t.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 7/52 Related 2257
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 205.44 KB (210368 bytes)
Compile time: 2016-07-06 02:06:14
MD5: 4bcec61a939260dbea704c14e7705cb3
SHA1: 13a7f3872bc495880d97fddba42d61f03c66f439
SHA256: 6a84f9c69a276b46466e3e6036bd65368feee665d1dfadf59edf120d0ed3f7bf
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2016-07-07 00:30:02
Last submission: 2016-07-07 00:30:02
Filename detected: - t.exe (1)
URL file hosting
hXXp://top-id.com/img/t.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-07-06 09:00:17 [7/52] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x13d44 81920 b9ffd9bcaa24e4320a1c5a890dced7d0 4ed23e611c7a63bfe21740d0f2cba609689e1485
.rsrc 0x16000 0x1b41e 114688 7c0217ce61a1c58c97c0b1ca98b3e2a7 51cff971f4f7c7273e67d137e979602b61b3e89b
.reloc 0x32000 0xc 4096 28acaf1a44bb1fdc870c45560f51b446 9adb5aa10166b97864d95921fca6f7f76cc62c57
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x2d19c 16936 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x313c4 90 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: 3882bbfe519f057ad3c515ffdc35ef4d
SHA1: 1aea42d9abea7e06c043653948bd0d7409ed13fb
Block Size: 5568
Virtual Address: 204800
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
ntdll.dll
mscoree.dll
IP Found
No IP detected
URL(s)
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
http://sch
http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
https://www.digicert.com/CPS0
http://www.digicert.com/ssl-cps-repository.htm0
http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
String too long
HvsEciphcmJ9lRlcK6TJPPhyLo9y69wyi1PcQVeulY7x79vq54hhvWDCixvTFWA1xCkP68y6E32JhccN6E2WiX4eW46jn9M5aIErwrP2ZxYL8Ugnq8kTaoYQYN4Rdj6nEgHZkRv5UaGVuUggx5
M5aIErwrP2ZxYL8Ugnq8kTaoYQYN4Rdj6nEgHZkRv5UaGVuUggx5hhvWDCixvTFWA1xCkP68y6E32JhccN6E2WiX4eW46jn9bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq2
xpN2dcwJmWTW2JDQJS3JIe2JIsvlxb4oPf0RaNVTxmn1M3bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq2
xpN2dcwJmWTW2JDQJS3JIe2JIsvlxb4oPf0RaNVTxmn1M3bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq2.Properties
WbPkDwpZFsPKhTQgiBg8rupe0MC0DPFtz9tCo7DsiHDG14hhvWDCixvTFWA1xCkP68y6E32JhccN6E2WiX4eW46jn5rFSM5ADBsHeVAFWCMFYwOX3ebjN22zV4TJtlz3qeF6
bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq6hhvWDCixvTFWA1xCkP68y6E32JhccN6E2WiX4eW46jn9WbPkDwpZFsPKhTQgiBg8rupe0MC0DPFtz9tCo7DsiHDG14
?false</Enabl
mowStartOnDem
File:
hnate>false</
qleInstancesP
lName
.resour
! <LogonTy
@uthor> </Re
checkBox1
Settings:
Rettings>
`rtWhenAvaila
xpN2dcwJmWTW2JDQJS3JIe2JIsvlxb4oPf0RaNVTxmn1M3
u="Author">
qExisting</Mu
leInfo
RtartIfOnBatt
!<Actions Con
uOnDemand>
nwStartIfOnBa
hggers> <Pri
ahVZhS2n5smATar71rGw1Xf
rerId> </L
nn\Policies\S
! <RunLevel>L
.XML "
label1
label2
cled> <Hid
aEOVxrwXFU6dxHkxPxm
Form2
Form1
? <RunOnly
bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq4
ssion="1.2" x
s> <Enab
Bommand> <
VERSION_INFO
r34df
Pro
escription
Int
button1
HnteractiveTo
Oj7pd6Dbxv3KJBWtHFdJBCNTGvQ8YdCdntbvuFChKKEw3
Oj7pd6Dbxv3KJBWtHFdJBCNTGvQ8YdCdntbvuFChKKEw2
params
! <RunOnlyIf
fistrationTri
hstrationInfo
a5IOtKcgkPvQ68q0VB
RERID]</UserI
=/LogonType>
[oneID = 2 >
asVMoq4EiBUIRKGS1
! <Date>2014-
35T14:27:44.8
LegalCo
`nd>[LOCATION
leLimit> <
sies> <Sto
! <RestartOnI
`ls> <Settin
`ta
FileVersion
button3
FoingOnBatter
dvel> </Pr
button2
/c
! <StartWhe
Assembly
?false</Resta
qal id="Autho
asdas34df
Oj7pd6Dbxv3KJBWtHFdJBCNTGvQ8YdCdntbvuFChKKEw4
Ori
! </Registr
checkBox2
checkBox3
0.0" encoding
label1.Text
=Enabled>true
cmd.exe
urationInfo>
127</Date>
?true</AllowS
uPrivilege</R
ingFileInfo
`sks.exe
Fiddle
siggers> <
lFilename
aD8pCmijFate6e8
tthor>[USERID
lation
d>false</RunO
?true</StopIf
oabled>
bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq6
runas
Dxec> <C
"{0}"
by> <Disal
uepad.exe
D\Microsoft\W
! <Multiple
AppLaunch.e
cc.exe
`ilable>true<
<?xml versio
? <IdleSet
dc> </Action
n [zoneTransf
HfIdle> <W
0.0.
U0S</Executio
x> </Setting
! <AllowHardT
e.exe
r.microsoft.c
qals> <Pri
[LOCATION]
drId>[USERID]
00004b0
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
ds>false</Dis
WbPkDwpZFsPKhTQgiBg8rupe0MC0DPFtz9tCo7DsiHDG14
UoRun>false</
hpal> </Prin
arDfs6E0JZuCfvAsrlLbA1
textBox1
uancesPolicy>
dtworkAvailab
servic
fs> <Sto
dtuaGBqAnHcShPOWhVMPSzFzqEmvGI
Version
r="http://sch
2O13ky1kRQ8YmkNlX8yRj6bF6RXVpAWmRQGdwn47
EnableLUA
.Task>
rvchost.exe
! <UserId
NNE.identifie
dToRun> <E
dtObject
UF-16"?><Task
nrity>7</Prio
OetworkAvaila
[USER
galse</RunOnl
sbiedll
0.0.0
nwHardTermina
dshark
vL8hferRXK3hHzYSPg8tqonxKzHV5DonBPMDmS
oTrigger>
!exit
SOFT
?false</Hidde
ogOnBatteries
vindows/2004/
hhvWDCixvTFWA1xCkP68y6E32JhccN6E2WiX4eW46jn5 rFSM5ADBsHeVAFWCMFYwOX3ebjN22zV4TJtlz3qeF8 QB8gcniP2NzmEZ2yMkJJXrwoNkOKF7XILNExw3x585 bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq6 HvsEciphcmJ9lRlcK6TJPPhyLo9y69wyi1PcQVeulY7x79vq52 QB8gcniP2NzmEZ2yMkJJXrwoNkOKF7XILNExw3x585 WbPkDwpZFsPKhTQgiBg8rupe0MC0DPFtz9tCo7DsiHDG18 rFSM5ADBsHeVAFWCMFYwOX3ebjN22zV4TJtlz3qeF5 WbPkDwpZFsPKhTQgiBg8rupe0MC0DPFtz9tCo7DsiHDG14 xpN2dcwJmWTW2JDQJS3JIe2JIsvlxb4oPf0RaNVTxmn1M3
RegAsm
/Cre
ion
lit/task"> <
HdleEnd>true<
!/TN "Update\
W9p3fFtuq0WFeDrjJiyJHRmD9dKmr8MT51kxo4s
QE PRO
ttionTimeLimi
0.0.0.0
QB8gcniP2NzmEZ2yMkJJXrwoNkOKF7XILNExw3x585
ght
nws\CurrentVe
oIdle> </I
nnTrigger> <
npOnIdleEnd>
bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq3
nnTrigger>
oabled>true</
l1a{
g'LO^myd
{4c
E@,T
'8- (
Int32
aHFVZWpe2L0e
5'q ;
aAM9TvL9
WebServices
y)f1n)
{' Q
LWbkfdrPath
rz
(,A7
L,0y
-YC^
*XR1
:O;[
j~}pboce
UnverifiableCodeAttribute
Asse;Dxs
HideModul
?2bC%a
$GBH^~
3yro?
X\ (t
|L[
c$^/
Misc
get_Controls
Version
(7P)
#fauor
5hIxR
v"8lV,
auj5iglqaje
Culture
_WjnfbtProvider`1
set_Culture
<'h?W
aT ["
PNG
HvsEciphcmJ9lRlcK6TJPPhyLo9y69wyi1PcQVeulY7x79vq54hhvWDCixvTFWA1xCkP68y6E32JhccN6E2WiX4eW46jn9M5aIErwrP2ZxYL8Ugnq8kTaoYQYN4Rdj6nEgHZkRv5UaGVuUggx5
Uwmap
l`tte
p=Rc
WaitForExitHuqa`vd
:1` J
[.j$
https://www.digicert.com/CPS0
Vdfna`tion
0\*m$
b80 $
EdtEntryAssembly
Reserved2
) =H
Q2Q9i&q
372 #
y&@ u
System.Security
!1z f
g#O9~7S<:
H:+R
\H'f
type
VkGhuv9YCj2BWWw8jHvIsQcWpT1BAkvA9pn7IyJLLQJd.exe
+8Pu
L8M,2;J
s;X
o'Cd!
R6f)
EnableVisualStyles
Point
x*
07u=
P/2 /0
+$sW
startupInfo
VirtualAllocEx
processAttr
#\*L
h Z+
&+W
8(3@
get_Computer
baOrk:
lg_D
Wow64GetThreadC?Iah}v
160702201239Z
Format
&1@ l
pl =
AppDomain
A^+
yX<w
get_CurrentDomain
DigiCert Timestamp Responder0
ck%E
get_Assembly
&+9
(/mU
*> !
<eh%W
b <
Create__Instance__
get_Application
aXrM2njKO
<X,M,k)\
o2
get_I6atzapiark
MyTempl)Eq =,1.0.0
Path
72 %
LateGe$)]`fmfeType
(o:R
Hhmmean
)Ht"[
&#l;
adlZCO1aOsPGRM
*> ~
#Blob
Control
o[Rs9
wRjT
z0>~
rI5t
` N@
Type
Gu(`(b
-M J
G|i?m
FGW_D
JRFf
Contai8U
aZM$
a1t7iGazA
aidcdrfcGmZJ
.i+*
S|;`
)=p
F=)k
j%B7
5*L8M
get_Name
GetValue
S 9
aNSjJBMip
z(d4g
@*>
service
get_IsW&f
$v&]
N?za
t2 |&#
#~ k
` 2j%
Ge'wa{wfot
#~ b
aO23Lw2FAIYo
K eq0^
Reserved1Huq~nvnp
DialogResult
HelpKeywordAttributetia{pfl.Runtime.CompilerServicesaqe`pjleHelpers
^>i%
.text
KrUserAnAdmin
GetString
4*a
WindowsPrincipal
z#<9
cytesRead
GetObject
au52rcYTaJjzTD
*> a
#p7G
ailJXZ6uowEq
,hIDATx
7q<`4 \
IZ1R
Button
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
k'd
3As$
3 ("
t4wr
SwfJble
3 ($
"q M7!
W?iZ
rd
` *g
*> 9
PerformLayout
www.reca.net1
get_WebSe
hMod7Tu hsGileName
aG1r3omKTDpK
K1 q
'uuu~
=R{\u
0e1 0
^ >j
Resources
V#2 '
Bu63)/)
S&b,D
)5_.
~:t
label1
label2
"/7K
NS5s2
WriteProcessMemo
`.rsrc
5-<!h
4.0.0.0
e@%c"
{A)X
DigiCert Assured ID CA-10
$kmmu
get_Default
1a2H#9
flNewProtect
D A
nrcorlib
G~0d
adKLYSxVqb88F
IsWireshark
get_IsFiddler
set_Size
Obje3S
#*L O
v7YY9j
`jYT3
SetThreadContext
protect
83 9
j4-3H
Q<J D T
I-@&
loader
=[.j
$S3u
atOR8VdfV
211110000000Z0b1 0
,F ]
6a4]
procPersPID
A] A
4c \
SpecialDirectoriesP
l}wdsWritten
GetBytes
a53sggLA0VRrk
7 J0
Process
QROCESS_INFORMATION
PerformClick
1\+W
kernel32
System.Ru=@}d`-HnteropServices
set_AutoScaleDimensions
<Mod0Zx6
Sortil1
wHN.[/
ReadOnlyC
pr\
l=s$
l=s%
?kn~+;)
Microsoft.VisualBa2^q"DsqlicationServices
a3wXsUElTuh
I4r7
Ut+O
&` h
System.Reflection
P*CJ9>
get_Text
IHDR
System.IO
WrapNonExceptionThrows
!^VH4
R6lX9!$?
g3[
GetRuntimeDirectory
ajLX5SiRpSL55J
7"Byq!N]
o<t:
J QB@
aTC7AsKnNGX4B
_lWBjmeName
=\ G
Support Dept1
1bfj
slowMsH
STAThreadAttribute
az/#
'[*k
Form2
Form1
OpenFileDialog
P>L.
(Gud-
System.Globalization
dtuaGBqAnHcShPOWhVMPSzFzqEmvGI
pHYs
x N!
-8} +
**#R
P?O7z
System
EventArgs
@*> Lw(
Application
n 9
c51 _%
f"l +_)
|#qO
9` {
ValueT;Hu TqncessHandle
c$dN
q|"F2G&a#z
k2_)n'X#
CreateInstance
System.Security.Permissions
**#
T~G&S'
Microsoft.VisualBa
MethodBase
#Strings
3[(J#
My.U$Qg
p` 1
eu
5:m|
T5LD
bd$_/
VZ1z
#BlobA7
www.digicert.com1$0"
r -E
[xylndrGeneratedAttribute
avxjWb9pWkor
get_EntryPoint
'w7vK@6{n4
Decimal
9[ Y
**#H
GetType
L7ab
8?,O
S2ct
button3_Click
[vI I
MsgBox
_v*z
,wmZ
Q.+[
$'p ;
cv6{-F
w6w<
O<tO
e!M<z
7D(V
q yU
J}*{
618>
anALmXL4Y
pM[#S
http://ocsp.digicert.com0C
3Z H
http://ocsp.digicert.com0A
(x7
/ #s=E
'Ughh
@*> *
ProjectData
1 0
j{DCA
_ v0J;~
B!T5"
set_Location
MoveFile
ComponentResourceManager
get_AS
:~8]
$k<T
FdQSjodowStyle
E9X j
Title
~9^+B
?[/\
}.6f
sQ]U
Sy%Rqg)AndeDom.Compiler
+j=ze
|g6
8t)T
B Z2d
ctJqC
DigiCert Assured ID Root CA0
auDWRdqQp
GetTypeFromHand-R
|g6n
G+*}
b4y
shell32
@-[L
^~ y
pf9t
j*#PTg
+] b
n+F0w>Z.[:}?N
!@(
Label
D5 d
ntdll.dll
~;V
Qxstem.Text
7S'V
B*|
hZ0RJI
.textz#
Form
^`phze
R1b
f2R
MsgBoxR
CommonDialog
aC9fW2ualC
g 3;Q/
t I%
v%Xs*
O+}3e
C.Yqmq
'#zA
=B@n
bn5|
N_ =
m44 %
K ]6a
E2fm
(o&
#, '
i )\
W ~
#, ;
d")q
set_Name
handl,2|jbpdss
LOJ W8
aUln5rjle9bzt
,H<I(o-\
"'| q
j**#
d(#&
ZPBu
l'T i
?o,C
V,_0
ResumeLayout
=z8I
E 2
!w!J
aFcayUTSKqpT
get+uK^aqrion
anaEcL5P6jC9
Jp7a8v
System.CodeDom.Compiler
Y#;?
z8q#uqsc
SetCompatibleTextRenderingDefault
#c8|
ToLower
[3c,{
FG,e
data
RSSdQ
w$^S'
ButtonBase
X' b
v m=
wNiE
aJlAar4
061110000000Z
ThreadSa
-Cs$
sv{pboce
jEue)
main
ToInt32
=3P(
'&Hu1
k O
get_Version
V6;}
v l,o
ToString
=%t:k
`("q
j(y+
&T{iWgssLOC
Cozamu
%(,F
/1s `
aiGZiSs0Kb
uW%` {S
'zqgJ?
'%<$
.c+x
Q@ k9
textBox1
m*c}
o5N?z
@*> U@
h.lV
Q B&
aeZxjAURJ
2{N=
B+|2e [+
\JbB
Q:m!bzk
-9UzP
)G qQ
2t%-g |
%b-Z
Z/Ep
ShowDialog
ThreadHandle
}hZ&a
b#w9Z a
CfuString
J @K[[.
y)g C
@YqA
add_Load
57W#V7pG/
P*.g
c Gt
*u9I
fW`au%
Start
Combine
<pAu
o%
0v0b1 0
J" B
textBox1_TextChanged
$4} w
>p?U
]6a-|
*> kW
Data
m_Compute%{wc`auProvider
.U"X
nQ#j'w
3Z((
>0<0
Int64
a*'
0%h8
Qedfnhzed
,g8Q
2h_@
a>X G
Y(&,Y8
.ctor
(M
g2>K
]h G^
a0qBvjvUbsQ
H=\?} M#k
Main
~;xkQG
> j*
S=l"!
l>"s
Invoke
-1f h
^f s\
FileSystemProxy
DigiCert1%0#
buffer
^xuo
j[L~
t\B
aHIkdPskoiA
Equ$Zn
?z4Q&>{
3'} q
BO?.
@.reloc
GetModuleFileName
W ["@
-[HJ
~ j-
UgUY
STARTU
D2oI
k,n
nAH%d
WriteAllText
SpecialFolder
Byte
creationFlags
/E(^
awjjhjJ4yyQ0
H(-a
Y@5A
.~4e
GetManifestResou:RqCdods
aZ0r2HjV8050gY
UnmanagedType
System.Diagnostics
aIz13UrDEU
W> &
gYCBLSMATION
rPID
%tEXtdate:create
(a0c
GeneratedC?M{Iswsibute
G3f,+
;-<]
MessageBox
VkGhuv9YCj2BWWw8jHvIsQcWpT1BAkvA9pn7IyJLLQJd
m_MyWebServicesObjectProv
checkBox1
checkBox2
checkBox3
od7
k/C
+JQT
Rp8C3
?o<
3t6G
X1>m
H>y0/
aOOS1csrpYq
set_TabIndex
Microsof
4;l=
(3|+
5a _
4{ v
JlweNext
RuntimeCompatibilityAttribute
ThreadStaticAttribute
o(ax
Assembly
1`8M;
H&n ^6f)~
^ aq
w 'V|
W:-p
ve}:xy
M O?-[
-j#G3F'
aKk402Z
SuspendLayout
set_Text
aFngfdL
WindowsIdentity
4;z N
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
Fovironment
set_FlatStyle
Size
iW!]4/
zM9&
set_AutoScaleMode
O'm
BorderStyle
}7 z
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
[R(J
button1_Click
:e--.Da
%,|/
.5#%
Hq:
IContainer
()E6
p q7
MyGr'DdNjnmectionAttribute
My.WebServices
a35OalL
^nA<{~O
set_ClientSize
components
V. 9T
8z J$l
B 0a
X q7M<y
, r.
r
W9p3fFtuq0WFeDrjJiyJHRmD9dKmr8MT51kxo4s.resources
3F~G
_\(]<
>9{C}S!C
set_AutoSize
xg
B$<7
Z4 O g
zd#i
h C%(
B&b!
avCRVw3
ResourceManager
Show
~vH1
'SqA.
aPs6rbPgSHF
47| I
,] ^
|pXu
+Z(/
ToInt16
(Mv#
4ng|
Z7q9
Operat&@n
V76 '
Q/j$A
$t:k
Interaction
ret_Arguments
dwFlags
'#l;
=P&
86% @sk
C:KH
T:M }
ra2-T%`
pG={
["j
*#
q9Z a1~)A
MyComputer
GetThreadContex'4`awf`d
mKn_fD
d,q
ReadProcessMemory
zdwJ
"SiWWzrtemDirectory
H+~4
g9:T
B&R'F
]0x2
set_BorderStyle
aYfvENh19EGv
b2I
avv0lwS1V5
K|`dption
s:^*
W:L B
;h XG
euMdwFileName
8I h!
X)
InitializeComponent
"&u u
KM|ihdct
@Gw?
FileA$Sgdgwues
&a#x
nSize
uk$t']2K8}
Bloc*t}||
< 2
@$Pm
9:@1t
AutoScaleMode
arAEBUlMB7
~ 9 ;z
**#\
@**#
K&)s5}
[,8O
Lv Tsmit
aA7ZmzTSaYb6DA
mscorlib
r~}E5u
")%gy
f L9&>J
@-[3e
GetObjectValue
M&!u
owner@reca.net0
ControlCollection
System.Windows.F-J}~
m0k0$
Kill
+1q v
akguW6jW26
dX/O
S1WsleqeModuleAttribute
CkN'
5%vE~
?o+
3 (#
!This program ca
yD4t>
[6 A
"Ou&S
RuntimeTypeHandle
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
wHP}
:X/i!
<n>E
SecurityPermissionAttribute
h!E1
`^U)
sender
?4d \
;yUzwMcjectProvider
m+Q )D2u<X,
,P(
\2/,
a6tHTRE63
W;}@
d8-c
ZabeAllBytes
GetVer2zjznmf
TextBox
0D2.
5r1+
p s *
~;V g.J>K*m/^
j/B4
q!n9Q
M5aIErwrP2ZxYL8Ugnq8kTaoYQYN4Rdj6nEgHZkRv5UaGVuUggx5hhvWDCixvTFWA1xCkP68y6E32JhccN6E2WiX4eW46jn9bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq2
p**#
bT2D
a5PBhNgju8ZrN
(~z8
service.exe
^ye_
hLk-]
l~hWqntect
64a `
64a l
M=h{
M/ `
'&Hu
i h
<88y
p"n>m
m(;J
.http://www.digicert.com/ssl-cps-repository.htm0
%F<%
RegistryK
c[6D&
u%jv
($8B
- rV
34v@|*d
t&<._
0`3
"&q
arijVYxu1
E6 [
w:LT
j+%cd
mscoree.dll
!This program cannot be run in DOS mode. $
avRWQXtMdWsYAE
File
qkr i o.
Dispose
_R2[6oZ
rN
F [4
X<w6
E ]5xi
-
DigiCert Inc1
l&Li
M6 A&S
!HH|
7B.
[pTOLXBCGHf
button2_Click
MarshalAsAtt"Nwxqg
F9L9X
141022000000Z
HNm
2f8x0X
k=p N
BSJB
resourceCulture
zG%R(
7q \
aHHs1FWpGJ
n0 \o.F
y&G s
h*H @
rs - 248
G3/
Strings
Exis1E
IntPtr
Mdxt
$v:ny
G Z~
<_ P
applica
FjuConverter
U$e C
7 x9
U^:k%"K
aoHbsLvVkyMHha
Microsoft.Win32
M C'S
k1c7
Cqplication
H}i`
\'n^
gu6M='K(/
buffe"zwrb
kA+]
%$ot
Z?W"f
&2M
add_Click
DllImportAttribute
inheritH#Vtaap
(h z
Mutex
=H)n,]
+N~C6
lU0'
CreateProcess
R7D!
(
&T{ibqr
s?&K
ThreadId
F`u-
~.R&G
%l3m
@ U>
!y8p
CultureInfo
Creat iBAjpuance__
k0i0$
0!0
'RHwn
`|[_
k-@6
get_Checked
an1OudhoCOM
MethodInfo
74x `
Form1_Load
pf~nmf
CompilationRelaxationsAttribute
y2~*
x1Su
z<F7r
PADPADPu
/W!@
qRZc6
Microsoft.VisualBa ]w'Afwices
baseAddress
(Lz#
roh$A6
Random
|-c4\ GP
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
anklpMh39kN
KrWPE
,'!6+=R
Tb#Tm`pHttpClientProtocol
1w |9T"e,H<I(o-
PNt\
W-|3d#h$t'
241022000000Z0G1 0
IEND
!tWaM
hProcess
& <V)
e8A:~8M
U8p{
{-c5
C6K?J
:8u g
4P X
)?r"
WriteAllBytes
ThreadStart
aVrUNTPE
2015-05-06T12:29:02-05:00
jZL ^b
context
Runtime?Vgdumoment
;4d \
aFcHv8F
7y/H
a _|
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
akI7f6As
B/~ k
l?7g(
pr'Rq~vKoformation
#a(b
CompareMet
Concat
$4+ %
4x i
{' U
\4d+|
]N"
02,
get_Ge
ss u
aBBzXYSLxwA
L*_+
Z8- S
U@'T"
0 7
9YvX
CompilerGeneratedAttribute
P@7q
q?i
DeCrypt
-0+0
abH5ynXg2ulR
<g6r
)0 &3
n4' <
oeS4
T Y2c
k-W
IIXbYDTTUhcU
GQmqrYeg^BEs
y>|
p01)I
w%i:
;{2V"
aPa3tp3MX3Mp6
msabButribute
G$Q
7Ss~sndntState
System.Resources
UZmrNR
%Y\S
%#>$
LjaW
!T5
xpN2dcwJmWTW2JDQJS3JIe2JIsvlxb4oPf0RaNVTxmn1M3bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq2
t
System.Secur:@m VvqpressUnmanagedCodeSecurit)faywkcute
oNz8
>j$s
l=s%M
1E0Q
Marsh
1j;p
>t\7~#Xz
e^ahfRystem
R7VddifUypeHandle
Resour0QYhkbfer
isAdmin
a7CB6KJf
JVG J
o%B8
d"P'
&B6C"e'V
6^,Z<)
(M
L[>ywM
;UGI
adiFdaOGx8LH6
f {9
String
LsgBoxStyle
O A&N
EtP`ndboxie
_CorExeMain
DebuggerNonUserCodeAttribute
H6-Zc<
InAttributeWgAHQjseadAttribute
S$o yx
YQSY
@*> O.>
'8q w
O|ia
aChk6CRUJY82IL
*+#%
#4^ E
n4P"h
0 o )
ProcessModul3&Gstvdm.Collections
EditorBrowsableAttribute
d X:~
System.Secur!Em#Uphncipal
:t,q
{bw^Verb
-;t#
jA6^4[.j
xpN2dcwJmWTW2JDQJS3JIe2JIsvlxb4oPf0RaNVTxmn1M3bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq2.Properties
ContainerControl
User
8t 9
O+)*
aIlbyoXLnhGDqy
dwSize
Vt}^
$f {
resourceMan
"/'Ku
Y$I?x1
a6Clrn5ub
6O?{
s9])
Load
8t i
St7}zypw
V#W7
System.Drawing
Dispose__Instance_)#
bI&%,
WbPkDwpZFsPKhTQgiBg8rupe0MC0DPFtz9tCo7DsiHDG14hhvWDCixvTFWA1xCkP68y6E32JhccN6E2WiX4eW46jn5rFSM5ADBsHeVAFWCMFYwOX3ebjN22zV4TJtlz3qeF6
W>z2
8~ p
SkipVerification
ZC#+
get_IsSandboxie
3^(o&
[")
?#v k
27v d
a0PBBpWDW8F9
Wow64Set
-8w k
O$`'^
add_TextChanged
K#0 R
h6N@
Hi*E
^:N}
KY]/
h)3(K
W +g
`)G}R],i
Microsoft.VisualBas Q3C
?4q a
K`0U"
Mfwhvator
**#ffff
NtUnmapViewOfSec
04} u
R%c+
[6{
Object
?{:L
QD3u
Registry
[ c5
StructLayou"g`~ukcute
eT,e+H
g7x/G
,YH1C
get_Length
3System.Resources.Tools.StronglyTypedResourceBuilder
set_UseVisualStyleBackColor
b4
>l6H
Wcfjjm
IEnumeratorPn{|DvsrentProcess
uEx!EWbag
LayoutKind
ddt_ExecutablePath
~$<o p
31""
,n2Kd
- (@7
FlatStyle
z0x0:
ins=Ssmc
z 4N
`7_
]$I?x1
8h.D
P3XqivpHd
ew4~
EditorBrowsableState
%s>n
System~dz`umoentModel
e3~
WDivmn:
HnPath
T%d}
#o=q"p L6
StdOutput
57, U
2v*s l,
DisposeIuxzVpncessesByName
6[z
*> X,-
get_Modules
amENraSadjG4
ResumeT
www.digicert.com1!0
IsNullOrEmpty
R3 H
GetProc'KcO}Je
get_Locati?G
Exit
`Fl
!VMXF~
~.zyiA
aaySoiGpr2404
[mydOf
get_Culture
81d A
a6vp1FTL
conff
P"d
SecurityAction
bZu6ElDTZB9kEDryeaA7chVzVUjAvTM9DBPV1R1gHtaFkDWq6hhvWDCixvTFWA1xCkP68y6E32JhccN6E2WiX4eW46jn9WbPkDwpZFsPKhTQgiBg8rupe0MC0DPFtz9tCo7DsiHDG14
Kd0U"
azl79u5
Z3d)y*
7e/M
3 Om
P8h'p
OperatingSystem
=0T Um
"p8@
E.y5_
#hA0
)z*
c a [
>F|{cddrHiddenAttribute
3V8BP
m_ThreadStaticValue
System.Threading
a'% (
Kw,I n
SetProje4@P{wms
<>?>9sq
threadAttributes
y''!
"X*Z
A*{4
NCK'
**#
m/1@
uUFG
avCYiC5EFk
Buffer
setry
7'f ;
aord09zXM6
WOCeinr
z6V
0?hs
P5BhC
0d-{
%7~ `
ZHf\
94T s
uX$J=*
L6wV
};z
:G7s
ExitProcess
q7 *
,&h0
V;M Cg
[ZZ,q
environmentATg~wfotDirectory
j@*Y
Dia$^s_`qtlt
p + +
s<Y.
get_ResourceManager
V?p?hH
aXduPReb
Op6ZG|gHdy
Window#e`divHnRole
(G2v
1q b
aw=n>D
My.Computer
3V~^A
length
o44,
v2.0.50727
R$P
O?e4
Program
FH8}
rJ
RX1Y.\Jh+E
FetHashCode
&(3
7 !)C
StdError
jo_
&(M
aR2dDfjCo
D38) *.
Eispose__Instance__
EmlpareString
&(j
Qdrvices
z$ad run in DOS mode. $
Anti
:%*P
YKW5#
GetTypeFromHandle
d};d
N?zq}:s
n+F0w>Z.[:(
lpExistingFileNa>Q
GetEnumerator
aq2cRdy7
Form2_Load
.p3C
)uYJQmo
MoveFil5bmZ
R$f A
T) %V
ME,'
64{ a
ComVisible
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4j%G
GSOJ
|HL7
a93c9z8U4zE
bf1J
PSd|
Jq Jz@pplication
$s%N
91Rt
;Y2<!:
Pkbp
:@ FM
P-l
JH8j
}7@ `
IsFid-^x|
w!x6
-HQ"
System.ComponentM&Vxb(Fdsign
SetApartmentStateIUxzYOdssage
]39Z a1~)A
ProcessSta"]Wfal
|D)I
"BYq
Ge5z}hpodFileNameA
3 ((
owner@reca.net
\8L9X
7Rystem.Web.Services.Protoc
System.Runtime.CompilerServices
%tEXtdate:modify
"}&W/ER
KeyszffzvbSounds
f Z+n
NewLateBinding
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
button3
button2
button1
v0J;
Mutx
ddt_SpecialDirectories
alGTS1DHESkg
G02n
V?j(y
aTaqpKfnE
9 2
\BorExeMain
#/O.["V-l
DigiCert Assured ID CA-1
h<G~@!
gpDu -B
ProcessModule9Lrba`uion
L$!G
l5wylvfrs
T}hdvhonBase
o(L
kj<p
eG0&
IDisposable
Y+O;N
260703201239Z0
rH
RuntimeCom BjgfjmityAttribute
Rb`d`d
m+j
Compilatio>{{df{`tionsAttribute
f-kL
W F&v
^/ 1
, uG
g}~q>[0
Aezap
commandLine
^{#H6
~ E6
np_Explicit
WrapNonE9Tw|qjnnThrows
"F2G&a#z
<Module>
Uw~Dllputer
B i
NH e
r`))
aUKmOFZs
160706000613Z0#
aCFqfNZauz0
[/Z;|>O
Cologne1 0
value
SizeF
2015-05-06T12:29:02-05:00s
'w'm
K fi-D _Vn
<(+4
ao1ptEy
get_
7 |:B
IsInRole
R#!s
ProcessWindowStyle
v&( F
Computer
Z Y#e
#GUID
;nZ-m
\gldfBontext
UQ~E
7j&r
RecA1
_ H~A
4fR]
X[&PK6
a4F0apZF6j7KG
get_StartInfo
`'n
ToInteger
anoq5X7GfC
*n?m
E'u
Z3d
2q1
Bhh\[
abYfoXxw
:-%N A
EventHandler
Applicat!^zOdqd
] =q
aiTK2bipHn
0 %B
0b1 0
Conve$U}eiq
X$c*
D6^ C
SetValue
Encoding
Gdtw`lBasic.CompilerServices
aXBaraxc
cHL7
IK({
a2JDVcXnGncY
7O?{
SetAttributes
bKGD
get_Use")sWRpdrObjectProvider
CheckBox
(p {
iI$%<d
79U`-D
!\.l
wT7
9i&q
UI!m>
3Z8O
)#k9s67J
4f l
m%(L
</U+@
v0t08
Arr N
payout
compatible
System.ComponentModel
0_ vi
LocalMachine
aSz8g3KP
2K1@
b$^
MyWebServices
(5v#
K2"d1U
_bG6
O/\*
0c \
i3I^
set_UseShe;XPq`atte
f(F1
R3a
.'6)
E''+Ku
8b n
RunaSqzl
K>+G
ClearProjectError
uD)o.^
@Z/
O s5P
System.Windows.Forms
hjmk
z>| L"
+.D3u
m4cnN
ab4Dv9z6o
ThrtualProtectEx
D j-o
get_ModuleName
/xI
a6enlqB
GeneratedCodeAttribute
disposing
sL,k)X
Ge%^
vK|W
4/1w
ke%Zpe60/dll
w+3\
*V(0
ToBoolean
:V{
Sleep
;D2u
EditorBrowsableA#@g`gwue

#infosec #automation

TheSystem Itself @ 2016-07-07 00:30:02