MalScore
100/100
MalFamily
Nanocore

New-order-pdf.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 49/66 Related 2159
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 337.50 KB (345600 bytes)
Compile time: 2018-04-24 16:37:59
MD5: c01ed28282861c64c111d5f7d82d7d59
SHA1: 503912d7b071ad737435b4643584c9275d71c660
SHA256: ba035935071e8273e8e1a3ca9a1d6760a5729b5f8d6abd8cec203ec9c31f1e3b
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-05-18 17:24:02
Last submission: 2018-05-18 17:24:02
Filename detected: - New-order-pdf.exe (1)
URL file hosting
hXXp://185.141.25.242/~abujafir/New-order-pdf.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-05-14 02:28:10 [49/66] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x53d24 343552 46f3fee9890294ebcb37aca80c9d0c29 fadd068e535478a708869a980f5f13f22b3d42e2
.rsrc 0x56000 0x2b8 1024 ddc8935a7b083d6f7ac81049c034e2fc 7c1ebed63a75d9687752f9fa5aac66976f6e796e
.reloc 0x58000 0xc 512 69345e3577314c4fade3bcabb5a0cb83 2728f17007f3dc531314d503dc548a9787ce464a
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x56058 604 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: New-order-pdf.exe
FileVersion: 0.0.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: New-order-pdf.exe
ProductVersion: 0.0.0.0
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
kZfxycv3apEA17M2RtzlcegG3
zqSgKQHoMkylPyEyYHuiG0UKedd
Assembly Version
VarFileInfo
FileDescription
1AkRjNwMt6750DxeBk2P
H1zZastEnHZmf1JvzKkPF28Su
c6Qhw4Z0uTTjkiDl8HQ9yYiLWYdXF
BzEJbSxMI4ut6IKVEnUkfrpQghdVukcVaMX4
2vCqxLLR0C7eRkrabcL33
qxlTpOcXKeCGfmySLP3d4C7azHc1OkRc
parameters
FileVersion
xMULTyjKJPTVMkCvwtsGUuNm2AF5LSTnNne
xtdPeQ2ZfR9b3pUVVqBGvn1nlo
InternalName
pYlfzYQT8jIXHfH4EsjIeTGk9PInVSt4y
AqMzafPMQPzcYxlzQrfaglm83HHkgzkufk8b
2jIbgVOWRfjn320sQ4L03VMhaDHbMK2nVvHWw
Ii5zH0GlcfyQQRBlEUEg2kOpwEEQeadVs9MGt
LORMG1g1qmAtDG4sFqdoM7so3hxFr5
dmOQfmROGI9gexYt3cxVh6fVx5tJn
SoFVwNuBVbp3aDUseEEVJIdCFQ
StringFileInfo
Translation
NG5CuOngOq05LpN3sXXSeYbNO
v8OEpebzWXK7qpzlWTbscLi
QMZVUXTU50xoi5GQ8zQkdSuaSVx2
LegalCopyright
kAGlbLE2GVwhKpAGEugfquM3Jx9ttu7Wg1tQQ3
0MymptCpcHJi1xye3hgxrLCAMU9YaCV7QLvhQlH
nOphYXrhILONHSrfq7X5NLsxO0vj
bMSresV2p9A2KfzXKNJ8DGtwfUseLbdDW
v6iYtBQJsqHtIRJauSY6wWomOYhPy4iBBqz
fRynxuH1YHR6ni5itYPDzw8P3YJo7rSS
VS_VERSION_INFO
System.Reflection.MethodInfo
R0Dv3LhB0wmy6lySnPkA0sTIkAck
FiAmvhL1i9TlMPlBgaKLeZsTYZSQU4H
gT3sTfxBCzXhpW7zhHYgZxY5wmO86fBj4L
000004b0
pAkbhyIZw6XZVEnMiCvPCWlKXvx5nUANtIWRx
ProductVersion
System.Reflection.Assembly
4mD68oWCz1NcUP3jo4dbihiFbQXHpq6Z
0.0.0.0
OriginalFilename
Load
3RnJMowpFS4vCs1Mma7c4ysisDNKBkKXfyS
obj
Invoke
oWv4J6fABcPaarGj8lV8ZNLJBOlvtzlb7MLArmh
Ufna9T2cijzCFKMeKP6XvnPwYgNLxaXQ
GLucPZXBlLQOU1LtHgmI3InZd5YY8d5G
fwOpbYByoSFQoWoO1UEZDLFX
s7H65QwKPztp6RG54VZx9GTpxdBk6hjOWEpng
New-order-pdf.exe
B6X7sPHpPw3jXxPDStKqZYhvinTf
_LbrB
Lg6?
7>rOiP
6AKh
e2n8
=</* j
}Wzf
#xMULTyjKJPTVMkCvwtsGUuNm2AF5LSTnNne
Y:*ct#}
4fAY
Gy\}jH
3>Z[
aShx
hpV^L
^X{j
k2lF
-Xsp
u81(
t)@x
1tt:
g'{@
Z%os
d=%]}
8Rs"
BS66
U)"#
OkrM
AddMilliseconds
t`pg
Rz!x"Uv
;/O
Z Uy
{W 2y
x\5
U_hk
Vh><
u,~
\jJ*
8%!fY
m?YZlb
l09)
0U#E
\D'M
} b
puZP
@j"^
lDJ)-
p;vs
Ze D
^f3D
CY!Toe
DateTime
~40)*Q4>>
P3x1=
#E} z
Yh &Z
0TI/
URQr
51 v
x=2
?)!9
BxwH
@'(A
/h0Ee
Ek Y
b$zc
no0q5
1{*&
r&v9N
<0 w
}X;^
kJ$.r
GN!e
I,X"
i=(;
WBhmlu
yqss
UfPU
qZKnQZu
WU"6
>XQ$
XKA%d
Jg2V
"gT3sTfxBCzXhpW7zhHYgZxY5wmO86fBj4L
>gn0r
kp'fD
9~S P
K`T
nrS[
l3"F
2T%t
WL@z
OI|h
Xj~I
swQ3C
-3v[
.ssJ
Obx1!A
{kFt
_9Y6
>fq
O)zfwOQCM
l`ro
LJe;
t9Tz^O
27?f
uZ3y
a =3q
OGu&
fJ\UAB
0l(/
9@Q'
pZK|
8};4
WGY{
WgxU&
jv(L2gtL\
>fjo1?
cc~+
@W+Bs^c
1k*j
oiP*
3.>N
xRuF\
W~t1UA
:M_F
)#G
>sD1
FLk\
aA P
LJM$=
6T~T
Wk3*i
>4r|
ZGlP
-QkV16I
0]~t
i|MpX
i[cd
Eb
p?o,
.SA`
bg3>
Yja V
xZ9z
1)p_
}:%A
,xvgc
-{ q#
l6 zE
y`#
WAd=@
j'zC~
l@~ Y
ETX|>
[nZ
N.`jAj
ZtY+w
67n-lK
%@C,
wGKRA
c+X,y
z@(C
f:oT5
#d$i
eW-$#
'm'
UPppL
b mK/
gf2
[9m
JT#]
FB\o
"|N4
-#)y
.YH$
.]G6
}4'{
QS;gP
#ez*
=kXZ3
hSb
21d
rxVpK2
LMF:i
a8E|
^_]
s7w&x<
]J_%Ft
[[&d
L~}<F_
%XyZ
QH@\
q*3-f
6G:v
Y5eW
;Sa(b
evwH
Z4"0 6
x^ AYQG
o(~?
|@w=h
?q&"
L> -)
N_#r
Jkry
bU8y
T LR
Kz~Y
q(i.
o}vi
{U"F
/6f}
E}n*i
8;J6
c)aJ
7^g{
v6`!
gX)<
(k- b
_)Ga
NcV]
# 7(
k`dgi
aA:l
"=Sni_
}=;4k
=cD2
]n=3
kk \
-'BF
>>$=
D?&p
kG#u=
APj6
g0I~
NhAt:PB<
@69[
/P02_
cqH[
^}l0e
*#;S
dG#c;N
j Lh
_ \
[*+6u
b\= Z
/ltZ
;H?e
: ^
)+^n
<$4} ,
jd?u
V=b:
J#qr
545=
Y[Vvo
sN}
f8q <
bG VlW
NxqP
.F' c
]ci+
T**.5
>`k^
*@%/
oO'iz2q~
UTz.
V$uj
?bms
Qwx'
qe}Y
c 8a
UU9d
Gj?A
1OIW
]/*NX
[aE
>hT|
d 5T`<P_
K|\/
Z+yM
)fa%A`]
tshd
4l$G\q
T>>>
xX,`^ #
GetMethod
,F1w
\7CC
8=`C
RK.qv
G]nx
Gm+@W>
2D0
U[HS
I0hVw3
cH8s
A_R>
_s?2
p;vW9
vA,
H=cL
TP^o f
e}}J
~S+:
x-ow
!C.Z
:ER{6
*`+a
5HoB
x/ !
4$ZqL
U?#P
+ C
snl`
13)_
CK>l
{{8BW
/KhA
Ht_O~l
3VBH
EKYp
lA0*; n
e#hi,
nYiph
oeo
HDQU_
qV;6
o61R
Byg8p
txs<
0k3DY
4\3@
}-LMqj
Sp3\
`JMv8
VP[f
#`M
"=3Y
HQExhCrz
dVpr
P }O
4>Mj
+{x6
}]Ha w
r=NKZ
Dj!~X
UnverifiableCodeAttribute
@9yD
[4!g
3s.(
H=2
V,vG
){{
=m$cS
z}>%(
w-@9
DCu
^Jj"Z
P8p9
LN,4
pa.C
|{Qz
Ae>k
|p1
7SH2l
JLhP
|Dvf
iTSX
:{3Ds
^vkp+
83o$
iYK
pgWO
?Q y%
=vN\
QxU:
@+Bn
@/$Z
dZ3|N
]|67T
)gV(
TI@~
VM4iO
)y26
2'/M
R+<v
0fG(%
[_J
IB1s#m
LJ*"vQ~
#*
nt(X
PP^j
;lD=
,oP6
v4 vQWW
)kRjJ
'g<]
muy6Xz
'#4o
bep$
-;U+
'0MymptCpcHJi1xye3hgxrLCAMU9YaCV7QLvhQlH
c*X8
7=ND
3YzW
rZEs
] &:K
<pW
$fWp
*@ b
KO>C
*+976
P}bV
{NZ8
wu
}:m8
;!9O u
ycus<
F8 t
g}H_
HU H/
1y 0
!pYlfzYQT8jIXHfH4EsjIeTGk9PInVSt4y
_CKF
:N4K
X [5U
System.Text
7%OP
8"^x
m CL
7==nh
Dkw'
/!I'
8{$U
ER{w
ACA*Rq
>X=x#C
^ HJ
TA8{
1cXEA
sR'aH
;L[U
:"^uB
2=#z
j::i
H}Uk
|XSw
fhXY
7{HR
@.y^1
z$]h
! p
cBqYz
jnw
:N-(N
Ziwk
'w|s9
Bu S
H/i
|iVN%
tl+ g
R$"
p//D
?SQ|
tm,\YP
5},#
dYg"c
mD {
"EZ`
{Hkb*e:
Akw_J-
,S!T%&+
"VE[
$P4*y
%49W
zNQS
y;aJ/
'oH;m
I @Jh
7\]'QnHD-
7xHX+
Z2 U
]"3X
WY|o
Y~h`^
H 2{
49Fi
\YtWV
A \S
YR5.#<``
E(k>
sBjT
}N&
2@|%cg
b\pgV
String
+E?":@
!90W
Xvvdo
!=UE
==5(
IJ^R
)SE
2Z'r G
JUt+H
dMU5yA
<a"'
]|8Q
r 4]
]F`
W`<
<C<!
eb 3
ux=i
K\ #V9
)t<Wb
zB3%
6>fW
/6rE
U~lgq
8zK8
DDLbw
?s `
[Jfp
Htx^
}1WbT
Q<6z
L2="
#(sI
po8U
_CorExeMain
H?
~2f\
C|V|K
BRlP8
Fx}+
I^PruZ6
N(K
7,>;P
"0-#
kd7dB&|
2yQ|
WQlc
fDvun
>Rr(
\P":
$VF j*
he,C
/ \Y
e87L3
a~$'
D#X_sD
!PfM(
eshN
~o9wU
N241
;.?
[{uBea
U ~
FSj7
u C:
cxI/
,=In
uMK~
cNL
C8GU
!jN(|=
s?Xe:_
8+2b/
Zyg9!
[=-'
l I3
'0SL
G[_,
.text
<X=K6[
)M;?
aB(F
$ahN
oD!jy5vM^
]2sy
P6V#
g^&\
t){a?
GetObject
bh3~
pt/
SbPs
j9W7
;qqV
{Dq%?
qylM
9WG]
?BjfO5
S9!e
nOphYXrhILONHSrfq7X5NLsxO0vj
Z&JW
\ycn
rKxP
)I2`
)AS0Y
q^U?4
io+
~r"(80X<
`/ m
`Ri)
2k+s
SM[Y(`eK
\?My
z+ ]a
/L]I%
=5!.
>@a<i)
&N&V
+mu1
p[jb*
'&>v
t`xXW!
:z]u
{B\e
'j,|Dpi
U[8P\>
LF=}
X<;G
AddRange
md,r
Y- *-
"p \
C<uxh
zI;/
z5.;
97W3-L
gu!k
f+1/z#Z
J)|I
b8y*
"3p!
Q_#x
Sy!F!
#tP1%
EdL%
Dp%x
9Cl)
QQ^K>
wn)g+
UG?fu
4ogf
wrzc
Ie8^
K*]-
?5ZpB}A(
X?^w
Cgyyj=
F78Bv
70a9
FziOrQ
~A=Ug
y81w
|_Dg
x(G|
;+K
&`'G
uT*T
S1Zp
jKOP
nc:;XJ
&aj`8
" `B
:I#>
-0rd
`FO}a
I1!
#8lkY
5 N`6
4v=H
(MQo
D3^/
\'O4"
!/(E!
t5a<_
<dK?
G{/<p
"Kk!e
-'$Z
{WQp[
Ky?7
&\FZh
X5^f
%pAkbhyIZw6XZVEnMiCvPCWlKXvx5nUANtIWRx
L8rU
o-w$7
^'+z
`.rsrc
m(9L Y
c"wt
b.4s
zUh{
HFF%
}cvl
824eq_
c3'G
|%^m
r[&AK^
o1V;]N z=uD
J$Zg
[/m]M
rYPp
FI3f
t-l e
K{-+
~c,u
@^$h_
uI6wFw
ftF4
]TK@
yq[5
/RD@
_.dIg
u*Sc
6u`
zvYa
`0
#&jK
Po@H
i?g}-
(>b
c6IYt
(e!7Z
Y[L?[G
-,+X
fRynxuH1YHR6ni5itYPDzw8P3YJo7rSS.resources
l hb(
QOqB
E6g{yf8P
cfa
J-Nl
Ntx
]=Xw:
c*UXwN
Y#U
7vM,
[J.Ag!
9]yc
<qwV
j'<?
af/)c
OQ+g
&`Ny'E
d;y8 B $
!]SFD\
M:2o
QFEO
T"..T
re=fXE
GetTypeFromHandle
ooHU
hI0|
zd5+Iq
nf3EF
f]F_+
#Gxk
`^u7I&'bY!
(B;_
,q/
I#Bf
eZ0,pE
r N#
l<kg
)UC &c
VN.!
DialogResult
% GON`
h+_hJc
,98C
/5%H
V;8YU
C,8X
~q;~
c)%y
#z<2E
zoB>
EUhIN
N&a"
"8<
?KPS
g @)U
4EzS
DAb(u
O^Gc&
+Yjk
XVN
4v+tnFM
9 I~
>j$U
@_%<
%XIS
9LYU
(=<K
RB=0
pqDk
?2[g -
B *,QR
vy,=E
I_PO
XQWp
UkT]
--fV=
qw3t]
H=+#@!,A MF
f )^
4f{\
]XC'
-!@x
y}+Pa
7&qB
p7Dx
Rv[`f
^DT_
>Poi
T~u+
4<)p!Z ?|
=m 7
{oZ'I
7,}
(RD)l
.kFYZ
UIY(*$
G3pF
u :;
NHvuq:
.GN:A
<z2:
9AG#
Pw.{
|=,d
h;4c
K'P!
XkQ9>(
c{"6
.Euf-|c6/B
^YQU
xz$i
;5 G
'M8+
oVgF
/mLa
M 4bDd
1XLPT
kTj`=
T^C7|VU
K Y6
LNI
]x|>
&5jS
mE3|
{[("7
Ly#\euf
BIK|
G<QN
#rYQ
kmzbTI
W-!4
Ja`{o
n@N`
p/81
-,.i-:
. R
:}"q
H:.b
~BU3
xr4*
9Y]'
e PX
U@
@V<y
!LYp
fT(]
0k4 h
k;!a
i6#5Z
Plo(
eun'
10Zi
O \&
I
olG9V.W
B ^n
iJ4n
;ey+
- 6q
{+Th
osV7z
get_Assembly
D`~B
! E
w=D
")3?k'
(> {
qhBh9
p(Z _@w a8
{#vu
~c;&
;pm}
b*jp
#` A
4r:3[
& -
cfSs%
N|mu
blA$
/N.O
PB_Cx
0k=`
9j.@
mscoree.dll
"@MP
X +SX)Z
ZDwr
xDfj
/HCq
)v )
c%\b
P|3W
|w~9
yrNIN
-[_?
?Ya8
" z
?Rfa8
( Jb
System.Reflection
=ZU5.
NV4wE
5j=?I#
Fz'3
1_]B
get_Now
4lc2
rS U
OhG
0EO
P6W>
lr$a
oXNh
Ai "
(0@f
iiKM
Hs&$
4ts$
5t,R
xVCs
OUpeE
T(H\ S
ddvMWN
L&TRM
xXDj
} I
![] ]
bd,27
<Nmo
d"4F
O4T@
qqq@ ;G
gbucA
99+r
8,I)T
X,B*
dSCJ
JfE+
O>D81Cp(E
Im) Q
iy^
]H9Z
^JB=
,m}B
\K72
d "Z
}B*n
zHLc
,ywmu
M,U0;
AMhR
/z5,,
fH!c<
zqSgKQHoMkylPyEyYHuiG0UKedd
GO 2jZh
isP9mLv
.'k $
l,RA
21n_e
?XT~
._nz
CIuO{
`^ X
Append
aQ#:9
m xM
{V&Zb
jTfV
9g"isLE
j`NB
(|#=
\+#G=Z
Y=#Vj
dvm
Y* P
vem;
|n.JYP
j(lk6W
/#\|ICQ
s"lf
G(<\
v.K#
&Dp`
To&
IPOkM
:.8(
$Ig
bGfM
nc`R
_t'[
L}8/
aNTp
mNG%Y
:W +q
6.lQ*I
\aG&=w
}<O- P
(u Gp
B9] M_
(J"y
NVmS
E(In
5v7?
xS/?
"LR 4
NMJP
+?`b
CScK
u x
3eS6
34+
plu)
]a"5
BIf"
S`_&
;{7'f
O |zM
D ;
`H?NF X
__Lf
qqgMQ
Mt b,
TeuLf
BsW^
;"ts:
S?)1
)P$m
(.qI
}@Ov
|-,=
TN;
/K r
U%LL
xCx
~<bl
I4nz
.3}A9L
<&z9
$plv
m-2 Y
W ^
hWH~
XOBd
L+BkW
GWzQ
w%F4
*Gsh~
hy\<
O?|2
| v4

FUkl
T)(,W
SQ,E\
/FdRA
KR%D
5]<\
:) g
~E Y
P2E.$O
4cDFo?A
k"S1$
/\=;
N9s&x
?{pJA
W.>9_}
kvyL
Dl 4
zof
%R Y|
}C2=1
b4 %
,Fyyh"xn
{Jh.a
nYg]
/+WE
R#H7
@vGo
vlx]
x\=RDEFG
c:7(f#Q
YPE7\
w# gQ
BC3T
rIS1X
-U)sf
r6 i
U6EHY
U6B#
'so]
s`&R
%f08
-lA?K
1[^gz
E%E@
4}Mp[_P
/DF$
|[~e
ld[L
\!SQ
o~F
'/"|
*n3Lt: z
X,V>
h }]
3JiD#*C
@x] prY
8U]=
Piy3
*TiI
m HFh
b}=
UhFMY
`v1?
/tq4bm
&>/+vY :
%z21
/`Q%
KR5g9
c[;CZR
aj8Y
Va8n
&AJ
4V3_
wc/kN
Mh@MK
twVc
$J!^
RE- NR
Up
$~~6
_C*sK
]t={
:LAz75
O{F8
n[ ^
CSo_C
4GQ R
-f&f
^[\,
4mD68oWCz1NcUP3jo4dbihiFbQXHpq6Z
8Te-
/}PRJ
1q^V
AYa6
]'m2v
sw :
kZfxycv3apEA17M2RtzlcegG3
lSwS
# V<
9I4t
} K/
e`{mA
f_a<
V+,ZS
H@ 0
*wRR
,$V)
H D\6
21ao
d:?K5
#/p6/
wY%,
Y?oyy
l669
% A%
[4F
v/0!
w)L8
3S|;yW
bG' VX
,@af
i_7`M
4H,-#
j$k/|Y
L5V$(v
I>F7
}i/b@
>~!u
\+
mDuI
E&yc5
qAQC`Yg
CV
cN3 $
pj!+
@MS
]1<X
[{ g
nKGPY
6$u>S
<U!b%
3Jd
GL{Z
uXU
^-R1
gh4U
dJ kh6
^0 H
Ou8M
E wp
/C[L
:R.p
+&6R
<S{p
h0eQ
+>A
'|Y'
S:d|.=
,/;Bf
R|1U`!$
` 1&@'
+B+H
Fzad
A#BhC
rJ8.
tS"'f
h3!I0
pHZC
,EvIu
Ulou
n'@d
System.Collections.Generic
OyR'
m8-
x9=T
&P5P
Kml`
A(q
uM*[
9M4)
PPgQ
N{$/9
o`c+
\N3XL
D dB
@ t}
x jE
'eVZ
WfQf
&Ct:
`,PT
1AkRjNwMt6750DxeBk2P
d^X
{s:|Tm
P=&
u4Y]
Z},I
HuIg)?
g{S;
xnlk
=16y-
-3s(r
xUE
?q+r
cZs14
)UW
'nf@
h=oN+
N/`y|
+z2Ca]
FWP3
^7wOcf?
~`?1L
}H%}
a?$'
=xPV
</GO
X@Vo
BaJ:(
!kz
Q.G<
{7w.
tdAQ=
:(Z *
qv5 ?O\
EH@r
U J1
(* r
G;D#
<C+`
yhGR}
UX3@=i
z}<B
Kog^ l
_Bx2
a!_tb
Iy`
'oWv4J6fABcPaarGj8lV8ZNLJBOlvtzlb7MLArmh
z }f
(=tU
&a |
+'5i
=aB
GP+5aD
cH%
RX& *
"K3)
?mi
zD TC^
Al!x
'5ge
ol=d
Ysb!
xZm
R*>z
Ui1%
eCgn
} (7
ilmAE
A)dua0
Ksew
G;?g
|mRB
(*x
MwH#
+m";
/EaA
|X@iJ~
m J
7vPOB
MR'7
.@ew7
o4i#
P/B-Io
I@9Jp
)v(O
'?"/>
".:e
16n
<NLR
=w0%
I'-<
/!:1R+%
9EWPe
K<%%
c5!f
)85I
fQY/
!U?m
[ zz
C-~p
$=*K
Z5FCr'
!<l_
L2VP
0PES s6
i1_
lSSH
|gXD!
++W4|
t(Gc
7+''S
<<k
NM VN5
GeHa
8 L2
4;s9T
TX.~V
y M!
4p`
3_>l
`&{<%{
2 6L
9S[l
}XE/
<D d
AHi6Sso
k!K3
?[xs+
fwOpbYByoSFQoWoO1UEZDLFX
Microsoft.VisualBasic.CompilerServices
dLd2
Mx89jz:
o\]XN
dX(l
DG$k)
w"t'
LfK
Q-(02
Qt5b
3`u_
2;s 'w
A Nx
e?-%.
Q* ?t
$? ^Dx
aGv~F
@L:Q
% tC
UoM l
pB}r3
*`X[
^u4w
!F`r
KW7j
D Na8
Ib'<
59<3
LSY.
%y7D
OudsA
tIB(
.-^
bh[q
Gz;`
phR=
~3mO
u11o
UNo\
k5`6r
rs\L
fK{)
ParamArrayAttribute
]Xs 1-
.cfFsp
f?s1
/Y%7
^Qf<k.)
\os$]=dr
)E XY
0WkN%
ul6
^/Z
Fx|j
!HDH
PUbg
4R sy
5/g'
&u.r
SiDUS
XW?oQ
,X6J"
03 x
3YBL
D8a"l
#$9'
~-k1|@
Tb e
ZyKG?
A]zHc
vHh#
y{5Iu|
owC_
FP{P
z:ke
5;rYj
2cD<
#QqA1
{} )
97H|
mGW:TP
$Mz>=DQCn
umsC5
OKTk;
oG $
Zb#
f#"]
V\,X
\8V
YY! !I
D)wO
G}_w
lU 1`
a2ax
]|~r
$uIN
/iM]
y1i?
G(c7
T]|I
pVa
WXE`
(Ztq
HbB~?
8vx7
'Gi]
~Hc )
(z]J"
p\Q9
qqdc
csj>Q
m,X<C
[v}x
=x:_n
P*r
uq E
xD/Pj
kCTRUt
op_GreaterThan
$*%d
t{#v
"VE=2
" .;c0
4ex0-
!kaq2rMK
]Dqc
*R+m,
!p9=
)LMX 7A
ry@|
1^`m
@{OU5
NG5CuOngOq05LpN3sXXSeYbNO
{xw{8
<dc?
vPab
kd"f
DdoG
z%FP
T 6w
`ZW#
hn]+-
fpv+s
System.Runtime.CompilerServices
!]w3
b v3
ot bf
BZ~.
~.dy#%V
-e;c-[I
"Ie$
.w1Qc
ubmAA
/;i@
8>$V
7Ks
)mK}
3`rt
iO)?
l h-
X' v
58?&
b{BE
3-3e
c2tIZ
0"7\7i
a+5q
Q@_%
2q8V
`+t
C:uw
T+t<q
Z _<
Ac%6
K:KW0
.)djw
{3-D
aA4p
^r.E
g^b)
& 4k
=@S
$r ~
/_v*7
##Y^&
H)9`P
d $r*p%.
i3|z
Lkt>"YN
{ j
)ap'
`QT#>
Ht4-
y=-&
=mv1
-\+%bP
iVi.
in3A
\:,
K(p+d
tha}[(C
l!fv
#/6C
LORMG1g1qmAtDG4sFqdoM7so3hxFr5
Ok`S
$u
dmOQfmROGI9gexYt3cxVh6fVx5tJn
[]EA
I=zB
_^iQ_
&Hv*Z
;t1{0$
0:a$
|rBP
t.bY
V(s'
P=VR
[wS`
1Wgy|s
T?G%
9VuN
!/@x
jecC
~@W|
hzO
I)F(X
Jv8.b(
Aca>
5)s
IrF.
*wQE
gkfP
{trQ
yGzZ
49TS
%h+zT
z!} M
} G
4Hd!
\r+}
y{QT
T~%4
wZj4
a$e"
/xi^
r|YK
. \`
IR2Tu
P*$tZ
"O.Oe
w^%z
,YKR
e!&M=
n){6
^Ec(
~)^w
T~pdx
+ T8<
)49
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
B3GEkuJs
a[^%
6rW$
!Y/sN
| 6z
1NQ`V
b(%I
S 7o
fWDg
%Y6c
#0Ka
.010#
z/hiz
oYk;fZ Z
o?h$0
|>z4
5]91
Kj=Hc
@*iqj
ICryptoTransform
6${E
<^NNd
8Vyr
(zN?D=
[Ss|
z~Tl
i\rk:
_.X'~"}
yjS1c
<r*%
A6c+R
8t*r
|m>y
^W#G
:=t|E
it3L
AKP4R
K&UJ
7NLP6
Po:f
hZ*x
jK`Jm
E<*_v1
S~IL
eHP5
=dTV!
Xj/m&/
zi|2?
|m;o
]|bK
{a\
"P]
"V-.$
;i<3
mg*v
_n8Y>B<
vWY;%`G
sqTA%
~S^P
FQQ=
$vopJ
v!ojz
Z t
l#B4
28Oza
Vfm{
Z f7{]
?z3H
tcYh
){`\0
TY_W
pP1H
d oa^
]1B<.9
H+ C
(Is3
6@D,
Y(sz;#
C#ex
^c7B
yh|8$
f5jHU6
:lV"
e\#}
q"MG
{'+ x
BbCU
r7$T^*wU
_kJ"
d>mu
E'V,V
(! !
H=vB
W -U=g`
_}mR
MJMA2
)Yl]
q;Kp:
J4YA
-u]-
qq,(
k f8
_y}B
aJ\fH
C[7<
LateBinding
|a_[
nLmx
e*a
SkipVerification
Uf[U
J9)[`
+laz
N7h2
?e2&
lM D
i@Twbb
eG<I
m#y.
& Co
q`#r
IF~JHqAI
oG$6
{/a+
%{`5
! S;,I
g@oq
gdE8 f
Obv?
z^\Bb
u8Y-
m8RMt5
.ctor
dS#hLuD
r7ZX/
:fF
4S I
}GL)
&#A(
6AZ)
a!$g{
:pGU}
M9M~
Fl9M
g+a-:
pEpo
&Im8H
U39it
r eJb C
,e4Q
'DX*
E#y#
:S[Q
{V*K
\7Wxu Nd>
>6 *n8
CH.V
.bk*
K43x
V'!7
j;gg
m,"p
R^FP%
mkGR
Wpq{9Y
gL6q
1c*
iT' pf
glTq$
! b!
Qg@r
5 G^K
pClQ
_gno
[rJA
:, xc
k9xG '
$m mz
H "
Vlj;S
PUIE
1#Fp
d"oAW
92w
o=<=
_@/6Q
' ;i
jC{
Nz)N
hHi
YXz
foJu
)9{(
v|,,#
3*#d
SJJosZ
g#M$
Bm<b
i,Za+
}M+^
Y.tDm
CP=uY
<f~`-
(kp%
>gEqnoC
&(8tmT
KOX
lae8
+/[7*
~l~W
% v}
/_$^
)u@
^BMR&
&H Y tgk5
kO8a;k7"u
u;'R
;Osg
vy{mG
a GS
&h9
Fj]j`1\
DmK<
F@ B
]m=u
TransformFinalBlock
bRx~
@.reloc
W@S_
[E'YJ
?w-H
{w O
q?CH
s`5
kQlJ
ZrIe-8
Y'W`
E !/
fU11-
&kAGlbLE2GVwhKpAGEugfquM3Jx9ttu7Wg1tQQ3
A1bh
=F.&T
PwX@
:|$V
wyU
7w
_ Q
qbkoy
&&`ucj
%XDJ
L$gl
$=N~j(F
0*4{
>bMGA8
-B._
-J.&
jf w
p-TQ
y*S
Vv;O
8VTO
S1bF
WrapNonExceptionThrows
a#ch
K;s4
ZiJ1
y}/
G&g!X
{K\p
)%?$j
kGSEI+&
t%^$%
k-oW
H~8T
z{)P
jIN5G!/e5
9']1
[Zi1_
M dI
0P <w
gn(
]}YV
}w#
Y b}
lrN,
=N
wqy%
\,SSL
)g;!
N5>V
P rx
#d12
ban2r
ut\:
<B D
j(085
U?^h
D^^@
rF
y;rN-
GetType
DM"M
y'Q7u
"'Fv\
',1Pn
7kzKf
{7 L
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PAJ
_:^R
(6@c
g T-
Xs?k
?jdG
MessageBox
jVp~
ch`
95n}
:-mN
*"]8
>S M
l0 IF
Hjb$q ;
Ly z
)m~d~$
qH9
u`J8!
] "6X
NOQTN
aJuu
YXE
2UlP
)r!_+
f9~FDG
b( ~d
4$F0K
z]15=~
WNmKO
PwxPy;
&R<Z
JsiWn
v7XS
y.r=
^WOs
K^C.
jRDU
>qz
R1aW
]w%^
F=6
J~Y7
!%fk:
vRr~
#5
h0{3
,.-m
{1$
(9UWY
y= 8ej
w&3IU@
jcfUp
s)iG
6"Cg
bGi=
,zu;
%zih
9+Hs
sw,0]'
3=$;]
xTuq
/ +
#{2Jm
L8v7
C^Q$0
hg6{
x*CJ
rj4
3M73w
Zma
Wk>(z
v*,R
"!#/
P<3=
uf`)
x#z[
wm_X
RuntimeCompatibilityAttribute
S?
Yc{6+
oADr
@A 2
5C[^
R]G{
Assembly
w_9G
?O8y;G
;=:
eh(4
mvPGC
RW:=
9Dk+
Ds6!36;
M;U ~
Ky3F
O&Tf
B@ik
~="W
.]-5
Kd-,+
aG]m
T>,f6
ML}5~%+#
B!X~
ConfuserEx v1.0.0
Ydp3
`,=lN6
)jK^e
a_288
nSh9
phYZ[
)~8'
Xy 8
JEc0
4@ ]
R Hk[ J
`k<@N7
/D6
/8ar
W/V|tM
[uBHC
~2#h
*"54
1=G+$
j2E n
;)~]
e0#,1;
s#(K+
,<wH
BC >
&<z.6
|Mu%&}
] }?P9
R6aMt $
Plf |
<A@3
*ls{
W_|z
Y*ih
vG+{
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
2{ALn-!
|qn0,A
@cWQ
;`!h
T|d5'
mqGkI
E#0*&
i|{J,F
b'%LY
- s1"
CYCz;
:w3.
q I@*As
Ufna9T2cijzCFKMeKP6XvnPwYgNLxaXQ
QkZc
s:,Y
60eS(
E3tP
Km5Y
JM.&u
nN5+]
[=zTV
T'(5
.Iuk
H|J
}y6%H
qhY
78(l3&
~OUj
oq ZU/O*d<
7bo= gPd
J6!*
q +B
ws+N
I%f9
l}%2
O!&gK
x&..'aO
M{&=
System.Security
,iWE
5G \
,d|#T
kIa@Z
-&S#
y3$JDe
urp]T
%XI#-4
zrkf
j9-D=
=c/@
ix.O
O8eu
f/MI
B^Y?$
>,zk
Il`({
6@7l
wzAWn
JUFBn
-MRrC
%`9X{
{Q w
zv. {
RZaf
k ccu
(7<. F
.:u
o+U;E9
A &,
aO1<
=C )z
v& iT[
{AJ(X
B#J[
TF^]7I
4Y-":
_5K=leh)
D!ad
t ps
eGS=
=llH
y7w-
,'YT
TJ3\
}JUt
Qn9H
isxC
pB(
42WnG2Qa
K*wV
ONTb
bMZG
r ~w?
F(5bH
~|["
-NJ&
N|HC
w{JH4
9xke|&
cvJo\ %
r)@.
P }~
u>PFz
j:Z%
x x|y
'$pmaJ
&0mg
Mcle`
1}9v
SoFVwNuBVbp3aDUseEEVJIdCFQ
0+.w
08Mt
g:/m4
k3Ft8
@!Q`T
G2Al
ey$=^
VpJAM
Y2<:
\VbU
#AyD/
5=i(
BSJB
4W=j0go
,S!T
0<O*!
B*!,
[Q#g
GRi{#
!?|2
n..M
~OX(#
,fjyC
5%49tMo
2: :
:H}}
FV(f
1LO$
}O j/
HRP4
/?QZmZ
QbLXS Ek
Y ie
<]T6-
ResourceManager
Show
G\dP
ifkBbY`
i-*D @
~)$A;P
I|e4{
vOPv
v=&6
Ws+&
<#E?
q<0`*
a(c
PdZI
J[1m:7dt
ja 1
s1I<
,,9[
fcD!H
E}Rk^{!
X$d-
Z21%
QNtz^
6+]
]k:<
NpsC_y3u
Ol%I;M
hd uJO&c
'zWs
&n=e
n $=C
/zK@~{
0>[u
$W/?
Z/[NT
RNzW
_G'Y
IZt
j{ `
2#@3
~^lN(
(s@U
^ j
c>rN
0eHRH
wfi*)
L9Rx
Q I
~A 8k
j (i]
XSA}
System.Resources
r?_Q
nNP+
dduR(|
Z\jn
mWY\
bQ>U
%gi"ie$
} qs2
:jP&+u
&7g]/
:i.2
iPi4
oy8H.
[ !Y
j5lZ?
M)=$k
8o-|
C[LTN_+
{WQ?
fJ>%
hkpG
*UVX
`VIw|
x ar
3Txyt
+1e<2
}zMe
m8.]
IV_/sV
.9Z.
@e^q
\0V$OR
f.Ci
Ti .
bWvL
%aDs
$!c:
x<9X
P$<Hk
r!@@?
*s3@.W^O
fM*x
H( .
`Ipzo
7ns,X8
j9R,
Gjnj
/ EpOK
c6^L
Kg6/
vv5)X
r%^QK
%bFi
.ulGV
p^Px
1S H*
pEBD
NR u
eP~U
soT=
sY`y
ixfW
-oEA
aF+)
/vRv
_6C@5
ij)#
iq6V
KZQ;>
]Wm.
8GS~
|q3A
r$A3
~zcX
)I b
Sj'f
iULK7
BLIP
O|VV
-e"
mt4Im
9hNP
}W5?
sO Y
'.OY
c5<6
1cvz
HWRSA
[DEe
S/VIl vO
us[tX~
6I(Q33
$3/)l
;}[7
M!:+
h#A%4>
\LOE/
gq ^
i2c1
{T^Gf
n3aryXj
A5Ke>
Type
/nG*
S,&)
N0"
Em7uV"
.zTd
,bF6
"&#[
X+xF
T_|d&
6ylh['
>nh`iD
>J d "
</|{
8svH
"(lm
+x:K
R%w@
[)RT
.^G
Td j
lEcU
IuCHz
FUU
mqU,gy
Yyo=J
5Xd_
+kd9D}
-gOh
S9_M
vbMM
L*7D
yP}z
b%_]
uoZG
CRg8
sx 4m
gY"RY
P`5;
?WfQS-
HPh"@`
:c+f
_n<f 2
_xh'xuR
MZMC
a'kVF
8;vB
}:K,
q]ts
o; VX^
2FV i*d
Z] ?
OrU9n
+#a"
9)Uc
>%AY
pvz$
$5{
9&AV<
g^v2va
5| ]
!>5
Mjg=p
@l2JOsC
BoP"d
8UNf
}1yN
v=(sLR
W-*|'
x z#E
LP3J(
:1;%
eL|zF
O%4`Q!=`
rfnS0
Z|BSG
:]Ja
E4H
L|;W$2
reE]/
TLG
L g6%
-4c
2P!z
OIzib
b/_b
?Dzja
VSn37g
!=OR_p^
c6_Q
R BV#[
Zr4HzV3 2' @
z3'(
DRd0tjT+
F hh#
2ek-
]7`,A
C>>u
|[EdoV}K;
*_Q
ja>R
c!FV
6;gl
#BJ(
,{LlmVe
qSl<FJ 0
r Jn
hr;x
3DM/2
(cpr
Hy;Z
$)+q
8F05N
z cXx
%]LS h
k;`5z
NUT?
;w[;
.cctor
(;>
o+4;W
>!W|
lKi2
1P g
)7%v
!>fl
0IP e
.^>FE
DvA "
YVcn
1=f7
jXOu
:6lph
{m8
}=+`
kNts
{};C3@
>xw f
Iho'
Jr4h.
Go:f}
i.40(tDL?
*h={
CPeD
rqLd
:o{
+q4
.gel
I\l]7
AT==
q:a[Wm
; kE
8cXhh
s[s
}e*M
@^hL
_#hR
=$$r
90{+^
lV+<"
Q7{-G3
0ZENd`
Vz~-
"W^}DKW
sMp
M#yi
6.r
WV=tOnc
d VY
|h h
7nc.
>4 l_
`-v\#y_
X@3;(
2uZMY
/bSnuz
?4%6
+[8m
ND1P-X2
Z~;7'
WkGw `
.Kd`
[(MzO
w:NU4u;
=H%b
-(;xP
Npx1
6fo5
}~B
-X,K
8|78
=G3
^zs#}}
37b8f
%85I
\,s%R
W.3nq
ex"v
x~]J2
] CTxw
jr0K
l '
{2f`w
RuntimeTypeHandle
v@iQ
h+sn
{^~'
SbD@
p $}if
Rush
? OR
6yq/^:
eAhxW
<'v%
E@k,5
TJZ
KW {
tq,3
/$.j
>#{nm
ySg:
L|dF
)idj
V1&
UHXg)
;\5Gb(
o1%7%#
/P_<
RijndaelManaged
f gHx
6h])
}Hq
(VwZ
$8"9
e}43G
V[8n
i7jv
~p|W
.R8c
Microsoft.VisualBasic
_=J%@
9 ]RB
-cjk
#x?^
MgWxM
!DS*
iN s
(DTi|q
Object
OZ53
1e8aoj+
L-A&
.OB/
%2jIbgVOWRfjn320sQ4L03VMhaDHbMK2nVvHWw
};t6/9
#N?U
gXq~
DPCUg
GV(3
x:@m
5$Q2
Yb@"
<1xCl
_WZ gVr
w"Mu
?p0`
!G;#
,=C_
:.aC@
npi>u
$J[.HJ
IDJ+
K /!)0
oJb
f1/
JOl$G,
>]"hrG`
V_r/5
x4SGc!,
+B(fS4
`bO3z
OP{[N
^K N
B,`%
FJ w
,<}{
a`"D
bC><
"agV
N|<H
gos5
<}De
j^a.
R0Dv3LhB0wmy6lySnPkA0sTIkAck
2#8?
0G$(
&hC2
(xO*4A
JZUT
:*Au
u2O1i
=l ))
U(S]
hUeC
;kNm'v
%RLy>
S8Ky
!P;G^pu
.,o{
PkU!
P2P,
PxeX
N G$ )6J'
w3Uo
j!~`aY
;-_N
aj3U
r\8:$
$z;T
+5;
Ft-m5T
&*!AHQQ
Y!jz
C$0xQ
e^o4
0zC6
.ZaE
CRfi
#R-]
?aH^
=]0 i
get_Message
dk0I&
3b)b
U /
yYSR
$AqMzafPMQPzcYxlzQrfaglm83HHkgzkufk8b
g<mz
: 0
Phk3
9SA`
c!cU
Udu]&
+ l
5WjI
9h[~z
!W0i
p@W[
b(MZ
TJlgO
V[pZ
~P}|
ja"$<
6i(pp
'<L:2
*2Y/:
`^(Ed
z:zb
+xF
wU o
hMnal
x+jc[
5DQd
#_L
I#J3
f2 *_
p_mwh
f&Kh
VMXQ
yeI}?o~
X.<
1C=C.`8
"h |
{8mv
Ijfe
HcQ6
n._>
+3
-yn.
_6|J
^Ys3
0a2}
'+$r}
!T_
.:`0
f $L
*1{a
/Ai!PcA
t0i)
D:MA
!This program cannot be run in DOS mode. $
/Z'j9^
X6li
3"yCh]
I1WN
bac;<]
@eUA>
IM[nR
RzM+
UxwX
~<[u
f3rW
f](X
Gc8Ox5
)<L>
I&GX
]I"j
i!m9hO
FX`Y%
^dAy
.P7b
/`;~
L7bx
B{K!
F 6b
3~nA
a8X?I|
|Q]D
<3TP
qb&C
rljW'9
WFgY"
]yd(S8
7bT
qeW]
& ]\"j
Ne//{T\4
Q?Vx
lY;,
U/,b
0Ybe;
@A&e*
Nr~{|
\9YT<q
*F5x
vg^=
V(_{9
]WSbU!
w!=i
Iy\aW
D7D[
rA o
1oZ
KwAH
AC `.c
n3G~
.=Fb
K(Z<i
i !K
57Y2
Ibp2:
xo} 4+M
gjuP
LateGet
H}4I
4514[)
`r T
pNE"
**}#
<*.=
wc8\
,K<f
IdnU
NJS4
80:9
Xsxs
Guj5
xG,x
4p^;
Bal 1
Ylb5
qH #
i~I) -
A[FxJ
=[^q
dn2&
m` ^
U}1z&
\RRe"^
7S`B
/Spy
C`H;&
G Z^2XR
mz|bM
MWs$
/fcT<s
wrl3
pjf5C7;
aIy-c
R`D8t
*q2I
h)332V
]m+82
bX.;
^Dx7
S`s4
Fc'A
k o:
eG]>5
_#C?!L
9KY{P8
/58 1
Nx]%
d>4$
[hc8
pTL
fy-
p~^T
hf)Gib-n
% ]2
6O/S
M.gb6
9#Yu
_`S(:
hBEp
u"=l
Mj S5.
O7C\
W,6'%
A 1kn
d|BQ
,-$lR
v-3n8
3 ]Qy
Y_-<
T}#i
B&F 2
PlNot
8o .M<$
'pn2
I&^i
yH'ts
2T'
2~Ra
?#K?(
m.p_
6M=J
$>_`
s;{~E
AXQ8I
.:^naP$
;RV??
-PH0
; 9
_[5Z
Q0vz<
m~xvz
bI}xVb
?Pwd
{A21g
[qjI
u# L
>*~<}5j
};[0
Baj*^
ziud
=]-<
2au 1
`AGn
,_k
3U K
& D&
aL}4c
q_$4U
_Mf
G`*)
-~df
<rgJ
d1t&
2W$'
8<f|J
=HQ!j,4
cQj 6
,lFa
aCuw$
:~1
~%]'
Dpvf
|_`eQ
~$5&i+0/2
,>6=
BX@`
(\ml
]#a~
*h3nr&
VOJwe
;=V
g +3"
2 ]h
%}NFr
Nz0:
>']}e&
se@^
.y:a!e
cB!F_H
Vy@
F)%
cP<G "
O*9M
] _:
q$jG(
@ w#
!pYzS
T@0Q
{DL$H
_ZmSj
~"rf#(
%8rA
x2e
mT@L"
}Dra
d&H I
CQ:t
_0\i
b\8+U
STjm
42{*
mg<
7,El
#e1H
}~K/n+
Yp>k!
kd Yf_
B 6Pim
bPft
K1i ^.
EvEN
$BJE
Xrs=x
ZQIlq
2 >~
N{9{&
U 1[
&i+ "
Q+U62
Yv;a]
x2C;
3Gdz
&-&uR
t'CO
He9E
0R&(=
JqBH
n^>> O
#@is
jV"\75
)xU9
6lANE
I'W_:
#v6iYtBQJsqHtIRJauSY6wWomOYhPy4iBBqz
88bC
A}iO
L4P-
]x`6/
#X-Tb6W
r"P fv-
Z+]z
1Hj-2v
fiEs
:6 +sUo?
78qyrS<
+00
N-\h
H]3<
Gflp ;/
S724
z)3$
I!1:
hh4<hz
St=!]
c.bw
{SE:
wO@&
q()CH
D@(z
|BHa
Rqzz<
#Ad#]
YN&
H|s}
'<Lg
!dc7
nZ<
&jQfk
BXVJ
4gc
),x|Z
('Ur
*?#
,A 9
=8-v
me.i
hn!
`*TD
G h["
/=u*
v+H?
(`$C
X?d@J!:
o-]:S]
y%MR9*
7y~vJ
V.~CN
VJ9j
Attribute
B~ _E
eNws{
Gq7L
bbA{
MethodInfo
h!qp
R zV&
#2jlCe>
E m<
FE:F!
'|uy}
H%Kj
%[eK
Ak0!J
hn6=
9:Gp
Khw/-
;1@.
CompilationRelaxationsAttribute
.7h~C
Ly5P
p$K_
, 6<
!'H
}G~5
[^Jf
FJGnr
n;~6
9 K>
9jTm~
1!;x}
8RlJ'
vq'.E,
mN,)
h} A
mI\%g
>9F_
T9E+W
eB|:
(wawo
x_h7
{s:]i
bh+O;
zBm$
xaE>
HdPM
>Bs hl
Zj@Z/Z
H,VvX
E;BI-
l&0.
OK!8R\
9T,+
#+}[
X 2|
1g.+x
YCv<
(cq7
3ahz
lO&f
~WPy
865s
u6H"
Fyi
\+|8K
Hql@
5fsv=
tG=FE
[8@ c
1N]
-(9a%
H1zZastEnHZmf1JvzKkPF28Su
,aY1
B6X7sPHpPw3jXxPDStKqZYhvinTf
, R)
@7Y
dT+I
\2 .
2i?)V
pV v-
.*%{
System
GZ60
get_EntryPoint
+D?}
|k{C/u
qF&"
s[F*
9t=[i
v467u
K4L.
AZT-
2Q1]
G$W?
#!~ jw
j%9IP
pVSM
]p"?
yN~jO
yp~
wmSzP
O$RLJo
_]2d
c<|`o|
K:g.
,2W I8S9
sFkQ
'Dr;/
E{k/
.Jg|
':O2
\mk<
?zH5
5qV3
HN &
& <gYob
PvH]
_s|>
u$60
a a
2p^X
Y8R4
+){Bg
8 .1!Z$
*zc s
RMFh'$
3|ME
~^i^
CG)d
xLt!fz
eU't
\mk9
C/*}
`g '"
uVvw
?j5\u
.W @E
)cKb,6&jZv]aXa
kCW"J
0b}o
3$1<q
MJ<u
v:-4&a
SKc_
f m00
x+~3A
RLz}G
X|&>
b'g,I
/S]S
(HDUdK
e>%W
S7H0
vGD!_vo6
`+AseE
O*eg
7d 1
6|RG
w.[6
P]"v
{% ^T6
7Y+wzHtP
` 8
P@hH
0E68I
4b=R9
pR'
jQ#Z
- |!?
K:y
c[ &
3 Qz
d lz
kiJs
qPw^]
y=+ ]
6R]OA
h_"~
0s$c
1I6O$
\c!>
dGnA
r_ O
IAe2
Bc /
=Gt%
HU}(yC
Q$I
lhh#
ZdcF"
6bu>0
fKp}
$MnG
8GL'
Z_Z0l}
7O8
w3en
FanSeYv
-,y
m Kn
(*5XQ
a _
gShR
sG~X
*!
Cd9K`
SWX?&
<fdK
~q(
3hQ(_KJ o
B5t`
Eda$
plNjI
PI.4)H@
m%r'
! ()H
yMGZ
PKFVU
g['I
Wyu
Z\ Ll
uy:(%H
j*zE
u8]U%gh
x/L"i
+ .p
8qu'
?|2D^
P]\P
|`%/
-7Ns
@Y 9p
L-Bx
JL:Q
Z`q5@
^}w(
_QL{
8+3G
{Cb(
ps}``
wNa,
oz.d
b!?N
v+kn
List`1
,db~
EI v/
b^$h
,]p5
I=Fi
ek;%
mscorlib
jnD9
P?u"Da
"0:P'
#x.d
#'Lx
(;-'
,=$Mw
w#H1[
:sb
P]
9Uf,u
hYG
|c)\
f:|u
"~,v
1m_
@Ay
cUUZ F
!Hty
"<$LSm
eQ :
( Cb
Vu>|
2xe"
96B)
(b_7
~g |s
`Jk3
XD OwX
0rxi
x?~
9#AvK
@qgb
OHC|
j6;P
u$G3#
j q9X2
ha[0
+~6o9
2lc4
}S '
Qrth=@
<NM3PU
- )4
[6 uT.
N{~n
I5Zo"t
#|7)F
> $
aP =
O^%i
$o'b*g
C={h
sy b)
"!/7
G:1n
/B~Ox(
y>(q
s)qE
\Er#
+<6
G+gu
S FV'
:wZp
}NTCS
, nK
PbXK
oVgd?GO
2Vp&L
KQ@j
ok;-
gK(w
7W&It
"HPqg
B4z?
ABHe
S^v
3}o
*Z '
oj]7
v ^p
'i{&
D}EPc
y9Kg
:)68
l::_@
/y"g
yU9 S
jl 5;
p^Wn
^Yu.
I nN8
qVi32V
.b'z
@rs/[r
AejUV"
Cnr;
] ab
+,Be
YT/8
[Yw
HE1_
sW=bC
{ #]D
HXSK
\JR5
r]<2
35`% =
"fJwq
5QX)
iSrd
X9[r.
OdCQi
5Nh#
_*rk=#Q
`@nj
1Hoy
3x~?
|4U>
xgxp
BbJz
PMgV
t ^t
4mg
Q1\y2
Nc])a
aqSr
7wmM
5=?3z4
<6|M6
9&9B
9SV
Hgu<
w/ h#
!Jw;
| #{
gAZq
$Q$>
p/CU
cW<:
{{OY
\U)k
>:S
H}2!
rn*1
'Gl}
gDC03
OIZQ
&n,g
c%qG
?>D
$BzEJbSxMI4ut6IKVEnUkfrpQghdVukcVaMX4
o|'X
rWa5xG
set_Key
>]0FZ
|X9|!
N6p
*G?0
I~K"
Z_1u
8Xb^
dd0r
PI;$
#Blob
`mtk
f<"e
)m G
&*s6
,BTy!
FaFB8
/]IY7
g=Mz/
H9f,
lx(
i03Y
dg9!
_N)'.
0 &p
K7n0h
C~Nj bw
8 \WO
/-D^
wprT
nxS`w
Yej]
y.a>c
y~s)Y
@1 "
ii/Z
"Q6UA
ToArray
v Z6
^{RT
OIo[
Ja/t
w_a&#
1xe`
C&> RA
|U,c
8-s;
H5g(
hLI5
3Cs<A)
,iAF
fks=
New-order-pdf
jZPs
Ymzq\&
(zJv
e"HP
EEb--
\)|=>
b^EV
bWYPMS
9R[6
w|D:
g@1h
*0|w
wNb\ -
(v+@
z@"S0CwH
]D:|5
:"G2d
_QC%D
`8 J,
|jAwq
6[p`
ujbv
]4i>
B%zF
E Nd
95_e{
aAw4
Z, _Q
:.x+
Qj57
|0jNAU
f @]"4,
B2JQ
5V`'
od}B
U/;0
s4uD
%YdA
47J=
RY9kL
#u 7 I
s`?d
":2+
}0/4
Y2[4
GBax
yf"(
IEnumerable`1
='Wc
CFbO
v1wb;ZD8
#X=f
U>N k
_Fe&A$#
,Nf]}
;b;.
2B%['
eg2b
]p>X
qH8[}a
3w(o/
U@(h
]`v
4z:t7
-RW
B5P_
@7#1RKK@a7
k`iC(
^!{KF
&RDr
Q4Qw
Y(r]
,4MV6'o
~z$5Lt'
siUN
b:IR
v`%pHG
ConfusedByAttribute
3ma8
"/J;
G7+N
#ifd
iu?A|
X8ZN
Xdtz
t;Jo
1K*q
|#)Y
BW_o
sMAm
#|&J
XEq'
ocG%
n{L
h|n"|Q
w48
*2E9
m`Sr!mB
+zy,
*To*
nwBl
7q2\?k
06.6_
LHh<pvw
Us29
\cjh
`$VH
+- \
FKkI:
7*k']
d>W\1
b;bQ
&"DU
'T@3
sZ*#I
N+)Y
gE8(
a|D;
E{Hd[
".r#
&6_O
)Wn!
svS|j
g+F"Ffu~B)
>{8%
k.b-
.s`a#
cj}G3
z90}YvZ
d,%A
c?jW
f8A7
8Sl ~
=Hk6
h?>t
\ J'%=
im;\
T82{0
TdW~
KX&[-u
GqUV
Oa- (!
8$/e
W'L
4"1g
v2.0.50727
C.j5
E)Gv
l`3?3
Nayd~
zzlf
|Cb p
uU9T
Sq %R
sHQ4
I*nk1A\
I=^ 4
!% /
RW$
r<#Jf<,
6d h
V6 ^
4W ;
r&oPo
ssxZ3
:GN *s/
%s7H65QwKPztp6RG54VZx9GTpxdBk6hjOWEpng
<"(5:
F~4"
}sF#
{h6y
cb\N
aqE7P(
U0AqZ
hL$-
juI~
J?F<w
x\Ss
GF>][
8RHtv
LujG
@ O
ng$A<
7f.
'5{S^Z_
* z"z
K{W5.
Wld
?2| vv
GLucPZXBlLQOU1LtHgmI3InZd5YY8d5G
sZ>=
z\S)*
#.0Ls
Z]`~&L
7&mK
lAv_}
FR'W
<(?D3
q "p4
zua Y[
boj6
iwq
b[q$
8>)en3
L2Nbyn~
}4(
3{W_
oq~\8
UHC2
fr"iW
NL+;_{E
821e
a*y
w &?t
L! sl
{*Bpd^}aU
,dUv&
8%0_E
EnHJ
E!{+=
WDB_
> H(
&D=
x/yU
HEO T
eVih
0k|>
Ad!7
=oRj
|/y]
jK.r
0G {
sCI8
RS+ /
ubKf.:b
YU=A
T[.$
<tmw
FwAP
<_) *
mpP,
I)2l?
xzP5l
M_Fb
nKVE
Uri+F
@-@P
B'Zs_W3gr
esY'
6Y>,
*iBk7
[Pfa
aQ>0
-@"b
)(99~
l>$%f
U ~N
XqKs
/>#r
SXLm
[x+n
iGtkcOj`
[z,_
9RT$
dVF"
wzs$*
e_gdeU
W5D.Q
Y6)=
<6>tu
L'^&
;f5%1
>i<&
uW>q_
oW.X"
j8: c
2pH'Sh>
s:I^Hd
'g
WQH'
|,S(
`2G 5
n:h,
#:PzV9
:M
>NIDs
GOc
eby:
d% y
r{sh
%K;,
rd|+
DKo9
, g&
N&cF
-7 K
,5'9s
M+tJ1
9?I@
uw.t
K&pr*
]: |
Q 0/
u8vV
1K0h R`
AI]
AOvn
!$2 F
Qe1x
\&6J
FM""P
,Okh
o 7|
x/EC
U)p2Q
e%}}Sr
Z3`R
W4=ajX
9Ok_'
~^URd
Gvst
R%.
D62 T]
{+"m
vb\6+
~"X>
`%4"xjp
c}Ko
/]&Rz
$&>t
^TD,O
fL<=K
,a}Y\
#kp(
\CeJ#
|zRY
Tz<4
MF0c
WIaT
ZdJ8
+3XaE
W$&i
R!*>8
1.4)
sk)\
:7py;
\#/=
' 'b
bZ DV
#3RnJMowpFS4vCs1Mma7c4ysisDNKBkKXfyS
i?vY|!
GeKa:
p3Z a6
b'osc"
oqrQY
ToString
+fHJ
Bt\D
kw3kp
=%~b
](23
<u=NY
aa4E>
JC+~ @
Tv y
G @8o
/X,)q0
H=D
=#rl
fd6&{ P
AV.x
U"+kt
T] X
aJUT
]OTK
-G=S
(}#}L
ItuO
-YN>lnLD}
1_ e
"0TZ%
ln:2V
7 ad
a"51
kFDl*
HsvQ
9LEWa
\]9Q
%| :a$
9O8M
WgFR
w!w
.03)
A2>
hshz
#Strings
Plfd
EVlw
SfzpF
<%bU
umR:8d7
5rt
B @q
9 ?1
Vm\d
|.O#.
tt{3/1c0=
%ifkx
[}XI
n.pJ
q= K
4!,yYpb
:"
-[dv
?\h^
sfd%$*
`Dza
<uo<
c &:
9\L/R
|B"V
T MCW$*w
^5>l
/Z ,
W>c!5
6CFS
W{*`
kia5
e)&'
\'f:h&,+
u,."~-<
VgbF&
D'av"g
AD,n
fBL7W8
={Mz
RfT-A
F"4!
]y7x
t+xv
p=CE
juHp
@?Za
\Bg;h
~xvG
Kz xgY?_aKR
~ +f
Pjx9HV
?0=W
p3CZ
8 di7
&V:%
bFK-%
C&5I
zk1X
kUa"
fW/n
^'h5
#W"=
"Ar
8<kr
,><mQ'c^*
gB_GF
}DKI
qMME9
WWS;F
B_P]m
8^m7J
ZN3_
UBHlu
uv5J
\?5
'Z6HL?
|Pem
\AzG
=uF
[/W
p"K3&
lQY"$
"#QL
SiX|-v
xMQ(
9I*7
n8
_*0Ml
#Vp w
H4&G
PuC
IL~i)
}!z<^
eh"F
fhk,!
OYLD3
S?B-5
{*-\
D'\7MFi
CHo.
b+ ;
R^pj
E!YJ
LC7{
, .`
Gg!m
cUF#LB
B[5Iv
ga"lY5
=Ofz5J
9zDCr
}VKbC
<$PjR
Hn!Z
'XWE9E.
CWQ'U
" nJ 6
_$3
IvZK
8U f>r\
C [A
vC5S
rwR*
S!F9
:.O1
zf8}
Bc~7
t!V{
4bGn
?gLG
0?(F
\*#,
0SrC/s
-%Uvb
(V]i
LZ# X
|-vY
#8XQ%U
j +,'
:hYT
pFF:
j`e(v
dBEw
gp@P
q:?3
g`K%
zP2{l
$b"KHK
bK7T
&BV -
_8F}
$&S
x_II
%E~d~t
- !T
"V<O
u1}Y
d`OQg
u:%
57nH
#Schema
u2K{
u)v$
o55 >
)pqJ8v>
Z(f>b
@T 2
mq8q
rs:Z
[Z6j\
1:'4H,J
/.Tht
na?C<
N$t.
*8Vy
\ hA
:naY
@q]o|
8<QfO
Rv#Xn
go*|
OosQyE
pyp-"o
/Kf;n8
;pKb
_Ef:
6kJ\
"k((
gQi
,-^@
A=$[
5yXn
&fV2
c1#L
Hmi,
^t`W5
;1D$,
lD"emG
^f #(
(!/:
&cLz
FT7\
:b(|K#!
rDKd%
I$q*5
_+6W
}pYAp
]Z5p >
5x8E
\yC`
d&sk
2/ix.Q
(UeM
OM68[
^1w.
crn
2Sw{>rZ
EZ/
o[7J8$
kSOW
eCo<
wy .)
u?'K3s`
}z=*
1\Hi
ywM
. 6Yzk
ni:4
I+^Y
n6 3
f mX
iXW/
W>X+
v^cO
AR0t
\!UB
;vhAC
xp"5
UO)s
i$BF
#\vc/
9$N8
?qi@,+
W* ?1n
, KTA!95
!Jkr/
g( R
< :K
Z]v@
Hp
!&xZfm
i.t^
IeW-nw
CreateDecryptor
]VRa
I8kD
J{Fv
SymmetricAlgorithm
gV5
dJEF
.Q>v
-1yiu
*!.^
V) ixS
5)kVrl
5j
v}q]'
Y.@T
>"kn[ p
~MZSA
@)to
0hK6
rV<Fv
KoaB
1Q+e::
5?:`
KWKx
E~`Mt2
dn(a
v8OEpebzWXK7qpzlWTbscLi
(J35
]Y}w
h}Os
#EQB
RV84w5,
T}B{
6f I*
?wVc
d<<P:t
'o(3
/hlK
a0[e
mUJz
Zb+B
%.E(g
^{2"T
e:. 6
>rHvOu=K
V?qE
0]#]
f3dg
?p[W;
8}+b
gD/+
5*!b
Sli[
6G@0Q
;]m}s
|.4M
nY`g
bIXR
eXab
@>(9C
j= a
o+n`v
G@DTG
Oo+r
|)=I
&N4M
LI%T
l\"M
# (-H+5
uvV:
5_}&1:
Exception
+Oj1M6
6~e^\
@Qag
1= :
+WW{
b\@+\lm
^r}
:T*N
[w``te
~B[J
L=Hu
M3I
DRDl
7KT
/ 2
:pr+e
u29`
()S;
f_h(
QL{p@
O:Y7
Fo"9
I^& >0
/vO
9y\Z@v
U!<
fCCM
C.wH
D^kCfSJ<mVl
Qprw
R1?q
a=o#w
?k
:\/h
L52p
s e@J
%{#
4y= e
?:\G
#(cY7
&^l3
<A0l?
:='C
+mK_
h[q]
K7w6n
*}#
w} !G
&5VV>
K3p
0s;3c
Hk[j*
Gm(+
=z>!
~~1"U
u' 8f
H(mr9
5&=2
]6$S"
TZ\x
B;-! m >q
@if(
b<*T
`*"N
E>.T
n7|$
{JV
IO:PD}r
bRI$
#:)5
0HB&d
t^vb
k)Re
2"**
$E=d%
'dl4
uWG
X.z}y
bTmHz
y|\S1 J
7k;ec
Dw`j
h_E=\
8#cy}
0 &%
(<D=
PTCBs
W_ea
HH(d
/g)E.
pYEr
CE 1v
w@z
A)LhP
DQ-Y
>p|W
%K`K~
f$4Q
[ a0
rg~3c
6..!
System.Windows.Forms
yj (
9aBR
zS[C
115~2Figh
I 9\ \
CQv5
2r$=
^`j@)
@'+6}(?&
BUZg
\YyU
"4;k
+C +
~lQ]9
*$XW
;q6t
(lF/U
8du/vt
|IB
)Rwt
~Rd
(%"@
^~-ucX
fhm/
`n/N#
:}8'
5MkbK*=V
))B<
I ff
W0lZU=\
set_IV
l[Ve
=iA"l|S
t7ls
'W?\
+e-q
'r(Eh
@h
crVo
Tr/; nX
=oTR
{E[R
p{U/4
X0o;
)r;KM
cL{r
g=:)
.fA`-*
AD96MZ
f~im
7G/
E*L3
=ij7*
JMs4
Kk ?
7/*qxl
/LYNZ
/nX:IM
mcG)c
zg&Ru
ZI#4
) xK
pAL]
xI?_A
H m
>dh==7g
Nq }
@E97$9
-#fu
\6"x
E2_M
h!uL
L9:0
h$?JWR
';~q
v0d
UfLk
`++0t
o/a_'
\<]!
Y n
tJI#
b #o
U7VOb
,.g2'
=Mlu
qTdZ
hLKN
='?P*@
O2TJ
P#E%
g>TC
.5mj
)@0uG
/cG}0
;] Bcl
u+m]
Gn`\){e
I%4F
C0Z<
G\VL
5,HxL
jso.
;:g%
XP|4H
A9V
c-SBBc
d=`B
/2Py
|~vV
C=h`=
boX&7
KpUV(
9jVa]
O[dq`^
9:Y?
<*#(
u c
NDI)Zz^i
ooLC]5
R5yZ
M}J?
2.uBh
lxUp
M( [6
);C,Yr
6O>V"#
&N-17
hy`w
#Mt,
FnBRy
:E\A
r;+$
'0iuu
6`'#c
GY .
<fD:
3Qr p
1xf1
yJpP
": r`
a[/fqL
qYn
gZm~g
i='mh
q[p@
#GUID
TyK7
QMZVUXTU50xoi5GQ8zQkdSuaSVx2
W;M
i;S2T
\.!i*3O
,;`i^
OU{5
a07g
o a+
&g,O
)rb}
0[2^
c|%^
|)Y<
#p:~
+e`Y
ZPIe
z]0U+
{f2vf
!1"c
)F;o. x
s uk
mKly
[!lV
{lN^
4r2u{
A=N6
pFYr
WdNH:s
7]x\
#.G
6 zt
Cs &
e>kN
Ig1s
%S.s
2ClF
9Z 1
Zd t >
/5T0
>kb{l
~oX ta
s^T63cg"|
v)PH]
msf
"I0d
oa >
qzQ
_ AE
Q0c)
-84U H
T O4_
HZ}"
&oU[
8~"~
{a40^
BZA!
5*5w@
xtdPeQ2ZfR9b3pUVVqBGvn1nlo
A HV
=koV
DZCc
H8J<
?Tz.
!4
P[nk\
?.[
Wd '
^
U%&
W&lD
w7"R"b:
:V&g
]JI
Q}*A\.;,,
w ;:
U=@i
f29/
]2B#
$I6M
d L.
sJj91%>
l Qc#O
`Id^
iJ@+
ciR8
yRyE
N2!k:
~l0S
gg411
~vQ
M/3PCC
C<L*
PrH4
0C}u0
Uw?y3p
IYn#<
PoeT
e=!L=
M+L:g
{y7n
h(_a
PZf u
x4)
r 3
!bMSresV2p9A2KfzXKNJ8DGtwfUseLbdDW
y3 cW
&)v"
Q4O;
{]G:
2A XEp
Z:Lf=
Ah@u$/
^ ){
TJ @
DOW\
{~|\
9i(
:9~Y
l42)
{6]BI
zY&o9
$,;~E
c6Qhw4Z0uTTjkiDl8HQ9yYiLWYdXF
:%u+
.zM7q
on4h62
81m
<}W &ST7
J,0B
mIU@h
0C|k
U@cU4
5 <a
?'a c
)S~$E
/%__
d]
)rT
bYfI
FPHD
c"Qx
$0 s
_<Jw
6oi|u
D:Wo
T ?M
T2 P
c.UW;
r Q?
$2a
uPQO
sj?B}ea
j7f^x
kb)
T?^
M<~
2V)4
4lg$V
5MN=
nnL7
OqaO
27rl7v
J:i
(s0l
Nlj0
lLnu
w^w^[9j
p}uv
!4_l
kO$?
sUg'
uK-\
[kYb
M-/'
[`Z-
T",7x8
&p6b
R2}~
Gi~b
A7F^
4t\S
z}h Iv$
1u~_
p<Ut
")5H
-y5G~
hW\0
E${x
Hb}4
R8L!
6a%
\*3B
oYAaW
>I7WC
I}oF
c$ <?
s4'=
81(n
*%MK
N[$b
l&x
Z2)y C
&yS2
aKUb
U1Uy
Xhyh
5xvq1
Z q
System.Security.Cryptography
oZ[.^f|j:Ag
{"Y<A
:':U
;15"G
j*&
B!65
%K'~$T
wSFed
]Z;O
*?2k
-x4"
<H6T
}{~Rd
t >p
]\:5
1UGA=
,B?pc
x*h@m
l'@u)
HT3`
zHI#;
;fV
hUP
+L
4 ]1
6,USi~
(B@-
S],P
B&hh@
y?Gc
_",N
vZoF
LS1!
BnX,J)!
)/SU
t J
NMir
E73v
h y6KO
oSeQ
7R >
0'& ,<`
a [k
x%/l
O#b4
Jn4{
z^ a
ONs?
>qap
$e|I
YL]1
JjbXc
z[JMO/
\M-4
TJ}h1
z,V0
@~pR
A.|s
E\:G
]|]G
G'4n
>LYe
U| _
e; Tj9
TmPM>
'5wh:
Y;j3
<pZ\
6ZJ8yt
"*eB =)
wJyy
?KHc
x<G
^dYeF
TMjG
#\+kB_S
'Dq
r=3E'q
0G?/GF
$a S
qxlTpOcXKeCGfmySLP3d4C7azHc1OkRc
StringBuilder
0R:J
e4+u
nTh@;
""Q.
c</g~
<wJO
Cww'
)En~
.^[v
1 2+s
S{Rt
V|cE
cI6M
{{&
x[>0
[>aVr?dN`y
dxFy
U?i+
R-k/mY
Pz%0%#
a18A%w
YH/h
D6:'
\ 7%
CCm
6W;
SqD+
_~nu
HW 9y
C+0W
H \aybt
z|GlT
P`OE
v~4K
]se/
Q2uW
'rh@
H@{#
FY#5
QYoc
[/p~YW
;IQP
f@4^
|MCV 5
:(8;"
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-05-18 17:20:34 2018-05-18 17:23:31 177

15 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-05-18 17:20:34 2018-05-18 17:23:31 177

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\New-order-pdf.exe.config
C:\Users\Seven01\AppData\Local\Temp\New-order-pdf.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\New-order-pdf.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\New-order-pdf.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\System32\tzres.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Users\Seven01\AppData\Local\Temp\it-IT\New-order-pdf.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\New-order-pdf.resources\New-order-pdf.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\New-order-pdf.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\New-order-pdf.resources\New-order-pdf.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\New-order-pdf.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\New-order-pdf.resources\New-order-pdf.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\New-order-pdf.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\New-order-pdf.resources\New-order-pdf.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Users\Seven01\Pictures
C:\Users\Seven01\Pictures\Google.exe
\Device\NamedPipe\
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2480.6074031
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2480.6074031
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2480.6074078
C:\Windows\System32\Branding\Basebrd\Basebrd.dll
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Seven01\AppData\Local\Temp\"C:\Users\Seven01\Pictures\Google.exe"
C:\Users\Seven01\Pictures\Google.exe.config
C:\Users\Seven01\Pictures\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\Pictures\Google.exe.Local\
C:\Users\Seven01\Pictures\Google.INI
C:\Users\Seven01\Pictures\it-IT\mscorlib.resources.dll
C:\Users\Seven01\Pictures\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\Pictures\it-IT\mscorlib.resources.exe
C:\Users\Seven01\Pictures\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Users\Seven01\Pictures\it-IT\New-order-pdf.resources.dll
C:\Users\Seven01\Pictures\it-IT\New-order-pdf.resources\New-order-pdf.resources.dll
C:\Users\Seven01\Pictures\it-IT\New-order-pdf.resources.exe
C:\Users\Seven01\Pictures\it-IT\New-order-pdf.resources\New-order-pdf.resources.exe
C:\Users\Seven01\Pictures\it\New-order-pdf.resources.dll
C:\Users\Seven01\Pictures\it\New-order-pdf.resources\New-order-pdf.resources.dll
C:\Users\Seven01\Pictures\it\New-order-pdf.resources.exe
C:\Users\Seven01\Pictures\it\New-order-pdf.resources\New-order-pdf.resources.exe
C:\Users\Seven01\Pictures\RunPEDll.dll
C:\Users\Seven01\Pictures\RunPEDll\RunPEDll.dll
C:\Users\Seven01\Pictures\RunPEDll.exe
C:\Users\Seven01\Pictures\RunPEDll\RunPEDll.exe
C:\Users\Seven01\Pictures\it-IT\stub.resources.dll
C:\Users\Seven01\Pictures\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\Pictures\it-IT\stub.resources.exe
C:\Users\Seven01\Pictures\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\Pictures\it\stub.resources.dll
C:\Users\Seven01\Pictures\it\stub.resources\stub.resources.dll
C:\Users\Seven01\Pictures\it\stub.resources.exe
C:\Users\Seven01\Pictures\it\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\Google-Map.txt
C:\Windows\Microsoft.net\Framework\v2.0.50727
\Device\NamedPipe
C:\Users\Seven01\AppData\Local\Temp\reg.*
C:\Users\Seven01\AppData\Local\Temp\reg
C:\ProgramData\Oracle\Java\javapath\reg.*
C:\ProgramData\Oracle\Java\javapath\reg
C:\Windows\System32\reg.*
C:\Windows\System32\reg.COM
C:\Windows\System32\reg.exe
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.exe.config
C:\Windows\Microsoft.net\Framework\v2.0.50727\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.exe.Local\
C:\Windows\Microsoft.net\Framework\v2.0.50727\RegAsm.exe
C:\Windows\Microsoft.net
C:\Windows\Microsoft.net\Framework
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.exe.Config
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\run.dat
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\Exceptions\1.2.2.0
C:\Program Files (x86)\UPNP Subsystem
C:\Program Files (x86)
C:\Program Files (x86)\UPNP Subsystem\upnpss.exe
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\UPNP Subsystem\upnpss.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\it-IT\mscorlib.resources.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\it-IT\mscorlib.resources.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.PDB
C:\Windows\Microsoft.net\Framework\v2.0.50727\RegAsm.pdb
C:\Windows\symbols\exe\RegAsm.pdb
C:\Windows\exe\RegAsm.pdb
C:\Windows\RegAsm.pdb
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\catalog.dat
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\storage.dat
C:\Windows\Microsoft.net\Framework\v2.0.50727\ClientPlugin.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\ClientPlugin\ClientPlugin.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\ClientPlugin.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\ClientPlugin\ClientPlugin.exe
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\settings.bin
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\settings.bak
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\Logs\Seven01
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\Logs
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\Lzma#.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\Lzma#\Lzma#.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\Lzma#.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\Lzma#\Lzma#.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\it-IT\SurveillanceExClientPlugin.resources.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\it-IT\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\it-IT\SurveillanceExClientPlugin.resources.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\it-IT\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\it\SurveillanceExClientPlugin.resources.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\it\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.dll
C:\Windows\Microsoft.net\Framework\v2.0.50727\it\SurveillanceExClientPlugin.resources.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\it\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Globalization\en.nlp
C:\Windows\Microsoft.net\Framework\v2.0.50727\dnsapi.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\New-order-pdf.exe.config
C:\Users\Seven01\AppData\Local\Temp\New-order-pdf.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\System32\tzres.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
\Device\NamedPipe\
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Seven01\Pictures\Google.exe.config
C:\Users\Seven01\Pictures\Google.exe
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.exe.config
C:\Windows\Microsoft.net\Framework\v2.0.50727\RegAsm.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.exe.Config
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb
C:\Windows\Microsoft.net\Framework\v2.0.50727\RegAsm.pdb
C:\Windows\symbols\exe\RegAsm.pdb
C:\Windows\exe\RegAsm.pdb
C:\Windows\RegAsm.pdb
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll

Write Files

C:\Users\Seven01\Pictures\Google.exe
C:\Users\Seven01\AppData\Local\Temp\Google-Map.txt
\Device\NamedPipe
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\run.dat
C:\Program Files (x86)\UPNP Subsystem\upnpss.exe

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2480.6074031
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2480.6074031
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2480.6074078
C:\Program Files (x86)\UPNP Subsystem\upnpss.exe
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\UPNP Subsystem\upnpss.exe
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.exe:Zone.Identifier

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\New-order-pdf.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e76fb06\625b6f07
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|New-order-pdf.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|New-order-pdf.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|New-order-pdf.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\c4db71d\27446910
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\c4db71d\366c98e9
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Google.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|Pictures|Google.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|Pictures|Google.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|Pictures|Google.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Google-Map
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regasm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5aa75839\10fdf3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\mscorjit.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.Drawing.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.Windows.Forms.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\UPNP Subsystem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\UPNP Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Windows|Microsoft.net|Framework|v2.0.50727|regasm.exe.Config
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Windows|Microsoft.net|Framework|v2.0.50727|regasm.exe.Config
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Windows|Microsoft.net|Framework|v2.0.50727|regasm.exe.Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\culture.dll
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\diasymreader.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ecde57e\31d9ddbb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\a054161\46043f61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\219e9581\29613036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\219e9581\26d59603
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Google-Map
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\mscorjit.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.Drawing.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.Windows.Forms.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\UPNP Subsystem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\UPNP Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\culture.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\diasymreader.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Google-Map
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\UPNP Subsystem

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
Global\{38bf781e-b7d8-473f-9d3b-d158d61dbf9a}
Global\.net clr networking

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.VirtualProtect
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtProtectVirtualMemory
kernel32.dll.GetModuleFileNameW
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.LocalFree
kernel32.dll.CreatePipe
kernel32.dll.DuplicateHandle
kernel32.dll.GetStdHandle
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.CreateProcessW
kernel32.dll.GetFileType
kernel32.dll.GetConsoleCP
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.GetConsoleOutputCP
kernel32.dll.WriteFile
ole32.dll.CoUninitialize
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.SetThreadUILanguage
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
ntdll.dll.NtQueryInformationProcess
kernel32.dll.GetTempPathW
kernel32.dll.CreateFileW
kernel32.dll.VirtualAllocEx
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.TerminateProcess
kernel32.dll.GetNativeSystemInfo
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyKey
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentThread
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetModuleHandleW
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
user32.dll.GetWindowPlacement
user32.dll.GetDC
gdi32.dll.GetDeviceCaps
user32.dll.ReleaseDC
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
user32.dll.GetSystemMenu
user32.dll.EnableMenuItem
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
user32.dll.GetWindowThreadProcessId
user32.dll.PostMessageW
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
user32.dll.GetFocus
kernel32.dll.SetCurrentDirectoryW
kernel32.dll.FindResourceExA
kernel32.dll.LoadResource
kernel32.dll.SizeofResource
kernel32.dll.LockResource
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegQueryValueExA
kernel32.dll.CreateDirectoryW
kernel32.dll.DeleteFileW
advapi32.dll.RegSetValueExW
mscoree.dll.DllGetClassObject
mscoreei.dll.DllGetClassObject
diasymreader.dll.DllGetClassObjectInternal
kernel32.dll.GetSystemInfo
kernel32.dll.CreateIoCompletionPort
kernel32.dll.PostQueuedCompletionStatus
ntdll.dll.NtQueryInformationThread
ntdll.dll.NtQuerySystemInformation
ntdll.dll.NtGetCurrentProcessorNumber
advapi32.dll.GetUserNameW
user32.dll.GetForegroundWindow
psapi.dll.EnumProcesses
user32.dll.GetKeyboardLayout
user32.dll.RegisterRawInputDevices
user32.dll.SetClipboardViewer
user32.dll.SendMessageA
ole32.dll.CoCreateGuid
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
kernel32.dll.GetComputerNameW
advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
kernel32.dll.CreateFileMappingW
kernel32.dll.MapViewOfFile
kernel32.dll.VirtualQuery
advapi32.dll.CreateWellKnownSid
kernel32.dll.WaitForSingleObject
kernel32.dll.OpenMutexW
kernel32.dll.GetProcessTimes
ws2_32.dll.inet_addr
ws2_32.dll.bind
ws2_32.dll.WSAIoctl
user32.dll.WaitMessage
ws2_32.dll.WSAGetOverlappedResult
kernel32.dll.FormatMessageW
oleaut32.dll.#500
dnsapi.dll.DnsQuery_A
ws2_32.dll.getaddrinfo
ws2_32.dll.freeaddrinfo
kernel32.dll.SetThreadExecutionState

Execute Commands

"cmd"
"C:\Users\Seven01\Pictures\Google.exe"
C:\Windows\Microsoft.net\Framework\v2.0.50727\regasm.exe "C:\Users\Seven01\Pictures\Google.exe"
reg  add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Google-Map" /d "cmd /c type "C:\Users\Seven01\AppData\Local\Temp\Google-Map.txt" | cmd"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-05-18 17:20:34 2018-05-18 17:23:31 177

3 Host(s) detected

IP Address Hostname Reverse DNS
8.8.8.8 United States google-public-dns-a.google.com.
8.8.4.4 United States google-public-dns-b.google.com.
185.227.83.51 unknown 51.83.227.185.gerber.non-logging.vpn.

Host(s) by Country

Hosts Country 2
2 United States United States
1 unknown unknown

#infosec #automation

TheSystem Itself @ 2018-05-18 17:24:04

Detected family: #Nanocore

TheSystem Itself @ 2018-05-18 17:36:02