MalScore
100/100
MalFamily
Razy

mx.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 25/65 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 252.00 KB (258048 bytes)
Compile time: 2018-05-07 14:05:35
MD5: d687d8a4cf297dfb458707fbc160ebd3
SHA1: 96e0a12c6ac9e0ca2aa44be0e6b1a5e4a638aac8
SHA256: fd94eb725cad6255d27f70dccaf876a1fa0540cd0b483f2c53ccaeffdb556171
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-05-08 11:21:06
Last submission: 2018-05-08 11:21:06
Filename detected: - mx.exe (1)
URL file hosting
hXXp://1942flows.com.ng/github/mx.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-05-07 20:50:03 [25/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x334c4 212992 05ee1f193fb4f48cb03c9b29fa8983b8 19e0c7719e254b333aa74e15915cd765d6d2c07b
.rsrc 0x36000 0x8ab8 36864 ac27d2d65b1202dcc7b869dda69c585d d4940a7bea975c65e219b63c4a9830a984adde89
.reloc 0x40000 0xc 4096 2e8b54cf8fd6d71f6d57a3faa5c0d2e5 811ddf91229ea5cfa69bf8ba23f3264317ca02d2
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x3e3a8 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x3e810 76 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x3e85c 603 *unknown* SUBLANG_DEFAULT
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
USER32.dll
mscoree.dll
IP Found
1.0.0.1
URL(s)
No URL found
String too long
1 VERSIONINFO FILEVERSION 0,0,0,0 PRODUCTVERSION 0,0,0,0 FILEOS 0x4 FILETYPE 0x1 { BLOCK "StringFileInfo" { BLOCK "000004b0" { VALUE "Comments", "%Description%" VALUE "CompanyName", "%Company%" VALUE "FileDescription", "%Trademark%" VALUE "FileVersion", "%FileVers%" VALUE "InternalName", "%exename%" VALUE "LegalCopyright", "%Copyright%" VALUE "OriginalFilename", "%exename%" VALUE "ProductName", "%Product%" VALUE "ProductVersion", "%FileVers%" VALUE "Assembly Version", "%AssVers%" } } BLOCK "VarFileInfo" { VALUE "Translation", 0x0000 0x04B0 } }PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
Length
Copy
appdata
+@&'TL?
kkLd
T =<
'|m0
eHu!c
@,$>Y
S-
C{IY]
UQi/]<l
yl<%
mbjW
IK)Q
Int32
CipherMode
=uk'
?"<Yqpe
(w9J
xWju`
64/4
~.gJ
d>`9
:<g^D
+FZO$
nUk/
)Inf
GeIS
oG+U
$|F1l
Kc2' &
2vCV
`Pr0P
RypI
2yzz
hi#i
)9HU
Q[o
et0@
mx.exe
^ ;@:
3[[
Z4aQ
s?n:
s(~0"
y }HpE
( s
sZ^F
964R|
LateCall
.8*$8
e~tI
s<(1;
_6 p
,Jf6
6m$H
\[*]Z$
.|?I
ky u
3"0<MNm
K#IGtx
_)UI
]GtQ|>BQ
gj6 +?
D/4N)
AWTI|
-62-h
*#dp
pCZU9
9 KR_C T
k4T
Q[+*2 K
PQ&>,
]KT
Ja}fq
m!~@
AssemblyTitleAttribute
bpw)(9
"g7|(
o4Bk
4System.Web.Services.Protocols.SoapHttpClientProtocol
u)v7
b_$4
IZXp
|8'+
ECQ2
i4ng
u_@o
}:S+
1XAC%R
CQ0]
efDj
/AP-
user32.dll
Ck3ET
t;6
/oB'3
.ml
lParam
mJ6(Nx$#
e:9t`
$ /<H
Bw)2#n
T(ar"A$
w4vO
QR5|z
}/gm
~?*8}cg?
0H$&
mscorlib
D&8E)j
~OZb
[!U`
(SA)
l)}[
6h<PT
/I%
!"0(
5zi-j
)FgO
yt5M
V/z11/
R*Ev
U eS
|+0D(f
[9+
>wbE
uRw gbc
`G@0[
ozfZ
CpLOs
_$>F0
%.U0DU
H~mx
.#*nw
/*30
M1Vm^
r\D+m+
O<o Hb
w W8
{Yo2
L[}
Hd>?P
KKL
4h0A
$os(
AssemblyCompanyAttribute
v(d&
' [f
FQh%z
JN \.
!t5N
! @>U3
D6WC`
#Gv.
get_Computer
V&SRi
vBH
.jjt^
9!@s
`q(<3k
rA}Y
fbiS5
uH5o
usm.e
_;O*/
'lqk
1!bj$
D2vzq
>t`L
1 |
_ o/_
Dy%7
qkc;
%Gg9
A)4
System.Security.Cryptography
}B,9
"5[G
6TP5
g=Y+
1b`-
N[6tDH
4yYT
Pz|T
+cK4
-+sR
`,Um
UJ9
OpenSubKey
Ol9(
ZL~)
' 4ER
qm 1
kw#
W9m{JE
.)6
get_Application
`a$'
waX
?h: W
~\/O
v]3m\B
u#J[
vv3
c#l5B*
}ewi
Rm5Z
4nWq
N@PBd
D03Ho
&zt?S
=cCz
/?FQQy08Q8
{JM{/
[Aa~
zO4 V
hDNf
%NFBS
Z*Mt
kM*9
R?{z
#Blob
Copy
Tip
w{X
4f0D(yb
))
5+lG.
q/^K
L7`r
F}wP
%C >
,0"C
>BrK
`GR3
!KI$f
YTH!
BM 4
]9~+j
f/.b
N`9
-[rd
T$vS`9
XHQo
zb@@%|
Y+}I
Type
ijEhGcO
rzT2
%.BaD
Bj5DLM(
1'Z8
%)1BQ
T<2CI
vDt%T
>E.K
) `
*} 5
HelpKeywordAttribute
K}wV
hN=
v{a{
J1Ef}
Q; {
6MtnL
$E:
c @^eH
qJOp
Pn?[J
,h%n:
EgY<
/JB[ ci{?
i a?|J4m
|::1`
b9i?
lt#7
Wy5[
y}eEf
&0iHax
$&PYd
DOuK
>)Wp
PKB"
yCm;
)go7
{va]
%:;I
.b!(b-
LateGet
PE8%f
cyd<c;
H-<8
M[J:
Ut(E
4{} F
pLP+
ClS7
Z?-.I
g3`!
Z}[v.
Sn5I9
o%&vy
VW)z
$R3`
RwK y
+q%84
. PF'
/VI8R
#YHX
,vy
{m!ii
3K"i
UV0w
[yqxoG}m
z$Y$
@D)|
7?<J
&<K)y)
WB2*
'k3M;
>z A
}8&F
NC*^+CC
StandardModuleAttribute
e/M#[
6$?-
j,Rj
S/vi
`.'r qT!
fyR@7
IYg[
mtn?^
>Wq]#_\q
"^w_
EmNOa
0&U+
g}[`
/pdz2 a
2;cz
+8 s
45<H
{P?m5l?
Q'LO
$Wkt1
.text
%YJ\
fX}/
GetString
K12%
9HT/
WgAm
YJ?^
uugieZ
h0Gh
*10
R^,=2
1G1
(`\ B
>{\yv
u@yV
t"E9pr
Convert
[2vZ
Id)|
T'mx
j/:r7
@u8;
T34A
1SNKw
MyApplication
J=M>
q$@|
&!BO&
!?S
a<[_}
JhL&
N<@
#'-7
OjL);c!h1
1 -8
X|_"
hhe
jJcP
%7}#
R;Qf
?|4 7
=N,:I
/hz8
tfF9
zWz{
5Mz8
</]s
@;1N!2
`1>
8kn
CreateDirectory
t XR
vt6F
nxMJ
^}%
\yO~
CU0
v2k0
\C+g
mnl/
0e U=,X
8{!T`
+l(Ke
'u8[
u$`J
eCeX
?Lib
O~]|<
V 1t
[fG
S2n<
eC=Wf
ejz `
>L)|
Xj=/
Conversions
YAwo
*{By<
P >8
`(h<
`.rsrc
1bkW*
_]]=
w `
1 Ti
z,T@
Vt{7B
@u=<3
xvP`
gnL%S
FU(4N
CreateDecryptor
REOB
get_Default
As+ "
"phv
s<#M
9 uw
X@XCa
|[ce8A
&.Zt
] 3h
$Y0r$
A*L;
System.Runtime.CompilerServices
=cDYt
x#@<C
T_LL
C!E[
CK(|
(^cA
-) C{
;^C}z
T>N'
CGV
Mz9;
N-PK
bE:|
iCkO
Tm^5
>BAx
YS7
u?E FQ
KHZh
ZB0(
xJQ0
cB4U
K?jE
Gw4+J
:it>
1h!,<$
/V#[8XU
a;m
^Jw3
l'c"T
_^6_
k@Fl
-@5f=
\: #
cxux
gCyVs]%
[*/.
omqE
Computer
= |5
%8R)k3
5DRw
UwpjL
@PgA
kAP;
$RA$
rGZ,
,8sHax
_mGlg
}\)d
S DnT
J@<,
J&8.u
I dp
$c;[#CPO
!'&DfI\i@
45Wg
xU%_
{8 aG
Marshal
Js8A
`Fu'
AJ<7_t
]5}e@
wZ^P
/1p8&
(aL
d + C3
ThreadSafeObjectProvider`1
[`.{
,=&j
JQO(
ML8\>
\![%a
Y(::.
s=E\
-3@0@
FPkh
T N
ueV_W
!Hrc8;
mjx,
<V|
<Y,_
$I*#D
Zu-V
kernel32
A_F8d
@!e0r
V- "8
K3V7
z1pW
Con~
&@0g>
]vxN
sYL
HDkd
`EcF<
"@ d4n
ss1N
r Zc!
$t\8K?
$09
]QPXp
1155
k`*)
n,0G<
Zp6^
88X8p
\#
<C1@
-'34
:G> O
>0wAd
SprintCorp
{^`j
1e6f^
JZaT
nXQ,
\Csy
h;&h
1T8\7
wNK?
r@X#
System.IO
!*[>Wm
H0Ea
iL\fy!
0%2E1
x~ch
_t}!
<j|L
`Yp8}
0W"i
)3c4A
b J J#v
9_50
%F2G
}8lV B
k1Jn*
u9W_C
\[mS
lL"^O
qUQ{`Dd-
-9E
$x5z
R69>\
.(8Fu@Yp
op_Explicit
|M}Gg
Q2z_
`yz j
kEc}
d0z>L(
c(-8
=h'#
22^*
(bqM
#_zv
+y?=
><L/
J#aG
fwQZ
WG1E
e[d_'
3zW6
uN;V
LP;z
PeK
Q&Jw/
&_\_<
xN$Q
ln9I
fK<e
O-,Oz
~*/
Xbr
vz5[
ZGTX
Ml:g
s:7-
]jEf
o*X`N
[9L/
L\3m
I#u
r6Sg
c "
MnK/]
_2wrHT
IH#B
System
Application
@ .F
`{&4
Ckf+
Yp_"_.
?.FD0
Q^}T
xAC&L
rowI5
72x]
:0
N95}{
2_/
3JjD
C)}/
6 c*
FcC
@Tf
!;?V
c%MF~
~7Pq
hyL]DNr
6jtWr
#Strings
P3j
1&0*
?f{$BF
ZMZT
<(EZ"ycJc3
Tw*K
a;|7
Bxp5kI
MqA^
ySm#FX;^
[} l{u
5[8`
f;,Z
{0[' 9
u>9U!
6"/:c#1=h
aY/\k`
1b[5G
9Pds
,VuD
WsKt
86&]
\esX7
YA[r
H=w1=
_Ug-
oVft
d^n;
|m7(
s2pM
}"Dn
Ht`5
&/g
CN{Q
H k7
4Zb)h
n^ch
$:R]
(mHJ
95]<
'=f30
yBPE&
L,34
PVJ<g
gv#YT
gU 9A8"
OZ+Xk
Lx97
f_p<z.
"d`_>
>R=
B{ 8
q4BI
7<52
HUA;
wlqu
^ tV!\
Mp2r
*t c
}uu<
W ,
[IWz
z n `}
fEs`
System.Diagnostics
GetEnvironmentVariable
Q$,':
<cmFS
mB`
_434
StringToHGlobalUni
!/[M
TM102
.n$j
&*S,
+Z\I
I>dw$a
JiaGhbl
o>NT[U
D ?~
wX{y [
hWnd
vveG-
*/[,
mB7
T6 HyRN
!f&*
uy m
_9+u
HWO/7
NC>`
Jex<4w
pUr]
KS dH1
(i:+f
IBxh
#p
Zys`a
[8BN
,ZJ<
GetType
2YHz6
{YPs
5 WG8
D/tD
yNZm
1v0m
String
*KR 8n)
)qj|
,UDD
ack
/_a*
Hw8I
jBgA]
8.0.0.0
3"m
(xK\
s 6R
n\ o
B`6K
lv?Z^
tm_`
9NAO
]rmH
@~KF1
^D[
PaddingMode
arR3
`Db
%`.P
QfXn
Sr <j
+^l3
) "1
&v7 ]-|
o!K
={K%
4nx`
u}a>
!((4FW
a{S vQ
/KPuh
b$H[
7@i`
R| J
get_User
(uTa
7z;dr
N7K[
|YH/
H. `5T
$wO)
YdON
'<<<
.\hu8S@
6|;
System.Runtime.InteropServices
BQgm+_=
XjYY#w87
gGf
hwe:
^<.w
*y\%]Fl|
'!6Ws
oH6
pM64
Nd|s
*V-A
#4V~
c-Fa
HwJ.
~FD^/
LateIndexGet
a5{'%
e$zP
rvNO
,C5,k
y)T|
.F6F
P;.y+
d[G1
X6!
: :,
P:mF
z!}i
4r!*H
>?z`g
[@0%
& 0j
* x
qD:
kxE 0
{u5
Cw'Ru
Registry
anxX
J#]j2
}|pr
bvI&
%P X
eEL*|
y$l
]U&J/
[]/=
57:}n
rfm|
xF I
ChangeType
~?Fq
[cI)
e!::0=
< !6_
ep:K
A`ca
>v566
Z6+ ^~Z
1*=D
Jo3Ch
1 VERSIONINFO FILEVERSION 0,0,0,0 PRODUCTVERSION 0,0,0,0 FILEOS 0x4 FILETYPE 0x1 { BLOCK "StringFileInfo" { BLOCK "000004b0" { VALUE "Comments", "%Description%" VALUE "CompanyName", "%Company%" VALUE "FileDescription", "%Trademark%" VALUE "FileVersion", "%FileVers%" VALUE "InternalName", "%exename%" VALUE "LegalCopyright", "%Copyright%" VALUE "OriginalFilename", "%exename%" VALUE "ProductName", "%Product%" VALUE "ProductVersion", "%FileVers%" VALUE "Assembly Version", "%AssVers%" } } BLOCK "VarFileInfo" { VALUE "Translation", 0x0000 0x04B0 } }PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
,Za?
|@~L,
H6q{
7nFH^E^c4
$oh4
#GUID
'Ay6
!fIv
JK(\,
#e|o
kd4q
S8NR
CQl7=
g;#2q_
~:n!
3_a-
cnsG
39=
gE\T
2-P3p)K
@l+p
0%SQb~ .
pzF @@
w;/7
T< 5E
4&*5.
<7U=<
WF).g
\0U
U;_w
XO<o
:(<}C
?G=$
%t1!
F IX
A=89
. bmC1
&#=F
Szm{)
m6 u
H~?L
O7Qnt
30;TM
c D5
9OxB
/=%g
2i.y
<t\9bn
Y8ey
so2y
Q{3)YSG
lfP5
;7}'
{=@j@
CallWindowProc
Mn$>#Vd
aPbi
=Z7I
Pj i
%jU(
S--S] K<
g~irFf\
0*RY
)Ph4k%}g*
US+8
;A$.
qd!A
_@V;
3#'U
a5fZX
!X:E
"Omud
,<1G
zAX1
4QJN
?y^!
SXmz
Q/<
Eo,WK
^5{
]5lCt
=1w[
nsip
{}>y
Y I}4
Lm{M
WL)+
<o_P
?hv=6
$3?t
0 %
zA+xT
1t)@
h5 F]
5J5B
te`y
vGS*
"(P`
(lu=
_}kkC
dP*XEg
! oU
"V#r
Equals
k1-q
Imaging Devices Control Panel
bw75R
v)1
W"yQ$
7L^R^|
'{E6
.7 K5
D/yr
|K`+
==>u
jCz'W
ToString
o(D 7
f{yu
,3 =q
Environment
Ko2j
R#Ue>
I7p4
J-6'
9#:sU
V&A2
}|G|
~Y/a
0Ap
\"d-
qeS+
Zp]^
|IU=V
i:P2g
nupf
r& S
lO0?
v6Gb
E| bkyr_
_j2N
ClearProjectError
e-/h
^C7j
1>Y)se
o X8V
&G.6
_-M4
DebuggerHiddenAttribute
::o
"Y:H9~
ICryptoTransform
A(L;)
!! vM
9I1Sy
F]V5
s}0X`
ZrQY!
qJ(
T)n{
oR|Cv
"/:h *2
bs?R
Kd#W
eII[!
m`[n
{\w=`
5ZBV5
7lG7
&Microsoft
Microsoft Corporation
^zVEn:
+l 3r u
en}Z^
!hpK
t2;M)"K
B-gH
>mw<{
RWZ.
Create__Instance__
?g_q
C( r
'RJr
juk&`
h8LFRB
>zjo
,~-TA^
D-,2
tvp3
&/FNl
size
fB^
lx'Z
_m5O-T
wD7L
dp[t
%31T
@Z]E<^
Z T3
O .W
Ew+K
"/:n
s{&o:)
sV$uC
UXp;
8JY
v_L*
Iz$s
;"BP
MasseyEnergyCompany
7Bx0
X[Q% 5
B8F^
|[hqo
.ctor
76[
C F2
M[o|
TGcJ
4q9G
2C;t
ov),>f
T=k mB
;D1%
ZU&q|
:(so
+g"}
K"*n
^1]+-
{ZPnD
4u"V
flProtect
Main
X<To!V
uHS0q
S\hjy.
K}a1
6 #c
,D]
9E}8
N$?r
zMS47r#H
s#Y|w
n| G
!ooGI
rm`H
23H[hPo
;/BG
7RE
dQzU
z+"
<h<6
dt[to
d&{9
+_{t
wbrPy9Jkl8
4Q6/
XHu0G
][@t
f\Giq
Na`/!
hD?Jg
hFf4
Tnx4y
/e\du
52lj
io}t
81s7,
d/T7
adh\>
y 0
.w#F
*z{
47caOD
@.reloc
.0BQ
UR|&
Z LU
6m#7
T62o
afV[,xa
xy@P|
Rs}1
[ xA
UG)S\
h>0H
c7[OM
:AL5
Ck%x
ndm
Byte
Wmp!
dP!y
^pq7J
?V;-
WFy]
>IPU
fkks1
EIDK
M2|wn
IPZc
b~8O
62Xc
z?|c
G}=/
!>Ml
R*aAx
U;. =
Z0~Z
co1m3U
@3~L
Lp70ru
fQ5j
R1G
N0F"
0+C[\5
7}e(
3uKx>
e'>0
zBFMo
& l>ym
Jvkp
|S"n.+'
=} +
XRq,
-Lj|
z&q>R
{NX/
;*L3
gd;u
get_Location
%^`6
N )&iI
HL,$+1
+D%N
$V75
Dk..
x&.v
*a1
Mi$.
eAY7
aNE3BT
K\sG.
9-:H!0a
$L]#
,[xz
NwL
|5ZIT
Directory
6SA+
YeXT
S 'DWBT
~Qwy
Y`$
/\W
y~
ph!6
\0d9+u
@%QN
zb8!
) {%k
nGok
Dz;s
7n C
!+4 /=J
@Z =|
eq?b
I_*a
3Jm
y|O
RuntimeCompatibilityAttribute
z&s
ThreadStaticAttribute
>[fP#+
Mgc3
xM3
Assembly
3t[ k
:i y
:2z&
RwW
sO^$
4"ab
<8! Jr9
A5J]
z_ FH
%uIX
XrRz
&7p4
I|Cv
s>_o
& B
L}'U^?kb
>0/0
'1=;
F^8Uq f
u]9A
<XC*
$y=<
C mn
sdUrc,Q
?EVx
'>Xh
K"#ri
s)_$
d.1n
dnUm
Activator
b;/9
g]D'
EMf|
WErH
;-u|
h /k#3
S.u"I
={*^
ob%_
Yntq
\)*"
nYq)|
Hz`:
mGV+79c
-- X?i
1sR<a"
.?#J
Y;tU
rA c
|%2Fsv
:HK2(j
31EVaOn
|!|_
@V 7W
lpStartAddr
f@ S
/Y19
My.WebServices
f)qy
Dispose__Instance__
PSn =
WB>O3yr
\*`n
G)eQ
s0ma
A_{fo
Igad
|#f1?
"+4 >Qb
>\.+
yEK;
l8Cc
2{k
.$@_
-U7wh\
"<!DQ
/egNdA
uu~W
$US+b
V\e"
K@Q52
&;f,
meSC0
c]{W
Windows
A[_F
XaoJU
!*:I
o;vI
H{ _U
'D-
7z-"
^5F]
;ni+Xjy8
nKA<
B0u83
y|}e
JtFg
1Xn%
zaC6 &IQ
"C6L_
*6{}
rH-r
[6AO
^8CQ'
M[(-5
h,`r
ResourceManager
.yXm
L@79
hi,q
u Lck
h Y$]
@8)C2
|az1
A%^?
iKAK
!h-!
(<\0
+<%4
[uE5
a541
>da8
!d C
!$*:H
_gTx
DqrR
2?j.
%;H\cS5
c/Ut
B\[8kZ
&P1k
MyGroupCollectionAttribute
Gh+|
RRteo
e((4uM9J
"xh
>YjO
U =*0~
.LE V<
<Pv:U
'vb[R\
?xha
3Y} &
rw(0
,o
lo3Cc
A =ti
'=kbQ
P4>4
DQ_0
V3*B
]Hnr
H/v!e
/31c0
Bw1mQ
G%I6
$\,70
ZsJM
h2&
1G.0
T 8F]<
+;(F
DI`xK
g1+ o
n]@]Tu
>3|+
ZbuH
j ff2 v
}"o5}Ks@
8"ns
ProjectData
lX.][
elR8
_nfT0I
)./{
ioQ2
kk &
)=/F
/n"R
hPi
a,}
:Ux\
]kas
}}e<
0D
>1@j
rMb&u
3AkAh&
Pi0-
O0j7\
!4E@p !
B*$?C
lA<@
%o[
m^#Z
6%}N6
< g4
$ `_
BM"b
s \X
.qv=Tx
a9%8
aFv0
'1aC]u
*4&If
?6Be$
(/U3
UE ,
I:I
c 04
D ?
"M t
\,S!
\}s9>
&2< 5ES
RY @=
hHt)
pIR`[
&6D]H2
d1]|
1/c4:T
OuX^
uB!M
76_}"05YZb
VAJ=
Sk:U
S\|@
1}T_
[gtJ
/^%C
qxV{q
/O8\x
8T29V
Vf)a\
vr8e
QM_b
h <"
0Lo!i
Wt//
]EYY
P [}
b7@5
H:z ,^
5PDr>b
ytlY3
inMh
:s.S
x[|V
VJh /
J0~oI
q; ]
My q
0aJC
(4c_
mO;b
0rN]H"
>vjw
cf .
.*9U
\{oP|
_s~D
_%`O([
.cctor
0wu0~j
G* s
A7'
p.X9{Y
%9iHPV
[~ 4
iU x
*ech
WebServices
-@x"T
N,]_
?Zzo
+tt:s
$n0;F
u u
GetObjectValue
hwms
P7X{
]1AG
~CQB
K9DE
t9sH7
vAm
m_UserObjectProvider
jf~
E2)d"`
4Rhm
NvjN
MLQu;
~DD
M&!_
|#=,
*"0<l7Ma
SX{p5}
fj~&G
#o&W
s3~b2
MUD%e%,`
l1(8D
yw,5
_E(3=IYQ
q[a\<
X|o`p
G(~@
InglesMarketInc
lZ?Bk#
System.Reflection
-R&s
L >#
zI'}
/h?)
(9Gy
TBhG
}xH]
RuntimeTypeHandle
WrapNonExceptionThrows
179d
*Q"4
f%Tw
} %*:
kG`5A
c9O?
gH5QI
V7G_b7'!
N8Na
*Gw3>
D/@oa^
rdN^
]g_z
9":B(
S\M8 S1
:e $
$mMu
E]U*
T8
.j$0X
(0
]5'`
RKAK
DKO$
gTCW
Ogn&S
XW\2
hct6cK}@5
WKJT"
h#Y!
zB9
\C90 o@
vd `
\%o:
F+x/
nYn[!"3Zc^
02v82
Lf})
6 7w
]92N
Yc,[
4)J_
xa<on
N|dQ
_d?R
/^W#
gaa|
set_Padding
/r ^1
=6F1
2L,^
6}3s
? fQBt
-&)o
6PZ^+
AssemblyDescriptionAttribute
>,IS
KAa@
p<<[
%<E~
Sm&8w
FR\C
, V
;bxOO
1f`\q
8NJ0
cSv
uoU*
wb`[-
jyu|w
7sMo,i
Q)O/
+hrv
K4* y
7U'
jTUi
:>=
s6A<?
g^:M
>IFM
Qa%FG
guqv
S`aH&
HoD
M 5-0
-9#
4F/*F
O]]! D
;I/L:A
z#iUd
m..a
AvH_
-R/T
.db
@p>P(
Og x5
5W5k
~#FDYJ
Z4)`
k+BC
eQ/L
WPt\
oR6O
gdi+T
P W3c
2p_
.Gs~B
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
:"z?
9"?fU
7Z*y k
R4_]
vB%(
KxU
bHSDf
*2Q
DR+@
.y_
Qx<7
6b(g
E7g:`
!+4 8IX
!5]z
STAThreadAttribute
6Ly4
mscoree.dll
!This program cannot be run in DOS mode. $
SRI2
+r7=}
File
Z|1
k7+&
3Hd~
pM/QS
d<T(
qr %y
Jan`
Z[/;b
3.AR
l)PK
QN^=\
Eu3Q
M.dLX
dc-cc
}@^&
qUev
GetHashCode
Bj@Q
:$
Vkh}-
_G%uLBt
5nA?x
y6[L
"b!v
%P8s
l@eB
LateSetComplex
`<7Z
6P* 4
gdS*
q"rh
0~JV
1Tl8
System.ComponentModel
E+uT
];4
VQ)Q
}o&l
e w6
get_GetInstance
.kK s
M&2f
jxISA%
Microsoft.Win32
(4?
_.]Z-
:mlj
M+f@
A[po!1
"BS}
1|[C
dq0
@Z~v[
$ C4X
-{ 2
8+ J
Ek=x
FP/B>
^X8f
94)J
%])z
SetProjectError
x!}uK
ZY|v
K403
we.U
}M5JNF
Operating System
My.User
QaX(
65/4
'NF
qg j
df=m$
92zf
A,Gi
-,O^4~?v
&6CR
2R\
!**W
3=TiyKh
i|-F/n
~v,V
q+Fp
a%0mt
dbnDI$
5y7Y
kXk1
NMi N
$h.8
2A60`
Delete
)9HPK
IntPtr
9#Y$
i]% m#
LWgX
L &-*
|Xou
&bP)6zA
#`(/
y?mbe
_{'N
U.>X
$g1
Microsoft Corporation. All rights reserved.
=:39
;,S+
n] .
] 5!
(q;,
[ BSJB
Y[=[=
S6Ky
I}Z
m>y!
s>R^P
l!6r
tX.Du
[8o
b"L{
cT wW
hIq<
System.ComponentModel.Design
61a3t
'Nx
AssemblyCopyrightAttribute
DC'w
V7kE
Q|~8
xX!|
#b0D
[yi@
vM\"cN
gh`u gZ
~ x6:
Y*%t3
}#mp
[W^(
YF J
59{U9=<
2@#rz
O\Sq%6
'6Cy
!B;|
!\Bn
}k+!
%)+5
EditorBrowsableState
NN>.
lW2z
ET4
9G B
] >
.7K^
|!O$
1q|v
&kBk
+]ZX
3wS&
[Vcc `
s/HA
iN ?
DllImportAttribute
aQm~9
5^vR
E:9=
":t{/r
;(0$
suET
=4tIk
3#G'
\3O
ToInt32
P<$X
/i[{
*`#1
;hue
/Cp.
;TB+
~_ggQ
;Z(c?
B(}N
Z:-g
E?;q&
c 'T
:D3^
;B.D{
_+b,k@
zj;$
=]I&
C {2L
H,ump
&&#
M(;W
[0}
F4:{
m_ComputerObjectProvider
O_u`
TaDf
a]_6
/8A[[Q
Y9+({
5_^ e
#}]@
qUyI)=
[CW
$L\X.
u%}L
Boolean
]C5*
YKL3QM
Uon%
(KpC
Qf6
%"t>G
^W$B)R
lo T
(&t\
7eWR
2.PYB
Q(zVs1
Hr8L
_\{/
"H|x
U+~38
iTmf3
5Q[2
tf63h
[RrUj8
CompilationRelaxationsAttribute
^?.h
get_WebServices
A#[w*ap:
QF~S
6< N
vD #
n@wB
GO5J~)
"P<_
Kq2~UUe
n &
eh E
e/%%
|=,9u*
;VHl
;q8as]
)6gP
l:*,
Si nV
x5^42&
naGq
T .jx
rQvF
a>?)e)
7Djl
|{)=
x7[a
3WJ_
!;'u
-y:y
RWBc
*B7D
Create
$<ir%
.jR29
Xd`Nv
~1Fg
[oeKS
n*&{Ct
C?fW
#"z
Vl,Llf
i,cR
*8 3_(
1J%$
HideModuleNameAttribute
d|]6;
cl~g
|aiw
XUm,CrC
Xa-1
!alB
sW1!
~}_!
m1vD
!S6v
E 'Cd
Microsoft.VisualBasic
z=D
E ?*
% /Y
Gd[)
+
3PjL1M
Nom3
& :o
sRK>Yo)
!(=&1;
T!S|
9(2*
<\e0
J{0~
8.z{>
S,N%
euM>
QiA\
(' wl
y.Y1
j.S.i
f!:w
+j.u
J-[@
K+=~E
WiCrWg
;~5%lB@

kF!e{
*m?N
##AW-F
^a+\ (
WUu[jt
d= ?/\
dxwA
z AY
^im\cG
E[df
&m%~[04=s
P{y dpZs'":
{Z}R~yFI
-.ow*
F8~q
Concat
)}u>
35J]kPo
O)'bo
K.Resources.resources
ocNO
$n/w
f9^0
Q>_f
BkMQ
+Yar
f zlMT#k
]`wb
~v=
JU"^
3,>MZOn
"8 (
sNM|
isV[4
8Mu/
Nf?s
r6`?_
!'6C
ej*
Kt>,
)%\{
9bz =
EpG2c
3uIW
7KQ
xw@
wizr
CompilerGeneratedAttribute
9&'~~
UeM
YES)
2d 0 3
QU;bd
k`Y=
[(QWc
*\mw
>R >c
_5pJ
_c46
/{b^G+5
RW *2
z/of|h
/W2d%
&eGj
>WmVPo
s"UD
id38y&
h-ir
!{NS x
EXX$
6PaZ
>c(P
s @P
AssemblyFileVersionAttribute
$-'fX
.~9 s
hGb&r
System.Text
bwr4B
m%>^
(~j?
y8p
4~Xjc
em8j
&5C|
System.Resources
`w~
VE4m
KlK 1
rl6"
r5A
8/L|
bB7x
`~P/
>a:}
;=#i)
sa)|
MyTemplate
4@bb
3=Vl
7EJn2
@K Yn
$I?+sQN b
i}%l
K :R
pL/p%R$4So
5BD%
-#y!
1&MPV
DCXj
?1#7J
Hjq\
z;{x
}=D/#5
/8+,,
ky,s
Iw}P
J%RO4
Od)eX
$QY 1
FR&=`
6m&9D
*xl=\
gz*gf[
eoT(aA
?{n!
]sF_k
|itGZ
K-8=&
>i)B
7Mao
!v5E7
0MZRxU
OA()
=Y/Y>d=
qgQ"6^?
-9lOm
-(SM
'xBX2,
+xjw'
%dK@
E!Iq
8\he
]9&>
byO2
>cY:"
1dk%
^&&#
vjI$
#/JWL
+2uV
9]S
*V\J
uj Z
n7F&y J
^++QI
d^)=/
g!m\
4#YG
z_bf
AG!1
O @(
Nn
|W.C
:4pw
5B X
ij@g
<Module>
F 718.
TheMcGrawHillCompaniesInc
\bJ6/
7Hf#(
6b*2G-
set_Key
&Da}FT?
7Vf0
Z<ir
IO^ D
`:5z
zW`6
v=wU
zQ37
GG!kT
; 9.
P+D-js
QFAW}
~9kr
TwPDc
/-_h
sf-\
no$
(yRje
y0E
oeP =5
Microsoft.VisualBasic.CompilerServices
"82U
T&Ii
!y8r
Bl _
A6/W
CreateInstance
_z( a
:eu
K]a-x
EditorBrowsableAttribute
~vbT
*:lonA
J!,e
2cX]}1
P |kXw
`&p?
iDx%
Y%o(r
aJ#o
[NaA
[# :*
7{WI
}X)C
tQe^
"cM,
Pu{7
MF;5@
o%{~
MZZ(v' >R
User
C@Z,~
Bc h&
bLf#Hd
0Ji.
l[|Z
.y._
A;Kf
XuJHD}v{x
oV!*:Pb
C<sI
R\cY
m$Fz1
|0{
i8vo
\^;<
&=nx
+-9kL
tN0v
iX0l
+]xe
Nh&}u
-B Lo
:%s2b
A C:
n>Ac
UC
I{*j#
g% U
T"n$
CurrentUser
h{?2y'?i
]l?l
)%((|
q6p.F\
tm3R
s1n
:[d:
kN%br
.9^I
~Qy
VQCp
^<!R
5-&q
k3:)e
p-jZ-
U~#{:
7v *
| D
h7ZU
kyy
d`V%
~;_tnW
lrS+
~ e( d
oN8h
n*y
T[0_x
A;R
DirectoryInfo
7sLV
#.7 8IW
b_K
]SGfE
x-,P(
xRb?
RuntimeHelpers
l2xGl
X# A
h?"t Z
]tBb
3Hw`
w P 5
[pCJ
L02~
mb'&
I.oM)
a bt
xB,
) 6e
RxIo
d\Nu
#Qme~
`?w
"W2n
Encoding
(RF#
o|o(
B0CK$G
O]$Im
tE0Z
~c ^
Jm1"
x1}9
jdkh
O} P
aea4
Object
7 _i
t3@Nj
!h%Dm
8&/z
Vm+C
?LU"
9R0h
rsb+`
ComVisibleAttribute
o.)=6
y.8 E
OSSt
`vsY
t!<*
:3P2
E'TY
.}fcg
Q7n}
Ne]p
$;4r
F%jXr
8"j2
`T}c
9P+
` J.
W+ss:
iR_7n
k] t
^EFi
n &#
|Az=3
(GsN(
t~\)
G%)i
odX$
]G\J
:_N_
Rn6q
=W7Q
0RDX
HoJ^
*eF&v
!+3 1@L
@07k
b_oV
xpm4
eP3O
|?0]
6ayz
1.0.0.1
W4eEJ $
/.N,8
bS7RL
$kIi
CaN$
%-
[U2k@
?%7?
@/<zu
?"2+
mOx+
z CD
s-JU
NCRCorporation
GetEntryAssembly
432c
b8v[
dc^dH
Jj j
zuP"P!N
IY n
!Qam~
Q&A[
~h\S
I~\7
&`,!
T[E;
iv,R?
O6BK
Gn;e
&76m
~ GP
"E
p'?,$
{> (
!*D
OEFKG
sM9_d%>
x*.0
A =E
/:Bj
ApplicationBase
ex/e
ADpM
nx I0}
Rijndael
m;#N
I(Y][
1J)]
u3g*
hrR4y
\ )iW
eX4:
4H5N
m_AppObjectProvider
p].J
8},+
\Vq9
eQ&SX;
<O1=H
q;[I
%4A{
SI:y"
' ,+
T1tR
B/kF
)f#.
2pW_l
pU@pw\
rBZ
# o
nQ W
,N}:
.daI
~Z=^
\wabx)
#Mx;
c*D4
kwqe
wY-U
uI86
=X.w
NwZ=
z;$4
{:1V
mY)~
xlH "
D'6D
z<+y
F3Y
y#$aH
gQ]J
]Grr
vFn-
<FO|
`AVo
)E"9
mC\u
"J2<
v-C
!5;}B
2C|J
r'+H_Ji
@NG!
lN p
wgNN
%3@v
1XgF);{T
{4?p
LF4P-
pvE>
&qLQ
'\p|
%V)^
9H
i\@
{r<*
&|W
,'xB
ZmFjeFV
&v[Co
{ L'
soW
'V\
p]vv
,jF"
EG/|K
8F.
XT5
s3l+Yc
d d}f
System.CodeDom.Compiler
=l[@
%-5"rTK
.)ot
gUOj
x'W@oN
y `-
S}_|K&
e"h=QK
1Gms#[
o%EF
?X7nle
m|$F
wParam
,(2g
1DL$0
2,;1
-L/Y
,M=:
Jh^=
}us
eLrnh*
ZCF
!Qny
*5>N
!Ftx
/zK"
EvTg
}bv}
|=Y'
4)pU$
%1dl`
set_IV
&A+r`{2Q %
/{tt
]e3
{ e/x
]v5y
g> ?
1SC
N`Pd
GL(a
q"F
b,vR(
}i*
ln<[
<-@_
U25EA
_^ b
< N S
<}p4A
Km_P
%\Ng
mcv-
7f '
?g"C~
2#EVP
n(%7
9Z#O#
bZTY
5A_
/V9C
_wj{
>\ z
`Z{>
E\7vLQ
2k
>:20?m
~x E,
j]%5
#6-0
j HpU
'9vV
T ^Q
/<G:@K
G]k8
E5+"
My.Computer
MyComputer
b<y ?
undR
D O^[2
/7do
"#}'
v2.0.50727
L</M
]z>Q
+I)W
"Ua}2
:}=LN
=iBk.
(wfj
[t {
OH6[
ci(>A
lpPrevWndFunc
*@Yp
q7& l
vQRD
!*{G
RkuS
zH-dF
Z1_I
` k[
>~dr+
qH[1y
2HJ]{
itVM
J"/;yNl
b>4D\Ui
lBu1
g/XUh_
Exception
p1kwK
"qPpa
O_T5
n9U-
xPAb@
hDC.
A:tI
3>N'
}{HX
|iPK
G>B(
0W?cr
'9>q
g I<
w;tg
/B[H**aD;k/1
XnY `?
)<2i!
;p X
o i{
GetTypeFromHandle
6OO
VWtX
FileAttributes
.v#C
DZL-
BN[
qe9
yHr+,
<z`
SymmetricAlgorithm
$.PM
A-Db
CyeI
ZQx1
pGX
,+c.
ImagingDevices.cpl
2 dHP
a}zoL
r05
i}`z
qr oJ
instance
4O$
vOUZu
,;JV
<,4H
f"@Evg
?I1x
<&&~
( =A
kjzw
hpa$
SXu
&[&]
[9kr
'0 3CQ
3<TB
IK03g9X
/*lX
N>K9
2YIr
ZQ'1
N"Le
)DO6
oC3)
%6Z%7q
)y7}
&R|;
8FT/
RJ19
(QxtK
')X\
M [I
s9p 0
yLLm
..5*e
@Qqi
}1*)
TV &
mccp9E
rv;_
}LuT
=.py
,N'!
P[#tc
=EJH
\fTN~b
_CorExeMain
V}!q0
P wp5
.!EJ
CLnC
:EV ^
\/0a )
*V(|
k#,o
Ep/*
_U]S+
5(9k
=Y$2
a?-+
DX)o
bIlHs
vV ^
6@ .r"D
?YbYO
fyEr
gsAf
Cx?'N
Drct
7|1O
a_oWp
[2QF
NewLateBinding
']7I-i
NP--=8c>
%:6n
?28
&]Y?
4iGp
Eqz{
h 't
<{QIq
]Ru.
@w>KB
k9Q$
qL-Z
$^|RN
g9@ReW
xAH
ge^X
"inU
>xj}
^bNl
9;>8l
*9maPE
3uYQ "\
D=&:B
_ORowW
TransformFinalBlock
0 "
/%S+
llz-
w pW^
x[k"D?
(aIz
Vh@C
~o7)
JohnHancockFinancialServicesInc
Dc!z{A
|MP?
Z A?
/n6O
Close
i=v3
v3 $
%4Bc
UP$d=y
Exists
Zvm,
w 7Q
O&D G
2* 5!,>
2CQDg
:.^o
bCpk
*$2?|Vp
j&4ob
f|q l
{Ov[t
guW:
/rY=
w(}6m
o83D
set_Mode
< Cv
>'BC>
Tx=E
#B
Sj/R
/]go
hs;}J
#6`$
My.Application
Bt!x
T^v.
$ck
AssemblyProductAttribute
bY <
[u!
TLuC
tDUqQ_L>|
D:zf
CIdo
2,E(
%[wj
rg2V
BXX6
+z27
|XzB
?2DJ
{F ^9
nDEK
#EV
uz o
2kmB
DE#6I3
wc/x
R2FW
la$+
>YEO
D!U
C9f4
}'r!
maDL[
BwM
ECm
G T]
sVqJ
j^!AX
,V'^d
/xg5
rDAK
eY$i,
3EJ.
; _?
|{/Q
.IW
<@a
n \S
}$ e
l1[7
C#;`
\EN;
~XKxr
:*-aH
cu\j^
Z7^J
:fgk
M\Ix
D MN+/
UP;=
- Bwu mEW
CbBIaev
ZJnF
Qx.O
}kzi
<*%KJ
XGPx
t&]q
;7d%W1
OWcV
'u'G
6'l:Hc
C<uB
k$1
xgR
'?_M
.yOD
ToXc
\!?a
2kF2n
x erl
& ,8iGd}
flAllocationType
0P7
&`U8
eEd3
| '
t$pv
"/k
5nTeoX
+jYj
#<*\
}LnL
c[;*
bdO/
jkHU
3T6ki
5!p]{
$k>5wS
"N>+
dypf
{b|~i
]FV)
}"ujr
8K0|g
zf(
:pt_
8VRj
e}'o
>3Gcy
D`]3
bB[+
(nh 0[t
X/p+H
d ac
[$[b&
p H%
e^g*
KGq#
B:TT
eCFs
3 BK
1T'5XlZc
y;l(
L#mU
tb,
2O<%8
A]mc
!,`72
W- \
XPi 1
x<*V
Microsoft.VisualBasic.Devices
7%T5
fTEw
hy<#
G"k [2
X Gp
lCx"
SetValue
hS3v
vQXE
tJs\Ke
9L!P
/d0@ )^
[\@F
r i%
m_MyWebServicesObjectProvider
ST(^
i]LB
Cs&6
SetAttributes
O^;`
@ <T
<@YB
h2 l
6Al[
[gJ2
X ~Fh
p2Rb(
0x.]L:=#
v{KIB
#WfJ
iE>)
Microsoft.VisualBasic.ApplicationServices
t*x 8
jBe\
|khvR
FbsKL
LNXF
%~[O
EjG'NJ
c7-G
,!q>P
_Lz68
)+&g I
~KM`
S '5
#`^1}
.):H
Xr5M
3X?a7
tY L^
h_"b
cR"s
) '6
>:8C^
5 -i
D Km
~<<$.
?y2>k
.mRE2
"!'P+
Ivu>
fzK/
1`J|$
'O)a
='9m
$'dFM
\System.Object[], mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA,hY
m_ThreadStaticValue
_RCw
:s)P b
'NuI
iIfxf^
R\l0A`I
nd~2 s
jAD'
ya {RV
'c S
MyWebServices
3B]t
c/&v
FCM(
R-x'
70z*_O
&kw
oAH)_
T 6sX
Wf8T
r@Kv
LOp{
sEpZ?c
zZWmN
4Wkj
5ui
GetInstance
*0 1
B7\h
m3(Z
3;YL48
.(RM3N
SpartanStoresInc
^(tF3k
I0Z^c
X p#
MyProject
:X3
9>$fr
=[1(7Pf
e,!)
_J!0
p{[t
Wz8At<F3l7
XrP)#
RegistryKey
-j{ln
!V` 6(m
G9(F&
#DS]A
:TGS
|3)B
A||mR:
._ce
}#D
~ B
>]TY
;~T2O
#FkAC
+<sK
3If(w
nm<P
BU4e}e*
AnwiDY
&>[:
q`F
]YMh
1A 0
Y_fR:TU
PGt=r
/[MK
*%1; 4DR
F)1 <
43\_
Hq>S!
9n{6
%b}%
/)p
VD>q
F{pB^
o>jN5
ir
%ZZ2
UPH6
GeneratedCodeAttribute
J9(l
_LyBT
O Li
&h-R<
>i1V
(#1=rJg
lOS}U
M]#m
$ !V5#
l,fC
sJ :
=QFOQZ
LuBgi
P Bq}kC
VirtualAlloc
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-05-08 11:17:55 2018-05-08 11:20:48 173

5 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-05-08 11:17:55 2018-05-08 11:20:48 173

9 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\mx.exe.config
C:\Users\Seven01\AppData\Local\Temp\mx.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\mx.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Users\Seven01\AppData\Local\Temp\mx.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mx.resources\mx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mx.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mx.resources\mx.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\mx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\mx.resources\mx.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\mx.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\mx.resources\mx.resources.exe
C:\Users\Seven01\AppData\Roaming\Granite Construction Incorporated\
C:\Users\Seven01\AppData\Roaming\Granite Construction Incorporated
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Granite Construction Incorporated\Granite Construction Incorporated.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2476.28872843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2476.28872843
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2476.28872875

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\mx.exe.config
C:\Users\Seven01\AppData\Local\Temp\mx.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Granite Construction Incorporated\Granite Construction Incorporated.exe

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2476.28872843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2476.28872843
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2476.28872875

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6d1b4b\19147749
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\28233ae3\7106d10e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|mx.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|mx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|mx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\28233ae3\525e532c
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Granite Construction Incorporated
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\mx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\C3BF5A8F
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Granite Construction Incorporated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\C3BF5A8F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Granite Construction Incorporated

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetACP
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.UnmapViewOfFile
kernel32.dll.CloseHandle
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
bcrypt.dll.BCryptGetFipsAlgorithmMode
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.CreateDirectoryW
kernel32.dll.CopyFileW
advapi32.dll.RegSetValueExW
kernel32.dll.LocalAlloc
kernel32.dll.RtlMoveMemory
kernel32.dll.VirtualAlloc
user32.dll.CallWindowProcA
ole32.dll.CoWaitForMultipleHandles
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-05-08 11:21:09

Detected family: #Razy

TheSystem Itself @ 2018-05-08 11:30:02