MalScore
100/100

obc.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 42/67 Related 2257
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 510.00 KB (522240 bytes)
Compile time: 2015-04-02 19:17:49
MD5: cb59ba1506204e720978fd84ec80eab2
SHA1: 5487f5cef62479380d9e3661179c9347cf32699f
SHA256: 8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 4 .text .rsrc .reloc vsfRwI0f
Directories 3 import resource relocation
First submission: 2018-04-26 23:33:08
Last submission: 2018-05-03 16:24:03
Filename detected: - vbc6.exe (1)
- jpg.exe (1)
- vbc4.exe (1)
- EQNEDT.exe (1)
- obc.exe (1)
URL file hosting
hXXp://23.249.161.109/c/vbc6.exeVirusTotal
hXXp://23.249.161.109/c/jpg.exeVirusTotal
hXXp://23.249.161.109/c/vbc4.exeVirusTotal
hXXp://23.249.161.109/c/EQNEDT.exeVirusTotal
hXXp://23.249.161.109/bin/obc.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-04-16 19:48:49 [42/67] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x46cf4 290304 938adf31d82e4f4ca6abda0ccc947199 f2042001e745d53c9ff52f4d7ca998f660cc9c4b
.rsrc 0x4a000 0x32400 205824 94cb53b2ad392ca917ac5359e072aca9 cfe0d85025df82d5ad5ae5f243218988e33345e3
.reloc 0x7e000 0xc 512 2ebbf2b573f5d49568d0d6117eb1a1c1 8e567abf38a9be439e159153b77384bbc4c4ec12
vsfRwI0f 0x80000 0x5fa8 24576 4a426e15aa3d4c1f70743c2e96566e86 c4c03689994a156fc48ba626af2d65f85c2ef8ea
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x7bbf0 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x7c058 132 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x4a2b0 712 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x7c0e0 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2014
Assembly Version: 1.0.0.0
InternalName: OERegistration.exe
FileVersion: 1.0.0.0
FileDescription: GrabHWID
OriginalFilename: OERegistration.exe
Translation: 0x0000 0x04b0
ProductVersion: 1.0.0.0
ProductName: GrabHWID
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
ntdll.dll
KERNEL32.dll
IP Found
No IP detected
URL(s)
No URL found
Assembly Version
Profiler detected
Module error
VarFileInfo
Debugger detected (Managed)
InternalName
OERegistration.exe
1.0.0.0
<Unknown>
StringFileInfo
COR_PROFILER
Translation
LegalCopyright
Loop broken
FileVersion
Copyright
VS_VERSION_INFO
eeegehef
000004b0
ProductVersion
FileDescription
OriginalFilename
Broken file
ProductName
GrabHWID
COR_ENABLE_PROFILING
2014
R!+L
$$8&\o
6oA5U
HHmm4@
;$SX
b3 EB
b)|/
-Fl[
_^4
H1C5
%OH&
^|5~
U+?R
Int32
MF5.
~7$d
f7=x
q 1
PUSi
4Y1<'
ConfusedByAttribute
7E|d'
UY6[p
bHt
=NfW
lGE.$
t*HLT `
fHN%
LltISX
P|aLI
k{$+[ N
tN<R
DrdW
ResolveEventHandler
NtSetInformationProcess
VX0p
AutoScaleMode
ffD?lqTwtw
$Lm0
{h_D
_T "&
r6<~,
6\NA
E)T/
$h$'
~uSb
Fvf
|5'
-P =
sA8Y
)]Le
6yOW
Ii2B
u81c
N*|\
yDdm
?|Ar
tAn20
Lshu
xexn
x<~z
b6{\
UbW
add_ResourceResolve
x]P}p.B
o d0
K=Hq(
\VFK'
aD!2
get_Controls
W5d
7'N
p|d6
D%&@
t$vK
y,L&T
445l.!z
2t7n
ZeuB
^e"9r
DX,FT>
tFh~
CryptoStream
P[1t
||yt(`
k#/l-Hq
M&|_
d{lV%
.=Z$iH
[d>N
&EK$
}6no
DebuggerStepThroughAttribute
U`6: ^
4+<xD:lx
v24|
VL.3&
~:v%g
}f<]
M46"AB e
Call
V(b\i
x*lF
% j5
args
fTv
`AI<
GetParameters
=l$t
;<qx"
qV4~$
5DXm)
#B7v
NB"[
c2&>j
bv{1
`s45
n|7,
+L&_
)@>3
0ZaRT/h<V
Marshal
TTZ,V-N$
4OU^)
([K~n
X&`1
~f8%
AssemblyCompanyAttribute
QQ@/
c 09
v-P
A<V
,VLv
D+{C
`PIa
KndF=
= P.D
fc^|ST
j^ih
Fl&||D,,
$pMv
ftN Bd
^@ 0
</xHn
CompilerGeneratedAttribute
N43=
i>\>
DNNI
op_Explicit
RuntimeFieldHandle
p% t
~\Vb
(wM3
DFe8
^lMG
APXh
> [w
)@U;
GetILGenerator
U$$L
2]fpr
T<wx
9$:X
B4xT
Vn %
ddl:
2v)z
E>lvT~
B$^R
V[N*6
BNiVT}
Xtwl
2?y
u~?#
U.Z
fR}0#Z
a4k9
=>`
DKPp
5vV>
_ Qv
Y\$DbU6
C0$k
CHl]5
ZC ~
<s_nt
Z<\BB
F|^4 $
Y|Y{
]P}0
2kJ:/
GXm.m
Bflr
+Y8K
j:8N
&FY\
3oW1U
+lF|~lVuN
E`0-
<M|$
I[;U
eTV!
gN>e4
NFn_
@NI:,>z6)
=t_,
R)C2
v0
YE'
G+ zb
BnLjV
K"S>
<eg
C:UV
dGA-
)6GtA
F~PFd"
\sD f@
od8q
t}ZP
f_$m
L!x^AU
H|eZ
B{!z
ReturnLength
;'yw
&aV
3!~^
<6'aS
^F<n
Xm'
waYYa
&D7l
cVtr
??R$
@&N5
v6 7
s_TdD
" Jh
vqrB
.>w,
Lb^)>J
ko8U
VQi \
m:+
|I@}}
*!D[NW1
K|\V
=btQ
#t8>
bIy`
oLTJR
Q94A
Monitor
}ZsQ{tZ
H78FL
z,-
b\Gw
NH=\^$
@_|-
, 7
AppDomain
p"&A;
T<{u./
M^lA
k*b|
KB5B
CompareString
<Q!n\
v2.0.50727
DfBJl`
#QU<'
dnl&
D.;N
get_CurrentDomain
q2}cN
0&'*
( )!
~fvl~
P \f
V\UA
4xLX
get_Assembly
^5bwF
~2yH
jO\Y
a@_R=
FXXdU
;H W
e4,D
rMz;S
@Us ax
&C@59fFT5
NtQueryInformationProcess
7V"2M
cLP>N
pB`S
GetObjectValue
+jS4
gTsm>
2?Z{ X
X\[_7
1i6A
@S4-
*,{p&
>].D
$Si+
_.||
S m.
~<Yz
AssemblyTrademarkAttribute
N8*Q-
,%VT
l*~
[kug
*^QsJ
.t:(5i
PzXd
tf Q
.&cE
&i RMLtE
set_Text
Ldarg_S
]2z7]w
(6f|2
S h)
64,
^G^
nm5q^
BDQ
oz./
>rVe
sO9%
4Kif
xNJ~
(NYf
,.LF
T][6
^?uU I
%}bd
!anmD)
V?$6thrF
,F@}
9'nx
bS>|;
%#|k
^[zD
>CnDg:
i~%K
<T;<6
Z&|[BWt
htvD
}c"i
;$F4`
,:O`\sN
W#d|
x~cZ
o~<U
'~ 8
lOt{
60?\
' _2v
qXaZ
CompilationRelaxationsAttribute
USS
AssemblyFileVersionAttribute
:K^Y
O e{
N_#/6c
1\ v
y#>-Gmm
,8~l
tN0Fl
MX$"(
,dD?
6bzZA
q></
Type
@Wx)
klm%
=](,
~e6f
J.NE
n"d];
;qCY]
~9%t$s
RRy
YsZy
^$pv
N'ut-
(xCE
nV_>h
Lj ,
System.Text
#4]
t6fF
L& ~
[I]CqH
*|da
8ED
&<'d
}d5i
Ije,
!s=h
F|Rt
g/ Z
0:T/
Nn58
6 >B
-@E!Ex
8'iF~
L$^>
opfPF0l:
u|+$
@LT<
~$.u
S&Tb
tngf
'nl
^5:T
HepvT
^<g$-
dQ![fH
hw|b
:fP~3E
l2&J
O,|?D
!_xfK
Y9Dzj
~thO
jB"_\
tu ]"
c<=f}
6?\7
0w",}
mZ:4,
f0:xv
'6w&
R$0L
?"F
FfnN
Z*!Cn
HashAlgorithm
&|V]R&
WFW{
FNoR
Sb#{
4E a[
n{D,
$Nn^
=JdL
.~ l}
!D<A
b^$W
0~ -Ll
V\n/"
1 t
0.i<
R bz^
get_FullyQualifiedName
J}g$,
3yM\"
}<<_
d> 3X
N&k^
$L5w
`Z~e
W|*
|E\>
jIi9
F 4x
rDw\
Xw\:
^c{d
~\3b
E,C]
&d]8VG
"~Yyp
ManagementBaseObject
0vx.
OFFN"
(tIj
mhTfl?lkK
_aN@;b
<?FJ
w\4d
i05VL.
x*7l9
%*Dg
G*9F
tb<pD/
,SL@g|
Ze<%|-J
/%:st
ErlM
3_8c
ReferenceEquals
K km
.text
oTC
qEGD{(
GetString
-V|N
~tTg.F
Component
\67_l
. ry
GetObject
}Cu
bZF!
Is<?
A!uG
W$1
R \W:
T/pU
![M
}B6mF
Convert
_N2n
>+y^
WindowsFormsApplicationBase
CroY
4 X=g
Button
,t:Tw
'4uk
System.Configuration
dS"
w}%&=
y$v@
)[&o
X2Df
Om~c
b<s,
4System.Web.Services.Protocols.SoapHttpClientProtocol
DFp,
EHFY
liCo
lH6[
*oEL
w|FD
&v:
~lV|*
PerformLayout
-5xThWl
YEE
|h#?G(
J.>8
EY6o
n'Y
<IxR
>`z$
`X'%`
pnlx
f|,t6B.
ba,(~&
WB^.
y&bB
L^\V@6n
WR [?lx
\M#1
6.gEo
|5C
9+ 4
IsLogging
C%8 n
qt,,f
Lc _z
~96a
)h Jg
Resources
ur"rM
GK{B
CipherMode
Cg1O<w
.b1z
~4!%/
. Ve
&(~}
pq n
9\sIH
&7H20$)^
get_ASCII
4f!>L
:4~&
ZL2n@[
O6Or
<|7H
qDKwp
( 7<zg
DesignerGeneratedAttribute
oU*$
\>m:
VpB].
Kns-79
{FZ^'
fJHPX
`n*[G
~"k=
M!W+8
MB#3
!o(]
*F!N,
4e<V
q:k/+<
UGjY
q L'
0esP
V|aw
v\XD
@.Zv1
|3#H\
E}6L
fbN
`.rsrc
~x^c
}m>d
A_g~8I
8Trd
LOd_
,x>"<]=
lF6n
L Fx
(o$&
FM`'p
CreateDecryptor
tb25Putf.
p,z$
3x ^
6 Bq.y
[j.T
v lL{/
t^@jE{
yu|.
&T|<
0L_S*$
flNewProtect
?`61
1fS+K
ZD[Q
sN|Cf
VTN}
.ctor
dU]
1VSFj4
yxwI
ProcessInformationClass
a Xq
P Z5>
T u
Gc"
ugl*F
P&3YAi
'wc
N,~4
T+[h
ZLE~o!
T>N'
i|W<
,pGV
ZnyGe
C/1t
PV^F
|W&.
>&v+
C<mX
/-3Ez
7V.@&
<u>
ACPe
<MhLZ
8 y|I
VTN5
ND/F&
1:t p
FTs<
'HNs
TL\5h
eS^Z
>lfJ
"aa Q
D5\%\f6
F{vK
<"s>
L/\Y
C#&sX
,'(*
|w&f
|}L)
9@X}
?|dDL(
oCbh
O7 Sg
get_IsStatic
XuC
4H<>
cWI J
?6EYf
\6IULu
o7jH
dXIz
lJT|
_T 3
@1sc1
Jy% y
tmn}
l$n~
(t_$
[Uo]
F .u
I"D]
v>vs,
8 uq
DL^Ft>
> hq
:^$B
q,v\n
_nV,.;n
h|(5~9;
-`'#!
i@v}T
f\ q
Jq~t
rtm\\D p
- Ob
xb4W
.ebg+$
{Pz?
$8LP2aS
Bj4&
*\FW
ZIe
]Lp]6
39t@
H$"?
K~lm
VvA.
$ g6
}?0C
2TX<Wt.4
VT;xyE
%~Hq
~q6g&
<v$N{
n?:J
CbiWA
t;&v
_Tpk@
~z4V
BR7L5]
;>El
isL)
FpL-
Ohgd
@>vz
8+a'Jx&
GetBytes
sender
'e`V
G X[
Xn1*
>;F%H
LA4|
Mw& D
&_ku
sq>}Q`
>N6>.Kn5l
6-7|
oMiV
Kzl
,Vty
tOLWDn
.>:
,-\a
r=a"
:]5ui`
/HC)
^ S S
E.@f
($P
Write
>aG$$
set_AutoScaleDimensions
("R~
/_~E
a>;
KojPCE
*{'f^
E5Ul
h6yv
eX*-
76'y
9.%f
7\54
x^|2
i~lJ-z
~i&j
-2X}
V|~b
H4QL
/FA>'
3"03
h.jF
System.Management
&=wm&
ZsNl
Ywg
zg;L
r;K&
UQc~B
|Z$B
.z^d
k& 7
.|jd
f%F B
"r'*
"4^ v
wGGo
Brl T=z^
DG @RN
U=3I
9uRC
9)n
Rn~v
t084Z~L~
mj199X
DT l
46|54
jFFg
System.IO
WrapNonExceptionThrows
\H!5
-?v#
T2k7
2W"T
%~l,
aJwd}
hi}+
,mj{fE78gN
tQ@P
i .e
OHf\
o[mOBF\
5 > 4
~qR'-H
V" -
L~x^ a
*]&{
D9$f
%H+\C
ay&*
8(5L
H6*nNr
g-h8
og:<u
){uE
'Z<
W9r`v
[`jPS
Twe
=:Jc/+
YFXa
[. yH
;N4 k
T+ 1
V2N-
TJwMg
n}lHl (
+6fm
3z!(
%?l+
^T06e@N
,H[D
& j~
ml;0LolRG
%=w
s" hvy$
STAThreadAttribute
,D?|
<r$/
CqVt
CMW<HE
]8Di
Form1
b(K*(
90FAl0
m+Ks
op_Equality
L/>fi
System.Globalization
( >5Q
/l8w
Zi[m
X_^:
0q>o
m(J
x(/E
OqH}
,!TZ
0P~N
i6lpD
f`"
(&;]
D `B
=Yz
T"F]HUH,
pHYs
Pa6M
@5`]
r\<d
URdS
)&,~
}rm/
EventArgs
Application
o"9L
AF<y
,w"b
AQm}[
N)sp
s&f#
Ar2
>#g4s
@u V
Sgp
.q8ns
?*[t
1M[>*%<
&6x6
^V`n
uG@m
OR#l
$Fzc&
PropertyDataCollection
3,zd^
XUz~
n{fe
TsiHh*
W.Wbg
09\5
?=Nk
d<ttp
^eVB
Fai\
i=^i
CreateInstance
OutputDebugString
~Mfi>O
/4^N
Z[)?
,&<V
IrdD
MethodBase
vdon$T
DtkXV
{I.4
A=J
l`'A
IEJ%
System.Collections
662VlWp
lJ!Mj
<$ l3
"[n
^N/n
9Z8s
!BZ(%
,`PJG
DoB|
nF,`
[\tp,<&
:<b.jx}
N| $!L
yD?wf
-ld+
:84d
e~,Z
.eG_
@RV-
=ny^
sj4N
ProcessInformation
Environment
W^b
!{)dE -
M rbD
KYzX'
Jt8j5
PTI1
{Bzv
fE a
S.^.>
J\nN%3R
%]]L
Fr_S
qD,W/
T&<=
m2LCW
0 I"
%&pv
*GTO
\B$
>.u&
mscoree.dll
T|zV
2D^A
K4'2
t #\245-
.`8$:
f K'
ZxXn
S G
tQLT<
;59!3<
2" :;R
Q?skF
\od $
gd~.
QNK>
System
7.@7
qD's
V2^<
eiGn
q*V%
/'/f%t>
GetCurrentMethod
3a1&
^6?/
8) t
N0lB
tFVt#
O[Um)A
f>5>%e
get_Position
N$ |
GetEnvironmentVariable
"~[i$Q
set_StartPosition
bFdn|'
4&xv
p;g(:
drA""
xLfl%
-6}9
^u~\n\n-
FCd~
ThreadStaticAttribute
\DV7
Ug /]P
&vf$F
Mu8a
VD:$
"X .IV
p ["_
Activator
0Ug%
<T,;
`55
aE>OZ
tx!f
vh~
ATFl
F=>j&e%l
W1aU
[KZ\T
h@vw
[5Mo
%iLq
mIt15
/:!>3v%
,"<^-
weI%f
~pfgV
&t6
}{)vr
K!^X
tQ V
Z1=3P
CHCBlu
3a6&
cgMk
TryGetValue
~Mu`
3Dql
m&/q
ProjectData
ghi9N,6%
N1vP
;4]
,`%\Sp
. Nu
set_Location
6`1p
'*vl
dT/&6
4;Fv
zlW&i(
lyh7
MyTemplate
[nW
MD5CryptoServiceProvider
qFe~
8.0.0.0
9m?T
$!h^
~Yp4lbO
*[:(*3
_]s][)
*l<e
pB F
,./6
G# ~
v\o1,
y#lY
t;D
6xNC
@xHIv
DebuggerNonUserCodeAttribute
TBlVV/
}mZ)W2
@fAS
Nfj~
Z44X
,(43<6|n
X&C
$T\v|$
?,5
=fxJ
l NvTv
?Spj
4>A
CvST
5N,>
0~d"W
ProcessInformationLength
K8GL
xQ\yWb
nOgEK6/
:B!D
` &R
mLrp/
:>'5
)nLC
WH.)
6f(>#N
8\!
x;fR
t& f
Q'3/
0*$]
vQu;7
vUv1
t}:B
g?Rn
q|s6.
7Dq"
~`Ldq
@ VG
&J {4
UOht
PNG
6Dg$.
At2,`
2 ^/
V\zD
V.:_
iL3d
N ,X~
'N^k]
RuntimeCompatibilityAttribute
n/)LryT`
)f#Gz
-'4H
R@"v
;+4Y
H +1
BitConverter
~d><
Vn^0
^{UPBA
c u;CGE
n>/zy
J>E l
PP.o
St @
qO=;
L"Qt!]y
Dm,g
[^Vz
Ak,Yz
ntdll.dll
.}XK
- 1Sh
i7:>
~+:}
N6m
TZ,:
zvgl
Form
@tfC
RlZu4
vL@t
pfvW
GX H
T>\<`
m(yD
_uF
l%e.
p)\ /
Q> >
~c6{>
*RI,Z
?Yaaa(k
A} W
mJ#(
@:cB
^-"3
<?56
>&.#vz
J(A {P[
e'h=|T
]UN
G`g4
Ikwk
?1N5
",:t
Cb,#
bfy
w0L>
k4P
H]i
Pb;W|(
Newobj
38f<\3Fr
jiy
K7 8
F@[}
h7p
/D9(V
T.43nn
Seek
]JGy#
,U~\
daFf
2lLf
Xj F
]>Fz
~~Lg<
LLP}Jvb
PdN@
&tq]
.;^%L
jvj
Y/y>*?R
l<F4$
}^-YI
-ARZ
; 2
v ` >
k;Vy
>[nE
*&vY
2W1-_
ybg^
(hr=
rM x1
wcUM~
G+lsT9VJ
F "J
4,-JJ
#Strings
wC[B
B D
`=mU
g^<EH
7XlW
SubU
`@4~
#PXZ
>0Ndm|
(<f0
Operators
v>~v
4jd64l
_|`C
d`A '
^irtK
CL/6
7$EfJ
*]moy
>>^$0L
^>2$g
fYBy(5
J{]Y=+
MC&D
^}~eb,
get_Length
get_Chars
)<7F
KR/d2
NlV!
VLVZ
,I<7R
)!8r[
FP{\
. )TZ
NRNE
*d9<R
$L~G8>
\ }\
J;66
J(Vb
]EtO
_Q\M+
QTxNv"
pLST
O(;h; pB
gl +}/
v9 I.]g
o>TV\g
CryptoStreamMode
eoh2
ResumeLayout
r*q[
Ncc4
3xxF
`.CF
tkr6+
k})D
oVV}d
:|~e/
n@s#w
SEf-
4.%f
V[P4
#6. m3
aEY u
^j\
^:V
:W\
System.CodeDom.Compiler
=a\\8
GuidAttribute
Q1M*,
4x V
Microsoft.VisualBasic.CompilerServices
T<
}N+3
N'r6 N
ByFzOx
}w~gn
M (]
NMBj
cS}y
#'Wv
<=2&s
~{TI
vr\
$ N:
u;;8
5)5
.[)
})>@v>!
OP a
J|:q
8jyO
L*T[
UAoW
AHm
:a;1VXdfvNr
JN?N
ButtonBase
\)c}u
*.LX4
(g$
<<E+
:nXDX
R{n&H
d~f6h
47D6
eAD6#
UoF&
V tx
B1gF
q],S
,-D?
-2Ky
i !$
~IVb
5& >\bT
9@mJA
a_E:
$t8F
zv&M
!"47
OF=:6
0BdbV
9wD(
L4BH
sZ6f
n wR>
#NkG3
Pp g
WlN8
08z8y
>/~#^M
($-
FormBorderStyle
j<rT(
fWd
'a M
f$>@
7KBm
cVU
Q Wv(
$..
vgN
3{F^
UInt32
<O,n^&
+g3G
bAd4
tIVo<
w1Au
dq Y
]Hl\
{LO-F
,l <F
1,#PrO
j_s[
o; }
get_Name
Icon
ToString
ekh
>WK;
fDSd
3cHc
p5D%
`3Rp
t ?#nT
Utils
W||(.
0gX^
Om-G
$_be
"DU.
j EA"
X|HN
O<f._
F1.Y
VpN&
'Vr"iRC
6?dE=\v
_.mv~
u?p
s$aj?uqvj
OERegistration
O>B~
;Ot W
XmJ$
ClearProjectError
IsDebuggerPresent
.]B?
31,T+
N}{D'
Cuj\K
Save
*BQ?h
FCFD
op_Inequality
>&]Xi
xD D
JE<B
q:TD7
][~
get_UserName
uR6=
k}Gp
JjJ
set_UseVisualStyleBackColor
K4^
c.IL>
\@d^ou
Btpdvin
@U*r
6JWdG'
GM=dN
n\r`n
8|%6
]ld'2
Tr3O
|.eD
\fxL
w)RD<
.D0L
v!}6&
0|yP
$y j
AssemblyTitleAttribute
E$^
{<@a
Yx/
ocr~
R, (
*=9M
9?
\GHnn
10.0.0.0
n1 +
/~&i
;DEm
B{ LI
1 15=
MT_
xhP,
nL,
8|jY@\
49\0T
+}iy
6Iv
!.NO
%>B&
olt ,
N nc
HorizontalAlignment
8`Gg
8x\
vaOn
System.Security.Cryptography
Td<{L
E!4@
E|>N
Create__Instance__
MemberInfo
nVu"
ConstructorInfo
c^8[
E 4-C
[}Ufo
SettingsBase
Q9>t
Start

pDqeP
X<UuN$
\VP~iF
RB\\
\yAa
D7,
<9(7
qF*_
cYb0
Pm>c
D+Zc
,SZu_
hy #Z
v^xZ
X*~ =
X^g6DX
,\O$
:44\
TpH6d
F *.
4}l@
;I ! o
0Q>L
v:?|
@Y|c
mOw
VFXq
hFWE
\yLn
LfkjN
b@&u
/&M/
V}n`v
ToBase64String
(q 8
G,MO
E#,$
Ok$~
?O@X
wbz:?
|-r4:
]ggB
4j>u
N}k$)
(&!:L
6rdv
{J4P{wx
GLZ
\C,
vs<]H:
^sF<Sd%]8,R<
6B4,J
c0Q|
get_Message
~<ed/F
z,9zy
~E"F3\ND
^el<
<9&
?ZY-
Tuc#>"5
N^pF@
i`f3
X~Vw5
:t%\
| &m
Lom~d
PNpF
J8Wv
j4+D
SP7@
5 l56
&0fF
Ye5Z
wT_V"$
Invoke
Ln5u0
`$}<
LT~b
N,FJ
|I$$<
aVL`
Q[)}j8^
/;45
() x
];ZDj
$i,U
dN3A
WH,:
$l ^5T
1\Ti#
JKl8
l7?0
o&E O
j1l
l|qu
lC\|
~`~L
;4F{~
0Idn"
k+Lf[:
GA]ug
4<GP
HR!d&
/Vk) )
> {r
O ~)
. ~,
Module
452Pm_
::iFX~>}l
oI-8&
Z\4'Nv"
8vx5
Array
v f/
4X\4
NM Lbt
nm$F^
t: 7
1LL1
v<Bl.
TransformFinalBlock
V"d_tv
:f&r
n6`%
@.reloc
N2|rn:
<dd+
K\Tv
b oxJ
H~&5!MlP
'q{x
BytB
FTn8Vfn,
&wUlS
|ub:,
* E
knAF
VWZ#F
.l0_
`W,l
x i>1VU+
x# ^;M
Byte
i$
vTrH
zTke v
-+/ #
H>A$,h
l|Nw
,4"P
& ,
dbWR:
MoveNext
U$GL
<F^#L
M@&.
_c-
_u^dJ
<WWn
97S
get_MetadataToken
"E[!-:tIa
hS |jJh
5*t(
f21
?lTn
CL_G +
3N42
^]h<
e{ZS
`MDj
(|Mo
go ~
W4j Z
System.Diagnostics
16ty
|ttl<U, T
n8*Uoa&
=g [
=Mv}
7DjmEttt5`
%4X
Ajo-I
i!{[
7 ]u|V
~;F$jM
_46N
a8Zu
<?y^lS}
u! yDj
2t{G
]^>3
^GKF
v3~ 78
=S8b
uL<X z
?#^T
lpAddress
!F$:
p&,N
@9XaX+
`^e:
.*Mg
`TaV
41~I
c PX&
@L|&
G#{=
\tyR
F7 ]
y7R'
S>nG
. ,U
@fGl
+<4v
4><6
D.h6
|Is$6
R\3G
%#]d
^nfd
l{d_
OqL<H
l3vn
~cQ[
xD{l
h{Fut
MyForms
<2Mp
8!?s
set_TabIndex
@^fTz
R8
*,v
gz,w6
|H4b
3h4L*
TU,x,ANN
b!p@
\Y%n
d<7.$
0mim
`ulI
r.l~
JC{9
^v$^
`y j
|xVe
get_Item
ReadUInt64
&&.sK
I@V^f
R4*F
f &$
Eq>nk
U@_-
IupL5xT
O&^-d
_s^{
get_FieldType
FOl+^
sX;;
Lc&n:
>+&
KT`]6
fi5sRK
V4yt
Assembly
~n93
XF7z
|@F8
d! *
^d JPn
q|!!'g
<N\&
0V$S
S?H2
GraphicsUnit
|Z2s
(]|8
pZ<_
,NN:Tf
|~d,
==i&
}h#
!43l
nkg*
.y;o
t E\|
~5<$
wf5XO
^ xDud
pb O
SuspendLayout
e*rl
7H0A
U&9s
970{;
%7scE
U^k tw
sJmk-o
Ra#
Ui,Rg
KH"[^
Hqzpp
Dictionary`2
_zth
:r|(D
])NT/
!{alk
'V/FN
8]Vg
rDc N
q7GoCg
Y xT
DL8Gt
yE8,
A(i+C
?J%#l
4ClV
|0$:
H^h+} Q
j]k<9o
} D0
:oV,p
^k}.$
>4F!Or
vZ:%
6X)w:
/ $G
Jv4|
t Rh
C~hf
wqFc)
NJy
+h&1
<@t_
'FKa$
.IuW
Y`EM
m] |u
Aux{
Q0:
KY3a
ZIw|T=
9EDe1$
"6ZB
t5$`
G {uT.
9 _{N
e!;`s
BlockCopy
F7Gntf
(~dx
IContainer
/?5$
FR*O^|^i
<ncT|F|th
|/D+
,@aIJ^/
>UrDG,l
*<Sd@
ParameterizedThreadStart
[FG$t
ifTT
Y-lD
<4>e
vU9L
~N"T5
df8J3
Pt@pi
~}A w
nu(X
D(y^
(ppa
tsJv
L:R,
set_ClientSize
TQ P
RL=
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
XlH9Kg
\Z>C
DebuggableAttribute
get_Properties
o;v}
x4c{0
ino|Tr.
t=C1n
2B F/
:yN~
ks~`
Iqf#[
@y\:
:x:
!$Tv
.iJY
vIND
p ?x
^|ne:
~\4e
vTO6
p7? uf
X ' TP
N .m
set_AutoSize
#Blob
%<b'
$#,zP
Control
B4G~
vm'}k
c55&Y
hRKJ
!>Ol
r>g
en~&
x6J<
y|fl3
GetInstances
Qlgpgk
=Mp)#
kN0+
>%6'
^00
ResourceManager
+3^
GF4S0gyP
n[Cs
GetExecutingAssembly
AaBF
(4[
db\V
~q&g"
,@T}\6H
H@#Ws
b.:v
<I:gD
ZXy^
FLXX1B
AFJjm
Qg^uzG
HbF6
N`{`
H+^f
/d<\
dp WZLB
YRX{
RnE
{U
RtA8
:TA\R
j&5)
b,'N
z.\K
nf.Vv<u$.
'N5-
Ws|8
!.^H
Gv}~h$
^A`}
MyGroupCollectionAttribute
F]i$
-#5
ReadByte
$8LP#%W
>QVtN$
(368
^$ g
!n%@l
6XN.
D?v7
G kZ
S^0K
q( T6
.j$S
get_SaveMySettingsOnExit
87.NN
hq<e$
@tU
ReadBytes
>UVCrlltr4rv
ipD|
r$,2
Unbn
h9>|
^]!D
= )
!=Ng
{dlM
( uj
:TP~
fATr
3FIV42
|f*<
^ofa6
oQej
v$:L
o?Z>z
AssemblyCopyrightAttribute
VAV,
F 4,;
-4Zz
xYn7A}E
OI9bKF
}4Vc
lf.#
4;07
k ?
-Oth2{z
S,&N
H|cj
jo+ *-
5RfB
aCwV
GH7)
get_IsDisposed
VS(a
1zFL&
3Vbj
qDhV
~6n(|&
vd
" /x
B^j"T
set_IsSingleInstance
Gj~U&2
S< a
%aq8MB
_p]{
w5b\rA5Z
u^nV
r.2&
xdEI
v<W>S
]x"9d]
#~dG J7+
ffxaP]>4?
0_UR
lRLh|
@|G\
|<HF%
t}RT
~m)D
, &f
On_O
"{nM
AtV%+U
&L\f
Z7r6wW
Wd=
>Eld
| d
&rv0
:5v~3
vbF2
/M@Z
V/.$
-\0^n
\.ErB
Qa 7Z
R<^d
O,1U.
rqu'
!M{1
oWt
nD&
"x Z
O~z
Vl&-
E s^
Sqhdd
h9(t
Sa`g|V
ManagementObjectEnumerator
gz*/
,OaP
| o*|
l t<
.,'8
`;@:
J2'h
2^Iq
I!:?
BUxO
:6+ZL
*J9X4
\$.+
=~&*
=n$R
p>D~e
* >8
wS"L4
$) &d_
SHA256
XyORTR
n^KP
Read
[&,$ZN
_@,j>
get_ReturnType
vm$v.
rH t
/ Bt
\o6f
618s
v.gR
LU>>
Z#OM
tWys
WZdk
7vbKN
To8N
`.*L
_m7x
u%mG
get_Value
t+<C
}T,F
cGEf
};~o6
^nM&
2Jvv
Df\7
bN'6
} GD
\ldAiN
<}db
FLJT
;g[m
'4"
f8g
'cU'
0M1uw
6Djd
X<Wa.
<~,j\
t~!N:
lUG\mXT|
$ d;
8nl5
*<&R
<vymL
I~5 |
<Z Ln)h
_gS
uNd.U{
O>l T_
qXq)J
o;a
lv%T
Up<|
^eP$
{MVo
>^T|
iG/*j*d
@)
2RC}
XG t(
\uHS
%JY1
~qFgd%f
ToUInt32
dn/c
6 04
<V$X<
.cctor
/H6^
Label1
G X'
set_FormBorderStyle
joutY
"L?+
mscorlib
D],k
v|kd
z#~9g
P/D8(5Cn
^t2T
:*vLZ
ZV9 en
sd.>g
eplW
>,)o/
H$rT
~%?v-\
%Ky|
get_DeclaringType
oI w=u
EditorBrowsableState
DY,i
ShutdownEventHandler
)DFm
FChL
+OA! Q#
X?A6
4L(F0
qE;\p
6TA
<X;
*-M>
cr&p
* ;
ControlCollection
'Q/&
\%k>
[Ro,l
@Mep
X#U $
&hXLX
F5DL
n!^
{f42
|u^"&
trr&a\
tehX
v*;m
t]fi.B$
G&TR:m
fA6t
!v{N
get_UseCompatibleTextRendering
bd5h}E
vVz=
mVe
"&uQ4R
iWT{
|[d,
^\ND
m(7ER
B,RX
dtj
Sm`N
Op >
ContainsKey
System.Reflection
LR: "
<. &h
0v1&O
F">b
$D;
j n6
6 LpFT
.i^Ft
RuntimeTypeHandle
!6O.
.t&i-
3 /e
Gs)(
,Fq_
rt~5
J?/
lPMV
0Y{g
\(qL
xWQH
b40W@
d= g$
UpKf
p&b^9W
'>|,'
~{Ot
RZZq
JzQ*
' _8V
~#v\>
h5T_v
2014
X\ D
f,1Wo
bZ O
Y~ @B
3v".MF
}Pt*
System.Runtime.CompilerServices
Gov#
i-7+
>_$W
fNd
][|y
tz'L
~;VnN
v'N~
ZbGnO
R7+Sn
1E-\
gd+
;Pp=
&&u]
+z:y
x3|D
ql%-b
]D<MJ
b$Ty
$$`#
G32T
U8,v
^3^s
-Tvs
\r<lw
O$JG
~agE
$Y<I
1}=
=&o6
|St.
V0N=6
5`O?
28|Y)
xOO?
}1hY
~m'b>
Fnpv
B0~06w
$&}<y
f5n4
AssemblyDescriptionAttribute
x2B#
9V;$
R,P[
+=}>
fo|db
y_G\
fLe :
NU(t
r~Z3
^~ y
i'~i
]}3q*rM
FZ0+
n&tgx
9Zb,
bFsb
~ }B.
n_vwb
oU\R
{!MK(
!le5
zf F
G6`mF
Jn%6
Z"~-
G_\\6
'afB
VxFd"
tD7L
set_AutoScaleMode
f|F|
>Lhd
SKU.PV
^\F$N
VWj?
@f {
"o~`V|&
BSJB
Pr*
5"**t[{K
BSzA!
dGtv
+zO/
GetResourceString
c._/U
xI[z
dI`q
upo8
+zO
nKF
[<c$+x
g"3Ho]
DeflateStream
D41R
Vs.>.
.*j
|6V.KF
mtx Q$o|TO
^-tO
^NO,
1D`
P;q0
tE.20v
s*ohTT
zI\4
Aa*P
<v"P
h;u2
;l^
|_J1
bsM
];h
Emit
\\R|}
ManagementObject
OpCodes
T1.;
>>fdlH
;#f_
!This program cannot be run in DOS mode. $
T6P|
t`8SO
|NaX
System.IO.Compression
H] >h
%2/@H
8#%?
get_Current
~<|t
L 4^mV
D ~(p/v-b
gxZF
S24Ie
l'Tp
[}cu
f,*j.
Qq<l
$uy
]*eI
Dispose
6U^8
D_|D
set_TextAlign
$PtW
K7p7
>{.$$4
GetHashCode
n>|$T
E?dG
v$$L/
latv
./&n
Wz1
"|YD,
5B:
3_e
N^jV
[do%
>[rD
dr 9
\A6f
DWLnU
W?47
9}>W
"qJ
BdL>
'*;'G+
$u7
vP0?
"|3UH
",^*6
?Lw'
.^'b
PG1+
e^->?=>
V`fJKo
~P6e
,NZOT
d3m[
j6CG}
!`Y*
Oi=H
,G1~e
}bO7
9D%[
V N@
ToPointer
5mO#
ir}d
8<;o
v Eq}H
[ M&
lTeu w
=DGg
VnF~
n /@
eo# 'm
8 D|
po1`
] 0C
$)DA'
veOI
r418v
o+ N&
.\F$ *.
<"x q$/
\"9$K
SetProjectError
0<:
L7<66
<PD%
l&ht
#7pej,
i6v+
zJV4
NGRP
~g/
k<tl
><z`/
Size
/-fs
tZ\K@
XS'{)
\HV^
{]"0
uh0U<
GrabHWID
$< \
* ;3
*ye%
>)&"vMp
tr|Q
z8uT.
u*RX
Xm(U
/ss
GetManifestResourceStream
?:F~
b44T6
8,hd=H
;jC;
};Tv
B D1
qg^g4
<O$(
SeekOrigin
NF/.]
-wQ$
y#m@
{KX~
Ddu:
lbR>
v0BZ
S~<>
v: du|
k Y`
TextBox
CreateDelegate
IntPtr
3,6]
3Js~
K2~G&cn
thread
Y*&l
dpv`?
D8<M
FTG''
Fw~\
jaC'x
.:V'
42G
%tgSrk
,jVQ*i
3[8}p/D
I\GywM
'w][
delS4!\69
P$Tp
*T_9F
VirtualProtect
.96$
TD[
;XKh&
t8\G
`nho'
3Brt
|j )
-ihAn}
$Mft
Oz46
nz _
Vnif
O&M&
3 ~?-
ResolveMethod
,&dX4
Ei6:
.g>^
<H<Sx
n`wl
4"@^
J7YO
/_SqgG
F5~]
i1n-
InvalidOperationException
"[ab
TF$&
<**,L
Callvirt
7yW
J=P*
N\ e/
?t[
.4:(5
'!IR
D^>W
/Egy^D&}wu.#!
w],S50
>6|C
jC?O
/pKS
b$ t
ivt*
Label
XkT.
qJ|?
9t2(5
)fWd
557O
U>Y(
M4}u6r
"ov&
Rh<{
s}fNp.
j:Uc
add_Click
:m9tG
{!j7
<.O6
(6#l
|&6 |S^N?nL
]bV)
aE*{
)*cL
.ybd@
Ku@K
lo^g
d<w4--
X"j<
cY]<
eiO0w
Q Gs `
=S;K
>Wm
seI:`
^\6&
set_ShutdownStyle
wd^C
~_d4
Tp\x
^ ~&
SizeOf
JL$gTh
V2n^
lpflOldProtect
[MWoxh
7&[B
G\bY^
<&h
DFEvME
vqrtV
d}>r4l
1Xw"
vy<Z
E`:U
6F5:
<C s
%Vi{
$b|W,
tE&nqd
BinaryReader
buff
xvW5S
0`GC
h_:b
^C#Y#
,mBBw
set_Key
NgSU
|,vw-
mWdo
C1lv%>
RijndaelManaged
9^Oj
G.o~L
PztZ
Qoq
zQ +
opwG|
".%Z
;T%u
"47/fQ
t- >vz
^2G
-%NH
@T}
>yb}
^l'_
Qy]_!Oh-l?
V_,J
hh$E
:nZJ
4I4`
1Kk+
=.>9p
KR[N
&+v#Rd^:
==GBq7
j~ >5
[w,
4Y &
d3*\
MethodInfo
#coL
x~?L
NEn
4N(G
L?3bl
jK Y
<,XZ
>x6^g(@
FGD9*|
>VIN
DO)
rX|Y{
Fp{45b
P7Hb
((E0:
<xD7s
P|lh
ReadUInt16
q0q k?
Hashtable
N^,T
/z@zZ
MemoryStream
>"j
,\YS:}fiT
sTw<
_ Wa0
>3V/
z4N
vCKl
!Hs$
ResolveEventArgs
VR &
, 6]
CO%{
v+.On
E*n[
*EAq
L>k
tvlV
Yuz:_3
btnGrab
du *
5x_|j-
E CD
OnCreateMainForm
mtfI
H&`m\8@
4lMf
~~>d$
StandardModuleAttribute
IDAT{
Wa.=
t|9Dl
G'dU
T}"o
Create
L <<j6
Hnl,
$2<DLC
VTQ,
YjI)
lFvN
4XrI
knYb
E$DU
9.L,
?NHU
f6wQjkudb~*d
>av4`
lNT}
D4y:7
HideModuleNameAttribute
-q}k
$2Sif
pW~ Z
tl f
CMCsh
VN]V
>rl,/
g4/;
IEND
>g{>
Vni6
v4.A
Microsoft.VisualBasic
B`mZ
Et"
<{~{
'<I}<
Z\rD
Confuser v1.9.0.0
V` e
)/5b
xaoH
*C6Zm
-U~PV
set_MainForm
0bH
dum!
Q^e
vDa'
:Gya/S
-.?vw
P?!Z
~+fe
vSp\E
u?V4&
s3OC
)n|n
{VB3Vr
T{~U$&J\z
54u) /l
>/^)<
n8X
k\5|d
>zl1
ResolveSignature
|E`.
vO:F
o9]
|FL}
F1~Pvf
cZSf
Delegate
C5M.
$dtD
~ dM
YP<
H0|@
+3~u
W[b&
>%=h
OU{+gYT
x!b >
?LZF
~7hm
|Sd,
& Y!0TE
'fRPG
aL9_l
_h!\
\847
joPI
PI<k
fJ(35
oLz|
|~ NA
x5M8}6
Tpdj
BV~?sf.
p.,7
}Ns(X?0
E3RQ
=&$9
x7ho
= mf
n}1E
Concat
?`<Z!
+7|=0
$5^:
Qtu 3
$VjktwO7
aUqz
)\=
H+n-
dhb
qYO
95!1LUB_
?= 04
i(#
w}?wc
E'q<
4444
kMkg
&U@C
ParameterInfo
0<nK
ReadUInt32
q.^b
^ezO
K'P"9
DQ~E6bn
3 I@4
Stream
Kn A
Q9uj
2|i0
qh`HF
System.Reflection.Emit
2V]f
8/%J"
b \T$
V3/
B++|
:8,0
6Uw
gL.
a?<~
^Iud
%T u
}lv?
PropertyData
!9m?
gp1j
n[08@
[`VR
gL<9
aoi
?inI
M f
TB|v
nd"^
$,V Nu)
DynamicMethod
p Z@S
D9^G`
N-lT {
{Oa]N
yZs$8
ToArray
OpCode
,tT=
IHDR
~2^0W
Copy
xzdN
"0G
"RzC
nhD#
E<eL#e
{:?C
2nxx'
System.Windows.Forms.Form
_*~>
!Q~4
xNzU
V|w,n
oHab9De
T?2nvo*f
}H4oct
N_4
V3J]
36L[?0
h=
&OkFJ
|f'/
XYjX%
Fu~XVj
System.Resources
V/1s
Ri4)5
OU#t^
u4mf
z av
g$*d
!|2d
x.dZ,$
hObject
dnrf
\"Hz:M<
/ZYg
|RABmZt
,\gt,.
XnXo
ReadInt32
DRG8
AccessedThroughPropertyAttribute
zeDd,
set_MaximizeBox
?>&>
te<R
tQD9
?"VJ
UGb
W1 g
7^Tz#
\sM7
sY$-
W-gi
kV\V
f2nm
kkAZ
HDU~U
Jb?N
9MH:3l
<'$
r1dY
AuthenticationMode
8z4T4VD
@Q0S
tlbV
^ C,
Se}F
n K3
LOl}
+8.t
3Oy5
F$VY
n^lD$l
Ww s1
j|wd$
]3oH
ZF7D
kq,/X
}|v
4&8
(v0a
$T<T
,L(}z
Kna2
H,mGZ
42\R
v`7*_
;6~]
WByd
\i%h
q> ~
uv o
.~[E
J^qv8>W
6wL<RT
ZT-J
g;'I
V[v@
D*>L
`9-
^(Lz
:nN=
G[um
s~-z
FieldInfo
.Hht
Font
D>,`E
My.MyProject.Forms
H$}\
vdED
24[\V
Buffer
fI`?
]tG"
2gh>
tgDV
YE7
L. fq
ndQ5
]xs #
'I{Fy:
LfU%
Tt|u0/
{eaL;
`}:K(P
AlFU
U \h
>gG q
String
O>K4
"8@gPo
_CorExeMain
dn<F
x8p
US^W
DN X
`VP"
Fu^,z
p Vy>
$inf
{];{
tn_1?
]RTS
~Y^V,x
hUBB
d} k
SetValue
xM}=
"$W'
hb6SL
.[eT
DebuggingModes
@nn
.Z{S
}:Fz
R~&.F6
}"weR
Y(I*`PZ
}8vr
H<4$
u6Pn
Q:G/E7
2 sL
REuo
{W5X
>u^n
X`e~J
9"#Y
yJ.~
GUS1*
}5~ S
}M6w
<7mn|
.2~%K d
OERegistration.My.Resources
i,9s
}0$,|
m{er
R{v~
`s.
EditorBrowsableAttribute
N6A6
8RQv
YD8_7
VIxt^
>_[nE
GdlcTv
FailFast
k(s}
|Td*
iFs&
NUlP
fW4|
4F\^
W<!4
D_dCV
ContainerControl
%k %
User
V'*}
vu't:
qtQy
L@6~[c8
41qy
E^i@4|
Wyhw.
&!lx
dwSize
pu^_
:a~(=
D%i~
5lAfB
ObjectFlowControl
UZv_
vv`Y%
jC(\;
Ca<_
TZfBcU
Zd.n
TC[4
lQ${o^e2
TB4w
D1Ox@fz
Load
O;W}j#
V?.,
zu/T+
S P|b
AgNE
Attribute
PHI
VtZ
{5z
System.Drawing
>Mg0
AiNfT
)5yI
WDdUP
m#`W
wlt|n
bt
I-ejB
b+n2
?f0[
1<7T
&^F
zRcB
Z[ Y
3S+Q
. &r <PL
set_Name
R][D
6&0
9 >L
O#>l
9Y*^
7/2_b
?n2<
`1#n
4]|V
~)+Pf]a
6Yv3
v "6
Dispose__Instance__
}?(?
KXeB
I^ f
r)BXPe}
Boolean
5v.>MZ
7\}b
LOYX
=^$#
D\ t
V:^"
64F%
B\|T6g(
2K4
dNoL
t5<^
^Ur
D0T5
0(2i
Wab5
CloseHandle
@gZ^
.x2f
dZp'
P&{
5VC`
"(YLo
RuntimeHelpers
#3{=
2?]Rjk?
Kt~y6f
:/152=
>mfF
/ O
~ V^
B *=
`uYD
LC43
]d*}
LnxN
u3:bv
n|V$
lI3R
l~\\M@
$3pC
oN fX9
Q02I^aJ
R{/A
]VMV
-s+*"
N[~H
D+l_Tr
Quxt
Yzv<m
3Lklg
Pv-NO
3\bd8
\=lT
mzT{
44hZ"
n]RD
Bt (P
5v$'8f
tnTf
f 4u
2IV,
Ggs
UtFcm
Object
A! dn
60 ^
r\p >
]Fu9
unY2h2
$ti=|&I
3]kZz
"=~@
Uf=^
(TZ
bv,-
`x}.
DN FL~M
ComVisibleAttribute
lTTn
3System.Resources.Tools.StronglyTypedResourceBuilder
+^wv
@(nI
|~4.
DmT/
`$
,iUZKYs{9jN#
}-41
get_IsArray
7"'K
.[V4
4UP5
get_UTF8
q0Q
2+3
/f +/J
OT<L3
F>HK
f% ,v
get_IsAlive
itl1
9T4h
nvr.
5~k%
17ftD
*{AR
(9 v
NS'u
"/<1
'.^;F
&cZXn
44m~
Q4#o
(Ln/A/
s:Ml
]6QvdZ"'
1R)*
!i`\&+
|FWTS
ZFzv
s&/g
,<et*
BfZf|q</
Gy:e
E^D?
M>_3u9t
CultureInfo
AYX
lzLL
T8GN
Q!"w>6
\<ZL
1.0.0.0
zbL
wYTP
d.Lo
&| @
6BQFs
uB-S
Pj\
ZrJ~
dPDU
{x$;
M$PJ
"uSf
Wrn)
D.F&Y
Dq4
ILy h
Z\rZ
HFC^l
um[?Z
9=KQ
8 i
fn[4R
k^,y7'
VKNnV
T#@r
uqNekT
\-8Q:c
~V$/L
= LU
{`v5L
lf?'
$|B8
I\ EQ
@ Y.
# -F!i
pv~N
3\CQ
?Nv;
sVk,O.
&5Z\
7I.
ExMK
NZ.E
&h06
nY(
.VC.;V
?Dvl
`3d#
jxp;ka
'F}{C
BG>e
<tW\WU
bY}da
NATq
F$q^;
\&6j
Z74IEK4n'6u%7
gQSj
Exit
ztZ-
=>$n
L) 0w
nn$B
Rs I
~\wa.
%dn
b 6n
}^vG
Ky<[8
l|8NS
8=+U
OERegistration.exe
GetFieldFromHandle
Qu K>
du'D0
@v<FK,
Q6D\
J""Y
t,X"
fT4v
m,(=
fvon
8B %
`G"{z
I0?8
>Mtp
1Nnf
IT .
}|n$cL
JalmI1
yFczH
KjY s
o(&F2>&
-W=0
&4^T[
$4; rw
56>\
C <7
*4nO
q5zC6
|v
,\@=dv
l$0\
,)t7
WQy!
/t&O
get_IsAttached
XqH,d
M8FG
xL~Z
nt^;
Fn)f
GM{k
`x 1ct*
[%H[ %C#p
TKL&W8
+_%,@6
>O$t
L#4"
>Yi
x^ef-
ZCO6
7!nZr Q
aT-}'
[1"o
.8]p'
62 i
. bt
Eef
e z`
SHA512
|DVH
(T{H6"
remove_Click
set_Icon
w$$,Lq
(C(~y
u^VI
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
vH.Z
Xfo X
8fL>
V(N'
? U`
4oDf
KVy/
FormStartPosition
Um_<h U
S: B
get_IsInterface
n^S "I
/'Oq ly
$/'I
x6A;s
^~3e'
System.Threading
& Yf10
$1\6
6,^
8g,L?
d,`^
}Rd;
4L00
|>o7
\P4
x N!
kE/1i
n)*k
>~'b
BYY
mbT;AIl'm
kL'i
v&^O
# OH
HZCX
7$cb7
]^`
P5Fd
l=Dv
gYG
f98#v
;X)5,h
{wj{
5wm [
i <F
m*2(
*|{d(
PQ i
tS@[
ComponentResourceManager
|RTp
mE4}
p8Co
7 L
~u|h
GetHINSTANCE
c%TO
d?s>
00$o
k\J^6
<0XQ
]]6m2
}=l|
u8F@~
~xvf
szv/
k6Tg
.6dL
FWwK8
l &5
XV%
SetCompatibleTextRenderingDefault
RT^8
r.b_
Z,I(
rdV
~P]d
1hk+]
t) e
"S.|
,N4j
oOt^
W]vl
^%d\
~_sD
U;.7
vd<V
T4V\8
8@'S
0bAV
{"e4
Debugger
% Bf-& n*DH
7tje
1TB/Q
dXLX
'[=O
2&_F
Microsoft.VisualBasic.ApplicationServices
Why}b
-F0n
4T #8#
mr\u
k}<'
jXo
~4f
pBSj
?|<<
=R]%<r=
r&'&
}+D;l
G xd+
IW;MA`
[r>81
q$=O
L L<
H 4X
x||Y
5k]B
Dn7G
iqX p
r'>g
Fsb
4.0.0.0
od_B
E<6%
'<\L
V-%
*cV[jh
N|^b
^wv$
kTO|Q
Empty
1L0u
uNod
GY0b
{3xUw
^4b|
\IT
U`Jk
3F^D
Copyright
?0iTu
^\VC
4ef`\
8k;*|
_^4G|P
7m;41
]ECL
y-\6
^hs2oJ
tx^<!
BYng
set_SaveMySettingsOnExit
MN1:
g8>c_
;% t
n^`t
- `t
Point
0j8-!
GCvTv
R6oNMl
0"iW
IDATx
F,mItjy
Dn`g
vT"l3
6_t'lG
b6u5\
n@vo9
Jg>t*
]dN
_`auf3
yL@e,h
jRo85
Q["N
MP|]6R
EJ_X
txtHWID
2Nm`
-Nt
_>;~r7
Ace>u
set_Item
^Fn~
{M_XbS
t?K{
e|tx
3?Z
,7x.]6
aUPM
|2{|
4Zm`?l4 _
l.v{
Hp_0
;, R[
9T%aL
5dVhW=
7n`{
VM~7
rR1M
h}SP
p???^
Exception
0.G&5
nlT^lz
1v]d
UJ<k
X,wR
$26Z&
xOjWR
GKq+iI
Q5QDc}
$f<.
UuTaa_
4v \
fK/Z
oZ4} &d:
f\GuL@[
3$:p{Bx
AA3C
^]wV(OV
P^6U<
jD2L
~u hV
cnin
x1)S{
hit8!
/^Ed
=.[Q
bmM&
y"='
ArgumentException
g I1
kernel32.dll
xD880U
I<p$,
&5r<I V
set_Size
<<4v
GetTypeFromHandle
42>W
fRRd,
}\vUn@
U).=
N$fma
[V~ n
Castclass
NKbl
GetEnumerator
DB ~
8T4&>
SymmetricAlgorithm
~7C$
7Gu7$c
y RW
_"3d~
9;=]!N3WQ
kFg.L!5
3ZE'
gce(
G`j>/
=PFk<
n?zdx
)0?H
KS3H
NzWU
E j>F
t>nv3F
by6l
z7.[
ew)U
^k^c$
#fON
{|2e
~f,Z
jh.7
6T:4
M~'{
=[fu
L:Zy
?yB'KfU
!A"gG
+CrpJM
>>(2
ToUInt64
cM(# I
b^`d
1Y3v'
tjy/
Enter
N.l>
'i:S
zU-p
Bk\t
&}Q$
^'KS
| "]
FileAccess
!$v
TFmOTx
|VkWT'
p.~f
Wntq`
Rs9J
Uq W
lrtw\vx.
ISB2
set_Position
WCJ u
C><O
TgAN
!^Zd
IDAT
f&/+
DHK&Z
tjd^
wots
wt.D
System.Runtime.InteropServices
kKkK
t| Q
B 7R]J
d(s8
- ]t
~%wd
||%$+
|cD-
?/#
cHz1t
V&Y{
pI|Wp
B4_<T
t)aUn
v< _/
{+j@
"(pc
1^fk
f|"!
f,Sm
OuALs
tOI
2<TM
ProcessHandle
V N/~
^?Pdr
geLO
Z[|N
+RHa
XR.PZ
6k+2 EE
PnZ
uXOA
Z3{l
&+2
76M9$
$u-{
*1C->j$2W2|1
LG5>o
Tl$6N
|$[|
set_EnableVisualStyles
r^d
"} $4(
fiIh;
(WG[;
@7bs
M`s
9 eTD4Q
v4 (.>
F-.15
52\ d
DmlGQ
&5q<Y
P@=h
A85'
IndexOf
U4cv
mC*E
|tt/
znqn
tx _
%lSw
d:\
f%?*
^Iv(
~< k)
4<9L
F.Q.
+gU8_(
UYmQ
;W6A
h)]
K~)S
tp&6G
TQLu
Yl i
7*.@J
SH_-Vy
l"Lg
NaX =
fMY4
wRR<
(@
>,V'
|iD.L
Fdyt
f$Fl
R=&u~
vlt9
GetManifestResourceNames
set_IsBackground
Zj9/
qB]1p
L~=\
_r}$
>1v6h
*FbD
{ 5FL
'gIN
)\dN
>B6
fH9z
^<_4
|u$;
{Vdn,H
set_Font
=J4+&
Llxm
"WO
Rk .
rX$[i
sl<
F.,*5
T"W)x
4Ty\wNn
nZY%
e(<c
D@A5
IDisposable
4e)R
nv|>
WWr3
ut4>
Synchronized
9pm*x
KmM8$
%N~z
D2A{q
qKRf
ib%}X@
?vG%
!'nkV
&<^1
?3;N
VL dP
5/-'G_
}{fW
X ]g
PE$5
n)O
FontStyle
o0Q
set_Mode
IDAT:
VJ=-
q0qas
0c-5
Yn-Z
CompressionMode
P r#
T)t3
ti\Z
Tg^3
(F[|
6,a8
R |,
3`6Y*
d\:-L
AssemblyProductAttribute
O(Wh
6Z $
EolF
!,p;
,~L>RGe.
@T!9
fSR|
Equals
J. c
9t\
VJ+/
L24l\
LLX\ p
la66
<Module>
T0<7
Z5LO
`4Y
~1tKl
fl+j.
3(wn
&;^{8
y,7gN
*L9<[
\v@x
MulticastDelegate
Y, #W~
/BNz
=BH>,7
tV2x*
ComputeHash
8k)9
4U^DD
"|2
$s~
}v I
<eJ`!`
}6'O
Ivwh
V,/F
> lA^
BvsfRwI0f
SizeF
1c@
eL K
T4<=
O/gID
\1-~
Rf f
V{Zd
DToF|h
nHv*h
1wie3
u_lWs^
/BjZ
"V'2L
X\Tq
N_.LO
9\\w
[3+e,
$A,CY
qhZ
RV,|
g& @
_}<U
Vx.hf
bD<l
StU#
yfl[4V&
G"M+
CreateEncryptor
]6"-#
nY,
y!/!|
gYeW
:t=l
Computer
V]:D
<67m
-@Ik
#GUID
5^LW
pFJbB=
J H4n|W
<9\7
g`t&
16'\L
+&s_
<v}et
KeB{<%
~dvQ
~\tD
Ud|!
S&R~
zbN'94
gX* -
a<ib
[rPq
T\ f
07!\
#6rn
n`0
&4N<
^Qv58\F
>.}>
MNT:
SuppressIldasmAttribute
VC6 >9"
4 /f
y6m>
WiN
nL|1
t1(5
l_?Cy^
X_ `
?*$f
+k{,
^K'NU
h~X
DT:&\
>j]I
RL0V`74
Y~4
93==3
&4\<
mfWv(
ApplicationSettingsBase
|AP~
gXao
2LJR
8 E$
qVB>
'H_#
B}'6
S`dk
65l\
L |>
l]}M
ILGenerator
"g@|
464n
f&x}
,`;F^
%XLE
<j$h,
I*MX>
DaX'
EventHandler
FJn"1
~vFg
Thread
4<]/D
f=\+WL
Qa &
x:.5
JZ/|
NGq
q]4d*
,;W,
eUQ Y
.uV\
8**:
@UVa
&sfJ
Z"'N
Bl z
<h$r
Encoding
<Gt{|v
udg.h
uFdL,
>82t
wth\J|
UM)66
l1bB
l@T>T
Ly)K
LoT5O
get_CurrentThread
TV]U
disposing
,o e~
X/$2x
~EFu
@@ 9O
vTTz>f
a` '#
30[
,NWV
|fwd),%
zq=
:T8h6
v:]5
get_Module
s3(Kc|/&
Microsoft.VisualBasic.Devices
R[NJ
<;fr
MFuT^
Or5x
YD=h
X*6n
@~v+6
nuMtU
mW S
KdL+
4^55
CheckForSyncLockOnValueType
p)\
@KzL
J`SO.A
S\}D
s{-7l_L
bC:^Q
\+w#
c?
mzJQ}
= 2n
ManagementClass
n"xd
2V &)
~6 NJ
>_~ER
A&o
(ikj)
^2i! n>
0n=]
G;l4
{7&
8y~+9=)
:]8v
F|FVF
p||dw
'=QH
l<Ti
$a4b7b738-d624-48d9-9548-0a39a4197402
K %pz
)d[B*
wX4-
^_<?
0hjy
0KX\7
<;tg
.2!6
UnmanagedMemoryStream
f9v#_
N4,J
vFOlz
System.ComponentModel
,1 ~
ZTF<P
w\}w"
ManagementObjectCollection
PTi4
:qx)
5/dRJ
-ml #
nTe
a$lelE#
E6ea2}
}0B/V
JN,@
MyWebServices
6, .}5
/7V%qP
TargetInvocationException
SLFk
^}Jd
{QNP
Wz $F
T~@v
Y/
ENr5
^}|<l.
JN,t
h<A
LNff
g h{
M}T+j;
M%">g
T&4F26
y}uv
kNm.~
N@NUjZ
6)&$
")5z
Pd l
~H[|n
q4'K
~e&h
5\YpW<
pU9 J[6
}zeO
bPs +
{ J|EJ
}y\l
)08-
u]Y'd
1@Pm
System.Collections.Generic
.S$0
pvoN
J $& ]\
pNrb)
*wAG%
{PB!C
k6/$gEL
E7%
L"H.N
7+dB
W:FX
e+ /
m.|e
System.Windows.Forms
ePa
!`v|.8
6-rZk
zD4$
>*0gh%n
5{9,
m<.1@
C0|w
x1Do
ShutdownMode
<7h.
tbvn
;W n
Ldarg
.yZah-
746X
Q{6Z
yVz6
6$ctf
PVsI
S< :4
T~,^
add_Shutdown
TpK.
v"eCi
10}v~O
Kz4G
1pz4O
get_InnerException
ICryptoTransform
,RT6
6Nuf
^k.E
j}|,
VnL$
^:"'rL
|nfF
"\g#
.enP
GeneratedCodeAttribute
~Qv ~
|6gf
g[Vw.
z c*
~MR'
Y ^m
F(~~
&DUj
Remove
get_ParameterType
MDl-r
i4'H
%VXX%
\s]
$^ E
jS]S
Z \VW
;VM[>
!$Eq}
LP\y<>S
o*w$
<8SF
g\f:
$vJ7FD
^iwm
zzyf
6zI,
DebuggerHiddenAttribute
Sleep
):"do^
k(09z
,RT~
M"Ge
?FW)
33n
.gp^
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-26 23:30:15 2018-04-26 23:33:04 169

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-04-26 23:30:15 2018-04-26 23:33:04 169

7 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\vbc6.exe.config
C:\Users\Seven01\AppData\Local\Temp\vbc6.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\vbc6.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\vbc6.config
C:\Users\Seven01\AppData\Local\Temp\vbc6.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\Fonts\tahomabd.ttf
C:\Users\Seven01\AppData\Local\Temp\it-IT\OERegistration.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\OERegistration.resources\OERegistration.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\OERegistration.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\OERegistration.resources\OERegistration.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\OERegistration.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\OERegistration.resources\OERegistration.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\OERegistration.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\OERegistration.resources\OERegistration.resources.exe
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\vbc6.exe.config
C:\Users\Seven01\AppData\Local\Temp\vbc6.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\Fonts\tahomabd.ttf
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbc6.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\493e8350\417bd70f
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.DirectoryServices__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Microsoft Sans Serif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Tahoma
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6453d8e7\5a6d5188
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|vbc6.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|vbc6.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|vbc6.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6453d8e7\51405670
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\vbc6.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\6f\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\72\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
Local\MSCTF.Asm.MutexDefault1

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
kernel32.dll.VirtualProtect
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
user32.dll.RegisterWindowMessageW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
user32.dll.GetSystemMetrics
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
user32.dll.AdjustWindowRectEx
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
user32.dll.GetSysColor
gdiplus.dll.GdipGetFamilyName
gdi32.dll.CreateCompatibleDC
gdi32.dll.GetCurrentObject
gdi32.dll.SaveDC
gdi32.dll.GetDeviceCaps
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetMapMode
gdi32.dll.GetTextMetricsW
user32.dll.DrawTextExW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
gdiplus.dll.GdipCreateFontFamilyFromName
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
gdi32.dll.DeleteObject
culture.dll.ConvertLangIdToCultureName
user32.dll.CreateIconFromResourceEx
user32.dll.GetCursorPos
user32.dll.MonitorFromPoint
user32.dll.GetMonitorInfoW
gdi32.dll.CreateDCW
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
kernel32.dll.GetStartupInfoW
user32.dll.SendMessageW
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
user32.dll.GetWindow
user32.dll.MapWindowPoints
uxtheme.dll.OpenThemeData
uxtheme.dll.GetThemeBool
uxtheme.dll.IsThemePartDefined
uxtheme.dll.GetThemeFont
uxtheme.dll.GetThemeColor
imm32.dll.ImmIsIME
user32.dll.SetForegroundWindow
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.GetFocus
user32.dll.SetFocus
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
imm32.dll.ImmGetContext
imm32.dll.ImmLockIMC
imm32.dll.ImmUnlockIMC
imm32.dll.ImmReleaseContext
user32.dll.GetKeyboardLayout
imm32.dll.ImmSetCompositionFontW
gdi32.dll.SetTextColor
gdi32.dll.SetBkColor
user32.dll.GetSysColorBrush
uxtheme.dll.DrawThemeBackground
imm32.dll.ImmGetCompositionWindow
imm32.dll.ImmSetCompositionWindow
user32.dll.GetKeyState
user32.dll.InvalidateRect
user32.dll.GetWindowThreadProcessId
user32.dll.PostMessageW
gdiplus.dll.GdipCreateHalftonePalette
gdi32.dll.SelectPalette
gdiplus.dll.GdipSetPageUnit
gdiplus.dll.GdipCreateMatrix
gdiplus.dll.GdipGetWorldTransform
gdiplus.dll.GdipIsMatrixIdentity
gdiplus.dll.GdipDeleteMatrix
gdiplus.dll.GdipCreateRegion
gdiplus.dll.GdipGetClip
gdiplus.dll.GdipIsInfiniteRegion
gdiplus.dll.GdipDeleteRegion
gdiplus.dll.GdipSaveGraphics
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetMatrixElements
kernel32.dll.LocalFree
gdiplus.dll.GdipGetDC
gdi32.dll.OffsetViewportOrgEx
gdi32.dll.GetNearestColor
gdi32.dll.CreateSolidBrush
user32.dll.FillRect
gdi32.dll.RestoreDC
gdiplus.dll.GdipReleaseDC
uxtheme.dll.GetThemeMargins
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BufferedPaintRenderAnimation
uxtheme.dll.GetThemeTransitionDuration
uxtheme.dll.BeginBufferedAnimation
uxtheme.dll.IsThemeBackgroundPartiallyTransparent
uxtheme.dll.DrawThemeParentBackgroundEx
gdiplus.dll.GdipRestoreGraphics
uxtheme.dll.EndBufferedAnimation
user32.dll.PeekMessageW
user32.dll.GetMessageA
user32.dll.TranslateMessage
user32.dll.DispatchMessageA
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.DispatchMessageW
user32.dll.BeginPaint
user32.dll.EndPaint
gdi32.dll.GetObjectType
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetDIBits
gdi32.dll.CreateDIBSection
gdiplus.dll.GdipTranslateWorldTransform
gdiplus.dll.GdipSetClipRectI
gdiplus.dll.GdipCombineRegionRegion
gdiplus.dll.GdipGetRegionHRgn
gdi32.dll.CreateRectRgn
gdi32.dll.GetClipRgn
gdi32.dll.SelectClipRgn
gdiplus.dll.GdipGetTextRenderingHint
gdi32.dll.GetTextAlign
gdi32.dll.GetTextColor
gdi32.dll.GetBkMode
gdi32.dll.SetBkMode
gdi32.dll.BitBlt
user32.dll.SystemParametersInfoW
uxtheme.dll.GetThemeAppProperties
uxtheme.dll.DrawThemeParentBackground
uxtheme.dll.GetThemeBackgroundContentRect
uxtheme.dll.BeginBufferedPaint
uxtheme.dll.EndBufferedPaint
user32.dll.WaitMessage
user32.dll.LoadCursorW
user32.dll.SetCursor
comctl32.dll._TrackMouseEvent
user32.dll.GetDlgItem

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-04-26 23:33:10