MalScore
100/100
MalFamily
Malicious

johnq.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 39/68 Related 2060
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 685.00 KB (701440 bytes)
Compile time: 2018-07-23 02:53:48
MD5: 7fc4bf0a055b120273fd8514824aec5f
SHA1: 933290a656b3aeecf8ed77dbf8c240c3ee94b442
SHA256: 80ccda1d8398d8f0839501860c49e17552431a898b83c87165cda39dcc118672
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 JrO=>Xi .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-08-01 20:03:10
Last submission: 2018-08-01 20:03:10
Filename detected: - johnq.exe (1)
URL file hosting
hXXp://eliasjadraque.eu/johnq.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-07-27 14:08:38 [39/68] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
JrO=>Xi 0x2000 0x337c 13312 a4f28ec272ce2ef5bce679d698f94fba c9573debc1185da19c6f666810b1369b4a58fdcb
.text 0x6000 0xa71a8 684544 58d9fbe0db25346313a66451db8ab224 dcd9957a9ea0a29c3143521b218fd182dc790bfb
.rsrc 0xae000 0x5e0 1536 953d00c89ea5a9f644bff3801180678c 27a9d04dceedc77c8efd566308419ca4c8ce41c7
.reloc 0xb0000 0xc 512 bb7ed6253917948e1428bb2330be1c86 48f6dda68a146485d1a58fb76ce287b6c764adfe
0xb2000 0x10 512 4e0b4a2f763e3ac7be1c52b99a56181e 53833f44543a74941909cb393670ed03e8dd53e3
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0xae0a0 852 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0xae3f4 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 Premcor Inc.
Assembly Version: 0.0.0.0
InternalName: johhn.exe
FileVersion: 19.8.13.3
CompanyName: Premcor Inc.
Comments: fjufzvjwtka
ProductName: IIS request monitor
ProductVersion: 19.8.13.3
FileDescription: IIS request monitor
Translation: 0x0000 0x04b0
OriginalFilename: johhn.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
File found
FIle type: Binary
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.Resources.tst.dll.bin
FIle type: Library
tst.dll
KERNEL32.dll
ermcmm22.dll
mscoree.dll
6i`jm23.dll
IP Found
19.8.13.3
URL(s)
No URL found
String too long
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.fm.resources
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.exe
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.Properties
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.Resources.tst.dll.bin
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.Properties.Resources.resources
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX
6f460c1a-755d-d86
d+xK
gtI
dX{I{
OriginalFi
auL
,W4
(yO
`#|:{
6f460c1a-755d-d83
`Zx:z
.dll
6f460c1a-755d-d82
'~?
3bc6$
InternalName
6f460c1a-755d-d8128
6f460c1a-755d-d8129
6f460c1a-755d-d8107
6f460c1a-755d-d8124
6f460c1a-755d-d8125
6f460c1a-755d-d8126
6f460c1a-755d-d8127
6f460c1a-755d-d8120
6f460c1a-755d-d81
6f460c1a-755d-d8122
6f460c1a-755d-d8123
tst.dll
6f460c1a-755d-d8105
.0.0
6f460c1a-755d-d888
6f460c1a-755d-d889
6f460c1a-755d-d886
>U7
Translation
6f460c1a-755d-d885
6f460c1a-755d-d882
gu>
6f460c1a-755d-d880
m/uJw
6f460c1a-755d-d8155
/.0.1.43
2bc=
c]zIr
!rw
bv;
zX%.~
d+yK
6f460c1a-755d-d892
6f460c1a-755d-d847
6f460c1a-755d-d815
6f460c1a-755d-d814
6f460c1a-755d-d817
6f460c1a-755d-d816
.~<p
Comments
6f460c1a-755d-d813
6f460c1a-755d-d812
6f460c1a-755d-d871
5w!
v!Q
6f460c1a-755d-d819
6f460c1a-755d-d818
6f460c1a-755d-d8116
LegalCopyright
IIS request monitor
6U7
'vc
6f460c1a-755d-d8152
8~m
g)z
6f460c1a-755d-d8111
StringFile
6f460c1a-755d-d8113
6f460c1a-755d-d8112
6f460c1a-755d-d8115
6f460c1a-755d-d8114
6f460c1a-755d-d8117
eZ|>w
6f460c1a-755d-d8119
;k4
6f460c1a-755d-d897
6f460c1a-755d-d884
l_x>v
-h3
6f460c1a-755d-d893
m"x>
`s:
+M"
Lega
VarFileInfo
@ 3
6f460c1a-755d-d829
ProductVer
StringFileInfo
,tps
6f460c1a-755d-d820
&~>
6f460c1a-755d-d822
6f460c1a-755d-d823
6f460c1a-755d-d824
,,f
6f460c1a-755d-d826
6f460c1a-755d-d827
6f460c1a-755d-d8110
0H#
Copyright
2bc+*
Y|H
1.0.0.0
;u>
6f460c1a-755d-d8104
yright
6f460c1a-755d-d8102
6f460c1a-755d-d8103
6f460c1a-755d-d8100
6f460c1a-755d-d8101
arH
6f460c1a-755d-d899
:[&
Y|<t
mpanyName
6f460c1a-755d-d8108
6f460c1a-755d-d8109
6f460c1a-755d-d845
6f460c1a-755d-d8160
;u>Q
)xL
6f460c1a-755d-d8130
m_x:s
bt?
6f460c1a-755d-d8106
6f460c1a-755d-d841
6f460c1a-755d-d895
6f460c1a-755d-d8163
6f460c1a-755d-d839
6f460c1a-755d-d8118
6f460c1a-755d-d837
6f460c1a-755d-d836
6f460c1a-755d-d835
s!
6f460c1a-755d-d833
6f460c1a-755d-d832
6f460c1a-755d-d831
6f460c1a-755d-d8165
6f460c1a-755d-d873
lTrademarks
6f460c1a-755d-d872
2bc=,
000004b0
6f460c1a-755d-d890
YuH
6f460c1a-755d-d870
6f460c1a-755d-d894
6f460c1a-755d-d8147
a_x>t
<i(
-]3
ProductVersion
6f460c1a-755d-d848
6f460c1a-755d-d849
6f460c1a-755d-d842
6f460c1a-755d-d843
6f460c1a-755d-d840
6f460c1a-755d-d838
6f460c1a-755d-d846
=o()
6f460c1a-755d-d844
6f460c1a-755d-d8121
6f460c1a-755d-d898
FileDescription
fzH
eX}Gr
\uO
5w!Q
2W
6f460c1a-755d-d8161
6f460c1a-755d-d8162
1}*
6f460c1a-755d-d8164
f#|L
6f460c1a-755d-d834
VS_VERSION
;w>
VS_VERSION_INFO
Q0x
6f460c1a-755d-d896
OriginalFilename
az>
f(z
a/xLu
Premcor Inc.
6f460c1a-755d-d830
'56O>
d*uL
6f460c1a-755d-d859
xOw
6f460c1a-755d-d8146
mbly Version
6f460c1a-755d-d8159
6f460c1a-755d-d853
f(|=s
6f460c1a-755d-d855
6f460c1a-755d-d854
6f460c1a-755d-d857
6f460c1a-755d-d856
6f460c1a-755d-d891
CompanyName
6f460c1a-755d-d887
6f460c1a-755d-d863
tst
fjufzvjwtka
1/(
e#zGr
6f460c1a-755d-d8154
6f460c1a-755d-d8157
6f460c1a-755d-d8156
6f460c1a-755d-d8151
6f460c1a-755d-d8150
6f460c1a-755d-d8153
tst_dll
19.8.13.3
6f460c1a-755d-d8138
)}=
6f460c1a-755d-d8158
6f460c1a-755d-d883
,t=p
1K?
2018
6f460c1a-755d-d881
Assembly Version
eedi
6f460c1a-755d-d868
6f460c1a-755d-d869
6f460c1a-755d-d858
6f460c1a-755d-d864
6f460c1a-755d-d865
6f460c1a-755d-d866
6f460c1a-755d-d867
6f460c1a-755d-d860
6f460c1a-755d-d861
6f460c1a-755d-d862
6f460c1a-755d-d8132
6f460c1a-755d-d8
6f460c1a-755d-d821
yHr
Z}=r
u.K
ProductName
6f460c1a-755d-d8148
6f460c1a-755d-d8149
6f460c1a-755d-d89
6f460c1a-755d-d88
Copyr
johhn.exe
6f460c1a-755d-d8142
6f460c1a-755d-d8143
6f460c1a-755d-d8140
6f460c1a-755d-d8141
d(zJ
6f460c1a-755d-d80
6f460c1a-755d-d8144
6f460c1a-755d-d8145
-k7
6f460c1a-755d-d851
# $ % & ' (
;h9Q&
6f460c1a-755d-d850
,{J
1c(
6f460c1a-755d-d828
6f460c1a-755d-d852
FileVersion
`]}
6f460c1a-755d-d825
ion
f+~I
oductName
6f460c1a-755d-d877
6f460c1a-755d-d876
6f460c1a-755d-d875
6f460c1a-755d-d874
:u>Q
1w~Mm
6f460c1a-755d-d879
6f460c1a-755d-d878
m_yK
0.0.0.0
%2J
$this.Icon
;i(
6f460c1a-755d-d8139
/~=
6f460c1a-755d-d8137
6f460c1a-755d-d8136
6f460c1a-755d-d8135
6f460c1a-755d-d8134
6f460c1a-755d-d8133
d"~Ht
6f460c1a-755d-d8131
bX}>
6f460c1a-755d-d85
2018 Premcor Inc.
?V6
FileDescript
File
6f460c1a-755d-d84
6f460c1a-755d-d811
6f460c1a-755d-d87
6f460c1a-755d-d810
oa%kr'
~'*2
Ru`ckFrame
3f9M
Aw*7
1x,+
#/XS
mo F
dVscJdy
agHE
DateTime
x;m9R
,EwT
r>O::'%
ProcessStart
l5 @
Ju\4"G^BC
iD
H t
3RY J}
Rxstem.Threading
PNG
4]#LFb
'jE*kNdp 7-
emuVsnbessAttributes
:ndY
55yM
,Eluqnrable
+;*
X@z8#0
0\&r
e^IM:-
M-6N
16G!
kH<
.}Zf
2P Yv
$C+Ko
+C:47
2T9|
AJ/X
Gt%aP
n/6
ResolveEventHandler
L)RU
6s+A
FG8E$
$.=f
f+++f--0fDDDf???f
qjX}3Rs
T :
RIJ?
Q4]C
I lRE^
97R^@
/\8C
]NM0
?\=gmc(
#hnh
co]E
SetImplementat
@5FGN
Substring
fYp-W
"VI=
5xQ^
b{ w
K_F$
KD:bcr6
2Z7C
#sgj
VV[H2
:a(
iF8*
v_ 6
PthckLaunch
o
t"ij
0/Bt
uGvp
Si La
+QvD
QfSR
p/Rg
|k t
p >r!
~>r((
> R[
sluno
CryptoStream
VmKu
Qj?}
\v n
^m$o
bWtroJrIccq3r58kQEwFsTs5GcpXmY7dLQEfI49lViHKeogwtWdQ2zkYH/ZpXMpkKA==
{x:H
Uf?s
NU='
[)8F
l|G:
uHiedm
_890
`yse
k]?|
Jh5f
L$(}34;
eLjpd
GetTypeFrom
kh@
Njz!
q%OG
%:2U
Iety[4
Int32
S`{\
gBy91m
,gYX
KUjimr/StronglyTypedResourceBui
eGljdRuream
2^"zr
BaC1
<* ,
9C sb
6.e
Marshal
6Ky\
3iDjb
4-if?
O'd}{
rvonor.SecurityPermissionAttri
7dvvnore
SLRO
..aw4u+e
6~\* ;<
*zAR
Cx96/
rpgmC`sic
"g$X
3
-wxG
&nphu
#/FZa,E
da*iQ
2i|
h:3-S
<wi'
p.Q4cv
op_Explicit
RuntimeFieldHandle
B "
Np^c
xBf"`
,a `
System.Security
%l>
<'NC
?|^L
o4dj
Z,7/
_= @
V96
6b 0P
TOsba
KTtB)B
Sv c}
O hc
^dm+
OownkeMember
fHNV
t <
(j C
pRk2
2]f&o
086DC6EE6B
A$ b$
H)3S
w^\9
type
?4
QrogramData
Recent
(t,\
G"g
6zYs
''&q
hW_4
tM ~
1`0L
7qJ-
Vsnfram
<~ T_
ehBP
2018 Premcor Inc.
XXiY
)VF^K
.0a5B
lebQHOchbQ==
^NNM
eFB?
IAib
r$"=
t_L)a
Clwh
"iTjT
.!an"v
f6yl
:9 }
(8
i%qjm5|
*p/6
_{e
! "I
AssemblyCompanyAttribute
p%w:
\gZ
$T5$
YWk)]/*
:M|l
P5$:%b8
?~I
6 Z{
\0y C
k/"n
woN
lm:Q
Q;*`
D?r3
,vj+
3" 4
IYXA
j#G9=
-5?[
P6"1C
HP P[[
Format
)@skk
Ox9CD
|uTF
EAog
N\k+g
;B-v
QRQ=
1IY5]
OP
?B|t
4]I]
]]! uh
{^B/4
L2ts,
Enumerable
fet_MainModule
fbss
B6_Z$F
;
PCwK
I.)C)
5E ^l
K$3
CommonStartM
AppDomain
^ZK7
/a6*=
l<{*
nD[O
]2~TZR
i^IqWG
M,).@HP
}>Rzh/s
get_CurrentDomain
Mb}=
O sXx
Ringtones
Q`sameterInfo
)we+
rag
p*A&
v5V
^Rn(j
5 z^
AssemblyBuil
a`[0@=g:#m
ra]2b
*n+
I8%Z
PXK
sqsqHofo
U>fM\
$P o
pfPpw
88Od9R
u; J
=K *
VX1|
Q@F_
"6U@p6
CF,$!Wj
99;)
k5MFo_f
:4"'a
0kINy
R-"(F
StartMenu
}:rx
.A~M
) s"
#F_c//
mD[S#:
nuUdswices.CharSet, mscorlib,
KnownFolder
0%lC
AssemblyTrademarkAttribute
z+v
][/C
eiX"X
"S<a
k224
;qq:
`nAk
]FI\)^j
UInt16
D}edquionThrows
WQ <6
m|RhumeAttribute
V}j>sy
set_Text
.( e%t
f}DC
EsOvSSfot0m6nnTn/tOtG+7S7vyP7Wa22TnA8FenrwR9g+kOaKmDu4e9NfZrW35DvA==
?w<T
ios%
2Pq$G,
dH7"G
S,H-
c/hg
S8yd
vWS-
j 7l
Rxstem.Core
P(G `aF
m&JF
u!/#
CameraRoll
. Gp
#Blob
Control
Sk07
O*Su
es2R
&\`
;*,!!
d un
E9y9
^2 s}3'
wOPoE
$U@:0
EEI
eBjhu`bts
edgaultUser
&2Q>Z
Combine
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
qae
8"Bo
:%AxM
S~8(
6<w]
Ng0D
#bt04K
yP $
+0r
[ -k>b
zP^%
&6dfJ}.
4k,z
QF"c
BindingFlags
f1_P
hf(BnlpilerServices
~o @
[IU
%X\5
%-st
Type
04gbR
Musi
R m,
rT,R
:xC.
*J+
vq=f
9:SK
get_TotalSeconds
+v>Kx
]{gY
hjhDybeption
System.Text
`T-.
DefineType
CitmapData
K` '
dzUf4xbGd9h2veqzerG3O7LbsbYVym6IEe/X7iBORG3FGqNaEvUVqvUiolUmdGPsdA==
{/$>
"|A+
PGZ:
Pc/@
+9=UW\
G5~lF6>&;'*WCp9ri*gq'~u{"
gTU=Iv
X!:
2"*Y
q)z(
O`hx
m|@hmdVersionAttribute
e;m*t
E YN
yYXP%
p`d}ePW
IU |
csq#
U/CA
CL8fH9nju0U2/4cTH2qSKahzeOrSKWbT/yp/wDTqiFFIiyict1+smPHKH9nozNUy/Q==
T -h
=rb#
oY"Kf
<8j
CreateDelega
bsz2-m
ZJpTL
9f/6
b`ur
# 6
Iqbpv
Char
'hqk`q
:ZG|Uvu
E>}Tk
J P~
$a g
2=}U-4#$4tPnHzd>^) )NDmP$
X*/K
9A[56
a0;|
dLC8I
c4![("F
|&Yb
'/EXuz@
Z7V's
/* <
PX(|
Trk~
Py=<
ContainsK
r`kcmxTrademarkAttribute
get_Name
#W [
oTfP
w`Dxuds
S6jC`
D%_
MdU
w{!0xHb[U
Q$$
:Ku?&
Rc:)
bEA_
_ 5t2
?fIoU
SamplePlaylists
0{YP
X ;
get_P
^dba
o^t
IDATX!
eSphuhleCompatibilityAttribute
?+vi
BEu}@c4+=\VlMNd?iL)-%_m[$
0k^W
'"Q4:o+
<v4M-
InvalidOper
0-p6X=
WaitH
"p7$~
wvucn
w?}h
G+SU(3>l%-L~C1v~<*Y1,(2=
get_FullyQualifiedName
[qlS
}Ek:
HnzX?
VdcResponse
r6/[ .
09-_Q:
@ianshthm
; bE3
m>`3
lSystem.Resources.Reso
ZTZZ*
?14IW>G
@(33,
L+kl'
mpCurrentDirectory
jfjA
commandLin
Izh[QS
>TrE
+5H_
PtrToStringUni
292*$gX[
GhoalReleaseComObject
3B{I
fufi
System.Runtime.In
&'._x
zRhj
e:h:
Modul
fdu_Assembly
7iry
AD9E75AA3F5EC98E04FF99E0
SkipVerifi
6}XL
\Spb
x>b.
XI %
&o G
get_Defau
guq57QlrqQ==
E4oG/
QC9m
1~E<h
SdadUInt64
4 k[
8L9`
4XJ(6
.text
Zzuhuft2VCGCvuPV+aEo82+MEylGNWirKMPHs5YrnVWP+jIFhmBrtL56IahxKEuyuA==
UWmfo
JWece4D8b1EjYNu7b7GAUVlSUXhaowA9CSjNiWjCMrDrWfuB28hJa/0Qk0obPo/94g==
KBa8
GetString
9I7F
Ycor0
Oy
3PHzN),SIo
)y2E)SR
YS $
GetObject
c>*ZU~
[{f@/
Oz Z
Urmm
K PE
BI_+
| t~
%WE4H
2Njt
$bfcrr
qLhgn
System.Compon
5Fn.
oz*&$z06&z$**z&*(z$$$z
{$sh
eWcl
dataA
mZj
System.Configuration
Mt;Q
IDB!4QWWm
(mfY
*6,Yl ;
1 dw
O%^fD
9,pE
i7c0
KBE'
ICJ&
GR5zv
X8#;
J[PH
L+j`
S" {k"
IR, I
&tirtsd=neutral, PublicKeyToken
](pP
e=#
LockBits
HTG9
X7L-
Q9Yl
udu^FileName
StackTrace
bdBQ
B_:Uy,
9oY?
Monitor
yX]dQ
(wbb
M\ =x
lpProcessInfo
J"fm
htWa9
F4X,
CreateDirectory
bvi
F*R@Eu
m`EnedAttribute
;(xm
!0"w
HttpWe
Dp@~
a&Y0 u
FI4$8
9ny
q~T`
!?t<!
9<e<=U
23kzRmmDdc7CQ67Hl3J3V9tmkki/NyRTafWUqyZtxfx3q/4sqR4b/4pLsC4pgTSauQ==
1s9|
_O=Q
K5# V(ajAw[~
l_[`
}fD*""
JS\b
&cQW
@sS!
y)VH
GetElementType
M m
Ki_, 4
_vG|Zt
`f2g
RegistryKeyPermissionC
y,//
\B(3
GetFrame
y{)F ^
9N-X`
BS{]
!UqS3d?7
QHgQ
lpNumberOfBytesWritten
tm^
;l N
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.fm.resources
+gff
b~no
{ _e
~@tc?>
Mop+(
W3e7
@#7A2
z!c
X1!]&""
y3Hn
cu0D
H?)~
bbXW
K? B
U 6M4
DDRF
KVlh23
rBh (
3(J9
LL c
set_Cred
D dpR_{Z@{0j;
~P,
)^UF
IconData
b8]U
Rfk~N
6 hc
0 D M Z
{<<+Y;rj/%
`+;A&
*^4q C
hu9N
Cf2 ;o
kernel32.dll
'X,&3
p.`,7
result
^,K:J
PublicLibraries
++06
^WQ4u
uMsil
,VN~
bG:R
@Ym(
~x:/
MJ( #
tg\a
e{&L
w}_SnHDL
wY+116
2ZSZ%tin
h`
u)~v
get_CodeBase
PQ!.
l%A
<HgA
[,.G
vk<oy
A}W;cg
M,@n
ASH0u
jX\
ybaP
Hdn
3nlb
TB$E~P
MK' S$2
5'uP
*L b
#a?Om
Settings
[?NB%
Flush
e5Fp3
*&t?
4ae}6
Rj2 k
1=6%
q/sY6
1n,2M2
LD|
hDestinationFil
zD\9
GetCur
LfMx
SsTE
ZC|F
PzYp
protect
;gDu
JC)[
%_:k
)^g`
H9,[
.~pn
8NRY
fJ1I:B
Z 6}J
7L@K
SampleVi
RI3
>-:~
ETM
A.v+
YPbJ
aX!.
3Mlds`sy
z`%6
height
~T4K%Kl
ww`T
6JjFQ16FIUxZQ/3qxLDQOHZcWz8aP9O3dlN+68jlC/ReAsG8iMw2DrtyZMkEExNzDw==
ij!qI
z~~Iqrs
Method
h~,S
j'A_Y
=z~Q$$(
bq,\
1wAE
s`eunsyInfo
) u
gXiR
CommonTemplate
O=q)
8FXo
vJnieX
WebRequest
NetHood
SampleP
-^Q<
f>MI
=?WP
pXEi
)\][s
6Qj#
X /Ml!
o+Gy4
\6{V
f6<R
Mt#E,
`KkW
of1^
psD+J
{~>e-
GetPath
(
h~ER
rJwLd
[(-
!>! z
B._
MCM
GetBytes
TargetFrameworkAttribute
/Fju
Pd^@
+Yp(f
&`+C
N<k
Process
SearchHistory
.;%
odvpath
gSrU-^
YDaP
$ZcX:
'Y[h
>fY>I
pbShcw3dvFk1Ow5uzGkFT6Ulrbxjrgf+RCVcckrIPsMUTuuKrFzjOilympGXQWPabw==
L|Kr
#&1o
hAr<
4%fZ
3hg]Y
d:V?
k;Gv
Md5Has
Show
S:
Write
(,v'K
>"/c
set_AutoScaleDimensions
3System.Resource
F:/$.!B
1HN1X
.>c
=ej
:^>:'
?r2T~
:kX1
m3Y)
Main
FrameworkDi
get_Assembly
E"=q2
fjufzvjwtka
nku
D/Ok
v',)6
ZS+_a
KG5l5tJ=
,{AK
_F (
}D'!Up
O&&3I
lpThreadAt
.X:"
iTGQ
l`qnsjAttribute
Z0$p
q8?H*
PublicDesktop
{]{(
JG+6
Int16
0%!70W
IAsyncR
[ p>#
=3hQ=

ek2c
$,DV
ZaQO
/ M
>-43
}9"y
System.IO
z--'O
*w0i
WrapNonExceptionThrows
0i9\
z[ w
fwglr
A:@mr
R\EZ:
qSgG
9gNg6
=;.#
!slpdQhctures
#O'Oh
V=Lsd
. W[
Dufe
52;1
s?TZ
IwIZM"
HGYEU
>%}h?~
l+M47*
HC4~&
G}2bU7
4KHw
0s k
OXrZ
_d$2
!jJKq
rdu_CreateNoWindow
%<t
B9R(
(zKX
< Y(
e^I\E8
E]^H135
xn7j@CJ
EZ\A
la2>
InternetCache
adu^DefaultNetworkCredential
'mzh
1Q#=
c$ X{h
{D-)
gdt }}g
K]t;
6je1
s-1u
pfM@
AesManag
h_AU
/lq#j
IHDR
System.Runtime.Versioning
T+~
F&PBk4Fg'#~D6ClM\}i?GN3H%
'X @
kN^[M
i( }
System.Globalization
0pov
YH]Y
.G[5d
oW%&
HJ>t
}3nPvS
{t!{}
QfY[
c( D2C!g
/S1m
lpComma
C!RDm{
!LK#
tc&
0g/b
zjiT
Q+mg
EQpdmhbKeyToken=b77a5c561934e08
ynJ&Cl
,|Y{
$x;
q9](
b{Fq
]@]M
D#$7'
=FO\
System
Application
D"!c1
\*mU
3f\
-:- $R
Ux ?k!
9=IOS
kUh{d
System.Drawing.Icon
74;=
?Cmg'&
hpxA
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.exe
Downloads
+ :T5m=e
E`u@
LdlberInfo
<%@s
^D&&QP3px
5v/X
Kz:Gf
@Q.L&
_]'@)
<x22
>uSK
-tC <
GeneratedCodeAttribut
/GZp
ZcyN
ProgramFilesX86
B(_@
U?l~
k;d~Z
SNCu
%9b-
CreateInstance
IOc%a
-xCF
CD]U3R8V
< R B[
%2:?8\yk
Star
MW~A
hgsud
h*LHJm tPM
lRb:
#Strings
HTM,lZ
.L/Y(H
oajd
d\ a
.QrC
VjT0
GqqmicationSettingsBase
/c"/
(M!2
FcD3s
# "z
(0#%qJZ!J+(W?,GCnUBGXR&u"
I*!/
,$J(x
System.Security.Per
1`5"
PublicDownloads
I6S=O
System.Runtime.Serialization
8)yp1ef
ES5
v-YH
8.*^
VirtualProtect
PxhP5@
+X9=
%Ao7
#T hJ
eu}m
Qzq, @
@*0JT
F)TB
lt~_P
vX~_
M=]|`GCs
Kw O
width
u5 h
9F D
H#"J
jmbU9`
4+$rCcE
svono<4.0.0.0, Culture=neutral
E@)6
ceUireadStart
@brz
ER#Rk
SdadToEnd
J)1D+
JR{8
0wG)0
YdaI
tAXc
"Y4);
94 ~
a?eu
||=ZK
E]P$
CDi:
Lnoitor
r 0
Bi"P
uptdr
|D\;
bytesRead
j8zY;
SLNN RQ-
DymRnuJ3OF6VonjdoC26l/xkfUk0MjYm1lYhtdBD+1DScy75Ix3RvymmTuqpdK/evw==
e`}V
^.NI
IlCR
System.Diagnostics
)^.05
^ ;m=
"=&M
'{Vy
/Fioghguration
.u.XeO
Kw_jOF
zO(i
TypeAttribute
add_AssemblyResolve
adu^BaseAddress
[xfG
`]V
y#Q\E(7cF:?
"I< K
OpenWrite
-R7B
(U'#
Rplit
MFLC
paXO z
axX?d
c|4H
ORGr
D}edquion
L= i
QixelFormat
!,N|^LZ
iVY*EH
J qbV
z(vu
AsK
v<#p
ll@MK
SV
fZal
=XK2
mcc 6o
MethodBuilde
u>8d
*l= H
L X
;}"Q
bjsouQictures
oqKduiod
W>j
p].eM
:)g!
20IA
C|rdr
4zD >
AMvD @
ToUInt3
zR)dw]0
u6?A=
o$<m
c,54c
|8 t)A
+mnK
hCR4
Hj3`
;sm/^-VM1'<b>85AMk@H{'JK$
T;C
wlGV
3`isdUxpe
Double
/a~
ReadBoolean
-||X
]{Kln80`
D& WM5V/]
p0.z
I][
sjvRdsvices
zi+'
g:Q*
n\(a
CL&C0
p2.B
pS=}
]jdjIr
+hf
2h Yh2
JT(ch
Zq`|@_?f
q:@E
oFTj
Intern
zSY]
VcuuhngsBase
}/ 5`sQ/9
ComponentResourceManager
"^5`
V#)b
[SzB^
=)lb+`?
ryE6
K-CmeIR
@']|
f2GX#
B6j.
c?\H
wcTo%8
R|/V:<
rvgfdCoxIcon
Desktop
NQ,B
get_UTF8
}.c @
} _
#@;^
s7o-!@w
set_WindowStyle
t\|n
w ?M
DPJ~
O*p
1MG](
1hii
DQa`$
{aPv
Jn_.
Fbb~
3WCR
9 ~N
1IhF
;(,+,
D+5
M9h%
OTpl
qiC@pH(u
?6Z
{{`UHlQ
u`hrhnn
\n*'@
m,[|
XAu
%lDF
J;ZV
RegistryRi
7eh3)
`unx
TgYjHQUf/Q==
@]o=
6QA^
@qgUX[
ou5bT
C?>|+
:,Z^
-vYT
)Vg
ck (
n'1C
@Lxo \/
;\d($
crF~O
eqYj
_U/+~
9^Fc
l/C0
{q/f
y;@m 8
W,93
rXqam`0
LUWw'
bOake*~\Qo!:&**/3Sk2 zN$&
@ryncCallback
BitConverter
~n&bS:
yH
yalo
;]j r
)iOo
)hkw
`I[
;*1IS<F
>VRT
xV4m
(RhY A
Sup-
mVsnbess
=17uS
/Rtd
OTf>
Z7f#
RX@)c
Ln])
Rfc2898De
Form
J=SF
+HCf
,N 2
<%x6l
.<.
System.Runtime
r!M
P2>s&
{ z*4
iz kz
Tt0ZJ7
AssemblyCopyri
;8Ew5
U=aI
^PTIxfk
fD8vS
(ph!
;w"0m!
ImplicitAp
%P8A
$f8Goig
x])@'
)pY)
#~T 9
A*X*
1 H
SHGetKnownFolderPath
^lt
Gg0h4c
ulgmr
OrB])
sZ+3
J|s/
Delegate
eL$5
AssemblyName
W; &A0c
MWB4c
L5HW
sWPI
6ijtubtts
xkD=ci
ipg|
R +;
c98
ch# S
Y3p#
&4$Nm
F>QS
w,<na]*A"Ry[:tdK~/cyE+5w
wPcR4'
?18Iwjo
jdY
mkhz
wB pNh
_N,(}
0 <:Dg
[svK
JJHZQ
eS`geHot32
g}}\Y
8~[u8
`/H&
#_0|
'7DE2514D00D3F7
6xvrdl/Drawing
f"Sx
msco
:tNG)_
7g8!
u-hp*P5"Z
&/fv
'N\E`
IsNullOr
jYiu
"Bn%
B_3p%
S"cEBT<
JiNn
i#m"
D$#^
D4F481
gO+x
P8r$
CompilerGenerate
KzW!
"##8
UV=!
B]b&
TypeBuilder
A-j~ @
<'WN
"^"@}
set_Name
.Gws
02%Z,
Default
!"C}>
VI@+
m|E)l}
2`SS%yfk
iiW4#
jWt g
k2`:
.?0B
,]@=
qD&7
b+"uQ
?Q]/
get_Length
AESDecryptBytes
ReadDoubl
aK %+'
$ </!
'7]
ctgferSize
#j^%F[
)# gLT+
|oTz
[h^*
>$!
g.$o
! qZ
vWo5R
mr &2
hj<
kQ5p
Image
Kno1
^dS?
cmdCopy
422 (
5Nq!
;:2z
`w@B
iqjStOA
Contains
TWW#
ResumeLayout
-C7R
hEV~
y9<NB1*
21;7
qiR^!
l,JD)M
Tb<^[
y(%^
Oyyk
y><}
o8fK
6t\w%
ValueType
9 E,Hhv
WyOW
Z@.=;
System.CodeDom.Compiler
V?iC
GuidAttribute
h xCt
,i`o
;M*6w
EC
JHfD
s`eunsyName
[OZ?
!2+.
wnZ n
m+Pv$
^v
C;q8
ToLower
9X22
5xoM
7m}
{SG"
IVKl9)4
0/Vb|
@L4e
C ;1!
z&Xa!j'
HttpStatusC
FreeCoTaskMem
"y +
*wF.
)7 }
59g[
eD}orur
BGg;zz(n
[QCv
vq@
CredentialCa
w|Tu
R`wedGames
%?i (R
dNE>
bInheritHandles
LEvO
):%L
4
x1OFjd
\S%A
QADPADP
c*#{
z Q=
N#%*0
/d>L
$lG }
#1}Q
StringCom
u \
iY/V-,c*
C5R8
TFKcqwRukevqVlDklQpWhF+67pGdY3np6/duaau4yy8JCEfbz14Kar5/xwXcR/Qm2A==
OT,E
#7"z
8BWh
"j6#Wd
gywGc
XIUo
bAibtlents
saltBytes
(f f f f
T 3F
iyP4
Q] #1
i..3i8..i
U()ljn}
_BbI E
<Vh[
.==:
od<&
>*o\
NfsuC
0rNc
UInt32
ToInt32
,ldahof
yWtE
_"1 w4
O*, t
zcm\
UUQh
+O*
EditorBrowsableAttribute
(dA0
Ps} 0-
3\0cR
,7Rh
GUK4
?w w}
ToString
;?)[
~xVM
mDyn
A@{V
dn*O
{w\.
KL/C
l=g?
'(t`zE
]nzO
name
D %[
I;k
>aHQTe
">$q
c2xM
System.Globalizati
2,QM
p(]e
fM:'
]9OuS
ReadString
Qf3>5
Z4#c
+"Ow
c
,rDu
AHbFVr
wM[nW
hnmA,V
z ]MoY)
S3!r
{q6:
UC:`
.rsrc
XI$?
emuB`u`
$o6BN
2`SS%{in
AdminTools

LEsxqtoTransform
Save
U}&8
B$<r,
%g l
`(Y BM?w
wFE$
;j\.x
Ew_PQm
o`Bxo`micAssembly
_;Pnv&
muMP,
<_2q
R1mC
rz(;yX\lnP2?v;Mi$StxJWm2$
rjssbds
BnlmonPrograms
#RME
%B.7U#
_ nx
=NVQO
VeK!
7X]D
'nil
4%m_
AssemblyTitleAttribute
~|Mt4HY'
GLgo{wa&s[:
WriteAl
L$ 3
=bf, l
qd
O1hj
c>%:45
=3Wc
_gDX
]Fe=
=]M9
Videos
`7"vXR
PublicRi
@@Nq}
totalBytesTransferr
N\h'
Sn7? qV
k =P
Vso_0b
P6hK-8
<PrivateImpleme
`kQ/
XcJY
ByEOv2
m``.
J4[ntc
;d,?
RD=EBE@A40F30CEB9ADD9A77
'\-gn
g-NS
V@n"
SjZe
SettingsBase
-m?i6
XB[Z
YRUgU#
Iytf
B=C
ir(D
0}x!
0_E%
lxBz
?!n7
q."7uX1
8: 5
1bJq<}
set_IsBackgrou
F'&1:>
threadHandl
W6*z
^ ^x
S(~`+'y
rWr|
B;1;
Asw1|!:
N~F7
IDATx^
GetCurrentP
b=,@
GmJ2
`iifSdsult
SendTo
~\0qY
$b%R
Data
],qy
_ o
_n,D
RegistryKey
dD)5
y] 7
V`itOne
d/Ng
PR/Y
4n;JC
GetFolderPath
QFE
+0x2
deg<
pTMI
Ox<@
?#f
|8@z
CD0S
A*Bv1
Int64
`i9l
Fdek(
.@D8
9Ju[
History
}NY2
a@_c"
3K 6
bV
nptbdr.RuntimeResourceSet
u{9^
-k*yj,3
XGz|
.ctor
42/|
Nqx
q2(j'SmK;?J*heUa9Z*MRE+G$
Utd}
U@nJ
PT0`@
dwCallbackRe
2wDJ
/+,ZHo
b1{.HW4b
q'Ut
ZUi(
7zG#T
'XPG
O~ W
Oux^=z
uF9^
;>(1r
Vide
PADPADP
11.0.0.0
`qonoEetails>
@G"v(
F=I]
r?Dn
rae
Iet~<[
DZzbbBD
cwmC
Na0qg
x9wD&
(q>ya
Y2dqzQxZStQZP7RgHzOE7NkbHHN5qYDja8NWVcb+Ne60am257ypI0xn2wrhfkDHfLQ==
=, &
;UHM<fUY<fY^<fY^<fY^<fY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jYb<jYb<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<jY^<fYQ<jw+</3
GljdDy
ToCharArr
'4*s2!99
e vx
Qoa`p
j~}A
E;)?
CDBur
O.A&
ni"wX
Decimal
MP{m[B
m(=
9l$uv
v4.0.30319
PhJI
)_K4
eIB\
E#yx
Rvu
EdOL
R&`
AVEvader
l"9<SU!^tU}2N4A0OYPPM's[+
XI?e
OR/d
X*y (IFP<(yP*
axf
tmFAa
.cOG
?2e5j @
\n/c
dqYMdogth
b`urO`me
-&z-_)
:xPD
J]:1Z
LE5CryptoServiceProvider
Module
{rLU @
}!ve&\-m
vsH(
FrameworkDisplayName
o,hQ
9-n J
Dfy\(
MXY_
b9>T
Array
!"cRnI&8
;a[r
w6c@:NU;k
Wp%F|
${>w
mpApplicationName
eDkenehng
v@Ag
*8X&
04/0.0.0
61Uy`K
*0h
fn&VO
A&}%
/c|j
)@F,
@.reloc
xS'3Y
,f`F
4f~Uw_
F'#3
&`hcs`Soll
m@gG
!>[9
&Jbs9f
3m `
&twtdouDomain
CinaryReader
wAxf
v'>w
(,qqe
X 5x
-m95
(@ NF
g&6A
\: O}
E 9
*=6T
eBjvx
ls^7
LSl"&
IIS request monitor
U<=l
1o2H
. +m
Byte
get_Chars
=v.O`
3a??
Load
?, nd.
WnZP
J`tR
System.
VB8`
4C*k
{W)X
J1 *s
Rusing
-dQ=
^J!e
UduWalue
z94Ec.<i7
liSG
% r}V5
5MN&!{
~e>:1
VS9%+
]n60
Z_{8
dm K
Gm=30
pVtZ
^ ~
_u3KT
F~Mq
,,%E92/
YIf]
so3M
i\X7*
]'ItR
4SMZ
e0QEs
> +V]jL
&Co@[
l72.
<{GY!}L
,,:F0
!`qg
W|o$QA#Y) D0$h!EqIi`L&AC(
t L&L[
P:,?
*,Nc5
/\Wz
a)`+
ESC#FL
yz[%
]va
f} N^
}1jp
lpAddress
xI V
S<`uA]
WRRc
_ 2h
System.Security.Crypto
pw^t
J cc*
<xIK5Y
jY#+
Q@419DBE6EBC6B9CBABC
oj*n05
}w4k
}>T
%=oz
7,zc3
eDscouVaitHandle
|<_x\A
u{o4
lJOQ
5kWwJqKc
lpContext
FkBD6Z
}}`0|U
1 @S 2
y/}O|2v
SkyDriv
B.=e<
f ##c"/2Y7
*>+
.W`X8
RLen
Jq#*`)(}
2=s7v
eTkk`o`gedFunctionPointerAttrib
?T4>
I.9g7@
38>cFZ
5>N!
*eW5
Microsof
gJp
~rJz
,v'vcO
/Wcgmdction.Emit
}t[~
W dT(
d)Az nq
unlA
+~CD
k.uJ
'/<(
get_Item
$X8=
!5: !
[oFCc
lAE9f
WfEI
y8QDK0
+w'["
w*m
E)cg
&
Og_kN6
{9K.
2\FY
8
Wxy5.D
Dwade
3008
QJK;
To4
rqcl/Suntime.CompilerServices
u+PhrtalStudio.Editors.Setting
Assembly
f(e#%
System.Securit
-*Co
TwA:*ww=8CL4G#$VYmZVY*mT
ZR48
/T#V
%ol
I.#=,
(?C5
q2.K7
/32
Extern
>a}3
viag
Subtract
1d}r
"Dy3
}K:/
OGP
xCVk
9t8`
get_ReturnType
8qgI
System.Drawing.Size
2 9X
\'"z
{`9
+F{_
s~2E`d
uABG{
Aq6D:"{
F<D|
YyF,
%kFC
SuspendLayout
43 @/
cK #
iw%9T`V
c=;Tc
tkMOj
'P K
h^z0
Esd`te
q;BZ
P 3"
gNMe
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
@9;A
/Ak_
:e3E
>K p
Open
NkCy
?Ki[
Size
S/g;hy
`ip4]
F#ZN2
NG_F
l lo)VxM$
$4`
Le]MML
set_AutoScaleMode
,nu3
u<zpg
/8 a
8[*C
E%_W
Rxstem
z.;ZI/
D:`m]:
uKio[droBytes
gmZ@
eajk
!{zc
rP#
N+7qu
6Q)
tjH
>3?r6K
!"9 l
XJ~F.F&
g37=>ieDyE
s `0
8q8_
VC9i
=]0O
IContainer
lhP4
dkuinus
s .3 -
q&j6 `Z&
u8j
a wq
lpEnvironment
)"SX
UserPinned
;D~
3~ x
:/iPV
RJ99
>}!LO
aD@-.q
e4 !CAB@
GetProcesses
ioeH
:BQ[J6+ S
hscQf
]"LZ
T#0k
ktH(
$^+T
1**h(
/[E<
slrxR`feCriticalAttribute
[o)
YawSe@
N"L0U
b5/x
Ma {
5Do\#
Paramet
h Y5I61-
ISerializable
C]=pPc
yI^V-|
8P'+
dkrr
* hL"F
ur x
M! nah
AgudUime
creationFlag
{Ciw
S1pm5
|PhvxT
>,hk
jP 5
ujt 00.0.0.0
vl<Z
,`c2
[{6Y
oaB
7jCS
TBW$
52Y4
param
C?KT ;;
qk0Ne
ReadInt6
!}^~
W:Xb
w8<}
SeadUInt32
<(qt
|b j+
Change
)v6+2
AS}#
(2?&
[1E)
7k6[
"Z%3
5CV4
d r}F:
;Z4\
> q5
:8T
Se]N
cB5
KFeh
,9g
b ].|OA
`tbQ
mI3*
FsC=r
~l8{OD
uZ (
QY)g
ResourceManager
RuntimeCompatibilityAttribute
PT@WN
&MVOE
GetExecutingAssembly
9^gB
{#VK
v'O4
\?2~^t)
=QD@NM
+D"u
Ql5D
uML>
e'vt
Mlhd
V>%
+O?~9
h(j
6I1T
cL /
t$~E
;dcT
3`(E6f
p9h{
fM]}
ContainerControl
y T(
Z_%$u
2'QW
get_KeySize
_uIF
oyH"cIEc]{W4V2-Z::Oj5$=!!
s Ux
'Hk9T
`wu
1_9wD2
"5;DZ
nbt`lGilesCommon
KmSx'
o+d*~rz
V1<u
ga$C0uBLq_~
ToInt16
Unverifi
67pw
o|H|
_%XK
'VY9
/p]Uj
Windows
ReadByte
RNGCryptoServiceProvide
?vfg
EX_}
Ljbd
IaQ
{'wwrA`
M R
b&=6
]?uh
qdi$
Deri
%v0Se
>\2L
{cY-7hF}9
2k,^
ii:Z3
DMM
kd.H
^348
bjk;
A$@4g
ReadBytes
>?$My~I
4CR')`*_
\)rbKPq
u(#
YIsL
} lJ
3+Pw
S`Q(
pp$,
eLpuhbMibrary
g !V
[H(|
5V<i8
LLLjPK:
MFKVd
SavedSearches
>Q[nH
sVDM
M9ZEUIS8DQ==
]v)h
AssemblyCopyrightAttribute
ka)+
{kk}F
LDd~
`hcudsType
{fh;
ipDR
F2[J
Txm
@G0194F6CDFC10797D568BBD9F24D
`s\>
_3o-
K^B>
3.,I;
O-69m{
.N_MN
2`LE%
ermcmm22.dll
UserProgramFiles
oE?Xl
>m;`3T_s
Zong
_'&F
Empty
Ha~iB
LyJm
+3 Gi
6KHy
Aspb
`YbA1S
instalFolde
<nv6
ljhY75
6 ln
h-z{
e) h
'?EGu
+lVD
"-j$U}
$\ /
#W~0
5axx
& #
DeleteFile
+WR
1"@c4
%\Wz$~
N@p9
dvuhno
RuntimeHelpers
X5Kx
B`K&
t8 P.
5B )~~
bO/*
54;y
n~th
];Siu
_{t B
rD3
GRnV+
CompilationRelaxatio
*>_F
:#;r
PK5_N
F\-7
!z;3
IndexOf
2>07%T?E
Startup
jUl>
@ZK:
|,IA1
pD[>W
{dMl
z:+ +
uU6K
J}dZ
=f GrxuXT
t+o-[=
_e;3%
*4L5
7T/yVChD9uApLte0H4m50tNot+topGiWYMGtk7Nr7i+EBY8fvJQsEGDXbM+IzLdCKA==
O6^-
flProtec
f#s
{A]i
(nasmd
.NETFramework,Version=v4.0
-vZR
*v+
~H~$p
g<n
'aY<
_hostPath
hy`w
`mwh
07)N
Templates
Kz=a
tN'S
!Jmc
BMda)
IqOf
Read
uiRrUrWE4LESrk3U86iuWqjl4ZB5KzDYmyQ+aTgnfNj26R9TIFStS21wK07ExMFLlQ==
/uext
get_Scan0
|Kza
P0DBB6
(c x
2Cs
q]~3hku
)WN,
|f+z,
ga||
:tG&
BV#KZE
N=$\
C=j3
CGPLex+
l&2y
value__
G,'+
D`P<
b3Xw
EjtR
8[[
(\fm
Xh~)~
ZQa~
&!d P
ycI'
RyM|r
@3TTH
Wx)P
!&z
v&Z?
KX)W u
E<&@1t
fdt_Bmp
( 8S
F;;Itch
&%'D
3N[O
JvdoRubKey
MWvpi
uH#1 1
s*;j
vjL*
|x6\
nY[
~3~C
bw%B)_gW56P<Q,gnA4G)(>Z3"
wH+s
+KWy
)R!q
FdtBuffer
: 2`
2(WDY
v^j/{j
zYk/
eiN|>
j/(P
U#Wv~
&rZ
iRnurceFile
B8
TZ7)
AutoScaleMode
<Lar
9n]f
bF:X
nEMw
&_&s
9N3~
X09R0
MarshalByRefObject
}O%9
\H<y
rMG&
ResourceDir
mM7Ua\
9=aI
.cctor
T}I=
'mK%
&tc6r
@mlocHGlobal
Xru'
& =3:
Wbg/
mscorlib
J-S-
pcV
mk\X
FileMode
rv:N l
-iU(
P}'N
Qwifs`mFilesCommon
:K*W`~
$4TQ
hv3
s*V.
6[M~
uNvF
GetMethod
ILAG
X+*h
S7F4
`hoofUiles
!: UQ
"f*/
y1vz
PMF
6sHm
9{<y
zu8e
JEl9t
YhK~
*h'?
qKw[
VB7B
'xqc
$QP
ad.]
*&$i
CharSet
tst.dll
,$6i
r @
WEsl
:8
Y4*
Kill
hBVV
Guid
Ko{
CW w
s]x)
9=
R@07
>&cT&r^*MqX[Cj_2?UiExG=6"
3!Gf^u
ax0K
Vc.)
DG) n
Jiw?
T?d
&f (f &f
t"!
System.Windows.Form
+f*;g
>Tt)
j=hU
CF%
{q[}?8.
96A[
^3H{<
?`Hx
*D`L
dl!D
Oss[
System.Reflection
rvQhoeowStyle
05416AA105229A98F14
rd~tq>
#1|au
EnllonStartup
MrZE
^Vn5
V66J
P,!TU
0._Y
7/`
RuntimeTypeHandle
"VTp
k@-7
DH3C
0-eUs
g=j/
QFx*
!<JGv
Iga;
puOg
4>[EU
TF|w
jQI
SidebarDefaultPar
^m-R
Y|Ix
m~;p<.[
'kb/J
0K @
{`rA
a80O[
@15N
6=T`Jo]Jm2@1JEKbTt~{^ZED"
i a)(C
GKv>N
x Fv@
#CC(I
l<,
=\8C
.j@^
EventResetMode
>,%Y
"0=1
-#6>
FDMJN
(dqge`uaStore
>ngo
OriginalI
:;w^
Append
A](]RJ
E=#Z
f)cu/
o-3Ai
G+;)b
tW"
Lx21
1'kk
Devic
op_Equality
~S"
k/A0
*PZ4
0$<|
c%w~lv
;8j
J7cQ
GrrdmblyBuilderAccess
ah$*
p~$ >b
1SM
<$.t
]e%k6a
h0k1
SW{y
_&m |J
K%,!^N
4x,A=~z
,0UUUH
3 ~
4Pi`
*.+
GetFullPa
Dlvz
T1]W
}29%
AssemblyDescriptionAttribute
@]k3
CC4@G^8r7'*p0!j+'ui/cY#x3
C3/q
M *wrh
FQ~?8m
8.:6
%D3Y
!dicud
>CGGC
HP!>
!z&((z&&&zGGGzVVXz
QhQ=
ic*~
G ]?
S7;g
$xC[
DnvP
`.H{;M:
IconSize
ydKE
:yJA
J35U|
G0p*
ugrrCytes
)n5sz
2&-
oIM=
Dw\Na
tDT,
(s)a
'%qcN1
eaj^MC
get_Bloc
T8ZC
"!?}
:[DS
xxxU
get_
LuiPS
}suxz
"[iP
P\(pV
bBgldUasks
.NETFramew
WGX
#
1\5hEw
=>Xi|3
"Vdd
X"{n
J)%r"
rxOe}
rd6O
^~@l
I2W17
mwq+,
H=G6]
|04_
O\zI
;oX5
}g>8**
c'KF%#[U6K']DtT,(^KoCW,2(
7 YvA
ZeP
UnlockBits
?3q`
L vF{
dUy7
a6pnJ
Vaf!
0f ,{
F/NAs
nbt`lGilesX64
: bb
rl&N
C09
P]5MB
6^*F
F5;
:'|P%
19 J
SearchTe
lpBaseAddress
idPA
pbMs
*m @
mscoree.dll
!This program cannot be run in DOS mode. $
r\!
u6LO
callback
L 6`(
A;Wm @
=GLh
GetFileNameW
2hLZ
O9_j,<
SHSetKnownFolderPat
m &
I pN
r!9q4g
E5B3{GQ
;Ywa
81{cV
Dispose
GetCommand
Ru$ q,WY~!jPH4 +8&-ifw-Z!
bLV)f
8Y(g
6xs
CoeHnvoke
{mnkgi
||| }
}GAn
ncih
_LLb
8 b0
\9F'o/
A-u6GD
xbnB5
r`kcmx
+h$1
3f1I
C M
NBZv)=
esE[r)
ICloneable
hibds
<XW#
I?Gq
.b<T6
dbFIy!
HpEM
q/E(
^ w
ReadC
o9q_=
\>?'
:7a-J
tz}!
(2wky
-h]~
]tUG
8)!n
zRKt
dDQ1
rkCB4C
?D 6
set_ClientSize
bYDsY
h,~L
Q-tX
Hovoke
$@F s
U, D
j7Wd
$$;2
SpecialFo
dj>"
K$ 5
o`Gsfr
q}zq
E#4(
6t3|g
r)o
3+d|
(Rg`
fZ.xNT
|9Lq
< N
4}S1
hqo`mhze
%o!
4Y5+
G_<!
---
F/S-
AZ[2
O sJE
eR|uudl.CodeDom.Compiler
p$p
x/&g2
1hHa
,oq05
e ~
K1+6-!Bulture=neutral, PublicKe
$ <)
mEUk
uHcuindImplementationFlags
#5om
BSJB
LH:\+
ChM+B"92S:b/9hAqK,q}__J\$
8b}3
bngfdIost
Pc3!7:
dgJ&
F#R!
d*)]p
Lm_
&?p]
13wk
-[m(
hT59
:l O
s0Upc
J'&U
Mhfl
op_Inequality
{W{
~bMJ$\/i2"(B*
69/K
b!6
|3t#
t*aH
EdglateStream
2SEE%]FO
GZL7
P Is
ev}3
R,D~3
u>3n
_Y5
C-"K
j_G6
IntPtr
v*}:
!o'@e
3Oy4fWXeIcE4sKOmb2pAU2zNhn6XX0T39afK4PKJZQAoj+OCNipNI4LYurLoAZEPiA==
thread
System.IO.Com
+/*
:T2z
",`Q
Gp[zKDz
%lmY
`hoof@ppData
s<g(
7@=G
pG-U
G/e]
m}MT
O41V
7e:W
_@^Nl?
wh\5
Gxm8
J v(
y*OPMs
vC/|
)*W\`O
'eqk
dwVsngiles
~(}i
-e^y;
yO)E
yK% %
IUW`
NL&l
qbW s(
X?lF
0<X?
/y:M&K
Znmy
K_7M%
Rxw\
5\ x
^z-9=
hsguns
- Tr
5J1I
iXze
Nl w
I0?T$
ToChar
Raj *
C1^V
f(Z~iy
[@Te]
bytearrayBytes
-<F>f
J[) Y
_;X: }
&790
qI}m
G68I
eg2E
7|#<
@D A
)*cv
Sr_^v/iR
&.,i
*mVQ
uDrushbute
[1$B
lyqMp
W n
I_%2
SkyDrive
~!>]
5"^(i
|(cv
(c+(UIJ
FileInfo
d+Dx
+K*
AssemblyConfigurationAt
UE.!
QQ*@
HPP>
WoXW J
v4fM
M[XcB
d $9
}'fwv
ghmeNameA
.YM
W Z
Cv9z
,2HN
u&=s
Jd{Kv@'-(m0,K-Zg#qJK/$/M
i^sDa
m,)SL[
\^\D$
QBQ=
BlockCopy
v8Xz<^b
TimeSpan
~H: a
xc}K
Wc<356,5549-4d03-9d35-8bb067ce2
UPD-7
DQ`Bb
S`E=
Mutex
M)8'
K-#G
XldK
%J]YwNlu)3f]*C+xvtU;r*4w"
l8+uc
HW3?
;d ?
qro*
Rw9N
=gj/
;8Te:Hk
\1N@
Bjbd@utribute
S(?8:
L#>
+ H C
oJ%z
uY$V
P:VE
g`bDz
Oy=.
#%>C
wQ:CnRIB
p^w'
###I%!
c6YlP
?@jS
zUj5
"^]^B
ag]A
-fP[
~6dK
W[re^
b`Td`eer, mscorlib, Version=4.
set_Key
oiDq
:]jh
h)`,
w9k-
q |M
ulkdIdlpers
{ogd
ToGenericParameter
W/oMWkU6WaoCvL3LxEeTsa03csI7zxQZSzVnwGXwkRPcT/0SOkaF3Nuuklhf8DoTpw==
x}y~{'
CultureInfo
7Bpj
,%N#
f#l\`
8K9t .
(4(
?KH$"
?rt>
,_> 0
wk8q
threadAttrib
Nx71
VoedcarParts
Qnsd`dStart
ujhdr
p[9r
zZC/
5< B
Px#Lj$"
E<5=
\W/Bca
VT*)
:W(!=
t;fy
ProgramFilesC
^]z*7
-fikE7&
Recorded
&f (f
Fl/j
("Z{
mT)kFs
P!h0s
!w+W
yr0l
MethodInfo
^FXh;
!This
,dZw
h'u#
1\~yk&
g/7
#GG|<iT6
QG #
"|}z
.t45q
|^(,
Z_!/U )
.O)},)
tG/K$
CompilationRelaxationsAttribute
sMc6
ft,N
'C2\
\3j[I
i_^2g
IK[R
eBpjutseInfo
QAT6
t 11
ReadUInt16
C8"
#V[
'Q|XC
j*"6 eh
jy>%
Dg>)q2 T
streamBytesTransfe
MemoryStream
|u?7
e $m
c>X7OJ6(
j"2|
fF&W@2U@(
`*}#
|UD$f+~6AG?(@qO3G,Ap\6(7)
Nu F
9 kV=
ResolveEventArgs
I.V
HttpWebRequest
~5NP6
k_BU
"n:8
0JEd3i
)QKG
)"M4h
Z~8xMYJ
S@(/
Z6](E]
W:8/
hW?#[Zb
Random
,XPlyiQ
eq2O
<.t\
DebuggerNonUs
qQuI
c#h[
Xus7
YOOMyfl
&r>B8zY
l:c)a
"FUID
7Vg5
sldtud
_) 6
Z%(q
B/x-8
jaJz
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
|lQ$
Z@Lo: d
G1ZD]K3|
\=Qu,y
i7^(
l#f1?h4
Decom
,,J
fIg;\Qi7
&/?V
$.#p
bBmgsRdt
bNozd
SecuritySafeCriticalAttribute
T&$V
ITEq?
n-qDs
| *WB}iI
GetDefaultPath
wVjU
.-^E}
!RXb;
5sjJzP
g9'M8c
IEND
q eF
BI*g
\+Q
20#q#%
g?0A
S^/(
PbATF
% /N
2q\ C
Qyz|b
_Waa
6i`jm23.dll
$Aq
p=.Y~
<7++<
j%BF
p YDbC
PicturesLibrar
W{r(=
NRu9
f DY
I@<Q
GetParameters
!B|%^2C"
o!yobfKu
Aqs
context
3###32223
?8gD
:Zm\^,a
OuW
HE#f
y+fc
6f460c1a-755d-d8.Resources.resources
r2RUI
zOq \g
HmdQk
=}8p
| ]=
s*??
Documen
d57>
5,

KhkP
`i@hmdSize
YLN
.%mq
fap
F6^
FaB_w
JO6wt
knownFo
15.0.0.0
0Y)H
_59Y
$]ye
mQM[
'b{
#1Q4+
oCj`fr
TLO^d
Floor
Og&x
wNl-
o =z
lV'J-b
[(Ye
+tqnl jTrT?/*43#4OxmCX+d!
PJt6
>5KK
Concat
8N
;,)<
v 5[
bNsc
I qO&
Bk(aaa
Zh)\
evRtreamNumber
z:)w
r`tu
&L[j
Hk]o=
AU4t
@uir
g'6J
6p @
Boolea
6BS :p
`72M!
*MdJUQ?
-H>X
eefaultInstance
/u"M
Y[.=
FduValue
?' @
*^+
*&*I323
tIB=2P
*d#)/G
_CorDllMain
%DSY8
4m#Yv
wPa>;
!<]RG
-C?c
iUiread
T(%3
l} X
wo_dn_HQ
CompilerGeneratedAttribute
P<a
xmH:
6Ke 2
E"<Oi
{TPs
glhdQHnvokeMethod
Iek,W
7`td
gBU[&zHU
YrXe%
; q+
] :y|
WN4,
1Q:%2
{6V$
SizeOf
R#l#
m7aR
nkkdou
ProcessMod
DlZ]OCT^ddCp1paK/C[}oN0w&
;M3
currentDirectory
X v}
^ .
kuK*
xfz G
ss(i
V..
=n%:
\x`<A
^ScY
Favorites
{:eA
Gf5F
e]sR
SeadDecimal
)54QY
y{3G`'
i*i@KL
AssemblyFileVersionAttribute
K]n
< < < < < < < < < < < < < < < < < < <
GetTempPath
nabd
GetName
vb^S
CreateDecry
]$+F
Szqw&
RjBu9
%dY6
$uqthctte
*:+
System.Resources
) /
L4QE
XhJB @
R;C
v!$+
#%-5
3U[a}
5vmT
kt1B2
6l>1R
Vq@
get_Id
$'lT
Mh;=
)> s
iz2dGR
|MS.
zW_3
.k]l
T X"
|TPe
E<4
Cuffer
9Z9T
9\7|
T\A6
` y!
Rw.mh.resources
ptYQ9
H8Z
R~$
4tru
2~4z
cH5X
zyH\
S\BM:
MxB:
~+Av
"5Z\
LTx`
JzNP
e=TL
7Kg^
5[@Kxh
S2-Q
Ar`$
8q&!zn)Z*+
r[ N
flh`mQath
n 1U
Icon
installFolder
Yic
GIw^i
Last
~_kyfsMP
]O !3=
j1\`
eq-m
;s+a8
eq-r
CB01E0B0B937382
WH&R
znh[:
Z@4{1
_~ }/
xqcrVsitten
tx-[
+A Y
Tdq0
(:+&i:
PMd:j
XK<J
mdrdr
2nuu%ggh
MoT e
.ojqoGnlders
_j9b
BZ<J
:H}@
B3qsY
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
n v,
)(Q}
{g'/
`qplicationName
A`ldTasks
>d|Y<}
7~_Z
--/T
* 2S
"Vsy
6dzx~75
-Gf
Fg_
.$`
i92C
{);z
Ickdct
>a5=i
@m`fsAttribute
HvT
VFGG
String
$P9~}]l
zmE+XZz/iK5padCOwsorn3oeIpS/7U+hq3SeF9LGi1iLyqmnzkGGUahGTJ2z+zc+Dg==
H;L @
_CorExeMain
DebuggerNonUserCodeAttribute
gZ%K@?
I <
%,y
iDjfnsithm
Rxrtem.Security.AccessContr
k1 '
StreamReader
\ ;
8F2_s.Q=
87q;N6
a8\x8
aX0eGIkR0RIX0kMbjxaOVLmdaGeODhI6bAq0Kmh6jRn/1p7xG8+Jclvvqq/xyib+hw==
bMzr
+N>w
IVHl-
BnlmonAdminTools
)7'^ag
-'!LzjG
#TZS
yd6D
AduNbject
=SPd
DebuggingModes
B:]Do
+?*
.C!1<
InitializeArray
%'PGTz+
T<Qhn
KpD m
-yr=
h^ \
@vudlcly
GetTic
Ui+X
|&Br
3H"B
Q./ @
#U2;
yIc)_
&z @
r3f)
^dG
AssemblyDescriptionA
/!vn
~a kW
7<uA
ToArray
b b[Q
!+]
eR|uudl.Collections.Generic
/\z'Ge
?U]!
aBMx!)h
rD|V
t+;6
0izI/tvd3oTXsan2PoAA20wQaIyfgf1TOnJueZkITf5iFLR8OmcLwv9FvgOwvbDZDA==
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
O]xn
fp\^
5WriU
,]HZ
#=_"
a&:A
u`*!lrcorlib, Version=4.0.0.0,
uD_1
Ringle
>By8u
f} D+[
4M( w @
hkrds
e^IWB4
1e&a
K >I>M
fx\.
\Am_
&}u
iRg
e'J:
K2.s
pUo[G
XC)nR
`.sdata
G%IF
lpStar
-I8
!# H=
f<|w
o$8A
.rdj
El#%
x! ;
IpZ4
L4onL
a`^`o^
`eeress
WsouhmeTypeHandle
YllnJ
.ajd
xRj*T
glAllocationType
P8Zp:f
.j-
VEfv
n H?
i_;QCV
O=yq
"/yV%
System.Drawing
v3!@
(hLRpu
,\j (
S lQo_
@snlBinary
=$+H
Jus$,
CurrentUser
[-VM
5~G(
ailHC
WH>o
Y'\D
+U /
G| K
obe+
+[*
Sdad
~1mo
BeginInvoke
kZ_8
. c>
OFR$
(z8$
w( 4J
v}*@
h?h,
GQM\
##2&
+jw9>
DebuggableAttribute
( e
0qL;
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.Properties
x'BEu\
@B^D
PW]#&
PtNWB
1cN#X
qw7`
PublicVi
,jGK
8X7.j
nM''
bcod
JG92
5^P ^
827^
Zy3{*
Dj = !
ldF1
-Aagu#
:iXD$#G
`ZNm(
$rvclcmyProductAttribute
%]bP3
_"/a
s0 @
PublicUserTiles
bk>{
MMPQH
WnOU-L
5/y3Y
d`@
ZqFW
get_LocalPath
"$Q<7
(g!X
RdE+z
ICredentials
:<."
!dvofodr.SettingsSingleFileGene
`t.s\jh
ria\
+R !
QyX FO^wP}+e
4q@J6
-}S0
%cT/-
Y!S e
x_e
:E)y
<ciD
exg)
WYGmN]
*v9(
(g\l
N7Nrj]
ea&2
Ioojr
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.Resources.tst.dll.bin
`%;@
gp.b
wF>cV
>>h
$5ec95a14-bae0-4d59-be5f-6bd466010a24
,Z!P
9;n]7R}
|MRG
Microsoft.VisualB
:f}
Object
@ 9!
=G},
'q4 V
U>2&
Z pTRzv
W|EC]g
/jwQw '
Registry
x;qj
H N;h(
; EJj
';Q
tf2j
ulio
2B(D
:OUg
UXK~
O7pviOUv+g==
ComVisibleAttribute
R0eE&
MChV}
PY#_F
m;p)
3System.Resources.Tools.StronglyTypedResourceBuilder
#9s
XU b
Z*+^
pWw2
gm$ E
t $b
h. Q
i!5ZRF
F_2cI
KEbE
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX.Properties.Resources.resources
zgUu
YrzkV=/
'055
'`*8p
#BxN
Playlists
$vV}<
SkyDriveDocuments
Xx+_
=`yU
~x O
dLy?
?@hh
8e)\
]|?
msGa
V`txDBMB
z==s
GetDomain
kw_p
$ L3
StartFile
_ /#
rMjau Sybd
{rVU
vS
OGI,P
EditorBrowsableState
AssemblyConfigurationAttribute
uFMo@9
G:WY
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
E laz
#Q|ne
F&'S4
|t4g,
JOav
h Rs
]B431C325FA2AECCA589EECFF429A90
9j!J
80
vUKd
`3/y
Zm Ym/~
^#e
'94>418B34
hE?;
Heyhj
D*P
ii^y[
{%$b
N1(N
1.0.0.0
LX6y
fSb\
Hashtable
J hv
Q^3!
pV!g
@$<~
Tddu
gP0Y
}5 ]-+
's3%
?N Is
Ay51
{5 &
1\I
l j^
xh|H!3
[e|o
RoamedTileImages
ImageF
)d!
uz).
j$W]
Mlds`sy
MncalizedResourcesDir
*SIN|
*. bH
B=h6
C3UMo
8yMRI1r
oc&~
SdadAllBytes
wo_dnzhm
hudm
Ant G@4d
?%0W
?"SJ
eCn_
Stream
i?S Bn
tst.Propert
System.Reflec
P9B
f5ee
a:Ch
Librari
Q Npm~
rH lN7
[%`M
l'5n
&\{ Ra
a:C8
Ma
CK1'
eic
gRg{
pN/
JmLaVYFTw7rRvXTRNucWF6me6JQx3XcMe6vIehg231z1v6UkNyxe2bQ5EiokPlKsUA==
]de=
fclW
Rv(Q
1 fvG
ius]
Exit
0Z *
W71i
0[(E
v4ut#\_
,_{s|
; $)?
udu^Timeout
QQ d
-&H!
2 AzY
!>C_
2$sC
8:' G
PB<3M
m8l[
`u5Vo
(tUI
!U4=
v=t5
+ X(
~aJ`
Av64
(($<
]#Rl
P}vJ(
o~'GV-
mhoia
Ky:Y
JAE
tINYV
l}mX
FUc+
^PTI{in
qC{P3
e:fziM>IC%a9lyp:O\k&>5_)&
'4Z7
ProgramFiles
Microsoft.
*N+
w %`
+th:
> b(
6wri0
ZyM_C
*CaBHe
}ZrdP
IHMNU
r[8*F
&{r_N
p'g*
U7O.m
#BlV2
[v=q
vA}E
mPg:`
1!f*
g`hy
HVZf4q'|]W'O,~Y% clh2"1Q#
,X1Q
O[GP
LPtB
8-r
xd B
u#:\e
+t&D
Jry3H
pZLx
a!2Y*b
d +KDo
eU`j{5
avv7N
set_Arg
\r}j
RUf=
nG.zp
s@q L]7
eqwibdrsAttributes
g1&~
tMx
MPO|7
B r7!
.NET Framework 4
f f
SLJCWv
~{yr2
P3]+DlSv
A?M<&c(
j-D[
O!r/
rn sA gC
Zero
wH\E
6xAV|
QK [
%|"!
`M#G
N+"V
Yx8x
}sk
-~oxr
55cwQ;Q:wu=)AneM_]0Aq$Sh
O`le
^1T[
6k=5
Asse
Vshter
Sy Co
System.Threading
CreateType
hp\
GetDelegateForFunction
gtbZ
KB|c(&
M7xH
?LX3
V_j}?
pyUd "
ds`SL)
$o&U
VC p
rB`hp-,x#)avBMc<0=jxtfB^&
} @jr
;G{uj
`/}S
ua8*
Appli
_"K
V:zJZ
?}sq
Pda<
get_Declar
vn[J
9[z5< z_
Miqc
G~Y^p
M8rp
B %|(
MI_ea
px"2p
kWl~L
'Q[[
NetY
DFT+Hv:Tr
RC<uP
i4TL0^
iE8
P5~O
4x J
}Yl/
`Xf%q
pjB[
no[fga
ag<,cex
(blB
GetHINSTANCE
)%-[]
>@dKa
z~I
eL`ur`feBox
u`k/Ehagnostics
Buffer
+Pel
N)+I
OpenRead
!\aM
Qw-hU
^PTIfS[
AvNi
ProgramFilesCommonX86
xB2SZ
FTUW;|y
>Z)c
4 mt
M(8g3
Ho)_
Fiowdrsions
Jf f
get_UtcNow
5160
3fXn
PrintHood
p}e*
Mt/Pz
:fK6
processInformation
uJ! J
vFo4
ObS.
e"^{
_,X}
Enum
fx?\
}DK,
N+b"c
lpBuff
} V
z?}i
7WUk
D@9t
AVY_
UBvb
set_IV
Q>
D4k'r
d_68
Y'*<
Z E3
,vVr
f f f f f f f f f f f f f f f
ZNPO
ubV
lVu~
voZypF `
e*^w
Znki
Yb5&
`.rsrc
z6QE
q[LeE
:HI#a
Next
U_ @
edkphsnnment
LocalAppData
`W1pv
0Z.O
n I
@CF,
##84q
,!SO
`\"Z
6Xt
n)j- 9
inHQ
r6lFf7
~9`Y~}T'i
vsoc
_@vrB
[v\
$Y[>
1?#W
$u %
ZXyep7DB
U3u
1 zD<YnjX
"Fk,T
m"%<%
Copyright
UK|"
rY&Pi"
|].0
E-#[Ji
kibhx
nH;"
OM2
@qrshcute
nG2l
;yG}
6xvrdlY86
TextR
G!%(n
gZ%C60
X71#
Point
o YIj
!v!2
v t
Un5N9
length
(qT2
<1Fw
Rl|d
Premcor Inc.
e x
>l~
Z3Q#M
WaitForExit
k4yUN
]k'(
~w4,
KtV
-Zq5
q#TM
h6p)7
\wCr
KPX.
o~Gb[P
$McT
set_Item
Program
2gg`%
krzu
eL`rineAttributes
_ns
gw h
RieM
N&7B^@
*3\
E HmE
A' @
y2 x
2X(h
lo@u
@p;j
vm[j
\:C,
mq= FJz
1%ZZZ
j|>z'{
oG@e
xcBbF(c
5/oF
j^5
Vs@z`?
re
nq_Explicit
"%5O8
=l1(
d2 3c
bHsrhb
f5v|
}I8F>
245L
]S0e
= Q{A
Jjh+
w;tV
H=?.
=k$O?o
h?)j
W|dS
``K;
ohM=
B-us
tfdZ3QXw/|ssn$)$/7U5Sx6(!
0.rg
s3Q-
7A-)82
tAVi(%t,
Z12 N
s-,~6G4
BwN~
bduuEdlegate
!V>H
r[<$
`,{
YTWO0j
DefineDynami
set_Length
GetTypeFromHandle
%V_L
TR +
|W!pH*
UjJf
?lVU
kk%j
E&5.
6^L-
zM-U
ebn4
6? V
2"""%&"
F"oD{1
FleQ
tv3O
Dz$iZE
Y$>0
$5md
,38D
i| a
y"@<`)
]D1>69BE343F3DE3626769AD50050AE
k~>
*Dwl*
MessageBoxButtons
)!#zuit0G
&o2
FileShare
=+AEW%p
`'%We1
z L
U*Y|
gqy1
,3PF%
=BtNXw
w A\
}-$]X
A=BDv
19.8.13.3
PublicPictures
J{FE
@Mjfz
*+ 2!}
}Pay
\0Mb
E :`
n|c&
jNwg
B 3$f
l5Q'
":2
A^cU
Im*
RJ[_
\ G^
-rd#
bNv9
3dwuhnoing
t7,6+
PR;rp
MG5%D
~7Cd&
da^l
hJ"X
X{N!
fE_KK
<m4]
hBGU
VNXW
^ON~k
so%t
:<n
Z,67!JW
RegistryValueK
RrxO
GetProcessById
&`b
a(s3Y

TVm 'k
hT1m
}-%z!"f81=
{,DG
Q|mw_
Symmetr
a3?V
,M=S
KMicros
IDAT
F=w"g
{0>9
g:N:
System.Runtime.InteropServices
Rb]w
Tn>D
Kk2R
>ix2=
V-<)
objd
f!P`nl
rv39
P4o7
7mnx7
:0go
Public
Math
nh<=x:
}h_I)@C
U:@@r
tL~%wS
Q$<K
%&"M )
],<o
*?kT12
/vor
J F*tcb<
F+(}
W7$I)
" @yx
oV45
vp j<qZ
dpA?<
B`llingConvention
$-$
@/Rd
,3 rt
(XKXT~n
j'on
Q] @
#KgL
K xZ
System.Runtime.CompilerServices
_,_/
"r"
HfXq
k-C*R=74:d#W@IF=8|Zft(,m/
AiH0\dA+>nO643V~,@?8I*8e)
GetTypeFro
u75HQ
'm^d
bj iS
Y>W}&<
9!?DE\
HGH`;
_;]Gs'
) <^
S 3w7U
0t*x
-*
rK<6
pt;}Z
Gtf3
bQ$1*
B%n+
;a/&
>LdJg
! B&`c w
eF`rGnmderPath2
!t-u#
msnO
b^;}D
vi*z+l
QiotoAlbums
|efJ]
3V>4
Kg$}A9f!
8tt}dT
+zkg2
Bx|q
WSFY4
8]U4.
G57]
0{GK
uWGa{
<C,~
'*E*
4e E
Cz/ndcjBR8b2TNMKlZu0bp5huNNItbVUFXDErC0HHix+UDueqP5+LTIoLtCvoU6s+GEYvSHpMC2YTFlrvo/Emqc3v18tIRENMW2KJvgW94KLCFVaA8wzdJyJiwQ1XlOMqFS6HJsOlO+PisLX
N>"]9
8#LDuu
+y;Q
4z4Xv
e2SuevGWI00SDUuqzuywEuEXaKEQOFPlB36IKjN0Fvqi2VJnWgb7GZMFbJy6/ZqNSQ==
.JWI
fc:
~?]K
Ig8BM
Yj(nw
v[}{
hgsudr
SampleMusic
SdadInt16
ZC ^uq
*Tzk4
CpiX
'A^#
Y N/""
) yK
yP(6
yD`Rt
"r>E:
c1tK
MijP
+:2*9
)Fy8
Close
hv^A
ds76[T
gljd
YsPBU
IDisposable
ln/T
Synchronized
A @
?TBF
ka!-
;L0vz-
Dictionary`
ModuleBuilder
SsVf
[X)'
PHog
GOR]g
2&dKz
hSq~
Y%l#
x8@bgb@6C`7aA";d3rDL>~BM"
^roC
V{X6
$K1UJ
IIos>R
<izE
n{lq
(:KO
UC1D3DE023216838FACD165AA2F01
ulioRiortcuts
LZvl
>nvu8|F<T
e{, `
K6*&
,ib{
CompressionMode
P '?
Enter
NY)H
zs3]
K[O'1_ ai1b]Q7xWGt%?8&Xy!
AssemblyProductAttribute
ui^V%
bj6sl
U]{z
XXy
^PTI|jo
Equals
{4&+4
>'CH
*b3@
A#_)
chh mm
c( @t_
<Module>
Nr$|
ew1(1/20319
XloDq !
(6F\%
+KSn_
nwlW
}MhU
%Dy&+
dh(Bnmlections
TargetF
%RL9
6)K0
ca|f
2nSL%aI>
'NPYH
6I H
Jlmc
7nJ|
n' @
ComputeHash
`n,7
btc6CQRoRu9AilW2VDSLgpYZovO7CypTm4RIIVyeAqW8nQW5LO9VrutSMIa6hip4Iw==
$4x
cG9.A
?;DtD
!0z)
SGK2
eym!
"Rtrings
Edgault
value
EZ`6
SizeF
q3;TY
zZIO
g~|^UR
2018
K[i)
tH#`
;B!VkgD
T%#P
4Jq7q
3 3 3 3
$v >S
NextBytes
eQleutses
YtBz
e \Y
.W!p
Q`uh
*~+
gfsda
|+U0
ComVi
~}6c
YxE@
sm~vUyW
].[
(Fi+
eO`rvnskCredential
FreeHGlob
+2x}
GGPwh.
O1)8-
(x~(4
F^%WV^B
-T%
dN `
!}@K
|3 >
Syst
v=.L
$=h~
SUsSystem.Runtime.Int
pB|j
<0 ^
+ k {
{&qk
l67X
j)Pdsrion=v4.0
X:uZ
*\_W
S qR4
ZW m
RandomNumberGenerator
#GUID
P4Q-
wfOAnUUf
r&,?o
Nx;'
ZdB 9
?<F
bdQJ
(1wMB]
s$(8;
k<UqR
\G-k
GetExecutingAssem
VQ;X
vrsd`mSize
w--(-wfhiyhmi|hmi|hmi|hmi|hpi|hpi|hmi|hmi|hpi~kpi~hpi|hmi~kpi|hpi~hpi|hmi~kpi|hpi~kpi|hmidUUiBI"i
>$&-
SeJ@
TNL
+K8P
9U q!x
}[T
$~VH
!"5(6
CommonOemL
eF`rLduhods
d+bmm
gT &
.:I;
`: w
=}X
?'#4
4X(|
ugui
dwCreat
~w$
newPath
Replace
CU8am
6&A&
C0w
=HH7Ne
0,6LMRN
<5!
t8Jj+
}9GT
vRdZ
%kjZs
rX4k,<
L]z
CallingConven
4&<m
iTG""P
ApplicationSettingsBase
SJoYa
h0*
c_\Qk
GetFileN
[oH
WV~
`^'v
9hFK
(&bP
>~kJRQ9H
eLkqm@ttributes
/-gL?j
adu^FullName
:ocz
~ WJ
.6Zt
.0&C
qZ+:q
>)U>
* v@
vv:W
Thread
R[="
NDM&
Te
u$qI
sEcF i
oB H<>anW!nkP79;Qa{8Gj`*
:Z X
8"95Q
!ia7U
NssU
i *
m|e~Y
-q/nQ
WhH5
c`reAddress
GHv `
nCcs
SXj>
Cookies
DZD`0
uQfF
%sq
Encoding
?kK7
Hu!>{~E
C<A:I
fTzto
B*(2
ijsuDytension
bYko
=( ers
];y
c)3=t#-: 1#u~hmNT:CLHZZ=,
o#&|
*Z+
-jXa9U@
/GPVb{
WEO+
Documents
vyxHg8
SK}@
}#U>2*l~Dw0v
u #)
\{g2
0bC{08
,^} gx6,$
hP{O
el(VT
get_Module
{nM=
Editor
#}Za
z~h
Y("Z/
S4&%k
40:
gG34
xtl
/@.u
vw$b3HDZe1-b)S`s+o=Kq2BN
hoieritHandles
t[ "U
.T5
1b=P
Q@TL(
z.-B f
(&ub8
xdRR
H4V2k
z wh
g\*D 0
=!@
0/0
\q1^
WS`
!r,s
adu^StatusCode
h|-!
p{k=
E\TQX@
s6$
k=T
J3_C
U`:$
[*e.
`3E>L
RTD*
F41Iuhm
{S5#
K;@
f-e
`vzFl
~7e
_G>1
1nnco<c77a5c561934e089#System.R
9)L}
E,TZubr
O-"_
ImageLo
A^">8z
sC1Mz
set_Icon
Hwa+
System.ComponentModel
tLx*
*BSJB
u H3
YHd>
EP'+$9
8UTx
v wQ4T
Q*p4
ncOZ
CTda^6
g6->
eUrv
wumcAT/h8A==
;U-%q
bqisx
tA65
&8"
S= R
v msK
8W.y`8
C; O
2SJ5Bb
Z1A/7
rbg
4T,/5
so1
qtHC
6>~%f
v!qY
ti`kq
6:m"
Xl >_
8&wl
"#1)
LNNJaN
6b.
"e
%" $
sjas`l cannot be run in DOS mo
W7'o/
Q66o+
R.Hy!
m` /
@ Ho
[Zm|o[^
1[b*Jc@
.vQ%
B j|(
";dOu;
DG^#
qPw%
c"hZO<
lT4W
p SJ8
g`%kWO
9OVH
YJfO
B}L
[nAs
C2KB
uC'Em
zNAM
7Tn{ *
6C|rd
SHGetFolderPath
cryptByt
DNXLv
!@"W
System.Windows.Forms
filemode
~=X[
c@9~
N(&[
Er|'
/~Ew
W8'1
~biog
p~xai
[S5Q
62g4b461934e089
mXc"B
Ok1y
LocalAppDa
$z+HAY
/]>QaKn
d6p'
System.Drawing.Bitmap
1Y~:
MqaRk
VvkA
3$P~_
iTA;
8 B$
nru`cmeAttribute
m$BR;l
|Nn6
kTWM
eedr`
!D`H
StringBuilder
Wjy!
Odm\
4*6y6
I^Rn
GeneratedCodeAttribute
WVp`
|#r!
f f f f f f f f f f
QXuHz
Sutp
5zW*
pPEQV
IEnumerab
cic@uuribute
=]P^
k7mGh
%xCX
z-w(
F18IZ@K
I>58
ReadSingle
KbZr
4}"[
&D6e
3o\6
j^E4
/fGkL
6hs8
8e{ |
W`f0
qJT]
WrapN
Hr~bH
GetResp
Unl6[y
HB)e
sO.(R
Sleep
xSw`
VZ_}Z
R*2Y>
H>/l
hSDX>
-kyf
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02b_64 Seven02b_64 VirtualBox 2018-08-01 19:57:45 2018-08-01 20:00:42 177

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02b_64 Seven02b_64 VirtualBox 2018-08-01 19:57:45 2018-08-01 20:00:42 177

9 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\johnq.exe.config
C:\Users\Seven01\AppData\Local\Temp\johnq.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\Cz\ndcjBR8bf1594f1b#\*
C:\Users\Seven01\AppData\Local\Temp\johnq.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol28.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
C:\Users\Seven01\AppData\Local\Temp\tst.dll
C:\Users\Seven01\AppData\Local\Temp\tst\tst.dll
C:\Users\Seven01\AppData\Local\Temp\tst.exe
C:\Users\Seven01\AppData\Local\Temp\tst\tst.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\BVTBin\Tests\installpackage\csilogfile.log
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\rasapi32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\winhttp.dll
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\oleaut32.dll
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\iphlpapi.dll
C:\Windows\assembly\GAC_64\System.resources
C:\Windows\assembly\GAC_32\System.resources
C:\Windows\assembly\GAC_MSIL\System.resources
C:\Windows\assembly\GAC_MSIL\System.resources\*
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll
C:\Windows\assembly\GAC\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_64\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_32\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources
C:\Users\Seven01\AppData\Local\Temp\johnq.exe:Zone.Identifier
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\it-IT\USER32.dll.mui
C:\Windows\SysWOW64\it-IT\MSCTF.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\bcrypt.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\johnq.exe.config
C:\Users\Seven01\AppData\Local\Temp\johnq.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol28.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\it-IT\USER32.dll.mui
C:\Windows\SysWOW64\it-IT\MSCTF.dll.mui

Write Files

C:\BVTBin\Tests\installpackage\csilogfile.log

Delete Files

C:\Users\Seven01\AppData\Local\Temp\johnq.exe:Zone.Identifier

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\johnq.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|johnq.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|johnq.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|johnq.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\johnq_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\johnq.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\A6A4CEC4
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\johnq.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\A6A4CEC4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\johnq_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\johnq_RASAPI32\FileDirectory

Delete Keys

Nothing to display

Mutexes

DBWinMutex
Local\MSCTF.Asm.MutexDefault1

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.GetFullPathNameW
kernel32.dll.VirtualProtect
kernel32.dll.LCIDToLocaleName
kernel32.dll.LocaleNameToLCID
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.CompareStringOrdinal
kernel32.dll.SetThreadErrorMode
kernel32.dll.GetFileAttributesExW
kernel32.dll.ResolveLocaleName
kernel32.dll.CreateFileW
kernel32.dll.CloseHandle
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.GetCurrentProcess
kernel32.dll.CreateEventW
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.QueryPerformanceCounter
rasapi32.dll.RasEnumConnectionsW
ole32.dll.CoTaskMemAlloc
rtutils.dll.TraceRegisterExA
rtutils.dll.TracePrintfExA
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.QueryServiceStatus
sechost.dll.CloseServiceHandle
ole32.dll.CoTaskMemFree
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
ws2_32.dll.WSAIoctl
kernel32.dll.FormatMessageW
rasapi32.dll.RasConnectionNotificationW
advapi32.dll.RegOpenCurrentUser
advapi32.dll.RegNotifyChangeKeyValue
sechost.dll.NotifyServiceStatusChangeA
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpCloseHandle
winhttp.dll.WinHttpSetTimeouts
kernel32.dll.LocalFree
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
kernel32.dll.GetEnvironmentVariableW
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetContextToken
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
clr.dll.CreateAssemblyEnum
oleaut32.dll.SysAllocStringLen
oleaut32.dll.SysFreeString
kernel32.dll.RtlZeroMemory
oleaut32.dll.SysStringLen
advapi32.dll.SystemFunction041
cryptbase.dll.SystemFunction001
cryptbase.dll.SystemFunction002
cryptbase.dll.SystemFunction003
cryptbase.dll.SystemFunction004
cryptbase.dll.SystemFunction005
cryptbase.dll.SystemFunction028
cryptbase.dll.SystemFunction029
cryptbase.dll.SystemFunction034
cryptbase.dll.SystemFunction040
cryptbase.dll.SystemFunction041
kernel32.dll.SetEvent
kernel32.dll.ResetEvent
kernel32.dll.GetTimeZoneInformation
kernel32.dll.GetDynamicTimeZoneInformation
shell32.dll.SHGetFolderPathW
kernel32.dll.GetFileMUIPath
kernel32.dll.LoadLibraryExW
kernel32.dll.FreeLibrary
user32.dll.LoadStringW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
iphlpapi.dll.GetNetworkParams
dnsapi.dll.DnsQueryConfig
iphlpapi.dll.GetAdaptersAddresses
iphlpapi.dll.GetIpInterfaceEntry
iphlpapi.dll.GetBestInterfaceEx
kernel32.dll.LocalAlloc
ws2_32.dll.GetAddrInfoW
ws2_32.dll.freeaddrinfo
kernel32.dll.DeleteFileW
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
diasymreader.dll.DllGetClassObject
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
user32.dll.GetActiveWindow
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.EnumThreadWindows
user32.dll.GetFocus
user32.dll.MessageBoxW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
dwmapi.dll.DwmIsCompositionEnabled
ole32.dll.CoUninitialize
gdi32.dll.GdiIsMetaPrintDC
oleaut32.dll.SysAllocString
user32.dll.SendMessageW
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptCreateHash
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
advapi32.dll.EventUnregister
cryptsp.dll.CryptReleaseContext
rpcrt4.dll.RpcBindingFree
oleaut32.dll.#500
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-08-01 20:03:26

Detected family: #Malicious

TheSystem Itself @ 2018-08-01 20:12:02