CAPE

Triggered CAPE Tasks: Task #90407: Extraction


Analysis

Category Package Started Completed Duration Options Log
FILE exe 2019-09-11 12:06:50 2019-09-11 12:07:32 42 seconds Show Options Show Log
route = internet
procdump = 1
2019-09-11 13:06:51,000 [root] INFO: Date set to: 09-11-19, time set to: 12:06:51, timeout set to: 200
2019-09-11 13:06:51,015 [root] DEBUG: Starting analyzer from: C:\vsyprrmj
2019-09-11 13:06:51,015 [root] DEBUG: Storing results at: C:\TFohLKMJ
2019-09-11 13:06:51,030 [root] DEBUG: Pipe server name: \\.\PIPE\tUZoFjYx
2019-09-11 13:06:51,030 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-09-11 13:06:51,030 [root] INFO: Automatically selected analysis package "exe"
2019-09-11 13:06:51,358 [root] DEBUG: Started auxiliary module Browser
2019-09-11 13:06:51,358 [root] DEBUG: Started auxiliary module Curtain
2019-09-11 13:06:51,358 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2019-09-11 13:06:51,592 [modules.auxiliary.digisig] DEBUG: File is not signed.
2019-09-11 13:06:51,592 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2019-09-11 13:06:51,592 [root] DEBUG: Started auxiliary module DigiSig
2019-09-11 13:06:51,608 [root] DEBUG: Started auxiliary module Disguise
2019-09-11 13:06:51,608 [root] DEBUG: Started auxiliary module Human
2019-09-11 13:06:51,608 [root] DEBUG: Started auxiliary module Screenshots
2019-09-11 13:06:51,608 [root] DEBUG: Started auxiliary module Sysmon
2019-09-11 13:06:51,608 [root] DEBUG: Started auxiliary module Usage
2019-09-11 13:06:51,608 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2019-09-11 13:06:51,608 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2019-09-11 13:06:51,624 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\FprWtn.exe" with arguments "" with pid 1856
2019-09-11 13:06:51,624 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-11 13:06:51,624 [lib.api.process] INFO: 32-bit DLL to inject is C:\vsyprrmj\dll\azNqlVB.dll, loader C:\vsyprrmj\bin\VutebyF.exe
2019-09-11 13:06:51,654 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\tUZoFjYx.
2019-09-11 13:06:51,654 [root] DEBUG: Loader: Injecting process 1856 (thread 1796) with C:\vsyprrmj\dll\azNqlVB.dll.
2019-09-11 13:06:51,654 [root] DEBUG: Process image base: 0x013B0000
2019-09-11 13:06:51,654 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2019-09-11 13:06:51,654 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2019-09-11 13:06:51,654 [root] DEBUG: Successfully injected DLL C:\vsyprrmj\dll\azNqlVB.dll.
2019-09-11 13:06:51,654 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1856
2019-09-11 13:06:53,667 [lib.api.process] INFO: Successfully resumed process with pid 1856
2019-09-11 13:06:53,667 [root] INFO: Added new process to list with pid: 1856
2019-09-11 13:06:53,683 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 13:06:53,697 [root] DEBUG: Process dumps enabled.
2019-09-11 13:06:53,744 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1856 at 0x74480000, image base 0x13b0000, stack from 0x445000-0x450000
2019-09-11 13:06:53,744 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\FprWtn.exe".
2019-09-11 13:06:53,744 [root] INFO: Monitor successfully loaded in process with pid 1856.
2019-09-11 13:06:53,744 [root] DEBUG: set_caller_info: Adding region at 0x00350000 to caller regions list (advapi32::RegQueryInfoKeyW).
2019-09-11 13:06:53,744 [root] DEBUG: set_caller_info: Adding region at 0x00B90000 to caller regions list (advapi32::RegOpenKeyExW).
2019-09-11 13:06:53,744 [root] DEBUG: set_caller_info: Adding region at 0x004F0000 to caller regions list (kernel32::FindFirstFileExW).
2019-09-11 13:06:53,744 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7b000 bytes).
2019-09-11 13:06:53,760 [root] DEBUG: DLL loaded at 0x73ED0000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks (0x5ab000 bytes).
2019-09-11 13:06:53,760 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80 (0x9b000 bytes).
2019-09-11 13:06:53,760 [root] INFO: Disabling sleep skipping.
2019-09-11 13:06:53,776 [root] DEBUG: DLL loaded at 0x75E70000: C:\Windows\syswow64\shell32 (0xc4a000 bytes).
2019-09-11 13:06:53,776 [root] DEBUG: DLL loaded at 0x73EC0000: C:\Windows\system32\profapi (0xb000 bytes).
2019-09-11 13:06:53,776 [root] DEBUG: DLL loaded at 0x72EF0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni (0xaf8000 bytes).
2019-09-11 13:06:53,776 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-09-11 13:06:53,776 [root] DEBUG: set_caller_info: Adding region at 0x001B0000 to caller regions list (kernel32::SetErrorMode).
2019-09-11 13:06:53,792 [root] DEBUG: DLL loaded at 0x73E60000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit (0x5b000 bytes).
2019-09-11 13:06:53,822 [root] DEBUG: DLL loaded at 0x72750000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni (0x79c000 bytes).
2019-09-11 13:06:53,822 [root] DEBUG: DLL loaded at 0x73CD0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni (0x188000 bytes).
2019-09-11 13:06:53,822 [root] DEBUG: DLL loaded at 0x71B70000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni (0xbde000 bytes).
2019-09-11 13:06:53,854 [root] DEBUG: set_caller_info: Adding region at 0x00480000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2019-09-11 13:06:53,885 [root] DEBUG: DLL loaded at 0x73C50000: C:\Windows\system32\uxtheme (0x80000 bytes).
2019-09-11 13:06:53,901 [root] DEBUG: set_caller_info: Adding region at 0x00260000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-09-11 13:06:53,963 [root] DEBUG: DLL loaded at 0x60340000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\culture (0x8000 bytes).
2019-09-11 13:06:53,963 [root] DEBUG: DLL unloaded from 0x60340000.
2019-09-11 13:06:54,056 [root] DEBUG: DLL loaded at 0x719E0000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus (0x190000 bytes).
2019-09-11 13:06:54,119 [root] DEBUG: DLL loaded at 0x73B50000: C:\Windows\system32\WindowsCodecs (0xfb000 bytes).
2019-09-11 13:06:54,415 [root] DEBUG: DLL loaded at 0x73B40000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-09-11 13:06:54,415 [root] DEBUG: DLL unloaded from 0x013B0000.
2019-09-11 13:06:54,447 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-09-11 13:06:54,509 [root] INFO: Announced 32-bit process name: dw20.exe pid: 972
2019-09-11 13:06:54,509 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-09-11 13:06:54,509 [lib.api.process] INFO: 32-bit DLL to inject is C:\vsyprrmj\dll\azNqlVB.dll, loader C:\vsyprrmj\bin\VutebyF.exe
2019-09-11 13:06:54,509 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\tUZoFjYx.
2019-09-11 13:06:54,509 [root] DEBUG: Loader: Injecting process 972 (thread 1652) with C:\vsyprrmj\dll\azNqlVB.dll.
2019-09-11 13:06:54,509 [root] DEBUG: Process image base: 0x10000000
2019-09-11 13:06:54,509 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vsyprrmj\dll\azNqlVB.dll.
2019-09-11 13:06:54,509 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x10009000 - 0x77110000
2019-09-11 13:06:54,509 [root] DEBUG: InjectDllViaIAT: Allocated 0x1c8 bytes for new import table at 0x10010000.
2019-09-11 13:06:54,509 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-09-11 13:06:54,509 [root] DEBUG: Successfully injected DLL C:\vsyprrmj\dll\azNqlVB.dll.
2019-09-11 13:06:54,509 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 972
2019-09-11 13:06:54,509 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-09-11 13:06:54,509 [root] DEBUG: Process dumps enabled.
2019-09-11 13:06:54,509 [root] INFO: Disabling sleep skipping.
2019-09-11 13:06:54,525 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-09-11 13:06:54,525 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 972 at 0x74480000, image base 0x10000000, stack from 0x186000-0x190000
2019-09-11 13:06:54,525 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\dw20.exe -x -s 512.
2019-09-11 13:06:54,525 [root] INFO: Added new process to list with pid: 972
2019-09-11 13:06:54,525 [root] INFO: Monitor successfully loaded in process with pid 972.
2019-09-11 13:06:54,540 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Windows\system32\wer (0x61000 bytes).
2019-09-11 13:06:54,602 [root] DEBUG: DLL loaded at 0x719D0000: C:\Windows\system32\SensApi (0x6000 bytes).
2019-09-11 13:06:54,602 [root] DEBUG: DLL loaded at 0x719A0000: C:\Windows\system32\werui (0x2a000 bytes).
2019-09-11 13:06:54,634 [root] DEBUG: DLL loaded at 0x718E0000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-09-11 13:06:54,650 [root] DEBUG: DLL loaded at 0x71740000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\Comctl32 (0x19e000 bytes).
2019-09-11 13:06:54,650 [root] DEBUG: DLL loaded at 0x71710000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-09-11 13:06:54,650 [root] DEBUG: DLL loaded at 0x71690000: C:\Windows\system32\RICHED20 (0x76000 bytes).
2019-09-11 13:06:54,665 [root] DEBUG: DLL loaded at 0x75E70000: C:\Windows\syswow64\SHELL32 (0xc4a000 bytes).
2019-09-11 13:06:54,711 [root] DEBUG: DLL loaded at 0x73C50000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-09-11 13:06:54,743 [root] DEBUG: DLL loaded at 0x71670000: C:\Windows\system32\dwmapi (0x13000 bytes).
2019-09-11 13:06:54,775 [root] DEBUG: DLL loaded at 0x71640000: C:\Windows\system32\xmllite (0x2f000 bytes).
2019-09-11 13:06:54,775 [root] DEBUG: DLL loaded at 0x75980000: C:\Windows\syswow64\OLEAUT32 (0x8f000 bytes).
2019-09-11 13:06:54,946 [root] DEBUG: DLL unloaded from 0x71640000.
2019-09-11 13:06:55,819 [modules.auxiliary.human] INFO: Found button "Close the program", clicking it
2019-09-11 13:06:55,819 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-09-11 13:06:56,849 [root] DEBUG: DLL loaded at 0x73EC0000: C:\Windows\system32\profapi (0xb000 bytes).
2019-09-11 13:06:56,849 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-09-11 13:06:56,849 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-09-11 13:06:56,865 [root] DEBUG: DLL unloaded from 0x71740000.
2019-09-11 13:06:56,865 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-09-11 13:06:56,865 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-09-11 13:06:56,865 [root] DEBUG: DLL unloaded from 0x71710000.
2019-09-11 13:06:56,865 [root] DEBUG: DLL unloaded from 0x71740000.
2019-09-11 13:06:56,865 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-09-11 13:06:56,865 [root] DEBUG: DLL unloaded from 0x758B0000.
2019-09-11 13:06:56,881 [root] DEBUG: DLL unloaded from 0x73AD0000.
2019-09-11 13:06:56,895 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 972
2019-09-11 13:06:56,895 [root] DEBUG: GetHookCallerBase: thread 1652 (handle 0x0), return address 0x0000007E, allocation base 0x00000000.
2019-09-11 13:06:56,895 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x10000000.
2019-09-11 13:06:56,895 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x10000000.
2019-09-11 13:06:56,895 [root] DEBUG: DumpProcess: Module entry point VA is 0x00004D84.
2019-09-11 13:06:56,895 [root] INFO: Added new CAPE file to list with path: C:\TFohLKMJ\CAPE\972_75208563216271511392019
2019-09-11 13:06:56,895 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x7000.
2019-09-11 13:06:56,895 [root] DEBUG: DLL unloaded from 0x75140000.
2019-09-11 13:06:56,895 [root] INFO: Notified of termination of process with pid 972.
2019-09-11 13:06:57,036 [root] DEBUG: DLL loaded at 0x5E3A0000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader (0x8d000 bytes).
2019-09-11 13:06:57,115 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1856
2019-09-11 13:06:57,130 [root] DEBUG: GetHookCallerBase: thread 1796 (handle 0x0), return address 0xC0000034, allocation base 0x00000000.
2019-09-11 13:06:57,130 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x013B0000.
2019-09-11 13:06:57,145 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x013B0000.
2019-09-11 13:06:57,145 [root] DEBUG: DumpProcess: Error - entry point too big: 0x73607cef, ignoring.
2019-09-11 13:06:57,177 [root] DEBUG: DumpProcess: There was a problem reading one or more sections, the dump may be incomplete.
2019-09-11 13:06:57,255 [root] INFO: Added new CAPE file to list with path: C:\TFohLKMJ\CAPE\1856_105167257757261511392019
2019-09-11 13:06:57,255 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x89400.
2019-09-11 13:06:57,255 [root] INFO: Notified of termination of process with pid 1856.
2019-09-11 13:06:57,255 [root] DEBUG: Terminate Event: Process 1856 has already been dumped(!)
2019-09-11 13:06:57,723 [root] INFO: Process with pid 1856 has terminated
2019-09-11 13:06:58,908 [root] INFO: Process with pid 972 has terminated
2019-09-11 13:07:15,132 [root] INFO: Process list is empty, terminating analysis.
2019-09-11 13:07:16,147 [root] INFO: Created shutdown mutex.
2019-09-11 13:07:17,161 [root] INFO: Shutting down package.
2019-09-11 13:07:17,161 [root] INFO: Stopping auxiliary modules.
2019-09-11 13:07:17,161 [root] INFO: Finishing auxiliary modules.
2019-09-11 13:07:17,161 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-09-11 13:07:17,161 [root] WARNING: File at path "C:\TFohLKMJ\debugger" does not exist, skip.
2019-09-11 13:07:17,161 [root] INFO: Analysis completed.

MalScore

5.3

Suspicious

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-09-11 12:06:50 2019-09-11 12:07:31

File Details

File Name c143ebcb948773c410c454014f3cdfeefb1a8abf
File Size 564224 bytes
File Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f10c7fb0f6b5fdfd0e3a266a7a28f645
SHA1 c143ebcb948773c410c454014f3cdfeefb1a8abf
SHA256 22815910b990275125cf2f272c2bbfe627a4e72d0c320e3a9895b7bf8f235cd4
SHA512 56b00e95ebe795a582c168a656e37f466b981ba6d0b0807d93e24d6720b6c559f64f19921353da9ff75a7118f115ac0c19874488f6ed920e62c952896bceb6d5
CRC32 FE0DAB67
Ssdeep 12288:OnyGV5XLz5Kg4a5R1AUzpqEY4aabDaf7ZSYxMkdiIKJ:On9Lz5KFaD1jqEY4aa3afbSkdHKJ
TrID
  • 81.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73294/58/13)
  • 7.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 4.9% (.EXE) Win32 Executable (generic) (4508/7/1)
  • 2.2% (.EXE) OS/2 Executable (generic) (2029/13)
  • 2.2% (.EXE) Generic Win/DOS Executable (2002/3)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
process: FprWtn.exe, PID 1856
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
DynamicLoader: msvcrt.dll/_set_error_mode
DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
DynamicLoader: msvcrt.dll/_get_terminate
DynamicLoader: KERNEL32.dll/FindActCtxSectionStringW
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: mscorwks.dll/SetLoadedByMscoree
DynamicLoader: mscorwks.dll/_CorExeMain
DynamicLoader: mscorwks.dll/GetCLRFunction
DynamicLoader: ADVAPI32.dll/RegisterTraceGuidsW
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: ADVAPI32.dll/GetTraceLoggerHandle
DynamicLoader: ADVAPI32.dll/GetTraceEnableLevel
DynamicLoader: ADVAPI32.dll/GetTraceEnableFlags
DynamicLoader: ADVAPI32.dll/TraceEvent
DynamicLoader: MSCOREE.DLL/IEE
DynamicLoader: mscoreei.dll/IEE_RetAddr
DynamicLoader: mscoreei.dll/IEE
DynamicLoader: mscorwks.dll/IEE
DynamicLoader: MSCOREE.DLL/GetStartupFlags
DynamicLoader: mscoreei.dll/GetStartupFlags_RetAddr
DynamicLoader: mscoreei.dll/GetStartupFlags
DynamicLoader: MSCOREE.DLL/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetHostConfigurationFile_RetAddr
DynamicLoader: mscoreei.dll/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
DynamicLoader: mscoreei.dll/GetCORVersion
DynamicLoader: MSCOREE.DLL/GetCORSystemDirectory
DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: ntdll.dll/RtlUnwind
DynamicLoader: KERNEL32.dll/IsWow64Process
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/AddVectoredContinueHandler
DynamicLoader: KERNEL32.dll/RemoveVectoredContinueHandler
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/GetWriteWatch
DynamicLoader: KERNEL32.dll/ResetWriteWatch
DynamicLoader: KERNEL32.dll/CreateMemoryResourceNotification
DynamicLoader: KERNEL32.dll/QueryMemoryResourceNotification
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: KERNEL32.dll/QueryActCtxW
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: KERNEL32.dll/GetFullPathName
DynamicLoader: KERNEL32.dll/GetFullPathNameW
DynamicLoader: KERNEL32.dll/GetVersionEx
DynamicLoader: KERNEL32.dll/GetVersionExW
DynamicLoader: KERNEL32.dll/GetVersionEx
DynamicLoader: KERNEL32.dll/GetVersionExW
DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: ADVAPI32.dll/CryptImportKey
DynamicLoader: ADVAPI32.dll/CryptExportKey
DynamicLoader: ADVAPI32.dll/CryptGenKey
DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
DynamicLoader: ADVAPI32.dll/CryptSignHashA
DynamicLoader: ADVAPI32.dll/CryptGetProvParam
DynamicLoader: ADVAPI32.dll/CryptGetUserKey
DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
DynamicLoader: MSCOREE.DLL/GetMetaDataInternalInterface
DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface_RetAddr
DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface
DynamicLoader: mscorwks.dll/GetMetaDataInternalInterface
DynamicLoader: mscorjit.dll/getJit
DynamicLoader: KERNEL32.dll/IsWow64Process
DynamicLoader: uxtheme.dll/IsAppThemed
DynamicLoader: uxtheme.dll/IsAppThemedW
DynamicLoader: KERNEL32.dll/CreateActCtx
DynamicLoader: KERNEL32.dll/CreateActCtxA
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: USER32.dll/RegisterWindowMessage
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: KERNEL32.dll/GetUserDefaultUILanguage
DynamicLoader: KERNEL32.dll/SetErrorMode
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: mscoreei.dll/LoadLibraryShim_RetAddr
DynamicLoader: mscoreei.dll/LoadLibraryShim
DynamicLoader: culture.dll/ConvertLangIdToCultureName
DynamicLoader: KERNEL32.dll/GetCurrentProcessId
DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
DynamicLoader: KERNEL32.dll/FindAtom
DynamicLoader: KERNEL32.dll/FindAtomW
DynamicLoader: KERNEL32.dll/AddAtom
DynamicLoader: KERNEL32.dll/AddAtomW
DynamicLoader: MSCOREE.DLL/LoadLibraryShim
DynamicLoader: gdiplus.dll/GdiplusStartup
DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: GDI32.dll/ExtTextOutW
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: gdiplus.dll/GdipLoadImageFromStream
DynamicLoader: WindowsCodecs.dll/DllGetClassObject
DynamicLoader: KERNEL32.dll/WerRegisterMemoryBlock
DynamicLoader: gdiplus.dll/GdipImageForceValidation
DynamicLoader: gdiplus.dll/GdipGetImageType
DynamicLoader: gdiplus.dll/GdipGetImageRawFormat
DynamicLoader: gdiplus.dll/GdipGetImageWidth
DynamicLoader: gdiplus.dll/GdipGetImageHeight
DynamicLoader: gdiplus.dll/GdipBitmapGetPixel
DynamicLoader: KERNEL32.dll/GlobalMemoryStatusEx
DynamicLoader: KERNEL32.dll/VirtualProtect
DynamicLoader: ADVAPI32.dll/CheckTokenMembership
DynamicLoader: ADVAPI32.dll/CheckTokenMembership
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: MSCOREE.DLL/DllGetClassObject
DynamicLoader: mscoreei.dll/DllGetClassObject_RetAddr
DynamicLoader: mscoreei.dll/DllGetClassObject
DynamicLoader: diasymreader.dll/DllGetClassObjectInternal
DynamicLoader: MSCOREE.DLL/DllGetClassObject
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: msvcrt.dll/_set_error_mode
DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
DynamicLoader: msvcrt.dll/_get_terminate
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: wer.dll/WerReportCreate
DynamicLoader: wer.dll/WerReportSetParameter
DynamicLoader: wer.dll/WerReportAddFile
DynamicLoader: wer.dll/WerReportSetUIOption
DynamicLoader: wer.dll/WerReportSubmit
DynamicLoader: wer.dll/WerReportAddDump
DynamicLoader: wer.dll/WerReportCloseHandle
DynamicLoader: USER32.dll/LoadStringW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/CheckTokenMembership
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetThreadDesktop
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: SensApi.dll/IsNetworkAlive
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/CharUpperW
DynamicLoader: werui.dll/WerUICreate
DynamicLoader: werui.dll/WerUIStart
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: DUI70.dll/InitProcessPriv
DynamicLoader: kernel32.dll/QueryActCtxW
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: Comctl32.dll/LoadIconWithScaleDown
DynamicLoader: ntdll.dll/RtlRunEncodeUnicodeString
DynamicLoader: ntdll.dll/RtlInitUnicodeString
DynamicLoader: ntdll.dll/RtlRunDecodeUnicodeString
DynamicLoader: DUI70.dll/InitThread
DynamicLoader: DUser.dll/InitGadgets
DynamicLoader: USER32.dll/RegisterMessagePumpHook
DynamicLoader: DUI70.dll/?GetClassInfoPtr@CCBase@DirectUI@@SGPAUIClassInfo@2@XZ
DynamicLoader: DUI70.dll/?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
DynamicLoader: DUI70.dll/??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
DynamicLoader: DUI70.dll/?GetClassInfoPtr@CCBase@DirectUI@@SGPAUIClassInfo@2@XZ
DynamicLoader: DUI70.dll/?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
DynamicLoader: DUI70.dll/??0ClassInfoBase@DirectUI@@QAE@XZ
DynamicLoader: DUI70.dll/?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
DynamicLoader: DUI70.dll/?Register@ClassInfoBase@DirectUI@@QAEJXZ
DynamicLoader: DUI70.dll/?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
DynamicLoader: DUI70.dll/?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
DynamicLoader: DUI70.dll/?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
DynamicLoader: DUI70.dll/??1CritSecLock@DirectUI@@QAE@XZ
DynamicLoader: DUI70.dll/??0CCBase@DirectUI@@QAE@KPBG@Z
DynamicLoader: DUI70.dll/?Initialize@CCBase@DirectUI@@QAEJIPAVElement@2@PAK@Z
DynamicLoader: DUser.dll/CreateGadget
DynamicLoader: DUser.dll/SetGadgetMessageFilter
DynamicLoader: DUser.dll/SetGadgetStyle
DynamicLoader: DUI70.dll/?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
DynamicLoader: DUI70.dll/?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
DynamicLoader: DUI70.dll/?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
DynamicLoader: DUI70.dll/?DirectionProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
DynamicLoader: DUI70.dll/?OnPropertyChanged@CCBase@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
DynamicLoader: DUI70.dll/?SetFontSize@Element@DirectUI@@QAEJH@Z
DynamicLoader: DUI70.dll/?SetWidth@Element@DirectUI@@QAEJH@Z
DynamicLoader: DUI70.dll/?SetHeight@Element@DirectUI@@QAEJH@Z
DynamicLoader: DUI70.dll/?EndDefer@Element@DirectUI@@QAEXK@Z
DynamicLoader: DUI70.dll/?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
DynamicLoader: DUser.dll/InvalidateGadget
DynamicLoader: DUI70.dll/CreateDUIWrapper
DynamicLoader: DUI70.dll/?SetNotifyHandler@CCBase@DirectUI@@QAEXP6GHIIJPAJPAX@Z1@Z
DynamicLoader: SHELL32.dll/ExtractIconExW
DynamicLoader: kernel32.dll/QueryActCtxW
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: Comctl32.dll/TaskDialogIndirect
DynamicLoader: Comctl32.dll/LoadIconWithScaleDown
DynamicLoader: ntdll.dll/RtlRunEncodeUnicodeString
DynamicLoader: ntdll.dll/RtlInitUnicodeString
DynamicLoader: ntdll.dll/RtlRunDecodeUnicodeString
DynamicLoader: DUser.dll/InitGadgets
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: DUser.dll/CreateGadget
DynamicLoader: DUser.dll/SetGadgetMessageFilter
DynamicLoader: DUser.dll/SetGadgetStyle
DynamicLoader: DUser.dll/SetGadgetRootInfo
DynamicLoader: dwmapi.dll/DwmIsCompositionEnabled
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: ole32.dll/CreateStreamOnHGlobal
DynamicLoader: xmllite.dll/CreateXmlReader
DynamicLoader: xmllite.dll/CreateXmlReaderInputWithEncodingName
DynamicLoader: DUser.dll/FindStdColor
DynamicLoader: OLEAUT32.dll/
DynamicLoader: DUser.dll/SetGadgetParent
DynamicLoader: DUser.dll/GetDUserModule
DynamicLoader: xmllite.dll/CreateXmlReader
DynamicLoader: xmllite.dll/CreateXmlReaderInputWithEncodingName
DynamicLoader: DUser.dll/AttachWndProcW
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: kernel32.dll/InterlockedPopEntrySList
DynamicLoader: kernel32.dll/InterlockedPushEntrySList
DynamicLoader: kernel32.dll/InterlockedCompareExchange
DynamicLoader: Comctl32.dll/RegisterClassNameW
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: DUser.dll/GetGadgetRect
DynamicLoader: DUser.dll/GetGadgetRgn
DynamicLoader: DUser.dll/GetGadgetTicket
DynamicLoader: Comctl32.dll/RegisterClassNameW
DynamicLoader: DUser.dll/SetGadgetRootInfo
DynamicLoader: DUI70.dll/?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
DynamicLoader: DUI70.dll/?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
DynamicLoader: DUser.dll/SetGadgetParent
DynamicLoader: DUI70.dll/?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
DynamicLoader: DUser.dll/AttachWndProcW
DynamicLoader: DUI70.dll/?CreateAccNameLabel@HWNDHost@DirectUI@@IAEPAUHWND__@@PAU3@@Z
DynamicLoader: Comctl32.dll/RegisterClassNameW
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: DUI70.dll/?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
DynamicLoader: DUI70.dll/?CreateHWND@CCBase@DirectUI@@UAEPAUHWND__@@PAU3@@Z
DynamicLoader: DUI70.dll/?PostCreate@CCBase@DirectUI@@MAEXPAUHWND__@@@Z
DynamicLoader: DUser.dll/GetGadgetRect
DynamicLoader: DUser.dll/GetGadgetRgn
DynamicLoader: DUI70.dll/?IsContentProtected@Element@DirectUI@@UAE_NXZ
DynamicLoader: Comctl32.dll/RegisterClassNameW
DynamicLoader: DUser.dll/GetGadgetFocus
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: DUser.dll/SetGadgetFocus
DynamicLoader: DUser.dll/DUserSendEvent
DynamicLoader: DUser.dll/SetGadgetRect
DynamicLoader: Comctl32.dll/SetWindowSubclass
DynamicLoader: DUI70.dll/?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ
DynamicLoader: UxTheme.dll/BufferedPaintInit
DynamicLoader: UxTheme.dll/BeginBufferedPaint
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: UxTheme.dll/GetBufferedPaintDC
DynamicLoader: UxTheme.dll/GetBufferedPaintTargetDC
DynamicLoader: UxTheme.dll/EndBufferedPaint
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: DUser.dll/ForwardGadgetMessage
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/IsValidSid
DynamicLoader: ADVAPI32.dll/GetLengthSid
DynamicLoader: ADVAPI32.dll/CopySid
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: Comctl32.dll/RemoveWindowSubclass
DynamicLoader: DUser.dll/SetGadgetFocusEx
DynamicLoader: DUI70.dll/?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
DynamicLoader: DUser.dll/DisableContainerHwnd
DynamicLoader: DUI70.dll/?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
DynamicLoader: DUI70.dll/?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
DynamicLoader: DUI70.dll/?OnDestroy@HWNDHost@DirectUI@@UAEXXZ
DynamicLoader: DUI70.dll/??1CCBase@DirectUI@@UAE@XZ
DynamicLoader: DUser.dll/DisableContainerHwnd
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: UxTheme.dll/BufferedPaintUnInit
DynamicLoader: DUser.dll/DUserFlushMessages
DynamicLoader: DUser.dll/DUserFlushDeferredMessages
DynamicLoader: DUser.dll/DeleteHandle
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: DUI70.dll/UnInitThread
DynamicLoader: DUser.dll/DUserFlushMessages
DynamicLoader: DUser.dll/DUserFlushDeferredMessages
DynamicLoader: DUser.dll/DeleteHandle
DynamicLoader: USER32.dll/UnregisterMessagePumpHook
DynamicLoader: DUI70.dll/UnInitProcessPriv
DynamicLoader: DUI70.dll/?Release@ClassInfoBase@DirectUI@@UAEHXZ
DynamicLoader: DUI70.dll/?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
DynamicLoader: DUI70.dll/??1ClassInfoBase@DirectUI@@UAE@XZ
DynamicLoader: kernel32.dll/ReleaseActCtx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegisterEventSourceW
DynamicLoader: ADVAPI32.dll/ReportEventW
DynamicLoader: ADVAPI32.dll/DeregisterEventSource
DynamicLoader: werui.dll/WerUITerminate
DynamicLoader: werui.dll/WerUIDelete
DynamicLoader: USER32.dll/MsgWaitForMultipleObjects
DynamicLoader: ADVAPI32.dll/DuplicateToken
DynamicLoader: RPCRT4.dll/RpcBindingFree
Reads data out of its own binary image
self_read: process: FprWtn.exe, pid: 1856, offset: 0x00000000, length: 0x00001000
self_read: process: FprWtn.exe, pid: 1856, offset: 0x00000080, length: 0x00000200
The binary likely contains encrypted or compressed data.
section: name: .text, entropy: 7.91, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00089200, virtual_size: 0x000890e4

Screenshots


Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\user\AppData\Local\Temp\FprWtn.exe.config
C:\Users\user\AppData\Local\Temp\FprWtn.exe
C:\Users\user\AppData\Local\Temp\FprWtn.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\user\AppData\Local\Temp\FprWtn.config
C:\Users\user\AppData\Local\Temp\FprWtn.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Globalization\en-gb.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\user\AppData\Local\Temp\en-US\Mb00i3eC13.resources.dll
C:\Users\user\AppData\Local\Temp\en-US\Mb00i3eC13.resources\Mb00i3eC13.resources.dll
C:\Users\user\AppData\Local\Temp\en-US\Mb00i3eC13.resources.exe
C:\Users\user\AppData\Local\Temp\en-US\Mb00i3eC13.resources\Mb00i3eC13.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
C:\Windows\Globalization\en.nlp
C:\Users\user\AppData\Local\Temp\en\Mb00i3eC13.resources.dll
C:\Users\user\AppData\Local\Temp\en\Mb00i3eC13.resources\Mb00i3eC13.resources.dll
C:\Users\user\AppData\Local\Temp\en\Mb00i3eC13.resources.exe
C:\Users\user\AppData\Local\Temp\en\Mb00i3eC13.resources\Mb00i3eC13.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\GAC_32\Microsoft.VisualBasic\10.0.0.0__b03f5f7f11d50a3a
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\10.0.0.0__b03f5f7f11d50a3a
C:\Windows\assembly\GAC\Microsoft.VisualBasic\10.0.0.0__b03f5f7f11d50a3a
C:\Users\user\AppData\Local\Temp\Microsoft.VisualBasic.dll
C:\Users\user\AppData\Local\Temp\Microsoft.VisualBasic\Microsoft.VisualBasic.dll
C:\Users\user\AppData\Local\Temp\Microsoft.VisualBasic.exe
C:\Users\user\AppData\Local\Temp\Microsoft.VisualBasic\Microsoft.VisualBasic.exe
C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb
C:\Users\user\AppData\Local\Temp\FprWtn.PDB
C:\Windows\System32\en-US\wer.dll.mui
C:\Windows\System32\en-US\werui.dll.mui
C:\Windows\System32\werui.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\Comctl32.dll.mui
C:\Windows\win.ini
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Windows\System32\en-US\erofflps.txt
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\*_*_*_*
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_fprwtn.exe_f0bc9a404717a4929b9c77954b64f75ecc556_03289500
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_fprwtn.exe_f0bc9a404717a4929b9c77954b64f75ecc556_03289500\Report.wer
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\user\AppData\Local\Temp\FprWtn.exe.config
C:\Users\user\AppData\Local\Temp\FprWtn.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb
C:\Windows\System32\en-US\wer.dll.mui
C:\Windows\System32\en-US\werui.dll.mui
C:\Windows\System32\werui.dll
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\Comctl32.dll.mui
C:\Windows\win.ini
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Windows\System32\en-US\erofflps.txt
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_fprwtn.exe_f0bc9a404717a4929b9c77954b64f75ecc556_03289500\Report.wer
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FprWtn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3995b3bf\41dcf991
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\348cf157\456e2d3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Assemblies\C:|Users|user|AppData|Local|Temp|FprWtn.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|user|AppData|Local|Temp|FprWtn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|user|AppData|Local|Temp|FprWtn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-120665959-548228820-2376508522-1001\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\348cf157\274c4e72
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\6ae28f47
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHealth\ErrorReporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\ForceQueueMode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\ShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\DoReport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\AllOrNone
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\InclusionList
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe\DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Debug
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\CLR20r3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\CLR20r3
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RestartRunTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\RestartRunTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Throttling\CLR20r3
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xe4\xb1\xa8\xc8\x9fEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\dw20.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\44D72C57
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\ForceQueueMode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\ShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\DoReport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PCHealth\ErrorReporting\AllOrNone
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe\DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\CLR20r3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\CLR20r3
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RestartRunTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\RestartRunTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xe4\xb1\xa8\xc8\x9fEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\44D72C57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.RegisterWindowMessageW
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.GetCurrentProcessId
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.VirtualProtect
advapi32.dll.CheckTokenMembership
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
mscoree.dll.DllGetClassObject
mscoreei.dll.DllGetClassObject
diasymreader.dll.DllGetClassObjectInternal
wer.dll.WerReportCreate
wer.dll.WerReportSetParameter
wer.dll.WerReportAddFile
wer.dll.WerReportSetUIOption
wer.dll.WerReportSubmit
wer.dll.WerReportAddDump
wer.dll.WerReportCloseHandle
user32.dll.LoadStringW
advapi32.dll.RegGetValueW
user32.dll.GetProcessWindowStation
user32.dll.GetThreadDesktop
user32.dll.GetUserObjectInformationW
sensapi.dll.IsNetworkAlive
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall2
user32.dll.CharUpperW
werui.dll.WerUICreate
werui.dll.WerUIStart
ole32.dll.CoInitialize
ole32.dll.CoUninitialize
kernel32.dll.CreateActCtxW
kernel32.dll.ActivateActCtx
dui70.dll.InitProcessPriv
kernel32.dll.DeactivateActCtx
comctl32.dll.LoadIconWithScaleDown
ntdll.dll.RtlRunEncodeUnicodeString
ntdll.dll.RtlInitUnicodeString
ntdll.dll.RtlRunDecodeUnicodeString
dui70.dll.InitThread
duser.dll.InitGadgets
user32.dll.RegisterMessagePumpHook
dui70.dll.?GetClassInfoPtr@CCBase@DirectUI@@SGPAUIClassInfo@2@XZ
dui70.dll.?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
dui70.dll.??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
dui70.dll.?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
dui70.dll.??0ClassInfoBase@DirectUI@@QAE@XZ
dui70.dll.?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
dui70.dll.?Register@ClassInfoBase@DirectUI@@QAEJXZ
dui70.dll.?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
dui70.dll.?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
dui70.dll.?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
dui70.dll.??1CritSecLock@DirectUI@@QAE@XZ
dui70.dll.??0CCBase@DirectUI@@QAE@KPBG@Z
dui70.dll.?Initialize@CCBase@DirectUI@@QAEJIPAVElement@2@PAK@Z
duser.dll.CreateGadget
duser.dll.SetGadgetMessageFilter
duser.dll.SetGadgetStyle
dui70.dll.?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
dui70.dll.?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
dui70.dll.?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
dui70.dll.?DirectionProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
dui70.dll.?OnPropertyChanged@CCBase@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
dui70.dll.?SetFontSize@Element@DirectUI@@QAEJH@Z
dui70.dll.?SetWidth@Element@DirectUI@@QAEJH@Z
dui70.dll.?SetHeight@Element@DirectUI@@QAEJH@Z
dui70.dll.?EndDefer@Element@DirectUI@@QAEXK@Z
dui70.dll.?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
duser.dll.InvalidateGadget
dui70.dll.CreateDUIWrapper
dui70.dll.?SetNotifyHandler@CCBase@DirectUI@@QAEXP6GHIIJPAJPAX@Z1@Z
shell32.dll.ExtractIconExW
comctl32.dll.TaskDialogIndirect
uxtheme.dll.IsThemeActive
duser.dll.SetGadgetRootInfo
dwmapi.dll.DwmIsCompositionEnabled
ole32.dll.CreateStreamOnHGlobal
xmllite.dll.CreateXmlReader
xmllite.dll.CreateXmlReaderInputWithEncodingName
duser.dll.FindStdColor
oleaut32.dll.#6
duser.dll.SetGadgetParent
duser.dll.GetDUserModule
duser.dll.AttachWndProcW
kernel32.dll.InterlockedPopEntrySList
kernel32.dll.InterlockedPushEntrySList
kernel32.dll.InterlockedCompareExchange
comctl32.dll.RegisterClassNameW
uxtheme.dll.OpenThemeData
duser.dll.GetGadgetRect
duser.dll.GetGadgetRgn
duser.dll.GetGadgetTicket
dui70.dll.?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
dui70.dll.?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
dui70.dll.?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
dui70.dll.?CreateAccNameLabel@HWNDHost@DirectUI@@IAEPAUHWND__@@PAU3@@Z
uxtheme.dll.EnableThemeDialogTexture
dui70.dll.?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
dui70.dll.?CreateHWND@CCBase@DirectUI@@UAEPAUHWND__@@PAU3@@Z
dui70.dll.?PostCreate@CCBase@DirectUI@@MAEXPAUHWND__@@@Z
dui70.dll.?IsContentProtected@Element@DirectUI@@UAE_NXZ
duser.dll.GetGadgetFocus
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
gdi32.dll.GetTextFaceAliasW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
duser.dll.SetGadgetFocus
duser.dll.DUserSendEvent
duser.dll.SetGadgetRect
comctl32.dll.SetWindowSubclass
dui70.dll.?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BeginBufferedPaint
uxtheme.dll.GetBufferedPaintDC
uxtheme.dll.GetBufferedPaintTargetDC
uxtheme.dll.EndBufferedPaint
ole32.dll.CoCreateInstance
duser.dll.ForwardGadgetMessage
advapi32.dll.IsValidSid
advapi32.dll.GetLengthSid
advapi32.dll.CopySid
comctl32.dll.RemoveWindowSubclass
duser.dll.SetGadgetFocusEx
dui70.dll.?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
duser.dll.DisableContainerHwnd
dui70.dll.?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
dui70.dll.?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
dui70.dll.?OnDestroy@HWNDHost@DirectUI@@UAEXXZ
dui70.dll.??1CCBase@DirectUI@@UAE@XZ
cryptsp.dll.CryptAcquireContextW
uxtheme.dll.BufferedPaintUnInit
duser.dll.DUserFlushMessages
duser.dll.DUserFlushDeferredMessages
duser.dll.DeleteHandle
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptReleaseContext
dui70.dll.UnInitThread
user32.dll.UnregisterMessagePumpHook
dui70.dll.UnInitProcessPriv
dui70.dll.?Release@ClassInfoBase@DirectUI@@UAEHXZ
dui70.dll.?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
dui70.dll.??1ClassInfoBase@DirectUI@@UAE@XZ
kernel32.dll.ReleaseActCtx
oleaut32.dll.#500
advapi32.dll.RegisterEventSourceW
advapi32.dll.ReportEventW
advapi32.dll.DeregisterEventSource
werui.dll.WerUITerminate
werui.dll.WerUIDelete
user32.dll.MsgWaitForMultipleObjects
advapi32.dll.DuplicateToken
rpcrt4.dll.RpcBindingFree
dw20.exe -x -s 512
Global\CLR_CASOFF_MUTEX
Global\a4bd257f-d48c-11e9-8662-000c2940b9fb
Local\MSCTF.Asm.MutexDefault1

Binary Entropy

PE Information

Image Base 0x00400000
Entry Point 0x0048b0de
Reported Checksum 0x00000000
Actual Checksum 0x00096372
Minimum OS Version 4.0
Compile Time 2019-09-10 22:10:31
Import Hash f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00002000 0x000890e4 0x00089200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.91
.rsrc 0x0008c000 0x00000600 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.24
.reloc 0x0008e000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

Imports

Library mscoree.dll:
0x402000 _CorExeMain

.text
`.rsrc
@.reloc
b`h}:
?Yl(#
k[l(#
k[l(#
k[l(#
Z[k(C
ZXl(d
.text
`.rsrc
@.reloc
v2.0.50727
#Strings
#GUID
#Blob
IEnumerable`1
List`1
button1
checkedListBox1
button2
checkedListBox2
<Module>
get_B
SizeF
get_G
get_R
FromArgb
mscorlib
System.Collections.Generic
set_FormattingEnabled
set_AutoScaleMode
Image
AddRange
Invoke
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
Inspect_Game
Show_Game
set_Name
get_Culture
set_Culture
resourceCulture
MethodBase
ButtonBase
Dispose
EditorBrowsableState
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
value
set_Size
set_ClientSize
disposing
System.Drawing
Add_Search
get_Width
System.ComponentModel
GetPixel
AndroidStudios.dll
ContainerControl
ListControl
System
resourceMan
AppDomain
get_CurrentDomain
set_Location
System.Globalization
System.Reflection
ControlCollection
Button
MethodInfo
CultureInfo
Bitmap
Buffer
get_ResourceManager
System.CodeDom.Compiler
IContainer
set_UseVisualStyleBackColor
.ctor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
AndroidStudios.Properties.Resources.resources
AndroidStudios.Insert.resources
DebuggingModes
AndroidStudios.Properties
get_Controls
System.Windows.Forms
set_AutoScaleDimensions
AndroidStudios
components
GetObject
get_Height
InitializeComponent
get_EntryPoint
Insert
SuspendLayout
ResumeLayout
set_Text
set_TabIndex
CheckedListBox
ToArray
get_Assembly
GetEntryAssembly
BlockCopy
op_Inequality
AndroidStudios
2009 - 2019
$D5F44AEF-6B22-4EA1-9504-B9283C9F30E0
5.1.5.6
16.0.0.0
C:\Users\Sako\Desktop\crypts\new stub\CoreFunctions\CoreFunctions\obj\Debug\AndroidStudios.pdb
_CorDllMain
mscoree.dll
vZQ'~
"^stF
~u`HP
:xdv%(t
N" j)u
&?"+x
v2.0.50727
#Strings
#GUID
#Blob
&NJNu
EbJNu
-kJN,
Mb00i3eC13
mscorlib
System
System.Windows.Forms
System.Drawing
user32.dll
kernel32.dll
UnityGameEngine.LKSFJLFKSFJL.resources
UnityGameEngine.Properties.Resources.resources
O06veYamNfLi51BweDZra84auAjtvYiOphkrZ2ffjb3xhK1lPVz2j3cO5CjWhyrzya7HPZjomUVVyP4bK7TOsglg2Li7DC6azPhtZdKNUaRZiOEv01ZkATi00LC0DlYFODEYxMDThHewXOizhZuZwHONWbfwmMsfFMaTu6wwggw.resources
XvyyhYbYZpDYLeUrVYYrxnHlXzYsgAtQGIIz
kgCcBshwZshvnZtxUoYcUSpXNdjoydHaxfS
Microsoft.CodeAnalysis
Attribute
.ctor
CompilerGeneratedAttribute
System.Runtime.CompilerServices
IPayopFnOtoDxUPZUesSTtqcAXiCUcteso
cPcevdKfmJJmXQxlpooQuROFzfeKJfNyWda
UnityGameEngine
Object
qbRTNZjRpRsNYQgsCZPwKqIIppqvdJSBOjxX
DebuggerBrowsableAttribute
System.Diagnostics
DebuggerBrowsableState
YEpYHNnaofvjWeesJalNHXcGLZklKfhguzYl
AtsLQvmXDPZaFmibBcyPizDXUukZVipocPm
SlKKaIjQdpBAYOvtJQDRYLtpQeZAYDcGtJgb
vFYjnPIgmzhaawdigpkLgIkiFTXnDoYGxNI
rZvyCaGOuSOmTmfQXnxpFcnELGoQjDQHsl
ofKtcInNacttjNnIAhNGZUcLsiegkzsLgs
jqOJrDAGaenFbpwOeaHvbWKBKgYpUJaaH
tInBZdstyvlxbOLdIjqeKDGoABGiQilKfVzW
EAoVRllynExTSVBmpiBjKhfXbtEVrmimhj
PVorbmxPOiEpxRoLOyNeOdvdnmGxwBcXhcdw
kyOnCoYykfPNGaJwmdIvmXRBPNIPSIZNjiQE
cQyQUjXaHHYJizxeDHWcWAFVmXzOzPIUOfTN
iiHoqloZlHEkfKsQTtwASoqAVsJyiNoZFcX
YqlcoWZTOlwcWniwRsZfButsGWrSzIIRKC
DNnblcmwpNiRkuJjAgCsjjhsxtTVYmAFtqx
nnVSgUkECmEqFyHnZmbpcPfrfHEcPfznkS
lKDWITBDlSJtJJGqHgUJBGsZbbtCLIutIwDB
YQdOKpJRjlXGgUqVROZiCnXiYUnoawAbR
TKYGXlPcxHShqdvAvtNOPqiTtrsAIlhUb
aOFxiOhpSQOoKYzwbFVAFZTAqAKiNDeQtJG
SafeFileHandle
Microsoft.Win32.SafeHandles
EIhgxPmBnbvsvJOaRkCPjtrzvJoaBnotw
HJzimWwfCudRnxhjEnooinnRCKRQhNqhkaU
wmxkgAtQDuZiOcRqhvjgImJvKzbbJZRPO
EKXYIUofJwyDGJEkyYGCbUWOVnZfYOLWanuR
OxIGiwJbAOrEXuSfFDaXhsIoSXUioEEjAB
IntPtr
SafeHandle
System.Runtime.InteropServices
get_IsInvalid
IABqFvHtVgcklmVTFvgsfbSmedzOgouSK
CbqhFBDysglSxEipEGywnAaBbVWeuGGoP
wZuydfFUQlIeTPhKHUtxiNiaGCnaeHiYPoS
DEudbTzpNEacimRZkktreDXhjGRTPsekvV
EgPzYHFGoITmkPbCGgTyONIHCOqGmDmKNpC
hpBAfgfTdAHbLuFcDDjgEYZbVGBhxiDmiFi
EeHPbzEIUkcltxhXCHCpQsgYtYWrIlGWvgI
qgetHZcxVJHVvKLxqNXZkkGsUVmBCuCsfDh
wUxGJeXCxHUTgpsRZVevKrDsgferUNAHaKbW
QdFCUvYgcciyyqSYkfaBLpmEqJgcyJxcAOe
UouGxvnHLuVBUdtbCImIkSsXHoapTwAzcVyv
sbGWxzUceLUpqzbFsqAXVaNddgaKcEWPu
UdbKVfBtGKCQqpaECicdpmqbEhyoGqmkVel
uNCgDDHikrAsyqgmxuvVisqgIoGhFlTRBHtE
NLImzkIxKrqomQtsmysXNIYTVQzNbufgXA
mWbVEHETcRiUGffztKToRkdrWLBOVAHAdFw
EFWWxkxsevhAyAtexPDiogzxPKLIPDvxqdA
TWhpJpyaUdiKBKOxqmUKfzuJEbSWgNXPLN
nmtQXVrtSoENXGwlvZzzbscnYlvEXIjbB
BlohmROGoIBgRECQCEqhmWftYZEQmptKtqV
vKeCjPRgEbpeHmeNthincytPYwohNEypE
LlBignIyRnnEQttOCWVQJHlEQqqFXRsWNyU
UzsEsgSPVLVnyIACZviUrNcYgnLaqfVEc
bvgPBAstycORQXuaUjtJnEUBYgDxWPPCzrU
acdXAXWBRSeFEDqlCKACZHhtPVHEcADavf
XFxxlCVTedRQaIQjDrIiDxuoaFyBEKBJj
gKdVQnGBhDrmpDowtBOWhQmIdpTHBeafSp
XHgzsTKobIrIwwCCnZggqFkRAkZNqdWGF
qJlSAStPirKRToELeRhNvoubPIZPLoaygZwp
RpFipTLAnquojyBOdHjJPZweKzJBKDhPilh
KHoGJgcBPWAzFaQLbEpmOiAhHFXKSPcwVGu
LrwnWgXkmuqrFkZJiVLYPtLBrzEdqyPvBtUG
vtIaFHaoGAumKKgrrpcGaeciAOjzvRtPPtze
hOKLLPplfexoJYlFIKTxOmnymHSsYcHDb
sFxkECmKeZOfoEHajeKmNzGpSzeBVSJdUPY
JBvtCtWYYHJjfXwhzVfnJNaTpLWXjecUbV
BsLVCxvFolXeFeXvbhlsFKDJXeEUgExaKjVG
ccqLweHKPutmNZTufdounweZKHnYBApby
yqwgmpAwXiFVeUxBgCTiHjzluwsEaLNCUxL
LEJDrbyEZgCGptUPFThhGYOonViJeoJjI
DWxvoWPPFmrpsenEpakjytdZIgyhgQAbYic
WddTeYTquTBfXIfKVnNEIgQGZvxcdFYRtYVj
CYhAmrugPwaUqIDBYRFfAbAYapFkBzogAVXk
ogeRostLdDxTqUBmKOTnZPmjhFhhKXXrSc
HkWptnlJlvGokkcOvwkvbnFSgzXGqkKjKTJ
ArgumentOutOfRangeException
Console
set_Title
set_CursorVisible
SetWindowSize
SetBufferSize
UVOTuyejeWuvBLpbLShBjEHZARRJwTbhSQGA
FvsjxiSpiVVXJLBTEUmtiFLWWsgbrHPbrb
PcQBEpHYDDYINoYLDyqARNEOGoKgujdnJzo
WtTrjfQwuCLduJarTblZALJoxjWmcQiJYqrG
Array
GetLength
tdRUAfiopcUvcSOPnRlKipyoHlRuloBxrJF
KFmJixRpdyRByhpHekIpXixJlOwGqvszR
BHXNSabRNKrszbHokCrcUKAlIbblGoHLazim
gJhupYChkTBsaYOmoVCutEjfDtFHwpqNjjZQ
ArgumentException
ArgumentNullException
LdSXaOWfFQCYjSmDEhXoqTEypHiLnmkfck
vbQQHApdfKosGWIHcRBEigOYSxQIFfpOpN
IndexOutOfRangeException
QSLqBXxisePlCWGjsodpLmIAoDYCBpJDal
hQdPraNtVBtFiryXYqgOiqtiKshboeaCiRdg
get_Length
Clear
HJtXsnlvzQbYDUunzvYlVKNPfiOLIVnFeAq
anXfeKKeRzsiZGclPqpZBJxUtGmFvwPEe
YXqnpEQtGcheNGrdRGFLHeztgodktYWPItfZ
gAnJZCloaFzovVhXqwWGExVcRhseRBzNCpZ
LXJGNxJrSqbKTPWwNzadZDedRAjRdxzdd
rvNpdExSjsxybYleCzYACqyLTagtfJjUsTWf
EKSJHQRWUuutBWhwFQjejyRefhnnZFZKrymr
UFXxvRsbtpuAQhLAgnCvfPEmetULdfqKwszN
TXYSZuBtpDVTZpRTorGVackkVkaHofPhXZ
ulKaWiSnhhieBrPcPBvvFoRgGWXiXCeIOqr
sSBQIaSueaZliuDRAKnyVGRxqsRRzdnzBqbO
String
get_Chars
qetyEDIEyxuqrIHyYvxHAiwBEuazaTpYFlKg
CjJqLdTWiUmqPHqAQRnKquWcWfkQaQdPGQog
YzCbWnHXYaPxRntaZqgHGxbYZtkUxHaoUS
tiUqhQjYHkRVCSveHGslmsXjEbioQHNQDK
Encoding
System.Text
get_UTF8
GetByteCount
dAKejbcLfveJWHpXpFnAbKFfWdtWgwqhKd
hfkFdyeDdfpRhRiicqmeYxCRmrzZTsvDN
gmCRxQlIPTQtVVmziYNGGUXjDfoSoiqJvT
wrsEqnixXHxmEuZmvYvVpITTHilUnWROUk
CcoRTmUzAyXfAwJIPxznxlnYSLuQXlsAKaab
eNAsKvhgBRhNNdqgIWdqQKRlVynmhEOkYcJ
wiWHIhzrSfDdDrdwqCHapclgDBGBxXVlExB
uuATPuGKypLSceWIcHaUYGfrPQxIJhxOky
uXhkytxRftZszCLdWWlDkjLUZpSiqGGpxjX
YlrPudeWoobunFTDKjRDGeIvCkfEbgPHeqf
LnKsQhGPbcedlcwVLHRuEAYDFNntLbItbQAg
tqzRIcuawDBbxlSPCtxXxzazQYtnZXPjA
lkQJFUEncSJzecaVEmckPHPGqeejUjurISeq
aLobJvBIzNnpLWjxfBwWISHATsKyYFAjzpDP
kBmfJecqEKbyNSGPAmlnevKYRLwTgoHOF
UehbDATjGoSFSyZBwTLJfUXyZOBqHSxeF
jlOnsBGDodgyJKDiUfECKQNiaRrDTmrFP
qxDsmGUtryzYNrJaKpbJuCHlQgIZeoIpQ
dwjbFibkoHYtFUIXiCquuKwOCFcruqzihve
YZNViXvZwuyghTDkxmmcxqUWNSxaivnFjTw
qiBLsPVqEJmubzONUGqITdbVxmdSTIjVAE
DpcUgSvqtPmTCJnvJBhCcDPqbAvscZmWcXY
nENQgsTiDbHRxdiHlIFuNmxoEgaTpaVpwaNZ
ZiSraSlPXaWTpIfFoRCRqvtrwCYYgYtoy
oNyVpTppPWelqYDYkDRLQgbeIegyScgylmw
IiHNNDxhZwAqhLqVLQgRZWehijrvgfCNQT
ybQDTuyBEqCeBdSnxTtXuutQKIOVwUySnADW
cyCobXBwltlHAGKjXYbBzNXCvoCXXaEdnp
DyVhucYPhwEvIQxaVXoKvvqvAfBnwRViN
XIVXCpjWzhBAwtRbJsuKyJjymRLbiIStx
bDKbhwAKjrieSPpzqalHhLtkKxljLxSELh
RkAqWacNGDorFLPrubzgyRIQYZIzNXjRocuJ
IqIizhtjoGUnYGfgpTaNOaxIWwqLvTZlDK
fOYiGyiuybBAXwwIkRTkOKVISbOrFiewIE
BdGoesGaFxuNBhJZwRSbFcSBckctkBcCr
keGKoQzEbtWQDnzdZubhpFEmJDAGAKGNpCYd
wwKekXhjpvOKeJbJVULRngwxHRJYgWkJKuaK
fcVfndjxtKDLxBeEeeDDqvdFrPwUtKqXU
YEWOTtdVUjBJBajmGFGzvKHopaFaOhdJKsF
nsqsAOycQTnkSQreuUpNGCtzrKaBsaJez
NUvfcZKfcBRFtyLILcuOxCEuYiKbuphDv
VDLYGASjSzBQYBDjjkGPlNrthUfexusIJk
ilqwtAxkOWRYqoyuHKQerVPFjovPCTijP
gJzjgfrhwjQQPYtCfjluFfpOsACfAxrzd
CSjAGQRvSwUofYWlDOgFpXqIAyRkHRYfu
fFZDanHGPesWmByzXBSFYrqAOqPVdUiczeN
KIYWanNmLFuainVZYZnQaDotaGLWeZHib
BdShcWhYRiVWHWngSWQXWGtmQkcYvvNBB
DossTploXUYaWzdxdjkhdCpidFtuPoiiNE
rzdrikiSUongNVpsayUISHNrBJydnSnbs
BjKiopqimhqOBGuCnBwQjJdzoyhsXfZOqeqU
OWQDqlYcxqVhxCZuGbynHkqqKfDumirak
kDCdbWgSkJcZVJyxDNWFxYjQmXSYnCdCDB
eoBLkCHSnmTuZvISSoWcCAcxDWGOfcTmuNGC
vZUTVOiHCzwgVDprzjwjDEuGuinrXtNZIS
kEbLFSitSgYvBJxNpXpExrObIemAYNzLm
ConsoleKey
wLBICpAwHwEKlsdmKpsvItfLNaAdcbDXSV
Convert
ToInt32
ofLIbObzjgJRnxIkXGghCPJcdNsdvjKwzw
ecrtKvQBwxOOmmRvWATaqbcbcbvaVNcHpb
kHtzOSBGqZHvfFrJOmnYxyQWsLByoQKGmiau
Floor
Exception
PSkEleQnIfDEGguYupwZOEyiwKVGpfjSX
TmIZYPTXdPUcJSqvaNWVQQkFljhWghNkqmaN
zybYWRpxvfFgiKFRRdwtoZQhxeUVPhckWwe
yWXxVjCjyWqxcQcDDbyHmRosnVdPiJvDyGO
wIJrDdRcDzIacgWILcaEQlPCqtdofyfhUJx
yCzkRXixKJDHcToRjXdiOBXrONxoIykRRZv
SnrYIzBKtffJEyWVzxPAuwjOTmBDSnpdWoc
tdhRFPyHHxoJeyoBpZohAixqixayYtwhxO
vPtHXwqsmgvIXIRQqllKACKgvlmqaSzKvzIb
sqSaqNZWEDuTvKniXZGnloTVHsStGAXCPjWk
UAkDRUcnFjocYrSCiVyecFzGdGSJKaZyjima
WwXSDypnehnSNBFDamCLjEmGZRYEveybEWx
ywzghTXSChqKZvuZHsUZBWyJpnUwqpqobRI
AJaYfcHEnLSSyjihdCIcRCWyHBLSSgKxj
FxrTTzboBYVvDQAKZDdGitGhyHhEtHawkckC
rPIEpfYhRIeviLKQYToPTFnGrXricCykpF
FayPYZnmAbDKxsBOcDdUkhaLnfpbLIEAfltI
cCBfstrwwsQKoDQktWvnNdakAqYrXwRwuj
fmFBcddpJdDjguiaYSCYIpAYEanNuqInAKmw
EuuasHxBTzAmCPcKyQIrFocaFdeJTfTvU
uUmYSzKFSqonBrcRGzapcdxPXcNDRzkGgKHr
CdliHhwidAGoYdGLxdsLsGPhztplOzaufk
IEqezyadvpUHujRbzwUCJuWrDAyOnLQOXfT
sKkLyONlmIRVLFsNonkQWwVgIqQFROBZKS
lTwiWfKFecpDdZdLkpRDraXrsyiaFJPOyu
cUBwVtIFNQyZDYWPjFjtOiOBCcyUNaAmIun
YXjdmygsxVjkQOrmXlqvfBNtQBqFFGYsU
iCGqQJNzCgwTrTBXPGiIOsUXsAQtQvTktAzD
gmzQqrjPBmvzeLrNbRBXgZFHhXLnOOmlaaU
qwTzbicIwedBSCnqbvtNxDvlVCzjjlpIJTt
GzdfTJHGkhvjwiAAWyxydRscWFtkOKTiuK
PUspmoRBtrQYkoYUIWcmJaiJSHSnunAhppb
tmlYdWgnoXXcCSwaeAUqnnxvPvyJTkacoA
WihCpBWSBXHzHDygIREoBTyXXGcvLJPmf
apLZuWObDQnYhUlSjOULNSVexqzWyKisjuT
.cctor
axYITXVCSfieUzTLQSnnzARsypJqgNtoJd
LTKXlqjBeWoKsytHNYSSdnJxExrVUSpBaxm
EsxWwLPstUgYorPEieYfndJnyoilZldhowH
op_Equality
Marshal
GetLastWin32Error
SizeOf
QXuTNhQKxyzabxgqoPLuhzXcLSkjAzNbufoI
qbUBBxczSVOVTlrTgXmiNASdVpiwuCrpsUNA
rXiXVWPXrxAljzosDwIhAzqFdxdGZnABl
kWlFTpbqHpWbFPSDKvaNONOXlIEhXwRPDNBK
PhnDkgYIPydOjXHgwmjtyVsCtwuLiQnWZfsl
StjaOwkgKTsheNLOykpStEIjiSQoUAGrOvEV
pyxtTCrmHJHiUHcWrmfocqeCmoIuGoYTcCm
qCyuinimjCzWJhdNppxQoenRcgVAIaaAPhxY
BluPgQSquUHJEovcwckVvQALQvJyAIJQZUq
JrPdUjnbFbyonFGOgBbobUdoJOUgbHhVX
oYlkpPYBrCxxglkCNWWcnEpHQxBPpNBiod
Thread
System.Threading
jocktgKpzAKDEjhlnfDQcYcEHGSCFrVddwwo
uyGsdmWqBgUvTonkoixvkyZNIIWXleLBJXxC
KfkJiiKXoBQaUrHLuARqsGRTVYUXcOYOF
EnZGRhpdNHOikghdNJujzAePDLWmVnmlJ
ctRXtEcxDsBZbYjkOvKnlzKcaePDPhmjjhXp
AjXfACYnrHhfaofeILbediAeLIPvAIRiP
iUlWRFvFlkzScEWebOvJLVETKxrsoFcdoE
rQXQrywfZGjhvyoxfNuhJprDOpPaTTCiR
LnqiVTjGTrDgEBBrFmvyKSLboJZxJOgLp
SRYofhzHQsuhbyaSiHtmeSuYWByPXBCFZ
yJxkZQaegjmSiPSOOPKazuNvNYgaOZEhlcl
gHxdhLvDxYLzgzqdfrRmBJVkfdqlxFazSjvL
fvEjCzRJusNHIIgdFXxbLeBrLrlUcnIVViBJ
mdRRdysedpPSnBTHCNNsbmvKwVcUEwLQOb
SWkHaDHCHOzYibLKwVoSlqGAEhPTnajpews
rnuGsxQOFnxGBDAqXlVtSSYdXrsbYlpRysHz
ThreadStart
Start
XoCjKkwdimSJDaxJyVmjKLLoperxgJOSVjyS
cYszAztcjxPxVlboSnQwgDiGfYVjHqLvyIxm
AyTnFbKGlIbCzQqbGrvObvyycFTjQfhgBVbY
ZefJXlvYowVgqcUwaAwgNmeqKQftkoBcrz
RDHYFyNmVzJjjyUftdCpUzNdBztlfNrWsYJ
LsTVCgmEIpWaovrtAmZSaDEUxqUsVjhtPfD
DateTime
TimeSpan
Double
get_UtcNow
op_Subtraction
get_TotalMilliseconds
Sleep
get_TotalSeconds
SeAzWlVaGcslIUYEgCSaQddtUEtdZQSGckJ
rDaYUwGVTknDNFADRNpXekvTnHznEweFeoQy
hpIDWCboYlXgLXfTPBxmgtcWpRZRaubZAZ
jAXxWtcQBuUEmxnVBkUBQpSdYJQXeWzNr
EnPLjIbJzSjshevQTPrrEAqTjjxNaldfX
ribOWjGWSBFfFCZCfQaImmrmDWzqrpADgdj
QhBsbLYmpGXGjUQHsbLvDhOkhGqxbUOKavKd
QIvfRgobVFKUxJQPxIHASKQhWXxjDTQQg
uKHHmCivVTeVtWVWfKRajcIuiAIZKPkdjlf
NPLXAOfFdnlbzbFmDVhVPpPOFgdTddGYSf
VJxVLWeIxIFfgcraThqxRGqpuvcOQNODSu
mVyHrFXeFwZmNJQeImTjOoJaHcylucNwWiC
gcVUkdAcQjypLbAYuDyRIYFkoONNkwBYAlOj
GetAsyncKeyState
rXDLiGyhJnNSkCNgnjiIUYnIdArnlnbmG
GetCursorPos
FhsZgooyGBNeOvOjrgFSrDZYNiZWoIahAqfz
GetWindowRect
lCsPtDBTyAfiAquQOsBhRGRLcWzBrzBBTzJf
NUCIUjqElGcSEHNBjtBEklfEzqQSSgWjpLQw
GetDesktopWindow
SetWindowLong
xlUtPmEFAXEwQXuvspUAzhAqlffovfvIKjVl
qCacxuVwbwVTeBiHbqEyUYScsxjbbXopVFvh
NajdkPEjjOynuYpKDJAxpFpqHnEELDUgWJJd
SetWindowPos
vrFkFOUABiAJEjQsmSUszLXHwBWQvXerD
oNegPkQzTnAxoZdQTvEiAFRoVhHuygeyI
txkbVGxyKGxpcLrhNKbmCezxZkzQxghcYD
tmZrIIowLNoBWvSHycTTSwqCETcLAEnBRI
FExCaHkZpxsXHCGRpZJqwemBmeshhhmazLI
pxosFdJKTPUGnrizTiEYArvciReRLZwWC
gYoqIeDaaZfKdDsoXXrHfCyBDrpadBPOy
DrawMenuBar
DaWBBqJcVFpolzJqAPxpKBFuksdnhNRHQfr
MapWindowPoints
hYRPPPkCckeCArktmOnjEhFwzdCnHTsAFxLm
UFaIKFltkAwPqwbmZjWqKWjvDLuJykijp
KvAnHnGCOPOsdnGuAHvKLItbDXNUQNNEPm
iRSwrKSroKUsmxkPzQAnjalfAXnixPPuQ
GetStdHandle
tuhPFilWAyvpQZKRysggTlNXzTaQuwthJIm
GetConsoleWindow
CreateFile
FileMode
System.IO
wozUNaTfQedpwkwZeVlTYXYeJlAEHBnoIAw
mFvcgpGYWdEqZWpKHcbbyEkGYmwvWRtWjjQ
uTQrcJgrGflHwUyODpdXVcIGGikrBowOR
qrdhkeYJnWQfOqHvZjkrcEPVSgfnayYsOdwR
KzxiUtnZuWyiWUrJPYivlhEeFuYlXgTvBs
RQCavjtHHppuVReFWrtRaWHllmnyBKVIoh
eWXnoJlEmzLIpwjuSQlxwwAEJVKBJBdQV
WriteConsoleOutputW
AWmHfPUyozNgtiUcpqKJaolQPmxOhKCQh
uNDCNEcGaTZwQfmRWpAOgiWpNyFgVGjbn
BViZmavveNRbnodXtDIaJwBbRCLGuJxgvEWj
kPeNgddiBAmCWzKeOdUVNPhEjIhsTgwCY
XExAOCTFHnKcCfDBlTpXTjIznIYCwEOPRh
GetConsoleScreenBufferInfoEx
mqTLLxivClfdzFjNKEgqCvuNqlcXcgfFSTS
stBuYvbtLDrgBCHjhkUqrZYKQNdqUtnQF
SetConsoleScreenBufferInfoEx
mCJXcLPrEAUzXcQdcOyrcplGvGGqzqZnBx
TQoPWtAwwVOraauVwFOayhRebUrPOWJocmJ
SetCurrentConsoleFontEx
lyKjUIKPipCtenHfRPlIpWrBbdqjrOgTS
ZsFRImiXTuDpoKWstXciBmJeZLxIQUnZjl
idwPCaaDTcjGhzbyNDKbDzxSOGymzBIKKGPg
SetConsoleMode
XTFUWQbNqTsthBjCHNpCvZzJysLgIfoekw
QeCxjthKgcXwxxhJICjSAqsCWhIpkDcoS
POINT
ValueType
Coord
Right
Bottom
SmallRect
CharInfo
UnicodeChar
AsciiChar
Attributes
ColorRef
ColorDWORD
color
GetColor
SetColor
CONSOLE_SCREEN_BUFFER_INFO_EX
cbSize
dwSize
dwCursorPosition
wAttributes
srWindow
dwMaximumWindowSize
wPopupAttributes
bFullscreenSupported
black
darkBlue
darkGreen
darkCyan
darkRed
darkMagenta
darkYellow
darkGray
green
magenta
yellow
white
CONSOLE_FONT_INFO_EX
nFont
dwFontSize
FontFamily
FontWeight
FaceName
gyVwJffsyuxdqbnpsQipviNVbNQUIQytNpGA
QCNkBQnptRNcWfZBzGjiyNRJSYRTqjdJIFI
gWHsXIHKLNyyzYuPpLITWliYkCZoFjoFDYY
vRRxnhiPKYmpNZYrVNpuXzpLNDUtWJklF
smvnHZSdrpwdKzCgYEFfgYSCevUjQgPPjXeU
JSBPDbNpOoLguLxSliPTDQczfcAGnjXVj
gvZTtQJYWdLRkpULBkoavZjhTckSaPkfX
VJcQifULBafWGXsrXQBDDLxuTqIotcJZY
OzkalHrQjbOrDGQyIhpzmotvhCiYnGEllX
ojOuAelpxzSvRJbeaefCGguQzGxCUIzaRkCW
Component
System.ComponentModel
oBRgcJuausiRyEDHFoxLpoSXUcWSNWLdX
IContainer
Assembly
System.Reflection
MethodInfo
GetType
GetMethod
Activator
CreateInstance
Concat
MethodBase
Invoke
IComponent
zArqvlDcBLkPxyTFYqTiISvgUXWyUfpKFK
IDisposable
Dispose
YhKFygwLcyiJshnlbCDfSUgGlQHIGPOmCWn
hXJZjyGjjuHPdUfGfyQuNqrcRnzrAcIZOH
Container
JodIzpIrxZFZkWHqdmdjLTaATxaSwoYGiRPD
oSwdKsvWWVxoGXscGyRsVQrBBCwsfBDFKeJ
QnqbIoOoIqwVuVaqeNnHIIefCpsfEaYjSt
ACGUXefkcVCNXgrBPFldpLcSWnVcYbxAaw
sfsxrcWhdyjCfCaTmJVmXKmetvyKSBEsFZ
eGDhAVALYjcTaqawVEDAuzFohUhOEgWtiz
ZcJpuqGwsoUmdyUAqNnrDIwRNrUwhkFjvH
uGpDvDXtoTWHzaeKfEYtYsxdaelFSZxhevBK
QdEAiOmveoPvNbrsPlpZxVEzzilgpsFVsp
FwhHqiytuEZhWJzRUquPoqNlktAlkixujuc
aGToLhTkykUpxbUkfLEeFeVnCvSDBoDNxxpG
wJfxROZwAZhXPHidDtIoJudcEKlCRIGqgKh
cYontoCFwiJeowQsjDwBZTJJShVvryhUKmA
UTTENZlagSGaXrcbddZxJFkDGanPXJapIhLY
AawrWzEtCywzUIezBtLLfKDFxIhvWTWTpH
SesHLvsdHPpyrfGHsRvqlLvdILtyEjRvpJXN
oiavIwerThTwIAzVopbLYBoqlyOnyDCdkG
ItlNljJlIlgevKVYfNzezaBarWlEVKllP
LrhToJuefjHShOHWmnCKgxvyiCHBfxGNXl
RGIwtodquZonFLWqbzcmxbYpvdqoFKQHHC
ywZnxDYggEVOiVcfVcRcByobRKotsflkOJF
muBNIZyoedFteSQXydzBNLcXWTQeqaTqj
pXuBvXWKVysHDulAldtgKFUPrvrleoKUDDK
HzCOjKueDatGbokIBmSnxgcXNKoGFdReNg
WkvEFcSSLmNUYaAmZuwgvWVwOnOjfmYwGp
UqsxShSIxCCldBtglvwPJNzxZgSxnlLVJcRA
gmxAWFiwtjdAsNipNtkUUHmbEkpwrBQHxzN
LehorKkhEwwpmsPVStCrnNCiaTyBuGvhKNg
uPCgFgmCcWiOHlwFSbhQLuoVbSzpFTAjmVE
fHGiGBemYeXhTtwAJWnxqQBHeZhoJJJpLH
Split
DBCjmWJYEZEvGtDLLFqWWSJByXILIFsSvGk
rFQeVRxBrfTyscBVeojfwuBaTLVVFOJNqDPy
Int32
TryParse
ApPEWlBcvvRwtKBPsTFfIbnNfmQyPUzPHsS
zpebytAIlJjBdAbjcjIwfPAhwKLAGeZaLy
RmoiIpVGuiVQfzdhVlipnPnDcdsNLhVyyuuB
List`1
System.Collections.Generic
eFEUGJnKAAQjAwyRPrFaLXhxgOazWuwmOu
nLsosHQbPxCGsxfBpSbjvibokuYyjRPwITE
dlWKBPxaZnnbHuRCgwkOkxeHypciuAXiY
ToString
Empty
Regex
System.Text.RegularExpressions
Replace
ZrydtNBcPhDgEmlEqKlWhvALhyUJXXSowfUV
HuvdPiytRlrVssHOmkavlsCBliQFERfhLxD
ZcuJijYhVePTPtrIOrpTRabZEUjWNyDrHnC
fzQeyDCNCOWHPmCRdOHoPVsgmqthJgYFsoG
jqqXCVSVawlCGfHoYOdtbRPokqjadHxSa
GuesGvdovDWwvltnwTyAiSSjJECYQAzUY
ANuDVJsqXqJiuZUdSsagwrezAzsQYIAlXcS
lVArFLPsSXoAOgzFmokRIVSwRTAxfgbdAo
fgwivckJjnEOEssLaaRJtcaPnoohBvbCNmw
tDlSXdHYfnXenoztdOZtJtjOfdwLZwUOeaiu
KnIRfHVsRuOiRladycpqcPbIsCAdKsNgqfs
NNByWlucIrEtFHsmSjUunNHJWhKQZAQPABmD
VUeExmPzaGQLGSNlbxyNpuEsmYWVEKzGhbEy
gtABhcUDGBSoSodjKmEHtHeGBSJkcAEjoZ
rlOiPDmGvWZlszYeVHZDqnwCqERhktxxN
ContainerControl
set_AutoScaleMode
AutoScaleMode
set_ClientSize
Control
set_Text
gScsqtvAtQwxeuRNjINRVmWZROUyKwxcsuo
BCWSjNomHASteYbqbmGcGaQUkbjLeuTpXB
TrGCITGNSoKRRnxwCXcAzFxZxLIgbOuEptw
zsWKaUHblGDLJnwpPDpRHIZQFCQWeehxmbq
CheckBox
GxrstRjetINHGcmcGNmaSjqrgygxhmkzzn
CheckedListBox
sFUWyqmTHLGyAyEYmxqdfnzNCBhCSRhTvjpA
ColorDialog
GdLnAiQifoxoJOqVzuaDxUTiARKsEpIzXK
Button
JdWQWuVdADRuteRlshyvjiISDughRtmqdNK
DxKRtGiCJRTnGUpVkgnWOTGFxJIIUdEZya
JVzSqUosHioInIzuoSDvpoYtpfungRqPzTHd
RYfJlvFITDlNfQtJuIwOkhWDQOVsunfZKi
WWnCtSzVncXisFnpEARiZgrmjOmEQunbu
yBElaRggzHuKlboSVXEhAdfbBTxdHvlVvqy
SuspendLayout
set_AutoSize
Point
set_Location
set_Name
set_Size
set_TabIndex
ButtonBase
set_UseVisualStyleBackColor
ListControl
set_FormattingEnabled
SizeF
set_AutoScaleDimensions
get_Controls
ControlCollection
ResumeLayout
PerformLayout
llHyWcqLSGmjIoCNLiqgTdyHbDVgzEwFsTLB
qbOQiWuXYrVqynrgoiFyfNIFbSmpDAtrhB
NcnmurypazHVpZmSYtJDAqGZecwVoZBZA
unIHIwANrFfBQETPqtNdWdBURbPwowjcCsec
JCBruDUdQCWLcdiGNUpZQqdajOHwbKwhmp
KtuCuFYSyICHTCZQvgeoZHOFDvVTFIZsldxe
OeQxfFXRfmtZiVcDdkgwxkoPJqVbDPbkQJ
bjZYLKwWcgCRfeeRfcNuYtKAZUhEpDIfhiD
ESAlgEqUdZhlNZpbAcgvzboSsWnlIUOgy
hnJEeAETvYHRfhOqhVJwAltEBiStIBTswfOx
kZIAAKVKkiBdHklPJfxVxgRXBnVbqTEqU
fIxguhLcdsJomghYZxDLSNrjSSdXnJDRV
TWOVxABWWorDSnaUJupHiZgTtEzeBCxbds
ZSYImPGkaJqEqfefUAEFHPftLKjXRTDTmQR
bqpYmqHPvTQWuNPgPXnxpnWGUlZDTrxrnOT
fbteDqqHmlhaXLjrPquzNnzNiueylpbrvxv
HTKSzpIwvjiBZgqAelgYFttXYBZbjZdDQ
vmbKgSpjvVINoiHlbxAiGISmVycgaAWtzvvF
WLFYygkuvXbHryKmWTSGFBXpjZuAcRYAAe
Format
HTUtemhTrwUTatLwWFAINRBThaoYAKhDyw
gfLbEsnoZLWAOwKzeJNredUeFKkPLsSZmpHT
otsmoHOyeRQuDkHnDeBwUJOPZGhOuUsmafa
VTmZsRWNaksCWxfibsGBkcQYzQNBclqXm
vxEzZhnjLmVoVQDSyXYSnsfjHlUwZWfUe
lxlAnTbGtxlRXVNVKbIsRHsusRWIbvkdhy
RyxqYjiVxHZSZxUtwrTcbEpsmZeGkIrugGlL
WpdglJuFNqaXFVdGnxikCzkywAwOIbwRtd
KswlQHZopmQzRUmBheBPJoKudIHbyWBUHQ
yqDyZjbFpJRIuzoPoNYxxOlZuLqvrIQZErW
PmBKBikAklWkRiIgWLiCyJkayhslcAKmbRTX
zuefFAjmvPDLefDHVuDLiFSIXBhYmeLNESZc
JLizQJDcElhiVeEkJSDYzzkHcPqzHFhhz
FYtnlnzvTrgGifqEZgYnjyjQWYzWnUSjQ
OlrlqoObEOVpSaPHfnhiROOgECDtKVVkVf
nXVaLuVqDclkHcPAsicoVNPFGtcRYYSYsb
OqYaJJkKwJUdmJuvEoorrRZOPtKOkYonOC
reeqYnJIIVmNHrWeUgQofyyVmSBOmxOoR
RFrzWWPscXVpAgGuhBLVmIVCyQZmoidfjc
JzDUZyXtmdkevJsiNqVzUjLJRfJvJReSz
jyeNTboyhKCkGEusYPvxipQmCrUgnfXpYIu
AoizEFfknVmFPPaaLYkduTErWJZUeCDSucxe
Program
Application
EnableVisualStyles
SetCompatibleTextRenderingDefault
shbIySJCKpoDGvpWacGsrXHufwIprfIOKh
STAThreadAttribute
XxboyoRGxVbLswizSfbBuulNuXvSfviRSn
yZssKrcIJvUmcZLkNgfgBFebeaSKWBGLiD
CdoQczWbhClUnEKCbKhvQjKFpUkRuLUFkO
VUpnLZSQnyyxSoNYmVEPdTzzjGeBkvhRgGTs
DNNcPqKSIGXoRQlOaUvldGotJFowHQyCRF
LmBuNdDUSQLZzJrYzIldNVJZTCJHCiOBRH
IKPrIaYTeUaCzkBpibRkFXOrWrxCATKXj
RpaXhNiUxXaPIWnKSNazdwSpUWRGOLbFgYH
oDfJbvPzqnzZQCrBTUQrEvwgFckVQvcxw
ShtniDVWUSPdIrLTXKiFWfSSBretDLErBKGY
NmvZEWXPjeuknkYRfUnnRlmtPLGFpUfGgdYx
cfaqlexCCATxdBGklheYqkaPSumOFjrdSao
qvnuQVEiNgzQaKCvBpqxrrQfsWSoYUlOwH
FXLpQIbaaclYhHJLteAHyVXaZNszWkXAnzr
SGhjzzLsyHggDheGGTDfOdeZnuXLaBTgnjoW
csCRknSoxqFuqKtZLKdmDcJdbqqusqGvuQ
zEOpCpQZnnlFLlZPxUtOGNxPyjbTVxakNnn
QsPXeBKVkZPuIdQTolbSziNrTAXVtgqGzLl
nPAwPCerGcpHlcGwNWDyzdUhkeXKeLZDFZe
XbjDHjtpUcXEQgfwdUFNsrxPUqaqCQvwnz
zbPqAirQfiTUstLhqREeQwOuIpHLXQcgot
bpvqpODWlVamLodOLmEkolGEkQkaTDSjnuY
PLqzZhBIACijUUdIXAHCyxLIOjEVYsLwDWEG
LuIeaPrYapPElyHTIaQhNlPRSwenruRytvFG
OxyDznSbtIwecyxxzpqXoFmQbEkTULZcge
RySUDscIrBNwOSJZTRGDLXXRhHiuHsDTDl
QhISvFmmPQQcZTDDfjUWpOpokVthKKsxgjs
WdKiqflszeLCEzrVcVapKynxmPaIJhuiRzsm
cpYgHbHybqWCGZGvrulcDvIjrAztCSloiEQd
kCzxhzVnofLCmOrvwHDBQhstrApAIlFszW
yiDVyzmooGKvTfIXikHEAePgjRasJGmUEVEC
OrPzbluvdUuCrSavcHHrvnUQpgklgaLUPSst
UvtlXfwPbgiyTeaDimnacoppqFieFmskmu
GNSvopvVrXudFdNumadwIndZluuNXBeHTbda
qPjhFntgeFqXeIqwtnnjDJtervwyKhUhNGyH
Round
LVdozVJRysVfVqSuNCbpTgdjbNcDuAXdWai
ishVHNQCKmDiJRQjrkXaTACAzQtbxhPADL
TZOBUatkxHPKRoTxKXYNEvhTEgZrWWHwzBN
DsXKhupTqkBaQrwCTOJeWOjcyvbtkrjSL
dAWpCqwxnxqkHgFNSLCkCatXmSLItfVqsjg
lnDOIGUrfjthiOyTaxzVwYUPpuzjsbNynqx
quJILHegDcxkRAlgtFOUCASiNjNfvTRAlwA
mqAlCGFAyqBdtVPSlTBOhzOOEHFJoJONW
NLfzxSKoNUuwrXhDKayzkcujeHuqCEgkBP
jnddfJylFxkaWKdUFzmWknezdhgLxDTyy
dDJzhklbloXfxgxaPwOLfLKvKqBEsBwHs
thtxfbeirBhuuJwZOPAXsKzXxWhzHdxiywj
ZdigmUnktGuviPuKawrruGAcBxzjxgIIXtIw
iYnYvJXCwdpuvgJrbBbtQSjydiVHunQee
yATWvYgZGzAafZuvTaCURQxgzlhZtHEAirk
WEarpRvzFeOblerAffuSYDfCkXeGzDmRK
HAfobtqBrHdYAAfjtAEZjRGgfSfWIqwEyTEk
GEGpyDWVqjUpGbgeVPQsXNZSHnhrGPQyoX
rFAcjfbnUNTQxflEwfHQcthoURErYTnXjw
WLntBAXsVDvWtGDqrJYfzBnEFSAzLwmOp
lAmtVgtTaiWSymDhYWIgeIEzXjdqQlXdDkAt
fCuEWIpJCJOsBtdmKziAoyoYwttJdhBFGOw
KJkVeULPuTixzsFcjDmeJneuEmPjQNxBlC
UnityGameEngine.Properties
eQGxowUQfYPZoEeaeBfwKlFazEVEouapwvo
ResourceManager
System.Resources
dYCTbxjsccIjufjVvPktPSTqYrtkucQLSxG
CultureInfo
System.Globalization
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
CvsTBokTGfFrXBNjcgIZDwtWFbrdfKqRrRvv
yOFTLFDJXYEKQQURBKnzCoeTYxuCOqCzbjj
tmserGUBTmFZJuUJoIxheZLTmAnAbYPohbG
GhdYiBazBKCjFeksEGcjpYYEkjXQBHYTzk
GetObject
JQXwdjJQXDRzPOuzilLuTpOPfJrPxidkVvs
RulGYQikFSsJgKpFnOknQwXNxjBtqXGTSbDJ
EditorBrowsableAttribute
EditorBrowsableState
rZSEWzHgzdGmCUwpzXgWazxhWrkKCUtJyl
ARVGVuaYTiQnizLYaHoaYOmcqneBkDiVxR
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
lGtmecVYHowQvabKhgQYDELkNLPCgxQvVHJ
ConsoleGameEngineExamples
qajcEOrLxCEhXzmdOKiDGCSQoSqkxITRUzvU
NKBVOOnxvRFEGoKTHretbGfHISnSkBOWCKd
JLatyvktTVvWdGqFRjlppRigCaSrbXdYVX
wAYNCUuAILspsVjayaROrdSXiZPfUPAHTkF
goRxAenCgeSNGSdGwegKFNPJwVKtBoxTZo
weQHKYTjvKxXXWzZOFjmNhbDlFazVuIitY
PagspIdbWJvyejArnUgxoSRFvtxaljafJ
gJoYvRIdWFUhfSZOLUwLPbBYQGyfetaUpgD
nWbeeYoYBVbplQQmPpziHLEyIbxabEquBBx
icRBdQJNOeYDSQTQvGiVYBlxTsBocCjazyz
tyaiYNLLewAIOLwEkJwGoepzqEORSSxlYumc
dUWVSyjlLEggzzNzlhswXJuejgijYkwElYhP
grrrSHmvgzpkSwNjXnmcQnUbVqSWWSXFrgtg
dihykOFCtGRTlAUZyZpHvYyStBXEnxgbVP
rDpxrJAPlocioHtwIotgKUwEwlFsbOmyII
ILPAHltSfVhCGybvSylIKcSYzArmdOIhmQoa
kVkSpyztftRODqCxDNGsirkygTmRhNcfC
dyGFYnSeIlguxSsSfEQSCefTsvTYGFgIhSmX
iYuQepmAeBZKfKecXWqaKpWoLudLtYHOsj
RUcNODEEEdESkCAKSFAhrVtBUXCUUvosYVf
cqCLfUgUgYuGhisZeVCfUWbkDHXXutjuxOh
JHXbIFjGkQuUnxWygPOULERybSzQphqxU
JxrinfmhSyJUovQRNecAwvgdGqCxGYwmA
qUqnBGvpkuvSnggKVafTPYxyJknjtmurkCo
GQtqdBQPhKmjAIWKcFXwzdZIYhutJqlxEu
mjKpqYoXtfjqFOEIAhcZFEUvxVKvLhnyFTis
qdFgKbiYjTWvWohrBIkCPxGeFSeGFsdpQk
InQiehcquGcxZPqcuudsQTbSQuckKtlkCaQJ
WJYwQPfNYlJlGlyuChHeqGYCZrowcrnPop
LgQsPJjbyigeEnNdcYzbHDaPuvWdREZip
YnHYAYNAEPnUKQOepUKhPlyrHtdhtZWfuK
CqoUAqxDdrSegCKpzXwKndlSGYlOYOiaQ
NRIZEXKZVuekFGhvXmUdfzPUcJtUSuECWQh
lahJNoBWujxqJedApmVdYZwbAJaoJEyHdnVd
YIUthKRhqJfTnxzcRgPboJuoBHPEsTFktq
yQLLVDjAbZEYOcpPdBGnrFWnumiqtcrXmnhK
EPjCivzdTkuglWkGEYCjNzDbYhUwHIypukuW
UKkYxhLFlLIErflZEBLoCLjKHlcVsViwxHoP
fhCOQNtSUrVEgsUonVTDWnHeLXWcSUofyO
YfepIVFRsSxLOqhNEvaxiGnLGTvOqqXOv
YYzughIBVfrUqdWyStArPQHFozrmyEaJScez
CLfiEcaWcsGkXRfCaYDyGTVXsiLxedXTpio
LJRmfjflVTATWggUyOVRkXkXcEGmojpiDxx
yYynFQdNjQWkyDYGCsEJVnItAQFpUxEKu
ZpqqppetCwxLaPSWQfCpEvYVwFfDelCVPsaR
YGSeQSwvfsmHeUyuUIEbEeNcXheEyvoNmiCS
WLOJxpPGfvAxdGheISwEHhuaPnkHemjZAzT
FBSrzlpobTUjhiukDulXsSnuCJLDDuHPKa
WrCOIaYiOTrowOCoRDkblwmTuWmvxkFVby
YextnohtrLrFHpJTWekzKmEjWyApSjHyPCrL
DmgpogBUWlAhYHGSTrfymtWlbykDeVrZu
VJeFosEWCFpzxRCQtQUOVzOVXAeVsTTgJpI
BSVcJPREhlBrWxsVvvaoRoyKvoYjkpZEaXVF
itGBlHlRCIQWNUoKYqtHUtNOtfsuncKYvb
HkUdHDGQCGIrjPwwCaJiieyuZyTsyQHZtQHH
szajqyopqqCQybmUGhjFdQkAoRccBDBHLaGW
Address
cAAnuUwKojlxozzmkmGdlJHwLqAYbKLja
OXaHgKVrXzXUvyGHFomlqPYRExOUQWdSkopS
teOPkUuvqOeAoFavYWQhlRxhJoiWanFwOnm
zEhRLdPEIDZBpufVIykjYIllafpOqpVGFeSm
dmSYexxlHDleYskeSJwZjBkSmUcocIWeL
gQXFvqIWiEWyPdnYsqjbERFGetZvyeyUUP
UxiNNEvzoXxilkcvrQIOeThjoPVikGXxVW
GotFFEsjwNmgtBiPTzVwgwtHHgTgwzqNaJW
dkgSybARjHLYNNIaWvXdFtgVmVCgINQtd
cXkhUKREbDqCOYgzobWhRFirjdiQvXjhGlE
Random
thXZTjPhjfqJjIXmQBFOUDfBxPeuWcPihrpr
dRVBZbHHjxHLQcHkqPXkeVnZgRFXELQfbJd
CqHFpCbINZoTuYluYiKwhtrPhPXdvZWcP
oLjaXSxRgmNyNIgpSXuTGCKVynnqsaykDZ
VSeCPxvvwTrTjeYeANcHZdwztvdxltxIl
tPEiGaAolXfLmivzonyCCqAAOJfoetCaxd
slrXXFPIWjDmTgHqpTgSctNJbVVEugNrbfC
thfRksgnzVpdNkwZjXOJilsvVJiWdkPwjl
SPCwVmiYTZgABstzIiFvFAtHYmtSswfiXYT
kBhBpOWFkodLXbKPWdZRwYycvxxxRYuGkYSc
HhSgqRvhQkwuFEPfRxmdwjvrKvEgVwIkJ
UdqsCEiJlPBamSAUTiDzlNYPrsAUAWbfn
IxJScToYTliRDWBfHtCmZnUUhoPJmyHdPAJk
LXpWTDDUbujOSlXbWFTpDacdXjumWXLwA
UxZZzZiAqopKqtuplAXuURInCUfUftEdgB
yBqEiZbnDedxZdNhppVXrrScVDUmvXYCR
wNopGRwOoHYdWSwUBXlgzXedTYzfVeKvhJ
KfJuzYCdZdypcwTKbqdIauCCRppFAuVpCALD
HKQDluqGucplItRJpIUSjXWaviQFgCdPiJw
DVDYLmBBBGkliplsFLaPtWQXWBSaXjPqbrg
hcAWgYyHYXdqBPsFNsxpacJrXDFeIykZtXe
GrkXrBAZqgBFmPWPFrLrLRUUWKeoQElXrU
cAIjjanWJGVNflyxRJaJpacAzsXElvCeP
LfJebSOTkDKOERPeuNQAdvahVCygCozKZgz
tgkyyWsKbEwJUsQdbckbcrQyQYzIozqGf
qhcrxIybhvtrqedNmwgckCyZYdtfoTuJp
adPCWXxWtaBtgwNpVWHolVtaQvoRJgAjdLHG
WrVuLZdAuHkattaehOJdomxySJPHmIKxspIZ
RPgnAzrAtBnDrIqReEUwIKzepcanBVBZcjn
YzlWGvPwFkVSJUfkIEUsSjdggoRDuNRjDpxa
OwJRBJTPdPlJPTjkGtSgurfYKVZFFYNIdr
OUAefXAWeRGSrWOdWIvyrTDsSqCHCYAATYC
OYDJJRRwOHyZlyQtksuqrLmjdBZYvLtivTq
YFHTWnRtxYuRAxWlmbTLHyvRLPVRHSBvDyX
hQYTQnGyAuzosZmTOJSpmkdSKQNfIUOJY
mdKLLtxqqSbnQSPhugTwXxVgLDNnQvrvEESI
USHDkomYFfjGhBWktGAygRNytXmRIqXVqeIx
nJPSZkmYcapEXAlFKYlrSPIcOCVFklGdhuL
dyBaVrlOZSVOVIiyzOTOFpfrBzSfrxCdFKy
ILccNlwDOSdqyafxRAbtrJXdEkyYnHPZt
WndBdThDcRjAzYeHqkWjDeHVpLUfxfLwlXRS
qvjuokUdRQoSeHnboRjmIgFzVwliAhlbejG
RwcicxRzIPXsRGxKFRrrSICouBmWgiAPAwX
vDcXttXyPeHFlhvRLBfeXtdwvXwyQBaQEL
Comparison`1
zDaZjbQSEfNIDuZqKIirhQDmdvdRfOJHNDgC
Enumerator
GetEnumerator
get_Current
MoveNext
oAgvyVqobqkXhrSZhQNsVVmjOgNoOlvGxj
<>9__17_0
Single
CompareTo
<Update>b__17_0
guVoBdurTgVFdlllFSlKFJYnOQQUtrqVANBx
WPDHdhNRsVerHERedaJvQnnvSmBQfNrdzBJt
NETbKwdAnbHWmBAQiWLrahtDknhsZHOKSm
ePTzTmsDBgOvwhgEtKtDLPbKulSqJOFVGqX
qXFVlJvkHrZbNVjAJDBYlsDfsFsChmSIqxf
IjZACvkIFsXSrmVCpHxWGiQSTYQwhkdvROOx
VeepqEBwheivkRWJYLnmGouhCjlvBnizHE
NiFaQspncEbrPAGcHAapTFXSdPaQrJZFYGR
zrxkdhjSEKKUUIEIcoUVaswBJwOcTIPbZix
feaDOoZuEDbHZcatnrFdjVKDdlZvDwkrTjX
xzsiafXZDSJqSPeXIAqLhabmhfvzWcxaR
mGPdXEBxrtqcloDPyOkTvYaCSKVJQlkkUv
JkbCpENlymUZKiJVYgwjjjRiOWXRWlFhw
iJkVHLeuWnfZoFBeSuzDTUQDhdUIxHSSjK
AhmNGcNpGKjfQFCQHdxEvQjRIRszSADWE
OhHmjlLOSCfjxStbpgZRjFsxgYshmwUAO
YiftHWabBrSjDQlzFiXjlcZrcsAiEoPhWI
FRHzzDOukAmrQtKXSZAxhafaOTHrZHzvGyD
kyRDritYhZpFdzRLIDpbVONawqQKQtgfaj
rPNzgcdNxZDJNiFpYOoYzOuzSeYdysYXR
XjZLgbFsBgtvaqzrjbYyRCxEYUsGqLogJd
VWpNyxAoQqQOupEKtxgwdtCErABcpjgskE
yPBGITtJbZHRQexlqAQEAKYUCxchNpSgj
EtLLgSPVcUwSnaCqHjEAFKdrjLdoGJfiQfBV
YTZiRwnvxeImOxNBAfySVgnhnPKAOdBQGKdR
OxyHjywvKIXVZdmBLDljyTOLoFDiriAHixg
hihcJfevHGXHcSqIenCnrSdIWkLlACyHmV
WptPVLcXLizTqbgsfDRRSUZXbwIlvBxoU
LLZxBxknhPDffnVxnYCQSSXgosXsebZDsBuR
xJhldtcCiIaWABBlnIZiBTsSnuvKHqehl
lNIhEgIhNiQwlQtmWgRtNYGTRZyIRuuYZpkB
hrXlsKBbAPyTlkfSbslDarAOoNALqZippy
pnlaKiUkLZFmhsKxiIJRFdkdaduyvHWCcfiG
lfzauKpJZIPnqTDnkTjVuyNYqQZekKtete
wLgYbCrQlEWUtJrrRJCaOffDpTVumwRIxVRZ
pSuzZTDvrzceNfgdyLzFTWcKNCwjNZdufoLK
PEjrmJOHoZusDjWQRGgIhfxVRvvpugGJz
vEEEjgDKTOtHGEIkSEnZsWcilneznPZyhJj
FNVfQQHARjiGZFKxSjCoZuxaJszlXGNQVsZ
OAcGCllqFgdzApiunEKYDTRAkFwstzhWeYV
XGkkvXDdRxJdKXlygItlriPbojuXxBAjy
dskiscAqkNhmQpjAfqLVfLDtZoyGJKYPQi
EuQKNaGVdLRjEjCWGSDKrkbXRBPuAZHXBsc
LyJIIkkNjpzvTQIvrwyaaITgwmIskrIkj
XecVrtQSliApQtYebSLLwasmEYoOuUdWeuP
nsnNCTnKmZymxepZjFbgPHCxbCJTAZpux
zuJNDCgElAYbyDYCDXDRJqIhrWqDLiYPByq
XkZRJpSktjVkoaOVBvEEznQXsCQPayXnqSP
StreamReader
TextReader
ReadLine
Parse
get_Item
get_EndOfStream
ToArray
TKkXxyOENupJWapUfxWUvJNkXIeuBxbkvQrt
UQobAXWGwtBnwnIrbyfFLNNSrWTTIKxwu
YOwBedzlSoxVIuGaiVJzKznffrhComzYN
zRIOgBURXuTPCQBqUPIKihsaFANCvpsGFVg
IQSphtTZTHdeXwFKxqmodlxdtbDLSbGCn
VkhUaQzsxAImWzaKPLBpeBgyntJkAouqhRBP
nsamuCJUSSEtWqeTJDcBeaiyOwmsRUpVcmz
bObeuiUlDQDGAuWpEoNIgrtHtcTeyETOeYRX
lPgJxJxTCdGyebUGcKyzTIVPWRfaXrDtEY
DHCuojPbfTrsnBaGacTWLdJHbEPAEfFPSQK
hGTBJIbweEANUxvXXgYrmNyOYUNZqJznByZN
TbFZcsGdDEehykLxuvkhPClaORqapswQm
uUAAaDbFmcLRdHirLdkieEiCLejxhZYPsle
OdwknQKOuhnmXLkpDNCkRnFJivenTGpkL
ubkqEqLGSjFTqCKozUtDZyiAijikZSUiUHcr
ZiuxCnaDJSCoIRZInSueUleLjJVSUKZdppmY
KrWCWpdCfgXqnROZEicWydttQnuNJONnrfG
cpamvyyYeXVdroqOeDBQYNvxerdyRhvCaF
fPlUBcNUwpRdeHHqCAyDpvDHvzLqeDnqe
rESOYEikTHEuPjAPZtvWbASqtUycWLWDzaK
EjAUlcBkjspkCPfKGVBRlHSRNbSGSgGDmb
izobtymlcFXgpSgqSHxYnDRiUXPoYwvvKbW
LPkKKtqzVOAfqmAWBkLNxGwHocjSzkbvSpcj
zVWWnlUbCUPOXmbtBbirIWOvFgNYafWHt
NBHgoyYhZElZZkTAdWQPnAOnAFFxWYUDX
UZKjWYCygartKZtuuHRqIgfhjRzksFgCYB
BdrXIPzkafKKrdSCCybdYoSFojxBzlxosqDf
TeAFmQQUNkknVtFRisjHmhSkgxVJLPYrmnk
YEWbGlFlqyAXcATyZvFPgofHPorwJOvJtWv
urXDlgsqtCYEYZNHmFLcvgADUgSWjOLJZfb
wuPFGPSWnraVNaIdpCrGfwdqRBHjqzyFKFv
YuJBTZijmiXzfyRyqwCUNZOpHZcQtVvts
rpCIiRUuCldWcPNItaDHrsGENJVUPGjryh
FmdciSqRZxpBwnopjHzivJxlIjYqcuwpcyCn
cOrwHmkxlqGnbQbQPVLCyLDJyqiFlqECE
ODISlkCmqNIQiWXIQnbdNzWCdCHlRwkbLX
GDHFkYCvyZyjVbdyJWtORhaAmcWRXBUpU
dSiKSiKjWfIJXBkunaHzaknWtfXrkQidXPAA
tdtzslwwEZTvabvDHHvXfTDbdGNwuxXsfYws
yviKhbNaObKLrzcyfHbnmUivzqXoBloTvsI
zIRTHYWFFCyVSBHBbiEAngPngWJdjgfvJS
wvOaILVKzQfrppoxAvLQpyByjfGhbnIIyqCl
hfmOFUXoaskUrCRHEjWCnEZztUzZLTBpd
GtvVaSEaGXyXisWZJyFbqLSzyTudqhTfozg
JiLlRNSOIGbCxKNwmpAdXleKTYhpmhJDDVPD
BSpbfptTUIAxqfyrvilbtwFBPWpkVApvidrD
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
NfBSgbaCZXpsaFhYTsOCBsFSqSICngdDpkr
poUpYHJtFkViocEKXRiFFndAEHgvYIcwKP
nhyLLWwUUnKOBjFQphdNgxxWexsRDOLnugNa
nSlrXFDSzOVlPHNjKsIlOWjXOhkZCfdXHjyt
GGbpgyaesmbtIAQiIhECcbxTcLHucwElA
XWeFbrEkfPoKfdsDydmFoOkxKDxhrYpVtl
SpblpsqTiDsDoUTzjFrTWspUCAOdgUQsFZ
megSefDRQTptTDAPhxLnHmNHvnEDjQsNNfi
EyTSGKBATbJyXWRkykgrNebgEPNfqlpyjYi
TPOrUKGzlYzUsSpuIPpimUhoyKAAdgAFhzN
UvfUspOyOprFQHsWxibIVxQBGiturXTkJSWP
zrBVJQUBwrpZqDhUJSwsXgKryWwFTAVGfW
ikomHcFECABaujTVQtPjFtaZKhnLljyxY
bTBbjXYblkuyZcAoUaLtVFrigIQCXpYTETI
SUmpotKcSrFBLFPSydhIPQJpOxOEoSWWhFBW
iqPNykkrmOUoabQkfVVaGhQFcgdqWsIyGiR
tEhWlpDPNDmlAapgkHFSKmCRJtjWfqWlrL
vGVxTqeTQwXCWGkVjgwxSRUSAfLavBsigJF
zkCsDPdBZIZWQphPdjIiKoaPkiJoEHFUAwB
TzrgAmTStHAkwufBHYOXsudZTKrctZdJn
sAjoeVIdcuLYHHegJVqeySnupOKcpUpRZ
KHcCGFOwOHNlfGeqifCsGlnsaNzysrFVhSV
NUkwpkqvCnDCLGxezdktnjpSHzRGTwerQJez
get_Count
GsDZFCESvemhHwxPBInOvTaGFsKXcPceDwdi
iwNfcEmkyswNZDtTzCvyWldBNOaqkGVBFV
vgLxSXGewLzzveKjDQwfUOEWfWFlKOIOP
IZUOILJEWcsmtsDVaTCIibDAkuauvalaP
OFosUtIaAtfkwpjwcUtAwWauXkQOPukeqHxb
PSlkrdHSUDPeEZRQdBAOuSQwRWnYykAkIrIZ
bZCvdexBkKCLVQejZFKVskFQDpYgekxms
PrkefvtkWOATYOThzbZaAIuuxOecyCNbvUfv
PgYjFYPIrXiQwBIZQgQwVaUTzIsTPdoBxoYt
Match
Capture
get_Value
UHUKjheGiTubFBBQQjIbZpSvswfAzvgmke
NYyHOsOCalCaEekNYzyuTvtaUhejxPjYuA
JCoSLJtHsEQkxQUUroEYiekbcZpBxnOaPEp
SegUGVTkQfhByVGItoqbBNpCTRYTUYuGZv
IoTmhhpjompaQInZAGSrQSKleakNPZiQtO
gYeTLPgIJPSzrVuSXkeHXXhsvtVpYflIy
__StaticArrayInitTypeSize=120
__StaticArrayInitTypeSize=320
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyCompanyAttribute
DebuggableAttribute
DebuggingModes
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyTitleAttribute
AssemblyProductAttribute
ComVisibleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
GuidAttribute
AssemblyCopyrightAttribute
16.0.0.0
UnityGameEngine
1.6.4.5
$77E00834-CAE3-4DB0-86EF-6BBB99A1CB90
2018 - 219
_CorExeMain
mscoree.dll
</assembly>
Cassa2X
AndroidStudios.Properties.Resources
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
AndroidStudios
FileVersion
5.1.5.6
InternalName
AndroidStudios.dll
LegalCopyright
2009 - 2019
LegalTrademarks
OriginalFilename
AndroidStudios.dll
ProductName
AndroidStudios
ProductVersion
5.1.5.6
Assembly Version
5.1.5.6
O06veYamNfLi51BweDZra84auAjtvYiOphkrZ2ffjb3xhK1lPVz2j3cO5CjWhyrzya7HPZjomUVVyP4bK7TOsglg2Li7DC6azPhtZdKNUaRZiOEv01ZkATi00LC0DlYFODEYxMDThHewXOizhZuZwHONWbfwmMsfFMaTu6wwggw
$#-,.,
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
UnityGameEngine
FileVersion
1.6.4.5
InternalName
UnityGameEngine.exe
LegalCopyright
2018 - 219
LegalTrademarks
OriginalFilename
UnityGameEngine.exe
ProductName
UnityGameEngine
ProductVersion
1.6.4.5
Assembly Version
1.6.4.5
This file is not on VirusTotal.

Process Tree


FprWtn.exe, PID: 1856, Parent PID: 2480
Full Path: C:\Users\user\AppData\Local\Temp\FprWtn.exe
Command Line: "C:\Users\user\AppData\Local\Temp\FprWtn.exe"
dw20.exe, PID: 972, Parent PID: 1856
Full Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
Command Line: dw20.exe -x -s 512

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name Report.wer
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_fprwtn.exe_f0bc9a404717a4929b9c77954b64f75ecc556_03289500\Report.wer
File Size 0 bytes
File Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
Ssdeep 3::
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name Report.wer
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_fprwtn.exe_f0bc9a404717a4929b9c77954b64f75ecc556_03289500\Report.wer
File Size 7194 bytes
File Type data
MD5 69ad04ee99f33696425cdfba159afad6
SHA1 a2ef5010cfde8ec3c43f00027dd97a1b3ad96e1e
SHA256 d237e7f9dd9d5d10883ec327009797c166a6eec644f528385e376edee3110621
CRC32 8D1E888C
Ssdeep 96:3spf7MlWKxHiv5QXIzZzlmBPUPZ0edEGAnkjYPKMNN6uyWnH3VcKF9xkjlM8qOlV:blKz4ishj98d/vAp1mz
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Sorry! No CAPE files.
Process Name dw20.exe
PID 972
Dump Size 28672 bytes
Module Path C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
Type PE imageexecutable
MD5 42a9deb08bc71f87091630a01790559e
SHA1 b9ee4005ab495cb5809895ed8129406abf073019
SHA256 cb8975ee975b3065cf565215e0ca949a8a71bf89efcfb1a097ed37936b7f4f23
CRC32 F39122AF
Ssdeep 768:0Fm3EGjuzCMFspRmiuadnC8RGy8NoJIqkKaIgT:lfpRLuadCV41aIY
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename cb8975ee975b3065cf565215e0ca949a8a71bf89efcfb1a097ed37936b7f4f23
Download
Process Name FprWtn.exe
PID 1856
Dump Size 562176 bytes
Module Path C:\Users\user\AppData\Local\Temp\FprWtn.exe
Type PE imageexecutable
MD5 1c94b4bf38aeb9c1143ccf150de18b91
SHA1 8df0a7690e18bdfeb85d5017b7951b857134626a
SHA256 55d94961085ba98766abfb33482eaf3a0b1354e57ec5310c999ed2322fa5c2c3
CRC32 EFAF9427
Ssdeep 12288:InyGV5XLz5Kg4a5R1AUzpqEY4aabDaf7ZSYxMkdiIKJ:In9Lz5KFaD1jqEY4aa3afbSkdHKJ
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 55d94961085ba98766abfb33482eaf3a0b1354e57ec5310c999ed2322fa5c2c3
Download

Comments



No comments posted

Processing ( 2.879 seconds )

  • 1.028 Static
  • 0.559 CAPE
  • 0.394 BehaviorAnalysis
  • 0.296 ProcDump
  • 0.248 TargetInfo
  • 0.121 Deduplicate
  • 0.109 TrID
  • 0.063 static_dotnet
  • 0.034 Strings
  • 0.015 Dropped
  • 0.006 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.246 seconds )

  • 0.028 antiav_detectreg
  • 0.021 antidbg_windows
  • 0.012 infostealer_ftp
  • 0.011 api_spamming
  • 0.011 decoy_document
  • 0.008 Doppelganging
  • 0.007 injection_createremotethread
  • 0.007 InjectionCreateRemoteThread
  • 0.007 stealth_timeout
  • 0.007 antiav_detectfile
  • 0.007 infostealer_im
  • 0.007 ransomware_files
  • 0.006 InjectionProcessHollowing
  • 0.006 injection_runpe
  • 0.006 antianalysis_detectreg
  • 0.005 lsass_credential_dumping
  • 0.005 InjectionInterProcess
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_mail
  • 0.003 antivm_generic_scsi
  • 0.003 dynamic_function_loading
  • 0.003 persistence_autorun
  • 0.003 antivm_vbox_files
  • 0.003 antivm_vbox_keys
  • 0.003 ransomware_extensions
  • 0.002 malicious_dynamic_function_loading
  • 0.002 bootkit
  • 0.002 antidebug_guardpages
  • 0.002 antiemu_wine_func
  • 0.002 injection_explorer
  • 0.002 betabot_behavior
  • 0.002 mimics_filetime
  • 0.002 reads_self
  • 0.002 antivm_generic_disk
  • 0.002 infostealer_browser_password
  • 0.002 virus
  • 0.002 kovter_behavior
  • 0.002 antianalysis_detectfile
  • 0.002 antivm_vmware_keys
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.001 tinba_behavior
  • 0.001 hawkeye_behavior
  • 0.001 antivm_vbox_libs
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 exploit_heapspray
  • 0.001 stack_pivot
  • 0.001 exploit_getbasekerneladdress
  • 0.001 stealth_file
  • 0.001 recon_programs
  • 0.001 antivm_generic_services
  • 0.001 antivm_vbox_window
  • 0.001 exploit_gethaldispatchtable
  • 0.001 kibex_behavior
  • 0.001 cerber_behavior
  • 0.001 hancitor_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_vpc_keys
  • 0.001 antivm_xen_keys
  • 0.001 darkcomet_regkeys
  • 0.001 disables_browser_warn
  • 0.001 recon_fingerprint

Reporting ( 0.022 seconds )

  • 0.018 SubmitCAPE
  • 0.004 CompressResults
Task ID 90406
Mongo ID 5d78e389eac9b18670630c0e
Cuckoo release 1.3-CAPE
Delete