MalScore
100/100
MalFamily
Ursu

mog.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 23/66 Related 2258
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 354.00 KB (362496 bytes)
Compile time: 2017-08-24 23:50:03
MD5: fddd2b645c98319d10fc9816449c6ff2
SHA1: 5703d3627130cf3867b0ac231631638bba3989d9
SHA256: 286a1c576b34f4d97b6efce931d58a18331ecff723d4b4be7b59e60d7d8ad35e
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-04 05:06:02
Last submission: 2018-06-04 05:06:02
Filename detected: - mog.exe (1)
URL file hosting
hXXp://narenonline.org/mog.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-03 23:04:04 [23/66] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x57b14 359424 f6c1a472a685193e1b85d581c78c99e7 9c3ebc3e4ee1cfc26a2d6bbb8831e3261c8e8054
.rsrc 0x5a000 0x618 2048 20a053756130c33a09e8f8f74f76b389 6830e8c6547dc902377950482015251f149d4d1e
.reloc 0x5c000 0xc 512 24a2f14f0cc37b10005e00cf7f5b1fb2 d7d4607023ae6e8c5e3d1fa21a27755eed2d4db8
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5a0a0 908 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5a42c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2008 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: mog.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: mog.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
nly
VarFileInfo
Comments
ProductVersion
Volatil.Properties.Resources
Same as in FIleDescription
e2c4a01f-40b1-9d
How is seen in task manager
Company name
FileVersion
InternalName
tWA
Segoe Print
eBo
0.0.0.0
1.0.0.0
Random comments
Translation
edd56d65-e1a2-1f8
edd56d65-e1a2-1f9
edd56d65-e1a2-1f6
edd56d65-e1a2-1f7
edd56d65-e1a2-1f4
edd56d65-e1a2-1f5
edd56d65-e1a2-1f2
edd56d65-e1a2-1f3
edd56d65-e1a2-1f0
edd56d65-e1a2-1f1
Assembly Version
a2fcbc75-8653-5d
mog.exe
Copyright
VS_VERSION_INFO
StringFileInfo
tHp
Form3
Form2
Form1
mon
FileDescription
<76O$Z>Z&7JeB
OriginalFilename
$this.Icon
LegalCopyright
2008 - 2018. All rights reserved.
bc4519c8-fdeb-060
CompanyName
000004b0
ProductName
3cQF
S |(P
MP<3C
#Tb9
wB3U
aR K
@.k
wB3P
nQKZjL
wB3\
YAY/{v] T
\r .
k]B*s
z Q %
gZbJ
g[D?,
V~rB
8+_oF
pffffffffffffffffffffff
wB3I
PNG
B, d W
Fg1i
/re
awHV1
wB3f
A Ml
wB3e
fhNqa
V0hwX
wB3k
D#~Z
wB3i
tO
\'^eV
awB;C
WCcv,
k'.X
?~/(f* 5
a%'X'
z'[~s
S:3'
xJ%B
23uCjp
Volatil.Properties.Resources.resources
qWDE%v=
aGB:B
byUD
#fQ)
j h%
>B9E
.#hna;
_mex
-%ei
X/@D=
fffff`vfgwwwww
V% U
ffffffffff
wB39
MqEVd
a4-T3
bg ;@
^) ]
KV(kY
rnCl
aqB#C
6`xC
-ED3e
05{y
ffffffffffffff
=<777775422222,+))))))$
wB3@
cqD>C
<Um\l
EOR<
.P~3
4 \^
<%_W.
FormClosedEventHandler
Aavc
------
WwB9Co0"
9k5@
("Pn
u ps
kqBLL
H9zU7
L-#g
(F1"
a2F9C
%'!Z
i~eV
q]4'
E0!*
aqD?E
8nDr_
m5ZKv
6tgT
`wB8C
x'<4
$Q%5
6rA1i
U<5D
6Z}5
Tp_x
6B7CB1F76B99023BEFA8EB2B530216F00916E4DF
6iFq
VueE P
<)jj
D|a
R@^3M
e [x>#
5z`u(
C2"<
aawBU
aMLYC
_- 2
bRLA
a*B0C
* <"
o6RW
\-RE
B#l3
yfeB
a}Q<cM0
RuntimeFieldHandle
c@]8
0ewB0C/4
Y--F
a}B8C
9#i
FB9G
=* U
bo\UQYA8-
6kkg
E4r K
ppT(DpY
2:Z&
5]R:k
ifn8A
?3:i +
Mv\
'7H/
q`"W(J
.C!n
CW,X.
-z589
1z\9
dwB<C
7 G@
e9c(
5fJ
.Q~df
gw@?^
LeEK
CZ6
aAB`@
{>F&
EnableVisualStyles
'}B[
`vC;E
ooh
. I
K36SR
hSm/
C>0I
kwB=c 1
9 +9-
DaC~
B"J_
5'%E:
Volatil
ZY0
oA!w
Y= |
6JYRR
ResourceManager
awB*s
{rje
SC#)
iZ;f29
:jJ t`^
i d6s
k#8F
oq%!
YWHG
w+W+
x{[BP-
t5H %PH
,~ai
|ww"
vfffff
Sw G#
7 E0|
psjSC
_m#.
a{B8C
a{B8B
HX\d
51[h
. s)
aKcWh
!Ro)$
@fBR
,B9B
'# m
RDWK
}1$@CyYS
AppDomain
Vpb/~
=mW-$
j36,N
f7 r
get_CurrentDomain
>VC
M7i-
|<+~
\_`cA
}ihhhhhfffbbb```^^^^[YYYYYVVVVVVRQQ
eEBV
dzBFp
a3B3C
#\woiiiiiiihhffYQQQNMMM????666
PADPADP
evC<F
dj^$"
IContainer
N74sD8
OpI`U
awB8C
)!hp
^Qteo8Q
KWeY
'ZV\
o"uR:
!rKn
O.[<
awB8S
ZRkm
39:_
jwSJ
ZZuQ2[
qD K8
fwB9C
g\!
BCCGGGIIIIIC7777777777CIIIIIIIIHCB
asy9C
T|.ZN&p
gW@+j
'uoQ9Q
ToByte
HY1x
\aiJ
._~$
?l&TH
kpD3Q
/?_e
bIDATx^
gwB;C
E(Kt
h&&RI
;>G,
; e8
aEB C
~}&L
*ojZ
{yEp]G,
;$\:
!K!)N>EU
Dm/|
#Blob
Control
}15&
0Am{
~20T
[ F@bj
?;J
shffYYQQQNMMM????
-*f<(
awH2=
Program
0r 1
*|4CL
&MJ-*
-(rS
(0Uc
!'L@
dnH+
uqeN
`wB;C
f iz
AnKn
5zrC
3 ) f
?i#
awS;1
{OE;N
pawHCR
Type
)moA@R6
[MIor9~z^7
.6j&w
ciT^
:~}D
C`/lCH@>
awB\C
XV>
zLJI
1}&1
kdD(E
),Uk^
Ls DP
^Uv2 1K
|=D,gN"r
atC9C
HwB=<
awS;k
hhhhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQO
`e[+
uoyj
rK+g
hYG/P
|r_<K
!|sl
=wB3{$1
^1of
,0,~
M< ;
vwB?0
1-U'
<PrivateImplementationDetails>
t8a-k
)CZ:
gmFW
;Li*
CUUy
9#Pk
1\aX
,z9w
_HS|
Cn0u
c\LRE
hyA*B
>m86
%>N$
)Wd
Cdk?
W 9P
06#N
lx 7
mF (-g
mSs~
a8r4
V Ax
G <[2
%wB9Ch0`
# %ifv=
f9C
j=e?%
eC87
wt4K G
Padding
G:E+i
}6cR
ZrM\Z
2REz$
oy^HZ
\aEJ
~mhhhffYQQQNMMM????6
?s?2
YOzQ
RpU]
/fH
:lH@o
m* s
V>8{
set_AutoScaleDimensions
/tLl
a3'_*
][ B
aw]y,
iaO/
CY{
^Z)P)
ZM`wO
D0JU
Mey"/
ZK[W=
1<]x_i
PawB9C
|yL![
9))v
DkDQ\OD
t;rL
-B74nn
vxXiS
}pb-
asB8B
O=I
wCbx
QvB;C
Ex#];
eBJi9
+XK]
ze5c
.^K}
.text
ZY0
Iy_
Z+]I
oe)+$
oJ-
BbkL
'~ 0
a}b9C
0EP>
B4CT0
)&[AU
h.AOV
>MOz
WyFC1
< MCy
#BoI
OqA0#
KZ$
IjB9I
"'c|
m\W>,\0
i`~W
System.Reflection
7y6^
(4l
e#,9
gh]=
rVwK
|rW+N
8x
|E7G
&c{78
o^^[[YYYYYV
cg""P
ojG?C
k0&e
R#c_5E
etl
&1i'
O4*X1
qZ (uM
Q'^%
?Lg%d
+?]:
p i
c%`%
XZ7zL#,s1
avB1E
ye7@
EvV`C
Q bDr
J,vu;)-V
&Z0'
|k^$_
pRwB=ihCw
adB-b
iWA8A
#ma9\
ffffffffff`vwww
+ VTI
xt1F
}B9G
) pA
ApplicationSettingsBase
a8IYC
mZlB
4#-
k^^^^[YYYYYYVV
5Uh[
|QUT
31;r
B*.h9N:
,^0|
NetL
{s a
>C{3
`rb8B
<MK
HaK*
Gq6t
.q1`ui
a(BoC
*lw_
]DrL
TH;sG
8 #A
%n jh
cuZ$K
&>G<
\'MP
nwB=J
QvB)C
vX 9
[=a(8
T<5
SLfY
*ZZOz
?mJGBV
}e&+
i6@
F=F\G(
awj/C
IconData
s .
!(!9+
lhRak
a}BiC*
;NVT9Y
S`!Loc
w0\"
`cc9C
Q& l;
a,B,3
kH a
`QYuZ
IIhf%j
!`3BvEg2
pgwwwx
eWC8M
efG(U
eWC8K
$?m
&$R3
hhfffbbbb``^^^^[YYYYYVVVVVVRQ
pgwwww
B8^v0L
a;-Z(
WB\9-
awH30
o^>m
|bjC
[@ *
awF!k
O4-T3
hfFV
('v?cJ
dvZ7
awB9B
awB9C
d+8(
BN!>
B8^|0P
fwB8C
O@f:
/Fn\
&X|g
fb``^^^^[YYYYYYVVVV
awB9k
X-38
t kc
y3CBA
cDBuE
awB9c
>(jd
Y^wj
FK#
PhI>
E{bE
CultureInfo
dfB}C
gqB9C
*S]#o<
".f;
si(m
ler`
a}ivD
S7:6
height
mLn r
DaS+
yhwf
7Cf6`f
>V'nih
Q+}o?
d^(_
A?UA
5 5;
5dq,
l(Xy
Nz[.
6Z2pO
SSh#8 "
SG#.l|
T}B=gDcX
Bc}Rv
w^+p
v +J
ya3BLJ
VVVVVVSSFFFGGGGCBBBBB:118887
lB,")
ATU|
bH<35]
`wB:C
t_Xa}
v1W1
::Gf
awi9C
,;C0
x'>+
=Emm
-.?,
j}]@k
kuI/O
O$at
P1Yk
5f00
?NS|
Cos"A
get_RawAssembly
;wB30
jz [3
w I&
bwB4C
I`zQ
#n&(
z@A~1
Ov=&[
dwB,C
Icon
oB!P$
vy ~K
v"Sy
pYCQ
wawDV
k T;F_
`jG$F
SH'X$
10y$
wawDK
};*<
sj@?J
![oP^
bA|$ve0
{"~!O
8r^c
ffffffff
e%Ez
6<_8p'
,wB?P
U!Ob1
-+l:
awBqC
^ x
iec%D
HNH7
D,|Rd
System.Windows.Forms
15.3.0.0
fu-AC
2gZ!
N ZU
ajG?D
2j*y'
#9iiiiiihhffYYQQNMMMM????66620
VY M
mscoree.dll
Er]s
-a[BnC
h$B
fWA8A
mf\xke[x\YW
auC2B
awB9C~0
gwB9C
pgwwwwww
\L=@G
XP{y
9*KpN_
pPp_GFK
0r$g
q`GT]O:"
iqS<E
O#2P%
Y\sN?B4
;ge[$
Volatil.Form1.resources
WrapNonExceptionThrows
NkZ~
swx0JT+'
wwB=R
bp'^
u/Zs
woXE8
lFmZ,rq
~G"M(
EX[7
RuntimeTypeHandle
*0@{
ffffff
.5K^T
jw^ub
o{N"}
GpC?=i
B=B6X
F|}3
BfT6
#EHQFU
ic/
a/F9C
agB"C
awFK
CTpwa
N8a%
|Ucc
oy/lQD
{VG>
}&o}
,mF\
awB(C
PVF Z
iq_<K
sFW+n
}/02
a1TkU
#e7:B%
VB'Y8
mD_^+
w'Z,
Q/9&
a'Rk
p0Vq,{
STAThreadAttribute
agB<A
# :q
Ml,(
Form3
IHDR
Form1
System.Security
PFaU
e&C}C
XowB9C
k}H0R
DrGn
Y w8
,qNW
:a_B
&*8r
IconSize
rtam
&*8~
6fTB=B
&*8z
&*8{
9I%e
R I
uwB=J
n@@
$awH
__StaticArrayInitTypeSize=16
Sk>^
aeB8h|0P
}q> =l
bqPi@
4-]&
O u|
System
M>t@a
&*8y
Application
6S K
!wB3I
:"` V#R
w^^[YYYYYV
S\`u
;g('
u,-^\
System.Drawing.Icon
)qmlz
KH_%% 4
#HXP
3]tD
URGm
wawDGe
I`B9I
CC q
{po/L
hp Gk
uE< f
_ KY
;xiaj
`|BGH
[) &
#2[G-b
0crC
faTJ
Ri`x
f1|,XH
HLuO
vffffffffff
P/#A&
:Zv|x/
!dDj]\[#~
aL@;
aBB=C
XMkvz.+
;^tG_
#Strings
asjlC
QWa@w>>+
Font
lc}}
awSK0
PKwxP
kg,3
MwB9Ch0
h ?^
hDHE
\u`0*f8z
Z?
)mM'r8
xg $4
?awB9C~0
*cwB0C
vwB=R
}gc7c
%awB8C
u?5(
abG9C
SuspendLayout
RrQH
}es;E
+B9I
?%L-F
fkX?v
q}}}}}
/jLmr
]%ya
a7n9C
W0 ;|
0DYP+5
`p{U
aWs8
6\%j
iy6J
"`>2f
a}jcC
U,P\
a4-W5
Mw H
PdM(
[;z
pfwwwwwwx
^ 3z3AQ
4 V/7#
lyN&
?l}b
k&Y"
0XJu4
)pqBdV90
aYBBC
L}WE
Td1y
9{ (v`
Y^/.
=T gk
5!)c
a4#U/
eWC;K
) "<
jCt0
C[XlO
eWC;M
y@"D
>,w0
>VQ=.
cuL7I
J4<p
sCd[ )
w4X/
xd{aO
fp7Ry
f*hg
hqA=T
k03'<
"8b
d:Wt
Y Mz
%1iO
+oXa
50_J%
a^M
+@ E
QI5L
{%\K
97
nll@
ldMc
whef
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
.f:U
rw uC
$[k9B'*
]O!O
Q]o',
/]ma
`vC8G
`vC8@
`vC8A
`vC8B
1{r"
O6xFK
d(hQ"B
+M$8
O^%U[
~'Y3O
phhhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQ
\_2M/H1
%/bk
FvI`
}nhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQ
ax
5+Zf
(>VG
g1h`[
~U/s
`wB7C
aYB C
T|l#
|UD.0
U%1k]Bhk1eK
W6K#
acCF
pffwwwwwwx
g_K9C
{c|L5y
Wh/D
EdiE
N*D6P
:PU5
kRT?,
_nT`
+Ccl
[ h=
4&0N
UVdbGk
`2K%DD
bQy J
nZ;s
k$iM
s^1u
T2 t
{CvD
ZS w
z0 Cq
?w \
q$)P3
HZz~)
D{GL
;Q%8
Kg=<
~[S5R
)/YQ
x >
ghFFNUb9
Kx}d
ziX'
u[QQNMMMM?
ws&
4K:q
hW@8Q
=6GP
KVqaY
] A
=guo0(W
8l%0
ucFB
vffffffffffff
ZwB9Co0
o fc
bvL%R|
Aw_:F
pfffffffwwwwwwwwwwx
cF!~w
rXxBWz
-X=q
C'0J
7wB3k
lwB?k
m]N[r
a^vl/
N46h
+U9~?
S_aQ
lAT{
<_A4
Np7^
Oj 7I
wB3H :
q~f98h.
G{rV
ua\
27iP
h0K6
%rE>
+p2uJ
Vb9a9Uj
/||n
KYz
w1\7
PZ\v
;In
gA>"Q
wp&s
$C<
p{S,
0j{a
Form
/r?o
%wB3,
x ]'
xafB
z =E
/a+t9C
*~$\
V7O["[
@ r}
730
X?.g
#Eq8
>$`n
VK;"
awC*G
awC*H
}4}E(&
OBte
v_U-S
l;2%
mH 1
^ 4I
\ x6e,aD.
CG0S
Rj-r
Y@%or
Sp2Z9
vy3B3C#0q
c~C%b
Volatil.Form2.resources
$CCB
u:3=
a%#W'
_Mrtg
pfffwwwwwwx
*a@BoC
z ,
1X&:7
b~C}C
awB)C
>J"U
wB?X
l7(OJX
qOdS
N#Z
QtB+C
^c&m
wB?K
g7v(?
Y9C9C
6)rk
ae3BII_1
Q P z
b xb
r[ppI>
Omxp-
D dP
eI]k
Auzi
e%RMof
atB1C
wwB3
= 8hp
wB?k
gqD?C
gqD?E
mKu-)
EwB?=
n2q3
_eMa
3P`OX
set_Name
5=[p
f"0"$
Default
awB?C
*N.r
8r)|
.!_Hb
Cb0X
atL7_
*Lcv
vq?j`Pz
avBMC
vffffff`vwwwwwx
5 xv
Ec"Z
EwB?k
IHK6JIL
wH9C
~kO@
qUvzhM/
\rS],
B8Z{0Q
)w5^
%'X'
ufiHP
%,w>
vznqI
/uyv
74|1Bj- X
Y95f
EH@L?x
o6 q
QD'15go
fws`
jCTPR,
awS&S
IEvidenceFactory
j.$!
avBiC10I
XDwB9C
1gr
."H4
#T=j
a~B Cx0
cdBNE
q%s
O ;k
F?Q|)
ValueType
#tq1
System.CodeDom.Compiler
eqD?E
3.4G
aRB8Xv0L
SetCompatibleTextRenderingDefault
9W'5W
aVI_[
dAe[
x;.8
=y?A
)}/,
(}\A
-=rn
:xUCW
" W7
hz<.
w]Bx_
R}p>
B8Z|0]
hK9K$|
M c^
=kav
aoBGC#0
m`-_
v||
_*#o
h*d(
F_<l$d
hKcqx
yo@0[
w S*
'KPDM
brxZ
*/'V
$g#2
o:V/
iV{C
SNnP
v:/s~
n/X/#
L'/
Q_)"W
H6<6M+
@[TJ_#
cv._
vF7V
jB *
BJL1
i_59C
x0UA
)Oo
wwwwwwwwwwp
Jd:
<;p
=mde
jCV1P
wE*?
F){v
i` >
z/SZ
M0wb
dWB+
ZG>"
7-
!+gf
XNMMMM
&1p{H
k7N 9}B
HjL ]+
jfwB?C
4-D$v
C40W
6Vfm
HG=P]
% xr
_:_7
msS3Q
ICustomAttributeProvider
$V1X[
P*)Uv
H~g-
aWBoC
5W=?
?5rGO6
qNso})8vm$ `
gOs [x
jV4VC
cqL:E
VewB>CJ4
B$;J7
! ^(
\U7K-
): *
$[`9
L s
|}|F
pg 1
Cz*7
FormClosedEventArgs
1N8
Mc1N(K
e(4!
YWX@YWX
w8Cq
^u8~*
m(le
vB9A
Form1_FormClosed
(|JN
wPQ4
'8}n|
Cs0q
E)lB
ifGV
.. |i;r
`rG8B
@uXv
h0z
B9Csu
awS;kR0
zvm
ffffffffffffffff
}wB;C
9NZh
bqPY@
E39
U 2
eG1`r
:bpf
74>y

aw_7K
lOsK
$^4:
H[7$
CP\t*Ffc>
XowB;C
TT>0K`
vB9,
C$0E
+ B;
?aLBcC
"Yl$
525f
C$0T
t-V}
$91P
e kt O'
add_Load
pffffffffwwwwwwwwwwx
[ Y2
vAR3Y{rma?
BawH;,M0
c ,*
SettingsBase
?z-5_
KFM#
:L5l
jv"|
WuvF
5DB@9
kR'
U<JH
`UH9
<DX
width
X6 M
IDATx^
Ed0f
)VhN
1I;--@
[-CRT L
Q#A,
Data
]"|6
dgdgse
t RQ
M6x`
6358cd7f-dec9-a7.Resources.resources
/ny$
~]O;
+eqA
ZmG]
"awB5C
x=R`Kj
TA{w
xtb9M
z( D
.R8;dr
eW 4
E?h2Ml5
get_EntryPoint
n]Eq`Q<J0)
Xx]&lc
l^YSm
1e \
4Q .
pHYs
.ctor
|'ot
k_b9C
Z`:,
R_Rk
l)I^0L%
7&;-
fq-RC
"8}w|
`5B5C
aVB3h
.#qY
;N k
DLmQ
wwwwwwwwwwwwwww
"%sd
prS=,
6Y|Yo
D$D1
1]2sa
QwB8
fffff
FormStartPosition
;If/
"`k
jhUZ
Invoke
B^{R9&
disposing
Resources
<SB&
ha7r8
K$ub
{"S &Z+
a!* \
I tz{
bwB9C
%*;dY
wA7)
bwB9F
a>BWC
Vb8 #8
uUl&V
;6;t
C;Z'
3Yx$
_DqXk
QtB*C
Q'uS
+_,+
@#b+
m3.SX
jj*U
M( !
wJ'RW
RPDRg;
Y4~
bt k
IAde
iyb>Q
PP!d
<2 D
.L *H
imy-
te]T
hh+|1
f3=v
+!AN]1
Array
Zg.@
rW`R
C<Te
qNMMM
6U
k0wk
B9I[k
v t&
Q+[Yn
@.reloc
(2 }
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
bF*
awBfC
2+ @V
s'u?
MeJJU
|m{{
k w9C
'85Ze \
4Kx'W
IawB9C
QO1d5
0k>A
= TM
'pF-
0DcC
j sIG
uu[`Drf
G1Cb/5M
J+'QMj
eb 5
n"j=-
!5{V
Byte
SaNm
,*W(qN\S
3M[O
te R
Load
f>tJi
|`_c]
O*|[b
)xQ8]
apB4C
77B-?qWHQc
nhhhhhhhfffbbbb``^^^^[YYYYYVVVVVVRQQQ
nll@nll
sn_+Z
b+t/
H f9C
^QojP
V26O
`sD?E
Hn8TgY
G|@.
*Zc5
wfffffffffff`vww
a}6 C
^ E_{
[>0yI
CYmy
X(9"
aF[7
Z?B\;
z8CI-
\LhS
wD,Q
fpA+
HgSmt9
kbb``^^^^[[YYYYYVVVVV
a}808
D\{@Wi
7.@
knjcC
ifffbbb``^^^^^[YYYYYVVVVVVQ
E!5~
a}g:,
set_StartPosition
hhhhhhhhhhhhhfffbbbb``^^^^[YYYYYYVVVVVRQQQQQ
*`@
&xIT
(kZ4
k}H3J
AuC*C
S"Rr*
@q-;
stqInh
n6_a
E&}jk
p >i
Z=LQ
:3Y)
Q c|
pDwB9C
a3B<B
BOH8b^
y8B~k(
h7_/
("Q,
N.,d
%iK:5
/*>a
IP1b5J
I.B9I
H&Sx
asKBT
asKBU
6k$[
>,O,
*T=`-
ZO{:
Ox;rr
k[CUNC1$
(%!c}
*$z]c
htW>
!|
}kF9B
eawB;C\0
m|,~
iu_%E
a6BJC
KuW7
#Jx~~~
}m/(Qt;
W=M\
1H^U
,wqC
/rx
-34:
w:gT,
,wUi
,01
G!>n
7lTd
xC{E
RuntimeCompatibilityAttribute
AF"Q
awH31y3
C4iI
#/G[!LX
IckR
vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vffffffffffffff`vwvffffffffffff`vw
Vs>oP
Assembly
W1$I
$<'g
;oZ(
,[J,
| uh%
9dc^l
7)B
"$,
;_?o
~wB3k
s<4.
xzCP
iySqR
zjiiiihhfffYQQQNMMM????66
e_}SF
IDisposable
C^ZGH
b:OAC
I 'ti
ZY$
nxh%
System.Drawing.Size
u&gsyP
4 U(
fPwg
dWC;Q
+KnQ
`wB8C{5
41C3
SB9E
[0U7!
?y,L]
set_Text
a/C9C
_w1ZC
1aC*H0]
m_q:E5
m:SQ
&ZW.
YEs"
^Nq
D/pfVD
63lj
Q u'
R1x=
}A 6
0uvs
5iWq
XMB\
awB9CN4
wwwwwwwwwwwwwwwwp
.%t}
set_AutoScaleMode
#wB9C
cwB8C
a}jdC
w~x$
FFH6EEF
6 n#
Azb53M
|zxS
wB9C
PYx)
i}@5NU
wB9G
k/iD P
1.X$
aGG9C
Dn!
`vP$@
3;Hy
P'&W
Eiy;dF
') \Y3l
)+cI
SJdio
awSJ
/B9I.Q
$;9C%
t_Ya~
ewC7M
ewC7K
/U%N
defaultInstance
$d75662df-037e-4f16-8b90-21f981c5a8c9
awB=C
FvMHP
eKH^s>
!,}
Volatil.Form3.resources
czn`6
B#Jv
H ~O
,r .
[{?c
S+lP~O
mDR<r
ln6lj
25 @>\
w6T6
#U64
D`wB8C21
Iip;8T
K?D{[
(T{sZ]
xzN^
8>GC
SL9 =
gWB$Q
%;.[-KW
.RCo
EditorBrowsableState
0cF6I6
Y cC/
1OEp{p8B
/f;Qf
})5tu,
e/C?C
X S
Z12u
E{zQ
inxy
1RxX
FI |
=
X B
v\A/h
vfffffff`vwwwwx
MethodBase
$&C*1
/$#4u
X >
#HK~n
S%(>
Gj@
yoBz
!GYD
H:G0
m[I x
^lY@
!g*|0
4"nhX<S
POv>Z6
l c9
9S`8M
67AT
L7tH
RB9G
P2{q]s"SU
Nw \
7d->
bp>a><f(
"}wC[
M{@||
A0&
wawB1B
kqBDR
%CLP l
raQ-U
awDGO
ContainerControl
D\<)
69G
r FaW
|BHRN
srOKa2
auB1B
i 4
M?cEM
:7V}nI1
awDGj
=<9o
MGZ
?NFCA]v~4
g_ 9C
vff`vffffwwwwwww
k|E?U
?P ^
pgwwwww
w_99C
+On{
h?Q<
nY5U
[E3
a2B9C
arB@F
EP_9
im z
.r'i
vy3B
X+DA
'M>^dS
]Ds]
$r:l
tx`t<
$OxkI#|Q>R
0 i
q2bQ
V*)?9xs
a*B8C
#Xbv
~ Sk
tav
w/g3%
awH&L
J ?:8(
C<0d
'1d0o
%)lgd
tawB9C
6z {
`vC=E
p+px
,Y8CzK
@:`Q
69NY
_gBB
B8^c0W
hCcewARZl
[B9I
dhfk
0Ej E%p
O2L
){yw
^&7x
iwB;C
aeQ9
$+C&
Z)tCd
I B9I
AatiO<q
[ Y~
avI!
n7[lS
$>uqi*
GEEP~|z
u6H?C
]lcWFxA1
a!B\C
CL0A
!QcGt
="~<
awBA
ewB8C 4
!x;y
Bb^C(CG3
awB9
4>,Mp
TEC6
Q<$<"%
a(BpC
) *$
Z;:8
qwB;C
&o<
lIPX
awB'
nH@
L$ s;-
YWv?
Yn:%
74NS
AvC+
}.g6%y
a!`QD
C 0A
bqPIK
ehro
\@#d
CJZM
DE@,
, /.
x)7l>r
qD|b;Q
Close
YF(S
>]j LC
RwB=i
QrZ@jn
'y R,
awC11
kNJb
T@nd]{
r`^^^^[[YYYYYVVV
Z%NOQ\l2
-b{IG
a}H?@
q/9C
V(($
1q>/
:v#gQ
\?6(uQE3
P)U &7
awSGu
awSGk
v2.0.50727
wB3Ud
(0Mw(
;0ox
I.Xm
-g\
1.0.0.0
hgber
JjqS
.fF@
InitializeComponent
C"0R
<BA'i
$/;
QvB>C
Z7V)
Emkl
`B9G
yM?F
avB<D
f X/
o<tWG
C"0q
MM`v
^%be
,[Ww
9c~e
|6}l}
unn4^p
e]B*s
ko'v
gAMA
C 0I
tn5Z txP
N0i u
awF(U
awF(Q
%]Ya
x2DMv
"p}'$
4 %
kNt_
@l,Ce
awF(D
|6J4
MarshalByRefObject
O>X>
Z#&z
D<U5K
x/~e"
shhhffffbbb``^^^^[[YYYYYVVVVVVQQ
b fxwU
30K0
2rt"w q
")gr
y> 68j
set_FormBorderStyle
QtB&C
mscorlib
4~c9
bg3'
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
<hfJX
lN7 KQ#d
IaB9I
-ewB:C
APo]g
6no%
] )-
^ &3
ioK+j
wB8k
8wB3E
#haG*
aqj&C
|3wB8k
u`X{r`\fb^
=)?H
cwB9C
}{o?
|YYRC
V6Z4
awD2h
G}; -
/i x#
T,pp'
u+Pe
y@&G
hAY;
apB$C
#9iiiiiiihhffYQQQNMMMM???66662
({P#
> l

y&@Cr6uBx
^N$ $
C<8Mi
V+p>
g=s9p
DN`tw
-0am
get_ResourceManager
_?n-
6KG' A8
VTO
`wBVg
ffff
GavW
@VwB9Cm0Q
A.-B9
" iG
zB9G
Form2
{Jp0
a<B2
{6iq0
pQE-
:Jz9
U-4A
Gadj
' n\
KwB*s
h'[If8%W
auI9@
k?![
-i40V
k}K(k
BmOy
B$cD
[KH;c
QrBNB
X&ClW3
lJ3P0
sender
bPa+
N/vCZ
--OL0
\Hz
50FO
Z{<R
BWUBDFE
aWB9C
Ko1%
pxvffffffffffffffffffff
UIjO x
5,(#
bai9o$
zFi
Kp]1
DfwB8CJ7
!XMs
(Qo~
G-P
hWA;S
T`=}
_D?
ita2
Pt i
Ck.I2
oM0q
ps]wb
C}7)
auB$F
0=''l\
&k/?
\_L4
Y1JP
fK4-
"NBu
)QV"
a'B9C
&L(s
`p+\
<C7w
Qm429u| j(A
sENC
UD &
g5||
psqB
c =8
wBj!
M2I
0c0g
4vfR
awB C
<M'A
#%rK|
D.,E0
&^|$u(3
a}1aC
#Hxxx~~~
xFq\
LB,y
b*!s4k
pf=k
1w`S
u>4M
rfYQQQNMMM???
:1?bdRC
W0tp
JHk:8
\udaf
aMPYC
&wB9Co(@
a4p
$qs!
aNB#C
n [Q
%fuA
AD</
BvVG
agf9C
jgZc
oawH
<wB3
9}[[G
psS<k
BD}/
)Gwj7
,p(B
SecuritySafeCriticalAttribute
\ +R
Char
n/x]/
FH5wq
G1^r7oV
</mt5
=0Ef
\=zS<
sB+P
c6 FS
kn?.
p:EXC
o `~
zm&-jX
hn_WG
D}9l*V
get_Assembly
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
a.:n >~R4
'jN4
&6 ]
c7))w
NEo2
Yih7
jj*
wB?,a0
buffer
hhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQONN
sjL+b
y39KP
%R32kk
sJ |"
Mwl9k
crC9C
!This program cannot be run in DOS mode. $
<_Ae B
!4)IL
awCV
l[_~]
m2;Z
e_:9C
u'b.
`LFu
VFZR
*xkS
nQEveJ
_ [I88
8>:m
^u0w
x)x3
! >E
FW%jr
Dispose
E`0Em:
+TWn
Hts1
W7$C
aKMCC
Havad
CZt
ij>=I|$
0OLm
RN;$I
lVBb
otD+
TGu t
f=In
u3ET
fXJp
fffffffffffffffffff
?XtF
-!_m
gj8)
z F
HR2UwsH
*% f
BIky0
#2gP
O1,U
Qe(c(
*I ]XE
N QK^PLk5
IQ@`
LP/zl
v\8C
$: j
1hqB
2NphM
HpjV
B4'[
r<g+(
" est
>THp E^R9
set_ClientSize
\7qZ
oL M
5 Z
hwB9C
5z 2
Z]5@
MHS|
ftv\
V!7j\=*
1AQv0J
B~]k
fqjUC
O>,M&
Rbde
ahE9C
hna
8x
bG23
`(B
QWiV!kT
a!B.C[0@
System.Resources
WiD"0
*wB:C
BSJB
- 7'y
resourceCulture
$vd P
Size
gvC<F
\9_5C
0]'-
#8=C
5{frn
$awB*C
jawH
o_MF
A'7[/
`wB2F
"[ v
a!B.C[0v
C:0`
cQC9
f>11
a*17M;
bAJb
inh@
uejK
vTMM
qQ8
M=#K
5xkW
B~P
`e"=I
'_r-
(`Tr
E[Yr
H@3o
H H9C
LXLI
;*mV
,_~V
{@ f
FH*C
awiV
GwRuC
@uaXR
<.<
kqo?0
")fQ
K:e r
rZLD
)cW8>
~2 A
^;pC
cy^1K
t ,g[
7s:j
n Eh@p!
*aYBnC
)peB
U3wB8
8;Bx
tX"#
3."B
<xql
(6Qi
:dS\k
yA9h}8
%}0w
``wB>E
}R2p
phwB=
j"QL
&h!M
{T#M
Yp qR%
k7SV2
anBMC50
QbqW
Synchronized
M6#J
E&jw
p%9
.AQ_
s9M
Yqo$
a_J9C
>(VV7
.=9(
6N["*
V^
n=PL
atB;C~0
A4?P
bwB C
a9'A7
]UtJ
dwB4C
%jB
Ai/#1
RuR>
/ejw`
A2?(
[}AYl
XvuyI
E/0
B +l
Xz{
)+Fo
WG-M LB(-i
awByC
Go<b
avB,F
4&;o
*Mc<
bSe:
0 yI
"J1F
&" }C
J>~=
kY^(_
;%w@
iwB9C
1<)
DBt{t2
rVH?C
:-]&
LK7d#
u7'`
Q%N'w
Hs:
a~B!b
de\S
!B9I
components
s m}
M-|U
Cisp
@\mJ['l
evB90
awDKx
I"B9I~
3e 5
}BK2h \x
qwB9C
Convert
:Y'`
Hfx'
fM5o
( !o
:fHE
jn)Rp
Rdj@^ym
t<oEA
D s
B^-k
uA&2
T&OQv
agB*C
r1O"Xz
aoB7C
L[T4
v*hQ0HJo
zXi*
yRXPDK
t27!
qmEXC?
MethodInfo
wxK@
h)KFJw9
wO3C
awH*F
6!Z&
P#&`O>1/S}
p_A?R
{hJv
t]XI
|R e9O@
jdIQb
3 XP
CompilationRelaxationsAttribute
';",
UJ{
x7[$
e(VE
!1`X
axG9C
))b@
Z ?b
r9/X
ky]`
v^^^^[YYYYYVV
nffbbb``^^^^[[YYYYYVVVVVV
Ib:3
g=F?
hn$<
3=:
y!ya
PhC1+ V>
8y45
vfff
~um[
\&,J
avB:C
System.Configuration
^YYYY
z,(
7u^!
bS={^P;rWJ7cL@0P90$;
*iBb
$=#L
arb8^
.)&>G
awB"s
FormBorderStyle
]F\I
pffffgwwwwww
-~;p0)o
eV@n[M9R?6(0
$ *E
FjZE
ISSIOH
x_1v
qWcx{r
kO(V
avBF@
h#'/Al
iQB)
=,
(bwu
:<(9uI(
gqE9C
ugh)&a
WwB=A
,Va,
Pwxm
Qt{=vMF
Ws8z
*D93
DF>IWq
3;W"
IEND
J:o ZfP
8:+)t
DawHJ
#sE^p
Z HZ
_f4t7^
s_^:(
2\<v
XM)#
~Ou-
'D\r
Pp/n
D I&X
fffffffff
C?CE?@
>39@
8J s
&|<!
k'pj
? 0Q
`uD?D
&,UD
+';v
n;\Q
vw~+A
q6i)
`n+')PZ
Gs=m
gajBC
B?C>!X
iaQ0=P0
awD(K
u#^(
R.|M
&x .
(8{
a3B\C
=O|d
,(es*
t__a
o%/h
<ID6
=Z ]
H&KMJ8)
awS/T
7vT&
{DB]w
4z]xmm
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADi \
SY&U/
E&[`
Volatil.Properties
38%
V1$RS
kVH?C
kmH9C
p@EXC
E%M
.Kj*
,ykF
9l7u
ZAM}
sUIK.
ywpLx
av@`M
_?5=L
C>l9
\a}J
Form1_Load
%mxS
P-oC
;=8`
h_b9C
vawB9C
Vzbc
9BVx
avB8B
`wB=C
<0qkn
bZN+
avB8C
0b\
dwB9C
;JAU
u(H/
=PVz
Main
dwB9J
o|Ce
q|qB8_
wK-
wB?@rb
=$+vX
/j%*
92l:J
5X*"
L'c&
q\[!
"eayHI
wwww
(y>x`
-Pav
UtiC3C'%
Zc\m
4^)5
FVH
AssemblyFileVersionAttribute
sBIky0
_%h4v
oy@;A
drG8B
|2L5G
TzZnw
kmS*0
l YSnK
(l""
t]W L
pZVhN
"3W!QV
ksKL
U2=Q:
GaP2<
|B4#
resourceMan
)@n0
^|sPW
:'M+
\L^v
-
12~g
Q r*
d;$)
`Sc9C
fffffffff`vwwwx
1q=_
ycu
awB#C
wK9
[$}0
s\-q
Ai7K
4Ryh
?qx[>
u4VEL.C
","}g,
Class1
vTc ;
GetObject
N"T
IA.GT
yD9h}BL
0X Z#&F
9TeK
avB9C
k),ld
gi 5#
otN~A$
kYQQQMMMM??
.4^ Kp
4,2 I
r?b3
2NvK
U"hy
`:h4
{%F)
0b(
B(C|6
b?M/5O
Qrar
eL grb
8OJ+
8A%=c
V,:A
-ja/
@Mt&
zkD8
6 eK2
0Mb=
wwwwp
[\2Q
]gKi
Ws1k^
7aUr
ZNK@S
g[~.
S@A6
%$7|
d 3Ij
|:6o
oyL7F
fpBIky0
xVb`
C#3(
i*oyiA
xION
_ 1fh
cwB<C
aBo{
awBGl
xr+J
String
o3f7
_CorExeMain
h}B}&
a7B9c
nNpA
;8 Bn
!&eI
Hy]K
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
G@e*[T
LAk,O:[
3eVo$
*yxuY
8;SZ+
RxMPo
awB1c
F%r3
\) l
Yd I
`ek1@
B(-q
InitializeArray
XTaT
gpB9C
=~q'
+*.(
]f7V
w2X7
pp}v
awB1C
}@XZ
c6Dr-N
C?0`
wwwwwwwwwwww
~a kX
;kT,n40
pt__a
cah;k_0
:b?M[,z
#%TT
\
@kI4
dj2
wi0; 90
aTBuC
qUkLjw
vh1C
EditorBrowsableAttribute
asS4\
add_FormClosed
C%a8U
;HXJ
=7*k"
+c<7t
pfffffgwwwwwwww
kwA$F
zdvK9C
rx,i%
[Q{d
avQ,G
]lvi
`vL>C
}(SU
8xuw
!wB8C
5;M&
rwlJ"e
D]';
wwwwwwwwwwwwwwq
s^@]
@wB9Cx(
.IDATx^
/XF$
-J;@
QJ]3=}
__E_
zo"I/
|V5k
!( T
B8Xt0N
kR[?U
<}= h
WJ _?b
GraphicsUnit
nS$/
0Cb"
-hIb
yn :\
System.Drawing
[s8
R 8q
?"i
gIn'
J`+
<mo](
-2%sR
sjZ+b
kK#J0
L*ur
?W}H
H'h=
awDGP
zSO:
jh 6
y2u9
-!f,n
ivB1C
]B"s
yxBMP
a}UJ
F7S
qR(X%)
DJ =&T'\_
9N8&
E6ly
-?rc
e[E(G
X\Nj
u'dBG
3n"Bs
8+}
aTB
copL/H
Nver
ijG,Q
F:Gm0
#1)3!
#Ns[
duM
?eLwn
._-n
3e0v0w^
_As!Er
&WA.
RuntimeHelpers
PGh "uq
0bwB
}8+;
C?0O
v,,&
q m%
, y
#9iiiiiiiihhffYYQQNMMMM????666
c_X9C
|9q<o
C80h
z{5 P %<
$Y\J
E>c8
nqB
dHa.
L3B
JF,:
;}(Km
<I}@
F5!d
/jS)
.yiu
;a V
8Swg
=7SU
Vnh?]
Object
_b8&
O*}O
XqwB9C
lzUW
vfffffffffffffffff
S\%Wi
;DX;
w\lvW
U1`e
ComVisibleAttribute
<IoI
@nF&
LEK{
3System.Resources.Tools.StronglyTypedResourceBuilder
q.f@
zc0
Gg,'
wawHV
9YS\
UsUUO
zu90
>1DK
\bPc
TwmD
f)%*O
A 1W
s^J7Q
q~CJ[@1
aqBZN90
gDwv=
o5-!
L| #
j l[
;ZpA
>F.K
M `fU{w
0+ZK
127Z
j3w\
*~s,
NaEB9C
Y&m$
ewC:K
awB6C
A_T_
\]${Q
b/S`D
Q?V5
`3W!
Z~Ki]
B?Cd
0]8+
adB4c
MBS?\
~E 0p1P
b@(t
Zs5C
@=iZ
GGpS
&&S&% s
hDOT
qkRrj5
~Px\
QtBkC
ol/ 6#
atBRB
vuX_N
%p3,b
hhhhhhhhhhhhfffbbb```^^^^[YYYYYVVVVVVRQQQQQO
a C9C
q`#-
Rajaejeja.Resources.resources
evC8B
ewB;C
awH2
a*E9C
3o#Z
ueJE6."
=CYd
yZc #
sRGB
bkX (
TGi:
+_^qK
$$p a
Qz:'
(x !
q!9C
AutoScaleMode
W)F
)g*,
e.qA
ZB9E
;GW
/Mj"
HG?{
sf>Q
u[[YYYY
(9g
c`'X
1~jo
QuB C
`wB-C
ZNf-h
auBRB
mJ6D
,3s
}7e\
aVB=C
H{ E
-Ho9
get_Culture
e%C?C
aaC'B
hhhhhhhhhhhfffbbb``^^^^[[YYYYYVVVVVVQQQQQOON
*:?@0s
N1.X
J nuNp
*mtT
emql
B:Q&
6zp>
C<7_
5VxRa
_.sw uC
X?"
ResumeLayout
wfV(G
DWll
,+l\\
z1a|8
|S9G
aQD9C
V3d
<#7z
6x|
RRS*QQQwRRS{TSU{UUW{VVX{WWX{ZY[~fee
i`Q\h^MXf[JXcYFX`UBX^Q?X[O<XYM:XWJ8XUH6XRF4XPC3FZWR
^vi?
GS ,C$
EN]Nl
;f]QN
@wB1Co(@
z}}}}
9;C[
RJmF
[pBp
:pvL
*I+cJx
Wn0z
v9m
Nb\-
96*'
*Iwbl
N]Ol
V; /
ex[
S~a56=
zat/
set_Icon
1_ `
%;I>
b/[t~
wB?P
p o
lbbb```^^^^[YYYYYVVVVVV
+'5`
[K6]bD
<`wB8C
si}Yh
&6z+u
MigY
d8} o
JFdA
4$BcS
6.^,
{"Hv
pgwx
)@Lx
5A:h
7ev+F\5
fffffff
nQQNMMM?
WxS5
=aFV
/@e'F
1LJ
avBRB
}O+d
YG[>r!
ib3B
}%3;
(Ly2#
bDy-
N\u7
;pqj
DF$8I/ A
%B9B
8g.@#
`SJeo
dwB;C
R_<Q
a61J&
ojL<D
Q>963
i=c^
0~jo
Sz0])
aGB C
huuc
fff`vfffwwwwww
u#dg
L"Q 'uq
5^<dX
-3 g
ComponentResourceManager
^av
ttP%N
7ZDr
6p^b
k-urO"
GuidAttribute
P QpGj
x!;@
[Z]~XW[{WVZ{VVY{SRV{NMP{IGIwJIK*JJL
~B=P
1)_Ka
wawD
t Ji
H:lm
#aCp^
8gC`A
@o.-76
{34,
_prd
XaG2U
-Y+^
,gx:
g{BPS 6
n0qz
pJZ
$d!M!
~@3D
hhhhhhhhhffffbbb``^^^^[[YYYYYVVVVVVQQQQQONNN
a[i]
WCBl
}Dyx
awl9C
$;J7
jmhU
Cz2!
CSZ=c
a}8(G
4%f
`v@?E
%)))))))))----------------22-)
)B9B
EvtU~F
j. -
#sD
nrGr
a^G9C
v$I%
:7RJ
6 nOd
CC0F
`.rsrc
m5<t
VKAQI
awB!C
#W*n
2[ :$
IB?D
+gl@
P2'x
\0QR
|si>9
`0d\
9 $4
Wf&B
_p9.T
AwB9C
9o fi
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
67f=
)t2/
.NPg
k}B3N
X 1~(
ffffff`vgwwwww
1g8
k0;*r
y YZ
(3t|
set_Culture
RwB9Ch0u
^ $9
X0D
_bZhw
[''D
FKv{2
KnM\ A
5`HHU
AwB95
EvH7
46iz,aj
\)wY
/SE?<
u6Ufa
D lL
Yia5
5$^SdgN%
b#7
TOl'
awC"s
EWo
2mn)
=M4![
,f]B8S
pU#)E7
{JJdB
P,;0
arC9C
1+U&
&n|1SI
F0*
]4 i
a]0
MX=R
a3R
>VS-z
(lG=
H^n{
Ak^8
3obT
f|Tf
5wB?e
y{#)
b7(K
C 0|
6eB]
get_Default
Ynd~
.Q}%
edB1e
1i;R
g f9C
g! I
SNJ8
#9iiiiiiihhffYYQQQNMMM????6666
cU G#
mbwBNC
3~jo
58/=
w?b;Na>)&y
awBJ
pI]
a;B\C
+lP@
VN<N
r|T*O
53@@
7hsbtCP
ZY0
6S/~
eYB C
C?C>(h
JGiw
`dO11
$$JS
'T`%
N3{,C|&
set_Margin
|3 2
|rJ)K
b.e\
!\w+
e+>&u[
pIUm
mykey
a?JrK
GetTypeFromHandle
1(?:
dgdgse.exe
)tKH
}A,{
$'MA
Y?L6
<+W'
Ne4Y
Dfun
hefZ
dYYY
tk"
a>a7
Cv76o
R>b
8ptd
`y3{j
}=_ WD>
rBIky0
y,Pi
-B9B
gqD9C
66M1
+^.t
m Qn
offYYQQNMMMM???
<[ &
AL&EY
gvC8B
2awB.
7':F
qB)v
```^^^^[YYYYYVVVV
P&|^
PJ:"
eRJH?
RC0@
.A}Z
Q&j0
`wI\
=csBG
oiC?C
yv8E
C;;/o
";'w
qaZt
L(>_
05]
;e4[
a3w]D
[7S
=wB3{
HR|E
QuS/
bwB
e m9C
]q$m
^b9X
:()Yu
6q.r
D Q
i i|*
oawHMA
('1+v
T>4&bMA0oVI6{]O:
c`pH^
G}Fd[
29e}
{*uP
m` )
RF93
lEwB9Cm0_
System.Runtime.InteropServices
:IoE
^7+P
6`FC{C
gI%Y
c^[YYYYY
!@9XG<P
t@,s
Wq<T
ajB<B
o Dk
$mFl
(7w0c
Uz)\
snJ+Z
a40\"
D\E*
$]xu+
B@<i
o7T4
1E@5
' j^
a B?C?0F
C00i
|0"Ot
\T{@
`wB>E
oKk(
w~9x
Rvdm
!!&&&&)***&
'Qc
System.Runtime.CompilerServices
O'Qp
SuppressIldasmAttribute
GwB9Ch08
J;*V
7U^
qHWf9
pavM
)X.v
#Hy'
awBYC
R/}N
<`wB;C
kVH?C
L?@
FpRd
H?[p
gZDJ
| vp g]
g10r
jX+
t% 4
1@O!
G/"d Q
7?xl
]<>u
awB}C
&JOz
EW#\
)VLZmbF~
o 6=
fa *DK
1U@cd
2S m
a}d08
awB:C81
ADJg
h) B
Settings
B7K_2
FSeX
;>es
KcUM
a{d9C
awY=A
m\6o
Oz.V/&e.
eq R
?9l{
;*Gz
EXZ,h
$JMIq>
set_Font
a}h*s
a'0V
ffff`vffgwwwww
$zYS
N 8p
fXyc
fffffffffffffff
dwB:C
M5i
a5.V
7~jo
avj`C
EventArgs
byteArray
gg3)
6f#j
'+hfs
^31d&8
ph8S
9Bv`
:vBIky0
rEz=
o{w4V
Sso$
2wB3@
`A,JTS
:Z ~
yl C7Cm=
}s#v
/WAb
)2j
3!M)
FontStyle
cF'IsD
avJK0
agB.C
Culture
\##:!oL
sxi
ndS!
q`[P
guC8B
"dJ6S>
Xc<
C@0_
_}SF
yUJ4u
I8I!
avC9C
ZU[NP KHi
ERnJ
bWB>E
6`xC$A40
=]Sj
PAwB
'0V$
a%'^*
E0 qY
^Yv
#O`C
o78r
oCJ;c
AvC(
O.Wg
<Module>
cwB;C
I!4
S?# O3T
\k
pJBb6
pfffgwwwwww
?AH
awB&\
pfffffffffgwwwwwwwwww
^A\0
s3`+B
@.y2X{ie5
hhhhhhhhhhhffffbbb``^^^^[YYYYYYVVVVVRQQQQQON
$B<G
.|S3
@o&c
RbfMj
Aa5G[3
Rr c02
x`](k
[n}D.
{t z
value
FZY:
rfC~;}
SizeF
ewB9C
avL$F
yW5p
AtJ$F
=Os)\
sI,
%` B?C"1h
^r<b2
5 tq"
*aqD
`GdBs?q
awB:C
Jj:Z
4VJ0
x#jw
uB9B
j%K]Q
svP;Q
awC4=P0
ksn\K
~c9Q
awH0T
nW1n
pffffffffgwwwwwwwwww
~g,>6
{wrF
c\'2>$
> `g
!yk_
\dJT
Z.JGo2
E:j/
g9oc8
#GUID
F&OC
$*Y%
$6@/
awD:0
C`0l
awC9C
1`,O3C
4r{BD.
uC0jX
get_mon
f;>:
\??*
xmiihhffYYQQNMMMM????6
fD)w
H1>R
Z4rM
k[B_*
20i0
YWX@
*T4
FJ- g:
6sq_
adK9
*8lT
8 zYt.
"~g;
HawB9C
4k)V
7RN:
hggT
`wB9C
^Y0Iwv
yB9G
A2OW
p6i^
@Pdu
gD.=
%doX
`k+CB
%$4!L
mY xp
!|CK
0b$
`vF?E
aRB9C
Z4^$J>n
'GG"-<n
GJ&
ZdxqUB
%A%6SQ
,JaQ
/|W=
ZF3>
System.Globalization
T6xH
T#3{
EventHandler
UgM~v
3tuU
G.Re
avP K
tawHGQ
-h:Rk
XiwB9C
#"h30
-{6wcB
P68Y
pzj:C
K(Op
sNQq{
awS9C
1IfX
Ee-G
~[[
/Ezw$d
jbGsJR
Px:l'
DQ%\0
ewB:C
IWB9I
l Ro
).v.
AxF
(-+
.dg:
S}"4
:9]"D
mC+
mmXI
0 S-*
"am.
o$Ce
XmvEh
{1|dZ\(
dwB=C
M#J.
Yzk%
t|?H
kvPmG
S1
7S S
93O1
F=)od P
!zi@
jc,Ze
Oha7 ;Cw9
&aTBoC
ZY<"x
15.0.0.0
<t J
C10`
!=WL
hwc_
@n9T
irb;B
?FYD
PnF$
C10w
C10p
gez<c
`y jB,
cWQPUv
;X]u
ie3B3C_4
_+vs
aorL
\r` a
5Ftf
E
ZZZ*j
acA9C
@50 k
)&.L
.3&S
System.ComponentModel
&Ezj
~DhF{M
VM'xXM
}\8;t\w
AJCq
iCQS
Kav[
"M7f
P FW
>B93
m3:s
pBIky0
yo T
awB'C
Uh:.
3pL:
1%o(S&
bawB2C
{ pva
awB9CC1
p<_ar
r[qn
- ~2
i<#
jao
jspn
t`#
guB:C
c7:m
8,\KN
UBGj
'qYD
t&0Z
ff`vfffffwwwwwwwwf`vfffffgwwwwwwxv`tfffffffffgwwww@
#J~~~
O?cY
2 75
i(X3
Xv>BV =D
Y2j_-Qpq_
aEB$C
nqAJ
nGec
vfffffffffff
`HOD
`xhB
QTzx
JM5
"f[:
.5@4;
zmD@B
U]&S
a1FkB
4;fJ
>B9I
;dwB;C+5
*xqo
FL#S3<
;VwG
.cctor
]Ci3
sleI:
xadC9C
q =+
B9I
CMN;5P
o}$I
a~B8C
Io0T
~!m&
8O+
System.Drawing.Bitmap
)r$kX
teo8_
Iknm
CG<.
:Dgb
XkzFnhZ
wH9N
`qb8^
Q~[%ZA
|7KCw
GeneratedCodeAttribute
}awB)C
JSC
O;wEq9
#s,!
.K?F
<, M
M ,Zu
pffffffwwwwwwwwwwx
aqjXC
qXv\9F
d+Nl
q`ZU
Me>
e5$!
fSB}C
?[`EA
!xE G
atB)S
(Knm
iyJ1^
0f .
sd/tT.->`
awB5C
LNtv
vBIky0
YenF
awk8C
XcwB<CF2
pgwwx
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 05:03:59 2018-06-04 05:06:49 170

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 05:03:59 2018-06-04 05:06:49 170

4 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-04 05:06:18

Detected family: #Ursu

TheSystem Itself @ 2018-06-04 05:20:02