MalScore
100/100
MalFamily
Msilperseus

db.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 42/66 Related 2056
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 313.50 KB (321024 bytes)
Compile time: 2017-10-23 12:20:21
MD5: 22d551f1b252eb88794a816aa1461b26
SHA1: 5375d863047e301f94061cfc941ce7bb7dc3db2c
SHA256: 24f642dbae65f9c6b28e27a31fc5bb6f8fc0b21ecd7e21880dd5e217cb1235a4
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 4 .text .rsrc .reloc NULL
Directories 3 import resource relocation
First submission: 2017-10-25 22:15:24
Last submission: 2017-10-25 22:15:24
Filename detected: - db.exe (1)
URL file hosting
hXXp://dym.com.ua/override/classes/pdf/db.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-10-25 10:30:42 [42/66] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x4c194 311808 b82d14a65e086e711e96a461c08e8b6f cda3b36a1a0a072302197ef7fbda78d7c6a60616
.rsrc 0x50000 0x1620 6144 e66dac6768c576e4ec0ebf4cbc73f28e 6c1b7d5f1bb277a2ea82d3ba7720dcc6eeb8da6f
.reloc 0x52000 0xc 512 01792ab2ccb10552f4384c18df259288 cf772ec4d9fe4465cf7de0efcdb5313a8ed85a11
NULL 0x54000 0x5ca 1536 071e2a709aaa82862faa6bbfc69c184d 70d2bf5a3c7a5d64bb63196747b1422fff85775f
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x50130 4264 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x511d8 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x511ec 580 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x51430 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 1.0.2.8
InternalName: Reborn.exe
FileVersion: 1.0.2.8
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: Reborn.exe
ProductVersion: 1.0.2.8
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: FTP Config
Reborn.FTP
FIle type: XML
System.Xml
FIle type: Library
KERNEL32.dll
mscoree.dll
crypt32.dll
IP Found
1.0.2.8
0.1.2.3
URL(s)
https://twitter.com/TheBottleMalwar
LegalCopyright
Assembly Version
InternalName
FileVersion
VS_VERSION_INFO
VarFileInfo
FileDescription
! " # (')'+*,*-*/.0.1.2.3.65
000004b0
1.0.2.8
OriginalFilename
StringFileInfo
7,B
Translation
Reborn.exe
ProductVersion
6dvh
oje6
7vxweSn
8TERA15HqG2n186pD
b` U;
Ij3f
Op31LG
f2HK
Reborn.exe
Int32
BoPp5
6bOMA
7v1313
87vt3
Pidgin
GetBytes
System.Runtime.Serialization.Json
hK65q9
get_ChildNodes
2j8jm
d5Dj
fileName
\a x
ResolveEventHandler
Odzj
BNo1h
cD14
+XJXs:
s5hTi
9maOSj
<MdQhyP
_masterTableEntries
+0. +
Decrypt
Substring
QiqgEO
2B6HLyL
83lF
tBw5
wD9c
yT5P
<PrivateImplementationDetails>
cipherTextBytes
4yM1A
& Rk
<M8y
TQ9u
+_T
Version
J6w7apg
<MveAp89
OmsuMtt9
bGRals
+ h/
fG&
Ltzz
b` $:
If3fJQC
d22Te
<Initialise>b__0_0
77Spt
jAdFO
rx4tf36
hvewL6
0Vg?*)| 1
X (J
<Mt7M
akgi
Jqp7NFey2F
PtrToStructure
path
3bBCvu
Marshal
zne4
xsT7N
qd5jo
KjMGOq
5Mn46s5B35P4H
w82F
hBAKa
Owner
+j
+X G
vznu
secure
m_"
op_Explicit
RuntimeFieldHandle
+X I
+X H
DgfcyGv
R9q3ym
QdLM
f3Afm2
3r3F
NrS4
Q1a2SO
2uPs
JaG5
dgf1
3Hs41
Y ~
qGjvjI
+X u
mcG7
<6IaR
5PNF5ue
+X s
+X r
ck7m
hmgP1
<1eE
GetFirefoxInstallPath
+R .(
HLeMC
+X
1q4129bK1F
R7Sc3
kjRm
zq3G3Lyg
` F
PropertyData
eaO7
D3GaC
IrB7
Write
27mJ1PmlK
szPrompt
uAnlT63w1
984bjj
rNMhhz6
Reborn.Properties.Resources.resources
R1LlFb21
eh91
8tBs
4Sr8w39f7Q4y
z2yicE
K9vG
Sasr
NLA7
TibOzPhp6T3S
j5gmJi9L3j
Ouqa
Initialise
a8k6Pjv
HgdsyLs8
+j&&
+.m $
{b~R
FJw23
3NqMP
Format
H2D8PLTz
CryptprotectPromptstruct
GetPasswords
+_c_
<gbg
% ^k
<MNARC67
O
2k
JLh27
aHvvgaab9huBB
B378
LGqJ
719iPpB
8k
jBbnH
xvPA1jz
AppDomain
<MNJg
fkk5u
cPRI2
1f36sz
9fzG
yQ5xG
Resize
I5D7
SnP56d
gJsu
F2S8
get_CurrentDomain
ek2682
DataBlob
oSh1
OqNm
Pehh
pG53
SSKCC
eD1Oi
2yy1q
SWV)
jxqb8
9oQHRo5n
OpenSubKey
get_domain
lkes
9qg5467
xNJ9
FromBase64String
dBK9r
P8ci8z19
{2df70ad6-d916-4c54-bdbf-65e51d5a06cb}
13Lk
luc8
ScwJK
eOakMk
bF6BEoET
N5rO6
gp2Rly
Path
e9G1
2pOji
GdG6P
,@ DH
5cymt7
pPrompt
[ y
+X 1[g
entropyBytes
7R
Copy
+X
eyaE
[)p
LyvzAe
"%&8
pb~R+
uz7x
2REA3
QAi21poIp
5z99
DecryptChromium
gu1Fx
44rq
]3j%&
5rpi
]3j%+
T k/
Type
Username
1gSj1
<MRqpT
QhKf
<Protocol>i__Field
kLkO7
FsNxTbHOp4K
nfHAy3
+X >[g
opuQ6g66Ho
ShCLd
<R1tFj
n4MoP
J5A623
O55z
QQ57
wfjpBqr
OPnQsnrn
QJb8RE4wi
178hIy9Q
918h
Sr4p
mOy9Iw6
51pr
KNGQ1
9bCh88L
911R
ly2T
l1l17w9iI
NeutralResourcesLanguageAttribute
Ji2P6p
"jaE5
Char
d Y;
G7mSrh1
[)paE
set_id
RBT8AN
15.3.0.0
+j
fhP7E
LiMr
ty3nyJ
get_InnerList
get_Name
GetValue
I
+R ,(
iO6y
expirationDate
qGMO
get_secure
78f163
F8m8g
5rdv
inStr
Dj83ch
oh17
deQ6O
$"D!
M
pCipherText
84ao
Z&"
tInA
c47gNl
65n8
get_session
3p7ulP
4k
/k
+r +M
FL1wJ5
w8by
1lp3Id8
i6NgQ52M
JOSNw
BJA8
CK2Hm
i!F;9
oRFC
8Y%+
<MK4y
2xk3opcqv118SF8
8Y%&
PmQ6
O3eAS
j3fc4A
TrimStart
?
45Pl
% 5k
IRqQd
yloMc5
hb7G3
785R
okqEG8a1fchrS59
K s
M1C8
LCbcw
% s
sR7D
% t
RegistryKey
ou
9P8pfx
jQurPN5
WrapNonExceptionThrows
KF37y
i_"
PDTD
kvR8
rowNum
.text
+R -(
<>h__TransparentIdentifier2
<>h__TransparentIdentifier0
<>h__TransparentIdentifier1
% V
% W
GetString
M97fO
G8R63
XmlReader
1227HAQ
#i]
sBJ6RG
74xJbp
% D
+jX
hs3RHo5
% N
% O
% L
UserRequest
Ivav
ToList
Convert
kwmH
5Mbpp3
+Y w
System.Configuration
JoCe
Sxzx
j%&8
Login
% )
KN6cn
a9yT3
z1KaM
k_"
SLk3vR
323y
<Mp8
8FD1z
tiKI
3zJm6Lfl2ftQ
71u1L
xefMs6
f2Dp4
INrLwe
si8lq
BJRk8Ma
TableEntry
9JfPN
32x8
Console
mwtgnq
Resources
<MT3MS
startIdx
afvp9
PK11_GetInternalKeySlotPtr
768v
Mk66SH
X k
MCQ8s3E
qb~R8H
?_b4
GetElementType
JMm7hHK
eMfD
z6Gh
fhbkC
HaEK
bLAxL
SIGF
bkHuHTIhx3
+R +(
N15Fj
NSSBase64_DecodeBuffer
hostOnly
R71G
System.Net
I7vsu
xDia
<1Rp
loadCerts
l911I
V E
`.rsrc
MEvE4
4nd8g
IFormatProvider
L8ri2iz
+l%
get_Default
RJKemn
upBrjt
9i9u
kernel32.dll
DigO
H6b71F
result
GetRequestStream
xuckx
kuf6
<jiKN1
4bIfw8
BOAk
+X
6Bwb
Enumerator
hwlGyriwOK
oC7y
5Oswbs59uw
ioya8ik8
cEosM
objXmlNode
95z1I
Settings
irAboN
n3w67
6[g
bG32xE
HnABoDynT
3xS2g
nPRoTv
"j%&
RLag96C2
89cQ
93KKNO7FQ
<MLGanATP8r11O
"j%+
Reborn.Properties
Hvaq
3K1O5
nIvy
bk1j
zb~R8
Dbq6
63j33rl
Reborn.Browsers
8Saf
Eq7mN
+XJX(:
Program
avO6
2p5y
GetEnumerator
_fileBytes
n2482
9C8iw5p6
josp
GetProcAddress
Pauc5i9K
EMGrk
DiskId
u5J42mdmKp
+j
y5haTR5nD4pi
I6RcCweaLiF
mh889N
+ JR
UploadFile
yb~R sb~RaE
Ggo9
cJhP
MB3NR
get_expirationDate
%%&8R
<h1v
E& Y&"
dN4m
get_Twitter
OJ9321nT364
Process
% G Q
G4Bb
Culture
ReadAllBytes
z1w5S
n`
F9dxz
procedure
P
DataRowCollection
u6hi4uk
kernel32
4cb3D
J6re6
znBxj4
a6vuDCr
uHD8Cd56wPqJwq
8eP1
zMz2tj
44Ov
38mwqSQG
qj5t1m
mozcE
L
L2vi
<Trm
+X I
dyMu
DeN1
XmlObjectSerializer
System.Xml
53amq
get_BigEndianUnicode
System.Management
cbData
%&8R
In1gLL
DOja9
Ggp1K
InternalCheckIsWow64
1HKG
lEe8
Mepp
DotfuscatorAttribute
M34F
1BRx1bJQM
H1kh
LCiM
v4BSr9
RootNum
Ijk8sendz7
8vp9Ffj
CqNCAng
System.IO
K u
K t
Lr5n
,3 dG&
PDK2
LR
set_secure
ProtectedWithCryptoObfuscatorAttribute
xvCxK7I7v
H9yL
oeAwd8JyI4b2B
9OwNRz
4woRIH7A5rN
b v
+ZXI(=
yoih7jP8
Jzpt
Rb9D
+jY
Im45
R0MaE
get_Protocol
<MeT
3KxP
GC7uN
1uKSNp
<MySq7eDy
4QEqP25t
fz54
sb2wr
vb~R
p5tz7u
System.Security
pqhr
5kva
Q94cN
System.Globalization
qH4k4N
8Mn6s1sw
N38x
8D8LD
hsnG
CDmCC1G4G
ixb1
2Qg3wn
+/>
'k
KD7v
7lafcoEla
gJd517QM
+XG
<MkA
DCwM
+j(w
l25l7
SR4P
tableName
423PnA9B
xLTIwsdb3
jrs7
O14obE
2wF3
A369g8972
pgQ8
y4c8b
1rFH
wCC6Q9c3H
<<>h__TransparentIdentifier0>j__TPar
<Mgjk1eSJ
pHq4vBv
gu1n
FJhMy
<<>h__TransparentIdentifier0>i__Field
iNNO5z
Ii11
jwir
_b
RaE
+XG,
66zKD
CreateInstance
DzGuS27eBJMKR
7Fq8ARp
44u9
#Strings
4ym5lNdi
System.Collections
O5pE
bTc1
999B
6OJN
d84c8tyg
rOIzE
JCBo5v
hGTx7uqN6f
&4@5
14ft
C6n1Q
mgQ1n
rJk5S
Environment
e5xfQ
VirtualProtect
69dMw
n8JN
7NtM6
QuT6
JFz4
N6q499
da
FI6nns
k
<Username>j__TPar
Nh1aO7
g8kb9x39Ma
mscoree.dll
oO9o54
1lKEDj
TbLw
1hPm5xvo
System.Data
EndInvoke
hSL8cv6x
2MP9m3Mf
<M7gtHu
JKQN4CJ
mN8f
System
$ABE88335-869F-48F2-B1A2-6D58B8F22E4E
3de7upw95
*A\}Y+^ioAh5&!~aF?-mc 0noid!eao}<gA+!~0^Z*t8TC)! \Y0D7Lm, !~m1f,:C[]=}|D_15!|k^W*;A$YJ}7@bEN _r_ <~5'@4!gLO8Dsc|zcgpLZ[@}jc@ =j|De,} ^FY5D{f'hiok>U6%!UHFQC~AbZB}~ChD1!O\N8D|4^D1!bWF3D~Hb@!!N[V0D:6T0%!dvn!<}6^E2!PLK=D~cr*1j<6]5| \[R5Dx4c9)!\YURCjDX=!!gWC&D;JY?(!RNO=D:IT3(!dWT2D|4\8 !eMp>AzB[5I }bIe,kJ^2(![NHQCi4"?L Ntht;t;dB2!R\RQC"!fF0[ rex;uF[9*!Ztlr;pCa,L OME5D:d~K`gr9$6%!V[M4D:EY8L ~m=;-qCb^D}:8W1,!SIS1DwDV@| eDVTCxLg[K}i6$="!{22K-l<&@} ZSG9D K,NaM|bEe, /k{?[eNW;D|?c;L dUD7DwCaBN `sk|;o9"0~ eIA<Dp?$01!RWqp@;:XZB}s6b2/![DY/D!%}v@[Yq_%<j>_1z OEF4DrezKXg}HdZh|oMU9"!RPI;D86f-+!gUK1DvJh[G}h7dYf|8B">/!^YpCA<Db8+!YJpp@jHhE !_\BTCv;]DL ^s`z;<FU]<}{Ii;!!gKm?AhFb3'! TD9DuLiC%!YNB6DvaBNYg G/~>J`YA0D:a{M_gk7#,| S]Q7Dq<Y<N eEG'DsIZYO}yJZ1z fWI1Dw@f93!ZFL1DpfA$:jo>a@%!OVN=D;:a-5!QIL;D7:hD{ `uf)<h6U/*!^ESSCn:m8$!aYrAA '8zD[SZR8DzA"2%!RNJ&DyM[;4!f\ml@lMk/M !OSTCrKY\A}qIW@} cKG'Dl=&@J TKA%DpKk3N \D@+D7Li-%!]NS1D9Hb;4!!QI%D!H)ZZM}0`i*9G"1)!_FE#DwerJbg{4`\A};8`BL UXnMAyJW>%!]FP:Dn>]\g| $q!B]^WT(D:9m:(!NEO<D~C">3!Ys_A;wa"roo!)}!C]dQS/Dvbq0GjnCd^J}j;i4+!QJU-Dx<X<{ Pt[y;|D`E} dta{;97b9&!{q>:-v8Z:| aWV3DwMTCL Wq^&<z:#CI OsoF;<a#2go7Hd3,!|e0=-}@X:| RZN#D|J"Y:}if!`eon<aA,!SQrIAsJf4~ Su[%<nB#0} ]tfz;y<f3,!Y[W%Djeo*>j8bq-3j}I`:0!Rq*v;w;i:M QJR4D;@&9K |oaX*"&8%E] NM1D" 5',^R[nKAyMY[O}zJVB&!ZqnE;ybz+]i!H*{tJ|_GK-oGi4$!Xv*s;xI"E(!b]I5Drc jbo!#u1B]S]@P
YaaE
<huEmyJ
System.Diagnostics
GetEnvironmentVariable
GetType
q2kLH
1QrK
c4HH883C9S
add_AssemblyResolve
6v81
MCEiN
O6gf
Y&"
FHN7n6A
6Kciiar
<o3jTI
RlxqHouG
75415JJ3l
InternalDataCollectionBase
zenz
<MR9
FA3M
wLx2
H4v2
qe658uS9
y3uJaa
AcCgKC
y36s4z
BT7ka
zQfay
yT7Tv
5EOi
DavJ
ProcessorId
8y5Mo2
_dbEncoding
rApr4
* r
+%% r
JF1h
yq4b
vHcjc3
S4wiT6ARo8zh
S;
P9MKQPMM8
+N% ?
RTF7
386e294
8CdtbG
9g8ikt1Ss
TuSexbe
Array
httpOnly
o1epo
bh22O
8B3ByMO
2byF
989a3Sn6qPmxv3Nn
6wQHAc
Intern
z6N2R
nElL4Rg6G
JEB1
tb~R
7R2A
NCgr27c
M
Oh29fNlnD
MjIt4Mt
9ggGpO
set_httpOnly
<MP7
fAzBR7CRTH
uwMmN2Dg
get_UTF8
HjrhP
x5t7
DefaultSettingValueAttribute
Q3u8
+X B
crypt32.dll
DataTable
qSfyM2
L66DGr6
+ L
3iGkKwEk
vqB7b
SECItemType
get_Revision
3k3lfO15a8Dy2
BtzhHGm
3[g
BNULL
g {
] v
Nyv9
<568d
Func`2
PropertyDataCollection
BeCKC
outItemOpt
D4Mp
Ki8lO91
+jXi u
Protocol
&:
29zmlnf3
l2wGA
LJuHk7
<MJ52RR
BitConverter
BO3a2
nMM3
BN593NQC
EMwqa
zy9St
g1q6c6415
InitializeNssLibrary
<Efgf
1zuc
PK11SDR_Decrypt
Dn87f6
9SxSE43u
t7dpSu
IMur5J
s3A1A
TextReader
2[g
59gK2q5b
jmnM4
CA4j
iQkNCozD7
KKtu
GpD3c
816hDy
Math
GetProfilePath
System.Core
d3414C
8p8H6I
UnmanagedFunctionPointerAttribute
HFlxH
i2;
isFirefoxInstalled
jwpBLh5
34Fis
n3r8
9LvA
PIxzn
JNwM4J
NgGaa4
Delegate
vb~R%&
<MDp
rCgo1f99
c9Agq
O.\:~%_P
r9BPA
get_Unicode
_sqlDataTypeSize
2SN19
O323RHMzfx
_b
J3jea
*.('
&+Ez r
DebuggingModes
ERui
GTSSaS
sokP
BTDB
41qe7
OPPV;
7IKqsj
CTH5ne
XmlTextReader
1xOqbQ4f1
<MCLy
w2Rb
I8ax
<MSL3pj
KBLG1NPn
uGA1
XmlElement
GetRowCount
Jx3p
HzM5a
2A5Ne
75fDT
Default
Nqkg
SpecialFolder
BxbS9vBsqCp7GD
waE
<MwEa
OPxO4h
0[1m
<<>h__TransparentIdentifier1>j__TPar
vRyE
6jhK
CryptUnprotectData
get_Length
I9G5O9e7t
9 ,5
Fyulv
GetDrives
+*(N
Q6Pp
EqualityComparer`1
<MPA6wkJG
UInt32
R6vcbfEi
jmMno68v
6j3Myz
pEntropy
ReadMasterTable
1tBhafEQ
hK7md
<session>k__BackingField
3vn1
r9i5
%:
8nyc
RP K
ValueType
<MQA
Mol5
System.CodeDom.Compiler
Ns53n
lQD=
qp2Gt
0aE0
TgQfOPc743
7 ,3 dG&
1GjfS91
LM8v
Qz4MD
37RJs4CL
gTtFSq1
ToLower
D69RDM
piak153
7eS1nzfH
E8Fa
LC2v4Fe
w3rF
yCBqL
%- &
get_Count
jHd63
ICgR
data
jsx5gyQd1S5
IsOdd
qxBh
O7G5
CreateFile
ReadTable
N4Tw6bq
72uc
<ILod
System.ServiceModel.Web
6fpCs9So
sio3o
C5R1
SpADw
cIP236s63O
LqKkcL13NvKi4m8l
dEq3S
usMeBt
get_Program
I4dr2gy93w
dro2
15.0.0.0
38P1on
6A6a
ApplicationScopedSettingAttribute
+jXX
5IGqAKz6bM6icpB
GKoj3hoeyH
<value>k__BackingField
FileSystemInfo
pMlHOi
jaE
bAySf
eJmFB
,3 Y&"
3uJb
get_Version
1KdcEkPDAeNws57LD1f
+T j/
ToString
+R "(
IsWow64Process
jTRl8FO
+3C
j YX t
set_value
name
pcNf
Enumerable
ulIO
88h1
pLsd
RlN8vKr
W;
k2Di
domain
yCS7Ai
Hzut
Bf7J
i3NK
cTC1R
,1
1R1A
Split
sfvlnoL6IB
<hFk
+j_ t
Beds-Protector
w3D2
B6RKP
NP8vCF1
7w9A
T9LGtu
B9N4u
3PS2
38nL
i62J
1emDNFJ8
MRHx
kwAiy
firefoxPath
<Initialise>b__0_4
<Initialise>b__0_2
<Initialise>b__0_3
*j
<Initialise>b__0_1
GetInstances
ioO4Cr7
args
yb~R sb~RaE
<fN8ou2
AyTy6O
uct2cM
MTrS
+XK r
22d5os
tPoy
Bi6Tsqw
zT4CNnPe
n9vk
AEQ5E2
HsFK3
ksSCEL4N
HD84o39L
formSubmitURL
+<%*
6ss6
2BinIT
SettingsBase
profilePath
2z32
,6
bCcy
SE4g4
qj63F
kK319
size
91Fw5N
r8bhh258
1H5K
pcb7ECvyP
uct5
Tj3jfT1ikTw
Mozilla
2ACENI
R8Au
1Po8i
3D8z
vF78K
2qRn67b8Gu1
% _&"
eG&
Ql61pw1o
xoiTj5G
Ya%&8R
,> CH
<M583KcgO65
GetFolderPath
MxQm
l6Kv4
Int64
<vgq
8iCzs
MI3n65neBqFK
73SCn
92x1
-o
vGeq8
.ctor
O1zv
N6ps
P3zc
rGLAN
L3brj8
8mjH8
68stp8R
Lfhnb
iwQypN
iii4
O13a
h8Pf
k7o7
ha882c
cuu2a
Main
9GxNOz
8SQHzb
=& Y
3TBm
Invoke
FjPK
GetCurrentProcessId
BeLtudQx
X
"j 9
set_Method
-X F
xpKv
m1wq
zw89p5ozTD
u97J
LIKEBURGER
xnDST5
mQg679
Reborn.FTP
GetId
% _;
-X $
K8s4
uCtxy1
1D5O
[&"
6mDn4bh
hF1jL
9PyC8
+.% c
*j(H
Bp%&
Bp%+
bkvL
[)p
9obe
y22d5js3
umGBNfB
ibxaf
@.reloc
iaG2q
p2yI
%%&8
g4fQsJcvnd
u3K2
55COp
<M21Lw1
slot
MQA8EPHR27zqti
FileRequest
hckyd
d7dmt
ReadTableFromOffset
jqHD
I5KtEj
WriteAllText
znLs8
Byte
get_Chars
57oBCKSsDTg
u3zupomh54
Load
NsvTH
lswC5m
MoveNext
OR
w8hr
53rj
j49f
24NDh
xOME5qi
Lq5yjsQ
kzLl
Ixde
x31PPg
MGqtu
hxlg
zmkls
9hN8
PK11SDR_DecryptPtr
QAREs
R8k6
8s9zJP
aKu7JFK
<MBR4R27a2
JSL2
<MD2aKc
11f8
38jgL
sb4tu
Reborn.IM
nrsQ
&+"z
fb3KJ
vloozyBGl4we
<MTGx5
DNwi7vR7be
7e7eu7IO
Jw8F16bj
<secure>k__BackingField
i512t
h5q7KJ5w
{n>
ozKmDMJoQ
1dQ9
5nvtw
mRe95MT
v3uq
qHzHg29
cj8Fa2
PaE
UIntPtr
8O7k
q4tr
s8hke5
rfQrS
xRANJ
logins
nzAy98Gb
8z7L
get_Rows
OKsJ
endIdx
InnerList
FreeHGlobal
set_Url
cG&
da
LogRequest
8hpp
FzP28R
+!%
d3po
tkwC
pbData
<xI3IIN9
<MFu
Ns44sI
Ht8H
KsHf74j
get_Item
dwPromptFlags
<M3wS
\43/
6dciS7
xphc
LhHby
RuntimeCompatibilityAttribute
vLFr
Acrq
o7c7Kfrx
+ w
T8n8
Assembly
d (:
AJmK
Stop Trying To Unpack the tool!
qb~R
CvzNg
LoginData
g1sH2Of
<M2f7
_bY*
9ls2
+:
R62G1
uDeQ
NSS_InitPtr
& S
D47co
3wg9n
get_id
T5m2
*:
gG5jS
3vEx
ReadToEnd
ze9n
Exists
9EK1y
yod824FC
WindowsIdentity
<M2256l
System.Security.Principal
zHlvH8Fu4
Srbw
& `
Size
KT4A
<storeId>k__BackingField
wcISuT
Content
Srdo1
mMi3eS
ps7F
4H8Q
k_"
umTjSj5Iu68Oz
pnxy
q_"
9vk8
o_"
<r97
<MBy7
+X
Mr4KL
ItwRblt
vohk8vGh
z56O
set_storeId
oKD2II
|_"
4m6b
9PhNG
SEotJf
defaultInstance
z_"
u5oD9
kykis2i
Y p
qD6C
wd9ETTf
+Y
+XK(F
T `/
zFc3
~_"
basePath
& l_"
HjeyR
b845
+X =[g
X q
BcE8QpJG
ywAl
21Pf
K$gl
9NSS1SkQH
b` 9
LaGezx
yuFwt
Aonc
X l
J7zB
+Z(O
& dG&
338Eb
x_"
k8p1
4M51
37jL
t92y
PK11_AuthenticatePtr
nIwlNM
e7n5
v_"
wb~R
#Blob
+Z(Q
<6ujPN7R
8e2M
N
b` g
Tg84Lw
+ b
)(
FT54G
oEBO
b` K
b` J
b` H
Ko9lz
+_c A
ResourceManager
XK X
6O3v
O38R
GetResponse
gP4Bea

qa2qJd
2z77x
output
yRhw
I16c
f_"
FsAvq
e_"
ba
+3s
qjj7oQR
3ib3d
5Aek
s6C51mA5
2H98
jA8S
get_Minor
d_"
m54568Ps7RsIrP
RuG5
j_"
6wGr
sps2
lOvI
ReadByte
h_"
<M25
9J2H
949j
9QedI
S885oRRN6G
24EAcLlMIRa
BuhT1DbA
"%&8R
Hkh49
oGrfo
dwFlags
<4wq
<Mns
SaOB
MoT9K
M5os36MI8sxrD84
c7SO
Bn7K
<M2l
lgjh
Cast
AllocHGlobal
GetCurrent
set_Program
JAnu5g3n
b_"
bMk4qx
SH648SK
' lB2
4O68C
`_"
Ya%+
8pw9
EL32S
+0%
4d6Ik1Gv
dr6494
NNcirq
set_expirationDate
o66v8m
startIndex
` t
gG&
9vR4H6y6yIT
x6DTv
Ap5g1Cl1
75xEM
+X(
+X(
+X(
+T%
get_Build
+R (
Cookie
+j[}a
OvhP
4G9k28CS
elRSBL
SLa5
feT6G
us7S
qb~R%&
<MKt
65NPG
58jcF
34CurDzjOqv
r
d1ozi
ilpg
6g7kCAq9vK3
BtQ4A
IndexOf
<MKM
bD1rEJ
zO2wz
bPxSf
yOwBLr7
Close
pgxTr
MuPtE715oR
1Po2PIJl
HR
Jpt3wE
B8D7
get_isFirefoxInstalled
p5OI2
j_"
<MLe3TMG
cEQ4
xEpp
BSJB
6lDJ
X 7[g
7ejabeo
L75kuiE
zq6g
SqmzFI2
u_"
8Quo
Read
+ T
Jol7mwiPI
5JO9
field
3RME5
,
v6hte
Password
HEn2m3x
Delete
Q1PF
b72E
8 f
27l9l2
pxzI
4Aa6w
SqlStatement
Gmwq1K
y2taB
wTJEw
iRNB
get_storeId
rb~R8,
WebResponse
v9zKp
5yAj2
AddRange
+X
iTrgDk
_&"
pIR6
izDPS36kgtQ
d1Gir
j1w4
LBol
jP14
ci1uu
IEHw
sGjR
oaRA
get_Url
+ ]
<MvQ
<7E2
+ B
f69N
GAh8JAbo3RTdLQEz4
+ I
N_"
<MCwTyGeTt
p82Q6
AP8u
.cctor
AsyncCallback
6aOO8
lA2F8
5NSK
dz7RN91
mscorlib
program
RecordHeaderField
GetRandomFileName
JF63z87lv7t5n7x5a
s63A
<wA3Kc2F
f16z
get_Username
KT n_"
G4kkBL8DC
yMQa5x6q
IR
k9or49qyGAGuF
LImxJS
zRQ3jlqL2bPb61a
A7BE8
Y G
op_Inequality
+ ;
list
42wtsz
AIbB
<586v3Sl
B1tG7s
L_"
i6yf
get_Login
96oPsEm
q5Fa5
6737nK
I5u3
OTGIMo
8gGK9x
l1vr
al3wg3i7
ye8qB
ManagementBaseObject
RS5PK
GmA2G
Py4Q9fuKm4r3
gNa7O
KAfOSqqrNtGTckAtTUiKRUtAAoNg
|=A+
<Mv9k
System.Reflection
8T8uQG
t1Kn6bT
chtt2Nr4e6
dNJq
5R6du
RuntimeTypeHandle
LDqQ
QLQz
g9RetL2k7
method
6Mzf2
o@7
da 3
8kko
vwIv
wbEpBpw
8lxK
pas1
XmlReadMode
3v6o
<Password>i__Field
<>f__AnonymousType1`2
R !M
hry7b
ToInt64
% l/
5s4zBn5
GDybQ8e
43I99F7
+.T
# * 2 D L T Y p
DqQbF
#NULL-SHIELD
yegw9oAvmmtqJM
4h8h
QRAblcfS
X%&8R
vNmDv
op_Equality
ba )
jimR
Kzwo
Nf3ld
<MJz
yP8o
+=
NAp6c6MTN
l3586
33aTI5
NHM47
5xzNB
jzEp
yr88DB
1sxw
StreamReader
LJPK
5n56Hk9
Bvka1
hkv6Q
wb~R
`,\
j Y t
ZYXDNGuarder
<MAyB
O8uA1CSI
1P4g
ij(
17nvFm
Qxp1
maGrd3Rrx3
u42Rk1aQJCc
+3N
za3z
852BFq
3kcEzkb27TPjN42e
LPP37
317am43
Cu1q
TaE
xCGdqf8sb
e8hB
dAIoI
PAfd
Pl8F
%K
4rDdx
*~(q
5Ep1
Xk
31TT
iBH8Qpj3F
pMd21N
23i66
T98pDS
KT
+ZX t
((
SafeHandle
7lJM
o2O2
MzSQbv86
get_Assembly
get_Exists
ngC2OS
ozkQ8
m8c56D9w
g4f4Ab3JI
<>f__AnonymousType2`2
m_"
wz9IeBJ
Contains
% K_"
ManagementObject
6nRD
get_Tables
A4hcg3z
!This program cannot be run in DOS mode. $
P1O2j
bBhiD
callback
Concat
HTuI
File
5Kbd
8lDmtAE
5r2Sv4
2mmo1
G7K3
d6dq
Dispose
leRB9
Ctck1EE7
GetHashCode
xNCN
GetCurrentProcess
yit6
x3m6
d7wRr
OyuQhqld1
aJeKvG4g
J1tdcA
bRh6
SGz5
6k
fE9d
k4S8m
l2u4
3938
bBP6D65Sq
QhOe
gQ4C
jF6K
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
+jXX
P9DhTigm
Ic2S
88sl
+jXi
get_Key
tp11
+jXi s
Reborn
x53x1fK4yBG
nP1L
vk43vb3
t_"
bh7aN9N
9KamuD
yCtg7t
SrcuP
e7Q73
jzjy
59hEA6
u3hodzMrp1q
5Ltu
1DuC
NBE
P5PGrqhLDtg2
c_"
ItemName
resourceCulture
s3Np7e8
8mF7cMB61
Compare
<MPTuo
iX t
loodt
,4 dG&
pn6nLvRyBjM
DebuggerBrowsableAttribute
&M
o2LFEK
<CbycuIo
g_"
@ g
m2ei
nT7w
5ncPRG
5gz7K
Odyl
CwyJMG
j5laE
i1JNJq
yppwq4
<MIKR33uRH7
f157P
1oTy
EMRg
4M
l5blf4
Jf3rAkTur1x
+.A .
HandleProcessCorruptedStateExceptionsAttribute
yj65
DataContractJsonSerializer
ztM4
4D53392A6A24D5E801ADA14E79B43F9BEBB79150
System.Linq
ShwczJ5
T974S6vrug
uo9y
5c7D
fF1K6
8pb6
+X l/
275H
hwndApp
Microsoft.Win32
6ekh
w3GC8
5h2O
dCKu
5lsN11mADtvel6u
Y` z
hTLwm
npcJ1
3nK7A
C4h2A
q29jQ
8Ftb1
Z&"
J9BEjFM
iGcix4
23IFCQ
set_ContentLength
jN3nmTn
,/
B8A5q
dxvH
A4967
cqaNM
8cRG
FileInfo
EditorBrowsableState
set_Twitter
RqFlIR4
zATh
CHxfk2G
BsgF
s_"
CR3L
8FwF9
6GTpAirSCS
77E4
.W U.
iABxM
1eJGF
kFma516
BlockCopy
wKEj
y_"
3C2c8CTOdf
SdwE2
wesSu
GetFile
SizeOf
wkfncma36
<M8q4
SecurityCriticalAttribute
<hostOnly>k__BackingField
w1JOo
aqs19a
y9dnx
dJw6
ARBIK
BvEy
ub~R%+
D7NPy7g
lsQP
GetDirectories
rxPO9k25
set_Login
+X <[g
k23K3T9
G8M44
bX &k
NETGuard-v4.5
9drK
M52jd
892Q
p7MvH
KLA2n4
{9a6f81eb-8553-4026-9b69-e57d9aa81e38}
4TaO
tBgmNc
get_NewLine
5yKdmo
kpymze
4xq8
(T
5N8AHP
zLsPso
5Hmb
GetFiles
F25wK
HOsFy
session
1Og8r
sxAF2H3D
Kp478
m5PCj
LlQi4eT
ub~R8
;& J
388wKN
parameters
w5SJ
StringComparison
piECA99pe8
6t7q
?_b` [
8bnc2
pszDescription
JL5z
qL5B4
<zwxqO
yi9I8j
114758nl
MemoryStream
pr9ylO
49gk
set_session
System.Runtime.ExceptionServices
Mx3v
ResolveEventArgs
get_HUI
D633
set_domain
Random
f593rkp2tF
d8MAN
EnjM2
+ZXI r
g971d
QPq6
RROBJA61
yGv9y
EBlG6
d6s1tv
mxG8666T
aDpavSMDP9sR8
s2vi
+_ c
Create
d6eK
m_"
ivwHx
+_ r
9CaMhl
b86ML
NbamuSFGw
mL4g
configdir
Reborn.Cookies
CreateNamedPipe
2rn7
yoDfc
P1l8
Qsl6
SqliteMasterEntry
9B51
6EdI
hProcess
L4qDgP
yh2E9
K_"
G6Fyx
f7Tn8OR7
Z&"
5Gas
+}% r
<id>k__BackingField
Hc2w5C2k
*&(9
mbaE
<MicF
set_path
#i]81
l16eb
+ D
mdRvT
4[g
+ A
kv19
'M
+ K
+ I

1 5 a x
85Sh2m9
96rfxs
NQmM
3QE1R9
OnnP
#i]aE
vb~R8
<Password>k__BackingField
WebRequest
j9Mg
]5U2
T3AhGwPF
MApp
+ t
QxvjB4x
get_Handle
get_IsInvalid
jnPSf
<M1Pc
pqdSi
'1aE
nXi u
StringBuilder
SPR5d
LgbT7
N6JKwvg
4cC1
rb~R sb~RaE
zb~R%&
DataTableCollection
giTP
z7L1DuF7
B3qk
<K7E
+ &
YX t
<M78
bjHiw?
Misc
set_hostOnly
m4ogFo
e9pF4RCuG
z4vR
8vC9
78lEa
<Mb55A7e8v6
uLbD
5G12s
CompilerGeneratedAttribute
ECFa
NULL-SHIELD_Stop-unpacking-this-tool||You_can_not_unpack_this_program
mIQ4
DsaJDeq
u2wNr
3xojPy
CgH1TA
9NHE2KJ
qv4L
9597
+XK ?[g
get_ItemOf
dsbI
4598
List`1
<InnerList>j__TPar
ezSpNkI7FH
AssemblyFileVersionAttribute
oftKQnGd2t9HA
GetTempPath
System.Text
<M64g
encryptedPassword
T1AK
Y_Y r
oL5t
za3K
G69OPT43q4
6iD1
xb~R+
8d77Lh
S59lN
System.Resources
GeQHA
zEO17xSo1
yRKxo
hbKo
_cX*F
jfTy
7m124zH8yl
_pageSize
<MT2zn
6Gl3iAG
dg73h
bAo32
Ne74eHtg
<name>k__BackingField
91xm
<Username>i__Field
2B9gNk
ManagementObjectSearcher
3CgEj
vgNoG79hhc13ebhQJ
In3K2
o46O
i9ks
<Password>j__TPar
input
v6ue
dG8hw
f1Skj
_tableEntries
gpmNrR
XmlDocument
TDpA
q65Af4
b6Kdt
ym9a
pPlainText
3e8E
Gchz
l84q5
wKNEz
OAtrIm
$k
__StaticArrayInitTypeSize=10
7J6eKdft7
+XYs:
<Login>k__BackingField
=(Wn
kFn932
2Hwx
q4x1LP
iGPCusS3
G3Fg
yRpmq
8Sfid7dkAB
tePq
+/% G
NSSBase64_DecodeBufferPtr
FyfJaBgFMR4AF
c2vAK
7OA6sc
pMKewD
fczA41
aT
PTIiQ5o

TryGetValue
ReadXml
String
<MHqj
lLGp
<M6P815ANf
_CorExeMain
DebuggerNonUserCodeAttribute
BpaE
74Nd
pm9B91
4zdMrJ4
EiLG
WebClient
p1olTh
obaNRxm
x6aw
object
KeyValuePair`2
ySejtfsko
25KnMt1wkF9
AhlLC9s1t
9LSfftf
GCF69
cphxtNt1
E4LEj
InitializeArray
X%&8
yz2OPb1b9lSPr
NPfD2
0[g
Ps8F
Dc4RG
3unQ
<MdP2Gj2
GetRandomString
rExte5OJ
s33Kht
A1bni
TzoO
pEn711
YjX t
<MeQq
tBs9
8YaE
53Ki2
blHvGO
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
u4zxiLOul9Cc9
n5vsj
l28TI45xCxbgv3EmNj
w8q6S
2h1b7zena3
+X :
4zKGtL2
u6gJ3J1
Eh6Ib
2IKn
p1Ihl
TRfEw4
&+&z*
x6Eo
J9s7dJ1
5Kaxp
heoxL
sMx2
j5l
O2sC9O9
wJvF7Kf19jH
2I29S
resourceMan
qxHQ
get_InnerText
QKIu
+* t
+* r
<path>k__BackingField
j5l8
<k6e
T5Ez
y1Mw6D
IJFuuO
Attribute
Twitter
IEaNyw6q
+ZX m/
52y81
lFreP
13y8
q7r84qk
get_FullName
6j9g
<N6GhJoyC
bFcwn8
u4jkx
4k3w6
OB4d
px5a
Dictionary`2
BeginInvoke
ITSoa
get_OSVersion
NSLG6qA
5kfGeTb
xCvF
DebuggableAttribute
OBE
x2Sc
Boolean
CallingConvention
B7Kxb
yR36
MG ?
fhM3
n971
MG D
<<>h__TransparentIdentifier1>i__Field
MG @
MG A
5w8r2
pF2nt
diskLetter
FileZilla
DirectoryInfo
JHB69F
Pu4f
,-
aT
4KINwaRTok9e5cj
+63 m_"
RuntimeHelpers
set_name
f2644bb
21unh
6PhK4Dx
upR11
_b`
f95lkG6
HPSxu8w
EbS82rf
9fbEa
7tk2
jkf5h
vC6x
yjEF3
76B8
7Eo1
, r
6Iv7
46NTPbgdQ
iiA9
FFf8qPf
q9Nr
fsiQN
3E76
YP x
8qvkx
Object
eCIsK1Q64
OfT1R
5Trjt1A
TextWriter
DataRow
Registry
Kill Yourself
fxa862
XmlNode
6zbPHRD
E7qeo
ComVisibleAttribute
;csN
r3I1
3System.Resources.Tools.StronglyTypedResourceBuilder
1.0.2.8
ddz5
GA5x2
gBarMI8Ia
msCA
tugao7
mx5p
dtwT
<MOF
74d2R
ALySpb
kTjtS
Select
O7ucL
aCm3Ez4
aL7bdw2c5Ex
DataContractAttribute
ggxg4ef3a
iCdh
7JHB
6GDD975
t38T
get_Password
H37BuPPJ
Ya%&8
uBvJ4RqF1z
bG&
CultureInfo
3lyP
PK11_Autheticate
4RQes
OnygI
nIpc7
zv4b9ug
get_httpOnly
2maD
Lk7bNIw
NtEv3
15N5sn
RP4m
7DhELQQsj
N1JdexMEL
n1B6v5
mIdm
1vLOt
Mm9Bv9
StreamWriter
H9wp
7t8Otv
storeId
9M
8P2roj
9841
TRmR
NULL-SHIELD v1.0
5J937tF
<M6Qbg
]3jaE
get_Size
f9mkK
Stream
7HvRnm3b3sitMFQo
i5qasD
tCB4
LEyz
8sD2Kj
ASLE
'X6d_Q
tkSlp2
89TN
cipherText
2S8wby
Rkj5
UserScopedSettingAttribute
SgRP
+._ *
K89D6Nu
Dfji
AMLb
CompilationRelaxationsAttribute
y6Gutm
ToUpperInvariant
#https://twitter.com/TheBottleMalwar
uTwzN
<45s
) X6
MqK4
7O4NeQHScGOB
z Z;
<Mzwyi
jf72MrH
6i5hC
4AS1I
get_Culture
b`
SUf8]
8P36g7j
3MLE1gCuF
A5z8HI
IMj1kCv
89jE
556N7T
SafeFileHandle
ObfuscatedByAgileDotNetAttribute
encryptedUsername
+Y_ r
FaE
FaE
5BCNH
SQGe
1O973cc
O5l7
set_ContentType
y738ANH
n4T8FM9T6913d
PassData
i1k J
cbSize
P73qAi
DTvT7
ManagementClass
<Url>k__BackingField
FailFast
6zO2r
hP7h
#k
RTJDB
xL3nxlG
G8lze
9o5NpH
6ieT5tojGc
OperatingSystem
rBEkC7b
nyB7
BDm37
9J8He
Zero
<M5p
NineRays.Obfuscator
3c97
SInGF
<M5c
}_"
DebuggerBrowsableState
vH7Ht
iF6nI
6AyO9F
+jY s
vKdpocmfp
get_hostOnly
sLLH
{n>
t1Tq9n9
4EukL
+X L
<j5uI
bHtd7NEh6L
9g9cR24me
s)A-6
2FA9Q
xtS4A
yBtLtb2CMaj
get_path
iJRjQ
K8PAE9xf
qxg4dg9
83313JP23dto
496q
IQ6J
NSS_Init
F9oO6
8di2uox4
Kf8A
1ci,
+X MR
9j84L
1ex76
6zFg
H1pi
p2PT7
TuBOKjk
vK76
RDhwe89
<httpOnly>k__BackingField
gEO34c
qC71
GuidAttribute
C7cj
<H4c
Buffer
da 6
rxvwf
RLtl61
i/
aplL
R0M
<tG1cJ1y
Microsoft.Win32.SafeHandles
KtgL
pJls8
bhdj
1iLrN
pb~R%+
<9scim5qPcwl
wow64Process
libPath
u7cE
ht8vr
jt42r
+T
+jXi(z
83OG
hhFTBHpL
IBj8I
<ItH5iEG
Kvntct4HQ
j5l%&
pqMFG
H4STGy3M
j5l%+
,3 DH
7oT7
dibL3HQ8
dG&
nssModule
2PaH
N9Sfr
Qexk
rNIE
Network
5pNK
M71M
7727fN
<ncJg7
gGAH
BabelObfuscatorAttribute
N82ll1
rmJmHG
NS6D
1j1xG
fkJd
zD6x
<8B5u
nEj9g
rd2A
jnFPiP
E93F
ztr41
Empty
++
sTH3
TBiKo
1kmK
KSlk
oLm8
set_Culture
<Mv7r4N2bGwo
get_ResourceManager
54gD28
get_Major
Rswb
<expirationDate>k__BackingField
filetempPath
6L4a
z6MRBc3
jXi
5b55x
kF134Rt3R4
682AFQNcJ
63hJ261
QHQK
1p5Rf
EkaQ
dnLI
l7N4
}I&g
foEPO
v2.0.50727
91r3vsGO7wO
8myGQ
kkLN2n34s
ObfuscatedByGoliath
-P LBE
5lg6
+ (]
p4Ja
DataSet
set_Item
bGu11m
'1%+
Phf5Cnl
'1%&
<Program>k__BackingField
P4sd
svdBp
QRpb
y162uTM
X u
32Pk
c2CocS
EyIsOc
9eFAr5p
LPuK
y9Eklsg
dGw9n
X i
7hi6g5K7
<M2az
Exception
_bX
h1uB
get_Properties
GetModuleHandle
6536H4k
oL9M5
c418A
19uD
<91a
iAiy
IRDe
JsonData
j ]
49fl
CDTi
zaE
GetTypeFromHandle
IAsyncResult
3b9jj
j5l8Z
65
pAQg
OEhr
KwhC
<>9__0_2
<>9__0_3
<>9__0_0
<>9__0_1
P86hyE
8f84N
<>9__0_4
k4ejsk
j5l8I
cAO8yDR3
S7cnmD
searchTerm
,? .
RvHIl
GetDelegateForFunctionPointer
P3xKOlbf
7SPcr1Ih
aGw1
5t2h
get_value
GTKs
49
j5l8k
#i]%&
cLbNku6i8
#i]%+
RJ1r
S6Jn8utEO9lP
al77
h16v
<fknn
h89z8l
XmlNodeList
ziHDGaP
get_DocumentElement
S6O26
iyRQ16
TSECItem
System.Runtime.Serialization
<Protocol>j__TPar
ia3h
f6Jum
71cdp
z3zbL
3
Q1fSF6k
Nva4
ykMH9
Macrobject
mPbTP985
hEuon8L7G
PK11_GetInternalKeySlot
kLCT
279J
+XG M
QrH14
+XG A
135mxH1gwp
+XG C
+XG B
+XG E
cBOSNd
System.Runtime.InteropServices
+XG F
5Fko9
+XG Z
xb~R%+
AI8o
+XG P
+XG S
+XG R
+XG U
+XG T
f4dPFh
KmgR
,A BH
Pt5D
huKIO
<M47
<MD6xm
4vcb
<xoq7e
ci77D
+XG s
+XG u
g2CF
e4CGxF
7 ,3
j5laE
cLQ7
System.Runtime.CompilerServices
@
hcC3169
+Z
inLen
+XG )
<>f__AnonymousType0`2
j5laE+
<b14
<MLPM
AtpT45
<M18cuK
+XG 9
+XG 8
+XG :
Z;
T;
QRRB2r
kMK2
iqd8z
j%&8R
dG&
btCuDpp3
+ZX s
h2q8bx1Sf9KG
qNDq
module
5yce
44KI
<9SIlO
8G6g3
GL9L
4hId
JOy8
2k2h
lE9Hi1BG245H
GA1rh2
df8DN38QEhM9
kSwj
I5hQ
aB2g2la
cEmF
EirLt1eBAE
uuch8
KRM9
StnJy
+R ((
>:
7ijpMzl5y
Zk
I54P
9KMJiaz
aySM
IDisposable
QNILF
nbhaG3331
Firefox
SECItemLen
Synchronized
NL6dsRN68
TwoC
p1GbA
ih2s
7A3K3
{60fac4f0-f7e4-42a3-9db5-b6c6f67d70ff}
]3j
get_Current
2CBK
svvO
tb~R
fua1Q77L
)M
}YaE
pNSe5h
OJGKg76
8YaE
QORp
tk7u
c74G1guIg3j
PostRequest
sgI3Bz6
j8wu
<MaE
MiSO
HoTu
l8uS8OC2
tDA21l8
i_"
Cc1B
Equals
gPIoc
1LFwC
<Ms9
+Z Y&"
A1In
IJ1z7Ro
<Module>
I_"
9PJJ
get_EDY_V_MAGAZIN_GUCCI_V_PITERE
;M
<InnerList>i__Field
tz2h8
RM89k4x
DataMemberAttribute
FvhC
M3wi
MulticastDelegate
eG1nF
5AP9n
At1cP8F
IntPtr
2jG8
<G6z9yi
12gb
1s9yx
value
8S2e
bvIGp
a_"
DriveInfo
eG83
1q8e
EditorBrowsableAttribute
sG57
LsiA
PSE8MMug
GiRr
d {
8Y8
yl7iPt
8Y
ConvertToULong
d k
jY t
8Q6wq18
":
fk9AiCL
B5JIu
9ROik
aareL
86QNLa
cG3J
<IgkrDh
52ovE
wG5P5z197fKG
ManagementObjectEnumerator
DR297K5Hg5
d F
d G
d D
O44A
1x9o5R
D89Q
#GUID
nTM738B
d 5
<M3COD
arenaOpt
SdJn1osJj
YanoAttribute
mkGAf2
fB516T
SECItemData
O71hc
5[g
<MRo842J
HB45
zwHm
^k
S54O
dwcv
Nmg7Cj261
IDBCm
T394N
yy62
9yOQB
ub~R%&
7971y1cptm
JuB3
GetSubKeyNames
J_"
M49K1924
98Qo29G
ApplicationSettingsBase
zDC3Q
<uO88vJ
2xc9T96
pQ9tT
J6ao
sRlav
gCiu87DEqHE
p3Hlmc
+Q DH
IGA191t
nSpsn
<MN6
s2h7
3hhKu
K8p2u
*V(R
S7Lw
qCg1R
q7Oa
GetResponseStream
NEtmE
7BCEf
Ma2C5
GDSx
S6T2
5f7uqjLdOQD
M29LTaAJbvM
SetEvent
6tp1
Encoding
m4OOR3
w9q4uM
get_name
4yen
GH
kDng
r95pri
cOgehcv
IEnumerable`1
% #k
b7rA
b24tI
6IrhAz
O_"
diGGzkO
ReadAllText
pReserved
2ddNl3P8
2)21
<MT31
ONayF
<MQ8pr
Lm4t65
KIR7y
i5F9S
KPzR
6T84pnt
_b mQ
5mAqKw
mg1rrl
s1m8Ja
vzkMe8w8ruFg
1BD3Di
GetWindowsVersion
get_Value
9v819
SqlHandler
-k
I5K6x
get_<>h__TransparentIdentifier1
get_<>h__TransparentIdentifier0
c3z64H
TryParse
_fieldNames
hbSb1fyq
offset
ebbacp
O;
[;
r_"
3PBi84mb
ohoAg
<Mmihxvg
f6wpe
rxyh7N5rM
,H c/
52Nt
B7JTl7d5eS8
M_"
Replace
x6D6
System.ComponentModel
LocalMachine
yyqGa9
tGRq
ManagementObjectCollection
1hoj73
+R /(
get_IsReady
Ya8R
<MGoC
3ds7jBs9u
Ya8]
RzFI6FRwN9N9
9fGwdj
kp8gGI
dD4oK22
i/
Ya8B
get_RootDirectory
l_"
5Hlc
QC8O6b
*.(
Reborn.Helper
<J3KiRf
p_"
B1eKf
Ya8y
+X i s
OMbwN51TI
Avt1
d4uloD
n_"
Ya8m
dc3b
IEnumerable
OH44
H6Fi
n6wMB
{_"
694iJ85
System.Collections.Generic
LoadLibrary
*.(f
lpPathName
Next
ezET7
f3rvAv
Ya87
Ya84
rb~R%+
Ya8?
ReadObject
EndsWith
OqlQ
521u1
163d
Ya8#
3AbPv
SetDllDirectory
nwS1m
Chromium
zb28
nXi u
EF46835
fvux
faup5
EDY_V_MAGAZIN_GUCCI_V_PITERE
4age
MJq6ws
WriteLine
ucFRIS
upnq
9xjlADqOeD9A94
GttD
GFzNff32ej
w_"
<Mdm2y
7r84
naR5m78P
c8mi1
Pn8L3Rv
<domain>k__BackingField
kNqDCi
K1we
set_Password
z +:
GeneratedCodeAttribute
Q5QM
1Ehz4m
i(z
<DkmQHyk7m
tPotq
+_b`
3iD5
adKxPu
6sx21
ovP7
q2p5ogv
I978dcbo
Identification
qO8y
96Qwg
<M1jFlx9
firefoxProfilePath
aOOG
hvfq9q
y5i7
rd3NLCB
DebuggerHiddenAttribute
3Qdw3Rws
Sleep
rmGS
<1ouhu
2vtQ
NULL-SHIELD_Stop-unpacking-this-tool-<Module>You_can_not_unpack_this_program||NULL-SHIELD_Stop-unpacking-this-tool
3k
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2017-10-25 22:10:11 2017-10-25 22:13:04 173

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2017-10-25 22:10:11 2017-10-25 22:13:04 173

9 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\db.exe.config
C:\Users\Seven01\AppData\Local\Temp\db.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\db.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\db.config
C:\Users\Seven01\AppData\Local\Temp\db.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\System32\l_intl.nls
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\System32\it-IT\werui.dll.mui
C:\Windows\System32\werui.dll
C:\Windows\System32\it-IT\DUser.dll.mui
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_it-it_e4c79be92250cb6e
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_it-it_e4c79be92250cb6e\Comctl32.dll.mui
C:\Windows\Fonts\staticcache.dat
C:\Windows\win.ini
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
C:\Windows\System32\it-IT\erofflps.txt
C:\Users\Seven01\AppData\Local\Temp\
C:\Users\Seven01\AppData\Local\Temp\WER1586.tmp
C:\Users\Seven01\AppData\Local\Temp\WER1586.tmp.WERInternalMetadata.xml
C:\Windows\System32\drivers\*.mrk
C:\Users\Seven01\AppData\Local\Microsoft\Windows\WER\ReportArchive
C:\Users\Seven01\AppData\Local\Microsoft\Windows\WER\ReportArchive\*_*_*_*
C:\Users\Seven01\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_db.exe_a35c7489ff917b05485f3757a798c14692d37cd_0905787b
C:\Users\Seven01\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_db.exe_a35c7489ff917b05485f3757a798c14692d37cd_0905787b\Report.wer

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\db.exe.config
C:\Users\Seven01\AppData\Local\Temp\db.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\System32\l_intl.nls
C:\Windows\assembly\pubpol21.dat
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\System32\it-IT\werui.dll.mui
C:\Windows\System32\werui.dll
C:\Windows\System32\it-IT\DUser.dll.mui
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_it-it_e4c79be92250cb6e\Comctl32.dll.mui
C:\Windows\Fonts\staticcache.dat
C:\Windows\win.ini
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\System32\it-IT\erofflps.txt
C:\Users\Seven01\AppData\Local\Temp\WER1586.tmp
C:\Users\Seven01\AppData\Local\Temp\WER1586.tmp.WERInternalMetadata.xml

Write Files

C:\Users\Seven01\AppData\Local\Temp\WER1586.tmp.WERInternalMetadata.xml
C:\Users\Seven01\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_db.exe_a35c7489ff917b05485f3757a798c14692d37cd_0905787b\Report.wer

Delete Files

C:\Users\Seven01\AppData\Local\Temp\WER1586.tmp
C:\Users\Seven01\AppData\Local\Temp\WER1586.tmp.WERInternalMetadata.xml

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\db.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\32bb87fd\5d6be532
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|db.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|db.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|db.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHealth\ErrorReporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\ForceQueueMode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\ShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\DoReport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\AllOrNone
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Debug
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RestartRunTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\RestartRunTime
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\dw20.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDBuildNumber
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\BIOSVersion
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows\CSDBuildNumber
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\CEIPRole\RolesInWER
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LastWatsonCabUploaded
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\44D72C57
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\ForceQueueMode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\ShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\DoReport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\AllOrNone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RestartRunTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\RestartRunTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDBuildNumber
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\BIOSVersion
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows\CSDBuildNumber
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LastWatsonCabUploaded
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\44D72C57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
Global\86b065fa-b9c0-11e7-a0d2-080027126b64
Local\MSCTF.Asm.MutexDefault1

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
advapi32.dll.CheckTokenMembership
wer.dll.WerReportCreate
wer.dll.WerReportSetParameter
wer.dll.WerReportAddFile
wer.dll.WerReportSetUIOption
wer.dll.WerReportSubmit
wer.dll.WerReportAddDump
wer.dll.WerReportCloseHandle
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
advapi32.dll.RegGetValueW
user32.dll.LoadStringW
user32.dll.GetProcessWindowStation
user32.dll.GetThreadDesktop
user32.dll.GetUserObjectInformationW
sensapi.dll.IsNetworkAlive
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall2
user32.dll.CharUpperW
werui.dll.WerUICreate
werui.dll.WerUIStart
ole32.dll.CoInitialize
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.CoUninitialize
kernel32.dll.CreateActCtxW
kernel32.dll.ActivateActCtx
dui70.dll.InitProcessPriv
kernel32.dll.DeactivateActCtx
comctl32.dll.LoadIconWithScaleDown
ntdll.dll.RtlRunEncodeUnicodeString
ntdll.dll.RtlInitUnicodeString
ntdll.dll.RtlRunDecodeUnicodeString
dui70.dll.InitThread
duser.dll.InitGadgets
user32.dll.RegisterMessagePumpHook
dui70.dll.?GetClassInfoPtr@CCBase@DirectUI@@SGPAUIClassInfo@2@XZ
dui70.dll.?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
dui70.dll.??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
dui70.dll.?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
dui70.dll.??0ClassInfoBase@DirectUI@@QAE@XZ
dui70.dll.?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
dui70.dll.?Register@ClassInfoBase@DirectUI@@QAEJXZ
dui70.dll.?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
dui70.dll.?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
dui70.dll.?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
dui70.dll.??1CritSecLock@DirectUI@@QAE@XZ
dui70.dll.??0CCBase@DirectUI@@QAE@KPBG@Z
dui70.dll.?Initialize@CCBase@DirectUI@@QAEJIPAVElement@2@PAK@Z
duser.dll.CreateGadget
duser.dll.SetGadgetMessageFilter
duser.dll.SetGadgetStyle
dui70.dll.?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
dui70.dll.?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
dui70.dll.?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
dui70.dll.?DirectionProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
dui70.dll.?OnPropertyChanged@CCBase@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
dui70.dll.?SetFontSize@Element@DirectUI@@QAEJH@Z
dui70.dll.?SetWidth@Element@DirectUI@@QAEJH@Z
dui70.dll.?SetHeight@Element@DirectUI@@QAEJH@Z
dui70.dll.?EndDefer@Element@DirectUI@@QAEXK@Z
dui70.dll.?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
duser.dll.InvalidateGadget
dui70.dll.CreateDUIWrapper
dui70.dll.?SetNotifyHandler@CCBase@DirectUI@@QAEXP6GHIIJPAJPAX@Z1@Z
shell32.dll.ExtractIconExW
comctl32.dll.TaskDialogIndirect
dwmapi.dll.DwmIsCompositionEnabled
uxtheme.dll.IsThemeActive
duser.dll.SetGadgetRootInfo
uxtheme.dll.IsAppThemed
uxtheme.dll.GetThemeAppProperties
ole32.dll.CreateStreamOnHGlobal
xmllite.dll.CreateXmlReader
xmllite.dll.CreateXmlReaderInputWithEncodingName
uxtheme.dll.OpenThemeData
uxtheme.dll.GetThemeMargins
uxtheme.dll.GetThemeFont
uxtheme.dll.GetThemeColor
uxtheme.dll.GetThemeMetric
oleaut32.dll.#6
duser.dll.SetGadgetParent
duser.dll.GetDUserModule
duser.dll.FindStdColor
duser.dll.AttachWndProcW
kernel32.dll.InterlockedPopEntrySList
kernel32.dll.InterlockedPushEntrySList
kernel32.dll.InterlockedCompareExchange
comctl32.dll.RegisterClassNameW
duser.dll.GetGadgetRect
duser.dll.GetGadgetRgn
duser.dll.GetGadgetTicket
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
gdi32.dll.GdiIsMetaPrintDC
dui70.dll.?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
dui70.dll.?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
dui70.dll.?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
dui70.dll.?CreateAccNameLabel@HWNDHost@DirectUI@@IAEPAUHWND__@@PAU3@@Z
uxtheme.dll.EnableThemeDialogTexture
dui70.dll.?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
dui70.dll.?CreateHWND@CCBase@DirectUI@@UAEPAUHWND__@@PAU3@@Z
comctl32.dll.HIMAGELIST_QueryInterface
comctl32.dll.DrawShadowText
comctl32.dll.DrawSizeBox
comctl32.dll.DrawScrollBar
comctl32.dll.SizeBoxHwnd
comctl32.dll.ScrollBar_MouseMove
comctl32.dll.ScrollBar_Menu
comctl32.dll.HandleScrollCmd
comctl32.dll.DetachScrollBars
comctl32.dll.AttachScrollBars
comctl32.dll.CCSetScrollInfo
comctl32.dll.CCGetScrollInfo
comctl32.dll.CCEnableScrollBar
comctl32.dll.QuerySystemGestureStatus
uxtheme.dll.#49
uxtheme.dll.CloseThemeData
dui70.dll.?PostCreate@CCBase@DirectUI@@MAEXPAUHWND__@@@Z
dui70.dll.?IsContentProtected@Element@DirectUI@@UAE_NXZ
uxtheme.dll.GetThemeBool
duser.dll.GetGadgetFocus
uxtheme.dll.GetThemeBackgroundContentRect
uxtheme.dll.GetThemeTextMetrics
uxtheme.dll.GetThemePartSize
uxtheme.dll.GetThemeTextExtent
uxtheme.dll.GetThemeBackgroundExtent
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
duser.dll.SetGadgetFocus
duser.dll.DUserSendEvent
duser.dll.SetGadgetRect
ole32.dll.CoCreateInstance
comctl32.dll.SetWindowSubclass
comctl32.dll.DefSubclassProc
dui70.dll.?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ
uxtheme.dll.#47
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BeginBufferedPaint
uxtheme.dll.BufferedPaintRenderAnimation
uxtheme.dll.BeginBufferedAnimation
uxtheme.dll.IsThemeBackgroundPartiallyTransparent
uxtheme.dll.DrawThemeParentBackground
uxtheme.dll.DrawThemeBackground
uxtheme.dll.DrawThemeText
uxtheme.dll.EndBufferedAnimation
uxtheme.dll.GetThemeTransitionDuration
uxtheme.dll.GetBufferedPaintDC
uxtheme.dll.GetBufferedPaintTargetDC
uxtheme.dll.EndBufferedPaint
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
duser.dll.ForwardGadgetMessage
uxtheme.dll.GetThemeInt
duser.dll.DUserPostEvent
duser.dll.DisableContainerHwnd
uxtheme.dll.BufferedPaintUnInit
werui.dll.WerUIUpdateUIForState
duser.dll.DeleteHandle
duser.dll.DetachWndProc
comctl32.dll.RemoveWindowSubclass
dui70.dll.?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
dui70.dll.?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
dui70.dll.?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
dui70.dll.?OnDestroy@HWNDHost@DirectUI@@UAEXXZ
uxtheme.dll.BufferedPaintStopAllAnimations
dui70.dll.??1CCBase@DirectUI@@UAE@XZ
uxtheme.dll.DrawThemeParentBackgroundEx
uxtheme.dll.GetThemeEnumValue
user32.dll.MsgWaitForMultipleObjects
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpSetTimeouts
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpSetStatusCallback
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
winhttp.dll.WinHttpGetProxyForUrl
winhttp.dll.WinHttpSendRequest
ws2_32.dll.GetAddrInfoW
ws2_32.dll.WSASocketW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.WSAIoctl
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
winhttp.dll.WinHttpReadData
ws2_32.dll.#22
winhttp.dll.WinHttpCloseHandle
rpcrt4.dll.RpcBindingFree
ws2_32.dll.#3
advapi32.dll.IsValidSid
advapi32.dll.GetLengthSid
advapi32.dll.CopySid
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptReleaseContext
advapi32.dll.RegisterEventSourceW
advapi32.dll.ReportEventW
advapi32.dll.DeregisterEventSource
werui.dll.WerUITerminate
werui.dll.WerUIDelete
oleaut32.dll.#500
duser.dll.DUserFlushMessages
duser.dll.DUserFlushDeferredMessages
dui70.dll.UnInitThread
user32.dll.UnregisterMessagePumpHook
dui70.dll.UnInitProcessPriv
dui70.dll.?Release@ClassInfoBase@DirectUI@@UAEHXZ
dui70.dll.?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
dui70.dll.??1ClassInfoBase@DirectUI@@UAE@XZ
kernel32.dll.ReleaseActCtx
advapi32.dll.DuplicateToken

Execute Commands

dw20.exe -x -s 484

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2017-10-25 22:15:26

Detected family: #Msilperseus

TheSystem Itself @ 2017-10-25 22:24:02