MalScore
100/100
MalFamily
Ursu

datry.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 22/67 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 356.00 KB (364544 bytes)
Compile time: 2017-08-24 21:04:48
MD5: 93dcc205965b4b90032879b8818727f7
SHA1: b6d7b696d9f31461c42ba3aec5a43f891c547484
SHA256: 27ebe61aac063f5b498d63f8c6b3955fa12be01cfd2a777de1ae706edaa9c3ab
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-04 05:15:02
Last submission: 2018-06-04 05:15:02
Filename detected: - datry.exe (1)
URL file hosting
hXXp://narenonline.org/datry.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-03 23:04:05 [22/67] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x582c4 361472 66ad0ae51877a6ba20ffb38fcb07ff7b b18a7e7721978fd25d10edc8364a3a95074e121f
.rsrc 0x5c000 0x620 2048 a355e21c1098eb2f6bac4b2a011eeb7a b35ee06e4157a478bb0cd64cb4de33b225b3bf1d
.reloc 0x5e000 0xc 512 73a2e0f5ee2b85f96b04bdb31225e778 5d9af17921cbf86bd1ecad783da92d6c16d0611a
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5c0a0 916 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5c434 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2008 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: datry.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: datry.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
tOx
ee115d2f-3bb0-d18
ee115d2f-3bb0-d19
ee115d2f-3bb0-d14
ee115d2f-3bb0-d15
ee115d2f-3bb0-d16
ee115d2f-3bb0-d17
ee115d2f-3bb0-d10
ee115d2f-3bb0-d11
ee115d2f-3bb0-d12
ee115d2f-3bb0-d13
Same as in FIleDescription
e2c4a01f-40b1-9d
How is seen in task manager
Comments
Company name
FileVersion
1.0.0.0
InternalName
datry.exe
Segoe Print
Random comments
eiSyE
?<W
nlC
2df78539-9e5a-4d
3LI
StringFileInfo
bB?,mD
Translation
2008 - 2018. All rights reserved.
VarFileInfo
Assembly Version
ltV
Copyright
VS_VERSION_INFO
sJs
Form3
Form2
Form1
mon
FileDescription
dgdgse.Properties.Resources
0.0.0.0
OriginalFilename
$this.Icon
LegalCopyright
tAu
.?>
bc4519c8-fdeb-060
CompanyName
000004b0
ProductName
ProductVersion
MP<3C
wB3U
wB3P
CH5!
LwN]R`
wB3\
yppp
Rq z'
k]B*s
$*#V@
gZbJ
!r_vfB
g[D?,
pffffffffffffffffffffff
dgdgse
wB3I
x)Z *b
PNG
nR+6
aA/exYb1I
T<!a
Fg1i
&b,Bo
awHV1
l|
x{-V
nMqGe_q
wB3f
qc9N
wB3e
D|Q1
? >O
wB3k
wB3i
QFGN
awB;C
=c'S
UH&
7X`H
c(BT
a%'X'
z]J/
YL~&
GvtG
w s/
aGB:B
'i$H
>U;=
2Aq~
GrEz
# I!
fffff`vfgwwwww
ffffffffff
wB39
MqEVd
a4-T3
:Ii
-Hr'
q"1K
aqB#C
mW44
6`xC
ffffffffffffff
=<777775422222,+))))))$
ukR*
wB3@
cqD>C
V ~t
QEmqZ
'D%RU
F=:(,}B
V[BK
x7rb
nnC_
Aavc
------
WwB9Co0"
l v
8AK W
|>xi
6zWx
SAJd
?ak]
}_+[
kqBLL
4ta2z
]O5A
0YB}
^#s2X
a2F9C
i~ktx
U#:
[! K0
aqD?E
<{sfM
LD%O
=WYQk
`wB8C
:iDt
*y9 m
\}^~q
80RW
,3g
3"1IP
S^`J
dg!W
ykTn
VueE P
F,Yg7
C~z :s&
QkH>
V2.yS
US5z
MrS!
aawBU
u] M
KM=J
HPu#]3
FcDf
?{Dl
PH*n
aMLYC
[QMMN8
#x[S
( @D;
a*B0C
~hC!G
`WP`
Kswm
yfeB
a}Q<cM0
L1edq
A+v&
]1Co&
System.Security
J*=h
0ewB0C/4
J;}_
;j-%
a}B8C
tHZ |P
FB9G
43W"n
t+4[5?
mscorlib
x<wJ
0 {j
%<Lp
k +1
^})>
p"7B,
DfwB8CJ7
4~2
ppT(DpY
X}[9
2:Z&
Ai"=J
ifn8A
q`"W(J
c2,3J
Yyq5
CW,X.
dwB<C
`p: _1\2d
S.;r
8gL)
QAME
sHUg
f9Wt
K7[!xJ
)@W8
>YUg
QLjp>
gw@?^
LeEK
aAB`@
<sS4
Qi)k
EnableVisualStyles
$L&1
`vC;E
b0&F
F/^iR
C>0I
kwB=c 1
>. %
XHXYaF
S4;/
ResourceManager
awB*s
l(E'
%"0V
~5uH(
L|:N.$
CK`e
LBW<
w+W+
~gLI
v6C<
p+w$G
NQ+.
jIFde Qu
HU :U
iVL ,
vfffff
3YI0
!ilS< K
wB8k
:I
a{B8C
a{B8B
Lr6KA8MC
E$=I
X::;
q)T
'ST
Ts&a
dC 5
;aqA
,B9B
+D"DD
AppDomain
9Ck2
(Xu0x
`w/}^
-2c#
y@Jp
v2.0.50727
} ](
yjEXF
get_CurrentDomain
[wl
D$W)
}ihhhhhfffbbb```^^^^[YYYYYVVVVVVRQQ
r aV
a3B3C
#\woiiiiiiihhffYQQQNMMM????666
2 xe
PADPADP
s]=y
evC<F
7q D
}N C
H=7s@=gy
$`WI
awB8C
dxQ@
I>b'
^Qteo8Q
"!mg
>48<
S&("=
awB8S
,ntuU
<M/`Qk
GvwJ
8{#DE
R7{u
ts:
Y3<=
fwB9C
BCCGGGIIIIIC7777777777CIIIIIIIIHCB
asy9C
gW@+j
e(bL.M`
XHqxo
\aiJ
-jHG
Qw31
kpD3Q
dy KK9I
'{[o
set_Text
)%=.
gwB;C
U>|Lk
fEqG
q u
S6 7
aEB C
W2]<
"8/VKWHqI
qVni
h)5]Uu
#Blob
Control
I-_R
w azsf
N^ =[o1
SEBTe6
s'Ow
F6Cd
shffYYQQQNMMM????
awH2=
lHq(
'`{$H
hAy&
dYH:
sUw{
`wB;C
q7i/
mLQ@
awS;1
m}4>
pawHCR
Type
MT6W
uthzGf&
XA|Q
U[
m:zG
WdHB
*fBk
ToByte
zaL
m,TM
C`/lCH@>
PyD+
awB\C
HE;8
kdD(E
get_Default
hj1R
+VK+
atC9C
HwB=<
/-mh
awS;k
hhhhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQO
`e[+
wk.M>g
k&[7
uh{i>h
hYG/P
|r_<K
fu9a
D<@V
^Vv:D
\$o^
^1of
MeH
vwB?0
1-U'
<PrivateImplementationDetails>
Char
Form1_FormClosed
tB2o
rWG0PM
9BHe
%{|~
a{ >
Cn0u
c\LRE
hyA*B
G2!=9`)
)iz'
?E;025
%c;S
}??:
C7g_
f^y~
|bHTex
QI7^
HJ#h
G%u
Al5;
T&/#
M*! 1w
{r"d
%wB9Ch0`
@u`:`&
IM4I#
/xO
G##
wt4K G
Padding
E gI
ZZmC
UkU '/(
"% s
|'tV/
7r0g
M)e]{kG
gQ"[
\aEJ
~mhhhffYQQQNMMM????6
Z[g&sI*
os)^6
8WhD
;k|[
h[]/
[ Y2
+A E
1UeJ
}y@gS
O8h:&
a3'_*
1b%p
aw]y,
9J8r
dX+N
wF6|R
'{vb
EO{1p
0X9X
PawB9C
<\ 7
|yL![
BSRV
iz}<
<'1Y
6`D
D[uC
f_XPn
asB8B
4^`W%
L|Cn
QvB;C
.text
1X0(
%|;"-
ZQSs} \
xDQP!
z~D
>~z>|
GetObject
Y0t:
$3.c
5#Yp
a}b9C
=NQ\L~
ww8Y
uwGP:
c~C%b
10)7
Mmw7.m
h.AOV
[?J
Z} 6
4eQ.
!d}j5
J|2aKU
k:V }
*z(%
Z&J\
System.Configuration
0=fw
:^S5
IjB9I
wWb+3
m\W>,\0
]x$#
d])nl
i`~W
y1;+F
k#w&
|rW+N
-|&-
< jT
|>#N
&c{78
9k$Xl
o^^[[YYYYYV
3.%}
ojG?C
8<0
FE=s[xFP
O4*X1
@_I~
l<gwL
|UI1D
bv1
p i
1L>
W5O;Z
yenP
avB1E
~H\Y{n(
EvV`C
lPM9
"[ #
xCz,
|k^$_
pRwB=ihCw
adB-b
iWA8A
55V
ffffffffff`vwww
dgdgse.Form1.resources
Wk+:&
0<68
/U26#
Lgd{MJ
}B9G
ApplicationSettingsBase
a8IYC
eSL[
k^^^^[YYYYYYVV
NetL
<6D
`rb8B
\ pEJl
Jl[-
a(BoC
&2mYQ
LJ "
(/M;/M
LVlEU`
{Cy\-
KUB{{
8p D;
z[ C
cuZ$K
@WA8<
=GcJ
nwB=J
QvB)C
e$x>
dA.M
f _
v=rQ$
h3b\
*ZZOz
awj/C
IconData
!(!9+
lhRak
a}BiC*
QRt
w0\"
`cc9C
W8n[
a,B,3
IEAM
l7)`K
!`3BvEg2
pgwwwx
eWC8M
efG(U
eWC8K
En Y
7've
|U[D
VW/UC
g$B
m:2WM_\0
hhfffbbbb``^^^^[YYYYYVVVVVVRQ
pgwwww
n RO
B8^v0L
"I+d6
a;-Z(
d6B>U
EB06
awH30
g) NUy
5H]Lu
E MF
awF!k
O4-T3
HNd3
hfFV
~rU}*
<Su%a
2(c~I7l
awB9B
awB9C
zOD!
Tpqh
B8^|0P
u[wK|
fwB8C
I 0}b
4w4KS
3CyUq
fb``^^^^[YYYYYYVVVV
awB9k
,Fq1?f
cDBuE
awB9c
in (
AVwt
py3o
>(jd
cG=2i
@y_2
dfB}C
gqB9C
X \4
E*Yf
J<3S
&l4.:
-H&W$
6!,A-d
a}ivD
height
DaS+
;"wz
T8\bd
yhwf
<% 5
(>%:
x) Z
6ZR5
d^(_
n_^4%
q.DZ
vk8X
:sy:
XwB/
PYCP
J(z/M
CPF\
ya3BLJ
VVVVVVSSFFFGGGGCBBBBB:118887
R 6 E
`wB:C
+y]9:
t_Xa}
i&5p
awi9C
/n wF
'*H:m
kuI/O
4.{\
\h} T
g* 2%
get_RawAssembly
;wB30
96xZ"X
jz [3
cA<'
WS@r
w I&
bwB4C
j\8h^`
rOH]ef161
dwB,C
NGWMq.
G'}~
$"^r
\Y<k
t_|n"-{t
Q;Vi
\<s/ #
wawDV
Mw#0
`jG$F
wawDK
H M@U
sj@?J
set_AutoScaleDimensions
A.x\H
t:V?
ffffffff
R'HW*
\ <M?
,wB?P
0 JD}
blA;
L=q1
awBqC
`U6{l
iec%D
rai
=*(}k4Hc
7]n$S
suMj
K8Rx
/r j
$noC
fu-AC
w% \
ajG?D
#9iiiiiihhffYYQQNMMMM????66620
|KH
mscoree.dll
-a[BnC
2z +
!rxj
fWA8A
mf\xke[x\YW
auC2B
awB9C~0
gwB9C
='Ne
pgwwwwww
*,LK
k[+I
Sdm}&/j
q`GT]O:"
iqS<E
sg>y
WrapNonExceptionThrows
c=\
P L@
7mJ
wwB=R
_!Ng
L]4!
$mY`
.sU|R0ot
ffffff
s9yY
0x3r)p
@]~v
GpC?=i
zF\E
'-.V9
HMUh
e15]
FO8xB
a/F9C
XowB9C
agB"C
awFK
Xgh7R
\1)=
#B55
awB(C
RuntimeFieldHandle
iq_<K
sFW+n
a1TkU
VB'Y8
mD_^+
w'Z,
53(~
a]I"3ms
FepId
STAThreadAttribute
agB<A
*+Qjy
9Y-Kd
|.{-
IHDR
Form1
5}GD
JE~\
.rYI
%\W9
e&C}C
)sW3
k}H0R
System.Globalization
HdRQ3
:a_B
o8Dv
0~]e
U(u|d
IconSize
TRd|N
#;px1L
6fTB=B
iU#20
&*8{
1\U\
RmH:G
mDV*
uwB=J
&*8c
$awH
__StaticArrayInitTypeSize=16
/^nWn0
{~lx
*6d0
aeB8h|0P
bqPi@
4-]&
ZpDj~
System
e8_D
HKvdQ
#st{
fbn2.
*)J}
N4~=
sib[4
!wB3I
bj P
w^^[YYYYYV
]e!+t
System.Drawing.Icon
j')G
6/so27"
+OC<8
_R#G
wawDGe
I`B9I
(q5_W
O $`L
>.>3
;AV%
'9,(
_YHp
E'WHs
.' f
ayl(R
E"t>N
l3_<2
`|BGH
Pf Zc
0crC
@01/
faTJ
* Vh
Bkg5
Qf A
[BN=<
YA|{
aBB=C
} 1E
MethodBase
#Strings
asjlC
dgdgse.Properties
N=.a
awSK0
T5P9&#
MwB9Ch0
%DgE
B8Z|0]
7A>&
C)Ys7
\P w
P,-E
.9P
z^Z`=
?awB9C~0
*cwB0C
vwB=R
30eU
%awB8C
u?5(
z-x
Q;mX O
abG9C
add_FormClosed
}es;E
+B9I
DFTzw
0/-W
q}}}}}
m8tz
a7n9C
F"g`g
KP'(
aWs8
2~8Fe
_E{n
*6z<
ZSuT
Z@;h
a4-W5
Cd`0N
pfwwwwwwx
P"%{
ai.u
Z ;`L
&cQ$1s
Zn;/ .
)pqBdV90
aYBBC
-!,
a4#U/
eWC;K
^zw%
;s.|l
eWC;M
UNTK$[
[p)I
>,w0
q8Yfb
Y3lR
n L)s
cuL7I
8cdy
fd3
RS%_
w4X/
#_Mk
fp7Ry
QM5+
ZX@Ik
02qk
Cz1vlR
hqA=T
7<"0a
WM5Q
c8W
9;[S
+@ E
w 7 '
"Pfr
lgX
nll@
bK dl
)4r:
9Z&mV>z |p
33^"a1n
/ bD
;AsJ
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
rw uC
G(rz
92Ul
`vC8G
`vC8@
`vC8A
`vC8B
Wh/|
phhhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQ
B! s
y=;1
H4v]
}nhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQ
ax
2J L
a&rG
2_#H|
N*cr
`wB7C
aYB C
J!Pa
jri$o
Ca|,
s+ 5
wM\ev
) ~e
Z[T"
pffwwwwwwx
;kzv
'ZLv
R:a8
g_K9C
ComponentResourceManager
X5`~
kRT?,
nc<['d
qNMMM
%Xt?
- ia
Qa"s
Ilads
)[u(
X{ !I<
Q_fw
qWB8
2<Yokw
w5WB
ja1c
lyxN
_(aW
q$)P3
lSS8Z
? [o
"jOn'L
~[S5R
5G&';
o>i.
t],V
nSdI
ghFFNUb9
u[QQNMMMM?
ChT^ )
MaO[
hW@8Q
>Ug
ucFB
d3Y yW
vffffffffffff
b?,?
ZwB9Co0
bvL%R|
Aw_:F
pfffffffwwwwwwwwwwx
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
rXxBWz
Z g+?
C'0J
g Zo
7wB3k
lwB?k
mLG'
?u1U
j m
ec=a
]"/2
Hps
lYS;
wB3H :
dU&6A(
vhtqT
Sx _Ob
Ps@!
Zn?].
yf`/.
P Qc
~}Fv
n`5)
nd,
w1\7
umPx
m/n\
?r<X
\:E5
ahD6
p{S,
0XSE
WV u
Form
X4Ai@
E=nE
ZF0&r
%wB3,
P^D^
xafB
iexP
/a+t9C
3/LtK
, \xx
%o*x|Np
(7l;
voc[5
>6h*Q7
awC*G
awC*H
l;2%
?G6 s
WiD @(
_~kd3
[gqA>
CG0S
~O8 .o
Oyz3
@WJ|&F
4qL@
vffffffffff
vy3B3C#0q
Iv]`
l| :
a%#W'
OQ2B0G`
pfffwwwwwwx
*a@BoC
$bQS
>Zv~
u8LT
" Y
/(\#
awB)C
wB?X
xf
l c%
GfqUa-qm3
-IB7~u*)
QtB+C
@i [v
udpsE
wB?K
Y9C9C
/HYh
ae3BII_1
h~k;m
-oZS
1d nElK
BpU=
wNkV
:JJh(
(fcK
Auzi
C =| '
,(p+d
atB1C
wwB3
d|c00
xD<a.
wB?k
gqD?C
gqD?E
EwB?=
set_Name
{"S{c
:n*|
Default
awB?C
3VeD[
IU E w*
\AWh
!jR0PL
E$"5
z(Zrb
Wmm%
K4>_s
7Gqe
=` j
avBMC
o5-!
?8xF
a-19
EwB?k
IHK6JIL
wH9C
~kO@
qUvzhM/
B8Z{0Q
mj.J
=SZQ
%'X'
JE;x
b#m[d
Fl<>kYl
EH@L?x
CaJy
ResumeLayout
!W@BV
awS&S
avBiC10I
XDwB9C
a~B Cx0
cdBNE
l]43?q@qA
"}W'
ValueType
!!&&&&)***&
EHNF^6^
MqTt
System.CodeDom.Compiler
eqD?E
GuidAttribute
aRB8Xv0L
P]G[
5.Qq
SetCompatibleTextRenderingDefault
V[P-
{~'
9n,Q
k"|lfd
" W7
"Y0f
w]Bx_
uQKk
aoBGC#0
`)%)
nll@nll
r1{|9t
Gm93U
yo@0[
q;&WD
K^y!
"lF^
H:y)
kWM[
1?eT
Bzc
Q#~4Di
bR+W
W,qd
En3as
}Xy&pV
Ah\e\u
i_59C
x0UA
wwwwwwwwwwp
z*g_
DTD
; vZPk
t M
N/3b
1s^9
FormBorderStyle
O@>B
,n/X
3{?HU
-hm@V
EVNM6
dWB+
8e1q
ubz%;
t9Nh`<
N >h
XNMMMM
/"U-.z
t+nJ'K
jfwB?C
C40W
0t S?s
:PX+
<HM%
hYO#
msS3Q
aWBoC
|xq+
cqL:E
VewB>CJ4
%+E{
B$;J7
MfT&
VMAw5
\U7K-
m'9!
jKtm
ZdRS
8rPgwx
z|Z6
r%2+(*$
FormClosedEventArgs
|TkQ
] lp
"t8*
q 0p
YWX@YWX
Xzj+ y
'M@u
q~L'
vB9A
SYF"
ABE@
:=3BH
Cs0q
`l5*
mwLR7
;\rz
ifGV
HRe
`rG8B
@uXv
R1]1b
,UMH
B9Csu
awS;kR0
[< s
% ["
ffffffffffffffff
}wB;C
b^[o
Wbjm
bqPY@
L$]
:[Fu
taKW
-^j(:F*E
8i9n
o {g
D{p1
. wU

lI,u
)F-i
aw_7K
3`|J ?
DtH]
AsP\
J29o
XowB;C
vB9,
C$0E
C h,k
@(X<9
q0[8
+ B;
m,$*w
?aLBcC
C$0T
a.e9
@I+4W
`l]_L
add_Load
/gov
pffffffffwwwwwwwwwwx
H)U}
F?Q|)
(6 iR
G$xD
BawH;,M0
RY1x(
SettingsBase
%>fu
C%~e
ZufP
Q %dG>
<9878
x) 5
QuaY
{8*8
8 +p
c5!^
.JJ*
98s! Xq
width
IDATx^
Ed0f
~N}T
nX,L7
YOzQ
$P*D
Data
BR$q
/hw3
L7nUU
MJ b
8n
\nbWC>
+Dqm+
8f
8d
~]O;
b~C}C
"awB5C
xtb9M
$:&d
get_EntryPoint
n]Eq`Q<J0)
oJ_<
+(bR'
3System.Resources.Tools.StronglyTypedResourceBuilder
pHYs
.ctor
k_b9C
(o. ;x
fYp*ST
fq-RC
D *,6
`5B5C
aVB3h
+{En
k*-Yd
qY@l
} @4
e-!2
prS=,
XPDp
iBVk
^)8u
k`}_
QwB8
fffff
Y$ c
qRg8
15.3.0.0
07TF
$Uws
Invoke
E ]!DK
R".[
Y1"J
%4kQT
z'ml]
ha7r8
oes/+
bwB9C
wA7)
bwB9F
a>BWC
Iv6h
tK l
-0BN @
buffer
QtB*C
5MM^X
ElVVf
K>a$#
UT5et
h,g
a}jcC
iyb>Q
/YSe
le(be
Array
$+ -
bKq
R{\Sfy
6?X(
jZ}
B9I[k
W?4-
@.reloc
(2 }
z1c/
awBfC
8p0<7#};cj
'^N2
k w9C
a#c
IawB9C
6r
4 $G<
0k>A
,WJ6
O"PU
Ut:$
v(X$
J9_I
[Xi%
B| .+^`,
Byte
SaNm
7^hAg
?A XQcK
i 4-8U
P2vV
q(P~
apB4C
nhhhhhhhfffbbbb``^^^^[YYYYYVVVVVVRQQQ
+mvTN
5i A
sn_+Z
H f9C
^QojP
wHRl
`sD?E
/f"6
fq)8
wfffffffffff`vww
C:c
a}6 C
J^ ^
S6&C
QRG/
Dsg;
tM%:Z
wD,Q
fpA+
><gg
kbb``^^^^[[YYYYYVVVVV
lUSK,O/-o
a}808
.E<w
+ gy\c
knjcC
ifffbbb``^^^^^[YYYYYVVVVVVQ
B9O[
G [M
%O4/
a}g:,
set_StartPosition
hhhhhhhhhhhhhfffbbbb``^^^^[YYYYYYVVVVVRQQQQQ
q`I7
p E&<h
k}H3J
AuC*C
wr#s
m',F
so!*
UUd#
)K[U
RSSD
pDwB9C
H]k^
a3B<B
6q|}1I
V=o1}E
y8B~k(
Cm-8PID
yFMe
zVx6
>:yk
ZI'd
I.B9I
asKBT
asKBU
yk 0U:
>,O,
{Q1%
MK!8
%-8I
#Fei
,!Q'
;+MB
k[CUNC1$
9r=@
0^c6
}kF9B
eawB;C\0
1M< :g
iu_%E
W(2&
3n {
a6BJC
#Jx~~~
1-|?7
hvG4
pK qP
tObk
VH86
bIDATx^
:V .
r54+t
M/9
|.^|
SA_M
$Ig# $
q[H6
RuntimeCompatibilityAttribute
awH31y3
=*6{
TkQf
IckR
vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vwvffffffffffff`vw
]|Wg
PW%o
Assembly
f{*dE
YF@bq
z1*
p<(j
% =f:
eWy#_
>BSE
5V48
>DEku
7Ql$o
4~0
GraphicsUnit
~wB3k
iySqR
zjiiiihhfffYQQQNMMM????66
yJUg
v/^U "
j<MLJ
v,Ob
System.Drawing.Size
-jwX
O cNGm@
QSYy=
6B7CB1F76B99023BEFA8EB2B530216F00916E4DF
dWC;Q
`wB8C{5
41C3
SB9E
*h!H|
SuspendLayout
@0"
a/C9C
_w1ZC
1|s%~
Form1_Load
+%8A:]
U *W
=5No
Q u'
8 D=
s<p=O
Size
Z}UR<\
IwonI
WY~l
awB9CN4
A[u`J
tb~D
wwwwwwwwwwwwwwwwp
QjxI
#wB9C
cwB8C
Airw
a}jdC
w~x$
FFH6EEF
3Ie}"4
,Plq
|zxS
wB9C
g =A@
N&]12Fw
wB9G
v{ PY
1.X$
aGG9C
`vP$@
?'(B
k]+L
3\*_
I%ko(
<@tF
:n#\NN
/u]'
1gY,n
awSJ
/B9I.Q
s=%Z
qD6[
t_Ya~
)Fo1
ewC7M
KtZ}x
ewC7K
DiI(
4MDn
XC>H
awB=C
d09q!6/
\ug9?c
]98
t }~q
N?Yh
$fd2cdc73-b954-4765-8936-9a4960d8587f
UXhq
IContainer
:P4
+%^}
jB6,
Z\0&
BrcJ
E+e+
W2??
f]rO
D`wB8C21
1jmQt
t|X `h
XN@O
nLVK^`DZ{o3
?6@g
x[6h.
! :.L
gWB$Q
+_3o
hinB
6Hz8Z
K4N5m
?!so
2A}3
CultureInfo
e/C?C
RM89
s%oc
@%4e
J)d6
fmI
v\A/h
hoxK
vfffffff`vwwwwx
/pY5
D?7
MC -
X H
,Qbbe
-Dhf
|k 0
>}'0e~|f
;wddZ
HKnO
e<?]g
p;`0
^ gIR
XH"b=
XY p
disposing
juY
9S`8M
!Pa
RB9G
=BoiWU\E
*L:w
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
pD5gW
"c,NK
wawB1B
V=g#P>
FormClosedEventHandler
yO?(6
kqBDR
raQ-U
RTE+
awDGO
ContainerControl
b]0N
#E #
ZHt
aD90
auB1B
-mD=
i 4
Risa_
{obE
G_Q,OB6^
l%F4
Vt6X
awDGj
g_ 9C
vff`vffffwwwwwww
k|E?U
a`|cX
4@v$Z"
pgwwwww
w_99C
+On{
a2B9C
arB@F
vj F
vy3B
w(H
]m:q
pD/7
w OxO'
0 i
vWu*
&fSY/n
~SN
t[(;
&p/i
CTtT
'"}4
rRwz
a*B8C
x")+M
z< 4
W/R%
set_AutoScaleMode
=-nu
awH&L
K6t{
C<0d
ry7wPRmb3o
HqW /
(y]
s55#
^$3[s
tawB9C
`vC=E
*Dc_
)S$z
~WRy
e-?,
B8^c0W
r`^^^^[[YYYYYVVV
k~}h
OiusG
[B9I
aOV|
JF(+
O<"&
&3z;
SrI< J
iwB;C
aeQ9
I[%t
$+C&
dhfX
I B9I
hhjl
D(]&
#}mY
E[ ?
GEEP~|z
u6H?C
a!B\C
CL0A
k/3:
-F59j
awBA
ewB8C 4
Bb^C(CG3
awB9
4>,Mp
zn+$L
U]UV
a(BpC
*4${*
Z;:8
*VE'
qwB;C
&o<
awB'
-<<9
AvC+
+bsn
op,p
j$j{(IK
C 0A
C['\
bqPIK
1XF~
-zLk$
I'KH
MySm
?i A~\xA2
L\7o
qD|b;Q
Close
yl C7Cm=
%P/6
RwB=i
4K#0
;D:*
=[_+c
PB1
!w)0
y-*
awC11
T]]j
{<zm}
Ib{m
(g~t
a}H?@
q/9C
tJObl
Nr%#B
P)U &7
}.kV
awSGu
awSGk
]v$"
wB3Ud
J>3q
/>#?O
P$v
1.0.0.0
.fF@
InitializeComponent
C"0R
,(N#{
(lV
p^F
QvB>C
+`,#Qz
;{#
"t4[
`wa4
`B9G
E'`CP
avB<D
C"0q
V:+b
"H~4
-,~g[K
e]B*s
gAMA
I/kO?2
C 0I
s{;i
X S c
b[n:{9:
awF(U
|M L
]Es Nh"u
awF(Q
,- -u
qY!2
AutoScaleMode
n Vd
awF(D
b Q]
MarshalByRefObject
AG0t
-GV)
s\J~
shhhffffbbb``^^^^[[YYYYYVVVVVVQQ
.cctor
?A9Rk
6|NQ
J&}P
;)WrZ.
Y{t('
QtB&C
l.9Y
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
O,d ##e
?#jl
`E{>7
JyYz
IaB9I
kZ-M
-ewB:C
_$ 9
- r6
ioK+j
psjSC
8wB3E
#haG*
:;=R
aqj&C
|3wB8k
u`X{r`\fb^
cwB9C
@Jb&
Ty$8h
F7Uu
i; 3
awD2h
h :,
&Bd2
_9y:^
89t!
SR*4
sTg6
Dta
iW *
'^ b
apB$C
!r:$
,/t'
#9iiiiiiihhffYQQQNMMMM???66662
7dY5
37<g
ou(S]i
DC#HeY
9_ x'2YFfpt
|RE
Wl.r

hcud
AP^p
^uqW0
3WVAD
QF tD
2K\G
b-5"<W
System.Reflection
}k'A
`wBVg
ffff
GavW
@VwB9Cm0Q
V&I6
zB9G
9<vFDx
Form2
RuntimeTypeHandle
eQ#5K
% oJM
^!^w
:Jz9
R%)u
>v%D
KwB*s
{/I4
&(39
auI9@
sFf{U
k}K(k
=SqG
#A-V
tj>)
Wi,%
#Hv!
HBj9Uw
i( j8
QrBNB
)Ky\
ZmHo
sender
z`
50FO
_f5g/
BWUBDFE
gb,R
aWB9C
Ko1%
pxvffffffffffffffffffff
r R6
cp >
bai9o$
B"1Kj
M4NK
Xo( T
;k18
Object
aK6R}<
G-P
hWA;S
MZ#>tr{
Pt i
lbc}4
lTQ{
.xL&
}7E!
C}7)
N*.c
=_2t
auB$F
>o&Tl
k3]:)
0C)O0V
s]YC
Kpy2x
F@<&
Bwfe
a'B9C
q}.7
"@ }
J?]x
{sjY>6
Jc0\
psqB
_'uOP
[ !/
}$Pl
)u _o
\M7(
UWZy
@B%q
Q3yq
awB C
bS<#V>
TxwVmu
D.,E0
}Lb[
a}1aC
#Hxxx~~~
0<B>
D~I3
r|>#
Eep8=
M_BG
U-~l
zz:b
rfYQQQNMMM???
L*Q4f
*T gI
iRMf
TX91R.
aMPYC
&wB9Co(@
X-0|p
^Ue[
~R63G
aNB#C
Cb0X
agf9C
oawH
<wB3
psS<k
8^|E
fIL95
SecuritySafeCriticalAttribute
*P:]5BD
h7U6x
T ?t '
@BWxt$
nM6]
}ZU@
6QYs
sB+P
<Ft[#m
p:EXC
o `~
j> @
-:^{f
get_Assembly
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
JuMM,b
S9C\p
mg=qL7
pR^@
k>If !
/v#
wB?,a0
(-E?
hhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQONN
sjL+b
2@,R
Oovt
* &
Vyw2
DO$e
W)iCa
Mwl9k
crC9C
!This program cannot be run in DOS mode. $
<5l$
awCV
/"\G
=Rw$
3]8B
e_:9C
##|W
A[5~
nQEveJ
zs-ZZ
1 @
Dispose
o{}g
aKMCC
aG|A
U @\
otD+
UDe[
TGu t
]+bc
Q Ju
fffffffffffffffffff
|AyF
c-#_^N<Z
BIky0
6!tD
(=|UU
j}h]
R1x=
stU2
v\8C
V(7\
$: j
,5w-
1hqB
^vn3
X~^}
set_ClientSize
mO7 !
ga}Q
?|Pg#z
System.ComponentModel
hwB9C
eWS-c
$r$#
(,M.
k:
oMy5}
g9oc8
sc.
Cpwbt\
7VK"
fqjUC
om[ B
O>,M&
"uOfn
ahE9C
bo>
P;|e
o da:
4PRL
O,%4
88k,6
\^kQ
avI!
yo Z
a!B.C[0@
p*b3
p {Y
*wB:C
BSJB
resourceCulture
8=tFt
\$3Hy
*'K$
)v}.
gvC<F
8V |4 b
/pG?
2'hY
v,
$awB*C
jawH
o_MF
A'7[/
`wB2F
U&N0
a!B.C[0v
3[)Q[P
pfffffgwwwwwwww
J(o4
"l27BV
WVOFj
vTMM
: |<
?Vi:
M9p]w=
B~P
`e"=I
\!?i
j#C,
Zi%#
H H9C
Gh u
pnCO
3nd#
ubYRWSR
;*mV
defaultInstance
! [9
F,M
awiV
GwRuC
Qf~u
kqo?0
L9tX
__[N
</]g1
^;pC
cy^1K
n Eh@p!
*aYBnC
)peB
xmiihhffYYQQNMMMM????6
U3wB8
dgdgse.Form3.resources
Fl;P'
d4!m
k;J* DI
uy}$K
~!7yDs
ZBSN
Q @;k
C:0`
yA9h}8
``wB>E
X.+mS
phwB=
oOP`
r>`lu
?t)~
L!JV
eO~}
9;@#
anBMC50
5Ca%Q
$9Z)
qdy-
pXB;e
,B~@
{O,h
rj-)!#[`
bi ,
. Zc<
Z >VU
66*$
a_J9C
c<C1^
atB;C~0
}fS}
A4?P
bwB C
a9'A7
9JU9
~}1+
dwB4C
C5p m
A2?(
m T0
QH'7
@;t
z~r+
imVA
#s;zQ
Oy"b
:#XC@
Lz <
RoEm
v9u};
^'Ro8T;
ztqPH
UQ\GA
3.TU
awByC
avB,F
*Mc<
"J1F
Daw
eVXvl:
&" }C
kY^(_
j\5[
iwB9C
sZ<u
0f%
4&^(\
rVH?C
:-]&
Dh1
0rBa
V<|n
x14[C
z(SX
mp;b
a~B!b
0a#V
!B9I
components
T26X
JbuD
@\mJ['l
TOgfWc
evB90
awDKx
I"B9I~
jJnJ
7~f}
yY!|
ZN"|
qwB9C
Convert
K1n}
Int32
HW?:I,4Z!
hCtIQn4#
36wy4>
<R @
;m]'
'<79
A_Hn
'k/'G4
agB*C
doB-
aoB7C
)FZT
Lhz!w
qmEXC?
,xR/
MethodInfo
h)KFJw9
&jj8
wO3C
awH*F
z;hw1
6!Z&
P#&`O>1/S}
p_A?R
v'NF
) mM}
CompilationRelaxationsAttribute
E{#9!n
9iRH
String
lZ7F0
axG9C
DbT#
v^^^^[YYYYYVV
nffbbb``^^^^[[YYYYYVVVVVV
o>gn:
Ib:3
+z*4
b>tx
}[~f
WX8UdR
d[![
}oW+>G
4J&>
|93Kx
6A.H
YS$-].
vfff
Xtqg
E7u
g:z!
avB:C
eFn]
^YYYY
} !o
bS={^P;rWJ7cL@0P90$;
u(`X
arb8^
i f,
awB"s
aHl<
C<A0;
pffffgwwwwww
eV@n[M9R?6(0
-6gQ
)_U"
`foc
t]0E
z\B
avBF@
G-ze
Lm3$
iQB)
vN29ew
&0bw
gqE9C
{*Zf1
#pO,
yP3
WwB=A
Am
QW~Y
h `I
8Ngd(R<=
*D93
,ZI`z
3;W"
1M /BXVv
<6+z
IEND
m3H
L/W&
ULbq
DawHJ
hDR>
Ob|z
WZpS
Q+2ZK
R)NcMn
gnS!&
9V-|
#xTU
:6pc
O1N
fffffffff
C?CE?@
7aIVW0
/KD
eJ|[
&`!=E
`uD?D
4J{A
Tihn
}QJLk'8<
)nCp
gajBC
B?C>!X
iaQ0=P0
awD(K
-bYv
g_1j
R=;
(mP]
7Te3
[Xm1
a3B\C
15.0.0.0
f9C
ga= lu^i
fp(l
8 !n2
t__a
=Z ]
|A-`
S]w+
pP|B
]io orT@x
awS/T
$!#m\
2@N\
r"|~a
D6/8
^^Goi
kVH?C
EQ(B
kmH9C
2@N2
p@EXC
+3h6f~X.
]>rP
f]/vh
av@`M
7W/+RP
HTg7\
#] v?
A/UP
\a}J
<pf-d:
P-oC
$9:|-
h_b9C
> zj
vawB9C
d"eQ
hR9*
9, % {
avB8B
`wB=C
(8 We
avB8C
$F#~F"D
dwB9C
iUBw
y!Pg
Main
dwB9J
B ,]g
3Csf
q|qB8_
_0R#
8gX
wB?@rb
VZ+0
</ A[
&>)-8
9 1'
x82e
d'kRqQ
L Ph
^ mx
) 1Q
0O`\
wwww
p<K%;^
t-45
OAvhL
UtiC3C'%
G<n
|=[|
'zy
,y&;B
K[NX
QTr$
C A]*
AssemblyFileVersionAttribute
sBIky0
%? sK
oy@;A
drG8B
"%kl
,3[o
S[{p
RpSP
Iqd.
Wujeqe.Resources.resources
2%$n
System.Resources
ThV/N.
Eg9jM !
[J`v
Q jc+8
H>w
Q4i[
iDR!
:'M+
"%S 8
9*&^
</a,
dz-3
I$ (
^ir{
IqjzB
uh#
`Sc9C
fffffffff`vwwwx
T@6:
cgM(Y
awB#C
/! Ob
wK9
}&I5*e
[;vg!
Icon
Q (
=mo<
bA%3
Class1
F!'NFI
nZ3l
2XFY
LNc@gDE
T`yd
yD9h}BL
avB9C
e_M|
/s`
kYQQQMMMM??
k._
r?b3
yV5=
8x_
B(C|6
q7y)
YfGI
]?F-
'P b
!5Q(
fB_?
2Ex
Xv\-
z KQ>
Gvn
h"$Z
.tl'
]2y#
g!
wwwwp
Mo<B
-qD=nr
OJ*11
!Q*/
g[~.
aSYh
!5
Font
%N t
'6U.
U,.@
<r8n 3
oyL7F
*@6&
fpBIky0
blItFU
oAq0v@
HbpjRB
w u},
.xl<
)!%6/$W)kI8
cwB<C
pCjvs
tQ`M
awBGl
xr+J
EN^Vb
@%wi
s"iy'
Xq2W%}
h>x_vb9
_CorExeMain
h}B}&
^R@ "
a7B9c
~-klZ\(5
/?1B
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QS&Au
&#LLV}j
+1~G"
awB1c
vS\!
H)G1
IbL;
B4CT0
`ek1@
1f6(
jy>#{
NzN"oW
InitializeArray
gpB9C
UXf"
F8)>
mMGm
%@f!'8;
w2X7
``&
b|x9
awB1C
E3FCN-y
C?0`
wwwwwwwwwwww
%OR
?Lbh##
28#J
pt__a
:89qdC
cah;k_0
C Q7
T-r1F
zI7)
aTBuC
hRX{>(
E{KkGi
"V%:
vh1C
NxiR
EditorBrowsableAttribute
asS4\
qxCGI
6*&.
9y_i%
iFE&
[0UTARD
E {k%"L
hda;gG
kwA$F
zdvK9C
\quU,@
l|>l
LQ"4
}&/?
avQ,G
a.Ud
2}_`4{
&9&$Eo8
`vL>C
dhf'VN
#Luv
RINc
!wB8C
5;M&
wwwwwwwwwwwwwww
MGQT
wwwwwwwwwwwwwwq
@wB9Cx(
resourceMan
}X)&
=TA5Z
RpLL
[<3Q
K:c;;
:{4G/
B8Xt0N
x`](k
Ei}}S|e
4E<f`]
Load
{&tu
?[mzM$G
Hj3C$
l,J]
97R<
R7pv
TFSC
System.Drawing
JMg,
DNb[
%LX#
^)hS
'DQ9
VoO\
sjZ+b
kK#J0
*&Y[
7g{9
5"ckZHt
c2 k6
awDGP
hAn4A
f/Fs
CM;^ox
ivB1C
aJaSL
]B"s
a}UJ
q*CU
e[E(G
g%q~
-rWE
aTB
U{U9.
6aLJ
ijG,Q
F:Gm0
m6il
3#)Y
6[{_x.
set_FormBorderStyle
W3&D
%Yew2
qX`p e
R<9.
RuntimeHelpers
PGh "uq
t ++
0bwB
t{;F
)dL_
^K?M
C?0O
`aj
l50^
r ?T
z l&
s|a
#9iiiiiiiihhffYYQQNMMMM????666
Q7O{.
c_X9C
'05n
C80h
vtt
&7OUI#
nqB
dHa.
`~*@
*lRS,
IM 8@+
[k\6sF
S!8N
dF
W4+3
DS%
j+N?`
?=:i
wxqp
X/?wL^G
Vnh?]
DH*\
vpti
Ygac
Oc.WJ
XqwB9C
atL7_
vfffffffffffffffff
~l.{
dDj0j
ComVisibleAttribute
(MXZ
Nl;
GaB-Oq
5!`QS
D[[N
wawHV
'w`.
])j4\@!
P|yQs
, O
s^J7Q
M3t(*[/%
aqBZN90
,vuE
{^{#t
m? _
95 0
G.j
vffffff`vwwwwwx
%U}|4
M\keoL
`_Kg
JL, &8
C%}8f4"
UXWi
c(~>
EditorBrowsableState
v{
HL!\ U
=^UbHI
Qash&
3H\P
'CDm
NaEB9C
ewC:K
ztn-=h
awB6C
CdkU5q
2]a F
b/S`D
F(rAd'
B?Cd
P[1)
adB4c
}G`#
=zCw
GQZ2k
YgcO
fn|}
< c
4`].r
dgdgse.Properties.Resources.resources
RBd_'
t1<<
2 |N
QtBkC
Iz538
Hks^
atBRB
jEE
+ *9<
0\`,
hhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQO
*<`P
1O@l\i\
a C9C
V&e=
Heyh
`,]oo
evC8B
ewB;C
awH2
a*E9C
]P 0%
ueJE6."
,?7`|
\ %'
sRGB
#Ab|+
Application
ok&z~y
v;B!
+BBE+z@+
zQ2.
2H^A
q!9C
:Hft
<fao
n}9\L
5YKW
,Bo`
ZB9E
s N
EE `
.eLZtT
52 (r
u[[YYYY
"GuwC4
s(J9
1~jo
QuB C
`wB-C
dp5z
auBRB
=)xJs
aVB=C
oo`o
i$U}P
;u)|c
get_Culture
e%C?C
aaC'B
hhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQOON
%>hQ
)bpP
J nuNp
4)c<
Z"Fu
eIZ0
^7f,&
7\EA
KZ!e
$Q vU
AJD
_.sw uC
w@mZ
|%(55
wfV(G
SfYyx
K$-,}#PA
c _'Z
w+Ac
Ji~f
U`"j
aQD9C
fBRm
RRS*QQQwRRS{TSU{UUW{VVX{WWX{ZY[~fee
F3;{
z: a
i`Q\h^MXf[JXcYFX`UBX^Q?X[O<XYM:XWJ8XUH6XRF4XPC3FZWR
)(#|S
@wB1Co(@
z}}}}
-TVE
^#Rb
@Zz
Yt5k)FQ
ex[
XgYd
;QLTOe
N4Xc
`^j
Mh R
vxn '
I,yZJ/M
wB?P
9:Q|
lbbb```^^^^[YYYYYVVVVVV
I5W
*nQzF
i4@6
<`wB8C
FormStartPosition
X(?b
d8} o
6.^,
Rf|g
pgwx
)@Lx
i*Wp_
77 i
fffffff
nQQNMMM?
e[aj
iD;
uNOG^0DEe
"2,60
avBRB
XP/]
E^N
=P)$e/;
emxzh
ib3B
;^ +
s6\_
:}%$
1DxE
1n_
Resources
77 C
%B9B
^DM?
Slxn
dwB;C
a61J&
ojL<D
!dgT
}:Xq
- fs
0~jo
TtXI
BWv/*
"Ei70
f1|1Z'
fff`vfffwwwwww
C(JQ
t-jk'e
>B93
^av
s\<Q+p
}\+|]M
n>v
ag)
hgS
x!;@
[Z]~XW[{WVZ{VVY{SRV{NMP{IGIwJIK*JJL
~B=P
2i1
axZ]_
wawD
LNL&
&Fpi}D i
K zD
@o.-76
Q3Ha ~
!lw4
$YM
#'/
^PXT
WOFeG
)^]T
uS>
MK=f
J0|J4> nQ%
7c G
/C`W
g{BPS 6
Uv56
[[]_
hhhhhhhhhffffbbb``^^^^[[YYYYYVVVVVVQQQQQONNN
mbH-QJ
WCBl
awl9C
$;J7
=t?9
5Lz& G
fa&:Q
Cz2!
:3]/p
a}8(G
`v@?E
%)))))))))----------------22-)
)B9B
eQ<=<
983~1
Ud.E
a^G9C
a.)zms+!W
<jA)_
CC0F
`.rsrc
:U=x@q
j<xn
VKAQI
]3nJ
,(y
<~&G\
awB!C
;lzT
+*>e
!.W5
(@}}
=i6g
dgdgse.Form2.resources
1^DpP
Wf&B
_p9.T
AwB9C
p>Cm
c"sA
3^]2VH
k}B3N
5 R<
ffffff`vgwwwww
4/EQ
set_Culture
RwB9Ch0u
get_ResourceManager
Lz9JK9`n
FKv{2
]%4u
AwB95
Z cS
^H .
44"]<-
cy{B
*Vs*
tQ{!s
awC"s
8" _
vI L
!? (gx
b j
j,8l"
,f]B8S
d.fLsgPr
P,;0
arC9C
;BE.
1+U&
'h8
(X+$iIt
c H6
_7$A
D ~!
5wB?e
SC^1p*
%MHX
Msd[
C 0|
l\k6
4l7l
aBh
/!p8
fz9 .
edB1e
6w.]
g f9C
)c5 u%
Ova:
&B4X
#9iiiiiiihhffYYQQQNMMM????6666
D4ky
mbwBNC
3~jo
awBJ
]-@3
a;B\C
'%|"
+HIv
r|T*O
G/}1
RH7(
$h=Z
eYB C
C?C>(h
sE L
+fIA
eg~a
3] X
`dO11
w/=s
v 6Vv
qila
SWk4g
set_Margin
|rJ)K
dNVa&
r:y/|
QK
a?JrK
GetTypeFromHandle
8Y^X
dgdgse.exe
$'MA
<+W'
+ 6S`
:r8
hefZ
dYYY
2j_?S Bn
IbJok3
pEW(Xf
rBIky0
%@J
Q^blQ
tw&S
-B9B
gqD9C
66M1
>Wgbd
^x^+
L5jc
offYYQQNMMMM???
&Lmt<%
J3t-
2<z,W
zw-B
gvC8B
y,P}
2awB.
hEuz
u@97
```^^^^[YYYYYVVVV
c./\
^h8o
RC0@
iK0J1
`wI\
=csBG
oiC?C
[`N.M
(xbv
mddG
YeL
u*FYzfyod
Ye^ ;
v Xo
=wB3{
HR|E
+ !21
bwB
e m9C
[,@Q
ZJ_
Bn a
,!q7
=s0N?
CNb[
oawHMA
jRgS
T>4&bMA0oVI6{]O:
R{bI
qf#Y}m
\;\kK
B#$X'
1#/H]<n/N
bjd6g^
RF93
lEwB9Cm0_
System.Runtime.InteropServices
T *{
6`FC{C
c^[YYYYY
P11hc
~5 eC
A"zP
*1D^
ajB<B
o Dk
%%2]h
seL
;qDa
oE >PH
snJ+Z
a40\"
+ pQ
a B?C?0F
C00i
6Qv4
=yXl
V">_2M[;%
`wB>E
EW1,
ugs
a`RR
x MF
ucO?
9RM7A
System.Runtime.CompilerServices
lQD;
yVA7
S^>w
b0O7
3bq]k
SuppressIldasmAttribute
aGB C
GwB9Ch08
L Y'
kyfL
pavM
RY]\
_4AC
mwg
Q9S
X wX
awBYC
<`wB;C
jd }
D_;:
kVH?C
CnS
gZDJ
i#e$:|
U\3
^GBw
!f S
Hw({
H}0Qp
:uo,
awB}C
:pK/
v+p x
?y2%
g|HHL
a}d08
awB:C81
'a;B
z{>[%
_Lj&
Settings
>B9E
c163e350-2f91-70.Resources.resources
a{d9C
awY=A
{-'(
%%fZ
G.aRtI
P85,~
;DZ,
'-*s"-
aXjf R:
set_Font
a}h*s
a'0V
ffff`vffgwwwww
\-p]
'BNO
a $I;
X 2b[f
fffffffffffffff
$&wq
dwB:C
S0YH>
a5.V
xh56+
7~jo
avj`C
EventArgs
byteArray
FME'
*'K@/
Synchronized
ph8S
1_6Z
}iku^
}>^TOp
:vBIky0
QEXv
Zq@=n%
2wB3@
ie !6
2v1m
+#k"
0N%VF
xqP~
avJK0
agB.C
>bas
Culture
WJ)e
@pFH
q`[P
guC8B
PQ;D6
5&Ny_
C@0_
P,tg
+ ?(:
4dKpK
avC9C
E_*
bWB>E
6`xC$A40
PAwB
'0V$
a%'^*
%n+S
~p1{
[^i8G#b
6Y{9SB
AvC(
<Module>
cwB;C
wNm ;Y
Pu(G
pfffgwwwwww
Kq.u?
awB&\
}R( _
pfffffffffgwwwwwwwwww
pw|va
hhhhhhhhhhhffffbbb``^^^^[YYYYYYVVVVVRQQQQQON
M+*v
|uWC 2^}
e>:6^
j.uu6
s'n9
ASZj
+~i# !
n <%n
.\mx}
m7wRY
OL|s
&zNm
value
rGe{
_:,'
SizeF
ewB9C
avL$F
AtJ$F
LOpQ 6
%` B?C"1h
~|)
b&OV
*aqD
awB:C
&p.}
' F(O]
_{/!5yU^i
uB9B
E-pK
svP;Q
awC4=P0
dJ#c
awH0T
O P*>
7'm\
}$0r
pffffffffgwwwwwwwwww
=17-
1J/O
bo~C
q"Kg
W&Rk
M5{n
X7R
V%PQ
_q/~
#GUID
$6@/
awD:0
G`^$t
}b=?a_
C`0l
awC9C
1`,O3C
-+}Fnp
get_mon
:1Fy
xbk-
(^ n
?`?
%R'm
8kn-
:,(S
k[B_*
20i0
YWX@
z/-j
F46a
XCZ_
Qw-bJ ps
HawB9C
B\Nq
:DU:5tY
$h9"
ye0p
z7?#
\SS*
!|gT
.R>&
\LUS
`wB9C
\?6(uQE3
yB9G
-ih`<
.dgI
.p>{
E*0D_
? FU
=wB3{$1
`vF?E
aRB9C
zKrm0
z@7o
X6/f
Form3
<EUw
p.6D
n)c@9
+#R_
s83q)
Dcc,E
+FFV
,JaQ
eWMU
YW$a
EventHandler
g#;
G,}|4
A>H=
$+c06
2U.3
3]j~
avP K
tawHGQ
iiwL
XiwB9C
1U]{
pzj:C
~YG@
O3\@
#*2Q
awS9C
j?% w
`qb8^
JB#C
mp9fw
lRLH
ewB:C
IWB9I
\"R
e
(dn[
(Tzm
T7NL
|gkE
K c
$kDH
Y5 ~
VV#-W
4IDATx^
4<{xy
5eWG{r
dwB=C
Q):O
M#J.
_ q<H
TjZ/apLh
kvPmG
Program
77f"
dL=~f
B A/
?=uA
!Pe72k
TF/Z
F9=.
K`y;%
93O1
Oha7 ;Cw9
&aTBoC
C10`
3kE0C
?nDC
)LjaW
irb;B
+ aU
C10w
C10p
| b! 9
gez<c
%w 'b)[
z@HZN1 [
n<:z
ie3B3C_4
|`3.
rkwq=J
=F/<
5I.
RVWQT
4)wp(C
I<84
U.%?*
y"/^
|6{.
r$fwhO
y:^OB
:4'_
acA9C
set_Icon
gcJn
N[mM
;mH$
V!|N
Y/m{
Kav[
Ve%!
R_<Q
L4ch
CmL,%
AARn
!D&X`
pBIky0
$>&M
|+pO
awB'C
e[I(
/9BJ
(tp4nF
p`y&
<D*zD:h
-O7n0
/eI$>
bawB2C
awB9CC1
WmW;
#-vC
V5^r
0} 1;
9?+,O
guB:C
*:'
6 ;\d
#W^Kj[8*C
1y9+
(,
+uLPo
mykey
`gT 8
|%V)
MINK
ff`vfffffwwwwwwwwf`vfffffgwwwwwwxv`tfffffffffgwwww@
#J~~~
~=p\
G\U!
*mf
-5wr
3,e|
aEB$C
A >:
vfffffffffff
TMno+
'w,hE>!
3]lp19
]o-$
B7K_2
(?dd
System.Windows.Forms
a1FkB
,*sX
SY&U/
}Q8g
>B9I
;dwB;C+5
A0?6@ T
_>J)
4kUR
6CH`!
Pe.
=zu1
xadC9C
+,D'%E
B9I
CMN;5P
XdOw
a~B8C
Io0T
System.Drawing.Bitmap
4ii{
/u$a\r
gPF`
Q65B
[2"8
teo8_
\ 90
CG<.
IDisposable
wH9N
4^}B
FontStyle
mno|"c3H
ht{#
iEqg
GeneratedCodeAttribute
}awB)C
kK?'
N z
pffffffwwwwwwwwwwx
{<@5I
aqjXC
4UZd'v,_
p;n+#
BTTl
qXv\9F
R/=1
+*@\
fSB}C
D3+
ugDa
atB)S
iyJ1^
awB5C
vBIky0
YenF
*?;gG
awk8C
q<Uj.
XcwB<CF2
e 4`
@Lm6
$N6
pgwwx
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-04 05:11:09 2018-06-04 05:14:01 172

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-04 05:11:09 2018-06-04 05:14:01 172

4 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-04 05:15:19

Detected family: #Ursu

TheSystem Itself @ 2018-06-04 05:26:01