MalScore
100/100
MalFamily
Razy

photo.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 39/66 Related 2243
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 280.00 KB (286720 bytes)
Compile time: 2018-06-28 01:52:35
MD5: 7ad1a877bb8c48a2016ac7e52b28f64f
SHA1: 6e39d75b5771d565507da9e62e54cd17b8268681
SHA256: 5d11d8813f24ce80f650f2ff776de98532b67153a6d2b82fa14d0b0805a0d514
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-07-05 21:48:07
Last submission: 2018-07-05 21:48:07
Filename detected: - photo.exe (1)
URL file hosting
hXXp://hygoscooter.com/photo.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-07-01 05:20:55 [39/66] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x32404 208896 d6bfcc7d629aaf07d148f88d7d760698 d5fd4a62f2b5b481227082880aebcb624e8dc52d
.rsrc 0x36000 0x10bc0 69632 e40f4595585259befd67d6d174354eb5 dc14184b5f8ebf660d87155e39570fba18659ff6
.reloc 0x48000 0xc 4096 7424e6a7cd2041fdc14e217e1372ff4b 1774f4e76b747ae4b6524da7161c749835b4ec15
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x360e8 67624 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x46910 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x46924 666 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
USER32.dll
mscoree.dll
IP Found
8.1.16.6
URL(s)
No URL found
String too long
1996-2017 VideoLAN and VLC Authors" VALUE "LegalTrademarks", "VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN" } } BLOCK "VarFileInfo" { VALUE "Translation", 0x0000 0x04B0 } }PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
ToArray
CreateDecryptor
Create
TransformFinalBlock
GetObject
Length
tibd.Resources
Copy
System.Security.Cryptography.Rijndael
LM6d
99b1j
80xIG
'SkE
tGkaeI
8VMm
m!6j%R
ue1E
dq#E
>[t!
Int32
+~*aK
z#ck
y:9}
O"K^
ikxw
$86h
a`_H
sf"0Jft
EKX0
QkR?
}t^fT I
kk?}
DAhR
q :(l
Fb1J>
,HJL
GetInstance
r3;1
j>z !#
YlDqiy
u?2!
<A'P|>G
q[qj
v75L
GeTS
xXSQ
?<rzIP7
[ [8
+=iu
!>@+
QG~yu
U7[c
NLyaj
!O-
lbJR2O
N o
GFb-
] .@
?`v
1L|r
1dXq
Tyq;
uF$.e
Y%3(
d b
b 3pL
.|?]
KO@cCU
[8{3k/|
>8!
#k;1"jq"NE
$<W&
G4M$V
)V1c
VkorO
4^w~[u
r:
?vnB
d3Wc^
aDOy
>20
8o[N
*Y!9Z;
q3B$
`N:x5
"nj{
IFs%
`gXr
Waste Management Inc
{Yf&Bz0a+
=#g
p'[%
Marshal
>$;8
TQ!f
dJ6l
qrFC
FE,,k
(*C7
=LG[
rZDU
" S
y!tL)
rw|I8q
!$:u
`%&e"
"#`w
$L&V
CompilerGeneratedAttribute
}1Zw
op_Explicit
7 ,v7
-t~!
YO5y
Ff/.y
7>@B
gx`\
A RO
y%Z%>
Gka[@#w
Rw`zu9y
uhWLa
>2"g5
Z2Gj0
59q
y7@';
kernel32
<p 4
#0Al
VL Z
L*rq
>)l(y
` ?&
-Voo
%JQUH
|1MVw
ICGj
XyPH
=qET=
lN;e
48Q,"Q
(1u@
co7}
"V2F
B3pcu
3a,V
Urp#
Waste Management Inc Hiipo Rea
Z-CV
0d_=
LateCall
Afrg
> .W
6J=<
}nQSj
{yR@d
u<JX*
%a\i
AssemblyCompanyAttribute
w5$LP
:!cu4
OpHq
+} VJp?
kI.q
k#Dz
%S09&M
sd*
hWB%5
QKjNA
OZ %Q
0jDV
e5I<
v2.0.50727
a9SX_
o=`BY3
:WOXb
]|)0<
FvjZ
,`d8UV
cbQ[\
I.P=
U"yy
{*6H
lDCW
Pb)V
Rlim
>\ D
)-;3
w|lwC)
2nHIZ
(B&y ]
?7Q
4Bov
6QTyo
B`3v
_{g
GlB`h
T\O<C
?sg'
YR/>
9>b
a2u?
T\V[!
=3
0O&'
{Lb8
d+?.
>{N4
Ejv ,
Hv&Atm
V%Ro
4 *n
V{WZ%
gv#2
H;0|
#0bo
}~g\V4
Si*3
|Lh{
i\R8
:/&hg
K[?mR
c3s}
G Xo ~7[
^d8
&u@)
k0 X
zO+d'
60S|%
}8 +
; 'r
]Mf
\X, -
#Blob
@4$ur
lpCA3
.(`r
qn=r
bs:w
VP[(
-ad(
VmV=
rLLPt
6 H5
m6"?QYI
cFQ-
6q#5
6]}B
FOg_
I-L#
^{O<=
|.!X
/_U~
%J-[
sSy)
u'64V
CfZ[
Type
xuvE
B<F_
TbtJ`
=R,Gmx'
,(R6
lf zO
HelpKeywordAttribute
m8zl
{hu|
kJ+R
Z}f84~
<8
:uloK!n
&[NI
5Y/I0M
!7('v%
ys%0z
cD."
B8@ s
Uwtm.
[~qv!
uzSS
a}aS
|KzDev|
lq\!wD
QeQN
+_(&
A6Vby
Q#5+}
/X[N,'
gpr
2U?Y
lYv-
P<ST
\VWu
hzb'
% uns
MbGY
'nL
5e>=
rPw`
kHFQ
LQJu
9H^.
Co[aZ
{5.p
B`*U
68v6
X'bO
IPV<
T@LYr*|#
[$ s
^"!i$6
k bA
SyKL
]RrY
"Am
Ou(I
_n%B
7WKzt
TN.H~
L^g[~
Y_S=*
'sTb&D5
8kQp/
Km!I
OM))_
Hu-
}yAD
iv=^{
7`f~]
(;#"
B`".
e1I
7%o)v
r$xn
EoV=moS
StandardModuleAttribute
$d|C
e!4p
3Zz2
c+Z
Nw"*
DWo@
3>a@
&Bp]
YY:~8HB
!?SS
jyl,
hj(*jc
gx?mq1
'(D-
<9*7
/F!Q
zt{ j
Hs`
>\;tXe
.text
m_ComputerObjectProvider
_HR_m
fFU{
M/3b
|RW;dR!
Vh t
^i%x
V /U
Zw]P
qP"z
Convert
NBp.OD
P@D1
+ k |f
Q I2S[P
HZUl
get_Computer
.nkd
jcLC
7IOr
#0@|
1\(P
! ~=8
Q[Exw
4System.Web.Services.Protocols.SoapHttpClientProtocol
a& 7C=
>_FT
ZEi0
}_>y
1PY9.
F{d +'
oL-y
_#?p
} JU
{xX
rwx*
KFvFFl
$=_E
WqScgg
4utn
JC[h
hGsg
4s8U
<E`
QK]O
LFB}
Tvwe
7)9N
2R]pl
p gXh$
xgyy:s
cm5=,
q]yJ
d/kL
[eO`
z)am
u`+$"q
3.b/
>i3X
55XW
JE#
X5^q
/xHS
~u#;
oJ@m
20oK
?HqT
9~2}
Conversions
K W(
y~w5a
79C$
{@.3.
.@w*8
!a I
`.rsrc
':(f
BY [
j4]>' Z
4 .6
E|Vo0
Meo
'|9X@
HPtD
@} m
$! Y
Uwy,
ZD[G
FK=+
'5~v
<@% o
7/
-|\\
/8y_m5Pz
._S#;N
_3Iq
wjzd
`O[/
FsP1
\$$}{
SiX4
_pUA
innB
<.uj
p9Xe]
#Ev9VU
#z-w"l%I$!
h [&##
5Jb^
$xd&
H V
C7Oc"
Oza0
Z{?'bx
vuS =
J.w
FPU_W
WW5p
y"=R
drMf
+@c
4OTp
Y'_H;
>_ Z
i tb]
oC7)
({>zT
kL1v
"CO$
=lLQ
rr?>
;&wu ,
4^g7
#'Q'
m_MyWebServicesObjectProvider
Yui)
F.?zA
/A$r
@>&p
+w Ei
f}cs
q|qP
G28@
;75X
jCOw|g&
<,:f
e4MD
PY.L
1-q
Kl#<
\9,Z
y7.f&
l?Rg
mc.a
,|(~~
v&oh
ThreadSafeObjectProvider`1
?[Qj
:G(UQJQ.
d u~t)
&wm
~ OR
@^K
F>a s
d{
h%\@
jr _
YVx`
6g8
O6
u"3=
+C'
4%)
{iX
"3j]
|N-M
\ h
gk"{$\n
%m8t
FHqRC
g_Xap
L?rD
$2jD
nk3&YAU2
9elO
!db:
` 0]{1\
\I'2n`S'
VNM\6.
UJ)G,
5$O$
X_P
-,s)
g{R[
#M9A
Y`1o
|d\
!hf(3
YrSo
lD;z#
Eo7M
M}?[kx*
f(E*
{0Sd
ow %
)>sk
om\.
EK"k
n3-r
;ksU
.grS:&Y
7,ks
#l$)
WrapNonExceptionThrows
Y.xo
HzK,
Z>s,
gf4P
]o>2
user32.dll
;2 H
(.WC
1}H`
pf86
Nd*z
}S4#^$
Mn+$H{
Nnii
3dc?
Mfd
Xw66P
2#|J4
Y(a8@s
6@HX
uau~
T8]n
Qikq
Vo#s
y(b
:&8{
QY8w'}
_buffer
56Z$w
+j'#_
M DGz
vt^AQ
F H%:
;,V?.#s
-3/)
aMBi
$gwz
) yZ$_'
zhV?
STAThreadAttribute
(@I5
}!<5
/W'3
QPLVc
&$lSA
jm1Pv38
${ov
Z8 i+
(2xBq
f.-
%?}'v
=l"9
% X>
x+`-a
'x>e
EjMbb
^^(D
2\L
9ECl
nnk*
fPS>X
\$q7c
&+~-U
`]y(I
2mx*^Q.
@vGg
System
'TN)_
Application
Gm,\
Al't:
x{aT
dYFn
>V9\&
/qFj
tq3|
q&:B
..n.
7!_P
<| V
ol"3
L_B%I
:'^~Zg
E>t@&
.5{(
D}` 5
p!p=r*&
q8}x
tM$
CreateInstance
kug%
n0|a
&E$pI
> v$
*Fmi4+pF
$nKC
\[|@R\
Z6 N
J7!m
-Vqv
qzif
ZoEBV.
D\TX"
K&n
|FPV
E2g2
Eqty
" %3ei
%M{eE0
[}Ph
yFuA
w{1\
jR=Bd
~ 6R
lOD7
P3\&
}tE~
;F%e
y22le3
.>)s
53,d8
1-K}
t"uD
9 .F
5AY~
D,p@
aT)Etv
K7y8'
MUNv
8k[{Y
dq>C
fG7o?
`:3w
#w_`K>
DIe0
~Vsn
p,U"
w*\4
H Ld:
q?CG
TGy%%
_K10wvi
3,jW1$
,~?k
ya,u
r/nk
?SN+
0[jRw(
n(])rM
$r#I
System.Diagnostics
/!7wwGd#\
s6((z
GetType
B(9Gr
LO5B0
`#O
c(,n_
.n$i
>l[&
d#<|:z
\t0:
ThreadStaticAttribute
,%l!
<Ia)(
5R( 27
'w}{
A+ I
SDzB~
z@9K
F d
xy<1
prbg
lv]?
if62U
eWsq
2`}>
Gq^z
QeJ7OT
EpXE
JXz
] PPm
Jznk
K+S#X}Z7
0v~U
OBNQFP
dV7p
e! f
DN[._3I
iUZvR
c cG
7ir'1sq
(<A-
<,;M
fqep?{
\WonJ@
A_q6
`>dQ
-o3U
=y]U
8.0.0.0
h)}
T3p$tz
eX'<
bD! n
-a1
<[~6
rnS2
&T78
vPHI
csr2
fDa
+ew7.-uF
B\o>
!/q
8p #
YJ@3\uH
e{tu
_ID@
_qala
VMkam
fD4bbr(
(Ms4
,Wl
KaAs
get_User
?Q$_
S,8K!
zFg>Op
Luh
g%?e
`q;R
E*wC
eaj1B
}u
e*D6W
,jNP
T\Ie
t x=vu
8)9
N_E.
|QT
Q|L qm
&Q#k
GiD/
o3H&
h:[m
:]u9
ADT|
8L V
$lS}
)nLdyo
d}=*
System.ComponentModel.Design
Jdbf
5Q#U
o0<)
2S@'
^2B:
!/HX
Y.]t
[Mvt
cY xtLu
qqkA
~Nt E
+S//
\C[JE
C7?P
{}w[
B;2l
{0 r
!S Id
+>`n
3 TSa
gJ%
R} Et
;Iit
hIvT_K1
ojW[
\p.8
Ve!E
iK??
UDc#|
Ncq V
Or; L<
i8^/
:9? x
bvI<
j^I)
]ox#
YT2>E
Z*^M
f d!k
geg)
ChangeType
.O4ut
hf r
+u 9H
;92lQM
38S,Ss
1^_?
)^>7
0.Dv
>M~}2B.
Z"vcQ
_?=r4%
DXA<
9g1j
X FV
SUv.\Ux
&OK^.
KNg
+BUq
o
GC A
>+ s.%
rP=c
)im'
+@3k!C
;Zm8
'%)/R
I -I
v_A
ncgS
jj|L
cP=I
X+TN{
9vL+
*j/&
PLRmj>
%+i
^&:= K
7xU!
LPsl
v_eTK
A,x2
;8N)
Rdhn R v
= !_
Nod<
pfd-
GetEntryAssembly
gI.7
Yn/1ohm
hfDa
FE5g
@Re<
/CXP
e;xNU|
i0r9
9!F&?*]
)wJ9Z
:85&
nqA (w
Zabq~
6'Q*F
v*6Z
x Is
H^t.
$&HRcE_o@E^
CallWindowProc
jjEs
3+EQ{
j{q
PPDA
snR
bdYr&
R>cs ]
=bFT
;'aQ
{&nD
4R4};)
F&z.[
>n:t
F%*'
System.Runtime.CompilerServices
O;ay
:Cu)RE
D} [k
?!bs(]{
5kr4&
H@
GeneralCableCorporation
j'a\
# ql_
g}"Cm
EO9^
#x$u
=Y#
msm,
^E0)
{H`Bxu
2[nJ7
n:WS
';C+^
)a/#
j @||j_h
# 3V
4O`N
?,YlM~
meA}
tJQw}I[%
TelephoneDataSystemsInc
^j7r
Q 2W
#Vo|?
'5ln
<:96$s
#t0Y
]i<"
Equals
Qd^,
%vdV(
ToInt32
ra=:
S5[E%
SmI\{
-x3"
"l }
.x\U
qdo
JJ)(
ToString
q*G3
]G; ^
W*zz
Go?
uSG;m
3 ,O
{D]$
$/$R
N<QU
<6 K
^M l
+.(>:k
s6Gm
.d3U
6=jDX
{K>}7
t1V7
?A1hOj
i8]WP}
T ^Q
zM {6
U -g
\o)/e
}=<n
''
Y,9@
c0X\
w4IE
XjG
DebuggerHiddenAttribute
S~I9
bg/UD
L^zaJc
J|B\
'V!C"
E=$+
r>y<
_:P)*
% k
T=Pvi
+zJ7
1hhK
*5+\
+ccj
y!C[m
AssemblyTitleAttribute
nhi$
r<J{D[
_-_9
>!sf\*
}K7
pd0
]_/8
0,x<
yJ ; y
LGb
#&335E
wo)R
R.[H
R v;
yeeT/2
3GD'
HT[D
|u;o
gV]\
t/-N
gK/p
\>hK
>aW Dq
hA%?
Z7Pf
Mo "
|{-S
U*3y
.,! B4
zh\0BD
dFPf
MTK.
hkKx
{W<[&
76Tub
J@x[
'lqu
PB =l*
2yj~i
=]]jN
+q)d
R@C)
#-V<
J=zc#I
P#1[JD
&%Y(?
SW-!
UQ_*
*f1z
atC7n
xwxo\
#Strings
$qb'
>m)P
]pK2`M
gez?
B]y4I
F_T4
k-
<X)oCG
.ctor
dM{?
XNy!^
/](L
p`9i )
.Mtc
FQ98
RE7D
^VrK
4.I+ 'i[
^)U1
Main
lLT|
3J~O
kYx$
'& 9
H+P:
->jJ8
;^d}pH
#Mnk
a[J'j
+0=T1
F!3K
"vup
N?hr
h("
xyL+<
4uEk#
P0 U
PP D)
&Af<
`0A5
%HU*
5`'Z
H 9
<y'P
%f og~
-k_7= Crz
=`6\s[
4W's
_*ZsFm
>yoMk
!^~g
o<vT
OE:~
get_Location
t#B9
rOuU
azZ2
+\Q
;VG[
d$EX
qW`
@.reloc
%kG}^
FluorCorp
&D g
z{/x
H9Hj
sY{U
gyO[bk
*/mHQ
_c{"H|(9
=9p ~
%AS:
SngpP!4
Byte
* C_m
# N
vS#_
&f.x+
nWa-`f
aCrz
/5;1
bnp0
88J6Mph
@HG8
sRqi[
j}:]
L y
sGH)
yWQU
]5G
#z=y
,#O <:
W~;I
get_Application
g S=
[x} a
O) 4
JL*T
O I.
Uw"~3
5Ri$
wG=^#
`M'1$
F>CB
tX~G
&?d{ I
MyApplication
y0j<ONT $
J5W#
,Y|m
b-jL
}O{W
?^ NyGN
dzd+
CZ>:]D
~,$E
=b U
]qJ9H
')r)O|
6["LC
l=ff
za!)
QVwh)
Xy)e
=]jF
![Kk
:We8
KC\t
Q_vJ
?.;X
` ;pu
UX2s
Hzr&|i
+:]$
eQPa0
pp#d
# 2}
j Kz
.<GP
'@uG
GG6=0
b:3
nis
-Dtt
6ViIN
WZP97
RuntimeCompatibilityAttribute
O8`lHE
09.h
Y 2C
?r^E
+GtX
v ?T .
8s*(
,TX\
a~gv
lg1h
fOh !
dH(`n
6cD
BtK!45
F c6\
2:XS&i
@}8Hr/
oT`h
uZcd'
}g u
iGC4
S,'E
:%/xx
6Kt=9
[kp|
~gEg%
)far
g#G<
{u^#(*\
!)J5I
*>[p<
ZJ P
^frK
qQNB
Iz_ei
8W p
/jfU
ZUQm
f `f
xNecY
}9 =^
+5 4
okcA
;Fom
^ .8J
PrN}Z
JD|FJ
qD["
/?J/
^"0 $
Q#Pu;
8K# GQ
S"E}
kW oa S
b8Qm
LyD7
8\+*
t |H)Y
Activator
xQ2\
=Wk
YJB]
HX3A
DF`#-
b84n
V6:m
LateSetComplex
$o1E
{}?T`
_Vi7
7d (
u*ZE
Iw0?$
byIBK
<ndZ]
aCBW8=
"e.0
O j.
8>Q9
X5 I9x
tsC}
\UvW.0
VtDZ+
`( %\
-M(~
w#1`1$
sWJ9
E0Je
hZq<J
e nk
lute/1
' )v
OvM>
[WBH
WM5k
qb '
M S8
.26V
`Wa'|8
PA\bn
}D 3
@K/b
ue9N
[;J
_}A(t_m}
c/q>
se's(
k]%K
\?o'
nX*!qZ)
R_B_v{s#
7dXNy
1996-2017 VideoLAN and VLC Authors" VALUE "LegalTrademarks", "VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN" } } BLOCK "VarFileInfo" { VALUE "Translation", 0x0000 0x04B0 } }PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
q,]C
H #V]#
V}^\
4>zHf%
Ss9fJ
d>v~
*-\V
nHRAUJA9
u3T1
\^Vgr
Q[>E
dWDlhA
Q33JW[
"#B]2
6(8,
X "U
U#lL
ResourceManager
&/P&Ro%M
(GRWgT
? \E
Fh8"zc
z)qz
y i0
a<F>8
@9
T<`w
T*1(
gu; N
1ShE
`2+_%M
we,>
M(vj
Xu U
r2qQ
4Lk3f
A(=v
UUb3
(4[u
eU{&y^
My.Application
d|d.
C6eU
B/\+
}pio
@e!
Kg u
*ij!
S\RZ
MyGroupCollectionAttribute
3rG|
> )W@
4 Fb
h- R
3NX/X
d`D\
(])lA
eYFk
S 4+ H
aX1FQ
OvQC
E]m\
._1c
CQ*,
{BoZ1)1
J35!-ws4p
":cu
y07E.
Assembly
e{8S
ce+CR
` EY
nC{4
&n#I
hOI<
$EUfk
8<=ma
iG7"
-S'
I~yGw_
AssemblyCopyrightAttribute
hMo$/
sJy{
Q;J
?w8
@A^jO
yp`
-O&Z!
h8|v
zr:
1y>I
rR5 +
dK$B;
Ue&i
T7^.
cWNA
D^ c
rgWA<
v](oj
;4al
MyComputer
<LQG
,n sE$
l}d9&}4
9> 1
)q.g
?%%)~$
Y8MG
Pxv
:h;9
RuntimeHelpers
J&%k
JoUtc
Z,& c#R
WWBr`h
H o%
UK}t
!XF~ZZ60q
j}.h
:s#fv
`C 3
@s+
9nr)~K
,|b{
{TST
arL
+SI^
2Pa4
4&)n/{
lb%.
.[aL
lTb
3CtS
r 0
C#4[
4tGMV
EMiM
_DgG
Rt&k
[ xy+
PSM>
BSJB
?y*iEt
Qsx
^GOsS
,86@{
DV<"v
l\Vl
-eJSv
J;k\M
>@si]
bsv!
R;x?h
R;3g0
DpMi
7. G
iU&L
W;7h
{XpK6
ue*7~z
@XcE]
2ys+
eF&o:
TyjlT
Lc/1
M|
Ny}V
/]\4jH
;p8fB1
HHi,
;"#.
aZmyi[
{E8O
7b,G
hk&t
($eKb
l c$q?J
827\
]KbP
PPzvq4
4Sx`#
NUER
"+0~
3xOE
$OU{
I(.3K
7[Ds
W[ 7
xA)A5
8[?`
^8:J
SxEt
F E^
.cctor
e ]ytIZ34
iMbn
&,beI
mscorlib
2|pe}h
I],H
x&gZ
WebServices
-Jm+e
WR%'
rQ?x0g
%W% vaid
+% e
r}KK
j,'$
GetObjectValue
H[-q
0V#H
k`d
~y8fG
VTMjMQ
qul U
!W-
J;>6.
![VV
m_UserObjectProvider
o [s
Z:~fW
H"n4,M!
W<,'
=}`?w
)HS%
^v4U
o,5q
d J{
NSe[
J-gv-
2L00
NIU!hL
4:"d
qy!
&@QnW`]\
{Nj.
tibd.Resources.resources
lr)A
System.Reflection
.5>$
=hK-
i-7v
i,)y:
Mi W
RuntimeTypeHandle
~Zx?
|lQ2
J&on
lR%
_t]Tr
# {}m
aH2Q
4 (x>
tLnO
: )J
7Ii[
e4l/
i [E
}S,qv
5&4x
g Q$
{+{PQm>
~]UP
uuoM
F ]8
B (0
(>Ks
wU[ib.FzL
NZcc
*}S OAu5:
Object
Ux<8
|a63
q4!3
G,l\
m5TL
^GIQ
$2o
NiC
HfINqKZ
1 +F
*N[Dz"
`cPLv
{uH/
&-Y!
~3\cxc
{Z;TF
}aJO/
2FA
6nSc$
pfVn
o~}OV
a1lv
[LDT &
AssemblyDescriptionAttribute
@dyyS
i|@ox
E o-
37"h
ud4TB
!2oi
1^Bv5$
UrWRY
ef6`
0;CG]
b+`:
2Ff(
q+l'
pCg>DN
U@ `
wo{_
_!f
UZ T
br#_|
}m8&
XeroxCorp
,B6,
~47V
'-v8
tH&M
5pD
Dkw#a
#O.A4(
L F
1IRD
@-C]
r6)i
;i2.
,;u rY
e[S4
R@,G&;
A^w{
,!^mQMdy<w<
T$Qm
CB0F!
#H#
{ 3m
UxAR
<;7>
N]o.
+1#(
^h a>
_rcG
h8}
A IR
=u,1
uNg=
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
pIct
vUd9
ja?l
w5=3
Ow7l>V
cE{"M
ST$<,
^#gpG
B(>|
ni4-
HSRiI
nFT
El~ci
v%si
uC[H
< \9o+><
#Uno{h
DmtU
mscoree.dll
!This program cannot be run in DOS mode. $
bIv[
"xs~$6
0,{Z
g\>q;;
`OgL
K~_=x1N
U)*?
jNq"
";Dz
Y> x@
v@\!
`Me.
)p*j
UPbRI
rTK0
M19Xi
GetHashCode
i<j#
g'cg
A[Tsm
h@$H!
QJN0
Sz;/H
$a;8
Or(1
V5S*!C
f$k8c
Nb~
#:xt
K!hDE
jz@~
<O[3
e8TN
!M\}
fE#*
>3Wa4
STg6x
%\\K
x (J
m7sI&
^wQ0
i a'
57#j|
vZSN
,d%0v5U?
H(i>
q=)#
~s=a
System.ComponentModel
LateGet
^ /$
"9Fu
!:rN
get_GetInstance
I#%
r$N& Q
L4:0
sps~X
aFm
DW4_
EWW,
Qx95
ScQ%
$`{W
q[Mj
d=Z-
'fDrI
l- G
DO|M
#whuh
EX}0
jes Sd
,]Jf
My.User
X4{
3QXY
0 t3E>
StringToHGlobalUni
9[uW
TPZ#
Ulbk
?/{OB
i#8K
XMRYl
8_>Q
uA 1
"(P6h.
)%2p
YS q
=_ U
gxy
i' X_
get_WebServices
X;h
_J_z9
IntPtr
Hqm`
J\4b
9 j}T
d !
"6\y
@8~N
0?ok
[efu
*4NBr
Ka<c
My.WebServices
rw.O
"9bK
QhP 0"
;o.a
z<,0
g#2hP
&n`:^<
:l(
zZhn
"M~3jc(
"d^#
qyqhC
O)gN
^6^h
pOx%
xp" V
m$OPs
!dhb
c"UCI(
u* -
[(H5
Q mP
|@5e
j1+
n#& -2K
(^,A
L-%.
0(`)p
RO]mO
9EW8
H<S
UZ+I9
lK:?
?O7^3
6P~~
DllImportAttribute
mR18
myLAbm
xuzze
Ju?q
L:*t1
lV16{
xegXXh
B~
U9|m
fw-(
a({/
YM)VPW,,
@ 7(
YSID
B1^{
!\^]
5-Js Aa:
hKlr
) rZ
zB&Z
VVAJ
W"C`y
BlW`!
eBQ
&ukeg
,7qh_I
hsPY
X su
}[w~ q
ptl[#
#ehpg[
<7qa
JKjvaHe
-!nA
q;3q
l 2
@KG
[qIh
5HIcaj*
b"A~
=CMV
Y{ AM
(gb@q]22
-3J/
5YuMF
r.4|
f[d o
l#zos
.<EOY
VqbF
elTf
^kqU
[[,j
C-V~
/^XX
v%LN
L=p _=
J7)w
*#| j9'
rU9?!< 8s
w1pVA
\>dD
:,>#
c>]5!
^&+
ME9S (-h3
CTsu
,r~p
oxU[k
4t{.
;V4%?CO
%yT
:4|
CompilationRelaxationsAttribute
" -YcR&
f@ g
+`L
V[Mi=
\rdG
QrPx
A SD
I<LdNryy
^3cF
vyk&
w #4"
2'*zo
WkVK
k[ ?
/EH+
0j9WgT
_*)C
, b
aeG^
f2 q
C{x6]
Z UwB
xt]0
L?+vHGE
CBeI0
d,\l
s0?u
Ob@}
&YU<
TA;eN
OKIES
zK{-;
T^5,
S%~h
Z#f;^
srXZ
wu=,
/6%9R
be%
u*Cq
&Tur
{*u
K~B4oN}
HideModuleNameAttribute
BpLa
*_wI
TCp.,
u^6U*/
&4Qdt
~<+5g
S}4V
QcE`
_^1P
jrgg0
Microsoft.VisualBasic
(I;z
I0fv
yNNMX
#1,a
;7u{
W%t(
XLWD
O}T:
xF eS':
),Xg.e
haJZT
z^[Z
GINns#)
k4gJ
9gY[
A+ @1
Ii\q
R+=
vDa
!s%J
)oqz\
\_
B 4H|p
`3 c
G ,b
*D~|
;7P1

}wqD
_.augh]T<
S.P.
iV_UAg2H
&fw>
xCTg
y!q(7
n=|J
[8$RW
o pc?b
B(D#(7
,0#y8
$K0y1vY
_4LX
mDla
G!UOL
;^d^U
>wi+
gHN(
VY]i
4TGE+e
YYMx
2_~$
ugOj
\@Dx
"nC
et`M
{2X(
6Z[<
s;PD
K@[wc
bII,
o^Tq/G
_f>8
joB~
LIvwG}Y
##uM1^
+Q| Q
?bo)w-
*O[e
p\|q
=rDe
7ZJ`
j8;<
;upt
=TH^t
vfE{-
I$ @a
b<|(Vj|e
Y 77
`q=<
T_$H6AC
K=3K)
E4`.6Tz
#$}IJ
&?t#p
9? ^
6Xq:
Hb=5D
\1"E
mGd\wT
HU:O
[CFe
G(G
(? u
h"[@
g<*k
O iZ
T xN
AssemblyFileVersionAttribute
=:#LWYV
dEZl
|>3t.2
q5(Z+
>&_qf
4o&,
/GkB
4l`
System.Resources
sVXD
[,}>
uDzt,
L~Wh
+x.K
Ltuf
r[G
d G 38
PzgZ
w9MXJ
Iv 3
`<c&u
a:hQ
L:xqq^k
V7=]
Iqs"
yR%*
AfmhX6
I}kF
zsLVn{
\System.Object[], mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
n4wl
N"d!
GI*^;
g!QY
P.hcA
.L.fLw
obE|
8'S0*
;&Z0
?aJt
> 3s '
W{+Z
DbUv
|]lNH
\pG7
System.IO.MemoryStream
%M\^
7ub}R
Dispose
"w|50
7prJGB
-| q
6I_ p
^mcm'B
DkS}
HK<E
[(2`U
pMSe>p
Hn~68
?4bs
u iPL
`l2Y
Hx~=
z1E(
V 5q
]|<X
N2P8$j
U7y(QaNw
U%n1bF
+dO|x
_f38
(c) 2016 Waste Management Inc
C-!I
nG~Kng sA
.yWLw
"b#K
9:Xg
ksXC
VirtualAlloc
?3Nf
"FjS
6It_
L+T
iw<)
7!K\{
>^ _
"2L?
Fm1L
]ccd
$:q/
mBK|
DP d
Create__Instance__
0z[AP3
EYeO
LateIndexGet
8G4aZ
o |>
F7V&j
T0]#
lv!w~
px"Y
c\7k
+xA!
]34jm9
DJtV
C3$jKb
:l{>z
p`|%
<uFl
'al4.
Microsoft.VisualBasic.CompilerServices
-gQ
k %9<
.A3,2
Z"8L
(m@S
zL5$p
szg{
[I34
d-]kU
EditorBrowsableAttribute
~g-$
IlzI
(ow
zt&.
M?/b
zOBq
S"4r
U-^P+
A^n8Ox
N&b
bVd8
6
`FyHX
UV/V
fY-2
\${vPG 0
User
~fGK
< %K
25 ^
;T1n$
V!Gp
J]T&
!$% k
0cJ'>
&SbN
^QCz);
I":c{Bc
O7;,#
~1Ih
$Wj@
ec\c
r|E*
~ ,r
fYjz
;_#V
RtlW
$~
ros
Dv-<
JuAv
WEhI
{|^V
#Os{
K= s
wW? nFr_
u#+/x
}'Iz
F3NE
#hN$
>ut
PH'qX
=O}*
y:nF%
E4pS
S:LR
UI09G
NEF A^
vjW"w
F(+*
eG}o
Dispose__Instance__
{g\6
77{H
bmH
h`DM
A=M f
;:Oa
Boolean
\J-W
z:4k
W;
-G83
8C*b
lw 3
vqLSiV
Y1H
rc"R
,GZ_
{Ly0
Ki(1
ppv'
dbbLxm
mUh3
,YiO
g uDj
m_AppObjectProvider
npt
8$C$6K
SF{W
4PR.
Ez[
h<xT
kRB:
5*x`
Q[/rK^
9|$;ci
TM32
oT SO
IdacorpInc
uX)+
^+{pop'
rExg
0GGs>
,AMs
D?+`L
)2'OX
O8D[
NGi<
y}to
e]hE@
obb=
*d;"I
(kKiSp
+c=L
<Y9s_
ComVisibleAttribute
@s/%
IY0(
ei T
!(Ugs
5jr
G_d`
UFE{NRd
yJDdg
VlQC
= A1
SM5%
:+lv
[c D
{2MV
a +A
ez(tm
or$h
c8on#)g;)
S7md
Jf:J
Pj`t
_isOpen
Z5QpG%(w_a
f{R
ya?
_g1;u
~M{Dy&
X[5*
k h.
_15]a
EditorBrowsableState
z.a7
r,<v)yP
L\/B
N6M2Nq
X#6G2#
c|?
m<60
mE\jK
PPq
b.dW
{"-S
k7M%
%+v^
F?ku
y T$
\rj6
SY~"
HoJt
kq m
}\>
(nC"&
J'wQ
z:/
g$. P
_CorExeMain
yhUV
Z.W+
y #M\Ea
N^1>c
$/nf2
=TF*
.o qE
kf[#
rmr?vb
QL5t
ti;H
'B#HH5
*_>q
\w,n
tEt^
{ylr
+QKX
!.FI
[I b
E3gH
]he:
HZ|v7L
jV#A
frSGD
9l oZ
[ /S
& . )4
x;'V
yNj@
.>F=q
j[F,
I]bBf
&G.WQ
zr7w
f?S}z
Computer
ApplicationBase
UYs'
i0>)
B1@H
m%uX
xJu(I\ XA
<a |
!.ba
(:qT
9a<\
%BXl
_v$"
Y#wc
'yY
(v ,/
&:G'z
e1`g|
X:y\
HWE*
3l$l
4-[@
'lJv8
_origin _position
ED9*
NMqBE
QuestarCorp
mz/$
PvNc
3X/pl
(9g^
Mg5 S
D{=qT
{?2Lt
M1.q
p*I
p>yX
P[:2
CrGo
vov Iz
,>Ow4
nn_E
Dd
H{'}U
C[5 ]
}=Kc
f7C<
$!p\
E5@>R3
(T H
[`Z/
|{l0:
Ynd9
'jh)
v'J%
Et1he88
J6:1
8_@_
I|v{
G*"=
'4 (
')wF)
W 0K
|Tv-[
&P *BGyh
Lghu?Y<S
b ce/u
grH I
;'Y:f
k[2S
E^~I
rA]b
~saW
#&ov
wn[`
qZ NV
G.dGhG
@ xM
m\C4
\Ot#
ds}z12
}^k
SF-8
A^Oow
`fq8
<?Z^U
Dwo@
YE0dd
KY@^
Li}CA
p%qp2T
"L
.B:~
J5]:
~Us
%DUa#
6'*X
>PCm
0:fz
kuE7
LW#S
t0=Yh
7G/!
l,=hp
6 c<
w0Db8
MarshalByRefObject+__identity
~_a#
5gJ/
t'lh)
` A9
:|.Z
g(sg
`'(h
ObS
e_kU
Mf]|
#tW& X
`4XL
c)^4
<"1q
td)U*
zeh/
Microsoft.VisualBasic.ApplicationServices
W*f
6E3JF:J
hR`a
(^7
QOG_
k8qi7
4_bi
t! o
0|\C
Klsh
hSZF
0W\+/m
"40N
]\Ea 5
/Iw.
$cM ]
dlf6T
9q*6
=+%H
2d_~
Vn-]
B3ONm
d~:E
:;ij
GjiV
nI
A?5+#
f*)Z
hvOk
DdC0
zCAQ
Eyl j
"co-
3 u-
PSX6e
2g`np
+&f,
q-u_qH?S
`zD
drzz
lrz)
\!$Q
mhJy
Q"wa
My.Computer
QY=g;r
02Vx
eyY0H
&~mp
r6&>
l z rK(
~BBB
q6\d
K[zB
4!?#
Rq7"
J% }
sG7>"
Ln\%jZ
7YvT
JBq]ic
%>=;/
G(10/F
qUiU
T\B'
*',Z
7 C}
KWp
;ZC-q
L3E' N
3C)!3
eC"L
.TNq.
iD J
cXry
"c:s
,H^@
` :"ws
AyJC+ _
#+{N^
!T>f
p7wv
!PD N
GetTypeFromHandle
+ Cl
y5k,
Z~f_N
KZf+
#4c&
rf_w
Jm%^M]
o1|_
OQI:'3wX l5
"qH/
{KCL
D)]%;c
13{A
5-}P
XU 0?
7mc*
`@Q1
-1DDV2j
Bh>0
W>7?
uz(:
{"XK
instance
'uCy
\T*s
1 VERSIONINFO FILEVERSION 2,2,8,0 PRODUCTVERSION 2,2,8,0 FILEOS 0x4 FILETYPE 0x1 { BLOCK "StringFileInfo" { BLOCK "000004b0" { VALUE "CompanyName", "VideoLAN" VALUE "ProductName", "VLC media player" VALUE "ProductVersion", "2,2,8,0" VALUE "InternalName", "vlc" VALUE "OriginalFilename", "vlc.exe" VALUE "FileVersion", "2.2.8" VALUE "FileDescription", "VLC media player" VALUE "LegalCopyright", "Copyright
98&L
ZI!$
,f `
Fz<
+OLq
&2;
1 ;&
{/pX
v:?
k`d @
C|;\FS
.K}Z
b>]
r 4Z]
c` d
ysSp
vP:W_
o']N
>2n
@p*z*
%O#"
y] +
mK8a
kf:[
IM=*
7M.QJ
pEec
#@[xVOlOV
CP>qO
oZGf+e
|U J
,1{.H
OEVSZ9
Fzl6
,0hW
!H"=
KT xM_
)p{oe
^.'J`
2S{@
G%hC
m_ThreadStaticValue
],,0
V /;
y'# :
(G"dE
qiS@L
K ^4
}~g^
NsQ:
_hAl
*Y8
C#-wX
_9IQ
H4R1'
6@qTJ
[Awp//A~z
QK.]nak\'1u
YfV=
y ^H
wD7N j
47#m
aR'g
8% T
OKIES.exe
5,l-:
o Np'#1
NewLateBinding
U[{4}"
*b6hE$
]3Xx
=r(I#p
W 3<T
]ohq.
_Kh
\MqV
J;S%t
b:R8n0
8lC`
4tY{F
6 =\17F
.<,#
=De>
}?D ,g
aV)u
}2)"
OeMm
.yejH
@)P\
gH"@$
{$h#
tyP
v/!b
= g
^U#hKLm
z$DW
;eT$~
:B*~
Q*|g3-ZW
y< Xx
yYsT
J]uE
.nhh(
4_tw
w4C>3s
0Mk';
LGMc
f7I6V6hS
T8d_
? %Q
\ Z
K)d
IDisposable
uf2~{
L"aNa.
[z1/
Z,,\}R
System.Runtime.InteropServices
G/B
>P7
<jxL
0b<K
@g5v
"0.t
rBY7
&;P$
`>(L\4
G>h>
]A g
~'|
enU#t
>mK)
v E3
AssemblyProductAttribute
zj!e
,:+p
ry86
j> 91
+}l
a xv
,kRo
?ID;
<Module>
3RZ[q
X },
@5yV
k;[hRa
Jo j~
m(.T6
E -5
#MJg
F7!8
>K?W
Z|/-O
q ~)L(
y"$e
gAK#
.gmq Fvc
*a8M
h-sq]
6@
M T(
xFn\
^>#\
}OdV
C<,TK
mv'`
4v -
D^}z
-3RZIr
1J[
k_2j7
,V\
Ne?8f
CL0 o|
`@4I
#[#
@ fD
FV;$!s
vh^S
Gwhz-
3tM-E
lp/B
JJ4Gy
<b\<
KGr{M
-1<c
Pqug9
w+'qq
#GUID
zHK/
;jbGwC
{7-Au
h]^$
:R\ X
w~s-
y< ~
oHW^
Uz^d
Jqx'i<
/b6m
F4RDj
"~b!"A
8 xz
I*X
U*9?
f,nj
/F9_
1!N;
N&m&
r Y;
`S^j
lu}r
ylgR
U!qA
~2Zvy
h&a.^
EW@W
H%>S
xJR
Gop@
~wn"D*
GFzV
#A}6 al
)~x
Ny:#
S>8,
~E*q
TXjj
A?=j
7.+s9
wP%=@`S
qo\=
#PKf
3kvNX
kHx$
\ m^
dmU1
Xz yq
M,O\
7O8/* !
MyTemplate
?n B]
Ku84
41Ow
;;]<
Mn 2%Xf
[LjD
4bnC
^B}~
-"6Z
\W?"
+~9%
CL[h
ZF'ih
Microsoft.VisualBasic.Devices
I&~u({
j9$
kz .8:V
8.1.16.6
1Gg*hn
>%K@
e@= t
,U@0
"x**E
Q2V
k]!WFGd
( WB
PlND!
P/#wY
@3_k
>0% <,$
qv?)
:sn'
(nU<!h~@UE;
w X/
v&-/.
"p[_
>!30
h|@y
u-h%
PSG]E9<XnK +
xl W!
K2G\
qV>4
l}*c
c^)@
nXD8
& |H
B~j0
x/#U
:kG*
!Tbf
S; .X
m8,H
4?M(
MyWebServices
~{~a
q Mnf
V/Jx
0`!
7\5*B
mv&x
9L ]
0aX\WE"
<2;Pf<cG
g+Q
IjYq
<I.g
^Xv#x[g
-'E^
|@{I
~I'J
aRh
4{\(A
f=v*
\/P:L
vXvGk
Y/V.
T)Bkn[K *
ZY,8
rj<T
:Dnjj2T
lU*x
Dzih
MyProject
= x^2
MD`
= Q6Y
?sBd
_m c
Pk-l
}A MI`W
C; U#
.<F@
FY?t
)I7j4c>
O[Wqy
@425
System.CodeDom.Compiler
y|_5
3UyT
G#[%
" x
|6Uq
wb3x
Q;7\
dznV
),QJ
G &)"
/0ho2
dS)e`P_/
n 6
c6mW6
6nsH Z!R
DZn.
NE4n%
""Q#
sa3Vb
_length _capacity _expandable _writable _exposable
0/2`
EUQd
GeneratedCodeAttribute
WNNv
du_J
G6>{7
,x}D:
X}~)
d}9U
741+x)
8"XU)
]`$_
@-Ox
]$x:
j .VU
rl{@
2fS(
g zH
*<Ba
l!hWAy
vsLGX
'zs`
6>n~
Q_Xi)g
p:7#
4?5L
0cHC+
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-07-05 21:43:24 2018-07-05 21:46:19 175

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-07-05 21:43:24 2018-07-05 21:46:19 175

7 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\photo.exe.config
C:\Users\Seven01\AppData\Local\Temp\photo.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\photo.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Users\Seven01\AppData\Local\Temp\photo.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\OKIES.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\OKIES.resources\OKIES.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\OKIES.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\OKIES.resources\OKIES.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\OKIES.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\OKIES.resources\OKIES.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\OKIES.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\OKIES.resources\OKIES.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2504.16873968
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2504.16873968
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2504.16874000

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\photo.exe.config
C:\Users\Seven01\AppData\Local\Temp\photo.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll

Write Files

Nothing to display

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2504.16873968
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2504.16873968
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2504.16874000

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\19efe67b\4eb3f418
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4410e12\6563eefe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|photo.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|photo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|photo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4410e12\1375607a
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\photo.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\730B92B6
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\730B92B6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.LocalAlloc
kernel32.dll.RtlMoveMemory
kernel32.dll.VirtualAlloc
user32.dll.CallWindowProcA
ole32.dll.CoWaitForMultipleHandles
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-07-05 21:48:10

Detected family: #Razy

TheSystem Itself @ 2018-07-05 21:54:02