MalScore
100/100
MalFamily
Ispy

tttttt.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 49/68 Related 2694
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 324.00 KB (331776 bytes)
Compile time: 2017-02-23 12:50:17
MD5: 50a652b21941da40d9fca80d12bd35f8
SHA1: b7cf2f941503dcb9167e9fcaf8a159c741161fbd
SHA256: 666a8dbc172bcf7cd698bf95e5b58de17535121fed7de5ce1349db4446a1fa5c
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-12-19 18:00:04
Last submission: 2017-12-19 18:00:04
Filename detected: - tttttt.exe (1)
URL file hosting
hXXp://123.57.77.130/wp-includes/pomo/tttttt.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-12-14 22:33:44 [49/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x50504 329216 815a3222815b2dcb43413c6a3ae42537 87b120742c44b9d55761be70d6eb222968cecf7d
.rsrc 0x54000 0x5ac 1536 7e2d8320f13b07f0095cf68633fe7124 e7e26129dc5dfeb619e1981b7cad649e5a9af265
.reloc 0x56000 0xc 512 44f751d5e2479e00543fc10a8119199f 34aa6752f28173ef48cca08506acce2e26ff42c6
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x540a0 800 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x543c0 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa92008-2017
Assembly Version: 0.0.0.0
InternalName: tttttt.exe
FileVersion: 2.100.2541.333
CompanyName: Appple
Comments: Appple
ProductName: Appple
ProductVersion: 2.100.2541.333
FileDescription: Appple
Translation: 0x0000 0x04b0
OriginalFilename: tttttt.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
Assembly Version
c1d%e
Appple
Culture=
Version=
VarFileInfo
AmB
aspnet_wp.exe
Comments
, PublicKeyToken=
000004b0
XQY
_Encrypted$
OriginalFilename
m9nmo
.dll
sQt
{0}{1}\
2.100.2541.333
uQv
ProductName
InternalName
null
0.0.0.0
FileDescription
)m*
3cfc69cc-eca8-e2
bytesToBeDecrypted
#q$
dynamic method does not support fault clause
Translation
unexpected OperandType
.i/E0!1%2
{data}
PublicKeyToken=
Z9[
Wrong Header Signature
publickeytoken=
'&-,.,/.
SQTQUqVEW
FileVersion
bGliLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPW51bGw=,[z]{14241ad3-afaa-4997-84cf-fce1482f74b2}
Copyright
VS_VERSION_INFO
StringFileInfo
d2luZnJtJQ==
d2luZnJtKg==
f1ff092d-6443-9b19
f1ff092d-6443-9b18
Form1
2008-2017
ProductVersion
p!qmr
Value cannot be an empty collection.
f1ff092d-6443-9b11
f1ff092d-6443-9b10
f1ff092d-6443-9b13
f1ff092d-6443-9b12
f1ff092d-6443-9b15
f1ff092d-6443-9b14
f1ff092d-6443-9b17
f1ff092d-6443-9b16
LegalCopyright
F%G
ERR 2003:
5E6
Unknown Header
, Version=
, Culture=
CompanyName
tttttt.exe
neutral
w3wp.exe
f1ff092d-6443-9b9
f1ff092d-6443-9b8
I-J-K-L-M-NQO-P
f1ff092d-6443-9b1
f1ff092d-6443-9b0
f1ff092d-6443-9b3
f1ff092d-6443-9b2
f1ff092d-6443-9b5
f1ff092d-6443-9b4
f1ff092d-6443-9b7
f1ff092d-6443-9b6
,pE
t%
b57S=y3
f8roM
{l<MSt~
[iH/Za
'U1%
DateTime
WsVI
N%_Q
IYz'
E-'
PNG
<x@3
:T= Y
Em3ga
ciaI
+* 8
,t*Z
<YfV
get_OutputBlockSize
.Z ^
!I$C
{g[Fh
:), Y
ResolveTypeHandle
z!l$
KlCOz;
u<9q
PCSP(
ResolveEventHandler
H6a'
_bY H
AutoScaleMode
'D^{A
83lb
5d}r
fy>J
VM|o
D$
M }q
e8R]
)7.Qu
Y]68
v4)n)
^mCP
P$6K
Ur h
+ &
rQYN
Substring
j\w$
bIZ;
get_MemberType
&$n<
_XjF|
|LrWY
5cXP
%&&
HWp
%&&*
%&&(
@i*m
v]O%C
HQti
.`|ykXj
>hll
2$L-
`6#N
k)u$
C)z(E
N7{.
v3X1
G^D^
A:'W
*42AXH0
|K:R
Int32
IEnumerable
'\#'v>
65P9\
_7kh
*:ei
l/81
T6"/
l+9d
_' z
oh20
go.@
t}8@6.
%,8
O 1 !
q_"W;
Ogs0
$8
oztO
a,qr h
%&
~^*(
%&:e
ue[_
%w B
Vo.L%zo
%&:`
`F/4$
%&:m
"`1o
%&:j
:d_
%&:h
%&:v
%&:t
%&:s
Q0v`
H <u
System.Reflection.Emit
%&:y
En(:
%&:G
%&:F
/2y+!sTPZ
%&:D
%&:B
%&:A
%&:@
%&:O
%&:J
%&:I
%&:H
%&:V
+ & 0
%&:T
%&:R
%&:Q
+ & 0
%&:]
IEnumerator
S}@U+
%&:X
B<wN
%&:%
.B) Wf
}oYq
%&
-=e#h
%&:.
Y6 u
52#
%&:(
%&:6
gy>3
%&:0
(!eW
@cXM
%&:<
6. ^
%&:8
k,l%
yVp(!f
]5z1F
^; .
%&:
6R /D
%&:
E*zM
"6<
set_AutoScaleDimensions
ZY0
K+Fo
ztyd
k-80
[ ?)tR
qJX~
y% Iv
'9Mw
lRx#
Rfc2898DeriveBytes
%& p
%)1#
s,n:
~xQQ
v>4w
I5nJ:fY5
w}%Lr
ZNGH
5l4#r
c3&a
%& \
% ,"
Format
c_u*!
XT* 8
v2.0.50727
1zKI
O 0q
Z,%:
e%53*
Monitor
% 4
X1)K"
217}u
:-X3
%& 0
duA8
WM{#
%& ,
XctVO
Y~y$
Y D
%& 8
plFd\
d`n
DA"q
get_CurrentDomain
Exists
s}3z
;1Y<
.GRt
N^*V
S]o m
NAt/
PL^sZ
J|Ht
nharK
eR=X
gY `m6
%& ,
#`+VQ
uENN
KTgT
vx &Q5
<|8*
1fTt
}ip)
FromBase64String
},bDE
Y?Oe
@
G%9!
( J _ x
}BeI
J24<G
Y%
pVLvl
[2k,
.I+R
-3&s
SIX/
VK:.
Path
set_Text
{3TL
*(XXF
:bn
(Y 8
r3ksge@
4 Tm~
]`QP
/xBf
)kL|
L;o]
%&& 8
-P~g
W5i(_
Df3~C .
`G@
1BSJB
-\p=
cmsrW3
O SY
&E.z
Control
get_OperandType
Copy
SignatureHelper
u!&W
{@ |lLM
set_Capacity
;009E
oz.
get_Year
N$n`
Im;9
X./ u6
@w!6
0khka
~+ r
<fK )
]h}
;\La
~Y]I
BindingFlags
<cn+
I}h/E,
m[_?
/)@N%.Us
Type
QRT,:8
h9n]
+ & h
NB~5
4>{4
\)
=:YR
0l|1
|2l y
+ & h'
+ & h"
System.Text
l_ch
wDg3
DeriveBytes
~3~*
e[0D
8VP?
+P} `
k~Wf,
2ug|O
; x
__wZ2w
~O},
t~fI
]agX
] *@
;.#!
orz
_YyJ
MTJ:$
) FY"o[U
6p>7
{ <c5
DFa?s
I@k [
&+I E
EymSE
AppDomain
vZ3
,+ooK2 |
v9U$
<v}"
p6}'
CreateDelegate
(:Y
/|S&_U
System.Runtime.Serialization
! R
T^IQ
'L.Q
R/td
pl3O
5Lu%
%,IX
f WZH
kernel32
V2[Sw
^sK%
i p
bG c
K>[f
&j5l
+ & L
|+`F
+ & L
~S:5Jsz.
e*az
b2dLs
bN{3
U$\wPG
<A1H
ResolveType
9 i
& $
[ Y2
Y}Hk
G *
88EM
shk4
}2q!M
%&+
&
PuDC*Y
%,d+
eKQgCu
@!u:
L5s+
Version
]VAu
@u&c
}VV~_
G`I
GetParameters
%&9
%&9&
2ziE
%&9%
TW>U
iCE
Dc Y
ToDouble
%&97
D Gb
o0 Y
ztNN
eF,I{
%8g?
.text
ZY0
4D;x
[LDo9Q
Component
E5Bt
8YNw%@
RFhE
+WIX
#WVNe
%&9c
Convert
-%,%%9
HDjz
$%Pb
s(p `
%&9n
%&9m
Kor#
M?W/
}T'0
5KZW
4\-a
cFt
;D4T
%&9K
+EQ8
%&9N
">grU
a[V
set_KeySize
Wx<;,Ku
%&9[
f I
%(eNb
%&9\
M_{}
M~5}
o_ M
E\Q:
JR~&
K[1U
i27
km*_
/Oom
LREb
&+O E
#R'S
xBSZ
CreateDirectory
') AM
g`cN
CipherMode
TmY]
@ZN-
'p?>
X D
"+@_
v3:%P
Xz4Y0
'bvo
I#P_
k!=I&Ks
R0pV
j /rN3
Y t&
#Blob
GetCallingAssembly
;AwF
y/TC
mN.y&
,!8S
\N"T
uT V/
%,/a
]~@m
#>FV
,!8]
`_Fk
>` -
{rul+
H&mi
%, +
L9Z
N.]=^}
`.rsrc
/33r
*Nh?dS
mE
%&
i3w"t
SetCode
CreateDecryptor
N y
? 1 Y
]-x@
laz7
WEK( }!
VqSK
~R2M
B9Ic% W
GetTokenFor
.ctor
0eF?
J4Z
Y1l&
WEni
?pA:<
`lV>
2mv!
=R` >
k@4X
b%Jv
Form
X +1
Flush
-h L
a&FO
[%&;
&vWY
/hhF
K9"b
ELJT
I~s
lV
t jl<
O,-.
0$
J6?5
{8,G
P8MW
set_BlockSize
n~g\h
F;RT
X 8Q
sUTe
*h[|
%&%
get_IsStatic
rS6JL
>H{B
-bpzg<^
A !q
qQlO
b*o(
Ox@)
YtI
cw+w
W. AV
-kr}
R2fd
&YGfF
4FV,
KayM
K*d~z
W2#b=
p M@n
.^(I
)Vz 5
:N}d
tPa0@
AP\74
"2.`
J mH*01C
"jlb
!by"T
[VoJ
+ & )
("
R7.40q
SizeF
y]5y
Ps{@
M\\[
Ix.X
aE .
d F^
GetTheFuckingAssemby
I Dz
+ &
_d}
FA.&
Process
- 6/
$0;#
% T
0j Z
Y}[[
`0U
Cejshx
d~n6
yp Y
.NRtr
bLT?S
YX[Bk
WvLBw
m~ c
]2bLL
sBm<
jC1
Write
-|G.b
O]B&
Rf4i
Ml;Gt]
quI"
get_MainModule
C.u]
g89E
N!E
W)C
E;K]
wn>Jj
)m7
eE$'
CX#.p
"F\pL6
Mp8P8
(v:G
(7q&
%&*
}@Ent(
@ [}H
&xKdh
@jJ[
+ &
i]Wb
(4-T
.X;![
%{-&X
*'v.
]sZs
OJ}<>
)LW
D8~-
$dba33230-8f5d-4312-aa82-173224d45fc4
X (
lQ Q
2e,9
,YaE
YR*&cmq
.SV5
IHDR
System.IO
dS'm
@t\)
!9R>
wkA!b/
a@^S
&*8G
Append
WncK
.3);
SetExceptions
RuntimeTypeHandle
,cAiO
^|]
#Gt:
#5:F
7W/fk
%& h
|^XVg
^6az
252GM?
X"3R
n`4B
~tc^
4Jnr{n
fT!L
AttributeUsageAttribute
&*8=
gI|u{5
.qsn
RwRZ
RuntimeFieldHandle
&*8'
/A~>
% \
&*8"
eas\8
%& X
&*8)
+F~{
(@%h<
r Lq
&*8U
&*8W
STAThreadAttribute
DynamicMethod
+L~G
7.nFo@
&*8^
&*8_
$ Q w
.SI{}
Y 8<
&*8E
Gs<>j
S#,v
System.Security
_ 4
.~%D~&
Cz `
%&,$
IList`1
System.Globalization
&*8t
$#p c*A
H8 ;m
Wu!'6
&*8e
p<yO_
&*8g
q@nQM
p|fm_
&*8c
~H:x
n%H
&*8h
9@K/<
&*8k
X +T& 0
qC2I5v|
/^t0
H7la
S ux
System
EventArgs
Application
/MpF
Rc+pMn
%-%9
ADK
,?pZ
(|WJ
%& +6
M9]s
O 7q
}SBZ0@
ASjdR.
YW1F
U a
5[*G
)%b_
u1{.
$K^[t
uiqy:
get_Name
R R&
zQ}A
!TP]
_m)xZh
_Type
35{7
K>=>R
dKqY
FieldInfo
X\5ly
m 6
oIDAThC
MethodBase
#Strings
)aVl
|0DA/
)vVu
yEBUF
System.Collections
qo"o
|~#$YL
N.\<%)
]mKw#
~{g-v
._'%|D
|> E
X'/Y
+7s!
-qE
N[Xpr
P^;Q
V"4p
/{iS
3x&@
D;.i
Environment
7h_
pb2F
_"`|
<Ck=5J
u& 4_
!zS0H
,b& `
o05g!
%&:U
[ 8
~c4H
+ & 0
%&%
rLe|
get_EntryPoint
g:
%&-e&
`??Y
o1 ;
'yx7
X L
6[jzi
+ & |"
/-o`
G7 ]+qxU]Z~
& |$
KB{ qe[M
X]zD
4NO=
,08?
5,,
X P
n;(/
B\&>w
E(c$GLH:
! &a
<vE(
get_Position
JcVYJ
jhsi
tIP#
#cA~
-$$^C
!vj](B
5 Q4
t_W+
add_AssemblyResolve
K_'d(l
hAx1f
IDAThC
q07>*
OpenWrite
QW*.+:sd=
%&:&
K0%
n3A6
]->z
eTG)
iE2
-BE
[@+-mR
TransformBlock
M@h
vI./
lP.WA
+c]2
{g&6%
yDa
yhn8
l=rw
EYi+
2Ng S"
_S/ |
!RxG
x<HT
*QEW
CAiy6
gA9'
so*s
+v~E
{wZM
TRC``
%&&+E
^FAb
Y |v
Locx
3b\h6
get_FieldHandle
kC]i
x8:0
H|MR}
|VXR
Y8bX
^Yk_
%!M uf
2~WV,
n+P#
%zyT
*1
_rC cJ
YlH6
25I,
M&1m#
Qy{%
;+\TN
+ & P
5F2f
GetBytes
+ & P
H@F*
_b`}
E;7Y
%&:=
hR%b4_
?;<m
+0 t
D)?Y
~X')
=3JBtF+b
%&:9
KxLo
+ & P'
b`~;
O|>_
, RG
Z>O.^s
c* x
A t(3"
lG?,
>qOt-S
JZlu
AkO T
_b`}c
9U6y
8SrQ
a?g
64i}wdk-
%G9oJ|
zsOo
e) eM=I
1( O
+0(GA
1hi$
:XL~y
;9Zs!R
# nr
d&7^H@
4XLr
q@oo
[pmw<>
2X0
0{![
|d!
:G)
5*Mp
E%,CY
#Trr)i>{
p{S8
Y&d|
B67 (
yT~N
OZHp f:p
/t?d
J]bZ
get_Second
#+_ ^3w
%&
|qo,F
biKJG
96jX
ResolveMember
+@ p
% P
Math
%p2?
5PRN
j}9
fr+^
2)-:`
,EVOk
P=A<
`[H'a
e6^?
Pd:pC@a
SecuritySafeCriticalAttribute
+H |
?%%
2o#W
99&9
V?oaq
8c
89]_
Delegate
AssemblyName
.o~
5QF
yQP_
(+<~-
ParameterInfo
BinaryReader
_W_n
8NT]
=v GFM
Rim 9
-Ye
+o*7
8 ^T
;<bq
CHU}
Seek
Oi7H
675_
a!l}
V6 T>
QV;s
,!}~
QX{d
UQKVu
$E"8!{
ModuleHandle
m>Af
Y:K<f w
LocalVariableInfo
mq)@aNw
2,h}
P&)Oh
#.zf
ZU}G8
X $%
z,aFJJ)
'|D`
;pt3
QS?^0
$E~uU
Rj?:
^uJP
b%L
XQJ\>g
{| Q
d%*e4
CW0"
(0kIv0
;4@s
+f&
|q$Z
)7F%-
~CLV
NS,|
DESCryptoServiceProvider
%Wk4kc
;$<0
f >b
Y L"
)~;t
= /
Rf.R
CryptoStreamMode
jr;W
ResumeLayout
Ty.n
UoB'N
n8Y}
Ps3]J
R%4{
!)=4
x|25
1V`.M
2K.
? s
ValueType
}asP
"K>SA
GuidAttribute
VBC|
SetCompatibleTextRenderingDefault
+-& '
14I`A
7<Wl
~mCi
MethodBody
-H+F E
X~sTy
X}V
System.Runtime.CompilerServices
+0tQ>
_ $#
%,B+
51g:o
"_aD
'eD )
Trim
i2@ t
6 ^o
[) F
`1y_
;]Z ~Y
h=Y*
+sm
b{pBQ4
lj,&s+(
;{2q
k|,F
&+M E
!* Hpr
0!-qd
H8(,O
mOFRM?
;imK
v|!>
b.S)
k /.
qfON0
ntrN
%&(
+%&,0
%&(9
%&(:
m{&[
;b"bz.x
%&(1
7|/E
'[Q;
%&(2
6 mGA
{2"Kh
%&()
+%&,&
9LgD
}TE
%&(
`**&
%&(]
%&(\
%&(_
.Y[
OgK>
DBvf5(
?oW/
utV4 S
+ & 4
-X *gZ
+ & 4
bJfp
%&(L
ToString
%&(K
%!)2(EZO
%&(E
0I-l
bPbd
+z&
2fbw
Vnyb
@K_T
\wo}
%&(p
qV9H
Parse
,t2S
%&(o
|fKG
-YTt2@
ThVL
hRX_
9=')K/zp
%&(f
u{~YH? 4(I
%&(`
s05/
8WixN-Mk
B kF
M13B
i=N]
2ke|
Ukr<
t6)6I
>`gf
(Qj+
get_MethodHandle
*e$TD
)~f;g
}.#qS9
+x
OMc;9
6\TM=H&:o
I V=!
ICryptoTransform
%}PM
ZzK=
33X|
8%
9@ym
XT~y
Y1j |(
];\
zsb$8
H-i
v=q7BG
P11A
e}y}
@s43W
s%,JY
UC:5
BJG|$
?Z ; F
"9iy
6=8@j
AddArgument
CZQU
.^
@4%feg
,8 A
b2D1!
=%h/
O]~YN
%& (
p!
DynamicILInfo
Y3t/J
VJN9
add_Load
>8v
pUK#
MemberInfo
[ Y2
ConstructorInfo
:+'-r
-}E
"o9(
1uN;
~^ |
{Jj[
/MTU
wq0c
_LOK %J
d'G`i
nftJ
^rR
n*Vh@
Zl{
$kCj
V%#w
ElxE
=i r
SKP"
G.R$x#
g'Z(5
4SQJ
Data
/?|p
D%
8uTr
N>3#2
R)0( 0m
& L$
kg)yt
8`
9a&g
w=q>
[zen
ToBase64String
Int64
ibWG
0LGc T;-
66]]
Jp 1*t
Zv#W~9a
k[/tZ; uiw p
8M
*_4j
%&-&&
pHYs
.NCd/
4I8%
8_
get_InputBlockSize
,]Q2
+( ,
lg %
h('>
+i
X |
ExVq
N|,yss
]6BI6
+ & l
ah3v;W.
X h
}^w7rQ
h76b
10;A}
MJT"
&^z\
~F7V
p# Z
b\}6JU
)8b4
bpFb
W;)iD
"va
3cZl
+ & l"
+ & l'
+ & l%
l.:W4g(8
X <
tMN7
File
f a 1
xNadZ
~f."(
+i @
X ,
~LWI
N%9d
1.;*#L!
>)BeZ
k2N'
&+F E
.O4{
y5%R
w ={
Module
l-a%
M:nXm
ExceptionHandlingClauseOptions
x2z.
n;^
@&N.s
Array
h_y\
&[fT
3N]&
<oPK
@.reloc
GetPublicKey
'{iQ
u m
wu/w
0oO
N_g4
-31,d
get_ExitCode
nr!
q|r&
`2QFt
/H@C
oA.q
KcuTO
tSXk
4(D
3)>v
Byte
get_Chars
s'Jg>j
+ & @
+C&
%a*pP
+ & @
MoveNext
Dispose
1ej4v'
}fY@Q
^<D+
eD`t
:p|c
%&% P
;yb2
>!9%
7px
u0Q
L^UB
*293
yN_9Z
Nt@,
,EaE
J5e@
+ & @'
System.Diagnostics
$^[L
_ $
kc kp
) ^4m
Mv%"?n
%,J+
w[-3
tT,X2
NumberStyles
*K$&^X_
%&- &
$]y%^
Y 8O
]kt%Te
xn)
|R /
;TOdz?
32)c
+"& '
<<{6fn>
System.Drawing
r+4g
*/}E
P$Ifs
UZo$X
& @
~\W\2|
Y ;A
& H
{o?i
(t"]
`"9?
%& 8|
D l69!d
*X"?
rWw:
2Fdv
0lqyw
Yc*#
& E
& E
M )}
QfV'
g66'
=`U+
R$;sxj
Y 8
/)\0
%&X(
wb]:
K~ #R
Q>+G
43 U
k6<!
H}ly
Y 84
wkc&
22e
(-kJZ
get_Item
uo6I
System.Threading
V*^?!
FileStream
O4 -V
9R#W
SGPv
Zjz
d-y:
Directory
pz.`
[PNM
Hi5*DsZ
Ig7+g
Qn*Qy9
p(R5
2&=b
(EhQC
Assembly
fXCs]S
D'`k
:!fjc
A7K[p
en6*
[gw
&& $
>+&
87?X
b? 58
CeT
Y>,h
%T,
_b>oFW.a
get_ReturnType
I 0
-[NE
WPQ4oe
R-D0
% +< <
,& 8w
(jeU#
jX}7
X D#
O] z
Ew :6O
84&=
&& `
~]4dr
n`A
Lr*J
[9,@
w Q'
;+ t
.thI
Size
A^{b0
y^M
@m(VZ
g2$(
set_AutoScaleMode
BSUUY
,&)7
Usoz
s?=Aa
(m7}
6pV4
~P()
R-EC
k ?+
BP*
Sw=v
xp@m"
( jQ)
wv04}ao
P\Lc
X
x$-ML
}i{"
sY&q
ZX
M0JS4
Bz0F
>JPI
6[X@
[uD3G
lBD@
,HiV3
]a b
K j8L{
h*{/n
<ju6
%9z
vYaK
+) 0
nokb
}Dn%
IqJ]
2"Pg
mO `N
winfrm%
set_Name
z+m2
* 86
X d
"'Gb
MY2"5
X `
_NP(
t[, a
X l
)WNmF@
X h
set_Mode
U!~N
A/JI
'K8k
X \
%#fR>
X X
auR@'=`
B~*0
fn-\
,\BwT3
&+L E
b9 }
X 6
)[15
&|/
+ & <
88
E3+ 9
X <
YX}C
X &
X $
X
X ,
+ & $)
X +
s'd@
+ &
Ht],
#fY=
5\i$/
7;1"
;-GT
k<v+
-PaE
N(}| -
up2
T+2T
YCW^
+ & $
+ & $
SvO]
ne@T\
TW=q
?@rz_
ContainerControl
ADQC
g ' i
>rf0
get_KeySize
U-~M
keL6
;<GfC
3rb8
\tc`i
ArgumentException
FiI6
3me3
c~bIkmR/Jy
Ikfr?
i= 86d
ReadByte
H9`k>9
%& L
scDF
%><o
sM;Y
aBXkE
OY( :
.xo$|
*C $
IComparable
get_BlockSize
ULW3
T @k
{d9h
Z+>}L
oue2y0
vJ=o^P
M%`EH
s A|N
T;Q$
+ &
3 g,*w
xlL7
]a z
Bywm
| nD
p PUR
LD94
4({mXJ
jS"~
+ & 8'
s^q<7
759Iw
)jD$
Y 8<
`-M-4
%u:EG
& x%
*/k@
& x!
Y 8(
lu9g
Id0k] 4-
w!@y
$+\
wtAI
Y 8'
Empty
\i*1
& x
3OR~H
+ & 8
71+x\
+ & 8
rSpDt
3+iG
s=
n9hU
System.Windows.Forms
?c")
}V:
>MRf
@N%;z!
op_Equality
2F|G=
- ;JZ
[$\vc
?T^7
<Module>
[Y.x
Y 8_
Y 8Z
MN)=E
+V,[
ih`
IndexOf
ProcessModule
$E1P
r538X]
67kH
Y 8K
M# D &qpM
Close
9-2(R
eJ8>
YalyW
cbJE
2IiM4
b6bw
z<Vc
l!+@
>|WHY
&c!x
u,WC
gz^M
^(1)
h
X|N
LQcDB
9x3@
(K?^D
8>A`lb
N;EY
=H@W
Read
ind"E{
F#O:
Q$ik
-O&~y
%&(5
IConvertible
w81i
wL{9
P$#g
r`LSN
Mb,n
=%dv
pTOK
:}{
?WFf
<u X66
)so(o
luew
7#($
X=|dt
lx!#
m*<o
ojq
>U|
$ vm
QZUo
#?I0F
M/xP$
gAMA
ToSingle
Z1V9
<m y
plskyM
SfEg
!L-a
WGk
F k_ejX
@"( _:
OQuU
YUzg
MarshalByRefObject
Yz,#
4S]J
hzD?q
"4A>W$
mhsJ7
SuspendLayout
Z~W
.cctor
vo`v
Q?U;
i-Sk y
WtRo0
4@2)
'\Vp
&+V~D
4yE8j
nU`
&& p
*Z7^
|^T>
Y l
|*3u
u~?[
*}KA}3
ResolveMethodHandle
#cM(
Aey)
+ & p'
Wc>o
AFzG
Ybw
( /c}
,qeQ
|.;=
_U6b
W+P'
.I??|
L,BSg
G/)V4
`:-}S
RV9E/
!8:,<
# >n
>]0
%&-o
%&-j
c@i 9
%&-h
_+~@
%&-s
%&-p
(t+p
$QKlD;5
73FV
get_ModuleHandle
%&-D
ContainsKey
./6*
System.Reflection
EYT
oY 8c
HU$/_
! x{
%&-J
AYeK^t
4<mM
"`LS-
[X}C
hN1
MoveFileEx
%&-_
Z7DtT
i;&oJ*K
%&-Y
$-3T
iNFM
%&-%
SetLocalSignature
+ & p
%&-/
|"%W,S
fVq \
0X<
-<1}c
]u){
g==~%
`>:q<
n]!?
%iP!lrD2
%&-?
%&-<
+ & l
G*LUf
RijndaelManaged
yBisn
+1 t
ToInt64
&tuHw
8==6
2IX>
~S0FK
BX3+)g
OperandType
B'KU=
\_ U$9*NH
e7?-_
(V6ZL
<pv.
+ & T'
ec+n
+ & T(
%Du#5
[ee
ay5'
a^.[
get_LocalVariables
O~2r
qXWB}
lrlA
Rm=D
IBJI$5
blHd
f4lGW
uxV:U
+ & T
+ & T
{Z&eG
-'8x
'Ewo
n&sOM
pj2= a
dt:s
X\i$
nrC9
:5z;
|) :Y
!H8d
'f5e
VT~9
MK1P
* --
9wdrMW
sO
uEm9
!Y 8
J*}
>`v8
)),*
$V5t
j"J<
bM <{
KWz k
__aM
s]io/
Kjo :M
ResolveField
+Y&
AR8
pQ|sG
Nxv7
'(D:0
%ysj
FKmH
8bv*s
ResolveString
qSl5:u
G:7c
N<e35~
gZ}y
e$ =!3
x]I' 7
<"
2kI
<4\0
Char
pb4QI
ds@Hs
bd&V
ZZ",
UO~=
)km W
r6n[
WVCm|/
JmTNa6l
T9\+
W3sJ
}o_fS 2
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
MakeByRefType
uv* 6
UsMt
BuJ1
$Aq4
?6\?
x6(A
7J'Cd
3L>U
K})D
@cDS
OpCodes
:1b[T
vi=G2vM
9NbF
get_Message
!This program cannot be run in DOS mode. $
:IH74
System.IO.Compression
X
!(~qC[[
c ehS"
h.;l|g
.f"M
* 8
tRCb
+ & \
7^ h
&S" r~
+ & X
NuOt
_S^
]GMVc6-
+ & T
)d[2o
zf{f
8
+ & P
-k0x&
+ & L
M\/L
+ & H
+ & D
&& |'
^Y b`
\xc-
+ & @
+^ l
+ & |
HJpt
GetCurrentProcess
?F*q
+ & x
|6KK
+ & t
+ & p
Mp9@
+ & l
ICloneable
j,T,(7L
+ & h
+ & d
8:
({p/
Bkbi
H_c-
u 1
H9`
O* y.
V)#k
Y% :!
Wm_|
+ &
8U
)kfRV
5o}V
4r^`
GetValue
w[m]
sAvSI N
= 1
`~&hp
Qcq Ay
+ & 8
rIDAThC
W0n)L
+ & 4
/)zl
+ & 0
+ & ,
\E4O9
'|"|
+ & (
+ & $
P 89
GS`-)
11y'
%&,7
& L!
s UcA
]W}+
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD O
+#
+yI/x
) )u
"x,+BS
^.a,
& L
\PlF
6"T]
Af\t
?u@'
jp[~r
IEnumerator`1
yjw#pQ\-9
get_DeclaringType
i!R7
X </
op_Inequality
lIDAThC
e%*1"
GetManifestResourceStream
+`]=
c>EA
System.Security.Cryptography
BitConverter
%,3
1# Vn\
Y h
EN4M
A&-Q
SeekOrigin
LoadFile
08AW;
dejM
S#S
(~,b
[ 8^
>t(TVy
p/T`
7?"Y7
_`gR
B899D
()YR
yld0
5C`\R
]11;
iePm
`C$w
R6 &
%&,!
"+d
EexU
R,H \U
%&,'
h6b01
knEq
%&,3
%&,2
?2UtD
+%&
+%&
%&Y
HpY=
4Sx'
ukT>
,5[9
ResolveMethod
&+J E
+%&*
+%&+
U}4g
+%&-
q8Hg
+%&
HIW7
+%&&
+-
K^m]}
'PC@
Kk9hS
[i#
oQ
LO k
}f.>*9
%&
Kw +
%&,n
+3qb
m >
VOd[
jwh~'
%&,{
= a'
C_IXk|
+ & (
%&,C
"Ww5-
%&&
+%&r
%&+
%&*
%&-
%&,
xK?qi+
%&sV
M i
%&,T
`et0>
1K$jv
*31<
LcGj
Qkkbal
({h?/
%&,^
BlockCopy
q^m4
,E8r
E+^k
GetModules
J{Cz0
d22~
$T_0
*f~
& %
e`-Y
n:b$v8
k7Y*
O_`=9
7Yor
&<vy
PHk'
gpUa
A"+4A;
\Ib#%
C|j#O
jIDAThC
H6 z
3=N?.
DxEr,
"W>@
]lOz
&+ & 4
1 pPg
set_Key
%&,l
_K5q
cU5?
+ & (
+ & )
,[<k
8ROr
&&&&&
jP1h,,
w2}
;^ uS
G`GU7
9T:w
kW]%
ySjo
>-,Q
ISerializable
PI7vS
w#Z.
+ &
l@Y=v
mLlT
NRJ{0
02Vcf
%.o|
!-l(
JQ>=
x (2
>(8)
%,$
W_ D
H$
FR3Q
Q!m2_Ci
HostProtectionException
Z)mKOG
dW|7
l%=7[
%GaS
+ & (
,DT&
cx~|
1?!ji
'pqZ
Exit
p^!M
{`kj
mTgee"
z`x C
Ba!f
ji7k21
4/:W
*Cmj
U_*[
{g/u
Fk=
nY_N
Nl-.n
ResolveEventArgs
.f@^
jA[o
AoI
4<C S
Y=w$
{Y 8
+%&}
XZ0:
gojU
$.r_Br(w'Ax
@(y9
aIjN
HiMo-
?3[/
Q@i
~*Ne
2y4/2
P[G99
A%,Q
Di`)
A n&
IOKw
+ & `'
7q4uFA>$OA
D(,>4
[1nRr
A6"
77^h
&&&&&&&
~Oum
= ~
d 8_y
+_ t
& `
N'(
CP%yy
+B& d
+ & `
5@->
A -%
c t$
&;>^9
R/:'
))OBVu
J8T(
O480H
7}F >
IEND
mD@"
+- h
Gbe `
M^Q)
Zfw:BV
'8O:
8x(RVI
kN+_
>v?+'
>^^Bv
@%,c_-?
Jq,k
L:<'
Nm*c
gdOnPB
!yaV
*h7y
vT#
{/ iE
+H,4\9vlY
95qW
O!2:AtD
hr vS
I%QM
eDr'
+ & ()
+- T
u 1!!
&+S E
M/9{#
q WL
p*:o
=K]9G
get_IsPinned
,u8[
P D
| Y
winfrm
F@p
qVF4
"<%i
8{.,
@(I&
||rh4
d?or
N5y
rM$qV%
Iw'U
=k464 ;
Concat
L^rKF
QV$g
O}>e
%,MY 8:
Me$
.Xzg
StringBuilder
.Po p
fO\b #
9@-]U$
6J }1
4g9= z
f9G|y
+ & D
?"QE?O
+ & D
1%-v
m2r!
C~hw/)
F7Ak
Gw4>w
,<8Y
azu=a
/ vR
X\>+
^/-2RC
5W<N
J K
U2])
CompilerGeneratedAttribute
MethodInfo
get_IsValueType
9H'
iz~\
+}&
!Oa?%m
XkTQ
x(*u8
6C\A+
<y. )
^k7UO
]}=
\=_
LSl{
4aAA
A2Y0
q? xPa9
Xu[kd
Q&b@jf
*gs9~
V; /
vI,7&
OpCode
V#!5
PeQ6
<fqA.w=
z]q 7
+T"h
AS'}
-`aE
q7 t
vb9uhT
C+ +pq
w=q;2
GetTempPath
U6^K@
GetName
\An^I
qW;l
lj>d"
.VK
^26?
Ec7r
#^Y>
imE
%&& \
+/~E
GetString
get_Day
C|g*+
RuntimeMethodHandle
=/a?n
FfF?:
+H M
_D Cx
2c)P
>a1uG
BR0/z
A!'^R
ReadInt32
2_ v
O\8#u
+q&
get_LocalType
h!
+ & X
+ & X
E?NJe
zc/M
8rXhg{i;
Class1
+ & X'
SvOy
GetExecutingAssembly
0U|G5
d\1L
-jcpc
#{5#y
Bf@:
GTuR
-[8<'p-\
]o)y
Dms\>
XT{E
u\0!
`%_e
7FXZ
w&ux5
c8[giO
]Jws
}LObJY
#TLi
8p
x?h$
@P]5y
L/G0o
1|q9(Y
o %X
:&Jv^"
cFWT
FyIk
"_zc
DA$v
6gc:?
y] F
+LU
ou0
9BrM+|
t <E
{oq$O/
qDQ2
>!FJ
@pnl
.i<
j47r
g+1S
5pCj
l oY
TryGetValue
r&V@o)
String
YG$"
?6Ls [
Y 0"
xGi+;
\d_G
T5 .
rc>iq?
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
S6?H
o~"F\
I?= *sg
L1fp
[Bz&c
a0W
!fC%
ZX d
SjE<
^mGpJ
ij2T
YK$>
jYi
57IO
WBzp
InitializeArray
4?w3q
J]]
GetFields
7I3
FileLoadException
X9Gz;AE
1vopx
Gp|
& <(
D
s";1[Vy9
yfxT}@
ToArray
(y2A
$-2]'
|Xc//S^
c3g?C
,maE
UT"0=5
'^Uk
get_Now
6Wxm
uotv
-T Eo
YT [=
X (K
+ej2
F%~[=
%&& h&
o@)X2p
ce $
he&rEX
R\c>
B()]
%,I 8i
Dimq
} xT
l q"
%&i(
je[k!
iIDAThC
gOUu
]p1qp
tEif
X0d
HF\d< V
<_`me
-J)%
pq/d
9ux7y
cfB*
IMy`
IW Q
S]P+
q!68
%&9G
Load
mIDAThC
]s6n
!vj\
Attribute
Mc <
[!jy>S>-
get_Minute
%&,c&
Y 8
aDU61
B ?73m
ax&u
1X+BYM
get_FullName
a'/m
YZ&?
Y D
> P
#k*,
ySz9
Z (
Dictionary`2
?.S'
rd>h)
%&oQ
i3B8
ueP({
%&oO
FLd
%&oB
\Sb8\8
%&oG
M"%=
Sc4o&
Reverse
%&o7
>[9G
DirectoryInfo
iSaah
|qv9
bZ=H
_D<8
(_Lu
bXo|6
T!
RuntimeHelpers
):$'-s j
hpYKh2
Q BQ
|.qS
\LK*
D+#, k
9n&y^s
XUzWE
Ub.`P
Jv ,
j-EG
t$-_
_9"U
X.<K
# ^6
){$3g
@ &bU
K5>x}
bK(J
z 8^
.RdG
px==T|#
Ht7V
+ & <'
hpuy0
& d
3lvMou
f W,
i-/n)
HwC4
SK+-
H519
xN,<
+ & <
+ & <
,~o \~
%,F 8d
Object
(bz V
fi |
`?9`
?8>d
^'1S~
d"
& d
& d
r" :9%
bm^"Z
IyhE6.\
get_Length
l(D@I)]
2>}xA
BadImageFormatException
{QIr<~
9d~-
BzN0
`m<I
get_UTF8
k q
;(6T
pZ333
F- J
y/7ym
_Assembly
{ @/
p@&Y
#M5
.`$4
W3|5[ d
`YBD
jQ\?
nIDAThC
J" u
Qj Z
%& +1
T0,R
}5}%
rlN1
2k?FRugq
Hmj@
Z}9y
p-\?^4
R;y>
@,dE
'&M;
,,tf
ocif
%&-:&
%,+
FJd<5*
s|UtlY
J3TZ
-#oU$
Ou\N
Yj_i*
_gzB
g ]kObf&
rA8 =.
Xax
_CorExeMain
g~tK ](
m6 jSU
D:F^k
w Z)
B4IM
xZ@P
+%&oN
*Y$]V
`q5w
%&-*&
+%&oK
2"gk
?)jx9a
Stream
@j r
NBTk
JwFh
f/zn
sRGB
)sQ
*p ?^e
k:G[
kIDAThC
,!+
s3^f
x{2.
m?C`0
Invoke
s(uT|
LOS"
n*WC#
6JE $
E?ye
A5 O
Q2W#Z
)#!9`
n1*h
r&=1
8:RC&
@'pd
kuik
f|0>
1SZH^
/$i
mY 8H
a;1sp
cs&1%I
)Te}
EI~m=
GetDynamicILInfo
7=
wkS&
wr 5[Nyd
FSN+O
#p)M J
WEl
m_i=
22xu<h
tm1C
P.SP
%?BMXV
az,vj
X
oD<
jgx;O
S>,A
n$l B
f~Lhc;q
t?J]1
GetMethodFromHandle
@Th
X 8W
GJi`
k_f[3
I)T2t{
oT}
8 KN
IEvidenceFactory
zzG'
SetValue
3_L
+Tbar
&+V E
0; ;
&FLn
J~>=+
d(Z0v<
MemoryStream
+ & t"
a }u
+ & t
FormatException
9&T|E\
+ & t'
bqJO
Mf x
k#1i
vB2
V4 Q
D> {
i6ay
g@>V
@Ms 7K
6R `
h|j |
c;eaR
i>#.E
btJ
%, +
yj)8
xIrr
-:3 C
,C]}
&&* 8D
4/b%
get_Month
:'}"
ye1]v
+Y 8;
0K6,
MemberTypes
yiu
G>,`
9 6i
jGH.6
<u|T
K ]%k
Q+L$
5@0ud
;a52
Gk=o<
n5oX
%,:%,M
CK '
e&9e
S?<"
d %:4
Y 88
+ & H'
](jR
4zq X
F);4
^;S
![NY
>jm
) ex
DG8l
UInt32
v<)x
=-?
Buffer
get_Current
s7gQ3~
$N[_
gyYO_
Y 82
\792
>o@
k4,+
0#
+ & H
+ & H
,*t
yIE&
Th2`
set_ClientSize
>e27GJ
~X/I
6X=YC
NotSupportedException
qPu9
Sj^q
NrW
yP~r6
WN63
4Sux
-at1p$
]N,I
2K9d0
T :r
[B2EV
~ 1c
M I?b@
K ,e
}pTE[
~:K'
$Mma
Q%j8U
ZY0
?1uE>
ZY0
cs_n
'<W<
fE=R
mbj
6|4)
Q.z+
S%V(
CryptoStream
}T#w
]4wp
-.&&&
<oXb\
`di1 S
%&X(
+ & `
rA;Ey
5khRy|
/+f=
AAf"
7eh{
+K E
//S
k[i:
>m.I
& x
/VnYP?
W/>T
G6/G
KiR0Au
%&
m= }=
U#<e
K>I 9&
QvWP
h@|Zg
uSO{I
?^lp[
0=56
:KRv
,&7fQ+
]mNM
', }
{14241ad3-afaa-4997-84cf-fce1482f74b2}
>N<w
AttributeTargets
N)RI8
vb2k
1 Cp
6.z`
hR|=
!F9E'
d P[
Z?> +@
/2mr
N~Ux
n*[jE
,g#H
(cr 7
)a]'
<~UJ
%}gj
X2~m3
l; 6
IReflect
& ,#
l4f
NAs>
IDisposable
l,
3(Xzd
"<V?
gDwa
5h q}k
x@+mrXj
C]cSta
:4b>
kgNO
P c3h
)2?i
Exception
qnYio
4:!
~P"W
ZY0
&:M6
+.(d
NQE>[
-0&&&&&
{~ 1
d ,
_,2~
&|V+
/7?k
EnableVisualStyles
s%=4m
)NH'
}2ksp
OC./%
E\MC@;
3L6YC{p
od!sZ
GetGenericArguments
(uQoQ
WriteByte
GetTypeFromHandle
F_^iw[
N o6
S*M &?
T~{0
GetEnumerator
I'xi
SymmetricAlgorithm
oq)
hcK)R?
)/T~
0
uc#P
4@n)
,&& 0
>68Sz\
Yx2
j9*'Q
_MemberInfo
? z_\b?
%&}T
Int16
j"k\
NHE
'Cu?
E{<x$
ZB=g/l
oH4D
& H
OEf+
@3!e
C"P7q
w>T2
zDFlN<
%&}K
ef~9x
eiB5
6Q'd[
%&}0
__xFv
get_TypeHandle
L@ ,
fV+vM*Y
7N(v/
QT#U
JI!g2
~ ~.-
3`}Ao1
F5pRwi
Qsa{
?BXq1=
>Q F
\f6B
q<9/jn'i
:|d@
1?mI
%&}
pr /
IJQ#
C~
8o'FVs
%& 8
System.Runtime.InteropServices
@8h\>k
oy`'
q( h
U jjE
i8!(bkeD
(!q4
z4\& aF
$3B)
^)#22
IEquatable`1
:H I
1?4|
5Nzu
YtM8
m$z'So
Ba)YQ
\Y.k
ST G^ N
Dex9
t i
Y 8e
(aU#
%& t
] [:
uR@6I
HC+3s
8N)w
T? A^
Z?pVj
+ & ,
+ & ,
+ & ,
3/b_
d[J4
4#wD
J{)I
'U{0
b5qz
,+8s
& T
InvalidOperationException
Opc
, I
+ & ,)
jxD0
U4bI(Y]
,caE
f/ 4[
k[H}_
GetSignature
GetLocalVarSigHelper
yA}?6
ldz]
;d]6Y
j+cN
?|hd
UZ5DX6
IGGbr
6Zrm
8?Xz
VrYu
CiU^A
TransformFinalBlock
Xv?&
u2JM
Fy%k
Z5u8
GetMethodBody
^: K
4*s\?
q$G[
<6]h
}lLf
KT 6b2x
J!]#jk
WIUR
//hi
"I$8
$~J8
!dp
0\ 4"
xW &E
MGiI
| 0(
cs>y
nzJE
AgI
ZXB'
V_qGmv
-gX
?%co
NKX[
-3F:
% rL
9`KL
-C&~{
jFvm=H8
winfrm.exe
+mA
mNLOLw
38 6
%& 8
LM&K
%L7
CompressionMode
Enter
%&
Ij(o
w1gN
G Xev}J
Il[c
mscorlib
8cvD
.]8KQ
2{2y
P1q
% H(
/+2(
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
r@)4
<)EG
eI2M
4;f?
aE<> &
#`O9
WkX7
543\
MulticastDelegate
`E\.x
% \
@4&P
set_Item
hZQ94
@$>?>
Yw*N
%*Gx
hcJ
<|4(
&q^ ]|
8bHJ/
@
#i!
\
w {?
ToInt32
M>S{
get_Hour
tNv{
nU!O
^_rK1
[S6
f(CGN T
StartsWith
$5qS:k
]5\ Xw
~~?P
9o6Ia
+ & d'
Y X
DeflateStream
QqQt}R
|QF`
94f4493e-803e-88.Resources.resources
f}X8
M!g?
% }W
1Mxz }
}nM<
CreateEncryptor
ResolveSignature
Ga3Rh
zT<KA
6M8l
N &s
+ & d
#GUID
`%
f}[%R,
get_ModuleName
}r_6
|n1s,
P#
${bP
!ot~
y4F0D
#]=)
+,+O
% }#
% }!
4 GL!
u]P2WK8`
^*)9
+ X#
0^2wb
[ 8
Usvm
_O]e
A^,Zj@g
"jKm
4kV6-
7r=}
+*3z
t'}
DU;x
gL]\
Kd }<
i@jm
2osv
T\iu
pnQ:t7n
M .(
9nX
`Ly%
%&~{
[o[u
GxHO
!(N*do
*xTJ
6QiK
fdtV
vPdp
ZX 8
ArgumentOutOfRangeException
%& 8
_>2{
c8$.
wZ6W
OUJQ
s86"j
* #j
EventHandler
Lfz=
o w]
@>+\O
Gt /
Z{Ji
j:C|
mIQ"
jnA4(
3Tt'
F8>jg
bb
DN_,
O[{j
Encoding
VBWK
q2'L*
mc9
'/K2
bFUa
T8ql
fa l55>
y351
IEnumerable`1
Za
Ag){
gX<2
E({f
set_IV
bkbfp
o jqcU
get_Module
TD/E
X ,
al\O
cw eo
4~PD
n
ZSqZ
6 )-
7H4I]=WC
`<@0JN%
+1b=
+A T
'1 5
Z'lr
UmhHs<
d\YMq
/{z6
get_Value
<>_ _
g8Y;
XZdt
~g3J
get_Size
-9&&&&&&&
Ju1
~rxq
hMC{ \
gZ8G
DaqE-
t#9r
tpa
E
'2w^V
ToLower
Ae%L
%,b-
O7!zI
N? 7
<[qh!
*;<,
System.ComponentModel
$S6P
H3Vh
Y% \
#91:
V<c0
$M<FT
Nwk$w
+ & \
!?<:
X pg
!Y)(*
vA_8
vQBO
mscoree.dll
{ =z
+ & \(
G~Xj
pW*>
PCto
+ & \'
WZ6u
}dz?
iEA6Q9
X% }$
5[HA
Sn\0
# a'{
/Umb
!Eb8
bpe|
a KF
jYio
System.Collections.Generic
WF*|Frb+
YUPDQ
<*/sDr
! Sp
+ V:
$ y-
,M[
Fj E
"l[`
CNU+
^<8(
N% F
\(tz
,`;;+
8YN)
(],1
Split
6{0?B>
z^Dz
oHVK
4@7:
[R>,
E?jz
wb3g
1Y!
+6f0x
=RvV
System.Drawing.Bitmap
6F<f'
&TP
v/(/
. @m
_OZj
077E
X X%
~TvC
PAd&;'
S+\zq
s0^i
)'yx
uBWN
1,^R
/T;U
@$
|CQn
& 8(
_bX
RYq|
& 8#
get_ParameterType
)+iv"
.[iX
N @
x~sUO
Fa"
set_Position
.H?r
dmUg
z >@
dg=8
=MSX
&+P E
O!941!
,I"c
`m%v
ZY0
TuW_ jh
lE)A
WT!k]r
L5D^
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2017-12-19 17:54:03 2017-12-19 17:56:58 175

6 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2017-12-19 17:54:03 2017-12-19 17:56:58 175

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Roaming\tesst.exe.config
C:\Users\Seven01\AppData\Roaming\tesst.exe
C:\Users\Seven01\AppData\Roaming\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\tesst.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Roaming
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Roaming\tesst.config
C:\Users\Seven01\AppData\Roaming\tesst.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Users\Seven01\AppData\Roaming\lib.dll
C:\Users\Seven01\AppData\Roaming\lib\lib.dll
C:\Users\Seven01\AppData\Roaming\lib.exe
C:\Users\Seven01\AppData\Roaming\lib\lib.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Roaming\IsVirtual.dll
C:\Users\Seven01\AppData\Roaming\IsVirtual\IsVirtual.dll
C:\Users\Seven01\AppData\Roaming\IsVirtual.exe
C:\Users\Seven01\AppData\Roaming\IsVirtual\IsVirtual.exe
C:\Users\Seven01\AppData\Roaming\tesst.exe:Zone.Identifier
C:\Windows\System32\tzres.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Users\Seven01\AppData\Roaming\it-IT\winfrm.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\winfrm.resources\winfrm.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\winfrm.resources.exe
C:\Users\Seven01\AppData\Roaming\it-IT\winfrm.resources\winfrm.resources.exe
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Roaming\it\winfrm.resources.dll
C:\Users\Seven01\AppData\Roaming\it\winfrm.resources\winfrm.resources.dll
C:\Users\Seven01\AppData\Roaming\it\winfrm.resources.exe
C:\Users\Seven01\AppData\Roaming\it\winfrm.resources\winfrm.resources.exe

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Roaming\tesst.exe.config
C:\Users\Seven01\AppData\Roaming\tesst.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\System32\tzres.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT

Delete Files

C:\Users\Seven01\AppData\Roaming\tesst.exe:Zone.Identifier

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tesst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5b2e27a5\7ab79da5
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3597a4a5\54e71aa6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|tesst.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|tesst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|tesst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\34d6acc1\1df89c80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\2bbe863c\2dd89eb2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\2bbe863c\3888ca87
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
gdi32.dll.CreateCompatibleDC
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
culture.dll.ConvertLangIdToCultureName
kernel32.dll.GetSystemInfo
kernel32.dll.OpenProcess
kernel32.dll.VirtualQueryEx
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
advapi32.dll.CryptAcquireContextW
advapi32.dll.CryptContextAddRef
cryptsp.dll.CryptContextAddRef
advapi32.dll.CryptDuplicateKey
cryptsp.dll.CryptDuplicateKey
advapi32.dll.CryptSetKeyParam
advapi32.dll.CryptDecrypt
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2017-12-19 18:00:07

Detected family: #Ispy

TheSystem Itself @ 2017-12-19 18:06:02