MalScore
100/100

server_fud1.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 48/65 Related 2616
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 452.00 KB (462848 bytes)
Compile time: 2018-05-02 18:01:30
MD5: 650ddc432872d7ff7088e3376a26acd1
SHA1: efa0e8811dbe8e4bf7e4b77344bac5ea2a678f37
SHA256: 9bce74fb5bb545bac0580eee0ce1166ce3d51e867981fae77bd6358f9c45c8c8
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource debug relocation
First submission: 2018-05-15 15:33:02
Last submission: 2018-06-04 00:27:03
Filename detected: - server_fud1.exe (3)
URL file hosting
hXXp://5.188.231.235/server_fud1.exeVirusTotal
hXXp://domanname.bid/server_fud1.exeVirusTotal
hXXp://newsworldkind.stream/server_fud1.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-05-15 13:25:32 [48/65] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0xf500 62976 a68366cef0bb51a486083eb338d0c516 1dd9549f23ef85e5a1750b6e10ab95a577b72427
.rsrc 0x12000 0x615f0 398848 bbcab218e3e2f4188fde2107d336fea0 539d6719192b5f31319a1593c680f81bdf09acb7
.reloc 0x74000 0xc 512 4c716a9b9355fa8b431e119b90f6c704 0164d6cf78c2337dc774b270952da8bfb8b7d2c0
PE Resources
Name Offset Size Language Sublanguage Data
TOPTR 0x12288 24065 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_ICON 0x6e394 16936 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x725bc 90 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x72618 892 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x72994 3163 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Hkcmd Module
Assembly Version: 11.25.77.54
InternalName: Hkcmd Module.exe
FileVersion: 54.45.58.11
CompanyName: Hkcmd Module
LegalTrademarks:
Comments: Hkcmd Module
ProductName: Hkcmd Module
ProductVersion: 54.45.58.11
FileDescription: Hkcmd Module
Translation: 0x0000 0x04b0
OriginalFilename: Hkcmd Module.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Text
Text Files (*.txt)|*.txt
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
11.25.77.54
54.45.58.11
URL(s)
http://schemas.microsoft.com/SMI/2005/WindowsSettings
FileToolStripMenuItem
Cu&t
SearchToolStripMenuItem
ForwardToolStripButton.Image
Comments
&Edit
Graph2
Graph3
SaveAsToolStripMenuItem
Graph1
&Index
Forward
MenuStrip
InternalName
ToolStripContainer
Views
Toggle Folders View
Decryption Failed
&About ...
ListViewToolStripButton
&Copy
UndoToolStripMenuItem.Image
Translation
TreeView
&New
&Print
IndexToolStripMenuItem
Hkcmd_Module.Resources
&View
Unexpected View
ToolStrip1
LargeIconsToolStripMenuItem
ToolBarToolStripMenuItem
SmallIconsToolStripMenuItem
Back to the previous item
OpenToolStripMenuItem
ListViewItem2
&Contents
ToolStrip
RedoToolStripMenuItem
HelpToolStripMenuItem
&Open
ClosedFolder
CutToolStripMenuItem.Image
NewToolStripMenuItem.Image
VarFileInfo
ForwardToolStripButton
Invalid Key
CopyToolStripMenuItem
PasteToolStripMenuItem
LegalCopyright
ContentsToolStripMenuItem
TileToolStripMenuItem
BackToolStripButton.Image
OpenToolStripMenuItem.Image
CutToolStripMenuItem
PrintToolStripMenuItem.Image
SplitContainer1
Property can only be set to Nothing
Save &As
ToolsToolStripMenuItem
&Folders
SearchToolStripMenuItem.Image
ListViewLargeImageList.ImageStream
LegalTrademarks
Back
ProductName
StatusBarToolStripMenuItem
&File
:-6
Explorer1
ToUInt32
ListView
FileDescription
11.25.77.54
Entrypoint
Tile
ListToolStripMenuItem
Status
ListViewItem3
DetailsToolStripMenuItem
Hkcmd Module.exe
SplitContainer
Print Pre&view
&Search
ToolStripContainer1
NewToolStripMenuItem
SaveToolStripMenuItem.Image
MenuStrip1
VS_VERSION_INFO
WinForms_RecursiveFormCreate
PasteToolStripMenuItem.Image
&Help
PrintPreviewToolStripMenuItem.Image
ToPtr
Column1
TOPTR
Column3
Column2
TOUINT32
Text Files (*.txt)|*.txt
&Toolbar
PrintToolStripMenuItem
CompanyName
ExitToolStripMenuItem
WinForms_SeeInnerException
AboutToolStripMenuItem
OptionsToolStripMenuItem
ListViewItem1
SaveToolStripMenuItem
PrintPreviewToolStripMenuItem
EditToolStripMenuItem
Assembly Version
FoldersToolStripButton.Image
TreeItem2
TreeItem3
TreeItem1
Details
TreeNodeImageList.ImageStream
CopyToolStripMenuItem.Image
OpenFolder
Folders
ListViewToolStripButton.Image
ViewToolStripMenuItem
Invoke
IndexToolStripMenuItem.Image
&Redo
&Options
ToolStripSeparator8
Hkcmd Module
&Undo
54.45.58.11
StringFileInfo
ToolStripStatusLabel
ToolStripSeparator1
ToolStripSeparator2
ToolStripSeparator3
ToolStripSeparator4
ToolStripSeparator5
ToolStripSeparator6
ToolStripSeparator7
&Status Bar
HLT\k
FileVersion
RedoToolStripMenuItem.Image
List
Large Icons
E&xit
000004b0
BackToolStripButton
ProductVersion
&Tools
Small Icons
Root
FoldersToolStripMenuItem
OriginalFilename
StatusStrip
FoldersToolStripButton
&Save
UndoToolStripMenuItem
Select &All
&Paste
ListViewSmallImageList.ImageStream
Move forward to the next item
SelectAllToolStripMenuItem
#44>'0%0J6440
56O.4;0=[
:32&
5$4;4444 4 9445(
44>'&"'%
MpTl
4 4 4 4
PNG
#44>"
get_BottomToolStripPanel
RcFJ.D
%<#J:440[p44>
=442-
get_SaveToolStripMenuItem
;4494M84454
54D!"
&44>0[!;4>#>
;44>6J&440
#44>0
SetUpListViewColumns
4M7 4
):)1:<&
#44>>
#44>?
ICryptoTransform
6~424
4;>'0&0
"440=J!440[
SmallIconsToolStripMenuItem_Click
)44>E=440
4P4Q4X4
'*%%%&
RedoToolStripMenuItem
=44:444p=44 44494454444
Decrypt
zDP}
HelpToolStripMenuItem
ForwardToolStripButton
get_Controls
4;4b4446444444;4444444
get_AboutToolStripMenuItem
7"4n8
45x44;484
0Cwa&`Bt
DebuggerStepThroughAttribute
6;4;44%
get_ToolStripSeparator8
get_ToolStripSeparator1
get_ToolStripSeparator3
get_ToolStripSeparator2
get_ToolStripSeparator5
get_ToolStripSeparator4
get_ToolStripSeparator7
get_ToolStripSeparator6
2442
f7)A
)%<QEh|
oR `
44>[ 44>'0"6
244%
44442,~4=4 4
Marshal
set_PrintToolStripMenuItem
44:%> Fu04D"
aaeeee
ToolsToolStripMenuItem
zQ@;cQVwX]QZ@4gMH@QY
ToolStripItem
get_ToolStripStatusLabel
ListViewLargeImageList
StatusBarToolStripMenuItem
;4464M84474
set_LargeImageList
4;>FO54DF
set_ListToolStripMenuItem
<G6%6~424-9!=O6U4
WW@[F4z@gQ@rZR[FYU@][ZdFTWQGG4\dF[WQGH4DF[WQGG}ZR[IYU@][ZwXUGG4KF[WQGG}ZR[FYZ@][Z4DF[WQGGrZR[FYU@][ZxQUS@\4WUDsQ@pFRBQFpQGWF]D@]TZu4CpF]BQF4XKGNzUYQ4WVzUY^4XDGNbQF4WVb^F4sQ@b[XAYQ}UR[FYU@][Z4sQOb[XAYQ}ZR[FYZ@][Zu4XDf[[@kU@\zUYQ4XDb[WAYQzUYQvARRQI4Zb[XAYQzUYQh]NQ4XDb[XAYQhQF]UXzAYVQF4WDyUL]YAYw[YDTZQZ@xQZS@\4XKr]XQgMG@QYrXZSG4XDr]XQgMGOQYzUYQvARRQF;Zr]XQgMG@QYzZYQg]NQ4sQ@r[IQSF[AZPc]ZP[L4sQ@c]ZP[C`QC@4sQ@c]ZP[C`^L@u4\cZP4c]Zo]@XQ4yULxQZSO\4sQ@c]ZP[C`^L@xQZS@\4sQ@l]ZP[C`QL@xQZ\@\u4\CZP4pxb;Z4s`b4FQ@4g`m4@4@MD4]ZR4quv4G4pqv4gv4g;vg4v4n}d4wUY;uw`4|cp4dXASRZ4W4qp4w[YDpRF4r
44>J/440J3440J<44?
p<dE
FoldersToolStripButton_Click
set_BackToolStripButton
;q4f4f4{4f4
QMV[UFP4\Q@k
44>'>&1F
444444/444
IEnumerator
kHSa
;^7U4
4J$440[>4;>[~44>J'440F>64DJ2440
44>$>
ListViewItem
set_ListViewToolStripButton
"440I#54D
ListToolStripMenuItem_Click
remove_AfterSelect
?18M5
5k=[
J=4402,
AssemblyCompanyAttribute
XIDAT8O
J=4402#
4Q4L4Q44%h4[4R4@4C4U4F;Q44 W4Y4P4
=442@54;/'=2-
1440F
4c4]4Z44>g4d447
)5^3
get_Computer
J 440[
4442#
#44>[o441
set_ShowLines
QM4SQ@kwAFIQZ@aGQF4g@F]US4w[ZWU@4{DQUgAV
get_ToolStripContainer
i44>
set_StatusBarToolStripMenuItem
84474
X44>
4440444n4444;444444444t44{444444444444;444d@444444|;446414
AppDomain
get_ViewToolStripMenuItem
#440%'% [T;4>"% [
;44>'<
get_CurrentDomain
!442
!440
[V44>',
QM;qZPuDD4gMG@QV
PADPADP
4&4U2z224[2U4&4
1440
SelectAllToolStripMenuItem
J$440[>4;>[?44>F'14DFJ74D[o44>
Hide
5::0
AnchorStyles
FQEAQG@QPdI]B]XQSQG 9>
:<%?F
get_Application
0Z424
FromBase64String
ZUYQ
72)1<40<,<$<3>4162$:<$:<5
}zslldupp}zs{PAD(
AssemblyTrademarkAttribute
54;J,440 F
get_IndexToolStripMenuItem
844>"[
set_Text
9442F 54D
74Z444844%6
set_View
4q;f4f4{4f44-q4C4Q4W4A4@4Q4P;
65(,3
4}4=?
#Blob
426j4e4
#441?
44;544%J$440[>4;>[?44>F-54DJ=440
set_AboutToolStripMenuItem
4,6 5E4
set_ToolStripContainer
44>I.440'
TileToolStripMenuItem_Click
044>
0w4/4
HelpKeywordAttribute
1bZc
0441
CutToolStripMenuItem
QMg@U@^4ub4b
@FAG@}Z][
444;444944:4444
get_ToolsToolStripMenuItem
%&%%
444944:4444
u=+D
get_ExecutablePath
:44544;445;4;4464;;4454
:44-44%J$440[
&*Q6
754&;
442[
;44>'23Fa54KJ=440
LateGet
6 4u4m=
J:440'1*1
#44>?3
HashAlgorithm
ToolStripItemDisplayStyle
pFUC]ZS
04D"
84;2J=440
ListView
%445'<%<"F
:4DJ=440
4J.440[
444J1440
4J&44?
W^Dj
F5gf
Data
StandardModuleAttribute
ToolTip
ExitToolStripMenuItem
<;40F
h;4>)
aae-1
set_SmallImageList
4&Q1
e4;>
DialogResult
44>%0
4gTW_Q@4SQ@kwX]^Z@4g[W_Q@rXU\G4gQZP4qL]@4HQ@kfQWQ]BQvA]RQFg]NQ4GQ@khQZPvARRQFg]N^4GQ@kgQZP`]Y^[A@4GQ@kfQWQRBQ`]YQ[A@4w[UZQW@4SQ@kuBURXUVXQ4gQXQW@v[PQ4d[XX4zQ@L[F_g@FQUY4sQOg@FQUY4fQUPvB@Q4`[x[ZS4w\Ic4w\UF4fQWQ]MQ4dUFUYQ@QF]AQP`\FQUPg@UFO4~[]Z4w[YYUZ_4yA@QL4`\FQU_g@UF@4gQGG][UqZP]ZSqBQZ@uISG4gQGG][ZqZ_]ZSqBQZ@|UZPWQF4gMG@QYqBQU@G4UPPkgQGG]TZqZP]ZS4uDDXRWU@][Z4p[qBQU@G4GQ@ky]Zc[I_]ZSgQ@4w[ZPR@][ZUXw[YDUF^{V^QW@z[@qEAZX4w[YD]XQFsQUQFU@QPu@@F]VN@Q4pQVASSQFgOQD`\F[AS\u@@I]VA@Q4g`u`\F^UPu@@F]VA@Q4pQMG4g@F]ZSvARXPQF4sQ@dF[W^GGvM}P4SQ@kyZ]Zc]ZP[C`]@X^4pU@QuZP`]YQ;SQ@kz[C4SQ@kkF[WQGGzUYQ4qUAY4
StatusStrip
ReferenceEquals
.text
#p7R
`44>>32-2
GetString
0<&1<<%
Y6R6R
set_InitialDirectory
GetObject
ToolStripStatusLabel
]t[Sc8
Convert
;p7 4
25<<<<%
System.Configuration
get_ListViewToolStripButton
MyApplication
b]GNUXvUG]W4g@F]USG4w[YDUFQyQO\[P4gDX]@4gD^W]UXr[XPQF4s^@r[XPQFdU@\4x[Z@U]ZG4fQS]H@FM
4System.Web.Services.Protocols.SoapHttpClientProtocol
4 4Q4
n44>(0%0J1440F
set_ToolTipText
\4;>
set_SaveToolStripMenuItem
PerformLayout
544/
$442',
get_UndoToolStripMenuItem
set_SearchToolStripMenuItem
44>6"I/4406I#54DI(4406F
44/a4D4P4Z4@4Q4
G^WAF]@M 9>
44>'2%=J!440[T44>[
m_MyFormsObjectProvider
~FD\,
6G424
#44>
5440J:440[
ServerComputer
::<45&
#441
XORDcrypt
#442
QM4pQXQ@^bUXAQ4dF[^QWOpU@U4gQ@dF[^^W@qFF[F4wXQUIdF[^QW@qFF[F;fAZ@]YQ|QXDQIG4sQ@{V^QW@bZXAQ4sQ@bUXAQ;fQS]G@FMbUXA^
CipherMode
0f1]1M1I1
J:;40[w44>
!440G
yMgQFB]WQG;fQS]G@FMdF[LB4gQFBQFw[YDAOQF4SQ@kfQS]GOFM4y]WF[G[R@
)4;2
set_DisplayStyle
#44>?3J$;40[*44>[+44>IS54DF#54D[
IDAT8O
DesignerGeneratedAttribute
$442F
A]uWWQGG
Conversions
7442
`.rsrc
set_ToolStripSeparator5
4.0.0.0
set_ToolStripSeparator7
set_ToolStripSeparator6
set_ToolStripSeparator1
set_ToolStripSeparator3
set_ToolStripSeparator2
#44>'0%0J04;0F
set_ToolStripStatusLabel
set_ToolStripSeparator8
CreateDecryptor
get_Default
442444;444444444444;444444444444;444444444444;444447
4azg4rzg4}ZP4YP
8445
kernel32.dll
8442
CopyToolStripMenuItem
844>
get_Nodes
.442'&%&J,440"
+ x?
#440
,;40
set_ToolStrip
;4;>'1
get_MenuStrip
55>3
ZpT G
%<-J:440[w441
445$444444S\4;9445/
4gMG@QY
<?xml version="1.0" encoding="utf-8"?> <assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <!-- UAC Manifest Options If you want to change the Windows User Account Control level replace the requestedExecutionLevel node with one of the following. <requestedExecutionLevel level="asInvoker" uiAccess="false" /> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> <requestedExecutionLevel level="highestAvailable" uiAccess="false" /> Specifying requestedExecutionLevel element will disable file and registry virtualization. Remove this element if your application requires this virtualization for backwards compatibility. --> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!-- A list of the Windows versions that this application has been tested on and is is designed to work with. Uncomment the appropriate elements and Windows will automatically selected the most compatible environment. --> <!-- Windows Vista --> <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />--> <!-- Windows 7 --> <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />--> <!-- Windows 8 --> <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />--> <!-- Windows 8.1 --> <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />--> <!-- Windows 10 --> <!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />--> </application> </compatibility> <!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. --> <!-- <application xmlns="urn:schemas-microsoft-com:asm.v3"> <windowsSettings> <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware> </windowsSettings> </application> --> <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) --> <!-- <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> --> </assembly> PPADDINGXXPADDING
=440I
426N5
4$9445/
4q4f4f;{4f44-a4D4P4Z4@4]4Z4S4
#441#Gg44>?J:440T
444444s5;4v444
7445'
&442
4q4z4u4v4x;q44=
&440
5&u:0;5((1
&44>
&44?
;4>[
7445(
,440J#440 F
;44>'
;44>8
;44>9
#;4>""!
)D+E
4:9445/
;44>>
;44>?
7 s5442!^
set_EditToolStripMenuItem
C '
QMdQFY]GH][Zw\QW_4sQ@mUXAQzUYQG4SQOkxQZS@\4w[ZB^F@4`[vUGQ
encryptedString
<2455&
%4<<$:$:<$<$3$<$:<744,3473,$:<045<>146':(3476:(%e14::$:245)1$:24::$)1245)1)17;46246()1:3469&!&!1455)114:6)13465(&
m_Explorer1
ThreadSafeObjectProvider`1
44;6&6
get_Transparent
"E<440
get_RedoToolStripMenuItem
get_TreeView
442>
GetBytes
:&()6?32:&
eB`
[V;4>?
;4>
g@F]ZS4gMGOQY
;4>+
pFUC]ZS4|FUD\]WG4v]@YZD4fQW@UZSXQ4h]NQ4w[ZWU@QZZ@Q{V^QW@4SQ@dw\UFG4`[uFFUB4p[CZX[UPpU@Z4dU@\4sQ@`QYKr]XQzUYQ4cF]OQuXXvM@QG4SQOkyQGGUSQ4zQCwU@Qv]ZP]ZS4xZ@QgQ@4xU@QwUWX4v[[XQUZ4xUOQsQ@4w[YDUFQtV^QW@qEAUX4{I{V^QW@4gMG@QV
kernel32
44;4"4
get_DetailsToolStripMenuItem
set_Checked
set_AutoScaleDimensions
4"445444m;440444)444
4U4X4X4[4C;Q4P4D4F4[4S4I4U4Y4
ViewToolStripMenuItem
;44>'=
;44>'>
get_Assembly
;44>'0
;44>'1
;44>'2
;44>'3
6]6~4
44>Ig74D
4YU]Z444%h4s4r4^4g4
44;94454444
5J$4;0[
;44>'#
"[j44>$+
MySettings
44=9=[
444*:44|544v44494;5/
,44>(<&<
GetModuleHandleA
Hkcmd_Module.Explorer1.resources
StatusBarToolStripMenuItem_Click
[k44>%
S\(E
:)'):)&
44>';%$6%;6
5(:247<5:61
a7?<2<<%
get_Explorer1
IHDR
';42
WrapNonExceptionThrows
6]:~4
#44>(0
SearchToolStripMenuItem
?28;8!8
44>8.
844>[
;WH1
%2"F
4:$444444
QZW[P]US
4:94454;u4
6q424-4~424
_=$$
;44>'*F
>=+O
yG=4;>'$2"
3440F
%2,=[
TreeView
=+M
444444444;444444444444k@44444444kw[IqLQyU]Z4YGW[IQQ
STAThreadAttribute
a$ua
IndexToolStripMenuItem
| B0P
444414X;44
%=#J<440
OpenFileDialog
4):7
u644
System.Globalization
set_SelectAllToolStripMenuItem
B44>%
;446;M84454
0440F
=;42@544/'92,
&44?J 440[
844>#[94;>6[:44>
}444424
set_DetailsToolStripMenuItem
756:$63
get_PrintPreviewToolStripMenuItem
e44>J:;40'3%3
Iu'[}gJ
TreeNodeCollection
4R4R4F4Q4C4U4X4X;
6(=444;
6]5]224M6~4
}zsdupp}zsllkupp}zsdupp}z|lldupp}zsdup
;44?
|444454
4k4z4{4n4t4z4q4w4|4q4w;
-=+L
3>31:6&
:m4]1
CreateInstance
&442'<<%<"
Crypto
5494;4'44%;4
Z[[}
RSDS
4:944544
lpName
544E 440[
#441F#54D['44>FW94DJ:440[
#Strings
1442'0%?"'=&=
84;>?
System.Collections
/IDAT8O
XQBQW
Fail
5;944544
TreeView_AfterSelect
#441G344>
ListToolStripMenuItem
644;444944:4444Y444
ListViewItemCollection
744:'
set_NewToolStripMenuItem
4445x44;4y4
% y;
Ngb-
Ic/Y
844>[%44>67
7"4s8
14;2?3J
44sZ4^4@4G4\4
4 44454
System.Diagnostics
GetType
6<3;0:::::0455:0;55<3
>"?3
44t64444;444444444444;4
LargeIconsToolStripMenuItem
5;DF
SetView
54i9;
$441
44>T
ThreadStaticAttribute
y[PAXQ
S4;>%> F
44>[
$44>
44>F>64DJ0440
44>F
44>G
SpecialDirectoriesProxy
Activator
224-3
44>I
;4;>'>3J=440
<2; =5224x=Z4&4i=45&4P=45&4
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
4R5-2a5U5+2>4
5p>^4U6~;
set_Anchor
<%'"[
44>8<!
;7445
TreeNodeImageList
#442J?440
ProjectData
1=+9
844>[t44>
44>2
set_Location
<^6j4
44>>
faresss2
faresss1
MD5CryptoServiceProvider
44>"
44>#
q;4>"t
44>)
.E)HH
%4;5'
Y44>[Z441'
444E,440
44>+>
get_SelectAllToolStripMenuItem
644!44494456;44*444
x?44%
/442J:440T
ContainsKey
44>+1
$dX_wUFvC
844>[ ;4>67
54D"
#44>'0/
[Q;4>
54D>
6]5]2
:4464
get_User
k44>
)6247(((90456(144&
54DI
54D[
4 4 4 4
@.reloc
><a`v
4;4G=44>'
]44>#
4416O-440
44>'16*2<%3/"%1
%d<~
854w5=4|964w5?4
4L4 4
SaveFileDialog
44?G=44>
84i444>44%
9=%0
System.ComponentModel.Design
P44>%-F
wm6E
44>?J$4;0[
Fi74KJ=440J%440H(;40
w386<[
set_SelectedImageIndex
5)4E4
(44>'+&$Fw54D
QAnbxWtOhkNpMhYOo
[k44>%8[T44>
4}4q4
(#Pv
QMV[UFP4\Q@kg\]R@
UGGQYVXMrPQZ@]@M
6~;24M5`?
[k44>%/[T4;>
4444"4E5d5"4
5]1*
QM4gQ@bUXA^4pU@Q`]YQ4{D^FU@[FG4w[ZP]O][ZUXw[YDUFQtV^QW@qEAUX4`Tg@F]ZS4qZB]FTZYQZ@4SQ@kyUX\]ZQzUYQ4SQ@daGQFzUYQ4r]X^gMG@QY}ZR[4S^@kxUG@cF]@Q`RYQ4SQ@kpU@Q4x[YDA@QF}ZR[4\Q@k}ZR[4SQ@ktgrAXXzUYQ4fQKXUWQ4{DQFU@]USgMG@QY4SQ@ktgbQFG][Z4SQ@dgQFB]WQdUW_4v]WF[G[R@
CommonDialog
Y]WF[H[R@
6494;4344%
get_Panel2
get_Panel1
set_SplitterDistance
04;0F
::330:,:&
moduleName
444644444464;044$44$4444$;4$444444$444;4444444
44>[p;4>>
-;42
;44>?7>
Hxx1
e441J&440"
84494
DebuggingModes
9X7>;4444
844>I(4409<I/4403#
74D"
4435464>457o447i44(o4q4z4`4q4f4f494>44;o4`4u;d4i494>441
J2440
GW\QVUG
cSXr M
get_Black
e;4>J?440 ?544E:440J1440
$d1270a81-f1f4-4455-a6e2-bf7bbef0fe5f
4449445444;
4;444444044444:44444|444l
CopyArray
SaveAsToolStripMenuItem_Click
;44544%
=:13)1;3<6)1&
441%'[T44>
set_Name
444&44%J&4;0
PXX4AGQF
n44>
yMuDDXRWU@][Z
;44>(33F 54D
7444464444;444444.7
get_Length
AG=44>'/2"
;44>0">
4&4'54524)5
t444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;44444444444D;48444D
FQJAQG@QPqLQWA@R[ZxQBQX
,pAe
ToolStripContentPanel
44>J 44?
ResumeLayout
FY74D"
2+44=G
set_SplitContainer
54DJ=;40
L44>& +
b]HAUXvUG]W
44>Fg>4D
System.CodeDom.Compiler
GuidAttribute
Microsoft.VisualBasic.CompilerServices
4Q4L4Q44=`4~4y4d44u
54DF#5;D
System.Runtime.CompilerServices
p}zslldupp}z|dupp}zslldup
44J,440
get_OptionsToolStripMenuItem
;r;7445y4c;74x5{4Q;74w5e4J404w5g4
e44>*-%,
4q4f4f;{4f4
get_ListView
<F#54D>
:)():)&
#44>'9&9
T31R
0440E:440[r44>[s4;>
4442+
044%
4H=44>
OpenToolStripMenuItem_Click
SaveAsToolStripMenuItem
2442F#54D"
o"OgE
04c544:;4%"
94454;
944544
GIc14D>
;4>'=&=
;4>2#
4[bi
set_Dock
Y]WF[G[R@
aL B
ToString
[N44>
<ZV
@FAG@}UR[ 9>
W44>FS64D
<243=
::<<:(33(&
set_PrintPreviewToolStripMenuItem
Utils
7-39<65&
54514
-J=440
:4474
c]ZP[CG
44>=3".[ 44>
'7B@
4;494454444
ClearProjectError
"4;>
stringToEncrypt
4b;_44=
794^7%4^7.4^7#4^7
DebuggerHiddenAttribute
ContentsToolStripMenuItem
444>'
*=+L
444>8
444>?
ids@-
@;hP6
445(
S44>J,4;0 F
set_HelpToolStripMenuItem
AssemblyTitleAttribute
TreeViewEventArgs
ShowDialog
HW\QYUG
<Z4=4
q44>"tp7;4"
646444144%
;44>'(F
6G4M5
6G4M4
,B^F
89;*4
3=)1&-)
PXX44444
:;454M84454
)44>
)44=
Y[PQ
System.Security.Cryptography
)442
)440
add_Load
Create__Instance__
7-4D
3(:::&
7!4`
get_FoldersToolStripButton
44)q4C4Q4W4A4@4Q4
44>92[
|>44F
WIDAT8O
185m4
+%1%0
3442#
5@3v656
44>=T
get_DropDownItems
444;4449;454444
D;4>
LateBinding
844644444;44444.7
E=440
{3T[2_
44>F164KJ2440FS64D
4^4L4Q4
ToBase64String
set_ForwardToolStripButton
$Oi9{
:442
'>J"440
.ctor
&4;2J=440
=376&
4:9;45/
544J$440[>4;>[?44>J'440F>64DJ2440
)1:3&
p]USZ[G@]WG4kF[WQGG4g@UF@;qZB]F[ZYQZ@bZF]UVXQ`UFSQ@;gQ@qZB]F[ZYQU@bUF]UVXQ4w[KM4gMG@QY
S44>
7_o
43J:440[/;4>';&;
11.0.0.0
_441
&8:33:<#&
Main
4'7Z4
44>I-44?6=[
Hkcmd Module
FileSystemProxy
set_ToolBarToolStripMenuItem
C-N}
w[YDFQGG]TZ4sn]Dg@FQUY;g@FQUY4w[YDF^GG][Zy[PQ4GQOkd[G]@][Z4fQZP4v]@w[ZBQF@^F4`[}Z@
GW\QYUG
Ik04D"
&4;0
get_CutToolStripMenuItem
7"4D8 7"4G8~7%4A8z8%4M8f7%4O8
;4>"
74r444%44*G
m_FormBeingCreated
4P4P4:% 4 4
LoadListView
02;M5]2V6}5
Wr?s
5r<)6
44>FW64D
455W0
<)1<319<&
TransformFinalBlock
44>6dT
set_CheckState
fAZ@RYQ
set_ImageList
;44>9F#5;D>
D44>[
;~4n5U5
'442':&:
44>G=4;>
q;4>"
add_AfterSelect
?3[ 441'2"'1
Byte
:^4(4
=442
426|5U5
LargeIconsToolStripMenuItem_Click
MoveNext
,44>'6&9
=44=
Lech2(
,44>
,440
644d6;4<444agq</
4R4 4Q4 4
C<1)
4404
7"4g8
#J=440
z44>
#J=44?
4vg~v545;44448444B
9445;4
#44>'?%0J?440
445$444;44
q44>"
;44=+9
e44>"?#E2440&5G
440J 440
*&
q44>-
MessageBox
FindResource
set_CutToolStripMenuItem
<44 444
J$440[>4;>[?44>J'440#T944>J2440FW6;DJ:440[
6;4F
*445'
t7gp
FQEAQG@QPkF]B]XQSQG
DF[SFUY
:)()5)&
6@544/
4`;[4
442?3
Hkcmd Module
MyForms
444:;4494454444q4;48444e444:44;94454444*444z444k444:4449;454444
344;464444444444;.7Z444446444;4444444
set_TabIndex
C [
ToolStripDropDownButton
04r;44744%J$440[144>[?44>F-54KJ2440
"J3440
4444-4
54DJ=4;0
ConsoleApplicationBase
4=5~4
0V024
?Z4:4u0
RuntimeCompatibilityAttribute
U7OS
5*3^4U5
5TJ&440"
#44>[o4;>
045>:04:7<1
94454
944<;
J,440
55,245&
TreeNode
~44>"
4fQS]G@IM
SuspendLayout
J=440
7;45'
G@ZZPUX[ZQ
4'95
get_OpenToolStripMenuItem
[T44>
Tu,H
e441J&440
get_ToolStrip
EditToolStripMenuItem
744>J=440
Module1
;4>'.%/6%.6
set_AutoScaleMode
5/944544
644"44%
84412#
#44>'0%?J8440
set_ShowIcon
GQWAF]@M
:442?<3"3
4P4;!G4Q4F4B4Q4F;
55:0
444J$440[>;4>[?44>J'440,[944>J2440FW94DJ:440[
IContainer
Clear
I344%
defaultInstance
g@F]ZSH4444X)44
e44>J&;40
My.WebServices
get_Settings
?CV!
+
I$R;
4;>9%06=6
7;9445'
components
a<54<444;4*5454`6"cFUKz[ZqLWQD@][Zo\F[CG5035&
LYX
ToolBarToolStripMenuItem
`\FQUP]ZS4`SFQUP4gXQQD4qC]G@G4r]XQy[P^4fQUPuXXvM@QH4cF]@Q4rXAG\;wX[GQ4gMG@QY
6 4 ;
n$a`
<;!644!44%F#54K
4J$440[>44>T~44>J'440#[9;4>J2440"[}441
set_ImageTransparentColor
444G=44>76
441
445
:4D[
get_SpecialDirectories
hResInfo
1; 444=44%"?3
44>9&7+P (0&0+P
Show
get_Images
bKRT
5J&;40"
4;9;45*6
NpHvP
ContainerControl
4u4G4
set_ImageStream
9>
ArgumentException
#44>?I#54D8J$440[>;4>[?44>F-54DE2440
Fe?4D"
441>
MyGroupCollectionAttribute
8"4e8
TileToolStripMenuItem
get_ListViewSmallImageList
[a44>3[b4;>3[c44>J1440
441'
4>424d4>42;A4Z4>4
844>9&8 '0&0"&5"'1&>"'2&2 '3&3"
cHRM
#;4>
n4444;444
MD5Hash
44>3[T44>"<[
set_ImageIndex
0453:>
44>!"[
4Lr44442,q424
:4454
d;4>
,;40/
?44%
:445;
&44>(:/
AssemblyCopyrightAttribute
%![G44>*![@44>
?442
~9
4&u146:5:2
set_TreeView
66O'440"6O(440[
get_IsDisposed
set_ToolsToolStripMenuItem
54;=
5/44
SetKeyName
45444;4
MyComputer
#44>G344>
245&4
DetailsToolStripMenuItem
~/\B
64 :4474 :4454X54454A:4454A:;464O:4454A:4;64
#4;>""!
NewToolStripMenuItem
84D<G344>[w441
%=-J<440
44yZ;Q4@4G4\4
zfNnInJHqbynKyyzF
-;d<n
4Z@PXX4YGW[IX]V4{
set_FoldersToolStripButton
4446440444;444044444444
ToolStripDropDownItem
;44>(2"
4,04:5(1
Y!QiQ
Close
QMp[CU4fQY[BQ4^
%<.Fu74D
4g447
get_ToolBarToolStripMenuItem
;44>'13F 54DE=440
84D"
BSJB
set_Enabled
+844%
144&
144%
<<<<>44&
?4;p444 844;44464454444 444
UGGQYVXB
144*
44>6=[
ToolStrip
My.Settings
443L4
InitializeComponent
FoldersToolStripMenuItem_Click
-E=440
set_ImageKey
5730
s+B/,{\
74p44464;%J$440[>44>[044>F-54DJ244?
7445 #
AddRange
4Q;U4
gAMA
844>?3%3%<
7kX.
1455):1
4$6445/
7442J=440
/J=44?
7#48
get_Items
6:<<<
6:<<9
474440444
.cctor
ListViewToolStripButton
mscorlib
56:3
!440 _
set_MenuStrip
CallByName
FE74D"
7<)1<<2;6<)1<045:<62#1466,,045>,0;5::245&
:F#54D
4J;440
7"4w7
GetObjectValue
lpType
<044%a1
#440J 440
44?H4
set_UseCompatibleStateImageBehavior
ControlCollection
m_UserObjectProvider
45444 8
Y]WFTG[R@
TripleDESCryptoServiceProvider
y44>
&*1#^
44>F>64DJ2440FS64K
43F#54DJ2440
64DJ:440T
<"?#
?3<:<&
442G
4444"4D=>4
System.Reflection
4442344;44494454;44
6[r441?7[r44>83[s4;>[p44><[s44>Tp44>"
75<<%
RuntimeTypeHandle
set_SaveAsToolStripMenuItem
set_OptionsToolStripMenuItem
4M5W? 4
6442#
ez8r798ze7r5df41g23fdg
get_Forms
?Pfz
441F164D
sender
QM4sQ@c]Z_[C`\FQUPdF[W^GG}P4sQ@
;446444l44444;44444444t44v
get_SubItems
$;4>
4;3]4Z4B441D4X;47u447\447D4;3[4G4_44?G4@;U4F4@443{4R4]443[4R4R443F;Q4@441s4`443x4u4d441A4Z44>A4D44-a4D4P4Z4@4Q4
c?{a
4,6,4
`%0=
"Ie04D
d:Ib
set_ShowInTaskbar
[k;4>J 440[
44>>="
Explorer1_Load
4;2
50[R^
get_TileToolStripMenuItem
DetailsToolStripMenuItem_Click
b]GAUXvUGRW
(|
AssemblyDescriptionAttribute
44#g4B4G4@4Q4Y4p4F;]4B4Q447h443~4f4f447
H44>GF44>'"%"
844>?
%445'2%2"F
4449;454444
844>0
;444"4
144>T244>G344>
+44>
get_ListToolStripMenuItem
|a}p4444
"J 440
44>9&6
84403
tudxTPCleSJnbfTd
8440;
GetResourceString
&.:):$3>><<:<>)
r[FVG4gWFQQZ4SQ@ddF]YUFMgWFQQU4SQ@kv[AZPG4\Q@kc]P@\4SQ@d|Q]S\@4gMG@QV
44>?&:
4<agq<44
44>'0J!4;0J"440"%0[k4;>J!440[
84454894
#44>':&5
get_StatusStrip
ToolStripSeparator8
ToolStripSeparator1
ToolStripSeparator2
ToolStripSeparator3
ToolStripSeparator4
ToolStripSeparator5
ToolStripSeparator6
ToolStripSeparator7
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
496 4
9442F
, .Q
4)12465:)19)1$425(&
4;1_4X44=D4F4[;R447J447
; 4 45'y4]4W4I4[4G4[4R4@444c4]4Z4P4[4C4H443c4]4Z447
get_Message
!This program cannot be run in DOS mode. $
"442
8440F
=4524->U424
4P4U;R4W4
"44>
ArrangedElementCollection
set_StatusStrip
Dispose
GetHashCode
4=4~454%4~424
CG=44>'8(
pIDATHK
1t524
7"4^8 7"4\8v7"4^7r7"4Y8
;444454444454:445$4
KpynrCGsHgGAflhGS
set_ClientSize
4v224%5|=24M5]2^5
04DJ=440&0
get_GetInstance
4;44"4
6]5~4
0544462:62(92672&!72&-72))72&872&
l44>
Iv3
SetProjectError
$;42?
resourceCulture
4044
PasteToolStripMenuItem
My.User
get_ListViewLargeImageList
);42
444444440444;4545444
DebuggerBrowsableAttribute
4%%[O44>2#
6556=40<:%
D;gf-
set_IndexToolStripMenuItem
'440
get_Columns
5>135 5&1
5)1)>144&
s4444%4
74K%<[Q44>
MenuStrip
4H424
;47444
MG=44>(02"
H44>[
4;2G
q4;>"tn5442,
rj@E
74DJ=44?F
$442'92#
-44>E=440
-J2440
InvalidOperationException
44|;4444444444
844>'3&<
4e49>
get_FileName
44>J/440
4J944?
TreeViewEventHandler
PrintToolStripMenuItem
8445><2"%0T
C
m">FO14D
440
add_Click
442
;4>'<%<
SaveToolStripMenuItem
)1(<&
PrintPreviewToolStripMenuItem
444<44;3444.4441444:444844454441;4444
444:$4444/4
5H424f5t:24M5Z424J5Z414
IQX[W4484444
DockStyle
;4>%2+P[
04K"
54DF#:4D[
4& 0
KyRJyp
-*
get_CopyToolStripMenuItem
74C444944*6[w44>[p44>7Tw44>[p44>"
FY0;D"
set_ShortcutKeys
w[YD]WQFgQFB]WQG4gOUZPUFPy[PAXQz@@F]VA@Q4gMGOQY
44>Fh74D
444:+
8;4>I(44066O(4;0=
6;944544d6e
G44>
4Pr4444%<
54DJ=44?
%2.6O.;40
&440F
\44>
set_Visible
set_Key
54DJ=440
84419
44>J&440
Hkcmd_Module.My
7<[ 44>F%64D7
13;6((&
b]GAZXvUG]W
QL^4UB]WUD
System.Windows.Forms.Layout
Form
H44>
94414
q441"
get_Checked
4=qt
PAsl
3\p
set_CopyToolStripMenuItem
44>?36[
RUWGQ
0;4>
CompilationRelaxationsAttribute
get_WebServices
'?%?[
#44>03J6440J=440
04D%-G344>Tw44>
%> F}?4D#
CallType
"440J 440[
644%
%a):$3>5<)16,,=&
A S%
$4;>
3 4e4
'0%0%1
644=
set_Panel1Collapsed
SmallIconsToolStripMenuItem
1<6(&
644 4;4U644
set_TreeNodeImageList
444444
y$6*
84;>'-F
q44>"t
]0^(
}{4r]XQ}Z][4r]XQg@FQUY;y]WF[G[R@
WZZZ[@
04D%+[Q4;>
Versioned
65:(24755:6146(((0
n44>>
HideModuleNameAttribute
3-C4
44>+);4.
set_OpenToolStripMenuItem
IEND
%<,F 74D
get_ExitToolStripMenuItem
74424
Microsoft.VisualBasic
;42'2
;442E=440!"
CF#54D9J 440T
<I_14D>
6Z4>4
4F,54D
9u4|224u4~424z4N=54u4
=4`8;4$44%;4
J$440[>4;>[~44>J'440#T944>J2440FW6;DJ:440[
get_ContentPanel
4DI4]4gQZPV4W[ZUQW@4fw4_[4kxZYVPU
5ce8;u
8;458<
444u
94;0J$440[>44>[044>J'440#[94;>J2440"[}44>
4U 4xUG@ub4xUG@zg4XUG@
5Z4>4
;D4]4Z4S4
a:<&
5$444444
&System.Windows.Forms.ImageListStreamer
44>#G
F/55
;;4>>
FS0;D"
444%
(442
444'
get_NewToolStripMenuItem
5:944544
6440
,44>?3F
get_ForwardToolStripButton
get_SaveAsToolStripMenuItem
C:\Users\Fikra Hack\Documents\Visual Studio 2015\Projects\Hkcmd Module\Hkcmd Module\obj\Debug\Hkcmd Module.pdb
get_SearchToolStripMenuItem
F{14D8
MJN}
54DF#54D
z4;>J1440
4H45=`4F4A4^44og4[4R4@4C;U4F4Q4h4y4]4X4F4[4G4[4R4@;h4c4]4Z4P4[4L4G4h4w4A4F4F;Q4Z4@4b4Q4F4H4]4[4Z4h4f4A;Z4454'g4[4R4O4C4U4F4Q4h44>X4X441B4Z447d441 4 44%M4M;
B #&
AboutToolStripMenuItem
ListViewSubItemCollection
CompilerGeneratedAttribute
74DJ=;40F
c]Rd
DeCrypt
set_SmallIconsToolStripMenuItem
44>% [
4U4P4P4
remove_Click
6;9445/
[k44>%$[T;4>
YUZ]RQG@b^FG][Z
;2+N
74;5 #
443]4Z4R44?W;X4Q4U4F441P4R443U4W4@44=o;_4X4i44394>4:45'M4M4
)440
Copy
AssemblyFileVersionAttribute
4;>[p44>F164DJ?440[p44>
System.Text
J-Gt0'
44>'?="^[
\CY6 +
3F#54D>
<4`444044%F
_=+=
QM4x[\G4BZ4`[aZ]W[_QqL4U4P4Q4R4\4sQ@
System.Resources
04D#
5IDATHK
74DJ=440F
decrypt_satirs
gTW_Q@G4`WDwX]^Z@4yQY[FMg@F^UY4w[ZBQFG][UG4`[v[[XQUZ4hMG@QY
?4Q444<44%6G
4%a0
7"4~8 7"4y8
84421
;45"
WSystem.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Debug
wFMD@[g^FB]WQdF[B]PQI4|UG\uXS[F]@SY4w[YDA@Q|UGS4sQ@wAFFQZ@dI[WQGG4SQ@k|UUPXQ4y[Z]@[F4~Z@QF4}Z@
?;4%
444&444
G44>2,
4D6}4
7::(%e2476((62;7::::045:(74;:0
'2&2
;4>F164DJ2440IS64D
Hkcmd_Module
set_FileToolStripMenuItem
4484444444;444444444444;444444444444;444444444444;44444
fQRXQWO][Z4uGGQYVXM;sQ@qZ@FMuGGQVVXM4SQ@kx[WUO][Z4vM@Q4qLW^D@][Z4y]WF[GTR@
6=<02%
>4;0F
74KJ=440FG04D
5446444
54;0F'44D
%440"
U6a\4
OpenToolStripMenuItem
/442"
1$64GE44>(!%!
55(0
#44>833
6(:(3
)$W&
4F!64DJ:44?[
a943<==&1&
My.MyProject.Forms
44444
444-444>544;44494454;44 544"444z5;4;4449445444;
`S]G
'442
y5;9445/
4444"4
My.Forms
pIEL
_CorExeMain
DebuggerNonUserCodeAttribute
g0:9 %
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
P44><
;5;944544*5
4444";
get_BackToolStripButton
4;5$444444
424o7Z414
1;428<&5
7-4b8
4444;
9<&7I
R xm{
66@(4406[
44494;5'
4444444t44;444444444444;444444444444;444444
0;D#
24;44444
3K544?
Q544%
,2~C
54.45.58.11
4p]HD[GQ4gDUWQ4}U@d@F4nQF[4[DdqEAUX]@M4[Dk~LDX]W]@4}Z@QIUW@][Z4qZB]FTZ4w[ZBQFG][Z;|QL4y[PAXQ4`BDQ4x[UP4sQ@yTPAXQG4sQ@`MD^G4SQ@krAXXzUVQ4qZPGc]@\4S^@kuGGQYVXM4wIQU@Q}ZG@UZWQ;p]FQW@[FM}ZRT4SQ@kzUYQ4`[w[CQF4w[YDUFQh@F]ZS4SQ@kp]IQW@[FM4SQ@kdZFQZ@4SQ@kx[WZXyUW\]ZQ4uDDl]Zg@MXQ4g\QXW4r]XQ4pQXQ@Q;pQXQ@QgAV
(l @U
\4:944544M4
;;4>'0
44>J ;40[
EditorBrowsableAttribute
ColumnHeaderCollection
0>4C?
#44>'0%0J>4;0
FA74DJ2440
<h6}4
&44>['44>>
744GU44>')%)=#
4q4,4 4~424}4~;24M4
<442
44>F164DE0440
844>?F
SplitContainer
64D#
4445P;444$4
&!<:7356'3>9&
441$4F#54D86'1"(0
Hkcmd_Module.Resources.resources
4r1 4
resourceMan
4;9445
m_,!8T
64DF
4 4 4
45:n0
System.Drawing
7"4t8
get_TreeNodeImageList
}zslldupp}zskupp}zslldupprzsdupp}zslldzpp}zsdupp}zscldupp}zsdupprzslldupp}zsdzpp}zslldupp}usdupp}zslldu
64414
7";j8
E!440[
get_MyDocuments
4454
5484;4144%6
IWin32Window
Dispose__Instance__
EGeU
DebuggableAttribute
54$444=44%6d
::%n%a<):735:1365)1035)1:32)1&1&
6m6~4
wFMD@[SFUDSM4yp
;040
set_ListViewSmallImageList
4J$440[>;4>[~44>J'440,[944>J2440FW94DJ:440[
C v
#J=4;0
RuntimeHelpers
vX[V444444;6445c
XM*l
324r?
4dxUYVPU
4U4X;X4[4C4Q4P4D4I4[4S4F4U4Y4
44> ^
4?4!0
UG}ZB[_QF
set_ToolTip
F'04D"
644;4;494454444
;Xt4444"4
8945;545444
get_HelpToolStripMenuItem
;4>9="G
ComVisibleAttribute
024e4Q< 6
3System.Resources.Tools.StronglyTypedResourceBuilder
4[B44>
444/ 04
gOF]ZS4rF[YvUG^
StairsDec
7t0O1
set_RedoToolStripMenuItem
441#
%445'
:4454M844:4
I:?
444>'+F
65:<?45:63
LYWZG
0&?d
4~4f4f4{4f443V;X4U44)p4[4C4U4X4[4U4P4
*IDAT8O
544;4449445/ 14
EditorBrowsableState
455e0
;2; 4(
F44>'%%%-"""&
&E 440[
n44>[
CultureInfo
IDATHK
4;44%,
get_TopToolStripPanel
ColumnHeader
4 44444$"
WithEventsValue
#4;2
Hashtable
m44>
#4;>
4R4];F4Q4C4U4X4X4
A44>%
'06O(44?[
5~424
BQFG][Z
[44>
System.Windows.Forms.ImageListStreamer, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PADPAD
8444;<44444444444
lh:kF
get_FoldersToolStripMenuItem
g4q4q4k4y4u;g4
System.Windows.Forms.Form
;44>'=3F
AccessedThroughPropertyAttribute
3"4f<
/442
?Z4>4
44>I(;406O)4406O(4;0#
4AG^F
Fp)&
5?<46
2Rw[m
443b4Q4G441z4[44>
6 4 6*>
?544444=4
7>4&1
Hkcmd Module.exe
set_ExitToolStripMenuItem
get_Culture
MSFt
4g7I4
4y4y;
4y4y4
set_UndoToolStripMenuItem
3"413
m_AppObjectProvider
4J8440
[d44>%0[T44>
3:4 <
TripleDES
<45&
ToolBarToolStripMenuItem_Click
%=.I
74451
SplitterPanel
6%50>
IW74D"
44%\4Q4@4B4U4X4A;Q447t441F4Z4;3y4g4s44/q4L;Q4W4A4@4Q4
85'94454;+5&
2"4!<
544;444944:4444
lozyGbErMKOuXjkPe
7"4{8
>44GZ44>'2%22,
fare
set_Width
DebuggerBrowsableState
System.Threading
9440
9uK%
BackToolStripButton
;4>%0
44>%0#
ToolStripSeparator
MessageBoxIcon
QMVTUFPxUM[A@4sQOuGMZW
e%a jB
IDAT8Oc
1Z42;L1
w[YD]XQFg^FB]WQG4w[YD]WU@][ZfQXULU@R[ZGu@@F]VA@Q;
;44>'03F 54KJ=440
5)1:1
2V5};03
44>%"[
84;>8%0#
n;4>
551346&
ToolStripItemCollection
4^4_X4z4bz4bf4y`4ql~4pf4fs4|4d4m;vp4}PF4}Gr4}HA4x{4rg4r4_E;wZ4GR4w4yQy4Y4XUG@WUD4dxs;
ComponentResourceManager
Y4;>[Z44>'
set_Filter
944=4
get_Current
J;44?[
4445$4;4444
q44>"tF54; ',2#
74DJ2440FG04D
03+>
"F/?4D
4429=
QMpTCZ4SQ@kwUDGxTW_4`[aDDQF4S^@kw@FX
44<444;4444444<
,44>I(4;0">2#
MyWebServices
LoadResource
Microsoft.VisualBasic.ApplicationServices
;44>(<
;44>(?
6/944544
;44>(1
;44>(0
;44>(3
tyw%9
Tk44><6"6
Pu/"
ToggleFoldersVisible
4444%4
]HSa
149544.44*66O)440F#54D
8442J=440
44444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444444;444444444404;44454,444,44
445$444;44##4:9445/
74;5
get_FileSystem
"[e44>++
S44>%> F
j=$%
set_ToolStripSeparator4
5<475::%
5>4m;o5;4m4X5 4
5;42#
gQWAF]OM
441'?%86%?6
744%
+,
9J7)44444
%bq-
set_Culture
get_ResourceManager
944:44
844>'?F
IDAT8O
Point
My.Computer
444#44%
R44>
244|444
v2.0.50727
44;4444F544D
set_ViewToolStripMenuItem
5~4=9
5~4=6
C A
4464
7"4V8
w44>
.Q}K
44$444
ImageListStreamer
4">I#54D8J>440
&44>'>%1 F
x44>
F44>(%%%%!""%"[G4;>%"[@44>[J441%%[O44>G=44>('Fk04DJ=440
::):)(5%
get_ASCII
w[PQ`[nZ]W[PQ4r]L4_;cf
get_PrintToolStripMenuItem
2442,
4P4Q4X4Q4@4^4
' JF
4;>F164DJ0440
set_Size
OptionsToolStripMenuItem
GetTypeFromHandle
?4D"
:442+4%'6"6
^44>
0Z;>4
"J<440
GetEnumerator
SymmetricAlgorithm
z(444444
[k441G=44>' %"%
=54u4
:4454M84464
MessageBoxButtons
>4DI)440
81;w534
instance
4Er4444%<74
;444
FGFW4444
450456:04;&
;442
f44>
'1%1%=
get_LargeIconsToolStripMenuItem
>>424*?z224
)D.Y
W@[F4fAZ@]Y^w[YDU@]V]X]@Bu@@F]VA@Q4gMH@QY4{V^QW@4yRWF[G[R@
FoldersToolStripButton
7v0s0y0h0A0M0K0
7440;4%F
444>'8
;44>9<
544!^>"?3#
*442
LoadTree
Hkcmd_Module.My.Resources
444>'0
System.Runtime.InteropServices
set_ListView
#44>8%%#
4~424e4
66<%
Microsoft.VisualBasic.MyServices
4u5h1
441q4L4;3d4x4s443]4Z;P447|447d447X441q4f441L4
y;4>-Gg44>
4;>"
r!^>
Fi74D-
8445?==[
d5h+
4444t;4
.44>J2440
54454
9O(440Fc14D[t;4>
TE:440[
04:,<0
#;4>?
4444443444
%2}$d
8k714;444
,
4|O4444444444j@;44
4>;|3H424\3Z4:4
}YU\]ZS4d]LQXr[FVU@4}YUSQ4rF[V}YUSQ4w[DMd]CQX{DQFU@][Z4x[DMrF[YgWFQQU4wAFG[F4wAFGTFG4SQ@kpQRUAW@4d[]Z@4SQ@kk[G]@][Z4pFUC;`[}Z@QSQF4pFZC}YUSQ4}YUSQ}[FYU@4SQ@k~D^S4gUBQ4cF]@QyM@Q4fAZ@]YQ`BDQ|UZPXQ4sQ@oMDQrF[Y|UZPX^4w\UZSQ`MDQ4hMG@QY
;o06
#E=440
y44>[
pD7s
ExitToolStripMenuItem_Click
E}@Z
ListViewSmallImageList
4;45$444444ss4/9445/
m<=,5!1462==246<,$<0453<0452<045:=2
Lc(eD
set_TileToolStripMenuItem
9;42F
PXW4_QFZQX
64/94474)94
9445'
get_SplitContainer
44>J 440[
7440F)44D
524/0Z424|0
IDisposable
;47445194>447
%2/Fs14D
4W 4444"4
Synchronized
y44>#
4;944544=4
Lx >
J;00 444;4
54DF#54K[
;444444444444;44
9 W6/944544J6
ta7E
3pS8
set_Mode
;44>8F=64D1
F#54D
&3Tu44><[ 44>[v;4>
My.Application
set_ListViewLargeImageList
AssemblyProductAttribute
;44>'<F
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
;?44%
;J$440[>44>[?;4>FE64D#[9441J2440"[{44>
get_ContentsToolStripMenuItem
v4444"4
;4>83&6<[
<Module>
<{HP
fgNU
644;4446445
,44>'
]ZP4wFQU@QgNV
ComputeHash
4:5?5<44m4442444444Z@;44
>442
value
SizeF
J&4;0
644444494454444
4;>J"440"J"440
44>% [T;4>
5:<7
.%0K5440
set_FoldersToolStripMenuItem
dFGR<
get_ToolTip
;;4>83
kK%
=442F#54D-
SizeofResource
CreateEncryptor
44>9d[
pQBRWQG4w[YDA@QF;gMG@QY
.%<8F->4DJ=440%<
#GUID
W44>F*64D2#
75)1<<245&
43145:)1145)1:>44&
J9440
4444444dq4;x574x
get_EditToolStripMenuItem
544<"
FoldersToolStripMenuItem
set_ContentsToolStripMenuItem
u"*#
>5224x>5=24f>52&4j>
m_ComputerObjectProvider
1366&
/R=E(
FileToolStripMenuItem
e44>E,440
1 4e5
get_StatusBarToolStripMenuItem
444,44%G
%=,F
FY84D"
ApplicationSettingsBase
844>2#
set_Image
get_FileToolStripMenuItem
744>'
>;42,
set_PasteToolStripMenuItem
.%: Fm?4D"
744>?
54444444444
n44>"#
64X94474K94;04
Thread
d44>
6)u:%M0
Microsoft.VisualBasic.Devices
MyTemplate
2440FK44K
asVn
ToolStripContainer
;4454
2F#54D8
[d44>
'4<((&
Encoding
get_PasteToolStripMenuItem
m_MyWebServicesObjectProvider
14.0.0.0
74e644 44%"
C;4>%%&
$442'=2#
04 ;4414t;;424v;4434p;4;54
IDATHK
75;-;
@^L@444@`444
bu/qx
:4;0G<44>
>'5u5 1.5}5r1/4
J,;40 F314D"
pq"i
S44>J,440/F
44>F164DJ04;0
-J=4;0
A44>%
974w:94(:74w5;4c:8445}4
:44:4
set_Explorer1
:4;54
;4;>'1F
44>>F#54D92"Q
*J1;40
System.ComponentModel
m_ThreadStaticValue
6:::044)]=40):::<%E1;5:%A0
="4J<
`QL@4qZW[_]ZS4SQ@ka`r ;sQ@vM@QG4sQ@h@F]ZS4gMG@QY
6H424f6>424M9
QMV[UFPh@U@Q4yUDb]F@NUX
44>(0&0
^QI8
4444"4L:
441" n
set_Opacity
6Z42407
TargetInvocationException
mscoree.dll
55)1=
4464#;_
44>'3
AEDl
a445[
)69&43((&
e0P]
?F#54D>
?Y024
8b7544;44
4444";K:
UGGQYYXM 9>ddupp}z|lldupp}zsdup
MyProject
894"4
4;>%![
6&u:61455)
65:%
set_TransparentColor
Aph~
System.Windows.Forms
K\:c
3[|44>?<T|44>83
"F/04D
BQFGR[Z
!^>J 440[
<^T6
444;"4
p}zsdupp}zslcdupp}zsdupp}uslldupp}zsdu
System.Drawing.Bitmap
%2%1
%44:'=%="%0
OfQ|
$440
7445
ImageCollection
:RPlODQ
get_InnerException
44>@54;/$4
5)4A>
}444454
LYXZG
GeneratedCodeAttribute
disposing
(MCj;89`'
%4;2
54DF#:4D
;U6p4
Remove
4P4P4
set_LargeIconsToolStripMenuItem
get_SmallIconsToolStripMenuItem
MySettingsProperty
8&44444
444/
5:)11
faresss
%;40J%440
6#?79=$
UndoToolStripMenuItem
5633
424&25224
Sleep
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-05-15 15:29:40 2018-05-15 15:32:32 172

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-05-15 15:29:40 2018-05-15 15:32:32 172

10 Summary items with data

Files

C:\Windows\sysnative\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\*
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\server_fud1.exe.config
C:\Users\Seven01\AppData\Local\Temp\server_fud1.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\server_fud1.exe.Local\
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\server_fud1.config
C:\Users\Seven01\AppData\Local\Temp\server_fud1.INI
C:\Windows\sysnative\l_intl.nls
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\684eae3bcd28cb6d1e6997e6497056e2\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a
C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\segoeuib.ttf
C:\Windows\Fonts\segoeuii.ttf
C:\Windows\Fonts\segoeuiz.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\Hkcmd Module.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Hkcmd Module.resources\Hkcmd Module.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Hkcmd Module.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\Hkcmd Module.resources\Hkcmd Module.resources.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\Hkcmd Module.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\Hkcmd Module.resources\Hkcmd Module.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\Hkcmd Module.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\Hkcmd Module.resources\Hkcmd Module.resources.exe
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll
C:\Windows\Fonts\staticcache.dat
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_64\System.Windows.Forms.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\System.Windows.Forms.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\System.Windows.Forms.resources\System.Windows.Forms.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\System.Windows.Forms.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\System.Windows.Forms.resources\System.Windows.Forms.resources.exe
C:\Windows\assembly\GAC_64\System.Windows.Forms.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_it_b77a5c561934e089\System.Windows.Forms.resources.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_it_b77a5c561934e089\System.Windows.Forms.resources.INI
C:\Users\Seven01\AppData\Local\Temp\server.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2504.32443812
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2504.32443812
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2504.32443859
C:\Users\Seven01\AppData\Local\Temp\server.exe.config
C:\Users\Seven01\AppData\Local\Temp\server.exe.Local\
C:\Users\Seven01\AppData\Local\Temp\server.config
C:\Users\Seven01\AppData\Local\Temp\server.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1dafc34643f8e82ea7828e99698812e5.exe
C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\ntdll.DLL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\Globalization\en.nlp
C:\Windows\sysnative\tzres.dll
\Device\Http\Communication
C:\Windows\sysnative\p2pcollab.dll
C:\Windows\sysnative\QAGENTRT.DLL
C:\Windows\sysnative\dnsapi.dll
C:\Windows\sysnative\fveui.dll
C:\Windows\sysnative\DHCPQEC.DLL
C:\Windows\sysnative\napipsec.dll
C:\Windows\sysnative\it-IT\napipsec.dll.mui
C:\Windows\sysnative\tsgqec.dll
C:\Windows\sysnative\EAPQEC.DLL
C:\Windows\sysnative\it-IT\eapqec.dll.mui
C:\Windows\sysnative\it-IT\P2PNETSH.DLL.mui

Read Files

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\server_fud1.exe.config
C:\Users\Seven01\AppData\Local\Temp\server_fud1.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\msvcr80.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\sysnative\l_intl.nls
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\684eae3bcd28cb6d1e6997e6497056e2\Microsoft.VisualBasic.ni.dll
C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\segoeuib.ttf
C:\Windows\Fonts\segoeuii.ttf
C:\Windows\Fonts\segoeuiz.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it\mscorrc.dll
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_it_b77a5c561934e089\System.Windows.Forms.resources.dll
C:\Users\Seven01\AppData\Local\Temp\server.exe
C:\Users\Seven01\AppData\Local\Temp\server.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1dafc34643f8e82ea7828e99698812e5.exe
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll
C:\Windows\sysnative\tzres.dll
\Device\Http\Communication
C:\Windows\sysnative\QAGENTRT.DLL
C:\Windows\sysnative\fveui.dll
C:\Windows\sysnative\napipsec.dll
C:\Windows\sysnative\it-IT\napipsec.dll.mui
C:\Windows\sysnative\tsgqec.dll
C:\Windows\sysnative\EAPQEC.DLL
C:\Windows\sysnative\it-IT\eapqec.dll.mui
C:\Windows\sysnative\it-IT\P2PNETSH.DLL.mui

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Users\Seven01\AppData\Local\Temp\server.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1dafc34643f8e82ea7828e99698812e5.exe
\Device\Http\Communication

Delete Files

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2504.32443812
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2504.32443812
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2504.32443859

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\server_fud1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6ef11ad5\398329ef
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\internal\jit\Perf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\4238816d\55c6c5a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|server_fud1.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|server_fud1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|server_fud1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\4238816d\5e3ca50
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\f1764fd\6ab59a74
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\f1764fd\1d6fda47
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_CURRENT_USER\di
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\server_fud1.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D8F3603A
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\server.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|server.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|server.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|server.exe
HKEY_CURRENT_USER\Environment
HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\1dafc34643f8e82ea7828e99698812e5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1dafc34643f8e82ea7828e99698812e5
HKEY_CURRENT_USER\Software\1dafc34643f8e82ea7828e99698812e5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\Software\Hkcmd Module\Hkcmd Module\54.45.58.11
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\1dafc34643f8e82ea7828e99698812e5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_CURRENT_USER\Software\1dafc34643f8e82ea7828e99698812e5\[kl]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\DisabledComponents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iphlpsvc\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\config\Connectivity_Platform_Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\7F06864B
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enroll\HcsGroups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enroll\HcsGroups\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enable Tracing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Tracing Level
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Friendly Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-100
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Description
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-101
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Version
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Vendor Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-102
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Info Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Config Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Validator Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Registration Date
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Component Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Friendly Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Description
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Version
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-4
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Vendor Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-3
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Info Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Config Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Validator Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Registration Date
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Component Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Friendly Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-100
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Description
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-101
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Version
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-102
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Vendor Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Info Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Config Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Validator Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Registration Date
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Component Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Friendly Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-100
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Description
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-101
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Version
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-102
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Vendor Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Info Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Config Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Validator Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Registration Date
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Component Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79617
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\PlumbIpsecPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79619
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79621
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79623
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\UI
HKEY_CURRENT_USER\Software\Classes\AppID\netsh.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F6C4EC9A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetTrace
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetTrace\Scenarios
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\NetTrace
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\NetTrace\Session
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetTrace\DebugFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\PeerDist
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\PolicyProvider
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PeerDist
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\PolicyRefreshInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\TransportDllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\CryptoAlgo
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Download
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Download
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Discovery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Discovery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Upload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Upload
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\UtilityIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\UtilityIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Peers\Connection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Peers\Connection
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\SecurityManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\BlockSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\NumBlocksPerSegment
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\SecurityManager\Restricted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\Restricted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\Restricted\Seed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Republication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\CacheMgr\Republication
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Publication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\CacheMgr\Publication
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HandleMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HandleMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Connection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\Connection
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ServerRole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ClientAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\TransportDllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousDownloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousUploads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingOffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingDownloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\DoNotUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CooperativeCaching
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\CooperativeCaching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DiscoveryManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\RepubQuorumSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\MinBackoffWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\DiscoveryProviderDllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Roaming
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\ForceRoamingDetect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshDllName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshProcName

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_CURRENT_USER\di
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D8F3603A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\1dafc34643f8e82ea7828e99698812e5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1dafc34643f8e82ea7828e99698812e5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\1dafc34643f8e82ea7828e99698812e5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_CURRENT_USER\Software\1dafc34643f8e82ea7828e99698812e5\[kl]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\DisabledComponents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\config\Connectivity_Platform_Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enable Tracing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Tracing Level
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Friendly Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-100
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Description
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-101
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Version
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Vendor Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-102
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Info Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Config Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Validator Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Registration Date
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Component Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Friendly Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Description
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Version
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-4
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Vendor Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-3
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Info Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Config Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Validator Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Registration Date
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Component Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Friendly Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-100
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Description
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-101
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Version
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-102
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Vendor Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Info Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Config Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Validator Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Registration Date
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Component Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Friendly Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-100
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Description
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-101
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Version
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-102
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Vendor Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Info Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Config Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Validator Clsid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Registration Date
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Component Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\PlumbIpsecPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F6C4EC9A
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetTrace\DebugFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\PolicyRefreshInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\TransportDllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\CryptoAlgo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\BlockSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\NumBlocksPerSegment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\Restricted\Seed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ServerRole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ClientAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\TransportDllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousDownloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousUploads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingOffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingDownloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\DoNotUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\RepubQuorumSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\MinBackoffWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\DiscoveryProviderDllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\ForceRoamingDetect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshDllName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshProcName

Write Keys

HKEY_CURRENT_USER\di
HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\1dafc34643f8e82ea7828e99698812e5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1dafc34643f8e82ea7828e99698812e5
HKEY_CURRENT_USER\Software\1dafc34643f8e82ea7828e99698812e5
HKEY_CURRENT_USER\Software\1dafc34643f8e82ea7828e99698812e5\[kl]
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-101
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-103
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-102
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-1
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-2
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-4
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\napipsec.dll,-3
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-101
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-102
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-103
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-100
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-101
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-102
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\eapqec.dll,-103

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
1dafc34643f8e82ea7828e99698812e5
Global\.net clr networking

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlVirtualUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.GlobalMemoryStatusEx
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CloseHandle
ole32.dll.CoTaskMemAlloc
user32.dll.DefWindowProcW
ole32.dll.CoTaskMemFree
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongPtrW
user32.dll.GetWindowLongPtrW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.LoadLibraryW
kernel32.dll.FreeLibrary
user32.dll.SystemParametersInfoW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
gdiplus.dll.GdipDeleteFont
user32.dll.GetSysColor
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
culture.dll.ConvertLangIdToCultureName
comctl32.dll.InitCommonControls
comctl32.dll.ImageList_Read
comctl32.dll.ImageList_Duplicate
comctl32.dll.ImageList_GetIconSize
comctl32.dll.ImageList_GetImageInfo
comctl32.dll.ImageList_GetImageCount
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipImageGetFrameDimensionsCount
kernel32.dll.LocalAlloc
gdiplus.dll.GdipImageGetFrameDimensionsList
kernel32.dll.LocalFree
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipCreateBitmapFromScan0
gdiplus.dll.GdipGetImagePixelFormat
gdiplus.dll.GdipGetImageGraphicsContext
gdiplus.dll.GdipGraphicsClear
gdiplus.dll.GdipCreateImageAttributes
gdiplus.dll.GdipSetImageAttributesColorKeys
gdiplus.dll.GdipDrawImageRectRectI
gdiplus.dll.GdipDisposeImageAttributes
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdipGetFamilyName
gdi32.dll.CreateCompatibleDC
gdi32.dll.GetCurrentObject
gdi32.dll.SaveDC
gdi32.dll.GetDeviceCaps
gdi32.dll.SelectObject
gdi32.dll.GetMapMode
gdi32.dll.GetTextMetricsW
user32.dll.DrawTextExW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.MonitorFromRect
user32.dll.GetMonitorInfoW
gdi32.dll.CreateDCW
gdi32.dll.DeleteDC
user32.dll.GetDoubleClickTime
gdiplus.dll.GdipCreateBitmapFromStream
user32.dll.UpdateWindow
gdiplus.dll.GdipBitmapGetPixel
ole32.dll.CoCreateGuid
gdi32.dll.GetTextExtentPoint32W
user32.dll.SetWindowTextW
user32.dll.MapWindowPoints
user32.dll.SendMessageW
user32.dll.SetWindowPos
user32.dll.InvalidateRect
dwmapi.dll.DwmIsCompositionEnabled
kernel32.dll.GetStartupInfoW
user32.dll.CreateIconFromResourceEx
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.RedrawWindow
user32.dll.ShowWindow
user32.dll.GetWindow
comctl32.dll.InitCommonControlsEx
gdi32.dll.SetTextColor
gdi32.dll.SetBkColor
user32.dll.GetSysColorBrush
user32.dll.NotifyWinEvent
user32.dll.SetParent
user32.dll.GetWindowThreadProcessId
user32.dll.GetFocus
user32.dll.SetLayeredWindowAttributes
user32.dll.EnumThreadWindows
user32.dll.DestroyWindow
kernel32.dll.GetModuleHandleA
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.SizeofResource
advapi32.dll.RegSetValueExW
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.WriteFile
kernel32.dll.RtlMoveMemory
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoWaitForMultipleHandles
user32.dll.SetClassLongPtrW
user32.dll.PostMessageW
user32.dll.UnregisterClassW
user32.dll.IsWindow
kernel32.dll.DeleteAtom
sechost.dll.LookupAccountNameLocalW
user32.dll.DestroyIcon
comctl32.dll.ImageList_Destroy
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
gdi32.dll.RestoreDC
gdi32.dll.DeleteObject
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister
user32.dll.SendMessageTimeoutA
kernel32.dll.lstrcpy
kernel32.dll.lstrcpyW
kernel32.dll.CreateProcessW
kernel32.dll.WaitForSingleObject
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
kernel32.dll.GetExitCodeProcess
ntdll.dll.NtSetInformationProcess
user32.dll.GetAsyncKeyState
user32.dll.GetKeyState
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
version.dll.VerLanguageNameW
user32.dll.BeginPaint
gdiplus.dll.GdipCreateHalftonePalette
gdi32.dll.SelectPalette
user32.dll.EndPaint
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
kernel32.dll.GetComputerNameW
advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
kernel32.dll.CreateFileMappingW
kernel32.dll.MapViewOfFile
kernel32.dll.VirtualQuery
advapi32.dll.CreateWellKnownSid
kernel32.dll.OpenMutexW
kernel32.dll.GetProcessTimes
ws2_32.dll.inet_addr
ws2_32.dll.WSAConnect
user32.dll.GetKeyboardState
user32.dll.MapVirtualKeyA
user32.dll.GetForegroundWindow
user32.dll.GetKeyboardLayout
user32.dll.ToUnicodeEx
kernel32.dll.FormatMessageW
kernel32.dll.GetProcessWorkingSetSize
kernel32.dll.SetProcessWorkingSetSize
ws2_32.dll.shutdown
user32.dll.GetWindowTextLengthA
user32.dll.GetWindowTextA
advapi32.dll.RegCreateKeyExW
rasmontr.dll.InitHelperDll
nshwfp.dll.InitHelperDll
dhcpcmonitor.dll.InitHelperDll
wshelper.dll.InitHelperDll
nshhttp.dll.InitHelperDll
fwcfg.dll.InitHelperDll
authfwcfg.dll.InitHelperDll
ifmon.dll.InitHelperDll
netiohlp.dll.InitHelperDll
whhelper.dll.InitHelperDll
hnetmon.dll.InitHelperDll
rpcnsh.dll.InitHelperDll
dot3cfg.dll.InitHelperDll
napmontr.dll.InitHelperDll
nshipsec.dll.InitHelperDll
nettrace.dll.InitHelperDll
wcnnetsh.dll.InitHelperDll
p2pnetsh.dll.InitHelperDll
wwancfg.dll.InitHelperDll
wlancfg.dll.InitHelperDll
peerdistsh.dll.InitHelperDll
user32.dll.LoadStringW
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.QueryServiceConfigW
sechost.dll.CloseServiceHandle
sechost.dll.QueryServiceStatus
httpapi.dll.HttpInitialize
userenv.dll.RegisterGPNotification
userenv.dll.UnregisterGPNotification
gpapi.dll.RegisterGPNotificationInternal
bcryptprimitives.dll.GetHashInterface
bcryptprimitives.dll.GetCipherInterface
kernel32.dll.SetThreadUILanguage
mprmsg.dll.MprmsgGetErrorString
ole32.dll.CoUninitialize
oleaut32.dll.#500
httpapi.dll.HttpTerminate
gpapi.dll.UnregisterGPNotificationInternal
oleaut32.dll.#9
comctl32.dll.#388

Execute Commands

C:\Users\Seven01\AppData\Local\Temp\server.exe 
netsh firewall add allowedprogram "C:\Users\Seven01\AppData\Local\Temp\server.exe" "server.exe" ENABLE

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-05-15 15:29:40 2018-05-15 15:32:32 172

1 Host(s) detected

IP Address Hostname Reverse DNS
5.188.231.235 Russian Federation mef154.morene.host.

Host(s) by Country

Hosts Country 1
1 Russian Federation Russian Federation

#infosec #automation

TheSystem Itself @ 2018-05-15 15:33:05