MalScore
100/100
MalFamily
Ispy

NOTE.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 43/67 Related 2243
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 400.16 KB (409760 bytes)
Compile time: 2017-07-16 18:12:36
MD5: 18eedaa80fcd3df3fe531a55e3538a6f
SHA1: 0dd01f9d25355e106a4bb99f5740e779c20c118d
SHA256: b7e3848ef8e575f23eef4e92a48e667fad747c43dd9f8719473cfd876512540b
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2018-04-30 15:21:03
Last submission: 2018-04-30 15:21:03
Filename detected: - NOTE.exe (1)
URL file hosting
hXXp://tentoepiskevi.gr/NOTE.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-04-29 06:50:24 [43/67] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x60474 394752 f6e1e15a4c95dbba92a7f72af9af6833 5b6ad3a7f7adfa6eccf28d0bf55580437ceebbbb
.rsrc 0x64000 0x2000 8192 a3cb684cd3821f610de2a60279add986 dbec65a74d6fbaf8325eab27553aa4cc0e8c83cd
.reloc 0x66000 0xc 512 78b3d2ba4d007a288361da1ac274b47c 7e00b916a210fc7fc5bdb1486dc78cd52854aa8f
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x64090 656 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x64330 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018
Assembly Version: 1.0.0.0
InternalName: grace.exe
FileVersion: 1.0.0.0
FileDescription: grace
OriginalFilename: grace.exe
Translation: 0x0000 0x04b0
ProductVersion: 1.0.0.0
ProductName: grace
XOR
No XOR informations found in this file.
Signature
MD5: 21016ad5d55ff12e84262ea5e1bc1742
SHA1: 9aca9e93116799a3a96b7ae422509fc1dc0bd282
Block Size: 5792
Virtual Address: 403968
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
http://crl.thawte.com/ThawtePCA.crl0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
http://www.bitvise.com/
http://ocsp.thawte.com0
http://ts-ocsp.ws.symantec.com07
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
36e95594-7cd4-3f0
36e95594-7cd4-3f1
36e95594-7cd4-3f2
36e95594-7cd4-3f3
36e95594-7cd4-3f4
36e95594-7cd4-3f5
36e95594-7cd4-3f6
36e95594-7cd4-3f7
36e95594-7cd4-3f8
36e95594-7cd4-3f9
36e95594-7cd4-3f12
36e95594-7cd4-3f13
36e95594-7cd4-3f10
36e95594-7cd4-3f11
36e95594-7cd4-3f16
36e95594-7cd4-3f17
36e95594-7cd4-3f14
36e95594-7cd4-3f15
36e95594-7cd4-3f18
36e95594-7cd4-3f19
36e95594-7cd4-3f279
36e95594-7cd4-3f278
"-#-$9%y&-'-
36e95594-7cd4-3f271
36e95594-7cd4-3f270
36e95594-7cd4-3f273
36e95594-7cd4-3f272
36e95594-7cd4-3f275
36e95594-7cd4-3f274
36e95594-7cd4-3f277
36e95594-7cd4-3f276
LegalCopyright
1.0.0.0
36e95594-7cd4-3f198
36e95594-7cd4-3f199
36e95594-7cd4-3f190
36e95594-7cd4-3f191
36e95594-7cd4-3f192
36e95594-7cd4-3f193
36e95594-7cd4-3f194
36e95594-7cd4-3f195
36e95594-7cd4-3f196
36e95594-7cd4-3f197
36e95594-7cd4-3f293
36e95594-7cd4-3f292
36e95594-7cd4-3f291
36e95594-7cd4-3f290
36e95594-7cd4-3f297
36e95594-7cd4-3f296
36e95594-7cd4-3f295
36e95594-7cd4-3f294
36e95594-7cd4-3f299
36e95594-7cd4-3f298
36e95594-7cd4-3f58
36e95594-7cd4-3f59
36e95594-7cd4-3f56
36e95594-7cd4-3f57
36e95594-7cd4-3f54
36e95594-7cd4-3f55
36e95594-7cd4-3f52
36e95594-7cd4-3f53
36e95594-7cd4-3f50
36e95594-7cd4-3f51
36e95594-7cd4-3f125
36e95594-7cd4-3f124
36e95594-7cd4-3f127
36e95594-7cd4-3f126
36e95594-7cd4-3f121
36e95594-7cd4-3f120
36e95594-7cd4-3f123
36e95594-7cd4-3f122
36e95594-7cd4-3f129
36e95594-7cd4-3f128
36e95594-7cd4-3f222
36e95594-7cd4-3f223
36e95594-7cd4-3f220
36e95594-7cd4-3f221
36e95594-7cd4-3f226
36e95594-7cd4-3f227
36e95594-7cd4-3f224
36e95594-7cd4-3f225
36e95594-7cd4-3f228
36e95594-7cd4-3f229
36e95594-7cd4-3f316
36e95594-7cd4-3f317
36e95594-7cd4-3f314
36e95594-7cd4-3f315
36e95594-7cd4-3f312
36e95594-7cd4-3f313
36e95594-7cd4-3f310
36e95594-7cd4-3f311
36e95594-7cd4-3f318
36e95594-7cd4-3f319
ProductVersion
OriginalFilename
36e95594-7cd4-3f161
36e95594-7cd4-3f160
36e95594-7cd4-3f163
36e95594-7cd4-3f162
36e95594-7cd4-3f165
36e95594-7cd4-3f164
36e95594-7cd4-3f167
36e95594-7cd4-3f166
36e95594-7cd4-3f169
36e95594-7cd4-3f168
grace.exe
e0f93458-d434-42f4-9da3-942e284b2802
36e95594-7cd4-3f98
36e95594-7cd4-3f99
36e95594-7cd4-3f92
36e95594-7cd4-3f93
36e95594-7cd4-3f90
36e95594-7cd4-3f91
36e95594-7cd4-3f96
36e95594-7cd4-3f97
36e95594-7cd4-3f94
36e95594-7cd4-3f95
36e95594-7cd4-3f149
36e95594-7cd4-3f148
36e95594-7cd4-3f147
36e95594-7cd4-3f146
36e95594-7cd4-3f268
36e95594-7cd4-3f269
36e95594-7cd4-3f266
36e95594-7cd4-3f267
36e95594-7cd4-3f264
36e95594-7cd4-3f265
36e95594-7cd4-3f262
36e95594-7cd4-3f263
36e95594-7cd4-3f260
36e95594-7cd4-3f261
36e95594-7cd4-3f219
36e95594-7cd4-3f218
Copyright
36e95594-7cd4-3f213
36e95594-7cd4-3f212
36e95594-7cd4-3f211
36e95594-7cd4-3f210
36e95594-7cd4-3f217
36e95594-7cd4-3f216
36e95594-7cd4-3f215
36e95594-7cd4-3f214
~Bitvise SSH Client, a full-featured, general-purpose SSH clien
36e95594-7cd4-3f280
36e95594-7cd4-3f281
36e95594-7cd4-3f282
36e95594-7cd4-3f283
36e95594-7cd4-3f284
36e95594-7cd4-3f285
36e95594-7cd4-3f329
36e95594-7cd4-3f328
36e95594-7cd4-3f327
36e95594-7cd4-3f326
36e95594-7cd4-3f325
36e95594-7cd4-3f324
36e95594-7cd4-3f323
36e95594-7cd4-3f322
36e95594-7cd4-3f321
36e95594-7cd4-3f320
InternalName
36e95594-7cd4-3f286
VS_VERSION_INFO
36e95594-7cd4-3f287
36e95594-7cd4-3f288
36e95594-7cd4-3f289
grace
36e95594-7cd4-3f49
36e95594-7cd4-3f48
36e95594-7cd4-3f45
36e95594-7cd4-3f44
36e95594-7cd4-3f47
36e95594-7cd4-3f46
36e95594-7cd4-3f41
36e95594-7cd4-3f40
36e95594-7cd4-3f43
36e95594-7cd4-3f42
36e95594-7cd4-3f138
36e95594-7cd4-3f139
36e95594-7cd4-3f132
36e95594-7cd4-3f133
36e95594-7cd4-3f130
36e95594-7cd4-3f131
36e95594-7cd4-3f136
36e95594-7cd4-3f137
36e95594-7cd4-3f134
36e95594-7cd4-3f135
36e95594-7cd4-3f257
36e95594-7cd4-3f256
36e95594-7cd4-3f255
36e95594-7cd4-3f254
36e95594-7cd4-3f253
36e95594-7cd4-3f252
36e95594-7cd4-3f251
36e95594-7cd4-3f250
36e95594-7cd4-3f259
36e95594-7cd4-3f258
a2da5c66-9002-d9
Translation
36e95594-7cd4-3f176
36e95594-7cd4-3f177
36e95594-7cd4-3f174
36e95594-7cd4-3f175
36e95594-7cd4-3f172
36e95594-7cd4-3f173
36e95594-7cd4-3f170
36e95594-7cd4-3f171
36e95594-7cd4-3f178
36e95594-7cd4-3f179
36e95594-7cd4-3f89
36e95594-7cd4-3f88
36e95594-7cd4-3f81
36e95594-7cd4-3f80
36e95594-7cd4-3f83
36e95594-7cd4-3f82
36e95594-7cd4-3f85
36e95594-7cd4-3f84
36e95594-7cd4-3f87
36e95594-7cd4-3f86
36e95594-7cd4-3f34
36e95594-7cd4-3f35
36e95594-7cd4-3f36
36e95594-7cd4-3f37
36e95594-7cd4-3f30
36e95594-7cd4-3f31
36e95594-7cd4-3f32
36e95594-7cd4-3f33
36e95594-7cd4-3f38
36e95594-7cd4-3f39
36e95594-7cd4-3f103
36e95594-7cd4-3f102
36e95594-7cd4-3f101
36e95594-7cd4-3f100
36e95594-7cd4-3f107
36e95594-7cd4-3f106
36e95594-7cd4-3f105
36e95594-7cd4-3f104
36e95594-7cd4-3f109
36e95594-7cd4-3f108
ProductName
36e95594-7cd4-3f208
36e95594-7cd4-3f209
36e95594-7cd4-3f200
36e95594-7cd4-3f201
36e95594-7cd4-3f202
36e95594-7cd4-3f203
36e95594-7cd4-3f204
36e95594-7cd4-3f205
36e95594-7cd4-3f206
36e95594-7cd4-3f207
2018
36e95594-7cd4-3f334
36e95594-7cd4-3f335
36e95594-7cd4-3f336
36e95594-7cd4-3f330
36e95594-7cd4-3f331
36e95594-7cd4-3f332
36e95594-7cd4-3f333
FileVersion
36e95594-7cd4-3f70
36e95594-7cd4-3f71
36e95594-7cd4-3f72
36e95594-7cd4-3f73
36e95594-7cd4-3f74
36e95594-7cd4-3f75
36e95594-7cd4-3f76
36e95594-7cd4-3f77
36e95594-7cd4-3f78
36e95594-7cd4-3f79
36e95594-7cd4-3f145
36e95594-7cd4-3f144
36e95594-7cd4-3f143
36e95594-7cd4-3f142
36e95594-7cd4-3f141
36e95594-7cd4-3f140
000004b0
FileDescription
36e95594-7cd4-3f244
36e95594-7cd4-3f245
36e95594-7cd4-3f246
36e95594-7cd4-3f247
36e95594-7cd4-3f240
36e95594-7cd4-3f241
36e95594-7cd4-3f242
36e95594-7cd4-3f243
36e95594-7cd4-3f248
36e95594-7cd4-3f249
36e95594-7cd4-3f189
36e95594-7cd4-3f188
36e95594-7cd4-3f183
36e95594-7cd4-3f182
36e95594-7cd4-3f181
36e95594-7cd4-3f180
36e95594-7cd4-3f187
36e95594-7cd4-3f186
36e95594-7cd4-3f185
36e95594-7cd4-3f184
36e95594-7cd4-3f152
36e95594-7cd4-3f29
36e95594-7cd4-3f28
36e95594-7cd4-3f153
36e95594-7cd4-3f23
36e95594-7cd4-3f22
36e95594-7cd4-3f21
36e95594-7cd4-3f20
36e95594-7cd4-3f27
36e95594-7cd4-3f26
36e95594-7cd4-3f25
36e95594-7cd4-3f24
36e95594-7cd4-3f110
36e95594-7cd4-3f111
36e95594-7cd4-3f112
36e95594-7cd4-3f113
36e95594-7cd4-3f114
36e95594-7cd4-3f115
36e95594-7cd4-3f116
36e95594-7cd4-3f117
36e95594-7cd4-3f118
36e95594-7cd4-3f119
VarFileInfo
36e95594-7cd4-3f239
36e95594-7cd4-3f238
36e95594-7cd4-3f235
36e95594-7cd4-3f234
36e95594-7cd4-3f237
36e95594-7cd4-3f236
36e95594-7cd4-3f231
36e95594-7cd4-3f230
36e95594-7cd4-3f233
36e95594-7cd4-3f232
Assembly Version
36e95594-7cd4-3f301
36e95594-7cd4-3f300
-=Uw
36e95594-7cd4-3f302
36e95594-7cd4-3f305
36e95594-7cd4-3f304
36e95594-7cd4-3f307
36e95594-7cd4-3f306
36e95594-7cd4-3f309
36e95594-7cd4-3f308
StringFileInfo
36e95594-7cd4-3f158
36e95594-7cd4-3f303
36e95594-7cd4-3f159
36e95594-7cd4-3f67
36e95594-7cd4-3f66
36e95594-7cd4-3f65
36e95594-7cd4-3f64
36e95594-7cd4-3f63
36e95594-7cd4-3f62
36e95594-7cd4-3f61
36e95594-7cd4-3f60
36e95594-7cd4-3f154
36e95594-7cd4-3f155
36e95594-7cd4-3f156
36e95594-7cd4-3f157
36e95594-7cd4-3f150
36e95594-7cd4-3f151
36e95594-7cd4-3f69
36e95594-7cd4-3f68
Gu"0Yy
/]#~
(GZ5
Uu*0
wu+02z
t*"C
MuJ0jy
7{cC
itMq|
$0/~
mCf
[.x q`
e;ygl
9guJs
Fu\0uy
`$&T
o=lf
u{0]y
set_ErrorImage
iuv0
PNG
Y kM
Qzb
B 2!
t; ER
AgLG]
3,0g
1UL,
Sq:9/
s`P
f1 |
Char
1 =V
muR0Ky
bpYgOB
kWT~;o
!?~ _
=}YW
Z7w1
pu>00y7G
i&nK.
59@)t
vup0]y
6Ng|
c`"pu8
|
0<}
```0``
6pz1"
+X _
^_QA
-P >
8:qzE=
cup0]y
```pa`X
9,h
7p9j
UMRb
\^&;?
EPl>r
=jraJW
h0+/
WZ@@
v7Rw
6uk0
FCfmhk
dP}'
7\EH:
<PrivateImplementationDetails>
k}fM
4iSa
Gq6I
?r|a
p|Vt
1eH=
a[Pk
2+vM
)3hC
Ubp<
:7sc
: UO
U6e}
Ac!R
dihg
qYYF
zup0uy
bx A|hHM
]}BV9
`\{,
&wd
q9z*
w,08y>E|
W =e
r|Oq
z^ Kc
&}Xp
Ni=w
RLzH
v B 2
iY[F
Wq 6
>sWd<
3N%^
{uy0ay
~_:(.9
#;<Z
srZyZ
v6|^T
0~y9G7
'U(Y
6iY*
$En|
?u$0qy
4;l^Ec
r <1
|6|^F
```pg`x
I123
PPNZ
EucB
2uWU^
&h~N
0rPZ|&
J:Ji
sJ2 y[Af
`KE-
&(F?P)i
9gB]
8u"0Ky
|u\0Uy
A2^7:7
```pg`X
System.IO.Compression
V_A
gJX/p
\uu0
GXuC-
!e!C_
luV0
B3<Ctr
#=8v
BuV0}y
OhTv6%~"
;**0
<uI0Ay
RuntimeFieldHandle
YZNz
uD'Qn
?ud0ty
T|kw,a
System.Security
```p``8
T;Pez[
;ia-
Gibraltar1
g\;
l-5u
;%mk
)ucB
`uc0
Ovwysx7!&g
GetData
D*F|
mscorlib
7uy0
ctT
>u"0ey
3v=Jz
Ej^d
e;@2y
z>:l
Application
02y&O
8X }q-?kC0
2qTj
8pjc
```(g`p?
Yu^0}y
}BPo
;uy0Gy
hu#0by
v'B 2
[uy0
huU0cy
|02sg!?
mu,%
PI0gy
Bug0Qy
N`P
9Q;/
Fbmf
```Ha`P
g!|[W
9`P
ku`UF&
XBOf$
65*%A
-RoT
Write
S S
EnableVisualStyles
Wf-
wXxN
>A!X
ce!9
<gP
7! S
:pUn "}
AU=bd
0"yGCl
x.!c
guY0
4%n^O2
u`0xy
f. q
Y B:?
ssjp
5Yi!<
HT_8
`M%Lt
40W/
)U+t
e?z
? 5^*
Gu 0Xy
Pp \t
kG.n
y ?
vuv0dy
l8.cY4
v^Fy
v2.0.50727
`|-_
d<YhO
K K9
mu|0Gy
}u`UF&
7uB0Fy
j``T
0<ytG
FF1fRy]
Fu#0
/QXh
2ugb
gniTz
AppDomain
u0wg0
HRB=%$2
8zX^
&*8w
}gSx
@uW0@y
0VN
o]m O
*|J0zn
iL U
9ue&
I-Yg
CC/r
g.2<
-Z}5
Hu\0by
22y N
_2y6F
-3e]W
```(f`x
KtL04y4F`
ac:AhcV
Image
`u%0 y
]$.0C
%f 9
vB27
RDF
Lj2L
-U`DS
"R#/
xZ(9
NK>8A
p[26
6|p7
```Hd`HY
- Sr
vua0[y
k;@2y
```0a`
dua0~y
MemberInfo
7I$y
6(#m
Mw|1_y
,]]f
`0E+
^uJ0py
kJ9o
ToByte
4:Q`G?
URwT8
V1lo
uj0Ime@F
],
gu`XW
LuJ0
Ogy15
{*_U\
OO >
2uQbcD
u 0/y
W^n{
<ovr
P%"W
MeU
AC[R
<uk0ey
T"&?-
c`p
Krk5
M=_8
]"/vf
KuQ0Ay
NV6W
&&w\
V,Im(:}
fKe3
m|`h
C<n7
(02}
^?ss
Xu<0uy
"iSW
nmaH\+
mL04y
{o{|j
uz22y
CC L
Guu0Yy
zuk0ky
G<CI
zMI
03y'`?
W&N6
01yqF?
````e`
$44ffbd77-61e8-48c2-97b7-0422ebb7027d
<f 8
<}F]
{uw0Sy
get_Controls
sbY-
@8 '
u"ul
sRJ^N
}Gs4
_\b?
```hf`x3
Type
|Rs#:
l|%B
z$?4yVH`
Ku{0qy
4CCx
.;sC
~G/5Z
dfcX
fHO
a 67x
wb{~
v3$3
HuR0|y
r1Wn*
0ta
Yqf2{
gW]4
:=*}
Nu 0
SvF@
j2wu(
Y"[$.j
|gmv
a}jE
.Y500p
~`P
Plo
n/3!f;
,qHe2
!u80{}
Vu~0jy
h[Z]S
7 +
JuP7h5
Ig/5
{]c<;
sm52y
z^Wy
bu%0ky
~uv0ky
KuG0Uy
|ON!
&TGKK
U-<i
=u}0by
gUAy
6u 0_y
01yqFM
n53Q
lkr:l
f}+k
zuT0Yy
lu^0Py
e_H'
c*<_
%c;\
-to!
_A]W
4jV L
o5F8:
LPg`8
#]w/_
String
:p@@}
[G()
{S3o
^u^0qy
uR02y
"iVZ
3 U\
u<1[y
ay [
;>))
&Lv5))V
>VF.%n
}.SP
,dchL
09y"F?
'K c
JIDAT(Sc``
duw0Wy
FuPWp
=6<J
/c~~W
2R.T
PWjx"$6
|"~/
i9,S29
Rg_T4
c`Lv_
ua0!y
fu|0\y
2u'b
0f C
G<{#
he,y
,~;n(fo
[ Y2
.O/\
http://ocsp.thawte.com0
E02s
uoJm#
_CorExeMain
'.dy
C b~U
nu_0qy
/+_r|
2uV^G
v1Dy
o3u
3v_X
7uK02y
bo10au
=sNL
0@ucN
DB1e
_QB\G
set_SizeMode
C()i
d00\
]BWqy\wr
xuq0Ey
X
u+02
#7ts
q;42y
J^edq
qeBd
etWV)){r
vs]
84s5
=7;0
```Hf`8":Svi
6uJ0Ay
!FVe
/M6*
5[C'
{U@-
buD0Zy
26]g
j G_Y
=uv0Zy
uG0
Z,<R
.text
ZY0
Lu|0_y
^_vU~/
F70p
<dO-WPC
nu 0Dy
}b`X
C9"<
-%I&
6HBPY
VuX0zy
&J6k
:ua0cy
7KylS
Fuj0Py
x #*
%7aw
m,08y
sHjq
))A`
Convert
Lu]0\y
_-J
^EOz
05y"F?
8>krU
RjePqb
System.Configuration
>u[0Sy
eu]0
Do vp
0r0^1 0
ComponentResourceManager
MarshalByRefObject
g0e0*
0H\7
c 9D
ePq~
x<B.f
:ub=
nup__
b?aY
aQ_y
n|w5J
HyKMo>
(#Ee'
huj0By
6kj{
:zFG
[ue0
PerformLayout
```Pa`
Rg+sV
X;WR
{"rYF1
^`x9
}a>2
YuG0
KuP0by
t rqD=X
j ]Q_
LuP0wy
.;9JU
1PaXUT
Z;?*
FOfQL
vQVy
ekzw
)nM
2up]Vy
d[kZ)dGb
ONg8
u< t
z_dy
Console
02y?G?
e^ v
R8;s ;
p a]?
zy6^")=
gqCb!=
Fw3 ?
ip8m
F:=s]
)2n"sLOd
dT)
0ItmG
)t_U
q310w
t@hV
~fEC&
g_w]"
oms=5
jux0_y
1O;LG
vQV*
cu*0wy
) k);"
.M0c
@0[.
:cby8 F
wkSp/r
t@0}y
````g`(
Vh*10
/U3 @
oUw56HM=
wuv0Ey
qg ?
Bw%?
}o &
Zgp>
w]mq
jKb=E
Y "02}
xpT9
r*Y)
`.rsrc
4.0.0.0
juV^G
L$ k
mH3)
\qn
]#02s
{dJ`
,|~ls
~G\Zi
09f^
b=lkn
:ut6
get_Default
RP t
:?oH2<
G)NmE
< 7N7
=:t0t6t
]XQ?
4 {9
huA0|y
MVWZ
AuR0Dy
E\uu
El c]!d
xu'0ky
VY7s
N `
A@PK
w!mg+
D P)T
: Gc)Pb
cAnc
[yR[6
u 02h
{ud0]y
3e=
0^1 0
9GqZ
Thawte Code Signing CA - G2
l`P
1TUO^]u
Form
`uE(
;k
E<b0
X h
ws\Y
'Symantec Time Stamping Services CA - G2
L
Ss0xY
GetTypeFromHandle
ColorDialog
```(``
q<1
```0b`
g::2x
du}
xtVW
?cXT
7uT0Vy
|=x5
Zmf0
1Gv
-<\;
!?6h2
k-j^g
\s+@|
buF0sy
zswx%&
@uW0ey
wu'0^y
`yRd
[MrKF-
OU~+
121221000000Z
/Jeg
|ft6
PVl+
```pf`X
~ D
&*8j
"#pG
>A.X
X*6r
\aD\
O~1*
FormClosedEventHandler
W)*,/4,
,w:Se
gup0fy
Muw0cy
@uw0ay
LxN]
w$.0u+
Q2wp_
Ddq54y
*nBq
r<>
-=509.>7
/ oo
\jx8RvJ
TimeStamp-2048-20
Thawte Timestamping CA0
_\nf
Symantec Corporation100.
9=kYM
l |YmM
]<^h
Auj0Wy
[uC0sy
A?5sK
Durbanville1
(6
H--)
UUM!
9X5/
#~m 2y
cub0\y
'400|
nT t
FormClosingEventHandler
nFp '
B 21
?R4h
{u'0By
O*11X
D|7|
uv0Gy
Z^FJ
|BYW
W {o
/NgW
&w,0
Lu_0Wy
BtJ02y
H`P
ULxzl
wuB0Fy
]+#%
=y\
```Ha`
O^XxZ
xM$
2ukr
K#Q2
+=KE;
}33/|
APDZ
{'vCW
SettingsBase
.a8m
_`&4
>u'0ty
F.i
K"/ %
n \@l>
Nu*0Xy
~n9
"Um=2y
qUU_
L>(y
]u 02
ju80]y
set_AutoScaleDimensions
_ GmC
4}1e
HEq.
>NW|
ICustomAttributeProvider
5s{wG
Fy\
&*8Q
lAtE8
lV7d
whf"
3|2R,
get_Assembly
kz8w
;- \i
h#$q
?o[.
^OC?y
VRC(9
\)z'bB[
EuG0jy
System.Windows.Forms
pOp;
=|\|^
Iuz0@y
S#UW
mv91
ku'0}y
>u/00x
uAzm
_ ~r&G
r2uJpFV
}Zn2
&*8Y
Tz/#
^> 6
MM0u;
Y{|Vg
pa^?
7^vI``
m5]{
>oI9
ju'0[y
# ;G
t=aj
AGa)
0B+?
2kyHU
Q9V3
W4}cN
I&Q^
z+vW W\Y
%'50
7uF0ty
t{3l
x9Q^
RuntimeTypeHandle
6:k.
h'vCG
grace.Properties
Guf0Yy
~a0>x
```pa`
```(d`p
;A'Mq
iR']
X1 O%
uV;u
tCn
u}12y
v]2>
UaL04y
uS0My
Of^
2u_XcD
Y 8J
```pd`X;3
200207235959Z0J1 0
-Z-=8Y
^\1j
r[~"
$u'0Gy
%02x
Y0'-:
% (=
>.1>z
;Rvo
rF6i
.v f
&*8)
vu|0Dy
e`Wk
&*8W
gCG]D4
L/)sA
W2
>=|t
```ha`
e&EOu
&*8D
IHDR
&*8F
bB6
{iUow
4hW9
System.Globalization
AuI0
&*8t
nL
&*8v
```(e`xV2aQJS
FuE0
&*8q
&*8s
&*8}
ymW}x
VbkK
aHt4
Ay |
lu|0Xy
/X_AR
:$cE
,&c3
r$S2
}j2EobOF
)n;s
`f^\
46]S
Wh Z
AMAJo
-N*vn
```(a`X9w
A \[
```(a`
EventArgs
E&Mv
q=0!y
K,V]Zzj
F6":
j`THv
z'^ 2
CuZ0^y
a`pK~
#VE
X[`R
Control
```0c`
'cfSH
(*"Z
02y$OI
& -2
Gu@0cy
u~00y
:$cH$
y/G
4+int
/'^T
piKW
Fu}0
pR1Vi
qK.N
LIDAT(Sc``
sa)b,
D?-FK
get_Name
02y$O)
TfbF
b '
@UD=
3(_*
F02s
jV0{y
&`Q?
wu#0
::
m"S>
|aP.:
H)`@-c
5n]
=NoR
D >So
E^?~
#Strings
vP9+
xmnLm
#_=>
System.Collections
8;r
f`0<
4?k N
m+1@y
Evidence
p~s_
zq:C
Obt;
PWW\
DTSb
Mgf
Z^r{
gS?Y
0<!P
u:M!
F;gT
Ra> 1
2oNW
u 0*y
`uI0Gy
8.:o
q1KN
J%kU>&
r[#Y
````g`
LO6
SuspendLayout
ysFu
1~b7
WuW0Yy
uu@0~y
zN3$U
[ua0Py
IQ0m
bu]0gy
```Hb`
3lOm{
^II~
21mIAm
}^~d
7MEC
R^O :
20x1c?
Dtiw,pS
O SL
f#Fl
]S02
set_Location
get_EntryPoint
3,;V
vTH{
ig_'
!aQ\
BeginInit
LnQS6
'|*^\
a{0*L v*
06Q|G?
zq [
[u`0~y
h!mm
<u|0Fy
R=hz
7=^f
8_U:Z
fuZ0^y
h6<!
]102s
J{4r
9ux0sy
@!97
5*D b
qrUS
E1D
3 Gxz
Vu<0
cua0Cy
0t7~
tq30D
IIDAT(Sc``
m) D
c,%4yAQ
DateTimePicker
!8UF
6$rEe
^uu0\y
K\^@(u%
1hFZ.4r
9u<0Hy
Dud0`y
OHIJ Hh~
+@ E
|'vQVy
ImO
k_g(
YIVj
Mu*0
ssqhVl
mk6I
]3Fj]
5iN53
0FsfE?
Bu`H
| ` `C
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
h~ u
"aQB7
c`X~
mU _
J`P
NwR1
CsrO
^{e+7b/
a]S
7ucB\@
```P``pj
B1,y
;z2y
d02s
qvE[
T3S7
L<3;
~Liny
uNI?
? \x9c
6!6n
qzE=
V:ll
3j2_
130126000000Z
Array
n\(e
}sSx
fTm;
b07x
Llk{
-`29
9VWf6
P5!PEg"2
S%eeL
~Smj
Z/kz+%
M[?
*\GS
[~lQ
^p
|c}8
06y A?
f}ec8a
ICollection
glan
~RW
g=/A,-
DJnt
DUo
8u}0Cy
```hb`
-<)E
euT0ky
MvV|3U
E1X,
Me8m
Thawte Certification1
eo=j
w=w?dz
ContainsKey
ju"0\y
|B2*
@uY0Cy
}1Vw
74<r:
mr2g
8}VO<
:uV0uy
0b9
^0<h
vB2*
v&02x
:/-}
BLs6
r"EChn!o
u#0:y
~O4<
rVv9
h %0
^ 2H
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
/7~s
Gk5c
Vw,f4
1NV0
%\rJ
W}=}S
5,.m~U#
dqs)9G
System.Runtime.InteropServices
8v]]
mu^0@y
p0ua
}up0fy
E O2q_
muK0Uy
hu}0Ey
WHP0
uK;s
uQ0{y
_=HX
h&gX
O Z_l<
RuntimeCompatibilityAttribute
CuG0
`0`7
R<L+}
PN +#
HYkeU2
H`Cv
FH{.
)@h9
W#/z
==?s
08n:
a=rCZy
```Pc`
0;ySG$
40200
ra!2y
g&"<y,U
'8*)
Yur0@y
D0&~
=NnF
Label
uF5P|
3 ]S
R'x=
<4y,J
;Y+'
^UiW
U(-\
0|7<
"?|B
z7oN
$mv|
]C%>^ q
_~2
( (02}
6u1s
=ug0by
uE0jy
u__Q
9
`Uk]^
9W0<
S<4_x
X$7e
vtb02y
m'\
]:pfm
r; 2y
S=\6
UuK0
J&ud<O
KJvc'_
&]R^
e8]I
Sb5#:
mY7EI
uN02y
~uy0_y
AvLo
>5o
Q= r
nu*0hy
8h
T-}2
8=Y
:nU%
Lx[L
da=*
O{ml
3r<
G_r{P
Xu]0vy
+(~'
YF{L
y(nB
EFAn
](02s
p#hn
) Oc
V|Wp`
pJg=
RxjG
Sag
Cuc0|y
i9(F
@u*0|y
@5~m
G?%Z
bn %
gLlB
&Enb`(
!u#0
!r'
;(=P
g (/q
InitializeArray
r]2?
][U7
7, ?I
/MO9#8
>:?]
D2-,x
{{UC
#`P
a_~q
&wbgH
Fu55
pU0V7
i$1t
MethodBase
>uR0
{c =
K7V793
v|t;
iq @
auu0]y
pL,/
swH]
Default
DuY0]y
gU28
Zut0by
RK8g
YVhv
?QT*Z
u903y
`uP0
.}d_
```0d`
nWq^2?
tUV?
j#%1
;u}0wy
?Q s>'n8
- ;>
kn-g8
f&k*
z\R$
RW0p_g
z*Fh
jKNT_Tj
/=.re
Ft!1d
';`!
}"3#l
/zS5ky
$c'1
gnf`
02y&G
[uYU
ResumeLayout
yE F
hCA-
jazehMZ
OVCG
&e\Y
"Wqu
A|oj
`i&j
9o Td
[F_~,m
zwLa
OL1p
Vd4Ot
wu\)
ValueType
cugBS
{"O
mRk
{&X}
set_TabStop
;7;O
m}q+
` gC
HJjV5G+
e&,V
,gOL
Y/jm
Buc0fy
```Pc`h
yr 'T
\({
]8Xk
jue0
!dIHB
G!;}N@
A]9;
m)m(
pQ%l
GraB
E`P
kNe<
201229235959Z0b1 0
axhp6
;Z2y
n5R\S
T ~,S1C=b
's&#S
:mh
5Srh
x8)?
zn[
KVf$
Buq0
=Fv6u
y- S
Thawte1
yub0cy
System.Drawing
@ oAB
&}gbm^r*
M`P
xPdi
nuF0ay
S\n"Kq
T\/~
q;52y
T8KcJ
:uQ0^y
04o;s?
?'1
I=c\P
gUV<
Dux0Wy
N^*30x+z
<)d9
WK[2
pUAy
@X@yS1
Juk0Ky
P6|Bw
{6q}q
duV0xy
"NY
[ cU2
&oZ:;=|S*C
`uw0|y
guk0
)*2p%
07\m}
-VS_
sqq_S%
06Q~G?
2~`L
c{lK
7^A
eu<0Zy
V"~36i
1~(#&#
uAxh
3oS[
9%N&
G~%e
d`HR
ToString
w$.0e+
a/N|X
http://www.bitvise.com/ 0
wQ[;g&C6
0~sfE?
u"0 y
{F!0U
9uX0Qy
B'f,
DY\`HV
Fc1I
_-{)
e.CHs
t'}
gu!0]y
C 5}zmg9
^Q9:
Uu 0zy
}KT`fMY15
35=U
FormClosedEventArgs
/xJU=p
#?oA
9uk0Ay
J^_P
rBK+
@S&R
!;1#
. S
rBK.
^Qs9d^
8-C4
Lu{0~y
ju[0
3V&<
```x
ILx$StD
]lPsU
W=~b
h}lH
a# +
" V3
|Y43
Hu~0Ky
```P
z*CP
```X
uC|
add_ResourceResolve
'vfG+X
Kub0ty
lqw6
S@0^
AssemblyTitleAttribute
_;0$-
```0
e @P
-vF#
j gbW
U M}
```8
.cctor
Scv2
|uUY^
+8n-3
aH".w
\} {v
u0cF
|ha0
vaOz
uu*V
G99~A9
FuX0 y
sfE?
[u$0yy
+WLW
~crU
,opXY
s7Nxg
bn61
add_Load
fuk0ty
6uZ0xy
_QB
[ Y2
hu 0|y
GE+R
c5VU
[S>'
l3`jf
ya2N
e?5>`
f'F}
@=(tm
!>}/
e?bb`
h]O~
eY.ti
qwd:=
q'-v
C0F0157F4DEFB1F755968C5F80170A654C8023CF
hsLu
z^Ij
lKZ
{_[_
~up0Gy
5S/1x4
M|k~r
(=]_
+g{p
]FS$0C
2vD}
set_Image
0[eZ'_
(vO
q ml
~u#0Yy
get_CurrentDomain
Data
j;r]Wy
eEZ-
h=P9
FuB0Xy
l&4y
3L |g
/96k
>0<0
Vj30
u!
;|\e1[j
]UJ
du=0Wy
g32y
0EiX
buY0Py
um5ay
<u<0yy
KEGm
kK!8Y
}e2. j
Uu@0
pHYs
.ctor
p02y/B?
Duj0
|N181%
JN+/^Q
ub72y
s0;y
0npfE?
Nz:fo
FQj 7
@uv0[y
kuu0 y
au@@^
GiX
v- +
}SyScq
>2e<
11.0.0.0
5R1rD
t 0'k6
oVhz
,BK.3
s8cL;
^c%2
u_11y
>=TY
Al ( p_o
lD%j0[
&2fW
RJUE
GiX#
KBAX
iE"i
Invoke
=]wx
u({&Y
vS p
SetData
u 02y
zghp
/3,_
70z;
s/uug;X5a
t_g;
~zE=
JiI;
.k/`4
^80kA
f>?V
/!8ADtd
YL;o
zK20mF
JX1d
]c9DiI
0J1 0
Lu'0ty
mh|lj
`0N4L
u|6>9
sc$8o
5CxVW
@wE.((4(
K ;"
G~\
eV:g
RiY@E
HFVq
$`z,N
Y9\1#
vv]
Mw,1`y
uC<2y
@u$0sy
Enter
uI0Yy
q311q
,_>y29
~ ekJX6
!xoG
Juq0wy
R{_3o
luK0
]wl]
z37Z
1e85
3(7m
Cu%0
7_ '
@.reloc
/ {ym
;uz0hy
L;<s
!bmsZ{
BuJ0xy
f*O3q
Jj~&
4V10h
,L)8
CuY0[y
Wu~0[y
Sm72y
*y!{
k+'&u}c
GGDj[
t+}Uy
-4E<
!A='
Zu!0[y
2u%X
g1p
.0!nw.;!
{u<0Xy
302s
XuW0py
bu_0yy
l?>AE
8uP0Qy
vuB0|y
9I2?
rGx\S
|\X/
${>:
0iS=
~ur0By
s313k6^8
,,jg
zl<$.3t
^N9\
1qJZ
\#+a
83wj
h0gg
M |
vyKi
4)p,
BH[p
p,W
8DY}
vBs
s313h7
{^|e
C#56
<lYx0
yuP02
8)@w'e`Mz
/DX2
^V+)
s; 2y
??:s
FJuv
'p 0
539:
)[o[[@M
jNkx
\+Q-<\
MOn|o
e1ZW
s LN
Y 8U
vm_|,
Y 8Y
I~%G
Y 8]
T3-Sy
3.|n
\e]J
0[x_H
q3d
\gO+
CQ;_9
%-':
U</~
(x1e
Y 8w
Xu\0
qpa*
9|'
Y 8z
;*#h
2\j$
MemoryStream
w>f`
L!
GuW0Cy
TOY@
cVG$S
g8.0A
luf0ky
+iX+
! z
au`0
g +W
#G{eJ
&0BQ
set_TabIndex
( n[
c.VAw7L
CPZ%g
Fu!0\y
- :SO
Nu<0Jy
L87K
DD;J
P2RQ
_ui0Uy
H?g`
~:3&x
Vu*0gy
_h30
7+~I
Nh(]
^ 2V
x "{}
Y 8;
6420\
qtc&V
qG[M
```(``(Y
B32F
||\2y
22yTN
J9J{{
TI}"8K
q`P
;T<~
bur0Jy
IWs+
;y2y
08_km?
@<F
3td /
=uC0py
MJwu
y>9t
Assembly
3&u V
?S]p
02yY
nyG3U
02|4F
cuG0@y
3}l3,)
q"RW
00BQ
(7</9u
nURov
IKhz
^ur0
'wBYN4
q s{b
````d`X
Iw;
ILZ$
mW2\u
juCQ@
nub0Sy
mu80Gy
mrFp30
`P
ju&0
huG_q
MqT
2u|HcD
03yNB?
C1[~
5,qh
duR0Jy
kuI0
pB[[
2u{rcD
u,0:}NG
aBGu
X%>q
'u301x
12L~>
!RPn
```pf`
PT B
/i*}M
z=x;
1wV<^
=qgt
18m1
^u_0ty
** !
"VkC
IRL6
Nw j
kD2
,&S/:D
Xu$0ey
b},2
uJ0
1*P1
DE|Tc
aF( #d
_d27x
]602s
\"-e
Wuq0Fy
huW0py
y>Uj
:*-6
`0pW
*r}W
.30t<
KN0d
lFw$'kX
KIDAT(Sc``
<u_0[y
l)/f
,cM2
u<1vz
;uP0
#VT2x
w8.0 +
```0f`
+"p)
_WbX
U02s
}bQc
}?N5
|uqQA
K3Wy
vu+0
yB+N
h_nU
\LfRXw
n[Ts
% [2
jhL?
_?=4
IContainer
pG0h+
{C'0`
Yo{y
```(d`
RgnG
W&3L|
f77:
```Pe`
u[DD
kR2d>*5
W n|
w$.0G;
-@vr
J!bX"z.
huC0`y
kx`A
Ku"0vy
.k"]w
NN~)q
c-C
MXR
KoKV
c>*{
[y;UV3
Pn r
G5Tn
j6@t
= 6+
9lWB2
ISerializable
wU]k <
Y9F6
k0vw
eG^lUdX
6UxV
*#ni
?oa`X
&W !
{/zi
dX ~
f`44y9T
7M8T
Byte
r ,f
EditorBrowsableState
@)6H-
W>#%f
<8K\Y#
```Pd``T
CultureInfo
_u#0}y
}<3C
e`hc
```(f`
]rNM
|J3t
!nNR
hM}
kp[&O
AuE0`y
dyr[B
ju}0ty
set_AutoSize
n>~=
wu^0
%b<;c
%{><;y
Kb|{
BSJB
fJDG
(.\V
X <
X =
l[vJ
140908130941Z0#
X
vu$0Ay
M ZT2+
Vogx
nuD0
<ghD@
2<>'
02y$Oq
disposing
eAIk
4]m_
"I#1\
{Zc'h.
1^n4
>uK0wy
@K=}
80604
&<hw"%
au!0Fy
;<U&
%b[[?
Z'|-T
wuP0Jy
IDAT(Sc``
;]/8
uo22y
x4G?
9 \-D
s6,c
kuG0]y
:nk
9ozm
/YzZ
gQ@
}u}0Sy
8?`{
10<
^Ex?
si4=
yJ0$
o"rb
>uW0{y
9UHM
4mM?
Guy0Qy
_)S+s
Fuz0Dy
_7lw`
1 0
DockStyle
a&w]
yS ^
System.Resources
GetManifestResourceNames
#w hd
E c+
6u+0Ey
tUAG
6&* ^X
Au{0by
7ai(
]X02s
sb`p
Am3g
uyphE
Y$W.<SY
%uWt4
l|seT
$u&0Cy
w 7~fn
woz=
06y"F?
811Ly
lu`0ky
P1d"fs
d>)
02y!GA
7?'_
Cu&0Xy
n~TTC
(mSc
set_AutoScaleMode
SkW@
:^xTh
UUH ly
?S v
7Ky'S
.,n=
`&ug]
a;EQ
AssemblyCopyrightAttribute
v0^
9u^0wy
iM7
k96C]|
2u@xu
Y`P
`XmJ
wNtP}
a%Hsu> +
@u 0Xy
O8W,sh
HV2J
`,%4yRR
Y 82
mE S
Cu[0Py
XuB0uy
zuB0
E(4+|D
cu%0yy
obx~v
t6f0<
e Zs
Wuy0zy
`uP_\
SAg3
XsU6
sbY9
```Pg`(
#*6"9
~uU0Ay
6uu0
0|tWK9
Hu`0|y
cux0py
J c\[
u302
j%a_D
.)WWm
}M ^
h43j=
mdYTuHVsU
{*QQA
```Pg`0
\+{0
Lu*0Qy
c2^V
Y 8z
"fT;
Y 8~
o?{MCBY
Fo? '
huJ0Yy
^!Kad
Y 8w
Muv0ky
`$6e
```he`
Y 8o
zk6y
6K:P
Y 8`
6E2qr
<Module>
Y 8e
uwGY
"/V~
^k/;qi
;p?G
^]J@0TGw ^l"
)QkgB $
=F3&p
`{L04y
Q&)l
IFYE
iu%0Hy
5FW+
7:g'OU
Iz/.22
p{7H
< Azx
fuF0Yy
vc2k
KKe*
Wui0Ey
%,sc&
#ecG
]602s
!!n4
6$OZ
p^FM
w\e
AuK0
`_2y
-p)q
get_Evidence
4kJ+_T
?='f
C:a
uu0!y
|bduN
'02x7
X[}_]
UfJe
|e)
Read
v6z?
50301
_8V%U;y
PLZa
*'FS
dxOl
[T%
:uE0fy
z#zZ"3
bzVy
M0]2
'Uj&-
_R?3
DDsF
-Zy-5
t}!oz
2udHcD
P8rY\4
y3+.{
r333{
E3{e
t10,
v0^;
g< }
'^O+W
zZS}
M:/y
,b@e/D
*^Vc_
b~p
xui0Ty
w#*O
>u]0
6y?G?
Mua0By
KuD0Ty
]102s
cW\]
)u"0
Point
zY>6X
~uD0zy
fuU0
P GA
gAMA
EF %:9
Sm 2y
Ily0
yb*?k
pDLD8
Z02}
jr 1Jq
Nr4`>
`U2K
W>q+Q!
-:wH
AutoScaleMode
|M`k
as;t
VW3Y2Zk
0|Z}$
vuss
G=v*
ZrjI
LinkLabel
&5-wKvhM
Ao}u
qtj{E&
wuZ0_y
lux0Yy
uc02y
vDm:
vDm<
6uC0
20<_
3b(y
auX0
0]sU
Ayov
RM)>
`F~T
<U7M
2Wy})NHg
_uV0Fy
```Hf`
uq=0iy
PIT9
= 9_
"(~>G
0P;p
vu{0by
buQ0
u 02y
w#mv
[b~c
c`x~
1,s;
=uF0sy
=u`0Dy
DuV0\y
mNZ{7
r%dV
'+>H
02y C
_1 K
_ 7n.$A
(NQ{
!Jst
ControlCollection
b~!~f
G/d4
Sw2c
8u^0zy
SBl;
j8W=`
g]W>
oXd/
nv,0
`U2>
7u`0Uy
hN M&
8zS@
]5CyC
RUu}
,}(D
?]Z&
7W)t
~kSiQ
lut0
Gub0Fy
.FeT>c
Eu"0wy
fV[6
lu`0vy
Cuv0Uy
-L`0]G`Q
_Assembly
*,;=
4Z^?
HIDAT(Sc``
System.Reflection
wZ8c
uu_0Ky
aQKy
auF0\y
bex8
hue0gy
set_Name
^u_0 y
[L~H
'0<t>T
500H
$7!h
1ypG?
a8|TWy
Dv{{
{H1Hm y
Y 8u
7u&0
```0a`8
7u*0zy
zTs
vM[)s
U43`
o:Sh
0>D>
@u|0ty
cDKy
ae_=
uVTu
UR
F!J}U
aQK;
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD3$
8uY0Uy
v&1\
E&en
GS=
cuK0
c}k;
:6!!p
1inUgWf
_Ld+
Append
set_ClientSize
>f`X
:<\;
Object
4yFK*CF
?-6Q
w7Nd
'W~
BE#6
}]m^
Qj&
0?)oOD
95;5
Ja3Tn39
Juw0
S`P
Bd2a
O*U%6
2uYbcD
18<<:
arg_`B
MPqZ
\OB^
's<2I
mud0ay
Igsw
<uq0@y
g#OlzRb
*\wSH
j&{Q@
uncnvn)e
2uiHcD
150216235959Z0
\Tr|
p{s+
f][<
^ &C
k5ub
6'L)X4: leqa
y7?:
[`P
B'kU
WML
zW*L
cRoI0
`5l6azwqyr{4
-HDp
AO \
.g'o>
Eug0Cy
+f]186
-Tv3
[owC
u)$my
dH@;
Hc$ y3
|u$0Qy
NM o\
?]~9
G{vX
2J.Et
R44Kc
aYP
ESiG
^=*Zi
Nzv,
K^{ v
u 12y
Duy0
vui02
{uw0`y
_S5P$
X&)z4
+C]\
GJbr
QZ~[
-S{&HE4
SQ I
8
guwHcD
cC5[|
Mi(Z
CompressionMode
2>]e{
<{Co
4iL9'
JuP0}y
Jr>GX
;u,08y
~r;>(
-cFhEz
uG>LbU
Pm+#J}Y
}uE0]y
b}{O
P01!
3System.Resources.Tools.StronglyTypedResourceBuilder
ub2 y
jP 6
8u#0jy
'P h
+t>,
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
;f?]e;
|Qjs&;
L6@ oA
O \S
"U5]-$
fTuB
4:Q:G?
Hua0 y
_uJ0{y
13vWf
e 7R
)=nU
#KV3
?fX|
65<
/_,l
UU6v)
5.c3
STAThreadAttribute
J5x 20/(
Q wH
!This program cannot be run in DOS mode. $
M8.0
51Bs
v\*E
b0 [
#$5(pM
us0u
o7|bX]
e2',
@u*0Zy
O"'!
o?.58
^LMW
7XIk
p;L2y
e6?&o
````b`P
Mz==
9~Hi
Dispose
4Kui
{u`UF&
nRjp
>`P
;K-Y
u%09y
'_~Sk
]lP>
-wC_m^
rx&
hui0Qy
grace.exe
Gur0[y
qItO
gO N
775%
wuF0By
+k~.
~uq0Ey
/(c) 2006 thawte, Inc. - For authorized use only1
q+2e
|k2y
- r
8/=b
+8W-v
^70]
EPJyL
2h6f6
=r E
/:7nL
R.2h
NS5-k
m|iI
7u_0dy
rXqB5
Bui0xy
uN00y/G`
u9X3@
mXp
_V>
[7<}
[d}6
q<jd
~Ev2
>ur0ey
F`P
5f }A
uFeS
tcZo
d8dl
^[L9
H02x
8ub0Dy
6-f
j6T
#GUID
h9jjzTo&
p^OJX
]C"M
])v
Z'Y+a}
u,0:}
=uP0Wy
Ju.t
'<h]
yj/U7
UZf\
uW)P|
Software Development1
kuxn
-o.
\w&^zf
02y1_
Uuw0Zy
cIFy
R8c5]
6v,08y
vm:Y
EQ^
=lrw
rj[f
O_v{
Huf0dy
{X5M
1s1
fu}0Py
nqHs
Q BF
&xhK
y5E6
0J}4s
_u_0 y
bJKBoT
Yua0|y
*)^!"
M Fk
7;7y
FIQuW4>
e +
b P4
\u\0
Al@d
pU^y
wup0Ay
muZ0sy
?:./gh
010$
6 5tE
,v]>
|u#0{y
4BUc0
7 +? T& s_z52
n00|
```hd`X
F"-U
*s$
1 yI
IuU0uy
?uR0
```hd`P
66h
[PE{
u7ja
KuW0
nt`"
6f~a
System.IO
NuY0
6z0H^
_s pFdP
U?UE
:up0yy
eRP0
http://ts-ocsp.ws.symantec.com07
VWY7N
Vuq0wy
=l09L
[sW_
}u}0Qy
5L-J,
M _B
Fu&0Ky
8u~0Xy
9_W0
a_@x
&)y>O
; .$~
wEQ
db,_~
/ ?v^
],kgX
'Symantec Time Stamping Services CA - G20
Rk`eu
{ [=M
] v
i:v3
V'| ?f
Olon
Ke*r
^!A&
ZQm$*
s32 L
Idm
NrW
^E!K
(02}
\ur0cy
gS48x
'Wws
02y&G0
U/nY
p`P
1|EP
=|X*
? 6f
=~Wq
[EMYnD
}P^0B
"h8*
b`Xzq
pv.t
UOm(
[ua0Sy
8=<m
e`hg29
#)Vn
Uu<6_
Esvi
WUQ
t50
wp<=)
*T+J
v4c@^
}[E3
Fu@0Wy
100208000000Z
n/Cw
vIB5
uB0 y,A&
}=xEc-G
JuG0Zy
Hu|0`y
aOP~
a!{B]
{NGiX
>\h (z
w_.N
Z;'EN
Jl ?p
)GEG
<|Kl
_bHI
@b"[
;?AQ
l_gF|
To@x
_%X"
|
~H2t
`p9?
@ZH|6'0#
='X^
MN{#
48A0 m
AS8v
Oowy
om1X
nu~0
M`8p
g 32y
4 R$5
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
b1CCO
{UG?
wyN
4c\[
Mgt%
Vm``0
3X7*^p
7uT0@y
g$.0t
? Zi
AssemblyFileVersionAttribute
t]nt%S
gnF
zf[=R
?--
TmL4
:a:O
buq0^y
ww#j
p@F4
tZ}Z
vuT0Gy
p~4Us
tg0ay
```hg`
r[g~
'gM+
6Jpy
xu[0
eu!0hy
0!0
Int32
^09w
mO\F1
nL,``
\p0 6k
a:{F
Luj0Ay
<up0ay
+Yb
ISupportInitialize
_|"=
,`P
thawte, Inc.1(0&
add_FormClosing
2vDt
SLSa
03yUL?
{u]0Sy
3,|u|ko
vua0
$V{(
hud0Jy
5lb`
7|j~
```(g`
fuR0Xy
p|)2y
1.0.0.0
~GWF
j3=Q
&6Ae
Exit
Ws [
|\$:
w/>O
L}LNx
oQ589
3V,)
grace
$~\
o>_`qd
Nyq/
ap z
\-;C
CMYO
uu*0sy
7s=f
Ny[we@u-
d7CL
Fu80Zy
)oDo
\uX0
gt[
`uc0Ky
M$.0\+
yaEX
^L<c:@p
e}.A
im\;eD
NNZw
{9w?gv
Wu=dx
Yue0Ey
k_@x?
+4 E
U02}
tJE
3PT|(
NFRf
2$iX
u{02
+AbA
]gRi.
-Ke`
yut0sy
?|b|d
mJ /
Random
ZuQ0ky
A&;
)#7 W
g8.0u
yJ2HF
h?d"
D- sS
+<z[
2y6F}
)%%a
FuR0Yy
pO0C
#G$:W
?:Q$G?
`U0N
=ux0cy
`[C^
]yl5]
vuj0Qy
/(sB
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
```0```
cut0}y
e bw
Wu*0
EuK0
&Buq
3WbXh
qKcu
System
@v31
Zu"0{y
e]2!
YI,r5^
guF0
gG]
Close
cc^&27
)Ki]
k[X5
uS06y7G?
?_lK
eC^0
%/v]
IEND
?r5
)\3i
8uc0Qy
Yuv0@y
^_V
21&9
I_=eNG
SW!B
YW$Mi0bVg
ov_(j
```0c`(V
N'ekiAE
kuTUF*
U7&n
fDW
ResolveEventHandler
Lu80 y
Ng*p}ctb
t(.S
K{g=
q%h,
-DGT
+>G`q
Or^Kb
jO|``
~.>mqu
MuA0vy
yug0 y
A4-*N(
>XZ|z
FD^=
ODG^
au%0Yy
nT>{2
a g9A3P
+0ba
X a
pZ r1
V\0ey
:ux0fy
hYh y
muj0
vvk@
In.gD
z]W-
uO02y
&m7|
Ln{c
hI(@z
}4ZWa
^Z(
3|x
SYZ_X
|1F0i
A?1[
SBi+=
>2}y
>j6+:
kuy0
2uAbcD
t24#o(lvk
]uE0Ty
P Q|
Iuq0 y
!;[{
O9.3%R
z^U:
yEG?
IuB0
{g 1
%&\s* Q
9/C|
< 6f
M$.0Q+
O7?-
@R|g
Concat
R$8Q
buE0
|X\rP
D\_00
IQ8r
#LvI
StringBuilder
%~ C
m5I?h
*tsG_W
IX9l]p
M QNM"JH-0
DY_n}
eS4W
;EwQ
/f,9j
fuq0wy
j`P
DuV0by
dCXg
~iogJ
03y"F?
_a\~
Stream
&D T
*http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
eU@
_ue0Dy
Kb?4
URxW
Eug0
B 2
?uV0ay
#&Gi
r\q~
cI1S]
X=A$
iC2n
' 8\
3?{a
%|kv
au*0fy
yBC6
X@b%
H +\
]Qz.V
sBo-\
02yI
.-Kg
(m^?
<B#GS
+YS
4%,eH
AWAm
>"hcS
=KyKc
[n.
^fli
)0B
&dn$ h
}V:
X 1
eb7L:>CGK
(B/Yf
W7mD
d`H1o
Z1R=
LgX<1h
s|I2y
'Z&z
xj=7
b}zIV
Yud0@y
Xncp
System.Text
J'B 2<
Zu$0
$btS
3FW
>J-kC
BWDj<
M$.0\
-6*
gR>#
JN[W}
8@'G
^,~O
_NZ>`
M$.0k
V<oX
\ `DW
=u&0Jy
Q[t
M$.0c
5n6bsP
u"X$
tg\So
M$.0{
[uu0_y
M$.0s
+uT02y$@
FormClosingEventArgs
0Q
('Fs#K
-+kN
mM ?q]L
i G/
ku[0Ky
+{/L}"
xqm?w
}u"0
0?m_T9
WrapNonExceptionThrows
O{ pwE
TimeStamp-2048-10
M:b"m
# *k
GetObject
elc)d
LhnN^i
EVjH-
huX0{y
zCC$
,sk*k
;WIN
k6|TW*
ztw#U
^u^0Cy
Cu'0vy
@=9p2
E&5=
;uW0by
]{7b
Mb)7
lQo 6
9|ZqD
bk(/
tZpj
m"=]H
%YRZ
2018
xu`0Vy
XvN{
j3a__:
RU51<
;T}*
pgEk
-S|x\+eRa
]MK?
y_Gd
Z0KU6
E5-/
_|*v!
ResourceManager
58}aH
G9WgW^K
{S'/
uJ00n
g;K+=r w
7uR0
Zuu0{y
dMH*
s9r@
6! W
k{PK
Bux0Ky
YDN9
00ycG
ylZV
w`M3=Tse
Nug0Fy
F}x_
Mr[)L
yuK0
GetExecutingAssembly
=Qg;=W
u802y
u;42y
:'dm`en
vuR0
0<yz:
Wu"0[y
Uu}0
&^8/
1XA
~,
Du>Rc
|uw0Wy
V%8E
dUm~
kuw0ay
f-Wp
\A&$
Du@0Uy
Symantec Corporation1402
Dx[
pUb
9ej bz
f0\<
muR0
~L0ay
95F+
2uGXcD
muE0qy
af)n
9EpqT
G5Xf
un00y
GTan
^:*
vT]m
pfE?
@u@0Ey
FHW+
sU\v
Dur0Gy
;Ef5
buv02y
lq54y
%t"~
zuF0Vy
'j7_
Vuc0
qAR]?
,d8'
x-d
[u+0`y
7uG0dy
#= !
u Wz
Fuj0Dy
OrIO
$1cb
9uA0uy
4n\e
ToArray
{uK0[y
jM)?
zuU0yy
&bV1
0\Z7
muD0uy
&0<a
EditorBrowsableAttribute
201230235959Z0^1 0
zRG
u[22y
)Y)z
}wOqD
1F>N4
'`P
{;bj
uj0ay
%{"=
yyYn
R`MSh8E
{X6 k
oUkC
ContainerControl
H{.c
)02}gX?
dOGw3<
oG*V1|
)Q!>s
yz}Q
]"N!S
;uv0fy
;uI0Yy
|_PV'
a?G{
"x5N
;0B
$u 0By
=w2JA
L't/}ex
g,[f
uuB0xy
WweTv
, T5
<0kU3
/f`p
W(?_x
lu\0
yui0Sy
__R)a
2u`rcD
fuP0Ky
Load
Ntw
w$.0}+
CuE0
%l !
ml Aw
eNlT.B!g
JOAb
m}nl
}uy0Hy
vqF
AUA
ui0
3 4a
mUMOE
G?Y[
iUzV~<
} &
zuG0Cy
;q2y
`qF
SJV/
a<:y
sgXh
q7 }
]Q^9_
'tRZ
|B2:
Dictionary`2
Yuw0
"#!(
System.ComponentModel
g`0>
_u%0By
GU4C
M855?
kuJ0vy
|Qez
MuV0 y
hoty^
Koyna
cu`0
d;"2y
v ^ 2
B *`
K&M}
" ]"
pWI(B
=uP0xy
3We8M
~D_S
bu<0py
Pp:_
tue
v0tI
B'zJ
vbyMq
y@b%
{ua0ty
8'^ 2N
W"8)
v~f]
Bu+0Vy
y*)i
EuF0ky
XUKy
V'u]
gua0yy
mIA ~
/oto
;Bn?
RuntimeHelpers
RUBAg
i Yh
2ucQ@
8f?qA;
fud0
u;0.y
W{IJM
(tQh
T]t5
/<}1B
g`0^
sUjV
kO m
\uZ0}y
Z>qqM
```0g`Xm
WN7\Z
+LF#
3USnr
kut0 y
u802y
juI0
vJAa
Thawte Code Signing CA - G20
s9r@x
IIS9
-}Q-
Iu*0Vy
v= 4xY
70$$+*HE
XqER
gU@y
Monitor
16y?D?
7z^V
?k"XK
]jxdE
:d1
1l1U|
*^;zo
nuA0uy
_{_m
8d<>
8jqzE=
06YYE?
2uWXcD
Cu`0fy
WuC0dy
GuZ0zy
`ug0
Bitvise Limited1
ComVisibleAttribute
fg%
/ ~3,b/a`
V3<O
b[@UQ
KH-I-i
vuJy
&g$M18
d;(2y
'z 7
VZ:o{
Y (h
b`H/-7
Wc>=
Bu\0]y
.8mU
e-\+
O+-}
v;\4>
;r-A
T<.IlIY
&x5-
]y02
)sYte0d
6-UX
a_U
y@UF5
juUY^
Size
~& q
8uf0|y
"W*o
@Kpa
If]2
V[u5
N-YK
sAE.
xkhsO"IY
?=VW
79t6
3&F kO
W% $>}@
Koz/x+]
MethodInfo
3#Q M'[p
5%{Wg
Next
iv)s
.http://crl.thawte.com/ThawteTimestampingCA.crl0
5'\:
xZ)b
y;AO4
JuT0wy
1|xp
dff~
Bitvise Limited0
WuY0Dy
Jz/E
U gF
juy0qy
c; 2y
Certification Services Division1806
SetCompatibleTextRenderingDefault
G?sZ
\ *g
T^Xu$a
hud0
b8v>
HuZ0`y
{T]S
:q#C,
00y+F?
7ue0Dy
^uA0By
Yklh
|u"0hy
,*{s8BT
_BM:
m9P^aH
:u!0Qy
w$.0P;
System.Security.Policy
#gMg
o2\Y3
uui0hy
SPm1G
|ujb
lu@0Py
8f\F
O Yz
MA~[%l
5*F,
/;e7
^?IQ
=u'0py
Z'B 2,
;~wG5
SuppressIldasmAttribute
u|l:
kX,{]
sRGB
QKVK
rB27k
]vdk
#"w9O
nYMf
T<eT
bu|0By
6z mn D
zKK,
C d\
2ubb
#PTa/~
Xuq0^y
vqz}
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
n P9
V$8T
lgnB7/#
pnFa
Kut0wy
~g,f
&*6('
CompilationRelaxationsAttribute
Xzke
F4gl+
?u 0Ey
lO`H}
20xId?
s<vS
~UF
````a`
{u~0
22xog?
f8bT
H<Zj}0
8uk0Qy
d7B 2
'02x
^cpa:
YuG0Vy
zcv~
{u{0}y
a;fu
e?}_
?*?Z'
u(62y
2 $k5
dS YL?x<g1?
_ub0
Au*0`y
yR}M
'tgNo
KnU K
*[e
5@/@
&<E*
Yzs0
buD0Hy
~}:_
#ZQo8
G_-D
G_rm]/
dx~}j
muk0`y
MS^~~T
`g#ru*
8u`0ay
2utrcD
]BZF
5SOk
iT(:Wn
02y!Gv
8mP!
qW ?
]uD0Cy
e|u_
T"l:
Lu{0Gy
&/$v
^wL&
T`P
:bqr
v`P
8uY0_y
nu*0wy
N7~0
]. r
Im[~
08o-o
|^s
LuE0
zuU0Vy
Uuy0By
Jd}e
_\WJ|
22y$N
6?B%
tA?
u^;9V
<O)m
MIDAT(Sc``
0qx4G?
2(Bi5P4
UW)_
lJ5||6
:C8W
Xy]_
v0a
KJAp
v|M2y
Juz0Ty
$'E7
toOMqx>
]HR{9
Q=zI
a,3?k
Cua0
ub36o
~Usy
01yqF}
02y$O
LwR+q
-l:K+5b
HSH0
System.Threading
PictureBox
s{ai
:u\0 y
?Tz5
H<uc
ft,0
UuA0Ey
eu]0Vy
a}vY
1a:_
WyN?>Ym
C&|5
u.00y?G
3l2f
e:P`
7b1M
^H&XP4"
K~g[
gud0
ResolveEventArgs
h.j||
{;hO
u^00y'Gp
01yqF
v0)30
3oIV@
eL04y
d`xip
)3R^
jqF
I`Z8w[
j0/A
w0}
futUF&
?un0Iy
{uu0jy
-'K2L
OKPdR
X pj
i0mN
k9Dg^oN
8w}|
6+}qU
l-xl7
GuidAttribute
}ux0Ay
|uz0]y
VuC0
+\wfp
_+6
uH2my
_sDC
#Fc`
```H```[_
l8Cn
wUJy
o[IBX
Spp?
/zV>K
~JY"
E@kCH
kuE0
Jd5U
]HChOm
#vB[
{ ;
c|]l{-
ZE#*`
'nL e1H
g*1.|
J#(.
uuf0Sy
-kNx'
ku~0cy
2O^Q
UgG}
vcP*
QKnN
>$ [
}Os"6m}
8-9=
s3zV
r]Wy
x.G?
vuTUF;
c>yR
U3H
Zy^nYn
U;.
s_sL
]u+0 y
6d+"
<YE0
Uu<0[y
```Pa`(.
y#c.2=
mu<0Gy
f>~s
_Muw
*>VF
Thawte, Inc.1$0"
MuB0gy
-baf
t_j )<
s q:S
Xub0
:3Z.
)J [<zR
,w1Xu
Eu~0ey
wI\^
N=1K
```P``8h1_
Od6T
7[K]d
16#D
u5% l
9u+6mf
@ l8
-V0
NR6=]
p"6
G<r/
#&@v
Njz]
{m7,r
02y$G
Y ^b
o-`;
, CZu
y ,K
Western Cape1
Copyright
juAUS
tDZy
y)np
VuV!"p
v^I|
7v51
[m_
ci^%+
ur0Fy
-}!?
Oa>s
M=vt
N2;y
Lob-u
>o>=/d
iG<:=
luy0`y
<`E
G|+^l
<6\o
{BXa
U, |
]NoT
8NE#|
k<%0
F_1k
YQ'
vUk]^
[0BQ
p3u'
=ui
4M1\q
luf0
>u_0sy
)aL04y
Huk0by
g+4B_
y>G=
LuR0
UQwdu
$NG-
Ir7Kfit
83Rlf
G & /
]KL
70ED00C92FF5D713F18279C54CC104E044BF579C
set_Item
|1+{
\k/`x"w
Hu!0Hy
`q_4C
kwrwI
\y$Jk%
u)5%{
S{|5
{;9a
?gVm
M gUAy
|H bz
_}2
)*?>-
u0r^
BfRqK;
Duc0
=;^C-
%O?)
iu$0sy
,mQH
2 !fS
F-YK
<Vi O
\l4)
t>fa9s
Xr[+9U
Yud0hy
VO~MW
LimX
7Ni(
cuG0Hy
uEEb
Yuu0jy
W,kK}
BiX1
zG?D
LXez
gR0C
+D E
wy\
sZ1
n9C^
Q_Jy
d343y
jLG-
?iJcAE6p5
)oto[BoA
s6h>)
b4qW
Og^e
iVPUE;
`{6,>
>b`Z
^|U2y
/I`UQ
+Pp}lD
`utUF&
wy\3
B'B 24
set_Size
>ui0,y
~2HL
?}p|{
9ue0 y
huZ0^y
nu`0`y
--at<
} ^ 2
?$NN
vxPKp
a``8
pKlyg
i7B 2
TS,
B]QL.
v0B
:mA?b
Y 8y
z5Sl
.bty
V1i&
uv01y
J mb
0^0J1 0
Hcy>
add_FormClosed
.00x
~B Nv
Lve.(
uv0Qy
w8Ur6
?_!!
MXH{VY
e IBQ
cx$t
5ePH
,~"\
vT2
b;f]P
\;Cn
2ueb
Fhl
:DB(W
w0\
auZ0zy
/MkO
z0tl6d4
tY\0
x3 ^
u%0\y
u\02y
NZ<H2
>ut0ty
System.Runtime.Serialization
u732y
```hc`Pv[
8fg>
'`C/
:uP0ty
uj,>
gGn31
A"1^
gjdkdjd
>uy0`y
V.Ul
O $*
U>y]
_{+6
QLAZ
aH6^
nL\o
u542y
&FM4
NDD8
"4'<b
LuZ4
16y4E?
#(aj
Juj0Uy
!u`0
On
77y}
luV0_y
f.I
M ?n
+a;I
Ql=:
pT]l
Dux0cy
IEquatable`1
vuA0{y
zud0Wy
T~gO
set_Text
4oI^
zud0
+Symantec Time Stamping Services Signer - G40
H MS
.17y
ys3D
{ `U@y
VQEE
7uR0Ay
\uj0Sy
fF6e
````b`
c3>kM|^
`,k 3t
,p&7E
n8}v
ROml\3
:ob.
cug0\y
_@Qa
System.Runtime.CompilerServices
1WFJv
6{Yyx
7uD0 y
50.N
@u*0uy
=u'0vy
`g^|
' %9
v/on{
#3 V
Muf0fy
` y3
\uZ02
M*~g
nuU0jy
<uc0wy
qb1>a
cR_`
(w)'
,{35h
juk0Wy
0O Bh
c;5sx
Zui0py
}mTO~
thawte Primary Root CA0
r@0;y
9?f5
(.S6
>zQHp
FmU* lE9
#7y:
|~$&
}uz0By
Jsj[
f2q>P
LR R
S9:$S
u- S
Mc S].
{uj0xy
/S=Q
N t9q2:
gRK\
oAQx
U>&O
OS#
0>y?j?
lMQ3
Settings
U s.
```h``0
<g^@
*7Le}"
''-
` I t
h6r7
F<Ts
cuI0hy
u|R2y
buk0{y
Vo;u
cdOb
Duq0Fy
wRSI
>T6=
u~lC!
+]c]X
u.7z
9t3/y
Mzar
blE@
\0u^m
'vW[
#http://crl.thawte.com/ThawtePCA.crl0
?u'0Py
cl"X
0uO8
d`w2y
d. @
IDisposable
R/E~
Cup0qy
Synchronized
}u 0Gy
EDe#
_N._1
$Gp9
VNv]
CD@y
SyHh
bJ=r
01y"F?
hu*0Sy
sUQnV
jwOy
X{m[
dh3,}(
Bu"0
k 3
: -2
_>L g
onXwj
~P#G
WuW0ty
Wg*v
GuW0Hy
?^3:B
Uuz0
VeriSignMPKI-2-100
*agt
6uH_2
?u_0py
AssemblyProductAttribute
WuP0Yy
~1)RL#i
vu"0ty
V ?d%
xu#0
]z k
@/N!
au|0Ey
k-%z
Ty:+
3]r02s
p3t!
>u`0Ay
@QL'
NM f
#Blob
#F&yB
RG0d
NIDAT(Sc``
jNv3
E _z
Nu80`y
lB 61lz
Nu&0_y
[~5[3Z
-d|t
02y&Gv
=ug0]y
pNzj
uS029
XDP7}
87:O2
Kuk0Sy
:B$y
&0$0"
`1EF
ny C
|)t
```Hb`h
uP0^y
buc0Sy
`'un|c
eHXo
SizeF
P%6UZ
'nce
'dmf
1A4}9d
Xux0Wy
%1/f
w-e`U
Iu\0_y
O^Ub
_VP],
,/6f[V
WriteLine
n'X_
PDN3
[w4^
V:`K
<`P
G m~
5kVI
121018000000Z
5T#,
r8jMU
,^#[
DeflateStream
Xi~2
-NMd
System.Drawing.Bitmap
sg-P_
Vor=
Ye -
j{]X
h|dV"Dt
[u$0Wy
,dPe
`&a.
lo7
om E4
=U']xgdfJ
3du9
!EC]
=up0 y
<u"0Wy
+wBe
9<?]/
z?Pp
?)<b
J}K}M} J%
APzB
O]Wc)j7
vDWy
7`}jZ_
set_Dock
8t[;>
VEDx
:#_I
EndInit
BUPX
u3ww
\=]4;{,
{uE0Wy
96}
HuD0qy
K ]>
KuE0Uy
q902y
6u{0]y
t|G2y
]$02s
'1om
s'MSf
/QaX
y9{4
02y!Gc
=u\0 y
x\`8k
$?Gk:FR
Zu\0^y
jGyb
vBS
V^0 y
ApplicationSettingsBase
u<02y
cV^6
z6*~
`)t-;
wogp
IN"#{b
9uu0
fW~F
!+<D
2uIbcD
7T}47
<w De2
\u_0by
6(4
BuP0Cy
Y)2?2(2
,\rU
EventHandler
~u"0hy
ZyU<pY
u%1\
ka G
:*m/
vh,[
e Ja
G5Ul
&aa.
UuE0Xy
.2R;
%vm(yq
O02x
8vCA
20x_f?
GFu7
02k6b6
K620
^y,j%W
xb 4
rx`[
-0+0)
~"L+
Lqa:
B:T
<.zj
< e3
_SP3"
xuV0hy
z^Uy
:tVEqWK
2ID{
GeneratedCodeAttribute
}ui0
f`P
~uF0Ey
iyyG
?I|6F
IEnumerable`1
E oq2l
K?]`_
_K( ;GF
N[d
;uV0Zy
>"Gg
LvbXx
v30>z
l9 f
}^{{Z
xl5y
ku[0hy
`y~VG
t20
Iuz0^y
Az!8
rv.M
kuG0
:uX0[y
a8BT
R>UO
fV
PictureBoxSizeMode
d34"y
X.B
dy#`-
=|o0
FuF0Wy
T^q0f
M{>
6u#0Sy
2y6F
"`P
JZ.X{
Zzpv
9l K
UY9-
k.v)D
u402y
^3Tk|
>}qd
><s*
[Z9A
f,7S
u#Tu
@uQ0 y
u\ [
TNj$
PXS
}<p&FT
6"\4
$i~+7
"\>h
&BNA
E
#`P
S~fw
cc`Y
eff87e99-b5ca-a5.Resources.resources
$~wD^J
]u|0Jy
`r`]
Hq^ps=
`V]
&,3K
Gk~}
/`+3a=
;u`0vy
Luy0sy
3U;
N_$9A1
]tI[
=w8,
Yb+6
"h?x
1]H&
x)N B
4Zo{
u&0jy
1B\[
B(v#
gi{]
zvqz
```p``
WI t?
ju^0Py
mscoree.dll
ju{XcD
IEvidenceFactory
&jCF
89Y^
Vu#0xy
Ims^
W{/W
##6fP7
ku]0]y
_= N!
&;J
M(i%7
gq5<y
7]D{
mykey
|uq0py
9`C
03riSP
Iue0Jy
Sz G
I],o0
Q(dP
}k"k
h[)7p
H*#
ex]=sCc
m gUA.
System.Collections.Generic
5.cqp
ms/J
Nr5
sY`1z%f
f, k
+T^L2
\vnO^
[s l
KuC02
q`HR
D o=t
nrzv30?z
V [e
LE+v
aO]$
^ nQ9
Z}(8
&v}g
gs*]
Q`P
-z8\
`uY0
20xYe?
g`P
`0e
^++12
0$yHM
$yZ3-x*a?
[v%
vuj0]y
@1f
X=`z
T3}q
HBh~
Lu&0
juU_@
PFDt
_K"+
nQp-1
ZJ}B
JPu;Ss
gfW
'$}j
%/e
5SJU
)GnV
Ku`0
dm 2y
rtJ!
gu@D@
u+0:y
g``7P
w.gd
=>KZ
BF~c
{'ZI]l
ku[0uy
#\++
4`CW
System.CodeDom.Compiler
wdy
g>87~
?JP!@
3ZaUC
l9gV6
OJuF
{e0#
smttd
!t*O
muZ0vy
]u[0hy
2ucB]
Pk?E
3-t
.qT&
uD0Sy
EEB[nz
]uV0
h?Z~&
}u<0 y
>3Io
gO;qA6 ?
I+Wp
h-;
utc$UZ
Ou k
PI0cy
f\A
~02s
XRew
bu`UF&
,1mx7
B 2)
AuZ0Hy
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-30 15:18:04 2018-04-30 15:20:57 173

11 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-30 15:18:04 2018-04-30 15:20:57 173

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\NOTE.exe.config
C:\Users\Seven01\AppData\Local\Temp\NOTE.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\NOTE.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
C:\Windows\System32\p2pcollab.dll
C:\Windows\System32\qagentrt.dll
C:\Windows\System32\dnsapi.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Users\Seven01\AppData\LocalLow
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_*
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_*
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
C:\Users\Seven01\AppData\Local\Temp\NOTE.config
C:\Users\Seven01\AppData\Local\Temp\NOTE.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Users\Seven01\AppData\Local\Temp\NOTE.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources\grace.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources\grace.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\grace.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\grace.resources\grace.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\grace.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\grace.resources\grace.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.default
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.default
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.default
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.36041843
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.36041843
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2568.36041875

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\NOTE.exe.config
C:\Users\Seven01\AppData\Local\Temp\NOTE.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.36041843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.36041843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch

Delete Files

C:\Users\Seven01\AppData\Local\Temp\NOTE.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.36041843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.36041843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2568.36041875

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOTE.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllPutSignedDataMsg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllGetSignedDataMsg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\7F06864B
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{000C10F1-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{06C9E010-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{1A610570-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllVerifyIndirectData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllEncodeObjectEx
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.11
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.12
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.3
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.4
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllEncodeObject
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Keys
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyRevocation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevocation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevocation\DEFAULT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\TimeValidDllGetObject
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\TimeValidDllGetObject
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\UrlDllGetObjectUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\UrlDllGetObjectUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetCachedOcspSwitchToCrlCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetMaxCachedOcspPerCrlCount
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3c4a2718\1b7a8d8
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4b15630\40102180
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|NOTE.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|NOTE.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|NOTE.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4b15630\7707ed39
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\(Default)
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\NOTE.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6B73420A
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetCachedOcspSwitchToCrlCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetMaxCachedOcspPerCrlCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6B73420A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\(Default)

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernelbase.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.ProcessIdToSessionId
imm32.dll.ImmCreateContext
imm32.dll.ImmDestroyContext
imm32.dll.ImmNotifyIME
imm32.dll.ImmAssociateContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmGetContext
imm32.dll.ImmGetCompositionStringA
imm32.dll.ImmSetCompositionStringA
imm32.dll.ImmGetCompositionStringW
imm32.dll.ImmSetCompositionStringW
imm32.dll.ImmSetCandidateWindow
mscorsec.dll.GetPublisher
mscoree.dll.CoInitializeEE
mscoreei.dll.CoInitializeEE
mscorwks.dll.CoInitializeEE
wintrust.dll.WintrustCertificateTrust
mscorsec.dll.CORPolicyEE
wintrust.dll.SoftpubInitialize
wintrust.dll.SoftpubLoadMessage
wintrust.dll.SoftpubLoadSignature
wintrust.dll.SoftpubCheckCert
cryptsp.dll.CryptAcquireContextA
wintrust.dll.CryptSIPPutSignedDataMsg
wintrust.dll.CryptSIPGetSignedDataMsg
imagehlp.dll.ImageGetCertificateData
user32.dll.LoadStringW
ncrypt.dll.BCryptOpenAlgorithmProvider
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.BCryptGetProperty
ncrypt.dll.BCryptCreateHash
ncrypt.dll.BCryptHashData
wintrust.dll.CryptSIPVerifyIndirectData
bcrypt.dll.BCryptOpenAlgorithmProvider
bcrypt.dll.BCryptGetProperty
bcrypt.dll.BCryptCreateHash
bcrypt.dll.BCryptHashData
bcrypt.dll.BCryptFinishHash
bcrypt.dll.BCryptDestroyHash
bcrypt.dll.BCryptCloseAlgorithmProvider
ncrypt.dll.BCryptFinishHash
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptSetHashParam
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptDestroyHash
ncrypt.dll.BCryptDestroyHash
userenv.dll.GetUserProfileDirectoryW
sechost.dll.ConvertSidToStringSidW
sechost.dll.ConvertStringSidToSidW
userenv.dll.RegisterGPNotification
gpapi.dll.RegisterGPNotificationInternal
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.CloseServiceHandle
sechost.dll.QueryServiceConfigW
cryptsp.dll.CryptHashData
cryptnet.dll.CertDllVerifyRevocation
profapi.dll.#104
sensapi.dll.IsNetworkAlive
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall2
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpSetTimeouts
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
winhttp.dll.WinHttpSendRequest
ws2_32.dll.GetAddrInfoW
ws2_32.dll.WSASocketW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.WSAIoctl
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
winhttp.dll.WinHttpQueryDataAvailable
ws2_32.dll.#22
winhttp.dll.WinHttpReadData
ws2_32.dll.#3
winhttp.dll.WinHttpCloseHandle
rpcrt4.dll.RpcBindingFree
cryptnet.dll.I_CryptNetGetConnectivity
cryptnet.dll.CryptRetrieveObjectByUrlW
sechost.dll.QueryServiceConfigA
sechost.dll.QueryServiceStatus
rpcrt4.dll.RpcStringBindingComposeA
rpcrt4.dll.RpcBindingFromStringBindingA
rpcrt4.dll.RpcEpResolveBinding
sechost.dll.LookupAccountSidLocalW
sechost.dll.LookupAccountNameLocalW
rpcrt4.dll.RpcStringFreeA
wintrust.dll.SoftpubAuthenticode
wintrust.dll.SoftpubCleanup
ole32.dll.CoTaskMemAlloc
cryptsp.dll.CryptReleaseContext
mscoree.dll.CoUninitializeEE
mscoreei.dll.CoUninitializeEE
mscorwks.dll.CoUninitializeEE
ole32.dll.CoTaskMemFree
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
gdi32.dll.CreateCompatibleDC
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGetHashParam
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
culture.dll.ConvertLangIdToCultureName
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
kernel32.dll.GlobalMemoryStatusEx
shfolder.dll.SHGetFolderPathW
advapi32.dll.RegSetValueExW
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection
user32.dll.DestroyIcon
user32.dll.DestroyWindow
user32.dll.PostThreadMessageW
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
user32.dll.PostMessageW
user32.dll.GetMessageA
user32.dll.EnumThreadWindows
user32.dll.IsWindowVisible
ole32.dll.OleUninitialize
ole32.dll.CoWaitForMultipleHandles
user32.dll.SetClassLongW
user32.dll.UnregisterClassW
kernel32.dll.DeleteAtom
user32.dll.IsWindow
gdi32.dll.DeleteObject
advapi32.dll.LookupAccountSidW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
advapi32.dll.EventUnregister

Execute Commands

"C:\Windows\system32\svchost.exe"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-30 15:18:04 2018-04-30 15:20:57 173

5 HTTP Request(s) detected

http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
  • Hostname: ocsp.thawte.com
  • IP Address: 23.50.155.27
  • Port: 80
  • Count: 2

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com

http://ocsp.thawte.com/
  • Hostname: ocsp.thawte.com
  • IP Address: 23.50.155.27
  • Port: 80
  • Count: 4

POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/ocsp-request
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Content-Length: 83
Host: ocsp.thawte.com

http://crl.thawte.com/ThawtePCA.crl
  • Hostname: crl.thawte.com
  • IP Address: 23.50.149.163
  • Port: 80
  • Count: 2

GET /ThawtePCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.thawte.com

http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECECQHwgn9x49XTUub8kBoiBM%3D
  • Hostname: ocsp.thawte.com
  • IP Address: 23.50.155.27
  • Port: 80
  • Count: 2

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECECQHwgn9x49XTUub8kBoiBM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com

http://cs-g2-crl.thawte.com/ThawteCSG2.crl
  • Hostname: cs-g2-crl.thawte.com
  • IP Address: 23.50.149.163
  • Port: 80
  • Count: 2

GET /ThawteCSG2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cs-g2-crl.thawte.com

#infosec #automation

TheSystem Itself @ 2018-04-30 15:21:09

Detected family: #Ispy

TheSystem Itself @ 2018-04-30 15:32:02