MalScore
100/100

winscr.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 36/65 Related 2258
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 332.00 KB (339968 bytes)
Compile time: 2018-05-17 05:28:19
MD5: 17c45dd7d20e118d3254e5e7646af5af
SHA1: c27ef7c1a4cf4d6776b8439e73d79975c74df0f0
SHA256: bfe606f42ed622a91c0e591f5a8ec521b721372552d1cff09186c652dc1aa2a8
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-05-18 21:24:08
Last submission: 2018-05-18 21:24:08
Filename detected: - winscr.exe (1)
URL file hosting
hXXp://aristocrafti.com/dino/winscr.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-05-18 14:49:21 [36/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x348f4 217088 bd77e2f255a2dc2a38b5fd4ea4a80a20 3694ccc4f9138b1a290a6ee112c5fd5c7b26dcde
.rsrc 0x38000 0x1b28c 114688 26bc5de7ebfa9927ee66854c4dcdf958 957487304368866adbf2a971f2f741a0df147242
.reloc 0x54000 0xc 4096 bdbc24b0e00ffab5e85dde5f197bfd94 61b59b1508838b8631bf297f7f3f96b8eed49825
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x4ea58 16936 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x52c80 90 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x52cdc 672 *unknown* SUBLANG_DEFAULT
RT_MANIFEST 0x52f7c 784 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
USER32.dll
mscoree.dll
IP Found
12.5.5.3
6.8.3.14
2.13.4.3
URL(s)
http://www.w3.org/2001/XMLSchema-instance
String too long
PA1 VERSIONINFO FILEVERSION 0,0,0,0 PRODUCTVERSION 0,0,0,0 FILEOS 0x4 FILETYPE 0x1 { BLOCK "StringFileInfo" { BLOCK "000004b0" { VALUE "Comments", "Raytheon Company Rap nower" VALUE "CompanyName", "Raytheon Company" VALUE "FileDescription", "Raytheon Company" VALUE "FileVersion", "12.5.5.3" VALUE "InternalName", "RaytheonCompany.exe" VALUE "LegalCopyright", "(c) 2016 Raytheon Company" VALUE "OriginalFilename", "RaytheonCompany.exe" VALUE "ProductName", "Raytheon Company product" VALUE "ProductVersion", "12.5.5.3" VALUE "Assembly Version", "6.8.3.14" } } BLOCK "VarFileInfo" { VALUE "Translation", 0x0000 0x04B0 } }<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> </application> </compatibility> </asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
Length
Copy
nJ~|
g}E[
3@N,{
XITFC
(pL0q
lPD~
/? F
ZH(A^
SHE~96
f|bK.dC:3Pd
SAwq\<z
U0i,
n5^H
ybd>
>je4
RI8%
ip(-
%Wxl_
WebServices
7dPJ
_cd](
q,d >
)y#.
GetInstance
.u.Py
dp*r
Z<cU
T'49
KoNQ
@h/uZ
get_Location
| .
|m24
(muqq
^__*
AVtx^
M.]
l0
/ LN
6!|6
2*[8P'+1r
lx
<t |\
W2R]
B` Q
d'R]
$R,@
=&Pe
s:E3]d
LateCall
@@>3
6Qzc
2u<*
YC#f
`5Ze
!EI"
[L9
_9#yPb
e@Bnn
Ey9@P
N9jL
V9q,
RtTX
NU}J
o ?
KwFUwsL
1v2 i
3+5Z
5u9
lpStartAddr
]zZC-S6f%
YoL&
nY>nq
Int32
$)w@BT!
mXJL
SystemaxInc
r)T+
>Ies<
]}kJ
z8u8Ibe'
8pu/i
2h(Uq
O:^ kJ
B}+D9
wF--
E z
W 4@g
Aq*)*[
/Pyd^]
6/vRK
appwn
=pM<
p8nu
d)o$=
|=.7H
ZhU
8th
J#G(
bq"
user32.dll
m9<C
+w ?
CompilerGeneratedAttribute
B3[J
1%Hy
~BS0
op_Explicit
7?vd
gq3p
+3"K
Yk~K
T b
;|[.
v6`r
~#&'
>x |
lu #
i|~n
ENq~
M>${
+^s`
?;eESd@
Wamt
=*ib;
oi!j
FrvMT
! Oj
>9 =3FK
K (?
sLeK
% Q<
7a.
3yPP
nfEA
)^D{b
$ \s
e,>,
H9E8
RIp,
/Y([
9zb$
O6t<
_ FL
j/gsu
}i+6
mLr_
ThreadSafeObjectProvider`1
IdjZ@.!_
f}x>*
bBkXL
i,!G
4q2Q6N
arm+
t:PU
i] v}
F]/(
AssemblyCompanyAttribute
w'[ )w
30=^
gxP\g
8XAM=
H>Ha
v^;f
@?g/5
"T+BB
WA6G5[N
wpmo
\)\Te
_X+z'
YHnap 9~
,~xe
|{f\_[
B(eo
%)pD:|
>`kC
b2`>
c#~gN
Kr 7
%K}u)F
Ownb
b?NQ
0H{L
q)O3n
?wy$
kD4z?e
h/gxp`
TS?$}=O
0B]2F
"| DF
8_le
S 4W+
jp$$
P)T|
Kj)z
W`#I
Tt)AK/
y5Q
J"{`J
sEQy
O %
{ .e[
rQ}zt
x>)])
L K(Q
0 s
rkB^9
s)r-g
:p~
7WB.
A"6s
`\|F3
)e"V6n
MD;n@
@ ##
g`rr
@tul
get_Application
.Jr]D1E@
2015-04-14T06:27:49-05:00
c ]
"|e_
QaCG
?d$`
}~]H
2t5/ix
EXed i
}QMqB
K6D.
w/r}
US>E
)e{
0[<
.C
1BI!@{
LateIndexGet
w .x*
\3 3=
=l@@[
fR7'+
#l[3
}ED~
#p&M
I,;Q
0Q g
w&X$
v1&M
Mdq:
00=5%v
n-2{26
+\H[M
f)J
NW]'
#Blob
..9[
//sY
^:/J
>~,gv
X}Jz
Hp<
)FBE9"g|i8
1=^E
={nAu
Tmw
8v\!m
}"]li
bE W
l-Ig
?shu%
X Ir
/gen
|T ?
i8(&
#b_kt
E4e;
Q7+Vl%
.P*c
x-Cm
1I 8A
$ _t\
]!AkgT?NWT
L;KZ
19 7
EiG<
;{8<G
BDw
cmlc&
oGg
K\b
Kj`4
VVbrH
an2
6B=
ZNbX
S'Fn
3WMe472
+$dD
-3X*
aqb6
-kJj
58Vq[
-%|b8
18<(
H"qEum
T4;,Zg
m.+V
TFZ1
Vma=4i'
4Pfi
)7dtksh
fcV
yHI9?
*^S/
KjM
q7sX#
?gI)%
(I3^
}gBj
^}o! COS
u&cb
sW_br
"6yW
f1y1/
LateGet
1:)c
h:,l
e%2t
8pXJ/Y
?8KW
km@<yM
KAufm
MdU7
1?76
0Sem
ToString
|8wO
<`N!
vS p[
B\c{
G 4u
Esd+
eBXn#
#Yy93qI
e<1Z
39o*F6
v$\b
p<sue
(Jbg8O
[.Q
t /
H$c0c
L$%3
w}7
#Y?^`
g ~|o|Q
SzTf6
/pGJi
Ft}
!/Ko
@V0 v
~PYX
StandardModuleAttribute
/CEe
5)|}@
KnET
DKB
b];f
UWvn
.8]0R
6:zZe
whmW?/
rs`/
m BC;Ze N
o#SG
N71:
>Lf
FK8\X
]x:6
oTZm
`oSr
.text
J(,q
)r^Oom
1=/w
Y8Dy
5DNw
Lw&v
bJoh(L
KpI`~N
^~x1
h30(-
M;G8
90 l
7QTf~
Convert
h3[i
s4%g
I?j41
HzJH
ai@W
2 VH
K3h
Xy%h
}#Hg9
get_Computer
MyApplication
=#_u
5n7r
@btVDq
b[LI
uZHN
Q}Ux+
\&YM
4euaX
C*tJo
HLP'm
JeffersonPilotCo
mj=
pY.`L
7@PHl
~8* )jn
-Q1ZI>
>A<x|$m
W^Q $
Ln\C
/= A?bc
NV7G
!6*+
P:Ad<
Q@wY
1`y~
x C)
Ove:
n7Wqm
^ 0{
A<@
(5b8
[}rL:
+aBUj
t? AJ
k]UU
G-]"
miYJ
Bi1L
r#L
H}WR
][V2
1l,u
o7k T
D#[g
gAi^
"x!W`oF
RuntimeTypeHandle
xu.S
((h}d_(ysJZ
fC=Z
rj(
kPYg
dcXD
Conversions
f6p;@
P9}V@
4V{A
`.rsrc
iS/,
U'E`"
Q(J
U7KK
WNP/
a7lJpH
Okg ~@
<W>B
get_Default
?I`"}=
0n]}T
2fg4!
07<Q
K!\dM
i"l%
<fj
9y7_
f0BQ
5SF8
{S|
9<6[_
U9u]`
oaUi
5b*r
KYj&
.ctor
3h-Q
W`^c
D.$:
qMh&
a,"R
e ,9
?o. `
jO5I
'np
5YCV)
{ .E
n OOE
FJG<
76o^
W83R
s_#Pm
-ZY
K f(
p|t3
dr$
XLt
@r(BH
9967
_fD@
flAllocationType
wrU@|x
v?5}/
/rOl
0QW
*fT)0y(
:^`&%V
hNp
~ =Q
%TOMf]]
get_User
+kf\-
*D{b
9KY,
3^n3_
iwl~
3.#g
_ALe
~Y\5
Marshal
]7/Y
c.]~)
M{^D}
'y{]2*eL
<hnP
.uoO
IKiTg
EFeQzaOu
^gZ7T
Z{GO
-1V\
Te+"
U"(4
OP0
j62&
s0 {
@vtX
Raytheon Company
IbzT
O X
D7bW
#/y*wk`I
">0X
/<,G
p=P:
_@&*
_byw
lParam
!%:cHH
,ik{%O
kernel32
1/ :
r055.
K`G[
v6bJ
HP\;OV
0,R/
xuQL
};U
flProtect
Main
lI}V
ORk+
i+gH
I0E<
_e_=x
:9wj
fi,G
Dd6.
t?k$"
1er6
3t~KwG
NCb
1=QiRn
EuH
N>m=
~S{{?
BbnO
&#vD
?.[p
. 9phJ
U]9Rs
<)fJ
WC^?\?
\@ G
<eRH&
|k^M"7
h7h$a
<l+K
p@ex7
WrapNonExceptionThrows
-nnT
eviR
PNpr
W] x
HbJ_
c"Re
}|M:
IntPtr
1sb^p
W2jV
R/oi
Qc)K
dT*D
ukg}
Peti
Xw{X
)B Gh(
Zav/I
ppR
drM[
(o Y
u3&G
1RNE
instance
J29S#A
5\7R
bP>
XOQz
:.K(Zk
)Yfs
l_X'
[tDQ
zw-C
oT``g
%l/5
STAThreadAttribute
$*{C
J%dZ
2-Emz5
ZkI8
l%#lN
a/8e:t
IHDR
/Hqn
}h[C
!*w!&</b
\6Qs
$( h\
u5swo9
eBq'.
'Z `
h[)"
7Y4h
8 k
s5fiZ3x
(6MB
|lw
~KV>
-oVr
wq5a
,VOz
-A#EF
pF}]g
m^Cw
|YVy2Q0
v&r2
eO.d
System
j*Db
?y*
ex
wCp[
q"OH
k)!U
?!?^
pIQNY
L_6qCK7v/`0
3y=r
Ir@^K+k.
S%%d
u w@
jlmY
zvf9
V X
bJD>
s>ls
m^M
G JD
Bw$i
M2Vl
CreateInstance
")y4
q FSM
) {R
-IV$
SV;
(-X+
233:
Vf9'
#Strings
x@Yw
j#`<c\
kE.mv
=a},=
V,t$u
wxyc
@/=P+
FZPyyL0
%Q"~
!h`r
:2nGN!
Ur_8
i$$T
z:;a&
\J@
>Pjy
((LrP
lb[6
KW:]M[
~HAL
')%<
NT s
q'=3
cmFL
gv'F9
]&O
f[3A
GC 0
j|Xp9
tbPOJe
A vw
PX%zi
lzTC5|
P b`Q
87]p
PN<6R
H]q/
VD|G] Iq
Rb#]
4@G{
az?
:xAE
hq<\7
Td4Lc
RRi0h
'Er1
\Ut?E
=[=6
QuTL
LAB*&wg
{6k)dO
8$ [I
n])B6
hM@<
<bD0
Application
[f\
GetType
9EY@B
6R= _
jH3D
gm\L
mL<f
Xw!'
!lf^E
0hCP
nUOZy0
ThreadStaticAttribute
MyGroupCollectionAttribute
hWnd
e=0\
(D5S>
5L]{
AssemblyDescriptionAttribute
V ^YX@]gr
ukT)F
T[d&b
<|HXA?
OYS u
f6v"
$71D?
Activator
rC 8V
"%c&
("DG
08\v
mcBQ
F/ @!g
NO>R
w.%9
Vdd,
d.e*
0'`e
uo_F
0 4/
-L^A
K.L>/
eR"`g
xx;
czCl
?u]L
P-s
6D=MTS
s<lF
wNg+@
kPrH
14"GR
Q!J>
},J*1P
kwi2
1|+o
H-v0
J] <4^
\6AK
j9QZ%S
(Y5X*
A:$K
(7<
*j@V
qt(5
o\G~
$.P:
c~^<u;
/lu{
(0Y5
8.0.0.0
Bpx|
~*P
S*@i@6R
X4%
4y45.~
K4_ y
1Zegt/
@[o|
rk5D
c/<8_
PaddingMode
ti&!
,4yp
T,38@
7 K
zNE5
Sf4bF
rC>7
)Ec^a
;~xnR
qm%u
A 2T
KL\i
n6IRow
zgkY
gDQ5
Uns|
\.cI
0')[
=;c
(e$
M 6R
~Dj1
<; b
Z7M~sN
{iKB
G5.>
\Gt!.
^=R$
,:U{0
i*Jp
W/8v
a3l5
Zt7&
RuntimeCompatibilityAttribute
8T _
=Ljd
P9lj]
^20$
K _>T&
&rek
: a
iM&
<N,)
System.ComponentModel.Design
36lo
O~wa
j{j{
$r"
hD??
Do Kc
cUW*(
':Uj
b^Z>
LHss p
sB'H
5Dir
tbd)
lVs6f(u9
)`'{4
4@-p
" K'
f^f'G
D0&4
l_-x
6z"3
ac )
HSg:u,
i/4!6\
$v@Ipu
CsG%lw
n5V%?
o`O
xF!a
+ S?
%'mE
Ct9
Uc y
r %
*teN
8i(-
>kFr
ChangeType
_|r[
"@we_dd:\
w >0V5
N|VJ
eyO 9
=g\i
ma F
i3Ix/Bu%`ky
N0qC
___0
U~,_4
A4xoqZ
/]Jf
|I(W
^OUR 1
s;Yh
cq[~
TZ|sue
:($H z
eNK&
t^c
2S<y
)?'`DV
;Zm&
T6gH
2p`K
`uPV\
#s~m+V{M
yG,
VE*$z
#S_-E
ni"Y
e5ih
PQz
)*[:
?-FF`
dDV}!)#
vq,w
m3U*2+
Xl ~
CWCu\
Ok(|cm
'xtj
rFCy
zNm9C
Byte
qFT\i
]??4
6i>
a%L7
N18fQ
T?*B
7u6g
h!sr?
iNgE
?~ZH/
$`s
GetEntryAssembly
JlrU
n t!
V le
V7&(
>hZ
aqaM
'a'E
uaAd
a=#}
&[<B
#{;7
JV1Q
$!wm
CallWindowProc
?&D\
F;f:
R<P
J<+H
1x0
fR h
V<p
|So%
!t~D
Q` i
%Ch3
HelpKeywordAttribute
%Yb2
i@l;6
reqE
Hm*Z
:]QG\
&qeI E
~Z7h
fnQG
[T|i2)d
P8`T
xw-7
OQf)L
/;[9
(^ Lq
r"pO
i {Q
6M5Dg
Bb~_
m<, x
BDKZ
[=U_~
f8kg
"#|b
J./8
*Zb-
4&%3
3oz
g 9v9/
j%YN
mBx7
< tT
?%~5&u
*(`vi
s|}/
k@c b
Aw^&
B$ +
Y; z
?<B%7=
'y1CD
,a}
0iBF
1ph97JlL
ToInt32
zPqf
%=Cz
K]a3
>7z}r
`M<ZN!
kmn5
{!"QL=
`o0A
Nq/m
lh""
w>wERv
PnUC
p={(@$
.ZYkv /
k Sp
#l"
~Z(;
?I i
5o!=
US#c
<M<q
*?RN
&!xr
}2$p?{
~H'6T
@AD-
]%ay,
MDu/
[Rn1
3FX
7\/K
gAAW
{ $<
R.p(N
+wy\JRw
U,rw
rhtz
(%)
t}e6>
LD[k
UR;)V)?
DebuggerHiddenAttribute
&?b!
XZ&E
IQ{-7
'/fT4
ICryptoTransform
)C/)
*V1&
B\j#?\&
tSz!U
AmL+
{Blb
f~w>
ZqU?
:HJ$
sk).k[|r
AssemblyTitleAttribute
|W?5m
uQ0D
H0@?
qNNZ
+T'Z
(rnE!
]vlw
4Ad)4
n%p.
t`Gu
X#cVi
EZLw
ufsa
6 1t>XQ
l7# Z
-&(\
System.Security.Cryptography
|d"N
-5wx)
]P0i
Create__Instance__
\T1UR
_>sB
esS[
%Ymd
w<sl
1xmi`+
JH=G_V
hW7=
Jt-%
k^G>3e:
6cQ /
8NN_
92b
size
R-6S
N"8ms^
R/Sk
cCmQ
n-JI
'`a zk
5vZVo
[_,
I / 6
OoY#
2(s$
3uw]
O.0k
8sFD
da*$
4f@.
W155
_z\H
2?9cg
n,^
N f*
@9!.O
I*LB
PhoenixCompaniesInc
*)Zy
Ia?T
I 1~
;"Nf
RG~,
W{6P
x~gZ
u~+_
dvNz
/jq>
c\+1
ThJm
c%C
-w$e
"b p'
it?L}0
14V<
2YpG
<>x#
TpnL
BVr~7
L *,
t72I& p
?{IJ
u~S!
LKf_z
tD n
n:b:
#CBK
IM#
gI/$
P]]y
-Yh$
UVs+
-e~w
6Ly(
|$ 2
.e~z$
>^?7
%R?P
Q~Cx
hPv-i
z!dfXY
c/b@
F;hv*F
!~h
$?t~
4!-
%M:#tV
39Sy
h*-+N
Ff&RxD
m0T?
"n.Z
j2xhkq
.uDjm
3z7 .
(O`8Dih
8x~[
bN8y
d[bn
;Z'3
LbFLA<
@.reloc
2r<&
A7q%p
+#Z)
\eVGG
dcmX
oM00;
s/0-
AsM3
<IeIS$
O-tq
0g{9%
9._2@-J
6):d
NJt
b2A
z/'g^
}~gk[h
{ID?
ppk
k(m$4
HceI^
uT]/
dgm(
Zrw8EM
Ou:^
jcz
_FAUe
Pfwc
R|BgG3.8O
Zcb=
#5lv
W[c^`
wF/Z!d
u#7+
?+4h3
yB9-m
-V\#
System.Diagnostics
m,Ah
S&6+
Gs\>
4r</-k
R11o;
Nk_-
I9rG
rJ4&
g$ C-
O}M
GetHashCode
%tEXtdate:create
vN>D
<_CY
'xp[
[/]/
(5%#
Yn G
O|Au
qBi
r-&-
}] 2pG
pBv7
E] 55k
pJvr>
VnXh
TP5h
g1bO
IY,QacVo l[
Z/V\
DelphiCorp
?z I
PnRc
z(Eru
;=KCw
B1}5`]
`"KC
Xu+w)7\1W
"q72
*#K5
c{H)[
oF'|
mXt\
> AR2
` Xb
$zVW
N6z '
971Y
,u}=
1LP_f29
3`&5J
N[UZc
0sn 3
VC.
/*ZK
PgEG
SS"]_
HU45
0_Du
D=YK
@<4W
.';t
'wU`
oTLN
VS98
Assembly
u":b*
ci.(
Jz}P
Ls)*
Spbl;
F0f
V{au
</O/
]) .
<eiv.a
P "1Y
Microsoft.VisualBasic.CompilerServices
PvwS
8w0LD eq
8J9$
XF7m
uS3vf:
hMa=
&v R
tSh
iXdB
z!Ml
;AYN
XN#'oM
M!(gH
bZ d
e `g
::j?
=nM
nK-t
8hpq
9}E0
Mv`^
M2 }~5
bmHIt
?o\GG
$4)d>
;Gs%
b:2f#*
SunTrustBanksInc
9 >n|R
DM).A
/5 a
3hy"4xJ
D^j6'Qw
`zS>9K
<@j+
*~{%
-$uC
a7'11
33?%{
YmE%
Kbw6{
Znh##_
!=d"
BgI7$fH
LateSetComplex
}G_O
& b>
m_AppObjectProvider
ciu2
4Yn]
Y#`'
(tDJ&
4e&r
-{l=
t X 6
tw[|
{rE[
.ZZN)
@Z2pdu
%|*r
g>s9
gj1O
jS?Zf5
A~A3
]ab5L
;0 K
*G;-
nJ*5
gPcAv
)<1w
[yc{_
>x)
*_Ne
UWSC6=
T;{"
DbGM
1 L>
R;lU
7?N_k
hPc!-
7<D
eS-s
U5bp
scz8
uZ N
cE.}
]wn0
kDGb};5Y
zHhg
n2|R+t
$%5*v
#E6F
B8 3
kM1b
"6lH
gsIL
7Z-k
mbJq>
t;"d
HyCye*
)OVm
]q .
,t_C
y*FSE^
D+kcC
^&a
T_K\B+r
xE"_
}hi"
RE65
Ogm`
iq X
=F5t
bA`K
7Jt)
I\mOmp&*
eFB
$ORy
I;[Pv
u& p
T6^P
Y3;e
JFok
/;Y)
_< ^
)nI!i
ResourceManager
')c-G|
dAa^
F\.\
pFkA
MTb7
jD?\
V zM/'
WPY~
MIYSO\
8#k#
DieboldIncorporated
G4D2`t
[x)3
Z$OD
BUR]
(oUm
p)&x
+e<vR
],]c
a<(1&
u I2
FpH%
K2NM
~#.E
&LNi
T3C/Y
{uOx
#jJ;
./f(
JrJW
^=]$1!S
k->
L9R
Nj&s
$_J7
]P1y=8
l_uv{
Vaw!
.q;,1c
AssemblyProductAttribute
s*np,
nnaV
Q^]P
;f}\BG
@td>[
BN9z
mV 0
N{"_ >
:oM9^
I>RU
5#.S5
VR~G
'slQn
Xi,B
1NO`
AssemblyCopyrightAttribute
]iQr
;t'D
FYU>?7
wXh&
6pU,
NI%&
//Q(
Sj'T
gd70s
)^k{
P*0)
Psc~
TBT
@ z+K
g0:[
&t'PL
%8\j
MyComputer
Iy=?
.C)?
f$2g
U<kSm
prDX
m>3u
0!ly6
0H~ 3P
-{WKCk
lgP!{
H]z$p
9I_*
Vl]F
{>x3
"IC+
c; t
%w }^d
LLn~
k&is
O?\n
j|7B
~ku@
IJ_O
@<l'NR
(H\?
K)"++
Type
e=['
B=-5
{F!<}
EtsF
SDO
zD"^
sr]Y
g'HL
o @8
67kB
5L9[o
lMIaK.
K4M?4
* '5
jm97
BQ(S
:@ G
OM h
SN"E
tJG^
<&S5u
RL }
!a4R+
i|D;Jz~)
1.Gp
}D(q
Computer
`U8-
4bPT
PWYlR
%Wq=
uy&
,"6~
M@ln]'
\J}
AkWJ
8w?f
R<g)
F9{2[
7]*N
Z7V=
cy_A1
&e}>
~gW$z
YA\`"
l":J
/~Mo
, kD
kSsS
I*U3
XUh5;
UgtF{
.Z?bA
4 ;f<
3'+mq
ytr8
Vf C
`HZT
?9np[q
TrlR
s(p(
|hYe
b:3v
IBc&
hdN&
8_X8
(^I
lg{d
/E)MrQ
,%P"h
idFJ
Qw)K
~fK)
Sy4
.cctor
e ~4;v
$;}K?-
wP6#`z*
mscorlib
" u",L@`
x)T
^P@c
wQzH
.^np
J#;6EZ
T'FG
_LMt
jWKcR
>}p0U
Oi.r
p?i}
GetObjectValue
JBH
{#Q
Tf9|
S5i3
F1k
bj^M
{Wug;
3 ]ZG
801h
K|$z
hQsp
k&[
?A$D
Sk%@\
Mw{[
LZM{f
R<#"yk
] MM
J-YG
dU7HT
}]Ws

Ug:
Z\Y>
>#5"
]Fbj
]kf}{
:* 6
System.Reflection
R;~>
6eG<
/m(%`_
:)}W
6AdM
+7?M
|/Y+
Wbb[+
h9mxh
+jHu2
C k1
dg)W
O Ras
%;ME
Nf=Y
\R4=
k;R,
f:. Q
rLoG
Gov.
ipU|
Dht*
~Iy
&6BE
maPpj
[k[u
7Lae
}OIKF
&TXQ~#
t`b6g
KZ!?zR@
/.g0C
c9iKt
winscr.exe
Oe;L]E
7L2/O
VRQ`- 1
WT2Lj
DeR/D0
;Zl*7y
Z@ a
iiB|
7 id
ntq
set_Padding
`-2mG
LJ nD
Yc,C
h}&F
uEq3n
?Guqtx
{,>y *
f/o(
p1ac
m<#;
Bk"
X N t
fv}j{%
V/d{
HCdHq
Gmxi
H `
LJ%+Yd
MY"5
R';y
Z1+`
j-R,
b"0nal
??=KI]
d^#t
ETP7
6>+H
{'i7
wSf{
'fV|
"8~P
:u]L)
x6]XX
"26!
wi{g
fUg*D
~G+v"
i+8_
\ZQh
uS1<
eOdUG*
C ma
ComVisibleAttribute
.!4
:D.S>U
_tR}R^
1)j?.
?72\W
ifa,r
4l/'
".SG
. #U
My.Computer
V %
TvMIYv
n<Y~$0
6C9%
6KO+
a_^
:b<6
<+Y_<
:(NQog
x03 v
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
l8.+
" MYxt
G'.`
7W l}/
M@]^@^
s0?;-
`.O>g
Nlvz
^[_ry
pl};?
8jVi
/EE2
Du]0Q
+$d
`5xw
G 7Z
Kq["
0{25
lsmj:
5) K
mscoree.dll
!This program cannot be run in DOS mode. $
4'PlF
RGmK
2<iw
LKRn
nV!@!
bKGD
c|qR
#7Pg
\6:!Z
kY(3Aj
(G-Y8
J^fr& &
xJo\
l:[OL
mM2O
73cu
4p(;A]/
$u_l
bB^D
t+)8
LTo#
&B0D
(c) 2018 Raytheon Company
*w,
L3L*#;
>zx
&Tf
+oTCz
Vxq
z0"OL
/v
0_sTY
D<um
!Xc5
"Oey%
'?,
KK|h
;8"!
RKf +
no&
@e_o!
#77p~
s8S
l./{&
H ](
SNNc
get_GetInstance
D^OVZ
6Y\?
ztQs
|GcG
rX0bo
7cH2C
7#@A
OmZ?
EC=7
=u/^3l
`WDr
W"ZX
Z^0@
0HJD
;a 3
A&xK
=FV@
`,>Cn
6ty;
hNUn
'*mD
|~~5
@Tm%
4fG+
p[c]F K
BSJB
tafi
iEJK
My.User
:AF$i
[U% 5N
Y`nl
E7t\\
`9w\
Y7OE
Z4g.
2Xcb]
wIXz:
D, 2
RGa-#G
$ jnhP
StringToHGlobalUni
u;,y
tj <
'jl
D%+U
.!V<&
[G?P;
dG )
_x>8
@bkBY]1uP#b
)3iE
l4H
DE#;
;+U
xoLzY
Q WxNY)
Xb'
/(=.o
"d#M
z}&>
Yt DF
/(ty
2Gie
dxd=
PMx<B
!4tb
aHD
9Ds?
,S l
J&fS-
-:Mn
h(,={
f@4 I
^+yOF
k8 7'u)g%f
t6nc
kx#(,+
}g)rr
fo&7
~(o.
WQ;)c
#h3,Y'
My.WebServices
wA.)
TQRU
>$&-
K19o
"]^7Y
TrigonHealthcareInc
otJnW
i{'
7Iaw
6cJ
Hyb3~
Y%9\
|g-:
SZ:~
IY0P
6kDM;-
DhuD
.]n&
rHRK
winscr
2015-04-14T06:28:38-05:00<
+K~x
=mrm
<)~
E2C#
"UKP
0=RM
K:H(
MZ1X
UuaRhE
:1t=8
$r`eT
QiJS
#CM"
}pejA
E0UeKm
K`Etv
Pvdd
DllImportAttribute
&8h"
jqae
4K3`
1= Jw
#l,&
7#%&
T3J|
v:JL
>n|
E)Px
j<fleY
+09g
gIFU
^om1h4
y' nhs,W>
vhd3u
9qB
e'#Q|8
Pe v
+}7~
N/a{
Uz&v
z#NG
"sQ#(;2n
" 7r#9<
Z;M
t2|d
>3r{
?\ ?
MT d^
set_Key
d]!^
"O F
; x`
e?E
*ySN
c-p&j
) "N
wv2;
npk.
lQ1
k 7r|
Apu%
?X>Q<D 1
=5=b8<.
c85eJ
C!ac
=%6k+-o >wV
HGW4
|G9 ?
aJtZ
Sl%>
B:a(5
?m8`
e cg
WV:X
/ _
$ rU
|]\x
c7c%
O:--1
c P(
gW+G
.Qx
V8jh
Heh $Ty
/V}e
U1AY
Gnl}
Bf%Hv2
get_WebServices
Qn%._
B^-X
is\~'
$ALR
duR .
)&?e.
:H9X
8lMXT
C n{gU
= U;E
'21n
@S,r
4VrJ
5(v
gc~|
r,3
1pZG
`*v ;n
MY'
|X!K
RA]y
Et9O#
_pPE
1e@=(
xzm*_
6TN:S
*:'Q49+d
d%)Q#
Cnsc
n ?1
[">X
IDATx
R.Pcz
AHl6
&W v
{e()=
p!:Y
kO(K
3c;q
~@bv?
~nx0 r
Wt1})|
1{UJ
I#&8
%x5M
|9FA<.kr
Q8-|
N~Z)
~C6#
:WEd
[#Y@j
OU2\Z
Q=us
HideModuleNameAttribute
f:@}VK
1"U!
ig l
7?X3
a*3J
n8tZ
vT9,
zxEff
4k-'
IEND
wmk!X+
.+<'
4\|p
brb` +
6Ed4
%w]
O4:v
8N8V
FkyRip
1*m
X}[l
ZDR{
Tj-# ~[
eW2sz}ty
!O62
pKmZJ'
PV ?e
A/6*U
gA ]PAS
6ME
F-hBZ
kLT
g[J6\g%XUDK
hrLB
eZ./~
L .O
~ yQ
7loeV
x^<'
C-Xp;
^?g'
PjL~
Se``N
~ sw
O;XK
hbD$h
"D R
6XCF
B WR
bI$/0
+@-B
y`L
66nb
TQC3l
|T*B
pg-X
?HBP3 R
5j1S
A;*ng>
1eGF
:}o
+U o
bFCZ
aE+w
Pq&bS ;
"Cvp
c2v7A
[+=~
R'KZ
Nw\b
gW%E
nrg",L
Gab
* 4
U|X)h;
| ]h
{jqP
,{MW:kQ, ~
WHkKP
yNEy
C> "
ymVgI
f"g}
LA S0
ueME
2CTN
e:`*
Xd ^
|\+3e
M*:S
h\'`
":^,7K>
:y9`0
#j|
Q8uFd
:JpS
-^<u
>,q?
kX#
by{l
,sJus
a>;f
J5[-
n~dJs
M|0
Pp>f=
SI}l
H9c3o
jO<^H
g02F
zeX[$"
P0)p&
System.Text
-bLn<7
^LoH
Bq@e
qg&J8
(+dnF\B
i#7Zf
IcKw
B@-]>
System.Resources
=K1?
+HaI
GetString
,htL\Q:
.Y.i
HIwb
i}AV
|tXxwq&
lB(E
mG/{
7Q10
8C>-3}N8V
*R`g^
,t 3
ZS[^
BbmW8
Gml
Sje "2wzl
CompilationRelaxationsAttribute
&"yS
\System.Object[], mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
oD2g
L1-%
SC&E
L$ds;
"V w
04:Z
c1?J
WIv]
6ma.?
?ec
Uh4uxd
U?`ZU
gOl}
QJ#k\
0l.c Y
rlC@
/5 (
N/R(MTL
=U8R
E@Q
Rc}
4j9\(r
^cQHZ#
[VGS
5FO^
G x
R)V
Io}L
;4;wk
`r@T
]*zU
#A:u
sgqZ
]olY)mt
9pjJ
-Sp
2` 6g
}1@{
)2 T
[3q Q
_ uO
`PaG
bf=!
2$P0
V<Ok
ZH+(n
aYJ
, dN%Sy
x+`V
_CorExeMain
R 05
&_HG
$&T*
QE5
]PRd
g;[a
X#BD
FF n
<Module>
-QJ!
/ ac
mF]!
9mW08
j<z[
<7TBq
_ oG3I
zvo~
E'u
b4Tvk)}
jh:y
NLfP
z/;Uk
w8P7%T
IL'5
ON4
e WH
rC>e
o x
TzoW
?W\ 0
"6{
u 7TH
Lx~]
`(3yB
B}59
}? $
BtO)Ul
f^4#
$Cls
r:v"C!
tU}
@(mA
Bk)M
l [pWT
[e)\
yeQ}
EditorBrowsableAttribute
V!. md
b.0D>
Kvq
;gf#JybK
OID.
m\!W
NII }Z
G5i
8Dt
9^c*
PA1 VERSIONINFO FILEVERSION 0,0,0,0 PRODUCTVERSION 0,0,0,0 FILEOS 0x4 FILETYPE 0x1 { BLOCK "StringFileInfo" { BLOCK "000004b0" { VALUE "Comments", "Raytheon Company Rap nower" VALUE "CompanyName", "Raytheon Company" VALUE "FileDescription", "Raytheon Company" VALUE "FileVersion", "12.5.5.3" VALUE "InternalName", "RaytheonCompany.exe" VALUE "LegalCopyright", "(c) 2016 Raytheon Company" VALUE "OriginalFilename", "RaytheonCompany.exe" VALUE "ProductName", "Raytheon Company product" VALUE "ProductVersion", "12.5.5.3" VALUE "Assembly Version", "6.8.3.14" } } BLOCK "VarFileInfo" { VALUE "Translation", 0x0000 0x04B0 } }<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> </application> </compatibility> </asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
dh>.?;b
9r "
h#_'g
zp*Ui
m]BE
+@Yc
xK {*
WR@ e
RHhC
p8jA
|!
User
){gL P
{M9q0
Ei?X
GkuW
*;C
e&Pd
`<PK
!Vys
q .o~;l
sw68
*SR0
jdA6@
|]aD
#\v/
ZGF3"{
Uin-&
8Df8
e `
b0el
k&DH
k4
^H({
o%{*
|)Z_
l[rg
kg^1
'>N;
BgoBI]v
Xt;f
,*7
*k0R
&oZ\
p}hK
9`Co
mIB!
nfngxX
ID@Z
ZG?{6S
(*C
*t`h
OaG5
z"Rb
j2qq,RQ -
Z1xJi
st-^
StDf.
f|P/W`y
$-//o
Y9 x
2.13.4.3
&`ry
mT-ze
Boolean
vdELj
WDnt
uoF}
iZrigA
Sq
M:-o
}HDn
F9
Cm.H
:'8}u
0bwi
VIIq
Na9\
}rtLa
@WQk
(Y *
e-pq
n;'C
Xg^a
")N
{ th
RuntimeHelpers
)m19
o':-
}XJfz
PVx}
Ko4v
M@~$f
unIX
,|=N[/
\H_V
G[VE
nA ?1
<W p
q8/5
tB*(
BL/f'
$[W
fn5'
w3#f
S|,3`
^S A
IlQP
i\fkx
$u'
a_,B
4\(,
fHjE
`0Q~
Xw)\9
Aa:}J
m 5JE
4;eQ
SuWl
y=8K
Object
`?& a,bG
ENWWj
WT>:p.
^Pu`\
<F `
pHYs
JW{Q
6 vM
,<p5
)I e
5w6d
H~i*
e1_K
#A^w
Gh*^\
If"8
XM`>
KSo$
HQ+2o
5s @L
h 7h
)&+S
Ev0A
?-S!J
Y{y'
T4CL
L(D?
Gqq
qUS'
RvdI
y3$&
C4F?
0(D)
q+#t
o^i>%F
4W(Lr
> BK
8 x$>
@ldX
)Ra
.?e(
{LsIB
'yO_V
5PPUo
EditorBrowsableState
cbNY
i2@
sJ6'
r!):
_}:* r
]n:>
K8T,6
52 *70
j1s}
'3"0
{RQ
{:>L]
tJ8E#
!D[
[{:m
M4mK
XN(^
AL+#
xDl
xJ(U
j`*b*
-bR},i:
D $s
!Mmr
aPND
5R+&
1L1I
Og<n
CipherMode
d16RX
|Wi F-
U#?$X$e*
n~L&
E`a){
Q<=-
>u<*
02o2
<UcX\
#h E
IFd[Xq
WIK%
APIW
}>9q
_6[57
)|#Q
t32's
Tq*Y
; Lvm
92 @
3k]c
#uFs
q b9
(M 3
W$0>^
dLF
m_UserObjectProvider
Qs~eop
7RC`
/ewu
dH<EmM
ApplicationBase
DG< 9
Rijndael
W Dj
B+~w
B& 1
e24Y
54hC
f6K,
*wd-7
fL06y
KC?9
}4Z_
?F!3
}E(+~
G%:M
_1zRq
'7(C
hS?o
9V:<br
QH z'
W t
1Boi
vhXuh
VM7q_7i
6*S
Q*U]u
/iEY
$){iG_
Cx}r
:wjc)
;HI0:
FW*
n'Z
_PN)G
1}L#
]vQF
HW[\
^@9F$
'`hJi
;hK N
$j`zv/"T
GfRA/
yp
b7~s
QnUJy
w v:|
El7
+1gx
vveW
3%K|\
J!/.
Uynu
t>G!'E
NS{\b
\x6o|6
System.ComponentModel
> B]
&?"y
&=yK
VFpmx
7=Ju
|&o7
"9j~,J
My.Application
L*]!
9NTv
m_ThreadStaticValue
1<Xw
tzvB
| S
fBk8
s&@]4
YqFl
OVH~
--Q[
0BTlem
cDWG}
4Z!C
<;29RJ
k@1p
^6Gn
"$Uk"_
[ Ue
8 =iR
S]QY
xq|J
Fxs
x^Wm
LSh!
04*.
].Y-
~KkQ
4|%L,T#
u #
2>WH
Lz[E
#X{:
bt:ZM$
Aq.0
6 }+
dtU7)
w?Xk
wJ4}
w w @7/!A
!Ndz
oLQfUX!]
y627
D``r
&E|[nB
s)o&
q+~"
C$9[
TeVn}n
3H?M
Q%]7
O 6j
HiZo
W(qT
f{Yg/
7G]O
k%oUj
wParam
uk;G
mR [
u"r
Z )cl
HIuZ
D_98
gHFw&
L'v*DU
^:"7
S-vVQI
Jt_r
k*}f
>1D'D
Ony2y
L2KD
gF]U
`[iS
4f
1E$M
?W'*
5bA|y
MyWebServices
K],Bh
m6~(
m%<f
N$4H)
Microsoft.VisualBasic.ApplicationServices
\@b,
M{)zq
2N2^
SY8;
]=6r#Ov
6Cj%
'ax 6
z+*A
~*+U
(_x z
R~9%
f2z
eGGp
>%u
EIj;
L3&a
&dMd
yJ_
,fDZ`
.L+;
XZp\z
k`Kk
A/-'
! Q
U!N JG
so`9e
lg7z
6!A9
X*Io
eJ N
:Ske}f
sT+
&pq<
'Bk[
Tqy9%
S 'X
wO b
kPGg
EIh`.
VYh-
ItdC(
2b/\|
Z=B^
6.t;
{q"*p
QC3IIo
);b
B~ >
wv0{
ZpC5
-m<g)D
<P ^_
# SU=
b^=_J~.
&gsf)
_"q
Qqq
GGq#
+B*>
WMv8
v2.0.50727
-1g1
,DLzd
]y%7
hiL9
12)^
Suj"
+.wd
EIH[
CreateDecryptor
lpPrevWndFunc
rME=E%:
#P;JiH
l/ <
e /K
WF*]
Lk2@1
0deK
/2mR
I`|
pb~
kL*)-"
zp6w
q}RZ
9c/Z
^8}dZ
vvYa
$AG?9
_DzV
$v W
@Gry
Bv;I
<6`tv
)70j
MXD|
LDF!
Igj ~c
N<4-3
T8h
r{P`
eZ$W
;Jw-
ukjC
uMC\!
H'#1
* [
3GS,
0;+N
dN:C9D
GetTypeFromHandle
F#@E
B:EC
jtjc
D$ \
h?MN
s_l8
qdKF
}]By
SymmetricAlgorithm
}uW(_
d>p[
i*~;
+~?vKN
a>O
_v,S
R]s qg
fl'i
XL)u
yst5
+~aj
JPHh:m
tFCvR
MkFD
)FOK
bs^7fqR
TER O
Y=K HVn
cS(:
:Ute3
L7n\
Ql Nm\p
sLqNrv2
1*X)
k[3F
:4=%
ind)
hw9es
I $r
^xj$
3?hL
"}P@
r @[
usOn< 3
dm)*
Modb
IpfPy
SjeH
O.Bl1^
3V`<j)
MyProject
'/\V
, b
N \'
*Ecc
[1r9B
LD~
(TEh
_q{I
c?!\
J$'07
m9 #
J $#2
$Tj:
36S.c
#Wy&$@F't
L:Z8
.#,d.\
qg1@
} du
B @
System.Runtime.InteropServices
yqW1~
N3}1
JSCu
5RD3
RYM'("{
3"n
Oy/;
A_ (
`JK
H]vF
li$j
6NO *HS
?oIl
\#J|
Raytheon Company Kalo map
7ilkf
l3c
0Ho [(U
(hpp+
4,q%
zH6G
lkA.Resources.resources
L}0=
T~iB
System.Runtime.CompilerServices
wqj@M
%tEXtdate:modify
n bS
(05Z
v 7:
+7H@
5z7/.
-0 k
N{-[HG
FzlZ
-7?- c
cZH9
NewLateBinding
K__F
t*@
\v 0
~imA
h[!O|
~ K$
P8 /K
f [e
]i.qMS
~~#
gB|N
]-Sy
s2Q:
5? C
YAd~
XZj7Mo&k
$z2B
}@w"`
;$FQ#:
#[weK
Microsoft.VisualBasic
lC&9
:_/vNo
$2vi
TransformFinalBlock
o$9/
<x6[r
f=wy
_>";
<L6`]
hTyD
VxY2z
D*/R
!d^P)
o0#2
9Ayl"
gD3j
QHpRdu+)
Ph`)
|_mZ
:s&L"
Q:Vc
6IxM
)U1Q
W3F
Q_B1e
x2g2u
v}g
G;a+
z}E
GWZ++=
N&W'
iydY
J_=H .
x0 }
8zBX
(P{\
P2)Tn+
set_Mode
y"RoS
57)z
SKY8*
,m$L
0Pz?
@DWM
Dispose__Instance__
g4'N#
c16ur
x^Zs
Ae^\f,
FM?LZ
4E
]9+B
6S.T
@S]ZdV
8 nUiZ
Equals
|mGSP
<d0)($9
^^T0_
ou3`
Dln*3
o83w
yNXU
XU`[
,`8?R,
`xI/
>#p+~
iTKT
N$ z
-EwQ
M6Kd
r~s/
i+=h
+?^9
gBA;
@tn
mAQfp)
R1L+
-51-
Cz|~)
|=f#
q3dk
s0f7
v Kr
{=Ve;
8&:w
969eu<P
:~E7
. K>
0O B;1
e&qK
nm,h1F
-6C|
U{|
c_ 2
1Ys~
w"!&
#gvE
4System.Web.Services.Protocols.SoapHttpClientProtocol
I{@
nF}J
Adm
*|hD
j(Fv`
.E|;
<tx=
d g
{'EH
\,8,
4Fdt}6
uz7%K<
+a7J >
2JN*
Q|'8l}
&>{N
_WN9E;
Pker
Z}u C
Dy>+n
PnIb
7C&7
HL;FK
Ii -
jtm5z
8X-cE
#GUID
?K <
e=[hF&
Kl`T
XR@'
nl&.?
$ 9:-5
1 x
A^@U
r ZT+
yjC@
&% uw
,U=-1
LdN
wh"(
cdzv
dmDx
IT B@
P3V!
m_ComputerObjectProvider
&Hg
eS|U5E#
E+HF}
.w9'
ylh9
)RM(
L)A&
][ c_m
2/ }|
,c#;j
/'?Q
p?Cs
zBU(
w*II
B<HT
$H)P
x3_Zq
~3xJ
T +
NtxN
I6Nq
4)E|`K
=F k
/wP2n
8tF59
Kx\yF
Ksv>
k/(6R\
b]L2n
,y?xd
}dT@
SfR/
<PAD
0MTjg
oTU$t`
6d^B
s-2@
E<a}
Microsoft.VisualBasic.Devices
MyTemplate
9>`Sy
sB@O*
\#vG_m]
i\mF$
H$.b
Encoding
>4 ~J
qB(e
0<e6R
|xuE
m_MyWebServicesObjectProvider
>~!w
T@=*
cg0=
MnM~
vg9r
!|C%
`**r
8Kg3p
_f>Hj
JBF0|
QALN
set_IV
75JjMN
CEG"
''DB
="a: -l
h Qo
{q`}
iYl
Y/Q
pYag9A,
dfsb
9p(f@
L},cA
] }W
i4 Q
gQywIwb
1 \X
VH"]
>N`k +
S _L
Xc\4
W+N1
f,7?
Ph=}c
H L|
deW(
=`FA
^d>$w
,s .$
8I#uq]
>f1y
@AP^
&
+xlv
Create
j*:-
{W]s
v6"uV
iN 5{
{GNe
C3'#
aaE~J
DA2T
^vA9
zC>OX)
io#m
y SO;
R;<H
g'nz
^=)*
E"w$+ [
Gp zy
My:
%s8b:
W %T
6&t|
0*/^
X|]U
GYf)]
97| K
A$+F
_f7O
@6gP
#7 .
10=X
O)h
o]ls
]#LuVrJ
; om
:U0ZIG
A[e3
xjE6
y4E
]z3fVU
'^*Fn
5 Kx_
`{;[,
+s0=
>-+C
JQ*@
u 9e 6
^vG{C
8/OE<
nZDdv
3 MBuI
fiuM@
(:G.
XFo`%S
5vy$M
AssemblyFileVersionAttribute
PR*4QVs4
D{Iz
rYBv
nY x
ts[G
M c*g
yK|sw
*Cl3i
[x#[
ODp 0!
56JXPE
jC9<
"y*r
50c[
(}5Ns
Iq L
~Hh2D
-{fl
1W~-U
t[G
!N<R
Mb. Q
uXmG
}-+
GWSYF
uYXi
ef`@
*PL<
System.CodeDom.Compiler
GeneratedCodeAttribute
TamuU
S 3h
|(IPQ|
4h@4Al
MwH"tq
F?f,
kEHE
Tz;
&*d]"l
<8M+
ZB}Z
PX=nB
6Q!w
Fw?j
{PP=
rx :
PNG
lL~vUe
lO/JT
SWRP#
K8MGoE
f |"
VirtualAlloc
UqD$
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-05-18 21:22:21 2018-05-18 21:25:15 174

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-05-18 21:22:21 2018-05-18 21:25:15 174

7 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\winscr.exe.config
C:\Users\Seven01\AppData\Local\Temp\winscr.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\winscr.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\winscr.config
C:\Users\Seven01\AppData\Local\Temp\winscr.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\winscr.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\winscr.resources\winscr.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\winscr.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\winscr.resources\winscr.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\winscr.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\winscr.resources\winscr.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\winscr.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\winscr.resources\winscr.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2304.12043312
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2304.12043312
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2304.12043359

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\winscr.exe.config
C:\Users\Seven01\AppData\Local\Temp\winscr.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll

Write Files

Nothing to display

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2304.12043312
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2304.12043312
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2304.12043359

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winscr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6185ed86\2df5edeb
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4b06699e\5794472d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|winscr.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|winscr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|winscr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4b06699e\1037a5cc
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\winscr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\9D9C29BE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\9D9C29BE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetACP
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.UnmapViewOfFile
kernel32.dll.CloseHandle
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
bcrypt.dll.BCryptGetFipsAlgorithmMode
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.LocalAlloc
kernel32.dll.RtlMoveMemory
kernel32.dll.VirtualAlloc
user32.dll.CallWindowProcA
ole32.dll.CoWaitForMultipleHandles
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-05-18 21:24:24