t.exe

Is DLL Packer Anti Debug Anti VM Signed XOR Related 2060
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 133.39 KB (136592 bytes)
Compile time: 2016-08-23 18:32:37
MD5: ca3a32aa24d70e9d2e952c842cd0545f
SHA1: 7fd624a15c9baa00028afcf7954e52627ba2111d
SHA256: 937ad72cdb23e1066b2887eaee29bd81d1ac21ddb1d40ab19858df2478b79632
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2016-08-23 18:42:04
Last submission: 2016-08-23 18:42:04
Filename detected: - t.exe (1)
URL file hosting
hXXp://220.181.87.80/t.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x17504 98304 ed35f53bb83afe480ab421b9e57d2608 78d430fe905b2bc7d4f79ecec7477b93bed68b8c
.rsrc 0x1a000 0x5de6 24576 ce2da502681348e03fb2761045a05969 cba2637ae50b1fdd35e254bf80fd7ef23c4ab5d1
.reloc 0x20000 0xc 4096 174ddb28e097a5fd6c5ba264ed3ddf1b a604cbafd10724430fcc96cd139b0753775dc1ac
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x1f908 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x1fd70 118 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: 491479ef91c94ad7c77e6f1b1f146dfd
SHA1: c1324290104b22df442494b74ead998c2bcafd26
Block Size: 5520
Virtual Address: 131072
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
Qpbtfd.dll
IP Found
No IP detected
URL(s)
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
http://sch
http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
https://www.digicert.com/CPS0
http://www.digicert.com/ssl-cps-repository.htm0
http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
String too long
UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM8BKXkELGBIc3k4fpymXAifHPfRWgPEh4NxqRphhgQPUELK3vHOr2
LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx57GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta09
vafgdCyr5xNWslCRQG2TKDWpEtrzGAm2J32lqdatFMS73qEhHEGM2TLd8L7IckKKi75BpP0BC5jCD4D24B9Xf2iVfpLXdN5
l4zDdxFTg6XK8dVuOscTD1IzCxNn7CVSghdZK5RSSa8BQY6vafgdCyr5xNWslCRQG2TKDWpEtrzGAm2J32lqdatFMS73
UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM1l4zDdxFTg6XK8dVuOscTD1IzCxNn7CVSghdZK5RSSa8BQY7
vafgdCyr5xNWslCRQG2TKDWpEtrzGAm2J32lqdatFMS79UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM5LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx53
LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx55GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta09
GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta05LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx53
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s2UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM8
BKXkELGBIc3k4fpymXAifHPfRWgPEh4NxqRphhgQPUELK3vHOr6GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta05
LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx55UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM8
qEhHEGM2TLd8L7IckKKi75BpP0BC5jCD4D24B9Xf2iVfpLXdN5GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta05
qEhHEGM2TLd8L7IckKKi75BpP0BC5jCD4D24B9Xf2iVfpLXdN8Pqk050Gjbi9V0hUCUsYHQmXU7kJhaXdJNyvPPsF6
Pqk050Gjbi9V0hUCUsYHQmXU7kJhaXdJNyvPPsF8LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx52qEhHEGM2TLd8L7IckKKi75BpP0BC5jCD4D24B9Xf2iVfpLXdN7
vafgdCyr5xNWslCRQG2TKDWpEtrzGAm2J32lqdatFMS79UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM5LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx53.Properties
LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx57GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta05Pqk050Gjbi9V0hUCUsYHQmXU7kJhaXdJNyvPPsF8
GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta09FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s4
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s4GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta09BKXkELGBIc3k4fpymXAifHPfRWgPEh4NxqRphhgQPUELK3vHOr2
strationInfo
<RunOnly
<StartWhe
ERID]</UserI
Form4
l2dn1a6gAPTDrjdWa4U
istrationTri
owStartOnDem
OriginalFile
> <Enab
s> <Sto
1.0.0.0
<AllowHardT
/ P6pL
`rk
domainUpDown1
true</AllowS
usFhKLK1mxDoivOcGyU1EIsapz6uGMOH4sRJPmJwCqu
<Multiple
checkBox2
abled>true</
erId> </L
c> </Action
HKE
<UserId
ToRun> <E
,/KPip
vel> </Pr
label1
RER\Software\
nTrigger> <
nTrigger>
Form2
Form1
indows/2004/
tartIfOnBatt
checkBox1
trrentVersion
UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM8BKXkELGBIc3k4fpymXAifHPfRWgPEh4NxqRphhgQPUELK3vHOr2
Disabl
d3.1.exe
checkBox3
="Author">
eLimit> <
/LogonType>
" /X
pjYfbEnCejmELhlmwunBSGckmKexp
rsembly Versi
ProductV
button1
rrentVersion
D33nhQKMSlvzOpi2OAUtvUdhrU(
ggers> <Pri
comboBox1
checkedListBox1
rity>7</Prio
checkedListBox2
oRun>false</
Fiddler
ser
AppData
nd>[LOCATION
thor>[USERID
XGnW3Q2jMgUDMUeujdwSQM
are\Policies
27</Date>
vbc.exe
cmd.e
rId>[USERID]
<LogonTy
button2
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s8
:ZONE.ide
svchost.e
Task>
SOFTWARE\
listBox1
acpSettings
jqKOwQteYr5uQTmAjYj5b2SxQ
ilable>true<
ommand> <
c echo [zone
fIdle> <W
micies\System
0S</Executio
schtas
ies> <Sto
notepad.exe
<RestartOnI
`lCopyright
uthor> </Re
linkLabel1
abled>
wStartIfOnBa
service3.1.
l.exe
> </Setting
44Y5GF85HFG5
rationInfo>
false</Hidde
"{0}"
ancesPolicy>
pal> </Prin
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s4
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s5
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s6
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s7
wir
Update\
ystem
<RunOnlyIf
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s9
Option vafgdCyr5xNWslCRQG2TKDWpEtrzGAm2J32lqdatFMS73 is not available on x64 Architectures.
LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx57GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta09
.microsoft.c
<?xml versio
osoft\Window
drnalName
/Create /
<Actions Con
1qTOfbOJFVuztNhuFsjJmj
OnDemand>
ocXMiFbN0S9dbqqgXOu1mAUm8kVBWMX09zz
gOnBatteries
FFxWMaoNuKiHpO9pFHvv143Ueu
rIPn64E60F6Wy0zYnUUfiqycyBIo
contextMenuStrip1
`rFileInfo
rtWhenAvaila
ier & exit
alse</RunOnl
Existing</Mu
nate>false</
icies\System
als> <Pri
tworkAvailab
Privilege</R
</Registr
Idle> </I
/-P?pR
led> <Hid
it/task"> <
rosoft\Windo
y> <Disal
.0" encoding
oingOnBatter
progressBar1
F-16"?><Task
dleEnd>true<
false</Enabl
tionTimeLimi
HKEY_CURREN
hleDescriptio
false</Resta
nteractiveTo
AppLaun
Form3
75vOl4mz6LGSAvDwSijQYydsX5aVBGEt6
dxe
bleLUA
sbiedll
s>false</Dis
[USERID]
hon
true</StopIf
ettings>
Trigger>
QRO
sfer]ZoneID
sion="1.2" x
rableTaskMgr
iggers> <
FileVers
<Date>2014-
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
etworkAvaila
="http://sch
xec> <C
sosoft\Window
<RunLevel>L
sanslation
.resou
>false</RunO
RRENT_USER\S
TION]
oM3hESccVHq5aOrasIUT2tC8tUTVIlEeiDv3H38J0G
000004b0
leInstancesP
pOnIdleEnd>
0.0.0.0
VS_VERSION_I
StringFileIn
Enabled>true
Ll9WS3WDVAv0wvvqSxvDDjSX
al id="Autho
5T14:27:44.8
<IdleSet
wHardTermina
ls> <Settin
dataGridView1
<n9`
$S&H
_8U#h
^kOY4
,w!1
PNG
'X2]
y;_6C
u832>1x
*6\,Z
9 ~
N'_/
bN'Q%
<?xml version="1.0"yVvkifhng="UTF-8" standalone="ye6
aa`_`
5 qOYv
UnverifiableCodeAttribute
p7Xdiew
CU,s=
ii7c~k9
SI `
A"K'm
"` n
jQmT
[J>_
"q6U
get_Controls
5E/v
;P o
progressBar1
@qmbpr
z-k
F6em`sosoft-com:asm.v1" manifes1p
q8#N
b)L4D
>&Fu
DLR"
path
c +H
Q8T9
5;UA'h
SBYsh(Nc
p\F/@g
n+]K
SSc@x
cI~!
vh1a&E.
ProcessStartInfo
xim \g
xa?"
System.Security
Sposvd
&*z
N9cj({<
7
kx0$
_iw&tdrsion="1.0.0.0" name="MyA
$ E
type
+I b!
wp4$
g|2;
&H n
:PTOK?R
LubcpRervices
_NN8.t
DigiCert Assured ID Root CA0
EnableVisualStyles
#:M
3T 6"}y4
mY(kJ
A*G
g a*O7G7]
j&&U?f
&+E
!P3w
ListControl
q"e>
(vc9
Format
G +;/
^):!S+
/bfa/
e!^
AppDomain
1KWY0
6G(I
get_CurrentDomain
DigiCert Timestamp Responder0
checkBox1_CheckedChanged
]# P
&+!
V.),
OpenSubKey
Cm2b&
m@?n a
gr c1$_
ISsX
e+q d
I+n}z
!gfT
Path
set_Text
(o:R
vjI o
_Fqm
Nn N
!\W}@
#Blob
Control
GetTypeFromHandl.2Soupial
a'2xq
Program
DomainUpDown
">_U
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
ControlCollection
Songkhla1
%z L
q;sk
Buff E
z530
CB2.
>f!B
Type
C,@-
+
v;T9T]
;#4x
2]1u
Mis0#Jhugsved2
nt3R#&
\Pbbl
aZM$
w3V5
[.Aw-
Sesize
nkwwdstedPrivileges xmlns="urnJFudco`s-microsoft-com:asm.v3"> l
'%!zhkg
bqwice
Sp TymjEnlder
I$a-
WdrH
}2[8
4r(Y*[1
get_Name
-6822GTU
Hat Yai1 0
V60Z
9q$
I*A,g
&,N~.
pl I
ADRO
VirtualProtectEx
J G/
Wr_l
L3]*_j
ColorDialog
h>>N
EVkjlsy
ISynchronizeInvoke
n"0{0
lO Z
bN$J>
Mg }
VX}tqdntProcess
B}nb
M:O
^[0]
K7^4 m
`bc/
DialogResult
l f?Y
CompareStringbE~|YPuartInfo
.text
4$ B
5m o
GetString
hEGs
y$`J
WindowsPrincipal
GetObject
l.M&K
[smuimeEnvironment

=^3_
}6Qz
TN _
J0['
s f%
;fLC
k C':
g[,A6
RW~uls
k&`$y
PerformLayout
Ru ArdcWxpeHandle
mainFile
&ww$
G']A~i`dssesByName
n Q5`
c'J l
Y@#W
0e1 0
0X4Y
RQfhWdxt
F6\I
G,^ m
1d `
W'W=
?&@[
-~9J!L
X/C.Y
*Z(
NdssageBox
label1
RuntimeTypeHandle
)+Q+
ToInteg
BYnR
WritePr-Jt
R[cbgr
T1Ab
dataGridView1
Dq"g
-vAo
"x?[0]
Conversions
v-C m
'~i@lPT
`.rsrc
X1^4
4.0.0.0
DigiCert Assured ID CA-10
S)>-
4JMWWJ?
get_Default
r,K"
kernel32.dll
6Z O
vafgdCyr5xNWslCRQG2TKDWpEtrzGAm2J32lqdatFMS73qEhHEGM2TLd8L7IckKKi75BpP0BC5jCD4D24B9Xf2iVfpLXdN5
b<[U
r SJ
>7(
6B8W
Sy?@~`)Wireading
|+B!-
4L<L
N9<e
ProcessHandle
Anti
k8&I9I
~4Q)
gvu
@ [
9 =!
OB l
,:RB
CompilationRelaxationsAt
D~`s
b{N#a
colorDialog2
colorDialog1
v0t08
211110000000Z0b1 0
-yIXcJXNQ
d!O i
_;Q-
QWO
S,yHewf`dAttribute
GetBytes
rw[
Process
ResourceMan
Culture
ReadAllBytes
;e(N%
>,d
x,j
'F.B #
</assembly>
.9VUEmx
m\=Q
11-
set_AutoScaleDimensions
#/0w
<Jo?
Bjme
get_Assembly
y;s'
N e&
A1i
fet_Size
\ e
!K;JTm
zJt-
IHDR
]9T5
WrapNonExceptionThrows
;P=*
4r d
E-H%I
`s`rf
3\1]$
n!1
&, (
~ph`87F
op_Explicit
&# -
PRR-
M8b]Yl
sl BV{L
STAThreadAttribute
GH X
Form3
Form2
Form1
Form4
4E(_*D
DigiCert1%0#
System.Globalization
Than1
^rptctLayoutAttribute
*Rr&
isSandboxie
))\G
u9Q=P'R<~M g [
System
EventArgs
Application
t7R8U
S?RI<R
4j.N
?l#@+G
Z6["T
N. C
ot7
System.Security.Permissions
P%K
3J%h;|
n.L
MethodBase
#Strings
Lr@b
uusrL?-5T
(M;O
GetProcessByI %]jevfgerNonUserCodeAttribute
GpyoloBase
!LQ
"2UJ
>M'~
QU;M9
N0Z~
9aa?
Il$M"
Environment
zA0t
_c\
! F.
www.digicert.com1$0"
^7[p
8S;;

get_EntryPoint
G0 ^
sSwx
BeginInit
}ISu
iVBON
^,-;
l4zDdxFTg6XK8dVuOscTD1IzCxNn7CVSghdZK5RSSa8BQY6vafgdCyr5xNWslCRQG2TKDWpEtrzGAm2J32lqdatFMS73
bytesRead
MocalMachine
\H'f
*4D.
21/ /
System.Diagnostics
IEnumerator
$,6
2W=P
&M;O}
3B-o y
OE8x
2&R?S
V7]1*g
TsfyJ
@5[A
YYQz
=z7`
260821113108Z0
s2b:
c5[
&^jo
JOn:
6U>S/M3C3
|@.<
K%c/#
http://ocsp.digicert.com0C
F%TR
http://ocsp.digicert.com0A
&+i
4L<L&
1-$#! <requestedExecutionLeve
1 0
set_Location
P3Nx
{t?v-<EW
aH7KM
Wow64G&FNevg`dContext
CreateProces
G|v#
9>@9
Title
SuppressUnmana SyMifdSecurityAttribute
Y=X&
Desktop
zH^b!
A#I%
set_WindowStyle
L(I{
+8
"N _
YYR(
^^V>tum
aQ]C
?334?1
service3._1
BitConverter
]<E6
U0H8H"
p1&=E5
u> r
Label
edW<7'Mo
Form
e IS
ReadOnlyCol
Microsoft.VisualBasic.Co
RH)C
q#Z
address
uNdmory
o+I#
!Q!K
IM>B
isWPE
Ym5W=
,{ f?Y
]GgB
vS?D
=M>?
set_Verb
*O'K
UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM1l4zDdxFTg6XK8dVuOscTD1IzCxNn7CVSghdZK5RSSa8BQY7
MsgBoxStyle
?S%Qpl
ProcessModuleCo/^
)a3Z
vafgdCyr5xNWslCRQG2TKDWpEtrzGAm2J32lqdatFMS79UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM5LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx53
_2yv
d$H$I
)% >??;
Q1t8Q(
set_Name
\4X5B7Y
pn1 e&u(M5
#h ~
}bnevue
<Modu?F& kqborlib
ListBox
DataGridViewColumnHeadersHeightSizeMode
$/Jk
=F!9
?[3k
h$L M
f/OEV
u`sP
6u#O
STARTUP_IN6zDAGVHON
]ogB
! Th>E*
Contains
ResumeLayout
2E(E2
/_5l
Windows GwbsJoRole
ValueType
System.CodeDom.Compiler
set_TabStop
SetCompatibleTextRenderingDefault
dL,h\
Proc&AiZmleowStyle
ToLower
QLvbJ
"cghy
8h u
;A G
-$B 3
data
RunP <L\IADSS_INFORMATION
F6\2F
lD C,A,
ButtonBase
[[T)
l/JY
7^4r?
061110000000Z
'A#<$=X
+5QKBep
@&V<
6hM1BU23i4MOiNIlsfwkIYicWo1GNBTJUZ7qu4nGAjdtE8EQxtY74T3PwX
gN%U%
R2`%
~wButributes
R~.
.IW/
f-7
iA)b
$S?u
i(&
ToInt32
LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx55GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta09
m",.
_c (
]ihdwnry

O*eHt
-*'NQTU
(Qj6
"%F.
.rsrc
Split
V5^l
:VgsgOext
WS9i.
t9]8
button2
NI#2

oMe5
2X5y]
Ovmkvr
@Bs,
K&Q2
%,]s
'P2|'vY#
5l h
*7~
+I ! h
L!V#
:xm~
Kj-Z
add_Load
"9d%.K
MemberInfo
[8@s
= K;7
Start
Combine
flNewPr
set_FileName
0v0b1 0
Xv JbsshalAsAttribute
Wri1C[ajAxtes
B)E(_?J
Data
!#l}
uusm6f"
RegistryKey
SkipVerification
@nmpareMethod
GetFolderPath
$5p<
F,\*@
i WnF+f&"
>0<0
fet_ModuleName
,1124-(
7w d>0Q
f Q]
%R)S8
ToStr
pHYs
.ctor
!1I9I#z
n)mw
A&M!
Container
Qghk-Vindows.Forms
Main
Invoke
q c0w
!dK7OrXUpxBTbIcZy68jYzN3uTJnuz8OVS@
ML%^9
&Z*@
HjFjNX5
I$o r
6UwT)
5v;T
o$A9
]=<T
jL;Y
sj(A.C4A/
t\B
f$w0Dx
oof>
c e/n
@.reloc
G}=T
set_Ar
:gHs|q#
>f?u
X? J
Byte
creationFlags
~"J(
{ `+N
_~J*H@
[q U{rtem.Resources
&cGH
4N?Ps
t44x
SystemK|T
get_Cu
.vOlMW
linkLabel1_LinkClicked
XxG^I`Lp
%Jw&
GGDNlmj
jE#\-
GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta05LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx53
,q *
sep^{
%):i
_hfdp
<@wiio
lpAddress
MessageBox
avo j0
\ J/E
get_Location
:!UdN
6RU8
checkBox1
checkBox2
checkBox3
"W9{
,V?-K6
xA,O
C3D 8
A"I$o
set_TabIndex
d$H
Microsof
RKap+k*
:P i
A B+H
RuntimeCompatibilityAttribute
Assembly
5XS'
/2 =assembly xmlns="urn:schem
rervice3.1
h$4
5V:W
)/%H=
Td}c
Reg:Pl
w 'V|
i b
SuspendLayout
get_Mes
zY[X
c\-;
WindowsIdentity
pDe?
N+E
/. m
uMA5;T
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
Size
Rnxptvww
iW!]4/
Jc.L5F!
}[-^5
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
V68% (P!,
IeB
?:x+
%P>|
button1_Click
LinkLabelLinkClickedEventArgs
)6#
IContainer
EeFg=
I*Ad
yquvww
`QpP7
@(D*
h5kz
|4Q)
w}L
&^.
components
0\2z
C3C)p
9&H
T,}k
o Ue(
gL5
f?#^
\?T9r
0|@dBO
k,O@
2I:]
~3\1\
set_AutoSize
V*B.C4
TD4'M
RuntimeCompatibilityAttr
set_ContainerControl
5 g$A
ResourceManager
Show
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s2UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM8
E3s!g
\Rf e&
ContainerControl
4\/`
QFNT@HI
`u(r?X
IUQf
I'l'/#fW Ye
]D&E
ToInt16
Ek/};
EventLog
a f?Y
:i.[
>6N S
HFr:M]
mH%I
j0I.
{7d#
#l2j){
7-duJ
Pxstem.Diagnostics
LgF'
p)1or
*](
=lY]#,b
System.Ref
4#)b^m
B*F+\)G
]l;4
\F.0^
iR;D5
,z\I}_
Zd c
ImH,
441N[^_
'R(G
%I$S
F-A
-uqE4
{uimM@
Operators
S7^1)
start
7,1I
;L9W
BKXkELGBIc3k4fpymXAifHPfRWgPEh4NxqRphhgQPUELK3vHOr6GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta05
V/z0
IV4_2y
!$h9
mwsb
@ g
SoQB{dcutablePath
_9}T
MsG1^4
E g
(E)m
SetProjectError
E+h g O
W B(Q
iW!%
Get @i{cmu
)].E
t |<<
LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx55UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM8
InitializeComponent
(*Lb&
s\eFg=
#cggq
MTQ" I
bc t
x/}L
gAMA
g7
sCrx
AutoScaleMode
]T:
s!W#
W:y+l
2NZo
.cctor
R N:] e =
mscorlib
u!Jg
[n{stvww
qEhHEGM2TLd8L7IckKKi75BpP0BC5jCD4D24B9Xf2iVfpLXdN5GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta05
TP T
vx6O{
^):!
processInformation
t[Pg@a^oK
"i@.l?
%;CS
3A1A
m0k0$
2hc|
Kill
_D[
z a#
qEhHEGM2TLd8L7IckKKi75BpP0BC5jCD4D24B9Xf2iVfpLXdN8Pqk050Gjbi9V0hUCUsYHQmXU7kJhaXdJNyvPPsF6
B@:z
-j b
E/C k
#\Dxsgk
c'J
[@+G
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
System.Reflection
AQG&
WaitForExit
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Strin 1Hhto`ce
8] v
t7w7
SecurityPermissionAttribute
sender
GetMethods
Sp _
.Y,
e ~
{T
Debuggi
CRwB7
%,l(
FdbuggableAttribute
Z;L9W
Qnbkndnt
6@8H
Cgdgfr
Qdserved1
rs?[$
160823163237Z0#
!N$D{U
M g b
eN#Ye4
Z5%A
Delete
!SmrN`nifestResourceNames
1R\x
m;"
|N`Yk\
)6LQ,!
ncodle
@9~3\0
]b4e
k=\R
LinkLabelLinkClickedEventHandler
set_AutoScaleMode
C1,
p(T:
CQ~pqhbute
EndApp
2F-u
.http://www.digicert.com/ssl-cps-repository.htm0
*~(H
c[0i
^V'N
b+)$
ProcessModule
tTsRM\X
mscoree.dll
!This program cannot be run in DOS mode. $
RS4f
"0xPK
^~ymmo
rrrnaR[n
w, E8
U0Z7r
8+l'KB p
Dispose
%; -
m/|;X3^
ReadProce
5z k
y$7&
bq8eO\
:N<d
yGS4
LqfrPuate
{tYE
DataGridView
set_ClientSize
`*J"
dn<[:.X
uhpgm="asInvoker" uiAccess="fa
C2 W
V]Fv
Ssil;
v\fP/
procPersLOC
'hJ)6Z
comboBox1
mpflOldProtect
%G0K1
+f<K
ye*jGt
resourceCulture
Qpbtfd.dll
ComboBox
admin@than.th0
j,:Nhlc
e1Ev
GetEntryAssembl
i N c
GB/m
pr(R
j!06
Z=;5)"Sl
XD7H#(f
#(t,
kJ1fV
gr~v2
q5 b
B)Y
O%g26
1 y~
thread
=&%!
EkX"
Vn b
,}9}A_:
87R*
$ `%@O"a
( E&
141022000000Z
L)C/U
X/`
~w2\T
^|iWv`rt
j!D<L<V
LayoutK
2 Od
m&U<
~<o(
Cg%''
NtUnmap5\~~IeRection
&, (|!
U95R
U0Z
add_Click
y_#J
?p7T?R.B
uW(\
<3r_ND
Mutex
>$ |)
w(nC
^7 ~
b9\8V
(Z(G
160823113108Z
s?&K
ThreadId
p<Z
B,o
ExtraRounds
listBox1
[ 'Y
.cpOY
"O
e*C0 }
y,oN
'B!e
W,[6u
[eA(K
ISupportInitialize
X2_`
*[2l
Pqk050Gjbi9V0hUCUsYHQmXU7kJhaXdJNyvPPsF8LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx52qEhHEGM2TLd8L7IckKKi75BpP0BC5jCD4D24B9Xf2iVfpLXdN7
^[/
-)%>FFB
'S?{
MethodInfo
Form1_Load
CompilationRelaxationsAttribute
GetThr
3h<^_}
PAs)
%,Ls
TR$Z(Z
baseAddress
vafgdCyr5xNWslCRQG2TKDWpEtrzGAm2J32lqdatFMS79UeZL5PUcwqtwn1vUQ1iGC9uf2sqR31koS0R9tc3CcpHTYxVGYM5LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx53.Properties
4] H
TV7s
f%@*G
wwwwww
*<$P
H]zrphbutes
ContextMenuStrip
DllImpo
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
1J%
npknn
8_9[
S?S
*.~#
tu.m
WOUJc=
s }
com5Gnddod
:s:,
G%f5r
y!H+
241022000000Z0G1 0
IEND
>1/*
bR[i_@
{JCc
c"b4&
f H.
SetThreadContextmu|z07RetThreadContext
context
{!
xp o=
6~jLaZ@
4u:Sw
DA'F?P
D^5q>
[6 g
Mm{6
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
g,/
R9a
~=p[
) W5_
&s5Z
Concat
/B5@
NOU?
{2X!
e.K3D5`:
|TQ]u
-nQ[
m)f"
bytesWritten
G|cgbuion.app"/> <trustInfo +Ntcu?#urn:schemas-microsoft-comQWaa)u3"> <security> E
70SS
https://www.digicert.com/CPS0
CompilerGeneratedAttribute
j `9_=x
y *X
set_SynchronizingObject
contextMenuStrip1
(%m"
B}diQ
G |1
SizeOf
currentDirectory
C&^H
www.digicert.com1!0
I"O
System.Text
f V
K?}f
!oS;
System.Resources
.vOlM
set_FormattingEnabled
i^dL
q4h/L'J
t-Kb
2*9
p(&p5
m?'Y<VR
# ~YB
-;%
LO/F,
LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx57GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta05Pqk050Gjbi9V0hUCUsYHQmXU7kJhaXdJNyvPPsF8
>W&#
.M h*
Y@+G
w%`6b
k#J&K
domainUpDown1
C)E(Pg
4D+j4
!This program can-]n-fg!run in DOS mode. $
j<' x
zqFa@?
J-b~
L*H c E
N"dg
3q"S
S/Pi
wp@445
ResumeThread
9Ujxan/Collections
wwwww
KS^ R4
www.than.th1
eU5{`bua
F 1j
66A4
;J#a2v
(stb
"t;_6
retry
zKLH
T@+qWW
_CorExeMain
DebuggerNonUserCodeAttribute
Okzrtvww
# >*? 3&
xV=k
Button
I9S
NNE>eg^
vM4
p(J6
,-w:
d875
L)C.*f
'Z 7
%J(`
aP2v
vssrL?
procP Sj]OF
"]._
%g4
EditorBrowsableAttribute
& M\_
Msg,Na U{rtem.Runtime.InteropServic
syqsS
Keys
eQ2E0^
\<0T
%, ~
e5BSJB
~OkOsMHb
!e |
GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta09FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s4
iX ~
~!7R
dwSize
resourceMan
{"B e
0!0
Load
set_ColumnHeadersHeightSizeMode
m&_/~!
rrjz
System.Drawing
.]8@
GetTypes
` S5W
m"CH
xFtn
`7su
s`ram
4C3Y
0, W
}%Ylx
N+@-
ProcessId
7v ?
S+/
@G$O#
y:_5
T<P=J?Q
%(4n!
YZXQ%=
!%cnz
N.?V
Z$K
G1sQsW
\6o
r [=}>
"GO1A
set_UseShel
)IDAThC
v :c8:
W +g
>>O*P
7a<U
\]:X
<`:]
==9>[[T
gH[
>^3';
T
u|H?
SecurityAction
[ero
Object
_r>\%
gwgferSize
$A9I
System.Runtime.CompilerS
3System.Resources.Tools.StronglyTypedResourceBuilder
Q<K>+
set_UseVisualStyleBackColor
+2QKCei
M$[+[2V
jKc)
or68
InPath
DigiCert Inc1
,CUO
55->PPK
@JKK
b7 K
z0x0:
|KR06
EditorBrowsableState
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
>(&#
z9]&V
{ [
CultureInfo
g }
H LZ
Resources
LH=X
StdOutput
FyC5EATu3lnVrZ1QiwUi0umAM3XpwmbtBRdJV1EEeGbK4s4GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta09BKXkELGBIc3k4fpymXAifHPfRWgPEh4NxqRphhgQPUELK3vHOr2
*A,g
6[z
%d)B
f$A+
F`h03
get_Modules
n&D
` 3q
E J'b.F%H?J$f5r
sRGB
IsNullOrEmpty
Microsoft.VisualBas
F,2_
onader
Exit
w**O%
#,s.
UR=
4W `
J\3r
3-*I
wwwwwwwwwwwwww
8^okgfIandle
CgAL^pi;
get_Culture
add_CheckedChanged
IV(I `
n(*3R
conff
S0[6}
x}&,
G.^.
=JE?R
$"R(
v#;w4z
process
p TB
1&N"O8K%g4#@+F
@m==C3C
>:84
L1[7+f
m #R
j6E 2
v/b f
:-J3D
)O*R
U;y*m
b)L4D4^
Ag P?+f
;~uB,^
]q wM8V
MessageBoxIcon
"d| M
(m g#|o
4X5T
(>6,
` f-H
@jQX
O;L=
.iJ~T
UQ)C4A
y[5~;^4
G>N>T".a
n a
A)E(
O;57;
C&L!d(@,A6C-o<{
}WI:N
GetRuntime
N&J'"
j+_+F
$"sOB*Vi
*R:X
kIN-V'W.
$v2<'
1u]36g
GetEnvironmentVariabl 6Sk~v
}0#"H
ntdll.d?O
q|9]&
2:n=z
P?{8
+FeE"1
set_Culture
G4B-
get_ResourceManager
r1Ts
M$h
Point
|Q)^K"
+|KZ
ProgressBar
length
:C4E%
Zi3Q;
CheckedListBox
v2.0.50727
P<Q&
20+zwyv
LinkLabel
; h/N
Koel
rJ
f$w0S8
K'c0
| L"
o%A:Cm
Exception
.^3D/
9S"I
Ba{quvww
get_ASCII
6hM1BU23i4MOiNIlsfwkIYicWo1GNBTJUZ7qu4nGAjdtE8EQxtY74T3PwX.exe
IpfBoxResult
o2i0vFy
set_Size
%<ZP[
GetTypeFromHandle
b2`
FileAttributes
GetEnumerator
q|<Z
`b'I g `%
eventLog1
@BB^
|?Z0]
MessageBoxButtons
}3V.
Ri"&q
!uxvohcationName
2w;Sy
Y7KW
~ 3F
%*IDAThC
xEi7
u2Q7Z
#~IG,B
g`=@X
U2Y5
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
1#MD
;~3F
<P;c
1q{ xt
0t8P
26?75
FjWW
:@ FM
JlN+
v5L&K
D-}W
Ey4P!R
O9M
L*@g
xR?M 3.
ApartmentState
$!mx
O'B' ]
sGOA
9(+N
rZ0
4\0]*_1{
add_LinkClicked
oM3hESccVHq5aOrasIUT2tC8tUTVIlEeiDv3H38J0G.resources
System.Runtime.CompilerServices
0`&k
oJ2a
p5\
C K2y
Eata
Y9=c
MutxL_~t
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
threadAttributesmLwgbqhtHandles
button1
0R.:x
checkedListBox1
checkedListBox2
wyqh
G772
Kimuext
t.]G
*2u j
<;?x2
y=t'U
BS s
z f|
DigiCert Assured ID CA-1

Y<y;
j$b 1
;xg'J
e a {
j\=ncn
linkLabel1
IDisposable
Exists
\- E]
|f"L
s2G3^
5E5"{
E7$6
-h$E(
x%Q=y
commandLine
i"G K 39'
e}9-}
<Module>
qp?:
R?H]
|&A$
get_SystemDirectory
y<n)J
Ww7sSxx
:[/B}j)
gP<*
isWireSh Iv mqGiddler
#GpK
>*($
y/YR
service3.1.exe
value
SizeF
bc'g.2E0
UB;V
8qu4Z,
?F""o
hhbN
R0LWXWutlqIkEdRs6nvKfyIZ6Nt@
3x,l
o (V
.}<`
*~(
NjlbkCopy
P+\rmevEata
!3M(
mq`JP.0f
D F/D
l'D=N
IsInRole
7 H-
G8S
sPID
Unmanaged1Elk
#GUID
vH0@0
1\&W(
.,?q
ACK=
_S>Z
EndInit
RY*" -h
k0i0$
De)Dhyr
+J oI

p[TO
Pp%K<
7z4!
[8S>u
mL*H
ujnn="1.0"> <assemblyIden
xnrncXcWrvifGHV0BKUmUFnfvgV
EventHandler
b '
Thread
0b1 0
, un&
Et+)= </requestedPrivile+Qh3 ! </security> </trust$U{b:
ErrorProvider
SetValue
ssThan Section1
admin@than.th
Encoding
pjYfbEnCejmELhlmwunBSGckmKexp
s1b%
l g b
UP-S;W
%h&t(p
*O7=
CheckBox
u+
Interact
IDATHK
.:UABg
+A..
SetApar
_==T
8v>
B a'E
GF~ihdctError
,EAO
?G.R
z?>;
4?1-
;NUA'nwo&
po2p5
errorProvider1
a__S[
System.ComponentModel
t99z
vl7
v/I+n
Y<o(K
<I'e6
LQCWERz9yDTxnn7Vobqimi44USU1dfvY0cGLXozsDwog6m2bQx57GkEo5UNKlRjIH9dgSf8HJLI54o54CZLzlMGu9kmdZ1rojPta09
>-+&
5 ;0
>42-
VirtualAllo:v`
n)ntt
$J>L#
jkXHI+0i
$"} r
&,j
System.Windows.Forms
FNU)R
K4E60
Zqghc4
Sho2&Ituwdm.Security
Chl}
System.Drawing.Bitmap
&*&
5]1G
O.V0
q2W=T
(.*J
E:\Samed I%x_QRP!2012\service3.1\service3._}vol^Eebug\service3.1.pdb
GeneratedCodeAttribute
disposing
4/1w
WrapNonExceptionThrow
dj]9
\~+N--
z/,)
fKp7
"i&O
StdInput
n N
{ 7^O%08
xw<_
System.Securi6P?\tjocipal

#infosec #automation

TheSystem Itself @ 2016-08-23 18:42:04