MalScore
100/100

Scanba647364DOC.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 28/65 Related 2132
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 268.50 KB (274944 bytes)
Compile time: 2017-06-03 09:16:29
MD5: 67d5840410afae82743d01ded7df4da8
SHA1: 4672067ea8c176522808a5c44a4e4b747263310a
SHA256: eb692ca558734a186450040650ca4f230b87f87c94b8b253c92509221b35b2e1
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-03-14 18:06:02
Last submission: 2018-03-14 18:06:02
Filename detected: - Scanba647364DOC.exe (1)
URL file hosting
hXXp://peadarking.com/blackgate.ie/bless/Scanba647364DOC.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-03-14 16:16:35 [28/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x42434 271872 c4b04d70f2010cb0013b934f3d66a3d6 c00816e71a5257795abbbebd4ba16105bc13593a
.rsrc 0x46000 0x608 2048 64798dc04062e97022ab80ed862af2b3 d7dd24c2341b450cfe3b2b7ca5d925781b292f06
.reloc 0x48000 0xc 512 0039c3f2cda5fc40e9afbd96a29964f9 3f0b9a3bc7ec22c83d80c226e9719dfe51dd2298
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x460a0 892 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x4641c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright...
Assembly Version: 0.0.0.0
InternalName: Scanba647364DOC.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: Scanba647364DOC.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
83819b4c-0e31-1e16
83819b4c-0e31-1e17
83819b4c-0e31-1e14
83819b4c-0e31-1e15
83819b4c-0e31-1e12
83819b4c-0e31-1e13
83819b4c-0e31-1e10
83819b4c-0e31-1e11
837f0150-c9aa-dc
VarFileInfo
Copyright...
83819b4c-0e31-1e18
83819b4c-0e31-1e19
-Onu
83819b4c-0e31-1e8
83819b4c-0e31-1e9
How is seen in task manager
83819b4c-0e31-1e4
83819b4c-0e31-1e5
83819b4c-0e31-1e6
83819b4c-0e31-1e7
83819b4c-0e31-1e0
83819b4c-0e31-1e1
83819b4c-0e31-1e2
83819b4c-0e31-1e3
InternalName
1.0.0.0
Random comments
Company name
StringFileInfo
Translation
Assembly Version
FileVersion
VS_VERSION_INFO
83819b4c-0e31-1e21
83819b4c-0e31-1e20
000004b0
3acb24d0-cd35-4ac1-be07-189c71f9d2b0
Comments
FileDescription
0.0.0.0
OriginalFilename
LegalCopyright
Scanba647364DOC.exe
CompanyName
ProductName
ProductVersion
kent.Properties.Resource
Same as in FIleDescription
S)bnl
PTNd
zyImW
}qvb
`> L
vi#0iq
S q=F
"Kel
W{ #Y
PNG
wjdD
p-N4>
"4@Y
qwX
,mCV
NKg{
GetManifestResourceNames
)j,=S
i*[
HGgP
-pP"4 2
@E\C
^h[%|
Q3MdL
cYJv
"wZ}
-Ug h
U$"J:
7LY-,
dDY.
ResolveEventHandler
l?av<ikB
`[%v
AutoScaleMode
(Xb:
V8| Q
{pmF *
nHelnp
TVLN
{"0}
mkHD
Sc g
|wMyt
m2Zv
-nFC
*D_f
PxSP
!Tj _)3
+?s'
Glqs
(B|
<@lh
<PrivateImplementationDetails>
54m?
gaNR
OJ^D
(s3q
F?bCO
"JdH
7YI9
oBq\V
J m%u
Ji Z
3Lh%}
RLL;
ZLY .
]WjX(
C^?d;
{Fcr
1LQJ
1t.;
g$-s
F%K`
,r8%
w@ 2
3 I?v
AM[%^
&1L[%v
gB;"
b@kkvfGw
System
:L&F
A6Y].~'
OcdI
P &H
Z Q
{Bop$eR
*_){
thR:
7M[%v
"rGmYy
K)[V
!S!o-
iXMw
y&F;,
q/yA
| /
;_U[s
t50B
LY;1S
i/cWfS]
3. ywcP
1LQ
a)R:
"*IDAThC
System.IO.Compression
\:+Q
H.vfs
Dz'1
4\gN
P%?y
:iJ_U(t
_),U
Tm >
'zG1m
Malq"
aj(!%
gMjQkE
9t |
iR`
System.Security
&-g.
vK_8
"K[D
r!La5 t
.f\V
weKSY]I
l.,-
GK6!
C%9P
-E*%
F<'%
mscorlib
P61Zt
f K>
ok7a
"1IDAThC
-'Tu
ZY%I
Rcp{B6
u'g[K
gxadT
",s7c
8,iem'
Eg*4otS
Z(E]
T\OC
YL<@
"mCs
K2-X(
iT4l
*YC^=
YZ8o
1hR`
$I( I7][
xc1
r=8]q
O L3
?7\A
_Vtp3
k"TY
Jwxm
Ti8p
1J?Qn~
"New
So4@
oS1,
M(1z
T C]
DKP'
)uLI"R
J"-Cs
?g z
gz2P_
2|l!:
Q4L)\
0 Cf;
)C/QKC;
&7f
1dY%v
8$@*
4"^+
:,8:
g6(|I?
1L[5v
33aP
sPkX
b 75F
O.iq
2M|>8
|@ [
w |[s
O>Kr2
!_/r={T
f :-
R8q3I
"K$@
lfFC1
bV6[1$w
Q"2
L?y5
lJw
7'uf
Enumerable
R?uq
C^TsG
aET5
z/=w
b {[
AppDomain
YVzRw
"U/*
!AMW
.G@"
AQ%P:
Z[>|"
aKOD
z n'I
]'/%87
@"&
-q_|
v/jJ
eL=S
K ?}
_lCY
xz
$GdD
1l#o
otGG!M
b[L
!BPs@B
L\1y
f~yk
Zk]k
\M,
c)(@
|"TS
add_Load
5 'C)g
hlm[
[6>.
lt_'
eCV}
"-IDAThC
7 y
M$H^
<G<P"
99Ib
?V 9
O[[%r
7?@p
g i
AssemblyTrademarkAttribute
bXJn[
"(IDAThC
qtWE
System.IO
:r.-
l(vx
V.[4 N
D,J
"Hd}
[<f^G
+*9%
aMI;+
cV~y
~j3w
Fdc;
zbz#
U2~L
S-Xl
;-*CDL
>q24
66Qq,
r_w%9*
set_Item
"KdKl
]_b2
PFXA,
$gbB
1M[fv
#Blob
\Q% Mb[
! g!Rc
G&]Ih
,~N .)
<[h
1LQX4
5Ukr
J=hAn
FFi
3b{n
91S>@
de a@
@bHy
5)wM"]/v'
!^dD
E 2I
IComparable
~vV/
,{"5;q
Y/s&
)DZq
"so5
:#yZ
D&bTL
)sH
7LD5
dY$e
9A^Y
&'0C
?(Vh
A!-<
Type
`w ;q
F$52G#*G
qwk3
u>Of
HSKR
[.xO
eB=A
E1F\
\zF
"MBU
EO9>*
B l/
W#IQ8z
.Q9
M3e
3b v
*f9a["
P!>%
3cSD
{ X\xR
F5dEff6
"MBn
*$TD
T8DF ~
"KdCl
y%p,
"6 7
$86dc982c-cce6-4519-ae5e-a09824a34313
<W g
9i !<~
$&'fD
$aJd}
ig-S
iE.R
J Pt
/L[#i
6 J?
Char
St)_
;Li,
9~66
9A8/
4W.u6
~E@s
2J>z
Z}>~"
rdRO
*|(ZH
get_Name
jv0/
DT ]
99cb
!'Hur
>>eb
";d=
U_B
1LZJ
CNK;
Z0#w@
R{+ :
or#r
-<*dG
~ .O
OY8!Q
Et+~
System.Resources
0f-f]E
#dR#
V[ Lf
bF{n
2r@n2^
6 -z
xwPg
&JEd!
@1O@
D 5E
[C%)
8m6:
0G,%
[ Y2&
#,Zk
C``Ms
QK7=
HOoC
Data
EHE;>q
/MD#
5(?06I/
1M[%t
K(!P(B
(?t<vgS
,M#T
(ZhU
u] jW+
|$kR%vi
z~<
@f+tpK[`x
m6Fv
JXXU
5>J.
# lRf
X!;,T`
?!Nl:
lg z
Jf{y
Uq =G
Oy[
.text
#v}@A -
;@+B
9 OwV
E,u5
O^)0C
]0$T[
M<D
6~>O
?73>W
E$6%>
$,`xr
4LQg
MKdD
shyv
Wp{&
a9vXZ
q3 k
*\ t95
]3eJ
S6|/
KM6v
6T[iY
?-N
.s~g
,X =-
R($^
Hb.e
=~1m?v
7LW*,
Qox$
rp ~n
2 _3r
k_wj
ldT!RC
tG8P
`zR`
HD/W8b
IE*o
k =KFZ
,MdG
?$1j
q J
VFK@1
eYX~=
:7\!#
ZOpzg
Vu Jc
M`36G
vZ4_
`y7`
i'\M
~!YlK
G{PY
.\\ <
19p4z>
C5S P
BY +
u v2
\LX+v
jb8$
"3IDAThC
F/b
zFC
[ Fu
}%o)
PO9e
b{Ip
k. 1
=~5}
DLJ x>
g7/J
]z(?
W>)p
VK7=
pO_|
68--
7:oP
_YO
5 @Po
Dayy
]DGw
^h%J0
dM#eg
1g[_
;d/;
b*C#
Jc >
^Je"
M+QB
C8 j
Mq^s
Y$V3
AK>W
`.rsrc
?T#PIg
!MT1
"KmD
K{2X(
n\I.P
:^pf
dc?N
8O0v
w )/Nl
(U<7
VD2'
#c!<
&uCL
..1*k;G
,ZO&Eb
EC72
N;8u
kernel32.dll
fAx~
w{7#3
EL<@
/]Q"
pHYs
a@1LQJ
5ZF-
gO0n
|RMN
I]!_o
T'6H
13t4*<b
>\k l
iGJC
HKh\
Y9dg
e/[M
L")eY
)c( F
-,3u)
u/{3T
`GCn
4*M@
{Y 8;
QU$
<0,1
E /
y ~p+Y
xYcn
~S<gB
0MG+q
Js D
`:+
-I{$k
"RSD
q-m/
iO|Z
w 'j
m1h29J
c'NB
6cR6
_rOE2#}
/KP xD
w5B|
aXP1
LM:^
.]"j
d{?v
qtKm h
E(B$
3$,rOV
| `w
P#L~Do
tZ-kk
yK"k
r9<N?
1 7D
}[BSJB
o:P>Z
X-LP
&1?g
j(BF
ZZXcc
\![%v
F*3Y
^/0%7
H pk
iN62
m{cN
5Hp
i8~r
5@O
$u7
O( ,
qTX,
APFd
9r8k/
\P8>
%R|dm
=Lbf
CcTMw
9J9p%w
K$
"K}D
Pla@w
)A1^$
y5C|
;kcT
)Vq
c Apk"m
sY 8c
-PeY
L! Gy
Y,L[!^
Xnj
1A[%g
1LZ.q
Kcc-
P8:%
7a'OIe
?<3@~
oV,?
1J}[a
Write
ZqXy
set_AutoScaleDimensions
STAThreadAttribute
#8I1
*D":
W9 0
get_Assembly
&jTx
Z EdO
Nbm5
dUBN
K("X(
(SlO(
SD:U
UEw1
r#+\
=p!KE
I@P
x(d/
D4['X(
=@B/
yzkn@
R;(%
%`%ps
!3Ph
&DO3a
e7cW
N)u(
7wzD<
j:$"
`1;<
.$~o
pONoa
&]wB
f$$C2O
s<l*@
WrapNonExceptionThrows
;u,F$
)nJn
Monitor
ApF#U<
^"],$
$aJdP
/%4_
Ob~6>?
HByb
Console
:L F
YFZu
F^HH
t]aor
;k"K
k i
H("?n
$(l\)
Y 8v
InvalidOperationException
%1L[
]&kL
`yB?,%
RoxHg^
<<%u
|OZc
#K+D
*Kq&
% ('
&*8>
1L_'
+?g|^k
RuntimeFieldHandle
9!~V
0{&cY
3Lf1v
xA`n
a JC$
Bn PT
_|}Z
h:I
Ha-
Ue*#
ItnGC
&*8Y
tUs3
&0{L8
IHDR
e
1L[%u
D~L\
CuFH
!4D[
b+{V^
_mj
1DD0DAFEB018D8FCBA23B5E63ED63EC8F997B3F9
&*8t
"p*,
r/$*r
g VC'oG
&*8q
&*8r
jjq
d]8s3B
&*8x
Iz0R
!kd@
hE9[
&*8c
//r
m# ;L*
&*8j
&5@D
a;)W
C ClQ
3yl
b3l$
BgC,
*d@'
'{+
;SdeY
5ze^
70n:
IAxh
i]"{
` n*
u82F
5q$a
iuuF
EqR
2C=$
LM%v
#EaazFI
*DZu
N2 .mb|Qc
Cx|9
d#+g
J{1`
%;U>y
JrK=
1L[%uO
N,4Hgy"[
aLV(
System.Security.Policy
`p 4
}%_ I
KJ7X(
nB(c
3AfB
82<xB
G8F#j
k-4[
ou9d
B)(:.
)vg{ng
|N3?@i}
/QTX
}a bz^
MethodBase
6b}D%W
%Qcupv03
z\K3H
]:&E
3=<Q
b6lv
Evqm
I\
Lu+f
.C9t
K Ey
ZC,w5
rl0
6EI`d0g'>Qb
}J6:
rWl6
TR%!^f/y?
:|:(d
yroL<
W"UJ|
Yb? B
frH0
Enter
kl")
oV`ID
A{<gS
]J8]
}uuH
SuspendLayout
$qB4D
d!qMJ
*/EB
yKdN
jJd[:
}V $qF
]~O'1
D16A7DFACE16BB380DDC30ACC3CDD78750932BF2
JmqM
wZc[*
H+^)
dE>1
P! C
=L[&v@
2`O}
C4#G
Wopn
9N8G#
k?@)
LRn)
u \8]
"4(v
` uh#6
}P(Q
dNP5
EventArgs
*|bp
1L]-^
M$L['v
o\w)
Application
?qK/_
q$4]
*Ybw
8 u
././
-Yjc
X_=wdV
ic
0eV`
.un=
2_'E
b$l<
Z$B7
+[<Z
YSDq3
R<0C
N [n
7Z>
$X+u
(p=<
+@ E
"W04K
eE Hm
=SgG
:CK,~
$aJd
<c{W*
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
\; R
K47X(
WO)
$KeD
&/>N
C%(EP
.Va(
El?0
4GOd
Hc7m
(Du:
Ya:0O
V_u<K
K 8l
|4@@
C094
C,3q
{U0t
`(!&
%/6(
1o *
$/rl
q+f2
~_yft
W,e?
9`Z
G%d#
QKdD
: \q
=j]2
5bHbq
;&p7
t#p-k
=Ek,
K[OR`
{Flh
# 0'#
&nbY
(=Gw5
A5V&
![`lY
0t9xR
0 vd,.
U@6`
"Kd{l
AE$73
#- ~,4
".IDAThC
X^$f
*kaL
]]Pm
Qe
5sw-]
ContainsKey
!H?JK
1b1'
-ZmI
ucF5
@k?$w)
4!9G
PbKJ[(o
0|h.
0II-
mB k
1Jw'a
=NxE
P>)7
'kPg
dgSM
\hMZ
_8Pmu
/L:O
LX$v
N/!Ka\*
Z19
K)%F(}
"Cck'
G=P/
System.Runtime.InteropServices
}c%v
y-(M4
`Tg,
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
Wf p
`SH a
EnableVisualStyles
Iqk[
=Dsxv
H"]?
LWmehk
V`~j
3P\9
rommml:
3[!QC
1_k&v
=2deY
Z@!G
0{yfY
9)&f>
3S+Bi
F8EB065AEA3026AB3650800E837BC7DD5672B97B
#d2%v
,UujS
;^8 F
|&"KdD
7qaQ
4)=/EZl
FdD
ta@d
r1y38v
xh-J
R.ah
~No@
hN
1{2g~
ygt'
*KeD
zfc#
M\S;
ef1B.B
SBjN
My"3
f2k)Y
% GNgF4_:*
Form
n0T[
1LQ.q
TOnM
$d(4 k2
UxED
HU8=!~D
System.Core
C g4
8 4G7
>'q_<
{F:Y
$C<S
w5'D
}w$`
Q,L~
OlHo
qfM
~B|/
'E)g
get_Evidence
s!71Z
E")b"
e)N
J<-
9Ir$&
jK'@
@#(<YXv
-bi$
}-j+n
acw
Wy J/
7&FU
u} 8
; =d
v> sbi
vY#s
5RSnY
ennBA
o TYctcyD
T:p@"N,
oBtN[(
AssemblyCompanyAttribute
jjpT@
:LAf
Ul),
W'aXzH
P$
"K D
CL!.
ZC,4
KGs\B*A
=5y_
2]WA
G5R9
pt>_
J$F*\4v
'Gp2p
#Strings
hJ>\
1l[%v
0DG q
ju~ee
o{u
-%r-{
QMmQ
H)]?
k])%
M)0E3
u4,HuJ
Y)0C
eNKa
pv(T
8lY$g1
k-'L
!cU>8f
HskF
ApplicationSettingsBase
/Y%b
0,4]
{Qh-
;c"L
mscoree.dll
+COi
xp*T)
q_;NIm
"g:R
8PWy
[D[%^
Q@&rxft6
ZwkA
< hJ
4T[E
[89Mn
JtH*
>4Z9
E1E-
Mm~q
#4I
IEvidenceFactory
N.7,
Vb+
!+1#
i#\(g
$p&M
P/KF(
|NXD
~-u7
(w5)
"KdD*
]-/@%
ValueType
5X3m?
.?Vs
g7)L
G< 1
GuidAttribute
XdZ\
z"/}#
d0u{>
SetCompatibleTextRenderingDefault
T}56O
Jix(
0>Ss
"Idu
k !z
iB?[q
`b,V,~
Cj';~
7,su
^?w0g
t mU
)Lu%v
]_y(
rC^ee
at-_
DXh6
rd~!7d
oR@V\
l 4&,V)
W'oA
1umx
tx U
LF f
\,tv
SMdD
JG5Q
]NC
7vc8
\W@r
Po>$K
DbDh%PT
u -,
X/j"
%\<W
1i~^r
]iM_
/ 46
X]@8
!d(g6
}h$*
G\dD
K9e
Oio,De
(9qoa
Z_3qN
%KfY
a kZ%
96}v i
(Jv<
];SZk;
WKG_,
i:`O
18bB+S
]\<Z{v
-.Ht
Mb2Y
p\1
a#)S
kz(;
_K~
xoO_L
NI1p
]N%O
s\6-
9Kd@
E ]r n
f[V
LLcV[
)lKc
Qp^V2
1L_
yEr|
ToString
C:*K
t(rY
nAzM
V);3
Og}w
m?fX.u
d|bn
I})H
:l|t
+`\C9P
fHr
;TXC
;#_[
"T*V
i6j|2
Sc?;
s* P
9zf
;Lr8
^<OL
[2}^k+_
m?lh52
UaOB0
)R\Z
D=S>iz
Il O
AWD$
*5{xeY
MPRW$\
6?M]2
C97!
,W7#M
.6Om.>
[<B,2
!40x
+$A'
6}6(
(%:1
kent
y-9[!S%
!+LA
"*Z)F
N oj
9Z(
gVc/
qw1 SZE;
')^:
{D9>
AssemblyTitleAttribute
cU!6
R C8Kx
0a?S
{~W?b
#xl
GetData
hUI3
guOw
(=a/
)JBrb
}HS)
)O,(
$/-
s9{y
dtqB
sr|Y!
u_}Ga
( =-
U1g
z(Ez
<=OD
m FL
'o4=
(-O$
+)Bn
f I)
a ]Q*
8#
_+Id&
\c g
X9vX2
Ru3Ti1V%
N T1
0#SB
qaw<
z.MC
Im #
rp{t
l* !
s g
|r}'H
Concat
Saxm
get_CurrentDomain
r:*r
J&V9
i,{z
UY+
zM4Z
>i)V
gMkC
D*|!
c[%
e& W
fVzo
7X
c! o
XE\k
=27b5!4+
]/E"
get_EntryPoint
;cN
(Q>H7
ug'#F
: B2q
#KBE
*5;?f
.ctor
u
F;,R
"OuP
OI[%r
1wtgf9
tN})b
"Izb
r&/.
W]Nr(
y:'
+M E
T]\ht7
yFsI
C "z
['v+
ZCy"5
xGMgj
~Lo=
TdPS
G1u.
at1LQ
Invoke
C;d#
r~2p
ASja
OY)0C
rv{8
94mj
N. %
&]8`\
HZ~%
J|4a8
v [%v
\xu{h~S
g) a
f`Lj
1W T
\sbG
GK%7
#PsIe{
RQ~t
7`V |
-1Vw
3C@r
+PN<V@
)$a!
p*g7
#Y#t
'cEz
H1zMJt
%U%<}
1L^%
9Td{
Q9"D
r,"I
Up_+
Array
K][5~?
'-(sK8M
{KvM
NIUr
S c::
'4*t
r|J:r
1[+Z
$X7u
m]r 7D&(
@.reloc
bQL)
C<Tt
Kt[8+
+E E
n(hy
I$o+
c c:
IY\ "6
)I y
?x;h
4en(
iGG8
r03a
Qgux
"Or7
ylrX
PBxa
g M'%
zjR(
45196356C0BA6B59B18E186F01674A05383B597F
Byte
^"[B
{TqS;S"
."k_
Load
Sy]U
si^i
q( ps
B'JQ!R
P,m:<
9YX"
"Idr
X9u8
$ N)
=&[h
mp`\
K*f
|P= c
"Id`
!0,-S
p 7J
8R;c
=6DOm
ei1_a(
8TD*A
wORYCgz
A(uu
\>1F
C &I.r
L[#m
HwZ?
/gvu
RTnLm
m"O*a
[%e^&
q, [--j(Ux
Kp:!
?(n7
"|P%<
]dU(
d6%
qEd
$](&
9w-_M
_'P
+}:9
{Yd
ZK *
CSJ5
,$D:Mu)
pLo%D
g?=E
cbL3E
8pQb
>fhjq
q|n]
UJX
FO]i
Z>F?
M:O_{
@5S2Jg0
JE -
3H(HN
"Z6D
<$S/_uy
^*M4%
,)0I
c4~|g
*9o8
.#^8 [
?)V.
%eXC
!.M,
I zt
qf/0
ZkX;
hSb1
9DS-~
nBJeY
/Mdy
W@5k.
0BF p
-X&`
Zbs0
ADG>4
S}k"m
cD[A
"Ku:U
W* ,
N<(z
-;#H
G{W)<
> v
uE?$'
:(lv
wf (u
6 {-
NB_=
# .\
"+IDAThC
`d!|L
RuntimeCompatibilityAttribute
2Q^7
kH+8PF(
iOdP
&,r$
<(4
=n
}HR)
B ec
/K}*
Assembly
X+.W
BF1512AC13F3DC3B09FDAFDFC9928F1CFA4FF13C
j>pR)
/>,p
3&kP_
{[qn#
KR=w$
">$%4
)]#NA
~K5G.
3JC q
7D.5
nYVq
)meJ
;YDH7
%ELJl
tjw
q}vs
Apm"m
L@N'
y 6g
a[9=
n,Iy
[ndl!
[/q6
OxgX
e$)J
@E= +#
^%y,tj_
%093
+P7r
5_QV
H:L[&vc
CeTP
hA@_y
3gO=M'R
g68?
QG%
p&F;,
Dictionary`2
us1PF
$[(L
=H%}
WL8ch
\\dD
4pzLVbUF@'r
>V?L
$9[U
a>4F7
)p(Y
wRsG
FmR|\
q7T'
U'xCd_
*,sZ
XYXF
set_AutoScaleMode
`^0O
Bln-
uUL2
sQTE
1L][4
fmQ`j
)CD*
+KdE
{Lz
O 'p
n+jRi
G1vu
4i{ OL
=S P>y
r !K
IContainer
OCcpo
4xv7L
3@7~
bw'@
XE<ef[J
EYa>
EQQs
pSD;
br <
5ii~
:~P:
]rRl
{6
?%2K
C=IY
u[%v
,E|\
PK70
myYE
9~<g
D y1W
/s:h
M$qu?
%}=
(o+6B
%Yryh
/}dPUn
ISerializable
$"%V
X v
EJ*)
)z$2
J<)o
WR4r!
sO&`
%`'
VA d6
k>-y
7N+b
-&w*
E15B\
a^1LQJ
X a
qPEx
W)0C
5h5?5
_F*j
uVG0
VcmXb
)0@-G*
8]
Qh@E
w Sv
}N):
~Lr+
~9D&x
9J5B:
Control
(2Rc
`iMk
&pKjd
-rW=&
SJb c
cE*9
db'A
Vd, :
;#O:
l_x%
G#0@;
r~E-
]WoftF
i^.'
|=B,
@ L>P
eiJj
R.6!x
';=pu#n1
5V9(^
)%L['v
9C9p&
*D(o
T:E
X
CzG>ql
Px-%
#-FTd
,O_}
IC]>
*?q8H
ContainerControl
?/x%&vH
l<]U
k>?R
K@7k8C
/HgSW
$P]j
`%1e
\"j}
< 'D
I jr>
0d0g
5~&8
?$+K(
^U f^0
5~ L
Sd&#
/1RC )
,u }
IVo-r0A
m]4
PDz|
4HCo
S5s~
.@(&
[%! {
zo[Ym*
#U\
R3Wdb:
M3SF
2t1Q
BpV
AssemblyProductAttribute
y(U)Q7
gb)N
H~W}
Y -'
1{ueY
>Lo,
;?$:)h
b,JBZ
+"rTv
r-)"
rf8Hd
0"Wu
AssemblyCopyrightAttribute
VdD
.OU|
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
r6J{
Y 8>
`!?v
fvj(h/s#
E>2K
'g/,{
W5n.
);u
1ld!h
M$\o
tojU7
E";i
Y 8
9X^J~t
C8 D
d-_^p
{=l}
%0\"
V#
#DfM
/<ea
-x?o
{(RY
.>m'
LKa3
oIg%{
['"q
Y 8
n @(
t3&E1
"KgDU
sG2V2
@9:I
czjB
6{%qY
Q)PU
]xF#
xLz'
JrrS84
cLsqf
jF[ 3
e$7
u|+O
XEp
Y 8k
7]8`
K+0X(
CsBIz
Y 8a
}($
3Kfw1J
: 21
#^(
_*$3<
[&!c
Y 8V
AXND#
^j]x)u
lFEt
kent.Properties
Z4/E
" d|
4@c4s
6Kd@
0m|+c@%
UQo"
2a&F
3W+
#K@&
,yAr
W1%:
?Ve :U
Znu
CH4Xo
,nr~
{MdD
)j"0(
1Fq
Read
x YYIy
wpuv
FflAO
CKj5
t]:[
u_5OK
D s
!hdK
IvHk
"> K
\=~N
F*uZ
L0ad
d}ly9
Noaj(!%
@]zP
?hko
+(sD
0<-f
/EDL
n{j1
hFOu=Oc_Lm
:D@)
JL%wT
.:Q!e*
1g]_V&
? d`
bo`_
m/ab
x!^"2
6K^Z
~TY_E
1{Fm
z' A
gAMA
/uO
#2I]}{p
,{V|2
t&CE
sGjS
^ah,z
p?"K
Y= 2
on6`c
t9HYT
Whb=
^anN
FK%!
jKkE
Y2e7M
c~}M
:ue}=
\Xcu
.cctor
y`dH8
G)[h
$L[$v@
IReflect
34" F
-nMU
hE~r
Up<O
g.UvR
<gTnhC
^<Up
8+v;
;TG7
CompressionMode
+ {><
eAm`5K0
f-z}
Ni}S
;Pnl
1LZ%v
0BS#v
DF%/
A5D?C7
Vd!fRu
P8 +
e/@f
+wN"S
,IS-s
+64$Y
M['R
r$Z*=cD
Y.jU?
:nDk
t3mPnV
\NdD
H$ri
? Mq7
WuhK/
Wo~(x
XyY\
{a}[m"yb
DYHp
gTLJ
zMcO
query
+,K
nY;b
:TkoE
R91q
by %
Sp|U
System.Reflection
wE;3
X7D76
"D"`
L[/^
SizeF
L[/\
kent.exe
6&K
6(I2
e3mR^
}q # >
RuntimeTypeHandle
.R4A|lJ}
y;xg
i~o<Im
$LfV
s[j
b?"|
n0!l
"KdK
/({t
DZ="Q(
`w32q
/ G6
S(F
LxKK
1Z[%v
N%%A
HL)%
%hWS%
H6zr
}a 7
xa$N
Gdxh
{D>/4X
5M=L
t b\
`]kj
Size
Append
set_ClientSize
B;kJ
LBH)
}CsM
{ g
$C:^+]'
%\x`
. }G
"Kd&
'!?]
6{<
^-3HO
Jo\Rm
0j#5
U1M"X
Incarcator
:rt9
yYw8
#~*yz
}<J
;v|] k
uQ7u
mJaq
Cp n'I
s[;RF
`OvGykD
1LX%
`RB
m-\S
$8>
0i<2
eYut
1:1l
8oeB[?tKo+
jwW8)
Rp#k
N*K%
AssemblyDescriptionAttribute
\=I=G
y|"G
R82J
bc\S5
m 5L
IR|8
` [M
z3}7
"Kdc
* ``
/jg=Nu>
eYAt
{ Kl
X1Vb
=s$'
1_k'v
"1M|
(hCV~\
"KdH
y1ae
nFuX
"KdE
"KdD
1;,R
X =do
JFDL
1F]J@
9Nt%
C *&@
d&B
/?~B
C``c
cD$
"KdT
!>1
eMrD
"KdS
)ZdD
[Mx7]
GK'+
cAR|
vDu*CdF
u24|~}
(40_
xN?3
5hY!
`$!Q
$G_M
D753D0A878EB0C0BD3275A783C17E0129C61D8E9
-x!lI?
=P9
a M*
F 4^
"MLA
l'7\IEX
QueueType
Uwms
1lJF0[0
K'X(
cfCQdD
d?FH
R0S< g
?)x
cNL|
3System.Resources.Tools.StronglyTypedResourceBuilder
tLI0
vAH[
>tir
<[NBy.
i[
Ln',
- lQO
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
ei3m
fy8x
?#
:R{8
A;~Q
d~0A'
Q-Ozw
APu>
(i. j
2,-/
*Ob4
m:4tZ
\ 0?)
]J4g
!This program cannot be run in DOS mode. $
<F g
bxGI/
!J^Y
MatLF!
|>]9
\FdD
;Hmb-
emtx
Ff@n
D,_F
p 8_W
I :&
Uq\ ;
Dispose
<PZk
1L[%iO
nhH6
7 _,
$b8
6NJ"
$_fl
U"vq
^ f =
<hf6<
H:Y#
~<5R
2o/04
!KdL
[ ^ DF(
1A$q
VcFs>
kWm9
`ISM
c8"Yo
q2N4
UhM$
jC\?
R&3@
sC&C
Fq9u
r#.K
_]Ux
|w[v
0OL2
32pP
IbGzu
X,xk5a
H{_4
MNQ)
,!PtH
tPZG
Bkbr
V (V
Pwl A
|%bU
)(M{
Se(L(.
Xuta
B6DW
e#;/;
9!23
=X2e{
Ro k
$/~&Z`<r
WVq#
%D `
`rn1
1+>Q)
Ro~.T
jI[%^
\!89f
gT/)
wwkH#)4
jIDl
QT2aU
=81@
CTM
Nrt7"
vtIo6
Q])K!
Z5sm
=D d
sc g
0heG
u+3kB3
\u}t
Z(2MQ
m*g:X+
X(
JyX7
GP/MgB
&U?"
pFvH9
fz^W
9/Wa
Z}}
|CS(
j)h!
0KLA
xIm:
,8B9 C
F[[Sd
2 d^5
\d2y
gTLW
*Y^G4
abh-
|F7,
7L)`
7'5s
V"9
o<Qs
iWiq
RL)%
bOP0
ZJ>$
r_o6]X
[ 8x
~"9W
5Fqi
QS:+l
:dFK
*WOI
tAMp+H
&p-P
4'c%
>O'4
[']&I
y^*E
!EUn
8YB
>aw\)
_+m@
System.Linq
/Pq7M
1LZ6~n
CNR
f LE"
]u$v
]9>z)
:{W
ck?X
1L[n
i'lgR
SetData
SSr]
</S>J!
KQ
uo'd
+KZG"
$OH
-lLx9#
r,Y::
] -gc
$87D
ZO%#
wEQA
+|w^
EditorBrowsableState
"KcR
fL/d
`?S
j%^^Mei
U<>F
sQ@$
`}Q&p
erKz
av1L]
1L[%
at1LQQJ
X8F~
W6w}D\
6qhpp
;O9>*
c>t6
-^O7
Lfc0X
=> 3
+1{
)T2#
UD-V
u0E`
djAj
h;|lK>
#"|<U
)s_`H
ZZv
T^Ez(
w?c!u}
Vmm R
RW k
f, h
zV^/C J7
!>0+
Y e1
Z*[~
' 1{
*|7u
6pgn1
#8WN
>1tS
P->"g
p=]zh0
,rpBCiZ"5
*8kR%v
0&Rf
{%ho
$IDAThC
)6+
V*qb
>`u
C&*1
KAvMnN
%M *
dYds
Z%:=j
|i BrLIo
C[%m
l@]{~
~.;5
o '%n
]y1 -R
{~jq
yu `
{^G8
uuQ/
%8^=
L(Hi
F.lBq
)0CtSN
TLm^
<!6k
^+RAv
K?!C
D\eC
\ua{
&, =
VQbM-
=4OYVvT
#Ne4
] zA
M@J}
;g[&D
.SdC
&Oi!z*
s<Je
add_ResourceResolve
A?d"
!j80
~]1C=
MethodInfo
X#5D
!)X$x
W!-g
1.0.0.0
YLU&
y.}6
-M {
:Dj_
"OL
@"D~jC
=nyR$S
CompilationRelaxationsAttribute
PL/%
"XTF
#i+7
$**_
p%KO
1'[Vv
?&Iw
C;z}
&0 J
M1hj)
E)8Q
8I q)
MemoryStream
>^Xd
-5'D
kzEX89p
_OCM
JeCK
"/IDAThC
608C12AC564B3B2142C9B0946D986C30B0910891
3]r#
rlpA
O/\_U
2KeD
T>[v
C9b4
,gil
xvY'
B:;P^
)<G\
gJ <
v`rGd
^0>dq`
p L~
"n(g
U;jB
O#-&
get_Message
${jSU`[
P=>e
Tmi">
P `C
6h(e
&*PA^{]
qOE_&(
@1_I
lyHw
`x4f7_0w
`f B1~
"Zgl
#KdY
jN9[
Dfh`
=+a<
'R{F3
oC&|
6"q<
mgWM*F{
Vp|W
w^/\
1F}2
'BGrk7
PV%W
:{8
yO%C%=
-.m
c8 C
lq^X+
|.3WE
AVxNcH
4p[XO
F)0s\C
-4,w5
*sv=
95%2
9jn
jBC0
1P]+J
vkT
9&:F
)yc0N
/"ycl"
5KGbd
ZH'|5
c!vU
g-4o
Z '0
:4Uv
#GUID
gy#u
w8+W
V?t&
[%pn
$q[Hq
WL{bv
^.5G
s*Fc
3ZsU
u4
Oe
Kw4Y
"R "ON
[t"h
zh\k
(?3p
s UU7
pjSQ?l
L[)v
%-Rw
8quja
M_;+
2iF"
"KtE
{$?
oTw@E
]K7p
,n
u f4R~
P0VQY
*cvk
L9DO
H'_
.E91
$'zl
=omaV
fKdN
GXl\r
;U f/`
51CT
sUi&
BL2H
StringBuilder
xz_L
NnMH
z!$@D
`< ^
VqZ^
H(N
h!e?
$L [
~~%;Z
Uz3
.sRJ
}66
OCg(
']KJP
Q~}e
ZGi#
|8~ ~
G>EDw+N
wGj.Y$
,%B
TvX/
T )W
pF'k
Tu/[
d=9
A kK
'0lHl
UY5Z
7. fA
T8j{
.,cy
RL/%8
R>4V
fp&3
U/a,
G|JK
gyR|
8ip*B
eF4v
i`x^
P"KndlA86
UL/W
|_]L>BO
lG2)
^ )
;dp%v
l:b`
%H(~
\7_R
vKdl
dsb@
t,J cx
#brH
b"EB[
[|P!
AssemblyFileVersionAttribute
PDu4
g$]
2S8(lb
an&A
o&SlL
System.Text
0g1hUq
)%e4
emMk
nEj-"
System.Collections.Generic
^1 0
E043
mJ.0@a}
rO?E
oWY$
|a0I
_c4M
"KbN
r|Rf
4XJq
o@~&
r'%Wu
2r*f
-2amwx
Q\Dk
7|f
LxQ1
w$>$
$XGU
:!&"
GL*o
h $&
Hl&}
EP=W.
x!hbcBv;^
KM;
m,!z R ?
} oP
TW07
/>j?5]|
ofU\
3 GD
0Y#
EUgR
-ft\(l ^^
P1 O
gOCGf
XcCv
R4KU
n\/qP
R(0C
p2\`
ryP-
Evidence
.73L[J
-6p
]{EC
"{dD
&4)V
2:Om
wL[%v!
1L[%v
PbRMgG
hY J\
) qQS
x6.M
`r@p
H8>Vv
tGi4
wy |
Nyt+?
1Lm&Q
TGTJ
ResourceManager
6rKv6
pVR.
phJM
szK8o
Q k1_
gH/
!q|wa*
6`lFZ
jK!F
1"Mb
eYZv
M> V
C=(GP
Spu)L,
GetExecutingAssembly
K&i'
/!Ro
#+ u
] z
jh:8
F198083C9353284BD8923DD4177D35B3177ACC3B
a*,y
4/X[
ppot
Sc`nkL
XrJH
uOplkj
!Xe[
String
$!(O
;#/h
_<[C,
wm~c_
_CorExeMain
0dkO
qn DG
*TR1
[%qq
B B%s
oXSt
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
j^A^
N5>b
sIna
JN]E
r\`7
!0,p
0UfS1
G/(X
F)+3Ur
% ,
V4sc
~Y??
InitializeArray
System.Configuration
\/ j5
mU b
(8 ?
mXr/
a_jy
up`k
qr(L
# !|
^Z(Sy
]#<w
15.0.0.0
$c:8I
S0Fo
W:f(
\>?x8fe9gk
- BYu
ToArray
{t32
]Rke?
Wk9X
+omv
cV]m
+ ;}?
?D>6
u*%G
|}&N<
J;>$
gcM&
$YrX
]NI^
72K%v
U1ST(xr
U3^K
EU/|
$Qpx
uIC)a1
CU"
KVUy
^JJ5?"
S.y(!
wJ~A
9H2<K
cUxB
"OuR
dY;b
_:9^
xq
2z$g
qo5C
r4g'/
%A+DQ
V^2>
|[;j
JK#!
=ER},u
X#5%
R{xK
V.rNU
n{}[
N9@k
5V"K
~~.?
w a5
:L%-v
tL<@
e:vS
u3*EN
#"z}
m>w*C
6W&D"
aJs;
ts]B
[L1K
^F0jg
System.Drawing
q{``A
get_FullName
L;;7
x kH
QC{A
3L2%
RF-2
LJWZ
L'%
LL{_J
6R
>mPj
b`F fs!a
-I\%
YTH.
$Y+O
e>:F
#_GD
d$JN3
+NEs{
~)`TU~
|JO
Cw&
5 *T
Gm{T
%$$X(
#9 P.
)B:[
:}";
MW i1J
pmJ_Ig
_J8@
$S+0
El "
W{$*
I8 R
_Ku+T
-X;H
W.5'
Qo4$
\>m#N
!L[%v
(,Gu7?
Cq<2
a,sP
I`-t*
(Cb/
mV,Ni
(7Iv
Ep[%w0
RuntimeHelpers
X]X
d8 p
o_a6:
(x`0
8#)vf
Y@/w5
JD}5-
SE+4
^1NAs
T<x<N
^}Z+K
S>Zsu
0{%qY
B7_b
JW_^
g[= P7
6B `
&f.0
(!F
1rRqE_*
J9jY{s
"htlv
GzJ@
M<Ag
"Nd~
K~5R?
QueryContinueDragEventArgs
Be$~
,LT?
UqLV
XOYA
m&;}
#~mT
L~y=
Object
X[#g
7eKx
h/L/
+$oK[{
KD ^
'_Jn
1z]ud"
<o$X(
P3%jv
wYQ!
l.O(
ComVisibleAttribute
_;BV=*
#C*OLp
1LQ I
U;-w
!(K~dI
!wnf
an [9
C,w5
S*wv
twz/
L[%v#
>JX
Z0=4
)0GbS
}`Jx
3BF(
Mi9S
nI\ 6
^z8y'
>1AdM
fFNG
!("{
hk sr
Coqv
add_AssemblyResolve
Fpp9
? `
KpZ
1LY%q
AssemblyConfigurationAttribute
L5"f
WmRc
?Fx{
CultureInfo
O05?
@47"
^"{N
A\RF
y@8_
?$2[
;wTY G\
B/W5
DJ$v
ZwZ-
c D
~3-f
15.5.0.0
?%.y'
565E6F2B23A275D98012F63D12517B1EBB773AD0
3V.J
,9TsG
^& *
`I<Z
;R-E
FD~)]
])[w
2qnD
RJ(@#O
1{De
V9 &
:CIi5
"Hr5
"KwD
Stream
",IDAThC
/s?"
k+%?
%}Iz;
3N +
x*+r
z,]g
k%y3
`d*
ZJpE
+"Z { 5
C J ;tw$
B [*
&*6(3
wXV69
H\8;5
ZpfV
1LQQS
SStRiw{
NQo\
CreateInstanceAndUnwrap
g Yn
"? }w
Exit
Free
Q\RM#
t0P!
Si8~
#*?9y
;Y +
'2 =
2] e'
'kfE
54hH
IS$H
[$X(
|CpA
u}0z
1@&d
l9TR
c }Bg8>~
%5@o
ob R
kk_#
2equ
p#EZ
[ +
+ ?:f
bWOE
8]-D
SqS=
o)@Z
ResumeLayout
12*C
w!8E
\/|j3
tKD*.
Cm3z
T3`H
Z@=/
47<C
Co\<
KdB
y";)&
si @
4PhZ
6\IfDR
}+ q
RN+UTx
= H Az
?F3@
> D$
P!_H
mZ vXl
hn%N>
t9zp0\
~wTR
Mlkcb
'#0C
;[(~b
jvW}
S@0Z o
pHRS
5j&,K
~)4N!
+iCn
+$2sJl.p
VL<@
nui
?Z
#KdD
$k1] p
System.ComponentModel
ok,o
%MlD
1L[%qO
L RY
xRun
Ixt/
IZIg
^k]4
&^%b
G,Lv
6M(`
YX'R
Y]Lc
>B~
/*7?~
u 6JS
,N&5
U,fq=/Q
$/~[
uD!*VaB
[$"Ru
X,?]
FSv
$A^ !V
CQ6.b{
C)5Q#
ResolveEventArgs
[;' ?bw
a KB%
;v hX
D9 4L`C
mb8:
v*Kh/l
(L^%l
_-Wd
T/J`m
)K$\
.4 `
)4klS
c%fF>q
*0%'
C%R
'C"rlVSKv
System.CodeDom.Compiler
<+{
$0t}
"Id(
6-#A
!y&
G"th
Dmb'
?3a^7&pg
s% S
0JfO'
Ux 7
GpPV
B-g({
1L[>v
S!7
wL R
lE^#Y1
x:g(
&]d5
6BAg6
b*bTT
BRuZ
};"M
q*1]TY
G*}79
1F},\
U +q
5wjL_n
"K`U
Xlu'Sd
(7HW
P= ;
-d'?O}
msic#
1y2
mn\Q]
;lA8
F--9$
_6 g
HN*C
B]7w
,~O$
8akQ
t`3
\7.Y
xL*:
;pd^.:)
^m~[
ZY0
1LQ6`
ExitProcess
ZY0
^`|*
w4&!
*].>
a4Ju
yX)
"KLF
#zz)
P D
&dIpZ
%x/
aiRO
@x;L
N%h9
M/dD
'y4L
;0kR%vH
WKv,
$x[L
cGrb%
\CPD
eb
Copyright
r_^l|:7)
System.Threading
urPqI
"7@L
8N97
T?NE
D/nyD D
KTRy
KJ$B$
Bw+i
Y%<6
[^<R
!LBO
\=T.F
/L@A`
ZMd>3f=
qESD
]4J\o
v2.0.50727
XS q
~Y6."
'33RjR
p)Xd0
la<V
:>GicW
VSdD
V7e-
pLNH
DB7@O
Fl"^
VQ+O
StB~n
,%WA
'S"(
get_Default
6^2v
D ~5
kB2V
!mc{
5HMZ
OWO Z
7uSD
A6th
$( 6u
Z93)
LRIw4"[q
dEp
D9 UL-7
MarshalByRefObject
W$GP7v
/$#V_
Exception
~*z}rS
hW.1
:WdD
st wEy
J45.
7S{)33 =T
>61+
GJRSn
&2{&
${Qv
})4 P
6v$jz
$whZ
SettingsBase
CeLu
%L[&v
x<myu
=<wi
!<>hv
S|0
GetTypeFromHandle
{oqo{,
@zPHf16M
!L[#v
s##g
fmGO
|kcE~
FL[%v
MdEn
yrat
^Vkf
;]^:Z
"Yi7u
YCM,
\S"y
e<O|
e(F
F*3v
)T^%t
4>|m
<NH8r
ebe
H[=7
&U W
q-*q)U
V" *
4[pdQ
BRZky
qtj#
H{ b
+J E
KEzG
I(]N
EUAn
{O~Imi
;j4\v
7{ZaI
yUjf
g4"t
)?[T"
System.Runtime.Serialization
@E^.
V| ,'{
8G::
8%QMr
a+_\>
N>NNcf
#H%Iv
$bA`
x9i^A=
H</J%
yXB9
"K`d}
8[25
'[[%v
_V4I
hPJ,
[p
!2Kab
Cd^E
(kv<
|1^as
@ <X(
&UFx<Y
TXJ~
8lgH
7ke7E
7[O
gnxm
@pt;
l7mL
4d'E*
isHm
:%@<
`i,|
Q,ky
S !_
kFV_
$X'u
Er(!
#S\+
|!Kd
]9bA
+RhH
XcJ_?
v#G
G^f\Y
[ cj
x C(
System.Runtime.CompilerServices
FdY%v
^FD$
rf5)C
67G.1w
SuppressIldasmAttribute
1i['v
h`TL
b" D8W\
;o"2
9?vjTA
&>0C
yCXB
IEND
28 -
}f|
lek
T2a
F'{
;8}%v
_&^`
qF?~
`^Nc
S01z
,6*^&79
N]yF
XJts ,
xbe;
f/j<
AUpF
b{`t
f2ce9de7-00f2-4f.Resources.resources
Q2xj
O#DgX
'Kd@
sKdDr
M3ek
ZUK
Settings
Z3LJ3]
?g'x|
jnx2t_ \
qp5\QB
[PKoWNs
<?-6N
86D`
S1Cj
=O~&
5{,<:
:ppj?
jDZ},
icLX
qaGwX
5ZJ"V
m&4T
#2k4S
7r!2
SQ@g6
IDisposable
Ap^<_
:GU,Q(
Synchronized
\z#.
np+l G;
O|JF
~ZU&
MsAEb
+{5g
b\[(
g`:K=
9k%]
11.t6
+!,X
1HR Q
aE99
R]`2
W~pB
HiUZ[
IS{^(
V(0d
1D[!v
[K=^
H;y&
'O?'nd
9g r.B
IComparable`1
|mi;
!SEa
vknF
CQSP
a])M
I-IAg
3N1
Rz$z
Q '( n
KdN6
V)&Y
P1np
`A %
EB n&<
aHQ$d
7-UfU
uJEZ/
z^8|1
[4sd
<Module>
1\KK
zo3
*$4j
$&V;/.p
&Rhak
"2IDAThC
N 6
Mc?T
3LZ`
aGh>
[ w*
Jq%m
@SaEKa
a8B
_@qn
kn$e
b(*
dP)[`"Q
"7Ui
b(F!
5TulN
~r[j
xs+B
=rvij
N,8r
"Bg
)0Cq[ 9
{T[j
#5n
2018
R} (G
EditorBrowsableAttribute
. 0tXWO
[r?G
v-c-/-
!ZvU
4L[%w
zy>z
%Idz
:=#YR
6 W%$b]#
Ql &
H<!{
-%CkQJ
DeflateStream
"0IDAThC
j]XH
FB[8N
+tfM
mA"U73u
[)B"
c-%zk
x!R
)3C$R
pY s
,(eS&
13hx
g"s8
f87
We$q
X3Ov[
l5tf@
j O.H
DW1Rf
q)%'
T| Q
Resource
`.gk
R/>V
ICustomAttributeProvider
3\OX
"kYD
jWMbq4
cMA!
2,j3
%L[$v
w[tG
PkkGU
zB~Oc
^}}Fo
2IzD
_`>*5RP
aq/u
m[K'['
Md[
DlkyN
zuC}b
v'6f
_7jt
(T"x
Qd9au
1L] +
km[|Ez
w&)<D
l$B?4d>R7
Irb^2z
'a}[
x# g
F&Yk
.~G4
6_fi(
EzFR'$
AN`6
-5bD
hd)G?
72J%v
Nag'
?O0D
/Y6%?_
*6(3
$"Is
Z@UVBRI6
1L["
System.Globalization
"~]u%
j|W'F
EventHandler
UL#P(
asVr
]J6
>2og
\)[I
T}Xlx
olp1
uzUy
(6h``
^ s>
& C"
uvUS
(af]
UeL'
;x*v
Q"7Qzc
*V/'
:os<
Nd; Q
(2O6
Q O
8F>,
GeneratedCodeAttribute
Om&A
{4=(
disposing
Cp n
- ,)
$cmD
yZqqB
IEnumerable`1
o)h
"NdV
^pPI
"Kn7
P08q55
"NdZ
YDc+M
r _"
^b[%|
)k3n~
:d)L
YUveb
"ANv
!|8~
? pEc
2"+z
?vo2
s +
s<9j\
V.R"
/Y~ U
X4D|
Q4~ay
@SX
ueXZ
NAPBx
+5H _|
1s~n
G4,]yE
grN}r
lppw
"K`E
^! L
7G[N
&1L[%v
Default
2*%<
obhY/,
< 5@
4+p/
m>|W
NUR
6CAQuo
kMTO
& |^ r
oIV*K
E
1]M2t
I?:=~
ZdY
`G|5
VgD)
&Q=V
v)w
-|8>y
")IDAThC
d`CD
"KnH
G9 '
Em(T
B sa
j<,uG
)6k]S
L[%r
H2E1
v&H
$?p~u;
1LQ6r
Z,$H
m9O -
JF8$W
97`I
X `$
D<Mj]-
K4IE
]u~_f6
93S/c
%.Vf
B}pX
PN h
? ,H59
? uB4a
U`29*} ?\l
/%uO_
,f.
X"KdD
y/Fmn
"CdE
ypG*
K=vhY
"KJ#
}WPdX
gC~
^X!2
<L[$v
&BStx
=t#q
2JIyr
iZ2
vDm&KeE
6Mmp
aR3|
skuQ "
oAh[X
1Lk%v
1Fll
A-Nt
__H
l!kd
\)ul
*tmr
Ny tp
System.Windows.Forms
PiI5
R51V
D@BJ
P#L[#v
7{V`
HqQ8
)3-M
a=kiea
\S@<
"c&w
P?vH
p!5cs
Sme2{8
[cMF
CY2W
WriteLine
$|"+
System.Drawing.Bitmap
U#\yz
*1mY
l( 1e
1HY=.!
]( W
jn@
&fPp
"~O i
}u R
] 7I
u uV
ZDz#w
xrru5W$
;i)Y
W$5s
L#< U
~ :;
?C or
Oo;v
_96@
'L['vw
3B/t
1!*>
Fecn!
{A9,
#Ew
.r"3Z
w%"-
T Pw
SJ"ls
1s[%v
tNY^;f
A0LaQ
vpI?SP
^n'X
#S)e;
2Q^8s
\.@<
p``'
wIdn/Y0
6G(-E}
MxZ,
'9/]
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-03-14 18:04:18 2018-03-14 18:07:11 173

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-03-14 18:04:18 2018-03-14 18:07:11 173

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\Scanba647364DOC.exe.config
C:\Users\Seven01\AppData\Local\Temp\Scanba647364DOC.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\Scanba647364DOC.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\Scanba647364DOC.config
C:\Users\Seven01\AppData\Local\Temp\Scanba647364DOC.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\Globalization\it-it.nlp
C:\Users\Seven01\AppData\Local\Temp\Scanba647364DOC.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\kent.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\kent.resources\kent.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\kent.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\kent.resources\kent.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\kent.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\kent.resources\kent.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\kent.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\kent.resources\kent.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.default
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.default
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.default
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2308.19275390
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2308.19275390
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2308.19275437

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\Scanba647364DOC.exe.config
C:\Users\Seven01\AppData\Local\Temp\Scanba647364DOC.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2308.19275390
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2308.19275390
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch

Delete Files

C:\Users\Seven01\AppData\Local\Temp\Scanba647364DOC.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2308.19275390
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2308.19275390
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2308.19275437

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Scanba647364DOC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\24837941\72d2aaff
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\281dc458\2eceb557
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Scanba647364DOC.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Scanba647364DOC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Scanba647364DOC.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\281dc458\7ca17761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
gdi32.dll.CreateCompatibleDC
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
kernel32.dll.ExitProcess
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
advapi32.dll.EventUnregister

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-03-14 18:06:19