MalScore
100/100
MalFamily
Ispy

pikin.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 30/66 Related 2494
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 419.50 KB (429568 bytes)
Compile time: 2017-07-30 20:59:27
MD5: e192b603ab23cc8eab085cad7add91b0
SHA1: e349dcd28c6e209d009247055a644f3bd1eb2efa
SHA256: 87d0067aad33115f5869bf27e4262b103ba6382283baed78225c95d4f1de440f
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-05-11 07:30:09
Last submission: 2018-05-11 07:30:09
Filename detected: - pikin.exe (1)
URL file hosting
hXXp://uy-akwaibom.ru/blessed/Panel/pikin.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-05-11 05:06:50 [30/66] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x68324 427008 65cc7f6e2bf4ccbe4e4d2d1dd4371f8f 75d3e01a68dffcbc520d940e031a97ae7ce2095c
.rsrc 0x6c000 0x5c4 1536 715c292aead7f3e984dcd221f77cb9f3 89faf844baf84a5d5ab07593488ecef36be62300
.reloc 0x6e000 0xc 512 6975d55c0a17c125ad9956c7617dba7d 81d1cbcf9ec7a7c88dee1539831253778d61965e
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x6c0a0 824 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x6c3d8 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 P-global inc
Assembly Version: 0.0.0.0
InternalName: Pcrypt.exe
FileVersion: 25.4.37.9
CompanyName: P-global inc
Comments: fsgr57jo
ProductName: system info
ProductVersion: 25.4.37.9
FileDescription: system info
Translation: 0x0000 0x04b0
OriginalFilename: Pcrypt.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
25.4.37.9
URL(s)
No URL found
Assembly Version
2769d7f3-96d6-2020
VarFileInfo
FileDescription
Comments
P-global inc
25.4.37.9
InternalName
Pcrypt.exe
0.0.0.0
VS_VERSION_INFO
OriginalFilename
StringFileInfo
Translation
2769d7f3-96d6-2018
2769d7f3-96d6-2019
3F]
FileVersion
system info
Copyright
2769d7f3-96d6-2010
2769d7f3-96d6-2011
2769d7f3-96d6-2012
2769d7f3-96d6-2013
2769d7f3-96d6-2014
2769d7f3-96d6-2015
2769d7f3-96d6-2016
2769d7f3-96d6-2017
837abd5f-a693-44
000004b0
aef0e146-f0dc-4205-855e-9102969e8b32
ProductVersion
2769d7f3-96d6-208
2769d7f3-96d6-209
2769d7f3-96d6-206
2769d7f3-96d6-207
2769d7f3-96d6-204
2769d7f3-96d6-205
2769d7f3-96d6-202
2769d7f3-96d6-203
2769d7f3-96d6-200
2769d7f3-96d6-201
LegalCopyright
CompanyName
fsgr57jo
2018 P-global inc
ProductName
9 =!
$u%u
"9#
3_jo
_X&}
Rt f
U`,pj
n~L(~
|Xgg
S?"q1
y8-lL c
| rj
t8Ez%6
'hW%9
\<+r0
;p6y
g!{H
VLR6
LX1-
:`[v:
G\C3d
Pa'}
PNG
]PgjS
wF/
S9X%
{!^e
nY !
7p6%S
kwP<
DLn~
GetManifestResourceNames
`aZGA^
}-*~
]$jcL97JVD
"!|@
':8k_#y
w>(-
10Qo
` #h
7a-F
] 3vy
X/Bj
#Vrg
AutoScaleMode
$*P4U_
O@jQ
= oP\
Dc4
xkt&
Bmk*d@I
sv2+P
nx*-
~ PK
){~
L!%!
UHN}
hk3{
=hvg
rvv"
U>I-:
k* s#
eyVQ
pM=
6 IN
W*7F
;q'
i5R]
?uFl
9|j|
Pb)o
Da\x
--#j
Y)& 6a(Z
<PrivateImplementationDetails>
@CmSsb
I ?YY
AFo!
pO A
X"Vt
\4og
MarshalByRefObject
JTGC
get_Controls
7T~M
]!fQ?
cER*
DVs`
}>c=c|k
FormClosedEventHandler
"Qi9
X{<(
^<7H}m
N&n'r
c-o0
61G
Y3WY
_Hb2
TaWq/i
xH;]=
Y!>Wg
+gtS.
/opm
S Vv
(_/g
5#5{
gS\>
(.+
an?{.
^RWZ
r^4"
{w$x
UCeA
}. p
;NnN
tk4yG3
1XLv%{3
8!y-
O Z=
,z\5
b+,PS
_l'zV
< UA
((9V
{D4k1
r30''V
<,SY
mfG?B?
(YsQv
zb|="
|bQ<el
;Fw(
/g9J
XlF`
hVb3
GrM
`V>M
aoR'
.cctor
<TL
jT Noa
aWBx
'/H~
/Njp
,P3E
~4A+
4-kt~
SE3Pz
Odt!
n~*\! $
;T1-
{]#X
lsG6
L<N,
CompilationRelaxationsAttribute
li3'
v53"G#n
mqe=F|
`b%&*
.B==
-Y/cv
#v L9
Y18
, e*@F
=!v
6nY~
ezuO
; O|
yX*O
l`(dt']
WMaM"
kQU
RWF}$
+Px|
/p
0}E]
=c[g
T(O`
^LfLI[
Ii=4
bwb.>
}c }
DML2
PW[c
'qhG
fK$7v_
,\N
bIOAc
<LV`
6DB]
Application
n<~oq?
s]+O
~`O|
sx4V(cK
5AC[&9
}N(x
S{xqfR
$;Wp
#l&y
e J+
Hv#
'2-<
oCdBo
w{uZ
xR4X
L,fi
}ZrC
L[@*
cH e
;iad
Write
fW,o
]dS
_qe8
n|H_
nr?+h
P%Q1^
P3'f*
wFp|Bz
-SNh-
IFA(
)r[(<
K qHnj
XMkZ
;?[$
hlj1
=ePl&J
ZY0
R)q{
2@7'
"a x|Hj
P? V
^}
h>v)
(+\
j YI
:k;:lZ
@ql>
109s
]ewQa
u?z@
}l~%k}
)i }D"6
{G.V
|5y[]_"k
'{Uk
NYlO[
+M j
7 ?-
BW|p
mFr
+o/{
9_z?RNi
R_fM
,S
&GU:
RGvB#
?.}j
Z0.#
,ZI' R
%y0C:n
("wgH
gpm)F
)%l
B6.S
k9I FFL
cBe3h
4[Bp
7 \z
sW]V
:6 7
4G]&?
[iLG
viq7
5IS4OH
7u&X
System.Threading
]wh
se^e^xq'
_gHp
X i>
ek,-
zzlV3/
Ma3,
V>:{a<
PTme
?Yid_h
/3 +N
||>'
dzu;
g92t0
|L %O
ntuo'
6g;8Mj
j2w*"
get_CurrentDomain
0i\
T^=aE
uEYK
u` {
Y,
# X2A
#MDT
k v=&
get_Assembly
<.[
Gx bN`;
! k
3k6tv(
GeneratedCodeAttribute
wm)F
d!d;
5$z]
srzL
>YGt
fcLB
?:4Z
hT)X
z)pk
7@gq<
Y Sp
Nu mN
g0t3
.P3r
Ar:
mh-n
pw`~Z J
/U+T
41_B
&*8q
-m(~a
:J@R
k o
p4"W'
e~ 7
'8[)
1YM'
Mz$r+
69 S
R9x96
dYKN1
dk-M1
p\\=I
ToByte
_@[J
(qRgoz
e^/A
vYL@
BlvvF
/X%3
j X*;
,5+3
KJSO
*'K>4
iz5Y
@[|B
Q5(!
09^/
O>Py
}'O4
lS@B
GE:$i
"5/q
;@~>
iy1l
9iJ0
2=L2
* A I
(EKe
vZ3C
z))~
Cc:q
l`%B
YG<;
{^9x
8xh/
!c7k*"
Sk. l
)SKu
kD&X
)SKq
set_Item
6)u2_
%N;}
2-Ca
=__E
VG&J
[OCx
n-N
I6;
j K C
G[ba
:R)-
yS)x
`62T
~o(v
C?7z m#
>I?8e
"zds{
K$cA
47$l
;_*o
h Zh
sMH`|
]d}f
c2PJQ
fUl
jXhL[
f(Qn
#(lfQ
@ZW|7
;F[&
zx;5
Type
6M@
Nk$4
Q v0
\^X9`
XAW&
iy*'
E <r t
" ^,y
f\]J
h4\hzC
IEnumerable
bysh
,FtZ
Na<g
~/ h
X%@R8HVp
y>T1
?k0C@@
TV=qS
b{Vx
get_Default
.cY#
%=6't
yn-'
y Q=W
U b:
p'=@j
`P- Y^
Xgyus
*8v&
nUjn
Sy/fT
tq%n3
14d%
p2O,
{LtX
i1x;?[9e
Lg;
ufT`
@@My
$g,}
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
*6t`
% !.
L4TY!
b?}(<
wf,C
hVK.
\ah=:pYwA
pta
CGG/
v7sVn
Char
"?0D
^5YJ
kJLp
:gu]v
mea<I
g_ \r
E, T
AppDomain
$~g*$
U%eD
x%7<
Lq4YF
/[yq
%@t+S
RMuQ
3Y 8_
K9$AM
n+i6
j S
{ !4
a -T+
CGrgF
f5@V
T+!8
String
)eo
<hw
BS.Zj
uqk2
=Apd
c=V
System.Reflection
2T"6
]m.
y0$ie3
o@h<U
K]t]
ll}m
nWvO
U @9
Q?9
o2lr
oxG?
r)Z %?
System.Resources
e1$
[Va/
^fX8
v|Kh
.|>
k#YB
y`hur
#h5Lp
rxYv%+xj
x:[]d
@AH:{1
D:}{;]Q
v4!\
)P]Y
-'.P
Ssr`O#
q~I:8
:(h?y
p;(l
:/-~2X
H*3=
XkfP
F8T!@
LXhLV
dV9!
!3(eR
DH5
VPfs
C s|
8rDE
7=n
6+2z.pGE
=FJ="
q)5a;
0b-Z
%<V8j
kW<L
SKh*:p5&
GCQK
}q>7
get_Name
qV<$
1a]N2
2;$}E
(bh
.<3
IjRgV
7 k%
~@'
^#J/
%c; ;
S}Jt7
lX*u
sO?+
Um> PI
M{^T
^9y _
'}Sv
"se!z
pX,i
'Y!s
PIds
C&X<c
)rKn
.text
ZY0
> . P~
s#xd"-
sx.v
[ gvZA
2D|<
c=J93
XAO
8?\O$
;VN(
?m1w
(q
@#p v
N1#dKoV2G#
TH>|
-KFTzA
:<B?;9
)z*>
Y2!
<3/P
-a+t ?
}Mgb
+X'?
r;I"}
Convert
&>sJ
j5*c
1 ul
zPN"858`
/P#T
xxnP
System.Configuration
;x0XU)N
)SKy
]sKb
X2Dn
_P. |
,=I4
VXdm
ep\_
x7FN
!I=Gs
12"A/x
a:;5
iGg^
EnableVisualStyles
)SB'JS
=_U^s
M+;q
/lTA*Q
!jA-G
K2`]i
"ec
{gE`
|E'Z
)IW4
$nh 1
1TEJ
ix14
Z^3Kxg,
i*,F,L
jJ!r
yy'7
?WAF
: `I
mk;:
f&2*
Z}<.
0j=^w
XbHo
8)<5
-D**
!NC\(
>CIO
qM r
d}Rv
)C][
g(M]o
8OMhQ
U$l&
Mqow^
w57I
:0DmT1
FCeqE}
Lh*V
{f$x
+UDB[
|Io>F
RZ
6=G><
d|1aa@
,$<N
.L3K
i#.<B
4 i}
CFE_
)<bc'
\)JB
j#o^
|_xbm
/z:^ZB(
XAtv8l
0UD,
PHe:
Pk3[
"Me&_
7Iz
:4l^
=Of;:ji
5N8&n
=w bs
W#0B
[Y 8
@9<$
1r,/
k(Dq
mM"|
7 "v
Ig*0L
1K7u
)e{EOh
6?6u
R;'W
l+xO
uP`A`
p(yp
k@Pd
xOh z
utC=o
q2Avv
Ua]+
6 oK6
y&b+
G]
7 =;
;[NG#
UJq]
=P5l
k=r?
eNd}z
/hN)7
"z`v
?R +
dR=9nI
EIV*E
SuppressIldasmAttribute
O192/
7 #
U\_O
JBg%
tyY`&
%` \J
?KcDm
= 5W
Cguy
mbJG<
!Kl`
EJO/
wMYb
_U19
.o81^
+?f<
[ HN
a,_^
/r-Rm
".^
Z&p
Nh,
mBC .
2Ive}
rSwj24
0u!x
CnTW=|
o p2
m-}"
>_ ML^
0B,K
S'qZ
RV/
pHYs
p?/Ml/
Ejg:
I ^B*-
|[J\
dqv
=839G
dO$f+
E%pM
4%}4z
Pl5:
}'.m
wUkA
}e!t
8zs|
S#><y
+z;y
? w
x9FQ
F*b$
S%F26
ZQ?k
8[R
73a1d8ec-a4d0-fd.Resources.resources
FL:b
=K<[
ea}EM
+*}:
Cdk
ZA(=+
A2~
<J-m!P cI
}yu5
6RI]
E0jR
b;qn_
K6](
La4o
s+W@H
B {,b
Tq]aR
3>D
whz3
{~TL
%`2PG
p]'"
P /c:
H!nw
A|jh(
`81D
mM@{`a
Na /
@F#R4
_1R]l
kxwao
FC |
HTD]
_7.O
_+#{
S"A
Q!/Wn
]Eqy8H4
&*8?
zk)R!
G'tt
eGsm
np@G
[eQYs
1b.
w%)1
%Y 8K
`55H
S)-8os
>{'}
-R2k:
q*W'
*G@'K
WDpD
hV&"?H
yV6@-5
n5jc
o"O!
Mm@{
.SeV
w 4
N "k
J1 (
z)M#
<[.n!
x~PH
NYb@
>wp0,
pUO{
s4[h
.XMTaB"o/
[|y7 ;
rYPBf
s Z
^0v]
<+dm
" [T
28z*Ug
L3,oq
#NcJ
)H".:
y;J<FX
*jZy
0x d{
rBWQG2
LCTFx
d2,J.
%7(p
2/A]6M
/ Pr>9
1p<[L|
]60f
RO y
PuXsrk
Xa:X
6 HO8
W J;
z.XGD[
5T"\]
% Be
V|c)l
n!.6
.C53
B ,(
Ox@N
h;4K
Y)rl
}tBZO
<! $
(gk`iXF
|d U
B^5}
b Sr
VD5FRe
1.sg
UB5s@#6B
I;iZ
ZF Qgu2
8GIVL
_!8i
m
?Qu/s
Dy (y8
=%N<
>5`=$
set_AutoScaleDimensions
15Jy
eS@
C=lAn
a9xKz
a#R(
dh"<{
t*e ;
28_|)
d ko
^?<L
XC/
v"SQ
lo/`
^! 1'
6f)Z
2YxU(w
<z}5
V8Qk:0
Ill'
I~)u
r~2E
}S?A
w_w/5Nu
"Gs4
U }#
.@CQ
k|[tV
|w~%
hR G
wi/H
V&E
a|=-
BQVv
Xi^=
FL,+
4^Kj
{7'x
5F^Ndf\b
lUN%
Zt[;q
5\ R
K~H
ResolveEventHandler
SDG
<+U
)erX
y(V?
azDu\+
P1<^D
%E*Q
{^ x
JTVm7
Ckl^j
r e#<h
rh?>
Monitor
&*8@
cDQ(
zFII7
M\lw>
%j~d_
)3zvt
%I%SH
Console
\ y'#X
E2:0!l
'VX5 8/ iL
d3)4
j|+T
)&q t
o.yXp
'(t2g*
wY[2
"O'@
I %j
g CV
Up4!n
pa6uQ
MhEj*
cGSV
d29^{
4Ld$
f[ "N
sxo+v
cWJt
ta3j
nh}1
XpD1
q }C
c@\n8
?].HAY2/4^
% (?
?K3"
: z;
{O8x
D_+_G F
::0 1
zz#DG
' 7`|f
i'~r~+*
gTfb
iV1%T
&*8Q
-[4c
12kT
&*8]
&*8^
$5\QN
RuntimeHelpers
&*8Z
4)Od
IHDR
Z&f=
F/oM
System.Security
&*8C
m ^>{
4x.[
0g.g;
(kkn
Sx2R"WF
System.Globalization
G=Z ]
(Z2h
:zQ!
&*8w
oY@;
5!laI
ECEE2DD80080360ED1A57696FDACFAA2010AE855
%IG|
|r.X
.P;w d
JDt=Z
&*8x
&*8y
W24
65d
&*8g
pm)F
a?"+.l
&*8c
OR<
set_Size
],kp
&*8h
< xL{
- ?.
f#$3e
aY*3{
F+xCn
`FV%
EventArgs
bJIPp
Af%K
|> /
(`KY
DZc1
e/PK=;
"Of?R
5#fT, S3 %
#eA5
|5};
IG:a'
m hy
njJ%tX
WGq
NH'ltg
sR1F
j:+E
3mzw:
u3#
1!T5+
G/!5;
y?hO
~S4Q
* QZ
%=g Z
Ds?~
<kRT
aS{vU
v8jR>
X/TJ|
F2'V
(/*O
DR 3
;D 1
fg[t
NMvC
7j1>
P{$s
V0r}
6_S~
12,~
AR?q+
~<_9
oIDAThC
@&iND
"wIw
MethodBase
UX3'E
`A4
}s~x
{v-}
System.Collections
Image
ePk,$
E5t%#+
F_V:
]6n
Evidence
P!i+Z
!d*
cuVw
}{D
bXw,hj
G!h!
fgD_
)u30
Y8>
jQa[g
sbk
&Pkb
>~/n
6[B\f
?g*.
f#?
=Y9U
)y.5
Enter
#H6wQ
:nT:
Uzh]s
Of|jb
b%+z
O)O]k
%e:yM
6W|dt
8]@kD#
}o~)>
\gP3f
C 6
6!q3
@i6C
\,sv
k%;e
pR[Ab
Ql8M
EcF%
eXS ;@
lSEl(
ZqoCq
:_*C
`)>Y
`3&w
l82+
\gM<q
jgL>
*6kv-;
q. T6
mscoree.dll
| c:
;>(B
oz,YHQ
ValueType
m& :
Vs%
9o6n
l;=A
BM |
TB%dh
BeginInit
5Gkd
PWRbK
-3g9
p <1
v! @
*&vDo
4"^d
*j.`
newh4
,}&7
_N_
JCb"
&#g!
Asyd
\`a l
l\/>{
o2)xh
AZEZ0
X#q/
yg2o
yqv_r
]-yo
eE8N>
PBjXF0
`MRtP
{\){
85
n9Zz
D_Ki@
6ZS
|D^5
C[O;
IDAThC
qdY_so
T A +
?GwN
4JQ7uY
+H$5P
W26< O
7$E@
)Ki\
6tj4
Q%g"
0rpr_
x 3J-G
|_pX
2M\s
t.W_
zPpI
+@ E
|{$C
+rY`?
j CF
3a5vF
I^N%:}
&MP6*7$=
# e|
QAMR
@;r*`Bm
3}=*
|`JT
ySq;
E2[
M4e4d}
i'>-H
2Z_tp
aGh4
](D(~
RAl
kEaW}c
[-)x
ZO,
PictureBox
Y)u5f
{t(x
e8/M
$Qw
}p1'
>PU}
tk]q
4(7|hO
bB}b
u,Wx
jIk6
=w;sZ
Aeu13
v*RA
UL5K%d
DH W
hg*A
{n9x
-~s/
7K `
c!7l
}OE%
`2F3
B8!V
Ulq7
ez9I~g
H6T3
U?_m{
.@k&
p!R%$
System.Collections.Generic
Nyl-^W
IZ;$whL
1_?A
I Di
to_a`
6G K
;4=l
mM"Wy
*.qbD
{g9q
o>{g
=(O4
or`r-
R=X&
\U'c
x%+-
F4S'G
. >0
?L9aJ
U2#3,
UZA
jX""
f/jx0
4Mtu!
\JJb
9Ha5
LQKb
#D)
?<Gh
ShgZV
mo~t
~XUx
Ps%h
Rb`L
,6uG
~~n
-7{i
JvhaZR
^7G5
S17E
,?b
ZXG3
!a-<
Im*
J|7j
Tw x
NV'8
&0-
[gC/
{"]d
NFnD\
kh+gaH
w}.2HqCn
;XTm(N
08aA7
^Fyc'
Qq{%
UUf[
2'.i
:H$(<[
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
?Z$'$
~9bZ
R_^<lD3
1]c|`
_K06
d3v`
UvfMx"
ZS'Mu
NnKQ.
\-y_
ci8JM
77B;_
`<>9#
cK]?Zb
NYw{
OXjm
p8V0NZ
+jC%7
EcoMihaLax
&A6)Y
2paW
YMr
$6]-F
l,l{
cEd
Z; }
)S+{
D:mn
Id,WG_wG
L;7
m*0gI
B5F
a(K`~F4
&A\E
:Ms'
VGS1 p
u=oI
7e #EY
3j$o
)vw )
g1K.
c`g/
o`/f
w[ %
k62- D
Tl4,
B9B'Rw
Form
) i
."z<{~
cM,)
&xSj2oE
2*h>
A8m3
og}<
B%^R
uA-U
#s(C
F4;i
>0O~Wa
(".]
eETxmXv9
CFHP
f32b*
e!BA
fPI|
&4]b"
S(Xe
k5X)
'svT;<
ll%+x
)'s-\Z}a*
>:mE
xe@B+f
[!?~
}7/*)
AR}l7y
|)^Ib
Ru&[
OW@]
"X
GiM8
R#;qq
"/;>
qp'0u'
\Fxs
"<^*
}fC*
Cd P
uE]K1
[9*Q
DS K
'*~yG&+
#RUD[
`yX,
Wz2C
RGU 7N
I{Sl
_kWh
Q""C
[KxS
<Y~{
l;p
;ddzO
I@Sb
U 2vq
| Bz
-+>O%
^4A#,
idY
vIV!n]W
W[j`R
/CU^%i
&*b6
w1mo
vU\~h
5FB*x
94t)
Uny[
p@e"
d"L,
NI uk
[/*h
8gjK
3~?bo
5Ihe
MyX2
nDt8B.y7t
NK S
0} F
RR)-
o{:+
Q1C"
\ L"
q-Yv
/w$7
^F[
8#Yq
lc|W
|?~h
}Pox
*9G7<O
R(s|]+
8 eb
! Qua|
,|xk
(sxRr
<Qu,
'JZO
uvH!m
v'su`O
XmT
kqM%V
4l%+x
Default
)rG'
>%XG
"g:b
gpmm+
BIgK
2 MB
OIhI}
7#\x
5Ls#
O33
CwG#~^
5-2V4
0#eP
`v%T
V0H&"#
1$ZP
ApplicationSettingsBase
f+5f~
>*&3f
nY +
P?&"y
N=l~j
} (J?
F1T
UUb 1
[KD
]S8g
JMM-V
4ZQ
z!uf
=L[y
_6RF<
cLnOS)Lu
{4&x
QnY9u
X }
CTSJ
B ]B
*pP{
=L0i#
p[[0
iypz
1Rzq
XHbTV
R[|t
<.A}|(
XcfT
ViYr(WG
ZFVd\A dt
p%^-
TfMf
09wL
>_9+
>5Bg
77v(R
T%?T3.:
0 I$
p]S*
7_F$e
kK7a
Bso%
<_$Z-
P"uK"
) 9#.
JKm
i {0
( Y>~L
d3g(
+TZIg
uF:R
38f4
(ZV 3
wdzk
(>+f
a:<00
7'',
86",k
S[Z>
'J]--
~XHym
cHjN
z#FD
L'4S=
JG]?'
aKMHyi1<%q
q%,>n
Ww7~
xQ"E
< _0
+Oz(
_g])H
>^K/
G,O1
G+w
Nm9!
Ek\7
Qi1k t
4XiI
v\I:
mI0Kg
9'1gc
Q2u?
!!qDoS
'He!
K6xG
a4o-
ESFg
wM7> {(Ft
">{-
0]F,a
2h'.
Shit
System.Drawing
s'$NzT
Dictionary`2
8/<{
D"+1
=aZ
#k>M"f
4' n+c
]h.Z=q
;z5i
b ?b
HKig
}']Z T
;T>
U;%*
$M@u
|:)p7
372
k_9w
~/%T
J/Cq
W`NW
fnmWqk
q0h\
Z@~QUU
}@*^
{N+m
,~?qn
zGKFrM~
BN X
)x |
ST\f
1C h
(3K
]fBN
P}AJlq
e7T3
v"UE
}AV'
B-:Rl
%#1:
>b+7/Z
y}EU
fWV*
EcoMihaLax.Properties
[fV%
pIDAThC
set_Dock
ca +
|]Nw
DR}c
fu1R\
ToString
,OjbY
*35d
v{vq?V
>! #\
OpZ{
WyEv7
Xv1{
mR~b
,p f
7.@w
MWS)
|#F(
DO#1
vkLgJ
ndGmm
w<==t
+>Pn
WZPx
Aa_E 3
s`+q
No+^
CYuzM
v},.
D6@s
}_1!
qhWb'B
%x c]
RiI1&
7jdNl
j@6!
KqXu
)I6.H*
J7|Z
{CEs
O(QQ
SEIc
_ 2v
p9mCwf{
EpwI
~/^93g
3}}+
U )C
?oZKq
/k5
Hw )
i0_c
5E!TP
T&yWL
$Ad
)D<7
BnIu
ZqaV
l(F$
'8/"L
v/3
\/sE
@L{+
7SKQ
R/D5"
\\cE
mP)q
":M}
*IXcJ
"+&(0
hPG'
\6,G
QPRq\)L
A(-}
T]41'
H )3
DRt#~
%Qv(`
*Pb
P$k)E
( F
\AD>
BSbU
\ew93
@W&q
@@z.
C$d`P
?. ^w
^|<~
tKn
zf1Yq
KY)p
iVZkKi\1.
sDA(
yY3=
jLp.
VURSzy.
aHv:
^98*
Hv-o
_K'4
{i>F
d=?1
'2^
@_nw
Ip3;e
qnHW
&V2c
7d3c,
ScT"
M1 V
~uO
K|%$
^lGR
Cm/X]Y
ATzd=_
ed)
p X'
7Po@A
add_Load
& b
MemberInfo
[ Y2
{u#e
*BTI
4.?6
:IHy
jFNMWz(gc
SettingsBase
#h9(
UdmZ
Blx;
Bf[b
^sYs
v 6b
bB6Y
V~>uA
[F]3c
i{DR
COB/
7z+)x
s'lKd
.tyS
disposing
8
c|^!
~M*s
_IW.
r{41
\e*\m3
Q~7f(
!~{o8_
Q=bp
~ n uU
x0I1
;m3:
="$3
Data
PH(!
[`jP
d!).
a4`
y*- Y:7M(
#GUID
dZ^t
!n]?5Q
1t5B
}wJcS
b8]*4
:o1$$
\xq/7
$6ca69ab4-9221-4c20-9dd1-ee0e8aa0725b
?^x+dS
&:l{
4jUX
@`LkP
l}B9
#Strings
8u
,# _
,>D_1
get_EntryPoint
NUK .
]-IX
8@kV
)Ok
`Mjn
Dg=j1
t|phb
u
_j?b
&rtf
@+Nx/lf
mV-7
4[&UY
O=M'
%FM\
vQKN
npAo
`)8x
8`~w
0.d+=
=Ivf
(+n
6;8
B#yO
Ql:z
T'V\
J,eS
+M E
5Y{o
}l.!
LJZ'
#B)$d8
pN)
I%w4
}F4)
7%a>
QgY0
I~~j
6nmA
'U9J
;gBAR
System.IO
ut4VO
D-"#
Invoke
*QUr
rUT;
o&^0
[' @G
6hwGZ
H%E~
9*>^
P$'-^
u!#>
}*|7
7z2z
0p\D
${ a0
gW+~y
]$hMU
f\H;
UByLM
T<Cq
\Xnx
`Xn(
TE`
\5nc
L8YQ
0]u0
nt P
lw>6
ij_L
R_ +
HQ/&m4
]LTG
c~$i
\2_f
t(a"
~'g6%
GetTypeFromHandle
Z5 (
>-/ {i
\MV~f^
pQ1r0N
nZ_8SV+
g;Gm:
#UG=
fh0M58O
mcs
6F .-p
:z4!
tsEBm
anco
D#Ll
+rcB-
zc@A
J{B
<p.Q
_etUr
Yy%*
:e+ EU
Array
foQ
\eXe7
59M,?[{
hH'\|G
hkyQ=d
6_j0z
A`_*
TW#
@.reloc
"X%%H)
*5]`
pZJ
A|l>
%4NpQ
PhbfcP
+`X-
)|K|
"~B(
u^lh?T
^-na%
?T>`c-
TI4'
NQ_9bQC
4r(
}K K
C*B-
,T,
$X.\i
{ 8x
J~5
7hJp
/ cS
{W$x
w(/U
mGqa*
Byte
System.Runtime.InteropServices
L0mI
q;yx
Load
V8wD*
Fso$
=*hCz
'iUz
:.e,
b o;
=\(2
8K:c
lt?!27
Q%kFf
\n{p'.
:fqi
<Q?/a
*]jE
X{"T -
@tmD
-IL
o/q"l
\<AU
\<_`e
*P#^
,oFs
&@{aOT
F_n6
7.tP
WKX=
&0G%_
~1!v
[7v;
W 6:
K>^3
&@Hh
Sy k"
Hh9ED v
N? ]
g70^L
g2kdmc
/=^SWs
X]MP
\m)i
`CmYqj
P}aF~
6ujC
OKs
xRH<
er\*
kqO
M_l#
:!8(
a;wqQX60?B
?n# _
AvP?
NHUx
<; -
4-~^
v'A5ZL
;Hrv
_JHNnR
|QK =
!*:+z
uf#
'c E
U%V"
l^}s
w%iL
b"T?
cIEN/
~)*E
cNn\[
%:YL
> @4
NEmlq%u
%4]]
HXk:
/9x(
$`21_
++Bqk
7OcZ
<`b6
-I)S]h?'
bw>,
PO}i/
cge>/
`#g[
U5/`S
~X4N6nL
3Aw#
`bod
set_TabIndex
SL)x
+I!o
Y 8"
U^:-
hn#5$
@{uY
=4;K:
PPwh
nfB
Pr|)2N
[ClIb
x8H"e^y
!6mF
NH3N
%E7)
BN E
brA)
{& x
p|?
8Ek9O
jhr=
rlP '
"Vk6
%(d/u
bfdm
aH2c4j
C"Lj
qGwo
8 J`
0j*yV
p8-v
J &?:g
$Y 2
/l[Sd
RuntimeCompatibilityAttribute
?.p
IWQQU-
>.uz
+I,c
_I5F
,oSx4
STGX
#@ SAKj
{ !\
Coi >7
<Z.
gS%]n
Assembly
RK(|
,vez
Hm#Veg
J<L
8lW+
b*@
(TSo
bf-!F
CiM:
N$r<l
bj=oej
3\I6]
&Szu
"]4T
?UEO
T4Un N
.y sw
td'*
W< &
F{,=c
W N=
q< L
!@sC/
Uwt WX
qF7H
-7u>h
m`f.
Du{a
C5 %
c7l1
jf1 >
a;8N
^IbZ
Q6@S
? H)
,[Ja
PH
c>&V
Synchronized
Z'lS
6F_ta
h_>^Q
Hnu-
d>\W
pC(|F
dG!Y
.IJ}
EIbg
jkzb
b$D:
8$QL
x]s{
m9@}*
I@,Y
Yd,u9
Size
W~ w
@uF8^
y~=;78ej
O[L
_AK
SsU&o
9=rY
%C^T
[KR_
/ /:}Z
(T?d
0:57
?s1
set_AutoScaleMode
0D/S
[ \s
k>0:
!u!5
h;s1
j&1$t
rN _
(N-w
|Lf;t
/97$
<@f},s>]
\IKB}_
"7iL
d2Fv
ICollection
h}Gt
HUvk
-Scs
Nd O
>_la
&7Mm
aZ,#
C6e7n
U3 }
y^s
+[x$!
tS91
o}c)
i<W%s
*% k
Bpv)O
Q2mL
oR*OKR
R& q
Y ->
r_~|{
IContainer
rH/@
I*4;
{VlD
p$Zn
K|UQ
Rg|<
I|>\
LJ$V
2 A-
[ >&
S h1
z <l
Uw$
Sf1In
4E?#
mbyn<
4vndvj
@]2I
C; MI\
R4dk
q0{;~s^
)CEjQ6
}3Hw,
qgRX
sJ8[C
Jlf"+
WLv:
h0 D'y
RuntimeFieldHandle
j[e
~h|D5^
?Pg`
.R'L
>z2U
"3~U) l
f@h
I\&V
X z
)FE\
`8)u
WN*ol
F@-;
D(CS
J5!=
8'Wz
GH+j
Uy]r
X j
^,Yp=
_NP!
4WZ*
tszs35
"_ D
z5I8q
8W
9LE}
:bH+
"AeX
N_Lh[
RJww:i
LN7/
>ri&`
weIm
S! 4
K[qs
1+O-z
}Zd*J
-!A)
7yF#@
#Blob
Dq%x
"17f+
E!F2 _
CeF'
_(Tia aPY;U
!R M
L2P1
wCrRw
H?,[9
GE.*vs
FtgF
k>#R
oS%)
^e.xg;
6 #/-
rL+I
X "
X
o ZR
<-`.
VaM
_- *
sR@w
XM,9W
jN]z<9JU
9@KJQ
H~A;
$>*Qm
&_ +q%
*0fI
GetExecutingAssembly
= ?x
HZ8g<
4sVvpf
yIE &Z4
B1vG
S<Xr
|[#QPS2lT7d
RH~v
i%3-
8;,C
CompressionMode
Ef<k
Jdi!d
"03f$
UFa%
aX'A
260v
3~5Ajy
Hj7
d}AC}
ContainerControl
f6caH
6//V
=r6#
"|*J
-G*u
GX^c_C
Y!Z)R
#Pq|
o^ZMq
`?TrUn
'wx$
4hwY
O@}p
W$uY
mhS>
9o#xJv}
{L)}
1D \!P
0" n
sv#(
`1eTk
UoNy!
(L@;
Z,1l
f1~|
DockStyle
]+a*
VH~V
3
`L6j
9PGR
3}pj
Kyn
^}h }D
EEO'
i =
xz]G
\2<-
fL)x
nh^%pD
kb/A7
j%+ `
q3|r:
N(iuc
d=H%xRe
RiKQ
|N)
5=C'd3my
jOXhD
~fl >/
@ 9=/
?m4/O
>_ST
\r s
\[MC
4NV
?D^0
5Zz7
%c=-v$
MaaE4?
!b;\
S:J
sMA
ug B\
62k#
*`jc
l]LY<P
^rAk<
bIL|
/rZ C
BJ#,
yF<{
nJsH
Y 8:
j L
YlVF
N4[Q
6tM/
SoBwg
1'OY37
[ 8S
_/8B
ei2k
#J<+
au b
g,b
Y 8-
UaI81L
F%"
%eJ$<
:lf{
uD>N,
f({-r
}!yo}
C#r&
|%_e
ZYQat
T;iA
Bhg-a
kr7nb)cj
|},xx
RVD;f\4
6=E3Y
&jl5
5Bkx
T;=O
Yl(&
TzS>
p-a:
1L5A
j"I,
b86<
Y 8{
Y 8y
] zP
,<t*x
L{/bD< |m
rZw\]
{84N@
=v4l
Y 8t
Y 8j
]YV!
XH h?C
Pe+#v$
Y 8o
9+Oaw
v :Y
7T5C2yT
<X^@J
l'Ou
sxqS
Y 8^
set_Location
Cjw8
YXV.
c:+
_ 1|
ge t
1Kg$
zp:(
o!b
JQgk
s57A8
wRZZe
}uX7
Z[" l
e3in~]x
[~L(~
Y 8A
E.6c
%DN<
HvzT
F Q_
(dtg%
Ayal
lVhe
86Ju
V+,=%
a2/Y
Ke#X0
tysA1
un5q@
R\tmK
* UD
cq/`
EWOJ
MethodInfo
C DW
}Z4.6
BSJB
H9s,
T3Il
{o"C
hFLRzt)q
"&_
hRUu
r ^r
_}i.;s9
+G Rf
QO4=
@IG{
2k(k
&T&e
k+)p
T=
m+3U
8+S^P
d#'m
(2\v
:uB>
s"#:zg
QJXBrn
cJPW@Q
,RMm
ComponentResourceManager
SQVQVQ\GgOi]
e;eG
M&X_
WyCj
%M[fv[4
b)pO ]|
jYT-K?p
qj@&
`&ia
f1qy
?K2M
rNJ;H!
. =Co
#A~
^z4f
3jzkf
0_sG3
}("='
4Izp
xBLw
`] 7.
ZO^?
e?w"N
cKVm
`=!W
v[ip
kwn{,F
={7}}
XGO!%
gAMA
W3t[v
|Vqx
cFi'^F
4C]
u|z}
pn/y
nB-hfov
bmY%'
T2W.I
IEquatable`1
hT #
~r9+
svF(
^1gg
.r_#( |
0aq
ResumeLayout
v#R-I
jaV V
Gx7
d!%[
yjAY
tC"g
FxYz7
6gEx
SuspendLayout
eIE.|2^]
BW/6
#-T=
1<:I
[9vG
$9"
PA 1
&h :
t|Im5
:LL
U^^.{
!]di
%}eV
{~)z
9M3qS8}
ay ~
_9ZS
C nEw
sy
CM*XW's
~],K
;?>=
)8*+
cfs?
System.IO.Compression
cQT0
~tNe
=ms.C
[?TO|
SU5ei
c%+x
GySY
1xS"
=)wX
A ~i
3Ul<
"=*W
+9vVB
niH/
KmwunI
]9)3b
&<9W
_xZY0
y<34
<Q?_'
F!?GF #
T +E
$/: EN!
YH Uz
E=Ao
P|" _
SZPx
z`]5
;&Ey
<3uq
n O
c ez
}mn"
csyi
`A3;>w
5f9x
. o|
K+K&8
(f<>/h
OkpUk
im4w
qAy<#
?AcW
N=z=
ControlCollection
jbH
u) @q
.OTu
ContainsKey
tcY">^
/Kb#
0?bo
:Y!kX
c&Ak
5$:I
*P+zWqro
"G@\
0or6 "
p .H
RuntimeTypeHandle
@&KNR
VJmb
/x?t$4
nVov3)-
l-O3Ec
+fc?
rH0z
e)8
,oNJ;
+NK2
[(S
k!dN
sN&hTD
*<q-
jTGe
5(g-
*W%yQ
{w^o
Object
1eA?
:fMM~m
_8Y/
@`pa
I"_N
6PYcx
W7N
D Pc
ESrB
z VjA
UQ>QB
Q 7:
7qy[
2? GU
6q`*
H '*
ABf
'~0^^
U}Z9
),Ff
@TKD"i
LUf+
*jWw
n*D[
+8D=^KZ
mvJ9
vbJ-
] ;B
ax_:
@pqu<
lrL3
)thu
Ze^Z
- J't
=L`r
Bs?%
]9B)E\
wu*gHx-
P{+P
B 5Jl
fVwY
(aP:
vJR(8
tK>d
jKy``Q
CceI[
+Q:jN
6xWF
*Gh]p.@
gLgy
jTcH
G.d.*
Q$+1
&F]7
u2Qc
cZm&bb
"]1c
dfpSA
hvEc
nLfY9c
H>~3m
mN{
bbIJe
-/85
}sF.
ast{
w=t[>
6\@#
rYv5s#
WJ}.uq
/\dMb
G=Bj
`TRN
lI),
jfRO
4S\v
HKtYw
\'WY
_D?T
]8gg _-6wL`
JDeB
F9^T
p^KeG
" BZ
Sr:v
1MD
;D//m
DQToa
P;^&L
v'u3
GUNt
,0g%e
n_Aia
~LkPz
GetByte
-LR
-,i]
:S.*Dqi
C}7f
Pv l3
.ow*
nz>g
34hXP
a8!?
AM19
KX8LH
.{ 1
B@9`V
~h=yUc
v?A2
Q;KH
k)]\
'WB2K
IkK'M
\)}d
[|i:J[-
[TYF
*?3q
jEN?
+wET!
h"{sVy
|c%+x
d{ y%goi
Y eW
|=9r
f{g
"OMu
pl!Ig
wCC'X_
IGxY
[? A
yAkYs
N(}1^
i'Zs
Y R&
}|1 t
+em`
g$m?
U$?,
e"#+
'+v$
aMp"
8? c6z
JBmH
~6+
DeflateStream
KIlT
4GW&
b:,
+= F&.
r9aXe
!qOD}
>K% %}
j#iI
~ 2zcF
/Il;
? E/
{]^f
B (F
TD~D
oDFK
3]yj
.\<H
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
_ M[
gW/h
Q'Tp
L_Hhn
[Y,>
:,~xd
??hvR
DlTS~
LKRN
Pfkg
=KKg
G3>?5
$1yg`
Z}2&
qNpx
p0n?
Bx4F
x^ex
2g!x
[ 8:
!This program cannot be run in DOS mode. $
p<q_h
O89M{Z
,`KX-
'lqh!
. #&;
Concat
Gjck
Bs/"
p<*9
- (
AcUH
MgeP
;(?$!a
"v<W6
"Npc
TPhA
4O\i
L%t
)M=X
74gp
{*pK
Dz\t
D)>_BC
Dispose
%i"s"
U /N
|nlr
jI<\
{TN0
Cys)
Nvkc
E3=4
Iui2
\co-G
3tVq
Pc!Qg
2j3[\s9J
{go:9F
B5y#
B7d1od^V
vSH8
Js
'fPw
sf>5 g"
83
eT8Wh
Z U
\>^f,
e^sX
_AppDomain
+L\N
dwC6w,c
d )#
2g\Mg
DDHG#
pw!|
8B
2kpW
>JH-
>h1?2
q%Sj
) n8
#0mV
2i|I
fY\X8
!`=V5V
set_ClientSize
~Oh5
<D2J 9
H(!la
f@Qa Y
1Z>d
S2xFrS
V<%W
/&IxNl
hme/G
|[o'kf4`
u!E]
KLHiToHZ
ZMC1
~_aJ p_S
z|X+CnC
VYZwFP)B
!FL_
|`~1
R<e{cE
oNP:
h|~Y
_+%i
#c#YZ{\
,SmV|
=QFf
Z:#l
5Sha
tiC
-Rna
.|Lrk
30c<Q
,gCp
tVa2
8yL5
FZ0
Close
eH[i
sk]v
=MZ%:
,Q2v
39H*
p&B[c
:dxo
m}M7
}'&]
03Nu(bU
L2b!
\2S`-
EcoMihaLax
DY9u
&P}uG
/!-X
G r^
VSv:
%Y_E
P&tR
&.Rc
9i1V
D &K
Y P
8\7;
lIDAThC
"zV"
N##i
Qp i.
>8x{
nP?R
iOr+Yn
:O<
}kK
Yu`+`
0-q]
;C Y
g~SB
=g#,
qS L
6-/ b@
kOY
cpQ|
kR8qEe
Xgh s
rIq9aX
z{y/
twON
N?|c
E
G/o %
{{(w[
w`tS
MZ*B
eGWnD
s-y+ `
WWAK
6! v:8K
t]5.6{5 e
*ZQ(2
fD+.
"1^)X
gY7Qk
XIdaN
zF u
@oqo
w'Mu:KK
NDso
l,8
YP1 Z8{
,3.'
J?\}
a$a]
h&n#~
Ch!E
tY7
Uhvq
Pxft
X;z#
QooB|
13L^XQ
?AU*0]q'%j
c',
5u<%p
`^J
c3^Y&1
_DH,
i`gD
-q$9
&<q;\
N|?{
YD1/]
e,_|U
#`aF
\UF%
S1}D
STAThreadAttribute
.4:5
{z$x
4;lC:T
,~)Oi,5G
+\kG
4/Xp
zUb>F
SetData
"9CT
.e) PE
k&3w+
T}/X
Q. (
*$n`
P2Xh
[`lu
S{6GJ
:4D:1f
NgJ <
t]XZ
&6(y
JJ@"
8~GZ0 !
ia{U
I9qV
T2m
$X9YKd
t{T=
EditorBrowsableState
yV*O
<4\F
-P]R
u!+S:
x=cq
)rFI@xG
dvLm
=9*OGg'@I
L Mj
C*pd!
=GiC
Ff (
UCm`
^@nT
`[dJ
XDI1
&F1b^
UA@(M*W
|Qg*
UF7
U)GTn
~.&
d\>L
i 6~
Y*d Mf
ne4n
Jm.E p
~"+$
OigN
~9k.
5M&:
F e
'&9U
f6mu
2:NO
NT]f
]q?f
g#xXc
]u@m
Y e1
$t>eCY
kuT=
{C9x
n@g4
s$j6
MhhuB
]@P(v
:4yM
d`}f-
s<9
ybSo
Hy2o
Stream
f+)[
'/wT
, 63
jIDAThC
d'p6
gZU
};"S
4qYX
{ )[
G (h
:a*3}
{o)x
}H ^
'WeB
90)0.
L~@)Gt
.[=w
iE
{s&x
i /n
CY4zP3
dZmog
\hrs
C |W
cv3xJ
c4Nf
U3W@
OR ?
>e &
XsWY
P>PX
@fX
0 zyz~
zQ^hs
,G<-
8 ;Z
Gn'?
n zAx6jf
Q/j [
JP^r
G8 %)
QVbH
ZyL(~
n})6
?Q5vcN>EXto~
/[ C(
F$G%
6wNWDUx
`ykv
\PMG99aP Y
r9/v
v"]]GW`A
G1GS
3Av
u8EM
-zK*
VKaq
q:5t
&49I@
' :S=^>(
%| D
j%!4
)zKl
z;|.
9X ll)a
Lu?%
Z$y]
{J;1
,iA*A
0{'X
&Vt3
xT.|
l3oN&
8``^
}@ALz
a\WF
XPf{
&(ya
^l\^
C"$(
MemoryStream
$j+)
8+A[
MDu
Z~}2
. m}w
>[C4
lF'
ResolveEventArgs
z A\S
mykey
&: [e
+4 E
e&Y"
roO>-
r :]iV
i}$B
>qB/1
%\$
zLu02;#w?M
%m.U
ZP 1,
Random
!Z9^
L|^*/
6+Wm
xnDh ^
y[2]
h20:g
)rF@
h4Ps=
E 1Tx
iQ4
r%`T
_%*>
<>=R
En:ti
^hfT
T<$o*,
\YQ
J4Wj~
C @V
"1G||
:pb`
aF*@e
1wT"
qF4j
{p/0
2 Z2
DVK~D
sZ-= zh
p|[+
!s%.
{[Hp
s`]q
7`hu
$H)kX8Ka
[EwUG
Ae& 4
g}U`2
Control
5S"1
OmJ
G9 GOiV|
02G`
1'-:
blN9 _
arTYq
EK>c
4@M|
s8R#
p#OP4i:^E_)G
"tKD$
@!hz
IEND
"rl+i
YAR^
"Fet
jvq~
F T
J~/Omc
()x4?
m9+y
6'/sp
,?%gc
wD^8C
^8%C
sCp1
set_Text
[}ln
D_H1x~Z^95.
.pP
4.0.0.0
X R
ok w
^(u
O4Ms\
ii ,
ET|#
J"]o
Y/u-
X=m
^,)C
? T`'
e *d
AtZDVZ
{a#Q
7h W
sfYG
r^qc
szR:V
l~3g
c$K>
_Z_tM
@y !Yq]
6 @ez
aK/DOO
HD$*
{g9x
l9` >Bv
w#wi
$yr`
KOS
NfTS
v&Bz}
>:6/
5. 4t
Ke]!NY
OIc-UQZP&
M#$ D
m!]J
\vA}(e
Q(Fo3
VHoN
SGyV
'\BbB
f^:r
(/jN"T'
U8\~
(<>rK
hAPq[
ZB[_
+ V)
xGZ-
'}>u=
l4G/
<UB .Y
q=!u
q /
vh0<
^41M?B
en]
1=?,
)fqSi`
S/! ))
/&'L
H,N
8s
)xKd
QeOc
QUXkR8;
xY\X)3
f%QzF9
dq!^u
_M@5/
kmy4
9 fT
w>*Mx
$2UR
7!dp
LzAZ
Append
#Czb
B{Vt
!s7F
43x
$K@X"9
o?A
dV19
gTAC
$ b_h
{Y)x
Vl|:(
4{N;<
=7|Y
buXi
v*Q/2
0!%m
+d\p
=2Fp
qqae
(2_1
4s
5*s& [e#
ISupportInitialize
+Kqr
/A>6
.'q0N
\lG6
f'>sU
{
*@ ui&
ZM(#
YkD[Ys
If2 A
l~fV
{)o:
X(-oQ
b Q7X
-y5y
$;vS $
' ]v
uzG
\U;8
xY 8v
Ui sX
/,;:
OMGygK
. @#
MxA+~
@sAV
!{5m
$c|U
&cos
qKK|
Y A^
qE_y
ynlF
|ab@ /
#Jhzs
R'9+
TaCK
y_.f
d:Y
yg #G
,#II
ltdc
X};T
@$C4
'Z$sc
X;'sa
n>EQJ
.B>woC,
:z?@=rD
$[o_
"B:EV
.frF
oyL_#E
)J;6
UM$%
t y^*
b2Y$
\+SyPo
]_@X
cB:{
MK8|y3
/3pB
71'
sm1Fj
i 56
+u6&
T~ V
8`)H
<xr&
>:G
rv*9
_8,i
7z})x
2K-]:
4f@_
nZ/p
pm
_pt0
u* T
q!{A
: SN_
T D7x
r43(
(-8<
]9oS
HND_OG
"%kY
n/D
JXnSN
zuuW
{ B&Q=%
.Y 8l
b%5w
.GtO
ND[=
,k Z
UI^_|=
08r@j
&% e
7fW )
+J,{
W"5W
]uxo^S
@IvZ
WrapNonExceptionThrows
dJG$&l
IGJD
v[nU
GetObject
jM]k
FZC$>
3<4p
V=gl
&b!
kN<
Sy6w&
81 }r*=
!K +0
x++N
c\xyL
:Y%
Kvm{c
Weh,
; MCs
ZU}&
^(ZT
jWQO
gaers2*B
B\i}J+*
N"}t
5>vG
,:D@
eD}
Hjq1
s>,M
n6g>
d~.H
8^KC/2
b1%W
+h<3;
odY.
F>7<K%<0
~] c
{2Pv x
s<[
7+`I
{j>mp
Q[ O
v~S
J*lb\
cymtr[H)
l=Z
Y<nF
Tc%+x
ResourceManager
X4jx
OZ:io
j x6sMOh
PNCB
4i4*
4wF@J
oXl"qN
lezd4_
fP&p
,X_"Na%
[(}q
s T
;<lX
/B9YT
4g_1
y~ou
vx.h<
y5#f
"`
w`&(
Jl&V
7pi+
W^k{
7Xdo
#J:+EQL
d7B*
.u
(xUT
T n"
'53@
^ M)>
YP9\
M~OC;
AC4h;
FgI]
RggaRodqNxDA"l/
UC-
q-02
wwm)F
G0j!
_CorExeMain
~zX
X`nA
*LOzK
2" 1
GA:d
D.r
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
#.`l
@FVr
Ap$l
Id=8
GO<X
j\ tLd
o>6K
_YGf
~ j{c&M
+%!fA
Pd)3
} 7F
ysyZ
fl5
/2s>
ZOC<
rALU=
% ,
dM~G
7xAS
InitializeArray
Jyx&ff
qa"Ij$
R?@5
QL E
C{(b,
.P[|
.HT[
v +)
YP 7T
+> wz*
Hp634T
z d\
Point
3M}t
zr$
$9m[
KrVSqG'`
kqcf
1 *Lz
K%ya
<2ab
Q&P7
9Avc
ToArray
ufcth
Sp v
e A
o%{J
:yK-
7\&
EditorBrowsableAttribute
{7)X
;7m /6
GTED
Ls:!
E1,?J
T6m
^ics
Dk]";9Z
wy,0
HCm;
qjS:Zd8
eWXu
}b\~M|
0':Y>3
D >O
)v%)es@
^?OI
02?g
d6b)
?? #Z
Af,
2]*K
S^ k(
3#;
IGOg
*ed(
jX& ;
:"ba
E5 #44?
ES-U
%=bk;
19zTq
K!a C
M "dx
:![$
BsG"
)w_L0
/D y
a%k"Z
> E!
/Na:
^7de
7ZFy
r`mc
Q^k
J*z>
b|f-5
tkV
hC""D(
3Ty
D@#/
W0h;EM
[Y|p
V@]yY
@e4Xa
^b'u
geqPz5
VL^F
A2
Y9BX
mIDAThC
\=z h?Q
%Zb$o
=Sm
h <5J
5>r@
;]NRH
f}IC
).-;N
G|wg1cowxj
+bF^R
0}nB
KDAnY
W4#e
G P'
y<eW
="rFX
u| +8W7
B{0 5
Z]9}
GetData
ZSSb
+: S
W a.
73;n
$D@.
{\ a
k|.
deLG
h_n!p
)&Os
/N4:
w}>,
m F/
set_Name
6 /5
V FN,
HsQm;S
If\g%
Y'\Y
w [!
(fOl
@r{e:
`|vf
S$!=
A.=v
}GKo
i%}o
d)*.
}g9?
~Yc*
jlw2U
lCw
Z\V@
ya?lN
wq6
8F;9
9,=Wg
BvSU
{ !
#01i"
X6]B
Od\
jzvm:
clYq
p~nl
rb- 4
homc
@{xc
hTF<
Kx1/F
Us2G
hx{d?
cGG C
&6_0U
!N .
aUtX
S%[&
?@P-* //
_oYAj_
U*A
;V\)
~OP_D
*GSt
>S97
BSVe
=A$J
#]T4d ^
GHX7
qI&~f
B5{@
;3^(
^c&eKr" x
*s$C
:W'H
DUYo
Rb6p
4(,P6l
MDYz
@3N^4F
+% P
H#^x
.%lU
Q\j"
k8u;}
*n9(
)C|ut_
Yh.C=
sV \
,0n.
%|5^
!cTz
V@O-g
p&YaT
e fB
RwPra
XQ C
LNa
:pJ*>
sBg,
v2.0.50727
D[N] aP
(%2f
6Pc
)xK|
<=d`i
xy"l
hx c
'r|#C
n5{x
-` E<
n SiU_
etC]
)Gx
O;k,Z
HOv>-,^@
4s|
0XxE
al\f
*bV^
;iF)
,c%+x
<z8}K
D*Bd
lA%dF J
0<M,
g.] v
i*Ag
n! .
eC|d\U
c:~-
<&Fk
ComVisibleAttribute
%J
D%F7
KcdT
FormClosedEventArgs
3System.Resources.Tools.StronglyTypedResourceBuilder
.ctor
3 >p
:RTwmWF
05m
fFT
&A^i
Rx$|
ErS|
al^L/
"B50
F 8U
tm%s,
V8l y
0&?s
3`]G
;hgcR
i =j
YM ^
>,$I\
8qC
<X9_
;b?[L
\{T!
?b!S6`
z4nU
\XQ(
%uU~<
_Z;eH9
|bzX.
0`])YDF
?Qx
9v6Y
@)R@
2Nk+@
?/ t
>TCZ
H}{ AJ
4: v
nIDAThC
oJa
BJDmh!-
e&?am
C$&w
Gt@G^
Lb_X
p9+a
'MvG
jiSmQ
+w+E
?{5SPYJB
@cPZ
a6+%
N#Z/D
{A$x
=rb5#
fy Y
g|aTO
CultureInfo
.PD|
&BQqt
W|%
`.."
pv~
mAg;
set_SizeMode
9h~Q
\-z4`
)Q*
] L3
zuX)
SetCompatibleTextRenderingDefault
~91G1
Ga_v
DPRX
AF >!
nN$B
8n
.l6z
mwII
vt6y
G 7!<
$]R
)q8x
||(D
/m1f
9I%oe
_lK#5 +|]
System.Security.Policy
ZN1L
y~R[
j1d%
KBK^s
u62>
r+~Xo
~ ;a
j VM"S
R3.O
a&kRNs
iIz+
"xsS
c>.iP
!_0&
B^ZB
-u-4SJl
3{lh
s>Z}
L ;E
N_7J
7U<w
l~U^`y
P!r|
PCE-
_BM
kIDAThC
z)tg
<K@2
1x,T4+
+\QR
f-bE
[HKL
+Xx1
&*6(9
DFS(
%${Iwl
%2ah
r6w$
<sn$
9y@Dc
$,>m
Exit
add_FormClosed
SJh_v
(Suh]
y+Q-
qf:Ar5
W_h?
\z.-
-AWA+
dn^m
SzMk
="$1
if]=OQ
#Z |
{8){
I1 7
*p}k9X
<|MZ
j|x9c
x25_\4
F521E867769A9D29DB1EDAE671F1D9C73D229D7A
@~rU"vp"
Tb5=
GD:j
%&!c
8u &
Z J
L2gQ
X.Hu
/w-q
iNC2
aG{ V
NEHX5
}>Ym
sgE:
&9wg*W1'
kkQN
2 Z^k
z5=
]
r}/pd
=A?b
zsV?
JgTjc
{iB
< 0u
oef(I
?O [n
!z
qSvj>
,<#t
EhrqD3!`
&bv01
X 8N
set_TabStop
{ )x
~Y
2CnB
CuY
IA/R
Mjq|
\^*#
.4%f
yu2z
U fh
Q!q|v
8" y
a*tm/
1aR")!9q4
PpM.W.
A"J
uKt
IEvidenceFactory
~#=xY
&"EO
=< P
.sy)
/9ddv
set_Image
.(Vzj H)
}]E/
^B7vR
!Nx%
`SA::+W
v@ub
"}5H
Mx`R
k& oF
Ao}VV
)fXZE
~D%?
U 21
]Ar<
MV"~
ym4o~
=;[j-
= MGRS
: 0@ 0
AssemblyCopyrightAttribute
f)? #Q
6k/.
RYBP
ujMw\!
*Pne%
GC
1c0@X
s#re
&d'?
Ot@'
%|4'
I-*Y
xb_A
R}y
hv%a
#zTJ
bndz
jehM
+E"@
Q%M:dj
YymM
3;$V
=szb>j
uxGE
- V[/
zmt)
40!p
z{(~
rX(\
=L}g)
Uu5e
VO>_
A;EY/@x
i)mv
6\YI
kTo@ %=
1@f
{
|tUl
pp7*
=d:w
?rc@
g"Au
?#K`K
~L(~
Hp"^
J8o)
.\(f
hhNo
=dSz
Cke3)
)oU]v;!
w/!|
[mcG
!}7D
~ 4
N}))
Itg0
d&4^n
x7(v
$bjI
a;K/b'/
@S H
y}BU
H(F>5oc/
RvU/
System.CodeDom.Compiler
U}!g
NWN6
|LOi
j~"g
R]1O
P1k
^u^g
gJ9"gh
>U2Y
GuidAttribute
3nXQ
r]sf
fAKJ7
qbpK
Y@I{}=
9!iH
YOHc
n&^f
jtQ4!
s`w>
qv0
Y &m
~7 7U
|6`(O[
#i<F
by#
&9T/
X7&-
WLS"
\]9W
EndInit
VV2(
a0>4/NgK
"fkx4R
J=%V
$VJ }
Hcqbr
$qa5
C wu
za s
x\UfV
lP8S
E(0q
m_?>
jYNe
k+1p
x"FOk
QtUl
Xm1sS]
99_9!U
VVGvWi
f/0]
s?>Pi
Nc\goX~
^<\G{`
W_PM
>%jT
KSj/b
Xfg4
.{#l
)NH`GX
3Xj rZ
UU,
/k.l
Ix'k;
R31A
'a&+
<q4q
`.rsrc
hL/c`
\OmtI
xG*3
2:?W
&l!}p
[~/7
;sR!E
5JJA
&Cr<
C)^mL@
W! Hn
uS=o
0^kf
<A 3B
7^FB
AssemblyTitleAttribute
NpuQO
z/`m
GRG]
sR1
8 RO%
e M@A
NO9t7%Q
;'B}
Y.k2
XS2t/
0E7"
YD[S
1}dJG
jI-W
~{x1
Copyright
KI^~
Hc '
:(Veq
EF %
Rc(kZ7L4e
lyi$+
# wvrP
uu%C
0o3W
F1ey
Hb*
yQzw
k001
)h_Y~
E^K2
{S'k
x0^f
SE0)
ycB1
vJ%
-1g.
#;LJ8
LaqV
9}2=
>;B:E
X[p8
uLYU
fc.m
iv:+
},30PL}P&
e&J'B
(&eE
$S wY
H,.[eIiNN-
2|nN?
[t h
>~i)
g"cu
]FpCM
]WU
(m;I
d)1%P
>K'4
pY(> p
D!Ib
nLja
,sl=
-"vO7&
eFqH
($7||$T
rAO\}?n
Y }i
{ M2
]=RY
it_#O
/i^23
!U)bYh
o<:`
asc8f
0{ig
dz_;
rj _
s,yh
3"OT
uZ@0Uk
c bC
4&qv
>c(`V
gTp8u
x=Yh
!Daw
p@md
kP0t
?dvl
Wr 6
e6VQ
kv`v
O)|
>>73
mJ[DW
/oN
C[p%p
ZY0
</(7^
.j?2
m9 w
vDV<
D/
]~Lw
US}V
4q0=
H`qu
DU H!y
&*v(,
vUyy"
%#qZ
(I*M
C *Yol
#)z|"
x%1*z
5n iP`}
x QT
>4X9
SqB'
%q?E
jY}@b
)xJ}
CVN
^k"D
cOz
F>"r0
#jzj
9_ ?
(D77
N.S,-
VfX {
-05I
DsiM
0\d
aG}F}c
^P]#
WriteLine
t1)
9y<^O
q?FI
R ?"
XQ.;v
t0.*
TX2T
HC>]
x}3u
!E(hn
s:>")
j 2
yp4!r
L>3gfap
[_Ke$a
[H<~:t
k:j6
]o_<*
2UH!
9] +
Y?`Qx8O{U
!,ZR+W
< QA
Jhfx
9YM.
v$klb
6ZS $%:
2T-W1
_Rf,
gN/'
qd8
Y]i
+J E
]q$9
epu}
U9v.A
[#*3
SL R|&
')5"
C!PU
Qq]]
H|S3
D(lO#
<9 >fm)e
-WRH
{ [Q
y|{m
:z%4l
-&W <j79h
m^x4T
System.Runtime.Serialization
O* T
E2~QB
\(8M$
aI E
,p _w
> G=
%ew^
W= >
]MSh
C,8e
KW,}e
>&P!
%@R|
3k(U
}u=p4
,38=
O/(a
=xaP
s9l@X
@U?DZ
fSwL
3z!i
Y]0$
@CkK
@clk
MU97HN
hYb'.*
pR4l
f^E8
C?]9
R6#e#
o;x
ui_~Z
1uy`
C 3[@
]B P
|vhD
{W[t
\"l`
R, #
K Pg
7}[l
zzJ?A
x~~i
OPgp
FRa}
USHU
4mw6
=fh^[
*CWD
HShJ
>R8&
uc=<
2 $p
}! \Ne
o> C
=[s9D#V
+%OG
'gT.E:
7HpM
h_C\Q
=e5|
v ,)2
DB\f
j}!|=
d;2T
udY
N,F,[0
&1-Q
~/i~|%
CFyX.J
)rG.
=zcH
R$'v
rW +
iy $
~ v>
\Z
w%z
OM X1b
System.Runtime.CompilerServices
'L;z
n{JL}
SCjmp+
V2YI
w@K[o
'. J
&-#\3_
i`[*du
/(G8S0
m`8e
R<^#r
.sPQJO
~$U[
&nN(
\A5!
j'p7 9
MXJKd
(8p~
{i0K
#% *
"p:lh8
w+'bb
}%0f
4CFg
O`BBl
DxWZ
hi3G-W
O5O
X\}T?
J-tlRC
>4b!
!;V\
PuC$
!G"(
2zn}
}nM-?
:fb!
%zp'
.r)j
x&Wg
Lr|%?u
Z[5Ry
EFQC
J@ '
>ftGiL
nhC4
#M39
6'/T
1M"O
^Dd/rzKx
_+#A
?4gV
EFQr
X9u
Settings
u=FJ
C(A?
F@oC,
]QJ_r
ZKjX
?|>3 JG
'YV45
lC&$
Az{O
Ao-B
@t $Ze\=
7( #E
9R*l$@
Z~$j<To
)g({
v 1f
[7$
(ZY]"
b}
E>%*
?{H{
07 p
PV!m
ra;f
#m/?
^( h
i3F
["Rj
&WV-m
iz4[Bp
JHML
IDisposable
@fNQ
D %FQ
)_k~`
OhG9
$aC
5 JT
xX|)
i <*
I'6
"s3\C
634^_
6iEH[
)s h
@OOm
Jbi&
U/v.
@`<i
5v.qP
A)P#r
System
x ,QV>x\0~
uB+q
%17
JmDn-
zH'?
\iXeRj4
$AHn
l ~G
~#c3U
7j4E
`s0+A?h
D-)X
)9W8j
aT{
hTk[
[qqd
F;9V
Cr5NU
Lj8k
!='
\\y J4e
q\zFS
8lMZ
8Pu2
W6P=
r6fP
Y %7
!x4^pD\
*p`q
z-!P
2"wbB
-+s^[
`-#GV
)&h g3
NXMD]T
-\s|
<czO
R4#\
J+:4
<Module>
d[-!
6t;Q
!T~ ~7
L%NC
Z)^+M
EpF E
mk89
.b v"@
)[-X3
;k&p
0FlSw
M-w0
[~.
GE~|
5R$n
7bB]Y
SM=>s?
1]J&@
lkZI
5GF
M[fo
(/<q
Z(jhhA
J0)
\H}g#A
vy8[
Ur6hr
k5J/%
E6(6H1
RQT
d+C
T`dx
"bL)
=/!6hc
6dp
4c@4
L>yP
SizeF
&*$s
%i2P
6".x
2018
get_Evidence
/Ro(
m].TjT
6jvd
V;D6
C# 9L/
%W86
XKteuL
H(n:
SP] {
TELA
&FrF
^MPIq4
s!B$
SGoj
mtl
7\7\6\ P P PUF
\=N
iM N9S_
5%<]S
QaEE
iyl1!+n
RS >&
DI ^
`B]/
WvRz
c=c.|
<{z`
nKJ}
Pi-m
<S=x
f[]0
P.~i
/P\|
Yzc=
?f0:"
\Wpz/w
*Xo%=
;#*
M+evR
(<k-x
Zd[tR8
&E,'
<1Y_(
rk)ogdlO
11.0.0.0
au #
{,ub
S ,x#
| 5wU
^awYX(
3Qm_G/H
g<s/L
w-jrMo
U."
>^#X
z^(zOei~bP
lWE
)@! I`
;#*C
R~,'jC
!^ %O
@7I<5
|X :
}hf/
qIDAThC
0w%!oe?R
=DKm
#;L
gL;F[O
`M^,
fpSoN
_!|`u71\
zfna$
Ial
N3=zw8b
VP`gA
q(AFz<
wb0E
Fg"#
U^UV
Read
8PH|
WMKN
uri1(x
!YPH
d{U@)
YmU
OvVQ
\~G.
,ytnr
) 0W1R *
4P1?
~<C{mO
Qac,
^APd7
0.C'
@=0]
O(q O
\{.=
"6ej
DWw5
e?9zr
UmOz
VRhk:
}Hpa@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
PV=K>;
'O;!
: a$"
i^ PcU
J2}I~
S4Iq*
y)7H
Ej5+
%[8
V-|q
7"|W
>$QL
<8~!
bkxo8
kA[:
\dT8
-2A*
-#qFC
U_g'
nXLrd!
KQ5Bv
Dg/
.6Zr
:dux
G;E}k"`
5h
EventHandler
=Uq.L
System.Text
h_.Av
/}h(
mscorlib
hs.e
ubT'
Cgv{
950k6
System.ComponentModel
Ibw^
xRA.D&
kl
s 3]
MZS{
M <Jw
8rY'v
=5||
5:TuQ
/UgGjR
zcF}
2X^,
lW)(
;ff0
uB7E
FJ'k
|0SDA}
zg'`t6
/jVE~
x'*6
Hwop
(Oqa
M9=
E[`
-RT4
W\7~)
tH If|e
D<wHF
j-@=i
\Il0p
X_h;
!n<l
WM]p
/~ A
7f* 6
!qd*P
THjd
[o1_:
Cp[R
'Cto
w%{<
|E#^
9**4
]5}Y
9<'09:
P(Q^
@QE
S`Xn
S>MS
&)(8
!SueL
M&?hH
iyw
34}U$"
i'_n
9.}M
%mq
s.'`
l|6
9 6t7b
D]:6
7za)x
uA<;GN"
kfA4
|i1Cx
PictureBoxSizeMode
$D4V"
yP)?
U&Yl
s]e
-Pcj:
;:BT
=rh.
DG:i
doV`
<s?x4
voQ7:
+[o7x
=o'~
qscI
NiYq
3S4=
w\$!
FdlT
}=f9
&3:<
T1 )a
rFuY
ISerializable
cPb#8
sN&"Z
~Xp/{
T[*5%
3Duy
V$uk
J5:%
;}a[
E
/#F`[g
n*|u
E,AZ
<hcF
0KW~
`Q2[
{%!6L`
8f^H
tO7ju
(Gwk
oYPr
A>G8.
Nh?B
oo5j"!
x`54
U=>V
N^;d
F%t7
5p%>
EcoMihaLax.exe
add_ResourceResolve
^_$1
&S/&
+* e[
j]vx: wb
RiX"!8
.A(E
]zjW^
C ]$
*Kq+~E$
ZhZC"
S )x
&28C
$w
NnG^Z
|X!
>-%@
'H 51
7$0pfw
,I#1|LQ{4-7^
+U"mI
|`=m
i.9=
4|+I
`'sD
)#K6}h
W h2
J?)6*
B1 x
Clz'?
dh~S
]@sP
\!GE
)EU+7q
/(RJ
0WA$ H~
O7``f5
Mmu
9>'q
pHtb{||
#W?wX
HaQk
;OfnXg
6y^,
Y>H|
TNulo,
Hm*,I
O kB
_#9C
oGw 2h
db5><
|lEm
U3[C_J
OA_@
}iL?
4Ld8yPs
f/nYU#c
Next
k `z
`/P,
r85Y
G K/
}ZaS
}4$d
q]+n
(y,c
Cn~
>+{s
\"sHD
Z"Xc
+%D*G
System.Windows.Forms
0.LJ
m]jRB"a
L"g"
'MY-
e( ,
]"2_
FEaV
27i\Ob
gl X
Z3O.
aHek
ed"
$# f
I zY
8=a
ViQ<k
S-H/ZH
I!PG5
{%'x
n|S
z< d
Ng}+7`
"QMj
<PA|
[O?>/
o5g`8
System.Drawing.Bitmap
6|nTx-|
\`[L
Who1 k
lS})
]3y
Q+A@u1
BsW%
H.Of
7#)D
Vany
rX\L
MeQ*
Q8 /
?,z2
Au@L
}F 4>m6
6"
Ki* >
StringBuilder
z) )"
%>Z#q
*/ .Rpx
}MtS-
`=^U/
c2iE"
V &f
g1#L
s#L2
CKXznQ
n0A}G
)q,o
Qz)Y
p =X
]G "
Y(q^
|e0_
3^ M
):=*
0IV]
^.B,q
l3 /
MZ a
C+p>)
KnP|
dmq%@
;Eb#
}8rG
)D}a
_4L"s
0CcMO-gc
ekx>
PpRo_
]a{"oP
MdQ
&(!
cT~G?
%h DP
cl :
y chh
K&-%\
cSWV
/514
CDRg
>TF^
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-05-11 07:28:29 2018-05-11 07:31:24 175

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-05-11 07:28:29 2018-05-11 07:31:24 175

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\pikin.exe.config
C:\Users\Seven01\AppData\Local\Temp\pikin.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\pikin.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\pikin.config
C:\Users\Seven01\AppData\Local\Temp\pikin.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Users\Seven01\AppData\Local\Temp\pikin.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\EcoMihaLax.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\EcoMihaLax.resources\EcoMihaLax.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\EcoMihaLax.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\EcoMihaLax.resources\EcoMihaLax.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\EcoMihaLax.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\EcoMihaLax.resources\EcoMihaLax.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\EcoMihaLax.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\EcoMihaLax.resources\EcoMihaLax.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.default
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.default
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.default
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2492.6043125
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2492.6043125
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2492.6043171

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\pikin.exe.config
C:\Users\Seven01\AppData\Local\Temp\pikin.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\staticcache.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2492.6043125
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2492.6043125
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch

Delete Files

C:\Users\Seven01\AppData\Local\Temp\pikin.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2492.6043125
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2492.6043125
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2492.6043171

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pikin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\601f25d\49f7f85e
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\70d04f5\2d7cf5f9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|pikin.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|pikin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|pikin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\70d04f5\23cffd40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\(Default)
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\pikin.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\FE5BA6D
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\FE5BA6D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\(Default)

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
kernel32.dll.DeactivateActCtx
gdi32.dll.CreateCompatibleDC
kernel32.dll.GetSystemDefaultLCID
gdi32.dll.GetObjectW
user32.dll.GetDC
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
mscoreei.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateFontFromLogfontW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryInfoKeyA
kernel32.dll.RegCloseKey
kernel32.dll.RegCreateKeyExW
kernel32.dll.RegQueryValueExW
kernel32.dll.RegEnumValueW
kernel32.dll.RegQueryInfoKeyW
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
mscoree.dll.ND_RU1
mscoreei.dll.ND_RU1
gdiplus.dll.GdipGetFontUnit
gdiplus.dll.GdipGetFontSize
gdiplus.dll.GdipGetFontStyle
gdiplus.dll.GdipGetFamily
user32.dll.ReleaseDC
gdiplus.dll.GdipCreateFromHDC
gdiplus.dll.GdipGetDpiY
gdiplus.dll.GdipGetFontHeight
gdiplus.dll.GdipGetEmHeight
gdiplus.dll.GdipGetLineSpacing
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipCreateFont
gdiplus.dll.GdipDeleteFont
gdiplus.dll.GdipGetLogFontW
mscoree.dll.ND_WU1
mscoreei.dll.ND_WU1
gdi32.dll.CreateFontIndirectW
gdi32.dll.SelectObject
gdi32.dll.GetTextMetricsW
gdi32.dll.GetTextExtentPoint32W
gdi32.dll.DeleteDC
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
gdi32.dll.GetDeviceCaps
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
user32.dll.GetSystemMenu
user32.dll.GetWindowPlacement
user32.dll.EnableMenuItem
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
kernel32.dll.GetStdHandle
kernel32.dll.CloseHandle
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.DeleteFileW
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
culture.dll.ConvertLangIdToCultureName
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
kernel32.dll.GlobalMemoryStatusEx
advapi32.dll.RegSetValueExW
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection
user32.dll.DestroyIcon
user32.dll.DestroyWindow
user32.dll.PostThreadMessageW
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
user32.dll.PostMessageW
user32.dll.GetMessageA
user32.dll.EnumThreadWindows
user32.dll.IsWindowVisible
ole32.dll.OleUninitialize
ole32.dll.CoWaitForMultipleHandles
user32.dll.SetClassLongW
user32.dll.UnregisterClassW
kernel32.dll.DeleteAtom
user32.dll.IsWindow
gdi32.dll.DeleteObject
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
advapi32.dll.EventUnregister

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-05-11 07:30:25

Detected family: #Ispy

TheSystem Itself @ 2018-05-11 07:42:02