MalScore
100/100
MalFamily
Ursu

kik.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 26/67 Related 2697
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 571.00 KB (584704 bytes)
Compile time: 2017-08-27 00:41:20
MD5: adefe1847a9a55a47588445932e4d48b
SHA1: 192c7dfc0dbc80a691a6701640805bfb97343857
SHA256: 98a90b2ae13793a53f28cd4f2b71b3892a29fdcc0aa846fc605eda7258b8058b
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-07 01:45:02
Last submission: 2018-06-07 01:45:02
Filename detected: - kik.exe (1)
URL file hosting
hXXp://narenonline.org/kik.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-06 10:39:49 [26/67] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x8dff4 581632 0af9693f248b3491f871dc8b9df99b44 b6f1bbf26f8c5e141fc5a55849cbce580a62ea9c
.rsrc 0x90000 0x620 2048 c2dca6454dc03ed4cb6d33a4aa17df7c e13a3db85f4cd8a0a599b1441bb817b33f689e21
.reloc 0x92000 0xc 512 7e6d44b5d2fc1900f9267188807c24d1 37f851663bfd72f7e593e5c77ecd05c568d22356
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x900a0 916 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x90434 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2008 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: kik.exe
FileVersion: 2.4.21.4
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 2.4.21.4
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: kik.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
mscoree.dll
IP Found
2.4.21.4
URL(s)
No URL found
String too long
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
e937b33a-856e-5b9
e937b33a-856e-5b8
e937b33a-856e-5b5
e937b33a-856e-5b4
e937b33a-856e-5b7
e937b33a-856e-5b6
e937b33a-856e-5b1
e937b33a-856e-5b0
e937b33a-856e-5b3
e937b33a-856e-5b2
Same as in FIleDescription
e2c4a01f-40b1-9d
How is seen in task manager
tta
ProductVersion
Company name
InternalName
mdN
Segoe Print
Random comments
StringFileInfo
Translation
b04fe85f-1d69-03
VarFileInfo
Assembly Version
FileVersion
Copyright
VS_VERSION_INFO
wpp
Form3
Form2
Form1
Comments
FileDescription
0.0.0.0
OriginalFilename
$this.Icon
LegalCopyright
2008 - 2018. All rights reserved.
bc4519c8-fdeb-060
KgtrcXC.Properties.Resources
kik.exe
CompanyName
000004b0
ProductName
2.4.21.4
Cqyw
MP<3C
wB3U
wB3P
8tf[
wB3\
Q8N 3i
Y. S28
k]B*s
gZbJ
g[D?,
P\{<Q
AwB9C
ebt`
wB3I
EgVn
PNG
RuntimeHelpers
}{ H
Fg1i
%Z`$&
\\\\\
awHV1
XC*H
an(x
wB3f
#6IJ
wB3e
Wu!`
Dx`L
wB3k
wB3i
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
C?k[
awB;C
L Z"9(
a%'X'
*Qgny
{ Ik
AutoScaleMode
^vf2
7z%"
aGB:B
qa'O
dF??FFFFFFFFFVF
}W ^
]]]]11111$$11111111Y
]?^i
]TreX
'hTv:(
Nc@q
i\6*
u6k2)
H["i
unsK
wB39
MqEVd
a4-T3
:]vLu
(o7iN
#8%o
NewMethod
bhkb_
aqB#C
6`xC
CZVI
wB3@
cqD>C
-C% R]
{U0\
>),y
/7tuf
L5 j
D;;;;;;;
FormClosedEventHandler
Aavc
WwB9Co0"
t4Km
pt,a
System.Runtime.CompilerServices
kqBLL
v` 7U
wR+;O
>Gj|E
nzS#
=F4l
]D +
\:N1
a2F9C
>?W~9
aqD?E
*3s0)
(4L6
&_g+d
`wB8C
5ve?
0n{K 6
eStJp
)* c
wwwwwwwwxx
[Cew1ol
+i=X
VueE P
wwwwwwvo
W6nsK
niY3Av[>
f"aW
aawBU
15!!!!!!!!!!!!!!!!
\Y>j
9999P
x:9C
pe$AN{
,C^J
B.A^
n>4O
a*B0C
?^k*b T
-OeI
]]]]11ZZZKKZZZZZZ
x^HF
~>"pU
TPL#
yfeB
aWjR4h
/%^h*+(
a}Q<cM0
>wb
RuntimeFieldHandle
D2j?
T z
0ewB0C/4
Ziy1z
-;}Vw
a}B8C
VVVVVVVVVVVVVVE
gJqm f_
%Sae
|o"m
SF8h
&8g
o-s
)(h7e
vf*3)
V56
DfwB8CJ7
TTT`aaa
ppT(DpY
(dNC
2:Z&
ifn8A
xZp~
q`"W(J
>6tg
CW,X.
nz7v
dwB<C
3H<b
999999PP
<<<<<<<<<<<<<<<<
]]]]]5]G
pWp
Vl<h
ZZZZZ6
BIUATN31
6''d
aaaa MMM
gw@?^
LeEK
aAB`@
(;O]"x5-
EnableVisualStyles
`vC;E
Fjjv|
P*R!5S
uz7=M\
0z 6
C>0I
kwB=c 1
va:h
] f|>
m |{
@*vH
I_#s
wwwfff
?"sp
tqnnnmlllhhx
L!vLp
;1nQU
PD%l
an(
awB*s
LOeo
.O6n]
aaaa
T y)
.99OO `====(((AY!**************BBBaaaa*******
]BHw
rRBy
w+W+
u(]7
=8n^Z
d1+u
02baxT\
&Qu4
$8?I`
>a O
v2.0.50727
<odk
wB8k
a{B8C
a{B8B
$U)u
mlllhhhhdddda.
R b:Pa
5#i
4<.;p
,B9B
AppDomain
c"!J
?!-rv
s+D&
%+?[14
JL![
get_CurrentDomain
.o V
*Z(#
o?(Y
a3B3C
fI;o}
/r6Aoh^W
PADPADP
Wd;"
<+W'
@*h
IContainer
`4w^
e^f'
3 i xU
awB8C
3 Y^
_JF&
PW0s4
^Qteo8Q
O :>P)
Wu-Sc
?%DQ_6
+ =B
awB8S
iW*q&
|Kz/x
|c)/
fwB9C
asy9C
qE:
gW@+j
ToByte
(BON
)|9*
<G xm
\aiJ
1 X)
O@ia
B _
kpD3Q
+MK(#
Y*F\$
1XGO
set_Text
1uQ#
gwB;C
q/
v[{"
)~=Z
B8&zh F
aEB C
b/{ R
Yu14
q.<}
)Q2l
#Blob
Q"3$
a4#U/
.Aq\
FN'{
sV L
pwwwpwp
awH2=
G4j oO
Y-gn@
eHfB
hdG=
ajG?D
>80"
R; |
wwwwwwwp
&;8%
WVw9
4>,Mp
<E<Js
zwup
0o0p
R:jb'/
awS;1
ffL
pawHCR
Type
dYftz-
9L 9N~e
|yPZ
d]XZ+u
Tsl_
0X;
Ag@={\
G8h~q
MAd(
C`/lCH@>
# F'2
awB\C
c yp
W4oH
kdD(E
)%54
get_Default
TCF4
-Nim
NoU
atC9C
/-mk
HwB=<
NuE{
awS;k
A 111
#f@/E*
Lm #
`e[+
hYG/P
dP0 fM&
|r_<K
[ 4
~Lk}
? z <h
x%]'t;t
^1of
VwVc
"=c5
?8888g
vwB?0
1-U'
<PrivateImplementationDetails>
Char
'uQ_
Rw (
VQQQ;5555;GDDDDDD555555;;;Q
m["2
*=y}
+sD
Cn0u
weRM
c\LRE
hyA*B
"@aZo
9kwf
{e5<>
5?D<
"<vz
w)2i
'),8i
(H:e
yriv0
%wB9Ch0`
xkAy
A}}s
f9C
!aji(
hVH5Jx
wt4K G
Padding
j_l]
System.Resources
3I*t
Coi
\aEJ
XYrC
PUs&
ypZ#
I}I}
mllllhhhhddda.
(%/8
()fm
ML \
"Q9t
/<|S
+>Wa
a3'_*
)bN/
rNcK~
aw]y,
Gq!
pz_N
`(^>*
vfff`
lDMDYx
D;{q
s ?/
.x[q4
Hy'|
RD -c)
PawB9C
r4,p
|yL![
JY~sq3
RUJ'k
]kdq
"v!~
69$Q
Ml\8
asB8B
'$RZGkE
UdC"
QvB;C
\bsc
QQjx
43bP
wq|9s
.text
2`)`
u VJ
F6R\
H_Oi
C} g
*y7
GetObject
I| [.5>#
a}b9C
#Tw4
Z 1 Z]]]]BBB%%
nX.>_
B4CT0
*]5m
&i?0
G+W|
0Xdz1
h.AOV
Convert
KfXU\ ;
0\
QG57
o8!
System.Configuration
[=Vc
IjB9I
SDX_
Y{&i &
T988
m\W>,\0
8`LPf=
\\\\\\
r@[n
Mk{0<_
DS2#
|rW+N
'`U6O
wbPF#@
&c{78
? o
yQ}"
ojG?C
bIDATx^
nF.O
S1ys
+if
O4*X1
A!*R
{..]~gA
(Z_f
p i
vSgs`
-B?f)
avB1E
6?qI7
EvV`C
X*C>
gD@Qg
|k^$_
pRwB=ihCw
adB-b
*50d@
iWA8A
cZ.z
55]G
/.,
:K3=
Ck,*Z
bl q
}B9G
Q]+T
ApplicationSettingsBase
a8IYC
j+t4
yBVY
hn2K
21(!
j kl
NetL
=EYNNo
`rb8B
@scad
"O6.
5z0G
a(BoC
!zWp<
(#3t
d#>j
Control
#T'n
^jN
nRb%
]:Pz
cuZ$K
c#`/
nwB=J
W6n#
zM3!
QvB)C
t-'w
d5fq
5t)O
pgV)
D9*7
*ZZOz
P1[~?E
B=&{
mMAf
; \|
awj/C
IconData
!(!9+
Brg3
lhRak
y#]hy
ol,>
a}BiC*
^7n2
Hy0s
w0\"
=)3'
bn5o/
`cc9C
a,B,3
jiguyvs
f mB
WC,[aYC
E co
8]ejQM
}Ubp!d
.ctor
!`3BvEg2
eWC8M
efG(U
eWC8K
}Up\8
byHnu8
B8^v0L
a;-Z(
!fSc
b>4D
"KK""
+Sh(
awH30
kPo+
in f
8wh
GzE]
o29h
cP~+k
awF!k
O4-T3
={lhc
hfFV
u"j
;5tRuK
[7:V
I?ea`
awB9B
awB9C
\B*
nnnmlllhhhhed0
:30b
'*>y
B8^|0P
E@6l
#mpi
fwB8C
+RH
CeLb
III$III
=Vz*
awB9k
Wx?
%R_V
P<Hh<
cDBuE
awB9c
00]]]]
>(jd
j^wBM;
HQB*q
-O U
t6J"
^dO
R V
dfB}C
gqB9C
0Ap
b d=
x v'i`.
w/~"
lAlrU
j\x8k
ZY+4.3%{sCf
a}ivD
height
Qn=*
DaS+
j<LN
JD`BK
g7=+$
yhwf
)tm]
VYTW
7gsF
Z!p\d
d^(_
wwwwwwto
T9%M{
XcdA
9+Oe.
bpC3
M^X$
HDUZ4
~7k[
2222aaaa<<<<<<<<<<<<<<<<<<<<<<<<
4iQP
Program
eV"^
Sb}B
ya3BLJ
teo8_
VVXVQVQQQDGXG=%
Uq^jex
mo"#]
`wB:C
o*s5
t_Xa}
["1,
awi9C
"G^<
{.^Q
kuI/O
kYOO
sender
"; i:
get_RawAssembly
;wB30
@@@.
jz [3
WD7
w I&
bwB4C
P#Rp
_F<4tv
dwB,C
##########Z%%%%%%%%%%]]]]%%%%%%%%%%%%%%%%%%%%%%%%%%%%]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
^>t&
~wT%w
zFSS
)H2
F)yU
COdt
)>V,'
wawDV
`"LW
`jG$F
wawDK
sj@?J
9W+
v-GT
!!!!!!!X
T
___`sss
fffffff`
,wB?P
[%m -
19"
LiLg
eX7i
V_B~b
awBqC
iec%D
]a>}
(T7@
psjv\U
bJXa
fu-AC
LE$bAT
bCzD
LnN4
;i#}P
mscoree.dll
-a[BnC
y`dty
.92B\
pvwwtvp
fWA8A
.z^}
auC2B
awB9C~0
gwB9C
%qz^
7~nY
. KHMG,
Invoke
iIMh
iqS<E
j[kN*
8%Znd
WrapNonExceptionThrows
M's`
erAv
wwB=R
%;Gq0
u"_
UG_H
!K>n
yGxI
f)"v7
q(a^2
2k>
Yht\e
~G>
^)(h0
"_a^\[
GpC?=i
K<**BBBBBB aaaa******* 6**************Z5MMV!*****BBBBB aaaa*******OOOD*************Z 55V!*******BBBBB aaaa*******9OO L***********ZA 1!**********BBBB aaaa*******%999OO `====(((AA 1!************BBBBaaaa*******$
=Sjf
wvfffffff
P+-N:
???<
|Zvf
Kl#Q
&mw#
593d
a/F9C
/q@E
agB"C
"Yn]
awFK
WjzC
mQ,t\
n7v!
]+Yd
Iy/w
W5z y
LU$
T|u>0P
awB(C
J7~z
67#
iq_<K
sFW+n
a1TkU
z .p
VB'Y8
mD_^+
w'Z,
@!ZR
fffff`
;DD!!!!!!!!5
XUl7
Cp.v-
;>\W
IEb)
agB<A
(6Mv
4yE:MZ@
Yp{%:
Form3
IHDR
Form1
f #.
?\^tZ
<6k!
e&C}C
XowB9C
k}H0R
nz I
System.Globalization
$HNCX|
@r<a
:a_B
}P@?
"/u%m
IconSize
3;O{o
6fTB=B
u~/]
7l0Z$
:9a[
8!)W3
uwB=J
ttVy
/pr_
v>$n
$awH
Rv>@
aeB8h|0P
bqPi@
4-]&
{ !{
hsuo
cv9]Z
System
EventArgs
kfjyhE
FB9G
wwwwwww
wwwwwwp
!wB3I
ce |Z
!' \~
b''Tq
#Ymi
System.Drawing.Icon
A6}B
EGSF
wawDGe
I`B9I
"(QX
gA(
a$A
9n!5
J)u
x8aA
VJ^/
'2l
~Gm
`|BGH
KKK
0crC
faTJ
iiik[ZZ
3XSd
zO0/
lswa
b!x/k
=/./
aBB=C
MethodBase
#Strings
asjlC
L;ZcN$
awSK0
&RO!
n-] 9
FwGQ
444!!!!!<<<<<<aaaa
MwB9Ch0
`yID0
4TbT
FnMq}
B8Z|0]
5dh!
X]]Q]
} w"dB
2:t&e
?awB9C~0
*cwB0C
vwB=R
g38@j<
< FOz M
:iw-
%awB8C
0fGs
V (|
@Aau
abG9C
]wY@
}es;E
+B9I
S qRk|
<VO^
K4'*
*Vs
CcW ~
a7n9C
gggggggggggg
aWs8
pL@
[]?9I
Td3j
"W|u
a4-W5
Co9pC
BN"h
:~Xjw
A2qdF
3;Kb
MQ A
8U.1'
fmt 9< *
K8L[?
:Su Y
P6p0
)pqBdV90
aYBBC
cGsU<i!
"\>|9
@RXA
C-%*b
oMq"H
5@vaz
eWC;K
j100
eWC;M
wwwwwwt
>,w0
`Fdj
set_StartPosition
WM`Q
cuL7I
+C.lK
k08/<P
wy%8s
<8YX&
e m9C
fp7Ry
\E]%
hqA=T
bzc3
?`0T/Tz#
Xmg,
a]Fi
AEqOHr
4\QBH
JP4_lTp0bb
5f%G
Form1_FormClosed
rw uC
Nr5:O
Y!DX
`vC8G
`vC8@
`vC8A
`vC8B
S]KK
00*f
|T$u
7\Z:
T ]"
(q]T
c;eJdC w
s0E:
g-uu
G:T.
J&5Y
wwwgwwwwwwx
~ttqqnnmllllhhhx
!VNf
ax
_~4 O/i
\9F8c
^d11l
TF|{{yyw3310/.,+*
DUf\
`wB7C
aYB C
aaaa!!!!!!!#FFFF
!
'Qj<
"8CEB
k'7jUq5
wwwwwwwwww
v<]b
g_K9C
ComponentResourceManager
wwwwwwwwwp
3qco
VZ#9
Kc"vv
!Q+.eL
kRT?,
7 ^
CZ^|
%%%%%%%%%%%BB,>
:.KL0
{7i'aJ~
uEQK
XHbM@
.*X77
M~rp
&]`b
QEf*
%UB$
e]{%
[roK?
'vXk
q$)P3
k5`\
.f_;
g86C
ZZ]]]]BBBBB@@%%%%%%%%BBBBBB
~[S5R
|*N'
YS]T
Z6666666666666
ghFFNUb9
%%cw
}gyi
F?mpqv
:DGg
hW@8Q
]j6K
B-^D@
j5.~
ucFB
77pG
e_:9C
iiiigZgggggd
ZwB9Co0
bvL%R|
Aw_:F
@C,d
>M4+
rXxBWz
C'0J
2222222aaaa
7wB3k
lwB?k
7W]4
#8^)
L\WR
nkhi1
h$Co
P(lf;9j
_ JO
wB3H :
0ih-L;.
nM.H
2h^h
~YH`Fo
awx%IUd{ e-S\P)
3/``s7Z
3sTA( Q}Im
kZ8888???????
z{Y[,R
CdT*
x`%\H
'\=Y
q\oS
w1\7
nd}4
Pi0
qV(uY
p{S,
v3k(z
2g=,
Form
xZG<O
@#O^
E.G`
&&&&
%wB3,
xafB
/a+t9C
G|t\
T>^t
6B7CB1F76B99023BEFA8EB2B530216F00916E4DF
pvww
awC*G
awC*H
00000]]]]
n#Z K[
$Qc& k
y[:b
CG0S
~b9m
%n O
g`p9
NUH8
j/l|
us&J
vy3B3C#0q
c~C%b
wd[g
FH)&n
a%#W'
=,< #O,
qFqF
*a@BoC
$_vLAv
wAxQ
v ~`
;6~e q
ow4q
awB)C
ydk^!
wB?X
I'o
Z1gL
#q=4
QtB+C
8R;5
wB?K
G.Yn
Y9C9C
ae3BII_1
L}VI
kkk`{{|
e`|S
Auzi
atB1C
wwB3
!!!!!!
wB?k
gqD?C
}D9P
gqD?E
EwB?=
q6 "X
tCQ]S
nnmlllz
set_Name
]]]]ZZ >> NG
Default
awB?C
R[ARgv9
JI;X
m6
*Q72
{x1#
2(T%@.
atL7_
P:`.
\\\\\aaaa BBBBBAAABBBBBBBBBBBBBBBBBBB :
B8/#6
avBMC
ZmKI:D
Q+5>
EwB?k
wRa&
|I}u
#_8cr
F+LM&^
B8Z{0Q
1=4YAH
8}go
%'X'
I2sI
f;Eqer,
aaaa BB BBBBBBBBBBBBBBBB :
5:>.-,(&
AePJW
^M[]d]
8j8l#l
/7CH
EH@L?x
<2rX&+=
ResumeLayout
e+#L
awS&S
Hdjz?
avBiC10I
XDwB9C
*bCKq
b4@edVh
m#7t
a~B Cx0
cdBNE
#-8\8I
=`nMH
|R3-
System.CodeDom.Compiler
eqD?E
Fx -c-KL
aRB8Xv0L
ZE}y0
ZTX5
SetCompatibleTextRenderingDefault
eZA`'k
.@yx
Le8
o@Wh
27&<!
lC
" W7
MP^<j$
R0f^
w]Bx_
7$'w]
B 8}
;oaQ
_>I5j
aoBGC#0
T=M{pq{
\AQ7
WjCv
>V$vWH]:
-F91
< O
d=Vv
Zb T
vKp
yo@0[
MbV+
22aaaa<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Resources
5+k<
s9 qqr`|||
.ThX_
vy5@
!.haS
6U~"
a5P&
5'qZM
PbR~
N9 /XtY]
: E
b5y
m.wn
^cbZ$#
wwwwwwwwwww
Pgx0
IQ#]
gZDJ
P( b
6vU%
w]fB&
mBfc
wwwwwwwwwwx
'aY$a
l:\+C;
d~#Os
C{8i
D$J{
C_[a|
FormBorderStyle
[S!`
88Z
%QmnVp
L%%%%%%%%%+II
dWB+
= u3-
t/4w
#n2
7jtN>a*
V3X
!0s?,
7e}s
jfwB?C
C40W
trwaM
msS3Q
z>,_
GE'9?Z
B".+\F
$A 1111]]]]
P}(}
aWBoC
`^5^a^5^b^5^c^5^d^5^e^5^f^5^g^5^n^5^o^5^
{kn4
cqL:E
VewB>CJ4
B$;J7
'IW&
9%0kr
pwwdgww
\U7K-
T@iQ*
X5!t
aa|V
?0v04
@6TwG
FormClosedEventArgs
R pn
7i#(2
UDc.?g
2*iV
ZB$hHaE?/H
y>2X O
0}o+
!*P>.Mw
3ow6
vB9A
fUP$
Cs0q
C@'Y;.
@ ???
x~_f6
s?vWu
ifGV
FtK<c
`rG8B
@uXv
M`ITm
B9Csu
awS;kR0
smlllz
}wB;C
!*****************BBaaaa*******************************************Baaaa********************************************aaaa********************************************aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
*tqnnnmlllhhhhx
v$/GK
bqPY@
?9+I
o1Y
!Ga4WM
h #N2
!/$Om
E6A/q
23}7
=8V
+{Fl
bv&T
aw_7K
_+0%
MmkQu
M{V
9#n{
E5AV
XowB;C
*V'h8
Dk'~?
vB9,
C$0E
/+i?
+ B;
(~ar
?aLBcC
(+97
C$0T
LUo0q
[bP
add_Load
wwvfgwwwwwwxv`
$]Y
BawH;,M0
7Nm}kO
:.E;N
SettingsBase
S@!a)
7!o?
2M &
wxwwwwwwwwwww
HSs6
fJXxj@
aaaa
%,1j
VX]GX
J'7uD 3
smp-
<BBBBB aaaa******* `=****************ZM
gV66
IDATx^
Ed0f
s!Y{
W"Xu
YOzQ
Data
(s` kj
dgdgse
dak\n
A'<X8
\Lt8
: ZR
y<WJ
b~C}C
vX7\
a}g:,
xtb9M
^7Sg[
<72j
EDTjz
get_EntryPoint
nJ<+
27h@
ValueType
JhTw
QEzvW
&Ssm{
dNws)
n^\|GR
!jRq
VZZZZZZZZZZZZFV
pHYs
/ HAS
"h&R
T~S
k_b9C
|# j;
fq-RC
eh`m
`5B5C
aVB3h
xw4T
Y5lP
#5i2
YT[WB
+&&0
WiFL
prS=,
}.;`!
(Yn1
}a;l_EE
QwB8
a.&
V`K\5
i= hw
"n}q
!aaaa\\\\\ CCC 3HHHH
ffff`
15.3.0.0
xwwxw
@BCv
[d+~
68- D
z[ka=Q
wk;*I
<`w m
mp!5@
ha7r8
ItMC
"ReJj]jq P
&!,9
pJRd
Mlik
bwB9C
t<dsB
2d6Q
|\V
bwB9F
a>BWC
^tY=
<Y$2VQ
U64dO:0
d/^I
GQVDQ
QtB*C
~ke d
2_f}
&0f6
WNr3Mmh
|h\1h
z/`YN
a}jcC
iU &
iyb>Q
Q10HR9
}^|5
SVzp
Wj}V+
gD}d
c ?|'
/Vki>
2ee0;
"^_^^X
" rh
|]nM
J]*9
Array
width
c-zY
ZZZ`ooo
B9I[k
/k97A
:!i
35a&
@.reloc
(2 }
XFNy
awBfC
~eku
?dbi
ny^F
PKqG
Ruc`
k w9C
'vm6
lgW3
iAB
u{o=
IawB9C
!K8eO
.Zf)#
0k>A
Z@_r
6WC5
EHf3
.or
$O j
AsBw?
Byte
SaNm
kT2V
(! G
h9c!
iSHS
apB4C
S8Wu
sn_+Z
<jmp
H f9C
^QojP
2"!%
`sD?E
h?Nd
;HK9
a}6 C
0e0-
;h^^
y8B~k(
System.Diagnostics
EOg4T
^\
p4(|
jZEo$p
g%zl
{ `~wRV
wD,Q
fpA+
OOS@OOT@OOT@PPT@PPU@LKO@EDF@@>?
a}808
WCBl
bH$M
knjcC
ncR!hX?
16SZXr
"awB5C
!!!!!aaaa\\\\\\\HHH\\\\\\\\\
nu=0
aRud
nTA2d
$>b"I
< ,i
IT'6 Mm
k}H3J
AuC*C
}xx%
&*I%
2GnXM
4M0LU
h2f48
"}tE
-U4P7
+?PU)v
~wStR
woUo U
pDwB9C
}'b\2
a3B<B
_c0&
GYw$
I.B9I
) Z
asKBT
asKBU
)znH
QBM2rDE
JJ*
>,O,
wZjR
u7F;}$
R1'J
V Q#Y
_ ^Z
%%%%%%%X
DDDDDD
Id%,
Es?#a
>^DMs
}kF9B
eawB;C\0
iu_%E
"P-~"u3
a6BJC
cJ3<
pE#>
<O4%]DAP7
NuP\
IjZg
~0L6
3L9 ]
sjZ+b
1byv
kK#J0
ME
RuntimeCompatibilityAttribute
awH31y3
7%~+
agmq$
[mJQ
T7:
0KNo
Y5'M
IckR
vy3B
Assembly
{vI7
vS#f
&lh?c
&&
\Ht?
lhbw8
5. <
60oF
,7f"Y2
]q{f
~wB3k
/.pN
iySqR
rrr`
byteArray
>2lW15
mRZ/
iO3f'glw
h_\x
C Ur
System.Drawing.Size
V1g&Yia
GGGGGGGGGGGGGGGGGGGGGG
TO|F/
dWC;Q
g;#I
`wB8C{5
41C3
SB9E
SuspendLayout
g'8S,O
P e&
a/C9C
_w1ZC
Synchronized
~Q[,
z8[(
XR^H
0GF*
8A8c
2e|V
"I! -
#]Q?!L
MoJ
Q u'
"RWRRP
Application
n=%[/
zRa(|
X0+2
A1\[
Ns{V
&1A_
k_c"\p-
awB9CN4
\"<F[
set_AutoScaleMode
#wB9C
cwB8C
kNK.
:]v9+aOE
a}jdC
w~x$
*g;
Gw5,
sp_w
;t[n
|zxS
wB9C
wB9G
`Vy=
wM\mt
&!&p)
1.X$
@o~| E
`vP$@
:H:(
ZYLv\
GG>g
Id"l
"Vgggd
awSJ
/B9I.Q
m&jX
t_Ya~
ewC7M
ewC7K
j j~}
/xq'
wt3K
r $7
defaultInstance
awB=C
"XWPRW
G.[/
kh LD
n]l[=
D+}u79e
m'PN
=xBf
hNa
tS F
Rej"
wd=T
$ab
;r|(
,`Gs
D`wB8C21
\adO
sbJN
3PE?_
wXL1
8oSP
ORU4
*o$H
gWB$Q
'YA
*X ;
FontStyle
6"'5
2T/c
Tp"L
x
K
Rd,j
+'WH
e/C?C
`H}.
\AqH
qAgp
<I:S
E~J{
v\A/h
O'Iz
"d5=
h1:%
>(g$$a
"PrQ9
H6Gb
."U!p
,.e]
<<<<<
e(*3
))r]s
@H[o
faIY
L"r s
F.O-
eD@oZ
C@
{^w#|
oM7R
2W9i-M
<
ResourceManager
9S`8M
`Ih
RB9G
]Wn%f
x=:$
!D1Z
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
!!!aaaa\\\\\\\ \\\\\\\\7
KgtrcXC.Properties
wawB1B
>Fq5
]]]]B%%%%JJ%%%%%%%%%%%%?">WB ]]]]%%%%%
kqBDR
FAF{
raQ-U
G<[
qA~ED
awDGO
ContainerControl
NWF;
0L A
dR8M
auB1B
%lOC
i 4
Lo=$
!tW.W
<F1.
%%%%BBB]]]]%%%%%C55HH
awDGj
HBL!
g_ 9C
WzvB
V GfL
k|E?U
ePSzy
`_v
w_99C
+On{
a\e){z
JD&
a2B9C
arB@F
.V[$t@*
[;i4
k` A2+
TF***************
W+*f
;;;;;;;QQ&&
,q\'ON
`k*B
0 i
!
7^-_
Y9?F"
*o2cw
{"|f]+_
\\\\
V(q<
Pp\
a*B8C
&M}e
<B91
7t$lY
awH&L
C<0d
{^iF
;s- I
qiIE
tawB9C
`vC=E
nJhG
JU1+
KuBk
Lc#sr]]
-]IU
B8^c0W
zY\pxQ
-Vg3
[B9I
iwB;C
aeQ9
$+C&
%plU
I B9I
<.(j
yITHRN
$ w~
)V6g
:se!
u6H?C
a!B\C
eYB C
<v<|
Em S
awBA
7l 1\]
,s |a^?
ewB8C 4
Bb^C(CG3
awB9
a!B.C[0@
6hq
a(BpC
Z6FgVgVkgkZ
Z;:8
g83l
qwB;C
&o<
GraphicsUnit
awB'
?x7/">
zrr(
I\55
_u[('
mR {
~:wZ
3 :-
set_Margin
bqPIK
422>
_gAzQ
O$2
4q9wW
MM U >
qD|b;Q
kRNX
zz:a|xy
B 4j
yl C7Cm=
fsc%
{pbc
RwB=i
z<Vb
KpTRo2;
LK]>
_Fw:
dv{I
7L(s
|oi1@h
awC11
RZG E
m0TEps
5;555555;;;;;;;5555
a}H?@
gwge\)
q/9C
RRR`aaa
P)U &7
awSGu
nIG
awSGk
Kz=r
pxwwxwwww
wB3Ud
@IGe
@"&M
\X<x
[Ag{
Q-X5S
9TZv}g
v[<~
C;/&b
.fF@
XWX`PPQ
InitializeComponent
C"0R
4/8+
VXBoy*lyr
QvB>C
GAUZC
/>yE=
o+q!G
`B9G
avB<D
riTo
wvgz
.]v8
C"0q
*eAs%
|Ln<
j#F('v
B\RbI
eS.%
XQr-]6$
<|Hg
e]B*s
3eJ
gAMA
DDE$
C 0I
`Hn
awF(U
=CRyx
""8y
awF(Q
nn RX
> NH
dHz#)
<}}{FC
awF(D
Class1
!CN(z
_1E_
fd6[
?QR)
_*M((
D4rt5
.cctor
SHT;'
")))))))
.gSR
!$v :T
set_FormBorderStyle
mQ|~'
QtB&C
5R"p;
mscorlib
v`O
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
du<4.d
R&{_
IaB9I
m4fE
-ewB:C
OUsT
ioK+j
x TF
H[-o
psjSC
8wB3E
=\e#
#haG*
aqj&C
|3wB8k
lisK
cwB9C
BBBB aaaaB******===*****************
9k+u
q rf
w2I;
RQx~
VG% }
awD2h
4t<}s
bWDyW
% IM
N,X
U>|al
YF<G
aui6W
apB$C
gV6kkkk
JNf[_N;
wy4uz
(5Q0q
c@}
Qi?P
K S1
x)-]L
DebuggerHiddenAttribute
$H#9
$$ 111]]]] II Z
@yG&c
Vx9R
9~[?(
? IU
Nd *P
2&X{C
HOMv?D
>z;n<m
K+6]
System.Reflection
tG?ucB%
`wBVg
GavW
@VwB9Cm0Q
Tro?
,46G
444444444444444/"0Q&&<<<<<<<<
zB9G
Form2
iWbS/
k}&K
nnmllllhhhhdd0
84oN
h^.92g
:Jz9
KQdDla
# NK
KwB*s
auI9@
2r1I^
:j [
k}K(k
gA`#
'o`'I@&j*
Jiwd
zUJ,
jIJF
QrBNB
(+]x
nnmlllhhhhddd0
"AdR
Ir5'L`
%` B?C"1h
50FO
z$!R
BWUBDFE
}1Si
aWB9C
Ko1%
bai9o$
g\P\)
gH @
a1*d^/
wv!I
G-P
hWA;S
9: %
shu@C
Ti5s
Pt i
9)yhm
mW6Y}H
)=[b2
KZ_K
w&c
PiS$
vfffffff`
iFRKN
C}7)
&I%V
auB$F
III'
D@=7
*.(
~gK]%
V*nz
-NTc
a'B9C
<f&LMm
+gt[~
AYaK
@Z'9
rIMFn
OOOaYYY
!->Z
psqB
.@I9
oPN\
kL&FVU
^TaE3
loQi
awB C
> rG
0VP]
D.,E0
a}1aC
#d-}
3}qz
'X[E(}
."A}
>m0t
Y0zU
%EP<
10deb5d2-aa82-25.Resources.resources
=)62S
"KM"K
E/xK
E/wk
Io8=
5DDVDDDDGGGGFDDDDDD7
q!^]
aMPYC
&wB9Co(@
aNB#C
j!>&
C& %GO
}k=O9\
Cb0X
agf9C
oawH
<wB3
psS<k
{l&9g
4t#X<
4d1k
/FK_
a6pXk
T_A
}zu#}
zEI0
H,gE
23ms
@X)U
6<)%
t Lj
/@f
3System.Resources.Tools.StronglyTypedResourceBuilder
i5Lmo$
sB+P
p:EXC
o `~
sb5P.
get_Assembly
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
;)>m
!!!!!!!!!!!!<aaaa
]z-
oG?Uh
-g<
wB?,a0
buffer
F?Q|)
q 2d
sjL+b
I u|
V!hY
91z8
cZ;:3
"K@4
Mwl9k
crC9C
!This program cannot be run in DOS mode. $
{LQ[
JYt}eU
awCV
du>f
[\ V
8WGH
VyWF
U!g-^
uwwV
Z+B
#;;;;;;;;;;QQ&&&
^@)9
5P2"2
Iwm4
Dispose
/$ _
k)kO6
aKMCC
7,>8
aGG9C
x44w
6ddZ*(&%
sUR<
$O@f
]KQ
3'/$
w((
otD+
8~i^
TGu t
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
4xA%u"
'&`h]
\=:)5:
BIky0
E;llw6
4j3
R1x=
PK'9
v\8C
$: j
1hqB
llllhhheddda`.
= "8
hE{.
U f&7
YYwV
set_ClientSize
-i=
,>T?
U|$ M
Wo"NR
hwB9C
0P O
=@t:#
VGGGGGGGGGGGGGGGGGQX
4mJh*V
J4d f
b",% j
#&O
?0HE1
S>c$z
5TW5L#A
Z1$o
fqjUC
tM/d
O>,M&
ahE9C
?~Mr
0&$ c
wxWA\c@
/X:
z>i
T?gJ
avI!
Zqb5
@xwwxwwwx
~ FX~
@xZzl
~'>o
0B iK
,iO
get_Culture
*wB:C
t-v|
8o]D
BSJB
Cw&
J:9:+
+_LY
QIeG
pJGZm/
_OaOfml
gvC<F
S EG
$awB*C
jawH
o_MF
A'7[/
UBBBBBBB
`wB2F
mX o)4
a!B.C[0v
,NUz
yDXy4",a
8zyK
"` L
qMv
B~P
`e"=I
-&G0S]
<ii\&
hro
vp6zuF
1G<^K
|l5d
H H9C
~fE(
dW35<
flYn
;*mV
|_}hR3
:Ge6
tih
SZ3-
awiV
GwRuC
t*XX
kqo?0
]]]]]]
^;pC
cy^1K
KgtrcXC.Properties.Resources.resources
@AHb
n Eh@p!
*aYBnC
)peB
N4o!4
U3wB8
9|H1
Jy#Qh
*dp"
\EE<
C:0`
yA9h}8
UtR<
``wB>E
phwB=
u!:-
; T%g8!
STAThreadAttribute
ag|%+
PK]5
DhgS
anBMC50
4/s@
[uCp-
zH
/Eb*
Fg5m@h
CtyMQ
N +G
}w}Mb
)tM`nA
a_J9C
atB;C~0
A4?P
bwB C
a9'A7
#,@4
OVJ
%U_7
dwB4C
Hd!
Q[wO
=
A2?(
V S_
LZg"u
To,K
';L%
DLZp
+lmv
^fQV
!BM'
)?5z
qnnnllllhhhhd0
aPs:
|~(#
.IDATx^
sEY+
awByC
avB,F
*Mc<
biTo
Z{
Uv8(\
}jE.
"J1F
jcC&
&" }C
kY^(_
iwB9C
+Jjy
?gm_>
(\ig[
XPgEq
@Kf#
<yv!
TTT`ggg
rVH?C
( d&
:-]&
ZZ]]]] BBB@@BBBBBBBBBBB
7Dtv
'xkyopv
?{&$
a~B!b
!B9I
^Vv:;m
NB;6>
}kp@.eaR
B8[hi
| 5 9
]]]]
ZM=wU
evB90
cah;k_0
I"B9I~
WWWpPPP
Z/Ic
qwB9C
wwvf
l 2:
]]]]ZZZZZ
'3jG
gT6gggggggggg
G]sb
TiL2
dgdgse.exe
Rlu#t
* W!
bzF
c;f6
X 1
agB*C
aoB7C
K)d;
tl :@s
iBo5
\]^o+
unx"}W
qmEXC?
evC<F
N]7j
;# DS
h)KFJw9
G#3k
}tqnnnmlllihhx
:5S\
wO3C
awH*F
=#z
6!Z&
P#&`O>1/S}
p_A?R
8=bg}
0e-N
iH7 =+x
CompilationRelaxationsAttribute
muZ>{
:(>2
&E h4q
SklER
axG9C
'x"!
#4 ?
j(WF
ppppwwp
4h:u
Ib:3
|m_gS
xwwwwwwwv
F?mq
wwwff
3qBtE
Y9 +e
5d+F
\L>K,
|_.Z
YdAwR"{
: 7g
vff`
Bs<0
/xpDB
&IH0
avB:C
;W@p
&LfPB0*
d\tdW
q$^
z11)
e[^.
f=QVr.PKoj+
)w:p
!!!DDDDDDD5!
wwwwww
dW%P
nw~)
od'VB5kq0
u'D]v
arb8^
)~5V
awB"s
+F-D3 Q
Y\>ZG
%%%%%%BB]]]]%%%%%:&*5HH
B|zq
b#;y>b
Fp:M^w
dCCc3
kL+1
xTUu
x HiZ
avBF@
"?ks
iQB)
|j:A%H
XJUc
*F2W6
gqE9C
gT84
XL<v
WwB=A
aU!B
M`@&
G(fX
*D93
":m\
3;W"
"ATQ
k+CD
ZC0yqE
k&5C
IEND
<Lw'
4.F*K
mB+H
b4@fM
DawHJ
i_"'
"duj
>L]4
ksHW
,et#
%cOz
cwB;C
C?CE?@
8MYD
{-u =9
x^@"l
components
`uD?D
MZdtN
62s_
zeP)
!c~A
t@z
wxwwwwww
gajBC
B?C>!X
t`cn
klA6#
]. o
6e-
iaQ0=P0
awD(K
?:>2
=V*+
;c ,E
a3B\C
P~Q/
15.0.0.0
,H#K
~4hK
#pb8
!uo'
^Xl_
pO=<7
t__a
=Z ]
X C4
f3d}r
C$rk
S GxB k
q?f";
.{Sw
O5!K
97#T
awS/T
a6jn!
' [3
KgtrcXC
SY&U/
8U-*
pfLE
%on@y++&j
kVH?C
NNO-NNO
!!
p@EXC
!5!;5555555G!
fLEuJ
}R[J
vT:xL
I<^
av@`M
Hga@
=X`
\a}J
XuK5f{
P-oC
!!!!!!!!!!!!
:|iG
h_b9C
1Dee y
*O[h
vawB9C
{rV0
avB8B
`wB=C
.Yt$3
IOb\
B+HJ q
oI*3
dwB9C
-))
Y JE
qR:e
Main
dwB9J
!*wYA
q|qB8_
:0`0
wB?@rb
*R~w
Ik~~
$#Sc,
CzmWB
xwwwwww
)^_>
n6$D6
wwww
l7v[6
UtiC3C'%
7YW:/|
YzWF \
wwwx
AssemblyFileVersionAttribute
al0 PV[
yV`PKl
sBIky0
oy@;A
drG8B
@q{$Gs
vffffff`
'] A
GfRs
&%z
o)*r
6;u\
:Jw&A;Y
p[Bs
J{e:
O^5c
#6!ST3,
Ac%
&G`\A
,
:'M+
V1cYO
O@e%
aaaa\ CCC
&DSSA1
i3KT
?q _3
@z}
w, En
4K%
`Sc9C
e>|-
ly nN
0-Sn
kF.}
M; I
awB#C
2{GJ
,"r
BctE
wK9
y5gg
Xqf[j2
)xec
bO,Y
Icon
f!WF.
~,iJ3/
)aE`]
uG(C
Fu`=
yD9h}BL
-g_S
avB9C
/@-E&
mvlul
r?b3
+R?????
%9"'n
BmQ26
fT 4
uF.Q|
_}]E
B(C|6
ag\K3
*F/,Cv
Sk~RW
anBa
JJSB
MlVm
y&|X
<81=]81
b(W
qq;G
S+P8
n McR
-fEa
tPSE
($4?
0eCDkVL
l o,xn
F4@1
TCw
cL?2_+
wwwwp
__StaticArrayInitTypeSize=16
Ty=9
wwwww
kAU@
resourceCulture
f=afNj
N@_]A
g[~.
^4 7
Font
;;;;;QQ&&
mBo[
NgdtaF
oyL7F
95Th
G=LY
fpBIky0
WWCw
Yt7V
btkF
p(1)6
T.vap
i'JJb
@\mJ['l
cwB<C
awBGl
y{gD
xr+J
B[d>
_CorExeMain
h}B}&
9x4
a7B9c
)f iz
$M(yp6
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
L]HY
g8888?
k*u6D
}/@<
2,y/6p
N^vd
vd
awB1c
>Z`
%@^v
W:;[
\\\aaaaBBBBBBBAAA***********BBBBBBBBB H 2
`ek1@
B@#V(
aaaa!!!!!!!
Sk9|
5b\2
UZHh
InitializeArray
gpB9C
m9;@ W
w2X7
awB1C
Z<iS
C?0`
+g|@
v89
E'y4
7eJ/
pt__a
wwwwwwwwwwwp
awDKx
9*I F
s4t/?K/
Sm5`
lAq?
jMd1
goIR
aTBuC
Ggz g
=2ES
vh1C
EditorBrowsableAttribute
(fKu
asS4\
~lM(v=
s^@*
:{[~`
S9YXTT
d*31
<+ Y'
]!!!!!!
/%Dt*Y+
t1b/^
aaaa!!!!!!!FFFX
: o
kwA$F
zdvK9C
}T&L-K
avQ,G
g <v
i`~W
SST
GGGGGGGGGGGGGGGQ]G
`vL>C
dMLGD
jB3{
!wB8C
5;M&
`h|`
@wB9Cx(
resourceMan
Xm9t+
D% ^
KgtrcXC.Form2.resources
v;}(
RHh$
B8Xt0N
x`](k
Ejm^
:enw
Load
`RE u
7 B
Xx%0
K]1b
5hg\`
$66a14754-e350-45b0-92bf-dbff75448130
3Ty0
HUJ,
System.Drawing
L9c&
:w$DU
&[k`
BmP
"vt6
aMLYC
`wB;C
\<"
THEpoY
/;?11
S$?{
B%BBB ]]]]%%%%%5H/
i hn_
awDGP
+eSj
! iLL
0)vJ=g\\@
d*0&
ivB1C
wxwwwwwwv
]B"s
>A9C
a}UJ
)sA*
e[E(G
"RRPPM
\ 4sf
aTB
vDsb
9999999999999999
xh _u/
ijG,Q
F:Gm0
Hg<A
F?mmqqt
dsADx
"'U=-p ;
!!!!!!!aaaa
k6)
K-^=
(AX b
yNR)
q9k @
^FZ3
S%&
<&({
'>@F
PGh "uq
0bwB
6l^2g
];;;!!!<<<<<<<
C?0O
~?c2
}. X
'*1T
<y#x&
HM#m
L|#@x
n/}3
c_X9C
C80h
66 f
]k&O&
nqB
dHa.
NgOh
c` "
Gw(9
{AL-US
.99OO ====(((Y!***************BBBaaaa********
o.NQ
K` ]NmB
!XB;;;BBBBBBBBBBDD;5
Vnh?]
Object
xwwxwwxw
m56l
XqwB9C
jl^ D
wxwwwwwwwp
ComVisibleAttribute
W%44
N 6G
$Cna
M} F
L)`A
wawHV
{hD;
. a`
3%<YH:@#
'P#fX
s_zeQ5
oMXV
.EMd-
}$Ue
s^J7Q
xwwwwpw
+w'
b.[c
aqBZN90
0t/)R
Size
?P,y
wH9C
wxwwwwwwwwww
Mw7Gw
pQg
%O u
$h*2G_
ZZ\KKKO@KKO@pnn
EditorBrowsableState
T'^8.
h=CI
MethodInfo
35N{\
NaEB9C
ewC:K
awB6C
CultureInfo
68`kG
qVhY
b/S`D
M*S9
#
1.0.0.0
B?Cd
\v;Y
adB4c
ph_?
Lm ta
*******
'|b /
TNKo
Form1_Load
<0II
I 4v
4n],
Mj&
QtBkC
KzJ[
nv |
T?#+
atBRB
cfV;
s?:
~Jd
Ed'$]
D184
TV5{
ya`
a C9C
HP<A
55bw Q
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
Pf& L
evC8B
ewB;C
awH2
avB8C
g/H:
0)Z9
o&r-
sRGB
9iz$
aoaq
,N~
$k'c
q!9C
SMct
7wCHN
zmP
add_FormClosed
ZB9E
rljQ
$v'
=ZJX9k
?c
eV9Q
/rPg
uD^O
qiL+!]
1~jo
QuB C
`wB-C
8[|6
auBRB
HYHV
wwwwwwwwwwwwwp
aVB=C
x+{q
]]]]N+
/(qb
&kAv@
e%C?C
aaC'B
pppp
J nuNp
.6N#
kI<e
#aY+l
3@qL1
ppp`
!T<nb|
_.sw uC
^c}lc(G
AD C
wfV(G
OG5<
YpS~-
P[uz
rf`1
AB3s
@6+w
D!!!!!!!!!!!!!!!!!!!!X]
aQD9C
0)H@
3[%]
bY#_
?>sO]
$]$]m
@wB1Co(@
DGQ;G
9 I0L
7BhD
t`u
wvffg
ex[
!|2E
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADR0
wB?P
&j 6
lt*/t
LrC
<`wB8C
}"Jl
@dG
FormStartPosition
KgtrcXC.Form3.resources
d8} o
K\l4!
xa00
6.^,
16|7
)@Lx
@4w QDS
`P)}
ffffff`
1+U&
S\y/K4
4\:
=|J^A
G Q
LWm1
\\aaaaBBBBBB*(((****************BBBBC aaaaBBBB***(((*******************>CC BB aaaaBB*****===******************>CCC
avBRB
ib3B
C*~<
RuntimeTypeHandle
1u A
aaaa<<<!!!!!
%B9B
[lw
o|}0
[aaB
dwB;C
c2GF
a61J&
ojL<D
vLdH
%<\
?RNE
0~jo
+kQ\x
aGB C
nmlllihhheddd0
+.B1
^3fW
^av
%2[~
"ii
GuidAttribute
x!;@
,o0r
p J`
y6m@
~B=P
<L"; `O
[`T~
o,yHUg!
wawD
VhTTp.6U
,SAd4
/7vt
@o.-76
9HZ]
&T%w
B%}U}R
aaaa 555BBBBBBBBBBB
Ti4dC
wwvfffffffgwwp
g{BPS 6
{ysc}wd
H5BX
%Q~KD
mt"#
`vF?E
_ttr
awl9C
$;J7
#G.>a#
|(Fb
f[O{
Cz2!
7% B
a}8(G
t|Qn
c#X>k
`v@?E
>HL$
MTk=
)B9B
w\]1
R;'m
]h>v
a^G9C
Oz
keRg
~p$@H
CC0F
`.rsrc
aw'/5
\5.n
VKAQI
Vn`
x9<*
awB!C
w!!$v
RAP?
XLI|B
{_lT
)duX
0A x
Wf&B
_p9.T
5;5!!!!!!!!!! ;
dSdFSi
k}B3N
V-.
Z+j0g
{ Zfp
qPu2
Js g?
set_Culture
RwB9Ch0u
get_ResourceManager
PU!b
sFd"
Dn7O
1OxXC
FKv{2
y\"gF
[fYg
AwB95
sk^uX
b10N8w
}hBD
?=e2+V
ry-}:
cai~
awC"s
{'>9&;
,f]B8S
!6 !
P,;0
t`#/e
arC9C
C 0A
1q`^8ud
O;SN_}
'Ms#E
N3b
b{*:
=/'C
~w/ 4
C?q U
5wB?e
K:"I-
C 0|
(CkE
Gc1!
c
rx[:[
a6%
vpJR
pwwwwwwwwG
edB1e
c'UD2
g f9C
MtGXQ
A1H1
2{!G
Sw7g
mbwBNC
3~jo
Hck6U
awBJ
b97@
wwwwfffff
mllz
Aa^WM
a;B\C
O4QI
r|T*O
+1&#M
CL0A
C?C>(h
E]h'
Iuz$d;
=s"41&D
~Qhfk
<Q4
5 ^%
`dO11
(3)>)
>L%s
$D|Ihr4
"X&A
*;JiAw
8<>>>><7
|rJ)K
222222222 aaaa
rA4d]
:WU]
d`:m
a?JrK
GetTypeFromHandle
%?
@G)
K!.u
j S
[P8H
,M0`X
9:D^
Nytywoherae.Resources.resources
$'MA
0/#|4
Dgn P
s^x7
j cc
hefZ
[$$ 11]]]]
leei`
<.o2
6,w`}Y
%9O{
rBIky0
iJ?#j
Q%Bq
ENp=t
Y;/'
sst_mmm
6RWq
_^]Wcb`Vec`Sda_O\YVIRNK$MHD
-B9B
gqD9C
66M1
wI,O
{(Ts
1k%O
&*~e`
wwwwwwwvf
gvC8B
2awB.
wxwwwwwwwwwwwx
I$Z
MZ9U
LVfjn
SAN0
RC0@
`wI\
=csBG
oiC?C
)HVx
J:?^
$QY$Q
cY )
Ovo/
!?hi
(=2)
=wB3{
?*+,
wwwwwpw
HR|E
bwB
w4X/
awBYC
?)1H`5|
4Ob$
DA|f
P<L0K
a}w5
oawHMA
\\\\HHH\\\\\\\\\\
|vw=!U=
YHs.
_R #H|
RF93
lEwB9Cm0_
System.Runtime.InteropServices
d*e"@
6`FC{C
~)Nx
eBS!
wwwwwwwvfg
K$m|P
Cu# a~+
FK;A+
STv6
ajB<B
o Dk
G=(<x3
T*Qu
snJ+Z
a40\"
ppvtwwp
VFFFFF6
M$ =
9"~\
4 Bn
a B?C?0F
C00i
s g{
`wB>E
]E~j
12oA
3@ABDH1
zb+
AAE65
M *
Wb9C
(ABj
(v$x
4WD<
PYC
D"OaU
d{"~
GwB9Ch08
dv:F
p)]9
i_59C
pavM
8d\G|y
x0UA
a*E9C
7J {
!_og
<`wB;C
`a^&
kVH?C
v T}o
Qd5A
=aU@
set_AutoScaleDimensions
bw'3
@;1%%%%%%%%B]]]]%%%%%B
llz
x <
awB}C
To21
@HEH
~ ?$x
@fsW
#gzq
/9we
a}d08
awB:C81
E'V)
E 1Y
Settings
>B9E
uOL
[gH
a{d9C
awY=A
[?,E
([?r
LL<@?
`ddZ,(&&
5V5!!X
set_Font
/JWC
a}h*s
a'0V
OE"A~;
eef`xxy
c"-g
Z-Aw
5555555;
dwB:C
a5.V
N]X=
Ib?m
Close
7~jo
avj`C
O=Ln
!!!Q
'ogyZ0
ph8S
*4R
!!!!!!!!!!!!!<<<aaaa
:vBIky0
KUV18
2wB3@
Z s
01}g
,pkqGL
K4VC
vD|4rU
91H&
.@ t
gJ85,
uEBh
avJK0
agB.C
vw2t
|ZUZ]
oT(}
q`[P
guC8B
xkA
2+LkS@
^BT
C@0_
NZ n.d
};S5+
avC9C
[V'$Z~Mx9
N?'i
bWB>E
6`xC$A40
n^r1}
PAwB
'0V$
a%'^*
DS1/
!*ty
HEO\q
#k@$
4pit
AvC(
<Module>
AvC+
!A(l
fE!24m
qnnmllllhx
9t+
GeneratedCodeAttribute
_MhEj
vNHl
.m%?
awB&\
Y8U0
vmx*
a?yM
N^:#
ox @
B9I
OTI^Oo
\RuB@
!!!!!!!!!!aaaa
.6@5J7
dc7BK
value
SizeF
ewB9C
avL$F
AtJ$F
P3[E
O)./
m{JB
?8k66
?-c~
*aqD
:[R5
awB:C
qF0n
w rn
5"A{
uB9B
goVC
svP;Q
awC4=P0
?;mk
awH0T
c:(k
ouIb
r=o{w
d.<M
P(&
FnQ1W
N7n^
*vKo9E
1o$
MVa)L
g9oc8
#GUID
B.r
$6@/
w46'?
awD:0
U(5r.Y
C`0l
awC9C
1`,O3C
vQ=s
98 RBmVA
*:8-O
u'i]
J%U
g &M
k[B_*
)v\
< BBB ]]]]%%%%%H
e$7j[
G6^p
3@Hd
gV6kkkkkk
' U[B
5^0X
Qspg
HawB9C
L Q d
3F>Z
Ou@&
sm?gP
]17
`wB9C
yB9G
5lAM
)z Z&'Y
Txf3
4%%%%%%%%%%%
lbW&
ZhW@F
s?Z52
U>nQ
=wB3{$1
9GI2-((
aRB9C
/E}X[K
'a6C|lbb
1111
S+"fP
Sg0|
0OOq6
99;[X
TnJw
g@m
D4UB
YmiNk
,JaQ
i3o
=U_2+
%VZ-
+ ".,2
Uge<
EventHandler
FKn i
avP K
tawHGQ
XiwB9C
-fL9
A^If
Ii9"E
Q.r~'
pzj:C
g!7o:
@K4l
GICt(S
awS9C
-]y>yY
YIh9;E
D>=[
B[y:
kL%`
~$[u
ewB:C
IWB9I
?h,O
l:L43
BK}t
SSa
k\Nu
disposing
fAGb
VI}n
ZC .
DQX-
Hef
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
DAo|}
dwB=C
{Iz
~JsX.?
M#J.
a#7t.
C:7]
kvPmG
z6lZ~
G 7
?;Gg
]]]]11111SS1111111\
7O%R ti%_n
~i~p
Oha7 ;Cw9
&aTBoC
o><O %Ln
C10`
FgwPS
hxX}
5?cKw
irb;B
C10w
C10p
BoN(Ecs
{)SC`
gez<c
#q_|/
ie3B3C_4
TQ[
KgtrcXC.Form1.resources
]to+
.ZxS
nWzS
a<HO
:{`
B/{(
33D7
O>M1Z4
N n$w
&~ As
aOSj
m*- 9
*R-X
acA9C
;,Hs
J$rGT/
set_Icon
System.ComponentModel
yfhU
Kav[
R_<Q
3nS&
>B93
GP f,EiO
dPB`1E!
pBIky0
nG}f
[]1&,r_
|<*B
awB'C
GI7?
C"Op
\T*"
Vb:x>
bawB2C
vhR->
awB9CC1
J%
WJy?i
qnnnmllllhhhex
j1G|)
~G6,
)t[K
4.!i
guB:C
l1^, 5
\5>&
1\c!
[zZ"
t#z6
`]6v`
*2NJ$
mykey
7IM_
S+-u
<&&q
=oTzI
%F
E Z
J^d7_
0?HIrj
qq53
}wynJn
:1 ,KlU
gf= =VI
KeBw
aEB$C
@_xd
5:hF
AB~l
Sft<A
* hr
-FGd
InvokeEntrypoint
Culture
m@6^
B7K_2
@XX'
System.Windows.Forms
a1FkB
,<eY
(aHv
>B9I
;dwB;C+5
H<S:
c*PJC
orjuk?
DS ~
xadC9C
aaaa!!!!!!!$)
CMN;5P
a~B8C
Io0T
[$UO
G6f0
Jars
System.Drawing.Bitmap
$k(f
Y@y
20i0
c-TL/
pEJ>A
CG<.
IDisposable
qCo2
Yq G
XWV-
P`q6
rrs`
wH9N
hVVf
F >%h
Q5'b
`qb8^
/NYE>r*%!p
koIs
}awB)C
ax U
T4"yA
yM?a\
qOn/
>,Bs
aqjXC
mFam
wnnmlllix
!!!!!!!!!!!
zz%Oes
qXv\9F
$$$$$$$$$$$$$
?81
4BFID0(
fSB}C
xdI&
}xni
atB)S
\M-U
iyJ1^
kmH9C
w&eh
awB5C
vBIky0
YenF
awk8C
XcwB<CF2
sE"S
ARkz
6\8;
get_sc
Z0u(
/;hd
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-06-07 01:41:05 2018-06-07 01:43:57 172

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-06-07 01:41:05 2018-06-07 01:43:57 172

4 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-07 01:45:18

Detected family: #Ursu

TheSystem Itself @ 2018-06-07 01:56:01