MalScore
100/100

FINAL.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 35/66 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 340.00 KB (348160 bytes)
Compile time: 2018-05-08 05:13:07
MD5: cb0e4c77c8fcbb34bc947e0ff75d4dfa
SHA1: 30d84b8741708087710f42fafeaba62c30e7666d
SHA256: 1e9ad68f6880b9f4521f6e299562eae49919f013fabee74520ef9d069e88abf7
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 4 .text .sdata .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-05-15 01:51:03
Last submission: 2018-05-15 01:51:03
Filename detected: - FINAL.exe (1)
URL file hosting
hXXp://[www].health-gov-za.org/FINAL.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-05-11 21:09:10 [35/66] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x54064 344576 558cb5055c63fe52995b15ff38d3f05e 808d42be74f760eb3897e1c62f8b9aed570b2e17
.sdata 0x58000 0x162 512 e1ecc0179961b827753bd9fb119bbeb1 928688015b3260a73654ab2dc75fc03dc78a8681
.rsrc 0x5a000 0x5a8 1536 6d9aea558ce54eb74a5bec5e31c12b53 a9f100cbc53da8bb3abcbefef9e6aad5138d549d
.reloc 0x5c000 0xc 512 f390ef70a8af8a69e12b551ccf1c87b4 6f1333c9350bc95a3708dfb52e4e8714f0944e86
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5a0a0 796 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5a3bc 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018
Assembly Version: 1.0.0.0
InternalName: WindowsAp.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName: WindowsAp
ProductVersion: 1.0.0.0
FileDescription: WindowsAp
Translation: 0x0000 0x04b0
OriginalFilename: WindowsAp.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
file:///
{11111-22222-60001-00002}
get_FipsAlgorithmPolicy
88792f67-8997-4a65-89d1-500f65361902
VarFileInfo
WindowsAp.exe
.s^.[
Comments
TY<
Location
System.Security.Cryptography.CryptoConfig
)T71TDATYQTYYTYaTYiTYqTYyT
{11111-22222-50001-00000}
System.Security.Cryptography.Utils
get_AllowOnlyFipsAlgorithms
{11111-22222-40001-00002}
1.0.0.0
9fbe3e9a-1727-4a6f-911f-ac0f459116ea
StringFileInfo
;.3^.K^.S|.;J.Cd@
Translation
WindowsAp
Assembly Version
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
InternalName
FileVersion
Copyright
VS_VERSION_INFO
file:///
000004b0
T7$T7,T7
FileDescription
{11111-22222-50001-00001}
{11111-22222-60001-00001}
OriginalFilename
LegalCopyright
{11111-22222-50001-00002}
^.#J.+^.
{11111-22222-40001-00001}
CompanyName
LegalTrademarks
T7O
System.Security.Cryptography.AesCryptoServiceProvider
ProductName
T7S
T7P
T7Q
T7W
2018
0eb9de5f-0bac-42b2-bad8-160df2fd3283
ProductVersion
?H|2
@D0Ug
Dc01
9 1k9
9gn.P
Wlnbz
0Y2=>
\O4G
&lGj<
UkBCAQKYCg
Q/3Qd
J3BCaL2pTA
E2zv
g]N>
{LuX
Int32
`N^Y#-
5z(r
WOe7IRbw7VIk2eSjh9
YgJI
,L ^ MG:
a0Dhq
2|OO;
u q._
BZ$<,
KNX(0
W+<T
= S@
IwMw4
Zn(C
-u D
@@K0J
?Y/0
jTd?
4*wF3
ICryptoTransform
}Jd{
'HSI
XRAa
0EHB
5#u
spWK
YQvtO4hpG3BVPtjGoC
3zO;
( x#
(g#R
W'uh
~q9Z
jE7A
ls#cJU
x>J!
u(h?
y(hy
<oI-
)g@C
/T~4
+5i=
1aZPA9
T3o+
JE_zR
Process
!r@h
o)z*J
'K0"
GzLo8
#>9$O
WindowsAp.exe
op @
fz9r
lQ#Vmh2P
N F\
:;3e
Mz}j|N
#cT<h
[wIJ
[~SP
q"BT!
XU?_
?b}1
g2gQG
2_q"
zTOy
CryptoStream
,~.e
L1~.
O^s{!
GR ,
DebuggerStepThroughAttribute
P8SJ
Y}KN
$14_
:,n
Uy[g
4'4/n\
-B wm
p`{D1
/Sq0
5'<8
;Tffs
eKy9
4LxR!
_mI
LHk}ZOd
FA)
vRlHXjuRV
\5l
m1vUKaRwyGPt6RDpRc
d 8L
Y!Xy
Marshal
,WG;X
] <Z
n[~QX0{
6'XM<
6b4\
1,MY*s
h/^2
ni[t
Dfe2
8~VC
#ul
ur+H''
f\m[k*2
J kt
EvKw:L
AssemblyDelaySignAttribute
i k6
'".8
gvB1
Replace
$+Eu
ve M
CR
s$T*
uaS7
i5he
DebuggerHiddenAttribute
System.Security
uCp;
t`.]
w'86;
d;.^
_y:qF
eEQNktdgw
Z35.
"+ d
r5'9`
!-fJ
OpenProcess
]R lJ
|pB^
gMC
Z)eF
Application
}Q\w
: w
4b&,
4+"'S
E>pl
WindowsAp.Resources.resources
p+\
?pcp7E
Z" Q
V Vz\
~BYt
WindowsAp.g.resources
/YvHC7$Sw
|0Rx! '\
Concat
`j`m'
U2R7
%Dz c.
P=Jl
0ejs
\
5rnvj y
%~n$
kkwC1uDc28
3ioB
My.Computer
=0 !
:ul,xlQ5
muM~
Br/X
^Nj@
R iGSn
o,N{{
SYY8
1%~\
dn_' "
RavJ2aAZM
I$;G
E?^1F
Dj133
iXeCvftaLU
)/!3r
?h2
Saru
`(0RZ
K((Oai
?Td}
x\Zp
5=M=
fgL5
XDI Y
^=4l
[dhO
{QO9
lh. (
GetHINSTANCE
@}7}
?MVX!
Ao+ {
b:bc
{ q
\~gn
lVf5XCFCdjFWySv8NU
}I1(D|
AppDomain
]qP@
.1]O
|D%8$
`=&
v2.0.50727
^~vhj
2 R-l
B\=B
Exists
ob_v
System.Security.Cryptography
zGW
p>%l
Z+g:
JY*P
m:@
zshk
y/"?
1x"E
GKin
FogB
0>!2
9:E7ve
t$?8
Xd^0
vb|
`-";d
dZ6DR
l+G[
0')#{O
Hide
#N6k&
s~F[
m+-T
TBLn
U hw
YvGhHbXhU
Z$F ?O!
Uv"c
A v3
o#6
2hio
{HG?'
q& qE
FromBase64String
=A^g
<Rrk
5CbtTK<
RUHF
Y 2'5
ebW0
w5Jz
r V$_yT
P\rT
8rP<
4Oq 4 >
fada
B?H[
d)4<
SAD)z
+zq0
Fs>)
hb{
.:h+2
]MH#
_&}HC
58:m
cv#p:
BinaryReader
{f%m
|WVs
%~0z
5'b9
a0)d
m{e
LTh4
~~OT
]e x
#Blob
Control
;s[1
@Oik
B7I}
sz$O
4ev=
l5wQfVhGP
8&g0
<I/tB
ld5C
=kPu
IwiV
@Zdz
Z%M#
|#YT
4[\0E"tw
'{Xs
AssemblyFileVersionAttribute
vet(
"k)8c
/M`6
BindingFlags
pP-V
:"o3
QF"d
uZ8>k0
D=:#
'9
*"c4W
BIhfr&5
;x MQ
"\]S}
7 00
mJ ~
n$lF
]Wi7
8KOD
IwP
@+}F
NhV9KDLXF
fl_`
*N](R
"x"s
~I %
Oq$U
$5b}
fr:.
GNYYC
#E?}
[Gad
+C%%
O`hb
#6Hv
dLebNMGO7gmypV8ZOr
u^~a
l" &
hxvr
6uEQ
TN 8dj
)I3$
zoCX
H|-
@Zd%
;4T[{
D>;b
gApEanTpW
|9qc
rS 6N
>t_3
-q i
*z`v
Z\<
! ,{
Char
\OT}@
Row$v`
x#{#
;NaBb
=-YA
'(^[
+|!1K5
rTy>
WRoFlCxaDBI1MPBoVn
=p,u-4
z~I/
8 }Z
LateGet
{<'T
uf%?
hao{
e/F],P
a")l
qyVe
v5^[C
v9ut
*A`
GH.B
u~zOk
* WbB
CuK\
ThreadStaticAttribute
oze-
w0*g
0vj'

?lk[L
%_|
zAL\aX0
l(4`
System.Resources
f^zLd
W(KT
vn5veGY4p1lCrKmS7t
? kR
_5b*
POq@
HC`5B bQ
ALQ7
+4^K
yr?
JrXW^
[E'F
q<voQ
VcK~O
^W(3
WUXg
\p0
tmoR
in5-(O0
t
#yb8I
UeCI
ITN0nG
;x 0
CompareMethod
Z*
f,#!`
z6C<y5bP
jVfAt90oLi7wXwWTEb
[Hjm
,=G(
Exception
n Cy
iLF8y
lpN`
Ah75
ToDouble
*,dv
D3!K
=e{>
.text
O=I0
y"YFd
GetString
EJ !
2c+\n
1v>[
Mq|c
D-fz
xv|AE
yVj`
?:7W
xW"o
/8&R
#r'X
AWh.2J
.:h:$1
Convert
C@~
R'1F
<$(
-*[V
*K$ v
MxeUJuPQUaAku4IN1N
6d#LW!3
"4]
APm4
9g{{
System.Configuration
Je6C
Lms)
bs_r
]*de
TrSv
:A{=
*"C4K
b%, |
WFYT
4System.Web.Services.Protocols.SoapHttpClientProtocol
System.Windows.Forms.Form
i;
p[zr
el_.
,ew]J ~
GRqD
FlagsAttribute
P1lBE5XUu5KLYjU23Z
2 v10
l@4\
hxLQ
Single
Gw#8
r:tv@
+pNj
J!IdV
kR$o
vg.F+
n8ac
wK{|
/{Q`*
Monitor
ReadInt32
W#0
#L _*H
asOtPsdRTRosip81Zi
qt0T @Y
$^
)+j [
t=Y2
"&k_
r Rt
m#Lx
FR:7
r810
?uOL~
CipherMode
ImxC9aT0H6
^[yN
wqe9L#
e[U0
!]Ok
O`1!]
s=?
G@FUIV
mwG
qwRrcYnAtwgbOHjMSO
jGf"u
;A'!
<iu&
XLw ,T
@I!-
dQw
*vYUM
2SBh
-^*w
y_-.#
?4x?
G> }]
cK{)pK_>
<c 2l
0da+
P9ED
js`b
Conversions
[{Ld0
|)Nq_T6
&K-0
3EDjl
{Uzo
X@!_
PO9:
F&$.$
\qb
s .?"b
n"5DbP
# ^k07
h If
f FF&R=
jldO
7$4`
CreateDecryptor
get_Default
3=H/
Y'~"
SetCompatibleTextRenderingDefault
Fa/l
]ee,M
]YDR@
>'$ZTJ@
kernel32.dll
^0hS
-4Z&^
Nm-u
>XE&,^
[h{(
iDnCyGsRQr
Wo6CC0Hjyj
m:m
$y]@
G7XTxAofPWhbcNZxtU
TggUPlKPX
e.t
W fJM
\+#bC
,F d5qXQ
<5O?'
#&28;
4~{*XD\
0r4"
;O|i
['}[
T \j
z>0{1
Settings
Rl//
GetTypeFromHandle
="-~
l1ZdI
ub9C3dCrkP
OXR,n9
cDg^k
zOVN
BbL+|
9]y
u7Dk
(o7h
oC73
U1[G
e%z
N"#P
u]h)
u}j@ X
\t./'
1IS0'^
]u!uY
Computer
W>6kK
[L<3
/B2.
9Eq?U
upPCHnCvpt
.?|Q
C?olY
-"a.
d$Gx#
NQdp
$fBU
@XyD
bLhZfY
J%Iz
*8(p
AuthenticationMode
~x&z
mO09
uJ5NU
3L|MDg
A%^.X
3@ A"
=6MI
o:T}
set_Key
zzfW`vN
V$3*
1Vy
96H(
;/]O
9Tn[U
e"YD
ZkrwdA?
%bs<y
SymmetricAlgorithm
/:u4
ZjX8
)_ Lx
!~+7
_ry]
CB<r!
>zK)
OaMm
9xWm
\>bO1h
BitConverter
wL,mBp
.HFa=
F7j?
cKezf
<PrivateImplementationDetails>{74BAE11E-9C0A-489B-ACAC-733A29297B16}
Void
/Shs
nGJsrv5lRMKAyhV49A
4qs?
RRKY
;*gM
D)y*
ciUK
JkOBv
[vs$
B7}9
T*-0
pPXh_
#lHl
ashG
'#HZ6
L &:
/yYK
?BT-D
&rQ
~ ^^&
~m-u
UD`!4
4Bh-;
Write
^~ v
set_AutoScaleDimensions
'ZNk Q
oGoZqBjsk
5q?B
%j9}\W
`FiVq
KA8uP
get_Assembly
wr%9&
ufYi4lS62
xhGKU
:\WkS
-+J3
UInt16
f[2^8W
X(63
9VyG4
Tz$o
zN0hXSS5DQIscyUZLx
v<b&
MySettings
oa{wH5=A
GkhCk1UKMf
z~+P
GZ(/g
_I X
-B\8K
28PD
%35)t7
=E{S
_ R8
Copyright
G5fC
G^%^
x!>s
6>|w3
3a*
(yy
%2qTi
l5q} n
S*Q5C
CBdi
F.]X
dpZ.
System.IO
{aR
YOBVhA1gB
CKTqOe
0VhD
CY01sTPkXUBPNj7ElG
tMm.
5^0\*L=
(0 C
x~8lz
0.Z_
?X
'MiR
Eok7XUBdXNdpe6VOWm
z%>DL
= .Tc
h[d|Qy_VS
gqF 3U/.
c/
g\2)[
GD^/
"KWc
v"(3
cz B
aDz;
4*6'?
md$
w =9
nXoR
BbC},
@,bU
AttributeUsageAttribute
7JT&
EbtCpEgnts
Zu@;
RuntimeFieldHandle
mnp7U7aMJ8vCIPxWa0
r7IM
htT-
D&b*
K'd]
2PmO
Z`mq
}tk
}RXFn
WFJ
_-]%
mZ,{:
E-Pn
0 n]-
get_CodeBase
*hj-
wLqH
mev`c
cexG
hQ[?
3[CV
System.Globalization
w7E|
?hSe
$ LJ
*&8
(: Uxf
3LVM
^E9U& h2
9][@:
3 Nd
=W=$
@90l
9|.>
__StaticArrayInitTypeSize=16
3X]
G#;
&o@\WOU
~xM#
gct.
vCA+
vFCE
System
EventArgs
H FPT
= #LG
Fp"*$
Nq
IXo#
5j=HY
~5#6
^ E%w/
q/X`
T`Ln
@'~F
&F gt
/z<h
!^7)
L`Jy
|qqnL
$T}
8GU;
ohl
$~7{
LrRA
INHa
#^08
rL JMWo
z3@G
+jUr
y{(G
_U `
@#Q.
"c|"e
mP :
`&{*
B~%8
MethodBase
Iz&T
-~[/
-/ z
`W8k
B<5Qjo
hN2c-
System.Collections
k i&
bNZ|a
~[+;
2||^#
svXJ
9*T2
PWs
ZdM9
AutoScaleMode
yTc
~z |s
P%K'
NKIOKOdHY
3OyJp
M)}_
0AwE
IVOGp4DgVWVxVhT7HD
=cO
x e|Y b.
fS V
uUd0
w&LV
AssemblyKeyFileAttribute
gKs/
xTow
tO:.
Fn$n8
I#%C@
`(hkF
RWx{
S;A>
2;+H
R _
v?3w
3 m M
*2 E
!1<'
Z%H K
8L0v#
I1v^
XU4GIXUGP
?y<LY
F{{
FOIax*
zy90
*ICz900
jHUClC3vw6
gdB1w
^dfn}
nEb19>,
CE5w(Hb>
M,E5
nj:j
t4CT
`.in
BFiot'vM
get_Position
C<<=h
GetType
Y=c+
a*%,
Y6?i
E+7-
vT2
&t$]
^N-K
&{/M
uoYAoFTXrR817BRGWJ
!+W E
*6J:
)nIo
m g:V
0tL6
Activator
\a ,,
V0DnvU5whk5W78S8Yl
}NmH
PDz)
XHx`L
1o%w(
q#dz
Inherited
HO76
0Sgh
H# C>
%o$TD
bF(7
X_=@
<I=7
k2&
&wW?
&Ixi
N(I^
kDBfZ6dUt
~-3\
cknsSk
!nt 3
/ zq
uAuJ
P9MCKHX4vq
V?U
J-
zN!M
jTKP
#0 |t
7Je,
X(bQ
gRq@w
uL&@
ProjectData
set_Position
~"I"O
}7X-K
4PZqA
sV7,
!nAQ
/\-Yd
oUTy
jq#D
EmHa/
Y rX'
As $
>@a
k.x4W
System.Collections.Generic
xii
Z;+
71rT
TVzuDp
23GB
j:It

ND6d}
-Bn
I=?/
#y3mlI
2qWr
JI;=
GetBytes
~,9xI
_"Nat
NX[9
ContainsKey
SRp =v)y
(sXN
U* 8
8kX1
`fK__
),>9Zm!@
ohRpQSDY0vvkumYM85
<n}0
<RIi"
rIDjupsth
)yN`
|r L
`<gb@
cs4_
zah<*
xcfX
J. l
w4(n
XzO1
O=& c
{glKP<
fG:Z_
A~~X
d1t%
XGi#C
Yey}UKi
S8GG
j%(?
MpNRydvfC
do["*
` &6
Bx2%J' ?`
u_M m
9 g|
,N !
)YN^i
m0`*
v H)M
)W&$f
LI\q g
qSO)u
G1)`c
g:D;X"
th)4
!NG;
i hg\
`,P.
-@.*
C?g n;
ugru
~H0T#[@\i
+7jb
Eo*e
-5_^
VI;I
=@|
3.%d
8P\t
E: v#Zs8
'Q+M
%5D{
Kk8BG
`@0Ka
<&8GXL
[qv_
~;b%M
N~% DR
TG`V
Form
k>Dqc
`lfA9
3u C
HJOW]
ez?$%
bN5S
ji% 0
a*$K
jSBCMLyRkR
JUd}
w.k!
CexqaCBFd
qq :
|J%h%
Ez r
Rovn@
CreateInstance
>I)anO+
6>~l@>#(
f2"
K+8W
<9;Z
C(f@
$oO4
. U34U(S
WR1@C
n3xCjcMQlB
>}?Ow~`J:z
AssemblyName
bPZp
r<s9X{Q
G!*BA
7jnx--
vxI;
Z G1:
cNfL
GuidAttribute
MA G
>|w\
}&7G:
cV93
jZGx
X<s\
em~BpU:
Yw]}
DebuggingModes
6U;lAi
,]
8)Fn+
*LV36Y
AssemblyCompanyAttribute
@P"&
M*i=pip
ModuleHandle
;h] '
u-\C
AxkzF
fL*f
w#.E7
#68e~
l05Y
iVqE <*
[9<#
|pp^
i#]&Dt
B-:I
d#X[7
9K@[
4j/a
ReferenceEquals
KmAm
A#4?
Default
U|wp71
utWx
w@{>H
.h;\
f~`\
R%VB~
%5$c
7n=J
# Lx-%7d
Byte
vhziU
Bm;=]
0d.i
. /S
WSPU
yZc|=
GetResourceString
PzWq
i
E 7@J/
r o
^]2NA
!/kd
add_Shutdown
I|,j
xV;<
!iEi
'hM3X
K!{J
v\i.WCX
IT"0S
:&pIev7o
]J<}
4"Vg&
dcRxDbVlQ
k=e>F($
YC3m28F
ys^,iwl:
5lC[
'`
v,gv`
v*Sy
s_d;
ToInt64
DP}8n
5l/;
p,v&
f_`X
SVnG
g]fs
System.CodeDom.Compiler
Iq#<
Fnr ~
g2bR
ZT,sO
=2K~
G9Kjtz
`eYoQ8
D r%
e K!
?!g[
)5gd
{a0
xl=6!
c~b=
GI
~Jp "]
Je4?D
GFj
"^V*
1bwi+>&
*~k\
Y)|W
4mN19n4
Trim
^r=z
B H
W(L:r
Y`j!
J(VQnb
xo$NLF
08K5
]/x]
U~E<
bt~Ym
J*[ "
3Pi|
Y*F,
bO5F
dux|Y
eqEc
h(VA
hklC
6K[%
$^Lp
^H_ n
!d'o
wGT4<6
System.Drawing
NX[>E%*
!TDfa
~0V~1
L^ ,
e"UY
eYvu
c]KS
<Iej
SuppressIldasmAttribute
Rv+Ps
22z.sTnBv
ZP4*
,/y*
\ F
xysgy
PrC#
52<AMz
;O[U
i|v}]
w!vU[
>4jw
.$1+
|TOLp
@pK/H'
g5;}Y
_Nr\
HHM$d+
d= mb-
Vr_U
UInt32
FML
value__
jY z
Lyq%|o
_=Lkn
J5Ts
Z)a3
Q[%AB
0DxE
Qos_F}^Pg~
c"TT
M( t
r'_R
ToString
K:Dn
G0El
Hh *
2O"%
-?3':
?>R
D PX
5KZCr
c(c5
{!x4
Bvwno)T
Cu+ c
K(WM
UITk
5wydF
j~ny
SwC-X
$FS)
gPs|wT
D wn
'~We
3VPt
3,O}
lU6?yv
.rsrc
rq'*
&{/ $
e'Gw
C?mv
mv)=
>"T?
jjsw
Npf*l
iQ*Y
#)(X
aA"`
9za6)
B2*K
h/F>
DMNW
> |%s
. e@
R&Ce
;q)`n
t(;J
15.0.0.0
7FY3Gz
; "7|f
[sZ
AssemblyTitleAttribute

<4Uv
(Rv86
SZZ
Qhl=
9HBm8
#<n7^
O:~II
8Ra3
M>UB
K 2a
?YwN
ii8N
h^gX
G&O#
VF m
kKA~
i 4@
ay>E`8;]
?2OI
IL[.
l40>
*>8
"Sys?
oV_T
rEI@
\^2pg
add_Load
R p2(
Create__Instance__
dvYD
; qC
klr4
E|?9B
nA'\
SettingsBase
GFu%
8EfNA
Y`5R:
Yn1cx
BQACr9rtCH
-Ci)N
b5R[
| *B
lfRCtIVXHh
,;!j[
EZ~0f}
)n-,m
5O D
pvU<
T!XG
B7ZB
XrCs
s.jX
hBb p
@b|6d
Nhk8
i |5
:Wm"_
WO%*k
2dTC
5x\;
]> v2
Q|BI%
a@fn
d=Q4;Y5
skr#
k,/q
QX'8
t'c
ToBase64String
Int64
p%AK
@uhX
4j<^ X
#Strings
1e7tn
| r
u%kw
kb !1
N23R lM{
3P)[
.ctor
I*!c(
(G4ho
j8|@n
)izJ&
k@U|
[FYk
Q-q9
WQEChYiWKM
@q!9
fl %
*c}?
M["G
5fVqGU
LLVT
Instance
fWoCZAPg36
Qpc;E
11.0.0.0
|o;n
)bn>
TCw=:f
Ril
:*km
Fa 2
e^!M
$_b2
9DO!
Invoke
~$Dj$
d X
E |)
h O'*B
|Mbo
7o#8
+G"*
eraCoTByuh
E [qb
\XDV
&*c@
GetRuntimeFieldHandleFromMetadataToken
Waj7
~<6c
Sy%:v
)1j !
DVemP
oN_U
leHifFIJCLsZtKEFfM1i
k!pl
pHxN
R!
gK=3
,~=Y
5|u.' n
3Ph6
Module
A.23
NIYI}
56J!
J9t'LE
$qIkn
/fszK?
Array
r-fdY
get_Location
+XQu
Ty
"\czjr
4spe
PnqC
bQ=`j4
,w u
2*Nc
^KGD.~0#
M tvGT
@.reloc
AllowMultiple
z8[p`
{,?)gT
4c>\b
v-}G:B
P_\kGu
vq6ih
]:&(F
sO`'O
3WQcV
4L4
_8PP
+< (
?=i&9
rC 7
}aL\
W3%>
`||
]e/^
'\ \
65~R\e
rK
auUY(
V(NsV
8"&2p
>m#t
6OkBS;
[J s
#uNH
WrapNonExceptionThrows
my|S
n2t D8
$$method0x60001bd-1
**{F]!
O wUb!O
2*N:
VxnU
M?URX
<l."
a 6x
?&n.
!t4F`
g Je
15.6.0.0
k;T4
>N#f
w Pj
7fMi
u^p~
MBh+,
`4+f
@a:3
mj
:?g_
9{G3
"}=n
{Z!
HttG
i^ImI
=6-N1G
Attribute
3 *]E
T+@1
<VMy
'6 =
&r.
JA{2
|EVN
;{hn'
* K}N`9
@`52
xV3
"UXL
*co$o
s-CV
wo}=
MF@<
Z< v~F
%A*7
C04Dg4QRo
*yVT
3pF.
TBfo+
X~h#R
\D )s
rG6CX63CtH
hpgZ
ZR_o
%HPZ
NBMs
X~cm
a?&<
5.(q*
]$l{
%odZ
a&zA,
get_Settings
j!2q
~Yu*
}wQL
NPz)
MemoryStream
w)e8
sKypMeB65
b6
QYRa
1SKl
5Hxx
(1<Wn
XTDMvOfPI
[v/n(
I{-G5
\0E+a
dwQQ
R6\
C*fq
K+eo
xkcD
dx M
qS?f
@2,
ux^x
v9K)
s r
:wXiR
"AXeUw
Egqv
aJag
OZ+@
8-?'
m1vUKaRwyGPt6RDpRc.V0DnvU5whk5W78S8Yl.resources
O8;>
M1dv~
n8@B}
9#o5
hYhd0
UTr`
Qkwr)
Bwem,
FileStream
$$method0x600001a-2
L^qU
vc!/
TGP(
Y0!#m
qjUm
nx[ht
J-hnK'
f`aX
9 jz
6l)W
$j4/L
DesignerGeneratedAttribute
EbJ :S,
^|@
Assembly
vRVs
L2tuPoXSy
SNR
je=n
vzU"
mm u7j
T*_`
.j%C\X
Microsoft.VisualBasic.CompilerServices
@CEW$
]mt3
D$ZJJ
;, !
hc @5
o#^G0
qopM
ns0e_
""4+
XZ;S8YZ
Z SR\=
/0eE
ya%.V
Rc`V
h`p-[
(LmJ[d
/dI2IrE
cC\9
w'Wk
Round
L9?77
jU5|E
XT*b8
IvTCx6q4i9
@XB~
V(uK
Uf(
_9{
\qs ;
z*?v
{M?H
#qgWz
get_SaveMySettingsOnExit
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
x }
fM4kSanDkjd5nklanD
kn=j
Size
?:=naN
BgE*
Save
[7>%
+N"/
:iV(/
Y4(-y
Rf <
p+.=r=
P#D=
sR4%\^
&:*C
thlF
%M]Ty
set_AutoScaleMode
RC(4
lW
kRu|
NNI6
S7*
4rwvY
T1_F/
l uBi
[ lmi
(K4'
/+ra
S=^>MG
q6=vm
;7t&Ou
U7#^
(+4O
HDw\w
MZ,G6
)Wua
v\~"x
\J\y|
]o9MK,
:HM{m
\ qM
9*Vq
9J*|q
[= k
>rVe
IContainer
vS{A$
'e1C2
xpd04v6sp
defaultInstance
@y! <!L
0aD-i
W@,
O<GB
r0f-m
My.WebServices
c-v
rZ5(
k}3r+ |
/&Ef
c{L;
O0-@
npAcSUww2
:}97z, o
Y@K
(}~#
GQg0
i6Ls
! ch
VIPl
S~T{
'P)+
Qh|=
Mw;
)5e=5
k.tm
DebuggableAttribute
1(11.
-B
Wh,W
uqlz
Ce#]%Y;v
5AHOtw
dcg@-3
KW1,
S.Wa
e083H
{Dw,=
EJIBqSiKHBH0f332wq
`3-c
-H)h
S2f:
R~<in
7qO3^
5+(r
f^,VnW]
q4Wi)&
x Lr<o_
`R]K
5a-.
]=tj
vX|:P
n:;t)
IWl*
C)9w
5nq[
OwXUkCKPAH6C8dFL0j
z zNA
m^!],
OOLz
XW,U
"S$v
17:hHFo
IOH.
!VK>
BYR,L,
cC\n
.yXL
nBFR
D@V}j
2|Wi^n
$-
!JkW
pz@}
"=F[
]TbJ
Esi
vD9[4
2f`rC
rE(kl
vh3*f
7K2
90rO%*,
@P6q
"KL
k2t/
_as&2
L)>M'
aB@71Pg
PropertyInfo
\6VV.
*Z@z
m H;
0taY]O
-ci6
E=F
iB 3}
s@Y(]
l8`~(
34&6~
DJ a9
ContainerControl
$^ #g[
v.>H
get_BaseStream
*q";
Hu9=
%&<e
;>s
l9/;(z+
6vW\
m9sp
\%hi
b_ZX
]I=z;%
RVeP
ce/C
Waw b
.` 8
'2V|9
27JS
"Z7`
=uO1
rL7g
Double
*lb@
bHBfE
:!l|
qT1T
Bzl#L+
xFp*
W4xCD3pCiG
d[[W&l/
4Elz
-%3Q@
}fc%
K}X2
AssemblyProductAttribute
ReadBytes
3I!.
~6y{~u
=ar1
m_:B
set_Text
.ukb
L#d|
iLad
v'n*s
cKyX{5
4[5A'
8%]l1
5H#%
v`E{
)[FA
_Sl,
`$D'
4B<
fupf
~(&v
.o*5
#<X./5n
Et2H
Xx9w
pT'Q<
8+]2
%IVMsR*
W4j`%
IG9Q
O}yI
MT+Y1
Zd z
&9Uj;
]*1#K
set_IsSingleInstance
<`:/7
.lV12
o'L3
vH1:t6
>7? w
.Sb7
o6 Ln
aF+8
?n
eqE,
*g4N
s2Fjp]
|q3M
jXZ|
o^gUj
-W'qXu'
L{w~
F D"0
`wM^
C?tWfA
'gO%
9Bl)v
mR>#AtL
=u6[H<B
(W}6%
k(j/8{
_vi&
"Y`0k
4\5.
'?0Q
v7ll[
G MoV|
|\}(
d7}$
n'1 e
dm^5
~.6=
(cX0,
+B+E
Eq@s<
@%X c8
<_B}
yBdh
tsc:H=*
ReXBK
6!qHik
f 'q
DXcCdIlr7d
Close
gA2 j
@*uy>G}
KAvO!
!:9EG;c>
K YU
rf^Kp#N
1rR.{
s\9>l507
yF3C82jEo6
advCwg86d2
XF!
5#h[|e
MethodInfo
9F<,
:a}
bC=R
%)G
LB}L
Es_m
Type
Ip8mxN0iU
#M~_
n<l3
A]# V
fxSR
MD5CryptoServiceProvider
j\9K3
|)&Z)
}lOxU
w.Q|v
k!7/m
@|(B}
%` p<
r-,en
)pz,s
CHHg
ILLicenseModule
Jl-=$
A <=
qRD
nfAvg
QK2T'M)
WJA=
s# '
e icC
`O?z
E"^X
O-=*
EeCh
Zqp~
Xd=H
Ds i;oz
g*J`
0 0ex(
5G}<
v8"l
d?;24
^s)B%
WriteInt32
M'u|
d]z
_*/o
Zjei
+.#y
f;C4
}Onj
NS!'
Y0F-c
P(>Y
r_9#
N\M
uZf|
!M*f9[I>d
1 `y
NF<'
)5zy
}8%oq
fgp=
ToUInt32
r[/G
EPB8
unq
.>%L
tdL>;E
.cctor
Ce/zPC
} 6%
'DR[T;&q
_Gly2
m5SsIshBh
aAz~
P!eT
8<hsX]d
zO*l
mmA !
O OF
Ze2O
FileMode
b:!#
4"I4x
dS4l4VKGv
EjA9uQWhg8pUl8qWVw
zWocH
C 0Y
\6sM
2RC"
I,3J
GetMethod
I"d
LVtX-,f
U0LCc^
<7&[
A-|],
-@,z
GetObjectValue
994U2
HelpKeywordAttribute
FEdnW7b6O
bV6&
QmzD
A84iTYx6JeRJ4H51O9
G8$
get_InnerException
JBR^
\^E{
My.Settings
Wid=
3- :*
kJRo
V!?2
{8TQV\W
>Y6!
tvF3lKE3OpANE39Zlk
uuk
e53w34m968awCm9P85taUZe
0eb9de5f-0bac-42b2-bad8-160df2fd3283
B}B
:L!/
pOoR
9dq@y
8~.
d`w
w!{%
[Q5[2K
`< cP\
yqyd8b7Ylx90ynDNDt
%>j8P
h,s;
m{z=
wk+N7
%^3r
<MV)
x^S
N**
}s4r
PoAU
LuA0
_:<<
System.Reflection
wV\,
b"E?@
~wi*
Px0R
r@%_s~<
.R*P
/H;k
'Sv|
3kBAG
#:@X
3qiN
>GCd
8Q8]R
{hc=
\u~Q
oxo;E
E<z#a9*
&l=/
6 /h
l(< 5O
lzS42V
3 $]
-*f*N
:9'0
.j*I
Form1
val~
,4~ +TndJ
;)ts
H8Hc
<VKc
}Oaj5
&r>Z
U)ic
yT+
H@$'
21S^
[@Y
GEaiS}
\k~_
ZPL8[
G;`f-\6
Su5eAMsF1DtgYvX7xG
_~)%^
rMr(Uq
niIycKOvl
@F&|Y
@F7V
Append
set_ClientSize
lAV|6x
set_ShowInTaskbar
]`g
dFMrAJ
3nd7MDx2
:Jq0'(
GPQu
7hF1
LBH0
<Oeq
DS(E
N2RCLIYlR5
4;(s
X$: 1
6[;2
?i>
n]' p
#+5u
:,HSG
'C/
DJ9i
/Pz
87jQqo
Strings
EQsM
,S)f
_-~:
m 4e
g#=X6?? S
?,ln
b53b
M mg$d
WyvkB2CN9
AssemblyDescriptionAttribute
N6"c
fh<U
/C.@
TT+V
zTb,
4I`Ql
q kiw
CB|}/
w lp
<+P 4
ddKAYNCPw
A|zO
O*_P0
TLR;$
zusC
2#iLn
B1K z
pgec
tZ|'
E3#m
s?GI
<4jI
gj A'-
1Ofe
>KPt
&n>A
fectlmtf
oAH@
0<.z
AssemblyKeyNameAttribute
R=N
P`P A
U$1b
~U]3
Xg+~
?c[
anrq
#QaS
ComVisibleAttribute
FVmoGW7o8
]BA.
%i D
Ye8EIwOuoPvyoTjKMy`1
"dEc5t
IDsOOP
%\J'
)il%
p8M$
&<g}
-b&kP
5)'*
dh%G$?4f
t~:?b
?rX|
zSDCmWfQbe
P[~R
<Module>{E5D4FD8D-758F-4957-80BB-AD77E39C5B63}
13O
8\`H
DUK)O
C"VIo$
F b|%%
sxft
v~<|
Mrv[
eb"N
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
spS5e
2+tM19
UOUz
ZAT
DYd[
`H[=
p2=m
rmOl
DSa#
YHXG1F7Tnbe4KKedQZ
o]78
6{]5z
A[x)
1R6F
kjwCb1ORY5
iRM9
$]o/0
t!j;
9 VG
2y=
!This program cannot be run in DOS mode. $
iRZSTL4xV
4~DR
\NNj
goqZb7IjM4osNbQPgQ
File
A[Q8
Wx.3
NM}!
set_ShowIcon
vt&H|m
JkFulB
vtIK@;
%ba\
ri3C2pHRxt
Dispose
|{XU
LcH>
<*.H
i&v1
GetHashCode
5.Gb
PzS8
37 s0Y{
b^KR
mw;%
/9*b'
GetCurrentProcess
CryptoStreamMode
O kpT
l>h9
zbD J
Q)9Y|~
<ENg
6% @
x7wNa"
6S9A
rHY2j7v1b
NsB x
z}a
l'"d
HA43
v!mm
YMw-
?&gG
FW
d0p"
2K9 [
1O?I
Ii)x]=
0ii
E \2
$c%
}vf9
@@?\u
)Jg :
_3Y2B9
zhskJ
+k~]
D7D@
|-l
)9rB
%mBV
B$Khj
WZxQ\
vMNbLnvY7
?Fws
yK"
BXaI
X1F)
>(TI
^`nh
A>@(O
bgVZ Z
v2z'
#6wJ
:e4J+
token
J2~9
Zq[_
VKbW
/YN+
J#uTH
<UmR
q<#L
4!ySE
q"VO
|a*-
`[Rk
wl`t
[\N6
jO<
GU=
kFg_
2~R(
SetProjectError
-xv}
BSJB
|e#'
I $$
$U%JHc
My.User
ExfPHg8oI3T9IGK6nd
3J&|
S5Wd
STAThreadAttribute
fq8|
#kT@
Bw\RyAh
ZD&:C
t+ u
]v9~
89{*
gZSz"x
Clear
A}GM
8qO7
35l<
GetManifestResourceStream
MIQOT
get_ModuleHandle
|H+^
aGQTXf2Ys
=JK|
{B`
XxL $p
HashAlgorithm
~?w#
j?Y@K5
^?*
p1aQ
]^{UrSo
,%Aw
+b<-
v1TT
. ,X
PADPADP
JQ[z
VGx|
B>+S
m: l~+
IntPtr
>!Vw
] :
U&fi
Y;H
YP "
RK2{
8h'[#QK
<(83
sP$
^Eh.
\`@y4
gZ1;]!
S{\2
r1wb;z
-mv!
dV>u
4xU(
.P]ZaPW
3+^0
._Za
IkG5ekR0tuKFqGwQEb
^RO
VirtualProtect
s S{
(bcQ
qN|V
uW&h
VD6 >
Hi {
a <>
u7`P
System.ComponentModel.Design
pF' %
M$3w+
1lyQ
u4UCP8icbP
SP:-
\,u d
Uh/il
{>,*
l4X3
7:-5
^\I #
N`k,
N,Lw{
InvalidOperationException
-!b5Ec
)V\+
;/14_x
=Pq(
;7?@
Sla
p^iE
WindowsAp
`2Q=
_X
e&6
n88CFltKFB
M7Mi
Z0L9
n9"j=b
AssemblyConfigurationAttribute
ogZL
x+BM
wUnz1
dM+hc
;*6q
(9
]_#v
GetProperty
|AAyO2
F D_
"%7^>~?. ba
QK"Q
?*L7-7n
set_ShutdownStyle
UN[M
lJp^A
oFqYElC809luIegkEL
m;fYT
nJ9BJ0xdQ
| Zz
5i8*MD
h^6*
?j0TA
NM@
c_.$xJK
XmVCglp0Nh
p}d(MX~
CYt:
O@E"Z
'@@m
BnMm
AX/Up
&9nkH
tr1S^
[Q[~V#/
i+Lh.
Kc
wS]m^
O _L
x A(i
A(c.
ps \
aVB_
oqVtAoKEi
y/wx
p#OM
h$7>
q `[
/iz r
VA ZS
L4D1
diOY_
RijndaelManaged
'EMt2
`_Ps8
` &h
aD`^
~W<'!
p\q'e}N
:4y
$$method0x600009c-1
(V
hq&=KkTM
A4 H!
Component
[]:,
"*G~
~QO9ajeFHQ
wV$0fh
nX<b
S]|
_}+_
1S}L
!%~?
PAsd
@: = r
{bMZ
X+n:
s9cH
* q9
T[ JE
Q7HB
Z3DQ
k,)o~7
i&e?
:#%R
xs9o
&,GG
f{''
i}6DB1
=l:^
,+tr
sAG3UjUTk
aTx
nDA$
5/+n
46sG
U14tQQ
)Eg5
L }f
nD"4
ZZ(jfG
CompilationRelaxationsAttribute
zK4$
nI30+
d,N[
> #3
IkNf
DDwGb
jvo[
C}A
@rNT{W5
cM[\
ibYL
.[3D
g|;[<
X(RP
A2gS^[
%vrS{
F!"V<mk
n/^Z
3J^a
9@*.
yeOvY6eoj
sIkt?
&[j
YU?3
ksY
Z_E=
x"k^ >
Ft"/
.xKao`q%v
0jn2T&
#7R]gY
"aBm
OnCreateMainForm
IXCC4ym7uH
O *h
8w9Z
K%(=B
H ot7!f
Z^xd
ylU=
>.(;RY_C
StandardModuleAttribute
:Moh
aLi'%u
DZ`"
pq_s
\'fbR\
UC-?Y
2 E6,s
Vd5^
S c
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
fNJV M'
2<>]
jX8c
!G`$
!iL(
ShutdownEventHandler
o7g<:q
yf5,
[#rJ
cgaRI+M
apD8sqoMx
=|9pK
cw+ <
Hq9y!y
HideModuleNameAttribute
}E7J
9
#4t\
{8TP@
Ee]Y
?uV(\AS
mLmkT
5=74
Microsoft.VisualBasic
PEYP
9(Bjm
8X(&
OF )
4Xn/
9 De^
cx@4Q
r~$D
R`th
| f
W%C <l
:Dx
zZ=Bc j
#GUID
[n8
G%h
fJrc*
<iL|
.bY
]"8WBF
D}/QE
eKGwwK
(T:K
hQ9bfn
oG.-
NKnX
N8AK
f~dQ
.r:p
3eP
aUyQ
kb}X!TP
S]TA

Da3v#
.mWp
XcmS
XZG
^Z>
blxm
% S;
get_Message
RuntimeCompatibilityAttribute
WVmc
m }Z
~BSY
}{G%
+M"=
sX:V:
D\D4 z
addedHandlerLockObject
nQ119>T
c:YH
CEIu
.=8j
<<_~7|KPZ
@^!
get_IsDisposed
qiqlU
D4Xm
CY01sTPkXUBPNj7ElG.WOe7IRbw7VIk2eSjh9/J9qNbEaNu9fc5XLp3Z/GIQCNBCgqLlF6UJq3r`1[[System.Object, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
xX2*
#Fw#
GetModules
Wv J
,)2"!
pYeWNVPi7
2;cg
&r :
n b7M
!H/l
|$mp
~fZ9iVP
1c.T yu
YA W
3oT
5xv
Uyc1JxocMlfyrI4Z9p
<t!f$
FR:}
+n d
T@1W;
"Ov[
TFhfcGQYOT5n9JpX82
U!l"
ry m
Y8B
CompilerGeneratedAttribute
h:"a
'y?]-
nSc\C x
88792f67-8997-4a65-89d1-500f65361902
! 8P
oUxLGexnc
U Xy
GBe|
,MhG[
' hj2#
Xv8\
]%SP]
BUEY"
4uH|
gX.]
Z* )
GDuOSXumsftRiCBYU1
J^rt
<<^q
UAgEDyD9_I
+5+
S rz
ltU &M
j 7
2`V6e
+;c+W
Q]hU
3YRJ
q~ MW
Copy
/'/=
$i?
FuD
9L8(
,XaS$
^ 8[
System.Text
GetName
get_Unicode
*:8
M+X!
"Q+:
'8kv
e{r9
'$T~
E +
WM=w
+YFk
AFB|
*(x
}93
R7K>
ok<M
PKI{4
%r-L
g!x3 =
y2jHCXv7ZmBrlD5lXt
get_Id
l#1'
k6mh
P\ |
V!'yA
LY7uJ2TMKjTdlHOhk4
Lc}y
7_z~
V)Na
+Cm
LrT8<
\7A0
n}]"
l%o/
Zl5z
9yvMw
\CVj
o#Yr[r
"p>*
/~v@Vv
e\s_
; v:
QPC99
N{/mDt&A
\kR&
R? *
G xW
"FP)
@4kM
jo *
M5jY
(( y
nM&V
6(J(
UHnVr
>s%m
Okqq
NpM6m
$jZ
g7 H8?
(IcM
yt'e
A 't
78,sHL
<N@Ul6
__StaticArrayInitTypeSize=18
ResourceManager
c@hZ
#iEAb4
B9,IG
q6le
set_EnableVisualStyles
] b-m
F4W_m
uY%X
GIQCNBCgqLlF6UJq3r`1
kLYm|
HO 6|
My.MyProject.Forms
V?e0
S)YBj
.n^W
,hmS
*ikh]}
s99D
wO0"
\&As
0]Bz
&s#g
6ih
n;M
TJ`T
VSlxVjbnopDsbaB9S7
abxk
My.Forms
^j~,
String
Y*c#
<+v(i|1
_CorExeMain
DebuggerNonUserCodeAttribute
JN:7
fPUCsVvGEl
T0 dO;
z#TO9TNZ
Fk}X~
$):d
Tm{V-
YE9j
vurY73UCTD6Q4uX8pE
svQX
Xc6&uJw
:ze-
=fGU
(N{bHN
$j"
Fg0u:
.uK?
InitializeArray
5*~2m
j[G!
U]j?
! Ps
^U
05#[
T"MyYoZ
,AxG
:x :%=
`F7o
"C[r
' kg
y 6 (R
Wo]B
wc[,
oBT"*
[u;4
aY/1
Mz$@@H
b=jmk
ydkrgx;
cyA6
eH+42
?_d
8z"x
d\l3Q
Pw{
Enum
. d>cZ
WH F
: [8U
Y_']G
EditorBrowsableAttribute
r v(
%$'XH\
jI{+R
OesF
Cqt~
30r=|u
&|#D
2Ms~
`T0`
|]T!
5Bl?OJ
d2/?
Y$w ECU
(\s?
poowK3sBV
kAXe
~SP(
mpot
}89H
6q>c
X/PX
b^ Y
:Pz*N
`.sdata
=< M
y ,7vZ
\l0 T(
/f7]
z6%}
Qr);
.fzx
X'r1
GADf
u'=^J?^u
ObjectFlowControl
FzV]
jPVi
_} '
9=do
j,Mr
p -d]q
H^YR
Load
OC_k
1>0[Y
$HIaHH
a5!
v, Q
RcVX
XxlHHdNNASv8jGsLIO
-HEn
4$(k
%Mxo
*(s
JvIP2qo0K
%tzb&v`
MR-e
P>EqJ
_b`*
K,Ukg
UQF_
ucY
'8DHg
##D$Go
siUN
qx,D
\axk3
:'!a
Jmx+
set_Name
J9qNbEaNu9fc5XLp3Z
)*a#
fqsx
pUs~O
Dictionary`2
ArgumentException
iA5
qKhCetXOgi
t/J!
6DJq
C}WE
-X KU{
Dispose__Instance__
=}bV
A5:k
4(|kiS
O!iT
6@E?~\S
4H e
K?rS
An@#
vu:
GetRuntimeTypeHandleFromMetadataToken
;/Y4
}':!
gZP/
3VCD
Nb/
u )&
eT^
of~}
Reverse
54[B
mp;AD
CloseHandle
$=RHK
LT8C0Oe9hB
v{ Y
=VfV
x>x }
RuntimeHelpers
H &
K_e?
l2@Mp2
2B =
>QgD
)<ch.
OjM%
en_#X
o2Z
f <1qnO
CheckForSyncLockOnValueType
MyGroupCollectionAttribute
Pe^
$"'W^
qHvc
PgV3
?Z/E
Io~r
!VjC
E<7Z
/ |j
$V>"
=py!
$$method0x6000028-1
%j'g
`I_2
& 'X
)}4 sx9
F2jBq
q?Q{
pI>Q
9fbe3e9a-1727-4a6f-911f-ac0f459116ea
AP14
Object
#J! $
Xgv_hQ
(\ bgI>
AIYd
y h3
|C r.
!=7;
X# T&
7X)Eg
GH3i
a%#
VWYu
H7/'
Q#mYi
get_Length
3System.Resources.Tools.StronglyTypedResourceBuilder
mgE!
_~Ik
169*E
[[8%
D m;
R^f
O c I
b8q:j
n w)
D [%^
JkhCYZ5jAQ
X0 0
/I)N
hwXfcqBspeUZtVwfdi
Acd!
{ eP
t^{]
_rI`
Z*+c
H7=c
QIsd21gjp
<Fgd?r
6F7n
=yH^
p9r"
a#swq
Epw73GSfF
+gsiIf
s+Xh
WriteProcessMemory
%7jk
H: I
P"N+-
f #<>o
6bT{"sH
MNnRr/Y
EditorBrowsableState
]`[.
"-2l
k.H]
=LKHVNf_
n0tS
rk;bp=
n@g0
FlushFinalBlock
8+KA
CultureInfo
{:D
f(wV
X^vs
tpGAp
Nfc?
Ju(b
1.0.0.0
5Y}
Sv2_p
Hashtable
>U !a
] ZA
QRn5gmDij
`r3
~2WqHo
t(Typ>
'R&~
wvm=
"@q
`8D
slTl
q3oMVe54wE47w4v68C7s2I
&yr2
kv{)
PO?ps
O_ze(r
Nm :X
fkK\
&$ ;
rrOw
@]19
5Gq3
l gf#1 Za
km3~
nDlKn
}XBH
PTH#"`[
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
z:Pe
Stream
Q=M c$Nu
uC\M
ru 0n
Pez&
gRfhn M
g2
~MP
r:0.
^(^N0
]!%i
mscorlib
1>Z-
<*3}
u%@BM{N
ThYTV2
I4MJM0gYxK1j66JRQS
Q[<ru
AQ#l
T0^&
eXlOrkgDnX8wKeirCB
HG?m
oi5p%
Exit
iSN"
TuC^f
sMi,.c6+
"3Zd{
RuntimeTypeHandle
D"d,
e(GV
l= G
hK8nX
#n.f+
U^Jh:b
X-UD
o:E4V
QPBvR
&16M
C/(3
W+9;_
GopFn
b a&B
.DX"e
A/]JjS+5
~@iT
g6t{
*N8
L J29
S(>s
:[V<
+as)
U;@7
>*8D
ResumeLayout
get_UseCompatibleTextRendering
/2h'6!
N[5i
m =mL
St65?
t I\
mu a
YJ08K
1qv@k4
"3^+7XW
"1)L
System.Diagnostics
v.?F
% qk
A$sB
#HV!
?;<a:
Mk~_
/U: fc
]. c
D8#sl
6 .4j
Txg&7
6;#wfo
U>& c
i6a\
Ir<x
MySettingsProperty
9g*
Qyq$
&t0s
U:;j3g
^v[
l:Rh
}6il
2TL-K
Up i
CjGu#
T%sg6
FGkNXGAynPJR6x2mnS
&69:
@j(f
vDur
URVa2n
x3SCJhmYDG
A,c'
:vvT
&2o e
Zero
dUU
k hbX
AssemblyCopyrightAttribute
N_P1[6.
YcMa5tlOS
Sw*~
; W
Dww\
HZ1c)
a*!2
xAZdOGZRjEsV5dUpxx
$Da=Q
5P5,>Q
mc"Y
#-)
3EA
NAn
TzF*
V0_<
%{"OI0
a|X/
KNTUosaN53CwGEPc0A
41Y%MK#~
>XR:
D m8
u9UzwFi2b
Jfx%
]t 6
O[x@
U#!]
ha/$rW
Q:E$
n>LB
CnF%
67J!
]C ]
ValueType
K9iLw
;{e^fqW
H^"'
,cpI
U#Gy
}uWr
:&]
jX8
QZ^&
JO|^ t
=Vfb
5. OB
B=BG
*4X7
BM7
5@@{
uxWj
4y'oM
%T|
pb9y
j+gJ
&G_RG
.wGt
a%%s0
get_CurrentDomain
*Fd6 @)
7;s@
n$^x
CCxx7csP7N2D9PpMV3
rG}Nm
'}M=
wWhCqLl5Cq
@5o0o
mQIk
User
m.hm
U>^B
/H@p
4V(A*l
MMT+
PO{le~7
SL#n
e(P
{^&8N
Q7hj t
U Dn
RK[c
CUd0
set_Opacity
MB].
va}T7
u(=Ma
set_IV
>qwk
2f o
set_MainForm
Y5f!
"Y0s
/'o$
sender
]dKE
z~T63
ZWQ6
QrU?r
z%SS
y#} 3
Y~nQ
-|0;XQ
!Tvt+
op%8
kXGg9fFkP
BQY6n
Rp{E.
Ek9^
\.T~
$$method0x600001a-1
TargetInvocationException
aj%
Q@:6
RK~:z
W:+[
nI\WNe1
R<oRb
}E*e^
g#m#
M D`
^ksUqM~
TPACESlo5T
4sN~
U$y<T:
*X$0
yhYC6yh45V
O4{4IQ
i~oX
_,$"`$
U5\.ge
Uoc<
:aBL
=x[a
cDyA|
VMtC75MDvc
m. *
P^
9+@K
LOT:[
3,)>r
{?mE
/2*W
9CD 8L`K
Q3 z
~n05-
set_SaveMySettingsOnExit
I (ZI
/ 1u
Wf[5
dvb(
vJ(zq
*ItH&
UzQ
hxrA
[Pwm
AttributeTargets
#>T*
set_Mode
6ubH
D&<x
Qc:KTE!
Gp^(
s(l+yjW
EeJZ
B;!m
j8v-
~ !H1s
c3[hG
8L?Q
A#g[
7o4}G
+ZfB
k_%w
* CYu"
Iy02jiWob8WY4IhJ4c
* %>
+.{+
<nP` }
mVD4
=C6b
y5wg:
^l z_
U&'
Boolean
M#vO
XWm2
uV39!
SZE*
<0&Q
`+&?
ei~o
p#r4
l,P5Q
p{.=
!acu
TdqMglmXeo3cfVy4tf
Fuhh
; 8J4&
pd/d0
>=,l
I`?j
L ^}0
KOAV)
ReadProcessMemory
$UQd8
ycwCSsK2ai
A2 z|2)+ b?
Q0kOi
I+';
1:qzl>5y
,Tg[z
6)pg
6t!G-
Pmhu_9
NW4f
y #}
WindowsAp
~C&
0>C
=I LF@H
Md#
*9]\
R' fc
$$method0x6000002-1
rJHD0
|E{z
,z:C
F ND
E0lT9
"bmX~
eLP|M
e<Oh
WJ<!p
#"8
R-1>
YzUeA1
C44K"
g>vXl(
GL 1
4*O_#
FileShare
*7![
0\lM`s
iw
!X<<8V
pD w
ls>1
_A[Bg
.1%H
instance
|#'
DE'H
UE h9
sF :
L[m
P? yX;
OAe
#|nN
AssemblyTrademarkAttribute
$SU7
cp a
pjNKOiF7q
|`u/_
L0$VW
?HQg
9u.|
T%"4
J i7
L>B.
knYb
+wDOc
Im4T
cY?j
'hZ@d
Enter
P8"1
-rl'
GetValue
5vwD
q7lCfDuPK
, "usS
J}3-
FileAccess
[d$F
g>k-
t%`
(r(\
Zk60
Rpr[
}`d
H>*wx
^3Cn
_GR)1
Oj45U{x
dIQ6
:)xJ
hf&=
System.Runtime.InteropServices
V?tP
wpR}
U3JZ
I:oN
:gz6
l.1S;
T+$}
Math
ryO6TZDwc
]dJ]
g_ :
ACx1k
| 2X
evgi
FZ#Y
dD?c
lt-L
M ?i
ab:j5
^/kng
6/=:,
PILTe6qEJn7ErPfDTW
mw8B_
eQdEz:(X
Bnx8
@${X.P
-0l^
,%{D
System.Runtime.CompilerServices
Ti,r
G0l^
B.=rQ'
)=Bz
;' J
00kE0
(Xq-
?S0X:
^H R#?
,8hp
}&1#
OxDW
,gGm
Utt]
Z&3M
]33%
3=]!
Y Ao
!)JS-
~ vH
fo%
x$ v
V/qP
4P?rC9eq
AqFL
oTsU
n{fm,
u|X+
f: O
*
*hoE4o
S%27
m ^g]
xdQokq
KL:~
M2E$
NNL?J
Vl
*}W~|
$36001fcd-d8e2-4f10-a532-1018af009fc1
X>6/a
{+XX
Fr~~
\l~d
]I1,?M
>kMX
C7|'
mx_M,
kV&G
xSbQ
T=$y
`] Z
-'Rd
2K~v
&(:!
^d;}E
N07O
ZsBX
\f`b
i8C,
Mt[d
=qn7
A;2NM
`,=BR
}-Gl[w
X]>^R
b=~D
SW|h
cW`G
G`=Gt
fh'f
6R2&_
}<FU{
IDisposable
f2pDX
]VeK
Synchronized
]ppl
rk<M
BEuD
diX+
].,:
?MSU
hl5M
R$5}
9lzh
6WRP
j|RL
OsKDU
WhG|
5"Hm
9q=g
AFr=`
j`+*
SD]`a
#|6
{JRn
`?5z
w[fX
D?$z
opIF
op_Equality
4N|
2Njz
j6GJ
!4*]
9_[?
My.Application
h>Fb
S9]>HD
^/sjS
iPA^
G4wf
7,8hel
{vj2s$V-
h4fa
hgfs
URMr
Y&ki

ShutdownMode
;cu;
Equals
G1#
3Q M
A&t'V
-EgZ]
n4 )
R5wI
yrK<
<Module>
x<k
&Sdq
P-|I
3b\ m
c(|~
SLV0fFIsptsZtjvFft17
qwPG
FIXS
Cv@Q
m[&*
ahOX
Crg
DmXm
ComputeHash
a4OT #
}\je
`L_.
__StaticArrayInitTypeSize=32
>lfF\
709f0
NSUY
\SwO
A<'koh
qVF]8
< k6
SizeF
ToInt32
e#!}
2018
S vK
O>ZG
dz/.`i
j l*k
TD4:dF#
[ K
Rg $
,2 p
og0C5MnwU2
gq-)
(>\
dlxmMpio1nujkHScJY
lWPN8mluYc74ppaGAj
=0~yz
I @~
Enrn
=]*V`
87mJ
aruYiA0Gi
[`t-n
1H_ne
MTP7
/A0d$
W&(-
CreateEncryptor
Ii BT_p
^9I
*;d*
nu)]W/*
9HF/}
9)r/
[Wi
4?wGqA*
(URA
(lRr
,gTN
YaOw
/(ai?g
8;r
l,wl
Uu~Cj
xWnXcZASt
y!jE
SB](2A
Zc!<
X}~E
5rCt?
Ef'C
|P6s
EkTR5O
8Gy5'
System.Threading
9a$ w
8JK]
~Ga&
fond
uT)x
Jdfz
b%GH
o G
,#5l
O|Cmwz
"7y1
# n 3
6 ['6
`Iq .
EbFoV2USaDyU6r1RHr
Read
oC)^
pL)~`B
=0@M
..?J
$@7*d
+3*z=z
g,{>
Z@uP\
" e=r
l|FL
tVhb
!$GQNvv$
sk3m
25X\/
-(,i$>N"YUq
_>2_
Xg L
hT,0
rndC
6HC=
wSl
%A[ :
ApplicationSettingsBase
Ek:P
I<(UZ
fnT^
J;|N3HQ
hmuE
j14o
=s,;
(#Lcz
/:#3
B&|.
3QTK
aUum
uLGS
G) GsVi
D:bY~
$1ZQ
0An`
^2z\
SuspendLayout
]41;
dIp;17
7qA_
GetPublicKeyToken
|>mf
+npO
AutoSaveSettings
EventHandler
yk6"
hYkV*
&. `N+c}~
h4kWj"G
k)?Z
c8_
7}x[
P]./
Microsoft.VisualBasic.Devices
43t
~ i
MyTemplate
LL.^
$cLC
<"lT
U27(
Z&'mb-h
#>^f,l
M0oCBNA55L
tr7t
$.Qg
Encoding
QeBCW9oWUl
`( 1:
cbm9y
S1;@
\ /wO
t]m}
TmeNpkcgq1FOFx9ol3
GeneratedCodeAttribute
5UYx
(/ R
Utils
&{1s]
o\IJgg
MhP;
#OLwk
6qm
im?GE
+[$ WB
+v(
?GI. @n
__StaticArrayInitTypeSize=256
@RO+%
zBG/
N4*3aHa5v.
Microsoft.VisualBasic.ApplicationServices
r/jTi
3k,dq
/q^}
As<l
&FXe
DAg*
H@Iv
l&c>
WindowsAp.My
@ ]L
1\JR
zY(`
HwR\
k03vA
B/0m
RE{.
Mm# l
H~QZ
UInt64
}n:hx]ql
get_Size
<=
J$Ui<]{MDh
Remove
=5Kps3
_eqP-
l$k~
ToArray
V ZI<
S*f{
#zsb
Au8b
i^`B
x rx
6OY;
4 Bfx
System.ComponentModel
`>6e}O
F'li
nJ/f
1-Ann
Xi_X9
\[)s
oqc?V
82\m8}5\
s]e@
<UAb
0;g7
an@]R=
jUmA
*<5s3
s )*
+;#)
rkI5
oQ4rk
(:"9
knzzL
de-Xo
VqEKB
E.C?
sudIVQG8r
mscoree.dll
x =Z
[SK v
!.C@
(*nf
e [S
L_9q
w{z
$Gi2t
addedHandler
/]RRj
w :
u_QZCX
:>5s
n&'T
u8EecW4w6
Gi%
~G6:
83.
4 uY
{{;XvhY9X
:EM A$
`* ;
A1x
]t!s'>
;#w%
9ctR!
0+v`
K-K[
s'gait
Ky d&
I{7Ej
1<yC'r
sCG;>
T;bw.
jG+N0
uNcCI4nnXw
XFzW
|^E I
O#PlDQ
V[Y
j&Bmv
57%
k2Su
_]yO
p'&
System.Windows.Forms
5=Bs!
4z:
(#Hu
Split
0|%f
EAn
4!.b;
k> wB
+R>P
n)oz
)e xeS.A
0>u2
j%6=
T0
5(mO
tQ [
@@z
yR,Mt*
rvR
\%>!B
9 n
_/Rx
UexD
|8[(v>
M}N`
Ve%R
D-)+
.s(;z
^zz(]
*+Tt
,/ w
<b^J1
!J c
wI%U
Q}6#
D2,3
WindowsFormsApplicationBase
StringBuilder
SPY
S#C
d .X3~
.i@{
7SO+>
~.?M
r a_Ti#Wj
Y7|X
by$j
i6Qri1NCf
cq&
={k`
hqH19ZfVI
D7Y}rZ #
|CJt
)%}a
2`pOV
Y|?BB
<'Az
7K UH
Zlr\
4KnUk=1
F7P%=8
Y q{"
VCA!
yQK(6
A8|
[RmhB
0q|w
AllowPartiallyTrustedCallersAttribute
S_sw
c{UPF
/YLY
l <5[x2
6x t
&jYEZ
NewLateBinding
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-05-15 01:47:41 2018-05-15 01:50:32 171

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-05-15 01:47:41 2018-05-15 01:50:32 171

10 Summary items with data

Files

C:\Windows\sysnative\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\*
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\FINAL.exe.config
C:\Users\Seven01\AppData\Local\Temp\FINAL.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\FINAL.exe.Local\
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\FINAL.config
C:\Users\Seven01\AppData\Local\Temp\FINAL.INI
C:\Windows\sysnative\l_intl.nls
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\684eae3bcd28cb6d1e6997e6497056e2\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\0fde44651bdf14a3988b955dd94aa318\System.Runtime.Remoting.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a
C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Users\Seven01\AppData\Roaming\suchost.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2388.19241968
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2388.19241968
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2388.19242000
C:\Users\Seven01\AppData\Roaming\suchost.exe.config
C:\Users\Seven01\AppData\Roaming\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\suchost.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\suchost.config
C:\Users\Seven01\AppData\Roaming\suchost.INI
C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_64\Microsoft.VisualBasic.resources\8.0.0.0_it-IT_b03f5f7f11d50a3a
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it-IT_b03f5f7f11d50a3a
C:\Windows\assembly\GAC\Microsoft.VisualBasic.resources\8.0.0.0_it-IT_b03f5f7f11d50a3a
C:\Users\Seven01\AppData\Roaming\it-IT\Microsoft.VisualBasic.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\Microsoft.VisualBasic.resources\Microsoft.VisualBasic.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\Microsoft.VisualBasic.resources.exe
C:\Users\Seven01\AppData\Roaming\it-IT\Microsoft.VisualBasic.resources\Microsoft.VisualBasic.resources.exe
C:\Windows\assembly\GAC_64\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.INI
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\Globalization\en.nlp
C:\Windows\sysnative\tzres.dll

Read Files

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\FINAL.exe.config
C:\Users\Seven01\AppData\Local\Temp\FINAL.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\msvcr80.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\sysnative\l_intl.nls
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\684eae3bcd28cb6d1e6997e6497056e2\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\0fde44651bdf14a3988b955dd94aa318\System.Runtime.Remoting.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Users\Seven01\AppData\Roaming\suchost.exe
C:\Users\Seven01\AppData\Roaming\suchost.exe.config
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_it_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll
C:\Windows\sysnative\tzres.dll

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Users\Seven01\AppData\Roaming\suchost.exe

Delete Files

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2388.19241968
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2388.19241968
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2388.19242000

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINAL.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\2bfb52\68c68911
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\internal\jit\Perf
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|FINAL.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|FINAL.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|FINAL.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.DirectoryServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_CURRENT_USER\di
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\FINAL.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\4648C196
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|suchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|suchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|suchost.exe
HKEY_CURRENT_USER\Environment
HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic.resources_it-IT_b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6d5fb745\1c4dd593
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic.resources_it_b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6d5fb745\4deb99ab
HKEY_CURRENT_USER\Software\Microsoft\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_CURRENT_USER\Software\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_LOCAL_MACHINE\Software\jVfAt90oLi7wXwWTEb\WindowsAp\1.0.0.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_CURRENT_USER\Software\3aa6a8f2d50e5d1e491422e6b292a37a\[kl]

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\432ba598\f6e8397\77\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3a6a696d\52d7076e\7a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_CURRENT_USER\di
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\4648C196
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS
HKEY_CURRENT_USER\Software\Microsoft\Windows\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_CURRENT_USER\Software\3aa6a8f2d50e5d1e491422e6b292a37a\[kl]

Write Keys

HKEY_CURRENT_USER\di
HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS
HKEY_CURRENT_USER\Software\Microsoft\Windows\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_CURRENT_USER\Software\3aa6a8f2d50e5d1e491422e6b292a37a
HKEY_CURRENT_USER\Software\3aa6a8f2d50e5d1e491422e6b292a37a\[kl]

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
3aa6a8f2d50e5d1e491422e6b292a37a
Global\.net clr networking

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlVirtualUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.GlobalMemoryStatusEx
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
kernel32.dll.OpenProcess
kernel32.dll.VirtualProtect
mscoree.dll.ND_WI4
mscoreei.dll.ND_WI4
user32.dll.RegisterWindowMessageW
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
user32.dll.GetSystemMetrics
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
ole32.dll.CoTaskMemAlloc
user32.dll.DefWindowProcW
ole32.dll.CoTaskMemFree
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongPtrW
user32.dll.GetWindowLongPtrW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
user32.dll.AdjustWindowRectEx
kernel32.dll.ReadProcessMemory
gdi32.dll.CreateCompatibleDC
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
user32.dll.GetFocus
user32.dll.EnumThreadWindows
user32.dll.DestroyWindow
user32.dll.SetLayeredWindowAttributes
advapi32.dll.RegSetValueExW
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.WriteFile
kernel32.dll.LocalAlloc
kernel32.dll.RtlMoveMemory
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
kernel32.dll.LocalFree
ole32.dll.CoWaitForMultipleHandles
user32.dll.SetClassLongPtrW
user32.dll.PostMessageW
user32.dll.UnregisterClassW
kernel32.dll.DeleteAtom
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
user32.dll.IsWindow
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
user32.dll.DestroyIcon
gdi32.dll.DeleteObject
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.QueryActCtxW
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister
user32.dll.SendMessageTimeoutA
user32.dll.SystemParametersInfoW
kernel32.dll.lstrcpy
kernel32.dll.lstrcpyW
kernel32.dll.CreateProcessW
user32.dll.GetAsyncKeyState
user32.dll.GetKeyState
user32.dll.GetKeyboardState
user32.dll.MapVirtualKeyA
user32.dll.GetForegroundWindow
user32.dll.GetWindowThreadProcessId
user32.dll.GetKeyboardLayout
user32.dll.ToUnicodeEx
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
version.dll.VerLanguageNameW
user32.dll.BeginPaint
gdiplus.dll.GdipCreateHalftonePalette
gdi32.dll.SelectPalette
user32.dll.EndPaint
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
kernel32.dll.GetComputerNameW
advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
kernel32.dll.CreateFileMappingW
kernel32.dll.MapViewOfFile
kernel32.dll.VirtualQuery
advapi32.dll.CreateWellKnownSid
kernel32.dll.WaitForSingleObject
kernel32.dll.OpenMutexW
kernel32.dll.GetProcessTimes
ws2_32.dll.inet_addr
ws2_32.dll.WSAConnect
kernel32.dll.FormatMessageW
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetProcessWorkingSetSize
kernel32.dll.SetProcessWorkingSetSize
ws2_32.dll.shutdown
user32.dll.GetWindowTextLengthA
user32.dll.GetWindowTextA
advapi32.dll.RegCreateKeyExW

Execute Commands

C:\Users\Seven01\AppData\Roaming\suchost.exe 
Exceptiona firewall add allowedprogram "C:\Users\Seven01\AppData\Roaming\suchost.exe" "suchost.exe" ENABLE

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-05-15 01:47:41 2018-05-15 01:50:32 171

1 Host(s) detected

IP Address Hostname Reverse DNS
154.16.63.169 United Kingdom 169.63-16-154.xdsl.suffolk.anmaxx-dsl.co.uk.

Host(s) by Country

Hosts Country 1
1 United Kingdom United Kingdom

#infosec #automation

TheSystem Itself @ 2018-05-15 01:51:11