MalScore
100/100
MalFamily
Razy

yg_kenal.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 39/68 Related 2011
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 484.00 KB (495616 bytes)
Compile time: 2018-04-18 23:32:29
MD5: 09571672aec8049a954cc3f0b9d3b14b
SHA1: fd63bf91be872f22f95a89f185b60048b11b3cff
SHA256: 7a8db97bbd09ac4876f37a07c1703aed9dbfc0b7a8131bc5fd0918acfc200f05
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-04-19 12:54:04
Last submission: 2018-04-19 12:54:04
Filename detected: - yg_kenal.exe (1)
URL file hosting
hXXp://lalecitinadesoja.com/imagenesdeunasdisenos.com/files/yg_kenal.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-04-19 05:32:16 [39/68] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x75cc4 483328 c59ceb12ced61204a7410fb2754b509e d129df78214333c0cf6e5bca2f1f8f60a42f7a4b
.rsrc 0x78000 0x348 4096 8992cbc004c2035f965e33fa6542ff20 8e17cccec7fa6399209c5fb6f902755b89c42353
.reloc 0x7a000 0xc 4096 22e8ea89e9c808f599c64f9c5cb25f37 c68a6124b4e0fc0486f1bbe1893e9b5c5029bbaa
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x78058 748 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: yg_kenal.exe
FileVersion: 4.1.1.0
CompanyName: Sandboxie Holdings, LLC
OriginalFilename: yg_kenal.exe
Translation: 0x0000 0x04b0
FileDescription: Sandboxie
Comments: Sandboxie Installer
ProductVersion: 4.1.1.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: XML
FileZilla\sitemanager.xml
FileZilla\recentservers.xml
FIle type: Text
\Mails.txt
Browsers.txt
FIle type: Library
USER32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
http://kenal-cn.com/yg/
Comments
KeyBase
Eudora
.dll
InternalName
[Back]
$Set$Window$sHook$Ex$A$
$pos$t.$p$hp$?$typ$e=$not$ific$a$tion$&$mac$h$in$e$n$a$m$e$=$
EncPassword
user32
Translation
Software\Paltalk\
Safari
URL :
URL
Imvu
<Host>
Software\DownloadManager\Passwords\
Text:
Advapi32
CallNextHookEx
LegalCopyright
Keystrokes
draobpilC
SetWindowsHookExA
FileZilla\sitemanager.xml
Sandboxie
Time:
RegOpenKeyEx
Sandboxie Installer
Application :
[Alt]
Incredimail
GetExecutingAssembly
Paltalk
ntdll
User Name :
InstallerAppDir
Software\Paltalk
Internet Explorer
eCDEFG
<User>
=drowssap&
JDownloader
_Thunder_bird
[Apps]
Win32_LogicalDisk.DeviceID="
Key
Netscape
Machine Time:
RecoverBrowsersQ
programfiles
4.1.1.0
$<$/$P$a$ss$>$
Outlook
VolumeSerialNumber
Firefox
Important.exe
http://kenal-cn.com/yg/
"{0}"
NumPad
RegCloseKey
$\jD$ownloader\con$fig\databa$se.sc$ript
Notification
[Ctrl]
ProductVersion
VS_VERSION_INFO
RegQueryValueEx
IDM
Window title:
</User>
Program: Internet Download Manager >6
LoadLibraryA
$C$l$i$p$b$oa$rd$
Password :
$<P$as$s>$
Screenshot
$<$/H$o$s$t$>$
&application=
kernel32
Email :
User
&clipboardtext=
&keystrokestyped=
VarFileInfo
RecoverBrowsers
RecoverMail
ylbmessAgnitucexEteG
Opera
:___:
pwd
CompanyName
Keystrokes typed:
Program: FileZilla
Assembly Version
Application
$po$st$.$ph$p$?$ty$pe$=$cl$ip$boa$rd&$mac$hine$nam$e=$
Software\IMVU\password
Sandboxie Holdings, LLC
64128c012df6ee72f30ebb61711f137e
#po#st.#ph#p?#typ#e=p#assw#ords#&mach#inen#ame=#
Chrome
yg_kenal.exe
\Mails.txt
&link=
Programfiles(x86)
Passwords
Software\IMVU\username
$<$H$os$t$>$
sdrowssaP
Browsers.txt
StringFileInfo
&windowtitle=
$pos$t$.$ph$p$?$ty$p$e$=$k$eys$tro$ke$s$&$mac$hi$ne$na$me$=$
Password
programfiles(x86)
0.0.0.0
FileVersion
/stext
Server :
Web Browser :
&username=
000004b0
FileZilla\recentservers.xml
<Pass>
tAB
FileDescription
nickname
</Pass>
OriginalFilename
$\jDow$nloader\$config\dat$abase.scr$ipt
=emitenihcam&
Filezilla
#INS#ERT INT#O CON#FIG VA#LUE#S('A#ccoun#tContr#oller#','
End:]
h9y)
.nD1
a<y~
Y)(Fq[+
Int32
i0J"
Kw7p`
sA.[
!w<v
XI+g$
A cm4
'k`8G
V1mQ
5dyy,
W;P4
4 <\
a<y=
bqe2
6e^z
HElS
Q ".
D-_M
QzR Z@t
TTd[
)EEk
tp/ 1
@Q[k
XsKs
+)aU
ds=;
v.:=
qpxR
7Qz)2
d?tJ
IJ9h
#5Im[
#p v
t"05|Cqv
.}6=
G}[,
9AI+
$Env
`gXv
;2JW
uZox+
$4Or
wFlags
BV!P
c_y9
thK<
o 6[
{@uE
HideFile
Nk/6V
jv' g
N8(,)o
J8v]
9.UPK#
MT .
:+3n
A.\6
l[T
BZ >8ec)M
zuJl
'H>be
-JQb
exc}
I{ q
icII
{P,^K
T{.
0^V
ZF8Kv
jS:eK
r@Z3
eEB0
Kb)b
+yB7
)|/8
"+6c
k wD
Format
7XC7
ynCP
.[KcU
0~Mb
)}AI
_D7?Q
:bp]Q
&+t
O)K,
C|~&
Vp+tow
MatchCollection
Cv(uU
CompareString
Z2}Q
Kf2ph
Pr|
{;V-
}Exs
]h'Mr
subKey
OpenSubKey
o ko/
\.Nr
i#.);uX(
&`&$
U^[?
kts,$
?Y(j
GD)b)
i7)
`&uC
n.Bz
*A:$
Za=#
WcFY
/.A:
$).
/u3^
T][=
^IE"
'Y
U' {/z
ZD9-
'o9>
&I@0
I#_P
M -q(
FKHu
W'D[
lW@{O
K] "
_y<u
G,2q*
-2Rb
5) u
3OTJ
HZ89T
OV+S
vM B3
Username
Q9}E
R&ue
H@<w
CUW2A
System.Text
qZ.d
ExecuteFile
.-oO
Extension
BgOE;%
A*7IO
c%hp
,"B@
=;tV
get_ExecutablePath
Char
'<aY
&CRAr]0
z@!N
`Lb
k[N:
3ezi
znCz#
/~`f
e4fj
:kp`^
KR7SoG
Vo-l#
?/s-#+9
s!l{d
Grch
l||a
zW"?
y:P
/aPe]
!K#
,_j[
BqN{
.an
1A X
c$H7)
&EDv
qEsC
u(eX
6J,f
pg< M
SA:' RX
T@TO
#"%^^
phkResult
iy3Rq
=U{f
1F )Z
B{syd
RegistryKey
n\& }
5R8I
8>_;DP
remove_Up
x~N&l
mo|R
+o@5
.text
N!k
+A.*B
5M[
9E\)
GetObject
1An8
m%f|F
nF\V
?x&D
Ck`j
"U9d
&fJUOV/
&oc
;e D
Get_Int
_ 6w
9<N H|3
%&S;y!B
_}$6
/:~
}n'A
43^~
[Cl
/X$^
eR.C
ect{
ClipboardText
84%:VlKN
9vHF
d_ub
lchp
zc1&ia
NBM=*
Xq2eML
[|U
c_ya
zo^-
mie
{jQP
/h/\
H0*k
KzCn
Conversions
+SZ)
d<9
( =
t'~,
@:c ,
)'~r0
V`&VB
r"] ?
Ac?;
L :J
:!}
Irk
go|y5
QiXD
nwHg
ifE5F
*IV]B
E? ^
[Uz2
4zx|
f)Mx
z Gu
3:"H
o:w{9,
z6[[V
Qjd1
mWjA8
8=4%
Gw9 u
n3\(
Be{ (X
<c>"
!}fRe#
? $YTIv
@3?
3 "u
Oq4K-s
d >+
]MCY
~CM{jk
M=)6I
ptAfKRH
DVq*
input
Ihz5
&3?i
.oA-QH
'Cc#
YgF7
0o6 K
7@#Y
6R$7vY
Sandboxie Holdings, LLC
l[J+
P#v,
1]:2
$P 7P
ga!hT
As1m
m Ly
~DQ
96T[
us9+
X1$O]-
8 l
Jc{=
G,H#Eg
!D7p
O{Ct
H HKS@1
~:B9
~n9G
<8} I
XTR/g
iO9s
Reserved1
*Z
+#,j
:> I
d4FP
ef^4
{H3L
}E h4q
>D:X)k
@;n,
~5R"
zA#^$
a^Q)K
lwc
M?y1S>
sICs
=s^LGR
.!V1
p,-|T
% 5z
1Q9 P
IUr
IMVU
flr~
uI[< J
x !-
I:7h
q Hd!
*g0#
KYl
hwnd
.!-.
_X~Nj
Recover
eX>Ng
y3xVu6
r a.
%R--i
1UA@#
I#Q>
ZoG}
$T6`2
Vw~3h
XGHJ
J|C
~;Ed
OQm:
<wBJ=
(+ho-
SuppressUnmanagedCodeSecurityAttribute
Jw _
`gV|T
8 Y
ME"29 %
DGUC
MethodBase
[$R|
yuP:
bttKhH
@ZSlQ
E5]R\A
N;N@
dv[O
r<L'
,N[Pb
'y$zT
}"Dw
==%>
w<,l^
a$#2
Gr.@
F'/4
|ChB
"`{U
MZ2z
"LCz
d)tu1
tBx_
ud)s
Np?(7
zuk-
w3+ SJ
pF]
"{3;
`4)#
bytesRead
&fo]
5ZIV-
IEnumerator
og&"
Wu$w
)llN
9.F9 J
X}W)
)NM
1i"W
2Qe$]
%B+Mdr"
ru};
8jp3
Z2%3
/pxw
yqL [S
%X/6
sQ#iMu\
GetInternalModuleBaseAddr
-|{Ta
9-bBO
]^ns>
S3v}
BGfi
@K*b
bQ^}
NI f
vMKfEB
ykWQ
LI r
CG3P
1aoM
oO9jtLy
$q]}
Kq!Y
*P-C
6fS`
rs%g
v98e<4
_CorExeMain
Desktop
Juex
O?Q`
:K"Qh
%bKW
Y7 +
fy8Wv!(
PBF_
PD]=
!Yd.
E a@
tm%z
Y>\ @0B
gq@TP
V\H4
Z*Q>V
\?xGH
n3 Q/)
^=R)
;sz)
bU4=%fsd
2s !
LtqlkQ
^(tK
a ? AC>+
.8 h
3dpd#
cuKc
l8,XM
System.ComponentModel.Design
6qozgl
T ~
|17"
i# Q
?>=pZ
^cU[
&n &
SE_ o
j*%e|
en|O+
Mk>\O
W_'nG
nA2}
;$PC+
?zg]b
8gO_ ,MZ
8K(d=
pp!/!%K
address
YJN8
y\+p
Dx<>60z
#%hk
@<#=
Ohwng
?=
Ud )
r$"d-
yS@~
[Ihc
x }]
1L WX"
Lb;
7wS<9U
IN~
-{V,R*z
}:|
Y Zu
^^wV
Fo;K
R=!Z
UAQs
"0 67
}dXY+`}"
Qcd9q
$b[U
ye-6p9s\z[V
.tq"<_W
q$ _C
b3o
/3U,
<>F3
z3]f
=D q
`{U O
K6q&3p
X|ADnl
>0v
sQh'
n2:D
p ]+C
9 d2V
ToLower
bV/=$
(by*
.DKh
@ 8^
TJ Z
<c8e
get_Count
data
uk;.
i%:bq
.KpN
J p
UoXz
>u?dt
}xO+
lpKeyState
vj94
^3K@
r/T!
pjKp
]>6:6
"t<+
yLR2`
2aw.
NameInList
WebsiteVisitor
ToInt32
sxs&cWn.QRj
z `"
Wld9g
L=D&
G.}q
/+Es
[JH_j
v?vs
H 46
s n<x
)qyY
%s2
8DJU
< =B
M\. 1
~ 5b
FFtW
O/9;
ClearProjectError
q<]pQ
_Zz_
m']k
pE81
-oZI
2%^~
y M4J
+lYg
Gd-x
P=rt
c.fO
Egk6;
Cb=f
EI;8CGo}
';c=,
_f:x
,u~]
|(E ,
q5;BJ'
Ji3b
Xg<2
Gm:og
IF8c
>2\#
)yMuT
6lG4
MyWebServices
Create__Instance__
3Z&
[qT1J
n%`
D*IM}
qkiT
K}4p
t<n{
a'+$.3
p8f
M~E2}
=wx]
N)gm\O
^D@:?
^!{# ft
h#2 g
GetFolderPath
R,s(Q
7R(PB
{ FF1
<ixB t
8T$#
ir9x
Q5(v
)&\E
5sf
~hjA^
OxbmG
.P]Jq
g1*Y
@ojo|
#l/p
p.S
K\nM
#4HH
%)@`
1~`$
~wR&4
q2Z|]
&u;o
C@[_
Invoke
+G1
J/5: *K
x!_r
~\9=l
;[x)
buffer
\w|2
4H?@
HMod
*?b2
-r^07"!
MZ02
n58"
vp$C
=-yU
'YWV..J
jKgl0
Array
|M;v
9E;n h
n[;/'Y"4
IsInvalid
}0L,:
ALl^B
*HD'
m2X-u
.d0s
KwUf
>k6Jm
,h|
r070`~
-E{>'F
2z{@
^kVt
y!xt
?D[
p@S&b
<j;9)
yg_kenal.exe
-n]g
g/w}
"> LD
` oo
V>6>
n@9Lo<"
sO!Z
7dM>C
`t4'
n5gw
| na0
&;{'
gIrS
tFZ>
QP (7A
X#y:
vs>+;
#g>37
WI#s
1md6W.)
+(1B}
lJO[
?pg5
X-F{tl
AYQa
Ne$z/
-< jW
n["g
2kyD[
{3*_
( ezO
_g87
MxtH
FreeHGlobal
Gz:`
XcCCI
Eudora
RuntimeCompatibilityAttribute
OV a
[5 s
^sG mT
/{B u?
>4PM
8
LrB7
startIndx
G| >
get_ModifierKeys
S+,q
xpf2
U:Z[dep
8R
) Fl
39Lf:A
Path
Round
o +d'
+:0M2
bSF9
G^a?
-cC5
Size
x={0y
Nqda
m>\
krDB
zJ*@
C wh+I
N.dg
s>{s
A7 #R
@||w
Vl~Y8
yfMQ<
L7 0P
ResourceName
`.Q*(
zcst*n
v\):*j
TargetMethod
c&4x ~{
a^5;Wv
~WAM
zYOcsu
jgJ&
r>zh8
a~uE
4q6>
L.R'e:W
Q7?/
4 )P/
?q|s
#G&@
7piN
=k`TI
{}Q-Z!R
:T"{
d,HBT
QS aRr
E+<W
ciYj
m5K~
+ +
n>8
tW?^
yoBl
608m
Sh}"
e[d>
?L:
ResourceManager
)Y-
({XI
L Np3
DuP
>SEC
dmHz_LK
N."k$
Incredimail
A]N~
10xv`Z
boYP
ga;L
>4hb
!&E<
QG,o
`h@s
-&r
#_`4X
&ZO/
WVCr
^{r-
Vg]O
i(O8
apI>P
Y`^y
MbBA
{$ ;
=nR"
zesE
|L3l
Bhm
#'7g(
xt,|
b4^(
`e T
DMLw
6JjR
uq'!
MyComputer
A'u`(
mi4L
Q D}
n='C
ChW!Mn
I?:O
VkqJ
*>4<
1CeR
;zl +
uT<.
X$@9
Z`;SPD
|Zl{
Y U/
7uk=>
wvit
(o,'G
&e@da
gonl
Wm^z
F1'}
_,P
cY ) ?)
0Op&A
GetSubKeyNames
gE{+
2Lf
rrs-
.\_Ot
Password
d]zC
`=?=
OP6GK
BcwO
mTyS D}
kQ8
%NF?`
NVqOK:
c(zN
b4g H
Psz
ZDF'
sD$s
C/s(
eyEy
[[J{#
o.)q
o2qBj.
)7%F
V}OQ
/=:1
2 *g
E^ov:
`s
Ld?#8*>l0
c&WB
*c{l
O}ogE
mscorlib
KR+'
j=kLC
g/(K
[%#}
}D:e
!$F7
yFq6
z61a
V& 3
' 5
4^rO
MXB7G
o~ B*
m_UserObjectProvider
z|?Sm
4S]&
E K$S
'K!ro\P
Te"+6
rCk>
08t=@-
v"Cw1
ManagementBaseObject
V/.w/s
W2qf
q<*4
M:tM
$:D{
Safari
S>Q?
+%AD5
$oA
method
p,8_
%#5uU
R^Pk8
Y6dx
i-LNN)
o!(N
B<9Z`
c e)
XC%V
sender
jGql
\bq3{C
u5 (
u?+W
/snSM
Pa&{[
+Ctop
ToUnicodeEx
m>hf
x-9
YLX"
_73l&
l<^u
Va=v
sq:8 }
J1 c8g}+
H.3V
&q:>;:Oq<RhZ
"4({
kv?"
.Lr
V8$p
,Rn2
a4bH
0?%4
ukpac
k=
#U&R
QTl.
*Y=:
fkuI6
JO)'
@D,
"!n B
>k%s
Lv9D<o
E0Az
tlB
Q!/D
Flags
ProcessModule
O[\`
jU*.W
m%rC_
!This program cannot be run in DOS mode. $
4BqA+
~M\F1
u=o\_a
Dispose
^fl
B5>)
B rY
I:qS
(k)P
v]WS
/?%)
=0K\
`>PR
&ke#;
vJjt[t'~
&,T?
_ kh\t
GetValue
<RP
N %R
M:<-
Z[`v)
y!.f
coE6
ne-LX`c
EH:3
6 Q-
*$)O
R>I C
x&zEZ
8Tb7;i
f4i )
^27E
4[|qsj
( l
AIqZ
zSrLY
~^"v
.okj*
3N-\
N{qOq$k
3ggp
Firefox
#Cjg>
rR^Ep
|1jTDd[
W2T"
c"-
Er+.S
yg)a
n4~Hd|M
-C0~
aUBk
Tn/o|
Strings
S"Y/
e)[L=
K#[(
G$o1
-(d
,[Jq%,
3 O%
18)b
$c=(+
*#zi
xu[L
SLX!
qe/-"
q E;T
#-JX]
~OR+
'4~8
; DN
-~3Ck
1|w8!^=P
4$m_
jkeqo
I'bQg
;d9A
hQ9"
pCs}
Ni9r
v9dUq
F2j1
|D%7
#8HXQ
%'jg&
//^hr
RcAG
HK}H
1$tsB
LAci
(4
Ry/O
DN>#
w HW
Mutex
1Gt
(.
SizeOf
Y7eS
PM(~
^C`l
UnhookWindowsHookEx
elFB
4n,_
GPlZ
BiFp7
To=U R
Bff\
set_Key
-yF]
7'}8
W)2U/
2N!o
YOMU
2j?q
A}i!
* [i+
XD7W*
get_NewLine
R)E+
(P
0ZF%
IF;
P{!G8{
@+L\s<
9GQF
,0ZQ
v]`FnZ
1;qIc
MethodInfo
tN%c
vw+X
yzZ^
Fp"
CompilationRelaxationsAttribute
J9;
x=?Z
zOy
w0Gn
LtMp
LayoutKind
pVDGM
o9l
(*{f
YO1yyr
1^k
Code
5JCt
> n
:`]8
t,'F
J ?l
A`^s
>V_e
SafeKeyHandle
U+AH
`+%6
.hOx
,Va
EraD
-8F}y
rESd
N+];
_- !
(x_h
)JTR"
aV 5
EQDT
8[7:l!x#
fz2_-
6Fh
>_7-
n)&s
-J^3?8
w[pE
last
/I M
.-WT
f}#U
,A 7
8SfC
$7k
.<qj
<"C
jqDj
umYr
-]ed6
&D3?A
#jOr
_t`r
IWK
>]LB
gN~v3]X
2@z1
'eyn
3e5u
|Qw9m
Concat
j9B2!
]:B$q:<
.sKN!*
sS
/'%L
4WYh^
- Kz
PM@J)
W_ .
vK@_
Misc
x dX/
WebClient
Xj00
"G!
}}W|;
h P/~
n3cIc
IvI[p
currentDirectory
! tE
`[g5
<B<(
Address
LzJqD)
9Hw'
?5Yg
u _;
K-#MScS@
j-Nn4h
zqE^
rh[=
G)(
i Dg
#6a-5
_D=J
Q&{e
ij .%
)Oq`F
Quality
O:iH
(xD&+
f'qVj
ySqz7
,D8H
qap{{
<Y#N
sJ ~Cz
w NWd
HxLA
a}r>
InternalGetProcAddressManual64
-',j
Dw6"} t
[T4{
l"fQU"4
KT"!
R-t~
k $q
v l^
6<Pr
Z/L~*/
Kt5XQ7
v1jSA
f=pS
Z]7+
?h3Fe
E;$\W
ForLoopControl
}eP +
gjU\(f:/'
29 *
KeyStructure
8SEl
_io'
$T;
6Y@Q
%ui@
e3xgq
v|t
}58_-@l~d
#Ly=
kL3DKK
(e) 8zk
Microsoft.VisualBasic.CompilerServices
vIn>
`xr>VfG
O%yg
hU4hS
S~<8
Bz{#
=z^y#G
MarshalAsAttribute
&X^|G
:5ml
1?8P
`]=<
{RdK
iKm
User
+k7)
^f}%A
yl0e
Gfql
A7KCE
{3Kv
iK%B _Xt&'
&zf!
6"$~ M
Wmu
yS(Yd
Y4cn
O_fg
tZ*Z
L%C>
u$1
SK`%
\Ti}
~7a_
]qXj
)1vV,%
4,OJ
XDjRNl
Dga`&
VDo|J
)t@Xh
iw ;g3m
9~bQ
]e1G
V~:
A$Wn
t\<g
( 7xv
T-/2
ki Wj
Bo,x
'%]*9
D2`6
_Srs
lC[.
Os$`!L
}'a?
ExtraInfo
processInformation
pu 1
r3IU
^U)%
cC="
Lnpb&)
+^uw <
3jHmfgw
G I
$7SI
)4;IbC
QGVNq^]
,YcVh}
Trw\
nE#
:?vK`
Nt<Z
G>d4nb
B2Wd
{C4s?
/[X[
R "o
M9Up
zyP
G eFa
/#%v_}
:iI / E
/ExXS
"2~o?
35t[f
w Z1
5%@E
)[`
MailClient
'/ppx
xyey"
oZ>GXp
makel
get_Modules
rKuT
$B,
AccessedThroughPropertyAttribute
2w&dfg>
2$V'o
d~-Oz
xbn3":)
8Dub
p^~;
>7N^
g4-F
ry9r
[YkS
c|9VF
.5r!JY
X2gH
guc&p
}${a
\7`B*
AllocHGlobal
?F/i
TLEC
`vEk
(I0ae
},EO3]i
process
?fxt
8 !6Q
5E$C(
zf*52
tBMq
C<3~
&|u~
DownloadAndExecute
2)5)
~1
SendNotification
N'@)q!
Q"_$bI
$F! ^
6. <o
C*DA:W
($X
m1tj
p]J:
p@p>
T&kj
GetForegroundWindow
R^%Z
6zFe
\R6%
MH$-
Tj7xh
F?`n\;
\0j7Fb
Jm0_
51-tg
n Mb]K
nqqHu
r#|O+
*-C SG
0 %<
T! RP*
R($=m
hv+D
x":l
x$48
m\6?
IVJS
)hO?
at<
Mf]~
~_sw
,M/p
}0_v
{b][xa8{
Microsoft.VisualBasic.ApplicationServices
vCjGc
/uj6
t "*9
66X]H.
/A*T
LxS/
]sO,
!b"$
9s"2
r2j\
CpK(
LCase
|-v|
_bbd6
CCG.
2NgZb
yC{&
_yJF
AGo3
]]4M
.?5rY
[5 O
N Ce
}S]F
Gz0
bxUs
Q3 ~
AyL
b .\
h@F+
ng!Y
Wqelb
p4ou
!>
xZK
%B\W
R) {
[)}W
MOc\
9 C=OL
A+Y3 <
~Q:CI
Proc
CYV~?
`{]a>t
PCq?4
O&-H
;s:j0
9dk$
f \U
5S,VU
?bS4^
]y+e
XPi$
%41`@
! 4y
cmc@
Ns*m
QE'G
+@i7
0ql;
mBR^|h
I IA(x
-;+ 0z
rOd{
TzmA
G0"7
")l[r
u$%y
CreateDecryptor
gE6_G
1lT'B
'W(;
XJPg
[#*T
)Y7R
;hP$
DAM)x
mYXx
J{7wC
,lq!
A}5k
AElAm4<X
)^ n
>E 6
\Lo#
3Djf
R^]s
%T6
Jw8 @{
/Jyk
@arN^
RXD
nd_D
z?)K
m*7[f
`Uf+
ConcatenateObject
EndsWith
@utP
NQVhN
r4O`Hk
xE26
3PEh
P3N8u
ProcessHandle
;?W1
handle
_9BY6
:S Ks
lGq|
U I
gpus
A ?Sl(g3
8'ip
O}TY>q
~I|V
RecordKeys
/T^
Q:Y/(
b 8'
v| F
Pa\U
g[:
'3Zj
6RII
<gL2
jFQ=-
)2w+
MJ%P
^0WcM1
I/J=
-iZH
yz|Q:
1N2Z
@M,u1
4 B/
>rp0
PS<*
`wC [
lpwX
IDisposable
RAqcBv
vIp/
}oOe)
R G:z
q }!y
rpcp
W >vd
-jn4
nTy>
My.Application
+}zt
;9Z y@
gBW3
z1-w
p&[t1
L0|"{<
/ophRTp8
DownloadString
g-|L
dZ&
^*H,&
mnI u
8l({
add_Up
|R]Tyy ;J`
^83R
"^AB
|]-0
=/6D
!9j?z
miYzY
b<P~
xwPy9
set_Keylogger
\5v
&sE4@
_5N]
#GUID
t<vB
*g&ue
=dF
gF<W}
vT Mr
9IEz
)G9:
|;c1
-,Bh
c,BaPh
r(#b]RnW
ZsQ)6G
q'XV`y
InAttribute
+WWMQn
g-H;
ToInteger
|V.S
- 8W
k Zc
K<q.
{d FsB
/W#m!
J_^[|
@ e
>9oz=
3,?B
NJ|z
1uQu
/[P%M
Y In
( u%q(3$R
VtZ(!1
dA S
zdi$yf
Microsoft.VisualBasic.Devices
0zjE;
U~Lv
7rJH
1/G:
j1wv
}orC(
%3Cl
}:C4w
z[V(#V
OWA29
K#@R
GetWindow
+4G~%
1%Uo
T Q&a\j
)MTJ O
cdF&\
dyB$
&B }
vhH@
1?'D
bht n
gs@~-
y*:@1
f[h'2G
c?iA
gqVL
9 HCv
9My-
&b}m
get_Size
(ecg&
zqAF
: B0
g;59
#px0
Replace
wXQF
U =hukv
6tf]
m_ThreadStaticValue
/fIk
7*nq
oh/L
b}o7
{p skY
S]<K
M)#E
Q 3BF
} #X-
K9gl
l.~%A
@$.3
|BM;
~F 16
_Fj
'[BZ
pRXT
SU Y
@K7`t
Tt(e|5
WT9`
@k}o
8x1e
Y-) }
-"UA
ZNzB/
~;nz
."X%
CUB
%AXzj
1y3h(LA
wu;K
#z/C_
&|T`
5lH40
/8HA
dr #g5
8J[V^
j 8H
^%;l
nG.$
|0W)
GeneratedCodeAttribute
-@~
B &&
~70T`
y"T6
|Dcz
A$H
[vvzj
Y?N7
47No
5cNy
)6P+z
|LIWdw
,\.V
J2qnwO
0jcK
T|0$
$l._}t
X!J,
CompareMethod
@7@
6q G
m7ie
gxC&
AQkC
MAD 1
$ &Y
u^$[
b@3*
Substring
Process
!GSH
9bWV
-MJ!;
hMuA
Sb.=
ClipboardLog
dn$1
}e=1,
~x Vh
'y~T
e!\h}
~z25
Oj &$y
'UU7fq
$ A7KT
*g2\%
j]fyy'9
i->{
o 6
+|+v
n FPaBRi
^ l%
nNhu
ehpI
Bfk
}{=%
y|b
h m+jb
RegQueryValueExParameters
{jxG
LJX'7v
user32.dll
& iQNOO\
Zr$u
Ut|Q
_&^[Vqe
(4]w
total
|HdU
g>}3ul
p'(V
KeyStrokeLog
/h(Vu
7 [3
!5d4
&M2d
Y[[lL
HF 'v
d?rug
:z ~]
F 2j`V
F tQ
5L}#[
_f$L
q/ |2B
c8bI
425{
AssemblyCompanyAttribute
startupInfo
a4W#
#X\>
s$pL
GetWindowThreadProcessId
BW9|@
IxTW
str2
str1
_eA
X0IW
hm,@
,qy67I
cv9'e
?m0A
<e|'Q
,% 1"
Dcz0
4[nDO
SpecialSymbols
Ml8V
pdoG
\3iKzm
J`q@
0y#@2P
PADPADP
1mG@
d@Yk
q='[+A
d8c"
c0JB
iF ng;
mFV<
'Xh(BU{
=cC+
OmTla
!bsTP
FnB~
ugyh
6Jp
6_rH?
{<`d
hKey
-Ro,k
, QI|
z? &
R_!+9
;\?9
Control
!b^2
@*{-K$
IM)#
TakeScreenshot
o\N]
<e`L
&:#A
Yu Q
Y(8#
=2R(
<]S}
nl:l 7
ZE.n
v-"d
Ur6g
H{I P
7%2G
IV;H
fSqbc
Type
RegCloseKeyParameters
m.B_
kH>;xc
EJ~
"]pl
Clip_Text
g <K
34[e
Wv ug;
S<:y
i4v.P
wiQ)
)MP _
UxYtH
!/K
hsGY8N^/;
Okh-
1<ud
sT9W
;W'*
- Dh
5#!>;y
9}o]
lJ0U
iST
xL-JzU
?%x`6
RV# b
HQyT
+d'+
V8<
kdS
!;g
k N|
}8&l
hRj2
q=r!
0f G
HFO'\
1xL0
71 .5
8x%#4
NXO&
DG<9
,+'J
P@`%
w dL
fk^Oa
2D @
Rr$<O<na
xyb{a
System.IO
ZEEV
y^1
u7{N
?(r+
2fq.
lX!
wp^q
List`1
GetString
JH#@
Nxr.j `
#<`6
?k\
W!x>y
)<ID
ko73A
\yjNe0
l,!A
XA&#
Hh<Q
-sgQf
4System.Web.Services.Protocols.SoapHttpClientProtocol
={{;
ng>T
\G{>
cJ?,
j@-wK:
Dynamic
mm"Ts
*S
C1X
"tdn
bt6H9
#j`Z
G| a
l]P:*$Q
.rH^
oFhV
eu08 ~
C&HC0i
/1;s
hl"B
Yn[oXOD,p
d!cV
%]bG
M}yN ~
p8L<
<msJ
% h_K)
`.rsrc
?|QJ
oLob
k13V
5s'N{-
WEnK
38[A%a8't
:*~^
)`Ny8
g_ {#
D\)2{
; PPT5P>a
^i3Ta
$}t#[(
cnqN
A)pJ
Z>r?>k
?Xq*
[_j5
[- &
&}K_Z/
egV,
VFO
bH
&ci
xsp&r
~ /CvQWD
mbP.i
(HDByY
A|u Xu
#qhK)Bg}
AddToStartup
Cak9cD0
VX&b:
q~u$!
@*L.
Y]G[
EXar
\!fr
jW"U@
\Tt:
g =;
yb '
vG,zhbcg%'
!,!8'
x!(e
nmaS
@}xwcM
k'0
bX+3I
ru&9
tYXT
d*Lj*
7e&+
2,O\
hFads
Hook
@$ T
1&FM
(,^
X'}+c
paq~Kj
'o8
N]vS
+_ q
ZwG7Nu
ec_
:o(0)
,7&&T
\wmK
UUi
!t:1n
["h3
S~Lrc(L
@4*"
oRSp
[U2n
w<.A
Mnm4
get_Now
<CRlk
!wd5
~#GZ
-*lz
9_x2Y
N9p+/k
P<^>
d*>\59%
Y\iih
ki +
4j[t tk
<#=ug
W'Tk
1On^i
_dT`/
1-|V
+25L
eD:?`
aLE$
@oXmIb
(N
;<c.
:d++h
oJNa*[
VN9$
p2f=
:&'|;
Z-Jz
iBN2
D wy
me3L T
;A(
:hP-
~0_r
P 2l
nK!_d
N1 U
qF}a
V5nQB
#Strings
wM@@<1U
GetWindowText
pgKP
]R/w
4PvD
a~F7
{LZOV
!PqF}
,dA?
( 22
h,#|}
o39{
GIE%A
uDVv
3L+P
T*Q'q
vdg*i
u St}
SB)o$H
G@tJ.2H\
System
.8N6l
(fz%wQ0
ScreenLogging
Left
[l-j
a>z
Application
|Q*,
\[j6 0
^X"
yEOQ0
+y^p
/]IY
[XeA
~Kqc
:d5|4
j7Gos
$pZ
y ;J
J4w:
r)val
{Y_l>
gIfE
X;u<
2D&T&g
>hkR
Z / *
W*{*
17l/[
#IIvOXq
rhS
J"tJ3i
+'PR
{sRJ
eE/
bii7
/f<o;jZ
'VG%M
#6-r%2:
7+
'X;Jp
8)mN-u
'Lw
6%W"
6SCV
Q 3*
}Ga
>p)M
user32
?bZY
u/2/T
eC{m
49g`x
GEQq
=-Er
'2.o
Ygw
EZM3
-,eK
'<IT
ENv|
:oI2
Down
BitConverter
$if +
gy C$
kpn=
)j0\
pry
{ /@,
K4 2
>!|0
r-m%
0|!Q
Ux6JS
9NTtO
y\T^
2*h@
Delegate
M!7K
p#hp
rE6A
`BYI
t:acz
get_Unicode
Os!
, N=
<LrB
RSMDecrypt
dCaN
P_Link
<tn0Y7
-&jt_
S"`}_d
e,I'S
Y!|d
s3L14t
-V+'
vZ[-
&#B&
w~-B
S xA;
L=haf
L/=m
R"#f
f%GJA
?g+.
bqwZ
'Z]>
DS|9[
r<.b
ynNP
!M?B
\U B
KY1Q4
<P^3
`Fe(
XYiM "
0v&T
]44#
@'yQ
9Sb8E
5%w{
pyd.
5^4[
5mCF
#'W1
J};1
\zKB
}2 uc
Contains
",&1B
F.M`
W~;>UMe
nr7UD
_!T~E
E`PO
Ycx,KHH
h/-0~
'M:W
)q,CR
ValueType
0l&Y
."C]/
aS 7
"~Ps
n!O+
H>a{
[xy
9Kr"s
ELw1
73My
!I.f
Q/@`
!?r/
<0#3
q%
b; (
3w5F.
dJo8
K w
j$)Q%I V
Cje^
+]L5
A1B:U
{ c=H
~Y;:-
byjo
=^*mP
w; %
w>z+
#vMB56
TlF}
^bE_
ZZPco
<3/I}~
6!,,:~
Bb$)'
3cys
Pw4S
/=<fV
w`d^.'
?=SI
<3}F
Q#Dh'
Wait
F,_i
|WqO
?9l!
_4_.
2K_[
"Au
DXop
rs}<
L+dN
ToString
"R`&
y7
5rJN1
n*s`
N[LZq
ekL
YX0w
mU _
8m3\
KI
J|&5
fbvI@
Q9Fr
e-vk
p'}5r
Rn;of
R!1]L
i" [
R:[i
X4v a
"'=B[J
74?q@%
FaUhC
]m*
s?"[
Q #9
*<*x
iVw l
P=Kgn
`|_a
,&M3
;!)mlv
`!fd
#)E4%
5 WMx/!
nlUK
faDm
_3?'O
~UVy
I-_`0
3 ()
System.Security.Cryptography
l+]:
%\[@
+ 1w
rZ:R
Combine
+S:5
!\KeL
v[k$
z)w:9
On1
9`x)
x#2M\a
P 2>
N+F[D+xHQ
`?=%
F`Gy
lkw|
#r
a\3
Ozp8
[yGKA
ip=y
\zT3
.ctor
+pW~
8?J$%
9ek4f
pVfU
_$Q:w
-G1 H
7L]
Tu9',0i
Main
-'(5Vh
-\C89
N"H\e
O_$`4l
3M)vo
G-f]
ykf|>$y
3LLB
c Iz<0
\R ,0
a~D~
< q K
ModuleAddress
I K~
pu8`
7Ko
PH/5
h`L-
vS>m
'9]w_:d
%D[~
><<v
#6D1
?Ru,
ksq4
8>W^0x
CLI>c0D
@.reloc
oK+*g
#(eU
`aV$ajg8
{eub#s
o:CF
2RRB|
fdZ8
4uFL
x@t`
B9> E
:~ kQB
#nc_
#E5M
.m>*
>(Y2B
9s_}2
)rNQ
LH 4
9 *F
5?%$
57z6
: xI
rxLV
VRgD e7
8BT1
as:@>|
Oe'.
F.jz
Zu.0
D<{\5Q
IYlB
2 k)
/ESXj
6TEy
ZRh9
;N}Q
LW-8
a,xwT-:
X)HT
l,%y
w6AHJ
Escape
uMapType
1byr
<1n.
cQhhw
FXy~
QTpA9i
s q
>io '|I
#<!/
Sandboxie
(}#E
Wwf4D
B/p<<#zh
Yo<o'
[?HB
XUiy
7*<#
EkkO
%a+d
{.63;
`bK
'Eqe/
0X(.
*fA^
n.Ii
Nc :S
ts.d
r/
?R{5
&G, N
hWhR[
D9%3&
h-a@
bRz?
;GRo
,Ur;
qXS'+
E^Wh
})e:
bAe]pVT
c 6&,Z
xVfO77wv
dd<p
bdVm
fRi}
<]2z
2L n
}I@M
eb@]
8s[j
szA~
Mya<c
Mo8jP
? ?L&Pgqmt
?%,?.
get_BaseAddress
tg A
,X2i
H72`.
r+*&
R 5N
p{ l
)'CU
6}iA
yCPf
4dE"
)h@.#
T%EZ
5a-z
[T|6fy
$*op
=bRE
MQXH4G1c
4:j
i"Noo
!=N3
` b,
E%a'zu
X%e9I
*)xa
wez0
i][!
iPi\
8Sww
g5 7
m=8'X
Remove
o;do
JBKe'i
i F
PUeLx
cJ|C
2e=VE~
|lBA
ky52
F\|w~
FfkF
W2 +90
Y{<o
j,$
NotMatchAddress
^]3
CreateApi
U) J6
yHX@
y=,R
v1m*%
Os@>
iV.I
y[H{
s z`t
zl=9
1C)l
&',!
Q}
,43
Jt3-k
d~#H
,aib
sQWHR
- ]h.&
xYk"s~
^lig
ModuleName
kJM.>
!RcC
+
df3
x>+F&
M4gK
&e&0
Fs|+x
2$8H
cVDI
#Sl(
r9#%
-Wp
<!;yo
eZeic)m m3h#
|eO
|+&|
j[.I
/,R0<j
Rrqg
@[!&iq
-='|
3Q^
y\&$
SendLog
dB.E
=_U-
1jQW
1E`
t[,/
odh
[G<x
Q}_Lw2E
WindowTitle
U#m}
]VP:gY
>iqB
#F<p
AsyncCallback
h9pt
43G*
z`mAK
OD- [
f!8;
"8N $
X(
lpValueName
|
|i1&
]9u(
$F5w
G b*
Tfq
NA-?j
[@ _
hi:/
n&{~IF-$~JE
/e/f
+hHb
?#x'
lMz
w$'$
2oR7
7nTH
q%iL
? ^$N
cl9H
rh"y
z5=Q7d
@&#2s
$?xG
fRn
~H[e
X]l4>
l#="n[
3~
UPzE
-< I
n8+4
a</?
tkUe
BV:n
T`Ts
e\`mRD
a>9;QMa
me!\
vEA})
"woX~)%
c$ LYQ
1PkU4]E7V
$SJ~
Ck|(
di} s/
.3,4
qhXIy%
YLN:
<he&
: ,7ZH.
@0_Fp
o!Z
1{. #H
xkS
%}5Y
.x4j
U\<r
&LOT
-]-\zz
get_User
Browser
ej6N
D~{r
0T0[:
(4
2Xv(
i<B UeZ
FXE5I=@W
>Tzj
c Oy
;kA<=
ewle
>4noh
YJ7G
s 5*C
6D62
3#tq
~ IU#
7 08
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
8/ Y
n'%7}
#@S1
Environ
L=O]
F'xgS
mscoree.dll
1Fb}
Ew.&
File
73RSU
8W>M
b9Q7
#F7yL
p ()
He{5
]-rF
fM6.G'
K? P
i`,@
Jy:)|
~tp#t
d5&J
UpEvent
S;\4
yiu"t
m2 E
il/3n
rj}L
6s>p]Y
d#&z
o=63i]
gyI"F
Kxy(k[
GG/
v%_-
&Wc+U
2o Z
}kC,cJ
{^e)g?
D'~MA
vqptJD
hNUy
pgjp
!eO
aXeBdW|
f8g1
U;o%F
a{sE
j,7-:d
DPkO
4r;Z"
,I*|+
T4:
d'Z?
zN&
a %[mi
**SrEM
pFi
zbmw
uy{
5+*
Bv+u|
9jo|
XTWp
hG{{@
4y#h
'PqQ
}`OdZI
loPh
:;Nu
5cphCj
&s$S
@D $
FyTV
StdError
AuW%_
Y0kN
RijndaelManaged
Sm!0
Z ODv
W\_A
B?V4)
SVT/
"{g7
y78$
k>kJz
2O!8|
)Mivr
&>ZM
+sLb9
|)k1
DllImportAttribute
GetModules
f6.1N
5he&f
QtZ=
Nnu7
ShowMessageBox
_m'E
sJ~0~@WL^
fE]K
wUG+
Gj$8m
B.ot
+5`caB7
\ ^y
:w,G.
t`E|/"
t 5/
S%eB9
@~[=
[sEL
<~P<*
s5!E
Vaw(
yX4:
sQRa
@\U9
"uC*
Nz5y&
=upd
"`E\
q*y R)
=+pHTl3r
*c0'
$uhw
Ras-
bzK.|$"c
Fp=p
L{C9
W8<I
# k
|+2F
PU?ae
Sz}pW
t(TC
(3e(
3jd&P
S["^O
Random
`@[_BKS
re[s
6U%#
p! q
MY@^ m
ia,}9pW
|g 0*x
g/ _
e+q`
}Rt
'.T+s
9Vb`
YdiK
BRM1
HideModuleNameAttribute
S5-B
!l<E
T=#^
NGJ#
1N~>
CC8}
9(21
3mR<~7
bfK,
^eNqo
7Wrt[
muq%i
ThreadStart
L+G_
y&a9"
Z,G@
/]w#ex
o:iqN
y".S'u
1$,u
oJ1m
C}DJ
&wHK
7_Pb
.Rn%x.
^gK &:
_b/V
vcnd
5YMj
DownEventHandler
get_IsInvalid
gI7s
(<mc
.T}?
#%^1
Ujif
od!k
_H-H;,h
Zh8UB
:V=\
94(v
rmv>
j:GW
[Uc}
BwUe0
aa7y
mp<f
%%"N
PropertyData
O Q?
Ouu
rtW]"y;|l
7=HB#m
F R1cz
DownloadFile
+[$
sofA
axpxQ
<;;5*
i-+t
J%R!
Ix r
e 7=O
Ywnqd
IUT]
Jf\4
#3oX[
ffrX
H`Yn
]oY=
ReadInt32
FUV@
{cq@
C9F
ug@o'
3nHr
DownEvent
9|=_=q'
jAmJ$
S2od2
@sHL
7iCc
Q-dN
\Q2fg;
S^W"K
I1\""
Encryption
{@mr
,Z]S
9/< Tn1
hO.x
v`w8
"tl0
JN]>
_Q^(
AIa:
FsX|
T `@
Zih0`
]2a\3
(>x"
0sn
9u`C
H;55c<
, H'
USjv
1RIW%F
I:A_
+f[O
GetCurrentWindow
wxN
KJ~B0
~ 5f
{:<F
[(5I
nCGT
ElapsedEventArgs
08M
_PX\
Keys
lfZz
h,n&
U8.uG
*l'.
Q2nc"
o^8"
T<+q
Lpt)
R_List
$6E^
%?BX
SetWindowsHookEx
r06&n
Z'JJY4f7
%"m8
;EL_
}-}r
i/ BCf
IuW8}
w.4(A|
F@Fm
^XIjj
fiZE
.vp
Tq:V
<+ d
GV;E
L#r/
[!qY`
o*BG
jR,P
C3qZ;!
rNT"
y~^JK%
LoadLibraryAParameters
s.:z9
`hsv]#
aH|a
h>|Z
{SZ343
aiGX
tF_O(
V-S-Qz
K@j~
6g M
S{F,
0/9?lr.
Registry
Yo!p|
ComVisibleAttribute
]zdd
UQ},
/+h6{
<t x
!NhNg
N.u.r
ct62
q2#tX
=fR!
&AU0
uZ)a
fZ)@
|Pn.\N
.a*Bg
DoJp
*OuO
Yu)b
T,VI1
z`~2
2w?f2;L
^j,
m91#hl
0`0A
mQ.'
v1X!z92Y
r>;c
5(vB
Ohp0
!70.
`D-T
t9Qy(1
9t[N
ApplicationBase
7qt|
4tFZ
DateAndTime
LogType
}@(T
[s%]3o
optSF,
~PAE
YiY0
-`#
m_AppObjectProvider
cH p2
"k'%
oy^q
bEH\9
"Rc`jRgR
08B/
0Gi
V["u
YC^Z
Iu&)MV
FD'~
%Tu
-dBu
^CZE
CT]0
JczC_
Keylogger
(R+}
gWQ0
zH^x'
'XHp
0hL7 SH
WnR&
.wi3i-
/!Sa
~qr\
=L@4
< xiN
.e!'I
.b'^k
zOT\"0
K3AQ
1mu^
nZzWg^C
MlN~gs'
`Bmfl
GT[L4
Vbtx
/Mj+y
-A`U
n . U
XQ'R
\(X
3d\Y
}x+7
Buffer
Ecqr
Kk5.
VzG SG
*@(^zr
]7*/
MiV A
qu<0}j
^)d0
get_MachineName
2mse`
a.b ME
fq' $E
{74:/y
Dd34
6(l9
ExportName
8t q
n1oe
U.i_
a~6%
7{.FA
z~mA
s p{
VQTo!
A'e{
H,cW
_$"k
>ZpM
R=D)
l-F7
L0"X
?~Aw`H
wKX|
H[y@
jWAp
r~xz-R
9OTD
BWkQg
AF$)OS
O0Es. l p|
f/xhj
[L"P
zbnX
L2vH
m@UV
S nm
uz:,
zjvX8
j6WcI
!rZ{"
x&QBt
RCEc
4p%vUE\
)eCE6;~
}=Vn
r/+ 'rJ
}vOh&9
FRg.
uK`~
Exception
~+Ug
(RcD
X MIGT
4l0+?
QkdYN
4v O
GetKeyboardState
V,sH
27g"
eu%
((\=
_#69
] ,1
9A/3
T2 60
]EOd
fDZ
[^J?
/XDc
9&?a3
C|q
ure%mq
0 T/
V9[<
PUh8
Y B.
6 jUoBEr
"NZSk
V 1t
;NvQS
6m83
Sdu,
(ZnF3m
$5m"
V;Wm Q
6UT@
Drt3
JI_T
u>7]
05A>
%^Ru
Export
;3pQ
W|ZR
"08,
hU)
[*Pl
T&?bY
f)-"
D(o~<
Math
dL4'
nqLR
u ,m
'; %fo<w
*>`RJ"
{2W x
l(\q
[k'a
WgGg
mJ#O
"8mu
|*:]%
R| 4]
xS^:
wK(}-
) ?mr
-XKzn
n3|E
hEL0
GetBetween
Send
Y"4G
o+G
!c~{
5eg
;~Y;
1`fd
Cf'C
<_& E
Eo%t
V:B{
\-pQ
b5qmP
qf\=H
8S !
TsoW
-r@@
h+h w
4.1.1.0
" gs
F3BE
bl.7
k;]t
set_IV
?,W[
g=Q;!=
Cd9@
E*|B
R/e
J# N=
.\[N
kw]i
&Sqe
bbut(A
2OMFb
%UeI
j>"L
]Ph->
7c[)
<Module>
_ojK
N2#z
?Kf
EbFD
`, 8
M G^
%q<=
iV~M:
mOz,
MulticastDelegate
lpString
RegOpenKeyExAParameters
qwCR
RJ TL
9iy`
FchcW
^-m3G1G
['H
>91o
=a5(
EoK 07
A$4Q
X`A4
jJe`3l
#v`W
5>yo[U]
?&*,#
4c;^U
x\[ln
^jE:
%&Cu1
DXD(
t;Q{DW
dk.Ph
/#CIe
;^=
#F:?
J>Hl
~xA{
Xk.E
)z p
dD!p
M=Y:y
rC7hc1
p*; x
6;sIj0
Rb';
g2Bq
j7J#X/
MyTemplate
-^\!
dH%>
~jx9
wVK%R`
eV D
^@sg^}
r .O
Ay c
Clipboard
;sVC
k9y]l
-#"2'&
2*i-Cq
u4cT
]WSZ
6+KSQ
~">f
O q0
RF 'O<
To_Unicode
hzZXd
&:#:)
Lzr U
GiFPqnB
r- nJ
;3]B
'MW!
B/F-
=Y+x
M%Q(
C452
System.ComponentModel
'\ly
D3 Y
U3U O
4e&@4
p{";
x5Vk
V4Ac
|*Vp
S_NbR
JtZ_+G
]P)h
R~`q
b6E:
!| d
A9x!
7g]]
?X:C
KA ~
w`G`
|M*`Q
MKl;3
V?S
)wjd
Yk}\
MyProject
z3u7
i(VQ
~AOKO
*oU-
%UyX F
/bI%y&
N}@y
'? H
"[nqA<
f4@
Split
ZD\+B
v%Ev
GYiT
xUw
NativeMethods
5-D<1
.".6
hp=Q"2`x+l
b0A-O;[u
X7nF
VTV89%
by$m
oW C(
EAnB
1[~z
jNQ=W n
jDxt!p=
NGiT
<f7\
b_lM
R;t]
?gT#
~4?P
ITQvt
#$yv' *-
(M0t
K hD
$q3F|
n:}O
NMLm _
KA=
8S@O1
'&tF
Dn'
Sfa=w
Host
WebServices
;sZ+
"8F
1noFo
CI]Q
\Ked
IaPt
d?Po
~16R
p\,I
(IYL
\t/P
`\#7^E
[ 6c
5\*JMO
x"P
+@1C #Z
Vjc(
}dkq
/*cx.
S.Ig
oF ~4]7~
aZN=
CGtE
^ "(
[(oqT
~ `6a a=
i !
!5YI<
~U+e}
yrRk7B
H^pa
. oo
Q44NH| .
ZGr5
m/E*
8F-,
V ('a
ayc"
4.K7
-G@.
UCh8-
GA;!w
p[;/V
A1 W
)2gL
Reserved2
op_Explicit
&C2 5h
System.Security
n^cK
zzho
i1V-C
r$"{
:,\.
vHID
^(Is
QXML
sp:PJ
EndInvoke
(1(i
type
Y^r^
k3.j
v~Z`/w
z=RU
x*Z7
3T<<
gnL?
X}QFo
)Ln8|
gr;9`
`cHm
& : Mk
Chrome
876V
O'9$
:h1z
|IT4
;"<8/GQ
-~%q
; m_NRNyKV
=g2v]e/&z'
0A$-
Ex2/
X</-v
HZA;:
98(A
kE?W
8B<B
nIZ<
"~w;
.o s
-5Bp
-{8i
1nj=+
?D.h&
r"<y
V/ %%j
Mgld
&M8Nu$fq
)yet<-H6][5
0WVt
=iQc~
pz5$
f'J_
L?))
~$ x e
QqXK
oe
bdqz%1
9kRU
1&2k
JC*X
DNek0
S9g!@
F,6Z
B?ZV
oCV_a
$0Ll
Gy[|
Ky`<n
7/R
I%8i
9nh]
2@l:
wW YEE,!
yK+w1
] D#
YV{
?I>v
j-6?
:FH
NetScape
2IF
O]x
e2hT
W"*lf
HelpKeywordAttribute
#0l?
Jwi&
UFxg
xF6m
]h([
()H~
s/>4
XH_w
lOt
~B+
&~gf !r
H#
w BG=
U?\n
rZ"wl
p +X+R
GetText
OAAH6u
*&Xp$
DkOA
b012
y:Cbg
.4t[
m3Xp
BrKju
O/);Y
7=":
Zs"=
Kn4H
L?gcI
8ya
iI _2
_mJP
oe6s
-bA?
SbL`
Llia
+:0/D
{{
ToDouble
" x?y
6G?J7
m "rKo
7'{$#
Wo;+
p}.rn
-\y
xG.s
ueFE
Yjs.#W
;C|n3
X 7;
R08b
ZY"_zRu`
i$FJ3
%y m
O?a
2| *
I
NHS_
(4
dG=E
viEw
Ngv^
-NB
+
Mtp_
Ndaps
fRsj
YyLR
Zy<T
C L@
LAji
,q]&
HY2v
@ w1
OrS%\+
-<9c
pdX/l
k{)
@D<PH
KurC
'*\tkHh3
SelfDestruct
mL=M
NxSJ
? ex
GHxO(
5~6U
7{wX,
Get_Alt
UzXi>
$`C0
PZ Q
WdCi
3lP9
2uK2(
Un'o
]cP;
Program_data
p
IHFB
<'Un
8h_EL8
q7!|"
+D+>
("YG
Fc=I
Y] K
9)p>@
3:F[
m_MyWebServicesObjectProvider
+/q`
G(e-
:Lqg
Keylogger
c7Rq
:{$;
Marshal
]iO*
b)ux
_7it
v*O7
ey3q PL
:op$
f!n &
(CkIfb
4@,be
O 0;
#tUc#
l6;U
8q!\j5
v`9%
RfOd
+a!
e_/~N;
sJ4
qw!Za.
IQJxeZ
gRr{
u`g oW
^01)
'hi?
jxD;>
Q@/5
5fT[
,l@J
G{N3J
H&NP
.)>#&
&N W$
)Qqa
WrapNonExceptionThrows
+")4
(#pH i
&qOa
nXCb
Ry5p
RuntimeTypeHandle
*toL\
6\)8
P<`gdd
F'Ss
F96 f
bA{LLOE
7#{!
\t)#r
DelegateAsyncResult
V} ;
1Fx,3h
z-^"q`o
C^ M
9vbF
o]aG
$x+4
"Q\T
2 (E^
h=&*
=j!(T
K=[y!G
a\QkT
egaq
q;=j
c#`Z
/^bp
^>?I
ANM"(
SbS~
Of>
.j9(.
OiEY
Paltalk
wj.F
gi-8
Gye>
=M3
PxD9
I+"mo0
!qt,
9Dx7
9#@y
VmhQ
iI[_*
Zxwy_
l(}?
a`ue
jxX>
CjVk`:
KeyHook
!S'}0L
bD8;
r=ac83
/Hv6lAy
lah[!U
]ja=
O rBjZ
O@Sy
)CP#t/Y9
Qw:d
)rzh
{Vuz)/ZD
RegQueryValueEx
Get_Comp
M=O_cu
0nE|BFR
+OwN
"<
=f5Ov0PQ
uU0
w_ (
4qd%%
DCQ
AKfl
S_(*
$0GQ
System.Diagnostics
s('0
l]]Kt
J4<i
"%*B
InternetExplorer
diC
CallNextHookExA
hWnd
~i-c&{
jIk~
w:tm
+=-V
aV-)R*
[/Iq
MY<q3f
mRw(
C41h
Cz!Lag
<qUF
GetType
1Jj)
@$E,
!YRa9@^&
u137
G/S:?
String
so-H
|'Ahl!
Pv*F
zKNu7T6}
LVDzR
hb1
8.0.0.0
<!Q'
3.Va
G^{
eq%4
get_UTF8
3DKoXh
yv)
H|Z[2
i1 A#k
^'`"
']&t
08-hk
^97r
HotList
d]OTr
.|&r
a8F:
~"R)q
Lfqh
vVK]dN
prK
ManagementObject
HFQS
"Q3^
o$u5
x4MB7
m.pN
&N-;Qt
0z a
l+d
c >:
0=CVbF
2>sw
Yyls
QgaKi
]yGTF`l
1<]k
!Dxg'
XCL S3
QX2y
CO w
@*ajJ
!7Lei
Q "h^x
Ag2(
.Ssk
KwdA
.V_h
y<h S}
/)~!
a"pJ
RecoverBrowsers
8K:T
)eWS
GetProcAddress
get_Capacity
EXEw*
Cm4[
f/7eh
dn2}
3Hib
CopyArray
Wow64
.LGTs
(,H,
rT=H
a;4n$2
0uE`5 ,|
H-b[2+
SpecialFolder
r4 } Cq
g4$n
=UcQ<
>$vf
.xbp
TargetObject
& W/O
Zs[v|
u}T'
d t@
wHw-
"(((
Q%dw
p s@
]k5[44M
GWUp
%D5dd6
!)=8
cU>d}
Bh&4
pm6f_
k ^
>^vkQ
WgA
j*4\
m3RPO&
~d0|
>Y5H
#5c;
~T.9d
U22d
?q5cU
%TI-:S;w
vLP +
.0wH)
~ZG$b>ht
!](f
= k~
_"Eo'
Pe #J
H$>&
ZQ\I
K<5b
sZ6m
Qb.cUq10
|@f}
~[M
A0 e
z-Cy
z0="%
ac$25
lZn4
gwci!
fyoP
>D>
6v&qz
#%C2
>X,S
me7 !
Cvhw
. p~
YY3)
$x1|~
3fvuR
:bv!?P
bQ?
m VyW
rz=.
2Xai
?}kS{,G/
$&%
Ghq65
@M+{
bp @
r jhn
]tkJ
DCGS
K9n]
m}6#
AkU
Q:ba)
ICryptoTransform
~:}M
Rt k U
|`:P
|</j
AssemblyTitleAttribute
'})D
%m[G
Paytm
Pu S*w
GetKeyboardLayout
1Ymw
zyni
cEkx
Eo@V
wScanCode
5P5X
\CY,
V;^%
first
c[3nqms
i_ 8
0Pd~
|5z
qCn6Z
!vS\
KeyDelegate
N~'0
:Cl8k!
wF6jc<
x:{Hg
KeystrokesTyped
#HB{>
[B[^
rT2c
*]D1g
5'H%
u""JR
iO|n
UY
fu}Om
c(2>Vi
&ri
M Du
^a'%
# GE
"aFp/a
e &'
--6yp
gu(^e
s~c
#
KF %
~E}*m`
v3>C
#HLo
/.V6
!w9!
a/|]ec
,8W]
4T?C
]ok>
7}`@
uq RQ
samDesired
ReadFile
W{il
SR*GSR
A^3s
N~bi@
&Wy|
i]u*
:HNqCT
4irt
1[WS
%aOzT{
~$=8g
/B<>n
#Ye'x
OxKD
s}lZ
]VH>
*JB/
}F $
TIW0
y-`b
lW y~<
0vn&
5) Kc^
get_Chars
Digits
q\C
VxnT
b0(yr
"Ljb
1oC<i
~ae:_
RegOpenKeyEx
B0MQ
O*`"
\c5/TNN[w:R
U7}m
F$X[eo
Ri$g
Qi/hPmj
ICNZ
j{3&=
h3cd,
AP:\
dataSize
h#;f
3?Lc
JqM ?
bZ*>vm
Finalize
ZD-x?}R
'CStx
#C8
"O'];MV
S&0\K}
App_Path
`z8QT
MapVirtualKey
YtfY
:1Rx
Y@5+
g lql|
q'a(
@Vni
/s&:
lHd"(gO
k>N$
B-XJ
c4 T
&zH%3
c]
iLXdzZ
0(Nub:
CTxj
Assembly
qm(-}
DelegateAsyncState
( X;w9
Qz1N
VRIAL
'Am}?J?r
'h-Q
)!w.
WMp~
4(.V
e~k7
DqarX
lC P
%p><
&E;K
t$4F
5?8qBa
{ L=NW
Q: 2H
&X R
GvX#
:g
[9,C
dLMXp]
/2ZLn
{A\!
$h-dV
6<eu
+140A
tJE dC^
Cn-!
'#C B
WXU6z
v1/t
M_O]-M
f6806
&Gz'!
Get_Modules
R*8P
|j3*
wuLh
My.WebServices
N29j05
wuLV
FX95FZl
c<Jo
LUyX62
5Xb"D
E}J>A
y |n)
j|lr
K]GT
<{y i
I={N
EJ*8
O&Kl
gT|N
<4"z
7q A
)H-Y%
lCsj
=Mwf
QHGMp
m.Qx
%"sp
4&et
<2DwH
b_sM\
.w= #
1|YY
mvF|d
&AOi-
9RGk
*Hh+o
R<5lk
Bv 3
O0ri
q$B
!xD}
2VL+
~o"E
\Z-0
gz8m^
:^cdF
|f*m
aNba A
Interaction
LU3+-
fgjjaDV
OzRdK0
g< I6$
E%NA
Ltr"
2$@V
h.MN
>8n/p
J#,
Th5(
tcq#+
#Ke{2S %
Wpv;
@-Gfc
G ln/
~L4X
wvUc
$SUY
IfC~
"oF;
Operators
nbA9X
cnEi
EnEE
sN{
/+ok
!B*+
\^i\
e-Wme
RuntimeHelpers
OQrl4
pWyL
iI`1
. ;
=qg
mAlZ
VJunc~
|BJM
0A.i
=J($
|0X0
53fx4
!Om*
j/g/
0! R+
m]k@
Vg5P2
_#ZJ
])H 8
X.P}y7\
V^+
kS A =
9Z2\
7{ck9
\$.x
get_Value
{7k>6
^6AH
,.T-
j+z4l
)%tn
6SVh
InternetDownloadManager
)2<p"
("-]
Kz=7
'>!
hEQc
p=m9
wVirtKey
\y6_
$r)g T
4- ^
kAB:2
yM(^
hc`'N
}vg2
fmHX
.cctor
x<,]
xMZ !?
z9tZnm
uBRt
+L+%xw
UATL
H~0
:@M<+
Wq0[
%ez
r*b+
Kill
"G?'
rFSF4
YwX=
$!t?
OYE
pwszBuff
oT
e.:v
._0q
;}?
z2\
Qn6E
System.Reflection
_jD
r ;t
u`W
N_-z2
R tvS
MIPq
A\ve
QD
!e\m
Q .}
]%s{
:>N-
5Qy)
search
ToInt64
"aAF
~[2.S
Wlgj}
l#.S
\dgh
)U<i
@!<-B
8&^TVr
U@OM
?~VwJ/Bx
{2?5c
r:+
AssemblyDescriptionAttribute
]81z
(M{u&c'y
{?x(L^A
F>+5
UJO$
4?\n
Wbf:"q
<9~w
q{T>
^iT'
&3 U
*4u]
2 wvy6
;P$y
l?0
;OR
hE~cX
7k4g
R;*Vm
)Q/3
Ge "T
h 45
+0+*
]|:x
uvD#T?
RU:)
EnW
O|Ul
IG4?
cUOi
Mn\A$
<#i$
c!kj5
v>3\
d,GW>
DelegateCallback
YQ0
DiposeHook
h72U
o.L,|#(|~
u'"=<
^ 6}E
;=p"
GetCurrentProcess
zk %U
n"7m7
o WU+n=
W=:3
z9kI
a<z
*G 97Tm
;Yc"
]!E{
DV/0
3 .|i
get_GetInstance
GetActiveWindow
p: 4l
9rzo
eROn %4
C"@=
P:Sc
!4fh
g/Da~
SetProjectError
_B,L
jR0F
d_r(3 k
}.wDX{
N_Ep}
*@k\1
Pz/i
bpEV
eLR|h
<dl_(
0 @v
X T.i@
n8w~
.1/A
CM@f%
T}#N
ki`=T
g[B'
D[&Q
mxE"uG
t2::9
s`m=
iQoe
Microsoft.Win32
2VN1
OU:=
(R:o
ToChar
H6_T
P6G
%+p19
g+NC
jXJ.
`Q?C
pG-.
u2 hP
BXcK8
Gs<I
-mP
3b2})HW6/A)
bgo3(
7At[
= jE
RecoverMail
Dqqm7
geZ-
89n
a5a3kfg&
KRIj
?3/,3
- o^dA
pR_g
>3%W
v v
<Wx|[
mPin/T
B "
do4p8 =d
E61[
9HKw
G!2#Bu
u- SL
nubG
?TUNV
HN@d
Q&'k
/xB#8
n;jV
-7_zIc
>S2{'
x0?z
ZeEn
?*w:
get_WebServices
nCode
Wh5{X{
`ja=
}~U+
89 "
s<?d
;H%;
Fo=xt]
QyPw
z8L4
-P X`d
F]\6
^bo6
+_i-
5 U!`z
uP+n
O x6
WeRJLr
StandardModuleAttribute
~[ja
x8UT
08>V
6:*#
#8.W
Sv=1
dAE91
T|+H
~R8\
/pFE
$bJ+1o
)YSb)
cUT
6w^4p
\\MH
(UXY
_h8 o
Microsoft.VisualBasic
t_m+
Z[q+
^e02r
UuJh
M6q\Y
^wel
uqm7I}
E-te
;}4
4cxP
<_Q_m
-Ppq
e9X0+5
1\yD
-Ppd
>Q.]7
ZR-i
*I."
RUd(
XJ.1
Tb $
d= #
P}3g
feD|N
<`TD8
l1 ~
)G_B,
Ynm=q
C%fn
kDe
yC0M
y'
.x$
()gYq
XpsI
^I|5v
3-:h
rGb<G59
Feed
%jLW{
~Q"!;
SetWindowsHookExA
nkHo
"[/a
2s iZ
Z8tu
23 gn
:%M{
z7JT T
2H * s
|yr@
=dO*
m4#{
yDRxS e
>R|m
PTHB'
f_x 2
P:IWF
Copy
3/A
AssemblyFileVersionAttribute
WPVu
f&+v
!k b
s<>V}
fH:$
Vp'J
System.Resources
Yt 9
1 JgqV
Y>p8lx
4P-RL
`MQ6h5
KDel
%\hm
WF=(7y
QPN2
AddCurrentKey
r}'*B
xyXT
VMJqn4
\`aJd
8f_B
e&|P
*V8b
r&%-
9M/1>
YYN3
%Vz n8
E RU
,7 xc
nq]M
|Fan
^pYMT#
StructLayoutAttribute
TZXT$
5hfKc
/@@|:L
%'c_
-Tpb
|,R
~} {
#NzdY
K"zgSt
8WU2
!FJ:
}.wl
thhG
/[wGh
x^M A-
-34j*r
_&g?
O9}n>
.G~ x
T#,Q
1l@4
&eG/
0_l@@N
1n&n
y-,d
>J?$q
:1"W&
^zL"
wn7,
G[ Z
^[w7
+~/Y;
Zx-\
!j[>
rQC;
Q]zO[
af\t
U$ PO
^ yIxi
l)L?
@w
{ SE
|C W
6 >
bU0j
M] W
]dt~
StrReverse
Y@A(
KnV.ZO
,nm29
p6Ti
y`YY7
v79t
ww>ZyL|
e94s[
rkl[5
{8)o
T2 X}9e
A[6(|
Au *M
&&JX
tDeC
Bgc"
%YYc
9|J%
g S2y
>V}z
cyV.
f=K\
O<2n/
;<"~
yPgg\
&,.&
ToInt16
0mgxX
Shvi
1TD<
E-*.
LUy&
l}%"6.
TE=b
-|vw
CWmJ
C}W
|"4K
mE,K
$o)\
%}>!
JHES
\W=bqk
~DmU
rPV f
`o [/
X/#4E
aTnK
+Grd
/e?R
midReturn
;D'$
H^z
poY%
xdWR
_ =F
R2Z&
}Z4m{
VE\z
t]qV|T
dKG/
{s$Q
jHxWz
_Assembly
eE !
GKgko
cj~i
#yQ.
EditorBrowsableState
Wr X
[]~-xWMu
[6o?<
}i9 r
M4I&
-{_0
*k}RC
H:ge
zv~g
v0fv
fQ`Iu
-G~;T
)Xd0
/U?v
lpdwProcessID
ONg
V4p.
$\>S
OS`I
@.+h
IsNullOrEmpty
Sa)\
]6 8
579A
1mgX
22 /Xq`@"
zvX&T
ForNextCheckObj
~<w.n
`lIm
$lGQ>]W
{Xq!
&<hB
}[#}
0D[}
8)AO
+ !])
WZ|?
4&?[HH
c:$v
_&ylQI
;UDYW
L%+n
g=P.y
}n_XQ
8fp5
$0>y
reserved
W>}h
9R~r
?).!L
+ "R
^\|-
# WXVpc
2&Mt
H#*>
<#1tt
awd4
-DQw
/Z/0
Nbf=
uEEF4
o4M<
a.TM
]i71
[XfIj
&JG;;U
Tb a
d-D3
2t9bl
Ic)w
ud-iZ
Ur{?<0!
*S>[
XMrN
B_K]l
2uU(Jce
D8A
rEi$
Y{3?
TCm*>E
Bj e&
DqoY
y G{
HZn[)i
l}l }
(} =
wParam
zhT|8p
2jsSU
P!@s70@
fn$E
1cba7
=\{9X
(O)hUO
g0Gi>
I |7
Key.resources
(8aQ
@Obj
z{; SP
<~N1
P2J1
<3t4
;(}"QR}
3T-x
[[y1n
zw~gA
VP94
2Mn7N
_3X.pAN
{'QC
~ Mo0a.
*wbSh
System.Threading
+l=0
*Op+^
Y(pP-lO=
dy5{
Outlook
:r\?
f[x): B=$<
My.Computer
uuPSb
<B&&
q~h{
v2.0.50727
D!Z{|
k|dC
#|w*,
`izk
A+<F
i#I2E
&-nI
{u;
h`pF
DM"lE
HI?Wl
\E{.^
q&1r
=2 u
A+<
XS96f
get_Properties
+3VQ
W+K.b?
Th{J
Jap<
44n&
2;UP
ANED
^t]@q
yV<+6
DX(9
~:hY
GetEnumerator
SymmetricAlgorithm
.9D #
M 9uJ
System.Timers
G96"
mxSJ6
XV[1
'1|l
_Y"tE
ugff
YY,#P
@"*#n&
%B8-
D[y'
^<oo5
dD2C
kC$Nm
Hv[(o
f0A8ke
lKyI
['ya
WCOyx
fIts
Jj}wC
/V~v
oB8l5l
]pD$q
XA:
Mqh3C
az c
<z.-W
>zGj
i(kwqP
$16&
1V3:
WtQI
iH b
S{PnAX
jj=T
;#y
#|eW
,A0>
bd=SP
;{+sw
4UbU
MBC~
b|-R
BudrK
e @
3V>4
JaWv
get_Keylogger
#&"<n
/& }
R}3S
D)f/z
\5 #
TransformFinalBlock
U>/s fI3
|RD'e
6Y$ S
;T f3
t=&"{
r(:~
cc =
GetHINSTANCE
`6=u
nCc~V
U\Yu
p2~n
Exists
HZ&]
u`qlKb>
"$xT
xJo+
$OlHh
,wz Of1^
InternalGetProcAddressManual32
l@zf
53,5
).Bd4Q
HFG$~/S
q*e
)yTn
1vLG
Equals
i&'
Sandboxie Installer
V_Code
/-GD
#Blob
<1Uv
-;23$
%"P"
B/UK
y] _<
s9 v
o} d18
#hy1
S1U~
EXAV
Nsna@
1 i'
ZfnVUH
+OM|
tIkY;
{oFPL.
cfdq
yOKkpW
7*'+
c]`G
7+}?k
rFQ
I(%)
$<)OE
qmDq
q.Y=6
.{OG
r u
=yR~8
KsxH
r?Q5U
@5uG
4AiA
!}Q!
/k6lcH
f>#\
|*p12 +
B$^
yKY"^ j^Q
Y r
~(hv
/ l^
s[{7
Thread
]p9~B
yc^iFp
Release
3>P
t~SKO} i9
6>jL
s0z{
6?IJu
W?I4
s0&2%B
ObjectFlowControl
aX&7]
V%V
ReadAllText
!cRzA
_01`
"N]"
~]'C$Z
>g6y|
}Dhcm
b_MS
XD];J
EZ|.i6'
Is_Containing
s 2q
7i\&:
bYl`
h[g}R_
%kR
ReleaseHandle
prQ
q/ L
\pQF
Jmui*3-
$fDu
^/Ql^_
;z.V
%8Wv
MYwi
MPy]I
< 6
{sUS
L H.i
bk u
).=c
>'f9
Qt'f
DestructFile
C,l4
Jo]j
-Wiy
PtrToStringAnsi
~@H`
k8T$
Compare
8fS
Gt.N
}E>["[T
=,,F
PnMw
>{ m +_
[~L;
tY~V
`P*z=
U[t
ckox
ltl-B
}mk{6
gAVJ
QrII
Y1 mD
Lk6@
FxVf,r
0Tm<
GOW;J
ThreadSafeObjectProvider`1
Is_Locked
UploadFile
F:lT
^pzf
TRrq
?r@w
2Rh^
pqhzm
i+SZ
Snc>#
_xbNY"
UE#%yi
ZKE
-c\o
Yk4AT
+{URg_
Sleep
gecH
x^Jb|
uS r3E<7
0N^6
UWjlJ
q6 &mj
H*}L
DateTime
P#iH[
MB|(.
*owT !
;H\C
>EKiG
~Tdk
S%ij?
eLyZ
D2Z9
+;N"s
sBPv
aPbol
d0 k <
GetInstance
:|bp
,<P"
+0@V9 ,
pB_]"
5 %X;'4sWC
|\=R
g Q4
j@Ly
x\5^
('V `
2}2<
H0:q
,`.u
um(j
_0&\
d9\P
gc.B
t O\DK#oQ
>'$"
8o'rE
(=w<r
-y|$k
(~:e
x*BuZ
j-9f
jqCi
A [
$R,m
:A$;4
n(qr
]m2o
kqfg
#KeN
5*;,
%(u"
AG)1X
Na/&
xuM2}
Nn4c
~}A2x
path
rUCx
=b<j
+b2x
U1Hd3
_1 U
J?Tc
1%Z&
VT"h
i^mS
['VU<
jlFIj
.%Z,
1 ]
V)##|
9c8
s$eR
!!?X8,
J063\
%;`D
=f2a
5J)
d8GQ
}QPS|
g+@a
qhNWe:
yl1r0
1)z!d
(^#g;z
4+ Nr
Restart_Path
) TK
:'@;v
<WS%v
get_Computer
HaifU
)2<]
~ iE
Z jph
!>8V
3\X>3
DS3A
lAEJ
n_MF
GetMethod
0<5
Zhyx
b!wG
O8PL.`
?(B!(
$z&S
o)RC
!)T$
( }
@jpZ^(
GetObjectValue
n3Y of
{6)x
>PP^
get_Application
.3U
Lm%bg\
g{?K
L"Hh
;0]E
Y?OT
'2pb$d
=mD4
`te:
nwvq
[UoHS hh
M:5[4
C$*
?3^jd
KH*&7
:J;O
0t {
-K] w
}CPt
System.Management
x5( :(
BP3{
1(, B\
JDownloader
SB{/
$<4?
PK/ 59G
rzvV
[;|W
_ITgE
#Y\?
='l3WF
}`E#
d{w=
+$r_
3jM|
/)@vtib
Thunderbird
e j.
_H0a,
qNy s>
g{($
{L~b
|9o,
y_Rf9]n
7p &
Kh#ZS
XS;;
m;uOh
v/ [
#D$!
Alt_Location
jh Tb
R0*M
8b=O
Oqlal
Lu_4
^@TT
oQgh/
F7"Q
d@N}:
h4E
Tw~t
'$`CX
g-sM
StdOutput
IIw
WAIt
MEa}
lZy&
yFz)S
&]fT
)G^c
=!W$
q ):
</&tO
zt 7
ReadOnlyCollectionBase
Gv1I;
=[ \
Convert
519W
obQ]
z&;"
MyApplication
pf)3
0#=s
zBz"
RJ2Y{
+t9P
s-G<
e"MmR
Y!9#
rVx)s
QL9w
_{
+>}N
Q><Y
FandS
WithEventsValue
1NS
ChrW
(cSY9
VFS;
.]E
?otj
z2!w
,nkp
fx=$s
cx(
{ 9ga
~u#7
System.Net
ex8(
~\6pl
TeOu1
mI)6
@gI,
%^@S
* ,-
r`,\
t|Hc
I 9N
]!@f
get_Default
Tw]>
`N&$3
!U]a
_5l=
v(OT
q]s)
,<RB
0X a2
D>0<IA
1l>:
`+]]s]
0 TI
Ae}Q7
.c6>D
>Ubgp
VX83-Q
.UCIe
q6by
?N"i
2Mg{
|Zgc
protect
E0t9
C>_@&
&_@=
Computer
!\
`p O
.gly
zYr|
Regex
:`.eTlo
w^JRbe
#P~)
i,Z
7V%
*Q,hn t.g
[2U+
M/P{
r \L
:4/R`r
`_p .!j
vf5^
jHtoc
g,wkTi
m)y&
f $c
p,t:
&kwE
&5jy
Sf(]
}2lj
KhI$<
GetBytes
'Jj!
p2!7
5HF
b9l
O5Sy
sT8,Xcr
/yC:9vG
lParam
dJ |
TK3zP)
/.=r
hWYw
Lubg
dwLayout
"- /]
2q1*$
WebLocation
j$cV
4nj!m
B,gV
' 5!'
,( #
pLU:
M%JG
.Y\C
rqm!
&wO+
b @S
Of|y7
;7b^=z
dxx3
;4wP
^=Ag
GIoy
H;K.
5? &C
h'4l
WgoE
@9m5O
FKdk
"thBa
ws6w
yu_"
vM (
MdLn8(
^Z0U
{Ys#
)}B
`%Tq/
S<q&
3:r~
#(,t1
D# 5
hS,GJ _
SP *o/
instance
uO| (\
a=v<0
>QCq
GrE!
pe 0
R'X
Z,XI]
STAThreadAttribute
S+L,
RQP"
[ cK
0zF#
YD -=
6 Bw
2]0\CJ
KwN
&7T"
_6B5L
h]q^
F6v-.
{9D1
BiWZ
CO1|
l&GwB
zo-k*E
.<17s
S,eUy#
u`8-:L
ew<y
j? M
pBxC
#z/F'
MX&:
-pp
PropertyDataCollection
_1TIV.
faefd[HD
aca$
bY=\T
^Bi L
n->h
P_.K1
=>He
[,!$i
PH @
System.Collections
3y=8
16,a
$N-O?
"ABP
^%4a
'Qxq
q#=I
L;EB
Environment
k~@
*[mV
/#&U
ip_)
~PqpJJ
1Gete
KeyloggerProcess
b[^Z
EQ[m
0 p
1O 6
,k4T
+OA9
U?Hv2
+z~-
`KT~
FI2j
Module
HA1a
#(w&g
nFkf
]9k>J
'G1BO"
6hS=
H{'N
!zV'w
^= Z
f C
}^X]*
EN?M
CFf
ThreadStaticAttribute
[nW~
9s *
tr=0!R
M\Q5
M(R\4
Activator
icD8tG
wrSd
[@Z'w
--:%
H_= m
8m4F
G9th
kXF\
^xeH
"6{#
#6&-
ProjectData
r4u1Y[
-{Ym)d
]7Sh
H|D
'd_@.a
iVVp
rQEG)
4]&$
cW&@
VREt
uyvN
/h0
a ]_
T8VW%
environment
E% l
NX/0xd,S~
%CE|
oW4j
mW/oP
=*O
4 Or
b!vd
z[!j/ fG
Wk4F>
RV>$
7WMvP
6J0x
to"YV
x'O
"{|u
`9P'
UmWT
H;nR
9w9O`o
(L3@
UQ}\d
b][-
ScreenshotHotList
-~%
*dAf
w|9(kU
O=]-
~ --
<RHY
5#xpB
n)jp
CreateInstance
?4h[
4DTLA
D*~-
@Z]c#X
aMCt
&'/Y
&}cT
qr0F
03hx
e`D
8wk/9RX
W]D1
ZPPB
d[C2
a78 Z
e,r<{x
8N dC
'!wV
.J'B
Q>Qa8
1f.!
T={b"
YQ+E&
cF\I
Z.PT
2z-UG
?8l$
755D
eMU:>PW%
Time
_7,i
6Lkx
AQtn,Z
get_Length
JT6m
QkVt
FileZillaPass
ExecuteBindedFiles
V:V|
9dZ p
ReadByteArray
_\.AF
) 8.1
I;g
6~upVQ
*X:tDX
qYUz
:y)e
Zi9F
%yS>
0pDuu
U*eW{
Yr#
ScanCode
m NS
0tM
6I9\
}@#d
-Pg^
/P2
p:|!t
t1XS
a:m!
PasswordRecovery
>)~@
sRWJQbV
: yf
7oX
~uuS
azIa
?L k
%sZG
47 J
.a&t1
>2Bt{E
A QnK
Hk}
^ne)
b{P
D ><
k:=0
ET>^
|)Qpz
oJ G
Go4)T
name
Utils
q\'l
q`x "Za
kenI
aQ(+
'z*yvN
ZV/y
,|HV
E$j~
lb< [
? VV
ttZ1
<}-p
&0(7
O@XF4s
b )s
Z` .
|mc\
-hkrf
K. IT o?g8:
k)l^
DxJj
ThreadHandle
Matches
B9<K~a
<tg1
/~K3
WHI
Nsv0
ex,OQ
$<8U
7iL_{
&%z7v
MOZ2
Start
Qz$z
lZP
/Z(\
R<iG
dl5;D
z}o/Fl$
. ?[]
b2xr
pKy
W .B
o}
F~uN
Y4/m
Q%y$[
M 5
4y0$_3V*
=I?0
Z2P9in2]K
di*.
H+"x
,c q
n+cM2
2YpK
VYG_
~H6jU:
NnOv&
z Y
m+<L2q
(hS|U
&9W_
3 GP
~3la
<=Z4a
QXzv
kWkug
J(E}
1<??e
"?W
=umm%6e
)\7+
Filezilla
BA,Y"
>ww
q<GS5[x
9Rr
wJB/
'4 T
?]Ju
rf^z
A[n=T{
S^1`
FW`e
Qdua8
/(0i
Byte
3l[L
#FiwAp
MoveNext
K[P4e
ReadAllLines
t||3
^ ;<
UnmanagedType
DG-
5Y]`~$
&Bio'
[(E?
s (B
\wn'
da%e1u
xbjX
{q#l
f94P
0B4<CE
:?<&
GetHashCode
s!"o21
p%d,
3bst*i
)KI$
[:4o
./{S'z
P?}>
Z)`u
*4 o
o@rX
>F?J
zA&t
^! g
:D'U4{
)FbG
get_Item
RegCloseKey
2x8]
Rd3YW
;ND|
`[S'
a&Tt
IWV6
0` s
4=+4
7WL1
7E55&
!(QQ
U{s?
iLYy
E\.Q
fX mg
J\J5
&u;Y*
O"Q
UQxK
u`m<
V]Iv0
remove_Down
R&hN
M7;{F
:.-W
[@mr!4/
0[3.
mO(v
Yq2z
H"c$
=9B'1n
>)87
Fj}H
ppy9
=aY"
D,O5
;8,"
Y@jD
By[8
#ji:q/
&c"k
r-s#
4M'Z
a-75
SXYFl
add_Down
nRfg
Alpahbet
m3oo
o%(HW
)cS;:
sl`4
#`5#
F3Tq
4tA>
rmxFd
XCG.
IS/<
gH1x$!G7
A[%t
V0.=G
8UM*s
$](VK
jNSs
}om-
IN'++
[J6{
X '
5e x
iq~}
#z9 N
cKWiH
rBTJls9
_<f:
|=BLTW>s
4R<y
bREa)
dfj
BYrYc
I`\ii
MyGroupCollectionAttribute
? YZ&D
737j
8B(t
Ti| p
2++Q
LGyY3\
:2y
v_RPjF~+
%-Wp
%><`
D5{k^
N J7
j#sA02
OWkqk
$YR8
kj4~
~&
vH5F
Q 01
r)Ra
cchBuff
(967
.\%D
WT"
2++g
$ C W p
~;w'
^Vh%i ?o
\lx=
D9plv
;'9`
*.F?
b<O"x
ReadMail
Bdgr~
F-% (
A1q^
-LciCX
NYen
+h+b
Q$ i
Lr+5
zeeE
cJ|sEx
`f!y
IndexOf
P$3
1%8Gn
O/UH
A3kH
[{<B
L] g
$V)NCz
" !
P$#@
g_I}
!V/Q
4Kq
K0`W
J[.V(
!(tI
Ot]X
V(/
DmVZ
:r7Tp
^~b2I
RW;
El\
+ nQ
My.User
K$"+D
11/
~k(G8
y: Y
^]J(
8F {
.>%o
b3ta
;\Jj
[4&
8\[E
hn{8
ENCe
"FyC5"
Title
e[.%
iO2na
7 ['
p wc),
g`L[{>L]
:pl2
ReadByte
w8-s
+J=J
CallNextHookEx
. ,k
eY<=
JU;L/
G[ji
]<s<
JBJ7k2
z4<g
c6aL
C?`?
,;Yi
-U|Y
2"#}
Mv*nN(
%:y!
FiHN
|U;#@,
_Keylogger
|:yS
Q~6? YA
7yA |.
S7^{`
z)Zp
FAx
r&d0
+hl
B (-
v*VB
u\ff
Get_Ctrl
?o9d[q
options
"tBX
eMr=
Rfc2898DeriveBytes
op_Equality
4 E'BEq
Instance
&AvW^
DMg<
u!aVs
@yg
=&o*
` (6Q
o@%O
&)4:
r2}^V
b,$p
1\Bd`
Vw0&[
ij(6
vICg
;IyXn
xGNS9
G\=^u
*")
tF0 /
A<x_#
+&@G;[U
H?_{`]
=_nx r
fi!B*
$B;w
"B7m-
P,;Lj
M^zx
~\Wei
jJIO
T"V,e2
WebsiteBlocker
. *5
L<p:
( 8a
`5Zp
Pl8_K
69 ,C
esL+
ProcessModuleCollection
1TUn
C?(q
o7EA
@I"J
.ytu
,4S?\
h!L\k
]q r
q#kk
&>aM
K{;%&Y
H0gT
Ga 4
8e6y
!c &0
Iu GW
m 6%L
c/5&
.cD
hK E
k>v%
9w;hR bL
OoRq
%IlN
&zhv{>
'- M s
^@Y(j
0@NT
B)T(
%t__
WAp8 >
bF G
N2;
HX'2
D_5e
EM:1
Lt <W
BSJB
7l0@
3L&k
>& ~UE
&+
sJ6@eH
T'<5
3]5,LNp
iIs76<L9a
SAJ)
\u,`z
_hw!
1mv>
IntPtr
R|\!
thread
KV<e
#[c(L
jqQ;E
0; 5
{k^
C:M>
D) d
>KWE
8u(/"
"[>
Zio?H/
pxXx
DecryptText
c~Xp
PQRM6
%W_Q
ForLoopInitObj
S N)
]"pL8N
+eQH
_@ a1
o[ypN
h{2=0
PUC]
)"o&
-mBi
.M?aD
HJ:
l~.l
DRnT$]mx
cwD-
_&NM
B/AX1I
v E H=S
k-V
O#?z
H"V(
2/%g
VuDj
,b!i
AddHotWords
4A-9h
l Yq
ThreadId
LQ<P
,}`a
^GA/K
m_ComputerObjectProvider
UpEventHandler
*f/f2i&
jb1$y5
VKCodeToUnicode
_"Y
pc%D
*>(!
h ]
NsH>D
a)eB-6 0
c 0
cf~:
@:'Q
P{x~lN
baseAddress
d3[
W| j
z
8,-N
VFxX#
?u>@}
&Xit
_>y4
>p C
>V&!
=b3Yy'
Mdi%=*[W
w q
99H
J[Z5+
Ila,UZ,
Quqk
<2Vcd
8 !#
<pO~
LyA<
9StQ
y%=H
@\PET
BZi<
~hO
q.2\
NAG P@
WriteAllBytes
O/e:^
,4Bom
^L6~
O@oT
CreateHook
m ]Q
X"tYw!T?
context
*B75
Tgfh[
Xfb
7y3u
BlockCopy
3Oo
L1'i6
3xC6
{2V
m!>u
$r^H_
G|<m?T
?7(|
?tE}
K >
Yawu
oK<b
/@7[
05D5
Nf)_
.mE+
~~Rdht
StringBuilder
*+d?rc
v~#,
y#h
tX=&y
h??_
J]b"
Q~k
rB-RK
bytesWritten
M1U|
40\E]
CompilerGeneratedAttribute
(
pr'
)WIB!
<4lM
Pw38
E[A
/W:2\
@ FG
dK f
7l)SA7
45}|UG
n c;
(a 5
K~As
mdV]
nBpO4P
I \o
+HC=
qVE<5 -J7
&]~p
J3Af
|dJ[
h%?N
pa:I
]tgU
PL6 Ilw
1Or&
fG'{
lxW
xd+4
{#F Hzo
>X',
,;:!u
Hoh&p
Hn6@
"q `Q
p\v`&W
g<1E
j5$
qNJ8
S,1k
*]P(
+Bw6
pP`-
5%j,hB.d
O_CBi
2K3xY
< _YS
qzC>s
arj5
a=j_]
l;(>
qWxy
-7sd
UY|
XY".
|~`%
3 "6:
x*Qh
h_X)
q2^_
!Ehp
M6Jhw>
2f2&
1bh4
&uLgH
o\2u)
4t;>
|j!
_0,Z
!C~;
K2 4
^;@A
G#?K
p*r~
7j%s
>u^/
<_~
;C=~
1 %
M'pfd
cp%H
Y]kr
OuV4K\
a I:F
9#I+
K9UM
il_ g
~'Z`&9
'S<D
V|}=
eB26-#
@19/yh]
Mn8
}L@l
F-$s
E)P7
f^(uT
Enum
`w\
.dr+
69EfA
EditorBrowsableAttribute
%4c0;+G
n*U
&gRX
d[X4P
do+@
@.wNH
*t[!
7^e
MwT}E
PPJM
/weJH!
rMZe
3< 2Y
Sc]x
y|yx
itE F
-o*>
k #)=
9 ZZ<>
H&0
t$^u
76;*T
p/&M
h%138,
Qj5#
TBUn
w3tE
IWwyb
9|X?
]Am$
W F-
}$::$
JxV?
CurrentUser
}70#Y
/Lcl
BeginInvoke
Wzrv
ProcessId
Dispose__Instance__
YiC6
%>
Opera
kkz|
kd*>
lY (e
{ocXB)'`
f7/o
`dzh
(vqb[U
p?8
/qb
yg_kenal
`+zt
]e(O
1Mu;
|YQD
Yi-\1
s34Q
KI]d
{e<Sl
7PBr!Wd
:w|i7
W":">'
.B*M
~O^g
GetCaption
j[/r;
Object
$Qx6
~N!38d
h+v/
+?Du
Y <>
:.S,%W
=\[(.2
vgIu
t$K 3
}v3et
u0Cl
fu:#
YCC9
wbd
R6)g
utCg<
jAZ*C
b5|
-8aCJp
do6T
wb\
ly*b
fb$J
Link
wH'z
Nfc'
~e7l
3kOw
qNJM v
by+\
f_2g
q>OV
IsKeyLocked
$KYhX
$?5C
#v_d
.l*$
2>H)ak
~HZvQ3j]
4\~<
E4BW(
jdTR
42'U
{imM
'+KG
'{XL)
_,f<
7@F
System.Text.RegularExpressions
aNJN
I^U$
{`p.K<xE
#haU(
K% |
length
8k+8"
0^SQ
'j/Xe
_3 z:
2YN1
7Pt?$C
c(:
e[*M
+U(
GTy;-C
n6E
_,fg
>r2~T
Av=s
C)Ci
+~$U
compatible
wGHl
c0`ph_
bvfj
Zero
|Wvh
'N&3
si9@
%A} x
t. *
rBy@
gD(x
zeDp
A,m8
s&Ky
"4_ 7
zo Gl,_
6 \z
JG'iq
A6.b
zFd
c.&&
dwEE
UE^k
Nf@-
-PH/
%A..Q&c
]FBp8
System.CodeDom.Compiler
z% ]
`ex4l;
yO$=
fiF&
*3If
get_Current
KjWM
JQbG
~Q+XGQX
VmN0
6Nyd=
QP^)
s+o|
$@j\~g
FI+
j{*Da
{{wj
`rRb)$
t8_p
|)/1=
SafeHandle
}<dt
`?DS1
L64P:
| k^=
0N$mD
L :m
ClipboardLogging
lQHjy
``h1
U={'
[?K"p
G)$)
5>r u
O{35(
#'fF
_EKe
Vz-&
p<Y=
P.dM
F;1X!
=\F-Z
Arz_
n; J
G N* %g
zp5Z
F rW+vY
hF5O~
5}zQ*
A-)K
t7_y
JPVxI
Ea%Lz
q/VC
SHhl#
JLAR
YWB8
UVw
UR<r
5d ?
^@6Q%
]^T 7
o9`n
p2~gZ
^|h;t
c!hL>
U< y
k 02
yWFZ
k<Ta
OutAttribute
;D4Y
SetApartmentState
!nx>0(
De}>
b54R*iw
'4U7
0-UEi4
GetTypeFromHandle
IAsyncResult
+6D^
{Lkj
0 ZX
. \i7X
Executable
m6z):
6SLDwc
1C%b
GetDelegateForFunctionPointer
L |RB
TMz!
F*ZW
fY/'
7qu(
|zrO
,-G;e
S3ah
)p# :
w!p)
[fwo
AUEO
xkH(`
GetProcessById
=FZ+
CK]+3f
&m0D
System.Runtime.InteropServices
&V;S
mUCP,\
)T2g
ApartmentState
}zWt
]3 r'
>uu'T(
aoGJ
^}p{
g YOr
2mM;
System.Runtime.CompilerServices
e[% r
Ql.AY
/I9
%N:
fKrHo/
7`t"]
0s+!
lOsC
4 B!
=.Jqk
v.8o
jZ=t
z CyH
C3-\
o6vHo|
,PMC
=_Yc
bwD:
[A"#
J'Y,
P6>ng
:r}}&
7`q
,*rQ
System.Windows.Forms
*;%Z
&Zp$>#Q
:xuh
,\cN
!s_
9Ly-
@Vg{
u||
cD >
u\Qa
hC/.
Mk?)
y p2
'P4E
[El9G
-S7PK
_hB
/i+7
{`y[\b'
rJ'FB2
+MxP<|
Y1u8
}csA \~be
Mf6j
V0t!
} *
be7|
s(d'
N=0Q
;'CI
V#z
}7 ?
g Ywv
,~z^
UPI/
[HUv
H2R2
%iwrr]
n'9*O
L,Y-J
=jh
2uT0
+Ab
9pEn
CI\I
bufferSize
bk6n<3L
XCrik
@ti7
'Ar!
e$ii
O$T
yV {
cWdU
k 6g
n4h
:B[W
*\_5
2l@D4
n.;]
f5C#
H<7y
iz\w
:]J
get3
65r
:!{D
'E:l
2)|JV
2cWQ
"5[bG
OC}6.
\E$e?
6&3Y
Z P<=
6/X
BG{R `/Sb
n2zw,
EPJ*
YXKS8
# n2
ToCharArray
5l!U
R`,N4
_zP*
T m
FwkC
7Li6
ZmM4_c0
%W0J
5tz9
0Xg6
w-iO
pl"W
_Ey>Y
vrEG
_zP
,GmL
D cC5
Encoding
jtac2
qMM3
M%K8a
zKe
0 )a
+W8w
CtS6
PMj0
TZa[
0@s
fw_I!t
@b1t
"4wp
o@zj
[ >V)
#e(/}62<
3, p
`'*}
1USB
Acuq
m]OK
],!y
+T5
1hS1
vvqw
7#kR;
w7Yq^;P
7~G.]
z~/
z~,
g2.*
) '6
Mt7H
&%
>P|/
z/Z!
N%-v
)[IA
u|[k
XGS|
Wh9Gxb
&mz}
>^jF
ik?|
ToShortTimeString
#Sg@
:rL,
i u=18
Ls#Z
f`|7
,-2n
u1{]i
NSa"
t<'[
{*3\
J7BI
V~%5R
|_P9
]OJP
System.Collections.Generic
LoadLibrary
J #c
TB,Rl
uCode
Aw:
o,l
d=]Ce
Wwr_8#
aFkO
M#+:
$+&Q
Z ?w
h3`,qg
_U-@
get_ModuleName
kYg
RCf"O`h
yit]d
Fw\\
3So^
hnbr>
Ur z
4.24
ALs|
`Tu\
xQs5y.~?/
prk
StdInput
DebuggerHiddenAttribute
aYFE
ZWDDC
g&M
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-04-19 12:52:43 2018-04-19 12:55:43 180

6 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-04-19 12:52:43 2018-04-19 12:55:43 180

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\yg_kenal.exe.config
C:\Users\Seven01\AppData\Local\Temp\yg_kenal.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\yg_kenal.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Users\Seven01\AppData\Local\Temp\yg_kenal.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\ProgramData\Mails.txt
C:\Users\Seven01\AppData\Local\Temp\it-IT\yg_kenal.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\yg_kenal.resources\yg_kenal.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\yg_kenal.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\yg_kenal.resources\yg_kenal.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\yg_kenal.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\yg_kenal.resources\yg_kenal.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\yg_kenal.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\yg_kenal.resources\yg_kenal.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\ProgramData\Browsers.txt
C:\Users\Seven01\AppData\Local\Temp\yg_kenal_lng.ini
C:\Users\Seven01\AppData\Roaming\Mozilla\Profiles
C:\Users\Seven01\AppData\Roaming\Thunderbird\Profiles
C:\Program Files (x86)\Mozilla Thunderbird
C:\Users\Seven01\AppData\Local\Temp\yg_kenal.cfg
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\*.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\account{31EC9AD6-5786-45DA-B15D-2E72FE116045}.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\account{52DB1739-8CA0-4C99-9EE7-FE81B5E5749E}.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\account{B6C15F72-0649-41DF-9EB7-057A27B89428}.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\*.*
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\Backup\*.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\Backup\*.*
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\Backup\new\*.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\Backup\new\*.*
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\Stationery\*.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\Stationery\*.*
C:\Users\Seven01\AppData\Local\Microsoft\Windows Live Mail\*.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Live Mail\*.*
C:\Users\Seven01\AppData\Local\Temp\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Cookies\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Cookies\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\History\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\History\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\History\History.IE5\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\History\History.IE5\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4DXYBRDC\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4DXYBRDC\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\K0BMY8DM\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\K0BMY8DM\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\NSXL8QLO\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\NSXL8QLO\*.*
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\PAJSDO3I\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\PAJSDO3I\*.*
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\*.*
C:\Users\Seven01\AppData\Local\Temp\Low\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\Low\*.*
C:\Users\Seven01\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_10.0.40219\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_10.0.40219\*.*
C:\Users\Seven01\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219\*.*
C:\Users\Seven01\AppData\Local\Temp\outlook logging\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\outlook logging\*.*
C:\Users\Seven01\AppData\Local\Temp\VBE\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\VBE\*.*
C:\Users\Seven01\AppData\Local\Temp\WPDNSE\*.oeaccount
C:\Users\Seven01\AppData\Local\Temp\WPDNSE\*.*

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\yg_kenal.exe.config
C:\Users\Seven01\AppData\Local\Temp\yg_kenal.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\ProgramData\Mails.txt
C:\Users\Seven01\AppData\Local\Temp\yg_kenal.cfg
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\account{31EC9AD6-5786-45DA-B15D-2E72FE116045}.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\account{52DB1739-8CA0-4C99-9EE7-FE81B5E5749E}.oeaccount
C:\Users\Seven01\AppData\Local\Microsoft\Windows Mail\account{B6C15F72-0649-41DF-9EB7-057A27B89428}.oeaccount

Write Files

C:\ProgramData\Mails.txt

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yg_kenal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6ea2e20e\6fc7460f
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\772e8a26\45727009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|yg_kenal.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|yg_kenal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|yg_kenal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\772e8a26\177457f1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
HKEY_LOCAL_MACHINE\Software\Classes\Software\Qualcomm\Eudora\CommandLine\current
HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Thunderbird
HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
HKEY_CURRENT_USER\Identities
HKEY_CURRENT_USER\Identities\{141B4688-D8D4-4AD1-B583-99828374C040}
HKEY_CURRENT_USER\Identities\{141B4688-D8D4-4AD1-B583-99828374C040}\Username
HKEY_CURRENT_USER\Identities\{141B4688-D8D4-4AD1-B583-99828374C040}\Software\Microsoft\Internet Account Manager\Accounts
HKEY_CURRENT_USER\Identities\{141B4688-D8D4-4AD1-B583-99828374C040}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles
HKEY_CURRENT_USER\Software\IncrediMail\Identities
HKEY_LOCAL_MACHINE\Software\IncrediMail\Identities
HKEY_LOCAL_MACHINE\Software\Group Mail
HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
HKEY_CURRENT_USER\Software\Microsoft\MessengerService
HKEY_CURRENT_USER\Software\Yahoo\Pager
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL
HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\Identities\{141B4688-D8D4-4AD1-B583-99828374C040}\Username
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
kernel32.dll.LocalAlloc
kernel32.dll.lstrlenA
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
shfolder.dll.SHGetFolderPathW
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.ReadFile
comctl32.dll.InitCommonControlsEx
shell32.dll.SHGetSpecialFolderPathA
pstorec.dll.PStoreCreateInstance
crypt32.dll.CryptUnprotectData
advapi32.dll.CredReadA
advapi32.dll.CredFree
advapi32.dll.CredDeleteA
advapi32.dll.CredEnumerateA
advapi32.dll.CredEnumerateW

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\yg_kenal.exe" /stext C:\ProgramData\Mails.txt
"C:\Users\Seven01\AppData\Local\Temp\yg_kenal.exe" /stext C:\ProgramData\Browsers.txt

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-04-19 12:54:20

Detected family: #Razy

TheSystem Itself @ 2018-04-19 13:00:02