MalScore
100/100
MalFamily
Ispy

vauchi.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 11/67 Related 2258
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 375.00 KB (384000 bytes)
Compile time: 2017-06-16 16:03:57
MD5: 09d18ef22f72390eee7cf4e10be20f89
SHA1: 2b94ffe935ae36a3bc8a7901dd11286f8a0edd83
SHA256: 9710146512a577e3a1c1c5c2e37fec7b00c77b33cce4a4af53fd624e79fa9ba8
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-03-26 22:15:10
Last submission: 2018-03-26 22:15:10
Filename detected: - vauchi.exe (1)
URL file hosting
hXXp://emifile.com/frak/smit/vauchi.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-03-26 13:22:20 [11/67] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x5ce44 380928 3c0ac9dceca4d33226fe2bf4814a4f02 991f31d3ab69e96f0e67f959e047ba5d54906d42
.rsrc 0x60000 0x628 2048 0dcf4e5893f21881356ddfa1d65f4584 f01fad7d94a085b2e78e269b6307a29cee6eddf3
.reloc 0x62000 0xc 512 be604acc1a5c7a89a9569e2905bbc009 8d258eb2f904ddb84a754b32b0558b24aba66e5d
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x600a0 924 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x6043c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 Werner Enterprises Inc
Assembly Version: 0.0.0.0
InternalName: BAWCHINY.exe
FileVersion: 10.12.30.1
CompanyName: Werner Enterprises Inc
Comments: yx323r0fvyi
ProductName: Custom error handler
ProductVersion: 10.12.30.1
FileDescription: Custom error handler
Translation: 0x0000 0x04b0
OriginalFilename: BAWCHINY.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
10.12.30.1
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
Assembly Version
VarFileInfo
Comments
000004b0
5fc748d0-54a4-0234
BAWCHINY.exe
5fc748d0-54a4-0235
OriginalFilename
5fc748d0-54a4-0233
ProductName
10.12.30.1
InternalName
yx323r0fvyi
5fc748d0-54a4-0230
5fc748d0-54a4-0231
5fc748d0-54a4-028
5fc748d0-54a4-029
Translation
5fc748d0-54a4-0232
StringFileInfo
5fc748d0-54a4-020
5fc748d0-54a4-021
5fc748d0-54a4-022
5fc748d0-54a4-023
5fc748d0-54a4-024
5fc748d0-54a4-025
5fc748d0-54a4-026
5fc748d0-54a4-027
LegalCopyright
CompanyName
FileVersion
Copyright
VS_VERSION_INFO
Custom error handler
2018 Werner Enterprises Inc
6Q"
5fc748d0-54a4-0218
5fc748d0-54a4-0219
9]u
41b9c748-8ffd-4a23-8937-49facba86817
FileDescription
5fc748d0-54a4-0212
5fc748d0-54a4-0213
5fc748d0-54a4-0210
5fc748d0-54a4-0211
5fc748d0-54a4-0216
5fc748d0-54a4-0217
5fc748d0-54a4-0214
5fc748d0-54a4-0215
5fc748d0-54a4-0223
5fc748d0-54a4-0222
5fc748d0-54a4-0221
5fc748d0-54a4-0220
5fc748d0-54a4-0227
5fc748d0-54a4-0226
5fc748d0-54a4-0225
5fc748d0-54a4-0224
5fc748d0-54a4-0229
5fc748d0-54a4-0228
V@.Q
e028c7c0-d4ba-7c
0.0.0.0
Werner Enterprises Inc
ProductVersion
wV`0"^
'u(:
kV+D(
&]/+
qu=y3
0tV/B
_Whj
/|BP!
YwQe
?(sip
U.<!5
M<ok
GVCjt
3@yuZl,Qh@
[}/j
G7|V
{8<l
:Q}#r
t&fnx
PNG
qf _
L.H'l
&? I
Djj<~
KoiWw
:yKr
i|U)
'w~d:2
nrS +
i3 1<
ZEm
|wzJK
9@V;
8"+)K@
jJ8ch
29ME
kQ1D
,2\;
Eb|r
qrr9W
?*^^
<43B
5)Cj
0 )o
=aE\
+HXq
5HHq
W\>4|]j
M*i
X#*_
UnverifiableCodeAttribute
8Hzo
yj"I[
;G5JI
|6XPx
Q&GW\
{Pmom
mkHI
PL0c
bs t
fL L
~3i<
+wey
6ct0
iT+6
TQ{`
&7A{ng
j_$b
~pz;OL
DS{L
add_ResourceResolve
c,EO
&>)I
-G\o
}ei,W
?,"u
HXt[
-G +\
F~FJ
2tRR
\.N3
sVWf
KKA7
t -/D
.r?S
T :1
/}i3
<Module>
2Aw
4&k+
+%G8
&mno,
y8/u
1Y/N7
/ "s
7U\I
V8?[
tH#Z
fSk,
\@5$J
@qj\
SIbBA
eG7 +w
>< )
*p4Sa
System
n$om
#uZ[w
_CJ~
2F? j
1 o<
@ N~J
2LK^
%ZfV
z/.-a
mC4D
)5&KC
.cctor
^$s{
pO *
#~Nz{
!;tKH
3Sh5
` Mk
jZ7O
#/.F
=B!\+5
hA&C=
sz!N8
s`!f
Lvr5
8<8E`
Iy'xw
2hGu
^ucI
Efhw\l
~?m(
]MPpu
8|J)
<B6NE-
_ #L
O0HN
Hbz`
d6MzE
kqEw
FVN];
B3`;
6syz
tt)W
Z gT`
av ?
v 1'
LHkU<
>-pWt
Q|%a
L|^j
A)#~
2\;R/
V@lwl
oVVrCQ
+fxt
o~q0
'+2G
5>Ug
G0,
jTci_.
Hd^)# r
"I3lK
kD[2
}rs;
z\T<?
SZP9$
z=UYv
TI!?
0@||
na7 D
JArV
Write
|v|d
5V +7
7vqy
doC$jm
JYQQI5
f&O%Z
ZL$N
,*/[
] 'h_
ZZn X8q
CKJaB?6H:7&
5EAYp
OTMN
%*4L
=f@'
N :4
7~qW
= "O
AssemblyCompanyAttribute
f6UK
AY G
Ns)
nT m
\l{
Q94o
P`rT
?,T\'
^>Ov]f/
?A{8
!74Y
t}H$
7m](
rOyv
P)}@
jrU{
M,p(y
m3`^
t- r
d ed
|VTS>
-O:Op9
:,i'hr
F.NzN
[A:"
MH~'
+49i
F-#b
HB 0
\l
<kH?lq
p nu
qxk~
98,
[qAa
<a?C
-*WFn*
!5 @~
sMC{]
Mm/P{
J8Tq@
@f53
U'\v
|v-
N]dH60H
[](cC
A9XRA
I7ilQ
v2.0.50727
5,hO
PuO]
Z$q3
AN/Qkm?
Mx$s
9&HR(1p
DP!A
) [
Ognx^
4)QK
fM#fX
wQ0!
M\> t:
~Y)B>
.=]\
T)]
,(@U/9
'*0z
x oYM
TH:3&|E
2G)6
h+ez
U],e
5N[|
q5|g#
XYnP
[{{g
@PX
AA79D8F82AE72A99F90BD57F09E3E02B166C1F4A
eE^h
Tjjs
T8MV
?J ]
<DZg
7Ee\d
{ a x
dwqa
(!d?&)\1
*N=:/
&% q
[OC/
#(,&t
#LBa
sq=FPD
kaoB,
S"z
RWDW
7+"t
V]S()
|kes8
=G)B
Hf@1
CA^&
]Q9t
S~!#
n(7D
P1dE
/|<W
get_CurrentDomain
5V0e "H
],
set_Text
r:Cm
!Q|q
0kY
QU';
)5}!
aLM,`h
fN =
R9;V$(_p
Xo D:W+p
Tq4E
n!tQ
fe/qc
EnableVisualStyles
u{[l
i4lNm
set_Item
TO89Y
|8bl
W\)6
/U%V
`"Vi.),
:e #S*[
>$$$
#Blob
Control
d{|UY
]]j?
SU3I
jWhN
j*,]UTg)\
af4
QXz@{
mV3`L
Cci!Y
NKpL
*w^)D
7O/M
" )Zu8
ok B
`1gR
P .V
~ZgNk
v>&0p
1(eK2\L
}_>52
O[od
X]O&n
qP[id:
s=Z*
AssemblyFileVersionAttribute
'zp!1R
lK"N|
bE-Y
h4>X
b {5
|T0`
! )]7
.puiz
j f)
A&Q
FN <
Type
8^{
qtuA
/^=l
%?2G#
Gr,h
G hH
UsfJ
i.+d!
UR7;
rEI$
K&+Ti'
A8@ V<
DhLW
wtl' ]
` ls
System.Text
hp=Q
"C Z
J8SY
k%T&o
*|R9
ZH7(
D7+
g=bl
Qx^D5}
m[_l
_d5 7
a"T
N=#$
UiwK
1\ 4
wgN^?>8
A4|v
IQ)
/fNV
&k33N
yJf(+
0^VJ
9 ql
%E|OOe
1y |
ILS5
@HlwV
pSZ[
6T|@-
bf"]S
FW M
Vw\f
7Pox
&>7S
2aa'
Jx+^
Nmm+>
yK(z
_m7
&Mjy
Y;n>p
K4!Sb
BN:@/`
"!}@C
sC K
w96#
|mC(V
U~-^
Cka8
9J tN'
A)+Ej
nN\_@
~Zdj
2J0c
0w^H
get_Name
`~Jd
X[!/a
System.Runtime.Serialization
,z&?
+Og?
+ Vw
zI
h4&w
3p 6
c /8#q
]MA=
q/uZ
>vIr
)xj_
5!#fv
6c+3T
X,%'
zmza
z #*k
_QkI
`ZU6![M
{B}5pK")
Z~lv
ke*_
[ Y2
c F
u{al
Y!L[WYm!8
&:{=]S
W8Y
bm]e/
6WAD
&s8>4
nMQ2
3n*v
&lS=
huCM
Qa{1*q5
"r n
#!1R
1A?"^
23,>
!sA!
v4 e
3L\
:e^?
S]Xk!
SA )
=0*
WrapNonExceptionThrows
64(eWT/)
iZl>
sPI%U+N
vC^)
q-9-F
6sx9
VNFx
hb!W
],L`R%x
!a7)
I."[e
q 2W
9U02
Dj|dd
-&>v
-9neJh
)YGz
S"kY
ln8b
`Zsr(
{{md
n8q7
p6s<
GEJ
sS L
!: $
$eLJ
(%0>eP
5,tO)\
Q''^
4 N%S~
[8 c
System.Configuration
Y!Tj
r 0*
pbl?
?o0-.
5A<m~
.a+"
&LFl
/J?W"
36>
L 4@(J
4a.k
}<(z
"NhR
`qh<
gKS`)
]Xn"
SkipVerification
VaLZ
cLbl
4gE+
LRF
z {F
c2c;!;u
Zv5+
E;5E
MIM.
%,7Ne
ovmn.;
Z%pW
3eUKy
Monitor
OWpY
4,X
W F5
G SN
d,i4a_
e5|(n
nI]*
kp _
'@&'{
y rI~
-II_:
Z/UiD
{N|<H
;zA@@
O5 -
)pS[
=fgs
fa0u
T}=y
zS^ANH
M'5t
fN^N
]_O-
`1Xr
bfJ.)
|E>F0`
+`nc
n{5ZMy
LMM1~
slmSI
J\P@
O!M5
RuntimeTypeHandle
\, j
|`v
no=sAT6
?SgQ
![0o
:RcU
1FhX
>> dt
vUf,
.5x/
_{d#
P '[
sie3
E` 0I
`.rsrc
DSk
e0M'
4D;!+{
QV+w_{
y"kzld
ReX]
r mv?E
(*3M=
k'e~
yy5
~5fe
6\R~
get_Default
add_FormClosing
O2\h{r_
,uSI
aNL"Ld
NPp
u0xO
)qu%G
*h\ 8fH
u /0
Uu'o
9WxScm+!|
% (
Y!~Z
59jI
o,#|F`
P}K?o
2Gg]
q;bl
iX6>
W"ix
+j'0*
Z#3b
C}qn
}f R
/' xP
~ee$
4r?(T
9OCW
7B\H
m 7D
}iGn
yaXV
U?,F%.
V^~m
VTN#
8 LGZ
c#@*Wr
c]\
( Sx*
Ds S" 8
X*
$"[$
:[NR7
a^^m
4 =:
-cqI
ghr$
.ZWm
*a, ,|
^,][
`W=5Q
.>^)
}/J ae
?S`R(=~
/p$
0/ #
z&%n;
$TY>
Rn"&'r
l9j
;?I9O
FAiH
aEZ\
z:!r
,7mNnJ
-^Ge
n.f\/
Z&7#
ZE19
?#q
%u3^
[O -
r YwOa
h?[:
Ys[
;*\
Z !Z
2]hbaW@
!8GnGS\l]
o*A/N]
S=>
br+4&
e&{Y
1NC[
\NYd
^,S1
FormClosingEventHandler
f+M}
z0K;1
<.Y,
7Jxk
=%6jI
kNke
$J6}
<}=Aj
+Ov(
. 2E
Bv+h$M
z@H3!
QhJ(
%Fra
{ =^k
iW ,
>C#_S
lQ@=
<da2
~Em
7c(9I
C(:D
,fwz
]7Ax"1p
C mI
QIvW
>FNoU
*9+j
2u4E
>2lQ
/L}1
G9]jz
v`K~
nfgxjkx
`H|]
0n08
pk^r
s`'E
)Y{\ A
#^~>
)]9d
U#cs
'kis
T5S3
*ANeA
|oWBD
2hpL3|
y^J/
E.?*
'z&1
{N i
l:Mt
0v j
FA-0d
CSdYv
d[rdY
TG@RL}=
,w/J
WVQl
w{{H
>sH.
set_AutoScaleDimensions
.jw;.l
~7&^
Settings
.^:O
IPK&
q#uv
h0}Y`# 0
{1v#
4m\m
^Q7g
f_z(
lEeR
bdoy
XUU$
"];K]
1j#@{d[
.9 T
J 60
]@}r
#N!iJ
.}"`
hPfS*
TE1y
5&q9Z{!
J S
g5 ;g
yp0^
~u L
I NY
mJ5f
/7 4i
C)Y/
2B'WS
1~.
`qY}
.\cRAv
W(}Gw
z.uG6SEEpSo_
|(w#
;VT(
Q%*MJ
dpm~
{-A-
0#Ia
Invoke
$]F#
ZW,V
9v0m
M[%u
+iS%
System.Reflection
Eihn
&8
i'g{
nCD~
i h=E
System.IO
4Dd e~EzG=2l
kZ :
+1s8
B~Or$
ctR~
yd%5
2QoyxH
JReP
~4&_!
/|otA
Y 8i
8B$H
sBFKa
"l:x
ut*T
bRaa
pPY\
FJr>
9`Q^e
uum58
.d8q*
~uu2
/eII
a7+2y6MV
it~}2
&*86
w1Q'
M|uN
gkv)
a * M
ERj.
dZ46
*,ho
$.IZ
WN\?[
System.Globalization
&*8"
qNc*US\
RaY*
:>[8
'-qQ
`\X
V"I}
lg:IQA
&*8Q
W|rI
/K\jM
sdCkp0
&*8X
/iQ<
$G:Qqe
IHDR
>*Gz
Zs?I
28)~
Y 81
.C5P
;T'xz
UM2 A
&*8u
4Q?w
&*8p
Y=I
h%@C`
blkt,
wqs)vD
kazg
{U{0
Q<l4
FTJVk
mJJr7
&*8b
&*8c
Q TG
c.OT
E~8?
_~WA
&*8h
&*8i
cHQ,
XvCz
z%zU
NSZp2(,
3D:A
CdmI
kEm#
1=|!
f63q
6RJF
p[r`L
EventArgs
Qhi#
Application
7vIW
0uR2
17+Krg
?_*x
L_|my
98>kF
{ CT
x9
54rt*
,3hI
*s|R
Q[x -B
PKX:5
VK B
.06a
E>"Pm^
8}q4w=
EG6q
m?Lh
System.Security.Policy
V:Od2
gH _
_D%OB
$U<`c
\7F~
M$N)=
_Type
oXZ$
`&{/
!h`V
;pHiZgv
g1({
:*K-r]
pA." nr
X.+8}}
!p4:
s (
MethodBase
H~cR
f%rA
_&~K
1r3W
0]b`l
O,Y/
a+}M
|IBMT
{7Dn
wjat^
U^/O0lh
oNy)
"n,w
?6G)a
(k}~
"IB@
kxc$
eeLB`
!W}3
d_F"
}bX~
#nKc
~!r-
]oI
o5,
ilAM
uns%
'!Bv
]29
XJaul
4w'{
>m}#
>?'-
M8&mw]Z
<X^1-
d~ g
YRj:W
fX_|
$uZm
" 9^z
N~yVQ
erd<
&i<$
^FY$h
lL~ M
t+kF
5 b
)~tO
w`oR
7`{\
$h3kVHS
\@`W~
px=?
Fuk+a
@{u6un
(axB
7;uuQ
cf 't
C'-{P
/qW
-j!r
uuuc
$ 9f!>-
DGO=)
:U*_
" u#H0
ANj0
>4OB./
P(oB2
G})"
k8D?<o
J-AT
n PZ HW
$c.W
`Pzu
V {0
G~~n4zN
iC"73A
;*p ,
,{c}
n_b
INd=
ja-h
~zEl
$l=<T
j]N@
mORi
nU?QN3
a'
Pyg8Y
+$ E
!uw`
IDAThC
%p)ku
81]~q
GB3J
bRYH
I>Un
HXiz
m. Bn
YtmYw
j3:6l
dcE+
B[UN
AssemblyDescriptionAttribute
-o3+
F? hC
]{_z^Z
??uN
?uG/D
p$*[Rt
t4/kU
2tQ<
2A9n
xa<n
&p28
$H7%
#+hU
#U H
6j SQ
oB+0
&cSa#j(
JIc*
]!e{
HpiB
p2eIku
:a W
yp!b
6z#;b
:4"4
'+PgI*nI
%+Da
C TCq#
6W ~r
a@<>
a^'
mer3
Z!4
c+5sv
)?t%
'@>w
8>%
Vkn/
7mn+|%
YCR
i14h>
Array
String
GY,7FG
n^Zf
'm+H
xe<3
>Rbm
qsgy
%AC6
w Rf
}\(N
K=\V
b *.&^5
,Qz<)
System.Collections.Generic
\alK
BP04F
Y 8{
-gm 2
:sj
U\6&
|*;a)
f[eZ
jpuWJ(
OB
E (,N
4Bb`
09?!
zrYN
va #~
Z*D]>
%7nlv
-j'ZrQ^
}[w
.mw#$~
ContainsKey
<jCQ
2Mv^
"*m~
|>SG
w6] oa
zG#k
'E(
d~w (
S*~z
h2Ex
G6>\
25.wS
wblw
bJ6g
[ z
bo*n
7d
(LEX#
DO C
[i*n}
# nC
Z A/%$
Pp<t
Pu)s
R+na]
Mt=O
jd(
<\t
h(Y\}
QT`5
%OaP
2r0i
P?`\f
T9HE
a3J$
ur`S
{C%
>0#*
uuH<
! h'R
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
[SEY Y~Y
_;dX
R>>i
A@hVa
UOry|
fnkj*y=
xg*w
2#%{
\BTn
U*-3
AWK
RuntimeCompatibilityAttribute
IQu*|#
x<Le
P ySo
Fmff
<&45
set_ClientSize
k BZ
P~s7
t pjk
re73
r_ 4
#{ZHc
+tyVj
8D(
J+\P {KS
][[5
le?]
_2,fnj
]}.d
HPbG,
&tA)
JKB
L5+[
Kb*5
Anx?G
H I0?
>dg]%
Q73h[
6X<P
% P
Form
y{Ye7
e*2o
FLA?
fFszM
^g*=
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
/^6Bt1x
NnX*t
^?XqP/(84
@[ "
WqIDB
)5HrB
I{0u
zYi55
sk]~
Tz"S
8Cd#
Y4-x
pBCE@
r2%_lh
u-kn<s
JSN3L
R <F)g
oS Ja
;*3w
ncQl
..p)
ftv0
q1>P
0)Ss
_)^c
-4)v
p0m):U
l|u3@
M/l2
~k94
0;Ze
>2pM
I("A
Td{(
;$*e
kJoG
C)]ll
;eR(
(2jd
7ZB}.n
9:7ik
V +;|
Fcz9
*9w N
\lk
0%2 rL
BJOx
n8L<\
WHvc
n~h
s^HE
CmhsA 5
%<w6
SE/e
j (
InitializeArray
7C}o@J
zU%g
K F^G
lDC
wGX+Ai
9G&/$kg.c
";XC
oSf"?Z
vn{m
!Z"-I
vTq-#
ox"O:
qmOj
A:bl
.(8(
t
nL -
Q`zP
#Strings
Y.'1C
V ^9
VdW*
set_Name
@'r4l]
rVOn
Default
nHz9
mMqi#
ZPBG
hNK*K"T
iZ`cj
-]s'
)u},
+,"hG
Xi '
ONk[
W%(@
}NKp
z6#8p
c<"v
z lj
U7/'
P*Wt
s"I(a
t`b`
k:PM
Y)NP
$ce
& @[
o: n
System.Collections
KR*j/
((va
W S._
c)wc$X
,e5{
mYUJ?M
wo )<
_i&wO
Ps4L t
;ja8
A^2.
i%*A=
<Yz_3
ResumeLayout
J/B'
2H5X
b*;i
;Qun
C{*f
*TF5
IEvidenceFactory
x] !
Evidence
(S4:
ZJH(=H~q>
-j6.W
q^40o
ValueType
x x0Vv8a
wgPhW
?/ G
System.CodeDom.Compiler
*vt]
GuidAttribute
+<)l
_nsO
f^Q1W
~ 1x
lei"O
N2"Hg
Pnp8
~ ={7v
a[U~[
Y"v$
>*-KY
cQ{q
HYGC
N0[k
$]iz03
SCmF
5gb7dO
1'.+
=\R$
Gx5,hv`q
R*w2
J#BK
J/cj
|E}e
_QBY
8KJ
?.(!@R
dBn:Q`:
h
$*"|y
Jx0;
\ tF
H1i0
[3192
~iBN|
^'oI
IEquatable`1
Z{!6
ZvgI`
J sA
h;G%
&m(^p]
dl#
6%V
myNQ0
c9pFjXD
x9x
8Sd4r
k]5?
NT&L
V/gy
c `+
(`/v
d4-K
hW3oa
|&nQ
sNllr /
8aC@pW
'4?B
(x5b@
2uT@
L?*k
5*\Ku
uRZ0g
=w+rg
GO^~
j `Q
yz j
B]*4
;]
?bKC
eUxN
Q( EZ {:
PEJQC
_!CSE
(F I}'SK5
K4zc-m
rWEG
Ah8=
ToString
o3$
{IuD
<YNF
,;n'
Kz%b
eHDo/
X/UA
iq0F
rpA<
X#i%1
o)fj=
kgx=
!G[I
g7u7
}cUS
< _L
qWG+5
L>8I
qIzUZ]J
W~g@r
=: V
)9wa
v P
0|i8
O+ZT
3eeH
UPQ1
'IhT
ZNbs5^
1 t1
n[1H
#IXg
-=anA
kl2U
~Kv { h
(uFdNA
b>Y
-Nq`
sH}u
#I5g
dM6&M
[Quwx
iRn
`JS
#FQV
?TXK
(3oI
MQHS
Um2U
lNZx(
]UQ-
v=`
' $H\
UlB
bfqo
6,ARH
\fvX
Dyza
Isd.
2 rT
AppDomain
W*hRR^_
AssemblyTitleAttribute
}jJ,9
eH%e
,OA8n
` KN
lC>P
B(YZe5
-y0B
j`R&
>TUC
M}Af
z;r~
mH9i
sHos
qAiUO'j~c
Tp/
hC'/
TJBsl6{
F)H?U
.a,.
}HS>
=13t(
L#W~X
7SU f4
B[G]
*:s)
=V<M
GY8wF
C<#Wy
add_Load
.L6)
cS 7~~
[ Y2
P(J f
C|HI
.K t2
.Yr.
+1\/
0z)
i1 O
HLw5
gO]~%D!Qx
_a|H
,Ik}
MLa+{
Tp$&Jhw
A6{J
;Ij-#
)L}&
?6s^
?,ML
d@,
\ 4
`;!s`n
ic 9
3'tp
aYC5
}`W
dd;V
Data
NU\:3
Nhx]q
ta]8
"1<o
TboL8
u7. &
jZ|2
2`)m
"^aY
c[%
M@<M
_P/[@+
d%\CC%@g
fEik
GkUo=
y)U]
Q <_)
whI-
(Y6R&
L~S\U
YaQ/
5}SJ(R
QK =v
}GYq
y0L>
^eCm=
pHYs
.ctor
M'8_
M*f>F
?9H~
=Hm$N
)NO
y#bx
qi0a
qwgSX,
OTx@
)SF01
Gyd
SQA)
|zN k
XPDh
}}#i7M
#"wK
(u p;
K\n]
*B0K
OW;r*t
c{
90c"
0aD_
M;[l
H}py
x5"k
I =G
'a)|}
N|KIu
c}M1
h*I
3s- :
E~SEf
#)XA3
rL-q&G
pR-w
+uB-
.cIIl
/H<yt
6f=
[t'$
Ve2(
B.FE
Og]8
NmM
z_W_
[rEB'
^* u1
[#v#
~N'V
&Z15_s
Qh}L
GetTypeFromHandle
H {s
j \(F
N]nSI
c Fm*#
!l|FXL
zc@S
we9L
UbV@ .
y4w\b
@9}a
k( eI
j_!hf
4b!h^3
V}M8
i4{h
eaw b
M(w:
/A'<k
#"w5
>q(+
=s #
h_.G0
_;-a
] Ll
PCQf
W37G
`YPj
{6',
8|p
cd0V~
7bj}
6snU
nfgxjkx.Properties
qIkm
mr"y
RW 6:
,h^F
@.reloc
9Vt]
2Kq OPj%%
2h( !
2FRt
dok3#
PHt
sgQ_
e?>u
CU73
2nxJ[
;.){
sa7b
k bl
oQ>,T
mc\~
c<fx
p.>e
-{ 2
m%]gs
Km
^"zD
&+cUK
$9ol.P
<0\MF
>mi:
S:8,
1M$$6k7
%XUU^h(
5 st
?blw
F"f-
&*j|I
f+0?
= `r/
f]or
1Ojo
H Fy
nv_R
b W
G7B
_?)4
dBrr
;ma>
$W,3
NMOW|`
Zh%d
mlvF
U |M
QURJ
Y 8~
V==4
#+qd
YlNu. V
Z'f
~Jhhq
jU,6
HL/
P8HM
LJ2}A
dmnW
vN#L
+ W#
Y 8@
Pl,h
"ude
p.*,cKD
==(T,
^I1vC
C)\?
y{1DBR
:,oc $
EC^[Y
^8mI
Y 8T
=.mn
> pO
q*!!'
w& d
~<h
U4SE
Y 8f
<a:m
O cP
Jig+
N {n?
dI5v
_*4>
g6,6
A7r~
qu?W
g(}L
d<NF
- 7Ln
pf-U
U)o~
NYi+
QgN%
fR0w
cgs
(D?#_H
;c w6v
|;{|4
JnQK
mS<+DO
%qSO
rt!_
t].T
M#8P
R}. {
6k
UhQp
;o9
#H.>
Y 8*
v{7D>
47 N
[,%O
(hx-
jE*W%
#}Ps
56{4l
R#pQ
\I97
E)dxQ
J|Cy^i
)K'Pyxs
V2p @
d2}qI
l'upi
Tr&%
"bd=
h`#M
,3nI
BjT~
bZBq
]p{91
2 egx
>f^r
$|(]
#DWF~
(pJg
x\W2
U%{p)Rf
"XZ/t
DTVC
3i9B0
F}_7
& s\j
ZC?sWW
Assembly
?b0e
y/P7
}JB0
J\ g
A|"V
N=NQ
^<0w
q?`V]
n y:v
Msg!
#%~0
1^f e
.o79
o2D/
IDisposable
# Qu
s[(
k'29
klWx
$@GG
C5 =
*62#]
fSI)
*{C07
N$Kw@
Zr_.[^
SuspendLayout
ixgR
+m7kN
y'Ld,K
NT^H
E9;k
Synchronized
^9;U
gpF7
83!(
wu(f
NnRC)
I|CJ
[omS
&Yl-
Oc' +
{\8
fvv_
# p]
m pr
<z9C
~awI
qWwt
$Zrv
\#68
4qe
2U2}
@z`b
)dR+
L^7 2x
Zdw2
ZTh'
ue~&
~'
RqeQ
OxRl
_bkY
*C3j
F8xu
n*<u
H<]Nbq
rhs{9
6Q)>
%Fdbq#0w
7ZN/
$f~9
6Y\3
]G49
E 4
4 dS
S>sL:
)p(i
NZjh
+zQZ
fu(6s
\vwt
jb}:
?O[~Qt,H
IContainer
~*tVF
FO9A
; t;B
rnR
D+ I1
qgRv
)4Sb
SetData
7gT*A
X"\u }H
7fYYGT
7,8D
r&%u x
qs c
Bn;:1
$d1fe275f-c3e6-46a0-967e-16ee067f6eab
Y:XV
'RD;I
[r4f
ZEw$)
MsLXN
c<-H
U}$==
System.ComponentModel
_ 9g
RuntimeFieldHandle
D<:
CZbU
E2&]PM
mcX$f
|i2'
3)->
mB+f
bk*#Y
^CroQ
Ek^F
<O"k
km K
{ [v
ZjJl\
z8[J
<@Fh
>/ {
BmxzY\
h R
7=C
;:4Q
Y<88
P]\;
NeA?)
R`3'
UJ!+G
;T \
X C
n..4
?^!;\.
DeflateStream
|TZ;_]
vT=
:iB~
b^U|
8m"v
ZehI
&NuA
LO|@a OG
l4Ds
gOG1
X &
2VZ^g
:^E,
)ny"
S}^k
]X_H
Bl&!e
L<D<
.1-M
D3<"5Z
mOW
)Pnm
p0?|
nji8
}&+k
5
p yN8
(r.~
~It(
B jl;
" Z++n
3]am
jck_
W bl
$Qt<
-mlT:*
_83f
]Om\
8mUr
~e-m
f|Cgj
by1*
Oep~
5{eJ
yY*
u; q
kr*Z
ContainerControl
n+s^#
xn(
W Dvo
^>=d`9
;)U2+.2
)%i&,
[6mY
Kl1P
3J6>
+.GB
`=Ek
TOi_
q>#3
XmZF
o*{vO
2u =)A5
j+(1
$h Q ,17!
BQ1KM
5 &A
?1zmJ
fb!8O
/^To
2b ,Yd
5FsC
*r5G
-+S4g
QAEO
'Gx H
I?LD]
+A.K3
sqfAc
u Gq
Cz-%
8Vi<
bek`
-n7M=
!s+Cw
o R1
&lx4
;EL8
j66D
[x m
AoFId
4[la
l}wt(
i^]G'
n3FQ
hwxh
+p!2R
yq
f1Cz
sa ;3
?\aUq|
,YmI
71AAB
w4dg
Nf{>
AvF
_ l<
lJ Bm
hx_k
ws1t1
RB"6U
!Yu`
ltoO
<_Vz
ytYr
@\$/
.Y-D
(SGk
.%LG
T{<~
\L>
+^lV+U:
` 6T
~ KB
^Z&
x%ZRa"
AA\g
${%p
cW%
#/i"
$SK>
'}=p
_6>i%
>@2>Y
?flL
b zs
6IWoe
1w>X
=ahQ
[r Sq
78j\
}}& [
xf,$
!!@5g/`
71$;
{ n+
z*S
\N~Z
QVC@
&zVo+Zc
/nSJ+
+WFk
0?66
UsL9
[,*h~
RuntimeHelpers
e[LmI
! 5|
79@O
pw0 FV
<f T
/Z8'
gS-/
hy9Ub
d&HkJj6
Y 8a
6xMP
dRNF
@8r!W
:BX;7I
,8eVQ
mIr(
7
Y 8\
B;!!
~6i
Clw&
M( Q
\Jj}/
[LmI
[pc5
UTlZ!
eR~+
^JFP
BK3l
+di*
t}5|B
J"#j}h
gUW<,s
q-.x
qf7y
N_1)
a .,
"{SF
!XnI
2"k2
get_Evidence
GFTW`
w~w
E$5D
;x>q
Rt&D
okvk
nL>$
( v[
/9Uy
X4OD
Read
Lo^+j
0SN;
A%,N
H<9V
t`0&
4z4e=
,7o
0N'A
-l ,e
M )
bIaz
@vw$
}"$i
ye>F
I9?~e
vH`Kz:E
Mzb>
"\r'Yq
EQ#gaw"
0C8H*
,'^q
Sbn*
- 2L<S
A!82Y
DpKv
TI?M_
R|C
uTRB
]n1_M
!V`]
Ud&L
Yw)l!P
VyPy>%<F
."7@
9Wh{
,o5>
7?D2,{~
."#@ J
e"%Q
gAMA
IHT*
ZpNa
Z!ooG
6b1edc00-0a8d-34.Resources.resources
R:`HZ;
)d"wcO;s
?hM|cR01
;7k9
kGD^W
kw L9L+
,9"s
m`Eh
IeQO
s26'_l9
AutoScaleMode
>;;c
f>!QO
L5gi
XrO4
tht `d
MarshalByRefObject
: rC+
h7ws,N
pP3F
Gu|k%
zr G
#\<
q,Ri
$XK`
NKQ*T
0Tl8
!"pv
a,J#$$)
?`KGcfCdk
(=uq?P
mscorlib
{3Lh
I9B^
:-YJt
dw3.$
md^Hy
D FW
83g'
D{!.[u
qb!
[}>v)c
fG#n7
J6Y/
Ot3&
Z/bl
tbY
QGda
}bPF
GA?\
o9ks
BU/U
TAwQ
6F?cmr
yv+.
jl(A
:55
l bl
So_o
jHg{
73bO
-}V~
<}jx
~u({
|W^P
%yK\fl
G{I9
1=fu
HP|5w
1=fz
!HYL|
EEQy{
q^Qf
|g,J
YMZY
.s) b
E~1Kq)a
T+BY
mPPOy
}:T\U@
)op,
6[aW
4+>8
/vV
D;$T
E7},h
'Tza
8{>F
XjOg
h7 2
tQ,rS
=UE0
Jm|r
# >K
UJH`
%w`[`
5&+
`|0c
Z{}`q
|hp?E=5
.4wt
SizeF
a
u*09
>;De
k~w<=
*/_v
aoy;/0
X@B>
g+TG_Q
-c7h
D;P&kF
c`1x
V6BG
<\dF6
}d=N
JIBY
5)yY
ah2s
0?/3q~
3Zp<
Form1
ac'A
:+sg
,T$"
pF=g
?i+^
k2wn
!B,3Sj
K=m
<Skwg
u!XE
F1H $;d
j9,C
]%sY
&,+#
LL:5
RSjr
7P"I
Size
6jXbQ]
Append
pJ^K
Ubda-
Object
3$4=X
e lE
P=A?
1V[2
EaV60O
e# VZBa
)Nzz
G}J
\v f!k
5z;<
?al0
50?~gMm
B[=d
lCnp
bUC k
SnV_
az<B
tB7'
T8kC
v !Y
nD?R
IO[t-
Jd]:
Qm 0
1reUc
'n68
qC n
vN _
D/lv
H?n*
h*qQ
vuI"
o&\"
*>`,
-,iu
|Z0`
=Zxr%
*(^gL
~H0N
nLw'>
<ng+
Z~dM
n/rD
8%"V>A
fNQ0A
& +m
]+yl
8Y6l
(B*9
P nj
YOL&
Vwoo
h\-!)
t.9E:
lU1*
;O5U
%Kiq
2XnYT
o75$5
M~,=
GH[P
J<g|+
X!3
set_AutoScaleMode
X) 7
[jKV
5o$e
[IWXu
B'w&E3
!CJ;
F^f8}
OL/
(e4(
KBTth
Zxk&^
'NHd
%Ely
ComVisibleAttribute
'F}&
yd #
$dE9X
IL8>q<
\L"`
ToSa
,PbC
Q\pzp]
Char
Vl@8
$]d]
UF]B
g ;
%M3\
p9 }
0dK W
Iwy 6O
{J8r
WN$%
o8T
LO:1
{]7l
`= Y
uo jH
H;p2
e?D&
VG{$s(
?6/n
GetData
j@6"
_tSJ
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
Z:lufU
YDPN
Hg k
$vI/
=f_L
xlLm
M./oif
wZtpV
k=x3
xfvE
w{T }H
,,G.
y"t_
yw^8i
Dlhx
:sKN-
npgu
mscoree.dll
!This program cannot be run in DOS mode. $
WSR0c=
mm7
JE!pXF
System.IO.Compression
i3:{#
[nI
+F*>
:k;a
[ 8-
+3A'$
;?g
Tlm,
_Npa5f
'K(w
Xv8?(
[sk<\
OFB<S
qwbd
vyt8K
Dispose
lwLv
M{q/J
_|Pdw{Wj
~8XM
"E ?
5\['
p?UT42(
4X+siQ?
I* 7t
C%pw
s:.M
~EH %
ieE#
vO;P
cKq(:
Xr^6
,0A J
!Dh4
Bq98
6} 4
rc<S
%@3zOZ
^2ZV
F`Pm
+j(QG
-y_@v
05ae
EG+U
bP-[
\}os
^xz
.rTU_
9xD#
#[MD
k[[i
?^Ju
c^7'
WK*O~
Zk`>
j8r}
`;GSw
v@P
FmN~m
\qAP
(xJdK
4 pp#H
7D>Ps
"} Jm
4"uL
*0K@
l8tn
q i(ZJ
K fB;
j jl_
#haV'
[<mI
p1s@
=Qk8)
d x:
m7<x
"[gM
?x(G|
O(}CA
jWw#
qRW~
}\Nh
5oN;:2GHe
}k[S(m,v
/ At
5G&yf}
(\\V
pR&j
hw=%
DsVW
:o}=
]mMnG
BSJB
CIIE
=&%]
`p`*
0<0
{4Z1N
+6>TS1
X+3b
0 "U
eU2Vq
&SC^g|
hnnt
K T2[
` *F,
{PP`
)'>Ev
"/cxp
JM {
nf,
X"DcfI
3u\YUZ}H
,i
?]M`
80@Ibc
QcoVs
q63#
gmC?
";?g
"UwS
w~#
(EW.T\
E
#$*/x
bU\l
2g&~N
!I*U
J.l^
>=Qg
G^9<
vz+h
IA}V]
y5RI\}
e'(}
ZVtm
,tO`
lk,%
d*+&
|X c
C ]
6`ZQ
GNp%
a>.,
B8}U
l[rxL
f DS
M0.0
cgbl
[bU.
hql3
h&Lh
bc-;D
fJ7
Zy Z}
cwv#
3n-{
&)`jF
#:OSJ
H)y=
)&idL
bcXs
6o.q
@#n6
STAThreadAttribute
83Jd
qk\bab,
`Br:b
{%aqA
'mD^W]I~
VKx(>
if<d@
f}kl
Ed %
mIrp
P7_"G
w*|?
|3<
!8XU
QL'G YcS
p~ |6
7%+J
AddO
ncc~2-
Bk8Z
):A
h4h
sG\8m||F
#(jg
6SQM
Z'[y
~!09
lZbs
-Ga>3
GJBB:
ba_>
M_
n1j2
4y(t\
Q6 E}a
r Fl
;Dp'
B8q
U1tLu
{>^.
PPz=
WYT|
:#6(es4
O)1o
44T%?S
J-ku%
oo-n
EditorBrowsableState
&q!~
! _dx)
E Q\
3YQ$
Ems`L
-kdS
Z2ZT
Z/I!
Xz`
\lC+&
!9Z'
9Xn!i
_ 7
G!]%
YOd 5
=T}<
Xhfgp
,&mI
,>oz
.!3c
g Dpi
YS|5
sT9w As
:\}Rc~
&c~T
qXhk
o@(PH
a{YK
q(^3Qz
<vub
# Ru
Lr;j
iVQx"d
7dLW
EE":
Mz"$~
>,Rx
~t:d7
%4^f
0\FXTfS
hs!V
/auC
21~p
~D:R
3>SP
m5UT
'D
=]I=
+YD}
,GJS
[+F#
1=+"/b
6* Z
Jv|NP-
eu$OId
IliVdC~$
sC]L
^TTL
SL&<
)+7z=
e-=B
+T#h
(. <
_|J: a
Y:u%~
@zdO
*xX
>elG:
QoCE
$6 J
]UK)
zhjg
z`\SiyFM
dMDB.
fT?
lV;(8
i.3"O
,!&{w
buD !h
>.aF
,.<"?
9 )0
[;X/
5A p
[;X*
fgZ$s*
X_V~t;
3Ly
@Iw
btfN
uo}*'=
get_EntryPoint
{zd
CompilationRelaxationsAttribute
b!T(Y
u}7
W.j4
-wjHS#3
IK~49
f8-j
B^;%
rB6<W
I;6<
.+`
\3{b!
6|ho
lmk4
2u Q].
,,K8
~VFOk
nJ ]Q
b/]Q
"b!`<
!jVo
s)7S
cl |@
a0#r
\5)H
H]D6
vVN]
c f"d~
Tc\>
.=A1
{|]@ [
7w^g
,f9E
bgAx
FsSg
yzDC
cV4|
46eq
d3[3
L^Vv9
Ok4 z4
mbs8
ResolveEventHandler
hK ,Y
O~jS
JCya6
j-iA
hQc;
6H?]'
O1<(
cV@L
uX "
ApplicationSettingsBase
- fI
<(LM
3qS
tgWs
l31~fFr
[bkRA
#?Y _
NhS1
g/
[m(\
f%di
gzJ!
k!?A
$<7Q[
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
$(Au
pc~(
8W{
r~5
DgABc
$1r
%L=*#
(WT)
c wn
r\OG
j9!!4<
J1qi
.9i"
l"5
IwIUw\
mQ GA
IEND
2.I-
y%u{B).
D/D%SR
]5 Us
$u B
{\!1
9d5E
M}#
AsS~Yy
(70
CDT5Q
J*Y@:
RT=,y?
`Lxd
mZ2#4
kYF8
0d)b
fz,,q
*&_ @ v
w~(!>
(4J^
Lvm1
A%Egf
w(kmx
EP|L
W"Oy
K5n
>OJM
,Xiih
A J-N
`ns<4
W-]rh
J]R[&
:;qQ
=hWZ
W=-
K}uL
9SM=
OsC
$c@K
O*$s,
I? |
wv*jQo
JX|A
65v
Lx"t
,9M>
5Si6
q$^m
AA;
=q"
Uw^8f
VhaNL
d08c
.\(^
-+@
l6Ug
XfsD
W\~)
b H=
*Q]E(
ci\&
I NK
dl4
Concat
d}w
C> Y7,
<o9}
ENf`
fHc$
StringBuilder
T-Hzn
<KL|C
H-{
72b|
Cx.=
>WGn@
cz z'
"JV
dNV]
HZJL;V
feO
4f ZM
.zE&
o|*N;d
co.T
Stream
#Ry:
PbW
|\>HkE
Idr*at
uIA0
TE_B
D::5a
1@6_
W+<pZ
D~ 3
CN:Z >@
xh_O! G
7Sas
z#wD
|=[E
?7RD
>8q%
#}gY$t
, k:i
nmZi
;<M4
<&H
O+D2
V3z8c
System.Runtime.InteropServices
qrq&
/hV9
&O)
57x>S$
ZV?{
ZR?g
.EZ:
X -3h
W pu
xY +
SetCompatibleTextRenderingDefault
3C:?F
9 ZH[!
{w#Lt
kW|c
IRrO
{k(@f
DN?\
9mw_
.text
9m ?{
Q.z
Dk$O
i 9F
zx>f,
[1l^
_)%n
cY\Ah
%1>K h
$x*g
R1#n
|sg[
hbl+
7Y24
og\ie
M{tt
ebgP
RK4C
Ep*n}
.ydk
-/'CS
System.Resources
So
#p\TR
m en
..58
N;Y@)C
7 g:
L5;eUN
2WPd=
Y3I
}*e\aJ
n2!m
4E4J
xo]5
u2<M
]Iie
FormClosingEventArgs
;f>t4
W5c]
0" H-3
/2u]
Fgn_
%`}~
'C#
]z0,
7=C}
N, p3
f6 a
~#)`L
G[U#
i%O$y
Lus84s
x6d)
^3bl
@u0,
fZ{+
:!3[!
jOYs
j sl
G2P mw
U9W
:qG=2
Q(`8
e12L
(V 0
v+O@
IViZ
v\(
;r9K(
]IM!T
3U6
o^}
S;l{
%pOq
Z]2ri
-pmV
9p=7
wDC\dR,
j0Y
/7gU$c
+13k8)/
CO*>
:cTI
YlR$
_ iI
<vtd
aBKf
uPGa
qRg,Wy
um w
|y>/
`tl<
reZ)
ResourceManager
#*Nm
-`s<
3<i}
&>F_
f7z*
CAdPZ
6\>t"n
c ?v
d,ha4
@CXP
Q0sU
~S?c
+\0W%
GetExecutingAssembly
u||d
`?gg
kYUdR
=9bq
e-FFG
usQyMC
I6B4
N[6~
dw+Rv
J 9
;u^h
RV7Z
Ua|*
Qqhe
$(PN
PJ)F8@
By N-
UWc+O
@\?C
]&pE
ICollection
_CorExeMain
lM"w<
HbuxCQq
y?gg
O4vY|
JJzF `k
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
?_?sy
.e`9
* 5D
[sEg
z5/r]
h_iG5#
(&uLD
J]-}}
taje
C>Jk1
ANu5
yn6%
O R:
FQT>Z*
f\6)]!
% ,
XV%-
d2ru5
U-F9Cv
b5IN
1i=!
U}}*
Ckc,|
,C\tFE
heei
'Skn
Pa^v<
|\7E
e5:i
}&$a){
HHlf
(R~"J
OLJk
^vh
MIl
ToArray
I@,{]Ic
HV|o.
{~$ZL
Ul$2K!
EditorBrowsableAttribute
q`\TBq
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
D]'k
7@;,
$,T
`i\
{]s8
9uDF
Hz7.
f\A?FY
)c3i
Ok{4u
IU)o|
e.gn*
_8Ec2
J\}qd
RQwa
FA&}
tq @
>`'?
-B;r
)Ex)
oe?U7
b#o9
I6.M
;9qv;D>'L5d
=IO]J
hzq~
5M G
Cl7
j8Tk
]b#O
KfCG
OLcF
D*,U
@H:'
==CH
[ yd
jDc
qFPB
>m 2V
i JD
w &m7
!Ff
c@/&+1
ZFPT!5
B'QNP
:Pe|
Load
PF oKBIJZT
X`y
!ul-
kG %'
dac v
-J;w
Ro:Q:Y
PDgX
System.Drawing
WPiw(
Nh.o
EEn &
6x[) ]
P4#^
~S3g
<>u
zVWD
=TiaX
`zkj
@_^k%
`e@.
5yc%
K_'KF
4Urq
!K[b
]:T-
Dictionary`2
2~hg
YM1
X @X
P`Q ENu.
s8b 8
|[SF
;yj#90
M_"7[d
%4)H9
4l Q
9;B2
9?dm
Ddyd
9~m5-
{-Hx
s}i!
CR+-
KPa|T
System.Security
s@e5J
ib*?P9
2$"`G
-i h
Zp.C
=veJ
LyF}
| jm
CsTjZ
Zp.8
^A {W
Xb|c
r:2%X
(1}A
f"b_V[_
oc>y
cc=}
;`!U~
Nl20
\ X
a&(i
{+^j
[J H
n~f6
iL-#j
-2R|
E0%l
kl}~T
]``-
602o
l'JE
0#)s
8eXU
)U^'e
&2]`
Ks3N]k
1)"4
'XG>
_8yFr
AbP!
P[GO
rcS"
oL6u
*&"xk
M.\Y
Mb:P
= "Jp3
ZiQ@;9]
^S&
ISerializable
jUx3
~5p
~;i$
m8(h=y;O
'wr8
maY5
'E9[T
k+'H
%F1v
!w [\
Y6Od
_lIx
?8F,
' #@
d\]V
L% )a
dL$0
+Cj{
$8Yn;
J ZU
.hf{
Ts]H8u
q{h>Kf
n![W
3\B+[qi
T[t0
}H%>"
y9TA
h&PM
]cca
*H}n
_6~*
l] -6
9o!Y
*&K`KTP=
gQ']A9
+!Mb
*F086
&%Z}
XAk(-n
U} [
ht.Tu
u'Ak2/
n[;,
j)_x
je0t
RIt+
C9f4(E`
3K7>
CX>
3Cp@
hzG8
FT1,
]'9^M%
yw$U
QoO#]
#* /
AssemblyConfigurationAttribute
WK=B
MethodInfo
+K&4
(t7G#
G%(6
-.f
K9V|
CultureInfo
bk[";K
Jv'q
{tVf
)z ABEI
pQe[
%0:,
1.0.0.0
mutk<3R
OxXb
d$2O
f{R~R
12a;
qvc#j
3{l&
s?$9
anbzFL
b]9W
vM|{ei
p[i[
yw/ -RD
u,W<-
?">'
-7"<L
2::q
c[Q@
~t5:
Zj_ m
DRx,
[>>X
z3H@
>S?n
,8 *]
htted
0F *:)i\
NHX_
Dp.)
8\{T
\t'7
bLbl
/.>T` 0/
m U
Nv p
(d6R
t2YU
g34E
sRGB
~MW
pMnJJE
S&F,
e 17
Eu@q
Ir (
O<XE
,M rpl).
r}"i
"85L
;rW_
iv{B
@7jUg
Tzb_
Z.]
;s_\
Exit
*21:_
<EAe
iqK >
$n?u
++7D
?bd2
lEG(
{irNU
1oDX
V;BsIQ
S**Is
~]^]nO
I1i)]
n.+}
><=$
JH.Zo
TSYT]0
Ch".{@o
STszk
dm}w
&*6(
UG,q
q ^#G
_,
]:>`Bo
Re c
;aF"
,1R$
]BR;9
/E"UvZ
Nu-
:# oH
ur J
x#@c
d'|
}m|
I9N&
h/TXI&G
[:rC
l$E
&.C"
&lgp6
X;'+f(
1UkP9{y^H
bGhY
62NjU_{
"$T_
+E0_
H)FH
-T[8
fX*M
h#;p-:
:sBwe
]eM/
/ X_vd
I,?u
r)&1e
p=vWH
ywvtL-
9;C[
G Q%r
|-,}
/D#bY
.]5F
VImu
ln@b
C g
{jbN n T
9 |6
^2(<}
{Z"QH{
MemoryStream
(3mI
rajY;
l N
_LUS
>x%K
,W/o
, N=H
:,_=
M r+
~DNh
?6bl
LRaN%
"0;Y
+AsVWP
hy>I
m,;Z@Ar
Ho7QE
27g^s
RV"
CH&i
#
@w<qoA
+,vR
[r/Q
TL)'
WIxQ
System.Threading
Xc<= -#X
B)6wG
eu1ry
l6mI
SuppressIldasmAttribute
6jAoW
:hXBF
z-B
meZ)
e+ ?A
myB%$
f T`
q{!kz
k8QLB
@yGb
lnib
mqPv
C*#X
?R9?
8HE/eU
7?2Z
?S(!XJ
;@<5C
1?@~!
ResolveEventArgs
nq;.
-&sru1N?(
oA;>
Tx?O&~
>cUNC
wLig6
3QR$
`%3]
02j45
G5F(HV
x%=AuJ>#
T-&'b|uU
quX3d
! S
mL3IB0
8r@ILe
oV)a
S"~j!t
w=& =
u BN=;
+40[
Hr'L
JE/7M4
i9 >
v$ D
Ncz%nR
0)q4J1
M*8}
Kx
<$EcV
:l ^XN
EL!
I$D&
DXr@I
Byte
1{|<
& n*
6WE<
?&fV
&O%L
aB6D
P*_v
I$wX
lyO@y
D"NO
eC6Z
N`tp
2?]
1B [
reJ3
6`4gW
k ];d
h1 E[?
+sQ}Gh
\0Qaj
mut4
4:):
G ant
*Y`H
IW"6
-MxU
JBK1yW
^Iey
qFb0=4
=>g\J{
^UEQ
`@f8
1<y7
40h1
xf3}
], w %O
: "!
1liC
QR /
hf bj
E_h3
CZ5
N ;\z
lCTC
R5g 1
,(91\
`Ahi
)_&X
=C@O
)LM$
>x,y
QpYa
4d`
D+crz
0&j_L
?mbl
^Ryb
C$\7
`v]B
|yCUK
<GpY
u^ f
Y2;6a4
k~Gtz
*i9 A
LZE3
NNUT
pl~g
U[v`=c
-.Lj)
WD6X
]2Lw
$KJrj@qH)
Copyright
H~|d
g-DEQ
j Bj
h_?IO
RY<;*
ziOby
[^-=
*8VP
eJ2I
5OeE
M?ujB
M,f
~uE%
Kp{;
~D m5|
l|c^b1
w)M#a
ROw=
):4@S
njqA
!0*;r
O',`
'G7u4
c}v,&
W7vRe
,$N"
,-QB
fSot
AmEl0Pf
3PM6&
47\*h+
3| .:@&X
l*D+F
-<hG
l2DZ
KyI
-O4W
e bl
[/iP
4#I
W?>f
gv"0%K*
$ S>
x\]-dT
D7H6
):?j
x+p4
Q9bl
yJ<wY
s:~TU
H3w@
.8 Wb
;g17
E""G
-D7oH
^4p3}
/[OS
9IV%
WFg
7XI67>!
]<3hK
bUNt
/`ls
U<x^
}0h/
A`ATG`cz
{a2bCp
uC#\
z <{
)^p"9
ar;Hy;%
M/v
{4e>
A'2Y
Yy;D
ZY0
iGuJ
6ae
sz)I
rJh`
`eH
^Jx_hc
)JbD
*Zn;
x;.
YFM
U @
cSG"
O*3h
}skT
P 4y
A7ASh
/?B\
3&2
u@(}
*esw^
Uro`
FxWd0k
trcL
\`,<,
T._Q
eu9R
k @{U<1
1h(8
>4*1-
lRkB
([DX'
a?A;
Fjv}r
h25A
d9^!
l HH
%GEZWC
.r]tK
I&ZQ
X.<z
c{4
+LXo
?3!\h o
&zPCrv
fVH)Q
~Or^
}|2TRf
WI~9y
//bl
L)T8
@C3L
b5Y
npVF
hAeB
m>OF
:CUo
E"<U
|U2D
udGQ
,aGE
fK* V
mAY^
smla+
"2jy
AssemblyTrademarkAttribute
l5u8@W
V0?d.
Oeg?
)a'<gZ
yC.d
'+3vv
Yjd}o
.lD2!
,3mI
G{!S
Enter
acO
67c
i[ _
]}Bk
Kk$6
{G2-yv
;{Rn'
osS1k<
*~U_
Hb
L6]>
[ Ff
hkd;
<$}O
855y0
[,W u&e
u/Z/
!Cd>
Dx9S
%vAg
]]=TM
be J
*Lo)
d 53
Ad f
]%J[
H(.Pt
FTZ$|
@shY
K lh
KmY+
Y[Ft
d|i
kT(iWV_
&sdr
gUk)E
SCmI
E?L
!@jP
82Ja_>I
^YOI
LeXK5T
rBI0l
V55r
&Dl|
1T{+
3i5/
S6:-r_
)yF)
b"Sh
-C>!
M>=
tG+#
(W@jp
`i,X
g#Q<p
jYf
h:E1
NX$w[
U{A#
.kT#
**9(u
Buwo
z6T8[r
ouXX
System.Runtime.CompilerServices
n!WH
[/#NH^
{P h
r}<
5;,Q
+KN[KN
%"yg
F#m$
L*Rw
|E 5
P&/K
!)|A
{N-{B
NZzR
$#po
.f('
1a2&7
=B@Bul
~X*b1A
rK<*
c&#^
6-/
get_Assembly
w84Z
TnD
( bl
mGe'a
W?H
#$jQ%
2b;p
=0 R
/9wF
TNm0
K4]
W!@
Ekfv?
}B\()
%@D4P
;l#
h4-I
g8Z&
^#uI
;7-xk@Z
5uxy
ps9
J2f|
|}JQ&
^v@(
R3>v
Ntz<2
GF;0 {
n. f
&d\y
GetManifestResourceNames
$ 9O
5o;i
8#c,
<PrivateImplementationDetails>
Za#L
9XLBC
|'0m
&)Ve
) &b5
<+Dx
15.6.0.0
u*mR
6T,$
B^j\
System.Windows.Forms
+t.W
K)bl#
g?_1
?*bl
$x/4
};.P
#(R<
*5x$
BPj-
7F)V
#tjGA
\3j
w y`U5xo
Close
H\TU
nb.KkSm+
=f
67Q+
+duj
pH*F
P4K4
Jul%
JzaC
Cr7~
_/@@j
]J 2
]{AJ
:[LE
n{Uf
Q1f3
4y&JD
%t5{
=3-Ds
f 6W
?4<I
e}~X
,o3h
y9*#[
Acf)
I</w8
Z6DoL
Rw:Lz
BQ$-#
"oHa
Y"R@*
?x)%
CompressionMode
G4wm
0Y6U
f6[V
]CmE
NV:5
[Oyk[
RC|(
`U#~y
AssemblyProductAttribute
T5DU9
tX9#w
cLM
+cMh
y& &v3
GF*M
!$/`
=V>
y!]:
gYy
`n][
99" '
Vs;I
J9M_
&TS,
hoB2I
+*+<A P
fSu\%LG
zvpb
)vqX{Cs2
FOT]
/;k
Sb\;if
Zs3R
ygo9
H0J6
X@.}}
{ \>
oRkR<
Z+i<
==`R
r!9IL^e}
1fzD
0'v]XzG
4TMa\1Z
Vcy?
2018
\bimX
mcaY
:.dh
nL/
d=u!_
z Au
M0GG
R [1
.12
AssemblyCopyrightAttribute
jL1}
nfr e
OH=_.
o}r |
W%F$
;jtx
=]jV
Sl
ZzqT
wjnX,
n&Hi>
m "
e0{IMw
!s)o
?)rha
d#O_u
~FqL(
AKQemP^
I0jm
29'&
x>1p
_Y }`
i@lC
5)qOo
"Odj
,,C>hAl"
>j9&
q!'l
#GUID
5!r\
..?|
uaJw
+{oO45
"1qn
B|<F
l/ck
'Gp:
g5v}
l FS
q)7Z
Wl 7
pMR\
mUK+
,"Ni
W>[`
:mq0
_BBb%
A#S3
nZ}A
={gv
Sh'~}
zv zBl
wiG|
1tzE
?u?YE(
oKy+
Mb/pE
A kBiO
/T a$:i-JQ
s%MY
Hc# M
Q[^U
%Zo
iUS?&
z&5>&!
\Q[{S
Y)' Bk1
@+$,
k=Hx
`3"\
&:5XR
/$KZU
TGj8
K*Cm
,1bTJ}
9E\K
jeBv
nfgxjkx.exe
e |
7hg!?
p99\/O-r
_.^SF0vq@
t |q
i` o
IV=k
z~<ci5
uv[@
dW<fX2
'@>
iH#M
les_
MZ13o
`~w@"
bHeg
ic/]!g}C*
>y
V\b_
'oXUv
5B i
XY A
!z~PS
Ocg
EventHandler
@+{+
thB9n
oBH.
(8TIS
-6yp
l&T^V
^N1o
QZ1]m'
:6_R
LHq6k
(I D
N-!C
tVoZB
IConvertible
o|c
.&)"
.Z{u
glo
Kf^A
4KK/
e=1C
Y/|<R
Xox
'B "
KcxQ
:'?(e
# |.
8B55
w lJ
OW;Ce
78Nv
zNWi
'@Vg
L**,=
"V uW
nM*R
)A$]
a+DNQ
Z\U
P3.7p
b9y:
ceH.
Dz{X
,3}I
_Ei>
y eo
pb`!4o
2FmD#
bEv*whl
]@*n
g!1
{?/W
)!%/
IPFBd$
6$9i
dM6N8
| <.
`,)Jx;e
|?&^U
QnxM6
3uBd\
(WV
<f+n
sW e
~DR~
p73`df
E;Cy!
[ fs
bHko
N{<h@
'HmA
2w9G
M9f~
E{CV
<r.a
!*Zd
4}kD
g|z{
,z_u
P A3z
E
@ XT
.,{7'
^ N
YcM=K
/;Vq
Ih m{+
b= {
NV`O8(I
i+w!
z+BR
:{Rq
V'`Z
pBO\I|mG/
o w@
//e|0
3J1"
*t8P
[E
g;MPZx
DjFz5
mJ&l
V Bx
pq8]g\
~7kL
|.C;
b,:e
2x{?$)
w<bl
h3Y9
5eGw7
?,Fd#
? Ya`
8 c1
1{Gb
{]eql
|YH Uv
; +n
aX?h
!\+@{x
I}:;
:|FH
i R"
y]6}j
dwqUh
_"a"
VA tA
4fj<
LCBf9
Mw2t
O2E ~
[Zk&
HT\f
ca+6b(
S& A
pRS>Y
KP#Y[
@6 z
@c>=j
M7V~
CBA%tL9
c*7mI
kH\Z
((5 H[
/Z>x
mer)
6<T|
T@YS,
Ea_-
=24L
;4i
Z ^
ir##{
e$D
K >5
i.d1
EE2&
dt;6n
^-E
60%
LZ<|
y Y^i*
U]/0
[LmF
8C|B
'!bl
s_8O
z^ c
!#.u
DE8AF79676FDDB60C1FA4569B52989FEE063F91E
l>LDb
/)bl
U,"Q
g;"J
[eI=
=^v$
&v
]G</
vxUPXv
8y)K
g~'@
>58"
System.Drawing.Bitmap
DZsM
j)6}
hSED
S)*i
Iy 2
N~E
R>Ij
}/pJ
C>mI
bv*5Y
zC`
q-K&
R?D*
M>?.
N*.z-
"-7{
GeneratedCodeAttribute
disposing
V2_t3,
yB>@
SettingsBase
; =g
u^@G
p [b
@v/3
XVD`nT
|87
gv 599>
c2YI
h2WI
UO+b
I3o Rr2
cs
d2~4
3$M7
wg:.
| gHc+}
kw"&
[LmI
\CRe
wND-
zf T
g]
'?p
Q&>h
K7e@
>J+X-
Noz/
~7]>
<;)>
Q |@/
{A6ld
6j%A
8fjsa
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven07_64 Seven07_64 VirtualBox 2018-03-26 22:14:08 2018-03-26 22:17:02 174

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven07_64 Seven07_64 VirtualBox 2018-03-26 22:14:08 2018-03-26 22:17:02 174

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\vauchi.exe.config
C:\Users\Seven01\AppData\Local\Temp\vauchi.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\vauchi.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\vauchi.config
C:\Users\Seven01\AppData\Local\Temp\vauchi.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\vauchi.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\nfgxjkx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\nfgxjkx.resources\nfgxjkx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\nfgxjkx.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\nfgxjkx.resources\nfgxjkx.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\nfgxjkx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\nfgxjkx.resources\nfgxjkx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\nfgxjkx.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\nfgxjkx.resources\nfgxjkx.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.default
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.default
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.default
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2472.2444140
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2472.2444140
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2472.2444171

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\vauchi.exe.config
C:\Users\Seven01\AppData\Local\Temp\vauchi.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2472.2444140
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2472.2444140
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch

Delete Files

C:\Users\Seven01\AppData\Local\Temp\vauchi.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2472.2444140
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2472.2444140
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2472.2444171

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vauchi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\340ad3ae\7635a96e
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\640c6bc6\426df369
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|vauchi.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|vauchi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|vauchi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\640c6bc6\946ebcf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\(Default)
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\vauchi.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\329C5882
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\329C5882
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\(Default)

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
gdi32.dll.CreateCompatibleDC
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
advapi32.dll.CryptAcquireContextW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
advapi32.dll.CryptContextAddRef
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptContextAddRef
advapi32.dll.CryptDuplicateKey
cryptsp.dll.CryptDuplicateKey
advapi32.dll.CryptSetKeyParam
cryptsp.dll.CryptSetKeyParam
advapi32.dll.CryptDecrypt
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
culture.dll.ConvertLangIdToCultureName
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptEncrypt
kernel32.dll.GlobalMemoryStatusEx
advapi32.dll.RegSetValueExW
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection
user32.dll.DestroyIcon
user32.dll.DestroyWindow
user32.dll.PostThreadMessageW
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
user32.dll.PostMessageW
user32.dll.GetMessageA
user32.dll.EnumThreadWindows
user32.dll.IsWindowVisible
ole32.dll.OleUninitialize
ole32.dll.CoWaitForMultipleHandles
user32.dll.SetClassLongW
user32.dll.UnregisterClassW
kernel32.dll.DeleteAtom
user32.dll.IsWindow
gdi32.dll.DeleteObject
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
advapi32.dll.EventUnregister

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\vauchi.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-03-26 22:15:26

Detected family: #Ispy

TheSystem Itself @ 2018-03-26 23:52:02