MalScore
100/100
MalFamily
Ursu

inedit.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 23/66 Related 2243
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 353.50 KB (361984 bytes)
Compile time: 2017-08-24 20:47:16
MD5: cf097b9e16509081dfc8f2dbfaf4ef39
SHA1: f3b6a77921c0ba3013fbf321e3238babd144caf9
SHA256: 68865d2766925ac21a05289b54665f91ed02a42edcd21c80d3af33cec537724a
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-04 05:12:02
Last submission: 2018-06-04 05:12:02
Filename detected: - inedit.exe (1)
URL file hosting
hXXp://narenonline.org/inedit.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-03 23:04:04 [23/66] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x57974 358912 a279ad258d0b73be223145c3d55ac5c0 937456d3f53b3e883fbb3472ce8741fe790296d7
.rsrc 0x5a000 0x628 2048 ebc2bd5835cf86508455cda89952884e de0b6fd34568e313a7630a07e51e64e6b520b468
.reloc 0x5c000 0xc 512 07d05666941af6f0f079c074025c1d02 2ac3e3b32db509246e40d5467b7288ee62185b22
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5a0a0 924 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5a43c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2008 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: inedit.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: inedit.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
Possible connections
S^wGet}d
Assembly Version
inedit.exe
VarFileInfo
FileDescription
Comments
ProductVersion
Same as in FIleDescription
e2c4a01f-40b1-9d
How is seen in task manager
Company name
InternalName
398b2c00-e2b6-d6
Segoe Print
:?(W4b<b*?Dm,
1.0.0.0
Random comments
lfP
StringFileInfo
Translation
LegalCopyright
FileVersion
Copyright
VS_VERSION_INFO
eCK
Form3
Form2
Form1
mon
mAng
tdr
dgdgse.Properties.Resources
0.0.0.0
OriginalFilename
$this.Icon
0?.
2008 - 2018. All rights reserved.
bc4519c8-fdeb-060
CompanyName
000004b0
ProductName
a11eccb4-6898-d79
a11eccb4-6898-d78
a11eccb4-6898-d73
a11eccb4-6898-d72
a11eccb4-6898-d71
a11eccb4-6898-d70
a11eccb4-6898-d77
a11eccb4-6898-d76
a11eccb4-6898-d75
a11eccb4-6898-d74
MP<3C
-ec#'m
wB3U
-%\+Ah
V 5+6
wB3P
8 L`o
kFmd
;Rq&+;V~
wB3\
3d=W
k]B*s
>()4
gZbJ
jP>L
H=+]
g[D?,
pffffffffffffffffffffff
wB3I
?nQK|
PNG
w m[
7^g@
Fg1i
f-*C*;v
awHV1
~5L1
set_StartPosition
wB3f
wB3e
8$ C
1bt(M
p:`"
wB3k
wB3i
7ZI]E
awB;C
AX"T
a%'X'
v6`
aGB:B
ZJ45
8>YI
1~e<
|Jh<:
n(;+X
fffff`vfgwwwww
uBTQ}
:>rC
ffffffffff
wB39
MqEVd
a4-T3
D E/,{
P0MC+A:3
aqB#C
6`xC
l0/b
ffffffffffffff
=<777775422222,+))))))$
wB3@
z?L>
cqD>C
*8q'
r[TV
/R&x
v7jS"by
]Dk=
iJ2,
FormClosedEventHandler
Aavc
------
WwB9Co0"
5$#(
(5,E
}i%_
kqBLL
"9#o<n
a2F9C
,"aY
aqD?E
%;wo
`wB8C
7ji11
QGgj]
\rJ&
1b[W
-M`\
Ci2}
1nC`
~J@%
VueE P
x^%
nI3%
] FHfh(8
.JtZr
D2Va
aawBU
wq s
bBb
a+Qhl
! ,k
[$49*{W
pr :
aMLYC
r0V`(
wwbK
5i* Y
a*B0C
oq=F+
4>hS
yfeB
Ka:Y'C
a}Q<cM0
6/lD-
RuntimeFieldHandle
"-QT2
7ac
0ewB0C/4
Nt1
SwM$
a}B8C
x%!O
FB9G
GMiH
W,){}
]>N;
X (
6 Lg
EdVf
r OW
y}ro
:K !
]imj
*,\J
DfwB8CJ7
ppT(DpY
%RD~H
7; j?So
=f2<
ifn8A
^/ z
Lw!V%+E
$W)M
q`"W(J
Tr n
CW,X.
~n/:
dwB<C
- 5_
kQS@0
p1VV
D>
h*b0W?`
bjm
llC a[[
Z[Xk;
h*wnX
Mo @
gw@?^
LeEK
aAB`@
_4DC]
kw f
EnableVisualStyles
1il$
D&T+
`vC;E
NnJj
Zgwn<
Fa \%
20i0
=lxP*
C>0I
</xl
kwB=c 1
^Lf]
3xjg
set_AutoScaleDimensions
ZY0
glzl
MDq0
V8-0
H#^pM
{uG5\/*
*Vs)
bb:b
rDO*
awB*s
YD 3
q|qB8_
iuS!
],{M
w+W+
Jzja>
I- Y
(na
vfffff
0*`B
> )K
]RB!x
{_4N
wB8k
System.Security
a{B8C
a{B8B
px[BM
]gf
gLE4
3ckI
,%Kw
Y#4d
,B9B
WBaT
=zwN5
fX S
AppDomain
l[<gv
q bIqi
QXw(
bG|O
v2.0.50727
9bv9
get_CurrentDomain
}ihhhhhfffbbb```^^^^[YYYYYVVVVVVRQQ
>@c"yKDS
Y&M
VWcx
a3B3C
DTo[
#\woiiiiiiihhffYQQQNMMM????666
PADPADP
evC<F
D3M%
6*zL-V
ZBxx/<
awB8C
'58-
zG*
=#n3I
Qu>
^Qteo8Q
i2x:
#*t3D
rgJr
awB8S
.83 z
U;txuhg
%R8_
!:zw1
f947a26c-b49d-6e.Resources.resources
fwB9C
BCCGGGIIIIIC7777777777CIIIIIIIIHCB
asy9C
Ry%
gW@+j
$CMJ~
T@xQ
?\T
\aiJ
jVex
VT[{
kpD3Q
set_Text
3zGu
gwB;C
SbNI_$
$^s/
9+Y#X^mn~
SettingsBase
mmH-
aEB C
#}."
.);f$
r/b|
4}]12
H)~}2
#Blob
Control
v( Rm
/w%?h5
G!fE)W
(id~_
shffYYQQQNMMM????
BuUO
awH2=
^'K[T
S%PEg
j[B<
$FIa
SQbJ
X9wR<
'H0W
3e^2
}DfU
#{<Q
`wB;C
WH p
NHW:
awS;1
j']
vg9*
pawHCR
QBD[
Type
A<)f8
zEpO%;u/l3
8gIZA
?4DE
C`/lCH@>
awB\C
oy@;A
_D9sp#
kdD(E
/V-'C
get_Default
2 +t^0R
p,$h
atC9C
HwB=<
1>B@
awS;k
hhhhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQO
#nk+g
`e[+
BR:C
5|X@
;_$T
hYG/P
|r_<K
) Kw
;Ux_
^1of
vwB?0
1-U'
^]DJ
Char
Form1_FormClosed
fZ`_
3Hz)
C +qT7
Cn0u
c\LRE
3N@B)'b
hyA*B
15.3.0.0
v>*i
"tJa
E#Y@
iu2lp
b_? M
j.3m
%wB9Ch0`
=?)4
(i=o
#_pro
f9C
1aa
!vClb
P$Sy
/Q*O
<g$M
C0p(W
!gDC
i=ge
\aEJ
~mhhhffYQQQNMMM????6
`SzBks#
7b\`B
"?aM
{wTZ
[ Y2
C22n$
,kK<&`>
=P
ME`
\aET
a3'_*
knE>
VZ!Z
aw]y,
naC>
ZP1/
U3U|
ry|/
PawB9C
|yL![
URp^
m!D&
s|cn
cfE~
^ulb
LP^=P09
B#O4q
,\h-
Mw\el
asB8B
WrapNonExceptionThrows
QvB;C
tD4<D
,/)%
tGoc
.text
Auzi
&"m8
_c CWSJ
GetObject
o<n sl
a}b9C
e$3
B4CT0
X#gH
OF>WQ
h.AOV
Convert
Peg
'Vf
$+D|
qx^G
System.Configuration
e>m"f<
[&q)
IjB9I
E7':
k+x:)
ke7x%
m\W>,\0
F7eF
@nneL
i`~W
8Qg/#_
P3 ^
Fm\\
x6[g
q]|
ft%
|rW+N
b Krw
/hGUl
CG Y
&c{78
Z?vZ
qnl9I
x;Tvc
o^^[[YYYYYV
549[d
_a[p
h\JL
#^(
ojG?C
F$q(
[7g7
eu7#F&
CbhrZ
O4*X1
RUY_
p i
z>e&C
YxQW&
[v8r
avB1E
<{Z"
EvV`C
vF E
F}%)a
Load
/j3XA
|k^$_
pRwB=ihCw
adB-b
8^[
iWA8A
ffffffffff`vwww
dgdgse.Form1.resources
)}*`:
W.<BS
g1FF
}q
#;\}!
Kqm& k
}B9G
H<$(!
a8IYC
pX #2
k^^^^[YYYYYYVV
1U|p
i, a
`"]
NetL
>4\!
SC.
`rb8B
xU
0xE}
Y$n`
w`3`
u.n
a(BoC
a?ljX
h \
'nvP
cuZ$K
h ,q
nwB=J
>Q27
QvB)C
PCxJ
bPJ
~eU/
g\d,
*ZZOz
jGT@
[Qd 60
nG,X
CdViH*
?y`@
awj/C
IconData
!~b_
!(!9+
lhRak
C )A
1^tv
a}BiC*
w0\"
1[J6
`cc9C
0 !STD
Y& z
[!p
_tKN
(gU3
eNE(
!`3BvEg2
7X|D
pgwwwx
eWC8M
efG(U
eWC8K
mk'G
hhfffbbbb``^^^^[YYYYYVVVVVVRQ
pgwwww
bYk;]n]M
B8^v0L
a;-Z(
80$t
d^):N
+wgB
awH30
qW.=
S>ya
awF!k
O4-T3
_mgd
hfFV
\[U+
t,hX
awB9B
awB9C
fWA8A
br q
B8^|0P
6`Gc
fwB8C
M4MS
a}D}o
wDrzm|
fb``^^^^[YYYYYYVVVV
awB9k
p}%^
cDBuE
awB9c
NK9 Bm
>(jd
g +A
6Kg
=#Xe'
R,WjY
>4B@
dfB}C
H b
gqB9C
c,1?
2bwT
|(R2#
ER\&s3
rNjj
Uij7
a}ivD
*!/"
height
ToByte
DaS+
yhwf
s16yf
=^Av
MG84+
A$~:
'Jja
d^(_
WX2}&
Sr&{
+)cx
A1o&M
kD}g
L2o
DJPy
% *">
Gr/4
07+^6
$-Bu%
"-:\lUKm
)4b^63zC
)MUeg7
ya3BLJ
VVVVVVSSFFFGGGGCBBBBB:118887
{o0>
`wB:C
~,Oo
t_Xa}
_zp5y
87TK&
awi9C
b e3Y,2
-5!KThu
6G 0
kuI/O
JdDp4
WM&C>
<WE>
get_RawAssembly
;wB30
s$6k
jz [3
z"@
sy"m
w I&
bwB4C
dwB,C
9[}~
S3 L
w m{
3Gp{
dBAD(
?yP{
^-Mx
vjl]
c?Pz
`_kj
j|AiHx
PcTH
wawDV
Fh}0
`jG$F
wawDK
sj@?J
yM|z
IPK/
cEhH6
ffffffff
q8BW
oOz'g
8R W1
YYP+
,wB?P
l_:06
E sN
M:GV
x!_S
}:nvg
awBqC
19)(
iec%D
[?GV
gUT.
?B `
@'LCD
U_H}X;b
fu-AC
ajG?D
hixg
.KW;
#9iiiiiihhffYYQQNMMMM????66620
UVE{
FYyXs
-a[BnC
Tsk[
O1~8
^(w5
mf\xke[x\YW
auC2B
:K_u?
3<tC
awB9C~0
"**y
gwB9C
r4K_
pgwwwwww
br4<
System.Reflection
`2:D
Invoke
q`GT]O:"
iqS<E
0%2k
1I}0
1]:F
Z<)
wwB=R
&[av
`9cA
H+of
ffffff
Zr2O e]
b~ J
GpC?=i
C!}Z
I(H~*!
i:s%FY
Yq5;
*IP/C
e&C}C
@P k
"Y'<
a/F9C
Vg}/
agB"C
<^E*
awFK
Vejw*[Q
O)f`;
bRaU
iJ!EU
awB(C
wSe;
iq_<K
sFW+n
?fU}
a1TkU
]wT
VB'Y8
mD_^+
)Q
w'Z,
`~h-
FYgT7
4{
p(_"
STAThreadAttribute
agB<A
&%Y\
|>?)
Form3
IHDR
nRq=
7uF2
@y i
xiN5
9D2`
XowB9C
k}H0R
+10ou
System.Globalization
'lwP
:a_B
$f+9
IconSize
6l8o
6fTB=B
1u$h
phi:
odK|
UF~l
5$4Tg
'2\+
uwB=J
&*8c
goO
$awH
__StaticArrayInitTypeSize=16
Mt6"
\db
aeB8h|0P
[!8*
bqPi@
4-]&
0X<_
]GF&E
%B* ^6
/,|&z
&*8y
yN\E
Nh[G
!wB3I
I5HZ
w^^[YYYYYV
bIe'
edKg
System.Drawing.Icon
S^wGet}d
n.5
z.KF
u4>;[8
Nyzhekywo.Resources.resources
PG8y
wawDGe
I`B9I
d0YW8
L |$
lq0A
kcQ) gK
E_8h
M!yPL
)dLN
2C=9
.n:z
{'/>
{C"
`|BGH
46][
0crC
4.1y
faTJ
NK#O
KF]3
=:2<3x
vffffffffff
oBx&V
5JSY
U,'E
aBB=C
MethodBase
#Strings
asjlC
R^3Jf
]G1$
qpo#2
awSK0
O?|2
@7T
:^o g
B8Z|0]
9="
LU=[)
.Q R
X!S#
?awB9C~0
bS"O+
*cwB0C
vwB=R
HN>}
%awB8C
*e QL;Ik
u?5(
$9KhGB
abG9C
add_FormClosed
}es;E
+B9I
o5Ot
kZD[
yM$g
q}}}}}
?ya&
a7n9C
iUk
< hF[3
aWs8
R Xg[#
m)~n
7k~'
a4-W5
-n=
]yAOD
pfwwwwwwx
89pJ-
g*IWf
System
2:Z&
)pqBdV90
aYBBC
EventArgs
hZJ";
OlT;'
OO4k
yh1v
j5[,V-
U7 p
a4#U/
eWC;K
j107
eWC;M
Application
M^4p
>,w0
X^\s
N>"y6
cuL7I
#o|`N
% @{
< Vo
w4X/
fp7Ry
Uz$E
yqt n
;mz
\jsY
hqA=T
~J_#
,d`^H
cvqGB
A%W:
Co ,
Nj9z
CA4 ;
nll@
yPuo3
v*5'
7ZB^
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
rw uC
^KIJ.%\
`vC8G
`vC8@
`vC8A
`vC8B
B;hf=
-M-B
ekWWMR
U]w.,
F}8$
phhhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQ
PL3p
j$r}
i&KCP
}nhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQ
z@KU
ax
^\w6Y
E\ .dfY
&CQD{>
Array
String
`wB7C
aYB C
iQ .
.JE0
Nl5Y
pffwwwwwwx
pWT_f}
~ mB*
g_K9C
aA#Qa
ComponentResourceManager
cm[p14
cO4y;
rY]h
s X0
=6#A
kRT?,
b~,dpt
(C
N\ql
g&[)
=:_
KI1R
$?0h "
j|$ U
m<?|
~V;j
W_lu
n=G;
(mr|
g@bS
9r?<
UVGl
q$)P3
^sm>\
L?9a
~ws
DtqG
SZ|!(
~[S5R
("!*K
aNUK
U7{R
dgdgse.Properties
ghFFNUb9
"rVx
u[QQNMMMM?
-OWnm
hW@8Q
Tihs,
ucFB
Pvmh
Kh:[Iw
vffffffffffff
].J2
* zN E
ZwB9Co0
& E!
bvL%R|
Aw_:F
pfffffffwwwwwwwwwwx
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
rXxBWz
Au S-
~fo 3
C'0J
__NY'
7wB3k
lwB?k
=kt)w
_0HE
p9?K>
yVcpQ
ZBBh|x
wB3H :
Zoimk
uJ_7vg
l0}5X
pY,c
qNDJ]
^+ B9i
njm,.
VMNd
tcL\
w1\7
nm O9
ch!8
H9o
zaSHN
p{S,
' }sE
8d KS
Form
2EUi
%wB3,
xafB
Q{*`
/a+t9C
b\Jm
)ce8
4.s]-
noYY
Rzp8
j0iF
awC*G
awC*H
i!PW
Zhv[J
l;2%
LIO
-+j:@
(y4X
CG0S
|E W
Z\+26
5eex
*@pZ.,
%PWj
4v{bg
vy3B3C#0q
c~C%b
kU >3
k6_=
a%#W'
<x1
O s~
pfffwwwwwwx
-~V4x
*a@BoC
=v@5
Y/7l
v +r`>
[V:t
awB)C
`nW<%
wB?X
jR_3d
a9(Xr
E!|j
j1;JP
M+;%#
wB?K
Y9C9C
ae3BII_1
&wB9Co(@
,/yz
3~`l
{]RX
T7sP
95s8H&
4 |
^n-?
mq`
atB1C
wwB3
,^o=
\3#d5z
+$<Zi,,
wB?k
gqD?C
gqD?E
fn@\]
EwB?=
;$Yw
set_Name
Default
awB?C
43d'
m=Iz
O'm^D
.NE$Q><
IO?9B
J=vlL
X3d'
Byte
atL7_
~WPl!
3D_k^q
aU%3
e>]u
cmU+
_d_~
avBMC
o5-!
_5B
cZ[t?
EwB?k
IHK6JIL
wH9C
~kO@
qUvzhM/
B8Z{0Q
5:x%$3$v
$%=8LI
Lar g(+
vUTh
%'X'
b-Gw
'}.f
$3'&f7
4+S-
EH@L?x
!s=6_@
BQfb
=*bI
^{HV
\T?sO&Ro
awS&S
V=|gq
U9#N
avBiC10I
XDwB9C
P.&fl
Q'1j2I
a~B Cx0
cdBNE
qtX)k
u~T'
MwB9Ch0
F=K^
ValueType
La.K
1cOm8
System.CodeDom.Compiler
eqD?E
oZw0z6"@
aRB8Xv0L
e1Ksv
SetCompatibleTextRenderingDefault
J/pZ
_m{2
F3Vg
{og"E
" W7
I4&@
w]Bx_
_AppDomain
w iH
lc]
ysGg
System.Runtime.CompilerServices
<zM`
aoBGC#0
9%aF
*BAb
HMw 1>
R{~o
yo@0[
%*u J
h9sr
0K?)
F7$>p
y|>QI
7 :v
0*q j'
DQBo
J3Z)
6j|>Y
B2_;SI
/3Zd
(P7
T-PhM
,6{
D!uo
i_59C
T5T
x0UA
P-nl
wwwwwwwwwwp
H Eq
--rx
2J.F&
Ed!( 0
lJ%L
+OJ
hjA+F
V52k
FormBorderStyle
+YM,A
6F9N
dWB+
;cS<
|]7/;
XNMMMM
8a+W
D^o
C40W
O62L
6 +8tQ
msS3Q
4AzN
[Px%
OTAn
]:fi
,<f
aWBoC
Xw^Lv
e1;)E
WS z
DvSn/
cqL:E
VewB>CJ4
B$;J7
cuzd
\U7K-
^IP ,,
,n E
h@wo
e\`b7
D @K
@=$m{i
FormClosedEventArgs
52o:j=
_,;y
YWX@YWX
V;^P
U='+
N[t<
vB9A
1_`MI
Q9"
98`Fs
Main
bSy,
Cs0q
d2,a
ifGV
o 6!%
`rG8B
@uXv
7'My
B9Csu
awS;kR0
ffffffffffffffff
}wB;C
bqPY@
!rG |
J#o3
f4 nLZxOi
'S kgc'
S$~9
1^jB
uni2md

,j=Y
(Ycg7R
aw_7K
\bvn
yGf5
!YCg
U0'Vg
F`na7y.
E/-CJ
XowB;C
$H@
vB9,
C$0E
c!xJX
zB(h
Uv:[
mna
+ B;
u/ec
?aLBcC
5 eY
C$0T
a ~b
ioGJ
add_Load
pffffffffwwwwwwwwwwx
s(L2
8|l0
F?Q|)
BawH;,M0
kSF8
$>4I
xg7clJ*
fKu/W
O2.S
KFM<
r > F
{%I
F`G"
%|)Rk6
;O83
|W$Ef
D;2 o
0UEn%
width
JEWfW R
lQvp
IDATx^
Ed0f
YOzQ
B6$a
Data
_;L(IE
*e$dA
dgdgse
B)lg:oe
b .N(p
C>*m
?/Wn
:Iv<Y?
i_m<32N=g
~]O;
b~C}C
"awB5C
@3o0
9c_5P
>e;
xtb9M
f}Vi
Z<3K
(#Sc
<7Q.
get_EntryPoint
n]Eq`Q<J0)
6$~'
Ba.A
pHYs
.ctor
@TVI
k_b9C
,YYX
{qn\n
fc!H
fq-RC
%yF5
`5B5C
aVB3h
mscoree.dll
y4rD
GQPW
8TxL
(" 9K
prS=,
hu=I
QwB8
AxJ"
KW0j
0; $
fffff
;Spu'
BVI0
NrC+{
z6]K
E)
SvLA
c9)g
disposing
Resources
\L$*!
ha7r8
SP!9
j_k>Tx
z ,/
bwB9C
)Y>u
wA7)
bwB9F
a>BWC
knfEUM
O^]
[G>4
~ D2~
-0{W
c{"r
QtB*C
w{ y}
yPp @4`
5vnm
EJ0&[D
.nJ`-
a}jcC
uq g
!~oM
iyb>Q
1yj\
v tDS5
OzbW
|4PS
z2A
@L]q 3,r
sXs'
sNWF
$Z2nj
%epZ
!Y<
Jc{[
u bh
a7Q|^
qNMMM
yOIh
B9I[k
j;jx
5=rp
qs o
29s5
W3[c
@.reloc
(2 }
awBfC
7}R]
k w9C
$R7}
IawB9C
I?"`<
0k>A
!&;GH
7/?8y
c9 g(
F}$O
4 gs
fM+q
PE'Gq
W#g
SaNm
E3ceP
<\lV$h
TO(U
+[_4
hz7I=yV&@
apB4C
nhhhhhhhfffbbbb``^^^^[YYYYYVVVVVVRQQQ
s&_,
nll@nll
sn_+Z
sTTDj
H f9C
^QojP
"Lntp
`sD?E
DK.i
wfffffffffff`vww
a}6 C
J1u4r
XHG5
olzg
xgqMb
%rVU
>1]^
023[Z
tJ#eb
"}rMf
wD,Q
fpA+
,Gz6ip(
=#t aA^
kbb``^^^^[[YYYYYVVVVV
a}808
set_Font
knjcC
ifffbbb``^^^^^[YYYYYVVVVVVQ
CI %
736Y
ThW
a}g:,
XlWR3y
hhhhhhhhhhhhhfffbbbb``^^^^[YYYYYYVVVVVRQQQQQ
~Gjr{
0/K3
+% -N
w3(-
k}H3J
AuC*C
_V+eT
PG&nT
@N6L
E1;m
IY7d~{
5:N
KeX
pDwB9C
,!QF
a3B<B
N!%2
$l_
y8B~k(
|~ko fl
tW i
900&
r8.}pCy +\
I.B9I
T 4o
asKBT
asKBU
B$9U
x3z
>,O,
^ - ]
w)bMM
L6gph
i[B 1~1
k[CUNC1$
5Riq
b (
n AE"8
Q$!
ig|Y
r.]hH(
}kF9B
eawB;C\0
iu_%E
6d({&"
a6BJC
#Jx~~~
$8710553a-c458-4659-ae18-960814c447b9
.1@-
P'hK+A
}ibF
W?pOy
a\m0>t
5E]E3
RuntimeCompatibilityAttribute
2*df
awH31y3
cE86yjt
IckR
vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vwvffffffffffff`vw
F 36BU
Assembly
!OA
;d+R
S~3R!4I
/(w~a#
N E%
A/|_
a\>;
GraphicsUnit
~wB3k
cYtw
P{#G5;_
iySqR
zjiiiihhfffYQQQNMMM????66
1D:F
5;l$
w7^~
YVfVcyF
bH 0
System.Drawing.Size
6B7CB1F76B99023BEFA8EB2B530216F00916E4DF
3k?:T
dWC;Q
`wB8C{5
41C3
SB9E
SuspendLayout
blPCn$
a/C9C
_w1ZC
"Gd k
kl/
Q u'
NZWd
158m
kRQD
Xd0$
<<Z(
38mP
Size
$ L[
zoKq6&
awB9CN4
Oi-k
5[rp
Su$ky!
1891KV
wwwwwwwwwwwwwwwwp
ISerializable
)]BG
set_AutoScaleMode
#wB9C
cwB8C
XE,}
E TQU
a}jdC
w~x$
pTRcLo
FFH6EEF
wxBd
i:9
|zxS
F0`
wB9C
]K -P
fCc
wB9G
#W5 =
1.X$
aGG9C
krr*
`vP$@
61+F
6u-
@0Lo
'R
AvACq
d @kB
awSJ
/B9I.Q
t_Ya~
RWO
ewC7M
ewC7K
51u4
Rxh
defaultInstance
awB=C
f17$
m~w]E
+kd0
?]e*4
]~Y
IContainer
@d0`
wc1<
|Q{Pn
Pq *
-H V
components
D`wB8C21
=6e>Z
g}xSQ#
A{3U
*} qcIz
C%i
gWB$Q
y}UL
EditorBrowsableState
m?c0
_ETPf
X j
|8$C
CultureInfo
e/C?C
x;`|Q
|E7l[9
iE+^X4
<I:S
1.2!?)W&
H"$\Qq
THMZM
v\A/h
vfffffff`vwwwwx
R#n|e
8!VV
Qt|=
V%e2
<Ad@
x<y2z
Ybh
X 8
HvYr
+:?5H
`apL
iE#[
tp~<
M}Ob
e'9,&q
Q}RO
0m/)
ResourceManager
9S`8M
RB9G
JkvGc
1Ve
mUWh=+
wawB1B
8tZn
kqBDR
raQ-U
hG5VL7
awDGO
YQ @
oR:z
2)5O
auB1B
/3gP~
1{yea
i 4
<o5
),\
PDtNz
cj2+
]MZW8_$?
awDGj
"om
g_ 9C
vff`vffffwwwwwww
k|E?U
i-65
gQ@/
uXg',K
pgwwwww
w_99C
^nN
lm2#h>
H8$?
a2B9C
arB@F
vy3B
EkHk
^LNGi
lz}W
Yymr
eN.31
YvM
0 i
$8E=V
BX!f
R, KFk
a/]:
a*B8C
<KNc
L-F0
Q$69
gvsO
awH&L
L8F6
C<0d
yTG]
A+ DM?8
!4 Y
=l}):
tawB9C
XKy-
`vC=E
'?"K
2Yo>4[Re+
``b`
L7">
'L'"K
B8^c0W
n,~a
I8SvodtX"%>
[B9I
NXTM
,N P
jTp}
iP<&
_]pB
va]V`3
'V}$
iwB;C
aeQ9
$+C&
I B9I
%<Tg
'6WT
+3_x
wW>rr
52g#
lcEx
GEEP~|z
u6H?C
a!B\C
v7,81
CL0A
;x\nH
PEq0
awBA
vuETx
ewB8C 4
Bb^C(CG3
YL4!
awB9
a!B.C[0@
S @/
a(BpC
< qj
_ ~~
P|`e98
Z;:8
qwB;C
&o<
9RTJ
awB'
,a2 E
2$ }
<Module>
]8tBxOJ
9HIE
Pzv^
AvC+
v?P4
_j,>y
C 0A
bqPIK
U|MZ
N=_>
i,ypw
qD|b;Q
7W&npJNo[
UZ@k
?-Y|k
V)Rq`
RvY_K]
yl C7Cm=
RwB=i
.VTC
5+o4n
H*s<
`]"v
awC11
47yo
r`^^^^[[YYYYYVVV
LneL+
^uG@
E-xE
TE**
0m$g
a}H?@
q/9C
\9'T
\?6(uQE3
P)U &7
f7kE
awSGu
resourceCulture
O!=?
e5Q=
e}u>
wB3Ud
5[&L
}D.(
1EC%mb
0;2'
4#Ru
'W`O/
1.0.0.0
k;]1B
.fF@
;{%
InitializeComponent
C"0R
}+.e7#k1;
mq:F
@@ l
QvB>C
"RH+
7ETH}qG
eae~
Y$_+
^7{l
`B9G
GCRU}/
avB<D
vjDq
^<G9
Uv
x:(8
C"0q
cW9!
"m?s
w{QU
j5 T
e]B*s
u|_X
gAMA
U2T&5i
C 0I
$:r.
>~W
b8MU
:bIC
awF(U
Q;e0
=dK`c
awF(Q
2fhc.
+@f'
AutoScaleMode
PSaS
J(K-
awF(D
ResumeLayout
Ur8{FB
033V
shhhffffbbb``^^^^[[YYYYYVVVVVVQQ
.cctor
ONn9m
set_FormBorderStyle
QtB&C
mscorlib
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
IaB9I
.6B[
-ewB:C
UX>K{
B58g
-f,4Yio
ioK+j
dv%p
psjSC
8wB3E
Ou|[g
#haG*
mf"e
4-CzV
aqj&C
|3wB8k
u`X{r`\fb^
1^T>
cwB9C
0w2,a
!r_
awD2h
mD0
rCOq
ujQ^
U3&l{4
TK9_T
HT&s
RW/
apB$C
%\XgC
#9iiiiiiihhffYQQQNMMMM???66662

3}GH
Xuh?2
VA\-'
"#|Ux
L'wf
f v
fJ9~
WN:[
`Lb0
hJCM4
GcFA
`wBVg
ffff
GavW
@VwB9Cm0Q
+D/
zB9G
Form2
RuntimeTypeHandle
XWA_g,
).Mg-
~}A V'M
:Jz9
BTo
%IsA
KwB*s
*~`m
auI9@
LUf
k}K(k
Form1
p$S<
[H+3
np}wa>
)-M&k
6jyfc
QrBNB
Tw5 m-V%
ouopI
sender
lb:W>b%
50FO
BWUBDFE
aWB9C
Ko1%
pxvffffffffffffffffffff
| u
;"jK
:G"f
bai9o$
4>,Mp
y ;x|
:@)m
(-UYv
G-P
hWA;S
s$W"
syPV
'riB)
3i3"
Pt i
w`d|qyS
'PDG~Z
|.5q
@Z5-{U
_`xFd
=4$s
Bx&y
4 7
C}7)
/C.&
auB$F
B3"C
^AA
T zk
Y%ae
a'B9C
YVS 0 3`
gB,R
psqB
3Ra|;N?
u!AJf
~*]
ZEcex
D2 V* {
Fx F
!!L[(.
iD[(
awB C
&Lx(/
ENw
D.,E0
)VF ~
a}1aC
#Hxxx~~~
!Qbp
Rp#>
;y.,t
^x )
1g`LC
P3THw
Ph-^
L0@#
?;2?
/]cH
CyDO
rfYQQQNMMM???
ApXm
<Uz,$
aMPYC
W:/FQ
D8+vnJ
aNB#C
x1n
6+bc
Cb0X
\->"t&
agf9C
yR'4
oawH
<wB3
psS<k
1=}B)
*D?D_3
SecuritySafeCriticalAttribute
>|,\
C~aS
^>ky$
ZWYu
_;[
k/%|
_26<
1{AW
sB+P
p:EXC
o `~
*N@K
e <n
2d>}
S+T isMpW(
i8SZ2
t/Oyq
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
aP07
B*xy
%{i1
VJfl
$iYd
>U
{r,
wB?,a0
buffer
hhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQONN
7Wn;
*~($
e}|O Slk'
sjL+b
)t <
5IzEc
VOTfY
Mwl9k
crC9C
!This program cannot be run in DOS mode. $
ws$Y)
awCV
CAUTKhm
x:v4/-
e_:9C
MFj+
UlIy@
WSY<
8&(z
G &`]
.O>-
8V|j
nQEveJ
Hd>I
W7^77
+ c>k8
@> .X\
X]f07
{mr0
{B]9Y4b
Dispose
) m
l]=
\p;Y
aKMCC
n?QghD
RH3C
"yy
MF(Qt
otD+
=+tr(
TGu t
`wC*?L
\i`f
fffffffffffffffffff
wnHP
m'DX
BIky0
<*Y.
bGA:N
_<-d
R1x=
v\8C
)s^U
$: j
*Yzl
1hqB
3j&cV
Htsm
`t V
)KW,>Q
c@aQV5
set_ClientSize
WL5E
hwB9C
9= 7
%s&.
dgdgse.exe
s|S->4
,-q4
P_h[
fqjUC
:Q{E
O>,M&
ZG1
ahE9C
K#`hKK7
ECYs
avI!
@&Dm
\ wc
System.Resources
$B9}(E
CQ+ oy
qTi|
*wB:C
E(%#
Q^JDt
BSJB
T&^ D[
<^h'
q5jn
gvC<F
0}J
sJ;#*<W6Ta
x1=0^
$awB*C
jawH
o_MF
A'7[/
`wB2F
]ga^
qQD
a!B.C[0v
^YYYY
pfffffgwwwwwwww
L`#w
vTMM
--)G
p*|b>
B~P
d'Z9
`e"=I
776Q
EkhV!
_hw&
QB}iq
H H9C
x Cb
W Xn
~{R
;*mV
rMki9
tahs
ac',)
awiV
GwRuC
kqo?0
V[Tm
_plMi'`
[oPC
]Hk$M
:d*r
^;pC
cy^1K
$,^m
0Xb(
n Eh@p!
*aYBnC
)peB
U3wB8
xEGn@
dgdgse.Form3.resources
+o]T
'fIB
~ `
wt4K G
4 |Wm
n0i
C:0`
yA9h}8
d!A}X
``wB>E
phwB=
-wr
c+>^
c1p ws
eI{o
0Aw e
}duS
Zp(D
SE\yq
anBMC50
33qv
Synchronized
QzN:e=0E=
CbCi@^
l lE
n?dq
:SC9
EXUXt
Bw k
*Z;ZU
a_J9C
(tA;
@eZ/D
fSW
r9W^
& }
atB;C~0
mg<
bwB C
a9'A7
Ib!\
dwB4C
hg3+
A2?(
j?jU
i^e6
aoIm
+g]`Q
Qj%4
*eF>
I~Px
io]e
g.u2tH
n|Q?
oYwi
v +1w
awByC
avB,F
.XX}
*Mc<
m8Ds
"J1F
1\1}`
&" }C
ufw3
kY^(_
iwB9C
&]]AQ
CZ9h
^M=^4j
rVH?C
:-]&
eR59c
$c}
t+[G
C/oe
a~B!b
Padding
!B9I
+rI}
gV@-%
@\mJ['l
XsWd
evB90
awDKx
I"B9I~
O! f
xQ~!
:xgi
qwB9C
uYHNl"
R*e{H7
R* 5Y
/6$
;i1RE
M*;|
Dgrb
R[Rj
UeYnI XH
-{ O
FTfg
agB*C
SJ |
:H9m
aoB7C
QL'[v
#rtwfN
Sy}}
)(LT
Im`
qmEXC?
"{{?,
MethodInfo
h)KFJw9
A4?P
2 APV
wO3C
awH*F
6!Z&
P#&`O>1/S}
p_A?R
1X `.
s]H37p
:;c~
Zb8gI
aH;X55
axG9C
$uz/
>=HT8
oXR N
7(=v
H3->
v^^^^[YYYYYVV
nffbbb``^^^^[[YYYYYVVVVVV
Ib:3
.I_ ?
$tA
||:Z
IRAS
_>EZ
KTP|m
vfff
Cxt,
tK%;
avB:C
"|_"}
:<@,
>v;>
KpI$k5
bS={^P;rWJ7cL@0P90$;
3.p DF
|U
arb8^
oW6_~+
awB"s
&-syc
pffffgwwwwww
*wZy
eV@n[M9R?6(0
oy h2
YvS?6
D.(Q:
Btle
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
^8V7$
un>-
avBF@
?L2LQ
jdDU
iQB)
=0mK7
gPnfv
Tt*e!
\Jz;
gqE9C
"ohj}
o^H5
Zd#:
WwB=A
*D93
3;W"
Ms;2T\
}SNG;5
IEND
Ijm=
DawHJ
J+wp
QGfe
P23_"Lj
:8>&
V],N
++T`
>ca!
fffffffff
C?CE?@
gy~h
`y1v$
YRM >
`uD?D
V 1Nw
*_efw
Pe'~
40#TWi
T|gqL^Uw`~
;]8F
9%9J
7n2E
EzT[99
2[5I
/XPd!6
rGMA
m e
<tE`
R)h_
gajBC
>)j ^
>1 [=
iaQ0=P0
awD(K
E,&f
oRCQu
< P-
a3B\C
2A DM
x..n
7 XH$
OsgX*
uKX3
t__a
Q,_}(
%Xu]bO
=Z ]
5"@{>G
Ey(
N_esZ
UuX$
6ThL#
p2EX
awS/T
Ti/M
C? F
xj(Q
UZ% |
SY&U/
6aM
>p3(
mP}g
'(`m
Y~[E
kVH?C
]F`2
kmH9C
p@EXC
F6a{
TK>
av@`M
/IDATx^
em@P]3
5Sb&?
\a}J
2iF_
EEPa ,
P-oC
]cY{
>-C'
h_b9C
s0#@n
N f
vawB9C
eG c
,hA>o
avB8B
`wB=C
FnV]
EventHandler
avB8C
dwB9C
iy_o25{
-PgF/
k,az
Co4T
dwB9J
`o>|V+w
|D5Ha
System.Runtime.InteropServices
jVK
CQ'4;
O;um
)S A
"'k'
wB?@rb
Vm.B
OSRX
EXsa
(@b
wwww
e9h
UtiC3C'%
0%
1xFf
$_O}
=Q}#
AssemblyFileVersionAttribute
sBIky0
=%h!s
drG8B
X6N Q
hHaS^
d(b
.""~=
HWgz
^~ W
U* O4wO !_v
fa :
:'M+
gr[
j 'B
};"}{
3Gk,
3ZXw
`Sc9C
fffffffff`vwwwx
aPTqB
^V+mC
Ho?jX]
>5[~-g
CompilationRelaxationsAttribute
awB#C
nOz
wK9
bY!b
z^Ec
Ea'"
Class1
{|\
%#X " U
}IlL1
19<%
yD9h}BL
|I[+
avB9C
ApplicationSettingsBase
3~?,
kYQQQMMMM??
h3Y{V
r?b3
Z~Jt
Icon
hU-q
B(C|6
LvRC@
QtB+C
fe"I
< +e
'MO+
MkKT7
naF
Xq!G
$X^A
OFsG
wwwwp
0od!9 w
&u=[
R=Px
Ya<6
c@?6
g[~.
f0nK
|%g\
%#b:G
Font
s`+nK
oyL7F
fpBIky0
M~3e
q pB;
GUuL
-yl
9UiM2
~I7CMT
}/Vs`/
x@R^p
e{oB-
gZ
~<L]I
cwB<C
F#n%(
awBGl
xr+J
9aO&6w
{!%R
-osO
\$I>
h}B}&
kD#.IM
a7B9c
o$#&2]
"LI6
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
+a@S
ZbE;W
3Pw_:;
wx+N
f7_q&)Q
awB1c
"6^
Ng \
.H\o
`ek1@
.akv!u>
yIz*}
InitializeArray
(9rL
gpB9C
Qomy [
'm[DP
D G'
w2X7
awB1C
-gQ?
R:RL
BAT"
C?0`
NbQg
wwwwwwwwwwww
VZwI-
pt__a
jAy=
cah;k_0
2X=?
O< 9
mg>4|'
aTBuC
}"6t5/
vh1C
WIg;.G39
EditorBrowsableAttribute
xJ~N
asS4\
wfj%n
&U-)
?{?"i
^F<WL
oIG903
,<78
)'$v
'91
kwA$F
zdvK9C
>Pes
KAH
T5u4kr
_0u~
;C~oY
8gJOR/
avQ,G
ContainerControl
oE1J
`vL>C
nY[N
)aKPA r
!wB8C
5;M&
wwwwwwwwwwwwwww
^]6V <
wwwwwwwwwwwwwwq
@wB9Cx(
qn{*
resourceMan
E(@U
cGfV
R@UK
]O/8t
B8Xt0N
x`](k
$|c@
)FK6
nfgi
4HcD+
<2SvR^D
Ym{|v
System.Drawing
FPd
tM19
2lt6
$!CU
dc& Qc
y(-(
sjZ+b
kK#J0
B5{&
a/#<Xi
nP .8
R@%[
{aZq
awDGP
$a/y
/_ROu
_N A
ivB1C
wHE'y&Py-
]B"s
M2'M<p1f
a}UJ
Egd:
e[E(G
`7 t
y 3L1+
G=Ubb
/OB]B
H*O7
rHP
aTB
:hD
ijG,Q
F:Gm0
8=:L
z|U8~
~20 en
WQ>L
`IDATx^
|,8G
SLVG
y eP
$:w-6f6
h[0j
RuntimeHelpers
PGh "uq
xWR'J!
+2vdr
0bwB
%lC<
&`GlR
(ba"
C?0O
,3Z
F@F%
#C'y
|7f~
rl I
#9iiiiiiiihhffYYQQNMMMM????666
-c2`
{=!4
_6On
c_X9C
C80h
$usc(
0i6?
nqB
dHa.
ZUL>
] ~E
*9/>!
XA%F/wb
r^Ty
C*GZw I
*;-y
4e2*#
R]NY
Ha.-
DPHvq.7[
Vnh?]
Object
R]^oO!
_ M.
+On{
XqwB9C
vfffffffffffffffff
a)k`
i8dF3
]V@MH
ComVisibleAttribute
wDB,
}ChJA
3System.Resources.Tools.StronglyTypedResourceBuilder
xoXT
U!5G
wawHV
N-m<Bn
ZS2
D@*x
CD"$\
o(#z
|A c
."tA
C10w
6;O,
qIJ.
s^J7Q
aqBZN90
hN[X/
"WdqA
\=G@@k
vffffff`vwwwwwx
my>7
9v3(
kJ(2 A5
4%T^X<N
*oVl'
>|LU
P*`~ Y
<f`aK0
Evyj
U]}C
y.ia
,@O6!
xY|R
NaEB9C
J)|U
ewC:K
$ :@,
awB6C
"3# )
ZzrH
lcdF
b/S`D
R "W
S1%X
Fm{:
?aEZ
U=4Y V
B?Cd
}E7 <
adB4c
( '2t
Bj= :
J I,
UWq!
qgY>
Form1_Load
Dn<I
dgdgse.Properties.Resources.resources
_CorExeMain
^.%'
QtBkC
%4R@
K M~
atBRB
4et)KTa
S*,l
hhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQO
_RCA
Pg"j
l]0+
G_KOJ
a C9C
m,A
/Dh8
Program
evC8B
Kz\
ewB;C
awH2
a*E9C
ueJE6."
,kfj
:Zd\
d]hD
1be>"
sRGB
G7^ O$
dG9/P
!T:2
Pb*V
`+r32
q!9C
5NyM
uRt
QwlJ
ZB9E
l=1S
^JCr^
}B\`
YJz,Dv
[]}n
hT0{
u[[YYYY
DO33nK
^-($
1~jo
QuB C
`wB-C
};PvV(X
auBRB
Y qD`<
]2aCM
]c[
]EswX
-MoF
aVB=C
!9Y8I
get_Culture
e%C?C
aaC'B
hhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQOON
2 4j~[
J nuNp
9!1F
ENxW@
ac3>
_.sw uC
jcrjriM)
.`b?K
a,Vi
wfV(G
fL)X
ND%'!
E5sv
0c`sg
aQD9C
8kpG
$b-"
])
RRS*QQQwRRS{TSU{UUW{VVX{WWX{ZY[~fee
D{A
@]_[4
i`Q\h^MXf[JXcYFX`UBX^Q?X[O<XYM:XWJ8XUH6XRF4XPC3FZWR
6u@Ax
9!cq
@wB1Co(@
z}}}}
h/c3
%Rb<
oa%n
&/(5
ipY=
- ;w
ex[
<+)$6
S{[2
rbT~
T =j!
wB?P
5Neo
<TW
lbbb```^^^^[YYYYYVVVVVV
~9%2
G4
<`wB8C
FormStartPosition
qo@%
~ >m/v
W+Z
d8} o
6.^,
3na)
7Jsv
pgwx
)@Lx
tbU;
kB%R
|Q+[
fffffff
E^ /
nQQNMMM?
<\r~
W~% q
;m$#~
Akq|
B!bO<
avBRB
~Nyib?
!bGo
ib3B
T*:C
zH 5z
&Wo(G
%B9B
q}]|
'5H1
dwB;C
a61J&
ojL<D
Z?:\
0~jo
-p#[R
vDu|
!Y5!E
.%:0
fff`vfffwwwwww
D9|w
lt10
^av
GuidAttribute
,UPO
S/r7
x!;@
[Z]~XW[{WVZ{VVY{SRV{NMP{IGIwJIK*JJL
~B=P
uwfd
wawD
^wP.t*
U2'p
' 7{0
@o.-76
Eew#
_G
3Z ~
= *OvU
[z md
qM]Z
8:]H
i%>p\
g{BPS 6
Ktwl
hhhhhhhhhffffbbb``^^^^[[YYYYYVVVVVVQQQQQONNN
WCBl
awl9C
$;J7
s ^c
Cz2!
a}8(G
`v@?E
$uwe0c
Cw\3(&E
%)))))))))----------------22-)
Z hM
)B9B
&kgE'X
|E:;4.
MHZL(
C HY,
[ l
a^G9C
"bq~`
Y 4a
oXJ
|N}:
CC0F
`.rsrc
( "*^
0(wU
Dk:i
bfU]|BN
VKAQI
ZY0
bWj<
b{a2
_ai/tD
awB!C
]gv8N"i
kp1y
?,3%
BEIM
V6c Km
R k
dgdgse.Form2.resources
Wf&B
r1 &
_p9.T
AwB9C
k}B3N
bawB2C
qA V
ffffff`vgwwwww
sqVn
! h
}W6]]
set_Culture
RwB9Ch0u
get_ResourceManager
>po,v
q;&g4b
aBC\
L1+j
FKv{2
0pxX
AwB95
.'(S
H9{O*
OZ~
-vcN]H
+75"
4 ?M
//.`
awC"s
J}m$
sY",f
2'4}c
,f]B8S
.g%K
@`q/gg
P,;0
:M~{
c\|Q
arC9C
1+U&
+n>;Sc(]
FcbS
zYD"
c##
Z~^'
"M B
2w@
#ZfH0F
[TFG^
s, +
5wB?e
!{+:
C 0|
(1|oQ
_r&j
@r^kK#
'k2c
:?7 4
?q=>
edB1e
g f9C
(mv`"
)zK~E
#9iiiiiiihhffYYQQQNMMM????6666
mbwBNC
3~jo
awBJ
3M&aXE
ZGHC
6+..h
Lj7/X y
a;B\C
K<;C
9X 6
r|T*O
R7p|:q
{,w|[
MJu0x
eYB C
tK,&@
C?C>(h
y*!5(
2B*e'It
deqD<
mv6q
cJf&
`dO11
q0-F1
;"()
$]13aL
]+&4<f W
set_Margin
Sf[`
|rJ)K
E!Ii
= kb
-*#{
. Cx
a?JrK
GetTypeFromHandle
/66(
aY-7
&b}c
a,B,3
KNN
$'MA
{(T[
<+W'
l9b
U* YC
9.%q
hefZ
dYYY
4GPD
WJhZ
9Ir+
+&9u
dO8:a1
rBIky0
Al0=9R
63(N
-B9B
gqD9C
66M1
1P'W
offYYQQNMMMM???
Ozed8
$ E(
gvC8B
2awB.
AdBg `D
b}e
```^^^^[YYYYYVVVV
RC0@
`wI\
=csBG
oiC?C
3C m
System.Runtime.Serialization
8"#)
o~ d
J;m'
9AISG
=wB3{
IoUZ),
HR|E
bwB
e m9C
of;G
o7r~
Rat|g
p7<n
-{&a
I?y
+,J4
. 2
d7Vj
oawHMA
j?x
T>4&bMA0oVI6{]O:
; `\Ua
0SS1c_
?t-c
KW_{
SBU*;
} tO
RF93
lEwB9Cm0_
1a+8tC
Po a
6`FC{C
c^[YYYYY
w ]W
tNMS:
1?4N
q2.(4
Ire7
ajB<B
o Dk
{./Q4
G2"'
LOG l C<
tAa:
snJ+Z
a40\"
.PA;
xrsF
)!$
N[nD
#OrjC
9E,|<
a B?C?0F
C00i
g'$O
`wB>E
<CWY
)Z\<
Z2 bK
!!&&&&)***&
!sLx
5A q
ib}.,
W ??
@$q]I
@t#j
Lm(<s
SuppressIldasmAttribute
aGB C
GwB9Ch08
|~H[
&]FLL9
nS(L
:xHGl
A&b@
W<xY
pavM
[bIS
,?D2
DJ,U
\!<5}
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADU8
UM M
awBYC
gB9a
<`wB;C
F+(8
_,I|
kVH?C
p3Yc
kOCD
B,Oj
gZDJ
qf=9_
@6z[
#hB
& mE
awB}C
*{_
lA97_`cO&?:@z}
@&l?
a}d08
awB:C81
f0 n;#
f6LH
}2Lg
Settings
Dbzx
>B9E
<PrivateImplementationDetails>
bN "
a{d9C
awY=A
$)[N
V.'
| f
NNxx
a}h*s
a'0V
ffff`vffgwwwww
\1?x
fffffffffffffff
dwB:C
1+J3
a5.V
Close
7~jo
avj`C
S& 4#
byteArray
; q#
;2oW
^W4`h
ph8S
8C&Y
:vBIky0
r#/d
g1,Sm
K `m
2wB3@
"S ai
=w?P
-&-V @
#|@ T
FontStyle
&N %
a\A8
avJK0
agB.C
IDisposable
}`_G
lRht
q`[P
D au->
guC8B
EJGI
C@0_
get_Assembly
0i^zH"X
o1$*
41\:`
avC9C
fV&fN
R;uW
bWB>E
6`xC$A40
"6Tw=
PAwB
'0V$
a%'^*
3k_xC
AvC(
7Avs
;ARx
cwB;C
3XV
\0R~
.oX~&GK
Z3s>
pfffgwwwwww
2.&5S
m<J9
awB&\
pfffffffffgwwwwwwwwww
24@
hhhhhhhhhhhffffbbb``^^^^[YYYYYYVVVVVRQQQQQON
8rWF0g;
QL)
-{8
y[@k
CMN;5P
;8%8`
He,3
C$7?
{H?P
f~i
value
4y[w
SizeF
ewB9C
avL$F
Eroz
0;!JL
AtJ$F
ToV3
%` B?C"1h
E+|6
*aqD
dZJy
awB:C
=qr,
yLD[C\
uB9B
svP;Q
awC4=P0
/#x+g
jfwB?C
awH0T
p'a^
M:5{
WTrB
pffffffffgwwwwwwwwww
vQeWN
MX%W
/ _9
DOK)\i
e0sI
x^~
Gbzm
|`s7
8QluHHa
wllU
g9oc8
#GUID
$6@/
awD:0
Hm1n-
1Zcd
C`0l
awC9C
1`,O3C
Trf-
get_mon
xmiihhffYYQQNMMMM????6
^o dbb
%aFY
UM0l
R '`
k[B_*
J*id+
YWX@
68(Ru
5(TlC
gR ~,
A@|Y%I
|IWG%}L
HawB9C
BE q
wPW#
JccE
`wB9C
2s14$
yB9G
M;r;
6)O|`
fNiNF
^&zg
eX6L-
Wba60
FRpG
=wB3{$1
`vF?E
aRB9C
c`Vz
j%{^8
1eU?
4!dhH2Oz
awSGk
q_Mp
X LS
7O {3
D9F
B?C>!X
-r p_ vr
*$-+1
LsUE
U}@Y7R K
,JaQ
0t+k
#'?E
eV-i
D{hkw
Hg:6o
C{6
W3Oo)p
{u7}
avP K
tawHGQ
XiwB9C
(a_u
Hy0rv
pzj:C
awS9C
#]G/
OpVSV
OaCZ
($Hw
ewB:C
IWB9I
,4*Q
<D}?
C'Cu
/%ds8bv
?K_L
Fm)Gv
8FIH
b?AW\U
dwB=C
N&(w
@aQ./
M#J.
kvPmG
yKWO
n5$Vk%
e?8@
;ICb[U
<F?P4
Oha7 ;Cw9
&aTBoC
|G^w
15.0.0.0
C10`
?m@d
\ca}
e`>n
irb;B
yBA4s
3b*+P
C10p
gez<c
oBU0
mYf4
KbI2
ie3B3C_4
9^k9
g5=xb
2)b_
qdN'
<"sw'
;AS@
P{1&
]o t
.2k-
zU0_
9'g.*
?":]!
oWGe
*52\z
V r&B
E
DE4m
?"7w{
acA9C
kN$t
_L8ZX
set_Icon
'U|a
System.ComponentModel
bYrm1
zuwH
F}Ue
M2^
_.^h
Kav[
R_<Q
A1JG=
rk6j|
>B93
Io&l
pBIky0
8m&3
UE3^
q/6
awB'C
ka7 >
L (=o
i|Hj%
L9X1
Dk2K
m}=!
l]*J$H(Aa;
awB9CC1
+~6
>1=fz
e;Y,
4Ul.K
\B'&n
DaN49
guB:C
tn.8y
nc1D
sln&
N#73
\OZX
mykey
Hde
0/MU
c&@ @c
ff`vfffffwwwwwwwwf`vfffffgwwwwwwxv`tfffffffffgwwww@
#J~~~
Nk)O!
W@GQ
+CiF
PT6X
C ]c
-6$o
aEB$C
Ce A)Q |
Zo(y
{5Vu%@
5|$mVk'
#n_P?
7+:JH
vfffffffffff
4rPu
3HI1M1b
u kP
u/u9
7Z"~A
Culture
=p n
xk[C
B7K_2
System.Windows.Forms
a1FkB
l;.X\
d`C+$
>B9I
;dwB;C+5
*'_9
[]N9
,H]2&%
61|B
xadC9C
B9I
=gl!J
.N;QH
a~B8C
Io0T
[+qw
LDe1
System.Drawing.Bitmap
xD[L
LGhGX*_
$g>9
qLXP
ibJ7=
teo8_
CG<.
^4Nbs
6d1l
lCfY|]
3Q
tW~*
wH9N
`qb8^
PET^
GeneratedCodeAttribute
}awB)C
Umb
FuS@
}-Bf
pffffffwwwwwwwwwwx
sk{
u[\~
T"0
aqjXC
: nR
qXv\9F
YzGt)Z
fSB}C
atB)S
iyJ1^
nB2=i
xPLQ
qH9@
awB5C
P 0
vBIky0
YenF
Z.ZW
?P .i
awk8C
XcwB<CF2
8W4+
>bbM
1i|&
8Rdg
pgwwx
,u7=
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 05:09:59 2018-06-04 05:12:50 171

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 05:09:59 2018-06-04 05:12:50 171

4 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-04 05:12:18

Detected family: #Ursu

TheSystem Itself @ 2018-06-04 05:24:01