MalScore
100/100
MalFamily
Malicious

Seal_Encrypts.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 46/64 Related 1997
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 326.00 KB (333824 bytes)
Compile time: 2017-08-21 16:28:43
MD5: 165622754f824013e5045cc3b252daf5
SHA1: 5e8abbeb37ef067ee267b2b3e0a67dc0be6c3e40
SHA256: b7fbd6f3185c5134e04115c1804ec61b7bc3fe29af17e563d86156cf4f0dda66
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-08-26 13:00:05
Last submission: 2017-08-26 13:00:05
Filename detected: - Seal_Encrypts.exe (1)
URL file hosting
hXXp://iso9001-certificare.ro/a/Seal_Encrypts.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-08-25 18:05:49 [46/64] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x50d64 331264 19d79959d67729d911704f183052d78d c6c1d38e50fc03e24013f6a28242f65c9f73839a
.rsrc 0x54000 0x600 1536 6b4ae484c19a3907be898e261b3308fa defc1e129db62f182e8cf10ea944518c20ec1c2f
.reloc 0x56000 0xc 512 ca232caf650962af713eba4c6befe161 2797da94bcab2f23d86ae32dfacf6fe15414b11e
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x540a0 704 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x54360 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017
Assembly Version: 1.0.0.0
InternalName: randomeset.exe
FileVersion: 1.0.0.0
FileDescription: randomeset
OriginalFilename: randomeset.exe
Translation: 0x0000 0x04b0
ProductVersion: 1.0.0.0
ProductName: randomeset
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
Seal_Encrypts_00038.tmp
Seal_Encrypts_00063.tmp
Seal_Encrypts_00004.tmp
Seal_Encrypts_00055.tmp
Seal_Encrypts_00054.tmp
Seal_Encrypts_00001.tmp
Seal_Encrypts_00028.tmp
Seal_Encrypts_00057.tmp
Seal_Encrypts_00005.tmp
Seal_Encrypts_00021.tmp
Seal_Encrypts_00043.tmp
Seal_Encrypts_00009.tmp
Seal_Encrypts_00023.tmp
Seal_Encrypts_00002.tmp
Seal_Encrypts_00071.tmp
Seal_Encrypts_00037.tmp
Seal_Encrypts_00031.tmp
Seal_Encrypts_00070.tmp
Seal_Encrypts_00065.tmp
Seal_Encrypts_00059.tmp
Seal_Encrypts_00042.tmp
Seal_Encrypts_00061.tmp
Seal_Encrypts_00035.tmp
Seal_Encrypts_00064.tmp
Seal_Encrypts_00045.tmp
Seal_Encrypts_00033.tmp
Seal_Encrypts_00053.tmp
Seal_Encrypts_00062.tmp
Seal_Encrypts_00044.tmp
Seal_Encrypts_00049.tmp
Seal_Encrypts_00051.tmp
Seal_Encrypts_00008.tmp
Seal_Encrypts_00040.tmp
Seal_Encrypts_00048.tmp
Seal_Encrypts_00022.tmp
Seal_Encrypts_00041.tmp
Seal_Encrypts_00007.tmp
Seal_Encrypts_00029.tmp
Seal_Encrypts_00012.tmp
Seal_Encrypts_00032.tmp
Seal_Encrypts_00066.tmp
Seal_Encrypts_00013.tmp
Seal_Encrypts_00025.tmp
Seal_Encrypts_00014.tmp
Seal_Encrypts_00010.tmp
Seal_Encrypts_00006.tmp
Seal_Encrypts_00016.tmp
Seal_Encrypts_00017.tmp
Seal_Encrypts_00036.tmp
Seal_Encrypts_00024.tmp
Seal_Encrypts_00015.tmp
Seal_Encrypts_00047.tmp
Seal_Encrypts_00052.tmp
Seal_Encrypts_00056.tmp
Seal_Encrypts_00026.tmp
Seal_Encrypts_00030.tmp
Seal_Encrypts_00060.tmp
Seal_Encrypts_00003.tmp
Seal_Encrypts_00067.tmp
Seal_Encrypts_00046.tmp
Seal_Encrypts_00027.tmp
Seal_Encrypts_00068.tmp
Seal_Encrypts_00018.tmp
Seal_Encrypts_00039.tmp
Seal_Encrypts_00069.tmp
Seal_Encrypts_00019.tmp
Seal_Encrypts_00050.tmp
Seal_Encrypts_00034.tmp
Seal_Encrypts_00011.tmp
Seal_Encrypts_00058.tmp
Seal_Encrypts_00020.tmp
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
County Line Dresser County Line Dresser
$230.99
under $2,500 (137)
'Palladia' 4-Drawer Chest
$399.99
'Gabriella' Vertical Mirror
Compare 'Biscayne' 5-Drawer Chest 3441594_I
$809.99
Construction
60 in and over (3)
Compare 'Gilmour' 5-Drawer Dresser 14452180_I
rustic (3)
Compare 'Gabriella' Bookcase 3433787_I
under $5,000 (143)
'Camden Bay' 5-Drawer Dresser
'Biscayne' 5-Drawer Chest
LegalCopyright
traditional (22)
Product depth (in.)
No. of Drawers
Compare Home 7-drawer Chest 234599_P
Node115
Node114
Node116
Node111
Node110
Node113
Node112
Thomas & Friends
Compare 'Carson Forge' 4-Drawer Chest 395594_I
'Classics' Drawer Dresser
15 in to 20 in (14)
Node28
Node29
Node24
Node25
Node26
Node27
Node20
$529.99
Node22
Node23
1.0.0.0
Gift Registry
InternalName
Compare 'Dakota Pass' 4-Drawer Chest - Char Pine 395996_I
2017
$299.99
under $75 (3)
Node57
Shop all brands
2017 Nike France Inc. All rights reserved.
Node89
2-In-1 Toy Box With Art Board Lid 3440015_I
MY ACCOUNT
$799.99
Privacy
MAJOR APPLIANCES
HOME
Compare 'Cypres' 6-Drawer Dresser 272602_I
'Marsh Island' Dresser
arch (1)
'Gabriella' Bookcase
Compare Lift & Hide Bookcase Storage Chest
Lift & Hide Bookcase Storage Chest
WOMEN
'Avenue Eight' Dresser
Sort By:
'Ashbridge' 7-Drawer Chest
"Ashbridge" Square Mirror with Base
THE CUT @ SEARS
Search Catalog
$1,701.00
2 (3)
Node31
Home 7-drawer Chest
20 in to 24 in (6)
TOP
Compare 'Gabriella' Drawer Chest 3433783_I
double (7)
$379.99
$358.89
Customer service
Compare 'Harbor View' 5-Drawer Chest 272685_P
$1,349.99
Node88
Nike France
FileVersion
Node82
$129.99
Node80
Node81
Node86
Node87
Node84
Node85
'Harbor View' 5-Drawer Chest
ProductVersion
OriginalFilename
Node77
Node76
Node75
Node74
Node73
Node72
Node71
Node70
4 (18)
Node79
Node78
Compare 'Gabriella' Storage Unit 3433769_I
Compare 'Sheldo' Double Dresser 272827_I
'Harbor View' 5-drawer Chest
$369.99
'Tribeca' 3-Drawer Dresser
AVAILABLE IN STORE
5 (28)
24 in to 30 in (4)
30 in to 36 in (2)
'County Line' Four Drawer Chest 'County Line' Four Drawer Chest
'Philippe' 6-Drawer Lingerie Chest
under $250 (21)
'Biscayne' 5-Drawer Chest 'Biscayne' 5-Drawer Chest
'Dakota Pass' 4-Drawer Chest - Char Pine 'Dakota Pass' 4-Drawer Chest - Char Pine
'Gabriella' Bookcase
under $1,000 (103)
2-In-1 Toy Box With Art Board Lid
'Harbor View' 5-drawer Chest
'Soft Modern' 4-Drawer Chest
cottage/ country (7)
$149.97
Sign up for email
Type
$1,106.55
(7)
CLEARANCE
'Ashbridge - 2300" High Dresser
Compare Sauder Shoal Creek Dresser 227005_P
Material
'Gabriella' Drawer Chest 'Gabriella' Drawer Chest
Step 2
'Harbor View' 5-Drawer Chest
Node83
Node102
Node103
Node100
Node101
Node106
Node107
Node104
Node105
Node108
Node109
'Gabriella' Drawer Chest
Node39
Node38
Chambord Dresser
Node33
Node32
(19)
Node30
Node37
Node36
Node35
Node34
Shape
Compare 'Tribeca' 3-Drawer Dresser 1260429_I
Chambord Dresser
'Cypres' 6-Drawer Dresser
'Beginnings' Dresser
Careers
Compare 'Gabriella' Vertical Mirror 3433777_I
rectangular (3)
Harbor View 5-drawer Chest Harbor View 5-drawer Chest
Compare 'Gabriella' Dressing Chest 3433773_I
'Shoal Creek' 4-Drawer Chest
Copyright
Node48
Delta
Node46
Node47
Node44
Node45
$1,499.99
Node43
Node40
Node41
Search
VS_VERSION_INFO
Node49
CART
- Pink
Compare 'Harbor View' 5-Drawer Chest 272686_I
$449.99
Sitemap
randomeset
$499.99
Node42
Universal
$499.97
Compare 'Palladia' 4-Drawer Chest 3430036_I
'Sheldo' Double Dresser
Compare 'Ashbridge - 2300" High Dresser 3441811_P
Compare 'Soft Modern' 4-Drawer Chest 395598_I
Compare "Ashbridge" Square Mirror with Base 3441824_P
"Ashbridge" Square Mirror with Base
'Carson Forge' 4-Drawer Chest
Tables & Storage
County Line Dresser
$1,728.98
'Gabriella' Dressing Chest
OUTDOOR
Price
Compare 'Orchard Hills' Six-Drawer Dresser 227890_I
'Carson Forge' 4-Drawer Chest
$219.97
(24)
Shoal Creek 4-Drawer Chest Shoal Creek 4-Drawer Chest Shoal Creek 4-Drawer Chest
$219.99
'Dakota Pass' 4-Drawer Chest - Char Pine
- Pink Lift & Hide Bookcase Storage Chest
Catalogue
42 in to 48 in (1)
'Palladia' 6-Drawer Dresser 'Palladia' 6-Drawer Dresser
Compare 'Beginnings' Dresser 395946_I
Node99
Node98
20 in to 24 in (8)
Sears ClubTM
Node91
Node90
Node93
Node92
Node95
Node94
Node97
Node96
Sauder Shoal Creek Dresser
'Palladia' 6-Drawer Dresser
KIDS
Brand
Join now
'Gabriella' Storage Unit
Translation
Furniture
Home 7-drawer Chest
Home 7-drawer Chest Home 7-drawer Chest
FRAN
Node9
Node8
'Palladia' 4-Drawer Chest 'Palladia' 4-Drawer Chest
Compare 'Classics' Drawer Dresser 358117_I
Node1
Node0
Node3
Node2
Node5
Node4
Node7
Node6
'Beginnings' Dresser 'Beginnings' Dresser
60 in and over (18)
checkedListBox1
'Philippe' 6-Drawer Lingerie Chest
'Orchard Hills' Six-Drawer Dresser
'Avenue Eight' Dresser 'Avenue Eight' Dresser
$319.99
Thomas & Friends
'Beginnings' 4 Drawer Chest
'Orchard Hills' Six-Drawer Dresser 'Orchard Hills' Six-Drawer Dresser
'Soft Modern' 4-Drawer Chest
10 in to 15 in (4)
Langley 6-Drawer Dresser
enter your email address for special offers
MATTRESSES
- Pink 272853_I
(1)
36 in to 42 in (19)
WholeHome
'Ashbridge' 7-Drawer Chest
'Beginnings' Dresser
Rewards Program
Load
Compare 'Harbor View' 5-drawer Chest 236278_P
SEARS LABEL
Node21
IDEAL
30 in to 36 in (31)
Our Re-invention
24 in to 30 in (8)
$999.99
48 in to 60 in (8)
.resources
Compare 'Camden Bay' 5-Drawer Dresser 360270_I
$499.99 - $519.99
horizontal (8)
'Sheldo' Double Dresser 'Sheldo' Double Dresser
Product width (in.)
rta (23)
Compare County Line Dresser 3446544_I
Sears Services
$2,430.00
Compare 'Beginnings' Dresser 395945_P
Compare 'Shoal Creek' 4-Drawer Chest 197437_P
Paula Deen
CDI
'Gabriella' Dressing Chest
Node59
Node58
Node55
Node54
0 in to 10 in (2)
Node56
Node51
Node50
Node53
Node52
'Harbor View' 5-Drawer Chest 'Harbor View' 5-Drawer Chest
Assembly Version
'Clarissa' 6-Drawer Dresser
'Gilmour' 5-Drawer Dresser 'Gilmour' 5-Drawer Dresser
AIS
OTJRXSRAJGSDUZER
Compare 'Avenue Eight' Dresser 3445718_I
$602.99
Compare 'Philippe' 6-Drawer Lingerie Chest 3446917_I
Dressers
$1,214.99
'Marsh Island' Dresser
treeView1
FREE SHIPPING ON ELIGIBLE ORDERS OVER $99. SEE DETAILS
'Gabriella' Vertical Mirror
Compare 'Palladia' 6-Drawer Dresser 3430040_I
Order tracking
$2,019.59
000004b0
'Cypres' 6-Drawer Dresser 'Cypres' 6-Drawer Dresser
randomeset.exe
Showing 1 - 42 of 143 results for "Dressers"
FileDescription
Ashbridge - 2300 High Dresser Ashbridge - 2300 High Dresser
Marsh Island Dresser Marsh Island Dresser
$89.99
'Terra Nova' Dresser 'Terra Nova' Dresser
6 (26)
randomeset.Properties.Resources
Product recalls
Activate to launch comment card
Sauder Shoal Creek Dresser Sauder Shoal Creek Dresser Sauder Shoal Creek Dresser
1 (1)
More...
$139.97
(5)
'Camden Bay' 5-Drawer Dresser
$1,179.99
Compare 'Ashbridge' 7-Drawer Chest 3440026_P
Corporate information
Compare 'County Line' Four Drawer Chest 3446556_I
Follow Us
$389.97
$4,375.99
StringFileInfo
'Clarissa' 6-Drawer Dresser
Shipping
Protection Plans
Node11
Node10
Node13
Node12
Node15
Node14
Node17
Node16
Node19
Node18
Returns
'County Line' Four Drawer Chest
under $100 (4)
VarFileInfo
Lift & Hide Bookcase Storage Chest
$599.99
Langley 6-Drawer Dresser
$3,400.99
Help us improve sears.ca
$1,599.99
Sauder Shoal Creek Dresser
Style/Design
FURNITURE BEDROOM TABLES & STORAGE DRESSERS Refine Your Results By:
modern & contemporary (31)
36 in to 42 in (4)
'Terra Nova' Dresser
Compare 'Terra Nova' Dresser 3445772_I
0 in to 10 in (1)
ProductName
'Gilmour' 5-Drawer Dresser
Customer Support
Bedroom
$349.99
8+ (11)
15 in to 20 in (92)
$899.99
48 in to 60 in (20)
Compare 'Dakota Pass' 4-Drawer Chest - Char Pine 395995_P
'Ashbridge - 2300" High Dresser
$279.97
===========================
Eddie Bauer
'Shoal Creek' 4-Drawer Chest
under $500 (62)
Sauder
MEN
Compare 'Clarissa' 6-Drawer Dresser 360282_I
Compare Thomas & Friends
$329.99
42 in to 48 in (7)
$1,120.99
Compare 'Marsh Island' Dresser 205322_P
FURNITURE
Compare 'Beginnings' 4 Drawer Chest 395394_I
'Beginnings' 4 Drawer Chest
'Gabriella' Storage Unit

Node68
Node69
Compare Chambord Dresser 3442866_P
FIND A STORE
Node60
Node61
Node62
Node63
Node64
Node65
Node66
Node67
'Classics' Drawer Dresser
Compare Langley 6-Drawer Dresser 1261093_I
Legal terms
7 (8)
engineered wood (20)
assembled (12)
$629.99
wood (79)
'Tribeca' 3-Drawer Dresser
vertical (5)
'Dakota Pass' 4-Drawer Chest - Char Pine
Parts & Service
Filters
$1,579.50
under $50 (1)
=c,X=
+Yt1
cn[r
k'<f
Si;t1
PO[x
T]7+
y*?d
dQE
C +G
hsk+
5Y`N
}M.Y
4Kx
DaoW`
S?8S
H*}n
S0ekn}
GetBytes
x- 8
\kC !z
jTb'n
whI5
[l t
]:bS
CRBG
rAE~`
o Z9
?r^9e
Culture
%[Uz_?d
8K(D
&UWBl
, FX
\?>~
)ULw&
&hpp
AutoScaleMode
2)jP
%;C7
\o1R
*[p;n
/T|}
_} ~
4[2T
Fwx!
4Mp.V
56AC
s}.i
x8~B
kN)P|
$r,
IN2;91
Seal_Encrypts_00038.tmp
Z,~;
2+ u9
,G TL
i*xX
2tRX
! Pe/)
cQ}<
iE?C
%)}x
get_Controls
R`J
+&%R)?
`N[a
NXp!
}>1
'T$~
c_ `%
HS|dp8
8bE7
F~Fa
T.3M
ATK
3'?vf
{]@!
8fkk
^. fW
6 &@
2h#}
&xp
G1dNX
/YrV
Q^Y
KL(r
Q=b`
v "Xz
*4LG
rMPB
7 ;%svL
XAgg2
f>-X$P
f }v
5`:8 6
yFh\
g<zc.E|
,{['0r
35/cd8'
g7GN
.cctor
T: cOME
&<1,U
E z
]gFo
'%w6
(yjS
&oOH+
CYU00
(i%!^Q
'C! }>3
I,$~
MadY
3<de
CompilerGeneratedAttribute
T2>{
J,D7
8e s)
ghP9V
.%Z
set_FormBorderStyle
,h.+
'tTS
N']Nf
C_fN5
Y}sn
85_X
q5?(+O
d~+M
Pw>$
E,rw
c`[
^wu
x>o.
%Tl7InV
Krj
i r
j~\h
n|%h
NN^
m/Rp
zt1!d
iWM]
U!Jw
C4f7@
.8i|
$<t$6
r*1j
>d}9
ae{6
Rr2r
u"CU
j8<@
H@JM
X2Yq
J^7WA
-NgRd
*Mbg*j
ny[U
vxtC .x
5J_qMf
P{0j
l4C&i]
4dc:
Write
Seal_Encrypts_00063.tmp
EnableVisualStyles
=r*
O/]?
=BxV
V'QF\
a3W_
m^;;
< VaSR
mZ b
XA-fZ
>sJA
set_AutoScaleDimensions
{TI]2
(fpS(
,TAT
`+9
[]])
=n<f
e[f<p
Seal_Encrypts_00004.tmp
YpZjK
IN5Y
ListControl
m1Ts
(H0|G
z=*q~
'r<&
,^E>
00
r#Q+
wz{T
ka,;
JU4;-
5 e/
>FA*
!oDM
1aZK
b-g;
~M10r.*
z \pAR
dL@f#
J54a
[M7|E
9ldBq1#
tf[X
??cxea
N$K`
n\d :
CheckedListBox
b}YW|
NVQ>
z(5wT
LU4)
B$G8
uVs&E{
]ry-
w) m
Yg"P
^t z
PADPADP
_ 'P
!}1m
-!yL
*Te
A8m+
q01J~
Ifes
/,o
G-+I
d-?u
@tuy
3rmVt
Q iT
=EltA
8s90
C`'o9
Seal_Encrypts_00055.tmp
ZX I}
k<Fk>FKLQ
NbQ
pBzv
peP^E
?AO.
~)l'
2&e M
AssemblyTrademarkAttribute
WkLt
#H$2
%<?m
vGif
6lgR
z {,L
nlR}!
'A~V
QINR
f5*0
tZ/K
N#1|:
*%9^|[n
&nmT
Seal_Encrypts_00054.tmp
-jHT
2n,9%
KU3i
Mvf9S
mP=Z
JlTywE1n
v\dY
]y<?
X&i+v_
6LY!@
1 'o
K #;(*
0|5
"uc-8
w@ V:
Xq}Q
c8NiG
*(,-
M2mn
#Blob
)R=6
DL4pQ
Start
'`..S[+
8I+6
"p(#~
0V/#
>e}Q8
67*T
*1 T?q
Program
5J_K3
(C38
4Zbh
9re5n
KZR}t
Q|?O Cf
Seal_Encrypts_00001.tmp
Kh"f
^.=+
k&0E
3@~wG)
q*"
ERFo
VSHAO
X;a0
u Em(
OcHG
gE+R
8KfrP
arH\
a-lk[}
iCT 2u6m
q}c
*y+N
LRYSLp
\{wX
VKyAE
Z.qA
V4pQX\ 7
uU[{#
$wV/
/Nd|
Tc{ m
Seal_Encrypts_00028.tmp
pA.&T
BD^O
/dv
'Ep,
\@Bw
XA|?
LRAq!
kF>zW
\(yv
fGS6
TripleDESCryptoServiceProvider
f:[)
t;75
%6W3l
_Vu8W
>c{w
eN!f
y Sa|
0V`Vb
O54"j
q4 C
TtxT
gn`BE
n_"%
5"4[
]mzQ?
$=
`] (B
[1fWI
u5u`
7rF
Seal_Encrypts_00057.tmp
o92 J
N?0y
get_Name
#-(
TpS>b\P
|NKy
c''7
m =
N\eH
$tIw
s2
p s
HashAlgorithm
eY}|
,2S1
_)yPd
>ZPy
Wwe2
j[^Rv
=\2/
!d5bzgH1p
N>#DqT
3'-(
HvJ{
P9a)
Oh=$
d$A
PJLke
+|+Y
*CTg
*\YN
< >S
fOL{
.r"
lp&
~[*
y r
o 5f
ONC
&j6%
*?Lt
5om_
h* <U
C"- m0
*dy
z7HI
uQ/6
.G.k+h4R4
u"t]H
{Y;>
<,9c
4@ Z@
>Tr[
)V\1]
/tK
GetParameters
B6OY
9>B1
k!6VXi
kN1BC
k!~x
3,.(<
Dhl7FX
"M9a
zx!4]
9 B9
XB@I
<E F
.text
zQf5
J??Cd
;@g=
sR7`
X('6
arl3
FUI(Z
c5\
z+\
7V6&
K4%TJx
~xY QG
^GOx
`oP-s
nex~R
mq[ K
DI 5
e~Rm
:sVn7
2qU$
U@*B
G?
J6uUd1
Xp$,
System.Configuration
_*9,Z{+
0rn
j29l$
s'MDp=~D
x5!:
o`S&
Dlpk
}vMw
D(IVie
k9f?
[,u+
Aeen/
Ci90
on?i
Seal_Encrypts_00005.tmp
CreateDecryptor
F2c{
OW m\
|L e
_f9&
bOr
p X`_
4gE&
[u\J
Y 0']
'VB n
2=>0
s7g
Fy"-6
b>v F
mL.e;9
<C=+5
Ap'0
CFV)>>
Resources
D.Ct
CipherMode
4@ ,
a9\.FH
'Oq<
8^ fsf6
)-6
Seal_Encrypts_00021.tmp
"@`h5
5 @9G"l
U;a-
d @K
Fs |R
Z=Rl
yM{)'
aL?
RmP;
'@364_
lNe7%#
SetApartmentState
O\bS
s57
u J (B0E
!GtG
{)
K$<a
mEq2
,2VejQ
J6u+y
Control
;`t
-J|J
C{4S#
!XKC$
kF&:
~DSC
TNKy
Lp?*
`.rsrc
||?^
randomeset.randomeset.resources
A$ 7e
&6 p
*'n
SecondaryInvoke
_HRMa
tKR~
.ttR
UM!_
}+}U0
t[!Y
a #
PnB^
get_Default
|J)u
Yw&8
@yZ\
^Q^qo
}." <w
}7j*
-pUW
5 fsf
>98
fi{l
L44_
sGxf
get_Nodes
\+v
q/ -V
c-<q=
|#lJg~
V,s^
(7UG
R(>M+
/[blFY,
]IUF
_\s'
=eNX
+0/LX
V N
T Y{&
K7O[
set_Size
\,-w
B!n(
;:4"Ve
C&4>9
J'nN
I_hymv
set_IsBackground
57{
Zl`!
D:66
%lk[}
}!";F
Z7^;
MemberInfo
#b5QX
q+)?*
,SXO
zT20
{w^p
XVBsV
Gd"
:yfA
)^<S
?ddEi
Yn8
AR|W
;@ /
74A{
H,k+
^kKS.
U_!\g
s]JVoZPf
Bm":
w{e5
Fp^!
.u!#b8N
{JG
}r;!c
9XE0=
XSC
'yxL
(t_(
.|~*`
} J
]s!,E
>s}m
|@!HA
@%&E2
h_+0
s1e"
W[b7+
>*vc
b E mk
w7/
B\q
]p7@
p P{}(
m#BX7
I 8>^
. iw
V`*k
3~
-X'y
i 1H&
c@M3
3fE{
Synchronized
to'*(
, wQ
eY$CV
11.0.0.0
6'lN
Seal_Encrypts_00043.tmp
[Sh(
I#f
t o{
/iy#O9
B$
kAJ*
L*VK
Sz~Ti
MZqgZ
9efrSw
ayzs
A |W
gYd3
fl.~R~o
m[7:C?d
[V V>%
Pp;g
%E*,
p-W1
* TL
(g#,_
$V8_
xS q
: *//
I> 1p8P(
=BhJi
160{
Main
aRbs
OaWjz
cn[<]<
FiW_
<;4%c
8|YZ
Seal_Encrypts_00009.tmp
i*&J
sVaSR
7w {h
+,fGX/
RTy/
Z_Iy
~B z~
"^13
%3~8
e`'^~@
x8X=+
/u0,
gHEX
PRhe
M%J,
Iz D
?MJ<j<
$X4,
D)gM
i? "
_Zg$K
*W]as
s)1{
<cOD
randomeset
'8b*
3s%6
v}HP
U][[
System.IO
A32
,Dx@
a'J{
6ZDp
=?Y4
(
DT@5
'GKN4
0AO
RuntimeTypeHandle
Dispose
E|c?
;Q(t
]aU+Vt
@HK2
d[S3
cn[>+
F oy
AD^
lA-&_&
~XBw
EK &
3{r\~
Close
\@VLf`2T9
3IR
lvOe
FW`Lr
Seal_Encrypts_00023.tmp
C+[Jq#
o),}
TreeView
^e+{
M`iN
#8!G
STAThreadAttribute
d0|Qo?
i;zm
jW'~s
*oZv
CKoa
Seal_Encrypts_00002.tmp
iFO-
l7-0W
iUt$
V~DO
# #}
System.Globalization
`sD `
FC@?
Zq8v
2bTy
$ $I
D<lW
$C=<
T;'{
6X1>
YJ>\
aQ-"H
9!'Q;O
i*YM
-cVR
;:0
Seal_Encrypts_00071.tmp
tgAaLy_P
Ia2"L
+|R/
X}{-
edK|
&dYy
zAS<
-WYI
G{Go
r&6!q
i'/{
W82D
Application
<6Xo
TreeNodeCollection
BVlXKW
&!>L
ZLbY
s.zaU
K _x
Cqs 8
w= &
bIe
WqWV
NX4U
7 oq
R#0#
oyT#
Cw \
J Ju
6u6[
l^ )@
suD1
O#Nb
CreateInstance
*Bu%
~fbh
)\;>
8Md\
ZqN}9,
hV[
8"jv"
{!,
#r
e8I
MethodBase
#Strings
\qF^
Da$<^
Y;~{p
0.`@j12
-7^I
aBdC
k;]+|
lSi]t
P_cu
hy.H
jB?WDw
OQL r1
lYyI
ypx6
&D\>J
z )|
@5 6
rb@
/Fk?8
>GIa
}RN|
>h~%8
`?xB
K`~vyE
F2Cc|
*("P
@)IELG
;U$Dg
D#<`
Xgo
k</7B
=4ipN
.FN$P!
!2qaE
1D?1
g/fU@
]8z*
(;lR<
1]u"p
L xR
2* )
@H1r
7*xu
System
dh^sZ
P:'~
o~/
C4pPt"
pqU1
( e>
WsS;r
jhb0
rb@q
yAyy'
System.Diagnostics
WA1c
W31Q
zS,G
VA*B
@6#w
jx;F
6D Z
T@/m
SCROO
VoZ/
w4HcN
Seal_Encrypts_00037.tmp
9,{T
1?qa
Seal_Encrypts_00031.tmp
#PcS
}q<^
'1U]
\s/$h
oE:6
4)D.~X
TxK?FI
XQR^U
J0eU
^KLI
Seal_Encrypts_00070.tmp
'7Yp
I8nj
B[d|G
,Qb}
< ;h
f9M$U
:;Av
h<WU;
.ZU2FF
`W"e
t>:e
TertiaryInvoke
>mYi
imvyu
?I x
Seal_Encrypts_00065.tmp
K^~N
Z)Es|
^YB`
OLr_>
j5sh?`
k H6~
OzNleK
2VWM
O+DK
2Iy :
JqLD(
U@A&
S/%p>1
L{=:
String
t* &1
#O:?x|kB
set_Location
Br|L
RandomInvokes
:CB`
s9=Z%,
,dj*
( {S
|8R2
MD5CryptoServiceProvider
n_"%fb
I*[KM/
Seal_Encrypts_00059.tmp
-F`h:G
rZDkGJ
^'~_
_CorExeMain
f8T^
s! V'
> h
Y_H\(
f|u*M
]8'j
KBFkn
pNKy
yu?sc?
tf 0
\/<b
u(,>
dN5sz6o
'+r[
$ G$.PE
+?MJ
sdz
[ dm
44RI
o6`n'
HL~D;
TertiaryFirstInvoke
! XM
Zu,/
>9
*EQ/
sC
Imw5
fnia
h) m
I-eF
18"t
B$T
e& kp0(
Ovfwn
RNgw
6JSa
q$+rW~
(COs2
cUa p
8?o
Oj^B
`v7x\
%f?C%
Np-vv
|qi9 K1
9Q|<+
&Dt u
VoGu(
uU[{#1p
,k ^i
p@j2TQ
/ hr
MWR~
t^uCr
1'/M|
\5&L
o^`$0x
z.=>
fgkw!2^
a5$f
Xjo
Seal_Encrypts_00042.tmp
ER S
$ o5
B [e[
WVb7
Form
8qWx
pH`,R
DvR\
W9lk[}
hpMd
FC%,>
tm:I
_tn9d-
8)T9
ApartmentState
C@d~0
-`uz
ue9J
4O#
|Y#n
VuDKJ
?@}W
bu/5Zt
Aj6q
\l w
h%D] u
s3bR\2
BeQIy
1"!$s
3 Yo
PreInvoke
ParameterInfo
=TJ
cqUy
S/NM
4Rq{
1mH=
L:M+
)CP^
HgmG
@p{,
F}p
uFsP
"OI/
^LiE_
n_"%S
f{2<
'4M+
ZMQk
n_"%\
f7\l
;EhK
7{m/L
pO[S^
ozly:
9=1s`
CHD3i
[)V
QqL-
3&:t
zT0x
D1?4
vkw*
;!8/IE
G6l'
\4!*
5J_0Rgj
[:mp
b%tap#
j>I0
t\RK
wWa[
n_"%n
FqF7
O`u0
~>%<
a|Q(
iCmB
sY$b
U/F)
h4^dI
cJB 1
,Xi3\
T`1#7
l<F0Nf
"eH2o^F YN
nN]I
get_Length
dd:G
4.0.0.0
1-&;uF
K)Y;
FJWs
;$<&
YS Dj~D
3[yV
W;F@
I"&R
=klmQ"
?rx
|W8
Seal_Encrypts_00061.tmp
'.K_H
dE FF
~E3l
g ?B
K&ub
*FE
Contains
k'JT
ResumeLayout
hR[{
k0bE
:gETb
Seal_Encrypts_00035.tmp
n}8E
jnf**
5J_&b
.-z6
1Y$
etGpw
$ ZM
_qmV
System.CodeDom.Compiler
GuidAttribute
)O57
R$+U1
SetCompatibleTextRenderingDefault
!./$G
!E.h
-w;1
i&V{
O FV
Seal_Encrypts_00064.tmp
get_EntryPoint
v%-~
value
n( A
f8y)
yHmR
L;{
Seal_Encrypts_00045.tmp
,3uJ
O^,;
Vc)<
LyTe
)uggr
[1`vK
Seal_Encrypts_00033.tmp
= ]3
Nb(d
0 i
9rY
?NW@N/
System.Drawing
ZU\f
x>[$
i :
8sbL
WWaS
q@lKw
{sI0
V]n.Yv
4$Oj4!
jdu$g
@ Fo^H
z/~8Y
# ,
v`G.
FormBorderStyle
"Es'
Be<T
E kB
p-bht
I R J
$Xr `
~xoG
NFjw
NN[4rMR
jCi8#
<&#A~
XRe)?Q
=;t7[
Jaco
d]XD
e/}f
EditorBrowsableAttribute
p +{
;`U9
fXUO<
@5Z]
\\ZZ
x"5\
m7b~'
=MgC
lA"9
gME\
=IBst
~RHw
!\k.O
r1KX
X.: \
1;L0
Bqgki
YKW-
% |A
}^D
1|j)"
<` d
4"Db:
t4X\
ZgBta
).{y%
NgiWJ*lE
L_*(
\ejczq}
U<$BJ
H -Ah9
> ?A
k*f;
N!k63
bylYv
2m2]
@Gm{*n
Invokes
oFmu
A a9A
q2>6kG
#5Yz
;(_$
(7q<b
Cg&`
(`[\
1LP=
VL3i
aoNK
X r
=^X
R&Cr
W4r
ICryptoTransform
FU]U
ZK %"\
Q5Ysw{
9CHD3i
q!C]f
Mhw4
D"V[`-
AssemblyTitleAttribute
,j=
%'9w
<=b
Cu)p
:%3&
Od;
|m;m
s))Lh
Xb??
PAkv
e3#>
SjF[
jYL
61mH=
7U$p
z9HD
-< ;1
7#|\
{["`
job
`bV
M$}*$7[
}<_K
3nM
*Vs
\sF'
>ZKS
<aq;
add_Load
a, f
8502
8Bs'
i|=9
5J_l
*)T~
/7hA
5J_h
SsSn
Z@5W
5J_k
x8~B-
&67J%
:3/?
C.]P)
@+/DOPKs?x
kS6^
`Z`5
T#1]
q*S$
E $
PTYy
cn[#
5J_B
4gJqb
*)T_
FY&<
N _3
5J_T
1( E
lZP/
Hii`Y
SZ+K
d"_#
#lf
5J_Y
S~U{
vGbtTA
rInvoke
w^(x@"lK
T{QO
ZAU$
@~-
dKsZ
&$}t
E7,X
/rH
Seax
"{`f F
j=i
5J_2
] )BNwP
*4fv
?Zn
Qbx $
S;~U
OkW)
n]w
x8~BY
{rb"J
x8~BU
uo!n[
<s@[E
<>""
.ctor
aBwj0
.#]L
b+,^
jO.
\Lq}+\_(7U
Mynnqr
NAU
mscoree.dll
xSX C`
_3aR
CBdnv
cGiq_
5RQe
\lQw
5 $|9Oj)1
r?Db
]rAR
~{kc
Seal_Encrypts_00053.tmp
{~
P'y
Invoke
\5e
z@*K[
YRUp TB)|l
Xa?|
S}8m
| Cn
)i.0l
81 `
1rz
k&P=4
Dn^d
Y.Yi
d s'
=DeOf
(\y32
\ K
y@$~
)FDC3
h'KZ
qp[L
{t L@
lnas
Back
%J[w
U{|g
Z]*G P
q~9K
WtZ)
FoZW2x
l+&=
WrapNonExceptionThrows
CW
y>rg
59\O
s*K
@.reloc
\V1
|0;ql
DI9QJ
6j2"
\<-"
Fk}h3
\~"S.)
aw3-u
(Vvud
BfWg
~90 V
,wp<9
xB@W2.?
FY|>
+h 5X
L?C<A8%yb|
O1 z
\wni
uvWg,
x}:I
{Fnf
U`&r
4j(V
Rmp-
y.M2T
wwoA
fh0n
W)kG
bo4F}C[
0Dz
R[G">
]~}
r]<C
Tyz8
A?PL
%h[./
zPqR
< 2&
Smf
u5cx
o]NS
9=Z%,
-,u)
_4Be]
`#L`#X
lk[}
Z/ q
G7,X
MGbD
T~\K
sm:zU
yQi2y
8okt
iJq(c
BeP!
DP7
](LHF
r]c"^S
e]ws
d.G|-
P-OZ
y,C_
=g'kV
(qJ94
aDgn
U XW
[ Jxa-^
"83Xw
[==
:LE]
;:'?
j:-0Q
Mz^_'
G|Vs
f\f$ A7
CNYNM
.6l0
*[5w
wFD}
u2.?
>;gH
(^?`
V gR
3U'0N"
Em GzY
5k "b
B[\*2
$a+tm
2z^*
set_TabIndex
@g)bz
Get_Resource
g?/w
E?Wp
?#^+
n: 7
f<j#
G&|C
JWs!da
"'gD
f=LI
L|8;
+9F
\&2??<
3?/C#(
f8Dr
lpffm`
Muo&yF
s#c]
1d}L
mRZj
T^o]
xa2"M
:>bw
CudT/
Yj \y
t B]
"jRi
{k-=
RuntimeCompatibilityAttribute
fBG 8
SE8
9mA#
i0=q
Assembly
p -:|l
O'2&
2x}f
EUkG
'@/QE
.O`>n
oS(-8.
pPNY
f9S
UN$]
~H*
oQ6:/
4|#r
cn[=A
<z9y
}n#Sp :
e a#M
cZa
ImHv
uDEM]
cn[=M
b0FE
%onMJ
y,
5RgS
1Odp
.=2N
set_Text
ar< <
g3#)
PVL_
t:E >
Seal_Encrypts_00062.tmp
% }`7
-OZ
Hnu)
_up
\a)DFw
q:7H
%r>
xw:F
'^) 8Z
JVz6
~MX
H0G#S&
Pn[:
Size
GG>X
pd}s<
@M76w$
Yn7<-6^0[
ic`l
SKxrrg$
:AS
ci@)j
u37N1^
:.-\
X[xy<PU
FB N
Rj^2
Seal_Encrypts_00044.tmp
;"2T
xN7ra7
FDUXVq
z Ax
&yP"
.G Q)%KI
'&-Bx
IContainer
eM-i
0Tt37M7
defaultInstance
F#^q
aVhIR
8502UR'
U=lk[}
X j`B
M@*#
U? @
Seal_Encrypts_00049.tmp
(]?O
@y(j
#<#}
io5
tCGz
WG{
0JwQ
B, V
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
, n1
ZJM@jS
Loke
bOR?
HvJ{w
{PN`4
vYNDb?
9G,UI
IV4q
A* &m
xv@2<X*
(IT~DJ;E
Evd
#V]:\
V N3X[
#Wg#
x:v'
> K
&NFO&
Ep ]l
US'C
No^X
=>+vxl
>d",<
D)u|
nzY'
8EEQ&
!e_^
MP?t
!o[L
$l:j
`1 Y
.-E6
t:WNKy
6}}B1
Sh};
^PCD
E1d= %
Gp u
WEdv
Seal_Encrypts_00051.tmp
$5eo
<@!P
wz9M
ResourceManager
%O@N
{R`4
GetExecutingAssembly
D6lk[}
F#+t? >fNc
"6y;L
?XFrj]V
<w}$
T9 3
.^ P
T33[
p}lB
U5[w g
-YSQ
t>:e0|
C^)T
` lQA{
Seal_Encrypts_00008.tmp
0@|hA
Seal_Encrypts_00040.tmp
7jFFt
6$Ssp
{nI
8rl
XU5Ecf
>NA
*idQ
v5nldf
Seal_Encrypts_00048.tmp
=V mW
rau
Seal_Encrypts_00022.tmp
&n!_
?,$K
"U<
yV:/
k=S<
H@@R
VWT
!w3J
&^ |
AssemblyProductAttribute
@ATU
&p/i
P8 RZ
(RBnT
J\~st
3g&4u
v8F9
aOj(
J'4q
2,c
Seal_Encrypts_00041.tmp
9 =u
XVn(
AssemblyCopyrightAttribute
iy[_
8qp
9$x+C
]h+sm
Nu,*VwJj
u>vF
ax@28
qO.)
lwg7
2]aH
N8fG/
JVz%
_n<|
&$83
tg)eDe:0\)\
J! OE
fzL
Y{uI
25)'
wJ92
52=je
Z{;E
(ju#
G(xo)gK
,X<@\i
z$ O
+|t<QT
Mte-
}S%a
wrV*
feUTi
U=awj
AR)J;<
\W-TCA
x.Z[
* }i39
_Hl6f
rpt m3
_vww
-aX)
x[j
i f(
mO$=L:.
KPaA9
tN5 h
lnC)
0Gl0
} #$
NnDJTA
b4sw
ZLb
Y5vfi#
PJ0b
4bcxQbE
X(^N
G "
& Do
0J}h
AM0|
}*#o
[][A
fF-n
o3(N
:qIm
Seal_Encrypts_00007.tmp
B(6p
dHw
3$)\
kP\
uBDy
0V%'
ju\_
@mFj5Pc
C 1`
{_k(
)q<2
MethodInfo
N^<q
kP?7
TreeNode
]t,
Bo}WV
d=g?Q
m\nYw
Seal_Encrypts_00029.tmp
q#TfZ
uX| J5^
/ti$
3=EX
Type
U~fA
!QeE/IC
resourceCulture
#0?+
" !)
79H%
m@Mi_
7Nwv
4amk=L
M Hxa6
JsBu
'9KI
X$ ["
InitializeComponent
o 94
RRr/
w;|+l
Uj&5]=
c"lv
gP4C
lysP
C@>r
Z?"M
+*;v
;o@V7YJ
MA{"
]IzQ1
;'/)
8a L
}{"o?/@
Point
AddRange
0RT8^
VPCzY
j%od*
Z+o>
(gsf
_pAD,
}-)'
;e J:S
QQZy
qwU
A<^j[
rOEb
jyS[
Q|EQ*;
_$`7
nn=eK CI
$+U 3
get_Items
)Nn,e
H5l%
SuspendLayout
[\70a
^k;Y
IT1w
ComputeHash
]};'
kLxt
mscorlib
Seal_Encrypts_00012.tmp
J<8j
}c4j
.t6W
4[EZ
oqYy
2J+!*
|A%T
i9LJL
Uv&To
Htlx
.L I
REBS
re@
GetMethod
13Dy
NGB(%
MH<mb
V%Xa
*)-_
v^hu
Lt*Yh
ControlCollection
XsmtH
=zj
R{R,,,
'Z1m'
2MYeK
xDL&
}m`5
U]0X7
V%+4
Seal_Encrypts_00032.tmp
?kAL
?z&
f7 ~ V
E&kx
~PSN
(_Ci
ad I
FcC'
1 ^
xA9l
\ Z4
*#l0
BZyb
${8V
Z.ix
] :4
q<W}q
=?UC!
g@s6d
<zu9C~
e"{^m
E)OD
E`t
;[V !
AvSK
4oFbvX
>Br7
:/lr
hxT`T
M*s~
D77*
C74f
M91E L
7EdE
YW*f
6!p_V
ye@*
2017
X8Eh
Q S+
L>78
"a{)
= ;Zz
%+VQ
1>V{
5 W:W
\)o,
Zf(\
GK)?
f+Z9x
(rf
jxn.,
!D#Ae
OHWG
Y^6 N
l]KBp
"9XC
/P_&
3oV#
~ov"
==/h
U$-1
Object
$D4B#2]
set_ShowInTaskbar
JXBx
?R<DB
MV
*Xa$
dD*6
DL9@
d~w[
Y F A
koLXh
$nF
.{ y
oA{A9
ez$N2
=48|
&xG{
=wBw
.QrVpctp{
L<
Seal_Encrypts_00066.tmp
re+l
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
^%Of*-
]:E
dataGridView36_CellContentClick
g,O7nP
&2s"x
@L~G
s8Cg
`& R{
d'MU
wfI3]s'
Ile$
3Y$x
F|k4
Qc!{}
_5~2
Yf(n
[WYM
v";_
:H V|= V
JtAk
@;+:
/ X?
1?Li
J>}+
-,iE
mYD"~z
?b2I
Dm,J1
bxkf
Nzs[>{@
TKJN
eM)
cLr_
]>s
V:gu)>?k
w&cT
7_|R
IO;a
+5X*
FuwEbni
WCbs
XD~ a
GvZw
sj(!x
m W3
%7[FV
sRqA 9
7:|9
3System.Resources.Tools.StronglyTypedResourceBuilder
nOP@i
"#v(1.
get_Assembly
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
Seal_Encrypts_00013.tmp
WGGW
Z#j#g
)a`JH
lKlk[}
v<1
Wsa[
"NG
>frn
: l93
,Ubh
VV{0,G*)
&v W`
Seal_Encrypts_00025.tmp
lLaI
)V5u
XvH{
tXj\
\ ]l
!This program cannot be run in DOS mode. $
Be 4MN[
Bev6
~WQ6
^EY~{
/?H,
n%}
Elm0D
'(\S
cPn2
HxNKy
MainInvokes
<|\
)MyeKo<
@ <h
Pvu
`S[H
t:[Be
~C@I
!3Hb
hi.>
%H>
LfW%
]8jb
Et,{U
$N{
Lgmu
y(`
CBfl
d; >
XY2d
5>fc
F_)2
O4],
randomeset_Load
;kHMP
!U\)I
\b<(
%:1q-
"c,Q
+o&?
Seal_Encrypts_00014.tmp
nlM;
3u+`Ut
TVmh
e I@
Seal_Encrypts_00010.tmp
D{! K
oY-x
N]4g
<p?L
set_ClientSize
?;<b)
d.AG
BfzsS=
0/}sz7
wlge-G
T+a4
T=NqX
-\zK9
@x)$
>+:z
deY+
{*r
}Y>lD$
`?kw3
}rcHM
Q"84ws
set_Key
9"-S
W0Io
c~7n
cn[;
D=wKt
QHQH
treeView1
+~ _
randomeset.Properties
/@[]
3Bh5O
666KZ>]`f
QcD
WSskyK
)?d%
BSJB
hj6^
jMn1G,
ZUmv^
h%'d
PVrG?
^2u
GcIKd
-q|1
9wvR
hf-\
_}K%7
Zpc5
99>Wsg
4hgI
Seal_Encrypts_00006.tmp
get_IsAlive
GetManifestResourceStream
*AOW
Seal_Encrypts_00016.tmp
System.Security.Cryptography
$5{\
Y7?K|
}d
TBUB
5=6x
w9#l
`RMZ
E4(7
wr'Z"
n1X*
System.Windows.Forms
|c<5
NVa
[cz mK9
`,@JW
PKZ`
g8g'
~=%E
%qrT
h 7E
r%
<tj88
A|YX
Li*V
xlRi
uUu_%
x3S(p
9m99
OStX.
*Bc?
cn[/
,?@R
A$v
oL6P
cn["
wW"U
K+`q
cn[>
N@>W
C.sB
rc$
GQOZ
cn[6
B\fH
)*+O2
_PHb
L ~C'
M2oi
D3m$
z|;R
%z(QL$
:Je,
4wc7C
jA;Q/cL
{,V>
}3h!_
Rh!/`
(&YM
u$f0:
#d,'
K*;
M8CY
S)nI5j
u0RR
Uy4{
poCp
;P-Og
alk[}
\McE
cn[t
HD
} z
6mKi
}2Tu
cn[O
cn[M
0>EL
-6 CW
Sne\X
cn[E
O~L (T
cn[@
}KiTc
}_]&o
Settings
9U-Xr
99x-
P.<~
RL x
N6f }
9_ l
8gvE
lyoy-
O 71y
AWUB,
i8=w
pI|<
)Zf]-
@h.6Y
9OC{%s
wu+t
qeY,p
0 1B
cb(8
K"{fT$
iIn]
tnSb9
@}!;
BinaryReader
o 2Q
components
D@KO
sr$BE
uoyhp
$-ip
bP^m9
|0h'
+E2F
eau
CF8/
>JDL
jb'9y
CF8&
E qa
\hoE
`y}}
Vz3;X
pN.$:4%
D.\
xG}h
C_[$f
e8y_
#} Z3
IfJ3}
iB&C{6
V+ b
0Y3d)
,A #/
WOX)
>2#
M:55=
~"dk
%_b-
kPPf
Uw-;
->,A
>dI,
1"\=
X?(Nk
?j=M|
FzoGG
Seal_Encrypts_00017.tmp
{*eO`
T'v,
]YZJ
g !p
r_e1F
d"S
J>bk
/8x-
ObjectCollection
CompilationRelaxationsAttribute
D&$$%}l
EA>H
UG8F
/.W
NB|/=];
M"Lq
0z3^
'\FM
-qY
$35b25a6a-3b37-4276-871c-ae52a1d1ad6f
B_m=
)/[40
&w\is
$GMnG
m&yE
@s e[
DYq}
n3cZT
1{Br
|z$w
$F<F
$XuE
dBQoB
emiG
p{4bZ
<\DMr1
>/5'
C1D
:FS_
lDjG*
`72%;
l7_'
}|i/
(<#!u
,C\]T cF
! QK~
&'L
S KLX
F]WSI
ApplicationSettingsBase
a|L7
Hlk[}
:B?W2
{&uS
\-J)
"UvE
jo/]
>rP
~4(S
q":m
4Xx@R
_Z\J
^EyDd
'3Jc
~\S
v]Ps/z
?ELY
@ 0S
t9v
6^'u
(|4\$]
$#F0
]0#0
oL`
N<vd
\.|&H
B$ka
n7*IxG
t|B*
wE')
Seal_Encrypts_00036.tmp
I>hD
Gw) j
ThreadStart
@6r1:
jyCc
&rN
rAa@
&81d
Z1bi
~=i0=
.5:;z
$
0_=L
?X-x
>jq e
e1t3
5n)k
o&FY
b&!.
B-%b
}vIQ
=Z$%}
;`^
5-jv.VML
Seal_Encrypts_00024.tmp
*g8 j
d(w/
A3'z
H]@E/tI
DcJN
L/',xAr
V2Vu
YF j
}ft8g
swRj
7 P
-4{S6
mBs^
SkD=
f,3O
uIEXb8
OyBi{
e~$r
\?V4
jC3 V{T
qy-J
k- k
m(?
R"-8X
C> }
Kg`'
j}KtR
Iq*z
B 29
'11z$
y0TL
[(6Y
wp /
#:B9
=?!b
VSbr
?EM;
c&4^
A{6L
W+;D
Eekm
Av1Y
KMU.
digK&!
: `u
SE|]W
H4|s
WNo!
=qR"
wY8O
pz ^D*
\Tth6
'y7
(4:m
fp_z
mgv{X
E1)
DC1
Mq;(u
uh82q#
_|UI:
p cY
Gob#
}h-P
o(ROj
?$Tv
7' b"
W&;e
Bey:V
Ot~6
1SO9
PJ}_&
e3w.
_F#**
i+sS
zg@
scCc
*F`~
h_<<
Thread
m2s~i
n[s,
FBWZ
uyF*
pz;
Seal_Encrypts_00015.tmp
$#n1
v_pf
pTexu
o4Oa
PP0X?
k?^i
AssemblyFileVersionAttribute
6pP2
u\ A
AoU1
=\KR
{\jJ
set_AutoScaleMode
SnT/Z
%XE!$wL
%ox
k#wqZ
G -R
System.Resources
5 N~
]u%l
;8 V
set_FormattingEnabled
q/pB
\_Nn
\}>@A
}*g 8
%Rrf
QF6N
1c/ !
dZ?'
HSw0
{(K9
uOtv
G:j2
>1wC
^;?W
5) '~g
2_YPk
RQ<N
"1\ D
/m0b
:<fm
wUYQ$3
C3{%
d .j?j
~q2 .
e,;0
S S.
[Oy;$n
L6"Q
1 }O_
t7b6
Jon{
g#o.
E~!<
!& f
3m)~ec
)GPP
hL+,e
&<e)
@3s/7
o)U+
&G*:K
,c-D
VQRN
}zvx
U v9Z
VH4h
u -V^A
6vng
PO2Ro
1g_2,
zXxP
i<:(T)
Y'bi
Bf<q
L'mM
,kkJ
}L68.]R
7ef]
mp{,m!O
gOl/
TZs)
3Ru&
z*XI
n,G*)
Zbpn
AXHe8
#7SRh&
uV<M
\!&R
G6R%G
\f:D
'A1&
%7[z
)a_>
mDCP
%;+<vq>
D NX
w))v
@NTKlA+
$`x[1
xX/c
:"F9
T( {
r_K*
,N`!
Pp[
J8o;Zt#
QU`s0r
cPnC $
~zJs
TJ`h
<g|5
g<.$0i
V0I
c. vv6U
pfnO
r xx
%Z7
NF?F
0 d#0.o
ZMOH
x mg
%)wQ
Ee.+
7%?P>
AU"UWT
Glo
SG*vU
1bs'
5A`f
b:wg
nCc[
f/cv5
+|[O
GG:0
>q^h
DebuggingModes
00jgy
v+Qyj
u<Th
"/?AUl
>}=!
zl6J
r
u;UHI
29hy
h&xVa
0}l{
h=KoJY
PX(vn
hf=OA
ToArray
j7Hy
j:p&
CU<z
VB a
.> ;
6b
Pt_-
Ce9;
r26^
j|Q[
%|D-
u\i!
6O-Z
eu/W
<RV
<H/q
dAxU;
QV*{.w
^Z
&#nYZ
uA M
ContainerControl
eWuD(4`
3U_k
c-Nd?:
RlH/
2+|Y
"ZLS
M484*
?2\jj
"4l
N^jQ9A#
0Sh)/<
*l)S
resourceMan
"'k2W
aV]8OT
Vhob
rd@Xi%
uGIP
Tz}P
` W]
6CG
8Lzb
9;0!
|2Mcn
qt/J+
ys|xp9
r1
F/4
JjJv
kG $
uE#1
QM16
75_=
2:N3
{rK:
)6FpG
S3G
pH[
C?-lC
4 \+
/) x
o-m dn
:3>Ev
/ >Y
X;|'
set_Name
2L
0JeF
j|fz
'rZ
a?\S)
|(m
$bY ]
Seal_Encrypts_00047.tmp
DebuggableAttribute
d8 9
SX8z
b mf(
Default
K7#-]
p[E\
l5TX
j Vd
K/:a
cl)a2b\BB
$7w<
x x8?#
I]!_
=>WsC
Seal_Encrypts_00052.tmp
Vh}K
3vVR
O`Y
|'A
dJj.
) '#9&
81]
Fvk)
YHs}~B4
r1
PL 7
{u&c
4c_~B
(tE')
$ B#H
Er8
At2'
k+]ib
#+B&
n_"%m_
-DN j
.j;1
p>xh
VU%$
)A{(A
g(jaE
b^0'
K|t(
f+/n
&&K y
5$d2
WFBo
v2.0.50727
6uJS3
D^g:
6K^EZ|*})x?
#8< 3>
} OB
T&PMD
^p5 p0b
sC[
qp=f
S=<OG
7Dzn
yP&%
V| |w
ListBox
qv3:
M[X+
uV3Q
I]P,
T*,y54z
2Sz(
xU|R
@sj4;
IAK0
TpZ
V\Cp
rw_Q
ComVisibleAttribute
%DYc
. [P @
kx<H
sz !
A8ET
I\LB
2Rq
9<J=
tn$
ZWRV
a(o2
v4H;
e\}VD{~~j
@ivE
PW|qS
O{Xm
m5Sf
@q6QJ
h?b>yVt
i*v=.R
67j6a
s!t
AE'F~_
H=D1
5J_YbT
!<f|
EditorBrowsableState
AssemblyConfigurationAttribute
$u)xhEnL'[W
bkBx
NR)+(
f> ^
"L2y
^xdy Sq
08y[
<;F_A
1c6Xd
< |
<LGk
CultureInfo
{M\x/
_,=%
;3 4
1.0.0.0
QDxa
\VA71wb
v;(fq>X
v'`3
zC;HX2Os
B@4S
za= O
!pAS
)lk[}
:"* d
|J/
Seal_Encrypts_00056.tmp
y I>R
"[Vw
Wgz \
cn[3n<
f8]U
Uove&lr
{ [}
"+7
Zq8v T
_&S.UE?S
S+ ,R
w )]
Stream
cR *w
Krj r
B7-S
mMO%Ie%
4qC:
a]9Co
)nm|l
ReadBytes
CCIZ%
?]:
4o`-
Seal_Encrypts_00026.tmp
$D-?
J!_t
<<hn>
'.)$
Fr`
g\wk
i}S c
X} m
y$"8
+tW&-
WEil
Shk'\
6/n;<
B _lR
6AD^
ACIA
b at
{I<6y
h!ef
Ylo
}@Ux
\9TP
MC/b
+TYG
ENG}
get_Culture
Hcvl
{~<2
wF4JYsK
eA\N
|=w
ojn^
/.$v{
5hFc
NPaf
Ze9|
kQY>
cdjX.
:P
L1!K+
q8AEj
_at
'Wn:
C d>
"7{4
.LQW
U 6|i
?)7HkQ
>;KMT
w4i]
7RQl
:eh2K
"*4D"D
jC'
KLO#
a1L*
`3*9E
;kHMPsc\
T,b?
buGn
=kNNq1t
#dU{U
B(Q&x
'0 X
~{4xH
Seal_Encrypts_00030.tmp
MemoryStream
18F0
1}P9l;D9T
A Vx
e?Ww
\Z0,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
@5SH
QU1c
MHjEf
.@xB
%f"Y
:M'rv
F&x"
GH{?
46(G
NttL
,Pl^9
hl#av
3dN%
8yAogi
8ihI
a^a
Y:'V
B7dp
C~fXd
Bk(Z
N1l2G^Z
905c;Z)6
FTbA(
Aa v
:LE~P
XJ,X
3f<b
v~g6
Seal_Encrypts_00060.tmp
dwB
u_ K
Seal_Encrypts_00003.tmp
yj;_
O1 4
System.Reflection
4Uld}
iF@01R
C$9z
-g=T
7 IA
mmO'
v)MR
F5"5@
^V1-
a*bw&
n9 `
8@NF
t\iJ
L 8N
" fO
0qZA
WJA]
/)\*
mz8]
cn[P>C
Seal_Encrypts_00067.tmp
,YS@xk
=4$F}
Pm2oy
/ 1t M
5e"m
hnr
Pl^y
HeM~
4&%
~ W
cw,<
X*7]@
+ ,w
nAug
lk[}
,Q=f
fZkX
37&(
s9W]
5`Zh>
pv.m^
U(_y
sender
Ycr[}
_KbQ/
!.2cl
hv6V<
XBDK
PUs-
btE 0@
E7^
3zT
/V9r
F|Vw}
b#l>
$RelO
b 6;
_gMp
fK 9#L
qo7W7f
HU: 8
g{O@
XzSg
;XvR7
'Ag[
>~[nv
!>`I/4
PrimaryInvoke
+'r~
x0@a
3vOn
X0<i~
gp@/
Copyright
dd{e
FcGt
l-F9
get_ResourceManager
zn
System.Threading
/K N4N
;__j
,PLG
hX9Z
@QdW
.a'!
G{ k&
.Gb|`q
M`}RZ
TjJ]i
G,9s)
cUK]
wnm`l
j|C-
`t2?
>"I
XN$=s
gOj$
IJ` {
Seal_Encrypts_00046.tmp
g\2C=
8{::m
zj6X
Be'Z
CyPz
+Rag >
Am([
(`5I
/*@
ju'j
L:pG
8Bt*&Z{#
,taS
EDK]qI
,+& /
P;K
{q48%
`&`]
p1w(
ZO=f
3%~
bOHY
,&Wsm
O7c^
ye3Q
88=9?
Xi16bC
-(!_p
sPv+
t H
q -r
{#Bt
|gh M
= ^p
d">
f+`O^
n~m%$#
OK/+
n_"%=V4
"#B_2
Fez$
Z1M*
|yAWk
T *P
&#38k
DD5Dk'
n6'&Q
IaRS:
(WP43n6
randomeset.Properties.Resources.resources
it$G
\4)F
pL{X
VU4v
get_ASCII
"xF0
a&\\
#k7
Seal_Encrypts_00027.tmp
set_ShowIcon
Zo}Ay
UfDT
!B~{
[Lp$E
}M4~
>'DH
z t2K
7QtK
UD60+tU
d"xv
{Z{Lf
c;X/-
SymmetricAlgorithm
J]%K
<Elm0D>b__0
` y S
RZvkc
-CRY
v>p=
t2.?
S7}y)
-]y{
5J_zk
JwP$
6q9I<
#jmlc
zz@Y
4`0}Vc
/-x"
]4>n
Q^i|
@S_he|E
\9.I
|_ k
5Ybo
g[F^
`F8;
Rmg$
Ek*6"
{] 9<
"E2_
,H}:y+s
$*t'g-L4
C*;?
|sOd"
aaPJ~Q
(qFs
M~\b
yHEnS
:bKn
!X9_0L.xb
KwZGr4
,Zok
Wr6O
XepR
fHcC
pLIf
h;{i
`=:fX
.C]V
[(81&
~pGI
)W~-
J4P"4
4=3jI
System.Runtime.InteropServices
gt=6
CHx&
Seal_Encrypts_00068.tmp
v LC
LHar
+(/F>
%SS4
(,Q`
s1a+
;kHMPG
0i7w
I 3h
U_=N
PQo x
~7q2
:~ }
Seal_Encrypts_00018.tmp
]([
H%?"
|*('i
eZsf
ems#]?
#'|>r
@=k!P.
wXspv
?0Y6
System.Runtime.CompilerServices
g +
CS$<>9__CachedAnonymousMethodDelegate1
[~L$
plS$
c ;=
MYR'
f0"4
JFf@ /
h^KN
li50
]M"#
mNI6V"
%`-5=
Seal_Encrypts_00039.tmp
7e"
J4z"
!Nu>
E>sv
H!\S
CRR9
<fV (B>r)
)1MG
)R\J
checkedListBox1
LlJr
HHK6
Seal_Encrypts_00069.tmp
+e_Z
U#=u
d;Fr9
.t]?
{8`d
U K
\$Be
lyoT
V+DK~
J>/ltv1M
%~hw
GetManifestResourceNames
6(m6
TransformFinalBlock
C1?/
loQ
6Le7H@
S|pc[<
-- @ /
~rV/7
YODGm
z4Z;
lyo
^xYN
>Ej
y_)I
1 DlI
FFbH
V"!D=
ew;R
hf:8
p,7P
EventArgs
vCY
b6D:
DebuggerNonUserCodeAttribute
-bLkD$
Seal_Encrypts_00019.tmp
.!`A
wBa1E
,; ;
j8)'v
OY^p
6q{7
.6e@
3e
Wst}
WL6,:
r
-44)J
set_Mode
CJ>`
6;a
5$Xw
{'eS9K u"
{~b+(:
~vQt"
az+p
X`_7Qx&
nA:$
2KgO
O |v
Y{M~
SmTL+*"U
LbQ1
*)RtB
.aU
qFF9
(B6t
<Module>
fqsj@W
Y:sd
d<+
+"Lg@x
1^K ?=
:G6d
&)J"
i_D
z;]&
5Y*}
U<$;d
vT]ba
sQg8P
f|qE%
x @
d[-u
uBp[
e&qQ
Wp)
kE,f9
SizeF
,2 Om
K:"(
dW| 2
H&nO
LN6B3
hH"G
dh%~
I|T%
jGZ|
k<aB
'Ej/
{kS4_20
!7_g
. (l
c|3n
%()J0
H*|k
,5z-
DataGridViewCellEventArgs
N/GJ
'NMj
CM\)
z2}I
Ww.
s {
O2ar3
*Aot
uT|y
y[R)
O<^n
8}*T
Tid%
< j~>B
pu0!
ltI'x
R=y0
#GUID
l`a z
^\e
'D@q
6yQI
< ycO
YU\E
}Bi-|
:7t]> .
$`+3
w~s9
*cQ8f
/3'!8
Zqv
2H\7
&fWg
($^fN
& 0RP
8H0_
D]cY
Xwa h
UO\W}
."?e
30MP
SZvn
R jp
%bl_
Q$E K
lINA
Fch
cL)
hau:
9- Z
3 0b
*UyF<~B
D|[\'
93]"
wR [\
sV9b
e`nT
UpAe
es)r,
}+ _:
KAWU}
ssV :
randomeset
t-u>
5oXh
%z(4
%,Kl%
{ zj
QPBJ5B
.>JF}
v`4
=C&MQ
ti G
EventHandler
Seal_Encrypts_00050.tmp
System.Text
,!y{
]?:G
R %c
_7j?
ZqC6
oa'$
*jGv[
/^ |7
6S2j
randomeset.exe
zJ&#}
5cM|
o, Q
kc]`
bkz!=
/>s5
Aeci
`jzX
<!Wzc
zAS<
2lsw
Encoding
&52X
hdE]
8P>j
Q0J_7
YwP\
ZV w
\eoXN Ya&
_/9C
?y4:^
h'_<
H(D:
I3/_H
ug?Hd
yD<e
?k $pr
MGQ*&0
(?j*
Se2b
cyk*QV
ef>u
S]"1
wKz6
0g0\
&<.
Seal_Encrypts_00034.tmp
#n7I
M Kr
]c1m
UYj
b 4r@`
T(d<}6
zwL}
e$?i
GetTypeFromHandle
:~)\ (A
kn-< D@f
Seal_Encrypts_00011.tmp
rIc_
mcFv
y'h-
h_J)
W1QYnp
@Ugdx
+oD7
jRLF
*I|q(
S2JVa
0n=r
{=SNb
g9ZRZ
Seal_Encrypts_00058.tmp
[u\}
G+G_
C@Mk
>6kG
y7Z_
System.ComponentModel
>T[o"
3hiLW
fP4E
83
].0j
PI@ue
Y[L<^
VK94 <
)q)(
36t%
.&)N
set_Opacity
mD#(
~Ku,
Hj9#V
c z;X
set_Culture
w9w46
<>, 2
(k {
aY=W
$tu
{tKc{
4p=X)
].w4]
k) k
sx1-
*6 {
Mm{R'w~Y@
Be9s
NM{'
2KWQ}
;vj4
RfPt
],t\n
YIJz
c`Rf
b/6'=
1_Le
$&!c
ww,Q
[WA 1\
9 \V+P( *
( !Z
;[U&
{,h]
(lo[F
)RwI
2lGl'
rp\c
\ml} 0
c&e,
:txbq
iDc+
Seal_Encrypts_00020.tmp
Y mDO
@HH
<f9S
UGfS
kz7vV
<:*ztH$/
&5m-
ot9;
R+=0
Nf+ 5
,^U)a
gn?>Ra
Q>>]
>J.j[
Q'\3
_ pi
cjzB
0 P
dOr3
IDisposable
(Bz^p
i@08E
)K 8
lyob
_pJY
vw{4
eC[d
GeneratedCodeAttribute
disposing
n hp
SettingsBase
7<f|8
KQdR
?<{0F
X mZ;
m(T]
dCfw3
XKDt
&wy|
d Z`
xXssn9
E&H
$cBD~y
&kW
#y4t|
y-_\]
19:/
U[t`
;0a:2Yi
X^
L>dH
Azh~
Sleep
n}]J[
o`xm
38rnlC-
HwdI5 ~
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2017-08-26 12:55:53 2017-08-26 12:58:44 171

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2017-08-26 12:55:53 2017-08-26 12:58:44 171

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\Seal_Encrypts.exe.config
C:\Users\Seven01\AppData\Local\Temp\Seal_Encrypts.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\Seal_Encrypts.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\Seal_Encrypts.config
C:\Users\Seven01\AppData\Local\Temp\Seal_Encrypts.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Users\Seven01\AppData\Roaming\Audiohd.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audiohd.url
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2496.7243437
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2496.7243437
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2496.7243562
C:\Users\Seven01\AppData\Local\Temp\reg.*
C:\Users\Seven01\AppData\Local\Temp\reg
C:\ProgramData\Oracle\Java\javapath\reg.*
C:\ProgramData\Oracle\Java\javapath\reg
C:\Windows\System32\reg.*
C:\Windows\System32\reg.COM
C:\Windows\System32\reg.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\remcos

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\Seal_Encrypts.exe.config
C:\Users\Seven01\AppData\Local\Temp\Seal_Encrypts.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Users\Seven01\AppData\Roaming\Audiohd.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audiohd.url

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2496.7243437
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2496.7243437
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2496.7243562

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Seal_Encrypts.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4cdc1241\4db943ff
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\Seal_Encrypts.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\3B49DCD2
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Audiohd
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\remcos_wcpqanowfdldynf\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_CURRENT_USER\Software\remcos_wcpqanowfdldynf\EXEpath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Microsoft Sans Serif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\3B49DCD2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Audiohd
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Audiohd
HKEY_CURRENT_USER\Software\remcos_wcpqanowfdldynf\
HKEY_CURRENT_USER\Software\remcos_wcpqanowfdldynf\EXEpath

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
8cb32017-8fe8-4ae8-8d94-919b01a91984
Remcos_Mutex_Inj
remcos_wcpqanowfdldynf

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdi32.dll.CreateCompatibleDC
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
user32.dll.SetLayeredWindowAttributes
kernel32.dll.GetStartupInfoW
user32.dll.SendMessageW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
comctl32.dll.RegisterClassNameW
uxtheme.dll.OpenThemeData
user32.dll.GetWindow
user32.dll.MapWindowPoints
user32.dll.InvalidateRect
ole32.dll.CoCreateGuid
comctl32.dll.HIMAGELIST_QueryInterface
comctl32.dll.DrawShadowText
comctl32.dll.DrawSizeBox
comctl32.dll.DrawScrollBar
comctl32.dll.SizeBoxHwnd
comctl32.dll.ScrollBar_MouseMove
comctl32.dll.ScrollBar_Menu
comctl32.dll.HandleScrollCmd
comctl32.dll.DetachScrollBars
comctl32.dll.AttachScrollBars
comctl32.dll.CCSetScrollInfo
comctl32.dll.CCGetScrollInfo
comctl32.dll.CCEnableScrollBar
comctl32.dll.QuerySystemGestureStatus
uxtheme.dll.#49
uxtheme.dll.CloseThemeData
uxtheme.dll.DrawThemeBackground
uxtheme.dll.GetThemeBackgroundContentRect
uxtheme.dll.GetThemePartSize
comctl32.dll.InitCommonControlsEx
uxtheme.dll.GetThemeColor
uxtheme.dll.IsThemePartDefined
uxtheme.dll.GetThemeBool
uxtheme.dll.GetThemeFont
uxtheme.dll.GetThemeMargins
uxtheme.dll.GetThemeAppProperties
user32.dll.GetWindowThreadProcessId
kernel32.dll.LocalAlloc
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
uxtheme.dll.IsThemeBackgroundPartiallyTransparent
kernel32.dll.SwitchToThread
user32.dll.DestroyWindow
user32.dll.PostThreadMessageW
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.GetMessageA
user32.dll.EnumThreadWindows
user32.dll.IsWindowVisible
ole32.dll.OleUninitialize
kernel32.dll.CloseHandle
ole32.dll.CoWaitForMultipleHandles
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
kernel32.dll.CopyFileW
kernel32.dll.CreateProcessW
user32.dll.WaitForInputIdle
shfolder.dll.SHGetFolderPathW
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
ole32.dll.CoUninitialize
kernel32.dll.GlobalMemoryStatusEx
user32.dll.IsWindow
user32.dll.PostMessageW
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
kernel32.dll.LoadLibraryA
ntdll.dll.NtSetContextThread
ntdll.dll.NtUnmapViewOfSection
ntdll.dll.NtReadVirtualMemory
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
kernel32.dll.GetExitCodeProcess
kernel32.dll.VirtualAllocEx
ntdll.dll.NtWriteVirtualMemory
ntdll.dll.NtGetContextThread
ntdll.dll.NtResumeThread
user32.dll.SetClassLongW
user32.dll.UnregisterClassW
kernel32.dll.DeleteAtom
user32.dll.DestroyIcon
gdi32.dll.DeleteObject
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
advapi32.dll.EventUnregister
kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
user32.dll.GetLastInputInfo
kernel32.dll.GetConsoleWindow
psapi.dll.GetModuleFileNameExA
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetComputerNameExW
shell32.dll.IsUserAnAdmin
kernel32.dll.SetProcessDEPPolicy

Execute Commands

cmd.exe /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Audiohd" /t REG_SZ /d "C:\Users\Seven01\AppData\Roaming\Audiohd.exe" /f & exit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
reg  add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Audiohd" /t REG_SZ /d "C:\Users\Seven01\AppData\Roaming\Audiohd.exe" /f

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2017-08-26 12:55:53 2017-08-26 12:58:44 171

1 Host(s) detected

IP Address Hostname Reverse DNS
109.200.24.109 United Kingdom 109-24-200-109.rackcentre.redstation.net.uk.

Host(s) by Country

Hosts Country 1
1 United Kingdom United Kingdom

Detected family: #Malicious

TheSystem Itself @ 2017-08-26 13:06:02