MalScore
100/100

hvnc.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 41/66 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 583.50 KB (597504 bytes)
Compile time: 2018-05-30 21:38:42
MD5: d7d2989b4d1af6f8e45af3de5e4f793b
SHA1: 2e93d62ab7b2f3f67d5ae8951e36245622cadcf9
SHA256: 9e8913b59a659cc0f459086b988157264ec1d10f45188016eeef54da46583b27
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
Anti Virtual Machine 1 Bochs & QEmu CPUID Trick
First submission: 2018-06-15 01:18:06
Last submission: 2018-07-11 06:06:04
Filename detected: - hvnc.exe (2)
URL file hosting
hXXp://azerothland.com/azzzor_dir/hvnc.exeVirusTotal
hXXp://pandariumist.com/azzzor_dir/hvnc.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-13 13:09:49 [41/66] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x912e4 594944 60424fab60cd42d0683503a84f8d51af f755c30345c8c9a6a1360b54fe0fe30c5043c59e
.rsrc 0x94000 0x520 1536 b6655005b88646baa3acb849e42b5546 d027194d2f91145e95b96adaa55bbdf8ccf00d02
.reloc 0x96000 0xc 512 aeac75ed0898f6671a9bcfc417dfd4e5 824fe47141b27a6af734518db6c9a52b0e72d891
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x940a0 656 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x94330 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018
Assembly Version: 1.0.0.0
InternalName: build.exe
FileVersion: 1.0.0.0
FileDescription: build
OriginalFilename: build.exe
Translation: 0x0000 0x04b0
ProductVersion: 1.0.0.0
ProductName: build
XOR
8 566086
1 566086
2 566086
4 566086
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Object
Flash6.ocx
FIle type: Library
twinui.dll
windows.immersiveshell.serviceprovider.dll
d3d9.dll
explorerframe.dll
mscoree.dll
wpncore.dll
opengl32.dll
D2D1.dll
ADVAPI32.dll
d3d10_1core.dll
DXTRANS.DLL
USER32.dll
d3d10_1.dll
pnidui.dll
authui.dll
hgcpl.dll
KERNEL32.dll
d3d10.dll
ntdll.dll
d3d11.dll
SHELL32.dll
d3d10core.dll
crypt32.dll
vncdll32.dll
WS2_32.DLL
WINMM.dll
vncdll64.dll
MSVCR110.dll
psapi.dll
SHLWAPI.dll
GDI32.dll
MSVCP110.dll
combase.dll
kernelbase.dll
NTDSAPI.dll
ole32.dll
DSOUND.dll
UxTheme.dll
VERSION.dll
IP Found
1.3.6.1
95.211.100.152
URL(s)
No URL found
Possible connections
ZwGetContextThread
!&K
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
zh-hk
en-nz
FilterAdministratorToken
lt-LT
InternalName
SecurityDialogActivationDelay
Software\Policies\Microsoft\Internet Explorer\Main
ko-kr
en-au
InprocServer32
Nov
build.exe
tn-za
Software\Microsoft\Internet Explorer\Desktop\General
it-it
uz-UZ-Cyrl
en-NZ
uk-ua
tt-ru
fr-mc
twinui.dll
gu-IN
ar-qa
windows.immersiveshell.serviceprovider.dll
mk-MK
Tue
fr-CH
es-hn
div
zh-CHS
zh-CHT
ar-lb
fr-ch
zh-HK
Mozilla\Firefox
ur-pk
ar-ly
smj-no
ml-in
LegalCopyright
es-PE
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
explorer.exe
1.0.0.0
ar-LB
zh-sg
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
tt-RU
d3d9.dll
ar-LY
gu-in
Tuesday
ko-KR
runtime error
[Profile
da-dk
tn-ZA
Aug
en-bz
id-ID
R6016
zu-za
ca-es
hu-hu
EnableSecureUIAPaths
mr-IN
August
se-fi
June
Google Inc
hi-IN
gl-ES
ar-ye
he-il
sv-FI
da-DK
October
chrome.exe
eventvwr.exe
Default
Isolation
az-az-cyrl
Wednesday
ShellReadyEvent
((((( H
hu-HU
zu-ZA
R6034
R6030
R6031
R6032
R6033
smj-NO
mn-mn
- not enough space for locale information
az-AZ-Cyrl
Apr
PMIL
gl-es
--no-sandbox --allow-no-sandbox-job --disable-3d-apis --disable-gpu --disable-d3d11
sv-fi
USERPROFILE
VNC is starting your browser...
en-PH
SOFTWARE\Classes\Chrome
se-SE
Software\Microsoft\Internet Explorer\Download
- not enough space for lowio initialization
pa-in
\opera.exe
pl-PL
sa-IN
OPRN
es-cr
es-cl
{%08X-%04X-%04X-%04X-%08X%04X}
explorerframe.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects
FileVersion
es-do
syr-sy
id-id
de-at
95.211.100.152:2288
Mozilla Corporation
mr-in
TLOSS error
OriginalFilename
VisualFXSetting
hy-AM
mscoree.dll
ar-IQ
File
es-VE
DOMAIN error
he-IL
- not enough space for environment
ConsentPromptBehaviorAdmin
it-CH
fr-CA
bn-in
ro-ro
Software\Microsoft\Internet Explorer\Main
Jan
- not enough space for arguments
pa-IN
kok-in
ca-ES
Oct
uz-UZ-Latn
March
es-co
de-CH
sr-SP-Latn
nl-NL
sw-ke
`C!a
lt-lt
en-ph
es-DO
se-se
bn-IN
ro-RO
pl-pl
sa-in
_OPR
mn-MN
hy-am
sl-si
ar-iq
de-ch
es-CR
fr-LU
es-CO
Sat
ar-MA
ar-dz
uz-uz-cyrl
en-TT
es-gt
R6002
- Attempt to initialize the CRT more than once.
R6009
R6008
cs-CZ
NoActiveDesktop
compmgmt.msc
es-es
taskmgr.exe
Wallpaper
nl-nl
ar-YE
ar-JO
ar-sa
wpncore.dll
--user-data-dir=
OPENGL32.dll
d2d1.dll
- unable to initialize heap
it-ch
ar-DZ
Copyright
fr-ca
kk-KZ
EnableUIADesktopToggle
ADVAPI32.DLL
syr-SY
fi-fi
cs-cz
sr-SP-Cyrl
September
Microsoft Corporation
nn-NO
fr-lu
sw-KE
ProductVersion
el-gr
ar-sy
Fri
ky-KG
Google\Chrome\User Data
xh-za
es-GT
en-CB
bg-bg
en-CA
az-az-latn
kok
es-NI
Monday
sr-ba-latn
tr-TR
ar-jo
az-AZ-Latn
ur-PK
tSOFTWARE\Classes\CLSID
VS_VERSION_INFO
en-tt
xh-ZA
fi-FI
ns-ZA
ar-SA
en-ZW
es-ni
ValidateAdminCodeSignatures
Sep
<program name unknown>
- abort() has been called
d3d10_1core.dll
en-ZA
Dxtrans.dll
Microsoft Visual C++ Runtime Library
CONOUT$
ar-ma
build.Properties.Resources
ar-AE
Opera Software ASA
fr-fr
te-in
USER32.DLL
es-UY
d3d10_1.dll
fa-ir
- CRT not initialized
ta-in
WallpaperSource
/name Microsoft.DeviceManager
- not enough space for thread data
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Thu
ConsentPromptBehaviorUser
eu-es
fr-FR
nb-no
te-IN
en-cb
en-ca
control.exe
es-uy
- inconsistent onexit begin-end variables
en-za
is-is
Saturday

se-FI
ms-my
Wed
sma-NO
dddd, MMMM dd, yyyy
pt-br
Profiles\Default
en-GB
zh-cn
es-BO
sq-al
Mon
uz-uz-latn
cy-GB
Translation
ru-ru
PromptOnSecureDesktop
es-ve
sl-SI
ms-MY
svchost.exe -k
ar-ae
eu-ES
pt-BR
nb-NO
vi-vn
- unexpected multithread lock error
LuaOffLoRIEOn
ShutdownTime
MM/dd/yy
Sunday
es-bo
/name Microsoft.ProgramsAndFeatures
Default=1
div-MV
fr-be
ms-bn
th-TH
ar-EG
en-gb
es-pr
es-py
ns-za
es-pe
es-pa
cy-gb
tr-tr
July
--no-remote -profile
cmd.exe
sma-no
fr-BE
EnableInstallerDetection
R6017
R6010
AlwaysShowMenus
vi-VN
R6018
R6019
\ThemeApiPort
OPR
pnidui.dll
pt-PT
sq-AL
authui.dll
hgcpl.dll
\Registry\Machine
ar-bh
en-us
es-AR
bg-BG
sk-sk
zh-tw
/name Microsoft.PowerOptions
Jun
Jul
es-mx
ar-SY
ta-IN
\Registry\USER
ar-BH
Software\Microsoft\Internet Explorer\MINIE
opera.exe
en-US
div-mv
DelegateExecute
th-th
zh-mo
ar-eg
ar-KW
es-PR
nn-no
pt-pt
sr-ba-cyrl
es-PY
zh-CN
es-PA
2018
zh-SG
sr-sp-cyrl
bs-BA-Latn
en-IE
sma-SE
hr-BA
ja-JP
sr-BA-Cyrl
nl-be
quz-BO
kok-IN
kn-in
KERNEL32.DLL
LOCALAPPDATA
kk-kz
smj-se
ru-RU
- unable to open console device
sr-sp-latn
syr
000004b0
be-by
FileDescription
lv-LV
zh-MO
nl-BE
ar-kw
sk-SK
zh-TW
IsRelative=1
ml-IN
es-MX
de-DE
.exe
HH:mm:ss
el-GR
Flash6.ocx
//0
sv-se
ar-TN
SYSTEM\CurrentControlSet\services\Disk\Enum
es-ar
This indicates a bug in your application.
Friday
mi-NZ
af-ZA
diskmgmt.msc
Control Panel\Desktop
es-SV
- pure virtual function call
build
...
firefox.exe
en-ie
BINotifiedNewSessionEvent
et-ee
sma-se
hr-ba
be-BY
ja-jp
quz-bo
bs-ba-latn
%S_%s
quz-PE
\Profiles\*
kn-IN
ar-OM
smj-SE
es-sv
se-NO
Sun
VarFileInfo
jjj
mi-nz
hi-in
sv-SE
ka-GE
af-za
es-HN
es-CL
Runtime Error!
de-AT
- not enough space for stdio initialization
sms-fi
ProtectedModeOffForAllZones
\Local Settings\Application Data
et-EE
mmc.exe
ky-kg
ka-ge
mt-MT
zh-chs
zh-cht
Software\Microsoft\Windows\CurrentVersion\Internet Settings
APPDATA
December
- Attempt to use MSIL code from this assembly during native code initialization
quz-pe
ProductName
ar-om
ms-BN
Feb
de-li
en-jm
d3d10.dll
quz-ec
es-ec
Opera Software\Opera Stable
R6027
R6026
R6025
R6024
NTDLL.DLL
de-lu
R6028
testvnc
- unexpected heap error
R\Opera
de-de
SING error
fo-FO
November
-nomerge -noframemerging
se-no
en-JM
January
quz-EC
en-zw
SOFTWARE\Policies\Microsoft\Internet Explorer\Low Rights
d3d11.dll
lv-lv
Dec
- not enough space for _onexit/atexit table
Assembly Version
SYSTEM\CurrentControlSet\Control\Windows
mt-mt
hr-HR
fo-fo
shell32.dll
is-IS
sms-FI
de-LI
Profiles\
it-IT
es-EC
Thursday
sr-BA-Latn
ShellDesktopSwitchEvent
uk-UA
- floating point support not loaded
fr-MC
de-LU
es-ES
NoWindowMinimizingShortcuts
Mar
Winsta0\Default
May
Software\Microsoft\Internet Explorer\Low Rights
smn-FI
en-BZ
mk-mk
en-AU
StringFileInfo
Program:
Software\Policies\Microsoft\Windows\Explorer
2500
February
StartMenuCacheFileReorder
ar-tn
fa-IR
Path=
d3d10core.dll
April
DownloadActivationDelay
\profiles.ini
/name Microsoft.System
hr-hr
ar-QA
smn-fi
Lcd$X3
D!|$PH
#WL#
ReleaseMutex
>@?N?
j hp
BringWindowToTop
(D9+t
CombineRgn
2,383_3u3
t$ WH
0A_A^A]A\_
uFSj
9I9o9
u1j
u49~,t"H
&SWVVj
:(:0:;:k:
D$h< t
|$@-
@PSW
Y__^[
B4PV
VWATAUAVH
2 2#2;2F2X2g2m2u2
6V6\6l6v6{6
u(h$
9{Xu
L$ W
\$ UVWATAUAVAWH
SendMessageA
HSV3
j(hX"
Y@E3
|$@H
|$@I
4FVj
QQV3
tnf;
HA;
HcM H
_^[
1#SNAN
tO9=
l$HA
0.0W0i0u0
GetSystemTime
5F5X5
6T6f6m6x6
N D
f9X t
jsSW
\$`D
1=1Q1
uij
u0h<
Hct$\H
\$`H
\$`I
U>c{
l$HH
PeekMessageW
System.Runtime.CompilerServices
\Vj'
QQS3
uhSW
tcH95a
PeekMessageA
L$2f
D$DE
D$DH
>@>E>Q>]>i>~>
tES3
15.1.0.0
, U,4
A_A^A]A\
t$ E3
AssemblyTitleAttribute
CreateProcessAsUserA
^[_]
CoCreateInstanceEx
d 8L
xA_A^A]A\_^[]
DecodePointer
CreateProcessAsUserW
;j;u;
u$9=
h(R@
2=3f3
6K7T7^7k7p7u7
tSSW
sLWV
WriteAllBytes
;t$,v-
user32.dll
j0SP
CreateDesktopExA
CompilerGeneratedAttribute
RtlInitUnicodeString
: :(:0:8:@:H:P:X:`:h:p:x:
HeapFree
5S6l6{6
9D$@~
tkhl
KillTimer
9<3u
USVWH
M SV3
GetClipBox
5ntel
u7f9w
G(+G
>8>=>p>
oF f
8!8K8
F8E3
<"<'<5<
OpenProcess
t I;
5 5*5>5
]AYAXZY
9sPu
GlobalLock
`A_A^A]A\_^]
QPSj
D$\H
u[H
d$@H
t Ic
d$@A
L$$f
> >$>(>,>0>4>8><>@>D>H>T>\>h>p>t>|>
u D!
( 5(t
f9,Ct
<HA;
D$HD
@PSV
D$HE
L$@A:
L$$D
CD$<j
1 2>2[2
?_Syserror_map@std@@YAPBDH@Z
\$(H
kN| j
ADVAPI32.dll
4(4?4u4{4
<D=k=
d$$3
8"t?
CreateDialogIndirectParamW
VirtualAllocEx
B\f;B<u$
t*j
build.exe
D$X3
t$xH
MessageBeep
jgSW
GetWindowThreadProcessId
H!\$ L
f93t
T$xH
A^_^
MoveWindow
!t$8!t$0!t$(
t+SV
v<H;
>$>.>i>
D$,+|$(+D$$
Enumerable
?P?y?
lstrcpynW
282T2
l$ VWAVH
|$\.u
?terminate@@YAXXZ
t(-Z
|$0f9
C 9D$8}
GetACP
ZwGetContextThread
T$hD
wsprintfA
T$hA
j Y+
t2j
get_Assembly
T$hH
NtResumeProcess
d$$D
Yu:j\W
2+2<2B2j2~2
CreateCompatibleBitmap
= > >->9>I>O>`>
EgE3
GetMessagePos
T$LA
t2Bi
u+S2
CLIENT-%08X%08X
4"4&4*4.42464:4>4B4F4J4N4R4w4~4
H!\$0E3
AssemblyTrademarkAttribute
C(IcS(I
9~,t<9{,u79~,t2H
GetConsoleMode
NPE3
p ` P
?K?V?
hTQ@
GetThreadContext
t$!]
u,H
ReBarWindow32
!p H
%08X-%04X-%04X-%04X-%08X%04X
U SV
DirectSoundCaptureCreate
GetDIBits
T$0A+
u6LcA(
SHELL32.dll
Ol9p
<RandomString>b__0
#Blob
fD+}
A0 I
5$505<5H5T5`5l5x5
\$(A
s)Hc
D+C|E3
fD+m
t*-Z
p `P
0 0;0C0
MapVirtualKeyExA
D$pH
t0H;
.pdata
u;9E
.Prev
F WWW
C +C
B`:B@u 3
CertCloseStore
< ~
IcK(I
T$@D
/0|2
T$ f
Type
x AVH
} D;
?7?k?
j.Yj\
T$@A
T$ L
TlsGetValue
MultiByteToWideChar
T$ I
SetFilePointerEx
CXI#
T$ D
<N=}=
G +G(
T$ A
CreateMutexA
GetModuleHandleA
Pj SQ
|$0-H
free
Y t\
6 6(60686@6H6P6X6`6h6p6x6
PPPPPV
iostream stream error
NtGetContextThread
K@H;
September
PP9E u
j@SP
<G<\<v<
e+000
6!6'606=6C6H6N6S6\6c6h6o6x6
E F;u
MapWindowPoints
SendNotifyMessageA
D$"L
DrawEdge
CRYPT32.dll
D$"E
GetOEMCP
;J<P<a<g<|<
T$ H
t Vj
vc9w
t Vh
t h\
S:(ML;;NW;;;LW)
GetSystemMetrics
] VW
DeleteDC
tThx
M H1E
|$xA
D$PM+
memcmp
u _^[]
D;{$
9-969>9I9N9Y9^9e9x9
VirtualProtectEx
</=:=
CreatePopupMenu
6 6,686D6P6\6h6t6
CreateBitmap
]XH9
Genu
=B=[=`=g=
|$@-D
sw9M
s1Mc
G,+G4
C(IcK(I
GetClassLongA
L$ Hc
Direct3DCreate9
e0A_A^A]A\_^]
=uLH
CreateFileW
L$PE
L$PA
s UH
CreateFileA
D$"3
}cHc
L$PH
L$PI
GetSystemWindowsDirectoryA
[_^]
;F u
5e5{5
WrapNonExceptionThrows
h$S@
hXR@
D$43
t~+4
GetShellWindow
HcG<
ReferenceEquals
.text
S H9S0u
VirtualFree
u!QQQ
_errno
GetObject
GetFolderPath
M V3
Gp;GxsI
:A:g:
MsgWaitForMultipleObjectsEx
t$ UWAUAVAWH
u QWv
p `
SystemParametersInfoA
Button
ubh0u
] VS
System.Configuration
6>9 :^:d:?;E;W;v;
|$PD;
9<2u
tf=(
SystemParametersInfoW
.:3q
LoadLibraryExA
D$4A
8"t"3
PSRV
L$Bf
D$4H
UVWATAUAVAWH
,SVWj0X
VWATAVAWH
00000000000888888888@@@@@@@@HHHHHHHHPPPPPPXXXXXXXXXXXX`````hhhhhhhhhhpppppppppxxxxxxxxxx
IsRectEmpty
0C0[0|0
vncdll32.dll
L$ u
M H#
|$0E
ZwSetContextThread
|$0@
|$0A
:<;B;M;S;d;z;
uhh(
|$0H
|$0I
@t j
DestroyMenu
A(fE
ZwWow64QueryInformationProcess64
.1<1J1X1a1g1m1u1z1
C,+C4
D+C|
8csm
ZwProtectVirtualMemory
l$XH
t9A+
D$DA
l$XE
VkKeyScanA
RtlSetUnhandledExceptionFilter
F0PW
USVWATAUAVAWH
?#?<?K?
\Visual Studio 2012\Projects\Socks\x64\Release\Socks64.pdb
>:?y?
D$DD
lstrcatW
SetActiveWindow
t$03
t$0L
9M u
t$0H
t$0I
2BA;
SVW
0$0.0
D$0H;
9M s
9s(u
$040<0
ToAscii
:[;r;
ZwQueryInformationProcess
B(McB(A
l$X3
Process
9s(@
MM/dd/yy
|$0-
`.rsrc
8(8X8
www.exitsoft.sk5
|$03
9 9\9^:
L$@E3
SetLastError
DestroyWindow
< <1<F<]<o<w<
H91t
5-74797F7_7r7
t Vh
A +A
@82u
kernel32.dll
jkSW
SetClassLongA
FlashWindowEx
~'Lct$XH
u htR@
GLSPuV
KHH;
D$ L9
NKeb
} fD
V t&
?_Xlength_error@std@@YAXPBD@Z
|$@A
H9x(t H
797{7
L$(H#
4 9;tQ+
GetMenuItemRect
} YYj
QQSV
s,Mc
t$ WAVAWH
9wlt
E~p3
Wj0V
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3
QWSP
Wj0Y
@UATAUAVAWH
rZI9>t
GetGUIThreadInfo
GetCurrentThreadId
zc%C1
!L$@
jdSW
<et <Et
;t$(v(
sndPlaySoundA
4 4(40484@4H4P4X4`4h4p4x4
SetEvent
.current
sndPlaySoundW
L$4D
t*SVW
GetDeviceCaps
B9D
7+7Q7^7s7
GetWindowRect
Hcy<E3
GetFileSize
x ATAVAWH
t$HH
%WWW
A_A^A\
3=dm
uGD;k
GetProcAddress
L$ UVWATAUAVAWH
D$(A+
L$4f
VpC;
PPPW
9-9A9L9_9e9
D9!toD9a
SetDIBitsToDevice
QQQj
C@L#
><?U?f?
v-H;
PathStripPathA
626P6e6o6
D$8L;
w0I9^0u
D$4+D$,;
T$0f
TrackPopupMenu
t E3
4.4H4_4x4
L$43
5 5(50585@5H5P5X5`5h5p5x5
N D
_[^]
Culture
A_A^A]A\_^[]
H+D$0I
|$`A
Tuesday
T$!A
E fD
GetCaretBlinkTime
l$`@
GetScrollBarInfo
kernel32
l$`N
l$`H
t < t
VWSQ
7 7$7(707<7H7T7`7l7x7
D$HG
D$H@
E WP
D$HL
D$HH
D$HI
KpH;
;);<;G;X;a;l;};
Main
Ht=H
D$Hd
PA^_^[]
KERNEL32.DLL
D p
3#3p3y3
A_A^_
A_A^]
SetTextColor
YuFj\W
fD;u`L
us9u
$VWh
u B;
MapViewOfFile
Computer Management
SetViewportOrgEx
WATAUAVAWH
|$xH
D+C|H
GetModuleHandleW
3 3,3H3h3
\$0A
1609
<+@2
VncStartServer
7 8^8p8v8
80tVD
20M0m0
System.IO
Lct$X3
f@f
\$0L
GetFileVersionInfoW
D$#f
Yjdf
t,hP
RuntimeTypeHandle
;GxwQ
SetFocus
~BIc
3 4,494_4v4}4
,xf;
H;|$ s%L
PSSh
PQWW
Nt f
\$XH
v%SWP
u PV
< <><E<J<W<b<
T$0E3
D$lP
|!D;s(
(G;}
T$\H
4 5;5C5N5S5n5s5
SetErrorMode
System.Globalization
G()p(H
T$\@
D$lA
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetMenuItemID
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
STAThreadAttribute
FHh0
CreateWindowExA
SetImmersiveBackgroundWindow
: =5=;=_=g=p=y=
u D9f
<-<;<S<a<o<
F8SP
u+E3
GetSystemTimeAsFileTime
t Wj
404D4W4
N A8F
1W1p1
2$2(2,2@2D2H2\2h2l2
A( u
D$XE
tY9X
CoGetClassObject
D$XD+
;D$ v
GetClipboardOwner
D$~P
@t A
9$909<9H9T9`9l9x9
2!2'20262T2[2`2m2
: :,:8:D:P:\:h:t:
~]IcS(A
System
Beep
D9D$Ht D
C8A+
0#0)070=0R0c0o0v0}0
L$$3
N fD
. 5.tN
5*505@5F5V5\5g5
YY^_[
QQSV3
0%0S0b0o0
9D$<~
(D$@f
user32
PPPS3
x AUAVAWH
W9u t
CreateEventW
QQSVW
;_4r
>#><>C>K>P>T>X>
u89{||
d$(A
DebuggableAttribute
PPPSP
t%Ou
#Strings
E+A E
8 9F9v9
TerminateProcess
LcQ<D
f9Egu0H
"t/NNt
+D$D
8+8K8T8
SetEndOfFile
|$@A_A^A]A\
9Wlu
|$L.tUH
Y;C|
EVfD
PostMessageA
build
FreeLibrary
A_A^A]A\_
Hc
P L;
VirtualProtect
NTDLL.DLL
SHRestricted
testvnc
;A;b;q;w;
L$`A
L$`L
L$`H
[ L9k u
2 2$2<2D2H2h2l2
!\$ L
tPPj
-64OS
@USVWATAVAWH
PathCombineW
u%VS
;E t
;E u
~bIcQ(E
;E r
;E s
;E |
January
??3@YAXPEAX@Z
l$(L
l$(H
l$(I
t$PH
s(HcS(H
WSAStringToAddressW
VRWQ
@SUVWAVH
T$0H
T$0I
SVWhP
T$0D
t>D9D$Dt :
h@R@
SVWh\
T$0A
Task Manager
IcQ(A
SVWhL
WS2_32.dll
LeaveCriticalSection
L$Df;
?_Xinvalid_argument@std@@YAXPEBD@Z
1.1.4
IntersectRect
GetConsoleCP
D$$D
t$I;
D$$M
3 4(4H4
]0SV
ABCDEFGHIJKLMNOPQRSTUVWXYZ
SwitchToThread
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
x UH
s!E3
SUVWATAUAVAWH
t'SSWh
5_6h6{6
M f
2500
t&E3
u,Wh
_unlock
j@3
t L;
< <$<(<,<0<9<G<^<i<
9!:):[:i:u:
1807
1806
1803
1802
1808
D$GH
CertGetNameStringW
4%5/5D5P5U5^5c5l5r5
A_A^A\
SetShellWindowEx
C(HcS(H
t.SSSS
tWPV
t;A
PWVh
ZwWriteVirtualMemory
t-Vhx
A_A^A]
GetViewportOrgEx
Shell_TrayWnd
Vj 3
|$ D
OpenFileMappingA
tfVU
|$ H
L$$H
D$(fD
@USVWAVH
6%6D6O6[6
L$DA
7 7(70787@7H7P7X7`7h7p7x7
F(^[
t<E3
FGIu
T$ A;
Func`2
DrawTextW
QueryPerformanceCounter
CLWP
j\Yf
tTWhLn
?_Xlength_error@std@@YAXPEBD@Z
j A+
Winmm.dll
WVPS
t)H!|$(!|$ L
L$Df
1 2$2h2
uNfD9k
Progman
t H9
H; !
GetSystemPaletteEntries
}gA;
;Cltnj
6&6D6
VVVj
VVVh
Rich
ntdll.dll
T$&@8t$&t9@8r
NtQueryVirtualMemory
f94{t
CreateDesktopExW
u QW
VVVV
4A4]4
ConvertStringSecurityDescriptorToSecurityDescriptorA
FLWP
K`H; 9
D$83
L$A3
1#QNAN
D$8D
NtQuerySystemInformation
CoRegisterClassObject
D$8A
BU:B5uZ
j\WP
D$8L
D$8M
OpenDesktopW
EnableIAMAccessWin80
yHI+
9%909=9F9M9Z9c9j9w9
G<#WL
T$hE3
jW_3
u&j [9
TrackPopupMenuEx
RQSV
UnhookWinEvent
FillRect
GetModuleHandleExW
979Q9a9g9l9r9x9}9
SetDIBColorTable
PQVh
YY95t
A_A^A]A\_^]
Vj 3
F2PW
DebuggingModes
C0H9S8u H
2%2<2H2O2a2{2
> ?#???E?M?
A(HcQ(A
LcA(
AssemblyCompanyAttribute
FYY;
2n3t3
;Clt
P_^]
^_[]
|$(Lc
u WS
onPf
o^0f
Restart
u'j0X
October
|$XA+
E jdj
GetLastActivePopup
ExpandEnvironmentStringsW
0A_A^A]A\_^]
RtlLookupFunctionEntry
7U8[8i8o8
SelectClipRgn
fD9$>t H
;!<(<,<0<4<8<<<@<D<
get_Length
4SVW
I9I
@t j
@SUVWH
>:>H>V>o>
Control Panel
u@Wh
C(+C
B^:B>u
MgE3
9E$u
= =&=,=R=X=
u A!B
|$hL
tT9X tOD
|$hH
@PPPP
T$$A
L9#H
L$a3
SetWinEventHook
GlobalUnlock
2 3 373M3
D$0+D$(;
D9&t
3$3,343@3H3P3\3d3l3x3
jA[jZZ+
A<f9T
L$6H
GuidAttribute
{%08X-%04X-%04X-%04X-%08X%04X}
l$pA
Program Manager
:0:x:
@SUVWATAVAWH
|$@-H
GetSysColor
l$pH
+D$8
D9|$
GetTickCount64
Process32NextW
SetShellWindow
w)SW
!\$ 3
sDE3
Local\
K H; 6
CLh(
t6hdm
CreateCompatibleDC
t$XH
tEE3
~MIcR(A
CallWindowProcW
CreateProcessA
D$(U
D+t$8A
=(=G=\=f=
HeapCreate
CreateProcessW
CallWindowProcA
vncdll64.dll
?_Xinvalid_argument@std@@YAXPBD@Z
UWAVH
tuHc
tUHt>Ht(Ht
ToArray
CLVP
wL9s(t
L$(3
;&;,;D;W;g;
~[D
r/f;E
L$ E3
D$JH
4)4D4Y4k4}4
SetWindowPos
QVW3
HtBHt!H
0$0,040<0D0L0T0\0d0l0t0|0
u 9M u&3
WindowFromPoint
fD M
ueWV
x&;
USER32.dll
ReleaseDC
xo;
u @=
QVWj
617 8
WVS3
rewind
.reloc
5!5-5>5K5i5o5z5
Q D;
9 9 979E9J9a9
W(9W$u
C\$H
IcR(I
} PWhE
YY^]
LocalFree
t j@Xj
SetClassLongPtrA
f;E@w
L$03
L$(L
GetMappedFileNameA
x.;
L$(H
u A8
L$0H;
L$(D
Y_^[
MSVCR110.dll
QSQj
F @t
Y_^]
E YY
j XJ
_^[
GetModuleFileNameW
3`4d4t4x4
2j3}3
2'3>3^3s3
D+L$0
IsDebuggerPresent
9W u
A_^[]
ShowWindow
GetModuleFileNameA
;4<x<
<N_u
abcdefghijklmnopqrstuvwxyz
D$0H!\$(!\$
Direct3DCreate9Ex
VWj'j
H;\$8u
SetBkMode
GA;
=u-h
\$H=
!\$0A
BitBlt
H91t H
fD9k
0#0F0Q0g0
L+c0I
\$HH
YY=
f9_ tKf9
B(IcR(I
VC20XC00U
9E_tGL
Wjdje
u fD
C(H9C r
S;uD
IsIconic
@A_A^A]A\_^]
.cctor
CryptDecodeObject
1H1L1l1p1
T$lI
GetKeyboardLayout
< ~ H
02292L2S2r2
GlobalAlloc
oV f
fD9,
<9<U<q<z<
9\$$u"9\$ u
|$(H
InitializeCriticalSectionAndSpinCount
l$8H
D+T$4D;
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
l$8A
Vh;E
T$@L
Start
> >->K>_>m>u>
T$@H
D$pI
D$pD
FlushFileBuffers
D;c |
open
D$pA
A9Ghv4I
Repeat
Monday
0@0l0
?'?-?<?C?S?Y?_?g?m?s?{?
D$(3
EnableIAMAccess
U :B
^u Sj
D$ph
?*?N?]?
XA_A^A]A\_^[]
U Wj
D$0E3
9^ u
9^ t
Event Viewer
;J;Q;
u59E
u(E3
?_Winerror_map@std@@YAPEBDH@Z
RtlUnwindEx
1$1*1K1Z1e1p1y1
D$TP
2&2Q2j2u2
?,?J?U?
PVh '
t7Ht
u PS
:!:9:Q:_:f:s:|:
u PP
D$XL
StrDupA
\$,D
TlsSetValue
>$>,>8>@>H>T>\>d>p>x>
WVRP
627s7
upj(P
2n355;5|5
Wj0XPV
D$XH
__crtTerminateProcess
Hf97t
\$0i
K 9L$@~
0A^A]A\_^
D8T
1'242=2a2
; < <'<F<X<l<v<
j X]
fffff
L$ A
\$0D
VQWRh
@A_A^A]A\_
.fD
GetCurrentProcessId
H3E H3E
\$0H
\$0I
3c3z3
u(Vj{V
] BA
Process32FirstW
<&<,<?<T<_<u<
SetFilePointer
1N_^[
ReadFile
1(1,1014181<1@1D1H1L1X1\1`1d1h1l1p1t1|1
CorExitProcess
RtlCaptureContext
L$pA
\$03
L$pL
L$pH
of@f
|$ UH
?$?,?4?<?D?L?T?\?d?l?t?|?
SelectObject
~ZHcS(E
u7I;
2%2@213:3G3M3R3X3^3d3j3y3
CloseDesktop
_calloc_crt
f9 Fu
IsBadStringPtrA
Power Options
ZwClose
= >&>O>]>g>q>
G@#w,
T$LH
t(;
~OHct$8Lc
t)WV
CreateFileMappingA
{ AVH
@.reloc
7#7[7a7g7m7s7y7
EncodePointer
u E3
317N7
FTQPR
\SVW
QPVf
A,+A4
A_A^A]A\_H
D$lE
u!hD
GetFileInformationByHandle
SpecialFolder
AuthA
get_Chars
$A;
SSVhJ
T$0L
\$ UH
~/A;
T$$H
u!h
2 2*2C2[2g2
}&Ph
PSAPI.DLL
0%1?1L1[1e1w1
My Dialog
URPQQh
OLHcS(H
System.Diagnostics
=0>U>[>
L$ H
u F;5`
L$TA
L$TB
L$TC
L$TD
PtInRect
)wh)wd)wT
D$(2
YY_^[]
1"1(1.141;1B1I1P1W1^1e1m1u1}1
]_^[
t*A;
data error
t Pj
D;T$@tXA
4]4i4
u(WVS
<zf9
;!;';D;M;^;r;
G +G
t PW
1 1,141<1H1P1X1d1l1t1
Rich.
u3E3
FW9S
!t$(H!t$ I
U#YY
ucSVW
IcQ(I
9YDu D
@ PW
D$(d
D$(f
GetKeyboardLayoutList
BH98
March
L$FH
?!?B?I?N?[?t?
C:\Users\vladk\OneDrive\
\t h
<AfB9,
mg9]
PSVW
D$(D
RegSetValueExA
D$(A
D$(L
D$(M
f9L8
D$(H
D$(I
tUSWV
9T$Dt D
VkKeyScanExW
RegCloseKey
wsprintfW
BeginPaint
F +F
VkKeyScanExA
K8H;
$1967a639-3ca3-4e51-837c-3e1a1477ed77
v N+D$
tFVjwS
D$LA;
<v5h:
A_A^A]A\]
A_A^A]A\_
jtSW
@A_A^A]
L\D\z
LcA<E3
T$pLc
Gdf+Gh
D$0L9
GetComputerNameW
D$0L;
lstrcmpA
FindNextFileW
kernelbase
lstrcmpW
t#h`
9s,t
`SW3
?=?C?Q?a?h?r?{?
CreateEventExW
5.5J5V5h5
SHLWAPI.dll
t#=`
.?AV_System_error_category@std@@
ntelD
GetMenuItemInfoA
132<2>3U3f3q3z3
GetMenuState
CreateEventExA
L$HH3
_^[]
PostThreadMessageA
DirectSoundCaptureCreate8
t$(D
?;?I?l?
t$(A
E t
9E(j
t$(H
t$(E
tjH+
6%6-696E6^6
2!2@2_2~2
9E w
^ _3
t/WWW
D$(E
1$1*151D1
uD9u
XSVW3
|$XH
t+H;
!]wH!]
|$XA
?%?M?
MenuItemFromPoint
A_A^A\_^
A_A^A\_]
D$@M
VWAVH
L @I
AssemblyConfigurationAttribute
T$pH
D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)
D$0 C
~\McB(I
A^A\_
t 3
VVPh
GetClipRgn
N(E3
@s Lc
HcP<L
need dictionary
|$4H
Gdf+G\fH
4+4N4
K(H; ,
D$@A
0#0V0h0
`SVW3
tTOtD
Q0E3
u,Hc
L$$D+
MessageBoxTimeoutA
YYNu
GX9wX
A_A^A]A\_^]
PWWWWV
GetProcessId
DeleteCriticalSection
L$8H
L$8D
D$(E3
stoi argument out of range
L$8A
? ?$?(?,?0?4?\?l?|?
~YHcS(A
0$00080@0L0T0\0h0p0x0
SVWUj
9"9(9R9
GetCursorPos
insufficient memory
l$@f
_CxxThrowException
A8tVH
WideCharToMultiByte
N H#
McB(I
6#6)606M6Z6
l$@u
t$L=
EUGI
l$@E3
u$9} t
L$83
l$@E
H95b
?5|
ResourceManager
memmove
l$@L
CreateDXGIFactory1
l$@H
_^[]
?_Xout_of_range@std@@YAXPEBD@Z
tPSV
GetWindowTextA
\$PHc
' E'4
@tXH
8!8&8k8
GetParent
SuspendThread
8$808<8H8T8`8l8x8
!w`^
StrRChrA
1@1V1
7B8O8
L$@fA;
] W3
SSSWS
} dSVW
d$HD
ftell
exit
D$)A
t%WhZ3
LcD$PD
D$)I
L$pD
091P1o1{1
f9]w
|.HcQ(A
0A_A^A]
0A_A^A\
t$0H+
Lc\$ E
9D$4}
4&4.464>4F4N4V4\4c4i4o4
; dm
DV2ControlHost
9E v
9E t
SetTimer
9E r
!l$0A
gfffD
K 9C0tB9C8t=9C<t8
\$xH
j*XjqZ
tEI;
t?<A
mdiclient
~v A
thPh"
K E3
DirectSoundCreate8
PA_A^A]A\_^]
LoadLibraryW
d$XH
DK fA
'0n0
LoadLibraryA
D$ ^_
6%7+797R7Y7c7j7t7y7
2 pP
4M5W5r5
v,;^pu'j
\$\H
SetCapture
p `Pi
t$`3
HcH<H
WVU3
SetWindowLongA
ReadProcessMemory
SWhX
t?PS
2D3M3R3X3_3t3
tDSV
u&Sh
\Visual Studio 2012\Projects\Socks\Release\Socks32.pdb
<0=:=?=D=Z=f=
L$`H3
5$50585@5L5T5\5h5p5x5
D$hL
Logoff
t$`H
DuplicateHandle
PWSV
? ?H?a?t?
5Genu
D$hH
~pjCXf
DirectSoundCreate
jlSW
ShellExecuteA
SVWAVH
StrCmpNIW
y&8]
u G;=`
8 8(80888@8H8P8X8`8h8p8x8
Thursday
t WV
RFB 003.008
:0:W:
8 9#9)979H9O9
9*9B9~9
:(:0:<:B:H:M:r:x:
l$XD+
D$h3
9X t w
t$hL
Start menu
A +A(
8&8/8U8a8l9
tmD;
9u ~{W
E;Y r
D$`3
D$`L
Pj@j
T$PI
u5E3
D$`D
t$hH
8A^_^[
D$`A
598tu
tTSj
|$`L
?0?6?A?P?e?k?}?
SetCursorPos
@A;E r
303S3d3m3
:&:W: ;
D3D10CreateDevice1
T$B3
u[E3
L1P1T1X1\1h1l1
0$0,080@0H0T0\0d0p0x0
ItDf
=(>=>G>
tHj8V
f9Egu:E3
K`E+
SysPager
GetStdHandle
??1type_info@@UAE@XZ
fD
Vh`!
D9 t
tYSH
7$707P7X7d7
D$p H
Disk Management
tXE3
\$ ;
mscorlib
;C }
CharUpperBuffW
SetProgmanWindow
tYSj
PVh":@
SetText
D+ R
Hc|$hLcd$`Mc
1(151M1Z1m1
EndMenu
A,RVj
\$ D
\$ E
t?f;
G8PSS
9+tM
\$ H
t$j\V
CallNextHookEx
4(444@4L4X4d4p4|4
l$,D
l$,E
0/0a0h0l0p0t0x0|0
-jd[;
windows.immersiveshell.serviceprovider.dll
PVj V
<?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>
6,6<6M6_6
u(9\$@v
0Y0y0'1b1r1
BXf;B8u8f
;&;,;7;<;
GetUserObjectInformationW
r ;]
L$ 3
WhP
GetUserObjectInformationA
~5f9
Hcz<H
T$(D
t PQ
t PW
D$@E3
T$(L
=6=<=
T$(H
L$0E3
Command Prompt
deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly
LoadLibraryExW
H9D$@
w<9w4t
] Vj
@UVWATAUAVAWH
D$Hu-D
9::H:
G(H9F t
M B)M
IsProcessorFeaturePresent
\$ WH
< =(=3=c=k=
NtProtectVirtualMemory
] V3
vuH
PAQj
6 646<6P6X6l6t6
entiE
D+D$XL
SWu
InterlockedIncrement
CreateToolhelp32Snapshot
CoUninitialize
Y9O t^
SwitchDesktop
ta@PP
DefWindowProcW
ujj
PjdSQ
BV:B6t
DefWindowProcA
~ZHcS(D
GLSP
ToUnicodeEx
@UWATAVAWH
t$0M;
u D:
u D9
t$(L
WaitForMultipleObjects
0&0/090F0X0d0
T$JH
T$ E3
AssemblyDescriptionAttribute
YY;E r
8 9!9]9
L$HH
L$HI
L$HD
L$HE
C8D+C|-
*.r
0$0(0H0L0l0p0
\$HE3
8X:c:
GetMenuItemCount
\$@I
tiE;
SetWindowOrgEx
L$Hd
V97t
\$LE2
1 51
SetThemeAppProperties
? ?(?4?<?D?P?X?`?l?t?|?
j.Yj\Z
A( u
L$xH3
u*hx
8C{v 8C|v
232?2K2_2l2w2
WAVAWH
_crt_debugger_hook
D$h!t$`!t$X!t$P!t$H
L$PE3
j [;
\$@3
4U4^4
u"fE
5(5.575c5k5s5{5
f;E@s
t$8H
GetCurrentThread
9c:s:
1$101<1H1T1`1l1x1
#32770
wFHc
~WIcR(
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
E PW
>A>s>|>
NtUnmapViewOfSection
T$ E
ZwRaiseHardError
VWj23
u{f9K0u f9K2
6+6$9@9L9
SRWQ
D$<P
h"Q@
D$l H
__crtCapturePreviousContext
<'<.<6<P<`<
mscoree.dll
!This program cannot be run in DOS mode. $
GetTempPathW
x UAVAWH
generic
File
\explorer.exe
PVVh
PVVj
.D8$
tXD9D$Dt f;
l$PH
3J4^4d4}4
|$H3
GetCurrentProcess
NSVW
DispatchMessageA
w Wj
HcS(A
T$(+D$83
x}~t
D$0Pj
435q5
GetDC
gfffffffH
memchr
DefFrameProcW
8!848G8
9E t}
4D5e5l5u5
DefFrameProcA
< ~
9D:J:S:Y:l:s:y:
L$8H3
k UQPXY]Y[
jGh g
PVV3
M`fA
M SW
|$HL
|$HH
L9p0u H
Programs and Features
GetActiveWindow
incompatible version
PathRemoveBlanksA
|$HA
AXI#
VVhU
t#H
CXfB
PathRemoveBlanksW
H!C(H
D$PD
u9H+
T6PE
v D+
r f;E
:;;J;g;{;
HcS<H
?D?L?S?X?h?l?r?v?|?
BSJB
\$hH
\$hD
RtlUnwind
u H
u WV
1&1C1
RtlVirtualUnwind
~bIcQ(E
t[9u
TranslateMessage
GetProgmanWindow
_initterm_e
v{hP
>_^[]
9P t
SetClipboardData
VncStopServer
H9;@
@PPPPVVhx
SetUnhandledExceptionFilter
MulDiv
1&1/141:1A1F1a1h1
j@X;
H Yj
60686<6X6t6x6
s A
ToolbarWindow32
?"?J?T?a?x?
GetSubMenu
_^][
E Ph
F 9A t%w
%0O0V0l0s0
t$(!\$
303O3a3s3
Select
L$@@
GetVersion
jeSW
jfSW
t$pH
.?AV_Generic_error_category@std@@
6#6:6X6
<$<,<8<@<H<T<\<d<p<x<
gdi32.dll
Qj@j
GetTickCount
LdrUnregisterDllNotification
V$YY
jjSW
D$ND
1'171i1x1
System.Linq
>2?8?<?@?D?
@_^[]
A^_^][
UATAUAVAWH
+|$4
3S4Y4a4g4x4
C D9C,}
6!7-7H7M7i7o7
95*W
lstrcpyW
] YY
] :C
t;H;
VhPB
CoCreateInstance
C,uZ
lstrcpyA
0A^_^
HcK(A
L$<9{
ClientToScreen
A_A\_
D LK
<$<P<v<|<
d$xH
tsWX
D$8D;
L$,3
~_IcQ(E
D$pPj
L$,9
j0Yf
HcD$PH;
t$p3
000000000000000000000000@@@@@@@@@@@@@@@@PPPPPPPPPPPPPXXXXXXXXXXXhhhhhhhhhhhpppppppppxxxxxxxxxxxx
RegCreateKeyExA
t%Sj
lstrlenA
GetCapture
GetProcessTimes
VVVVh
VVVVj
t@E3
E SVW
lstrlenW
KXH; C
E: u|
F9=HT
UnhookWindowsHookEx
VVVVV
122E2U2l2{2
4 @:
>2?E?\?r?
t$@fA
Software\Microsoft\Windows\CurrentVersion\Run
[ iA"
Bdf9
G(H9G r
|$pL
t7SH
1#INF
}~Lc
1#IND
} SV
6@6i6
;$;*;;;A;#<K<Y<
DSVW3
<C@2
:9u A
D$(!t$ 3
htR@
p ` 0 P
DefDlgProcW
IsValidCodePage
UnmapViewOfFile
T$`L
D$PM
GetClassNameA
$SVW3
D$PI
v6j0
CloseClipboard
D$PE
%s_%s
tfSH
|$px
D$PA
E SV3
D$PC
9Wdt
VWj\j
CertFreeCertificateContext
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
dddd, MMMM dd, yyyy
\$PH
\$PI
#fD9M
L$,+T$ +L$$3
A_A^_
PADPADP(
D$`<
D$tH
LocalAlloc
CreateDesktopA
>+>d>
CompilationRelaxationsAttribute
SAWV
d$0L
CryptMsgGetParam
p95T
CreateDesktopW
ChildWindowFromPointEx
;\$@r
Lcl$hD
8)868L8T8v8
File Explorer
System.Core
string too long
GetStringTypeW
Ot f
8(848@8L8X8d8p8|8
Random
tyL;
SHELLDLL_DefView
YYWWWW
9] t"
FindClose
CPH9s`u1
\$P3
9E u
NtQueryInformationFile
GetEnvironmentVariableW
=<>X>`>q>x>
A^A\_
2\3b3h3
GWVj
@SVWH
8%8<8S8Y8_8p8z8
D$8E
u/E2
?Zd;
t~PVW
j h@F
Q0E8
t$D3
3&3a3
E SV
.dll
\$4H
G[h
;7<~<
+L$$j
t#VWh$
0A_A^_
YY9Wdt
GetRegionData
6"636:6F6K6Q6X6]6p6
D!L$ 3
SDfgsdf
NWSV
t?xH
2Y5Y6
>csm
*D9C
SetTaskmanWindow
PrintWindow
D$8H
VisualEffects
t$xIc
L$PL
_except_handler4_common
u%E8 u
9+vr
6Y7f7y7
?_Winerror_map@std@@YAPBDH@Z
NtConnectPort
1%1=1U1_1q1
4=4C4t4
G[h`
H jdYf
5*5S5c5v5
6 6*606;6f6
LdrGetProcedureAddress
GetClassLongPtrA
;G;O;
t+H9K
DT I
@.data
D$8P
DeleteObject
D$PE3
Friday
L$XH
;U;c;};
FX^]
=R>Y>f>o>x>
sZH
AUAVAWH
SetClipboardViewer
RuntimeCompatibilityAttribute
474H4l4r4
0&020A0
|+H
OpenDesktopA
QSVW
\$XA_A^A]A\_^]
WWW
GetProcessWindowStation
5.6V6x6
Concat
l$ D
vo9_
6 656<6
l$ L
l$ H
stream end
T$8D
0d2}2
QSV3
(SVW
FindFirstFileW
r}4Ic
T$8H
ZwWow64ReadVirtualMemory64
SetWindowsHookExA
6,6E6P6l6v6
GetDesktopWindow
CreateEventA
FlashWindow
u ;U
<)=5=<=A=J=S=Z=p=
QQSVWhTS@
EmptyClipboard
malloc
s0Mc
H9\$H
LCMapStringW
f 4P
>_^]
B_:B?u
t!L;
UgE3
k(HcS(H
<5|j
r=D8v
tOh`
FindWindowA
F(I+
u#h0
f 4x
NDU|
O 9K ~
1.3.6.1.4.1.311.2.1.12
PA_A^A\_^][
cAMDD
5!5C5V5
0p0
ChangeClipboardChain
SVAW
@A;
SVW3
D+%O
<5|E
D$TD;
L$`E3
AssemblyFileVersionAttribute
=0>i>
u~E3
H!|$
<+=C=K=Y=
X_^]
)o|N
CreateFontA
X_^[
MSVCP110.dll
>$>->7>=>E>u>}>
r\9;t
2,202<2@2L2P2\2`2|2
System.Resources
SVWU
SVWj
RtlNtStatusToDosError
SVWh
wau
?'?6?>?U?[?
kU'9
#hvnc
tBVW
HH:mm:ss
D$,D
D B;
Ot A
LD A
9 9(90989@9H9P9X9`9h9p9x9
1%2S2y2
505@5D5T5X5\5d5|5
~^IcR(A
|$8H
< =c=m=v=
GetFileVersionInfoSizeW
|$8D
\$0E3
Bff9
|$8A
VWh`
3a4f4
HcA<
EndPaint
s+Mc
@ H9P u
t WSP
j@Z;
d$@I;
GetLocaleInfoW
D$0+
SetStdHandle
HcA<
D$4P
D$xH
7;8[8
VWh
] VWS
9u W
_^[
d|.H
5!5<5C5e5
2-2<2B2z2
u#j4P
VWh
M f;M
=$=,=4=<=D=L=T=\=d=l=t=|=
ResumeThread
GlY=

l$ AVH
t5It*
u fD
SetBkColor
t#9s
D$`H
FY;u
@A^_^
50g0
;,;2;?;E;^;d;~;
|$ H;
VerLanguageNameW
_v3H
8 8'8W8|8
String
Y!h!
:*:F:V:\:b:w:}:
5 515<5I5R5X5a5
_CorExeMain
DebuggerNonUserCodeAttribute
QSVWj
GetClipboardData
t"H+
PSSSSV
A_A^A]
2.2y2~2
0QRAPAQUH
2(20282L2T2`2h2p2|2
0<0I0O0
VNC-%08X%08X
Policies
invalid string position
RegisterClassA
j ZHtx
August
2 p!
H9OHtJH9OXtDH9O`t>H
u Wj
QSVW3
L$@D9
CryptMsgClose
D$Ph
~KHct$8Hc
D$(+D$83
D$ L
ZwQueryKey
7(7=7B7N7S7d7r7w7
Q122
I9A
NotifyIconOverflowWindow
=$=,=l=p=t=x=|=
HcQ(H
1 1:1C1\1f1s1
@Pj
fopen
H+D$(I
T$`f
Environment
StrRChrW
hpS@
ReleaseCapture
t$@L
sLMc
t$@H
VRPS
s&Hc
vector<T> too long
invalid stoi argument
;:;@;W;h;m;s;
t$@A
HHt]HH
`HcB<H
combase.dll
ItkItC
L$(f9D$(t"
WWWWW
9]wt
j@^;
DeleteFileW
p UH
<9_u

H91u 9q
uA;F
IEnumerable`1
KernelBase.dll
%HP@
D9l$dtXH
j _f
;T$ w
Tahoma
.u f9L$`
GetLastError
4"4.4_4
@UAVAWH
D$@f
fread
thVW
x ATAUAVAWD
l$hH
t%E3
x1;
D$@L
D$PL
D$@H
L$hH3
?/L[
D$@D
SSSSS
696D6I6P6
t SQP
=>=M=X=c=w=
System.Collections.Generic
Default
C +C(
D$PH
hlRO
9{||
RtlEqualUnicodeString
<_^[]
D$@
Wednesday
T$`D
CloseHandle
9L$<~
tOWV
x_^][
L$h3
D$@3
4 9:t^+
A_A^_^]
f9,Ot
0;0L0
3>3R3b3w3
]0E3
t1H;
OpenEventW
QQQPj
YY_^[
l$ VWATAVAWH
YY_^]
_LVS
OpenEventA
|$`H
?_Xbad_alloc@std@@YAXXZ
VWj!_
Lct$hLcd$`Mc
9^8t
2'2_2t2
u D9e
E;whr
QQSVWh,
Device Manager
H98t H
uVPPh$
Hcz<E
tpf;
nkaX
80t-
< u
Pw h
HcZ<M
A8E3
j Vj
\$@E
4h4H5i5p5
\$@A
E\$pH
<.=\=}=
\$@H
T$`H
(SVW3
ComVisibleAttribute
LcD$\H
GetMenu
x 9<
GetCPInfo
3System.Resources.Tools.StronglyTypedResourceBuilder
.ctor
= =(=0=<=D=L=X=`=h=t=|=
@.rsrc
5@6F6T6p6x6
4 4(444<4D4X4`4t4|4
L$ t
GetClientRect
8B8h8
u H9k
\$@+
L$ D
L$ E
;ALu
t/9u
L$ L
L$ M
OutputDebugStringW
L$ I
~KMc
~FHc|$8Lc
D$0SVW
YYVS
tVI;
wrD9
~\IcR(
InterlockedDecrement
8%9-939P9Y9j9~9
2 3'3.3Q3X3j3s3y3
WriteProcessMemory
NtSetContextThread
memset
101?1E1M1n1y1
EditorBrowsableState
D958
D9l$`
HeapAlloc
u:9k,|5H
GNHcK(H
RegQueryValueExW
u VW
u Vj
CultureInfo
:I;X;h;
WATAWH
?$?0?<?H?T?`?l?x?
1.0.0.0
t*f9
SetThreadDesktop
t H9|$0
~ ;E
3v4{4
f94XuO
jAZjZ^
u(QW
~BHc|$8Hc
D$dH
t'Wj
d$ L
GetWindowLongA
7^9u9~9
Y_^[]
@USVWATAUAVAWH
EnumDesktopWindows
L$1D
RealChildWindowFromPoint
D$0A;
_t j
;G r
ineI
9$9(90949<9@9H9L9T9X9`9d9l9p9x9|9
D9D$Ht D
D$xL
lstrcatA
4I9O9Z9`9T:Z:}:
__dllonexit
H9F(u H
R 9Q
j h0P
t$@E+
~';_t|%3
tCL+
|$hI
0A_A^_^]
9)9N9
8SVW
WjGh g
GfA
9y tQ9y$tL
EnumChildWindows
_onexit
L$hL
L$hH
L$hD
L$hE
5hpA
MSTaskSwWClass
CreatePatternBrush
,242<2D2L2T2\2d2l2t2|2
L$h;
D$`P
u ;_tr.
x HcD$0
<B<V<t<
EPH+
kG| SW
\$8A;
w0SW
ScreenToClient
A SP
FindWindowExA
+t"HHt
j h$P
l$0E
1$1,141<1D1L1T1\1d1l1t1|1
t f;
D$ %
l$0L
l$0H
GLHcK(H
t>f;
u fD
SystemTimeToFileTime
Npt"
ntdsapi.dll
D$ 8
H9}xu
unknown error
D$Df
D82u&H
H90t H
OPRN
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
WaitForSingleObject
: ;8;
L$hIc
L$$A;
NtQueryObject
gfffA
uGf9_
F8PWW
??3@YAXPAX@Z
fffffff
0#1,1?1L1i1o1|1
BZf;B:u.f
SHGetSetSettings
u 9V
8D$8t H
t fA
u 9Y
Xf;E
u 9Z
1 2O2
PA^_^
30d0
System.Reflection
u 9V
4E4K4\4b4
tyE3
HeapDestroy
System.CodeDom.Compiler
u VS
u HAO8
L$L;
GetTaskmanWindow
IsWindow
L$!A
p ` P
` AUAVAWH
t RW
WWh(
ole32.dll
t VVW
t VVV
t'I9u
D8t$Ht H
A81t@@8r
D$Af
9 Pn
CryptQueryObject
Gd+Gh=
rGA+
SSSS
343:3P3m3u3
D$pE
282>2X2j2|2
5/5N5Y5e5
L$LI
Lct$XIc
1&1-1=1I1m1
3'323H3`3k3z3
4'585L5R5W5
L$pH3
SVQf
u @=
Bhf9
0<1E1
x UATAUAVAWH
GetMessageA
7 7,787D7P7\7h7t7
G,9u
Next
ExitProcess
PWhE
GetMessageW
Ht8HuY
CD9C
1 1G1u1
D$0<
+C ;
9D$8t%E3
buffer error
waveOutOpen
4.0.0.0
.?AVtype_info@@
D$03
:.:4:?:E:N:S:Y:j:
woSW
9-9Y9?:V:
GetWindow
~_D
D$0!
8Czv
7 818A8G8R8c8m8{8
ugPj
Copyright
|$(D
73787F7L7Z7i7n7v7|7
*Vs
D$0L
D$0M
PA_A^A\_^[]
4J4O4y4
D$0H
D$0I
D$0D
D$0E
UVWAVAWH
\$HL
D$0A
RSDSf
SHGetFolderPathW
?$?1?:?A?N?W?b?|?
f9w t=f9u
@84 uV
tDE3
9E u
D8t$8t H
length
I8E3
0Lcq<3
AssemblyCopyrightAttribute
>!?-?
v2.0.50727
D$0f
4,5B5[5i5o5
<<<E<M<b<n<w<
uYD9
1/2I2R2
NtRaiseHardError
EnterCriticalSection
Ic@<B
lstrcmpiA
u fE
lstrcmpiW
# 5#d
u$j
tYVU
@9E w
H;
7j V
tr9u
system
fclose
3 3/3
:d<|<
CreateDirectoryW
WriteFile
H9p(t H
^+tv
<$u%3
E<t`
D$,+L$(+D$$
t+@;
ExtTextOutA
D$(Hc
t Wj
dsound.dll
r f;
SetKeyboardState
` UAVAWH
NtCreateSection
CreateRectRgn
H; @
WATAVH
.?AVerror_category@std@@
t WS
GetSystemMenu
3 474b4
Shutdown
GetTypeFromHandle
HA_A^A]A\_^][
x.j(
SVt*
E ;U
EndDialog
GlobalFree
E ;]
E ;A
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
E ;E
o~pf
Ic.L
L$@A
StrChrW
|$PL
t$ UH
fseek
|$PH
??2@YAPEAX_K@Z
StrChrA
`.rdata
wd8_7
6 737D7n7w7
GetKeyState
A^_]
A^_^
CoInitialize
D$yB
%Rich
9Ewt
L$@H
:':/:=:E:[:x:
y(IcQ(I
EnumProcessModules
ov`f
GetWindowLongPtrA
D$^f
SendMessageTimeoutA
@USVWH
DllGetClassObject
E_E3
; ;(;0;<;D;L;X;`;h;t;|;
tLxXj
8O8Y8i8
Y8M+
__CppXcptFilter
x ATAVAW3
Saturday
t<SH
RedrawWindow
t?jDj
System.Runtime.InteropServices
,SVWj 3
L$0D
L$0E
UxTheme.dll
L$0A
E HP
L$0L
L$0M
t"j XP
L$0H
L$0I
YY;}
strtol
?_Syserror_map@std@@YAPEBDH@Z
YY;E
strtok
t SWV
<4<I<S<
RegOpenKeyExW
L$0f
@88t H
3&3A3L3\3i3s3
advapi32.dll
l$x3
jhSW
l$xH
l$xI
\$`D+D$XH
l$xE
inet_ntop
l$xA
9_|~Q
ughT
L$XE3
x$;
<K_u
HeapReAlloc
GetThreadDesktop
memcpy
A_A^A]_]
SVjA[jZ^+
IsWow64Process
3 4^4k4
161>1I1\1b1t1z1
DD A
9Olu
MSTaskListWClass
__crt_debugger_hook
=#=&>
=/=K=T=
1M2d2j2
J3|]@
L$hE3
T$dH
9O_^[
sIMc
T$PE3
Ht Hu-
;B;_;
j@%@
M'H3
Lcd$XIc
`A^_]
>$>,>4><>D>L>T>\>d>l>t>|>
L$ E;
UnhandledExceptionFilter
|$(H!l$
j PV
DirectSoundFullDuplexCreate8
t9VV
July
GetMenuDefaultItem
ActivateKeyboardLayout
GLVP
\$0H;
CreateThread
2%2K2W2
\$0H3
__CxxFrameHandler3
LdrRegisterDllNotification
GetSystemTimes
L$@f9\$@t f
Synchronized
\$pH
\$pI
GDI32.dll
VirtualQuery
43o
@t H
NtSuspendProcess
t SW
D$T;
SleepEx
WriteConsoleW
=
3 R
RtlCompareUnicodeString
KhH;
E A#
081C1S1o1
t Vj
t H9
t H;
D#CtD
stream error
N H#
SetLayeredWindowAttributes
AssemblyProductAttribute
__C_specific_handler
0A0G0Q0n0|0
s(HcK(H
D$hD
>*?8?K?e?j?q?
T$XA
taskmgr
uPH;C
6 707E70;6;C;I;L<R<u<{<1=7=D=J=[=q=|=
T$XH
u-j P
D#GtD
3&32393Z3u3
PlaySoundW
FolderView
t$hC
UVWH
p `
D?$?
GetStockObject
0G0_0x0
PlaySoundA
UVWS
! 5!
t5j.
inet_pton
;Cpt S
H93t H
3&3w3

u29F$t#
;$;];j;
AttachThreadInput
value
D+moA
EditorBrowsableAttribute
2018
SetForegroundWindow
@A_A^_
t;PW
ExitWindowsEx
WindowFromDC
_malloc_crt
;\$xt
?)?0?5?>?G?N?d?
R pP
PRSQ
<;<U<
XA_A^A]A\_^][
uB9]
E ;u
L$@9{
3$3,383@3H3T3\3d3x3
_amsg_exit
t[SVh
t[SVj
StrTrimW
^[t
\$8L
},H
\$8H
ZwConnectPort
404P4p4
\$8D
\$8E
y{9] tv
M u-j
#GUID
wLD9
d$4A
|$@D;
version.dll
D$(L;
IsWindowVisible
__clean_type_info_names_internal
LdrLoadDll
:):3:B:I:T:e:
7"7>7J7\7x7
GetWindowInfo
(Lc`
D$(L+
u.9u
_initterm
sgHc
L$xH
L$xD
9F4t
DefDlgProcA
021\1y1
;u r
;u |
f9V tT
GetAncestor
:L:U:_:e:y:
IcR(A
T$`E3
build.Properties.Resources.resources
SysListView32
Sunday
QQVW
ApplicationSettingsBase
0 0G0^0d0k0q0
t_SW
@SVW
AcquireIAMKey
_lock
626>6e6
D$ 3
T$HH
June
?_Xout_of_range@std@@YAXPBD@Z
Pj QS
} Y;
%SSS
@_^]
7'7F7Q7]7{7
@_^[
Shell32.dll
D$H+D$@E+
F-hY
A_A^A\_^
tNhx
7"8(8X8b8|8
f;G v
>(>5>J>O>c>t>y>
InitializeCriticalSection
E YY
>">a>x>
0$000C0^0p0
GeneratedCodeAttribute
VRSW
|$@t H
</=8=C=I=l=u=z=
PathRemoveArgsA
D$ M
F8+x
D$ H
swD+
D$ D
D$ E
ntdll
D$ @
D$ A
H95Rz
FTPS
Clipboard
PathRemoveArgsW
GetVersionExA
T$PH
sxD+
D8L$Ht H
D$`I
C`#St
D$ j
L$(M
2$2,242<2D2L2T2\2d2l2t2|2
TrayNotifyWnd
~LIcR(A
9>9Q9d9o9

6#7T7a7
D$`E
D$ t
@^[_
t$HD
6"6Q6%7+7G7
D$
D$
H;D
M H#
T$PA
tsD;
ConsoleWindowClass
u$H;
L$(E
D$`C
U@E3
@f9E
December
3$3,343<3D3L3T3\3d3l3t3|3
u2jd
D$
9w<t
w$H
D$ <
p P
System.ComponentModel
667J7
; <B=J=
z?aUY
p ` 0 P
Yt^W
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>
u=9N$|8
D$ 3
_purecall
getaddrinfo
MapVirtualKeyA
OpenInputDesktop
?q=
QQSVWj
} {t2
TerminateThread
h$Q@
OpenThread
DefMDIChildProcW
KERNEL32.dll
SetWindowLongPtrA
RegisterWindowMessageA
DefMDIChildProcA
t$ WATAUAVAWH
p AWH
|$ UATAUAVAWH
DK f
9D$8}
D$XHc
file error
November
L$@9
L$@D
L$@E
4I4R4Z4e4j4u4z4
PSPj
L$@L
RemoveDirectoryW
??2@YAPAXI@Z
4]4b4i4n4u4z4
L$@I
t.E3
1'2?2W2z2
QQSVW3
CertFindCertificateInStore
2%313=3w3
H;^X
GdiFlush
.rsrc
0HcA<H
KxH;
T$(fH
__crtUnhandledException
L$@f
DirectSoundFullDuplexCreate
8j9y9
?(?,?L?P?h?p?t?
iostream
System.Windows.Forms
r(;q
u 9=
9] t
9] u
PSPS
OpenClipboard
|+;E
939P9y9
L$ UVWATAUAVAW
.?AV_Iostream_error_category@std@@
t H;
FLSP
6O6r6
PPPPV
t$ H
PPPPP
t$ D
?$?-?2?
t$ G
?)?C?o?
T$lH
NtMapViewOfSection
HiliteMenuItem
MessageBoxW
AppendMenuA
D+M
x ATAUAVAW
RegGetValueW
9E W
9w4v)
K0H; "
r.h|S@
Wow64EnableWow64FsRedirection
5.535;5
CreateDIBSection
Q 9V ~
GetModuleFileNameExA
February
wtVj
GetDoubleClickTime
d$ E3
RSDSIF
April
|$ Lc
F ;B t
t E3
L$ D
G0fA
L$ E
GetLongPathNameW
G6fA
tdL9A0t^L9A8tXD
L$@H3
<v9I
6"7>7D7Y7b7i7z7
HMXB
Sleep
-nomerge -noframemerging
t7E3
VirtualAlloc
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-15 01:15:53 2018-06-15 01:18:48 175

6 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-15 01:15:53 2018-06-15 01:18:48 175

10 Summary items with data

Files

C:\Windows\sysnative\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\*
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\hvnc.exe.config
C:\Users\Seven01\AppData\Local\Temp\hvnc.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\hvnc.exe.Local\
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\hvnc.config
C:\Users\Seven01\AppData\Local\Temp\hvnc.INI
C:\Windows\sysnative\l_intl.nls
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\83e2f6909980da7347e7806d8c26670e\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\build.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\build.resources\build.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\build.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\build.resources\build.resources.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\build.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\build.resources\build.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\build.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\build.resources\build.resources.exe
C:\Users\Seven01\AppData\Roaming\HBH176.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2480.26462890
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2480.26462890
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2480.26462937
C:\Windows\Globalization\Sorting\sortdefault.nls

Read Files

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\hvnc.exe.config
C:\Users\Seven01\AppData\Local\Temp\hvnc.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\msvcr80.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\sysnative\l_intl.nls
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\83e2f6909980da7347e7806d8c26670e\System.Core.ni.dll
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\Sorting\sortdefault.nls

Write Files

C:\Users\Seven01\AppData\Roaming\HBH176.exe

Delete Files

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2480.26462890
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2480.26462890
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2480.26462937

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hvnc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\783a3c8e\481b524d
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\internal\jit\Perf
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\hvnc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\856A400B
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3beba4a6\17239289
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|hvnc.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|hvnc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|hvnc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3beba4a6\164df4b0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SDfgsdf
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Parameters\Transports
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Winsock\Mapping
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\Mapping
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MinSockaddrLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\HelperDllName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\856A400B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7ac727df\7b5311d7\69\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7b5311d7\1b0ed4d\69\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Parameters\Transports
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Winsock\Mapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\Mapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MinSockaddrLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\HelperDllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SDfgsdf

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
Local\{41435A30-AC43-1BEB-BE05-A07FD209D423}

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlVirtualUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.GlobalMemoryStatusEx
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
shfolder.dll.SHGetFolderPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
ole32.dll.OleInitialize
ole32.dll.OleSetClipboard
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
ole32.dll.OleFlushClipboard
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalReAlloc
kernel32.dll.GlobalLock
kernel32.dll.RtlMoveMemory
kernel32.dll.GlobalUnlock
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.CreateFileW
kernel32.dll.CloseHandle
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.LocalAlloc
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
kernel32.dll.LocalFree
ole32.dll.CoWaitForMultipleHandles
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister
kernel32.dll.Wow64EnableWow64FsRedirection
ntdll.dll.ZwWow64QueryInformationProcess64
ntdll.dll.ZwWow64ReadVirtualMemory64
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
psapi.dll.GetModuleFileNameExA
psapi.dll.GetMappedFileNameA
psapi.dll.EnumProcessModules
shlwapi.dll.PathStripPathA
shlwapi.dll.StrDupA
shlwapi.dll.StrRChrA
shlwapi.dll.StrChrA
shlwapi.dll.StrRChrW
shlwapi.dll.PathRemoveArgsW
shlwapi.dll.PathRemoveBlanksW
shlwapi.dll.StrTrimW
shlwapi.dll.StrCmpNIW
shlwapi.dll.StrChrW
shlwapi.dll.PathRemoveBlanksA
shlwapi.dll.PathRemoveArgsA
ntdll.dll.RtlLookupFunctionEntry
ntdll.dll.RtlCaptureContext
ntdll.dll.RtlEqualUnicodeString
ntdll.dll.NtQueryObject
ntdll.dll.NtQueryInformationFile
ntdll.dll.NtQuerySystemInformation
ntdll.dll.RtlUnwindEx
ntdll.dll.RtlCompareUnicodeString
ntdll.dll.RtlInitUnicodeString
ntdll.dll.NtResumeProcess
ntdll.dll.NtSuspendProcess
ntdll.dll.NtSetContextThread
ntdll.dll.NtGetContextThread
ntdll.dll.ZwQueryInformationProcess
ntdll.dll.RtlNtStatusToDosError
ntdll.dll.ZwClose
ntdll.dll.NtUnmapViewOfSection
ntdll.dll.NtMapViewOfSection
ntdll.dll.NtCreateSection
ntdll.dll.ZwQueryKey
ws2_32.dll.WSAStringToAddressW
ws2_32.dll.#116
ws2_32.dll.#115
ws2_32.dll.#3
ws2_32.dll.#4
ws2_32.dll.#10
ws2_32.dll.#9
ws2_32.dll.#16
ws2_32.dll.#18
ws2_32.dll.#19
ws2_32.dll.#21
ws2_32.dll.#22
ws2_32.dll.#23
ws2_32.dll.#8
crypt32.dll.CryptMsgGetParam
crypt32.dll.CryptQueryObject
crypt32.dll.CertGetNameStringW
crypt32.dll.CertFreeCertificateContext
crypt32.dll.CertFindCertificateInStore
crypt32.dll.CertCloseStore
crypt32.dll.CryptMsgClose
crypt32.dll.CryptDecodeObject
kernel32.dll.GetComputerNameW
kernel32.dll.MultiByteToWideChar
kernel32.dll.FreeLibrary
kernel32.dll.GetProcAddress
kernel32.dll.GetVersion
kernel32.dll.LoadLibraryA
kernel32.dll.GetCurrentProcessId
kernel32.dll.CreateEventA
kernel32.dll.GetModuleHandleA
kernel32.dll.VirtualProtect
kernel32.dll.InitializeCriticalSection
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.DeleteCriticalSection
kernel32.dll.lstrcmpA
kernel32.dll.lstrcpyA
kernel32.dll.lstrlenA
kernel32.dll.SetLastError
kernel32.dll.lstrcmpiW
kernel32.dll.lstrcpyW
kernel32.dll.lstrcatA
kernel32.dll.lstrcatW
kernel32.dll.WideCharToMultiByte
kernel32.dll.lstrcmpiA
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualFree
kernel32.dll.VirtualAllocEx
kernel32.dll.OpenProcess
kernel32.dll.WaitForSingleObject
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.SetFilePointer
kernel32.dll.GetModuleFileNameA
kernel32.dll.CreateFileA
kernel32.dll.TerminateThread
kernel32.dll.GetTickCount
kernel32.dll.SleepEx
kernel32.dll.ReleaseMutex
kernel32.dll.TerminateProcess
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.WaitForMultipleObjects
kernel32.dll.CreateMutexA
kernel32.dll.IsBadStringPtrA
kernel32.dll.ExpandEnvironmentStringsW
kernel32.dll.GetVersionExA
kernel32.dll.WriteConsoleW
kernel32.dll.SetStdHandle
kernel32.dll.GetConsoleMode
kernel32.dll.GetConsoleCP
kernel32.dll.FlushFileBuffers
kernel32.dll.OutputDebugStringW
kernel32.dll.LoadLibraryExW
kernel32.dll.LCMapStringW
kernel32.dll.GetStringTypeW
kernel32.dll.GetModuleFileNameW
kernel32.dll.GetStdHandle
kernel32.dll.GetModuleHandleExW
kernel32.dll.ExitProcess
kernel32.dll.TlsSetValue
kernel32.dll.TlsGetValue
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.GetCPInfo
kernel32.dll.GetOEMCP
kernel32.dll.GetACP
kernel32.dll.IsValidCodePage
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.IsDebuggerPresent
kernel32.dll.VerLanguageNameW
kernel32.dll.GetLocaleInfoW
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.GetProcessTimes
kernel32.dll.Process32NextW
kernel32.dll.Process32FirstW
kernel32.dll.SetEvent
kernel32.dll.HeapFree
kernel32.dll.HeapReAlloc
kernel32.dll.HeapAlloc
kernel32.dll.HeapDestroy
kernel32.dll.HeapCreate
kernel32.dll.GetModuleHandleW
kernel32.dll.Sleep
kernel32.dll.ResumeThread
kernel32.dll.SuspendThread
kernel32.dll.GetThreadContext
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.GetLastError
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.DeleteFileW
kernel32.dll.RemoveDirectoryW
kernel32.dll.CreateDirectoryW
kernel32.dll.SetFilePointerEx
kernel32.dll.SetEndOfFile
kernel32.dll.GetFileInformationByHandle
kernel32.dll.GetProcessId
kernel32.dll.CreateThread
kernel32.dll.SwitchToThread
kernel32.dll.VirtualProtectEx
kernel32.dll.MulDiv
kernel32.dll.GetSystemWindowsDirectoryA
kernel32.dll.SystemTimeToFileTime
kernel32.dll.GetSystemTime
kernel32.dll.GetTempPathW
kernel32.dll.GetLongPathNameW
kernel32.dll.GlobalFree
kernel32.dll.OpenFileMappingA
kernel32.dll.CreateFileMappingA
kernel32.dll.UnmapViewOfFile
kernel32.dll.MapViewOfFile
kernel32.dll.OpenThread
kernel32.dll.FindClose
kernel32.dll.lstrcmpW
kernel32.dll.OpenEventA
kernel32.dll.FindFirstFileW
kernel32.dll.FindNextFileW
kernel32.dll.lstrcpynW
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.LoadLibraryW
user32.dll.SetClipboardViewer
user32.dll.SetClipboardData
user32.dll.EmptyClipboard
user32.dll.ChangeClipboardChain
user32.dll.GetClipboardOwner
user32.dll.UnhookWindowsHookEx
user32.dll.SetWindowsHookExA
user32.dll.GetAncestor
user32.dll.GetWindowInfo
user32.dll.CallNextHookEx
user32.dll.GetClassNameA
user32.dll.FindWindowA
user32.dll.GetParent
user32.dll.SetClassLongPtrA
user32.dll.GetClassLongPtrA
user32.dll.SetWindowLongPtrA
user32.dll.GetWindowLongPtrA
user32.dll.FillRect
user32.dll.ScreenToClient
user32.dll.ClientToScreen
user32.dll.GetClientRect
user32.dll.RedrawWindow
user32.dll.MenuItemFromPoint
user32.dll.GetMenuItemRect
user32.dll.EndMenu
user32.dll.TrackPopupMenuEx
user32.dll.TrackPopupMenu
user32.dll.GetMenuItemCount
user32.dll.GetMenuItemID
user32.dll.GetSubMenu
user32.dll.GetSystemMenu
user32.dll.GetMenuState
user32.dll.HiliteMenuItem
user32.dll.GetMenu
user32.dll.SetKeyboardState
user32.dll.SetLayeredWindowAttributes
user32.dll.PrintWindow
user32.dll.CallWindowProcA
user32.dll.DefWindowProcA
user32.dll.PostMessageA
user32.dll.SendMessageTimeoutA
user32.dll.SendMessageA
user32.dll.ActivateKeyboardLayout
user32.dll.FindWindowExA
user32.dll.GetThreadDesktop
user32.dll.GetWindowThreadProcessId
user32.dll.WindowFromDC
user32.dll.IsWindow
user32.dll.GetClipboardData
user32.dll.OpenClipboard
user32.dll.wsprintfA
user32.dll.GetDC
user32.dll.ReleaseDC
user32.dll.wsprintfW
user32.dll.GetUserObjectInformationA
user32.dll.GetDoubleClickTime
user32.dll.SetWindowPos
user32.dll.GetSystemMetrics
user32.dll.GetMenuItemInfoA
user32.dll.GetMenuDefaultItem
user32.dll.GetWindowRect
user32.dll.MapWindowPoints
user32.dll.IsRectEmpty
user32.dll.GetWindow
user32.dll.SetThreadDesktop
user32.dll.GetMessageA
user32.dll.TranslateMessage
user32.dll.DispatchMessageA
user32.dll.PostThreadMessageA
user32.dll.DestroyWindow
user32.dll.ShowWindow
user32.dll.CreateDialogIndirectParamW
user32.dll.EndDialog
user32.dll.ExitWindowsEx
user32.dll.GetKeyState
user32.dll.CreatePopupMenu
user32.dll.DestroyMenu
user32.dll.AppendMenuA
user32.dll.AttachThreadInput
user32.dll.IsWindowVisible
user32.dll.IsIconic
user32.dll.BringWindowToTop
user32.dll.SetFocus
user32.dll.SetActiveWindow
user32.dll.SetForegroundWindow
user32.dll.WindowFromPoint
user32.dll.PtInRect
user32.dll.EnumChildWindows
user32.dll.GetLastActivePopup
user32.dll.GetGUIThreadInfo
user32.dll.RealChildWindowFromPoint
user32.dll.DrawEdge
user32.dll.GetWindowTextA
user32.dll.GetScrollBarInfo
user32.dll.CreateDesktopA
user32.dll.EnumDesktopWindows
user32.dll.CloseDesktop
user32.dll.RegisterWindowMessageA
user32.dll.GetDesktopWindow
user32.dll.GetWindowLongA
user32.dll.SetWindowLongA
user32.dll.IntersectRect
user32.dll.ToUnicodeEx
user32.dll.GetKeyboardLayoutList
user32.dll.GetKeyboardLayout
user32.dll.ToAscii
user32.dll.VkKeyScanA
user32.dll.VkKeyScanExA
user32.dll.VkKeyScanExW
user32.dll.MapVirtualKeyA
user32.dll.MapVirtualKeyExA
user32.dll.ChildWindowFromPointEx
user32.dll.SetWinEventHook
user32.dll.UnhookWinEvent
user32.dll.RegisterClassA
user32.dll.CreateWindowExA
user32.dll.MoveWindow
user32.dll.CharUpperBuffW
user32.dll.SetTimer
user32.dll.KillTimer
user32.dll.DrawTextW
user32.dll.BeginPaint
user32.dll.EndPaint
user32.dll.GetSysColor
user32.dll.SendNotifyMessageA
user32.dll.CloseClipboard
gdi32.dll.CreateDIBSection
gdi32.dll.GetStockObject
gdi32.dll.CreateFontA
gdi32.dll.SetTextColor
gdi32.dll.GetDeviceCaps
gdi32.dll.GetSystemPaletteEntries
gdi32.dll.SetWindowOrgEx
gdi32.dll.DeleteDC
gdi32.dll.GdiFlush
gdi32.dll.GetRegionData
gdi32.dll.GetDIBits
gdi32.dll.GetClipBox
gdi32.dll.SetBkColor
gdi32.dll.SetBkMode
gdi32.dll.CombineRgn
gdi32.dll.CreateBitmap
gdi32.dll.CreatePatternBrush
gdi32.dll.ExtTextOutA
gdi32.dll.SetDIBColorTable
gdi32.dll.SelectObject
gdi32.dll.CreateCompatibleDC
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.BitBlt
gdi32.dll.SetViewportOrgEx
gdi32.dll.SelectClipRgn
gdi32.dll.GetViewportOrgEx
gdi32.dll.GetClipRgn
gdi32.dll.DeleteObject
gdi32.dll.CreateRectRgn
advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorA
shell32.dll.ShellExecuteA
ole32.dll.CoUninitialize
ole32.dll.CoInitialize
user32.dll.MessageBoxTimeoutA
mswsock.dll.WSPStartup
wshtcpip.dll.WSHOpenSocket
wshtcpip.dll.WSHOpenSocket2
wshtcpip.dll.WSHJoinLeaf
wshtcpip.dll.WSHNotify
wshtcpip.dll.WSHGetSocketInformation
wshtcpip.dll.WSHSetSocketInformation
wshtcpip.dll.WSHGetSockaddrType
wshtcpip.dll.WSHGetWildcardSockaddr
wshtcpip.dll.WSHGetBroadcastSockaddr
wshtcpip.dll.WSHAddressToString
wshtcpip.dll.WSHStringToAddress
wshtcpip.dll.WSHIoctl
kernel32.dll.GetSystemTimes

Execute Commands

C:\Users\Seven01\AppData\Roaming\HBH176.exe 
C:\Windows\system32\svchost.exe -k

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-15 01:15:53 2018-06-15 01:18:48 175

1 Host(s) detected

IP Address Hostname Reverse DNS
95.211.100.152 Netherlands

Host(s) by Country

Hosts Country 1
1 Netherlands Netherlands

#infosec #automation

TheSystem Itself @ 2018-06-15 01:18:13