MalScore
100/100
MalFamily
Ursu

tif.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 24/67 Related 2367
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 355.00 KB (363520 bytes)
Compile time: 2017-08-24 23:03:57
MD5: c5474ec51c52d1a42fd7a6e4202e5151
SHA1: 49d893c0f7dcf360c040a9d128f876b33b7c0c27
SHA256: ed766ca254fedffb9161f834274e5f4d8f784ad6d86270108536f59e52942b8a
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-04 04:57:02
Last submission: 2018-06-04 04:57:02
Filename detected: - tif.exe (1)
URL file hosting
hXXp://narenonline.org/tif.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-03 23:04:03 [24/67] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x57e64 360448 477e6bd866dcf8e8bfce50072b1934db 67111057762345c36723183bb31c02d25831907f
.rsrc 0x5a000 0x618 2048 b7a836d289b3bfc86d3c44df7b55043e 799c34cc1eadc172d88d78e7e3c3e0c74b320ed0
.reloc 0x5c000 0xc 512 7c53455cda11208a48c313309e5bab9f 95f91dbb388e2a2b28b2ca601a21660a662c67eb
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5a0a0 908 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5a42c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2008 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: tif.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: tif.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
38f8efad-8791-e97
38f8efad-8791-e96
38f8efad-8791-e95
38f8efad-8791-e94
38f8efad-8791-e93
38f8efad-8791-e92
38f8efad-8791-e91
38f8efad-8791-e90
VarFileInfo
38f8efad-8791-e99
38f8efad-8791-e98
Volatil.Properties.Resources
sNU
Same as in FIleDescription
e2c4a01f-40b1-9d
How is seen in task manager
Z0Z27
@78
FileVersion
tif.exe
InternalName
Segoe Print
:7<O
1.0.0.0
Random comments
Company name
StringFileInfo
Translation
2008 - 2018. All rights reserved.
Assembly Version
Comments
Copyright
VS_VERSION_INFO
a7f0c20c-a19d-d7
Form2
Form1
mon
FileDescription
LyO
0.0.0.0
OriginalFilename
$this.Icon
LegalCopyright
Form3
bc4519c8-fdeb-060
CompanyName
000004b0
ProductName
ProductVersion
MP<3C
wB3U
wB3P
wB3\
UnT|
k]B*s
%irBWE
3]9lN
gZbJ
g[D?,
Vjh?f>
pffffffffffffffffffffff
wB3I
PNG
RuntimeHelpers
NE,C
7GI4u9
Fg1i
Rgzw
awHV1
*oy7
M`~+
XKiP&K
wB3f
`6Xx
wB3e
4Q ?A
ZX i
wB3k
wB3i
Trgc
M<o?
WQe/#YY
awB;C
F}f
Bf\wF
a%'X'
MAgu
c}+N
!HZm
Volatil.Properties.Resources.resources
]"Rp
Z~
<m)
aGB:B
F;K-
Wh [a
h+gg;$
u'jI
?tj2
~qi
fqg3.
fffff`vfgwwwww
sg8.
iqv.
ffffffffff
wB39
MqEVd
a4-T3
rtv@
fdm|
bx-rv
aqB#C
6`xC
"H[7
ffffffffffffff
=<777775422222,+))))))$
&0"
wB3@
b$iV8{
cqD>C
nwf0
MarshalByRefObject
*( g
c7pHu
U[ p
v*QS
Aavc
------
WwB9Co0"
[b[_
'0xz
\s,S
qUs8
JBDD
!a~
kqBLL
}D~e
e J
p\@5
9>|?
a2F9C
T;O<
x<5(
HeJK
aqD?E
R?.g
V3/[kvA
b|)D
yPik,
`wB8C
`YJ%
i 2l
1,8>_
2SuqO;
- g!)8.
SZp-
U`+6
'N_,f
'5/1#
}OpQ]
>f
VueE P
_v 8
(!wk
=z<
nRD}
'c$)
_>5p
aawBU
;a[c
<tjno|
aMLYC
f. 6
ns8M
-(|d
#chF]
c`7>
i)vx)s
a*B0C
iKL M
KUGcy7
yfeB
a}Q<cM0
Is^>
oGtAW
: <hS
System.Security
set_FormBorderStyle
0ewB0C/4
ca c
riV
a}B8C
FB9G
qa`x^r
&pK
#'A$
14w'
IG!}
J>!`
^nir
UT^8@
DfwB8CJ7
ppT(DpY
6 1-
2:Z&
G&vj
Tjg
ifn8A
zQV7Y
u_6~d
hxK$
q`"W(J
RJ<\
CW,X.
Yqc
Il (
dwB<C
@c'd
VPMKX/
IhHb`m
Rjm=v
z;s
nE s
gw@?^
LeEK
f<cA
SD.n
}CjD
lM4j
6E:M
EnableVisualStyles
hF$x
yGrBB
`vC;E
dY3j
=|,A\
@NgO
]eN]%&
4K10.
C>0I
kwB=c 1
W`RJ
> TiML
ty%g
D*F'
]l
wpmq
#Cd
awB*s
Hz8;F
4NY]"
5{gq
z?f-
w+W+
I.-H
@y'|
2h ^wJ
?*oZ
B jS
)NnpI
O|^+
z><gw
vfffff
iCxZ
& 6Ya9\[
wB8k
E4dkJ
a{B8C
a{B8B
IwTq0M
.NS
\ h0z
58}
8%ZMa
7,%K
&3p\
Z02j
,B9B
15doH
AppDomain
b9&$
o;bN
N/_1P
v2.0.50727
Zyp#
]Z:
lGYj
get_CurrentDomain
5<vb
=LEI^
}ihhhhhfffbbb```^^^^[YYYYYVVVVVVRQQ
a3B3C
#\woiiiiiiihhffYQQQNMMM????666
J1/rU
PADPADP
evC<F
e"GT
P-R:
4=EB
%`OoHJ
T3r/
Je [Uy
O#f5
awB8C
q?pu?
z"]u[
LG29Ak
^Qteo8Q
~kqS
:Z33=
awB8S
fwB9C
BCCGGGIIIIIC7777777777CIIIIIIIIHCB
asy9C
LH+h
#TS
S!. X|
gW@+j
|v>
vZd7I
3IR/4hDa
y$l$[
\aiJ
g[a(
WH{b
B<jg a|q
kpD3Q
set_Text
bIDATx^
gwB;C
[o&m
siyjPZ
-gH<
::,enw
e)o5
#"v61v
&yvJ
:rgT{At
aEB C
B"ap
p!OeC
"&?n
RL"
i;Ya`
^rsz
Control
r}4x
bix\
.jnW-c
shffYYQQQNMMM????
awH2=
^d70
y%X*
-(rS
ToN96
p[C[p
noxB
2R D
]2 )
&:F6H
`wB;C
)FG$W
`U8>
Sep
awS;1
u '?l
pawHCR
4cGDa
Type
9-R+?"
W jR'
"p<\
n5<d
J_6=
g9J&
ToByte
J6c~
Wor
R>sh
C`/lCH@>
{6e a
ft:
Nf r,
awB\C
I6L\
kdD(E
7G_%
vxs1
atC9C
}~12
HwB=<
awS;k
_[Rf
hhhhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQO
`e[+
`j &
RFd%
hYG/P
|r_<K
QM|w
^1of
3<YL
vwB?0
1-U'
<PrivateImplementationDetails>
Char
Form1_FormClosed
Y Iv@X)
99G"
'emd
Cn0u
c\LRE
hyA*B
Kv X
>1Kr
_l7e
NA!(
0oij
H-u8|O
&VS
g]u|
0e)5
d4U5B
%wB9Ch0`
\&}!
3x@V~
f9C
W`5N)
1*5l
wt4K G
\HE$0
J[N4
Gq7)
m+bd
s 8m%
\aEJ
~mhhhffYQQQNMMM????6
Wh!u
H`_i
: hX
Default
(oC3-
ok[2
D]N#
~g]LB
.tP(
a3'_*
7cz_
!+v(
$y92}7
aw]y,
<{`
H7D
Sjzc
8Cg
C)&$
r0*&
zgz_
H j9
PawB9C
MbG!
|yL![
x,E_
oBf!
g[~.
+3 !A
QvB;C
# sL i
D-=dh
.text
V{AJ
u*B*zzV
`g!=f/
Q(Laby
hmry7
]\|>
uT]^
v!- j>
sH+#5
a}b9C
j<3;V!
B4CT0
y?A
y$v(
|r[
*&Yw
h.AOV
Convert
]r\wfnz
,exS
;c/
U69r
AL4E
QoY
E|='
wl%n
*>#UE->U
IjB9I
J sg
ComponentResourceManager
.TXP:
m\W>,\0
WT'!E
ok4K
i`~W
])CPQ
l"F8
&;U
JVwtXd
[A|7 Hg
$BMx
|rW+N
P%vb
&c{78
}IkN
0#fC-v
o^^[[YYYYYV
>:uc
=IRh
DO4L
V8w3
ojG?C
%Mp55
d Pfg
NetL
O4*X1
C1G
O-FQ
p i
,HZ.
$E%O
avB1E
EvV`C
oA0PX
|k^$_
' wN
adB-b
iWA8A
ffffffffff`vwww
jzU}X
<L\0
`!U_N
Cu A
}B9G
b:*M
B 7+^
a8IYC
9$XFx
W 7P5
{m/dN
k^^^^[YYYYYYVV
w?T~.
|um2
=j0
v}hY
GpC?=i
u9V^
`rb8B
b*6|
nwoA
TA(qr
(&pY
a(BoC
R{q.=x
B lB6
]=N
D}tT
JYJyUI
%c 1
nwB=J
cB^Iz~
QvB)C
yFG,S
871o
M:#-
<$:m
*ZZOz
tP#n
)G F
awj/C
IconData
!(!9+
lhRak
zY H
_tK^
<7#1
a}BiC*
w0\"
"D9+.r
b{G&
`cc9C
a,B,3
}16 3
z.{JP2
dO Kp
7l;>
-*JA,@
E. K
=otK
!`3BvEg2
S3>4
pgwwwx
eWC8M
efG(U
eWC8K
Q+S
c(m ~SB
9uh;
f=#{
hhfffbbbb``^^^^[YYYYYVVVVVVRQ
pgwwww
B8^v0L
F6(<|j<
a;-Z(
Bu^EZ&
awH30
sfnr rX
dn =
Swf/[
co1\8
awF!k
O4-T3
wG<;l
hfFV
Sh0
JnA{
\5{@
awB9B
awB9C
q_{H
B8^|0P
%-*y
fwB8C
0HPQ
"`AW>Q9r
FaxF
sWv2
fx5f
fb``^^^^[YYYYYYVVVV
awB9k
?[ Hc<W
fJ^J
/5@.
cDBuE
awB9c
h+F
>(jd
|'|~
cCfc2
^M4o
k\(@
CultureInfo
dfB}C
gqB9C
s]y<(E
Qbk
n~"I@E
a}ivD
mH:H?tb"
height
DaS+
yhwf
Ka%u
R^`MP
!$6r
,*I-
d^(_
jS#K
[\Hcc[
H- av
d>yl/l
;=1
a~Uw
d7 o
@3N{
Program
3n55
=Fc;G;
ya3BLJ
VVVVVVSSFFFGGGGCBBBBB:118887
u7VG
`wB:C
t_Xa}
2[Gt
#taE
awi9C
%BD[
MYiwx
Xg P
prS=,
_[l/f
kuI/O
get_RawAssembly
;wB30
lOe
jz [3
\\)y
+C-5
w I&
bwB4C
[z{_
Mu[ga
.S1
dwB,C
+&79
2*?/'pFU&O|
.w}^
@['.
) f
9GYY
wawDV
vbsiX
`jG$F
BUX)
wawDK
sj@?J
Volatil
jqO5
ffffffff
STAThreadAttribute
k;Gd
hA~!
,wB?P
# R
Main
BN#M:jb
uHXi{c
awBqC
ZDUJ
pRwB=ihCw
iec%D
u~(6r
+~41
Bbn0
Zh(rBB
TCG^
15.3.0.0
fu-AC
ajG?D
.FOx
:3wg
#9iiiiiihhffYYQQNMMMM????66620
F0RfKQx
W2" )}
|@d+
0C*5
C@-j
-a[BnC
3}vv
Wq =98
fWA8A
mf\xke[x\YW
auC2B
0{K
awB9C~0
gwB9C
pgwwwwww
SpyB
System.Reflection
G3H(|{
q`GT]O:"
iqS<E
V$WC
(vs&
Volatil.Form1.resources
MOcY
[h:=
s6&j
z2QIi_
wwB=R
F]8A
U Iv
wrB,
e%Vc
0`q83J.
ffffff
+yf??
Pk{Gd
uwB=J
~/(
% Q~
h M&
o,yZl
iR2C 6DF1
F}D2d
a/F9C
agB"C
awFK
"oB,
4~M(
yoyu
E|cE
awB(C
RuntimeFieldHandle
iq_<K
sFW+n
System.Globalization
H1,
a1TkU
VB'Y8
mD_^+
w'Z,
tXt Xs6:@
8=l=
&*8P
9Hg+
agB<A
+"M/
\P52
V1<
x(}Ip
Form3
IHDR
Form1
0>t;ARc
e&C}C
XowB9C
k}H0R
e~U(
awBJ
X!RNY
:a_B
h@ L
IconSize
&*8}
&*8~
6fTB=B
}Yd;
#*H4
&*8b
bqa~z
qhY=2
[EiS8
$awH
J Tx
:Y6)`
:& 1
aeB8h|0P
pUIj:K8
bqPi@
4-]&
|%*_^eS
System
EventArgs
ZZl,
43 s//
I.8 \]
!wB3I
5B7|bR+!
w^^[YYYYYV
Hq`nb
TR*^$
}Yjx
~e&h
System.Drawing.Icon
get_ResourceManager
wawDGe
I`B9I
Jh 2
$&]|
" Q9+
(l.#*,I-
G]4
uA2D
]2nx
Ra!(
`|BGH
$fmiK&)
]UAT
0crC
w5>\/
faTJ
cd@n
*^1x
vffffffffff
&R0B76j%
_(~2
lnyltO'
WG/F
~dflB
aBB=C
zp90
MethodBase
wg9f
asjlC
"eR(
h=hAH'
awSK0
C+d1G
PE-BU
43qu{
MwB9Ch0
6j T
t<{t!Z
B8Z|0]
`4 /
w~w
s4Q{n
]67z
?awB9C~0
k#Jf%
*cwB0C
0"1GuD\Y
vwB=R
o2g@
V,^u
f49J
%awB8C
u?5(
1|='4
`Dxl
abG9C
.t2F
T@l#
}es;E
+B9I
/Rcj
/ki
gp|aKO
q}}}}}
| 91
a7n9C
`B:U v
y^&
aWs8
\p\g
=F>nJ
A3+e
C|Ohz
LE D
:%K7
mscoree.dll
I_D
a4-W5
"Qj)
s;56
pCXc
pfwwwwwwx
^OWbP
_}v'
z=E=
U-"x
S_ey
)pqBdV90
aYBBC
s{ B-
`Nh9
29W<i
a4#U/
eWC;K
474x
]:7;
eWC;M
Application
gLm~
wAb
;!(f
>,w0
=}"]
pJ8Sz_[
* n#+
DP3 H
p xc`
w4X/
fp7Ry
Fj@<
c^p
#?!Ax
hqA=T
GSG,+
>jw|
Hv8f[
s?dI
x{ s
.0D.
UkE@r
+@ E
_1v`~
- &
, D%
nll@
.L.5
.z$K
^'KJL
E/2]g
q"S!
2 a2S
*LIOB
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
rw uC
h]v}
vtxyn
`vC8G
`vC8@
`vC8A
`vC8B
Q
,X];_
TO8X
phhhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQ
'7m5zK:
=tn}
}nhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQ
ax
9zao<u
RYay
#3*1K
hg/,7
pMv>
`wB7C
aYB C
#_!h
."Y@
pffwwwwwwx
;iq!s,
B 9#
vf t4r
*_c6
g_K9C
&UIBR
>9tyY
)slX2
1wz:
X,'X
2 !e
kRT?,
_CorExeMain
.V F}
N5eAn
-b*s
,BYw
5nPX
L:W*z
vx6u
5\S=
nR!HxH
( T
q$)P3
D+-!
Ipxr
F\MB
FRan
~[S5R
scqSa
WHRF2
HWrEIZr
1 RV
ghFFNUb9
R?Lia+
u[QQNMMMM?
aAB`@
hW@8Q
D@Np
L=6E@&
Vi8
ucFB
vffffffffffff
@.reloc
iEkeQ
ZwB9Co0
bvL%R|
Aw_:F
pfffffffwwwwwwwwwwx
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
rXxBWz
EZM
C'0J
7wB3k
lwB?k
c {#
{ =_8wV
'!4
[V r
eM\B
l!2
Lk %
wB3H :
*|<W
(lCF
)9@R
7 -l
0obN
M"/aD
w1\7
ANXR\!
?M[y9L
w_C[
8$6
p{S,
uV0
5p<,\
C4&U
i y9
8T|0
%wB3,
0 *L[
%"BG
xafB
/a+t9C
~43{
#7)UV
} 0e
yQkG[
awC*G
awC*H
l;2%
qE~Z
;C%z|
\X_j
CG0S
}c_h\
F?7n
/ >c7T
H0gXb#
j-sK
`#:u
vy3B3C#0q
c~C%b
8X
|@wi
,Z6R
a%#W'
64w&
pfffwwwwwwx
1ZK(W]-vn
*a@BoC
h4cf
T LA
awB)C
wB?X
SJn:_C
Ob'tVN,j
QtB+C
D+ |m
kc|_cEIZ
wB?K
Y9C9C
{1G?
=FhoI
ae3BII_1
WNeWO
KR6`
4~Z@
y/[G
z4gN
B"(g,
?qxL
atB1C
wwB3
`]P_
vE+<\|
wB?k
gqD?C
T zN
gqD?E
o}{}
?=ZC
EwB?=
^s!
+b$ ,
set_Name
#389f Q}
awB?C
[P sw
e)@';
0 ,!
mHXB
X'P
~{91
Byte
atL7_
p@0[
.7S* 3;S &
avBMC
p1\E
vffffff`vwwwwwx
wUbX& g
EwB?k
IHK6JIL
wH9C
P _n>s
qUvzhM/
`/Zr
B8Z{0Q
2,h
\'Qd
!QPo
%'X'
J*i[7t
5px .
(y2jo
N^x"
/Yny
EH@L?x
f]lj
ResumeLayout
7.\L%
$.-F
s1 L
~"m!z
}%:6
awS&S
avBiC10I
XDwB9C
N->[
KQ;@
P`+5
)=? Q
a~B Cx0
cdBNE
S5U3
8!"i
&a -E
F?Q|)
&w<7
System.CodeDom.Compiler
eqD?E
_C3O
aRB8Xv0L
,A{JN=1+t
FO5!c
p4/y
SetCompatibleTextRenderingDefault
[GZu
74 0Wr
d0*H,
@ER=)
nA!_P`
" W7
{M{MU
K bPe
w]Bx_
"=\ze
~C(U]
g~{h9
G;*l=]
~>vm
aoBGC#0
*-EXW
H%F@
!H(c
W$SI
r9 '
kC)h
yo@0[
5K/J:
lyMB
3}eeC
*+7p
\z>!b^YSQ
%\W
< 0I
1;$8
8!G
Y1S
<dQ[
xc6
XJcV,
Ra!E
i_59C
x0UA
/yI/
wwwwwwwwwwp
#,9zU
.C%"
<qQ=
wbjEH
w[9]2K
`&DZ
FormBorderStyle
d}tNy
:ZxU]
}|Oz
_NrP
dWB+
VQ jm
FormClosedEventHandler
l'X-K
AcG'^bD-
XNMMMM
:r7'
,?\}
SFk~D
jfwB?C
C40W
$y S>a
EditorBrowsableAttribute
Y>f 9`q
Y5o7
C
msS3Q
&IT&
(h0U
"orl
]#-C
]]$Yx
aWBoC
8@3i@
sUtQ
cqL:E
VewB>CJ4
BLp*
B$;J7
pSt W
x*EMVC
\U7K-
*x2 :M9
Pq].
q\@r
d?}G
:x9y&GE
(>9y
FormClosedEventArgs
iEDE
+T5_
pKN_
YWX@YWX
$/[z
vB9A
a:.x
Z*;/
'r8U
[?v.S
Cs0q
/U[
sNJv
tqhi
ifGV
:zJ
4o=<
`rG8B
;YW,@
@uXv
KA6uH
7i'Q
B9Csu
awS;kR0
]OmY P
ffffffffffffffff
}wB;C
GL[6!
bqPY@
F}+f6
1}.ow
~~ D
(kmz
8NG]
D;`B
0nJ_

mu[3
ng*R
_ 3Z
aw_7K
nltil
O\}op
{dG0
UZQa
XowB;C
],. 3
vB9,
C$0E
[=# _
y.e+
w<? i
+ B;
5~a,
MmZg
?aLBcC
?3#k
C$0T
a}808
add_Load
pffffffffwwwwwwwwwwx
7bA;
BGZ&F
[ Y2
.}gD
T E6
BawH;,M0
SettingsBase
fb=n59Q
g%W}M
Z8rZ
rM }>Y
<vq62J%
2x|-v
Q;n!z
}]+5=L
L=vb:+
9ZY9
width
^>c's
N U3M5S
IDATx^
Ed0f
YOzQ
-o]%#
45m^
Data
<+^0
}5s$
)9?/
dgdgse
Q qp1
/_aD^X
"!i:
VIFt
~]O;
b~C}C
Nje?
"awB5C
H,dy
xtb9M
f@]2g
wzA
M)ABxK
'$GG
dGUpBU
6<*P
JP(9
n]Eq`Q<J0)
^he5X
EN4 '
soz"
pHYs
Uz0:'a
j=u*:R
k_b9C
!(-.-
`$sB
fq-RC
QJf/
=C {[
`5B5C
aVB3h
d3NV
Q[FWT
/7R6
gW+/
Q.8Be
NV w
+M E
QwB8
zOSiv
AD.bh
fffff
<z\^_w9
3cZE
>/a@
D{?O
fHK
:MeP
"lA{
Invoke
K 6j
vtD>
Resources
?hH9=
ha7r8
1 0
,|l>
k{zq
bwB9C
<.Ts
wA7)
bwB9F
a>BWC
[vb~
Y 8c
resourceMan
ON
U_W
QtB*C
15^zs
}<j(
R I#
.ygRS2J
/d L
U~yY"I
T"gn
a}jcC
iyb>Q
6M +
y+@eY
1CGff
@`{2G
N%=B :k
@.4a<
6"kV
8m |
$323b03d3-ea64-4cfa-baa0-b0287c48283f
l-m#mx
Array
WrapNonExceptionThrows
x99TNJ
l(^-BOS
U#*~
qNMMM
'NW2
B9I[k
lsZw
(2 }
MQ7+
/|y
awBfC
,Z/}p
!yv
nDX&$u
k w9C
oJZJn
.YOG
IawB9C
0k>A
Ij"{
0X</
^uD{
*}jr+|v
(LGe
VXrA
ss^by
SaNm
J>5~x
9IN
Load
I +p
apB4C
8 alt
nhhhhhhhfffbbbb``^^^^[YYYYYVVVVVVRQQQ
nll@nll
sn_+Z
C]]}3
H f9C
^QojP
`sD?E
O(BV
wfffffffffff`vww
w4 O
a}6 C
Ty h
f@W*'{l
s9J
P%e{
z d[
wD,Q
fpA+
!Ev~
kbb``^^^^[[YYYYYVVVVV
7a~-
set_Font
knjcC
ifffbbb``^^^^^[YYYYYVVVVVVQ
.ctor
D`,f!=
X Byw
a}g:,
set_StartPosition
hhhhhhhhhhhhhfffbbbb``^^^^[YYYYYYVVVVVRQQQQQ
3wh:
B3V
;*zS*
k}H3J
AuC*C
F,e\
XBE
YZ1`
cuL7I
-^8u
TG)FF
IzEcib
O m2
rUhh
-rGb
4k f
asKBT
Nrx<=^
pDwB9C
quBl
a3B<B
g T
hAtF
y8B~k(
YvO*
ox_{
XzMT
d( T
2#:.
I.B9I
[(y:
asKBU
tB1N
e|{OR
V +
>,O,
z&DxQ
J;Xn2
x@+e
H/Mg
k[CUNC1$
1V:F
%D1w
</N,p
}kF9B
eawB;C\0
~,N8
iu_%E
a6BJC
#Jx~~~
LC "4
Q1#*3
>56U
;pSb
Dx's
<\'(!#M
1TvTW,
fx5+'A
-!L{k
RuntimeCompatibilityAttribute
awH31y3
lWgG
-7U[Ys
@!h
% Q3U
(nXT
IckR
vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vwvffffffffffff`vw
}(<(F
%8](
Jdn-[7
<]`oY
(4T3
%q]L
|>'r
-*Cx
GFy:5
B/`!
~wB3k
S:/;e
iySqR
zjiiiihhfffYQQQNMMM????66
+wW[
_/:
/av11
7;Y
n%tJ/
System.Drawing.Size
5F3ae
dWC;Q
R5F$
Pn>~
`wB8C{5
94d7
SB9E
(i~9
-sb%
yRx_qR
D] 5
zc"
a/C9C
_w1ZC
HcxR
Synchronized
Form1_Load
*$=4
rCgE2^
bi('
)pOs
qFMqk
Q u'
^DD
kKLE
,@[O5~
kK9
'4o{
>I z
H#p)Vt.&0DLt
^O]gG
awB9CN4
KswJ
(BAK
v vm
hV=1
wwwwwwwwwwwwwwwwp
d?VZ
set_AutoScaleMode
#wB9C
cwB8C
/|=Y
puQl^
a}jdC
w~x$
*&#Y
FFH6EEF
@9$&
zVf^9
|zxS
wB9C
nmMY?~
wB9G
PNce
1.X$
U02w
s<nTo
{ yr=
]m0pJ
`vP$@
wVKG
WnkA
`.VP
awSJ
/B9I.Q
k'A8"uD
t_Ya~
ewC7M
4_"CH
ewC7K
EUCUI
defaultInstance
awB=C
\?s\
XDL
Volatil.Form3.resources
Jj.o
q0+_
o1j@
Vb7
\{[I(
59"Q
y?>n
Wh(!
Q&T6
bdIl
components
D`wB8C21
6:
8q
-q1rF5
xvce
gWB$Q
uQI
srIM
FontStyle
udAA
NGG<(
F&T>7v0
3+?^
>DgyL
e/C?C
Br-Q
9=V^
9[[Uw
- ;UN/8
[<<F
"i:oN
v\A/h
8:B`
vfffffff`vwwwwx
OkmC
%<.z
X J
EyL0
GzWSg
]bJ?
X 0
[y1~
[L{:u
GV5|
|[e1
p2-+
$2Jy
Idi~
P@|DX
&q
E``c
/= 1
ResourceManager
9S`8M
!g+Z#
RB9G
bmk*
@z[
bRe|
h9eza[
L{,
*2OD
wawB1B
kqBDR
BJ#S
raQ-U
awDGO
ContainerControl
^]C5i
6Ym^$*
h(h#WJ
mJQ'
auB1B
N6|R
i 4
^Da7
G8+
A}W]
>C7O
L?I_
g1Jf
awDGj
-sZu
dL )2^
g_ 9C
vff`vffffwwwwwww
/IDATx^
k|E?U
WFG&
R3tT2#
w *^I
pgwwwww
w_99C
+On{
)B&W
a2B9C
arB@F
F)&E a
vy3B
&iT@
qD Y
`nv$t
0 i
`bl5
atT)~G
'#/P
v/VaHW Ns
%C1C
Assembly
a*B8C
RO*a
awH&L
C<0d
qWDaqf
5& V
p` b
&`v6
$KfN
h[ Q
As@C
tawB9C
`vC=E
2?{EKu
_ @?
>U[y
(&?*
_*IQ52G
M+]*
B8^c0W
&28WT
gJiX%
[B9I
pRQX
VnKu
iwB;C
aeQ9
m@B^
$+C&
4uK6
I B9I
F9 vZ
:(8P
Qt}F!f
GEEP~|z
~w6,oc
u6H?C
a!B\C
CL0A
BhSq
awBA
_S{W
ewB8C 4
Bb^C(CG3
b0i9(
awB9
4>,Mp
) ~B
a(BpC
E[[u
rZW;1
Z;:8
p$ o
qwB;C
&o<
GraphicsUnit
awB'
qNZ?
<Module>
~7A5
AvC+
awByC
IO8|p
C 0A
bqPIK
uN?M
eue+
6G"Q
dG|o
qD|b;Q
R]*|
z@Ryz
a: .@d
G>KV#
yl C7Cm=
rY=v
RwB=i
SS~) ~L
>8LR
{8'z
vH_,
9S@2
ZELn
awC11
UZ8M
r`^^^^[[YYYYYVVV
a}H?@
2l)T
>,B$
u:0;
}Wan'
\?6(uQE3
P)U &7
w Y
awSGu
Db3# 0pWu
awSGk
PlK/fg
( vL
wB3Ud
7 uZ
Q v;
d}#Q9
na29E9|
Tfqi#_\}
=/"D
*HF]
V_w%
.fF@
InitializeComponent
C"0R
F4]N
`_2
lk:IK
1 ^]
m]}P
QvB>C
/o xo
SecuritySafeCriticalAttribute
R3La5;
/q3
`B9G
`B9F
8]#P
vB-B
5n Av
i<d1
C"0q
H)~i
12gZ
R*o
16tC
e]B*s
gAMA
x J7
C 0I
VhT@
Y>uDnS
awF(U
awF(Q
&t("
F7 +4F
7f r
!vm|
41C3
awF(D
C[$
yF&<
|U9W
hV %
shhhffffbbb``^^^^[[YYYYYVVVVVVQQ
SuspendLayout
.cctor
I{lH
Tm`W
m?ug9
Md]R'w%
QtB&C
mscorlib
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
x#+!M
;W`0
f|"d
IaB9I
,^+th
-ewB:C
d5Cc
: t!
GT|2
ioK+j
psjSC
8wB3E
#haG*
aqj&C
|3wB8k
u`X{r`\fb^
cwB9C
qj%y
svR=}
hBVu
LR|A
o3C?
awD2h
$!+I
{%g?
sa${s
hHxn
yX_J,aR*
edOz
JT-~
f}>o?
apB$C
#`|
#9iiiiiiihhffYQQQNMMMM???66662
@{@l
3|7'
Z'O&
=ffb{
xh[S
$'xF
W5Au

)C82M
P0x#
xQU/
@ Z
)PUl
x KeW
uo&z
~_,S
'Z3Br
:}%'9
z&h2
UL!]
;<$|p
`wBVg
ffff
GavW
@VwB9Cm0Q
! "8
zB9G
Form2
j5:yJ
[nA
:Jz9
Ua>D
[H%I
KwB*s
`&8jg\,
}FWXl:
auI9@
N8\5
1QSk
k}K(k
zw\a;
b+m9
,hX
-&~\
}"#Ri^
0.4r
QrBNB
!Ot
sender
U1jm)=D
k[6E
50FO
Rq{e
BWUBDFE
aWB9C
Ko1%
pxvffffffffffffffffffff
CoD&@^@ i
&s\o
{;\?,z
bai9o$
Size
EArD
K_1@g
;N-Oz
2zw^
G-P
r${-1
hWA;S
}S4A
Kl`^)3
[m"uq
Pt i
35}A>A[U
G> 5
5OLn{@
/Uzha
(Qo\
Ti_<J9
^}>Sy
C}7)
xaS1
auB$F
tR|3
yW/BD
}^}Y<{)a
a'B9C
2 y?
z\m7
C!mgPL p
psqB
%xYU
_{a]Q
&O-B3
5*NQ}
awB C
RIiZ
"j[p
D.,E0
a}1aC
#Hxxx~~~
aB<p
qAY#
? {o
rchzj
k`#0
\,x8@]V
rfYQQQNMMM???
C~U.
/2xa
f =.
aMPYC
&wB9Co(@
(]ca
aNB#C
Cb0X
agf9C
ec@<
oawH
<wB3
psS<k
;Ua
P`~M*
-"hv2
:0%&
u@Ap
C:\eZ
QC?+
/ [S
-/;Ll
\\]O-
4"Q.
g8M
eJ6=
MV',y %
nEPF
Bu/P
3System.Resources.Tools.StronglyTypedResourceBuilder
ijLA
sB+P
p:EXC
o `~
j [P
get_Assembly
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
V)ZR
/W!+?
= 3u
}>]if
wB?,a0
buffer
#3rU3
hhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQONN
eyw4]
sjL+b
xrR
urxZ
q~_tWI
Mwl9k
crC9C
!This program cannot be run in DOS mode. $
awCV
xs=(
j\v
e_:9C
<JP3S.
M<
EEc;Uf
H) u
CU2
a8A{X
nQEveJ
6a<11
YE:b
zS%u
Dispose
fdu,
'KFtK
F|T'c
aKMCC
aGG9C
+N5
lf\4S
@pD0}
8pHnZ
/ <T
otD+
j)(,_
TGu t
VjI1
f-U{
fffffffffffffffffff
: d-
~_zx
BIky0
6^6t
uFV}
OBb1
~6E]
uTG
D 2M3]
R1x=
[% C3
.~v1b"
v\8C
]3^eW
$: j
1hqB
jVP B<
T 2
Ha&D[
pp{[
dMxD
set_ClientSize
Q5&6
r;(\.
hwB9C
8\
e,%WUI
I~_J
-}|-
8f
Wvuh-
I#XS
5G@t-
n|.-
fqjUC
O>,M&
Rm Sc
ahE9C
/? 3N
@[ddK
_B)R
Bv T
avI!
a!B.C[0@
>w|[
*wB:C
JA-
BSJB
*Q7[A
Cw&
resourceCulture
t g!vA>
gvC<F
o1Q:92
oA~"f
Ka
zu@{UZZ
pgjB
$awB*C
jawH
o_MF
A'7[/
`wB2F
m@;7
a!B.C[0v
&#jt
pfffffgwwwwwwww
H*,*
vTMM
>1^<
$]d&
B~P
`e"=I
sT3%
{XK
D\V0Q
J|(p
?cD
H H9C
lIfb
(ac\
\ QhuPj
c"Q:68
;*mV
H9)=
\Qi
|_<? S
awiV
< LIz
GwRuC
;Yn
kqo?0
f7"g[
twOX
[jsz
^;pC
cy^1K
\^ :
WTNL
4u}Jy'
n Eh@p!
*aYBnC
)peB
ivtv
U3wB8
j[0K
x.M9*Pl
Uxj-
%st=
2<Xj
C:0`
yA9h}8
ra="Z
``wB>E
PJbm}
phwB=
D;rg
S7y
)-MC
b~rF
in3&m
33h[
~TP;
)gIn0
( ?
e)Hr
anBMC50
zn &
8(oGw=
G)J>
a"cD
C^N'
K=4
s: !
D9ljW
hl v
"WO\
a_J9C
5j2S
"Mk(
Pl]P
r9A5
atB;C~0
H qw,O
A4?P
bwB C
a9'A7
dwB4C
un>!
A2?(
XQi<7
Z~e*
Xalegy.Resources.resources
C{bj<k
G<|0
&+n
Settings
uY}6
p" S
sbJY
w&_GE
#h<lLk
avB,F
O:MG
<b4|q
*Mc<
"J1F
z.mc
&" }C
kY^(_
iwB9C
"lvv o
?![
8'KXrj
rVH?C
:-]&
s!.J4
M3Vs
s6?
W#%=
a~B!b
Padding
a rn
!B9I
b*X7
;i]5
@\mJ['l
OK"L
evB90
awDKx
I"B9I~
w[ZT
F'M*
#ZHi
qwB9C
\kq,!L
[1kG
Form
S4&"@
XMj9
k$dP
@]jH
SpAu
a>\i
>(Uo
agB*C
aoB7C
tK%o
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
,d2zwi5
~<$h
,/x>gR
t`oD
-i4-
Gg&:.
qmEXC?
|i^=`
MethodInfo
-B9B
n!EcG8k
wO3C
awH*F
sScQ
6!Z&
P#&`O>1/S}
t4O'
p_A?R
~h1`
PitB(J*?
get_EntryPoint
a'{K
-y:(
V v~%
CompilationRelaxationsAttribute
$yRe~sG
X(3-
j J7
axG9C
DP8t
LR;5
}b#m
!5%O
v^^^^[YYYYYVV
2 G+
nffbbb``^^^^[[YYYYYVVVVVV
Ib:3
4Zx<
4}_w
Q3-0%O
8Ecc
S!=ho2n:
7 w%
lQr3
"* (
dCs[<!
vfff
|(+$
=.;
CUNEA
O`B
avB:C
^YYYY
D~6
gnx{n
bS={^P;rWJ7cL@0P90$;
hofiep/
Hmxl8
V^f;
LQ){w
arb8^
+QIR
awB"s
ApplicationSettingsBase
pffffgwwwwww
E2aE
eV@n[M9R?6(0
_EGz
P7Z#
cfh_
avBF@
k2"cd
iQB)
F0NrA
Bx]^
c<8N
gqE9C
dyN
dC|?
R!,U
WwB=A
2A 2
_ m'
TtHjd
*D93
fGKK
A7%[
3;W"
.&5hGPh
IEND
F(YScD
DawHJ
?`)lN
K\pY+
#lA%
$i:W
xU3#
4/P4^
* e
:VP:8c
}Jy2
fffffffff
C?CE?@
&m[5
^L6~
`uD?D
v2+9
kV]1
Xs_ZD
4e)t
D"T&
%t*a
=ZD2
eiXW
}_G?
B?C>!X
%ws=
*q -
iaQ0=P0
awD(K
]k+
e&'&
a3B\C
{*mRl
15.0.0.0
|GF8
(?t^
t__a
B a6
=Z ]
y0
>ddQ
DtC4
]xb7_
k?Hg
awS/T
:,w.
0#NUK
SY&U/
z@3*
Ih$YI
yA03Xx
kVH?C
asB8B
kmH9C
p@EXC
jvu9%
@Jjk?,:
)5/RO
av@`M
uFaI*
j)V[$iSl
\a}J
T"8R%
SpU~S
9`7j
*w8H4
P-oC
+O*t
H ng
h_b9C
vawB9C
?4S>dx
avB8B
`wB=C
uGC
l3rA
avB8C
dwB9C
:|
%.nM
dwB9J
kK]J-
q|qB8_
dEZ?
wB?@rb
(T4|
ErXEx
]"t+r;=
Z}P7
GD%N
JnU%
t^}(
wwww
;-C6
k|=.
UtiC3C'%
Volatil.Form2.resources
-)f.L
A5sC
@$D4e>
8i<D
nB]K
AssemblyFileVersionAttribute
"Ha;n
sBIky0
@CKZV
oy@;A
drG8B
DKsmo
> c7A
dM4AF
r|T*O
"^]M
rmxc
J"E(h
System.Resources
Lf.rs
n]~\
#h=U
oyw)
:'M+
KO~ J
~IMH
x,4^V
k9C
m$m(<A
EBQE
dW6*
FY C
`Sc9C
fffffffff`vwwwx
TuXJ
$;'+
E0UTr|
awB#C
6pW|H
wK9
7gj&]/
gako
S~F%
Icon
NJ1,
#/[E
Gr*3c#
Class1
GetObject
yD9h}BL
avB9C
z.?d?w
E1`%
.tlv
O\DI
kYQQQMMMM??
Z}Fv}
r?b3
`?f?
hhJK\
sAn
B(C|6
=0{
W4 OR~$
l Cd
R |.v
wh-W
J]Tv<
P42s
)@f{
O`PAD^
JEJ|Ck
!^Jvd
3Ik3
vpw`
Aa2U@D73
wwwwp
__StaticArrayInitTypeSize=16
T%w[
Q=(< bpO
9-c!%
P WF
T-Q[
Font
b\b,MD
l^b
oyL7F
fpBIky0
Zz 0
nF@8
.<O@
-7:-
cwB<C
awBGl
xr+J
l!VM
String
0{%D
h}B}&
a7B9c
=KQZ
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
D%U9
w6Hm
q?q4q+
AF4U(
O";T]?e
awB1c
2>?^
Ic&>
`ek1@
) _n
AQ (
InitializeArray
System.Configuration
gpB9C
Auzi
5;6(
w2X7
awB1C
C?0`
</W8
k7D^)n
wwwwwwwwwwww
0YdH
z5(\
pt__a
Q#dQ
cah;k_0
oa8
{5>e$
0*1ju
jS=+
w]gk
aTBuC
vh1C
!L.!
asS4\
iI2gI
:+>L1y
a5gy
:( eZ
9(5'
(<s>
v+Mk
JJ B
kwA$F
zdvK9C
; GFZJ0
0Q70
4NWWQ@/
(^k%
3 bT
=AKR
avQ,G
l3Ql
s\e{>
)gf[
dzVL
`vL>C
iT]k
O+uO
!wB8C
5;M&
wwwwwwwwwwwwwww
p~~M5
wwwwwwwwwwwwwwq
@wB9Cx(
')^S
9\RV
6m j
AZ>K
'8MB
5lwZ
7j`w`
9,%B
Culture
B8Xt0N
x`](k
G%>OD{
7,f a
T,oy
3#2<W*
6cX1G
VXm@W
JMUk
p.-1
System.Drawing
F}jB
z(J^3
F"-%Y
]:h~
ZE94
Ycf'
Y@!.5
!$u~
sjZ+b
kK#J0
TG&3 &oT
K'yyd
xJ:+r
YdDS
.7*1S 6
awDGP
!} >
n}lifL
ivB1C
_xK(R
]B"s
I`PYZ
a}UJ
WzD|%
koBGp
e[E(G
g=GE!
h:c)z
95uEkQ\u
P%r<
aTB
O'~
z]W}
ijG,Q
F:Gm0
+(!^)
\CnIZ
[";(
\Z2
p;zx
@:|b
[Q\&
5Dg2
XR*[8
dubr@
C$7^.\y
;p+C
=T8H
PGh "uq
0bwB
tc0)H
K));
41~usP
C?0O
yq=+
yV=Aq
GqUW
#9iiiiiiiihhffYYQQNMMMM????666
+E%=j
Cf@.^
gcJY!a
t3\5
c_X9C
C80h
Gbf!
fJ3_
nqB
dHa.
k>E"
MONi
Wn T
i F~
)f#+4
$F,E /
,Cv s+c
H;q
+H|,/
yC573
f@Y!-R4`
Vnh?]
Object
g~>u
SW~5
5Qk-
XqwB9C
XAV'0
vfffffffffffffffff
/ MY
4^3Ht`b
R Zh+%}
ComVisibleAttribute
\R!j_
ExS"
`vF?E
~ahf
@oGR)
h^P\'
B_W@t
Xd`8
wawHV
+zYY
K C)
4OJc
u{I
D|M ?.
g3Z
aedZ
s^J7Q
aqBZN90
=`)[Fd
.bXM
; bY
3=m6
M\zY
o5-!
{ztE
>#.T
#-pB.y,:
W@}H
{JPa
W:W2
GLT)(
I3o|
EditorBrowsableState
>vI
*~s+
G3< A
7,Nd;
NaEB9C
ewC:K
~kO@
awB6C
h)KFJw9
UE\X
}>y>F*
x|G*
b/S`D
|nDcu
aU<N$
1.0.0.0
B?Cd
u^Cv
.1k~
adB4c
%,>
FnYxL
3P[;
y0h#i5
f'<~TW
jjZ=
H#x-l
u)z-
]lC[
B{Z7&?
QtBkC
*+ ]
atBRB
`&mm
`V)o6J+
hhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQO
a C9C
644@
evC8B
ewB;C
awH2
a*E9C
ueJE6."
+!+,'.
7/xd
sRGB
TU<'
R"ca
Ev'{%
[_{?_
tX3x
**^x\
sl0L
q!9C
wH;
AutoScaleMode
-8N@px
-u<3&F
add_FormClosed
ZB9E
p3LH
Bpq1
:s8*
u[[YYYY
u+!V
!y7nb
pPE"
TO2L%
1~jo
QuB C
`wB-C
auBRB
=/n$Vhb`
|$-".
m5fc
aVB=C
JSX@
get_Culture
e%C?C
aaC'B
hhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQOON
6_g5
*jcS>rf
%cTQ
J nuNp
/|hC;
G q>||
vj2v
`,q!R
DNuL
_.sw uC
1l%5
~7_
wfV(G
0)~%
3/4c
bBcr=Yn<
YTdm1
K5 7
-b9 v
aQD9C
qx(H
z#9$1V
RRS*QQQwRRS{TSU{UUW{VVX{WWX{ZY[~fee
i`Q\h^MXf[JXcYFX`UBX^Q?X[O<XYM:XWJ8XUH6XRF4XPC3FZWR
5gt'
_ {\
]wd
@wB1Co(@
z}}}}
B- .
@C$ &
y[/D<
}3?Ub
(Y[aH
ex[
gP
6B7CB1F76B99023BEFA8EB2B530216F00916E4DF
5&gx^8
-b
7%.m
e`g>
?6jk}
@3C{
wB?P
lbbb```^^^^[YYYYYVVVVVV
Z[}m
mi?%zK
KM2@wp{
<`wB8C
"4{T
FormStartPosition
Fqe[
WQZ
d8} o
6.^,
YvBz
Q2/
pgwx
)@Lx
"zS_ejWW
`qYh
E0yY
fffffff
R ExN
nQQNMMM?
#>^
[\K\
}(Rt
pO<x
bQ:\f
K {)
Volatil.Properties
7 6>
avBRB
1tD%_~Al
of*.
ib3B
L gGc
RuntimeTypeHandle
9')P
dR/A
)W&NB
%B9B
ValueType
_wb8?
zNScT
dwB;C
a61J&
ojL<D
Z2(U
:K5e
0~jo
aGB C
fff`vfffwwwwww
Z}Gs5Q
MdCC
^av
i(kbc
3\1^
GuidAttribute
x!;@
N:2#;|
[Z]~XW[{WVZ{VVY{SRV{NMP{IGIwJIK*JJL
^04}
e~u
2m)f
~B=P
]@XO3lb
wawD
;<M!+
e) g
IYI^
@o.-76
U%cp
|IDdM
q/9C
]z:C
4##Y
'
<Pcb
Fv};
[l]7
yB_&
g{BPS 6
,\bc
WCBl
awl9C
$;J7
E*Fkd9G2
*PR(#l
Cz2!
H5i1j2
IqUc
a}8(G
Pze\
HR)
`v@?E
}kV.
%)))))))))----------------22-)
)B9B
~8*7Zz
PPT ;D
PuVv
yhpU
tay26
a^G9C
CC0F
`.rsrc
Y8^ym2
VKAQI
_h;>
awB!C
vvJ_h
1,dE4
sFRu
z%.w
oW&C
ac}PY
Jj ]
Wf&B
_p9.T
AwB9C
Pn]a
Xfz
l2F^
40Z)
k}B3N
< ^b
aLiU
ffffff`vgwwwww
/tKo)
lS(/5$}
Ke#O
{I7x
set_Culture
RwB9Ch0u
mIe"
KFta
FKv{2
sGWdY
^;=
AwB95
q$uN
}_:c
'G>=1
q}~W@
awC"s
2LGM
_#;w
,ka1
oT[2wg
TWVRz
_k,o~
,f]B8S
P,;0
6),S
-Xs2
arC9C
%5KpSr
1+U&
-Jn^
3_i6
pu;9
], '2/
IContainer
xK,@
#Strings
U$c`5
5wB?e
GX%l-
C 0|
l0#'
get_Default
>EwGk}
edB1e
g f9C
|<r&
eZa
1vM
EE/%
#9iiiiiiihhffYYQQQNMMM????6666
V 1i"G
mbwBNC
3~jo
KgSs
JC k
: `(
_'_h
a;B\C
M6 ?
~ W
y"`yY
Ik+m>+}
]=O6g
!zO@
p1RFv
crns
dsNB8
eYB C
C?C>(h
-cKd
-V!%
`dO11
2C_y
C \*
} m8
fv~w
set_Margin
|rJ)K
B$xq
{_R<
0vMK
mykey
a?JrK
GetTypeFromHandle
]W7u
5)O8
dgdgse.exe
$'MA
<+W'
Y0]D
gD" p(
U/q[
"1Rz }
<}Rh
hefZ
egHI`
dYYY
d2-5
HRMS
rBIky0
^Rq$
\ */
x[`zV
h/|u.;
;@U4
<~9M
gqD9C
66M1
1 $!K]>
=L1h
offYYQQNMMMM???
_#sk
gvC8B
2awB.
L q_
1g;
kIZ>
```^^^^[YYYYYVVVV
Y'lB
CYBR
CxOR
Arr=[
bxZ+C
RC0@
.~^,v d
`wI\
=csBG
oiC?C
{./v
CDMi
PwywK
AenXs
t- [
`` z
b9>{~;
=wB3{
fie{
"uXC
HR|E
bwB
e m9C
3PaZ
Z%-2
6";R~5
v 2V8
\2~_
2T;O
oawHMA
T>4&bMA0oVI6{]O:
o;q\
^GfT
^<Z";P
DHc
RF93
lEwB9Cm0_
System.Runtime.InteropServices
zz7w
6`FC{C
<mmcb
1]Q4O(
c^[YYYYY
[%c#
rv;K
1?'Q(
K\6w
ajB<B
o Dk
hFB(=c>(
snJ+Z
a40\"
0V96
mN%tY
A"lw<
^'Y7
a B?C?0F
C00i
H@+P
`wB>E
g2EkqKD
$T'lM
*E#"<
HyGn
!!&&&&)***&
sR9!op
System.Runtime.CompilerServices
zN&,B [O
D[6@A
wQ!^
Zu#Q
$IBW
!c:=
SuppressIldasmAttribute
GwB9Ch08
(LH%
gZRF
m'l@
EjZK
& l,
G L#
pavM
xh`C
oJn'
VNS`
awBYC
qY[;
$E@Z
<`wB;C
#>_b7
l SP
kVH?C
J`Ic
gZDJ
='{bH
set_AutoScaleDimensions
;1g[D
wc^
awB}C
1{4v
%nGR
{'r4
q{I6
a}d08
G0.c
awB:C81
:R{QST
Z_r-
d}3
>B9E
2[')RI>
a{d9C
awY=A
bNEb
jU>0
-)G
Yys+
a}h*s
a'0V
P2K'
ffff`vffgwwwww
K0PnY
fffffffffffffff
Y*+!`
dwB:C
a5.V
Close
7~jo
avj`C
6S 0
2WG3f
byteArray
+c_
-&0\i2
,\q9U
ph8S
#d)
n@*t
:vBIky0
e&8Y
2wB3@
H%xS
F&~^.
<G Wu
z -
YR4q
avJK0
agB.C
E7$-
`$(x
O{C~
q`[P
xls*
guC8B
t!co
8v>p
C@0_
BO Au
avC9C
HZb@|u
sx<}
bWB>E
6`xC$A40
*Ha$
PAwB
'0V$
a%'^*
@%zNd
3H;w{
9qSoY
AvC(
#Blob
cwB;C
Vv7fi@
(b$~
atiql
94>QxtC
pfffgwwwwww
CA-Q
Ir/a
awB&\
.PTD
u]`hq4
pfffffffffgwwwwwwwwww
X !-
hKn]=l
k#HX
hhhhhhhhhhhffffbbb``^^^^[YYYYYYVVVVVRQQQQQON
HNJ.|
DT24
g3:_
I2T5
08._8
{(N9K
value
&<2 1S
\GZV
SizeF
ewB9C
avL$F
tsnX
CLv1
l\Qf
AtJ$F
`Wlf
S #:j*=d
%` B?C"1h
os3a
*aqD
awB:C
Bp-a
C41$t(
uB9B
+e{
svP;Q
awC4=P0
8XRA
awH0T
cN7$( b
cp s,2u
pffffffffgwwwwwwwwww
fd!&w
;lz!
iENW
cT2#
dh%V
:-xa
{RE-
xu>
nI9"d
}Rq*
g9oc8
#GUID
$6@/
awD:0
URn7/*
C`0l
awC9C
1`,O3C
get_mon
&|p/
U{$ID
xmiihhffYYQQNMMMM????6
k[B_*
20i0
YWX@
~mnd
'z{b
und
KR x!
:L+
8u^R0
u@5S
PE g{
HawB9C
O3NN
O=Jb(U
)$,/
DbL,
jL:~+
`wB9C
yB9G
9uI{
m,\]w
\* m
|:In>j
Ic]K
b.v;8h(
=wB3{$1
hhhhhhhhhffffbbb``^^^^[[YYYYYVVVVVVQQQQQONNN
aRB9C
|#(X
gajBC
!+*4
Ucv`x
,JaQ
n}V(
EventHandler
fW1\
D)Nd
E@-C
avP K
tawHGQ
XiwB9C
O W TOH
0 AtV0
pzj:C
;*#]3
awS9C
{yT}
%frd
Y(_C
jZ# w 7
&"1T
ewB:C
IWB9I
GeneratedCodeAttribute
vV@y
Qrq*JE
disposing
gsp^
Nq^3J
+2\
Kd:_
CiPB
pp]u
J>Ce
dwB=C
M#J.
26eS
EB28
kvPmG
D)= K<
"_oct;
(Rw .
j5LP
s xu6J
8zdXl
Oha7 ;Cw9
&aTBoC
a\a
207#
C10`
%d2{z_
KOKh
irb;B
C10w
C10p
Y>n)
gez<c
G IR
ie3B3C_4
jEcf(
dv^\x4 '
vX:u
;KoU
&h8Xp
yO&F
cuZ$K
2v4C
n{T5
~]mi
acA9C
<b_x
zfq-
)-PO
set_Icon
s:lz
System.ComponentModel
)'zd8
jX!8~
L.A&
0L`"
N|xQ
Kav[
R_<Q
Je4
>B93
5 ;
pBIky0
^?;1
awB'C
l\aR
@KJS
C\dB
n#l
bawB2C
awB9CC1
^32>
Z\BRI
:G% M
T0WGv*
`;wHA
YkoF
zR#B8S
guB:C
RRd/
w1{$E
_nPj
q|<C
EbE|
cXY1w
avB<D
ff`vfffffwwwwwwwwf`vfffffgwwwwwwxv`tfffffffffgwwww@
[ 5
#J~~~
B*RrY
Ph-7
;>9s?i
aEB$C
i>b<f`
vfffffffffff
Af
zh %
8Kaw
FBm<
B7K_2
20[L
System.Windows.Forms
a1FkB
cso_
.:1]
C_Y1^
74. h
)86S
>B9I
Es4;
;dwB;C+5
*NX_
go}K
]Okz
{%>H.
#[Ev
xadC9C
B9I
CMN;5P
a~B8C
Io0T
!Jt~
+8,~
3Y0GY
zm#
System.Drawing.Bitmap
TgS\
%H5l%
teo8_
CG<.
IDisposable
dzCp0
_NFT
249Q
w!;P
Wf)^-
k'ub
wH9N
eQ.L
`qb8^
&]V)
/";^
OWrn
}awB)C
59f49a4d-3f05-9c.Resources.resources
cXpn
|y)xu
pffffffwwwwwwwwwwx
X$/v+
aqjXC
m iV
s9[X+
U' o
qXv\9F
fSB}C
-j1ZL
atB)S
iyJ1^
%);tN
H 0t]
r\sq
awB5C
vBIky0
YenF
FfZ9
awk8C
Cwag
XcwB<CF2
Y(:K
F5N
nF!2
b%7T
pgwwx
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-04 04:53:09 2018-06-04 04:56:02 173

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-04 04:53:09 2018-06-04 04:56:02 173

4 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-04 04:57:19

Detected family: #Ursu

TheSystem Itself @ 2018-06-04 05:06:02