MalScore
100/100
MalFamily
Ispy

fada.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 18/65 Related 2476
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 409.00 KB (418816 bytes)
Compile time: 2016-03-17 12:58:43
MD5: c80fb1eeb3ae1c297f21b1a01527050b
SHA1: c6d19aa313caf047d7c2bd707b1c336b08c0eadb
SHA256: ec7856b9b53bba42a671771ef08405d034ea5baa12c08a85264fde8799be5ebd
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-04-25 11:57:03
Last submission: 2018-04-25 11:57:03
Filename detected: - fada.exe (1)
URL file hosting
hXXp://lalecitinadesoja.com/imagenesdeunasdisenos.com/files/fada.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-04-25 08:59:01 [18/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x657c4 415744 fc6278569340b3f999ce04278694e8c4 bc3d3c27df00633dec8f13f12a51f934f8b9622f
.rsrc 0x68000 0x604 2048 20632d999c04a87d663522d3bc8b4b1c c729a7dd0b62862f13cb07b1647f8fbd41f9ffbb
.reloc 0x6a000 0xc 512 bd210ecb1abc20ffb627007155094441 2ede07ccf1b6cfd18c412e7a9b19e5b52c81468c
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x680a0 888 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x68418 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 DaVita Inc.
Assembly Version: 0.0.0.0
InternalName: fada.exe
FileVersion: 17.6.30.4
CompanyName: DaVita Inc.
Comments: vu3huuacw2t
ProductName: Dynamic IP Restriction Module
ProductVersion: 17.6.30.4
FileDescription: Dynamic IP Restriction Module
Translation: 0x0000 0x04b0
OriginalFilename: fada.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
17.6.30.4
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
ad23750c-8ae5-a5292
ad23750c-8ae5-a5293
InternalName
ad23750c-8ae5-a5298
ad23750c-8ae5-a5299
LegalCopyright
ad23750c-8ae5-a5278
ad23750c-8ae5-a5279
ad23750c-8ae5-a5270
ad23750c-8ae5-a5271
ad23750c-8ae5-a5272
ad23750c-8ae5-a5273
ad23750c-8ae5-a5274
ad23750c-8ae5-a5275
ad23750c-8ae5-a5276
ad23750c-8ae5-a5277
ad23750c-8ae5-a5177
ad23750c-8ae5-a5176
ad23750c-8ae5-a5175
ad23750c-8ae5-a5174
ad23750c-8ae5-a5173
ad23750c-8ae5-a5172
ad23750c-8ae5-a5171
ad23750c-8ae5-a5170
ad23750c-8ae5-a5179
ad23750c-8ae5-a5178
Copyright
StringFileInfo
ad23750c-8ae5-a579
ad23750c-8ae5-a578
ad23750c-8ae5-a577
ad23750c-8ae5-a576
ad23750c-8ae5-a575
ad23750c-8ae5-a574
ad23750c-8ae5-a573
ad23750c-8ae5-a572
ad23750c-8ae5-a571
ad23750c-8ae5-a570
ad23750c-8ae5-a591
ad23750c-8ae5-a590
ad23750c-8ae5-a593
ad23750c-8ae5-a592
ad23750c-8ae5-a595
ad23750c-8ae5-a594
ad23750c-8ae5-a597
ad23750c-8ae5-a596
ad23750c-8ae5-a599
ad23750c-8ae5-a598
ad23750c-8ae5-a5300
ad23750c-8ae5-a5301
ad23750c-8ae5-a5302
ad23750c-8ae5-a5303
ad23750c-8ae5-a5304
ad23750c-8ae5-a5305
ad23750c-8ae5-a5306
ad23750c-8ae5-a5307
ad23750c-8ae5-a5308
ad23750c-8ae5-a5309
ad23750c-8ae5-a5234
ad23750c-8ae5-a5235
ad23750c-8ae5-a5236
ad23750c-8ae5-a5237
ad23750c-8ae5-a5230
ad23750c-8ae5-a5231
ad23750c-8ae5-a5232
ad23750c-8ae5-a5233
ad23750c-8ae5-a5238
ad23750c-8ae5-a5239
ad23750c-8ae5-a5281
ad23750c-8ae5-a5280
ad23750c-8ae5-a5283
ad23750c-8ae5-a5282
ad23750c-8ae5-a5285
ad23750c-8ae5-a5284
ad23750c-8ae5-a5287
ad23750c-8ae5-a5286
ad23750c-8ae5-a5289
ad23750c-8ae5-a5288
ad23750c-8ae5-a5122
ad23750c-8ae5-a5123
ad23750c-8ae5-a5124
ad23750c-8ae5-a5125
ad23750c-8ae5-a5126
ad23750c-8ae5-a5127
ProductVersion
0.0.0.0
OriginalFilename
ad23750c-8ae5-a560J
ad23750c-8ae5-a546
ad23750c-8ae5-a547
ad23750c-8ae5-a544
ad23750c-8ae5-a545
ad23750c-8ae5-a542
ad23750c-8ae5-a543
ad23750c-8ae5-a540
ad23750c-8ae5-a541
ad23750c-8ae5-a548
ad23750c-8ae5-a549
ad23750c-8ae5-a5348
ad23750c-8ae5-a5349
$e%e&I'
ad23750c-8ae5-a5344
ad23750c-8ae5-a5345
ad23750c-8ae5-a5346
ad23750c-8ae5-a5347
ad23750c-8ae5-a5340
ad23750c-8ae5-a5341
ad23750c-8ae5-a5342
ad23750c-8ae5-a5343
ad23750c-8ae5-a5195
ad23750c-8ae5-a5194
ad23750c-8ae5-a5197
ad23750c-8ae5-a5196
ad23750c-8ae5-a5191
ad23750c-8ae5-a5190
ad23750c-8ae5-a5193
ad23750c-8ae5-a5192
ad23750c-8ae5-a5199
ad23750c-8ae5-a5198
fada.exe
ad23750c-8ae5-a5128
2018 DaVita Inc.
ad23750c-8ae5-a5129
FileVersion
ad23750c-8ae5-a5120
ad23750c-8ae5-a5121
ad23750c-8ae5-a5249
ad23750c-8ae5-a5248
60d16db0-370d-d6
ad23750c-8ae5-a5245
ad23750c-8ae5-a5244
ad23750c-8ae5-a5247
ad23750c-8ae5-a5246
ad23750c-8ae5-a5241
ad23750c-8ae5-a5240
ad23750c-8ae5-a5243
ad23750c-8ae5-a5242
ad23750c-8ae5-a5164
ad23750c-8ae5-a5165
ad23750c-8ae5-a5166
ad23750c-8ae5-a5167
ad23750c-8ae5-a5160
ad23750c-8ae5-a5161
ad23750c-8ae5-a5162
ad23750c-8ae5-a5163
ad23750c-8ae5-a5168
ad23750c-8ae5-a5169
ad23750c-8ae5-a519
ad23750c-8ae5-a518
ad23750c-8ae5-a511
ad23750c-8ae5-a510
ad23750c-8ae5-a513
ad23750c-8ae5-a512
ad23750c-8ae5-a515
ad23750c-8ae5-a514
ad23750c-8ae5-a517
ad23750c-8ae5-a516
ad23750c-8ae5-a5335
ad23750c-8ae5-a5334
ad23750c-8ae5-a5337
ad23750c-8ae5-a5336
ad23750c-8ae5-a5331
ad23750c-8ae5-a5330
ad23750c-8ae5-a5333
ad23750c-8ae5-a5332
VS_VERSION_INFO
ad23750c-8ae5-a5339
ad23750c-8ae5-a5338
ad23750c-8ae5-a5148
ad23750c-8ae5-a59
ad23750c-8ae5-a58
ad23750c-8ae5-a51
ad23750c-8ae5-a50
ad23750c-8ae5-a53
ad23750c-8ae5-a52
ad23750c-8ae5-a55
ad23750c-8ae5-a54
ad23750c-8ae5-a57
ad23750c-8ae5-a56
ad23750c-8ae5-a5209
ad23750c-8ae5-a5208
Dynamic IP Restriction Module
ad23750c-8ae5-a5201
ad23750c-8ae5-a5200
ad23750c-8ae5-a5203
ad23750c-8ae5-a5202
ad23750c-8ae5-a5205
ad23750c-8ae5-a5204
ad23750c-8ae5-a5207
ad23750c-8ae5-a5206
ad23750c-8ae5-a5149
ad23750c-8ae5-a5296
ad23750c-8ae5-a5297
ad23750c-8ae5-a5294
ad23750c-8ae5-a5295
ad23750c-8ae5-a5119
ad23750c-8ae5-a5118
ad23750c-8ae5-a5290
ad23750c-8ae5-a5291
ad23750c-8ae5-a5115
ad23750c-8ae5-a5114
ad23750c-8ae5-a5117
ad23750c-8ae5-a5116
ad23750c-8ae5-a5111
ad23750c-8ae5-a5110
ad23750c-8ae5-a5113
ad23750c-8ae5-a5112
ad23750c-8ae5-a555
ad23750c-8ae5-a554
ad23750c-8ae5-a557
ad23750c-8ae5-a556
ad23750c-8ae5-a551
ad23750c-8ae5-a550
ad23750c-8ae5-a553
ad23750c-8ae5-a552
Translation
ad23750c-8ae5-a5141
ad23750c-8ae5-a559
ad23750c-8ae5-a558
vu3huuacw2t
ad23750c-8ae5-a5371
ad23750c-8ae5-a5370
ad23750c-8ae5-a5373
ad23750c-8ae5-a5372
ad23750c-8ae5-a5375
ad23750c-8ae5-a5374
ad23750c-8ae5-a5376
CompanyName
ad23750c-8ae5-a5188
ad23750c-8ae5-a5189
ad23750c-8ae5-a5182
ad23750c-8ae5-a5183
ad23750c-8ae5-a5180
ad23750c-8ae5-a5181
ad23750c-8ae5-a5186
ad23750c-8ae5-a5187
ad23750c-8ae5-a5184
ad23750c-8ae5-a5185
Comments
ad23750c-8ae5-a5252
ad23750c-8ae5-a5253
ad23750c-8ae5-a5250
ad23750c-8ae5-a5251
ad23750c-8ae5-a5256
ad23750c-8ae5-a5257
ad23750c-8ae5-a5254
ad23750c-8ae5-a5255
ad23750c-8ae5-a5151
ad23750c-8ae5-a5150
ad23750c-8ae5-a5258
ad23750c-8ae5-a5259
ad23750c-8ae5-a5155
ad23750c-8ae5-a5154
ad23750c-8ae5-a5157
ad23750c-8ae5-a5156
DaVita Inc.
ad23750c-8ae5-a528
ad23750c-8ae5-a529
ad23750c-8ae5-a524
ad23750c-8ae5-a525
ad23750c-8ae5-a526
ad23750c-8ae5-a527
ad23750c-8ae5-a520
ad23750c-8ae5-a521
ad23750c-8ae5-a522
ad23750c-8ae5-a523
17.6.30.4
ad23750c-8ae5-a5328
ad23750c-8ae5-a5329
ad23750c-8ae5-a5322
ad23750c-8ae5-a5323
ad23750c-8ae5-a5320
ad23750c-8ae5-a5321
ad23750c-8ae5-a5326
ad23750c-8ae5-a5327
ad23750c-8ae5-a5324
ad23750c-8ae5-a5325
ad23750c-8ae5-a585
ad23750c-8ae5-a5229
000004b0
FileDescription
43034cd4-bbee-44bc-a00b-16821210c984
ad23750c-8ae5-a5218
ad23750c-8ae5-a5219
ad23750c-8ae5-a5216
ad23750c-8ae5-a5217
ad23750c-8ae5-a5214
ad23750c-8ae5-a5215
ad23750c-8ae5-a5212
ad23750c-8ae5-a5213
ad23750c-8ae5-a5210
ad23750c-8ae5-a5211
ad23750c-8ae5-a5269
ad23750c-8ae5-a5268
ad23750c-8ae5-a5263
ad23750c-8ae5-a5262
ad23750c-8ae5-a5261
ad23750c-8ae5-a5260
ad23750c-8ae5-a5267
ad23750c-8ae5-a5266
ad23750c-8ae5-a5265
ad23750c-8ae5-a5264
ad23750c-8ae5-a5102
ad23750c-8ae5-a5103
ad23750c-8ae5-a5100
ad23750c-8ae5-a5101
ad23750c-8ae5-a5106
ad23750c-8ae5-a5107
ad23750c-8ae5-a5104
ad23750c-8ae5-a5105
ad23750c-8ae5-a5108
ad23750c-8ae5-a5109
- E!-"
ad23750c-8ae5-a5159
ad23750c-8ae5-a5158
ad23750c-8ae5-a568
ad23750c-8ae5-a569
ad23750c-8ae5-a561
ad23750c-8ae5-a562
ad23750c-8ae5-a563
ad23750c-8ae5-a564
ad23750c-8ae5-a565
ad23750c-8ae5-a566
ad23750c-8ae5-a567
VarFileInfo
ad23750c-8ae5-a5366
ad23750c-8ae5-a5367
ad23750c-8ae5-a5364
ad23750c-8ae5-a5365
ad23750c-8ae5-a5362
ad23750c-8ae5-a5363
ad23750c-8ae5-a5360
ad23750c-8ae5-a5361
"2^{
ad23750c-8ae5-a588
ad23750c-8ae5-a589
ad23750c-8ae5-a5153
ad23750c-8ae5-a5368
ad23750c-8ae5-a5369
ad23750c-8ae5-a5152
ad23750c-8ae5-a5313
ad23750c-8ae5-a5312
ad23750c-8ae5-a5311
ad23750c-8ae5-a5310
ad23750c-8ae5-a5317
ad23750c-8ae5-a5316
ad23750c-8ae5-a5315
ad23750c-8ae5-a5314
ad23750c-8ae5-a5319
ad23750c-8ae5-a5318
ProductName
ad23750c-8ae5-a5227
ad23750c-8ae5-a5226
ad23750c-8ae5-a5225
ad23750c-8ae5-a5224
ad23750c-8ae5-a5223
ad23750c-8ae5-a5222
ad23750c-8ae5-a5221
ad23750c-8ae5-a5220
ad23750c-8ae5-a5146
ad23750c-8ae5-a5147
ad23750c-8ae5-a5144
ad23750c-8ae5-a5145
ad23750c-8ae5-a5142
ad23750c-8ae5-a5143
ad23750c-8ae5-a5140
ad23750c-8ae5-a5228
Assembly Version
ad23750c-8ae5-a582
ad23750c-8ae5-a583
ad23750c-8ae5-a580
ad23750c-8ae5-a581
ad23750c-8ae5-a586
ad23750c-8ae5-a587
ad23750c-8ae5-a5139
ad23750c-8ae5-a5138
ad23750c-8ae5-a584
ad23750c-8ae5-a5133
ad23750c-8ae5-a5132
ad23750c-8ae5-a5131
ad23750c-8ae5-a5130
ad23750c-8ae5-a5137
ad23750c-8ae5-a5136
ad23750c-8ae5-a5135
ad23750c-8ae5-a5134
ad23750c-8ae5-a533
ad23750c-8ae5-a532
ad23750c-8ae5-a531
ad23750c-8ae5-a530
ad23750c-8ae5-a537
ad23750c-8ae5-a536
ad23750c-8ae5-a535
ad23750c-8ae5-a534
ad23750c-8ae5-a539
ad23750c-8ae5-a538
ad23750c-8ae5-a5359
ad23750c-8ae5-a5358
ad23750c-8ae5-a5357
ad23750c-8ae5-a5356
ad23750c-8ae5-a5355
ad23750c-8ae5-a5354
ad23750c-8ae5-a5353
ad23750c-8ae5-a5352
ad23750c-8ae5-a5351
ad23750c-8ae5-a5350
[i8}P;^
0qx4G?
kukN2(\
z{L/n
:\{t
&4]f
2!dd
EsbU
>-cP6}4
&9E
iuv0
PNG
N`8S
Hu~0Ky
g,"V
bSZ
9v '
M69RpU
]Rq=a
OO)Z
f&2M_
SHf"
6qWr
g-I9
o@x'
r<QK
{y4+K
S6;B
7*UM4J uucu
yui0Sy
IhY{x
5CcT!
0<ytG
2ugb
~up0Gy
{UG?
@uv0[y
DeX
```0``
&\&W
'vW[
I)3r
;cSd
LuJ0
{`P
v'Yg
8:qzE=
cup0]y
Data
Yk C
f<Yv
I #o
b4id
n&G0(>vb(
LYn(%bwU
,gWJ
^>Xm
TYr%
FuB0Xy
add_ResourceResolve
ShC,[!
k?/fp
V^0 y
"#wR+
5in9S
o, x
ukR-
['K<T
u<1[y
>u`%
09y"F?
fP5[9Q
get_Controls
Hy_gs
vuA0{y
;uI0Yy
?Oje
Iue0Jy
72~]}tB
(3UA
4W"ro
e -A~
L$]2
]*Yl
w,08y>E|
B 2
'CuM
~W~F
Cu[0Py
?*|}wx
s4]~,t5
VYRc
@|0
05{I
v B 2
7=M8
*6K )
;5'=x
*j=}
{uy0ay
jV0{y
System
wuZ0_y
v6|^T
0~y9G7
=4bI|
TL,x
:\:
l`@N
zp '
A,X*
0l::
|NFH
2uWU^
>k 8
_w?]
e^>_
I+``H
:4 J~
sJ2 y[Af
x<83
BtJ02y
XZ SP
APDZ
nvs'y
u{0]y
sgt|
)Ozhr$\
Cup0qy
System.IO.Compression
|jZr
XUKy
=1s_
gu!0]y
luV0
]} R
FSu
RuntimeFieldHandle
|.ix
uD'Qn
?ud0ty
g`Hm
duV0xy
DVa_
[{}W
^a[w0\
)ucB
vL{
>u'0ty
,g83%
IReflect
||\2y
GetData
/Y|c
```8
7uy0
tn0*;rgW
buE0
+}Yj3
j P3uw
```P``
z>:l
,}z
he^b
}P^0B
e +
r'-|
Yu^0}y
Xv_fX
^ClSt `!
} j]
"Um=2y
[uy0
huU0cy
GgI{
TpZ1
N34k
gud0
Tus1<'nV
{IvAC
qE0.A$
!NK?
Knnc4
ij'$
Zu"0{y
Write
q@vK
`4}VY
j0CBR]kw
EnableVisualStyles
Ekrx
F7~Qr
2TFm
kode
s8cL;
```p``X
>[4S7
z6bK
XAQ(
``xZ
(02}
i SlkC
6u#0Sy
r=c8!'8
](02s
/Ej-
ju[0
]E1S
2uV^G
bkP$
H1DNZ
[^
T S[
wu#0
sp=;
^ hM
ipR/4G
y.Y'|
zWX}kv6
$u'0Gy
Eu"0wy
vuv0dy
.'#
;|O +
`Q.O;[F
5s{wG
v^Fy
v2.0.50727
m)M>
$4za
Fy\
5 1)
sYuj
mysO+?
6%T|b[
/n,
55oK/
ResolveEventHandler
Fu#0
;+'x
V !+
AppDomain
|6vY
M;2{
_);0Z
`.rsrc
sfE?
```pa`
kyS"
h.9m
C D`
++S%/7MI
vup0]y
`Wnx
'C7Sez
I-Yg
:Ov4G
75.{
hAjw>
Fu!0\y
Hu\0by
]~Ie6
&{av
22y N
u 02h
9q%x
Di1v
KtL04y4F`
/'^ zq
W#V]
d`xfd
|| ~
]$.0C
]?7-?
tK1e
='^p
RDF
add_Load
S_'/d8
OL 8
9[IK"6
^;&L
ob<_
_/i2,O
p[26
P)HC
;wC8
XL_l
*"i!
b83k
dua0~y
yOb\0
z_e>
LU:5s
7)8
6(#m
Mw|1_y
(!O(
~ur0By
^uJ0py
"[f~;7u
g@ab
ToByte
9:$(
I%81J
u$u"
4:Q`G?
$(m
^0u|ZI7KR
j*JV
u`0xy
@S&F__
}dX<s:
A@(>]OL
d,J>Lx
MUrS
rn%R
2uQbcD
vit:
c{q
grace
3+te
u<1vz
8"BX
SettingsBase
MNX_zt
6v,08y
k}UM,z
x`:Af
DO~utdj2
^&#R
i/Xf
MCFc
}{Eh
70ED00C92FF5D713F18279C54CC104E044BF579C
wssapN
#Blob
gk+w
]32?
Y3o3
Kub0ty
KSwA
uv1["
```(e`xT
cxv&
;%$b
u 0*y
;;D^\4
~='j
S>t
EB1;
(4ym
Hu!0Hy
W+We.o
00Qut
fFwem
<(zrh
sjT+5r
01yqF?
Thc%@.
dPm%M
Sv t)+_p
{uw0Sy
E\\#p
7 A5(
'1ix
;,x]
Om()
```0e`
>Z^f
Type
yZL&H3
(,B!
z$?4yVH`
DhFKy
Ku{0qy
E*s,{
=ug0]y
G]9L
^O9"L>
```H``
YCRj
20r5
```h``8X|D
HuR0|y
u)5%{
O QE
System.Text
+g(6
J'B 2<
AnK^
b3mG
=;tu
@u|0ty
Zu$0
]-sU.v
2uB
01yqF}
MU/b
}uh12_
_AppDomain
~`P
sCIG&
s8AmPM
h[Z]S
j&{Q@
< eN
@uY0Cy
&_8
5 SCT
sm52y
IGtL
bu%0ky
T(vq
>msH
K7,3
Char
g::2x
3>uEzj
i`z@r
8u#0jy
&"'f[
d/gP y
```(e`x
'p 0
cB[7
lu^0Py
7u`0Uy
M$.0\
kD!3h
c`8l
F-YK
Duc0
eb<Y
}koZ
Z T_
String
_x'uBs'h
^u^0qy
Mq+;
tbBw
;wnm
sI>p
UT /E
<) 7
UaL04y
:v|~
7^3!W
&n 0[
1z FK
sJXJ
duw0Wy
M/vluc
+#VLd
yq$M
:\ `
w(K<
!:];
U p
1 LG
3)E,~
`Pck
K)k.&
nkIsC
fu|0\y
ColorDialog
buq0^y
l='IL
[ Y2
gxpQ
iu%0Hy
xc>
!uZo
G-) G6
%mhVI
uU!c
m^4e
B"}
_CorExeMain
nu_0qy
P9geur
Q&^e?
````g`x2}{
7uK02y
Vd7{Jxg0
GlsV
z'X|
set_SizeMode
sAk~)is
A-?.
xuq0Ey
3`P
6v>
imYi
au%0Yy
(_.k
y(vy
#t'V
7ASo
X-iP
6uJ0Ay
5 }Ob_
SS m
```h``
&,tt 2
buD0Zy
26]g
f`p}/v
;q2y
|*pl}Fl_
b%d^
.text
t5t[8
k n;xe6o
zup0uy
s %65!`
uj0Ime@F
ku~0cy
LZ,~<4
mj[20
nu 0Dy
pLi^
l3T
GetObject
LI>iq
6G'i
:ua0cy
L ]H
Fuj0Py
&S0#)
uJ00n
s`ou
MgE]
[uu0_y
U ~q
Convert
'=7
SpH{
e(Lqe`
u 12y
U %:
MW90
System.Configuration
3w)}
eu]0
%j4XhHA
~ KC
M$.0s
@r!8
PGFq
C9d~{L
~PgP
nup__
}rrP
aQ_y
1w|
buD0Hy
ui0
huj0By
6LI.n{
PerformLayout
-`7[ R
sZ1
E]
```Pa`
duIu
-Tn{
{"rYF1
YuG0
*|xt+
W_Xr-t
1AR>;
j ]Q_
LuP0wy
pU^y
N:U
vQVy
?0|\s
\+&n
juUY^
U5S5
Xuq0^y
z_dy
.JXqw
02y?G?
EtaOR
p a]?
grace.Properties
a`we
F:=s]
?sdH
\Ueh,
q6iQe
yHE|vYc
3$K^
g32y
Luj0Ay
sCfK\ \
Ym4c
SlW
"=/aG3
ryl`o
buY0Py
0>y?j?
3>8c
av)f
vQV*
cu*0wy
h_o+
Cua0
Of8m
t@0}y
on_E
wuv0Ey
Q.+)E
{.2
|uz0]y
^fv^
47,2f0
6)[ q
h8i
K|m-gH4=
J"Zj
r^-7
Duf:?
'ucB
/kZ
?6\+c
juV^G
>u"0ey
FbC
ju80]y
"m83
vUk]^
cux0py
^Z=_]h
^wL&
7uD0 y
Mmd/
]5\m
`jtr
add_FormClosing
hkKHT
u^00y'Gp
huA0|y
AuR0Dy
zge*
~uD0zy
GZ; 3
7YU~
wy\3
% (
(+U^
!tE%
``8Xbr
fZ':
.ctor
[\V|
gc>\
`x"T
K;.(2
{ud0]y
?u$0qy
ReP!
e#t
fn,i`X
f^As
( A0.
|Sk
q=C_u
0pUp8f
M=\r
-EreGC
kuI0
}H8hrD5:i
Z.;W
l`Px
l&*V
>ui0,y
kNOl
q<1
(!Cd
xtVW
7uT0Vy
]p%l
Jc`X
gvr:
W30,
}IJyJ5
.;|(
buF0sy
(ab#n
@uW0ey
wu'0^y
pCH*
rrsrur-EJSKSBS
0npfE?
h bE1
PPNZ
&pIU
zk=
0I`:
b)uO
F 5qI
YVo|
48x9
HzFt3
FormClosedEventHandler
d343y
( ] O
Muw0cy
N\6
o_CN
y+@~ _
CompressionMode
V?n`Qo
z )?
w$.0u+
^L.f=
)SZt &
o&mc
-{o~y
YBEw
%{4v
wy$%
Auj0Wy
[uC0sy
au@@^
&1!D
pQpi
Q+N5
@A5X
KrH(
2y6F}
FormClosingEventHandler
7%%.
u+0:y
hu#0by
68 X
]zp,
uv0Gy
Z^FJ
sAE.
Ku ^
?YEl
````f`
A9[N
e+].
r@0;y
&w,0
Lu_0Wy
l(X1
9?b<
p4HK
Au*0`y
s8Ez,<
=pO-
hwr1
_fQO!
mB!d
r^kz
O.BBA
luV0_y
2ukr
Vpu\
$M98
t 0'k6
Z{U,
"~^>
Z'cyX)d
z }k
4o0^
jfPI
iHrS
Bon^n
Nu*0Xy
#O=e
:{]/
2=+a`~
oo5m
%mo.
uJI_1
set_AutoScaleDimensions
8uY0Uy
&*6(
c/?<l
STAThreadAttribute
N+._
;TM])
;tC8/)
```Hd`HW
2+:'#
get_Assembly
VtN*'
>aEJ
$ j si
`0E+
Lz\%
W`P
1-.1
\kW/N
0-0(
jAAJ
%w|6L PT
>Lgw
C0F0157F4DEFB1F755968C5F80170A654C8023CF
h`L
\uu0
^ 2V
nc \
|uUY^
6`P
-G F
U2"Z
WuC0dy
pn.3W{
&*8Z
)V %U<x`
u#0:y
[zm_
7~e\d
83Q^=
kBcY
%iwnR
4/ ~
System.IO
Dd k&_4
Rl3/9x
Q9V3
H5;@
an`1x
LKT
Monitor
j3a__:
G8G{
a T2
uH2my
2up]Vy
h'vCG
x-,(
BuV0}y
/O~e
_V@,
20x_f?
Fu}0
F}K,C#
|u$0Qy
uV;u
tUAG
Oj-?
]#02s
bgKI
u}12y
v]2>
L8j
uS0My
J25&D
ei0<+
vIL{.I
2u_XcD
Y 8E
M/4*
&*8?
gup0fy
{/< @
R2d/o
LFa
}Sd^&
&*8'
Cu%0
SA=d
[ua0Sy
vu|0Dy
woLs
- e
~zE=
E{Z^
&*8]
&*8^
mv91
```ha`
<7m&
06y A?
IHDR
2kyHU
u903y
t 9v
hb>C
&*8N
]eq<!t
{<hAL .)
System.Globalization
```pc`
&*8t
?rS_
&*8v
&*8w
FuE0
&*8q
y_T{
&*8}
H 1{
~Ng^
~UF
stpN
&*8e
&*8f
/U3 @
&*8b
\u_0by
Wo6F((
set_Size
}j2EobOF
nrzv30?z
7y
&*8k
pHYs
cJyw
TT"QWVZ
Juw0
C,P
2ueb
EventArgs
pWY1
KUSz
06y"F?
cua0Cy
3Od`
CuZ0^y
02y$Oq
`95"
K3'|>"
```0c`
st\u
qvE[
02y$OI
Gu@0cy
SywF
UuA0Ey
y/G
```(g`(X
z?Pp
:uV0uy
:2[]
pR1Vi
.pcT
EMq9bSl
_`P
2uGXcD
*[q!
0;ySG$
dGo
System.Security.Policy
02y$O)
nu*0wy
u__Q
q^`X
F02s
ku'0}y
MPqZ
^&-@
uOFv
?/g&
^2*B:
-73;
MethodBase
.#
Zut0by
uQ0{y
y9-a0
,Te8w
Image
? #R
Evidence
u ,^>
[o$,
051-
|zw&
o\/'
{.}\
AutoScaleMode
dc71Gh
mUE^
2$ J10
DZB3Z
/n-o}2
@5j8 t=3
System.Runtime.Serialization
yke'
us0u
````g`
'M7N
vOfgQ
ysFu
+|j*o
uu@0~y
3=(S
}o*x{
bu]0gy
uJCW
```Hb`
p6ms
yuK0
HQ G'
9[~~
=_S^*
N}`X
]S02
get_EntryPoint
kuu0 y
BvQ9
!aQ\
d<ar
[V
n/&G>?
BeginInit
vMCg
f8j7H
[}fm
!78X
06Q|G?
' Ct
$u 0By
=y\
*/E<
^O:>M
Y&A
o{Y(
8q)|
m+1@y
ArkW
fuZ0^y
O_xQvV
2KF>;Els
q=0!y
?(l,
]102s
"CH>O
9ux0sy
=lx#|
03y'`?
zuT0Yy
Jz9C
```(f`Xp
7~Vj
6xb*
oFFq
d_Ca
vv1{U
S-8.f
VkX+
IIDAT(Sc``
(6.@
?MqPsI#6
c,%4yAQ
NLr
duR0Jy
2u{rcD
^uu0\y
8u^0zy
OIDAT(Sc``
,"N>
]602s
+@ E
|'vQVy
(Gs4
y9Q&
Mu*0
5=tV
sd'z1M
fuP0Ky
Puy7
Xy3Sw
:~qk
xu'0ky
O#`N(
"aQB7
J`P
*4?_
kOD7
NwR1
Wu*0
w\8B
7ucB\@
|uqQA
r/Db
;z2y
d02s
Form
t%u |R
Buq0
)`P
8}oHf
;.~\U
q90?
Y+nv<
qUai@
6!6n
}uE0]y
j gbW
kb X
1 #
Lu*0Qy
- Nk
9O6n
CIDm
set_Location
{U3~
cZ;^
'1]B/Y
CMpb
5j7S
,\x"
Gr>?
wP<
Y|(Y
M$uK
~RW
>^fY
Iuz0@y
ContainerControl
! 0oTz
%YH}
```hb`
_u_0 y
euT0ky
Cu'0vy
.<'E
````f``
tQvXW
HgcJ
}jZy
p+^<b5rS
rBK.
wuF0By
~n O
kJ[ &
a_@x
BJ}m
Duy0
mr2g
Po;Q
?L $
o b}
;ngA
l9Fcx
}8\y
v&02x
m7%G}
wFmX0Z
r6kki
/zS5ky
E.'<
0g._
W`v-{N2
a8|TWy
N] >
>{$:
e^|#_)C
`JK\
*0p*`
Y'"}
893&
ct=4
ju&0
^pZy
"k,)O
\s_aK
M8f"(
8v]]
+=\R,
M8.0
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
vs]
muK0Uy
A 2,
Rbv9
[A+q
0Y??=o
FpR
LIDAT(Sc``
nX&S
CuG0
{.ib
uyv?LI
[?;e
p!l$z
8H@(m
2vD}
.W'5
chXm
==?s
08n:
5J2I
jlFj
```Pc`
guwHcD
}0]X.
BuJ0xy
ra!2y
MaRE
efdp
Yur0@y
zK9J
~q 7
eVy<
Label
<7l9
uF5P|
w$kh
m#53
=(t&
B 21
w% nW;
<4y,J
t`P
>$7PYt
8Me' _Z
7]|P
( (02}
,TD5
=ug0by
MB!\
v3Nlb
529w?_:
vtb02y
.Dp 0
G5Xf
`tjn!\
<]{D
Guf0Yy
UuK0
muR0Ky
02y&G
IXs- ZiA]
-w#zf
D3 {<
~+$M
>99Ce9N
Pg;q
_n (
s; 2y
^9L<
NHQ9
k{V=
;yfoGu
Z F
PI0gy
['/2O
+M x
f81qW
Rw6|
UdW|
Xu]0vy
'qG
p;L2y
53TVF
CcIS
N4Nv-,
54E|Ri
`uw0|y
guY0
g!AH
^+~<
u ]?`
0?m_T9
Cuc0|y
<u|0Fy
@u*0|y
&m;>wVbN
2y6F
`oQ:m
U ;,
G?%Z
tn
Sfq]_
$[J[
._w_
sE J
/,~=
!u#0
Dt AwAJ
g (/q
c6Cq
EiJq
W&Ce
g`Hz8
,|m:
{{UC
dpVe
2@aD
mu|0Gy
Dur0Gy
s[hpZ
qe9f
`.s~
wB`
#Strings
l$8
,}7m
g=e3
y"_.0d8W
set_Name
zud0Wy
```(b`
gU28
vXn@N
2_g<
lq54y
2u%X
xgyfX
L-+A
M1b2
`uP0
+)w
>LS
}5`m
tUV?
/ks}
;u}0wy
d8QP
Y Ln
UR4:
jRT)
eHch
WM-8
$UNv?
JR4C
:uP0ty
Ft!1d
(VRU(
}"3#l
M 0
Nky|
bBuq""
o}rS[
:S<%N
=+v*
Yx\G
oGWO]h
~-gl
ResumeLayout
_Z~]
Zuu0{y
[g *
,S1mA
NcXU
zuU0Vy
MnV8
?,X<-
+/H^<Ib!
qq<w
7+E`
ValueType
_uV0Fy
z.}yi"
System.CodeDom.Compiler
X7#1
GuidAttribute
y(%q
5=I;
=X3
SetCompatibleTextRenderingDefault
&{_?
7B='
4}cs
b04Y
t?e`
Buc0fy
Y-B 1m
1 ];
u>/g
y5A_
System.Runtime.CompilerServices
>/ -F
jue0
M3<z
Gu"0Yy
bRR`
BjH:%
YzJR
9N>)
Qx'v
_ub0
Fu80Zy
Lu\*
;Z2y
pfci^
F=
\2w#
WOOJoG
X^19H
ComponentResourceManager
a`hW
2udHcD
B 2)
```Hc`
",b:W
yub0cy
System.Drawing
Os|6
;doR
s313h7
M`P
f`xwZ
\uj0Sy
%nIP
f 1sN
C;9Z
:uQ0^y
04o;s?
LuR0
GX5
gUV<
B|r"
_kbY,
0@ucN
'zUH
/R?n8
=u}0by
P6|Bw
Y "02}
WuW0ty
XR21e
[ cU2
i`ivn
)]v{
guk0
i+ou
+>b`
```Pd`
m57N?
-d@A
06Q~G?
y v[
).1y>W
g]4V
4LT/
+z~e
K=|6
9:5Q@
set_Dock
ICustomAttributeProvider
,G {d
ELYL
V-;'X
\j}M\i
]UJ
w$.0e+
Dpn5M
[ )a!
ib;S\c
uG0
w'&.1
p=:,
u"0 y
;Y~\
+] =
\uZ02
Vz2l
'gr h
rZri
AOPm s
dbYN
hsLu
nuU0jy
~02s
Oc}{
FormClosedEventArgs
h_g`(Xu
GhVd
S~3o[wx
?~g :
qb1>a
rBK+
{u<0Xy
R:)/
:1]I
\p/B
WJvu9
{{vm
^4kfX
`0`7
```p
Lu{0~y
{,a~
%V +J ]
y?3s
P^/D
```x
?u 0Ey
}WVy
?o/ga
vBs
;OI>
T8:B
CN*rt
K.WOL
@t>%
WuW0Yy
IG?u
*j}O
V_m>
"aFI
d.q
x4G?
-Z$B.
K{6T
```X
6uk0
"xkh
otQ+
SnWd:l[
gm@j
f7qy
BOb&
3+H!ds
AssemblyTitleAttribute
E~x'
$"t"<
y =
-aZ(
o<zj
l^|E
#1oi
`p8n
2<Ah5
[;3?
.cctor
^WKN>
Ku`0
+8n-3
7Y!%i
oUwYD[m x
]U.]
u0cF
Jkg&C
w8.0 +
N+"H
{
FuX0 y
,.:;
s3:>
jUrj
{u`UF&
FuF0Wy
~crU
sd=b
MuE#
TcT`
8u"0Ky
]u+0 y
6uZ0xy
_QB
[ Y2
hu 0|y
)3?6
I*'S
]nOd
F]*G|
#[-%
uz22y
7uB0Fy
```(c`
K;o3,
}n*{
?~-6
disposing
F@ve
a!{B]
rr xOV
4.0.0.0
EditorBrowsableAttribute
A7^/Q
i ,6
)2dK
?aH
20x1c?
G=uW
f|>N
u\02y
<N^Uy^
SU(es)LYr
g`0b-:
4C r
egtRy
DH7&
f<R-
Z8)&
j;r]Wy
UxDp
OoW>
sihf
]qzW
e\z
w:]
nu~0
^ 2H
U^_c
i@b)
'w3N
H>?;
k=}F
m{B}
i7 yB!
RRY
0EiX
_5 2
`4}f
/$xv
um5ay
<u<0yy
x>Ev
|^0
!u80{}
3System.Resources.Tools.StronglyTypedResourceBuilder
Uu@0
{Vm#
1|b9
u0r^
u
kk*K
p02y/B?
Nwf`
Sk.t
8sm^B
Tsqo
8V
)`1O4
Wsh6<=@$iN
dm 2y
1:tj
+y628
NnG#
RfHP]xu
|yMs
GiX
o\u:X+
((<P
V% [i
11.0.0.0
0@v6z
d X5
{'vCW
5Gm=
Gu 0Xy
yf)4
6t@-
EuG0jy
rvOLY
Y72t
GiX#
Invoke
Q_ F
k'h9<
u 02y
-.;u4;-l
^YR{
~:SM
```Hd`
JYQ>
,kD'
s9r@x
iu$0sy
@uQ0 y
7qO-bB
rfzz
s_I5
1By\
4)<1J
/5/]
bQyg
buv02y
^^p~
Lu'0ty
JZ%o
a_ !
/$ws
^UOR
8@Rre2
4H?U
5CxVW
&0BQ
\\GB
@u*0Zy
cZ_I
> l9
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
9&)F+
/{+3
uC<2y
@u$0sy
?I|6F
Vu<0
uI0Yy
q311q
) =(!}
GetManifestResourceNames
ZSeh
/w|
;c.|e
W<g`
PCOr
_2y6F
d2WZv
&Rx_sYq
z]W-
w0\
lg0^s
@8{v
& .q
@.reloc
}up0fy
*FH4
;uz0hy
mzY*m"
yw"2
z'^ 2
```(a`p
muE0qy
?51rZ
B'B 24
S:8
#!5\
Wu~0[y
Sm72y
4f\^{[
plZm
/>t'
+HPdc
5 kuV|
\?wM$
Zu!0[y
{-g4iW?
~z~J
bY.t
Kh4q
QuL1r A
;?-Ni?:O
/-T%/1
302s
XuW0py
{i-/D
bu_0yy
x.G?
8uP0Qy
vuB0|y
)]"W
o{^;eV
Dispose
muR0
}u`UF&
`Uk]^
*KI s
D<VG
}Ka(
<Os
YP{o
e9t[a
```0c`P
ZFXe
cl}Xi
zdJ.5l
O;T#
457F
u sK%
fz-s}
n?<G
Jk&B
1IDAT(Sc``
=rZ
PI0cy
=r:LO
l5?t
@q="
R0uG
au|I
=1l*
MQB1GrCGg
yuP02
Yw\W
Mf.:isk
J]ry
```hd`
KV.+zy
yKTy>
|;R,
u_11y
qi-
`D j
92,4
(~fx
6?V&
mnzI?
F }A
/P=]
8{uI
}uy0Hy
xR8ac
Xu\0
/zFd
Y 8z
Y 8}
nqY=
g8.0A
L#wf
rZmZ
L.pc8
[k&72&7
hJd[
)G}FY
luf0ky
jBcO
@{uX
>u`0Ay
au`0
/W;wGNM
e]w2
vr/n
e`P*
m^~Q`
set_TabIndex
-cQ-
fY9E]
juCQ@
uWOrp
{5wQ
Z+")-v
y: nl
03riSP
_ui0Uy
uui0hy
lYjr
Vu*0gy
;1t0z:
wuP0Jy
Gd^P
k'^ h
x "{}
x <Q
sY},V(
[u$0yy
)u"0
j'DW
23.!I
<v]GG
I)?R
zuk0ky
Y-veeZ u7W
Pi1#
tL; 1
0|V9
;[]#
_8xT'
{6o8
bur0Jy
+\JF
m]|D
+ONy9M
;y2y
Z95n
08_km?
b`8
'mV>
qk J
r2lg
Assembly
02yY
)ybA
~G\n
02|4F
cuG0@y
00BQ
m:w~J
T_x>
l5Mg<_
ugLQ
k_9{H
B\Im
hu*0Sy
):-P
=Re
nub0Sy
{IjF
mrFp30
rvXk
6OW=
0XU(
= ~
2u|HcD
03yNB?
DnfQ
[nC
SuspendLayout
2xWO
gu`XW
uj0ay
'u301x
N3A2`
} ^ 2
DuV0\y
D%=0
2]o"F"~
_uJ0{y
Dg 6
8zS@
e7L&
"Kw }
[&o*
4/7?
5#a
^u_0ty
"q [
02y&O
89;*z^dN
kD2
,;{h
6f<n*
lut0
8}!az
9,H8
Jqamx
.T<7
>(a4^)
\?/aM
*s{Z
Jt1k
g0}]
1` ?
0kAL
]uV0
set_AutoScaleMode
M$.0Q+
{uw0`y
Dux0cy
Cuv0Uy
KIDAT(Sc``
<u_0[y
y5;/X)
Y\DMs
yBC6
UyyZ
;uP0
Ix' w
"<Jl
P/woS
E9pT
U02s
&s?Ua
5 "~
<uk0ey
KuG0Uy
2h6f6
uS!1
!}E
Z'B 2,
Krk5
KuW0
X
~hZoaH/ZV
6 nx
f@ O
cTIx
IContainer
uN00y/G`
{C'0`
kNKf
y<oh
r%l=6
[ww
```Pe`
=u'0py
%Kx#
?=&h
SetData
S)E{
huC0`y
1 L5
LY[e
] ^r~
Ku"0vy
Uu*0
*610H
?lb:o
L(lO
|jyo)
G5Tn
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
F@w~
w^+
umN
ISerializable
5?K_a
G^7F
~:3&x
v ^ 2
````c`X
Sv-)9
h~ u
ko*s
5In
316,
f`44y9T
<s~y}
Byte
[q1%
X c
k? \
:iSy
ToString
Bu"0
fzgOJ1
iSya
q6l(
UmfXgo)R
#@$p
:ux0fy
?8Xj
X Z
X [
S-q
]y^H
iO5;=Xx
X E
|g`;
OG=.z^
ju}0ty
y- f
set_AutoSize
[ue0
22yTN
wu^0
X I
u"YYaID
Control
c5F0
<vdi
X 2
~z8j
na}w
jux0_y
&,$r
H02x
^U0\,.
X &
T5A[
>|2p
b[@UQ
lt({
M ZT2+
X -
8,
Ezmfq8
ha|?
nuD0
}33/|
q310w
Bui0xy
ResourceManager
RuntimeCompatibilityAttribute
gfW
F|__
Z6k5[
>uK0wy
BIU=5J
Wfk0
un00y
YFq>
8[:?>
X
fuk0ty
vWNt
`]1i
uo22y
i#(f
RLbc
PF[M4H
jG
7\?q
VCw,_
;uv0fy
Z)4K
f\v=
}u}0Sy
9Bu~
`Atd~
p/c
'IN<
8u}0Cy
,S z
>uW0{y
VX>y`
w%So&
Guy0Qy
7]6}
l?yy
3^y(
|*{N
DockStyle
8jqzE=
co9s
?$.]$
System.Resources
{P<'9|Q
6u+0Ey
[%V'V1
Au{0by
$wYp6
1|KR
v1Dy
v0^;
\`de
b$ P
gU~D.}[+
Iu*0Vy
g>87~
m&s3\
#.?i
+ B"
HDl
5xoeR
7v}jo
wu+02z
|)
02y!GA
y4`l
8vLf
Cu&0Xy
T3o}r
set_Text
6>}Z
HJKU
z`P
02y!Gv
s )sz
Wg}x
|^s
}-J]o}
xu#0
nC{7
uo.H
OW#V
9u^0wy
?r3i
(Nx^
Z7yI
%&IN
}xIW
@u 0Xy
X~a
Y 8>
`,%4yRR
0|e/
s)[SY
zuB0
cu%0yy
-k&NyU
0Hq<
au|0Ey
V]FCj
d&03t
sW:n=\
Y 8&
&bC`0
sbY9
-jvv
}WXO
6uu0
0|tWK9
Hu`0|y
N/197[
J c\[
_ OZ
~u#0Yy
j%a_D
0,z_
```(d`HJ
{*QQA
#?ms
ktkc
eG.;
~M*DA
nu`0`y
s[~*
B-M]*
@uW0@y
ylOM
Y 8s
:7_2
huJ0Yy
Dtf?LS
S/,9nm
/NAS
Y 8k
Y 8h
<}F]
OR@Np
Y 8c
.|[4
Y 8d
3_Dc
_*5]aP
LuE0
Y 8]
.#Hki
gvej
{c.
k;@2y
eNqY9
Y3{C
[ 7$7
Y 8A
}u 0Gy
?6x )
01y"F?
ynKI
Wui0Ey
Qp?Uit
]602s
M\3'_e
:cst
p^FM
vu"0ty
AuK0
_C?
```(e`
7w5_
#vB[
M?22OA
BSJB
mv3|
mu80Gy
2!!S
uu0!y
<uI0Ay
wZ]L^
78g-f
@E~My
^;_<z
Read
ypj\
YSf%
=u\0 y
Console
+!`
w=sB
V*- 5
Scbz
ERV
ho@u
?u}+
qJ@$
*@v n?
%V_Rd
Iuz0^y
5I8w/
&baa;
P8rY\4
EWd
;se!
Yk K
```P``X
%KO=
ViL_<
Luy0sy
23n_
yxVR
Lxc|QT
/u:zAt
{ +9h
K1SU
xui0Ty
(jjk
>u]0
q;42y
Fz Z
Mua0By
Ovz,
]102s
kfX4p
n|d;
P Fns
xN1kL
@"n/
fuU0
D`P
gAMA
Sm 2y
`wwn
|Y~Le
ye,W
jPSeM
Z02}
jr 1Jq
uS029
`U2K
pu>00y7G
Oj`J7
`iU|
jb~,
|u\0Uy
y5E6
{K1|8
g[;WD~
tuKd
uc02y
vDm:
C8f~
6uC0
}+{zG
\Lx|
ZZ22
!~RL
auX0
Ph\Z/OZ RH
$$pkL
mscorlib
!yQj
CuE0
-Q^y~
uq=0iy
cV^6
02y C
"(~>G
,(XU
vu{0by
?F=)
B68v
-~A1
.{EJ
3Z:u
aGV/=2
&Mu
t|G2y
```pd`
?F+[i
|B2:
=uF0sy
ZQ}3
.Oxy
KJ>!00
Cbvz
I9TN
)0\.
yug0 y
u 0/y
:961X
e{og<7n
zU&&
-6a8
';gH
aWos
JVl(
{u]0Sy
GuZ0zy
1Wgv
<Wq
G?\v
>v+R
nv,0
`U2>
7Kzn LR9$%
luf0
Q %w<
h;z%w
X::&
SiEvr,
2u'b
```0a`p
_Z]
)U3&Lx|
Nu 0
asbd
lu`0vy
O B2
Dud0`y
~K$;
[M)#'
HIDAT(Sc``
ContainsKey
System.Reflection
uu_0Ky
aQKy
auF0\y
JuP0}y
f`X
gU@y
hue0gy
^u_0 y
|B2*
0FsfE?
TvZp
=Qe8
s!Y-
K/6k
1ypG?
ITEa;
1p$Z3
7u&0
yu;
| _{
nNQ~ow
/f$
MuV0 y
M'BX}
hIr)
cO>gYy
o\K6oI
Object
seOu[
'E+c
LuZ4
cDKy
_O/4d8T5
uVTu
d|Pw^
c>i< I
O00l)
aQK;
\,F7X
4# s
1eSy
7=b`p
9QzQC
'o/U
cuK0
Size
&D03
Append
*s,Te
'd0(M
@qw`
7KylS
crSH
Eu~0ey
;]w
_l)y
gu@D@
13Wp,
:_eq
```hf`
2uYbcD
VuV!"p
m Y
$-)RNh
M``8
u7o"
Iu\0_y
fXw:
T@~|
;uy0Gy
*|J0zn
.n>5
`uI0Gy
}/`Q
) $
RgHG
2uiHcD
*b}
[u`0~y
*\q=
x~ChN
VdEJ7
[`P
9lGOm4
]|g5
~a0>x
yQ>3
-4ux ^
s ofb,
16x+@
_*dtq
-naY
d1bN
Eug0Cy
ju"0\y
huW0py
? 3m?
&BG /2E
/-Pya
fq4c
s ZX
hg0g
d(s/U
:rq~IO
eU-^a^">E
E{l?91
``q;
0kWY
~>Ct~
S1'KV
aYP
UD&]bL
,,n)q
brss(
owyy
_6X2
0HdA
2,Vv]
FMC9sk
21mIAm
7u_0dy
>uR0
:{txY
| % w
Uu 0zy
]u 02
6z4"
oP,EL
U)AT
/f4
lj`$
?vl3f
gb%
@,<q)A
D^vf
m>3/
:XMm
^!tm
;u,08y
_lZw
+ P=
+I E
HfbRl
)q>(vc
'-~
WL0ty|My^
H$Mzq6
9P}[q
ub2 y
x$8'YLQ
j~*{
=VLZ
o93lb
wdM+
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
<l,e
jt0?m
<|3'Wr~}
.\
Ak52
LiH)
OV %
6u 0_y
Hua0 y
```0f`
SOJNz
Ntu2f
vuJy
<up0ay
`tud;1
Dz
|>8]
!This program cannot be run in DOS mode. $
!%O>
Nn ?
SxBjJ(
YNJ9
jxA
uJJwJ
R16!e
```he`8
)I&>~g
A<-t
6V_f
9n5z
CuY0[y
|uq0py
``p};;
2|V
mu^0@y
6Z&b
2>yJ
U0 h
G=R\s
V]Z
ffW62
>`P
u%09y
_Z,7
0F6W1,
4E5{
w[vOg`dWK
hui0Qy
Gur0[y
p>@!-
-<1,
5#[eT
4c~S p
6iB,
|k2y
set_TabStop
}u}0Qy
0nsd
'F5
O%c
_!U
l? 1
h e\8
T9C[4;.)
```ha`PW
"'?~
w%Kj
set_ClientSize
$f2S
[d}6
get_Name
;4W5
>ur0ey
~10,
```(f`
ERcE
```ha`P{
M%!S
7uF0ty
8ub0Dy
B U=
Zx$U,D
)oUT
````b`8
K:?`
vu+0
v^<j
ggqh
u,0:}
w$]"
N AzM'
Jk#q
uW)P|
*yN>^
diU.b
;-gaf
UZ$\?
Uuw0Zy
as</
e>&h
]KXu%I3Gul
lu|0Xy
4pH6
uR02y
#BuH
t50
hg+;>
Huf0dy
fu}0Py
Juq0wy
TtAf
m$WU
vW +
1;"#tNm
1@J]
)sYte0d
Yua0|y
=u`0Dy
K=~,?'
=wm8
Q=zI
TFUt
_Assembly
L5D{>
6u{0]y
wup0Ay
G4bJ
^^Ue=
owZJ
muZ0sy
9[u=
I9q%
u[22y
RV,/
|u#0{y
0HH?:yKxV
]BQ^
A`P
?QP)
2 ]+:
IuU0uy
?uR0
vui02
/Q ^
Yoz{KNc
Juj0Uy
%MW#g
tnLV~
a=rCZy
xe:f_T
1Ogt
NuY0
gT_uh=
\Xo
Lu|0_y
:up0yy
Zk'\
xu`0Vy
.hjb
T^G10
W4tt
Vuq0wy
~JVQ
F96i
j'j+
W\.S{
u302
Fu&0Ky
8u~0Xy
~*>SIv
jy>]
#jW&vY
wEQ
">~nIua
w$.0G;
E->(
^`Eb
c6sxz
7u*0zy
g&"<y,U
u+02
s32 L
wQnl;$eMO
u>!4
v ?N<e`X
#3}d
[7wU1A
V?C{K
t<T4hEe
o<'&O)iV$C
cchY
SMw 9b#
gS48x
g}^:'_
s$ Ft
02y&G0
Y{0,
v0a
1|EP
I6CE
)nl0
xu[0
bOfB
cO<M~u
uh>R&{cH{
s'&^
L30x'
bu<0py
wRSI
y#wR
%D@Z
f0;|SO
$vE^
S6VT.,
?zJ'
WUQ
*C S
zae!
+T Tz~
v4c@^
F"
Fu@0Wy
hJc-
uB0 y,A&
pUb
vl`Af
D'5g
+:xt
Hu|0`y
]r zB!1
\ur0cy
{NGiX
q-<z
bA'_4
EditorBrowsableState
z n
]y02
}vZ}
ua0!y
}vzdi
S'jZot
_j\R>*>
h4f4a
FormClosingEventArgs
?zRz
ck?'
=qa1O
$cc1e5700-d27d-4da4-9a92-9f5c56576995
]Fw<
RS~+S
[Z
`OwqeV
u|9+n
DateTimePicker
k%^/
lQo
,ggn
[FDHf
7uT0@y
g$.0t
s[9|
zNhTn_
jiqP
V\f^2
pfE?
?95`
oAMC=
iic9Yq&
|C @Y.
vuT0Gy
9uu0
6&^oV
q6":
tg0ay
1Df^.`K
CultureInfo
*z'%
|`6x
`:}>
d`p]
4 |1
^ur0
.`6E<l
Axw;
GL`0x
{lV(
1ig
MP2u'
a~~$&
ISupportInitialize
`P
~z.S.*t
d`X
b`8;
/x:o
\U=?O
Tr+A
;u`0vy
hon
6*LU
Ti(~d
b#X#f
vua0
hud0Jy
=OVi
6Lf;a
```(g`
E02s
aXx
Z ~H
1.0.0.0
V.Ul
>FPM
r3w}
e6Qb
N-YK
VWwq
CompilationRelaxationsAttribute
cP>x?
```0g`X
b-CHJ8`!
v459zg)
uu*0sy
@^
J||u
gm~f
LoN%
IM7<;3
\uX0
gt[
`uc0Ky
9ue0 y
C_sZ
ft,0
y- S
02yI
PAs7
^nPUz)
Zu\0^y
Yue0Ey
MSz.
+4 E
U02}
9kBM
Tnsoy
68Lfx
bq>%
u{02
``x
'~(7
Array
AHRw
b`8Q
.YvE
AJ (
r; 2y
bGr
AuI0
mL04y
4wQ7<E
xI)-H
%?v*
u]2%
,3DX
\n9'#
Y'wY
1{fX
ub72y
=ux0cy
OQ
d`0n9
Bw2l
+D E
vuj0Qy
moNi
vDWy
yka?
MuB0gy
xDT?k
D7Y(
cut0}y
Q,'0
Mq41g
^uA0By
c,a0@
*CNL
xs8z14
@v31
/^#,
*v8A6}&
QLAZ
y{ra[
guF0
gG]
#<W&6-
%7aw
Zc<:
{u|'
f`H
dm6n
Guu0Yy
WLu^A]C
set_Image
|$>Et
/Bns
8uc0Qy
IzDjx
Yuv0@y
^_V
{uj0xy
,^'x
|u"0hy
kuTUF*
K4/$
fDW
MH\c
5nn >
Ny4{
IComparable`1
4;M/7:
[X0 *
^<[a
_u#0}y
JrHku,
Cgml-
MuA0vy
v.xs
Gg x
OuB.)
3;PQ W
^6{
]X~_tGI
s>zz2
0SBv
:E^,
V[10h
:'&e
WQ!i
V\0ey
<6/d`
{uE0Wy
7MEC
gQ@
[ua0Py
3XI-w
Duj0
jkhG
J_O'
/gD^Y
!@$!
8vCA
Xu<0uy
Uuz0
=u'0vy
f6rm
/x?I
kuy0
nu*0hy
2uAbcD
XX@6
Iuq0 y
)4 .
E.yI6
z^U:
yEG?
;ot%
IuB0
AuE0`y
u0wg0
|pC>L
8+zl
;9]y
o(SD
wrYf
[=
&OQJ=C
qVS C|W
jE|EhE
Concat
e`0l
rQ{58
8f\F
! !"+*
/xwe
tvjp)
Z2"g
tS*[
I#(O
(g*?W
GODU)
|6|^F
yt(#
?V?,
O%$'(
fuq0wy
BuP0Cy
tY\0
DuV0by
B 2!
t800
[Lw{o]
{uK0[y
Stream
z-bb
vEOk
81hs%m
eU@
_ue0Dy
I}|<ww
Eug0
h2vo1
?uV0ay
{K'ho
gi{]
%_Gv
q'wBm@;
f]l
-Z-=8Y
f34;$
Nu<0Jy
y3IyV
1aiG
54#
iAOg
LukN
{
au*0fy
]zs4{
g.t?)xEp
MethodInfo
Yw@/QQP
j[sn&
\mf=Ae
V7=-
au!0Fy
E/4s}
h x)
s%_d/
>u/00x
2kI8
)0B
Yyc23
xOvw~a(
=: x
]uE0Ty
aKOM
8)PrI
_?BZ1E
huwF
NU=V#&qA
dGX3;!
0-4 qIWT
9u<0Hy
l1Bh
s|I2y
&P*^
sCHwh
INzO
Yud0@y
%`:F
VrDp
X^8c
iQlx
zD`B:
H>Q
>W<W
2,X)
+Z?^
3FW
*V6<
G(%!
NKL5 4
m O#}F
/.gUn
rB27k
V{>uA
gR>#
rO-+
,2I[
M$.0k
\ `DW
6l u
_QB\G
M$.0c
zef;
{U@-
>ut0ty
M$.0{
M#3
%02x
7M_G
;U %
P9o"
+uT02y$@
rM?s
-6[
DRJ1
Z;7:
vu$0Ay
Sgy}
Q+&jt
ku[0Ky
}u"0
t}!oz
WrapNonExceptionThrows
Tw,eX
8G'4mC
iohR
|`R{
f)FD
,>1E0)f
RyioO
m`P
yw1_Ux
gp?~
2ubb
xuV0hy
VuX0zy
8;1Z2
k6|TW*
OWHB
o%0C!
^u^0Cy
+v?2
g 32y
?un0Iy
;uV0Zy
;uW0by
28OK
.`P
;pe;{b
Lu]0\y
5s"?
VVBt
~uv0ky
@u@0Ey
0<4*8
7w"w
!~VV
4 GI
u=F }c Zg
S@>$Em
/_w]
s313k6^8
F'}
y_Gd
mcf8
nSf8
>>Y]
=uv0Zy
7uR0
m,08y
U.e6
`uP_\
s9r@
7 Qa
/8&Q
.30<
00ycG
Lw}t
mkvo
Tx,d
n1|c
T_-Ix'
%>iO
vJyA
\Kp O
fb743{R
GetExecutingAssembly
]nB5
lI1ukg
hu}0Ey
-U`DS
z.k)k-kQX
~oWm
mfxu/,z
'o1gX
! K,
vuR0
''6i
Wu"0[y
5E0AWh
Uu}0
(23
:9J
z @d
|uw0Wy
[bs\
kuw0ay
5~s{O
Du@0Uy
=u&0Jy
;'Im
2<X&L
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
SjWv
5&5
~L0ay
o3tU
{Y
X8de
:L]
wqg`
U2sx
s~Iq
(63\_L
.`^a
1|k0
}$NXZ
MuJ0jy
7M8T
)MJ7
s?m<U|!u
eBbW#
22xog?
"$=
1oi|
r\sNI
-@B/..
InitializeArray
rVKlX
2 U<
#'5M%
qm3}
zuF0Vy
B1,y
Vuc0
61x.
(#m%
m7^fL
7uG0dy
7-XyA
8uk0Qy
Point
Z/lZ
x/~p
Fuj0Dy
09"v
7elt
{>ga
FqN
9uA0uy
K9Ul
ToArray
f`hi^
q;52y
A2(Mu
4b?YJ!
Lg2<
muD0uy
=up0 y
h``0
f\^0,
zRG
add_FormClosed
cy/
4:Q:G?
38^f
Y?a
@j4A
e\W2
EVmi
TtCw
1[K
0cmI|
[uWS
@7/%4*p[$&~]0
;~?(0
h#;Rc.
X`P
~){p
)02}gX?
w w(
rmks
oRo)
Xu>U
R`P
k #`P
c$%/x
"x5N
;0B
G2;k_|}b
wI e
eu!0hy
{BSW
Mw,1`y
uuB0xy
lu\0
p <SJxS
~^T?]
Load
Ntw
IEnumerable`1
w$.0}+
[AVmd
{WV: N
o&PX#
`\gd^
jWd
0[x_H
"]'A
vqF
AUA
UG|EV
*A[
G?Y[
huZ0^y
kWZ|
zuG0Cy
5P``
`uY0
vn|Q
a<:y
Q3'8
rqgx
Mfh
U*!~Sy
[!ZT
vF v
Dictionary`2
Yuw0
System.ComponentModel
W4fTW
P&h"
$H(Q
_u%0By
fN)H
kuJ0vy
G^N(
JuG0Zy
kK!8Y
cu`0
d;"2y
qk>ewl}*
szE.
Default
O02x
b0,}
AuZ0Hy
=uP0xy
*W|z|
y#{Q
81h-
9Oft(
n97J
Fuz0Dy
JpPB
6$A \
B8&g
-M{'
$u&0Cy
lu`0ky
6,:e
Bu+0Vy
3SU
I% r
^0|W
roex
XuB0uy
05 m\4~e
gua0yy
y :L
\)D!0
zTs
z&J]d
RuntimeHelpers
System.Windows.Forms
2ucQ@
fud0
\|V
\ Jm&
?~x!
5%6u
\uZ0}y
>T z
g g`
FmZ
98Gy
kut0 y
~?_~
u802y
juI0
kY:#U
?+ii%
\ 1j
~h#f
;#ec
KuP0by
16y?D?
2vDt
QS{r
quyy
72$L
nuA0uy
<uq0@y
v@?}
7]RY
2uWXcD
2[<al
&olP\
K^Ne
`ug0
bZhx<
ComVisibleAttribute
4-TvnZ
~gr!
UU*ql
BHf/
4F&,
N&WI
a$WtWQ
vx1l
bA|
M~2
grace.exe
Bu\0]y
?8>7
0?['
LNXM
)>yB
2utrcD
v5n.
-kfL
le+52
Q: $;|
F^;j
aA,.
y@UF5
4Ll(
set_ErrorImage
>DhX
\u\0
nzJKUw
Dux0Wy
oDb7^X
Fu\0uy
Xu$0ey
.XtC
g:73:
x gs
#NH1Z
&]UB
3v Y
"hM`
R,9s
e;@2y
fKkO24
=uC0py
]X02s
YZXY
+2.~
|M@e
z4Jj
r|}h
&=?lz
F?kj
|02sg!?
WuY0Dy
%/^t4M
@bLH
xt_V
juy0qy
c; 2y
r{Qp
Mv>*
G?sZ
t0t/
hud0
mq,Q
HuZ0`y
huX0{y
SPbL
7ue0Dy
9yi/
oB=,
+s_lk
'1$0
/ U??
J[cP
:u!0Qy
n}lsBz
q KHs^k
w$.0P;
ku[0uy
uO02y
.5sv
W} 1
&Xu?
|ujb
lu@0Py
Pvi+%g
Ge_
G<zy3*
;2c_
+L6{JV
On7Y
P0C'
uWenb
RTgO
z-E3
ControlCollection
#gh;
V$0X&
Application
wzmh
&Mw3
DXJf
bu|0By
oxXM
B'U"
jNpsy
mY 8u
YP#B
/yde
vv]
n P9
j_
{@C,
Kut0wy
Exit
op?2
2~C"
fdf
20xId?
a|Bv
97n;-/
aFOe*
{u~0
dkoI
*wA6I
=li_Vz
|%uq
u=1i
{?6y
d7B 2
#+i'
U>g`
Ax/l
y>G=
Zo"mb"4
YuG0Vy
{u{0}y
[R/
_,
u(62y
C >S
/;,,
+TK[
McL@
."X85
*M#]
o~ix
r333{
g.}8
u;0.y
E
BE U
7z^V
NekJ
06YYE?
{w~_
muk0`y
d;(2y
Kr$ro
8u`0ay
I@V/C
aBnI
_ 3l-
l;5q
j 3T
&9W(wL
&*20,
l8u3#
9l'%
g`hz
]uD0Cy
A]4q
8IK}
Lu{0Gy
Qyev
````a`
O 3;
>2 yz$T
7Ky'S
GeneratedCodeAttribute
8uY0_y
Uuy0By
{E>-v
S/
/u\Wq
Dt"
vKF+
n1]Y
22y$N
l4>U
v|M2y
MemoryStream
-={[
MIDAT(Sc``
n.fJH
cuI0hy
"iA*
0]mv
1=XA
k)=%
?\!0
ruAO
c5Cu
Y&G}
Juz0Ty
f B
v0^
! R_
Omu}!
ub36o
.xI\
~Usy
r1H:
NHrr
WH=}
3X~Q;
System.Threading
~T^]h
PictureBox
:u\0 y
w %&Z*
H<uc
2u@xu
N,B00N
bDKZ
n2lU
s>pU
S iF
03yUL?
.`{i
`EF\
m:~9
uN02y
02y!Gc
69l(r
\M
cl`chs
VWfd'
RuntimeTypeHandle
ResolveEventArgs
wpCTL
sXD/_{F
0)Pg8
UdiQ
01yqF
eL04y
=3ZB
jqF
< @h
f.1JI<'
w0}
futUF&
) +]
|(Ss9
# "
+`P
7 Mt_
qzE=
W6}<
fI+_
b~u$
{`wP
6+}qU
8.(0
MqvC
$wg2h
Nh1sp0
}ux0Ay
tzOW
G{?E:2
a*j=
$h}zt@
0TwY
d34"y
kY.Y
```(g`PeQ{
_~HT
Vs<|
vLdx
Sb?u
9=(p
kuE0
y^'n
! \}W
luK0
>%W;
qW5g
N'#A
}Go2
-cM5
[ZVl}9
uuf0Sy
u&0jy
~?$Kx
f$lZ
u)$my
r]Wy
3v.
vuTUF;
|BYW
3W+[{<
u,0:}NG
-bJ^=
T K4
fk9<
yut0sy
Uu<0[y
zrk
mu<0Gy
o*Sjt
tGP|
Vo?~Mk
Random
Lu80 y
u`-%l
e*1U
)/cP
bA50^
>OGHVH
fw}$]
Next
ZY0
|hh#
l_}\#
8o40
o,"rN
?`P
OA E|M
P1(Z
muZ0vy
f.`Ht<
u5% l
g8.0u
dO-Of
Gt^X
fuR0Xy
^}4u
t)-"
_d=
d9e91<-k;
r_+}
_cr|U
:7Rr
Wo|^ebunkU
6b3x&
mcvI
vB27
Copyright
juAUS
tDZy
M=va
`uc0
8[Lj
=uP0Wy
&jCF
L.FzG
ur0Fy
w{DH
b?^B
vB2*
Li[>B
?dXg
gUAy
1dEA
luy0`y
]z>M
<PrivateImplementationDetails>
EuF0ky
]:?E
7Do
&7kC
}rvB
FuR0Yy
d2dN
$a~~
`9mqx
[0BQ
nz\
fqbWuZ
2 UvQ
>u_0sy
)aL04y
5+S<
kaT5
tn10
ByG)
6hzl
Xe(
, #.
_gMV+
Er z
eu]0Vy
set_Item
LinkLabel
6('9m"
zc[&
auu0]y
?:Q$G?
0"yGCl
o 7
get_Default
t~oTs
g<wb
&*8>
Vu~0jy
_}2
dxV\
A<\{<
X)Q
KuD0Ty
epjs+
'+N
JIDAT(Sc``
l+ 7
.D+8@
e|tV
o*TpJ
=.[
ur6/M
Yud0hy
IpM^
:p<3
cuG0Hy
]wTKc.T
Yuu0jy
-0m>
GC'e
wy\
%M-6
(02}
Q_Jy
3Y8t
3+~%
jLG-
z:cy
']m$;ui C
b`Xy
['KZ
Y pq
Z?)T
^|U2y
\oU
xT)x
/I`UQ
`utUF&
B`P
VX2&@
W8gu>
rtz'
}\"^X
}ecFhp
k}j"
nW2*
r]2?
Ddq54y
M3v.
'-PE
i7B 2
p2l&z
{u'0By
#q99
g4ui
v0B
u%Fw9
{*_U\
+ocg
Z%-[
uv01y
jw<b
lx8>
a+-;
A`*}
4~yE
EuK0
;\2?
W`yE5
- `#
uv0Qy
S_#g'
k2pG
<Y +
Rh f
`hL9~
&\*jt
`[D#
P_@Z
VC'R
vv9p
M~\=
%c[ \
vT2
b;f]P
g~vjH
lk7(
05y"F?
Gub0Fy
dK.Oe<
auZ0zy
-Ss^
[\b
a]33
!ZwB
5FbnY
%kr3
Muv0ky
Enter
u732y
D~ wv
vj/:
-q@~
20.q4
qy r
q^+J.
ub,w
dbVT
```he`
miXq_0
aJ!#
```ha`x(
z}wB
woM{
\jT|
>uy0`y
U&zb
`<Ra
m gUA.
~Or?
gRj/z
```ha`X
t|t5 {
u542y
{lv"
;EN{
EqRN,
16y4E?
System.Runtime.InteropServices
JuT0wy
*`l6
_|rX)C
!u`0
7(oO
M$.0\+
7I`>
pD8NT
jFA;
Dy.#Q2{
_~2
RLN9
Ql=:
_{#B6
Oc8)
lux0Yy
|C_
zqK[g
y~
DuY0]y
64u)O
6y?G?
{ `U@y
}so
7uR0Ay
uS06y7G?
Y&4f
Em=)
>K-"cr
cugBS
cug0\y
]f/=
([;i
M@YuY
xg tn
{uu0jy
_f}v
@u*0uy
SuppressIldasmAttribute
Juk0Ky
28nu
?9<1
3'U(
4%w3
9vqg_
9yr.
~uU0Ay
IEND
<uc0wy
m}wc
NB b
juk0Wy
c;5sx
Zui0py
KeDA
^Ru|
"U3/
mj{0
O&u;
Ykw+
i8sX-
:TX-
)LKA
}uz0By
zuU0yy
X-H \y]
kuG0]y
w B"|
S9:$S
u- S
uE0jy
j\3/j
02y$O
=^UU
U>&O
)g|%9J
bs7;
9voD
02y$G
Settings
Wuy0zy
```h``0
GN=p
K00<
KuC02
h6r7
3L>;
({~lc
u|R2y
buk0{y
`h+[
he=s
8uf0|y
Duq0Fy
#->^
;&U/Oa82
fuF0Yy
7_>l
6~WT
?u'0Py
d`w2y
?3h'
IDisposable
vBS
% :^R
QC3bX
'*W<
-s"Y
bN.o)
`u%0 y
".F0
0$yHM
]NwX
a]S
```(a`xw
28wg
K^ n
Y4 ]
6.{%
```h```
JxL J
b,=/
2#7p^
Close
?1_p
>4C0"
vuj0]y
ACvRy
!Z=L
m*m<H
X\ 62
scz5
p~1dh
7N7u
" DR
HW+A
d8xZk{_
GuW0Hy
gk'(
muj0
)ym[
5W<w
LVh_
?u_0py
AssemblyProductAttribute
WuP0Yy
e-%K
hLUx
-EeE
8enLj
[u+0`y
)Lw\
6}_-
`0e
3]r02s
vua0[y
wUJy
AZI3K
B|?O
buQ0
<Module>
`{L04y
NIDAT(Sc``
|pUz
$~='
;O_ `
G'9
wEkc
j?%q
Nu80`y
tH>G<:L
>Swj
Nu&0_y
/306m
*o ;
02y&Gv
Wr8$ *
~jn}s{
%^n B
< xd+
nuF0ay
JFu]!
Kuk0Sy
fE.9
6 \ k[
YEJ{
`_2y
"w,b
~B y
uP0^y
U?!O
M gUAy
a_U
bN]^;
[V?U
SizeF
65j<
```Hb`x
wePe
2018
get_Evidence
Xux0Wy
wx+04
=|T$
buc0Sy
#.ZZf
c`h+T
ju'0[y
AssemblyCopyrightAttribute
Se0Y(.
tIFa
9RXR
UxpIg
6M8O
huG_q
#55s"
{v\
DeflateStream
Xa7}
(<f_;%E
:EbN
4l No
Jt3
eu<0Zy
| r0
[u$0Wy
du=0Wy
MUtV
g%^;
CC~-
Y:}j\
'02x7
u_[)
#GUID
<u"0Wy
EQ^
<1."
#BSS
C][y
>e{o[
9CIGr
A>qZ
u~00y
s%jg >
(LgM
3ax #
d``+
-'h
pUAy
5LWV
tPZ'
h.JF
,wgVZ
vDm<
??wJ7
;= .
Synchronized
o!{y-
EndInit
~[hM)
5hD[
ak/
x|d5)4)3)
wy*C
r-5{!z
HuD0qy
KuE0Uy
q902y
Yt0U
X{8BO
]$02s
_(fr%%u
zQH[
Vu#0xy
03y"F?
~uq0Ey
NMMe
jU=e?4
:]8kV
5MhG\
````c`
e0a76992-e643-a2.Resources.resources
<@Sj
,w9o|
ApplicationSettingsBase
u<02y
: &\
y`P
%>r\
UuE0Xy
CnJMO
<f`_[}
gzbI
EucB
lsY25
L&Mc
op5
3/H0^
3_r
7Kg(
2uIbcD
, 3vu
^`P
IPL Q
GuW0Cy
qe*k
O[?bb
y"|
0~sfE?
o%~*
EventHandler
~u"0hy
&KLt
dai(
g*1.|
-N0M
&!UyQ s
G5Ul
Muf0fy
|rcY
Cu`0fy
n:|Q
u;42y
*by
pexo_
NLxO
1eK)
:uE0fy
02k6b6
{F!0U
K[mQfP
BOL^
Y)&f
Lqa:
9uX0Qy
n?4-
-yz
Nug0Fy
u802y
;QLo
^t:$
z^Uy
ex)u
uJ0
}ui0
f`P
w{=M
~uF0Ey
qM2h5
/ok$7
/L`/
x{$6
'`P
a8'`
O_:J
/R''
v30>z
f'vL
`qF
ku[0hy
c$ I
t20
4 2Uy
8'^ 2N
KGNS
kuG0
:uX0[y
AsYw
:<F~
(N- :NB
{ua0ty
mud0ay
PictureBoxSizeMode
{R-MlJ^0
}fdp
V\Uh
*'u
8#NT:
P}#@z)
w]l3
GetTypeFromHandle
TqpA
o|qc
LfFKe
u 02y
iGYK
u402y
}DM3
|wf;E
@uw0ay
u#Tu
KuQ0Ay
/?,B"$
PXS
LQ~p
^[N{
js7n
kH,5?p
$~F}8
u,4]
Cz4!
xkW%
`~Fv
uyEp
W;Mzs
r>``
08o-o
]u|0Jy
OTV9^
`V]
=Mj>
```Ha`
w~ /
u.00y?G
`:[oz$
g~zh
` `X
G\$L
{M'?
g!|[W
t3syI
VuC0
-95$95y
J 30r
j=I3{
z^Wy
o16`:
|tMRm@
p_EOun
ku`UF&
i>K[
V20p
ZuQ0ky
```p``
ju^0Py
5W+F
mscoree.dll
ju{XcD
</O
aC*\
e`(-
Amwj#
2F)%RD
u\B
ua``
9uk0Ay
G9Z2
18uv
QjI-
V]rx
Zj|F
ku]0]y
x=*n
E,s?
9,K)
gq5<y
get_CurrentDomain
GE^;k
mykey
dioWZy
Xub0
zud0
00y+F?
(Y>[
'02x
u%0\y
~uy0_y
p|)2y
2e^
System.Collections.Generic
+ T
oA|w#
{kV6
Z6Wf
=j!6
jA+$
{zl3Z
LYKxx7
+f /
o`gL
01yqFM
iL`
Kg9i
'~=?
AssemblyFileVersionAttribute
:{nF
--yc
NZXPn
#~m 2y
20xYe?
Rm\Z
`D$Wr!
{{o,
Kl7}%h0
$yZ3-x*a?
Q6wS
iQ_
E]I{
>u[0Sy
Huk0by
2^F^ U
cub0\y
CD@y
$-P4
Lu&0
juU_@
m7I++
:+ 4
WriteLine
w;SHk
~e[N
System.Drawing.Bitmap
v'B 2
Fdbd
}xl&
9%io
\6QB
;Z&SR
F5NS
Z
_?dh
Bug0Qy
.I&d
vS%I
M:&g
1;k
gLt+
R~,BUB>
4`CW
StringBuilder
:1][
PSB9
2u`rcD
-?!_w
/^&,
3ZaUC
Bux0Ky
.Oaaz4
}ai9'/
f8|XM{+
?\U
(vA,rcB-
]u[0hy
2ucB]
wuB0Fy
P\ZR
n|@
UxY.
l7'dh
uD0Sy
Wuq0Fy
4hTJ
NwzNUZN
}u<0 y
02y1_
W^8_
H,o8
~e30L
h]FW
```P``X!"shU
5m{i
dVE(
<.FG%
XfO;
j G_Y
ZY0
bu`UF&
Vm}!
r2>f
*^.A>
&VKN
"r46
11pw8L
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-25 11:54:12 2018-04-25 11:57:02 170

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-25 11:54:12 2018-04-25 11:57:02 170

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\fada.exe.config
C:\Users\Seven01\AppData\Local\Temp\fada.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\fada.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\fada.config
C:\Users\Seven01\AppData\Local\Temp\fada.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Users\Seven01\AppData\Local\Temp\fada.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources\grace.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources\grace.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\grace.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\grace.resources\grace.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\grace.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\grace.resources\grace.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.default
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.default
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.default
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2476.4841765
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2476.4841765
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2476.4841828

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\fada.exe.config
C:\Users\Seven01\AppData\Local\Temp\fada.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2476.4841765
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2476.4841765
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch

Delete Files

C:\Users\Seven01\AppData\Local\Temp\fada.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2476.4841765
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2476.4841765
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2476.4841828

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fada.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3c4a2718\1b7a8d8
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4b15630\40102180
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|fada.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|fada.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|fada.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4b15630\7707ed39
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\(Default)
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\fada.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\41FE3658
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\41FE3658
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\(Default)

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
gdi32.dll.CreateCompatibleDC
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
culture.dll.ConvertLangIdToCultureName
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
kernel32.dll.GlobalMemoryStatusEx
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
advapi32.dll.RegSetValueExW
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection
user32.dll.DestroyIcon
user32.dll.DestroyWindow
user32.dll.PostThreadMessageW
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
user32.dll.PostMessageW
user32.dll.GetMessageA
user32.dll.EnumThreadWindows
user32.dll.IsWindowVisible
ole32.dll.OleUninitialize
ole32.dll.CoWaitForMultipleHandles
user32.dll.SetClassLongW
user32.dll.UnregisterClassW
kernel32.dll.DeleteAtom
user32.dll.IsWindow
gdi32.dll.DeleteObject
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
advapi32.dll.EventUnregister

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\fada.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-04-25 11:57:19

Detected family: #Ispy

TheSystem Itself @ 2018-04-25 12:06:03