MalScore
100/100

kccInvoice.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 37/65 Related 2707
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 283.50 KB (290304 bytes)
Compile time: 2017-06-03 06:44:28
MD5: a111e207f495b18de5f6466e56f19f4a
SHA1: 916472a9bb31d78c7ac57de9821be37b77d01b45
SHA256: b9338d96902316ff91832613fff9165dfebac554db302c57a3483d5b4ff067fc
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-03-14 18:03:04
Last submission: 2018-03-14 18:03:04
Filename detected: - kccInvoice.exe (1)
URL file hosting
hXXp://peadarking.com/blackgate.ie/bless/kccInvoice.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-03-14 16:06:41 [37/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x463b4 287744 a40cb4c59e9ff3d74ace3f0a6cfa058e 7042fa306b661b11ebca4f73dce193905c368206
.rsrc 0x4a000 0x5f8 1536 ada98d1e467e3cf6a1e65a593a0de6b3 1afe055f9465811382bd85e9c181514b02e838f2
.reloc 0x4c000 0xc 512 bb2a2b40e9b295eb8c50a4dc574b52ea ad23678ad559d34a47769f2c50e5e613a3370482
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x4a0a0 876 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x4a40c 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright...
Assembly Version: 0.0.0.0
InternalName: kccInvoice.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: kccInvoice.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
Comments
How is seen in task manager
InternalName
Translation
fdf3b8b2-c592-0c34
fdf3b8b2-c592-0c35
fdf3b8b2-c592-0c36
fdf3b8b2-c592-0c37
fdf3b8b2-c592-0c30
fdf3b8b2-c592-0c31
fdf3b8b2-c592-0c32
fdf3b8b2-c592-0c33
fdf3b8b2-c592-0c38
fdf3b8b2-c592-0c39
LegalCopyright
kent.Properties.Resource
VarFileInfo
fdf3b8b2-c592-0c29
fdf3b8b2-c592-0c28
fdf3b8b2-c592-0c23
fdf3b8b2-c592-0c22
fdf3b8b2-c592-0c21
fdf3b8b2-c592-0c20
fdf3b8b2-c592-0c27
fdf3b8b2-c592-0c26
fdf3b8b2-c592-0c25
fdf3b8b2-c592-0c24
1.0.0.0
dee256f4-4912-4108-b230-41709f1b922d
kccInvoice.exe
fdf3b8b2-c592-0c58
fdf3b8b2-c592-0c59
fdf3b8b2-c592-0c56
fdf3b8b2-c592-0c57
fdf3b8b2-c592-0c54
fdf3b8b2-c592-0c55
fdf3b8b2-c592-0c52
fdf3b8b2-c592-0c53
fdf3b8b2-c592-0c50
fdf3b8b2-c592-0c51
fdf3b8b2-c592-0c10
ProductName
bbaa2c68-5d3a-c0
fdf3b8b2-c592-0c17
FileDescription
fdf3b8b2-c592-0c49
fdf3b8b2-c592-0c48
Copyright...
fdf3b8b2-c592-0c45
fdf3b8b2-c592-0c44
fdf3b8b2-c592-0c47
fdf3b8b2-c592-0c46
fdf3b8b2-c592-0c41
fdf3b8b2-c592-0c40
fdf3b8b2-c592-0c43
fdf3b8b2-c592-0c42
fdf3b8b2-c592-0c0
fdf3b8b2-c592-0c1
fdf3b8b2-c592-0c2
fdf3b8b2-c592-0c3
fdf3b8b2-c592-0c4
fdf3b8b2-c592-0c5
fdf3b8b2-c592-0c6
fdf3b8b2-c592-0c7
VS_VERSION_INFO
fdf3b8b2-c592-0c9
Assembly Version
CompanyName
/QVr
Same as in FIleDescription
fdf3b8b2-c592-0c8
Random comments
Company name
StringFileInfo
FileVersion
fdf3b8b2-c592-0c12
fdf3b8b2-c592-0c13
000004b0
fdf3b8b2-c592-0c11
fdf3b8b2-c592-0c16
ProductVersion
fdf3b8b2-c592-0c14
fdf3b8b2-c592-0c15
fdf3b8b2-c592-0c18
fdf3b8b2-c592-0c19
0.0.0.0
OriginalFilename
DkifR
=zs<
d l
j=sF:
:NIv
mA9$H~
a "2
"Idu
cmY!
DpP5
\~Dt
W{ #Y
PNG
2rD`/
wjdD
cZi%
j7!C
M1iiW
Yibx
G{'-
EpjeT
)j,=S
BS\M
$I( I7][
K]=&
<A$N
rEat`G
Z\<~kx=\L
Q3MdL
cYJv
"wZ}
Jyy/g
dTKe
dDY.
ResolveEventHandler
`[%v
V:dWYc!
OHDi_Bs
.S :9}BlT>
A)Z;
Vr5'
Fyn)A8
<2il
h44uW
pXo~
UurbyE
'v+
&]8`\
"N9{H(9
[k V
m^r$@
`<v^
IN<&
D)_y
/3sX
iO#
<se"
3cSD
(B|
<PrivateImplementationDetails>
~(gv
t-+
d SQ
;>.K
']KJP
MarshalByRefObject
]iI
I5)<
U"*a
b/m5
kcm*]7 y|
3Lh%}
|H=E
.5UD*
]WjX(
vVCD
s&Va
]|zP
1LQJ
[,?7
[F(m
zB@g
m[mg
-C8+
<zK9 t
98 wE
,V#
Ld3d
0BS#v
&'z0
b@kkvfGw
}vfVf!
Y';{
\qs(L
7U\'
P"4
3r;{+*AK
4M3U
>>-t
Z SC
7M[%v
gB;F
^ t ^T
K)[V
y&F;,
^"[B
R0bw
;_U[s
FYy)
8fUcw&
F+Hty
coSk
1LQ
. y@
9@BBPj
S(1k
XMJPxg'
jjgZ
CRT6
{pmF *
`~zVe
#q[9
<-
aj(!%
-Y},"
,c(Y
Rw&-H
System.Security
"K[D
'yH>fK
$ S,'
|BDo
o/bA:
&%Pf
KSC$J
GK6!
C%9P
y4t[
|f c
F<'%
=a]b
iH{F
oASM
9oI$i
o
`'_ec_
9mx
Application
jC.H5
iOdP
d?-G
"r='
e"I
l N:
*YC^=
>Mqd
U8UH
P!>%
H-C@q9O
gkp)
)o&]
}H(#
:CK,~
<5{Nqk
EnableVisualStyles
PPrT
*KeD
vM '
y|ez;
3cyu}
tw~
Ai"&
ZY0
*utD
00'm
1dY%v
D+Ln
~ I
AssemblyCompanyAttribute
1L[5v
?T#b|
Rh^
Uuvw
=hgx
grY3
)@yJ
RRR:G
_J8{:
!_lG8&
zBAak
9&_>O"`
"K$@
P?vH
qD\jIH
7LY-,
$3no
l:{t
L?y5
FflAO
eF4v
Monitor
0{%qY
B#Sw
7N9$
!U u
AppDomain
Q:>Uf
P1 O
v2.0.50727
\c g
%$^'
fwSO
z n'I
`nI}
[ `y
L 7O
W_Qp
$GdD
C;d#
)Ft`$)
n1s<
CRtIN
B7Q9
iyPz
r&<=
?S4)a
5]4ec
v4a)E
wdfyF
Tk9DV
'kfE
]=8EF
aKOD
? :
4l=MP
O+7&
MMtU
_uyW
7xZ2
}Hf #
:,]jD
F=?Dj
R& )Aa
O[[%r
@k`9
P2*x.
Z^p$
pi2n\>
|N%R+g=`
fr>t
&'WJ
XN"x
HfG`?F
y(4ja
<(w: y
get_CurrentDomain
0{&cY
A [m
ixql7w
XYXF
\>lv
S&.y#
Ro> Y
K_}}5
(xsW
r_w%9*
;y%!
*-:{
7N+b
0\=Z/
!Ux[
-*Z.r
&1L[%v
va8%X6
83 /
<w,(0
o{be
db'A
>kD)E
i!aO+
set_Item
<"|N
^yg7a
R!?~
>M/p5
KU,)
Y/s&
XBcd|"
VD2'
:=)-6
u'HedF
}L}h
1YUI
;*A=
MNnv
7LD5
E0 \
dY$e
Q#>6
]4%v
r#+\
Type
NzZ_x
>U`#
mG`E
46%O]z
{X.P"
=0\3
K2-X(
EO9>*
FI]F
dDlL
eW].
.Q9
[ MY:
^ Wd
B<F=
: oH
Z$Md6
O( ,
8P0gN
[9nA
*a}m
H+\F
=D d
hlbg!
wEBfgg
T8DF ~
"KdCl
y%p,
//ap
$&'fD
>qpbQ
e D+
/L[#i
u3*EN
Char
txWb
q$*[
qi= a
t,W*M
#|b$
kki9
(Oz`K
^@u~T
hu:m
g[EV
SX/=%ms[
KeaN[
OJ^D
l* !
3mhU
q^WZ
-{zd
! xH
FOZR
j<Z` I
&5@D
'IAG
I H5Ji
s g
*M]_<l
String
^8y+
H,V)
GdY)
_ wY
|T2IE
z G1
L.g-
2XXZ
IDATXG
-s^zE@
>c/CD
ogUH
H ;r
xB|R
iL{Z=
+A E
$L[$v@
hv/S
G,d3
Y3(v{
J$0@
_CorExeMain
=*er
O?##T$
J~|k
QK7=
oo%yKF
I>lHc*(B
PY7=
r :_g
h[lY
1 whhzE
("F,
Ip8*w
K(!P(B
i BK
atVI
6}!a
> 5z
@xzs84
0T/xu
K47X(
sO^t>V
}cOJ
sPd5
m6Fv
}k>t
GDt|
W@QF
?!Nl:
9 '[
.text
YZ]t:
pH\:
H._ /
y&Ny|
orN8
O^)0C
grN<
}mE5_+k
I2e1
M<D
y$v"
d&8PY
B| Y
i*ZB
p9k|^
]]Pm
PJGw5 6
fYw)g
qEW~
)3C$R
<+\_[
(2Rc
4mq=[
"Zgl
]#<w
]3eJ
&U2si
m^3{+
xE 6
6T[iY
upes
tSNIz
vs-?J
7LW*,
dN~i
qw^4
fFU8
v [%v
3>.8
PNEK
;D1l$>Z6
IP'`
{wJO>[q
S^Gi
,MdG
].z7
iR2
eYX~=
O'}0D
L7;YT
Grq%0
KpTc*1
0|$%
PMeL{!
G{PY
wYQ!
L[/\
Console
fx'4
l)dr
Faj>A:
-T'?
\LX+v
E .K
SU<E
(J*.a
H dm
fa[Z<s
8 Fzh
uMSSB
9zw<
g7/J
p[0h]
. 0Z
G-At^f
xTB\
W>)p
VK7=
pO_|
`~.'
7:oP
b.>}
1Lm&Q
VL<@
w`3w
]DGw
xRR:
RuntimeTypeHandle
<3BP
mta;
OfS
<h[s
Djs
~?HO
C8 j
aD[blD
&1L[%v
3'rx
(U<7
mQB.3J
J]lL
`.rsrc
j /p
vOh&
DZfwe
"KmD
(!F
e= L
$LfV
{6OH
/lHn
get_Default
SetCompatibleTextRenderingDefault
%MAY
=-I)=
#gjF
ZY%I
nJ+T
+I?d$
y7 .;
DuSznY
POH
nZzJ}
%$Er
Dj[$
$\x,HF
% (
.oJ!_
+4 ;a
F;,R
Tk!/
yf>>
V_ZV
rX-f
u
&>0C
UY#JR
(1a
7=wX%7B
Y9dg
S01z
7bw]5
F2N
Bvi&lBk
@}}#
kt::3
Vzy;
3xVT
"'5w
{G-hY
BVF2
MJ>
aHQ$d
-vWV
Xl J
lXU]
Kba_
0MG+q
"UE'M
\,-#
bQexD
-!7/N
"RSD
78E
(n)w
#A $
tN})b
&'0C
l~WP
.aV
Vw_E
BZb/
PIQ&
TIZF
X6^q]
r*w\
F-wI
w5B|
J.f>
<_q9O
hX;%Gw
&*8$
3Odde
/;tf]
E{Hb;
1Z[%v
kY1E
8@(#P
6 P)
|B8sB
yK"k
~PVI
rvFvxl
byVF9
)VG
l"{g;%"
hT/E
B4unQ
j(BF
Sn}o
nppNj
\![%v
^/0%7
,qUm
b O,y
K=B~/f
&@%<FgC
LihQ
FIdx
88F3
TT=Wnc
Jw({,
!LQ7
> t
`=9:H
\+S-\#
$4A~
P-m8G*
{Fm8
D^zjH
a JC$
{v;e
( l}j94B
"K}D
R0S< g
;kcT
LcQ}
n\/qP
>^Xd
Yp~s_
1_k&v
1A[%g
1LZ.q
P8:%
%k3)aJN2+
System.Runtime.InteropServices
wr/6
1J}[a
Write
ft]?:x@
set_AutoScaleDimensions
Settings
ICustomAttributeProvider
z~PK
i *0w (
~`MP
SZ^@FBs
|JQsp
get_Assembly
s %YF
&*8S
XDe
zUVTH
TK#f
$<^}
K("X(
CPRc
X#ta
J)R#*
:yIU
R5@_
?.[c
Hn9Q
D4['X(
7\;>
.x^P
MJ?B Q*
*$TD
$aJd}
D k,
O;w`2
5!Ls
K5=:y
~] #
UGe;J
)T^%t
System.Reflection
O|)(
KH!n
}7@!
pONoa
IHDR
&]wB
System.IO
6H?+
x]9' t
[ =`
_b_,&
sQJC
bV#o
6 <^
>X.i
$aJdP
v-"+(
-nNA
(?s3
CKnz
_),U
,9J_
PnV+
wz>wS
m[}q
PD# 3
"Hd}
n\}k
J9~}
!y,{
V" *
%1L[
{ g
tms4CZ
&+igd
rM?'a
A^)Z
u/i
hK#
*Kq&
4F $
*^?r
pXY*
^5 t
RuntimeFieldHandle
y?L
s4!
p&F8N
l9!F,^
y8uoxq
rx?f
~ 3/
"Kd&
STAThreadAttribute
tm@;
=(^
(%<M
3 iIn
iP KyFB
tw31=
v8MZm
&*8w
Y?K)U
{`6Q
s :23
,_MqIn
!4D[
c8<S
TUWgr
1DD0DAFEB018D8FCBA23B5E63ED63EC8F997B3F9
T|OK
?j-Uk9
I#! %
{gW
0V~i
_->W~
&*8d
Rp7C
&*8f
/0O
&*8`
'iGkQP
y(/Y~
QIS$G
&*8h
# #^
uagl
Vcs4
kl")
|*@(g|
yKdN
xU=P
yI5lFipa
"Ku:U
System
EventArgs
eCPw
B=nH
X TL`=
Nuue
0]EU89
3]+8'
Iv pW
F*q(
LM%v
=8l-
x.o_
)u.y
>hO]
sqvV
1L[%uO
e`se
_n9!
Yg!_
g[g<
Jaor
~yIba
@9:I
'*#CX
@Vgh
gjc9
G8F#j
k-4[
a kZ%
B%U'$
}<J
M.[wz
T?'32
u4G<Q
#Strings
R\o'
d]{
O4,Y
b6lv
X@ &+
}l2n8
bg9C
h:XIP
Evidence
Cp n'I
Gst9v
s_B
%zPNz
<YqeDVd\F
6EI`d0g'>Qb
1l[%v
;_F:b
3hX@
IT5L
:^pf
=Z]I
eZ^B
:cQtA
Pb"?
IwRL
2!QO
}%[{}
tHQ-v
YirC7
rk%L9
-X&`
dD\1
SuspendLayout
C $~
Spu)L,
zqso
JK#!
(`7Z*s
(c Qc
Qjd c
q*V]
I~r!
J:eY
7n7X
{v:q
get_EntryPoint
=L[&v@
)4@}
C4#G
{nsN
3g9
!6Em
:ot'Uw
vDi\
.2V4
xhsP
V@LU
;"1M
cwE
K7RW
*|bp
WYz/%
1L]-^
R2u0
M$L['v
Q~|5K
Ep#:
V;N:
vD8 pFb?-
E|+u0=
"K`E
&-"N
ysTk
7H/wk
AaIv
W9Q+
+*6(
X+.W
P-so
&RZ5
\PAh
AssemblyDescriptionAttribute
6v}vyz
i;=HiC
=1H%qB
_WCE
kE7-F'
8K+4K
!l%M _J$
."k_
l.$9Ctv
E(0.B
sI.;
$aJd
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
System.Collections
ZiH^
$KeD
L]`T
}Q.c
SnEly
m Pim
iuuF
2tZ(P
&; G
C,3q
#K+D
O/j
G%G
e !LA
dQ8@ 7[<
s>xZ
-qi}
Kwuz
d Dm
GGd_!
he*S
xLz'
G%d#
QKdD
$!(O
RI%
0<Zv
^kC^f
q}.B
C)5Q#
{MdD
R;(%
z?G+
`9b
,%fQf
<c+3
km0#
.3^Z
j'M5U
aaRS
|7Ef
>JHF
UL#P(
?Xq.bOU
LiG"Mh
P8 +
hd"~
*kaL
X?VSVM
[;C&
TQ Q
&&yR
5$m
geG{
=4$]
+ Q!
o>](y =
P[C%
I,D9wE
&dh y
7]%H
aG'
0II-
IhO6
bAx\F
sg "
FFi
^V[N
ct'{d;{d
Sc g
= Oj_
LX$v
a M*
>Q**B
sNV
K)%F(}
qEE0dl
>IT19
N>n`
@.reloc
{ +G
{q/Q
@"/;
@,=ZPT
!KdL
T/J`m
~<x$
+"S.e
=Dsxv
m3}y/
5V _
|.+9
W C
Rs[H
`}w4
s 8u
}S8N
gX6l
F8EB065AEA3026AB3650800E837BC7DD5672B97B
#d2%v
y9_~
>>J4)pf
o[(~
es@>
1oed#=
+&~k
1{2g~
f:ZQ
%-)(~
fcGM
eYAt
at1LQQJ
"<_NL+
) qQS
]yvR
7S4)(G
U> K
Form
e#)0q
1LQ.q
i*X)
|6 V;
Lv9Y
:c)#o
Tj if
N0g6
K+=UI
q9@|n
rRt07
"Kd{l
\ZGxE
*3md
dkwnI4
W3>
6{%
w5'D
S !_
WZT{vM
=#kK
5MkGy
TMn<
dT+_
n!y8
!/cG
.g;Ii
E")b"
NRHPF
ACd
KJ$B$
eMrD
^PUb7?
orO{)
B+HAabL
Rxv}
M&["
JG~rs
V{}t
*g7C
$8>
pMOp
.O"<
1LQX4
jtezJ@
a^\M
Free
?I/W
"JdH
iWDl
_s>kj
{O]
)0CtSN
A?K,
FNQ]
O^tFJ
#O{J3
<qut
R8m+]
Qb1'
$@!
raR=
l\EH
z@T3
7{ZaI
OgaJ
(),,
@c/0M
bjSY
{$+&
>o0Hh
7tOu
0DG q
Default
Br}{;^>X`
3*^_
q8],=
GE*X
:|w` #;
2KeD
J>-Z
9bKm
1Jw'a
S!?
,IS-s
94|3U
vDu*CdF
G\-C
ih^W
HskF
88L E
ApplicationSettingsBase
b 75F
e]v
rFVD
zG;?(vo
;c"L
LxBx
6r/!
AQsL
q B<D
Cp n
"R*d
J,rf
ResumeLayout
r:K6G
C55#3
+kM.
Q&rz
v${u.P
vgSK
Pnb0
#re}{S
s;%TL
n59)
|NXD
UG 3
x{go|
upF
%[Z?
7y$~
)4klS
ZC,w5
g7)L
GuidAttribute
Pih\
7F=
?o,U #
<TPa
E#O
G4i
;dp%v
;lA8
5Sr9
`;gf"N
5C^R
ngsQ
eb
)Lu%v
"MLA
*vWfj
)XHY<"
+B8D
;8<d
QueueType
RdMh
4TK31h
LF f
SMdD
zPm8[
4(G9
2/eDg
;o\Sg]
Y[]=7u
ACBqZ
_nn;d
%\<W
@ <X(
1 QV^7
wz^+#J
9W'y
`R]Y x
{`x"
K9e
]*6I
p!O8
(Jv<
M_7[
:2bT
1i['v
GG _p
G |\a/
@Q&'N=
w5+7]
V?2
mcdn
d6D)
$:7n
B2${n 1!
nldy/![ uA
6|YM
!0,-S
m30>i
|E47
9Kd@
HH c
m;B,
1L_
DJ$v
ToString
zU["
+$Sk
-5bD
4(_ce
E Mg
b@>81
|3Kx
Enumerable
EBc"
Mv]%
1_k'v
\196
:B0*
18bB+S
$Rl8
>$Xz
AM O
4fy|
$)U
3ozs<
)^\1
*5{xeY
?Z\q
C97!
G<U^!
l^I|H
9C]<
fczCUH
E2K*
=fZ$
BfbO)
r-{c
LORmIVS'|2 %
Z&/Z
:*Q4`Pz
;iW3
]~EU
_\tTz
ayI`
$ &_Gj
rPydt
kent
!+LA
"*Z)F
Lax]
+9'?
Y^/U
XG ,
|8lU
Q0 F
AssemblyTitleAttribute
3?O~
eA>$KOpW'.r
:<2Y
gOCGf
9}+(
p@?0
GetData
Cf/>
P9tW
#KV>.
;k"K
i-8Ca
g<f
Bf~B{6
ZS_
ebbfd5af-f6ea-0c.Resources.resources
f QA
IfE=
A 4y
=*N~
L bp
ruq{
q!lK
R^0
add_Load
ic
[ Y2
s6Jefb
a ]Q*
SettingsBase
4 zkpR
grW
gbT&
_ ~Z,aRmy
D16A7DFACE16BB380DDC30ACC3CDD78750932BF2
;e3q
qaw<
&o;5!K
dRlX
z.MC
0OL2
(L^%l
)yS]
IZnIF
IANmn
%$"
x}V
A(lvMl
q`y2QB
OY8!Q
w cdVRL <z
BMid/m
^I=
Data
I47W
1q0C
WR4r!
}XWh
Lp- s
Q4L)\
O|3P
;vmy4*px
/WFD
V#
'l3W
l#IP
d- L
>/b&4
`0S|
K{2X(
;j4\v
<\*^
#KBE
1q0h
pHYs
.ctor
,XME\
w/k%eS
OI[%r
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADP
)fpK
(|Fuop
'GlU
8 go
"Izb
-%CkQJ
i[ 71
X%Ou
;sU4
OY)0C
=T'w^
X&&#=
H]`dlM
Gq1N<,
xPX07
['v+
ZCy"5
R ?!
$X+u
3{->
>oOJ+t
'8U
_s4&{oBD
*4cJS
at1LQ
AwAs/j
.[bEA
5pn?uD
.]=1f
}&$j
MB.+
[s]
ve-$
u[%v
N. %
7*z{
sd<Ra
e:n6
6+{"P2
?nu|A
TEDNb
GK%7
?7z><
tKf<
wzNWZ
2&'PFE:
T}(]
Ttzm
@(<PM
Qd}M
v'B@
T}(a
P D
c)(@
b{'
xsx-
P! C
RH<g
F&2=
w{76
iRm
>&xd]
QV:B
8m r
{c?d
YR"B
=P N
fj[8D
1:zD
PBxK
p_~{
O*{UQ
^]T
D5l<
GK'+
b!1Mt
+E E
"Id(
_h%s
IY\ "6
yUq/T!
78TR
J&vY
"Or7
WZNZE
ukYg
4ZF
iGG)
/?9?&
00:<
1L[%iO
Byte
:L%-v
Load
l4CD0
7?8e
=VcnK
Sy]U
$dpt
'3 {+H
"Idr
0kf:v
F;k{
#*i7
E,u5
L3|5{
|P= c
"Id`
X6![
*#oI
#[!:~
g#=T_JQ
M8=yd
YL<@
+p<O1
L[#m
(Yd #K
#xl
uUL2
5h-]
"|P%<
uojA{o
T)m~
E2Jc
su+J
G2bW
.$%lh>
FUX{
rb#)c
9gU6^,g
IlKEv
ic~ g~
_'}8
,$D:Mu)
1L^%
8pQb
RUh<J<9q
$X7u
IKD)
99LY
z\ d
n|M>
Y 8z
2e3A
O; ~s
MemoryStream
#>uvW
zh
;q/
"Z6D
AssemblyTrademarkAttribute
<$S/_uy
&i#[
;q7A#
PbAV
O9X`
^:m.
2uWh
s._v
I:X@H
nBJeY
/Mdy
&F S
uXfMhsud
0BF p
Rs8{w
3^~S|3
`Ys`
t[pBo
#k]{
get_FullName
N\U 9d*
7PU`
0eV`
-3}Z
aV`A1
1%Se%
6^I
' V8
;4b
d&3O
~ d|_~I
]J6
bj\^v
VA[@5
]!UU5=
`un/
l:!M
<(4
g3{4s
^7|U
B ec
Assembly
0KfD
4X\=
/[:E
\W|1
_c,A
E>2K
_)r{E)
KR=w$
6fu\
9DS-~
1L[>v
j(Y!
9S]&
kent.Properties
p ab
w~f$
Z>*l
#_3BN}4
. 4&
2N(.<
V_j @wd
.}tb
e$)J
'eNg
\h,W
|#*tr
CcGr
$87D
H:L[&vc
i kse
p&F;,
Dictionary`2
"w8K
$[(L
,v]
\\dD
f;~R
k,|7-
a>4F7
nq}%
YK.
n?_L
Ea(+
J!Cu
Ve#
bwrzcP
<|Z
+@ E
bD/F
set_AutoScaleMode
System.Security.Policy
-/Fh
l)R!
bpQ&
NR2TYi_
gG^B
L'hX1
1L][4
qhd
fmQ`j
cR-fw
Rl+N
D<(D
.v+p
+KdE
,6e7>
z{Y2v
0Xd.
xNIO!!
UNmG
%O+_
|H+?
>S!6
X
N|JY
9$O !y
IContainer
){?s
aUsj>Rk!
{#3IX
7L)`
>v*=
+i)R>
)39I
ZZv
I_O7
]9>z)
0^Y.
Ktr 8M{
^vrE
,E|\
67PN.P6
nU:Z
$k I
{f/(kS
J[D
jdsC
set_ClientSize
3%m ,
v}s/
"XTF
E)8Q
ebe
@S&}H
'z6
6Kd@
t8)M3@
;g[&D
R\u~
6\V#
|HFt
>qL*
X \
$})P2
X F
UR{A
-d Z
*<mv
X A
#Blob
MethodBase
Control
D$ C
](S
&pKjd
&V;q1
nN"wz
fVg)
X =
^ )
X 9
|$kR%vi
8#
s_x.
T \{.
R"Ti?4
r^&|n
pil
MUh1
G#0@;
^AL\z
8lY$g1
$%w!
3BlQ
YSK.
ResourceManager
RuntimeCompatibilityAttribute
^h[%|
GetExecutingAssembly
~*e#?U
)%L['v
)ZdD
6> gN
G\dD
ov
}#s-
"NdZ
|:x:
kX"]
dY;b
{ CT
o5g]G
`=Ea
up<C
^xM>2>
]rRl
|mi;
:R^b
G}UG
s+bB
cS-mu
WYq}n
B,cM
pcLq0
zE ,
a:;5H
zK8Z}E
Pe U{
<oiF>
ueU]
\Ze;w(K
8 ?Wd<
/WxrGBAYk
y<Et
}%66
N;{i
W_ !9
1LQ I
m T2d
t(l.
*|;M
4gef
wmr:
q=wr
>1AdM
{XEr
"KwD
#Vj9
AssemblyProductAttribute
IComparable
!^dD
; 9)+z
Rb+o`
% 2n&
.pB%
)"%n
\:o@
"/-]Z
'#N2;
'/d=
KdB
K; Z
Zn<;
AssemblyCopyrightAttribute
VdD
.sCI
BF1512AC13F3DC3B09FDAFDFC9928F1CFA4FF13C
4%x)
mciT.
s?kp
_5}
}D5 k
xc)X
Y 82
Y 83
:oN)
D XG
b.)[
6#JQ
pkUE
{zWe
Y 8.
8^IP
XSD.$
zZv<
C8 D
Pp1I
Kb/i
\s[Je
0@,{8
y(9R
c-2AR
TW/d
gDVQt
D*;s
F'`k*
{(RY
3H%maHjX
qQfNTC
]Y
mg:
y?-H
6{%qY
?7\A
;AzK^
v<:!
JSws
I D
Y 8q
/2HU
*f3G]T
-Tr0d
7]8`
Ob3s
K+0X(
Y 8b
Y 8c
ueo!3#
3$ w
EW?wS
dyW^
>44e
GKcJ
Y 8\
Y 8S
Y 8P
dpu
:WdD
0^:I
:KcR
ktk-
i&jP
KMV[
~7x^@SAW
3ou:
Y 8F
oUtq
Z4/E
" d|
W'#N
8G
*r/2UE
rQFu
: >X[
Y,L[!^
#K@&
$d(4 k2
A?IS:
`\+M
Y'{o
BSJB
a@1LQJ
Exception
q9Y/
DQw\Sv
A&2Tw
1Fq
H!l7
uNF7U
IoJ['
,vb7
+ ,"X
JN7b
qI<&
LJ4[S
IConvertible
r/ [~
$cmD
vzXv
"ANv
fZ
7v>T
^<E@l
7M1>
JeA_
=V4O
W+Nuc
4Fw~
Noaj(!%
^o5)
mekv
M</h
2/ F(
mac?
+{de
q q:dDFYY
vDm&KeE
Jq%m
>r)XL
dFQdK
cB}\
]( W
yL'h_{O$<8
_D Lk
gAMA
UOOa
NS!#
^CPo
;0o>
72K%v
M2. ,
l!G~
t&CE
*h.
IEnumerable
q/`s
AutoScaleMode
^z4Zkl<
"%.!
{a!&
2YrM
]kx{jlx
!kd@
WOD)w\
63*R
3Xv^Y
</R-
u?d*
KLam
.cctor
GR$p
?k]1
q7}W@
.--<
x?O
9FM7
l?B3
{ U:
dCb9
mscorlib
_;DU
" v=4m
!`hiB,
1.7 [3
)e<6
h287
h/ T1&
8chZ
Mx]M
8F6;
Le=Y~P
1YUu
1LZ%v
=4OYVvT
CJ616
BqB I
L'LR
DF%/
X^V#
6.57ZJC
A5D?C7
4L[%w
(Sbr
DNih
Ww2+
$|PA
[Zc_&
lNV6
D}#8
/[)k
,beyA
:Ejv
u?9;
5m\-
n \4n
v\lz
\NdD
$X'u
#f>=
Vb)[
u~#A
7dO'
y` {v,}9
BvI*w
m {J
ECX$
l6g9
ispje
[Q.9E
+{N]
] pn;
oTQ\(
Resource
+$">
Yg=p
MKdD
ContainsKey
0guO5z
@F&^
TR1S
,&%J
L[/^
X\14Q"$
eOHR
kent.exe
|P'sB
$?p~u;
KF mI
}[X$X] S
WrapNonExceptionThrows
Bwk3
bi1I
dgo.
[SvGA
^s5\
l;v`
Nm:O
DZ="Q(
GIS\
3BT|Q
LxKK
e&!y
~m[Uf
zFi-
Ls.e5
'1=-
HL)%
5ZJ"V
ZRQm
D:*Q9
<A+r
rVFa7
h`_-
\_9#
T9+
r Wo
Size
Mw6|
m h48K
.va*P
shcP
ilfFM
[U]0
Qt[d
4oR.
(z+O
&:cd
" 'V0
a$jJ8
Incarcator
\T/M>6x
,Wdm7
i+dLK
L8FE)1
'`QGB
ihrb
^?3v
j1ZF
H'/R)a
~G>6
4?\1
Nzvz
jDS$Mw
1LX%
i0,)_
fPGV
kU #
eYut
N\)l
yP @d
%ms&WK
if0@E
zEL
$ cn2
R82J
ZphS
g&+
RpUO@xx
j;,&
M 2j
PK70
"Kdc
*Y^G4
# 0'#
#1'xM
}W/]O
P3p9
qvki
8}A&r
"KdH
"KdK
A$hB
"KdE
"KdD
1;,R
Y_^P
1F]J@
8)jP
9Nt%
|+=L
Z=x$(B
d&B
MnTu{
.Nx`
"KdT
4?N
"KdS
b={E
'zrZ
cYZ_
-}@I
H GE
r5WKjsLm
kj?,
D753D0A878EB0C0BD3275A783C17E0129C61D8E9
1'[Vv
F 4^
IVW 3
5<r6
e2(hC
DeflateStream
m"b
K'X(
*NN0
%IhQw
N9EA
R_:u
3System.Resources.Tools.StronglyTypedResourceBuilder
i"#=r
)at<4
vAH[
;2nO
<IOP0q
K!A o
.`rcJ9=<G
vE`y
%L[$v
v1"y;)Q
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
@o+Tp
a~$>8
[x6-
rf69
i7%*n
8$,N
|+maE
c;y=
9A8/
-, GZoZ[
Gx5Ii@
*S ~
l^3
yl8MF
$Pz0
:Z&O
G)[h
Ef]Sj
~ Jj
cYZ?
e+O%
=n{(
\FdD
]J4g
!This program cannot be run in DOS mode. $
:{tH
D\v&
flwq
r*5t
hI8]/
kbEv
wm**
VVg8G
Sqw&~
{ eWwE
W$3
QG D
' jZvC
+_~m
njB5
Dispose
8
c-%zk
0#SB
P=N7s
z $6
.1xK
U"vq
@y\x
)Lh>
isnF
;sb
~<5R
fM#&W
9PYW
taZl
kWm9
ICloneable
b\z
5 8MIIt
j[ sMw
r mp
J{1`
;!r
ZOS4
)0;]qLz
15.5.0.0
ME2}
VMt
[7H;p
Dz\3
jt|2
oIg%{
x7N
8R
<MmA
{ I=
V (V
5\D_r
-ooa
,CJb
;#td
t,gp
xP=G
*>jMH1G^Jt22E
b` >
COW%
#GUID
HM{
&tZF.
^\2oP
@A?q
g|c/
U579
#a~I5
* SCG"
gT/)
_96@
Qf~
3rV"#
$;^05P
P]Hq
7&wg
mwApK
F)m
,*1k
sc g
ek F]
=6OV6
1k?(
7."f
^"CT
FK%!
X(
!H[Wu
;( R
7x/l
TTOM<
[rd'N
gTLJ
0{yfY
ch (@
KVb/l
+x>L
4eOR2
G^*$Y
FMt4g
8ly
:6=O
dL W
og~dnUxQ
5& ?
/Ov=^
gTLW
BOC{y
E
1i-%
GDh?
g2^_kOMO
E'
B*1t
+-Dw
RL)%
Re%6Qc`
x}7*
Co:k
PoDoBu
`W?1
9YYg%
N2Y4
HDFFgd
0Z&v&{
_AppDomain
>*i5![
nw )r
$ArJ
Xnl
1+>Q)
)Vu?f
FdD
cjSP
{/Kfg
o>~>{
k;lU_
DC5)
System.Linq
r{F?Z
1LZ6~n
f LE"
.(LH
pG*z
bRV,
MqR}
M!@/v
bEFp
>lB~
]kQP
]-n9
9&':
wfq:7
%k24
7B*{
'lW)|
1L[n
H`3A
T*Y[
hjRQ
EditorBrowsableState
E(=ar
x-JV
5@\V
syov
9o/L
E 2I
`Ew*
?EtHy
5;}^
erKz
fss9
6T%3Fv
di`g
6~Rk
sw&0
Jx)k
7MLl
}U[X6
I y
Gwp$CGA
!nL~
;!1{
;O9>*
v-F{
3ZsU
+1{
Z8 @
|7X?
(niL
Vl$D
/"Lj
;h7"
P,.9
5!fC
jjoh
k;TSr_
MRmYa'rn
w0ZAV
*8kR%v
-<bR
`9k8
)XN.
' 1{
I+N<
#yrzlW>
<x ;j
.iz@r
x.?(
>'V4N
E3c=\
[<I(yI
S}k"m
{.M+b
(e%(
|&"KdD
_w d
~~W
C&*1
WbM'
dYds
mYmf
8]EB
nK0j
%dH1
KpZ
fKF
k?oc
`cLR
{/ M%
] -gc
4/E
CultureInfo
{~jq
/?{'
5D.57
A.fb DW
Dli2
&zmH
BB)i.
X]X
(>,i"
IRsB
?ic
8l,%
&f.0
K~5R?
Z(g}
s3=!
.SdC
M=2{
NQo\
Z4+f
A?d"
DLKI'XZ%
WS8}
\n=%
MethodInfo
^ lvj
X#5D
0G,%
1.0.0.0
YLU&
0=&D
~3/>
"OL
7-UI
ISkv
vmr5
CompilationRelaxationsAttribute
cc
PL/%
2] e'
x(1"
ijXBu
t<rH
3\_
6\IfDR
6L~X
TGB< u
wP'gj
O:nF
k$q| "
&^?3
Nz&
`l#Y
1oIy
~mavE
F17Q
`<E'
EI|6
f&Vh
'"[M
0rC
_OCM
System.Core
608C12AC564B3B2142C9B0946D986C30B0910891
D<dF
4Ig^yh
!vmN:Q
c D
T>[v
System.Configuration
,gil
z1Jh
}Nc
q/)}
xXJz
-IXFD
I8r'
7-UfU
o3a
Invoke
3)t N
#D'`~
X#5%
F5&Rz
wRrbO
2Y1& ) Y/
i>/^:
tp2,
U[UtS
}Lkn
?mma(
Ftbn7P
3g3K
%rD\D
tR;a
bOf1+S
\Qdfo
>9=y
W)0C
GP/MgB
z"BS
&6Dm
rx~r
38)v
Vp|W
Sj}`ty
,|C$6}
N%O
'k`^
*n{W_o
Ha}u#$d,
Ub`=4
X!,:
IEND
c8 C
cW`K
4p[XO
gsFY
-4,w5
WTyS
1HR Q
Xp8
gJ2q
ZH'|5
G.v"o
G:-*zt
.a(u0
eF|q
])[w
_:<H@.*
(ZhU
*J',K
44X5T
a7q;
EwTY<
Ynqh
rh 1d /
"kYD
m,!z R ?
H'>g
Kw4Y
Y K&
lv15
oLoI(-
L[)v
8B
Ver]~2
F<k3
O72 F>
"KtE
Pt(gK
15.0.0.0
z iN
get_Message
'&$r
cu"er
!4tG]
8j
zVX|
-nFC
:iO!
'Y& 6:
h@<
e<kWp
N%@6
ZC,4
kernel32.dll
leoY
Concat
fKdN
7{V`
vt T8r
1M[%t
RVdi.
BL2H
StringBuilder
c?wP
)[&B9
rdZ0
Append
"R&~
aa')
\x%0
.qT1
Ah.F
$L [
+Ya^
r;hl
,jR*
kd+
@dus#7)
)s_`H
y]GD
IbmshV
;9{odV
3,}1
D=0Y
3"\v
,%B
HMyo
VeZ5
T )W
[kY^
EventHandler
7`V |
kzTo
T_Kc
jK'@
RL/%8
uq:F
P$j9'
+rF
R>4V
2W.+[
jd4 1
Z*#,K?w
>N);
$R^z$
P"KndlA86
k$u,
0rl<
>W541j
:IR/ 9
IT>]ib
%H(~
RuntimeHelpers
\ncQ
ZVM8
9cGl
pK %
V`|=
x_Xd
b"EB[
[SUqGZ
AssemblyFileVersionAttribute
PDu4
bz{M
zf.~T
an&A
a:^<
System.Text
.4%<l
&%iK
BeN*
C&^2
m7?1
M}hb
1Fll
9 OwV
1LZJ
System.Resources
Ea0O
"CdE
eyAMh
/,#Z
_c4M
"KbN
V93$
G nh
U$A&
-kky
P4MQE
q Z$CGnL
}E?z=
YnUA
y:rO
mp4~
-`*N
PnnLy
Ef`NV
GW,mUF3M
KM;
8GRD
mB8d
N6bo
get_Name
;e<
y8'5
[=%K
1L[%u
O u~
1 7D
X (
$xvS
Array
R(0C
1L[%
Zxj"
=32"2
?tY@
Vz+N
"{dD
0R5<m
}{qY{
1L[%v
Z~-`
XNNg aV
5P>k
H8>Vv
{v58U
P9kP
L^ q
AW;U$
- fri
E$6%>
%PE
OMc
5 4+
:#)3$
g25v)
R5$
v6<x[
jK!F
Exit
a)x
I\
eYZv
3!6
M> V
,_H
-63g
e9uO
K;"F
[t"h
D]$kJJ
*X>"
;H/
R~~"
d'<&x
F198083C9353284BD8923DD4177D35B3177ACC3B
e34 z-
r %
jf,u
!_7n:
1I=8
_b#S8
_<[C,
wm~c_
vW\g
b+ B
_l-
0dkO
Ee#<
S?Ps
Z,V'
coK{
"K D
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
}c%v
a~D
"P_B&
;$fBc
DCLb
#Q:5
E~jf
Z c1
+O%%
Hs!i
x4CpVkG
L.IP
Z&97
l c
9V]-*
InitializeArray
TXwZ
1LQQS
Tw%*
PxMX
x&Fj
X#4t
O+<v
iYX/
$TRA|(
d %G
ToArray
%KfY
?R g#
HSRW
EditorBrowsableAttribute
NIe ^
lIo
$ea7feddf-36f5-4ddd-b381-eecd42bccfc8
nJzr
^WN{
FR|_
cHgA~
Sx8k
* bT~
)3ZZu
"NdV
' =v
/!Ro
gFF2
ContainerControl
k$;
]y ~
Jr~Er
]+8%?
Wf:"
"OuR
cE8
"OuP
'Gp2p
(q`Y<
N&|B
Fxd
%=L&
$^D<
L/Vp
H1zMJt
c9.qP
"Kel
K$
<F g
8 'T
Y'>In
H2CV
tL<@
RG*N
\T,&
} nl
_hZ,
76.,,
o3z+
System.Drawing
g]J`
DG~j
{'{F6
8~ ;~
7Ut_
)`tp
F.lBq
tLZn
@> &6
7>_.
%`5H
3L2%
+u%h
+||Yo~
x4CP
<c0
m}H5
VbuW
SetData
$Y+O
e>:F
;)zty
h]&j
(>\0
jOf9
~ju.
=<{>/]
]t!;
xm5JA
%$$X(
s6>.
^UX/
~b<n
/ E6
st-C
I8 R
qT'
I/QD(
qTe9=
33 |
w$ x0J|
PxWd
(Cb/
|MN%H
Mu#o
mV,Ni
e+vZ`d
=)LtU;
9- G
vONQ.zVj
(7Iv
Ep[%w0
d Y6
+FyB5
?bAu
6zS2
(x`0
\nr9
]yRg
B$pT
f.Y
X`bz
cMU&S
cc=^
5zwu
fATY
V}9u
I,J6
zMcO
p?"K
>LZz
|>7t
*Rm~F
P9cA
z!$@D
5=m4
add_ResourceResolve
mZ70
9;fP
query
QueryContinueDragEventArgs
";d=
JF:/0
9:o am
nY;b
#["[8#
Pkyxf
W 5rI
3E~_
(sart
H:o5
Object
3Lf1v
KJ7X(
m knf
\IS%
ihz!curC ~
<o$X(
B{q+
[uj
ComVisibleAttribute
r-?k
v.Zy
u{9w
(Xb:
nDQy
_8Yi
0gPK
%x]"o
&(*=
C,w5
0MI
twz/
q?Pw
L[%v#
MuGB+
Z~ya
c,3Y]
cctY
)0GbS
uD!*VaB
'_sW
^! L
_]T7H
/@R6
Z5sm
@+f
5,k
zUAg
7s.5
_Assembly
qwWB
kE r
. (A3
l-#p
Fpp9
? `
y#}F V
}ZR0
1LY%q
AssemblyConfigurationAttribute
|JO
C+y
s!HOVC
8$5Xq
`re;9#
zk.~
^ >h
|e}N
gy#u
2e X
GQVb&
#TYe
+p WuS:@
- hx<
qSE{
D{hV
#R A
zr9r
F?}s X
`AiZ
}|5s
G_-k
565E6F2B23A275D98012F63D12517B1EBB773AD0
={3~C
{|fK
lcFtR
NE>e
P^oUx
1{De
V9 &
H a.
:*=64
d/8ni
Stream
tI,Z
[5 D
<r&Kp
UL/W
,~W_.3
}n>n
+"Z { 5
\>mT
ENc\
l99q(
@U.J
$XGU
|Ktt
^qzR, M
7?V
n/m.
wL[%v!
ehw`
CreateInstanceAndUnwrap
g\wo
rY!k~
Zz sT
.0;m-1
&*6(
1LQ6`
b{Ip
&*J@
1{ueY
*k/T
!6hUn~
x]Xv
U C6
p4T1|H
a^1LQJ
~
add_AssemblyResolve
yv|p
v~jHk
[$X(
[L1K
\$6MF
x4 &
7y4k
x1Gb
7m|
6T`E
{|<hg
ykgXM
;s `a
n#Fz6
4YLl?
n79%>
Vg<j
$ ,@ T
i`]Z
b{`t
l5Ti
%L[&v
Fu 7'\
o14i
MW|F321
g[nZBu
6V&%R
1os!
:CIi5
rn{p
}+ q
xB
'=M9
5eS0
.bs!
|QO2
<A Wq
-;{e
|tRbL
tKD*.
'#0C
>X:US
N.7,
|9eL~9
rvek
$H[$ :
h~'8
9{ge
;0\Cz
J9jY{s
)'6g!
*gdX}
-I/g
System.ComponentModel
]t>/
`L:c
Y@+fTB
<"n3
<m"a
/ Gq
|m#@
>CO[F%
H:%
^k]4
O4Y
7KaC
@ X
< /:A
Y]Lc
n`Cn)f
[wDw
Mde{u)[6Q
PrJC
OMG%
sHLo
u 6JS
h{LW
@}X8D
8LbT\
=x$ \z
|g z
System.IO.Compression
h@4ro:
)6k]S
eJh`
ResolveEventArgs
L[%r
a KB%
}1Ws
2js(
ValueType
T| B
=59;
N|hy
@L_>(RX
tIrn
h &
uH'2
(#hPf
ou{n
t*C3
.:=V
{EqlR
MsHGk?
(,bG
H0k3F!
~P?
t0?]\
j"BY
M+QB
IF!O
M} `
s=W=G7
Syn\7
o-7I
n0q\sd
y-6 d5
P%_&"
ml`P
5TulN
0{T/&j
C u
tFa|
n|C=^
H(%_
CyH
Z0Ch
};"M
*he (
G|:U
[~3r2-
,tVO
LiSD
IwF\
$o>fS
(acng
2e'\
(j
M >p
}ffV
0P@p
e}72
W9 0
/C_x
(xj
YvJQzb
o U9
1LQ6r
7h9Q'
Z;kNw
6M(`
&Cr,
nkX
VhC>
NKOO
]-/@%
Ug ;FzH
ZY0
U77_X
ExitProcess
@&}2
"KcR
.73L[J
YYe#
D4!Z
Poj
"KLF
5h%b
mO}Z
hfnp
fO =}
5Y+r
KWBT
W|3aQ9#
C,AUs+W
M/dD
-I{$k
n{ =
1Apn
]j g2xr5RxT
;0kR%vH
.x]>d
pLo%D
~,i
zU S
7DyJ
8H[={8t)`
6Kc0
3tG:K?3
Copyright
3pNS
#_Cm
8y}5
System.Threading
KTRy
B0 "
KSlt
<<"J
U t2
So4@
s UU7
|2y33
2JIyr
[ b/
+'v8Q4i+
Qu[0|
<pb>2)W
0A'D
av1L]
D+16
VSdD
T:7}Zr#
p9Fv
-*cQ9
x-jf
$gbB
(K<y
w=~%
wPIk8}O
c!$y4(
"MBU
,%WA
d{,u3
"r{^p0
S+C;
fx;k
"MBn
#9 P.
"9Q!o
R!?A
vC+2
Nl${
?62
tRI(f\
bf\h
W$GP7v
W#]A]
Z1M)
MMljn
_2Cq
y~_f
Y w T
~IA+)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGX
ZY0
U=)@3
/.(S
]wAq
qNS_
Hzjx
V?qg@
] g}
dfGNDF
mG4oM
"KgDU
CXj$
"]${$
93x:
gmc7
+*[Ou
*s
}gM/{
GetTypeFromHandle
,mCV
+"e
B+LZ
]rHq
r'!]%
PNx)
s##g
; V)
q *$
FL[%v
G1~:
y$/K
=/dfo
NibH
)d<v
h_dT"
;]^:Z
AM[%^
G! -
K&c?
4L8|
EL<@
9/ s
_HU 5v}
2 x#
sc4!
l:MM
u*+v
I#B'
BYe$
DVL0
?&Iw
?Eej
gcM&
4Mi
^vQvb
Apm"m
PrLw|
ZY1yn
q] P
xp%I
2j`QO
qV6g_x
K}[L6
W_ke
%MlD
Enter
X|v!
YqG"
b@l
0xe
#H%Iv
#UM!{R
XrJcD[C
)s R
:#NY
?O\a 2
H</J%
R{52L.a
,4&
}fA=
'[[%v
@b{g
H^-xRf
!L[%v
! ?
"K`d}
System.Collections.Generic
VWIf
I\Gybk
S=5C
m5Q|K
!q^m
!d(g6
OGtci
i 99*,
lob
1F}2
Jr R
1F},\
P^#6J
SF,]
ddr}
6>{d
W\*LP
DLPE
'^[@1
R9>D
]t#
|!Kd
Yv^MMv
08U}
cM|
[D[%^
94] ]
b1#=
System.Runtime.CompilerServices
FdY%v
&egVG,
68 ^
"Ca:
K}:X}
={g4
y?}^
SuppressIldasmAttribute
qjg;
+Ys]]
X Bu
{u
*B}!I
7\*b)1
InvalidOperationException
f~!g
7<3R
.}Q6
l4?{
N4_5(0{
;8}%v
9vr 6d `
:l\z
].&+19
Ep[ .
;LSNg
!~C.
|<DV
+!A`
aeuy
2Q^7
<W g
GO^EJ
cm%.
;N3{
^tas
@q-g
FdwT
'U`F
'Kd@
Z|,u
sKdDr
`Sh4
lByC?
GetManifestResourceNames
C?0kx
@'D|
|`_A
JaO`
*btJ
\fF
&<JP
4c0De|
xcHMw9o
p 7J
System.Windows.Forms
HcZy
; .
" S:
bt#HWq
&@-=
_.!e
AU 1q
`~Wh
A$`n};{
U3v"
,)0I
*|E_
+LDy
Y 8C
#2k4S
7bc|E
6D%Z
3JC q
IDisposable
y 6g
m&O"
Synchronized
]ko?
POup
~ZU&
R7HT
,)m.
`!Rw
w(3{
Ov`Q
f0j}<D
s Y9
tD9Fm
:d 5
+W)
r|n
gVYg
O'(m:
5: 3V$
CompressionMode
G8u
]M
hl]6g
v|74B
Y)0C
rX^3_P
w8. \m(
y ~p+Y
\VF!
E6c-
ZK *
Odj]:_
OZy:
j 1
wO/Z
_O v
OJ;f
CQiT
@2%*
$ryZnKu
<Module>
zo6
;"GlGv
*$4j
N%x0)
n7'xKQ<
N 6
onAFt
jI[%^
C 6"
x#Cr
YgsG(}
+'sT
#pBQ
",3U
=nDm%1G
'[,v[ry
P)VN
znGq
+}!
!^=~
SK[[
tWMl
)0Cq[ 9
A(PV.+
kQI5o
] Jo
SizeF
0e{Vx
2018
get_Evidence
d ;9
{<2KX
Qi371
&r!v]K
gs*] ?
!ZvU
]N%O
2\8=
1s[%v
Wx5S
cWjf
5bHbq
[%pn
y-(M4
31g
@f!gUD
S8{0
+tfM
[)B"
;vwF
%iJ
xLQo
1{Fm
3'6M
*1mY
x[D"
er y
cK'3
2\WY
4p!+R+HF
[V!]m0
]<Rw
nt"r
WL{bv
a ~
Q:]hz2|K
;SdeY
_ r<6O
R/>V
X"KdD
1HY=.!
HB41
n4x^
K8 %
!L[#v
N[;^
#^YV
se!]
>q>q
6})8@
fL
`RJ0
%u<|
Read
f Z)"
2IzD
^GHdo2
Y@/w5
"KdD*
#KdD
G?6[
^*n]
}[3+
>i)V
]{OO]
}Js[
tGbr:c
P4h}
L=|
gl"(
^9mR
#KdY
R pU
)lHBz'
DlJZ
yAet
-m#i[YMg
G3|['
A%]c
72J%v
^UU@
I2CC
;0U0
QSruL~
1L["
System.Globalization
1L[%qO
Jvql
7iM 3
8C}fq
- f0|
ei9^^
\)[I
K|ICB
BDPT
2E)k|m-
1e&B8
Sp**7
"K`U
rWL3
UIQR
(af]
1L_'
Z@!G
QLO1
SI?~
spf~
m\s
F%K`
RCKjr%
+#ii=
g[GU
IDATXGc``
Gzz[
="[T
{u~Wx
N@-B
IEnumerable`1
IvS_(
EOoXl
t^-C
:GU,Q(
"Kn7
1L] +
>#Wr}!
fi?B
^b[%|
c Apk"m
*x;b\
|B.$<!
LM:^
7Gk
mPG,?
r#.K
9<j=J
AZ[
t-O3
V.R"
(88K
Q>I'
cI:?Pe
[RwyMo,l
,,t
"Nd~
f1gpD
35[)
u"Do
8g:u
L*Ay
Wr({d
4S4)(G
H:j
[43g>
U;(8
z\5|
45196356C0BA6B59B18E186F01674A05383B597F
Y3s[
bQL)
TEnwz
Hnsg
1]M2t
`V9Se
'[\!
VgD)
oe4N
Zb $
"KnH
G9 '
FSv
\iSpl
ky^Mv
n{;'
0;yf
Axz#
-c)
l1&z*E
;OTD
JF8$W
WWrG
tX'
_f7K
mscoree.dll
"8uU=
IEvidenceFactory
M[gU
OLM'
*[FT
xnJ&R
,gx-y
S<O$X
?-N
I? B
0 rX
EJ ;
Q]1
t|[j}
(~F&x
"KJ#
O Gg}N
#'QR
<L[$v
G 0m
F.S
4-4MT5
J\R1
nl~j
fG-NC
n~sF
Q6e(
Dy{<
quSi
Myd
/@_u
4r||
A)2o
6&t2
1Lk%v
Pi'
HJ3!
ZO%#
YVV8t%
\)ul
*tmr
0[
~Ya.
e"-i
Zw4m
){0,
2kW<xt
m%+l^
~o)}
P#L[#v
1D[!v
&&4_
vE"
sB8Q~
{xYD
W LK
J[\q
tb8auTv
{s}{
8hoB{
0S$l2
KdN6
WriteLine
System.Drawing.Bitmap
6Z<d
DqtW
Cz(h*
+9]<mt
5"9lYC
`_+j
pQ8n
0we6%
] 7I
SlN y
System.CodeDom.Compiler
V^5oV)
cm}-
GeneratedCodeAttribute
disposing
@rj1
NY8s~
!NN[
)Hgf'
'L['vw
5ePE
*uYb
yk~n
KZG4
#Ew
lwim
l#B;
HU=i,
F 2T
+ZL
1M[fv
*smJ
N},X
[fZTR
/ Ks
2Q^8s
e`DN
= >-
"KdKl
J:]Rs
BFyV
SA,7
+n%A
GE z{Ih
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2018-03-14 18:02:13 2018-03-14 18:05:05 172

5 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2018-03-14 18:02:13 2018-03-14 18:05:05 172

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\kccInvoice.exe.config
C:\Users\Seven01\AppData\Local\Temp\kccInvoice.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\kccInvoice.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\kccInvoice.config
C:\Users\Seven01\AppData\Local\Temp\kccInvoice.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\Globalization\it-it.nlp
C:\Users\Seven01\AppData\Local\Temp\kccInvoice.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\kent.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\kent.resources\kent.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\kent.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\kent.resources\kent.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\kent.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\kent.resources\kent.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\kent.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\kent.resources\kent.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.default
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.default
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.default
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2096.19268562
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2096.19268562
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2096.19268609

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\kccInvoice.exe.config
C:\Users\Seven01\AppData\Local\Temp\kccInvoice.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2096.19268562
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2096.19268562
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch

Delete Files

C:\Users\Seven01\AppData\Local\Temp\kccInvoice.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2096.19268562
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2096.19268562
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2096.19268609

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kccInvoice.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\24837941\72d2aaff
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\281dc458\2eceb557
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|kccInvoice.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|kccInvoice.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|kccInvoice.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\281dc458\7ca17761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\(Default)

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
advapi32.dll.RegSetValueExW
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.GetModuleHandleW
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
gdi32.dll.CreateCompatibleDC
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
kernel32.dll.ExitProcess
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
advapi32.dll.EventUnregister

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\kccInvoice.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-03-14 18:03:21