_-1Gn
E] >
avJK0
agB.C
).iQp
Culture
7"}!>H
q`[P
|'g
guC8B
= N,
C@0_
2zXK
e"p&Tn
avC9C
+$|G2
iqY
bWB>E
6`xC$A40
PAwB
'0V$
a%'^*
hy>
z!)&
M7kj})U
AvC(
p[p^
<Module>
cwB;C
H#u.)
OW
/xGb2!
rjhW
pfffgwwwwww
E`[
awB&\
w` .
C3d
pfffffffffgwwwwwwwwww
4EW}j
9yKf
hhhhhhhhhhhffffbbb``^^^^[YYYYYYVVVVVRQQQQQON
hyj%
Z3%H
wc/R
|Vi
Q~+F
9m3z&
R<?[
zm]S
value
{:R8
< LUT
avL$F
pBt\>
AtJ$F
<7?r
%` B?C"1h
*C.0
,#i
*aqD
awB:C
k[M:K
uB9B
svP;Q
awC4=P0
hrjN`
awH0T
pffffffffgwwwwwwwwww
T-5 Y,
Tg"n
*/+YC
A|Ni
hod%
g9oc8
#GUID
`[GX
9/P%
I'^Ax
$6@/
awD:0
qF0.
C`0l
awC9C
8uWs
1`,O3C
get_mon
qg6k
A+=Y
MP" L
76jh
xmiihhffYYQQNMMMM????6
Ff:y=
thk}
k[B_*
20i0
YWX@
(5\1U
1 8Zb
&x*4K
Zi{^
HawB9C
jxa(
", -
G@O]
McN|
?eKL
`wB9C
fx7T
yB9G
:<Hx
H 3T
Y:;
Us=D
Q7
*g{F
KF ;
=wB3{$1
`vF?E
aRB9C
,V[h
set_Icon
#"40X
R:y1
XCL
22/]SF
-*&
,rTK#
a4 /
,JaQ
iO2P
|JI%
)n/
&p^
Omc:<
(XNJ
nac]3
avP K
tawHGQ
XiwB9C
i>Df!W
=@.Xa
[d{
FWm J~
Rc]x
2+e=W(M
T@4?&hb
[lhe CT
awS9C
f<)e
Uu3c
Z%M{<
p=eG
` \ {9
ewB:C
IWB9I
m>:FN#X
GeneratedCodeAttribute
upC1)
j8}
disposing
F%^J
W8zC)
3Pl+%
B.\`f
dwB=C
fW#w
qmOs
M#J.
1pFYh
La;
kvPmG
GOA0
-3"g
-+Y_::
TK FG
S1r&
L!M^
zKLWz
AGt
lTE9
h3TU8
Oha7 ;Cw9
&aTBoC
C10`
:Ep
irb;B
j]nk
C10w
C10p
p!,{b
gez<c
w,me
ie3B3C_4
:-c>
FQj
$d38baa47-f319-46e6-b3ea-987a9fe7015d
a#O'
CA+UB
.|,:
Qip(
x2ic<VMc
VDgkF
)uB3D
E
acA9C
qZ" >u
op
-m?j
jG[[
& lITt~Y
)y<2a
4 s&
System.ComponentModel
9N#T
K=e"
qWK8t
q8OW
clVt
hV/l
Kav[
Y$>X8
R_<Q
;BVC
>B93
0z,d
pBIky0
5=qBxL
awB'C
.$);M
b<uf
eTgP
rPG#
y>)#<
2^dM=_
bawB2C
awB9CC1
s/oQ@
:C}C
,H#
=GR \
OXn9
_7X!!
>S|#W
guB:C
R (tK4
oc;:
_d!S
2DX <
cFPsv
mykey
|x^a
ff`vfffffwwwwwwwwf`vfffffgwwwwwwxv`tfffffffffgwwww@
N/j#
#J~~~
Gy~a
8t-"
E B
g<g
J vU
-\6b
XfFbl
/alj
aEB$C
]HM*
1?2
F_Ra
vfffffffffff
oVFf
[qNf
4!/f
T3$4
aB4n
-]?f
B7K_2
1z]E
<,&"I
Y#;nE
a1FkB
$</
>B9I
;dwB;C+5
Si)J
Y CPy-
oc0`
xadC9C
_Or
B9I
CMN;5P
k*AQ
a~B8C
Io0T
u5<W
o6O+
System.Drawing.Bitmap
J?yW
'[P
wy $1
WwQ3
d;
teo8_
DZWg
CG<.
IDisposable
f`st_
np V.e
+Q=M
xj/vj
.3H^
&9NAU
wH9N
`qb8^
J3)0
}awB)C
p.k{eEoX
D:
r(~C
vz_E
pffffffwwwwwwwwwwx
3i1@
ReV4
aqjXC
o <u
/-Hm
*L}u[^2
VG9s
qXv\9F
;&N~O
fSB}C
?,zB
wT Q
hQgFS
atB)S
iyJ1^
8Wl|<_k
awB5C
vBIky0
YenF
9>`)
awk8C
XcwB<CF2
z5Ew]
iAg[
pgwwx
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-04 04:59:09 2018-06-04 05:02:02 173

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-04 04:59:09 2018-06-04 05:02:02 173

4 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-04 05:03:18

Detected family: #Ursu

TheSystem Itself @ 2018-06-04 05:18:02