Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: d3117073634450d8f85f85a9002c32c2 --

Hashes
MD5: d3117073634450d8f85f85a9002c32c2
SHA1: f6cb5bfdc1145bf3156623a0e4f83ec3f57643cb
SHA256: 26dca2d6a2f4d9d50465d0067bd12532083aef6424fc6a2813676182074954d1
SSDEEP: 6144:jpbPWjE5qg9KFzuIPDil7jVwHwaZwm9/aePvyVi59Xaav:joyqgCuIPudapik2i5Ba
Details
File Type: PE32
Yara Hits
Parent Files
aaa0a09acbb1073c07da83e68b723caa
Source
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
+"+#+((Q
+<+A+F	(
-a&&&&&
-I&&&&&
-d&&&&&
+9+>+C
-V&+(~1
v2.0.50727
#Strings
el.exe
<Module>
mscorlib
Object
System
ValueType
MulticastDelegate
MySettings
fsdgsrxd.My
ApplicationSettingsBase
System.Configuration
Attribute
MemoryStream
System.IO
PoweredByAttribute
SmartAssembly.Attributes
value__
Dictionary`2
System.Collections.Generic
Assembly
System.Reflection
Version
.cctor
BeginInvoke
IAsyncResult
AsyncCallback
EndInvoke
Invoke
handle
SuspendCount
DelegateCallback
DelegateAsyncState
DelegateAsyncResult
lpDebugEvent
dwMilliseconds
KillOnExit
GetProcAddress
kernel32.dll
ICryptoTransform
System.Security.Cryptography
ResolveEventArgs
MoveFileEx
kernel32
assemblyFullName
Default
IsWebApplication
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
AssemblyFileVersionAttribute
CompilerGeneratedAttribute
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
GeneratedCodeAttribute
System.CodeDom.Compiler
AttributeUsageAttribute
AttributeTargets
STAThreadAttribute
{c17ec07a-b84c-4deb-9176-d6931b9744fa}
{0dd75d00-3bd4-4ff7-8622-509a131b13f9}
GetTypeFromHandle
RuntimeTypeHandle
Marshal
System.Runtime.InteropServices
GetDelegateForFunctionPointer
Delegate
Thread
System.Threading
get_CurrentThread
set_IsBackground
AllocHGlobal
PtrToStructure
RuntimeHelpers
GetObjectValue
FreeHGlobal
SizeOf
SettingsBase
Synchronized
InvalidOperationException
ArgumentOutOfRangeException
Exception
RijndaelManaged
MD5CryptoServiceProvider
Encoding
System.Text
get_ASCII
GetBytes
HashAlgorithm
ComputeHash
SymmetricAlgorithm
set_Key
set_Mode
CipherMode
CreateDecryptor
Convert
FromBase64String
TransformFinalBlock
GetString
Microsoft.VisualBasic
ProjectData
Microsoft.VisualBasic.CompilerServices
SetProjectError
ClearProjectError
Collect
Process
System.Diagnostics
GetProcessById
GetCurrentProcess
GetProcessesByName
Rfc2898DeriveBytes
CryptoStream
Stream
CryptoStreamMode
get_UTF8
CreateEncryptor
IDisposable
Dispose
String
Boolean
Format
ToUInt32
IsNullOrEmpty
Concat
IntPtr
BitConverter
ToInt32
ToInt16
Buffer
BlockCopy
ThreadStart
Interaction
Environ
System.Windows.Forms
Application
get_ExecutablePath
Operators
ConcatenateObject
ConditionalCompareObjectEqual
GetExecutingAssembly
ResourceManager
System.Resources
GetObject
Delete
EndApp
CreateProjectError
GetCallingAssembly
FormatException
get_Length
get_Position
InitializeArray
RuntimeFieldHandle
get_Default
CopyArray
IEnumerator
System.Collections
get_Current
ProcessModule
get_ModuleName
ToLower
StartsWith
get_BaseAddress
MoveNext
get_Modules
ProcessModuleCollection
ReadOnlyCollectionBase
GetEnumerator
GetName
AssemblyName
GetPublicKey
get_Name
ToBase64String
op_Equality
get_Chars
IndexOf
Substring
Monitor
ContainsKey
get_Item
GetManifestResourceStream
GetTempPath
Directory
CreateDirectory
DirectoryInfo
Exists
OpenWrite
FileStream
LoadFile
set_Item
FileLoadException
BadImageFormatException
StreamWriter
set_AutoFlush
Environment
get_NewLine
TextWriter
AppWinStyle
ReadByte
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
DESCryptoServiceProvider
ProcessStartInfo
set_WindowStyle
ProcessWindowStyle
set_CreateNoWindow
SetAttributes
FileAttributes
get_StartInfo
set_FileName
set_RedirectStandardOutput
set_RedirectStandardInput
set_UseShellExecute
set_RedirectStandardError
get_StandardInput
CreateObject
NewLateBinding
LateGet
LateSet
LateCall
Conversions
ToString
WaitForExit
get_MainModule
StringBuilder
Append
op_Inequality
add_ResourceResolve
GetManifestResourceNames
StackTrace
GetFrames
StackFrame
GetMethod
MethodBase
MemberInfo
get_Module
Module
get_Assembly
TryGetValue
Intern
WrapNonExceptionThrows
1.0.0.0
"Powered by SmartAssembly 6.9.0.114
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
10.0.0.0
#fsT8L:n
`;Rp07~
!KGe2r
W7nCB=q]
.^h(pM
rT9BSeF?
LDHe{zg-
5>"sh~
I5	wB-
[U,zb0
RxZ2$uuKT
=Qe?5.in
JK4Y|O7
>@aLM*Q
2t6K00
ZOr}V{:
8EY4c_
vPX{I{7h-rn@/
ql*Kwr
d6A+	wGY
mf_]_k
F;*y{S
)Q=]iB=
><X#?<
<|.@Dc
ZiG&K-
	qs*_/Z
-D|}(C]VO
0<'Nit
rM?Y62
6oVXPV
O+L`vi
<5wtU 
?d}3Q p
cUWIWR$=
A`bn',
,JsfB	
o6>b]<
}%C&A;
MEsh2KZx
g&P#{b
r+E?v?d
k\ GB`
!Pd=47
e?2</CRA
gQ~f	-
BFB)vE
8OU^Yt/
3lN^Io
c|?3!9
(R4>Gio
>A)QJ]A
QnP.5sP
. R1<+q
u2CeWYrv
<XE_Dm
6 b^'s
_y%R-$
ta*mWgc
Z$-0HEg
wH>87zm25:s+
*[,.lF
eygr.<
b0z)>\
vQ(L+b
6'fK>g(
ldTs^.
Te_g"~|
w0.fNq
Pq&v5E
~whEP#
g^wQD5
zZ	_C2
 J@t y
dMn,@7[?l
LEGw|7
XqXC5]
40%%(E?
4.Fk`:
 ~^7be
$$.ROpx
{5*!v	
}_Jkcb
y:Bfy9(
A`O)FM
Gt*jk<
;We^Gr
cGd>rpo
dV-ul8BA
oh-#/U
i>Xn:R
.jnk.aR
`:h=:]u
'Z="RoR
.82<Um
|WMbJ~
4Eg;"}Dl
bJSbvo
;z9FCR
OSy.Nk
'cr7zB
2~#7NG
esPS3cv
[&	3@3
@c}1DY/
eXKzF5
DD`)"I
6F.>HV[
JhXOvc
jgr|+R
A$ztL]
&etr`o
{MODf|x>
EAnNA.S
!?YxwK
p%6Vz,z
s$8y	,
$^i P{
e\Y3|WI7
WG. yg
z}+g{1y
xkSf	{
$400,Z
bM]VKJ-
53,M].
RNRMAz
DC<XjF
f,]\/!
7m&b86b
qNbPi-V_
/ Yg:{
zcPoq-A
L.0i_M
NpXo~dHUn
}dWHEB;
681po6aP
Cw=#;Y^
N'`gyM
I=Q92=^
Z@3L}(Z
>_OX>%
\-gmi]|0}
)Ue)16
:^].G\
.QfEU=
^vZh=CJ
paR&,!O
kQuAoGEE
Qf}	z?,
bX6pQa
Dq%Eo>_4Z[
$2$a1o
lopUv]
_S{.=3
B~xTJ0z
johGWE
=J4&MB
l$69z#2
Y:2\H$R;
cvXG)wy
Bi#D.;
RV&dcC
,w^ll	
]c}Kd"wO`H
gy#?7I10
<@<;&R
3)[FDp
>YR_V$
Yy%\_`
',<&~D
>tP3v66
Ue~nit~
zp4Pbp
@8:pa`
fJ5jpv
VS!_<Kxm~
mH*Myx
o5:f?1?]
2\O]FX
}L{ZEr<,5n
WOze+^
v|J>B 
'fy5G[&
+p]9w=
:~G3_I
lY"-6_
QInX	R/M
v]e^^?
L>;<ih
YBRN{b
u#p/QpR@
ILABU>:8
&~OCF^
oa4L!4
G]Yd;p(
e+1Na(9
l@1zm%/H
@bw[G?
Et8$wK_-Ze
FX8w\+
^6q/, 
V{dU]/
pHL"U7
\,c5bd=
P4R-_ 
z$#-f\
io|aY>n
CSD^wz
 k>:Yk
Nkr'^`js
LlS2S;
#~71BH
Sd+N,t
;S~dTqs
m0YYkPP
8^dkx{
)>tu{ 
H}B3.<y
tUcjK{Y
2@nC^"
k*;	go
XfnC+&
lJbM'|9
W)u}i^	Q>
	tUJ<l1
?ce3&1
(S[c)'
{A#":rA{
I@3S2;yB
*!*Ca6
v<H5@t
$g3:m+7
	RrWCb
VfqfPV
g|O=t5
Hr[EkC
#a*_>|
u>}}D}
2r~58Y'
@@LXO!
\s}A9r5
(T3pjE
[-y2APs
[sV\!>Z
^I-q4Nu
s u7QL<o
[nI%V2*s
DSD%i+tKc\
/1w*;B7
glV`Tk
<	n_=e
9Kv~Q5
$Q[5oI
z(=>*q
B_"Un0Z9
{NxGEc
Sa-3VyzR%
xK= ]2
dVl"t>
XOgkJww
#E7_B+s
a+hYP-
f8y$=d
wM(.4V
3)f"))
&F\sV1
9m_s]\
LM^|K;=
0*PCVn
}r*}tdvR
H^/|FH
@Qf}l<"
q?m@mi
z	`oP5
(7_gbU
[))LNB
a(_8ST
UEVNu4
@syszO
:d6(axp
YJc_ns
AqKP.q*!
h%q(wj
\ C8as]y
%:R'd+
eoXn np
/^fzSu
*i]uId
&,)%66$Bg
rk<crZ
Ts?1lB1
(B?0jg
E~A,0'6
4<;mws
#hsq"T
u{,1y&
hL6v+~
0|~WD#V
3qcaxQ_
gYui&]
|O.b!+
;A\K2:5
zLWL>`0
 Wzq3Q
. d*MP
sWGErY
]y!;+=l>
@)Wsh+
/N]7j3V
u@j# F[
 iYX~Cx@{
N`q	3b
WcVC)V
UbtG84
ZOIxwVM<L
UWCQV7G
I2?-'%j
je%/27
L"zp(g
7z/U=iD
Y9vw<o
AG2p4v
z!8iHHI
<MGH=4
VAXk9&
Ak2"RP
Q@87#e_
V$[1dG0
+SL}mFq
J[+>IO
EG[ /6 
1	K[,~
mnk;]>lM
|d^y#i
fsRN3/
dB5%t<
Oehbxf
[ErHSC
8DKK4i
Jx5]&l
K|7qyf
y^0(<{
4\IrI]
^t|Y4:
u8MQpd
lG5;t!I
;T@Sx*IP+Z
KwWhna
;`pp	{q
V/Agu[
W&)>;O
AH~/kZZ
wOsRSu
bdBwc!Jb
!3h TI
0c]+NJ
x=l	x5
td7b]nRQ
H_qQ-{
Vo =B/
:*Gs=c53
n)p{,!"
!+sYO<
/(&Qi<
NbmME`<8
GJ7q*A"
5$,d=4p
 5ZCN5Y+v5pel5Lu25aaI5aW95L2g5YWr
 U2sxTjFXL2tMbFlQUzVyejJHUkZldz09<SVpSUGZNcGFFZ3lSNlpEeVhuT1lpSngwOFd6eDRaQVpXQy9QZE1uZmFtbz0=<OEU0a3lad2xRM0FKek1EVXlaVkQ0dE9TZkFReFdzbWcxbGVHL1gzdU9Rbz0=<enlZM3ZVSnJtb25CVFV1Yko5VUNDNVR6REhqNzFoWE9KM1NHcnJBS3R2VT0=<V05hdVVhaWxVaGNlV3ZOYWNYc29aWXhUU24yOHhVblhkYVpMeUFpVHR1VT0=<dzBxRXpjQ2E0TWNHOTdxRTFjZ0FDZFFscHJtRGExMTdWS1VYMWFtZ1pBbz0= cGRkM3paNWx3WHRqOGhWMUdLUmZWdz09 cXQ0dEhtVE9SWEZsdTA4YytzenAvQT09
VlBFWCBSRVBST1RFQ1QgRkFJTEVE
VlBFWCBGSVJTVCBGQUlMRUQ=
VlBFWCBGSVJTVCBGQUlMRUQy
VEhSRUFEIFJFU1VNRSBGQUlMRUQ=
Y2ZmZmZmZmZmZmZmZmZmZmZmZg==
U0hBMQ==
QDFCMmMzRDRlNUY2ZzdIOA== QUJVS29jWEEvOFU4L2RUeVFxU2d4dz09<MHI0UStLZmZSU2hPTXJKWFE1YklQQlBmczJ1ZURVUUxoRWxScHZTTk9EOD0=<RmsyZVpJTUFwd2NJV1RFbWIyY1MraHBneFA4S1RBVkZWYk00R1BUTDJiND0=<c0Jnckd0S3o0aitwWjM5Vm5pVFBQNHlQTUJONFdIVlk0SVM4Wlk0Zm1TRT0=<MmR1UGRBZXRJb0tReTV4ZTV5MHMyVyszdW5HcldPL25oRjcrVTlLdzdNST0=<UnhLVlZidEgxNHBnamRYYXcyQzFZYldVUXh5d1RGYnFmL3BaQkI1MUo1Yz0= VGdPaEF5TjlZaXFkWWlyRDNReXR1QT09
InswfSI=
IA== NWcrQnhGSFhrZFRjRU0zY0VHZ2swQT09<c3NjcFJaVFNwdXVnRGdPdm1hUFBQdTZiL1g5Z1pSWWVLY3lhdndaM1dQTT0=<OTIzbFlvQWhiMnZWWElNNnUzTUN6akt1Z1ZEQlhaTWNiYjZUaGJzTDVyOD0= N2dVeVFWK0xHOXM5OUozVEZIeGpPUT09
XA== K0hKL2J5NlJ4UTZyWmlka1NxeTY2dz09
5bCU5pyL55m+5a625YWr5rW3
VEVNUA== b0FKOVBtL1JFVnZvNVVqS0xMTnFNQT09 cUoxcng2em8wSld2NmNYZXpDeU9HUT09
LmV4ZQ==
ZnNmc2Rmc2Rmc2Rmc2Rm
I25zZGZmZHNwIyQkJC5leGUkJCQ= clJobnBoQnVnVWlSY1ZscFZnTGZqdz09<aWp1bFVibjhEUFBrZWU4TWR2MFBmM0pQWFRNTld2WVJPUk8rSmZvUFNBVT0= OEVicnZ5YzhqSUpwbnBzMmVDQ0hZQT09
5Liq5pa55Liq6Zu26LW35YWrXYXhmWEtjMXVTUHcyMkhTQ0poQVdFYTZEamhEU3BDaU9NengyV2QzckNOSWVVVnZyN1gwY0x4N2M2K3NJMlNYZQ==
XHRlbXBc(XHFKMXJ4NnpvMEpXdjZjWGV6Q3lPR1E9PS5iYXQ=
LmJhdA== MzFSS3NPU3ZJOS9BRnVoS29nM05nQT09
dGltZW91dCAvdCAzMDA=
c1ZDQ01pS1FDWWVUcFFTVEZyejVERG02N0RxNjJ5U2dnek5zSTUyZWNQK3pHVzBuZFRpaHpCSDFlendwQVpNZ0F2WjBGd0pFY0kyYXp5MDhnbnpwb2o3ZEFSMmhBWkNBcUdvTTJ0MzhRTWM9 T0hMSTVkZ0wxd3dOQkdyL1FFWjlXQT09
KSB8fCAo
JWFwcGRhdGElXA==XaVhJek05OFBqbC91K3psVS9oNURmbDE5Y01QMjlCSkxJV0ZMV2FqTlQ5Mk9LcU9ZRTlxMVBjY3RpVm1uSDhFZA==
IFN0YXJ0IC9XICIiICI=
Y21kLmV4ZQ==
Lmxuaw==
IiAvWQ==
TXNNcEVuZw==
MDRnSDQ4eHNOT1VmK0g3Y0NMY1FidFZvK24yQ1BuaG9LNG00am1sTzlrVUtsUGZnRlpJWUh0ZTVzRUZYVmZPMTdmWXhsbkEyYVZDNWFhVEFBRUdCbG5JWEtmTTQ5LzVTYmpMZXY3ZFVWblRrSktGN1luUS9BajltTEtTSWhBSFY=
IiAvZg==
V1Njcmlw
dC5TaGVsbA==
Q3JlYXRlU2hvcnRjdXQ=
VGFyZ2V0UGF0aA== RXhwYW5kRW52aXJvbm1lbnRTdHJpbmdz
V2luZG93U3R5bGU=
U2F2ZQ==XdG9vRUtVUE5QQ3NSTmthUzNIdWVxYXIzaFRnRDMrVU1haUtsVno5Zk5pbjJuWFovK2RjOE9MaGh1NmtlZmhNVg==<TjIxMjVvanlMZmQ1dlJ1WXpTanB3ZmFkZG4vNTF6dzR1R0c3cVI1K0V4VT0=
LmpwZw==
cmVuICI=
LmpwZyIg
ZXhpdA==$
_CorExeMain
mscoree.dll
@wuM{?
Rw@x_te
GoF1#7
(Jv*@q
D'g5Mg
A+@m0LM0B}
TSOm0L$
Kkn^|yQm
'wm%"O
RW-xOW:
-+n `Y
_/xsN7'q
.rQhtx
lWm_2k1
.TCm0Bm0B](
|8io}`
 @te,@vn
1M';4)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>