MalScore
100/100
MalFamily
Bladabindi

928923

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 48/68 Related 2714
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 117.50 KB (120320 bytes)
Compile time: 2017-09-29 14:03:43
MD5: 3ed891595a4136d07a93ddda2fddef26
SHA1: c732854dcf342811a647e5078b8717fc3c437dee
SHA256: a5e6a2123eb7ab50e28da3348ecd6d4edf4c73a6a3e6a28f6b46bd444aae9574
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-03-28 00:00:03
Last submission: 2018-03-28 00:00:03
Filename detected: - 928923 (1)
URL file hosting
hXXp://jessesilva.000webhostapp.com/files/928923VirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-12-30 20:13:11 [48/68] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x1bcd4 114176 5479cd3fb7221f10e0553931e72b1f5f fceb448ef1cadf7f6aad62c9e4d0dad78dd73520
.rsrc 0x1e000 0x1400 5120 b3e90271d40f4af6a983cf807f655060 23d116b14be08073e9a8dcc9a005d382729890b7
.reloc 0x20000 0xc 512 102d4e71f154511121be244ddb551ef8 c81599781e8a5e6697cef067a44e2c21e99bd0f4
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x1e698 296 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x1e7c0 34 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x1e160 588 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x1e7e8 2661 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 1.0.0.0
InternalName: Security.exe
FileVersion: 1.0.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: Security.exe
ProductVersion: 1.0.0.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Text
melt.txt
FIle type: Library
USER32.dll
KERNEL32.dll
mscoree.dll
AVICAP32.dll
IP Found
127.0.0.1
URL(s)
http://www.w3.org/2001/XMLSchema-instance
String too long
GUKVoqqHIyHyqJIJurHYZLySTSGJGJuPpUEAETYZYERNwGEMLVGFMTuWGqYKJHFQOrFTPRYorKIDUUDDZkFVULA
AVNqrSPlQZGGCXTGVDIRuuFDuGSPipyXlAGSNKFGQEVZuyGPFQRqFrVFXZFQXSrkFPFuDkEHGYRyZPHOwZPZDOFPJruXEruYJruSU
LAGJTHqkPYXQwXPUWRGWRZSZkQQWEDoZYGeHLCGYFXwUFeRArewePHHSFrKkErZDZYSHMGLYUYELQDDuGLVDXDRFiAPVolCySi
IRFKWDKIAeGGWFRHpHFRYrDKXCVVCDQCFGZWRSQZFtQTRrPYFAZweZGRFNXiUZYwKRZSQtXFHDIPOJGZYZuUNeKQJDYFR
HHyAHQGqFCkFHZRXiqJLXYGYWCrIHGYtuKDSYGGrRroSQUqGVYGyqPXPZGYoPAYKWULKFDTwQVWyHyVDQPOMQVYTRpAtSqOOUuD
JRUkFLGZOJFKXUkXTZGIZGrESYuVkrrPFGokHDEYHSOqHGARSKTYAHYGDQHOuUORWQuNVDZIVBrGGIQUFVHkEGCRSHWL
FURoYLPeALVVYHwqeDOZDZKSGPPYeuVQyODYHqkHGlIEFtNMGZHkFGZUUHwFGUDrCFHZLDGSqELWOyBVFSPFuZpRtOUkPiQGHSYDPrJSSrMoDDGOVKLoQHMVSSAJDKOkBGGSRDYwYHPQZKVXEQSQtoDRYptRDRGHI
GQIYePrRqrWYowOGVeJUYQPEOEPPUFqFDYPGCOMZeuErVPFGXDHFQZQqTyWYGDGQPkXFySPWAQkFGHRFFHYZkD
UZwWrYYIJPUuSBOSSLKkPEUGNqHwooMrwQiFAYOZwrOHZFYFPGTKPVHHFPYyFXJDrOUQGEFATYVESqJURXZQXWUFPZTXpHEHuYYLCYEywIQYJDGVJJZPFGFHeZSRVeH
EODGIwJRZZDlZpDrZFRtirBKiESpVQFFSkQFoYArOJUyiOuEGSLOkSSGwHpoVQwpUNQZqFiSyAqHPSZDODUQUHuGFRWHFA
rDTSYDDBkFSRDODQVuewFRFVZtLYUoJUQXwETQMJoyECDQXOpGywSuSSDFSQTGWtOZQkXYuPFRPJAEuFXL
LySKyRrFJUREoHDuOyNHDVHAKQUVeHGkYVVJTeEONQKuARFSGZGZNMGPPuSIHpAVEYZDDDGVUJLuKAQrPUkZVOpLQYTeHXkUHrrwZ
SVASQCMVyDeYPRAtGSXPEQZuIITGZEQFYWBLrRYXGYGeQrVQXJCDYuBRUWKHwQCUQMIBHOPEyMJPCFeSUOYWFwIUQDrUGTOZGuXWpP
SEApZGekOYGFtGBQGIGVSPpEOMYFuQZGFVGDZHIRZVSDHGGQkOFVQyRRKIWRPPTtIFAFGTUZUUHSVYFOHkIMeG
PPGLOPORYqSPXHBDoOCRSLIZRVLQHJVDSZIHQqOZNXIHZFTVRTDEJRRGGoSSkKryyUeWUoSXPDYqXOOLDOQQ
HerCRHqkHqYHDlLENDYWQpLSBXreXGGMREGGXPFoROZqqqyFNrRikHFXGDrTDqXHeeSHqYDRRTXAYrVTYYZp
Qm90TkVU
Qgx
oss
BlocKPage
osk
AliceBlue
ENABLE
osS
Software\Microsoft\Windows\CurrentVersion\Policies\System
Registry
ChamaFrmGerenciadorr
ChamaFormGerenciadorTareefeas
cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Desktop
LegalCopyright
False
ProcessSplit
subs21oab.duckdns.org
FileName
OSFullName
Kill
Disconnect
shutdown -r -t 00
PararrServicesss
FinalizarServicoss
RedirectStandardError
00-00-0000
E Preciso Executar Como Administrador Para Iniciar o Software
Available
%||%
127.0.0.1
1.0.0.0
RestarttProcesss
PictureBox1
WaitForExit
True
WinForms_SeeInnerException
wireshark
CreateInstance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
ProcessorNameString
InternalName
EnviarImagemTerrorrr
CreateNoWindow
|VideosG|
EsconderBarraDeTarefas
.tmp
.exe
ClassesRoot
KB
YesNo
PermisaoStartUpp
thaexp.exe
ExecQuery
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Shell_traywnd
|PFecharSkyppee|
Notepad.exe
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f
Foda-se
{LQW4-ER63-JUT6-1QW4-97RW}
Restart
o foi Poss
rios
CAP
UninstallString
SendTimeout
FinalizarProcesss
BIOSVendor
ProgramFiles
NetSnifferCs
Translation
DeleteSubKey
MyDocuments
ChamaFrmServi
del
ERR
0.3
Contains
|BaixarArquivoG|
27ms
127.0.0.1
%|%
melt.txt
%DIRET%%|%
EnviarDadosConexaooo
YesNoCancel
DownloadData
FileVersion
GetValueNames
ExcluirKeyyy
njq8
EnviarStartupsssa
OriginalFilename
ExcluirArquivoStartUp
ShiftKeyDown
cmd.exe /C attrib +s +h "
OpenSubKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Dispose
GetValueKind
|WindowsG|
OKCancel
|PIniciarSkyppee|
IPBlocker
[TAP]
EnableFirewall
NoRun
Lbs
AbortRetryIgnore
netsh.exe firewall set opmode enable
EnviarServidorChamaFormClipboard
Poll
PermisaopServi
RedirectStandardOutput
%CU_ONCE%.|.
InstallDir
RegisteredOrganization
TEMP
|RenomearArquivoG|
procexp
ret
C:\WINDOWS\system32\drivers\etc\hosts
Connected
GB
dd-MM-yyyy
bla
None
Receive
|ExcluirArquivoG|
ReceiveTimeout
Property can only be set to Nothing
ProcessName
schtasks /create /sc minute /mo 1 /tn StUpdate /tr
ProductId
AtualizarrServicesss
WinForms_RecursiveFormCreate
EnviarDadosssServi
ILSpy
Microsoft Corporation
length
C:\Windows
yy/MM/dd
SpyTheSpy
ProductVersion
RetryCancel
GetValue
Start
Hand
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
PROCESSOR_ARCHITECTURE
SendBufferSize
|-|
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f
VS_VERSION_INFO
|RenomearPastaG|
Desativado
rsc
/StUpdate.exe
NovoClipboard
!np
|AtualizarG|
|EnviarArquivoMineG|
netsh.exe firewall set opmode disable
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 0 /f
History
Data
|Coringa|
EnviarMensagemFakker
Connect
Shutdown
ChamaFrmStartUpsss
354835
Java Update
|MusicasG|
cmd.exe /C attrib -s -h "
Software\
0000000
OpenPage
cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
WindowStyle
Users
vel Detectar AV|Coringa|
|DesktopG|
PBaixarArquivoURL
Software\Microsoft\Windows\CurrentVersion\RunOnce\
Software\Microsoft\Windows\CurrentVersion\Run
%CU_EXPLO%.|.
IniciarrServicesss
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
Off
Name
C:\Windows\explorer.exe|C:\Windows\regedit.exe|C:\Windows\System32\taskmgr.exe|C:\Windows\System32\cmd.exe|
apateDNS
Tempor
displayName
Windows Update.exe
\Videos
netsh firewall add allowedprogram "
Client
Adobe Update
DisableCMD
EnviarDesktooopp
\Downloads
ChamaListProcesss
C:\Windows\SysWow64\drivers\etc\hosts
SystemDrive
Coringa-RAT
PausarrServicesss
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
*.*
EnviarDadosServi
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 1 /f
ChamaFrmMensagemms
UseShellExecute
"C#1I
Segundos.
CodeReflect
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 0 /f
rss
Assembly Version
MyPictures
EnviarListaProgramas
netsh firewall delete allowedprogram "
PrimaryAdapterString
AppData
SbieCtrl
Question
Send
ChamaFormSkypeee
DeleteValue
%MA_RUN%.|.
DeleteSubKeyTree
Info
Sandboxie Control
cmd.exe
TiGeR-Firewall
EnviarPermitirForm
MeuTextoClipboard
FormClipboard
%DIISC%%|%
Directory
EnviarPermisaaaoMensagem
Identifier
DisableTaskMgr
EnviarConxaoooodd
CapsLock
ExecutarInvisivel
ExcluirKeyllogger
Permisaoconesaosss
Select * From AntiVirusProduct
CreateSubKey
SEE_MASK_NOZONECHECKS
winmgmts:\\.\root\SecurityCenter2
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
UserProfile
ChamaFormProgramas
image/jpeg
C:\Users\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winsat
%FOLD_UP%.|.
|ImagensG|
SuspenderProcesss
EnviarClickMauser
taskmgr
Software\Microsoft\Windows\CurrentVersion\Run\
BIOSReleaseDate
DesinsTalarProgramass
StandardInput
N/A
MostrarBarraDeTarefas
Software
c#1c
CommonProgramFiles
MB
ContinuarServicesss
EnviarPermisaoDeInfomacaoParaServidor
Write
MonitorOFF
??/??/??
Skype Update
%FILESS%%|%
|DownloadsG|
%MA_ONCE%.|.
Nenhum Keylogger...
Favorites
FrmSustos
Software\Microsoft\Windows\CurrentVersion\Uninstall
http
TextoClipboard
ChamaFrmTerrorrr
000004b0
ExecutarComandoServicess
FileDescription
off
MainWindowTitle
|DiscosG|
EnableRaisingEvents
StartInfo
|VisualizarG|
PermissaoFrmURL
Minutos,
exeinfoPE
PermisaoGJanelas
Vnt
Asterisk
ChamaFrmConexaoo
InternetCache
LocalApplicationData
processhacker
!tx1
cmd.exe /C ping 0 & del
msconfig
Programs
Length
Position
Reflector
Cookies
SetValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Dias,
Warning
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
DisplayName
VarFileInfo
BeginErrorReadLine
System
smsniff
\Microsoft\svchost.exe
Meu@
EnviaResultadoInformacoes
PegarProcessos
#0.00
%CU_RUN%.|.
!gc
ChamaFrmBaixaURL
UP:
ReceiveBufferSize
PrimsaoFormProgramas
shutdown -s -t 00
Ativado
SystemProductName
MonitorON
MyMusic
PermisaoFrmTerrror
EnviarBaixaArquivoG
LocalMachine
|NavegarG|
act
EnviarPermitirFormJanelas
[endof]
ChamaFrmVisualizar
ToArray
PermisaoGerenciadorMineee
spreading
[ENTER]
Add
EnviarResultadoGerenciadorrr
%MA_EXPLO%.|.
ProgramData
|SistemaG|
start
PermisaoSkypeForm
{0}|{1}|{2}
EnviarJanelasFf
Security.exe
EnviarPermisaoGerenciador
ChamaFormDesktop
BIOSVersion
temp
Software\Policies\Microsoft\Windows\System
TextoInformacoes
FullName
LiiiistaProgramas
Windows Update
CurrentUser
-based PC
|InicializarG|
inv
C:\Windows\System32\drivers\etc\hosts
|ArProgramasG|
dnSpy
EnviarMauserMove
BeginOutputReadLine
WriteLine
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 0 /f
inf
Horas,
Sim
Templates
DisableRegistryTools
ChamaFormInformacao
Read
GetSubKeyNames
StringFileInfo
ExcluirClipboard
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 1 /f
1567
TrocaaWallpaper
Windows
.|.
|DocumentosG|
abcdefghijklmnopqrstuvwxyz
EnviarStartupDadoss
ResumerrProcesss
0,00 KB
|ExcluirPastaG|
rxy
RedirectStandardInput
DateTime
smethod_11
ZLDVDVVSHVX
ImageLayout
TUVNpBSyYQJWFHUeuP
ZJVqQMPOVtZy
GetBytes
FM
BHBSpPOQLy
set_CompositingQuality
CompareMethod
OFSJWNrGZGHPLQPuNK
GetInstance
NtSetInformationProcess
get_Height
ToVVYYIAURHRIFHwXBuXIJEKiPLrUVRHyEM
DivideObject
set_Capacity
GetDiscos
Substring
WFHJSJPUM
bWP
LateCall
get_Controls
Desinstalar_Servidor
kGSXZWONStFHFFPVGSoPOPrKVDUykrD
get_Temp
STXEqYLoFQio
ZoryVEOAYZGXDtqOEkVRTHDQuZWVYDCUPwVUTGRl
DebuggerStepThroughAttribute
smethod_8
HYtRteWFXBewFVYYiRuUPOXJXJCZUSDtQZyPoF
YLXSYDIQQRIrJGRUFyHWkXWRkKXpSVpr
Int32
YQQiQwAOGTFUODeDMUUVwQYGrQOeJMYSXKJYITIGQJkEZVPGIKBXO
JSGTSooHBPRQZDoYVKrYFlUTXIUQCQZDVG
VuXIZyeQqDYrRIEeBeYEWyYUGYQHkL
OSDARrOpJZD
GZqSFT
qXLDYGPOWOeV
TrHlVSPPStMDAOOoFuPoKRYeSVkFqOJpEoOrEQVGpF
user32.dll
ProcessStartInfo
_ ,
DFoIQReQitrNQTFyOlKIGZLZOYZQEGDrAtV
op_Explicit
QYYXYkDUuyGGAPrPAFVoVX
DVFGZTGEJGDR
lKHXHGEFGSDqRARyYyoqAFRrr
yHPK
kRZeFCrqZEHTVPPBGXIZLuWlAHBDQYD
IEnumerator
PJYLHUUiLQPNAAyrlNMHTeoQYqMRXAVQDPrPZuSYFoBXTYDHAFeeGHTkFeQJUHOK
RtHewIQTN
SystemParametersInfo
ListViewItem
@[(?
BJ^
wQeSWCIFrYFJpUIDGFRLGVSFPuLXDRKAPGXQHXeZXyoJlSGFDPFKrkYBKTyQVrE
YMFGTWPRGVrHDXy
ESGGHDOrUVINSDrqQOFF
GrKQHHP
rHYrDIVZZGG
set_MinimizeBox
FromFile
XQFIGZ
AQMARFZGotPRPtJYGDQQrrUkJD
rgAX
AssemblyCompanyAttribute
eFRFrDurDZKpqpQGFKQMGPOJwJYGFeGFSNZQVrPECyoo
HVVHGKFqPRy
RUMMKZMVZePPFHRSK
GZoEXOEVqXMJFYS
yDeyRHOPiK
get_Computer
]NhN
Format
KIGGNeR
TAHrHGEqHlLrJeBJoCLRKGU
?[(?
CriarChaveHKEYUSER
List`1
wScanCode
PLeQADPrENPYHeiVuOIPOrQepYVRFLiGPrRU
EncoderParameter
get_TotalPhysicalMemory
CompareString
capGetDriverDescriptionA
FqQURkAFWAE
get_Bounds
TFyWDrFRIUOUNYJ
PADPADP
ZSOAQrpQZRZiJX
NtResumeProcess
OpenSubKey
oi
op
get_Application
FromBase64String
LCType
AssemblyTrademarkAttribute
AndObject
GUKVoqqHIyHyqJIJurHYZLySTSGJGJuPpUEAETYZYERNwGEMLVGFMTuWGqYKJHFQOrFTPRYorKIDUUDDZkFVULA
Path
set_Text
add_Exited
GetPastas
AVNqrSPlQZGGCXTGVDIRuuFDuGSPipyXlAGSNKFGQEVZuyGPFQRqFrVFXZFQXSrkFPFuDkEHGYRyZPHOwZPZDOFPJruXEruYJruSU
mouse_event
hWndInsertAfter
#Blob
Control
oeZYR
, (#
ServiceControllerStatus
Minha_Conexao
YuOZDWYCKRXr
FCqPHRIFAPLDSMP
yLGQRLKVrXFZwJXTUGGGKyGUIBVKHMyDWrQLODGUr
QZZwFoAQBJOVXPEeFYpWZYF
FKZFQGQEO
LHPJlQVRFULBeRkGVTrH
iFIPpyZoHDGeFQHGIrHNMUEkQUPJrWGOyrDSRLZFYIEDrpWQWJ
Type
UGGyNQOG
QQHASYQrSTFiGeEEPrBWVRDoGyDDVoHGQYyGDiwGprUUZFYAFGEikFJePLDrZXGwOSGZBCGDZCwETD
IEnumerable
UwQPV
PZEDwepDJFLTZU
SPeZQkHCZZyHpClTQOGyXBYK
HelpKeywordAttribute
IGFYVBPHKYJFGLVZE
JFRHXSSVVSWwZYSFOQY
VUGVHYVGDuVtIZIJZQkSS
FRIXVIZyFWDSAGDYEGMHGkOFHDRFZEReqGeLUyKHGp
Cursor
System.Drawing.Drawing2D
DAQqrTpPVRFUEJEIPZMDirPePDGQFO
JZPLUFFpVGUJLYBGSVCGO
get_ExecutablePath
Char
FrmSustos_Load
ProcessModule
XJDrQVQ
XTUQACuHKPXGBtCDyy
get_Name
GetValue
VKCode
Handler
IeUBGVyEJVXLHPQQQYE
itHOIVSDSwZDHHADYGiQYUVEKZYqOuyrXUM
HashAlgorithm
get_X
get_Y
-,.~w
-,.~q
QFEBkILqQPtGARqIPWyGHPrJQ
_Lambda$__3
_Lambda$__2
_Lambda$__1
TWDQXMyDUUGTGIRLZFGFDe
JYRQYSFRJwPSGXGJYGWPUGLrHeLQEUMGWHZoMHDyXX
ListView
ZRG a
WpYYRFQNSFYQpHDDYrWlXUFVUGiVrrkyyT
rQeENeVDeLZQSV
BZ(<
&8!
&WJ
FUDGGLWY
FBrVQlLPAyXE
GyYMuyHFYBuyVDP
Rl 9
DGDPNHEwELrO
System.IO
DUGVGHAUF
QHVYHGDouYHZMHEDiFyyDQYlXSyTkRDQZrDOGDNMDWA
RegistryKey
rYQMEG
6W1
DialogResult
ToDouble
HIXPOJOYOSJLIQJHUKZwDFpPYOSVY
GZKHQXXLGVGqQkoYHreIWuJULESXyrySoDLXJSTYGKLpSFZEFXLrtLFUKHeKMDwRSk
.text
kDXTGKMDGJPoVXurLSSZHZWHRFMplQAZqQrSKiJFuGFIOSDR
GDtZkXVoVPYZOLOurHqDKNeHRD
get_PrimaryScreen
GetString
RXiYPZEkrXleHZPFPeZOZEDXAKYRTJ
Clone
WindowsPrincipal
Component
get_Registry
ROVTDRIUUtrCOPwoArAVG
XYHquQYSQrQJDkBOuCqGOYFPOwPXPDWe
SystemParametersInfoA
Convert
GeXEGSZrwZQuZQGrYQIDQeYZuLeGArY
-,&~w
-,&~q
HSXUJYQReJXHOUF
UTGCqUROUZMoGGHeXFtrDYqIZyGHAEFROA
GetPhysicalAddress
4System.Web.Services.Protocols.SoapHttpClientProtocol
wtHS
VTkHQZGUrIGXFUPoMVQFFUGI
VyDXTpBKXAkItrTLFZqESoDVyGOZrUyqkpCRyeZFHyRZwZR
JeMXpYtSqJyEVK
yEHqPAkYoSVGTweGSYFOPQRDZMEAlXrGWtIeGFVHEuTJSiUkkCQYLGELTpGSW
Monitor
fuWinIni
GetFileInfo
XZPlqYGlKTFoDRQZFQGZOUUeHReUXPiQrFoE
SSWHr
ServerComputer
ZZRLPFZwGSOXVFrZDSkSHSURGyAQFVOFqZLFklQLIHLSUtUO
WithEventsValue
kCyLI
ChrW
StreamWriter
CreateDirectory
UHESuHtHVZXFr
DesignerGeneratedAttribute
YrFwYZP
System.Net
Conversions
XNHuLRpLZDOFXEYlirqKtFOZBFZGGYDy
GetKeyboardState
`.rsrc
DOBIUUUTKZVpHHyPXyRSlyAQNwLHGJZUFP
get_Default
get_OSPlatform
GMAYZKZWD
GetKey
FHGO
kernel32.dll
Enumerator
rKYWHJD
ZUIOPuWKWtrOHpHQKQKyYqUqJ
DeleteValue
@wKA[#
FwHZQZHrVGqLG
KuqOYJDPFWpHQGPEFGeYeDOQKKXuX
YQDAQYyPVRHFwXDGFHiQpQYHCDUGQPRHVYRQDJUJyROHIiqZ
DWe
ToeEYLXNHKZ
GetEncoderInfo
ElapsedEventHandler
Computer
get_ElapsedMilliseconds
AYeADUPDPYGyKXOHSFWqVOMP
GetIPGlobalProperties
JtYIFVZVZLUHOIOEDUDDEyqZrPykrNEWGUEJPHYGiGQEPLQOiuEI
DAOGFRZppRGFDFrHV
kPKJNDXGkoLyupSlJFDFRZQqOYYZFQTiQQZ
PictureBoxSizeMode
UGEDHXqZOkHYiZPRJIVKGHYkPSRTk
UIRGFEpHN
GXCAQrkEUQUUVORFGQqUEK
get_IsReady
TCFHDHlESqqHVJQKpZWUTMPoYIXMowRIPFOLUIVDCtpeoSyB
t^
OSKroX
UInt64
QVRHNVqGPGODUZGSXKyJDUYkVJWLYVeoXGTSFO
get_ComputerName
ThreadSafeObjectProvider`1
YOQQG
QLGSAZwAYVFpQTUFSeENZweXHYQrPFDDFOAHWCSRQorUSDGZeHTQGVPeOAkqDZQNGURKp
XQPTW
GQLqI
Process
DwGOlVWSQFUVIBLKPKAKVrWPPZGr
ReadAllBytes
rUPXDXXSZXpqMZPrDEyYGJ
ELAPpXHJlYqLtJXV
eGDroOR
kernel32
fRL a
VDJqDTyGFHoyrDViPSURLTPORWJOPIIFPYVGDKIErIHGFrHYYLB
Write
dwLayout
set_AutoScaleDimensions
ImageFormat
DDDDDDDDDDDDDDp
AppWinStyle
lSXDUTP
Stop
IPEndPoint
TcpState
Krl
uParam
JRQZGGQ
OTTrXI
DpRHGYZGUQoMGBHOFTrKSDDQFGGkyTFBLGiVHZk
QUDeHG
ExecuteCommand
WrapNonExceptionThrows
uUQOGUWXQruXQIWWSJRyBVFZQLVJDQUFOtkYSXGrFUZAWOkUGIARXHDpG
PtRRUSRKX
FpYKWFADoSkI
TXGEVYHFJiHtVURSNGiDSH
Instalar_Servidor
Conversion
KLwoGqVQSRY
WSHRUALrVGKQ
YQpNGWLSipyVQAoEGMAPXUOoXVpHWCNDWDXuGl
wZ) [
V0
GRQREGFDVGFHHSyZWZYYAADLHW
EFkHAGDDDRFpJZKDAReQLTLQoDGFYDqATAMXipGVrSLGDXWFTORFSOHZ
IJNDKUKSZFuyPrJCQFVRORTGO
SSFqDOWrZLAk
GetAsyncKeyState
STAThreadAttribute
kFFBGLOoOOCoyeuPUw
op_Equality
TXeQF
System.Globalization
GetWindowTextLengthA
hwnd
get_Jpeg
PKKZHDEOIrq
Escolher
GetActiveTcpConnections
EventArgs
Application
RHGHOYGqSSPFHNQMJ
OrF
CGCOEWUVrrRrFUiZeeZkZLPLZSYFDrGNZRRrVVRJrQCeHVRHyrP
JRZPSoXkHVMqZBFINEGGZwDMiuRDDSFIIZQZKwJSBYOOWYZTlSyCZPPF
NGZZJZYrVGwD
tR
QFQMEKHGGP
user32
ZDJZHor
QFQKXGiFXDQYyEiytLY
CreateInstance
#Strings
PMVQEZL
4RC 1
System.Collections
Image
GetWindowText
DJGBSHQ
WWriFLQHOFpLMYQZYJYZADrSPrQFUFQN
peEDe
VGSHTVTGKLJ
&,>r#%
kBFFuPVTKJZSrFyFQAGTHHGPWl
Environment
ListViewItemCollection
BeginInit
System
RQSMBXoeFeYWSTZtVtP
yDPSYEOrloOVKEEuSJEGEDODZUHKNrQt
*ZL a
uNQQpLVG
get_Position
System.Diagnostics
GetEnvironmentVariable
GetType
set_StartPosition
UGMIGXuUJiRDDVGJOADqURDwGZJp
MFFQVypFQDUDyEHVGZF
ThreadStaticAttribute
6,5r
hWnd
RpJXTSVyFLMHXYPYDWZP
TDXPIOXTtFAoPDDVJDWeLLZEBGRw
SpecialDirectoriesProxy
rHYZ
Activator
FuLXuRUMUw
6,5r)
processInformationLength
QZUSqZp
6,5r3
LLLLLLLLLN
My.Forms
EQLUZuXQV
IYHRZHFPpDWPDJXDe
RKMVqUpeAVrRRDUSeXSGTOKZTGyDOFOEDYJoYRQPXZXSkUtkGGGPJOLLDrSWBZFH
LSFESXpFK
JoPwQGOC
set_Location
Color
6,5ra
JPHQlBRZXCJIOFLJFEIFLHZUyFqXYOCRJGYqGSJFYDKEYirDXOWPAyykH
DDDDDDDDDDDDD@
MD5CryptoServiceProvider
8.0.0.0
6,5ru
set_BackColor
wPuZ
get_UTF8
get_Width
ContainsKey
set_WindowStyle
Xokr
kFoHwlyYHQQYByPSEqqGRDeDRSFTGuQVIoHLPpqPF
CJYB
get_User
PhysicalAddress
Plugin
NXeKHuXQZKoeZFKFBN
PCFGZJOGFyIPkLBt
QR P
+$
CSJXY
get_OSFullName
,bs
RuntimeCompatibilityAttribute
4,Z(
OIKALqZSJDKVOo
BitConverter
OCKpVKTTUKEHJRqrOFSVwQXDFoV
System.ComponentModel.Design
IZYTyQNHu
EXJqQQoUuKRFQSiRrZ
kOtoeQYrrGHZTAQ
Form
PqJHSLYMJAquAWFSRHLDXPkZFHXKVJFIQUDRSEZP
EnvironmentVariableTarget
DREFPVDH
GKPOSeoRYTHTEMXNGPAEZ
EPPWPVHEGRuBLVwLARZHZOJoLBSFkkLDEwEFUHiHKyI
Get_MinhasInforma
4,,~
Timer
DJKRlAVHoyVkRKwHHYWkrSQwZtUXoPPqDZwQJ
HSOGGQDlreUVGPrGQeqQoUYeJNuDSuDkqBC
OSGDZHUQLUSKGAYrRpQ
get_VirtualScreen
FromImage
qILJZHuOAEKFZkpoW
ChangeType
wApwUAGqN
VBEHUGTHFGrUUEEH
get_DisplayName
FplHORXi
&8EA
UYVPOtyFTGqrKGTJOTDW
rOYHQZGA
kRlBHppuyRJDSGFYyiiSVUDGH
uUXiGEHMG
get_Black
LastIndexOf
Enum
JqDroW
GOVZOekBGeFqq
get_BatteryLifePercent
VVCVr
set_Name
GetFileName
GUHVLRYQlQLRrGUYq
SUQYZRrokoOpPFOyDeUprPDZ
get_Length
ServiceType
Rf A
GetResourceString
GetDrives
CGTG
LAGJTHqkPYXQwXPUWRGWRZSZkQQWEDoZYGeHLCGYFXwUFeRArewePHHSFrKkErZDZYSHMGLYUYELQDDuGLVDXDRFiAPVolCySi
HEpTrFXSwUtAWNFCGNYE
JEPVYDuFiYAFeDSGDDXeBK
get_EnglishName
uYDeeYyZTMtGSuYHYCOGKiJXHSZLY
FUViYPFTFMHPY
Contains
RPkIZwYQDURpEwYDYqHGBXFEOPqFePEPyUwiVHADTUPDODXVV
,Ash
XBGSpHr
HYRQQFMUUPIYIoZJASJRFEHLSJNruQSUrHSqUPSSHSXDUD
UBound
uQyV
System.CodeDom.Compiler
set_TabStop
GuidAttribute
EDDPARQuYYEXQ
KVHGpRQQpYeF
GetWindowThreadProcessId
ToLower
UtIku
LkErRCFrpuEHF
lpWindowName
NetworkInterface
get_Count
SessionEndingEventArgs
Trim
tMVQPJkZJWQJNreAGUGRFk
Locale
GetArquivos
CyYWOHJuGp
ZQiMTr
lpKeyState
UXFHeXY
LGIJNrLwFZFOUrT
rLXFCwQJHDDVBJNYet
ZLEV
SetWindowPos
RVVVy
ENuN
FormBorderStyle
QCUwRHGSAW
PTpDLqDPqKyHPXirZLAwrAUwyPHWHF
ToInt32
StartsWith
VYWSyoPFMGZpG
set_Dock
ZUopUFROySRXe
ToString
LateIndexSetComplex
iXRHQQGReOV
Utils
VwHDHAGS
Cursors
AFXUPMVPDFGZUBUVUIZi
WinTitle
ClearProjectError
GRDioGYJJFFeX
Split
FuGJ
Save
set_BackgroundImageLayout
UeATTRwHuKrQuFTPPDRSFFTSLyXZDGBOFFSDokQHG
DebuggerHiddenAttribute
get_UserName
rASEFRXDiHrZkDL
ZML
DVSMZMVVqqDwBFpPTZFJZFySBDLPVlQWLQ
VPYyJUDGkRGZYOPwqFUqYpKGKZJGiUDPZCRQNwKZGKoP
IRFKWDKIAeGGWFRHpHFRYrDKXCVVCDQCFGZWRSQZFtQTRrPYFAZweZGRFNXiUZYwKRZSQtXFHDIPOJGZYZuUNeKQJDYFR
AssemblyTitleAttribute
wDriver
trXoGODBpSGTBZPEkYOVZA
Security
XAuEoTWSHDtZSYFFO
DataDeInstalacao
UoLoQGPGSFAwVFJQYQFWHuHIQBVqYDYZVQAKHRAOyQKAHHLEyrFHNuKTYPZ
XHeXWtrEJHqHOSDYJPrrEVuGoqDtP
SIOQDkQGUUXQwy
YPEMkCYHDSUEGFDTkIGONVOPZGErrHEreZHGPJZVqOrQHTkOYR
System.Security.Cryptography
add_Load
Create__Instance__
QOHXAyrErpWGRyI
Start
GDRXyQpXSU
R1
add_OutputDataReceived
HHyAHQGqFCkFHZRXiqJLXYGYWCrIHGYtuKDSYGGrRroSQUqGVYGyqPXPZGYoPAYKWULKFDTwQVWyHyVDQPOMQVYTRpAtSqOOUuD
HwqlVrYKVSPAV
GetText
KXRKAGQRZiDXkpYYQwoPZGepqFDHFRr
uAJPP
OeQYHQ
GiUGHVRQVkkFKFpQRrJVZFiiWYOHriFNqrYYLPGGUOXPLWDYiIZuKXPRDZ
JyTQ
GetFolderPath
OuHGIWyFDqMFZuHYHNGZSqi
ToBase64String
Int64
SetEnvironmentVariable
QHSGZeSQRrGMylGGqGVURAGRPZFrDDFpGrVXGkJEOPlYUSBFHXRD
.ctor
SSPEieGoDCQku
QQDGHBVIHVQCUJZSDkFZHVHQGOOGOXqXTXOT
get_Clipboard
KZVTLroXUYTwyrUKVVket
mscoree.dll
HDITHQFJZDBlqXHQWuDI
ZHHJYUJBrHYKZZKlFFQL
IYQDUPGSItVIDwYyUGUYOGSFZHGSAPZIZOrwRX
GWtVoS
Main
JZrZ
get_Text
FileSystemProxy
hProc
JRUkFLGZOJFKXUkXTZGIZGrESYuVkrrPFGokHDEYHSOqHGARSKTYAHYGDQHOuUORWQuNVDZIVBrGGIQUFVHkEGCRSHWL
ySMpHiHDPZrYEJOGqOGQuuFwGWGQNCRGXD
get_LocalTime
DrawImage
OWIHTKrDUSuDuUGNGOFQU
rPKSKBYQFZ
m_FormBeingCreated
PixelFormat
Array
QrVYZYl
@.reloc
AAHOyETR
FGPVruHyuXqHZ
ArROWZZQLDKVSZToTFSCOYJiHYKq
JuPIDDM
get_Capacity
GetProcessesByName
IDHI
l#ffffff
WriteAllText
SpecialFolder
Byte
get_Chars
POrU
MoveNext
BatteryChargeStatus
@[(?
MessageBoxOptions
GetAntiVirus
oVPHVSPORFRTHHiQ
set_TopMost
dwhkl
FQDXFHSUD
6,3r
PFOuZBVQKEFYFNJePIEuyL
GetThumbnailImageAbort
PLZUwSqFSreZM
VCHDBVPGGQrqrJRqTCJYKDK
MessageBox
ASVPCyPePOOiOPQiDDJLArFkGGeyFCoZXZEwVGMrKGW
get_Location
UWVYGTFRDZkeQKZODP
QEEQXQGZGZDWE
kGZpHGZFWSXyPGARGBIQKQGHHEy
XlQiFDYDURGoRILBVpH
QHDPYlyJKrUDKYoOpEGGVDHIGpFERYGUoLeGSwDGDpYqetHVFYyCSVLEBFDG
MapVirtualKey
processInformationClass
FURoYLPeALVVYHwqeDOZDZKSGPPYeuVQyODYHqkHGlIEFtNMGZHkFGZUUHwFGUDrCFHZLDGSqELWOyBVFSPFuZpRtOUkPiQGHSYDPrJSSrMoDDGOVKLoQHMVSSAJDKOkBGGSRDYwYHPQZKVXEQSQtoDRYptRDRGHI
MyForms
set_TabIndex
DDDDDD
get_MonitorCount
CurrentUser
ConsoleApplicationBase
SystemInformation
get_Item
HrZeUrLKJHEJELwqD
uMapType
Directory
MPUDPCIUi
Assembly
QUTooQNHDJLDYW
wYXFrHRkDeFHFAFHLCrDeQpFpDqPZHFrUGSF
VCSJCRKrpGeOBQSHNXeSTHPeNHZRuSHC
FindWindow
PYj
&8lQ
IWqRrDrQDkGQiLSrTkGWuWFSHI
RegistryProxy
ElGC
SuspendLayout
Round
FVPRVDEuDUXQLyUZq
UPAIRFFoyHWF
WindowsIdentity
yGKySSr
Size
lpszVer
WindowsBuiltInRole
FwADHrw
TGSEIQZryGRUZqHUPGZiFFAqLDeKHEwWPyKALLPZVqPHEOCGDPHXKuXDSQ
set_AutoScaleMode
nGTG
7Z a
set_ShowIcon
rL/
DFAGrDoA
GQIYePrRqrWYowOGVeJUYQPEOEPPUFqFDYPGCOMZeuErVPFGXDHFQZQqTyWYGDGQPkXFySPWAQkFGHRFFHYZkD
FrmSustos
HkDKQFSRkUUISGOyPXRLPoVUHperPXQwQJeXSqleTGKuTQDC
Clear
ParameterizedThreadStart
ZRXHZAQyJSC
My.WebServices
oZUHkouXFPZQTLZRCrDwPrVKSAuQeYS
GetProcesses
HqYF
NwFJHQqTGeGBPYHYNMqFTiJlUJHrGGXYMSDB
yoBZSSYELADBULDBKPSquPYPGFIlOVoyY
RGLOqZQoFMpPGwoGoSRBOKirKrY
IPHostEntry
NZVWPQOErIIGV
VwyXQCLRSGJFFSrBNUPrSyQPpHeNLQGUZDJrPkPZT
DrGQtFHHDYO
kYEPCRlSHKYrGJNAZTyYrMQBVQlVHHFEyGI
set_Height
ZTOlDOZH
NGVkNDEUYGDeeNXYYoHQYZG
IPAddress
WebClient
get_SpecialDirectories
HFCFRVXFXQrGYQ
set_MaximizeBox
HULprSFDDrPXlCJDYRSFUpRUXODWpWOYpNqYNEVJUCJAwQkUTDYDoHXYqSHUwE
, ra
Show
BHYXSYRiYLFTJLDRIGJJHFHtGYJtHHUFA
GetExecutingAssembly
qrUrYRGGCERJZ
QkoYJFZEGFrEGFVRt
QHEHZFGPpGtTHO
GetWindowTextA
ContainerControl
GetDirectories
VGGHQRyVJZGFJkPWZLFwDDHI
ArgumentException
FZUerGYGJ
MDUUBAFZkPOFKAQoXDwXHFBRHQrpQNSYWFVkpZ
z("
lpLCData
~w
~q
CreateProjectError
UZwWrYYIJPUuSBOSSLKkPEUGNqHwooMrwQiFAYOZwrOHZFYFPGTKPVHHFPYyFXJDrOUQGEFATYVESqJURXZQXWUFPZTXpHEHuYYLCYEywIQYJDGVJJZPFGFHeZSRVeH
Interaction
dwFlags
PA(O
rWGRkt
EQIKGZZ
GetCurrent
cchBuff
GetWindowTextLength
AssemblyCopyrightAttribute
RemoveRange
OGHHXCFUWD
MuBVWWUJuXDrtVQkGtAGPIGGeyPVNwZQDkZQDQHOSBpuSoHQqrUrp
GetImageEncoders
get_IsDisposed
get_UserDomainName
QQZMARyHrrrJAYRGQXVKZFFeMktDCXuGUJYLTPZNWVRZHGCyDY
Empty
( B
ProjectData
Operators
CSKPLRqLXYUrSGTJKZLBVUVQtGFTGPTUOF
HGpOwprKUDPeXOr
RGEuDGAFRZD
lpRootPathName
DXqHDrtUUAPUpXXqqoFFHFYKVGPVPpCVqHTUMG
2,K(
UVSBYWDOJXGLFkFVIYZuYLy
keWIRwSiHSqJKPrNFHF
HKGWTkMlAPD
VBMath
PpWHPFq
RDVqTHr
IndexOf
ConditionalCompareObjectLess
PRSDFGTXyrkPZRirMQpGYtPYTZLFOWrJ
lpFileSystemFlags
pSwPSFSMpyyVtPE
Close
HuWK
Space
set_Enabled
8(
Read
GetSubKeyNames
8:
UIFTuUrYeHKQCL
"R> y
RIUHqItSPSDyPGJeDYJGqFTTP
GYSUtFRFGrG
CompareObjectLessEqual
InitializeComponent
8O
My.User
4 A
Rc A
W@
uDZoE
8d
AddRange
GTUGBSHXQ
rDIqeGPWYJeFZSQGeeAQQOQKDq
8v
wVirtKey
qRS a
AutoScaleMode
HXquoHotwRUUEDrHGFtFCPWQZPFQQGEkWQFiZPG
pNVyroKGTVFELeZOOOMLGEEEreyORFCZZ
get_Items
5 M
]
.cctor
uKHLQIVrwFFYRQeV
set_FormBorderStyle
FileSystemInfo
mscorlib
SetText
Bytes
lpvParam
Refresh
GetObjectValue
ICZNVHFrYVTrYrwkRYUrNeWFUSH
&,(r0
lRZJQATUJpFSH
+
UtTtkVSyTWJJBGytyF
keGqHqGYJYQHKZRDDGGIVVrGUQPQZGFKry
ControlCollection
KYrKFWIikHDPOZDQAIoTQWKEQMPVNGreqKQFU
Kill
CompositingQuality
Delete
pwszBuff
OYUpECAUDGREFy
o0
System.Reflection
wAqBS
kZGXUHpwYtJeDQDGCKUUVGqUMUkHuqLiJ
CompilerGeneratedAttribute
RuntimeTypeHandle
QVGSGZqIQeIwEWRPiFD
MYwrVVUArAHEW
PuwQJGwUVMZGkXLJFQFPreokSH
wqtLNrDESpiUHQF
get_Forms
A[(?
WLCSGrGEOJGQQQpXSTVWUPH
QNiJUw
puGOIJVOOwHARrDOtEQHESqwqVqyPwSGLLPSFHWPDHXRNy
eDUZWZAUDBA
sender
NTDLL
get_SubItems
wFlags
VNML
ZQFJFeEDWSFKFPFRypeDOVRXSSGWYkKqSFQWkeHIXFZEFJARPUHYoR
PpwoyPVTFFSylFIwDZeJ
wEVDFEZLyYyADHOOOPGE
set_ShowInTaskbar
System.ServiceProcess
WQLZUPHV
Instance
cButtons
ToUnicodeEx
AGAFrBQDUZZS
YOCqJrFSTRyHAOqDkZr
iDYHDZVYTVIVeXTYURUFFP
VDoGuLJYqWGXYYEYrDWeQSXDOSNLFJGOFQH
BLUZyuHkDGLCXJZ
BWHpr
string_0
TextBox
AssemblyDescriptionAttribute
FVQuLoOGDHSPQXpQtDPKyEQACoIJOoHFHGDOXwOqCWyZSXXSBVJoSHHFFrXP
ryFLGGZ
FTHQGZrCDoJFeGIVFGHqqJHqqHSENZOGY
OqeyGttJOJkRUGrZZyHSGk
DuHXRSODUYkZQYyqDQWOGUFQ
yHoJYDyA
ZqPVFViDTVGGSYHHPDXSiZyyuY
("
dwExtraInfo
(&
MaxLength
HAtDYSYFyXTByQQZPHPPUDeFSoQJUPYRRFUOBXGGZPDO
rZqrWIL
EndApp
QpYqQKGK
yGUADOrDEDGME
QFQRGXUPDZLUSGwDRuXSMHDNQ
LIPUZFoyiZBKrXOI
get_ServiceName
oEDUZJXFperwRQBUYHpVRyEGQyEZVyUUGHXFFKyREQiJZVHNDRCXJDFP
kSLtODpQGQYRDODQFyRADTrFPIoMGFXY
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
yHAFQrV
Continue
Environ
5XAX
toyGBUZWyGJUYFJAJQSQRGiGYpXF
get_Message
!This program cannot be run in DOS mode. $
WTRUuFZRJD
System.IO.Compression
get_PowerStatus
File
GkrRr
SocketFlags
tJkCSZG
Dispose
get_ServiceType
GetHashCode
OQOEQFNVAOirLCHtBqu
ByteOfPlugin
GetCurrentProcess
RkVyHHEQF
HEUJUVYKrGTqXGWYEAXGYUYStQDRlSlweHA
LateSetComplex
f z
EODGIwJRZZDlZpDrZFRtirBKiESpVQFFSkQFoYArOJUyiOuEGSLOkSSGwHpoVQwpUNQZqFiSyAqHPSZDODUQUHuGFRWHFA
set_ClientSize
System.ComponentModel
LateGet
Y1
get_GetInstance
CompareObjectEqual
KXSriE
qPJVtRRDBGLGtPBMUY
get_CurrentCulture
EiSUIyAUII
oVueRERVrO
SetProjectError
BSJB
rDTSYDDBkFSRDODQVuewFRFVZtLYUoJUQXwETQMJoyECDQXOpGywSuSSDFSQTGWtOZQkXYuPFRPJAEuFXL
get_MainModule
epXUZwDiu
YqQPykN
WRAQYLrA
Keyboard
YPDSRSUUQrQQSGDGFZwUVOSPLSMYPNGQHtZWHLQQorFToUqZ
Strings
LSIryEMqtUwAqeEOYKZGR
IntPtr
QDLVEJrPHZGFXwYRDrHUZSYGUPLCOeYFReQSYHXkoTGAOHoKGRIRG
TcpClient
IFFDFGHeOQSr
Microsoft.Win32
get_Param
FCEOSXt
Screen
GEKGSRPUUFe
OuGOAJROWRYZRRZYPyYVpGPK
InvalidOperationException
VTVGwTJYA
SYryHFUHFH
UiESByRuQTLYGGwRPJrCQMUZlSWFGNSrDJEDZyJCUTKDDX
ZQOrFGDrSRGVYiuQZEXGEyKPVtIPeJSPVeTEuOEEDRHTJoXFLHToBZQYQN
LuYFOuuZEGqGPqoipSuAKF
yOwILKYXrVZYUFTYSHHQHwGSMYLoJOCyoyWPAYRG
FileInfo
get_LocalMachine
SetBytes
RVIQtqJHRUuHATPiqPDQQQptZN
ZuUGQJPwuDLrXFoJUJTqZODeQoGOJD
}[ P
GQFLYkYHG
set_ForeColor
DockStyle
get_BatteryChargeStatus
Mutex
("
bool_0
set_PictureBox1
GTePQee
TFUCNHWFrCPHtoNRVpONFQQPEGAZOJ
RLZEyptqOOD
lpFileSystemNameBuffer
FptUINDZSUPqOEGHWHVHGFBSZKOOONUVQGJDFuXeRUwqFFK
eDFoiWBAHokOkiGSGrQ
wqrEoJFDTYJuJeEFtHHSpRYFHGOQQrWJACFYPA
(d
RPTMRyqQU
l[(?
vKey
Boolean
DataReceivedEventHandler
ISupportInitialize
ZYoHMHNLewQqiS
get_FileName
KlGPPUGr
ZUPYXySQLJyHQGKSWKYDJRyFAARqGDLJDDMUXXuFyMYrVFKDUOrUGPDQJXOQuQrGrEZ
cbName
UPAuHURJOOleTIpOMHSqoREVwSNkVAoZOTOeQODTLeSW
GSAXGLuDOQFFoFRUlKJyFUrProHUDYRK
Poot
r]'
ListViewSubItem
CompilationRelaxationsAttribute
get_WebServices
LoGPQeJDHyXRXZOPODoHAGHIS
WeakReference
get_StartupPath
PoXBQwF
ComputerInfo
QQlQPyRDrZtkBKVQQiUJuq
MemoryStream
Value
kUOQQDPAFFTQpLHFMekSUDSYSLDGTVyEoyZQy
CaminhoExE
UMML
Random
BSNOUQODQMpHPlkGUFWFLRoFuPwRLSHoLrQyJQEtKRKZFpQiHHSONpGLQJqPGTXuUBSQoF
4,#(
VlyHHKFCEFoGSPRqrtArUEqYtSrZJQpSXHPSUkSIGQrRwT
add_Elapsed
StandardModuleAttribute
lpVolumeNameBuffer
Nome
LiHCUqoTFrOHDSuUE
kOFFVVTEUwulpGVLXHQ
get_MimeType
wwwwwwwDDDDDDDGO
rGBFeFwYSHwVGZ
AZJVoPSDWDrYO
HideModuleNameAttribute
qZqDGTPr
LSSPYZV
rDoiYN
OHwZSRKGVukR
hProcess
4,j(
Microsoft.VisualBasic
LySKyRrFJUREoHDuOyNHDVHAKQUVeHGkYVVJTeEONQKuARFSGZGZNMGPPuSIHpAVEYZDDDGVUJLuKAQrPUkZVOpLQYTeHXkUHrrwZ
tqItG
tEQHykRVQQHFHDQPuQEZPeyRGGGGFEkyVJWtQTSyILPtVSwyJeFAFGQHOFSrPQZ
WriteAllBytes
ThreadStart
FYSEQDWXlQHK
DYRpoq
ServiceController
VOGQ
pGPQO
VDGFHGQeSJrLtyeHXeTrPDQEGyGrEPy
Rectangle
GetAllNetworkInterfaces
JFZJpqDRKPYGGqkqkSYFwIUAqQOOQXrMrKHZVwGXEFO
get_Handle
Concat
ClipboardProxy
qZZYXGN
PwFWHXSuFHG
StringBuilder
PEKVNZS
eGKrFDDZYRRDeqUFRP
p ("
JGHV
PJSRCyW
rZYWYQUDQDQLGPCTZCyDIMVYJDrFHZWVOTYGqqPRqkUDt
CUZJHKDEYNYOQDSRPpRZRJVPFT
DGEGHrFAiGUMFXAQPDQSZeDLGPFHDEHPUVBIYrUVtJTPZUGLQRUHXSFKDlHTTORRU
XL R
PEYKXVYyVDDUPEWZTXyZGSkSIUQAS
GetKeyboardLayout
ConditionalCompareObjectGreaterEqual
GetAttributes
FindWindowA
get_AddressList
RVHSZGRHTTDUJIXJUYEQYHXPToEooiWQHZyXoyVPWUJOTGXlykUCVQOJZGLAQWDEVtZYYOWr
&hAX
HDKQSDAYEHQuAAUJWqqODX
Copy
QkKlMSXtHRHHLOiHSwQ
GMTQNLESJ
GetTempPath
System.Text
OXFUyNSrHUDyEQMrYQUYRUwqHoO
BaixaArquivo
MeuNome
MessageBoxDefaultButton
get_PictureBox1
get_Id
QAXHFVXLAEGERPRDrEYMKPZQGSGSMSGCZGHPKOX
ErHOOAWZZVGAVPVOHMQEUEFRAANSUKYpTQRHeWFFYUPJHoAWeLGXYy
LZTUrDeTBUFTQqTGUeQXkJyPLZS
Quality
WrPIorPQPAOYDFoDTTPUo
UGJYYPReFuDIGiuGWQZLGFyKYEGPX
lpClassName
TQHGHDtXyyrGFDLwWItRDOOQXODHRi
~NhN
Stopwatch
iEFGGE
YZQRkEOQEFWXHDUkt
oTeKDtFOHFEAGpGSRprZlLWDPTVVQOXkiTEUVOUSAHDOqFOHIrJUSYUUSDQVirXF
GetObject
kPAw
qrVeURH
QZJqZuRGPGGXYAXrGQHrQJoLrSGGreXD
FRJuKJDOS
get_Info
location
Erb
get_StartTime
FUYwoJyRYQFeqHEXHHYOAHGuNeRUEGDr
yVSHGOHCJPDOXGyDVWRXTZOHQRQ
GetVolumeInformation
QZeGTD
^ M
get_TotalSize
GetHostByName
lZ(?
GZipStream
My.MyProject.Forms
ConditionalCompareObjectEqual
LAGGJDKLVJrMipISIFXZLIe
YRQuEN
WVYWA
GetVolumeInformationA
String
_CorExeMain
DebuggerNonUserCodeAttribute
AAHSeLIiFSrDZUPOSHPrPQUuO
EncoderParameters
GQeYOK
StrDup
LateIndexGet
uqEXTG
set_FrmSustos
COZOFGWPZMEZJyGOZEVLGEPHUDNRTArPpEJFEDHJBeyJ
Command
DebuggingModes
ZABUDPVKDyVJUHSFRHUptF
IPGlobalProperties
rotMDADWJUOoFOQkWFGYSeISGYPHK
Microsoft.VisualBasic.CompilerServices
N@](?
ZTUHGSUZXZHFEIOPSqqLZHQ
OrObject
krUeF
ToArray
get_FrmSustos
EditorBrowsableAttribute
ElapsedEventArgs
YEPwTJPHSX
GuLeyMHyGkXZZHMRY
rYCUrqRTYIUXoRXFqPINuQqQtQDOZEJDOErEHWPWDGHPZODRArSV
Keys
EGHBMJ
Rs 9
User
CopyPixelOperation
OOZrwR
wwwwwwwwwwwwwwp
PHKkI
SVASQCMVyDeYPRAtGSXPEQZuIITGZEQFYWBLrRYXGYGeQrVQXJCDYuBRUWKHwQCUQMIBHOPEyMJPCFeSUOYWFwIUQDrUGTOZGuXWpP
Security.exe
pUkTHeUS
set_WindowState
Load
SpOMoKBTFIZ
System.Drawing
Clipboard
get_State
ieTFeQTt
get_FullName
HArIRprPXwJAqluIIHqENKHOYYTDoLkYJXAHHTZHRDYKGZSNOtOEIpLAHoYTF
GQDZOIUSuyyOPYAFVFDwrYHZSPTHJGTHDZAD
EmptyWorkingSet
get_OSVersion
Dispose__Instance__
add_SessionEnding
DebuggableAttribute
OlOYPeeX
lpszName
DirectoryInfo
CZHGSAOqGU
QPViNYQVGOP
RuntimeHelpers
PSFwruAZAPYkZrSUFQpkSDAyFINPLoUuGtZpewLGoXVXQNFH
EIGrOVEKSFZKRyZXSDDQ
MyGroupCollectionAttribute
WLLDyXEEYGDOkCTErDQiVQMuDlelpYwrPSDoLSXyrPuYCTUoV
PUTePDryHSEKHGGVSAQUJFrGkOIHX
processInformation
UZAUuwSyrAT
SystemEvents
FtLGOt
SubtractObject
Object
qyIQqDPtXTCFqVEHHOSTJi
Encoder
ZQpypGyFMTrRIFyyJ
Registry
LiOJMqorKOGFSYQXXWTPYSGUQT
byte_0
VDRtBeGOKoEirZUHEwFoZUSDZZrRXZGYNpDLOJDwHUpTGrILSrUVDZeYELqJZGyUoGoD
HSPJGVQFIGZTWk
ComVisibleAttribute
GGPYRoHPpFXHF
oPJQrIVP
VKCodeToUnicode
get_IsAlive
SUJOJKZySO
JENEouQrUSUerZUJJyGtJMRDHZuXRwYUZIUHroKAHQr
FGURKPVVWEDDDUkGLLHOoZVVHM
VSAZCVtZPJVYlTYPQYXUEDGZVXQLDKXWQIiUHFHkYRRDUJXANLXYYV
EditorBrowsableState
PTEOkHPqPFQSPASA
PRoWZLBrIuXDUuCAqGOSAFRPQTF
lpMaximumComponentLength
XQDVYGZUUSpTDrVXQPFQG
CultureInfo
GetLocaleInfo
1.0.0.0
Hashtable
EqVFRHQKtZSqSeSGwDViYUo
qSUUPFBJFZDXLHrZDQSVYVT
Stub.My
eDGYSryrHSVYOoEPVEQHGJuDTPFwGOrSHoeePGwWKtAZUKRVRuGrPKAOrJXOHRXRG
lpdwProcessID
GKwYFqeeCPyLQKLrUGCiYqDQRTASwwHGGHGkVrVrXBB
uVAOPQD
Stream
DCDDP
System.Windows.Forms.Form
JYVCJESUHYuEyVHFCyXN
GKOVQDSPiqX
KLtQAFQDpUJFDNXPGWSUPYKHEDHJpDJDTWNFrrD
AccessedThroughPropertyAttribute
RenameDirectory
HFpZrFuQMFGWyX
HOYDDQCrEFQE
lpVolumeSerialNumber
llyJROQiELLHOM
Exit
HOTLABOEZUP
SEApZGekOYGFtGBQGIGVSPpEOMYFuQZGFVGDZHIRZVSDHGGQkOFVQyRRKIWRPPTtIFAFGTUZUUHSVYFOHkIMeG
Draw
UpDSQGOtGFVRHYGppKOWVHUDDCOYXk
YpKOSBSDOHZrVrDEDZLKIRUGHFYRZCrQNGpXFQrDPDTFVEIWREFYKQqRr
JFuDVSHFWCZqqqFNDDFFXOJZU
QRPGOW
PSuGZZHARPkDYpyPrLeGUDkCXHA
MYGSQQUqMHULwRXrXuQZoFWeleQkFESSCrGyUIUXOKLFVFJVktPoYQVwyPRYOUHHFrQriFKX
rUBuQJHO
rQQqHXPVHBQ
ResumeLayout
nFileSystemNameSize
rUFZEFtQiOGHYOeCQQFFRQkeJFRRVQUtFIJUqHCYG
ryCQyHQHFpZOFpOYrVRSOGSZHXZMrSNIYIrSDXZlYPIWKVCVFJIUueSrXHSHoEEK
uAction
uQZSwYYVRUYA
$0171ac79-3241-4991-92cc-ff239c2bb488
JeRMSQQVHUUVFO
PRHPLDUWRrGqwyyOiEEJZyJJqVDNZASVDBUMWGGPRJKRXO
lparam
XPGQkEDHSDTyNXq
GOSVTZPZQNLRQ
OpenExisting
RenameFile
PiVLJeVQoOSGORT
FormStartPosition
get_FileSystem
FkRUGt
JFQFe
GetValueNames
OTHFHGUQZYqrUASFHqJJKTFUXTKTSoZ
System.Threading
PictureBox
JGXDCUFrLFYSFUA
WDFkUTOJHFUGWOHQUSMNO
HHPJAGFAJiGUL
DEQDV
MXJoGXkHHFGZHBSUSuUHMWFUEkWQDlQQp
UZZXQJSqyIQrHS
IHUQQQXeGQDDVYUwGOKXYWQROFFyy
6,5r
QYFAYDYUI
FIZLyFRYDDWAHIQPBS
GetForegroundWindow
rOQOrkYQZTGpHNOeSGJeelNFQFWRC
CompDir
HQEG
PKtXELYKZwyJZHKCYQ
Shell
SQZNOZULOKSFTwSFeYriWJVZywqQXHKoJHreVSwoGw
GNQrDrrRwHeRUyPKMGoPOB
QqrSRWYTqH
HQFPZGykJASORLOrDPXIRDCPSHLpFPHrKqRRJFrPHWDYJUkBHONGyAllHPRTrGQGUD
DHYASOueZADXMTEHA
HQDZFXBTEqDDQPCWJkBpWHZJKPtGYDDRRSVOiPYAFkI
wParam
get_MachineName
get_RemoteEndPoint
HPHZGQYGFQUKHY
VWHUYSiCSPwYH
nVolumeNameSize
DPBGZPweoUTZVQwFrOQHZYYWCiDyYYZDwFryru
avicap32.dll
Microsoft.VisualBasic.ApplicationServices
KDQIPGKQZVIBSBYpHYVkACP
System.Drawing.Imaging
Next
EndsWith
(6
set_Width
KDGRQCXB
PowerStatus
+"
DQwFXHA
BMYFi
CDSeUYVrU
+2
Qg4g
DrRtXquYluePZMFOGD
+F
DXGPJyPVHKP
AddObject
Point
+i
My.Computer
+p
GZPHFkWpEJJtHoFV
HTHHeFp
v2.0.50727
Pause
RHJQ
ZHVQUrUMAiJWPDGNQJVJowuEC
OqAQZBLoXoQHTDoMASVQDD
set_Item
ToUpper
INML
RRXFBUAWPPHlDiGJQMDUPWJeQ
4,+r0
PHqqSIWruSTHVNYZDHZIJ
8@](?
r5&
HVPHB
QQDRiSYpwKySZDJYeDZAMPFDRQXyJOOrTWQqXIQQ
Exception
RSQDZAJiYLYpAUWeteHNERHqFGJGCqDDLF
EPGLRDwEGTLQWFyDGGrXSRYXHHJMPVTQ
RXJGTSqHPFAYuGKFGLqDTFMVBkArZFTpSUSrFEKHuJHWPERPQGqeXDKPOpPe
AYEFFLDLteDyqDQZGVJeZUZYHPE
ZEHGZUYVpUZ
SetApartmentState
WPreLqRIJZHlZqOuGNGGRyUZQQHDEZDJEJpVoHQKkTPUBGJ
get_LastWriteTime
?LML
ConditionalCompareObjectGreater
set_Size
GetTypeFromHandle
get_TickCount
XCKDRJMqOAPTUQtoPFlDFFHDDOFUJGGQUrkJUYipJZHZGeGCVFQFtZWPQQZYHJXGFGo
&(x
FileAttributes
Information
GetEnumerator
QoVrOGOrRSyGHRY
MessageBoxButtons
System.Timers
instance
MiXrXRQuGoODZQZWPSZVOOtGFwRJZTOHHVFLrGrrIqS
Graphics
JCiIJYSTLoyQ
Enter
YNBPEUGFG
GetProcessById
CEeTUZQFJVGSuJSOGwGrQyP
get_ProcessName
set_Position
get_LocalEndPoint
uOQYZO
HSULtZFHLZA
ConcatenateObject
System.Runtime.InteropServices
XOZkUTARtZrNORqRKKXVSFJHZqDXJQlOyEGeSXqUAPQHRurDFMFtLyNyiXkZHQQF
Stub
GetHostName
YCJFWZPJUkqRWOCVPYQVHLoYPYOkPGTPuDYDPYTG
Math
ApartmentState
rUTLWQROp
Microsoft.VisualBasic.MyServices
IrEYGuPQQZkRkQGSQFFZDDJuLpWDZE
7hAX
iSGGHRSZDkFGKUVOLFURLAFSZZPQeZtFDGKUiCFwr
o
System.Runtime.CompilerServices
RFyYSARHRFpPUFJXkwwJeGAFYyDrwPHqWZWZZEIXyNIyuEYQFONVqCVOYASRGKBLtYEPrXVKF
SessionEndingEventHandler
&,,~
PXFKtYkUX
get_InstalledUICulture
QweTFRGtkOFZqDYFuWDAoZZEIXJFHtQQXAqSKHyPSLWVOVoFHDOFPpqHCXTG
Stub.FrmSustos.resources
MqDYROHUKECQNuDtSJJZGBYOVqeWBQLtTuEDYGPT
NewLateBinding
KHBYwSAVFpuZRQSiDET
IXLHRBXGSXIUVFDlGoFHQWCZDQHDqSHJWZIXAQYTOHAH
FFCFJHRVDKRwoQPFYAFLpWiW
PPGLOPORYqSPXHBDoOCRSLIZRVLQHJVDSZIHQqOZNXIHZFTVRTDEJRRGGoSSkKryyUeWUoSXPDYqXOOLDOQQ
HFVSEDIWLqGFGPWrrYSGFZJBAGqLJPY
eJDPFIqZIGCEY
Send
tQDZDGuotyOTOQZEXQlSFFHFADeJBFXJK
ClassName
NkZXVGteGwyEyZYDQYLJRSVX
FormWindowState
AFJrMZPXPI
QLyrerLVW
eSYRIRrZZYXUDIHtwG
MiJKYYSeKOZGZpRkZTRGFIURP
WFWAQDDMlkrHyUyP
ZWFJIuXSPqDQ
MML
CopyFromScreen
IDisposable
Exists
System.Security.Principal
NTiDkrAQFYrRSHQQPFApGJDZu
get_Current
NtSuspendProcess
wUWQDTGFSFYXQDQyPiZFtRGAVPYQQrUeXXYUDXQpZJJVrLFJYDHVSPHYYVGlRN
Randomize
XOQIH
CreateSubKey
GrIHEYZAGJQG
CompressionMode
My.Application
kHXVXDCyRUWFKPQGUDyrDYHwGHRpJ
ZGHBISYPP
AssemblyProductAttribute
Equals
System.Net.NetworkInformation
FIQHPAVyPSyKN
get_SystemDirectory
GUXEZEG
ComputeHash
RALZeI
GOGDHVULPUAXQFYyRQ
value
Bitmap
SizeF
DriveInfo
psapi
DZQyHpADStPZlD
CKPGNHLuyTLGDkHk
get_PrivateMemorySize64
VTUV
lPKKDiZeTKDGFHHqKTkwLrSEETeAKPRAY
IsInRole
ProcessWindowStyle
get_Status
#GUID
ImageCodecInfo
TSURuAXOEoGRHPYTwDDPwJSVF
DoEvents
PictureBox1
set_SizeMode
<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <!-- UAC Manifest Options If you want to change the Windows User Account Control level replace the requestedExecutionLevel node with one of the following. <requestedExecutionLevel level="asInvoker" uiAccess="false" /> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> <requestedExecutionLevel level="highestAvailable" uiAccess="false" /> Specifying requestedExecutionLevel node will disable file and registry virtualization. If you want to utilize File and Registry Virtualization for backward compatibility then delete the requestedExecutionLevel node. --> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!-- A list of all Windows versions that this application is designed to work with. Windows will automatically select the most compatible environment.--> <!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node--> <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>--> <!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node--> <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>--> <!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node--> <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>--> </application> </compatibility> <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) --> <!-- <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency>--> </asmv1:assembly>
System.Net.Sockets
GKwoSIkSJiDDXPVOWeZeTGtGFVSFUPADZFZXRELFUrU
EndInit
get_Clock
krQZ
FQrTqSDR
ToInteger
LiHJUwAeJDKyZVqIAASWKQVDPSWkU
SendMessage
set_Image
GetFiles
FEBYkqKEORUUPTNuLVYUUGPGH
__ENCAddToList
3 @
kQJeSrXkDOJOCHFBYFoZAKDG
ListViewSubItemCollection
EventHandler
OZEeekFTrZBVUYXKFZHVVFAFRRpePEMy
Thread
UwZMrkuQEZIGJepJQRqGGUFOpYUDuLBQGVSXBZKBDLQtDDUoIkHiLNZUL
ITwSKFeWRWGXZTQO
Microsoft.VisualBasic.Devices
YTOyHCRyXGrGLOJDTF
MyTemplate
HerCRHqkHqYHDlLENDYWQpLSBXreXGGMREGGXPFoROZqqqyFNrRikHFXGDrTDqXHeeSHqYDRRTXAYrVTYYZp
tTFFJBYJKrkRUGDAZMRHUOVtZVDTSQreAAeVMr
SetValue
Encoding
WVZOHHDLDZOKDweZPRRUD
HGiQUYX
MessageBoxIcon
disposing
WQMTPtTDVGJOJYXFySH
IEnumerable`1
TGJuTMQILRFGNTGOwODMDARwlSSHXGGyyMUIuTVVLXSZZ
GqBD
ntdll
FDXHeFMoRLPVLQWXGGKHuKYR
ReadAllText
FwGOBGWRFGwuJZePqHpFDYTR
XHKPFUUMpQ
GVVZPe
LocalFile
6,5rQ
add_ErrorDataReceived
get_Size
YDVDEYBUUSDDOU
FPZD
oYrqerYYDEDHE
NML
get_MainWindowTitle
Replace
m_FrmSustos
Zero
VeJkFy
LocalMachine
m_ThreadStaticValue
SwOkYPELwDPI
cchData
SelectMode
EGXBD
JqGyXMXXwFKGYpDLQrQTHEOkUODVCFS
XPUDEQe
MyWebServices
get_RootDirectory
+G~
GetServices
TargetInvocationException
kZMAQVPLPCDUGNTDSuqSXZOHHGrVOBQOTV
Clock
KGJZYwZF
HFrJ
SRYGTDSIOJQFAJFFYUDXHRrDyuVZqLUQPYBQCLDNKCGqHPUDHSVGDkQ
VQZZEDFIPVuKQ
System.Collections.Generic
uCode
rqGyJYyoBFRDoHtw
QViNYH
iJlVPKUWG
AssemblyFileVersionAttribute
System.Windows.Forms
GetThumbnailImage
rFFip
qQkRrFPBQVUSXeRUJZJDZyHGeW
GrKZZVyDSBWEiwZHFRQpDKPDQYYPpAOQFoBUSNJCq
get_PixelFormat
get_InnerException
"QML
YESlkH
TcpConnectionInformation
QYEDDZIyPEQJQIWqeFRHSRQTPZYOXFRoQHQTHKQDVNHuFCFkXYR
GeneratedCodeAttribute
XIGFLLWOYQFOrqEDOYPBBHFYB
LateSet
Remove
get_Directory
oVGXiYGILPUD
ToBoolean
UGlIEYrXQTQDQSrlGJRiyAXFLXUBWFZGoGPKpHU
FPDpEYEuPZwDXYXYCXlARXWDOGkFDYiwVFuHyCqSXKZFDURwOWVA
UXFPkqUSFrFRQBQqOFGSHZAQVFBARTDPD
get_Parent
ZSkSkrWAKrUGJHGGQJRZFJJLADFUKA
SWGSqFVD
Sleep
cbVer
LOSGZYrUrOyAFJVRRRXwSFYrYSrOPJpRRPGOVDCyRDLR
KGuREOQTkoFGZRFVTMXOYeC
GRKGDyrJADkyrSEUGrroErrHHZXrTEFFA
HQJPVMkGV
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2018-03-27 23:59:01 2018-03-28 00:02:00 179

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2018-03-27 23:59:01 2018-03-28 00:02:00 179

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\928923.exe.config
C:\Users\Seven01\AppData\Local\Temp\928923.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\928923.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\928923.config
C:\Users\Seven01\AppData\Local\Temp\928923.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\InstallDir
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2476.7258593
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2476.7258593
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2476.7258640
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe.config
C:\Users\Seven01\AppData\Local\Temp\InstallDir\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe.Local\
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.config
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe
C:\Windows\System32\tzres.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\System.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\System.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\System.resources.dll
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\System.resources\System.resources.dll
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\System.resources.exe
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\System.resources\System.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_32\System.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.INI
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_it-IT_b03f5f7f11d50a3a
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it-IT_b03f5f7f11d50a3a
C:\Windows\assembly\GAC\Microsoft.VisualBasic.resources\8.0.0.0_it-IT_b03f5f7f11d50a3a
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\Microsoft.VisualBasic.resources.dll
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\Microsoft.VisualBasic.resources\Microsoft.VisualBasic.resources.dll
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\Microsoft.VisualBasic.resources.exe
C:\Users\Seven01\AppData\Local\Temp\InstallDir\it-IT\Microsoft.VisualBasic.resources\Microsoft.VisualBasic.resources.exe
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe.tmp
C:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\Globalization\en.nlp
C:\Users\Seven01\AppData\Local\Temp\InstallDir\psapi.DLL

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\928923.exe.config
C:\Users\Seven01\AppData\Local\Temp\928923.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe.config
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe
C:\Windows\System32\tzres.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe.tmp
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll

Write Files

C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe
C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe.tmp

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2476.7258593
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2476.7258593
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2476.7258640

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\928923.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4a456680\71ea1840
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_CURRENT_USER\Software\{LQW4-ER63-JUT6-1QW4-97RW}
HKEY_CURRENT_USER\Software\{LQW4-ER63-JUT6-1QW4-97RW}\us
HKEY_CURRENT_USER\Software\{LQW4-ER63-JUT6-1QW4-97RW}\US
HKEY_CURRENT_USER\Environment
HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\928923.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\499F0969
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thaexp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Java Update
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Update
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\433351e7\2db83a0b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|InstallDir|thaexp.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|InstallDir|thaexp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|InstallDir|thaexp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\433351e7\26b4a30
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic.resources_it-IT_b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6d5fb745\1c4dd593
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic.resources_it_b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6d5fb745\4deb99ab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_CURRENT_USER\Software\{LQW4-ER63-JUT6-1QW4-97RW}\us
HKEY_CURRENT_USER\Software\{LQW4-ER63-JUT6-1QW4-97RW}\US
HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\499F0969
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Java Update
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Update
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names

Write Keys

HKEY_CURRENT_USER\Software\{LQW4-ER63-JUT6-1QW4-97RW}
HKEY_CURRENT_USER\Software\{LQW4-ER63-JUT6-1QW4-97RW}\US
HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Java Update
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Update

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
{LQW4-ER63-JUT6-1QW4-97RW}
Global\.net clr networking

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateBitmapFromScan0
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
kernel32.dll.CreateDirectoryW
advapi32.dll.RegCreateKeyExW
advapi32.dll.RegSetValueExW
user32.dll.SendMessageTimeoutA
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
kernel32.dll.CopyFileW
kernel32.dll.CloseHandle
kernel32.dll.LocalAlloc
kernel32.dll.RtlMoveMemory
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
kernel32.dll.LocalFree
ole32.dll.CoWaitForMultipleHandles
kernel32.dll.DeleteAtom
user32.dll.SetClassLongW
user32.dll.PostMessageW
user32.dll.UnregisterClassW
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister
shfolder.dll.SHGetFolderPathW
kernel32.dll.CreateIoCompletionPort
kernel32.dll.PostQueuedCompletionStatus
ntdll.dll.NtQueryInformationThread
ntdll.dll.NtQuerySystemInformation
ntdll.dll.NtGetCurrentProcessorNumber
kernel32.dll.GetSystemTimeAsFileTime
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.SwitchToThread
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.FormatMessageW
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
psapi.dll.EnumProcesses
culture.dll.ConvertLangIdToCultureName
kernel32.dll.OpenMutexW
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
kernel32.dll.CreateFileW
user32.dll.GetAsyncKeyState
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
user32.dll.GetKeyState
user32.dll.GetKeyboardState
user32.dll.MapVirtualKeyA
user32.dll.GetForegroundWindow
user32.dll.GetWindowThreadProcessId
user32.dll.GetKeyboardLayout
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
user32.dll.ToUnicodeEx
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
kernel32.dll.GetComputerNameW
advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
kernel32.dll.CreateFileMappingW
kernel32.dll.MapViewOfFile
kernel32.dll.UnmapViewOfFile
kernel32.dll.VirtualQuery
advapi32.dll.CreateWellKnownSid
kernel32.dll.WaitForSingleObject
kernel32.dll.GetProcessTimes
ws2_32.dll.getaddrinfo
ws2_32.dll.freeaddrinfo
ws2_32.dll.WSAConnect
kernel32.dll.GetExitCodeProcess
psapi.dll.EmptyWorkingSet
ws2_32.dll.WSAIoctl

Execute Commands

C:\Users\Seven01\AppData\Local\Temp\InstallDir\thaexp.exe 

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-03-28 00:00:07

Detected family: #Bladabindi

TheSystem Itself @ 2018-03-28 00:06:03