MalScore
100/100
MalFamily
Razy

scan008.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 21/65 Related 2056
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 331.50 KB (339456 bytes)
Compile time: 2018-05-29 12:13:15
MD5: 23c61fed0fd3b2cb9537a0dc610cfcca
SHA1: 939e9dc573626d3130b0167f0fe83e295bfb122d
SHA256: 7732bd1471f0720cf1e10281507391d44b4362c23f8dd2a55647ab843fb3a5d1
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-06-04 04:54:05
Last submission: 2018-06-04 04:54:05
Filename detected: - scan008.exe (1)
URL file hosting
hXXp://sajankipyaric.com/trans/scan008.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-03 23:04:12 [21/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x250e4 152064 8d547446cadb6015035cb99f1a5509f8 e3303af67581b7030c3d3a357c5c6ae8cd9069d6
.rsrc 0x28000 0x2d6e8 186368 1b5fa7ce9cf7ec676baab49912a423e2 41cfc05772f0b69e7c5e31d0a26cab40c284c5c0
.reloc 0x56000 0xc 512 cc9b7520cfefd8b3371d11711ffdc25d fe5b10de716f1ff0b6cc0244985c9beddd6be140
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x54dc8 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x55230 132 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x552b4 584 LANG_ENGLISH SUBLANG_ENGLISH_US
RT_MANIFEST 0x554fc 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright @ 2017
Assembly Version: 4.3.0.2
ProductVersion: 4.3.0.2
FileDescription: UyzOsvXrIvoVXQXhCEYR
Translation: 0x0000 0x04b0
ProductName: QACMrzfI
FileVersion: 4.3.0.2
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
4.3.0.2
URL(s)
No URL found
LegalCopyright
Assembly Version
u;m
UyzOsvXrIvoVXQXhCEYR
FileVersion
VS_VERSION_INFO
VarFileInfo
StringFileInfo
QACMrzfI
ProductName
4.3.0.2
000004b0
ProductVersion
FileDescription
Translation
Copyright @ 2017
m:i
C 3V
e;*x{
Cz;*Z-
5a%
wwa8a
2q"Y
^: X
0[->
t30C
"#7!y
Z &+
qni2
XC*T
/r`M
'8g0
w[{|
JiUXc
1QfZ *
ResolveEventHandler
P
E&^:
@ 4(
W{t8
+} h-
lv,H
![V/
GP_s=
=oI?
_#fdo
)( q
b= A
OKx]
get_Controls
+,a8
J$3B
$[jr
r?PQ e-
Z y?
S]5_"?
PerformClick
xa+rL
@8tg
"alW
U\nh
60>
VZ C
3 L\
-t d
PNG
YP@":
Ceiling
;Z 4
\J!!
#*`h
h8=)
wx3w
m% e
Gba+
o2Q[IS
L'V
fpVO
*K {
Replace
Z{%+
A P.O
B,iF
`9Aw6
qaBT^?
RtBD
q%2a8
07uU
UK"m
Sa%
FZ A_GIa8
be+i^@
oZ#,
\qp(
^e\E]? }
zg<Z
A#cl-/
qfE=
{`t-
-~ln
oZa+
` [
hqtA
]xlm
` R
!GZXt\#
1 &Kou
xZ !
?^>a&
Write
cpDM
EnableVisualStyles
xOETn
z-
=z(;
ea8!
h_Z
u9 am
WW
AssemblyCompanyAttribute
WRAE
?DwZ
@ aV
%Uz#@F
ti7'
Z 1i
Pfr
Z 1U
>8O
r["4Q
N+qu
xZ MJ:
5%6iJ
[TR<
l{&a
sHyl
SZ f{
l{Rs!
e P#
ST<2
'rc^
AppDomain
~RSP9
v2.0.50727
B=a8@
get_CurrentDomain
G'Uv
{O:"
k_l b
+zTk[h
cLKE
&j'y
vR(\k M
%&8A
5$cohe
n<~\
hduh
)Y @l
{-iS
AssemblyTrademarkAttribute
U {rt
Z SQLQa8
.ZV]
PZa+
\>~4/
set_Text
}Y;u V
YZ <Ws
SettingsBase
-AqA/
[{Bg
Ul</
X.xA
#Blob
Control
X_^ p
%&8V
ba
F![/
[Z%&
MX$~
RY > h9
wa%
H9Ku5"
:FO%~
&%)q^R5o^""iz!b3ej&<7@VT"
HMa(Q
s6Xi
C{n2t<
y2Z
5=JX
Type
fsp2f$k
Fxa8
y1jJ
eB=N
8,dq8
^E
xPa
<d\+
0 ]Q
LL ;
u} 6&.
NN J
,`fe
_M
|pui
UKu[
J$slq
Cursor
"M y
5.^A
qI_oc#J
NV}z
[La8Z
]<w
x|7
J@JA
(L5BX
mDHp
*T$
+vBH
ca8n
5$Su
get_Name
+\5K
Ka8$
YXMfs
get_X
get_Y
System.Resources
pVFN
3qa8
vgVO
p;O/
DgXM
:ixX>,
S !6
`&j#m
,Cg
< !^S
W6qr
,DL`.^?
ca85

4t^a
)'PP
~a8_
Z&mGN
+dOIB
] gk/
@c['
eQZa8
l@J,
2x$
-N)Z
V19
8.0j
T;$^
@D`J
Jr?y
P`a8
Z Yj-
$Q%wT
~{k/>
rL,:
ReferenceEquals
.text
)0cG
"^E"
;Z |
GetString
GetObject
}Z ^3
YM4N
#K
a8
8b^:
dA0!
Convert
"MT?
kEpx
Button
hhS`
6x qb]
System.Configuration
ETy&@2K
r<L @"6
&f@)
dhZ y
3-y{&
!;iA
e:vq
_a8O
PerformLayout
_&[H
jw a%
F|+S
O%$F
bU O
NTZ
"9Hq
DBU3!h
"a8
Wa%
5 nOT?
5Z 2a
!Z x
>IW@:T
B"p0
]r B
u9"_
AGs
Fj{|'
o*8a8
yqm^
<3Tx+
t?a+
IDATx
L vpE
M_Iq
0FbF<w
U&+9
.c4 x
Q\EX`y
~)8&
5\4W
1B
snV!
`.rsrc
u~s[
4.0.0.0
|:0
#Schema
'0>h
+UW
`P.u
S,Uv
_y^^O
UR6@
E:jA
#nZ2
,oa8
.ctor
wHf
Z8 6J+9
\pk8
W%&8
O0?I
[YhF}C
fXPs
zZ s
Settings
:vZ N
! x&;
";LX
GhZ
kjz) a
m\b>
#2a8
?a =
:0iNq
`?o!
?miZ t'!
t+#n
y?oG
g)zw
U~cY
<dP
; ^lZ
get_No
{cL"[
`Lc$
*rZi
Container
D=l&
K! $t"v
ihpv
= _|
cm7E
WI <
*-+0#
- *P
+RlB
!@nk
?_b`
,DTa8M
L+Xa8
JRqs
n! _Wj
l%& LZ
80H,Z
V0Qp
Show
pgrk
u*i(t
Bgb/p
KTq<
>g
yun[
%&8i
%&8j
:)@r
.a8e
%&8f
<,,$
%&8b
%&8}
set_Checked
Pk\1
%&8~
nuZ%
,~%A2
lVR0
Ip
Px f
5p4
%&8J
d7gO
%&8G
hBZ\i
R6hL
%&8\
e"Wg
)]KZ
L?ezD]
?+"j
C"d@6
%&8)
%&8%
%&8'
%Mwa8
J?Z
%&8>
QSr?F
%&87
%&80
nUAN
%&82
xO//
IHDR
e!;^
System.IO
_,mx<C
WrapNonExceptionThrows
CN2=l
d{/K"jb
6d -
Pn@<

,XAG
ea8L
GB+L
{P'K
Console
tD$G
z?/V
h?;
%:jw
FHhf
.?Gb
Aq>5!),
i@],c
GM,w
h !^
JBD9@L
k) <
W#1a
7p4
b Y
Z Q
STAThreadAttribute
]9/-
g!HS
aQ*a
H1yQ
y}|*
GgY4
System.Globalization
_vsq
@.dj
R [{z
8}aj3
%dP}
zs$<4 Td[
Mv=
g!
xd,n
,;~>
.T^>
AmpZ
XA%B
IupW
A %`
Myd}
(KM&C
System
EventArgs
Application
NB7t,cW
"$CW%3Y$]
2|s@
9Z iM
j)3:
Zy)?
5ij|
F4\)A
$ym s[
7`4
4&Ji
Cm
H.@+
CreateInstance
1^E1
( g8
kBoZqK
@x"@
2K)~R
'./b
MethodBase
#Strings
X FI)
LP;kv
df"W
$[9ZlrV
dA6Z
MO)Qa
G`R
t]iCb
r5a8
qmAs
JmqT
ZNr;
da
UBC-THa
C<}e /<
get_EntryPoint
eKZ B
!W8W
BeginInit
S0
j[Nl
fL>QC
I5>J
Pt@5
m%%K
System.Diagnostics
]U--
:U<
T )T
@: %+
add_AssemblyResolve
dqF
zy4,
u+)$
G7sTC'aSg)
@4wO
PBv!M
M+Qyt[
rZ \Vd
RsPZ
?.Zu
c1SO
7%&+
_sl*R
J:)V.
,, ?
s* W
+\5D
D?uh
B ,+h
KiIVEt66e
?&lX
SZ5?
FG|fx
djoB
ga[B
$zl;
5]u*
yj!Y
&iW=7
~Z u
8-8NF
]K/C
Double
B-w_4-
)wD+
_q&D1
e"H*r-
2E<M>x
String
"cG! D
set_Location
Color
XS=2
6`*@
set_BackColor
Zkv|-
get_UTF8
+]eR\
*UG
Q4}a
+T(^
MbZ<i
2a8
LXXug
ja1x
J2%)e
m2@PY9
>tc /
; 4n8_
,{ R
r(_d|
W=gIbH
f=Ufj!{
xkY
!q]]3
z;eo
8R
"P]=
I#L
#?x^
9!q0
<Z P4
N 1Pu
;&+M
r# 3j
Y5!Z
d2Z p
9^ k
=D#v
XO"@
Form
7]|P
TT-T 1Z
s 3G
k;]d&
4E 2
pZ{c1@
%_UT
x O.
,W~W
zd {
5Kp0
*%&8C
p#z;
set_MinimizeBox
{1w@
pE%&
XA*?
$ hK
% ;{
g1Y
KO%&*q
6_Dj
=)9U
2Y \
_b
IFNF-
qg=n
Y R4S4
M N
;Y1 '
h[L=
UsmF
#1bfP
lB8fm
p@
f2Z
jB4i
XZ
VA7Jl
1.0.0.0
set_Name
>Zp4
Default
&+K02_'
N9YK
yf<@
^Xn;Z
6lzc
J_V#
w=b
G$; O
Byte
get_Length
KW=4
cwxsk<~OqkQ
86?gg
sKz{&
" a+
s`%+
^U7@
gB1w
^a<
x D=0:
Z cb
MlZ
<~[P
{6$1
uoZ #
ValueType
KAP
_<``
System.CodeDom.Compiler
set_TabStop
GuidAttribute
[3
tZ
$\p4
SetCompatibleTextRenderingDefault
*A]]
r\ty
ToLower
Tanh
&0W?
x kX
P
X K
>}|)
9}[7f
h3M 1X
Yd9tgA
?Wu>
P R0
'}l2Q
Xa8m
r8hvQ
R5 `
ButtonBase
@/c I
> ee
. }N
yZ zR
%vpt
pVwPn|
6[@B
nh.d9
`0G+
8;4{
!r1>
;4 2/%
W{g_|j
I9Fa
L'oXW[
R Z
Xmrn5xS
B`!
5.T}
1CQ_
AM[?}
UInt32
e%<h
pG!;
ToString
Ne s,
&uk
8?tw
H`!>
\jL1PpB
@d$;
(+}#
6a89
q[>F
8OC2G
Cursors
K)3:
6rW3
o(t]
Mb Y
(f>:
/l,~
{j5'}
HSbP
|rU
v+p!
ObDY
i@^c
qjHs`
:5K$
0S.YG=k
2a8%
ConfuserEx v0.6.0
1BX4R
AssemblyTitleAttribute
~;@3u_7O
:Ak m
]_]X
0+0R
[syN
QoIF*
.cctor
^Z]r
Ju;
Z GG
i+,O<
GRl=-
k?J
QAU!
ZuBp
VbmM
6@l8+{8
V6r<
N/eO
iK5]
*U:jWm
t()`
add_Load
+ a8:
9oZ
WVw$
WY' >
.Ja+
|1B,\b
,%X!
'# .Z
ZHb
%^E%
dAQB#J
['&p6cq
:rU+
XIDAT
!D&pG=
Ew]k
|lJ$eds
sRsG
8m#VO
Cia8
s3Hc
0p&
2cA{7
? &@
s*'%
`Z sQ
6{$j
]VQ.*
trZf
&YFl
pHYs
I@/.|w
"aY$'A
l( h
F%&8m
wa7K
.9cU
< O4`!
11.0.0.0
` yM
?e?
9y
Invoke
}oZ .
Z k:
=1S3yF\y!S}
N[xs[
q|$
uKpWR
5Wd/$/G
,YWU
T89l Lzu
sLDc
> Ld
A4a
&)iH
h1_L
IW38
5"pQ=
E 3-
\iBTS
040h
d> yp
Array
jxy>
`]GrJ
'8PQ]zS
Z $
C:-[
d6El
aQ*a8
@.reloc
;kfd
ConsoleKeyInfo
,*23
%B,xI
"D$o
C<56
G{qH^
{g7(/!
x f~
9 5:
YZ 5j&
jJa8
6ae+go
ko [
~lli
mZ I
#" a8u
84pU
Q,nC{
qk
!2I]
F=;\
+]4%
&~u0
\<Ad
y`<u1A
%pAH
m]%Z
MessageBox
J/(g@$
System.Drawing
get_Location
q%+
xd=!
@/Gu
m SFh
pzwm
K%&8
UA (
i9%8A
z$6q
set_TabIndex
$Y,'_
7jtj
.2 x3
E6ik
get_FullName
0tj&
C]6(
ar
iTVl
[{9FG
Za8[
Za8Z
z0}~u8
cK%&
]IuL
ad0\Z
Za8Q
Z `>fUa8
D&o9
RuntimeCompatibilityAttribute
qM~#A5F
#:tt
Za8C
4H.go
s7{
'sZ 2
Za8{
|d~^
Assembly
Truncate
!s{O
BindingFlags
Za8t
D7/g
*]C?
_bY*
ZD.X.@e
J I?
.LB|
+m?}j
[A]rU
bB#Sp
({xVsN;
*txN7Z
FH0&
SuspendLayout
u_:
Mk7?H
ux"
Za89
:%Z_eG
^AES
IjQ/
.Fr1r
{ 'i
Za8+
i)65
6@W`
Za8&
Size
n.wd1
Iyc=Jh#_Gq}
W@vc
+Z/,8g
Ay`<
-bpNh
d^:.
VZ so5
BorderStyle
t\Za+
^a8{
V\"
B|$2
i|S<
tf&:H
|kn$J
+ NE
d`sW}-
GXwx#
^oa8
IContainer
4>D2
VWzX
,5j"U
Tdok
_vJ9
y%+
+8p4
J>
hE}0
nI$o
KW d
pn:
9Sq8
RuntimeFieldHandle
=Ow]
h(X9
+1i}
/BOi v
J[p4
WindowsFormsApplication1.exe
.{o
= \jf
J7:)
Q" L
]v$b
x|Y_
set_AutoSize
ar#+
.Zm.
Z1i
Usy*!4T(
K T4
set_MaximizeBox
2WB[
_{1Swr
ResourceManager
87md~
)x(O
>-TN
S"W-
o!vP
n`=a8
C\0a
6Nj&
^ v
vWWq
j$Z
[=a8
j/M+
N|_
cg0
T`@c
zHa8
1Rnj
\X)
ReadByte
:8?Qvb'xTfv~q{87m@+d3JEa
o^Eo
/R\;
7mF#P
0dU`
5p+ eU
@*AO
F#k%
T;hj;C
8MAOW>w
7_Uc
a,a8
gw.60
l~ UL1{
I@as
u\jZ
AssemblyCopyrightAttribute
_a%
Y`bx
Ott|
,Za8U
f!$C
r-@Z 7
?3Wj
HL3HXzg
K$.D
RM`S
/{a+
ESzf
S]bE
'3f{t7
Ejjn2[
40yO<U
3nq
4 9R
s!nc
2isX
v=\z
}JY{
QU%->
BC[0d
WZ nH
RuntimeHelpers
MD-C
%4\j
ex6?|
LFOa%
R]IH
fa%
set_BorderStyle
YiZ
X
Y!_ksl
B^7T
Arc$
)(WFtB
'SZa8
@$rg
)k.d
|eO4
B?Bx
Z 9D
|<3%
Read
.g H
Intern
~wc9
/0Z7
l'z
_`\}
]l_2
Molirota.resources
\a8p
wRT2
yE/;
jpter9
,/C <
Th-Ha%
set_Interval
1ra8
IkV&y
Pj@O
[:|W
Jak.
Na7%?
8 0
A|BI
5Z vkz
Ybem
y2As
( $
N$pOac
wi_r
Oc[w
B;x#
h/u_
AutoScaleMode
7Z E
ResumeLayout
/Of2
=QW6
[O2x!Z
,3x4
Q2P_
u79"
/l&'n
C,c
]Z 8
uza
XJWZ
R-*2|
d261+
_bj2
Uop1
JE%SrV^
*x\U
/jQ
e&M@
!2z>
@\~3
Z p!
;w'c
yUcV
i"g\
2Vi^
%fDR
3CMq
ControlCollection
q6%a8.
# Jjb
^E
]Z j
G0 (w
6f4o
OaDo
aSirB
|YhD
eK |
N8N5
z2qO
System.Reflection
?P1@
wzZOUFn
RuntimeTypeHandle
?;ew(
T=RGc
get_WhiteSmoke
@O.K
"-wL
Y+uw
\&%)q^R5o^""iz!b3ej\&<7@VT".resources
hS-Y
>a8%
Y_Y
I.<4w
61<`
p8wD
P.UY
, wB
nZUw:
6b!]E
W{"r
yCc*
Object
Zs:n
|cz7
op_Equality
Z 'SKSa8
DU4t|
Oqj%
)bQ:2i
ppl{BR:*
Z T7
0Jzv
K4M
g$:k
AssemblyDescriptionAttribute
SC h
co>M
ecq9wP
mP2@B#
6f&S
i,El,
@a8z
J7]:
set_AutoScaleMode
6#[6
Vx%a8
;}U4N
jbT;
=A50V
_b`
igk1UA
jZ 6
ba8T
%3UIx,6V

Q$e7"
'Za8U
bX t
fc jV
q]Ty
+x%&
jb0\
XYEcs
3System.Resources.Tools.StronglyTypedResourceBuilder
Z v)
IB;m
DhhFe
|>]r
L>?(w
get_Assembly
Uf[r
\p*^
set_UseVisualStyleBackColor
6lZY
S QH
t(6j
0^E0
]<sY
Ea81
,T~R
mscoree.dll
!This program cannot be run in DOS mode. $
21h
Kl|:|
jZ Y
Sj(
BU.C
Ma8*
8\6Z
Dispose
?~jrGT
1U;g
XIN6
KgO`7&
YYo}>
AeZ
F0Z d
` hX#
8M,+
ym
=L;j
Binder
_v1a
%\n|x
X,O,}
Z PU
=)u]?
#Q6S
set_ClientSize
5Z R
+d@J%+
Yp DH
j ,HS
5Z k
t[ K?G
Vug7 k!
nzM|#
V),B.%y
ma,1w
A5UCM
Panel
d.<#+Un)*f
@~l);
CZ \
!LQc
liFz+A
[p4
mo*>
Z q;
/n&~l
4>
S#a\
0AxTe
,X}g
BSJB
hv&|
\*zm
+-D6
JjBmS
+
P%T9
]ynC@
Gzb
^ia8
>Z 95
b@ T
m;up
fA@3
D_U
YZ :
t;H{
P =>\
jXJy
A@[d
YZ *
MXNG

,u%&+
IZp1&
X!"%&
%tj# DXU
!]y|
S ya8F
<0a8
d3OwRJ
|'c~G~~
4>Bw^
2140wE&
$[rL
/ueu
CJj5
s / 9
d7m+
U2,G
)bN`
add_Click
U[6$
#|PM1
TMZ#
wKa8
%kgA
%N0\.R5
_cX*
EditorBrowsableState
H~yh
+#Ou!
`$~?
-v/e
Ki*i&K
Jk T
c?Z
PnEZ
KwPE
@Ga8
o-X"=i
Y:yr
GuUP
0+"p
<VYZ
qxl//
/;UgP
k3-jM
0>B
R=Q1
I#3sD
L=N$
BUaWyY
j4oc
NZp4G
>Z @~J
JsaI"
Ga8.
P0$
V "?
Z ?P
Attribute
'21>
'0;.
MethodInfo
:kso
,llY
c0x%&8O
B;Z
c^Ox2
PAsN
Recf
CompilationRelaxationsAttribute
c~,
/EHJ
.B ;
w`LI
:wo-
^Mfj
ESvk
da
N% '
ResolveEventArgs
E a+
=e4&hD
HDpS
S\<
w e;a
y(q@
+bL[@b
:P%+
)Tea8
Z 4 6
G~G(
ApplicationSettingsBase
jbxA
r
~o 4
{aEe9
D_5S
XH M&
pf,h_
g.=^
-n.Y
Ic)
h Z[x
N9?qD
-0{oeC
Y,O_
CH2x
1"Z <
)&$n
IEND
,][
3$DXYJ
_Z:il
$JU _/
9HIs%%u|0
Iha8
KI
i!#Za8
$`=R
FZN,n
Gvq/
L&WvtRJ
KkFk
`%&8c
MN&z
yj+}
\Z ^
ke"(
BlockCopy
EYA:#D
'7p4
{"Qo
!Yb*^L
;)j;
0F9T
g
yvl%?,
get_White
&@BP
LZ |<
wG12
Fa8S
x^Q(
H5C}n
8Z '
%x'j
-a%
_$?5
WindowsFormsApplication1
E&i&
$RW=%
DialogResult
=Z ,
;XS`yuk
S5< .
qg\9
Sf39
Mwu2
CompilerGeneratedAttribute
%CxC!
qT29
X >k
qv4X
r~MPf
J'Bp
OZB`
RZ }
'.px
```_!b
S#'Y
~iz
DB
+ ~A\
<!#<Q
WindowsFormsApplication1.Properties
'"[^y
htSP
%-@`
'K[
B3 8
AssemblyFileVersionAttribute
System.Text
#* a8
^rg#
uhF<
W Ax
X44
bR<s
I7}s
|^ni
.@'q
C uD
cg"z
N<a%
hZ 8
I"
<c#J
D#-c
Ma89
u6-B
nf*
GetElementType
c|o:
'}][
h9
wj5_
wJO0~
bXbV
M)B'
UO!
}SU
}lz[U
U_+E
[\b|~
* ccx
5 VY+
<`9"
wB?!,
WcO\
Z N|
Szd?
x4A6
u 0X
Fx-tv
avS> ?
+o6k
4~ux&Y%XL
" Qq!
x.q!w
7qM|
/ }Q
D2c^as
-9Iid
4( MB"+
X LG
8;a8A
)nm
Z|!^
DHa8n
<9$o1
K.Z
C]"}|
4!;"
tMU<w
,mM<
x%l9
< Sup
#TZ
y!,6
b\F^l
X9S#
v%cv'es
j2hcy
_CorExeMain
DebuggerNonUserCodeAttribute
NAcO
T`EF
"QP."
lyDvq
x{~wEn
[+Xm
s^v)
Q[
Timer
[dmB
DebuggingModes
InitializeArray
TSv.
`k&H
3pK!
Oo1bp
{;[w7?
rwdz
j .y
.N#z
GroupBox
!cGMaH
NvSd
k(BT
qj(M
Da8=
+* x
EditorBrowsableAttribute
g8eM
YcEd
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
\<uM
&Pu4w`
i8E9
K({}
TO/}
7YkQ;rf
I}HZ=
sa8_
cox>4
91BV
)G-
1FDVq
8Qgk
y!gk
vmiE
R/U\G
D,M:
$m8XII
KcH
ZL<4
Load
&=-:L
a'3Q
L6(Fx
tc 8
S{Z
U1?
j c$h*
E+HY!
"EG3
LS~"I
BLF7x
9t_6X^
U[0R
Z e
_c5l
n7a /hh
B- 0
sQwmdEwcMEsxQAzGTaPFKFFUMTAY
-a8T
add_CheckedChanged
t>^{
{/LZ
SlsKk
yKc&l
DebuggableAttribute
X5z%&8c
-Krt
4Hbh
?L f
Ye<d
ISupportInitialize
IJa8
x-H@
sh
dia
!yNp
PH{f
b-;&5|
U}YF
T >#
@!k}
P&Lv _,
W^Oz
s\qy%&+
iZ %
Z T$H<a8
%%19
F(+~
6p4
-a8
_@<8
. jF
]jZ q
a`)!
JwG!Ih
vHt3S
^%"J
4tHRO]E
LLQ&
; 0\
DC.~3[
e4c7
ja8A
rpYn
FD p
n[%+
v|),
K=tV
ss)8
[|ObQ
/(99
ComVisibleAttribute
KeUH
\i$4
O le
@N@
ja8;
8{hd
>rMWF
$ EU
maom
N F}
Z5"<0
!v d
*[5
bpL%+
(aN0|
e.[!{O
2%I6@
+:q)
AssemblyConfigurationAttribute
Z 9vZ
y Jl
Eb6K
6A94)w
$N=i
2q.%
CultureInfo
JEJs
?~6z:
g:)%
&.g-
q{0K#rr$u
-S!$
y#!P
a8i
&Ia8Z
] lj
6_[
f &~
Gtk
ContainerControl
*1w ^
|)~
6V%r
rH5Z
O,Zc_
B^s5,
Stream
sZ X
i *
Yr :
Z O}
'p$2
a)yK
Lba8X
sd
F&(Q
Qg(&jfS
ba
m]IWR
Exit
;? #
Q?,a8
ai1P
U!m~
:&yB
unI
"#uG
? \V
H,~V
b` (
e[dZ ^L
CQem{
-v1`
?`a8H
[
?}Y.
d WV
G1[kP%
Y)G7
aIvM
>W#_oG
y?`D
S'"
(M('X
l$T
R:|ivo)go
$ !dc
2@h@
WAC,
1FB{
z Cp
( {#
KqSHu
fIa83
w"^VMf
*U>
)a8=
MemoryStream
kp_A
!f
p%%
C.7+
System.ComponentModel
kS}&
7D:~\>S
R>$C
UE^#
~sdf
@0CLd
$:He
Jbt5[
% (MA
]_
;92b
dCZ
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
bS$9s0
pu,8n
+t}q+u
,eG/$(t
C@,
G}EeCM
K"l=
mbTh
0Z `
#2^6
/|Jr
$l_{S
^F[
t.{d
Buffer
7W Z
8uqG
qB u
,$P(
bjM
$0eda27c8-b353-46f6-b956-ef1bf67453b3
\na/
X
5YAq
5zG/cz
Sqrt
s/P
MsZa%
Z Q
F {@
k#a8e
NpE|
m(,to
InvokeMember
;;C4P
;\ $
E3`x
SM[T
"dOs
UaZ *
[Oqa
F2;8
hi ;
Q@:4
21u_
2,)q
c%%&
\M9t
[ik /
2K.g
RU x\o>
UYl*
lHia8
}HZ0
Copyright
Oxo?
>FS
a69H_e
@ /vi
DVbV
T<f.
4vw;
PictureBox
P a8t
Sa8q
Point
~p"Y
>[\Mz
/){?
]|>N
c?OZ
(D+e
(a8
zVZH_O
L0>J
6H P
2%mpWs
Q a8
M*RI
/jJv7
On8C
_BL!
^E
!7wv[
?B;)=&[B!CJ
?&0!),
c|{&
wa8h
-doe
U[4Of
F@qP
vVa8
*$`}
O75(I
`O*!q
-Q/I
AKU&M
ra%
bQnu
?Za+
#Q {
\%*t
tI9
-USXr
|?p_
(@Z
RD[P
set_Size
e-$W
GetTypeFromHandle
j Z|
Fq'eS
e%Z
(%&8N
>I|XZ p
zx4u
ZA#9
t jA
3?h(
6%ZL
frbW
v&+
rp%~
y= _
ConfusedByAttribute
'O j
:8?Qvb'xTfv~q{87m@\+d3JEa.resources
9$i_]Myq
DHlh
EbNR
Mycx
;c\>
ZI J6A
2}:
5PF
KrMM
r1Qu|
%+'o c
z/w!
+M-%
eoF47
s8i[
IDAT
CAovy
@\S
\V.R]<'M
System.Runtime.InteropServices
Vs-1
M[A#c
&; !
$P iN@hr
t^,f
fYfl
Math
KI07j
Tuk1
ReadKey
T2aH
%Mbz
w=[ c
&eV
`/ns
[<\
^E
{Z c
_Ba8
System.Runtime.CompilerServices
)|A(
Z i9
y_rV
mWbV
"iry
Pa8G
\Oe}
ocI
y'OA"I
p =5C
qY[$
+Z $
><|8
wcZ Z
rbUf
&Z F~
*?=8
(3 O
set_AutoScaleDimensions
)8w2
k2Z
ZzqU"
YTT
mH;$"
Ai$S
5S~5n
[i)Y
Ua8F
^v@-
?o01
s0-k
7P:v
JLN^
^E
b- ?
uq9
_?c L
&jt{`
(s 'xT
%p~`
C 9A
j_ot
Gc
z82wT
8*5^
Ua8?
IDisposable
_S+ }
H9G
Synchronized
,*7B0
U0W
4A$\g
IinB
ra8"
{an+
va8l
a%
$9~
fyx ,m
8Lv
?X Z
Label
2" {)
r{<%
tcr~o
9Auq
nE%_*Oty
*Prgq
&m{(
U7HT
AssemblyProductAttribute
#Z I
,Z OA
R "5
/65U
t5d(
"/2
@=k
!el
<Module>
/ [,
I3L&
9"p3
^HU|[
1> S
o26m4<
S vc
ZzLDui
u|pvtQ
NvNA
zoY.
+/
ioiE
7j4'
,b^*
9D6^
+t s4Y
SizeF
2018
3.vl@
OFsP
add_Tick
;M { S
set_Enabled
ya8.
y;Z
"OdD
/m%+
>|5X
K F"6
2Q=J
h?)G
#GUID
P.|n.
}^zo@
{Ta8u
8Z !
:eaxf
1H"<
?GZ
&t:d%&
+~ G-
x1E{
zo"=
N:~X=>!
Y 2f}
,7 ,
$Z a
EndInit
&ta8L
ybVm'@
J,~lD
,:TvO
_rI07M
& Gk
$ $L
9&wL:
|GLk
ZC B
o <j
UWNp
teIF
1a8(
'7dU-
m\a8
VrvD
VkVx
2Z t
m \A
EventHandler
B\ia8
mscorlib
RZa8
DrBZ?q
,A>cZa8
gQ-R
nTw~ qY
H}M
??{)
=k0e^W
F(8Y
2Z -
Encoding
)vW _h8,
/.q'
}'@8
0<Z&C
c1{j
bD*Z
L |D@
CheckBox
T4FZ
E'WA
k`!hZ t
&ArH
9(fr6
D<"//o6A
Cj'!Z 6hI
mN:Lj
jA5M'
ORXRm
. ~a
[a8T
GH0@
^^2wQ
mwzO
NN;z
[{'Bb
8nJ
_x'Y
Z {e.
"P\i7
#O}!u
F *{{
^t:R[
\=Se
MkBfu0&
|l.W
{037
I=%+
]oo>)
z6`<g
R6.FoH
(B|\
r4LI
[a8
,}gB[J
ohus
:<T&
m~.za5
}Za8
8wI7
)E y
Xla8
u n9t
Ya8a
ro35
0zcF6I
=* `
_V*AxL
MZ }.
dz
:.n(d
+/v|H8T
zCOS
%&
W Aa8
(l G
I;;6
*F\
*^%*"
g>-H
System.Windows.Forms
set_Cursor
L7%+
f/ j
wi4t
# [b
Bj\
gL w.
WriteLine
KOu`
Y!Zxf
pDfz
d M;q
d}6/m
z990}
E= ,
Pi?!
G[mk
@]
GeneratedCodeAttribute
i@Z /
03F@h
pZ W
$raHAiN
)hw>
H`c}
Qf\wJ
$U*\
kr h
a R5
z3 E
&wyC
(
c!k6
,9p4
H[Za8
Z 0]
tW*~
O3/5!5<Q
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 04:52:03 2018-06-04 04:54:57 174

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-04 04:52:03 2018-06-04 04:54:57 174

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\scan008.exe.config
C:\Users\Seven01\AppData\Local\Temp\scan008.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\scan008.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\scan008.config
C:\Users\Seven01\AppData\Local\Temp\scan008.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\WindowsFormsApplication1.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\WindowsFormsApplication1.resources\WindowsFormsApplication1.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\WindowsFormsApplication1.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\WindowsFormsApplication1.resources\WindowsFormsApplication1.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\WindowsFormsApplication1.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\WindowsFormsApplication1.resources\WindowsFormsApplication1.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\WindowsFormsApplication1.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\WindowsFormsApplication1.resources\WindowsFormsApplication1.resources.exe
C:\Users\Seven01\AppData\Local\Temp\sQwmdEwcMEsxQAzGTaPFKFFUMTAY.dll
C:\Users\Seven01\AppData\Local\Temp\sQwmdEwcMEsxQAzGTaPFKFFUMTAY\sQwmdEwcMEsxQAzGTaPFKFFUMTAY.dll
C:\Users\Seven01\AppData\Local\Temp\sQwmdEwcMEsxQAzGTaPFKFFUMTAY.exe
C:\Users\Seven01\AppData\Local\Temp\sQwmdEwcMEsxQAzGTaPFKFFUMTAY\sQwmdEwcMEsxQAzGTaPFKFFUMTAY.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\BootstrapCS.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\BootstrapCS.resources\BootstrapCS.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\BootstrapCS.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\BootstrapCS.resources\BootstrapCS.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\BootstrapCS.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\BootstrapCS.resources\BootstrapCS.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\BootstrapCS.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\BootstrapCS.resources\BootstrapCS.resources.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2556.34862046
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2556.34862046
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2556.34862078
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\*
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\Low\*
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\Low
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@abmr[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@adform[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@adnxs[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@adscale[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@agkn[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@atemda[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@bing[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@bluekai[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@c.bing[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@c1.microsoft[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@casalemedia[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@creativecdn[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@demdex[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@doubleclick[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@dpm.demdex[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@exelator[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@ibillboard[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@ih.adscale[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@liverail[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@mathtag[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@microsoft[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@mythings[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@nexac[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@onetag-sys[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@onetag-sys[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@openx[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@pixel.rubiconproject[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@quantserve[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@rfihub[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@rlcdn[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@ru4[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@rubiconproject[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@tapad[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@tim[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@track.adform[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@tubemogul[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@uk-ox-d.openxadexchange[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@www.microsoftstore[2].txt
C:\Users\Seven01\AppData\Roaming\Mozilla\Firefox\Profiles\*
C:\Users\Seven01\AppData\Local\Google\Chrome\User Data\Default\Cookies
C:\Users\Seven01\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\remcos\logs.dat
C:\Users\Seven01\AppData\Roaming\remcos

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\scan008.exe.config
C:\Users\Seven01\AppData\Local\Temp\scan008.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\remcos\logs.dat

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Users\Seven01\AppData\Roaming\remcos\logs.dat

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2556.34862046
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2556.34862046
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2556.34862078
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\Low
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@abmr[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@adform[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@adnxs[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@adscale[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@agkn[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@atemda[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@bing[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@bluekai[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@c.bing[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@c1.microsoft[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@casalemedia[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@creativecdn[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@demdex[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@doubleclick[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@dpm.demdex[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@exelator[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@ibillboard[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@ih.adscale[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@liverail[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@mathtag[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@microsoft[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@mythings[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@nexac[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@onetag-sys[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@onetag-sys[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@openx[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@pixel.rubiconproject[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@quantserve[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@rfihub[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@rlcdn[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@ru4[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@rubiconproject[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@tapad[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@tim[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@track.adform[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@tubemogul[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@uk-ox-d.openxadexchange[1].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\seven01@www.microsoftstore[2].txt
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Seven01\AppData\Local\Google\Chrome\User Data\Default\Cookies
C:\Users\Seven01\AppData\Local\Google\Chrome\User Data\Default\Login Data

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan008.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\54964d0d\421ca4cd
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Microsoft Sans Serif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\64eda7a5\28b2c4b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|scan008.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|scan008.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|scan008.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\64eda7a5\3e1faa2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\36046588\288d9787
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\39757e56\cd334da
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\39757e56\1c96965f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\scan008.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\scan008.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\B4E1DCA3
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Remcos-5JSLAN\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_CURRENT_USER\Software\Remcos-5JSLAN\EXEpath
HKEY_CURRENT_USER\Software\Remcos-5JSLAN\FR
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cookies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinSAT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winsat\PrimaryAdapterString

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\B4E1DCA3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_CURRENT_USER\Software\Remcos-5JSLAN\FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cookies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winsat\PrimaryAdapterString

Write Keys

HKEY_CURRENT_USER\Software\Remcos-5JSLAN\
HKEY_CURRENT_USER\Software\Remcos-5JSLAN\EXEpath
HKEY_CURRENT_USER\Software\Remcos-5JSLAN\FR

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
KlgyDCPfsTWFYItlyMjeLSYpTS
Local\MSCTF.Asm.MutexDefault1
Remcos_Mutex_Inj
Remcos-5JSLAN

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GlobalMemoryStatusEx
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
user32.dll.GetSysColor
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetFamilyName
gdi32.dll.CreateCompatibleDC
gdi32.dll.GetCurrentObject
gdi32.dll.SaveDC
gdi32.dll.GetDeviceCaps
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteObject
gdi32.dll.GetMapMode
gdi32.dll.GetTextMetricsW
user32.dll.DrawTextExW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.SetTimer
user32.dll.GetWindowThreadProcessId
user32.dll.IsWindow
user32.dll.KillTimer
user32.dll.LoadCursorW
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.DeleteDC
uxtheme.dll.GetThemeAppProperties
uxtheme.dll.OpenThemeData
uxtheme.dll.IsThemePartDefined
gdiplus.dll.GdipCreateRegion
gdiplus.dll.GdipGetClip
gdiplus.dll.GdipCreateMatrix
gdiplus.dll.GdipGetWorldTransform
gdiplus.dll.GdipIsMatrixIdentity
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetMatrixElements
kernel32.dll.LocalFree
gdiplus.dll.GdipDeleteMatrix
gdiplus.dll.GdipIsInfiniteRegion
gdiplus.dll.GdipDeleteRegion
gdiplus.dll.GdipGetDC
gdi32.dll.OffsetViewportOrgEx
uxtheme.dll.GetThemePartSize
gdi32.dll.RestoreDC
gdiplus.dll.GdipReleaseDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
kernel32.dll.GetStartupInfoW
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
user32.dll.GetWindow
user32.dll.MapWindowPoints
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.GetThemeBool
user32.dll.NotifyWinEvent
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
culture.dll.ConvertLangIdToCultureName
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
kernel32.dll.CloseHandle
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.CreateProcessW
kernel32.dll.GetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.WriteProcessMemory
kernel32.dll.VirtualProtectEx
kernel32.dll.SetThreadContext
kernel32.dll.ResumeThread
user32.dll.InvalidateRect
user32.dll.UpdateWindow
user32.dll.PostThreadMessageW
user32.dll.PostMessageW
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.GetFocus
user32.dll.SetFocus
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
user32.dll.GetKeyboardLayout
gdiplus.dll.GdipCreateHalftonePalette
gdi32.dll.SelectPalette
gdiplus.dll.GdipSetPageUnit
gdiplus.dll.GdipSaveGraphics
gdi32.dll.GetNearestColor
gdi32.dll.CreateSolidBrush
user32.dll.FillRect
user32.dll.PeekMessageW
user32.dll.GetMessageA
user32.dll.DestroyWindow
user32.dll.DestroyIcon
uxtheme.dll.CloseThemeData
user32.dll.EnumThreadWindows
user32.dll.IsWindowVisible
ole32.dll.OleUninitialize
ole32.dll.CoWaitForMultipleHandles
user32.dll.SetClassLongW
user32.dll.UnregisterClassW
kernel32.dll.DeleteAtom
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister
user32.dll.GetCursorInfo
user32.dll.GetLastInputInfo
kernel32.dll.GetConsoleWindow
psapi.dll.GetModuleFileNameExA
kernel32.dll.GetComputerNameExW
shell32.dll.IsUserAnAdmin
kernel32.dll.SetProcessDEPPolicy

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\scan008.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-04 04:54:21

Detected family: #Razy

TheSystem Itself @ 2018-06-04 05:00:03