MalScore
100/100
MalFamily
Barys

quotation.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 45/65 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 238.00 KB (243712 bytes)
Compile time: 2015-12-28 20:27:59
MD5: 34ee279f6006907db002c144aa621d04
SHA1: b32bf4bc1687e03472cb9c501542323603b9839c
SHA256: af135425329432ce43217a2b929330e7185ce663310240e9cb326b197cdfc438
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-08-31 00:42:03
Last submission: 2017-08-31 00:42:03
Filename detected: - quotation.exe (1)
URL file hosting
hXXp://sarele.com/tafari/quotation.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-08-30 22:06:44 [45/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x3ae64 241664 3b409591713ad0056a20daedf7c1d14c 0dfcd3d401202d2f43da1ef7d862253483bcb250
.rsrc 0x3e000 0x400 1024 b0117339c8e48a3cbe911a503e8702ea b27ba6137eb16c65c346f3876f104035eb669161
.reloc 0x40000 0xc 512 40b7a705ca9ac156f534683dc9edaeb1 f81b18a3b5f3a46b0420a19bbe4c898143338cdf
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x3e058 588 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: quotation.exe
FileVersion: 0.0.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: quotation.exe
ProductVersion: 0.0.0.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
System.Reflection.Assembly
ToArray
CreateDecryptor
Assembly Version
VarFileInfo
System.String
InternalName
GetObject
StringFileInfo
Translation
Load
FileVersion
VS_VERSION_INFO
R^jx
000004b0
System.Resources.ResourceManager
FileDescription
0.0.0.0
OriginalFilename
LegalCopyright
AddRange
EntryPoint
quotation.exe
ProductVersion
SNp;
MemberInfo
rA`]^/C5r=
Q8K5'
o#'G
' !Dr
L2NiNhNtN`N NmN-N NbN
MZRd
IU`
([vc
hCq^C
NZNyN4NQN N
~"9 -
F@Dc _
=BLU-]
T;I0B
(w9T
'n=t
wA:s
ug>Uw
6&BV
X5[J);
WS}##
9?>f4G
i}+Z
iT[YT
*J<%
ICryptoTransform
v|dv
'*\e{
^AQI
AsLxO
]=gB
IR.
?W]|
zTSa
[v=7+
*?il
o=7k
w6`!'
v]y4;
+g/#Q>
w=|y
hQ)&
;DB(
K< c
T(u7
JIY|
Tje\
Dl33ceBJYf
!Gd*"
T"0~^o
I}:"_
K>{}A
Q]PKAU
2Nx s/g
L @TW
Ip ; ;
OtA("
4*[
\E!p_
])5
Qm6
v1w\!D
)d]
?<^\
]MsI-
c 3ub
0b,~
f|"E
maDe
,s~ b
T5\
1~n%
{\z>~
#!0_
qg F
s.@
F ~V
fL!c
e;AK
1&l$
#SZ"
^&&;^
,i;
N}gf
=5M~]
BPSB&_
[zl|<f
.l X{)
/D:-
WeFca> :
NB4,
Kg _G
}ZJPn
XjTI`
lY|W
{{=N
NON;NMN
ws6KqBwwH0aMDI
U-f"
!f;O
Ov
Yv]&
;`M<nHJW
Tly7Y
mL-B
Za")L
b>A9
g--C
v.:w
xI5@o
dObY p
;c&x
?N/s(&
<L5!
]W.}
B">3=
C@,|v
.resources
CompilationRelaxationsAttribute
ls-#
HgT?
1A.up
X|L7
Q<+3c
W o_
15!u
KJ&8
4uQp
v\T2`
System.Security
zqR&
j|?=
b?H
q48t
<"*$
qJ10
2&TW
AlsZ
Q;TF
nG0m
+Nr1
|_o'
`c>S["p
N0M
Y}ye
- "g<
;1T
-x%5
oP]r|
(
tD]3
:RF[
cEr#I
K@xE
5_ho
ns.]
qm{%`
nCT0
4 NqNnNZN<N[NqN8N
! k*
3a*
/TM
0Z@;
#\N_
gMJCvIQaXxB
> 8?
OHLC
y$w%
1il2
'$)x
~wrh
D)ii
ro|Qy
NA:u
v{@BKzQ
2#4\Q
h~ yL
'Kh7
zp'5
cX=zGwE6
;F 1
-5B6
3iU3>
c""
%%mr
p~:
Q--[d
E@77l
o"1S.
.KGh
%)u<xN
Zx6Z
Xg k
D3u
ww<L
s*'
yHI@V
rMMMx
p3x@
$d_)
7Mh
.PO$/
o<2`
Y|KL
n9rF
}ua
!Ht:
!fbJ
VPD(`hz
{zw~
OfvuF
O)Ab49
{"PZ0
P \\
ls8b7a
w1#
B2S
)(0x
j&4
uzl'
PADPADP
zsPa
PuOu
`VyF_=
GetConstructor
Hjf+
x s
7jN m7
t|H|
l es
RO)*j
' m&
}#-z
l$%NV
d6Y[9w
eP\z\
$6?lk
c@Ghl8
PxG<q
E/Ym
cYU>O
4xN>N#N
w0|,Gb
k@T$x
asv`0Af
$*I5
] #/7
CJ!<m
^IfdH
l%X)
;8K"t
WJo )
29Li
;"PN
\5l%/
0^~
UnverifiableCodeAttribute
mu*b~
ZB 4
8v :x%<
bD&RL
6Y4
dO9sY)pZ
7=jd
j R-
xdij
C^yz
iowi
W`|m
%5\a
~4"
.X4~5la
EX}^;
;twr
'?REy
zxpr
p ^?
.tV0X(
n=fn
*xN
*T]D
RT0l
^;KQ
Ucef
`7G1
Mg3i
y-sY
r/'^x3
Y-6q
CG#b
k7u>
H{%!
Poy|
y %r
UnLZ_q
8Fk*
[<'VS+!
Q23H
@!n}
AFnF
a5m0WD
$ p
wm2[M
l MTo
#4Lc
neZH
zq :
uZY_n
f03e
r"s%}
KC)0
f qd
\x#4
woGLX
P/ef
4Ja&
77{"D
y{ x
soS
7i@|
?l@uOq
N'NTNcN[NsN}N#N2NxN
D6Kd
4\f+
KP76
co24
P!(v
&%8,p
p6:{
r`d>
' Ar
12;+
|",\
wUA."
~IfWWL
%&%
8aRj
*6tw
N6Ns
liWv)L
hZgy
eIj]Q "k
UVFr
Lb2DB
9.{P
y@ ^*d
iN70
KR;@N
Cn p
%j4e
H3N8
~0;$6
_.]e+
Spzp
$*CG
_y*u
mA3/=
;j,_
Z/?}
|j )
b~$0
&@+Ut
& Ok
#EN
cTj(
$x~\ws
NgN~NSN[NbN>NKN-N$NFNwN*N N|N\a
J1Kz5
4x#
gNr(
a|?]!
v 33
As~F8
:*/w 6[.
C8xKs
DURJxa]
9rK/
N-h_
l?+52
PmQ$
#%V!
2R's%
Q[p$
D4)3h
(q`@c
w }UV
8\f"
mNjc^
gw@Z
Uh[S
DialogResult
N[N)NtNPN
)WWi
9ggj-$
^ifG
Kuod
YUcu
.text
List`1
0yl!
)n<n
htj3+
>rsb
x,[)
;A%/DaL
C\*^
vmY5
"^ 6
jL fP
ikDi
Z[c`k
GC5R
-")f
>.3S
NT1Y
}AAm
A 0?
(6L2
Z"Umc
cWwn
_NL8;
go [
>Xh<
e^]rZ
=^f
x $S
qI+)K
y:t1
zgTY}
:T59l
I|5-
+Nw7
SkipVerification
b+}WM&
6s`B
ekUdnS
\'"Yc*
W<LgM
qNp1HGg
phdc
#0$M
1#']a
\mR>
X^{=
&/O
[L_V-F
QFw+
w UR
:S+=,G
q3/.QT
3u x
t S@SPWVU@
28%V
IBAA
romAKYj09fuyDkjCh
Xu T
30BG
W9Lb+0
uC]2
p0sKyjxPmzN6FygVAe
QfeW
)*X-q
l e67
=wtWw
[4:e
b;.MO
(d`,
Uy/(G
oSiX
a'O+:E2
vE_t#Jw
8 :G1p
5kcM
kOhL
9=4 L
N@N NBN5NyN
ZZ$Y
s mxr
b(K0
h=qd
7Y4
vUye
aD]E"
l s^
-=q"
(M.s
#Yh
.`,#
n1 0
EZ3*E
`.rsrc
X| =s
f2fF
NK?q[
:p+_,
uZ$0
GCb|~N
7L'(
Bxg/
FrF(
;)-t
%$bt
*= E
Lx|v
!*!2
[lAGy
N/NfNONDNVN4)
"8<`
:XSN
Q2o9j
I+=^
oGJ&
&Qix
!XF:
.ctor
[@ [
?(G_
uyEl
g$Q
CH)@
BYWu[
p{C?
ujZ5
^|swYQb
]+dp
KEvB
i|Z(1 /
oH07
7duY{
sKfe
[wI&
B_b)
'i&J
~}3l
W]BG
Bh2s
L:FIw>
ODN:
@tvX
2plQNHCWOX
LUfl9
]E}>rl
k 9M
a7Um
(k,kQ
vvP3
3>D#
K$sjj
| Ll+
/3J`
- D>
WhU0
BI"#
&r9c
P3OY
]3G]
k Nkj
\.\1KBv
rs&D
wulf-i
VAeo:(
vp&5
1< z2:
,VoVhX
H/ $
I9U
$7/?
|=> R
NtNmNUNvNkNqN&NLN
2YaK
:* i
fQm8
=#*A}R
fl5|
#fWc
@D
\NYz
,R'K
/Qlo
CK&a
+ ~
"*_Y6
%T W:D
^0%7
D& w=,
2]^ E
2 q3q
XYX~k
|6X6f4
f/$
]w0+
Lp|%
[,Za
i\hB
27&
so>`
!-@K
1HyN
r65nK]
U<6M
ySp9
7#w/G
M3EQ
f\r,
c xI;{1
^XSy
2mPSP M
]W3K
%F+r
va[5
r=B
E=(4
FT9x&X1n
nO"v{
;e_H7
PAi@\
m6$~'
Vfa9
#rs~
?W.k
I5f`
Xt/%
md/t
[22h@b
A[7RTz6LN>A Q
[8 <
H Gh
L%E'R
1+3u
k}>q|
GcZdT
System.Windows.Forms
)S
yp)iL
HT B
scZ'
#KX>
W/)-9
%z RD|
" R
2J17@R
3{W/
gZ'h
L_ -'x
VX.
L]aA
`\V>
I ET
trGs
qw2<
ijbNJW
)bVV
s^kcz$
N!N%N)NCN
FJ0
n+Tl,
7{TOf.
hCfQO
Q;Dg
(7EC
e#3?
\Txt!&
%4wX:
"QOM3
+>r.
'QRw
/)*PQC_
j=>#
`C)
~/(
w(d\
"}7L-
bqzn
Q\1&Gj$
&dV#
v\#U
>o:T
a5#%6
LbN5
@,p?
na"G
3(4B
zraR
E41|
=yf[
'r>y
:*M|2
s^6j
945jkkysWA
?@`L
KsajlOin1mIBZC5lXT
/NM[
~j#(
*@L1
o4!Ry
wX@&,U~"
*qY`
:#?P
U8lvr
%H4Ub
}&4]9
XFqaJGzFrzLUVkUPP
-X X
"VeWO
QTaK
/h.3
Z9e4
^)dPF
^[7`
_8;G
v1Jm&
:f 6
NJNiN?NiN"N
_w w
ne(n
O%+
System
Z %F
KK]iTk
cDFxE6k
'ZP@
B}:0
.M^OW
b9j T
1| .
==XuY
}2",f
JJf,
X"~-
X#X#
ax%>b8
c9(\
DjXO
*z`v
*yj P
!) :5
Kz_:1i=~3
?Q)c
jI0F
s cg6'
NMNrN
q:eh
`](_
)'v/
a/}]
C>$"s
P O
|@f|k
#0;M
MethodBase
#Strings
AG|3i;W]
lRld
+0O>KiL.
@>SR
N;NANANtNrN/N+N
qt9I
u%C ]
$4 0
NzN]N
4LzpN
ibVE
hHFN^6
g>2VN
Ekpm$
NdNlN
#D6]"
w8!7
0 Be
@J~)F
\$ck
E-j;
+wj@
IO>]
TutWk
qaUo
X8}
Rq!a
|GyV
{lqY
}YX]6
Zy%Z
h wC
RP2v
(uo
I2GM
L,P\
03Pn
>ci
GGA(
C@sw
@q:.w
n.x7
mwtP
Kd@C[S5
C?0e
a t0vO
\zC;
2NTM
JRyV'
@mjh
UT9J
bX00
GetType
KZZh
_|-#1
TP]?
zZ7
o P% gp
^K^
!z{J}
l2EQ Q
vnh
y[ ;1J
Iw?Y
t(qI
TU`B
Ir1V
zbF%A
N#N1N]NTN
xJ;p
F@TE}
-S|V
^0o l
q+fz
6!6!
/ by
)b!$
M [G
Jj]%
NYN_NdNgN:N[NlN(NQNNN0NrNyN;NkNnNlNFNqN/N
hDn!#
L?[s:yIP
[/Ih
&@XX
vx6oh
.tG#@
@kmv
BCLPuG
z hH
5TAZ
yY N
) oZ
[pz
Wm
g 0E\
96"P
\Tw^:
8epcj
F!-3
00*
>i8kG/
Yn](0
i cs
ifxY
mZ~}1>
S:EO
ztShJ
0;NtN<NMN9N
#%F5
JtYI
l^Qe*
l+wJGQL
Q)No
cl+,
Q!H
0d4TDZv42wSblC3
]gHX
aryhK
{2"R
ov8gvQ
xu.t
@MN#
7d+
Xz]z
W !N
45}3D
AyFX
_*0]
iVV_
]i`#
.jk7U)
3}gN
5 tJ
d{O7
h9U<P
2kK] %
o[ 7
Am9P+
!{?V
/)']
1-59
Or-5`T
]2v/)
es&dP
:A.i
fwT_g6&Wsn
?/J~
7 2<
3*hF
.aKNg
/?`u
,[p~`
6d;p
Q M1
cWEd
n<e2sU|,
pni\;S)
Q36l|#5B,
k*up
g#e&B
R9r2
3^Ny
om::
wi3
?J(aH>
`MnQ
rA1d
p*R\C
@3]sm
MziJV
vMfA
_@)=+8qh
EPi3N
ayQu
N}N4NINDNPNKN
<({F
r< O
e^k?
tNI/
y-~P
H*kh
I3MIU461O6f5a2
|N#y
.F5)
h#l,
tiW?
_,PIc
d]$[Q.
M9>d
C ?:? N
|pKyq
]JM9
P?fR(
.N%J
i]x"
Zr12
h*JJ
Q5*jx
FS1o
?cPP'c
``,nB
qd-%:
N4N*N
2j5z`
o1+GY
! @5t
XaqO
[9_&
@rCTy7
9xy_
S"U'q
}:1;'b0
Wp$U
25GwqGZ
A`6=
\PPjY
aW&}U
~fc
1A1v
&B)8 7
!D:%[u
M/l%
t?)
\DAn
LP5p-
- N3N
Dj;E8
?5d
J8@A
_{9
6(^R
N*N4NmN[NqNPN!N\N
;i/WWI
X5j
|^KD
%st|3
"5#H3
N;!
,?{bW
/u%yxG
Rg~K
E|}h
3pv8
#Z;S
_!)`
+@s!
@ybDSX
bqw(
{y,d
jcLfs9
aLn\^:
BfZk
/+ y
6lz}
h@S?
lryZ/
} Vn
Z#RP8Ti
0 J
w ]O;-)
gD#_
A6E"O
lV/6
'dtK
vP 8`
wD~9L
w >)
> $9N
FAkU
^*.W
9S&
3 SF
W)wm(v
gp3(
3ge
rD+ q6
mW&u
1~sl
+GHc_y
X@5z
pa/HK
]?pyx*
<:a$
Q@~.P
g,3vY
&KG
4^E{i6l
GX)
y V|
C{q#
L//9
4 U{]}
B*5
1x.{ @s
6DY
_#*1
0uSv
Ov0M
m[[SXK
Z1S~t
_T}n~
rY>Mk
l%Rd
C{[,
}D~N
B3{h
FI,S
9="
ste
%JJl
"EAv
l9k^
Yndu
=1(;
{EXq
$q?&
CwQ>c
c@C1
/8:>)
_1Gw_
qm`e
pLS:
D BM
| 7?
NzN]NC
^oXJ>Gw
&Vdg
$O?:
80(Y
y5*+
{~|1
^7qGm
g(3p;@
4cS:
4qo2
(azD'/
7`sP8
01"U
jdzkc
Iln1
-,C!7n
G ag
~(.
d u
fY;
m /:
VU@c
v@
jqD
[B5L
U0,*
<)>
e"u[r
!.PT
aEW(U?
dm^L)
PKku
,Qo5
4=NQN}N
AN0#1
*oAnmEQ
i MY
}5:{
* e$
V,'(uc
Q d;T
q7 1
O@>8
-xx.?
tMS?
]n7M
-&f^(
t[/6
BqKl
Xp,s
8#&ym>/
$ U
g~X{^
Q9T6
2Q-tSlTD
`)Hg-
*fc:u9
S^6{
QJ;%n
}zw!
z:dLt
U;<VC
MwIo
QBP")}
su2
C|zo
by#{
nal!1
).Fh
BPbl
C5~S
9GU:
SPZ7
}_hg
|Ee^g
;C =g
ChAx
0_[z
lV|E
ms_=y
c2&CUV
g5km
+27'
5` M
N 3
57%l
`d%N
6J,Ng
!WS_
FvN:N]NMNDN
]{8
ohX[
:RzDP
(s>^
[ sF
;B!.
h*,@.I
Y:S):
{\]_
"bJ
Object
Zj>Nn,-al0
cY 1
q,}qF
sk@C35
.N/--
12G eS
Fik,
oe`e
lJ!Q'
u*^0m
c :8
N NBN
CFY-
FY4C
bl[2
System.Security.Cryptography
a-IQ
$gX5
?.
$KuE_R#
n`@:
yyFel}-
ZQ @
D uj
:C?
n Hs|ba
"fU5
5N" k
zxt2
QB 0z
i?%f
MIC
]Y="
.3ql
n4S([
"'D:
|;COFp
F19f
g yF
J[W~
RY~e
v}wq
]U=8
gp$K
j)=x
K]:;
V"}J
Tf G
N-N'NXN
]kR!"
vfyz5
rQzhdE
" -d
1N7IY
+DVy4
yQ FT
S.ac
F$CV
<7Q>
.F ;
Vnf+8m/
nSM*
|Kx6
d =r
get_Message
jYzm
XCm+-
rgHz9(
kF.:,
,U2P
I [ ,
nl#=HEv
1+G/6
[M>,
uz.
Z)J$
?}{*
q9sXX
NOa>H8
Ts:Z
J_<\'n
Y]+9
=~~
Ic W1
- *!vrq
)HO+
|.=s
oWy?B?
{lg EA
AuiP
/qC7
M @c
8ip
LL$Q
4)5+dQ
3 q+
ZC7SRI
'n9q
n7<5
oaPo
wKPn
>\B
lr_ `
`I^N
E?s
0JIz
Ks-9
Jgs!
{)$=
oRp2
C*?
J+Y"
_NQ
P, JrP
N]NpNbN}N9N
4<GJ
L=qV
OF,x
ASNPN^N~NeN N_NZN!N-N N
e KO
}[?pU
QWe9`
T0|F
/Ga2
@.reloc
N=NfNNNEN-N-N'N N
G65F
rz^%
z$#/
<+1Z
Y.uT
j012
$O>(
](ncYDRQ
SN!>8
s !5*
Yf#_3
aHA),1
1&d7be
JMff34
-Hcv)
KH&o
*0h?
,V,J
P0vg
{8 6
@# `
c g5
JN,wj
}'/x
Kb%p
VS'3'
5%I[A
) CkV
;%>q9
aXDT
V[dR5 E
W;j>
g+wa
lgk&
?rC%i
wx 2
K/0#
^]!Y;p
I0
13i11
4,W)A
B"jE
>!'S
v}]=
JbbKd
=H #
j# rj
?3 H
Ad7DS^m]
JUB,
Dk8a
;Dc8"
s Mr
Q J
N\AQFJ
oJrv
RU5NB
DR698
} .!
xhK5
D<*Yx
mIO9
KX0Fb
ObLPS
h3_(
gAkYL
QlHg/i
*, [-t
0pro
F$*FA
MessageBox
Kra(
mT 4
0Jy8zdWL1dEDIsk6
dxFRyCOUdhSN09i
7 oh
1H fi[
XM6&
{3mNKV*)
A 0}
tR~
:Cw,x
+D }
/NrU
XM U
Ak
TXk?+2
e5B(
mw`^
mJ9&
1N^N
l4o
T c'0v
C[(E
lrlq(.
QN74URa2zCOZFWR7
i Xh6
ma|
>Rx!
^bFh
aZeI
W#&P
k><n
G>CK;8
>> I
N 1a
*vbYb=
vT`3
,r%`
uC-&T
R}_
yRPI
haQ7
u"\;
E a*i2LK
.! b
H~J
RK(Q
9D\~
y;,\
6Tiu
RuntimeCompatibilityAttribute
NhN^NKN
+HI+#
hZD8
D}{g
'Vq
k-E'
~D~i
u8 "c_(
Assembly
gP \1
Gpr,s,
? 4 s8j
, N3N
.a"z4
hbt^
`y O
q4lx
!U9z|
s@5=
%p~L
n@~Ga
0F7V
)R GcS6
Va T/]xw?47
i43:
}crt
(:uT9
1-$B
odhKoIRnwB4Q9ETfcI
u| 2
+aXN
&<Dh
I;kBJ
Kzo/
\{K8
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
5hInwk
M+d
IfDg
A^{|
KuAMk
G]N#N[NON$N_N+NpNIN
.:Bv
EUj
6cS<
ox=9 w
.^my
x#VL
(T?e
y%]3
G'N'NwNFN[N
2r{/
gk_]
N NkN
,cM7
IMv2R
'=~iJ
Eg)W
neThM
5xN>N#N
%0d
o;/J
s 4s
Fcxk
D88MI
>S!:
m KO
@U.Q??
ZF*f
5Zw9xiXjR71CEDvOOT
dCcy
&Pxg
la+2
W%M=
v`88B
(!1atN
2] t^
Q` {/
Q9b]y
cDK?
=`1R
BxpbjiyhgG8a3RbYW
+N0#
Lo!f
B]UN<G
FY]}
h=i'
x@qq-
/G'8
;#v\
\(HT>
5 pC
T3{d
(q~N
!zP,#i<h
CsHZ
%Mv^S @
nJ/'
4gND
|hN;
<~2{
90_
$ojY
!r%3
{d7j
_!:m'
U7Qg
m rAoM
HxlZ
Y7!E
q <0
W}+M
R=~Y
YoT%Ge
TUEN+f
^t=(
bmN^
/oz\
vNNSo
Ux=r
&nvm
6c5
07W6
N%NvNAN9NtN&N#N
$mQ+
6_Af&
?>!R
F]N#N[NON$N_N+NpNIN
#IMV0
w3?
ohRA{
F6<3
N-8r
Q i4
\Ac%
uVUW
tb}b0
#Blob
0{-lY$
[Q.
@O4.
tDokyhSpW0ehgLme
+k;A
q65E-/
;vI
S1i[
lOhg
[z!x2:h
qdrx
g &CyF
XNOc(
;J&
;Kxg
MS[2
Kx%7V
MX\\.Z
z8rU,
j,}[
WBpA
_ rQ
+ 71lb
6q_Y
_LE5r
-[|:
O\XP
\@?t
:gJJ
"Z%
)$"l
dU3M
s+bZ
vk_
ag!Ty
xe7|
2&ZW
@^04
6s<$;i
o"<N=
6l!9
{u/(
HJ@#&
PrC$Wf
<8j2.
ijvo
] tk
x"T3
TPM6h
{f0")1
tJmg
'B@Y
vT95P
H>
LyMWO
hH(L
Qp|Y
Interaction
Us
cTWx
]7Hv
"28W6x
\U@@
%!;9
P='e &
mYwD\
_$ 5
' w
%}9g
ujzk^
mZTD,>O01:
xsA/
' K\o
+g1m
pV\ ^aI
<1q]
_GZR
p@A4U?q
Rb9Q
+!NC#
|EirBsCSiEN
!`5:\
7E*,
p>dw
(L\D
2n.}
?;xE}
XfPG
)sKs
4dOnE
.w0nf
"} >
_wiDU I
",L(
g_:g
#4?a
^ %{v0
d&F$!
6F1]_7
v|;B
xdEA
&1z0
l8o;
TDwp0
Wa"^
2urd
k^jU
U@^X
8Za[
b/I
xQxC
H5*=wHL
gfP\
%-EI
\c
nMNS
vzT>v
op_Equality
%av1;
3%W[V06(
"ce&
NxN)NuN.N N
r,(
}r<&EBF,Y
/A6bAK
u=A~{
7mSG
ff6a
RxGf
I>N
$< rx
Pj1I
rX8<i
zPg@
<~G{
;kR
x&miF
xxeA
GNR6
IVW +
81>[
3X4#
s'A?
NP1M3#r
@lDJ
BI`l
BeQuG1j5UM
0BAr
=a=-
D cW
]&}W
8UN3
h0k ;Z
#R
?w53t
?U[1
-Co5;
Dc@I$
Kxj5hT
[Wpa=
kOkFe
G_sdiM
lMpsBK
l-Z2M
nS*
%<&T*cj
_}M|
Q^,
xFTZ
zvzW
~Fl@c l?k
m~#T
2y$v
v,F
51R0=
+ nH
UF4V
c3X=1>
tmQEv
)vRE
t\c
+7&)
v 9B
IQW
ra*
@_WG;~
2, C+
B/8
@X(H
[@*[0[8
i |`
cu{QW?
[hH_
SS*a'
hm&y
.C}V^
@os3&
&K<C
k9lM:
3 De
#>p Y
kKLe
'cb08
3H9YA
Fo8:
WK,2q
>lb'_c&
]aOZ
7`,u
Z-6fk0l8T`
Qx(E
d Pt
4 N\NZN%N
=?h5
;{1k
5U:
CLwI
fE;&t.
b^q%
\-A QUn
PFy
b5h_f(
pK&S
6fJ?q
r=-6
)x9-
CallByName
j&\ES[e
ONm0
[KS-
5\wP{
%XZx
q'] *
NIN%NQN
v^z"
D MA
b8B<!
]9Xfy
/;<YY
$wX4
YDrA
>MhA
)S0y
ViAZ\V
OuJ+
j &d
dT:H)B
LmG !
THG p
q6w=$
VmpX
[*6W
Mn2(
qiFn
Nbb~
-%m\%
e/Mx
(.< y
d w'
r1 V\3
j*nn
}_E,
<aGL
ZD7 t
l[sHo44z8
Qs:tP
System.Reflection
"Re4>
1S[r
7!r"
b c
_fv`
pRrj
FR0>;
$ytP
N-;6
WrapNonExceptionThrows
U^4tH,
OhPg
~ya
Cu'~
3.Re
N&W6N
NMY
P[6k
NWNAN{NsNjN#N3N N.N3N
~1#M
[VXNE,
P-aw
F[r^8
Jn_ Y
4w# W
7O-N
;b&ls
5jV?
_WVJZ
/-dO'
GetMethods
{X.i
L:7-
6J:-5
M2NiNhNtN`N NmN-N NbN
CnZ1
Ab]G
r-M
cI-MF
t3Cn
pXU\ w
lQCJT
#IM $
f*1(
K^`Vj
(Et*;
aa!?
*BN>k:
= y
s3+*
+M[T{F-_:
(_&
5=NQN}N
W_T6t
& #-.\jD
f{L]
Rjb;
t1e<
12x6
9jBn
B2xB
8 }8
p`!y
F'N'NwNFN[N
"a{mqv
{;Cd
x#7~
vA3s
)3BL1K[
cs0C
~_w3
t:J
y|XP
Hj:E
v 3]
K2$*e:
\us%M
IIT/
@0QJ
%b*3
:Z f
I*+~%!
{QjT
tJrC
?gv<rlM
R0_?
[A/D
^.U
Fg _|
u'NU
m5D+4
[Gv|<Tn
;eNEN]N!NSNgN
Ny1
N!N5N
lWED
+Tj$P8
-=6
~pjY^5
,QpC2,E
I#N(w a
'mZt
7EON
N$NDN NaN1NkNyN
=aiH
?l\|ECJ
,#YO
81~Q~
*q IZJ
~)S"
' Qn
)P90
:e\5_V
u| C
+}6(
BMf*
=33aRy
csCW
w+\]
mP{cU
5\&
5PIg)k~
hvXY
_Lu_
bjb
${s)
,!Qc
\o8!4\_`
FF&3
jgZ-
/jtf7
-Nv"
i:I9
% V RV
~^OJ
kw*5
EEr
]QR/
!This program cannot be run in DOS mode. $
hB $l
F#0"L1
p5w,G
B7] n
\Rx3V
Y2rYF
E":E
\1}gr2
fX;I
RHhFn
"i>@
j [\
$sA3wC
I5/!MmJ
O?y/
<GNH
DP%
+~cIH[
{%Wm
SeM^
/|#F
!bg;
,5w|
wk~ND
cN30h8?W5
N%N?N)NLNrN
0Rg:
N?NmNnN
h}Ex
DqHZ
RS{P
@E1W
/Y!=
8 !
ConstructorInfo
N =T
*sym
R|NB
^_Qq<
[9S?
AC)D
$&V"
57Y%
:Cau
>nV>
Glf44
Jsmv
NRNtNCN
9l(~
-(?\
<o~jNe
+EKE
get_Name
Z+*S b
O<E~
X e
lLs_
p2X"
NnB0
^AY}
C=K'
ad55
9=Y
}^c!
\D/7
x$T{
~ZH|;23
7">7
y,TkqB{
Q{]7
/ fJLU
-\K
qz|U
F5R4
Fk%h
lJ)dK
Ydn'
K$eB
.xJ]
b `J
+.j9X
,Efy
&t+,
UE`]6
BSJB
u-V_
3A$\
:xN!
wu@6
}K@3
i<v]
4gss
SEbt
VGqXP
(.kK
0SgEupz0zUo36jaa
Y][9
.[xl
+'UI
NtNWN
Y^y2I
hVB\
V<!S
7/a>
>*jY
P)J
Y7U^
8o'N
I_|M
h~OI
/f^G
3sQ$
aT$g
F?JB
w'
tT>oH8
tdn)R
I,,)
Gk 8
RiJn)
Qu2J
iA%M
$ J
#P-b
c4b.
z{cfWr
=U(n]
.h;Tw
v<@w
4m q
[VTa
<[4o
1;NtN<NMN9N
F}5 `f
hjRc
mu{R
"&/_]
jK/z,
:a)
/MVs
& +f
j1@_
xWYaeYy
y1AM
mLz}
J4~m
bOf9
^MzW
9%{>zb
7csR
3kJJ'
L{gP
>lv
pF0n
PDAn
U" ihL|U
5gZm
S 0AK
s WG?B
|+_fm
Ng%
fk"K
P,n6A
RijndaelManaged
q`9Z{
[@EIV
6k{Y
lx^ !ig
I~iO
)uuC
8 *#)<
PEQ-j
^W^q
]H_ jI
qmzVOA
q G
#d>m
5J1
N Nqa
ne[/
51oE
h p*-X
D:rm'
X5=_/
mU @
3ttG=
8wj.8p
83N>n
j*&,$
m"ae
/Q=l
&)J
wvR)
eG2B
=4D&_
Lrg)Y;
dl}5c~+
(_37
`l@r+hG
YSN%-w
nxdP\%| Z
o,c;F
u5z&
V*6QD
X<<P
Zo3jU
{7Ah@_>')
!~1
iCBnD'
2]\
IRNYN.N
;#g>
set_Key
xdsU.
HB \D
B9}QU
OMZOy^
%#l%
aji6
hLO!
Ft9GIjzc22Cm7mJd
q.%,q7{
@bJ{
UZ-(
lL(ye k
}Bu!![rE
0`Y.
^kG
vHO$
5 N\NZN%N
e.Fp
w@s,
@_UW&~'
1W'lyB
~Ho.
eTrI
"jcG
NJNgN$N NBNMN
qoX_qn
w5>$
BSE(
}h[
I%eK
Ca)d
~ZBt
}Al9
oD-4_
MethodInfo
YI-^
Ho;D
'm[#
i|9a
Y!Xec
\hKR
]Nf}W0{
!7,g ]
qM'}@A
_qf!
1O]m
String
&MPw
_2h*$r
"xpN~{b
*vKJ8"p
5O[?
_U:9c
e8eY
xS[dl0:
CallType
fb4FY
_XX>^s{
y4Hp
)i'pdO
:Ezd
%s<*
GZS'
`g 9|
( =O
zD;h
!vBFp
No>qH
v[of
Ip <
-?9G
y[?x
%dz
%1+a
H,:_
49o9t=c{
CD<i
N9NENkNkN0NoN
RU:W
,5v(
}<yI
2^]B
'R@P
WaJz
nK;mE
"#,>
#j]l
*0~
0R/f
-#i%`
=8) ^|
*)Bq
%OCN
8|x[e
mJ]pf!V
=L<Z
_]V2
^H~*
`>Nq
+V/ i
}9E 7
zsM-l
~i\c'3h
Microsoft.VisualBasic
;9.#
U'(c
N!N5Nz
hPF1
j)euy
~|;k
}W1nE
OJ\R kWt
uOEd
ixDV5
(WF
(iqh
}8aQ
{+xD
Sv!O,fEw:#
4U|O
zv+s6
GML&3
1{h4
Udg!
ldnjM
>M^dO\
^\AGxN
p* 5
(7#7
5e6V
_\]L\
{WOYQ
R>:rBAm
c S36
7Ik,
c| X-
V#`P
ONM<G
0Ld g
+[6W
c;?"
NhA.
zj:eR
Y0;,
'TZ)
FysU
FvG
Y$+QyR+
b(@X
n|>I:
A 60}
=*m}
Bs\:!'UA
r_[T'
kLvlFw
Wn59
L+qs
"Qb8
`; E*
hk!j -
qIJ;R
{~,4
Rw2U+
wn~O
/NnI
R|]v
!WbC
NtNWN^a
P3;MU
d"2'
Ix '
%~U1
=r .,
\/ni2G
>.Ff
G8|d
<+@lf
j&r9
5$q*
z] ,
f):]
}b@yP
NtN1NsN4N1N
46qp
_,(V
5(.@
" dC
SgO ~E
JK!3
Z5ph
Vc"6
>tyO
gZ<!
!,ED
xXpY
E(m1
[J/C
yfle
tRrO
4G(k
Y@*S
Avj]
Rt91
L`*:
z0{L;
6 Q~
P@zu
t@Fb
h&;cV
KYx
k?Ol=
/$$pK}6
~'+ot
gH\'
~g u
mnHi}
N1NfNpN
%`$.
+55
kdk"y
&]~*
|IMR
v PE
]:C3
NdNMN{N
At)_
-XG+.A
^ 'XgT
9Yri
s `TO
+1B9
W).9\
wrA^|
]IiM
_@ ;
RUrq%O_
{0~5Z
V0pnqt
>P=Xk
)w`r`
^W N~
RhI
`wpw
jz,
NzNkNvN]NBNiN N}NsN<N
*'g9
M*VY
n[,
q!N0
N`N"N
pE:%QnPa
L.Ui
ZP I
iu;;
Q;g64
F: :
"'Y_
;^E z
2z{uD
0n]k
>Xp]
`i`k
'6w
%n0<
y s6y
YGn@.rk
Show
N*NTNkN
};cSO~
v#[L<
O.>m+
2oUX6(w
BROu$_
t!Zy
Type
2udnvoUN
:XA/
RNZ/*
m]f;
GetExecutingAssembly
H5\F
brY'
ACj9
#zc ]
a\GGf
ohO`A
[ Xw
LL`IY
hTB
yolG
(l{T@
@v:?
_CorExeMain
_h:d
,0x^63rNj
6k)U=
~4M o
YhL]
NLN N
x/Hm
&=He[
i'pc
_@Bq
zBo'
b0w
FL[5
v& E
L=tZ
%, pB
)\h#dh_
!|j<
)9' m
uy;>
@6*6
Pq$ HY
H{[z
Vo\rZ
E=(N.
g`i>
~ci[
<eol
D N N
o>U_
" c)
#M&
#MBeL
)P M{
! f
X2=*;
I|>nR1
J/[$z
_5]f
*2is
~uW>
\ _pw
jV(}
v`3^
VW6D8
F"Lq
]u4Q
fAK PU
i2v$
d_Sw
pq3
SpcZ
_ L
A\]>
2[mU)`
>pZ=
w A.
qTQ
05GOc
l.y'
ekX>
A #]
<h9
@\h t
0D3S3
SlkW|<
A:/E
Q7%o
2?X>
?_,z?
HTh:
HtoY
gt Qp
ug@_B
Z\#~C
Be- .
-T7-
|av6
[M5
F:Fl
>'l;u
fZ!`
+3!9!
;rb4
a w`
0h{/sS
$&/ v
hh8%
r9`kP@
N5N}NAN#N[N
8X)R
jPlT
vzv6
&$v.Y
9<es
8(!e
k9P#*
b> 3
{?H2
2 j{
%^{R
tR%% 4{P
sft)
Y>qS
DptNuE
!8scI
WN0X%
.$? ^X
vgs:8w
System.Collections.Generic
_uY_^
QtJi
rMk* Ibp
N&-%P #
%Fxw
MK=PyA
{'"n
RpVR`
u/*k
+s);
TZ^I
)Mq7 9
y ("
$mUa>N
8 g*q
)E$c;`
NgN~NSN[NbN>NKN-N$NFNwN*N N|N
jC)-}
+oS/
M\h.
^ d
N%NkNMN_N
2 Q}
Kh<
$1[:6
>tZ~
`$W<\=(
hktM
Lia`"
b Gc@
rYDK
NziEQ
R?,wE
>Gc a
Hj93
Py4t
(.i{
bfF>#7
zD+>
]1Nq
pW!p
"H;X
OA\Y
7D}AC
E}!8
.oRV8
7rFbY/
ShyZ*
G[q5L
`?_e
27Z\:3
6f!*
(:'M
@KIW
Gtd8.
PPCfW|3
oGgA
*<hH
_+.4VE
8@_C
qach
d#je
['Cy
hs#4
| z&O
h R=YTiM
rd F
0@ ]wY
Zl K^3O
=U E
gLSd
JlL7%
UvvN
lQT
Z+Ou
% x
,eM7
N5mQ^
/sL=
xMIp
%r8c7
iC@c
Ko Ax
WNMEE0
*I!}
F%yy
7(4FR!
BbNXNgNsNRN5N{N
7lkz
@Qe)
N/NfNONDNVN
pg/.
nb{5
:'NiN:NAN-N~N8N
sMS3
P#DhF
ofpi
6)W$
ik<%
(zq(
^sVT
%P+H
NnN}N>N(N2N~N
NcN7N
@mYFE
+P={
`tim
O.4FgC
[3 _
,Ka}
79t:
r@r)b-
,p._N(`
.t( >U
NYN9N~N=N&N N
?,hhK
6; BS
[Kac
NUN{N
06yv/
7vm
.o n
fAL
"J-
l'5+
=U7
WUW
qFA:
Y-Q$
*D 3C
w]Rd
c[/?
LZ"u n
&Gze
3W8
)VA G
$y8J
E6V
:9[C
P1t@|'
&%DV<m
7X f2
\2{m8A;
WZ`X
McA%
TJ[%_
zl7!
<e AP&
LmxW
n3b |
3B*4
QWn@`/
l^@*
LY41fd
Invoke
N<ts
5$;C
lVm@n
>,mM
dh+k
:E <
fg0Z}
<q!
pjQ6
C:c
a*N-
s*/V
g/$O
lj7=w
;2U)
5 NqNnNZN<N[NqN8N
S fA
rF:S
) KD
KSY%
fPRV-2(}
H[Y|4&
]IJ f
?eUG
h%?d)g
5)>s'
}O9o
j{\ _$I
XA-$br<
NjkZ
wp5T`
Q LX
gBqR
Li9u
n%Z/
U_#]V
j/yj
G[ny
l%d.(~
F/%F
'adxiU
<q{
%adB
i-FAa
,>A
E M=
UQPVD
27!E
bB3% %
!KpwF
PiA#G C
Y3@qN
VK{5
G6 v
0 9i
WC)m
kDgS
dl4<
Q^1t%
spB OY
P0Ps)
T$::
!R`4
rpLD~'
wGHa
( t Q
KFsH?
rZyd
!FNA
@ly
(ACC
YB'0
ns5_
AT+
XV&_=
']GE%
~#hg
System.Threading
T=;
udDI
SKa2
NmNgN N@N=NBNDNeNTN<N
GGrF
9UrZG7M
J WF(
uH5
fl"
491?
!c8Q
-f2d
`XL\x
="]R
br#(
:$U;3
g&quP}
#DsX
KB{3
:eNEN]N!NSNgN
XGTy
sv("
-aOx
Kg;l
;fV(
JCeD
f#R2/
'QG=+
9_@?
y_MW
)d|B|9
<W8/
bg\|
-)^5E{
{&S*
dS]
NyN N2N=NRN NmN
d;
#kUJ
dzK|H
/%?h
p_t2
%%zPU#8
tzO2
?]PP
]6#
+Z_wY
Ch$?6
43t!
^xY4
plt'
Z&3>M
8w4v5
t|hD
e%8U
#-=2
3}MO
YJX{";
q<]0o
set_IV
GvN:N]NMNDN
nlj#
!b,9
HsB%
Gm|J
knXQ;
.Q"%F
|V_F7i
zja{
[O.
#q{]
eCs<
XiIy
w6&"=
%HMR*
62tC
Kg3+Q
m6'V
nf&r
/dIrV<
H6P1.
hnbCjR[A
VXh/
/+.WP
86G
@Z#!
_9z%
u=wQ
'm:U
^,]bly
`~.j
R'o
gK,2W,4%
CbNXNgNsNRN5N{N
\h*+
?BX,~T
`U298x
`Ah\
)^V%
[ e0?
52,z
^Km#
xk,
3vOdo
#v8Mk,
U)gd
/S[Z]
"yLb
` :8yK=
,+I7/
|$(P
a$N
VJaTaefxwiYdz46r7
E{r
vGBg
@a;lO
YI:V
Z9Q\"
8sY;RK
Vkz,
O@1f
SUi.
9>WA
loGg
S^1Fi
.C2H
EFRg
v2.0.50727
6#ls
dYKx
Z2a:
*?|=?-
]~Rw
HZ.6 /
g!z@
&,z*
Ox}R
xoF3J
D oC
XHx:
00zQ
P](\+
(KI+
z_vZ8
m{[n
n^X \
@n}|
^'=k
T^.YO
)Qs|
vqf,
?v$J
(//x
Z7@^P
-L\_.
Nef+
^4PD
N|NqN N\N N
S&n&)
3xj<f
G[~Y7
N*N9NnNEN
yi]
SL&j!
#k+$,z
zL{
NR' c
PP(+
[03`
k)[%/uF
c1-OO
/J!52I0^M jcJ
^x|
S:\|
D8]O
g?o^
SymmetricAlgorithm
Sr<)
\A P
*Tl<
U-\/
^KL/
0A~;
@ 3X
rI.@
"b]LB%
AC-"
{QG7
[Nk@
^K0
i9Ca
-'g>
M`Nd
+=:%G"a
u!5w
Rexp
YMIl
tc`)
ORSr
; W
^1jz
FvPs
fQ
)U-<
9p"Mww
cR1g
'=xE>
?ivlF
5G5R<
E2|=
#~'y
[c:;[kP
y@)
C]d,
h=L
^Y:KZ
ybm
\6yd
; `G
p= Q
h9&vz
#./GJ`
)2iu b=
b='\
Exception
xWL+
7tEY
9 f
rz `gV
L8,*
&)46F
fm<m
tV+OYv
nMzG
N6/z
!;3<
:B6
>}+'
7B%A
=p Nekm
HRNYN.N
NLN!f
p3Pq
#_|d\1
k_~9Y
F`6A
i2%03
NONpNEN
=~>@
n[pc
-9*=
R3"(^
"KE.
_1{C
oA!YN_
N#NaN.N
@y|
!1lO
.h{BB7
dn&c
-:I6
B B"
QL3d
&?!]
System.Runtime.CompilerServices
z,wZ
\=NK
MXM7"
Tdxka
vs&>{y
:Qlo
X!hg
[(9n
fVi
rb'+
8>E/
?MykW
."d8
CR7]
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
k'#6
yEznB
ff|6W
"|'L
CHs`CM
s8i)
m/~(
^eph
M>p
:LuB
yq^ .
lG68
Q0J
3V>8
v|2g\C
NXNLN
=m (X
+1Ew
zf7F
8je9
#yan}iW
-? z
js&_
@=YU
~ H&did0
`U XVyn.
o(8N:
JqT{J
]1ReBQ
#]jz/
L7wZ6
{2&>">O
+k,>D<)\
XVvi
N-N#NcN)NhNtN
TransformFinalBlock
msU-
=Oa1
p;"I*] q
4-uD
J^gD
cXUZe
`F
1tY5
*`'s
+%,E
0\qGk`;
<]lD
0kPd|{
Gl.[
vc2`
9HOz
Ik'a*z
o)b~.
N(NiNJNwN>NIN
=opw
rk2q
v[`<
&h [s
I[_2@&iT
ew o
$dK[
XFFJheTQ2sLD2Wf560O
} 7{h
rsQe
WXB|{<
NtNPNUN.N
q. Z@`
^>dh
EoHI
XyRp
Kl)W
dQH" J
u]w*
JfhMb
50 o}
y%;
panj C`
)g}S
h$ E
]?&U
/Q T
|&Ao
~K'
PLo
x0F
5_JG
^A!K
Upl'
:'C}
_<KT
`AD V
DyGO0fb1cRi
H Ct
;r":D
xA90
C N]
L\c {
i|U X
1 ;`
Gg9Hi?Z*Y6C-5
t]LgY
Jhg'Y_`?
E N N
RD7ND
vqHZ
`EbT
|"s[
rrIf
:7G5
f`k*
= +ks
quotation
S\A$D
}dI3
=(?N
N|N(NpN]NoNLN NLN
t4 -
Z;Wn
%Mf3o
/%`^%F
\ jI
= @TJ*
Iv~=9
nR~3
R,9l_
YMx?
i/Y,
? -gS
BcmI
~o^1=
Oq
wc$h
Nl~+dj
/D|)
cH1!'z
1pwwa
'K-\
N"N%NrNXN
L@4B~
NGN:N
GxG
(j`N
R <{ ;
/_tJ
Saew
3wSu
4I>|
#GUID
%l`=
~ nk
N{N1N"NoN
My?c
pV^3,@
NCNQNHN)N,N
. (*
`0w_
$HRs
pzE!
N9}NV
eC^[l
@;6N
:#M
x$k$Q
mpir;q
ZlaL
n4x\
^~yZ
^^ rJnU
W%FR
r{6_#v
(ShU
O.7VR
nhh&\
sc;=SH
1#|w
XjYFM
\}bt
,vz|
PE/)S
)Wsa
ScF^
IKFs`
-M t
?(X|
yE0Mb1d2DQFpG5bB
ysBH
cdfT
F yt
_]:Q$
)* r
{eSi
DL 8
runLI
c0 y
s SV}u
mNF
9 |{"iee
Bk6.
v@sE
0xf!
[>28
mscorlib
Thread
cuaI
&$ Q
a.@?
`hW
#g+/W
$-5~
DWa R
{Y]Fd
nvGF
@<`!O
AR *X
, !?4
9TY16
v4uD
~rv)
9|4[v$
~76K
!VV55AX
ON{?[to<
d"ie
=&(f
K~L
fi:-
N=N0N
]yT
[oUs
7c b
'>6x
B)w$d*
[.tC
VG^7
fMXg
\<7'
N>L hW}=y1
4c,e
\+w
\{ E
N<N)NfN>NPN+N{N;NjN[N:NQN
p;.TJ
a3VuR
C(~r
F>KJ
cxwfJle
_(*yX
o&|g
H>Q70}~x
W^s* ?
/dJ!
;'NiN:NAN-N~N8N
N8a5/
;a~U
7_Zg
d,Qe`KB
CvcZ
s,5 &
Y~+$O
lMP+
vVL%
&a$\B{
sG@\
VV|}
kzi\I *
3:w<
x#=9
95H
NIN=N!NBNDNLN
.$0W
I{}Q
/ul?
JXvQ
$mEl
f.'`
VgD;
RaXwXQ
S4oJr
iJ7-
".I{
!y5yGV
X$?vD
n =j
.NN#
mscoree.dll
q +0
x7V@
Kj&y
;vH(hF@
_U?x"{
,-Wo
\{C_
~QY=
ZjV sR
q!XV
ArKV@
_f )P6?A
BNy$
AK=,
Q*J\,\
l7.
3zhHh
@FBh@
RO j
uaUhx
8A#Cq
S_}q
!DD
|F1pW
zyXC
4fjj
0pzl
JXZ4
/\r@%
ooUs
]!(5
[t0q
)xCBxv
NBW<
Z)z_
It}@!
Qf1R
1x!Y
*xqm
n a&
nR`~
=r|:B,
t$ 4
.cctor
CWgr
Jl(9D
B7/5
_&}q
M4&_nwD
r[:E
V0?s{7
Twr`D0
&U}/3Y
+ a;er
kHlA
XvW(#^)F
Z6 f7
* .J
+Q@x
"36
3 ]l
z^DJ
c<?osc
0ZtsE\
g}A5
)k9
Q'\f
=Y8Y
L !9
[gmn
"RUfx
;)((
0Q:5=
0T:4
&bH?
hLVO
;Oh$
]X;Q
3]E8B^
a063
Bsn 0D%2X
b6
eK7USTF0sxFrrfb2
&j({
>HVd
I(MY
"gZ{y
'Sw
S ,K3
] pS
NkNVN6N
vF &eX^
u\dTS
9 m_
Vgn5
Sleep
1eQI
WpKC
4%
~SFL
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2017-08-31 00:37:44 2017-08-31 00:40:35 171

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2017-08-31 00:37:44 2017-08-31 00:40:35 171

9 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\quotation.exe.config
C:\Users\Seven01\AppData\Local\Temp\quotation.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\quotation.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\quotation.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\quotation.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\quotation.resources\quotation.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\quotation.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\quotation.resources\quotation.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\quotation.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\quotation.resources\quotation.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\quotation.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\quotation.resources\quotation.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Users\Seven01\Desktop
C:\Users\Seven01\Desktop\filename.exe
\Device\NamedPipe\
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2500.33642359
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2500.33642359
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2500.33642406
C:\Windows\System32\Branding\Basebrd\Basebrd.dll
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\quotation.exe.config
C:\Users\Seven01\AppData\Local\Temp\quotation.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
\Device\NamedPipe\
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui

Write Files

C:\Users\Seven01\Desktop\filename.exe

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2500.33642359
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2500.33642359
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2500.33642406

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quotation.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\23f6a2cd\3ab60acd
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\c8acfe3\1fb093ca
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|quotation.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|quotation.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|quotation.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\c8acfe3\5b9ca2ae
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.VirtualProtect
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.VirtualAllocEx
ntdll.dll.NtGetContextThread
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
ntdll.dll.NtSetContextThread
kernel32.dll.Wow64SetThreadContext
ntdll.dll.NtProtectVirtualMemory
ntdll.dll.NtWriteVirtualMemory
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtTerminateProcess
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtQuerySystemInformation
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.GetModuleFileNameW
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.LocalFree
kernel32.dll.CreatePipe
kernel32.dll.DuplicateHandle
kernel32.dll.GetStdHandle
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.CreateProcessW
kernel32.dll.GetFileType
kernel32.dll.GetConsoleCP
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.WriteFile
ole32.dll.CoUninitialize
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.SetThreadUILanguage
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle

Execute Commands

"cmd"

Started Services

Nothing to display

Created Services

Nothing to display

Detected family: #Barys

TheSystem Itself @ 2017-08-31 00:48:02