Detection(s):
NanoCoreAnalysis Details
| Category | Package | Started | Completed | Duration | Logs | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| FILE | exe | 2026-04-16 23:04:16 | 2026-04-16 23:09:13 | 297s |
|
|||||
| Reports | JSON | |||||||||
Analysis Log
2026-03-05 20:34:40,460 [root] INFO: Date set to: 20260416T23:04:38, timeout set to: 200 2026-04-16 23:04:38,227 [root] DEBUG: Starting analyzer from: C:\tvrblpce 2026-04-16 23:04:38,243 [root] DEBUG: Storing results at: C:\ZPIRIzm 2026-04-16 23:04:38,243 [root] DEBUG: Pipe server name: \\.\PIPE\bxTsxoc 2026-04-16 23:04:38,243 [root] DEBUG: Python path: C:\Python310 2026-04-16 23:04:38,243 [root] INFO: analysis running as an admin 2026-04-16 23:04:38,243 [root] INFO: analysis package specified: "exe" 2026-04-16 23:04:38,243 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2026-04-16 23:04:38,258 [root] DEBUG: imported analysis package "exe" 2026-04-16 23:04:38,258 [root] DEBUG: initializing analysis package "exe"... 2026-04-16 23:04:38,258 [lib.common.common] INFO: wrapping 2026-04-16 23:04:38,258 [lib.core.compound] INFO: C:\Users\cape\AppData\Local\Temp already exists, skipping creation 2026-04-16 23:04:38,258 [root] DEBUG: New location of moved file: C:\Users\cape\AppData\Local\Temp\client.bin 2026-04-16 23:04:38,258 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2026-04-16 23:04:38,258 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2026-04-16 23:04:38,258 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2026-04-16 23:04:38,258 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2026-04-16 23:04:38,524 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2026-04-16 23:04:39,024 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2026-04-16 23:04:39,055 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2026-04-16 23:04:39,086 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2026-04-16 23:04:39,633 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2026-04-16 23:04:39,883 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab' 2026-04-16 23:04:39,961 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw' 2026-04-16 23:05:22,211 [lib.api.screenshot] INFO: Please upgrade Pillow to >= 5.4.1 for best performance 2026-04-16 23:05:22,227 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2026-04-16 23:05:22,227 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2026-04-16 23:05:22,227 [root] DEBUG: Initialized auxiliary module "Browser" 2026-04-16 23:05:22,227 [root] DEBUG: attempting to configure 'Browser' from data 2026-04-16 23:05:22,227 [root] DEBUG: module Browser does not support data configuration, ignoring 2026-04-16 23:05:22,227 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2026-04-16 23:05:22,227 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2026-04-16 23:05:22,243 [root] DEBUG: Initialized auxiliary module "DigiSig" 2026-04-16 23:05:22,243 [root] DEBUG: attempting to configure 'DigiSig' from data 2026-04-16 23:05:22,243 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2026-04-16 23:05:22,243 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2026-04-16 23:05:22,243 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2026-04-16 23:05:23,336 [modules.auxiliary.digisig] DEBUG: File is not signed 2026-04-16 23:05:23,352 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2026-04-16 23:05:23,352 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2026-04-16 23:05:23,352 [root] DEBUG: Initialized auxiliary module "Disguise" 2026-04-16 23:05:23,352 [root] DEBUG: attempting to configure 'Disguise' from data 2026-04-16 23:05:23,352 [root] DEBUG: module Disguise does not support data configuration, ignoring 2026-04-16 23:05:23,352 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2026-04-16 23:05:23,446 [modules.auxiliary.disguise] INFO: Disguising GUID to 57c9f549-7b50-4c23-b307-58bab726d1b6 2026-04-16 23:05:23,446 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2026-04-16 23:05:23,446 [root] DEBUG: Initialized auxiliary module "Human" 2026-04-16 23:05:23,446 [root] DEBUG: attempting to configure 'Human' from data 2026-04-16 23:05:23,446 [root] DEBUG: module Human does not support data configuration, ignoring 2026-04-16 23:05:23,446 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2026-04-16 23:05:23,461 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2026-04-16 23:05:23,461 [root] DEBUG: Initialized auxiliary module "Screenshots" 2026-04-16 23:05:23,461 [root] DEBUG: attempting to configure 'Screenshots' from data 2026-04-16 23:05:23,461 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2026-04-16 23:05:23,461 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2026-04-16 23:05:23,477 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2026-04-16 23:05:23,477 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2026-04-16 23:05:23,477 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2026-04-16 23:05:23,477 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2026-04-16 23:05:23,493 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2026-04-16 23:05:23,493 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 644 2026-04-16 23:05:23,743 [lib.api.process] INFO: Monitor config for <Process 644 lsass.exe>: C:\tvrblpce\dll\644.ini 2026-04-16 23:05:23,993 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2026-04-16 23:05:24,040 [lib.api.process] INFO: 64-bit DLL to inject is C:\tvrblpce\dll\JGibZgc.dll, loader C:\tvrblpce\bin\xdAAYFAf.exe 2026-04-16 23:05:24,305 [root] DEBUG: Loader: Injecting process 644 with C:\tvrblpce\dll\JGibZgc.dll. 2026-04-16 23:05:25,118 [root] DEBUG: 644: Python path set to 'C:\Python310'. 2026-04-16 23:05:25,164 [root] DEBUG: 644: Disabling sleep skipping. 2026-04-16 23:05:25,164 [root] DEBUG: 644: TLS secret dump mode enabled. 2026-04-16 23:05:25,508 [root] DEBUG: 644: RtlInsertInvertedFunctionTable 0x00007FFEFE86090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEFE9BD500 2026-04-16 23:05:25,508 [root] DEBUG: 644: Monitor initialised: 64-bit capemon loaded in process 644 at 0x00007FFEABE30000, thread 6004, image base 0x00007FF7C23E0000, stack from 0x0000008E4CB71000-0x0000008E4CB80000 2026-04-16 23:05:25,508 [root] DEBUG: 644: Commandline: C:\Windows\system32\lsass.exe 2026-04-16 23:05:25,539 [root] DEBUG: 644: Hooked 5 out of 5 functions 2026-04-16 23:05:25,555 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2026-04-16 23:05:25,555 [root] DEBUG: Successfully injected DLL C:\tvrblpce\dll\JGibZgc.dll. 2026-04-16 23:05:25,555 [lib.api.process] INFO: Injected into 64-bit <Process 644 lsass.exe> 2026-04-16 23:05:25,555 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump 2026-04-16 23:05:26,571 [root] DEBUG: 644: TLS 1.2 secrets logged to: C:\ZPIRIzm\tlsdump\tlsdump.log 2026-04-16 23:05:36,899 [root] INFO: Restarting WMI Service 2026-04-16 23:05:36,961 [root] DEBUG: package modules.packages.exe does not support configure, ignoring 2026-04-16 23:05:36,961 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages' 2026-04-16 23:05:36,961 [lib.common.common] INFO: Submitted file is missing extension, adding .exe 2026-04-16 23:05:36,977 [lib.core.compound] INFO: C:\Users\cape\AppData\Local\Temp already exists, skipping creation 2026-04-16 23:05:37,102 [lib.api.process] INFO: Successfully executed process from path "C:\Users\cape\AppData\Local\Temp\client.bin.exe" with arguments "" with pid 4156 2026-04-16 23:05:37,118 [lib.api.process] INFO: Monitor config for <Process 4156 client.bin.exe>: C:\tvrblpce\dll\4156.ini 2026-04-16 23:05:37,118 [lib.api.process] INFO: 64-bit DLL to inject is C:\tvrblpce\dll\JGibZgc.dll, loader C:\tvrblpce\bin\xdAAYFAf.exe 2026-04-16 23:05:37,133 [root] DEBUG: Loader: Injecting process 4156 (thread 812) with C:\tvrblpce\dll\JGibZgc.dll. 2026-04-16 23:05:37,149 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC. 2026-04-16 23:05:37,149 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued. 2026-04-16 23:05:37,149 [root] DEBUG: Successfully injected DLL C:\tvrblpce\dll\JGibZgc.dll. 2026-04-16 23:05:37,149 [lib.api.process] INFO: Injected into 64-bit <Process 4156 client.bin.exe> 2026-04-16 23:05:39,180 [lib.api.process] INFO: Successfully resumed <Process 4156 client.bin.exe> 2026-04-16 23:05:39,289 [root] DEBUG: 4156: Python path set to 'C:\Python310'. 2026-04-16 23:05:39,368 [root] DEBUG: 4156: Disabling sleep skipping. 2026-04-16 23:05:39,368 [root] DEBUG: 4156: Dropped file limit defaulting to 100. 2026-04-16 23:05:39,414 [root] DEBUG: 4156: YaraInit: Compiled 44 rule files 2026-04-16 23:05:39,414 [root] DEBUG: 4156: YaraInit: Compiled rules saved to file C:\tvrblpce\data\yara\capemon.yac 2026-04-16 23:05:39,461 [root] DEBUG: 4156: RtlInsertInvertedFunctionTable 0x00007FFEFE86090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEFE9BD500 2026-04-16 23:05:39,461 [root] DEBUG: 4156: YaraScan: Scanning 0x0000000000680000, size 0x200 2026-04-16 23:05:39,461 [root] DEBUG: 4156: Monitor initialised: 64-bit capemon loaded in process 4156 at 0x00007FFEABE30000, thread 812, image base 0x0000000000680000, stack from 0x00000000007E1000-0x00000000007F0000 2026-04-16 23:05:39,461 [root] DEBUG: 4156: Commandline: "C:\Users\cape\AppData\Local\Temp\client.bin.exe" 2026-04-16 23:05:39,493 [root] DEBUG: 4156: hook_api: LdrpCallInitRoutine export address 0x00007FFEFE8699BC obtained via GetFunctionAddress 2026-04-16 23:05:39,571 [root] WARNING: b'Unable to place hook on LockResource' 2026-04-16 23:05:39,571 [root] DEBUG: 4156: set_hooks: Unable to hook LockResource 2026-04-16 23:05:39,727 [root] DEBUG: 4156: Hooked 627 out of 628 functions 2026-04-16 23:05:39,836 [root] DEBUG: 4156: Syscall hook installed, syscall logging level 1 2026-04-16 23:05:39,868 [root] INFO: Loaded monitor into process with pid 4156 2026-04-16 23:05:40,055 [root] DEBUG: 4156: DLL loaded at 0x00007FFEEF080000: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei (0xaa000 bytes). 2026-04-16 23:05:40,368 [root] DEBUG: 4156: set_hooks_by_export_directory: Hooked 0 out of 628 functions 2026-04-16 23:05:40,383 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF9E80000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes). 2026-04-16 23:05:40,383 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF5730000: C:\Windows\SYSTEM32\VERSION (0xa000 bytes). 2026-04-16 23:05:40,743 [root] DEBUG: 4156: DLL loaded at 0x00000000575F0000: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80 (0xc9000 bytes). 2026-04-16 23:05:40,774 [root] DEBUG: 4156: set_hooks_by_export_directory: Hooked 0 out of 628 functions 2026-04-16 23:05:40,774 [root] DEBUG: 4156: DLL loaded at 0x00007FFEAA720000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks (0xa37000 bytes). 2026-04-16 23:05:53,164 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFDBE0000: C:\Windows\System32\shell32 (0x743000 bytes). 2026-04-16 23:05:53,305 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFB900000: C:\Windows\SYSTEM32\Wldp (0x30000 bytes). 2026-04-16 23:05:53,321 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFA080000: C:\Windows\SYSTEM32\windows.storage (0x795000 bytes). 2026-04-16 23:05:53,414 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFE330000: C:\Windows\System32\SHCORE (0xad000 bytes). 2026-04-16 23:05:53,446 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFBEB0000: C:\Windows\SYSTEM32\profapi (0x1f000 bytes). 2026-04-16 23:05:53,727 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA9620000: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\c38e722cd7d5b0e89326ee4dd7eccc9f\mscorlib.ni (0xee4000 bytes). 2026-04-16 23:05:53,914 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B052000, size: 0x1000. 2026-04-16 23:05:53,930 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FFE4B050000 2026-04-16 23:05:53,930 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:05:54,024 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFC380000: C:\Windows\System32\bcryptPrimitives (0x82000 bytes). 2026-04-16 23:05:54,039 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF9980000: C:\Windows\system32\uxtheme (0x9e000 bytes). 2026-04-16 23:05:54,071 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FF40DEF0000, size: 0x90000. 2026-04-16 23:05:54,086 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FF40DEF0000 2026-04-16 23:05:54,086 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:05:54,086 [root] DEBUG: 4156: AllocationHandler: Processing previous tracked region at: 0x00007FFE4B050000. 2026-04-16 23:05:54,086 [root] DEBUG: 4156: ReverseScanForNonZero: Error - Supplied size zero. 2026-04-16 23:05:54,102 [root] DEBUG: 4156: GetPageAddress: Error - Supplied address zero. 2026-04-16 23:05:54,118 [root] DEBUG: 4156: AllocationHandler: Memory region (size 0x90000) reserved but not committed at 0x00007FF40DEF0000. 2026-04-16 23:05:54,118 [root] DEBUG: 4156: AllocationHandler: Previously reserved region at 0x00007FF40DEF0000, committing at: 0x00007FF40DEF0000. 2026-04-16 23:05:54,133 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FF40DEF0000. 2026-04-16 23:05:54,133 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FF40DEE0000, size: 0x10000. 2026-04-16 23:05:54,149 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FF40DEE0000 2026-04-16 23:05:54,164 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:05:54,164 [root] DEBUG: 4156: AllocationHandler: Processing previous tracked region at: 0x00007FF40DEF0000. 2026-04-16 23:05:54,164 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x00007FF40DEF0000 - 0x00007FF40DEF0046. 2026-04-16 23:05:54,180 [root] DEBUG: 4156: ScanForDisguisedPE: Size too small: 0x46 bytes 2026-04-16 23:05:54,196 [lib.common.results] INFO: Uploading file C:\ZPIRIzm\CAPE\4156_16075805452016442026 to CAPE\3b58e32c41dcc6be123c5c0b7921a0aceae65c94c5654d25d3e15268dbd480e9; Size is 70; Max size: 100000000 2026-04-16 23:05:54,211 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\ZPIRIzm\CAPE\4156_16075805452016442026 (size 70 bytes) 2026-04-16 23:05:54,227 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x00007FF40DEF0000, size 4096 bytes. 2026-04-16 23:05:54,227 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x00007FF40DEF0000. 2026-04-16 23:05:54,227 [root] DEBUG: 4156: YaraScan: Scanning 0x00007FF40DEF0000, size 0x46 2026-04-16 23:05:54,246 [root] DEBUG: 4156: AllocationHandler: Memory region (size 0x10000) reserved but not committed at 0x00007FF40DEE0000. 2026-04-16 23:05:54,246 [root] DEBUG: 4156: AllocationHandler: Previously reserved region at 0x00007FF40DEE0000, committing at: 0x00007FF40DEE0000. 2026-04-16 23:05:54,246 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B10A000, size: 0x1000. 2026-04-16 23:05:54,289 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B042000, size: 0x1000. 2026-04-16 23:05:54,289 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FFE4B040000 2026-04-16 23:05:54,305 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:05:54,399 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:05:54,414 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B11A000, size: 0x1000. 2026-04-16 23:05:54,430 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FFE4B110000 2026-04-16 23:05:54,430 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:05:54,524 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B110000. 2026-04-16 23:05:54,539 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B110000. 2026-04-16 23:05:54,696 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA8BE0000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System\496a45a0614b37e8f0260d3f2adabc52\System.ni (0xa36000 bytes). 2026-04-16 23:05:54,758 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA89A0000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\7198851ede46ae043629a61091422f64\System.Drawing.ni (0x239000 bytes). 2026-04-16 23:05:54,821 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA7900000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\f56a08a5bdfd91d7316e7e3a8e625637\System.Windows.Forms.ni (0x1099000 bytes). 2026-04-16 23:05:54,914 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:05:54,946 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:05:55,211 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:05:55,227 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:05:55,508 [root] DEBUG: 4156: DLL loaded at 0x00007FFEAC470000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit (0x183000 bytes). 2026-04-16 23:05:55,899 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B190000, size: 0x1000. 2026-04-16 23:05:55,977 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:05:56,149 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x00007FFE4B190000 - 0x00007FFE4B19014D. 2026-04-16 23:05:56,180 [root] DEBUG: 4156: ScanForDisguisedPE: Size too small: 0x14d bytes 2026-04-16 23:05:56,180 [lib.common.results] INFO: Uploading file C:\ZPIRIzm\CAPE\4156_31253405652016442026 to CAPE\99b3e78e7a66a3d3a215c643e1ea1be08b03a9ffeaa6492d882c6521e7882a5f; Size is 333; Max size: 100000000 2026-04-16 23:05:56,196 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\ZPIRIzm\CAPE\4156_31253405652016442026 (size 333 bytes) 2026-04-16 23:05:56,211 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x00007FFE4B190000, size 4096 bytes. 2026-04-16 23:05:56,211 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x00007FFE4B190000. 2026-04-16 23:05:56,211 [root] DEBUG: 4156: YaraScan: Scanning 0x00007FFE4B190000, size 0x14d 2026-04-16 23:05:57,118 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:05:57,446 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:05:59,524 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B1F0000, size: 0x1000. 2026-04-16 23:05:59,524 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:05:59,587 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B100000. 2026-04-16 23:05:59,618 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B040000. 2026-04-16 23:05:59,758 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:05:59,899 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B06F000, size: 0x1000. 2026-04-16 23:05:59,899 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00007FFE4B060000 2026-04-16 23:05:59,899 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:06:00,008 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B060000. 2026-04-16 23:06:00,024 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B060000. 2026-04-16 23:06:00,227 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:06:00,321 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B200000, size: 0x1000. 2026-04-16 23:06:00,321 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:06:00,383 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000. 2026-04-16 23:06:00,508 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B040000. 2026-04-16 23:06:00,524 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000. 2026-04-16 23:06:00,743 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000. 2026-04-16 23:06:00,852 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFE6C0000: C:\Windows\System32\MSCTF (0x115000 bytes). 2026-04-16 23:06:01,008 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x0000000002852000, size: 0x2000. 2026-04-16 23:06:01,024 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00000000040C0000, size: 0xd000. 2026-04-16 23:06:01,024 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x00000000040C0000 2026-04-16 23:06:01,024 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:06:01,024 [root] DEBUG: 4156: AllocationHandler: Processing previous tracked region at: 0x0000000002850000. 2026-04-16 23:06:01,024 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x0000000002850000 - 0x0000000002853FFA. 2026-04-16 23:06:01,040 [root] DEBUG: 4156: ScanForDisguisedPE: No PE image located in range 0x0000000002850000-0x0000000002853FFA. 2026-04-16 23:06:01,196 [lib.common.results] INFO: Uploading file C:\ZPIRIzm\CAPE\4156_134640162016442026 to CAPE\5b41846fe61a7f7bcacf175fb8841f9f6aa7dc514706d30f45f5bce2578f7ed7; Size is 16378; Max size: 100000000 2026-04-16 23:06:01,212 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\ZPIRIzm\CAPE\4156_134640162016442026 (size 16378 bytes) 2026-04-16 23:06:01,212 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x0000000002850000, size 16384 bytes. 2026-04-16 23:06:01,212 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x0000000002850000. 2026-04-16 23:06:01,212 [root] DEBUG: 4156: YaraScan: Scanning 0x0000000002850000, size 0x3ffa 2026-04-16 23:06:01,227 [root] DEBUG: 4156: AllocationHandler: Memory region (size 0xd000) reserved but not committed at 0x00000000040C0000. 2026-04-16 23:06:01,227 [root] DEBUG: 4156: AllocationHandler: Previously reserved region at 0x00000000040C0000, committing at: 0x00000000040C0000. 2026-04-16 23:06:01,243 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000. 2026-04-16 23:06:01,586 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B210000, size: 0x1000. 2026-04-16 23:06:01,586 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:06:01,586 [root] DEBUG: 4156: DLL loaded at 0x00007FFED40D0000: C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_919e9136cc8d4791\gdiplus (0x1a5000 bytes). 2026-04-16 23:06:01,649 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000. 2026-04-16 23:06:01,696 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000. 2026-04-16 23:06:01,759 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000. 2026-04-16 23:06:01,805 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:01,805 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:06:01,821 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:02,118 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:02,384 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:02,493 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:02,930 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000. 2026-04-16 23:06:03,212 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000. 2026-04-16 23:06:03,352 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000. 2026-04-16 23:06:03,415 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000. 2026-04-16 23:06:03,431 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000. 2026-04-16 23:06:03,431 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x0000000002850000. 2026-04-16 23:06:03,525 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:04,071 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x000000001E140000, size: 0x100000. 2026-04-16 23:06:04,087 [root] DEBUG: 4156: GetEntropy: Error - Supplied address inaccessible: 0x000000001E140000 2026-04-16 23:06:04,087 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:06:04,087 [root] DEBUG: 4156: AllocationHandler: Processing previous tracked region at: 0x00007FFE4B210000. 2026-04-16 23:06:04,102 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x00007FFE4B210000 - 0x00007FFE4B210208. 2026-04-16 23:06:04,102 [root] DEBUG: 4156: ScanForDisguisedPE: Size too small: 0x208 bytes 2026-04-16 23:06:04,181 [lib.common.results] INFO: Uploading file C:\ZPIRIzm\CAPE\4156_1028262462016442026 to CAPE\65aa04b90a5b71c3806a1f1b566f76a55789463379c782d4f2ae49bb19d1ec9d; Size is 520; Max size: 100000000 2026-04-16 23:06:04,196 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\ZPIRIzm\CAPE\4156_1028262462016442026 (size 520 bytes) 2026-04-16 23:06:04,196 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x00007FFE4B210000, size 4096 bytes. 2026-04-16 23:06:04,196 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x00007FFE4B210000. 2026-04-16 23:06:04,212 [root] DEBUG: 4156: YaraScan: Scanning 0x00007FFE4B210000, size 0x208 2026-04-16 23:06:04,212 [root] DEBUG: 4156: AllocationHandler: Memory region (size 0x100000) reserved but not committed at 0x000000001E140000. 2026-04-16 23:06:04,212 [root] DEBUG: 4156: AllocationHandler: Previously reserved region at 0x000000001E140000, committing at: 0x000000001E140000. 2026-04-16 23:06:04,305 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:06:04,305 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:04,743 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:04,774 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:05,040 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF08F0000: C:\Windows\SYSTEM32\shfolder (0x7000 bytes). 2026-04-16 23:06:05,055 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:05,180 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B210000. 2026-04-16 23:06:05,196 [root] INFO: Added new file to list with pid 4156 and path C:\Users\cape\AppData\Roaming\57C9F549-7B50-4C23-B307-58BAB726D1B6\run.dat 2026-04-16 23:06:05,305 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B100000. 2026-04-16 23:06:05,321 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B100000. 2026-04-16 23:06:05,665 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:09,368 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:09,664 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:09,664 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:10,368 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:15,696 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFB660000: C:\Windows\system32\mswsock (0x6a000 bytes). 2026-04-16 23:06:21,946 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:24,290 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:24,712 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B050000. 2026-04-16 23:06:24,712 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:25,415 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:25,774 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:25,790 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B230000, size: 0x1000. 2026-04-16 23:06:25,790 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:06:26,055 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:26,071 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:26,321 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:26,336 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B230000. 2026-04-16 23:06:26,336 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:27,258 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:27,290 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B1F0000. 2026-04-16 23:06:28,040 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:28,055 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B040000. 2026-04-16 23:06:28,055 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:28,227 [root] DEBUG: 4156: AllocationHandler: Adding allocation to tracked region list: 0x00007FFE4B250000, size: 0x1000. 2026-04-16 23:06:28,227 [root] DEBUG: 4156: AddTrackedRegion: GetEntropy failed. 2026-04-16 23:06:29,712 [root] DEBUG: 4156: DLL loaded at 0x00007FFEA5E60000: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\8c5176ba512e864f7a4dec3b9e052e62\System.Xml.ni (0x6ab000 bytes). 2026-04-16 23:06:33,042 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000. 2026-04-16 23:06:33,933 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:33,948 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:34,721 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B230000. 2026-04-16 23:06:38,760 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFB850000: C:\Windows\SYSTEM32\CRYPTSP (0x18000 bytes). 2026-04-16 23:06:38,760 [root] DEBUG: 4156: DLL loaded at 0x00007FFEFAFE0000: C:\Windows\system32\rsaenh (0x34000 bytes). 2026-04-16 23:06:40,020 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:40,183 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:40,756 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:40,756 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000. 2026-04-16 23:06:40,772 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:40,809 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:40,910 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:41,089 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:41,547 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:41,984 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000. 2026-04-16 23:06:42,000 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B230000. 2026-04-16 23:06:42,782 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000. 2026-04-16 23:06:42,782 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:43,047 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000. 2026-04-16 23:06:43,078 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:43,156 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000. 2026-04-16 23:06:43,172 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:43,172 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B060000. 2026-04-16 23:06:43,359 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:44,188 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:45,578 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B230000. 2026-04-16 23:06:45,594 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000. 2026-04-16 23:06:45,766 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:46,234 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B200000. 2026-04-16 23:06:47,797 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:06:49,844 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B250000. 2026-04-16 23:06:50,125 [root] DEBUG: 4156: DLL loaded at 0x00007FFEF04D0000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\culture (0xa000 bytes). 2026-04-16 23:06:50,453 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B100000. 2026-04-16 23:06:50,594 [root] DEBUG: 4156: DLL loaded at 0x00007FFED5620000: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader (0xc6000 bytes). 2026-04-16 23:06:50,875 [root] DEBUG: 4156: AllocationHandler: Allocation already in tracked region list: 0x00007FFE4B190000. 2026-04-16 23:08:59,688 [root] INFO: Analysis timeout hit, terminating analysis 2026-04-16 23:08:59,688 [lib.api.process] INFO: Terminate event set for <Process 4156 client.bin.exe> 2026-04-16 23:08:59,688 [root] DEBUG: 4156: Terminate Event: Attempting to dump process 4156 2026-04-16 23:08:59,688 [root] DEBUG: 4156: VerifyCodeSection: SizeOfRawData zero. 2026-04-16 23:08:59,703 [root] DEBUG: 4156: DoProcessDump: Code modification detected, dumping Imagebase at 0x0000000000680000. 2026-04-16 23:08:59,703 [root] DEBUG: 4156: DumpImageInCurrentProcess: Attempting to dump virtual PE image. 2026-04-16 23:08:59,703 [root] DEBUG: 4156: DumpProcess: Instantiating PeParser with address: 0x0000000000680000. 2026-04-16 23:08:59,719 [root] DEBUG: 4156: DumpProcess: Module entry point VA is 0x000000000069E792. 2026-04-16 23:08:59,719 [root] DEBUG: 4156: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x0000000000682000, section 1 2026-04-16 23:08:59,719 [root] DEBUG: 4156: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00000000006A0000, section 2 2026-04-16 23:08:59,719 [root] DEBUG: 4156: reBasePEImage: Exception rebasing image from 0x0000000000680000 to 0x0000000000400000. 2026-04-16 23:08:59,735 [root] DEBUG: 4156: readPeSectionsFromProcess: Failed to relocate image back to header image base 0x0000000000400000. 2026-04-16 23:09:00,375 [lib.common.results] INFO: Uploading file C:\ZPIRIzm\CAPE\4156_15375092016442026 to procdump\99965b28430cda4b41bd51229c63525f57ed47035053fb8842a7ebb78bfa02c1; Size is 16384; Max size: 100000000 2026-04-16 23:09:00,391 [root] DEBUG: 4156: DumpProcess: Module image dump success - dump size 0x4000. 2026-04-16 23:09:00,406 [root] DEBUG: 4156: DumpPEsInRange: Scanning range 0x00007FFE4B250000 - 0x00007FFE4B2598A6. 2026-04-16 23:09:00,406 [root] DEBUG: 4156: ScanForDisguisedPE: No PE image located in range 0x00007FFE4B250000-0x00007FFE4B2598A6. 2026-04-16 23:09:00,734 [lib.common.results] INFO: Uploading file C:\ZPIRIzm\CAPE\4156_7793074092016442026 to CAPE\327c9f19cf38c1d2fab9c18d31cdb19c7f3aa32cb9fc1152bf3028085894e47a; Size is 39078; Max size: 100000000 2026-04-16 23:09:00,750 [root] DEBUG: 4156: DumpMemory: Payload successfully created: C:\ZPIRIzm\CAPE\4156_7793074092016442026 (size 39078 bytes) 2026-04-16 23:09:00,750 [root] DEBUG: 4156: DumpRegion: Dumped entire allocation from 0x00007FFE4B250000, size 40960 bytes. 2026-04-16 23:09:00,750 [root] DEBUG: 4156: ProcessTrackedRegion: Dumped region at 0x00007FFE4B250000. 2026-04-16 23:09:00,750 [root] DEBUG: 4156: YaraScan: Scanning 0x00007FFE4B250000, size 0x98a6 2026-04-16 23:09:00,750 [lib.api.process] INFO: Termination confirmed for <Process 4156 client.bin.exe> 2026-04-16 23:09:00,750 [root] INFO: Terminate event set for process 4156 2026-04-16 23:09:00,766 [root] INFO: Created shutdown mutex 2026-04-16 23:09:00,750 [root] DEBUG: 4156: Terminate Event: monitor shutdown complete for process 4156 2026-04-16 23:09:01,781 [root] INFO: Shutting down package 2026-04-16 23:09:01,781 [root] INFO: Stopping auxiliary modules 2026-04-16 23:09:01,781 [root] INFO: Stopping auxiliary module: Browser 2026-04-16 23:09:01,781 [root] INFO: Stopping auxiliary module: Human 2026-04-16 23:09:04,359 [root] INFO: Stopping auxiliary module: Screenshots 2026-04-16 23:09:04,453 [root] INFO: Finishing auxiliary modules 2026-04-16 23:09:04,453 [root] INFO: Shutting down pipe server and dumping dropped files 2026-04-16 23:09:04,453 [lib.common.results] INFO: Uploading file C:\Users\cape\AppData\Roaming\57C9F549-7B50-4C23-B307-58BAB726D1B6\run.dat to files\d4e5529ed64ebb991b5a32765ae1de0f5bfc5d583e404caa50b4679a73cdca4c; Size is 8; Max size: 100000000 2026-04-16 23:09:04,469 [root] WARNING: Folder at path "C:\ZPIRIzm\debugger" does not exist, skipping 2026-04-16 23:09:04,469 [root] INFO: Uploading files at path "C:\ZPIRIzm\tlsdump" 2026-04-16 23:09:04,469 [lib.common.results] INFO: Uploading file C:\ZPIRIzm\tlsdump\tlsdump.log to tlsdump\tlsdump.log; Size is 22468; Max size: 100000000 2026-04-16 23:09:04,469 [root] INFO: Analysis completed
Process Log
Pre-Script Log
During-Script Log
Machine Information
| Name | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| win10x64 | win10x64 | KVM | 2026-04-16 23:04:16 | 2026-04-16 23:09:12 |
File Details
Show Parent FileParent File Info
| Type | NanoCore Payload: 32-bit executable |
|---|---|
| File Name |
client.bin
|
| File Type | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| File Size | 133120 bytes |
| MD5 | 906a949e34472f99ba683eff21907231 |
| SHA1 | 7c5a57af209597fa6c6bce7d1a8016b936d3b0b6 |
| SHA256 | 9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8 VT MWDB Bazaar |
| SHA3-384 | 2ff6be01f9d8f7ca76ab7415c6a6c75596be6018eb38b1988e35287121007e681ff3768cc7ab0a94325bb6825fab8914 |
| CRC32 | 1E8FEB2D |
| TLSH | T16BD3191727ED5D6EE1BE457933330282C338CAD29983E3DE24D865669B392D326072D7 |
| Ssdeep | 3072:pzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI0AkU:pLV6Bta6dtJmakIM5VU |
| Yara |
|
| CAPE Yara |
|
Strings
#=qoTNlk$Wngv$bqPRyj4mJig==
Environment
#=qKraENZVscKMtH4GMIJjzqA==
_Lambda$__2
ReadInt16
NtSetInformationProcess
requestedExecutionLevel node with one of the following.
RebuildHostCache
EndPoint
Random
#=qbwvWShVSL8DgrXXfPQ9kNmpf6pmcj6q57bPfcsBp938=
WriteAllText
AddressFamily
#=qZ8pysPk74rQ5GX0s5CkOJQ==
Int32
#=qYpD2x2QTNARNJcnXxG0OjQ==
#=qeMVJwq86lZc4hsNJNMQJVYiQqG94mfqhBGc9gH9UUgM=
#=qB4sApeDyjGxBivHLwR3FTJejGBlbih3hr3f3TS7BFbY=
System.Text
#=qmcl1D6lgUOLuKGFFyxMamg==
</trustInfo>
FileCommand
#=qN9Enun6Rlq30xNdBjhzY0A==
#=qJT4I5hOweIk$xYFEeDszbikglXCuquUd$v9AXtyq2ns=
#=q4X5fhkJm5XS4LlpLIyB6bA==
VarFileInfo
add_Completed
Uninstall
#=qq_SehjaC_F9U66vu1NLqjA==
#=qL6PdpQwMNSdyVKw3FgboNw==
#=qPfVuk6552RtecCgHDnGSkA==
#=qkcVkJskuGA4o7kGuN79i1w==
#=q$6NbEg0Hb4neXdXPgEgHJA==
#=qd8WIZO8f6IRqdUmvxawj1w==
#=qGxD085Z3RQaUY4iGwWH$xgEmRYVWDAN6hxNjaXokfVc=
#=qyM$eq2QFDjIwNzxtrtw3WE5gHFsUOsREqnRunYWzTvs=
ReadAllBytes
FileStream
MemberInfo
get_Width
#=qCJD3QzeNpOG7t7hUNPqgxgwPhMjv4aui2ikN049iz28=
ProductVersion
#=qzRcQ_b8FoTlpKT_BObsgBl2bj71wU5HcYdpIIgiTJ5c=
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
#=q$njopRrPblqe$yrs$rsu5Q==
SpecialFolder
#=q5QHPwKvqpNRA$cKFBj8i9w==
#=q$YUIMaEFO5IFZXBvo0kclw==
DebuggerDisplayAttribute
#=q$yU7aYEYOl8Nz4sJLGQQ6w==
#=qh42qYul4hj$aa5mluadvLA==
IClientLoggingHost
System.Security.Principal
UnhandledExceptionEventHandler
#=qaWedjkiL7CWj9EfMXrEg6Q==
Socket
#=q6tJHosKuF0IY3gGxjaveNw==
#=q$P4U7B6$qbq6QJ_QX8MfyNoxYRq3foNT$OZzr5yEqDQ=
#=qK$702nkzQ4rQ0lJLQZ2zaw==
#=qAfx0INrfgWoPN$Cz4VEZYVFcKNxFeYaixc4CaQpU$0g=
#=q5C_es0qgtlVCNxzfPQ_idg==
DeflateStream
IClientApp
8.0.0.0
#=qnonybcfG2jzQ4kHK5lGw3g==
#=qJtsKc7ccoU8jRrRMGJWqhA==
#=qRvcNy1bY28C6xYdCX8MF7w==
#=qFm7s8q151MPpLODhzLizPw==
Translation
mscorlib
#=qMMPHzLKw8_cOGV193acukw==
NewGuid
</requestedPrivileges>
get_Buffer
ToLower
#=qnB6QgyVNIUL$Uq0GD3p5d7LpaFZvHrB3jSqhv3o7qlE=
#=qJZLeQthAfpiCw0QvZb7htA==
#=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
#=qRxyF5FV01AHvUkR3BeX8OA==
feffefefea
Sleep
#=q6jLYuOOmC$a9_UySsUlsFA==
GetString
#=qfkwtPDg_wfxGVFOXd$WnCA==
#=qQR2R27CtTwLSuNC54_JY1g==
_Lambda$__10
#=qFlz$$vhlrnZb7YOji0eF_QZBzkOajT0w3UoQbgnXVIA=
Decimal
Microsoft.VisualBasic.Devices
#=qikBX_CmS$ZzVAuq$nQJBDwmLm5Gee1iPlPuvI188Ejo=
#=q12n1704BGxiT9AoOoTNqog==
Resize
#=qtxvtUAtG5kwD1CbaXqZpxrHWaxR5CiRO2OiaCLfsbSk=
#=qBpzegr6XzkmtwALf7kKPHV3RZVAWYLbYE79PiG2zXYs=
Windows will automatically select the most compatible environment.-->
#=qfsxP7vyadqL93mAkiQXr1tsUC0B$7Gp0ZNAPpjNxIG0=
#=qN9oos_gePS4akhGX5rjcOjS2FNZJlTAkUnO0Ykgu7Rk=
#=qQyvT61RAfdEUvn1jBvcx0Q==
get_AddressList
EntryExists
#=qoGHQsKlZ7jK$YeTeBpzDNYYM4Z1FIrOpXaDV$VTAdfM=
Process
#=qHamFicykpD9fQKnU2wtqJw==
#=qWaMf_MISHPEu34of2Bm5$ay6Z6PuaGN7w1jlKYjzwdE=
#=qlV3FbiF00r5Vrp5nqoncyxDHZMuHB7yuJa7xS77K3BQ=
<application>
#=qvPYkN4Wli543LScsy6rh$bZ0bDIN0tYd5zlNUibOEKfBRc13v6NIDRtsxPOZzKpX
#=qE8a8ikTp6zyXXyhNYzK8Wg==
#=qScWgGHvDwJ0da_7qXoO28aGE1ea7zp5$XjEJLTXkuHQ=
SocketException
ResolveEventHandler
System
#=qKxYY$jYG8_7mT_7R0n5jfw==
#=q5s6lzZCgRNNe2Z9HZfa94HOHkpUfSnAwZsGo$hzh7hY=
get_ExceptionObject
ReceiveAsync
#=qksh921Ur22JKhSIAXESSag==
#=qwK7$pNtMfqKNZt8gGYd$pw==
#=qEoM$dAPD9j9L1YOZU2B97iwm0vZOJe13LDB3GayWQEo=
#=qZ79zrlLw6T9kJCHt$e306HkmYpQl8J1ugf3bmy8tycE=
#=qKoyC_0Y6bPLCPvDcJr2y5A==
set_Verb
FromBinary
#=qwSPuuWVW8tz$gDazhda2d$myXXX0Ro_wRP7Rmm8JiiT9wA1EeeaPUV2jnUkQOCHa
#=qiIt1yNcUYn9ksB4loCZmUQ==
GetUnderlyingType
-$& ,'
-p&~C
,@&(\
LegalCopyright
#=qwdHHpd7UWv1_2lcOeunA18XKUsrG9D8S$xli$tkAMlI=
#=qp7rlpRCprgGh7RCnHteaLw==
#=qU1g6m1CiJ5yzLECox1hBrw==
#=qkrqC_kLD0I$zOgfqD$aGaA==
ToInteger
#=qaCmGqb7phy5lq$DAzhK3vB71XCZSvhKm3BtGKq_xBto=
CompilerGeneratedAttribute
#=qXfm3QhQkyfcZgbFdAZgHHmadm7n1N0mfKcKBqrdfAk4=
</asmv1:assembly>
#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=
#=qzB1OZ89gRpxcPckUn_afNY2d0beSpEyl40_4IarIxzM=
RijndaelManaged
#=qgSHqO_KLHRARFg70SGn_Mw==
0D2T)
#=qDx8yS5wU6EQSawGC841xnw==
SetValue
#=qJe4Aop6J2k_bK0f$hS3ZOQ==
LingerOption
WindowsIdentity
#=q4KMIX0AcXAdYuUiSKvyy9Q==
DeleteValue
#=qbOmsEb0zGpdZukI0D4Idug==
#=q23tIFHA2cbwzlg6YDYhwLkXCJGgIhllZCGmc4pRC8rI=
#=q1uJdtbJoEKhZjOld7SeHjw==
#=q4N2IYJkFi2VWiCVDKVND$8gixU$DXUcX8F2LiLBxLHw=
#=qzjMBSDJWeEdkUWCBxYatrQ==
#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=
#=qb$tFKVReqZMI9M678cKWGdlE1UJqJBfHAfOfQhXuW5c=
v2.0.50727
BlockCopy
#Strings
afeffeefeffe
System.Collections.Generic
#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=
#=q2dXdGRU_h62YVIUhgXBQJzEnralpXNvp017RQs19jjo=
Replace
#=q$XurN5kwCvUuDGDncP4myluEGVmoB5AfvTb_Ct0PT5c=
#=qWcYPgOJASLG6mRBDPhOIZERKO3Eig2IiEWCrUa$w_Mw=
set_Item
#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=
#=qTfMnD_jfiITiB95ES2nWdLlDTdGOSDVgXEnjKNGkWcM=
#=qxb6WVOMh6wjcZFY_Q0MJOQ==
EndOfStreamException
ToBinary
#=qUWYBucdXrqr2Ksc_3qKZcA==
#=q97ilq24aAenhk$hG8MzEMQ==
BuildingHostCache
DirectoryInfo
#=q8r1xTCj7grAlhMxU0cmrbA==
value__
#=qFv$qWif57TCUNsu_O3F3gA==
#=qSYke1CBEgOP5WhDQ2wCOhA==
SuppressIldasmAttribute
CommandType
#=qTSoRMaNGYiiBNK9Yfq59T$2z3sNScYh9uxoeWlhnD_A=
get_Hash
UIntPtr
#=qJY6uBmA7bjB3pfI3CAMZ7w==
GetFrame
#=q8Lz$o21atQxw0qUwF07ufqfk8jjJrspNc$L9E2y_kjQA$2GQzuj5BmjDMXRcd0oL
#=qkcPDXy2$GrSLn1ykhNxS$A==
#=qLJcloNvItceT7R54Ssv5HVCoj0j2JUUq_dQXQpFZZjM=
#=qafzQcMCK0eVSctI0IcD2PA==
#=q5W7RemVArrFCeEyFuvU4Hg==
MoveNext
UInt32
#=qV4bSY95FY8CPz8U7EzzkRg==
#=qUaHlQloQ1heHsricyshXiA==
#=qYVgYkiAmhdTmisXUMVHYlJUHzcBdggj3Sn3nLI_MDJ4=
#=qulZN_JfMbEqc2jFbEooALI6mh8tLy9$3NFedHEXAIAw=
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>-->
Assembly
#=qUbRtqAPcSxRMI51YgNXGZ9omJvV5BvuqBNocgi7xl6Q=
#=qrIbbxniIme2qLTdRw6i0wDoZFMH5BWs03iMeSnjojQU=
System.Reflection
#=qAoRzrFi9HiHjyPL0ixkVXA==
#=q0QKFCbf0u_IpV5ISOWOl$Q==
#=qr5qpvOPnLxLp6aGkfAM7wQ==
WriteBlockData
#=qIZP8IX60gSYF82kuZejmg8pOoXfEBczapTTwgrWM$fM=
#=qrjPq4iPb$PLckcObsgRE1Q==
#=qH7CAcg5aycQv61Wo62XDpw==
DebuggerStepThroughAttribute
#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=
#=qJrzYsTPKAwT$ubz_aq99mw==
Int64
#=qtBt$1AtaHrrce6fc6LOT3axuBNxZ$SQPty78qYGi1os=
#=qfjs2lYYPRWKuXjeHrc8Rtg==
#=qbUu2Y2P9FL2iRkWyb62gww==
GetCustomAttributes
#=qul8YRvQj1pWpo4_UxgOSzOBvtncEE$VPCzTeLK_rIz4EnXxineVkwF$lTxruKPxr
IntPtr
#=q91nKS7P$i0qKCqvUAPW9EQ==
#=qos7yzAcb5jR$ypc0Qk3OWQ==
#=qw9FR63zXVj$omVnwg0u37A==
ReadUInt64
#=q$Rh_ulnlhN$9Zn9n4fKAsvWT9cisaHT_PgvcGANnd6o=
&&*}#
#=qiCTCgJQkyH_Kzq$FT43G4Q==
#=qCeJ_QwVb__fbuEImkTXwSg==
#=qURIxMOG0HImwEP4A6zEiPg==
#=qxQTn_t1ZFKKNm77mQ5vH9cInicm2Cv9jGtv9vmIpksI=
#=qQLqXliLS$ujl108DGV7$zv9jo8WyYr7oxBJvAgzllyk=
GetExecutingAssembly
#=qqIzVXHiNuUY4ZNiSxkqEGQ==
GetTempFileName
_Lambda$__5
#=qEnv9WsExz6baZJKRUDupw9eEQbgJVjj69NjcsJ7hrBk=
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
#=q6pErmyx6x4$YkotXXEXGCt_ysi5JdNm1fpNgnUvZ9LE6EtA8E0TapqXrPnqyBO1x
#=qr6ouJTA2RwDm_3Z$eUP6TCvbpSA$yAFGnut7D4kG2$I=
#=qjM89gxwDLZ9izFxrYPCtcA==
EditorBrowsableAttribute
#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq
get_Offset
#=qyxpfolLUhMvFTDE2h_syvQ==
#=qAp_zHqT7acjq$QNiBoq2EA==
#=q0msvLo3fKjQ5ucIFxkdur24Cc0tFDGimgcqgtAeKZq8=
#=q2nHH3haw3R0VWVw4qHOwKw==
ConnectionStateChanged
#=qRxKU0X3UfYwXoOTtDpEVW6z4XRgE1s4V5zOQsfCCSqM=
RegistryKey
#=qwogjI4gN1imp1VeWLroXTk41PgYeLQ34zunh6NYu_3g=
MyTemplate
#=qm5VvJvLZD$UcnjvypC5XcA==
#=qtWaDSiZ3KDHpQtSfxDZV0w==
#=qbpvfREN3OwaXBj6J3WBAim$AQyJ99fz1ef01qn6kVrs=
#=qTEC8gcgkt672qW159Oe_Iw==
StartsWith
Rectangle
#=qwNkTTorgPauZQTT6jiqLIA==
System.IO
get_ExecutablePath
#=q$c3lXLbhl3Qzil6Z9hYEopCTRdsG8WE_1ZuhF2KQELQ=
#=qm_Podb$DJ6CfxMwMnaj6heXfc210URbSx7p$rJGFPmA=
</application>
GetFiles
#=qay$wDBdxvh$MBWrC9YMhC_f55kIvkv7I_BjPu_7Ajsw=
#=q8NzetUGGc1cM4ZGyRGGlug$fKAOwmcPqe4nFzDGKLk0=
ReadInt32
Remove
#=qTAs57ZkYafcLC2FZLCGAiQ==
get_DeclaringType
ExceptionData
Format
#=qvX$J24rI0eJ0gWfA6CEdzVJN7bQN_YTuS98N0yyMYPo=
#=qLKYxZZVHP8wT4ocBxnjPXg==
#=qTLmFjOt1Rq5$fqQEFVZ2zg==
#=q3S7bY847GmpPliI1m7tZaAVifJNdeHclZJyeY2JTxN8=
ArgumentException
#=qWQUgmvsTzj15wSjWQHZnng==
AssemblyCompanyAttribute
#=qfvzoVBS4j9KdxyngOlL_NauqVYLAaOZVw9dutKQSAp4=
_Lambda$__4
#=qO7YVPb8fjfyGw81pHcJjnw==
GetPublicKeyToken
#=q1A7nXYgjUuxh_0aV4fZMB87On7HuSdbeS8x$mfXfW2c=
#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=
CreateEncryptor
#=q5OunwTi_tYTGCTkAtZ8rARxlhmXbFcAf_e1GiEt$FEA=
#=qhWn12I_bGxHfrIrnto3QAA==
IClientAppHost
#=qWgd5i$rED0nEbfExDCteKBL09U6dKm2BW1AXqZVXCWk=
#=qjlBNihUiUO2oBJbOEbdB4u8xmfTL9EQ3AEFa$nrdzJY=
#=qoTGj8$mBoje$u1RSJ6obYA==
ReadPacket
-#&~7
Int16
WaitCallback
#=qlIUFl2SBYSRov3A1WGimWQ==
#=qVEEdpD96A48uRzPJT7G_w60gIZo4tH1_e21GoRWPFm8=
#=qChPTKc$8xcHrcle7anHYNe0wH_TweGkex2nGe9n8WDs=
#=q8uMGC19QD5WGzpkzUOu0SQ==
Disconnect
PluginCommand
AssemblyTitleAttribute
#=qXO4A8$YrN_OoPhFOn$Hhtg==
Dictionary`2
#=qLSPQZXlXixhGX8Gd10$ph8j0p3_XdW2xwrfqz3nO7MY=
#=qDJlWEiuGwuVXAz8yc8z7OaMssRYN4hP9AHespNOmdYHus6_1XkNOC0rqgHeRZksg
#=qhwyNa_lhtuoyuJK5j3BcF4xu5fY5XhFlgzkM1Cgy6IA=
Dispose
B.rsrc
TimerCallback
#=qzRf5_jFnPo03SqY9Fq$uTg==
Queue`1
Shutdown
#=qhiSO75CpxncaWptyc0vAMQ==
#=qrPQtMswclvOlK1AxL1S4K8M$owLGUpQfjJA8CWW$fj1az7m8LFibY8IeMxHKi4wi
ProcessWindowStyle
&&*}b
</dependency>-->
#=qFZ8xm69Cd0C55Ip2ORf7Ng==
-b&(?
#=quFACL_$e$cUEIexpzPXS7w==
#=qedcCJsW_6aMZb5lO3tR01A==
#=qraB64nHTnRXCE4d7ffs5aGExarxpEh0COAPaEFI5iV8=
get_CurrentDirectory
#=q5XjI6hZlPIrXq2h2btB_pVJgDh_o3RXkWrFCxLCG1E0=
#=q_$JrmDHg2uq9s8cQVRi8Jw==
ReadBytes
#=qJqkjp9g96yoxpNS2E$BC00FKleto7dZfN9N5mtLDF4g=
#=qszlIp3ITaFi0VCgRIaErNg==
GetBinaryForm
Yaa*&+
get_Y
#=q7rZvZ5LmWDFo52hBeGb87g==
#=q3LvM$oW1poDdLKDT_N_s4w==
ToCharArray
RegCloseKey
#=quOBOxPeAl_kjKKx$REI6dA==
#=q_NLac$XJ5lIxZMpXsr_nBw==
#=qOplsUBML8x2xteEBilOycw==
#=q8Bp27fhtrXMmonNxf$9qLbuQQehIBQTdOPDQw07FUyI=
#=qFMsFc_zvkhu_B2YTPJt9Yux7Vq8aZNOr3FA$mEdAzCc=
#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct
get_InnerException
#=qgCcrNFC0iLB8hKTy5iNnsw==
Marshal
#=q3cm0QwDyNYr2y$xvkCk9bGbohRfuMuxkahGwLy466GA=
#=qyzEuYsQ6u9hwZeR0HeWqvA==
#=qf3c4WtE$$thN5QyBMvo3u0lth2VF5hmfUsIv1r8yRkg=
#=qcDgE7pmQv6niirKxFRMj7Q==
SetKernelObjectSecurity
<!-- <dependency>
WindowsBuiltInRole
#=q4d$NdpGCMcL3TaMlT9EW69FacIvNnqDPMFNisgGhmsY=
GetKernelObjectSecurity
ValidateBlock
#=qRbDxNN_CBpjdn11hjtWoZg==
#=qe9p_PgOCiouYWahOSDKth00dr9CdsTb1R3DYgCeLUBw=
#=qsYpthruwyrknxFdWaNp9Vw==
CreateDecryptor
Conversions
ReadDouble
#=qdzx0nDkNduYsJ$MOZBFb6jelzyvbyiG7So1vqpZnVLU=
-'&~C
#=qCN8q7dxuBuds3rgIjZ1oLA==
#=qBcRYABJptno3$fpXoMXAvg==
#=qArVl3RpI3eEiVf0qXoqrWw==
#=qk77uxMCXAcR_2KMKgZiSng==
#=qd7oUKLFPI9nt8Ln7RU53xA==
CheckForSyncLockOnValueType
#=qCKX0qzAtjLAL9KBPrJWkOA==
#=qXzNbY0aXEU2Rr2_Jbe87og==
ThreadExceptionEventArgs
get_InvokeRequired
#=qu1CivWngdicjZHEJYKM3dA==
#=qqLLpPwpASXA1wqOuY2RNlU8CTc57bQGBfHWaLDgrCKM=
AssemblyFileVersionAttribute
System.Threading
set_CreateNoWindow
#=q9rN$wEdl9rzJbAMMIiemCg==
#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK
GetBlockHash
#=qdy_NHDvN7XTcQtWWMYxYKbuJqtXHsYJXM_YUEvVR0bc=
#=qyZOtLxFf9zA2x1ff4_5cOg==
Write
#=qxUvHfLZKZiUmPXUqPV8Vcw==
#=qsAejPkl5V6B3npq6homyUA==
Microsoft.VisualBasic
AppDomain
#=q$bBbU_xpGfMMkAvp45SBRg==
#=qZiHVbt3FXowK6_NIyOxsOw==
#=qsA8D04owIGYHILF6yPa43A==
#=qtT$P2Bo4VHFu60OU4VLf1H20c7M2DlURuyfb_XJDYaM=
#=qstAyOBsDsJqFRKDvXIn01A==
#=qWljP9Wu9miiHAG26c_L7NQ==
#=qGqLDylJy8NmMEbMDJmKtoQ==
#=qvLrEXVjSw17e3P6GFPALhrZXcKcfxuk0NupQhKFf0VM=
#=qFlM8LWSzwV9qMKMd32mVdQ==
QueryDosDevice
AppendLine
#=qkWUjAoA_6r2E7qo6NAGuIBq3iKikqBJbioTC25CcZQY=
#=q2wxuRKC7TyzyevfrmeuJ$w==
#=qZFVU$VkNPSWYii2AVQe6c6mwAUd10Tgqkl1$K5gZz9Y=
#=q63A3zH9hQ$3c53x2wqU0Qg==
#=qEqBb19ZxrWpMC8pwAc1v$Q==
Hashtable
#=qFYv4oSsEFno3Ujev9_o4Hg==
compatibility then delete the requestedExecutionLevel node.
#=q6Xi08r0$lOOnXtoBHhfMuQ==
#=qfOXLv$ej4ffVoa9QN8Vke8O9DCKhSHEsi_sqFk8Qf0o=
get_Day
AceFlags
MessageBox
ToUpper
#=qVXB_y3eN_sp1$Md9UoJeYQ==
System.Drawing
#=q6uR3lWd6_aD2reKUDlx$OA==
#=qEIPcndOLrV2GJmno7zKtBA==
Details
ExceptionHash
#=q8T1neNU8Flp1WaNsBKnRHQ==
#=qfPf03rjJVGFkLtYSr7zDRw==
#=qUUt$Zm9DEy7746wMpw0nOgKcClljRPRKWyhQ21GyaOQ=
#=q2X26s_rFZ25AY$hOcf_6zA==
StringComparison
#=q9heLrZy3cpWSk7do8VVthg==
#=q8McCIarwH$XScVz0xkTmJw==
Combine
#=qBhG6LJNfmJspOR5A5YrkZB3a_dWOpJYSj4Mo9vfL8qo=
Create__Instance__
-'&oN
#=qDOdV5duF980CDFSFl8oQpw==
ReadString
Client
Object
#=qe5qrWacQXGv9g0P5D_mRuQ==
#=qluYNp43cwlAh9yLdLZolDw==
#=q6Aboe3ONIkez7GgqcdWPi0_vrT_i53_89HUeagGM6MThXvFkvl8hpSeHO1UJawKN
get_Message
fefefeffea
#=qe0mY$R_rBsPIZZv3hPLS4g==
-O&~r
#=qKYm_FHWoJ42y$VrakLgWfw==
FindResourceEx
Concat
SocketError
get_Unicode
#=q2gthvB62n07fYVTx5fwIqxBAo1t_hs$il9Ac$4FY_Gw=
GetInterfaces
#=qYMGXxffne_DlG2tyCliUw119RPUt2rJt6SWle_TPkBA=
#=qCgskv3QU4cEy8M7hqvNNBbFyow$DvbmSQrN8A5JJJWs=
#=qgB3pFGrOVxm7f$sXZD67nQ==
#=qQRAhbbFlVBfqrgso8zehPg==
#=q3_xjz98EYRXgLslROl8imQ==
#=qmuy0ee0GJl13ksvWRbOSbofOCTPf0dv0HYdjJq9H_Es=
OperatingSystem
#=qnY1InNbQmfgiJXdGVH6rvQ==
#=qYI$MiBdzcplbf7GqrUf7Ig==
fefefeffe(
#=qyEH54IW$f9fUJb7FOR8r3vj6e$onLGrpm2VGycjbl9TZJEqkwtA4y4bL9ExOWpiA
#=qMWVV4JCreo65oWvwYJqZWobqlgJkr$K2AUIqF$weF5s=
MethodBase
#=qw39MYiiaN1XJbqsDq$LgQw==
-\&~]
#=qg9gWuHgvaa6cHg9wj9NSQQ==
#=qr9m9EjuYAP$2E3p2xadfFhcTH6toAhrm0dlfOTldiWRsdXd8UmnkRkYrV_8$1gaA
#Blob
#=qzTUdhpx_l8oNrXik8Q6a51kZkIp$waiEMbjMOU1bFOc=
#=qABSlSWKh$8sT$UF4sG_vQMmKqh5lDRXHlL1yCp0W8x0=
#=qw2XWrJCQCyTO0Iwdbz8TWw==
AddRange
#=qQ3JMSE9km3mGmL6lmUfRHw==
#=qEQtWieYw8BPdEE4hbsjTLrq$BwGjJOBoaDYJmV9xVgE=
#=qtIl3MhjXHsnCHvTVFi9hFg==
#=qfozjXlIKX6LyHHXB6wCG9g==
#=qjIje6jGWLd2EOkfZXKqBbg==
AddHostEntry
&&*}X
#=qKdZKgyAqL_iP0GUSJkXePw==
ffeefeffeefhah
LoadResource
get_IsDisposed
#=qeKiN0Pwa0MwkK0uB$Ook97TrMQC$LNj1jgF6xTuSA2g=
version="6.0.0.0"
add_UnhandledException
#=q637XAKKKpMW09u9r97v4lg==
#=qwGMLoIBYlotM6E$y2KTAuQ==
#=qeeDSInMnFASKK3QXGIKUxuxDb8FgGi0XLXRlZ2oJdWM=
WellKnownSidType
get_Port
GetMethod
#=qehEpCuPIxZRbHczlt$dAWi4yWi9o1_noSvuo$Wzvtyo=
#=q0REOJwjO1qsE01G_RQE1TQ==
EndInvoke
#=qPNzwB3EyeKwH$TwKjEdAjAC6A3IlGhANCdkUFCgvEiw=
#=qpXfSNxR7J3tqOHyqT6s_Aw==
#=qNz_Hz8DMWPqA8pVcg8d0UVymwvCurvyYgdZaMK3OhQE=
#=q0PMcXQJxcLLr1sYO0fpyhPjUwjQtInL_vJPQSgCsfio=
#=qO$LkcjIVULy0PGjvpOiiEw==
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
#=qyc0YQPNqWwZHkgNDV8lyIQfgMkEbGZtyDsLzhYmFp8w=
#=qhFV5jkshUI$uRxypI6oecQ==
#=q0pfW5T3uO1I6LyXSPFW7Qw==
#=qQ_BBkbckkXGbXV1nE4Sw4w==
#=qYiXVlu3YVR5erIxfIIBHo1Gv4y4z4vrtnS$$9CALbVE=
#=qhq3FXVXLOItNPwDlpFnTKHk3JkInaJiiSE3uR3jtGH8=
If you want to utilize File and Registry Virtualization for backward
#=q1AWpt7Zq4Tx0wGx4hVFZRg==
#=qhg8oaKg1xx$HC$DKnlbXQpibwH2HXqMGSlGv30vEUsU=
#=q66hvvPDVbMv$MYStXtnb6Q==
_CorExeMain
get_ParameterType
#=q__Bys7JTXmAiG9F9QC$wjw==
get_Position
#=q51SFR_Fbl10nUMKjGTtHqA==
#=q3TG8MLoZf1Y44PREVW$6m76IGmuYE_BOhC_OTjkQJFtYWwRtSeFqevP9hiteuLfz
#=qmbdg4P9$2ouafwS8nEs4lA==
#=qudwGeEjJDUB9pt$_k0YOgc30ZWMo1bIGmdknk40OWog=
fefeffefefea
#=qH8FTQLBlM6o0t6zf8SLPUg==
CreateDirectory
<security>
#=q8SIEDcn4WoT9RcZmFK9tzQ==
#=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA=
#=q1jj2Lo3UBKUZkdI2bLcg4QlXuNGNWZ$CYnK9VTZNEsA=
#=q8nWzev5go3NKhN5Gk9NzTmM91eKwrK00n3U6GWmH8Kc=
#=qjYgYU6Lnx_W1ikVtBmjm3w==
&&*}&
RuntimeHelpers
LocalMachine
IClientReadOnlyNameObjectCollection
StreamWriter
#=qGqugi8s64S3wxXEod1SSyA==
WaitForExit
#=qV9UIxiLyaOi7XoTx2DUJwr8Ior26OirSZwM3mOvftrw=
#=quO7UmvJ4RBuIIChSn0jx_M$HL4rBuRuRZnNBEMlpsJw=
#=qxWNhTH3aUmlSLTvydVoCIQ==
Boolean
#=q4P_5NYDHZX9MPbDZuNFOAbRpAmJ2c_TFz8M5ulhIFApTRNfzn3_E1__1$MVw8$WV
get_Major
#=qa9HOmSrK7mjt1ZxVRncCgFoJUA6N3DmB1Rc$YUfcSKM=
#=qN1bIi$08taNozgdgDWdXVA==
#=qAM4ZJ3aDwBm_a3IkqHxLmjdKzHIQbFeE9thLHux2o6g=
HostData
ControlFlags
#=qdZqWoaYN68rlMOX4HkTLdA==
#=qru2ORBLxmt_CUDya_FEQGA==
AssemblyDescriptionAttribute
#=qxWp4ETQRrgcfPChnmxhivyMmb5p6MuyluC9Tc_Mhkec=
fefefeffeXa
#=qVQoZlgR59_v4NYIa4CBPQw==
#=qVHGoZQC06Wdz1fJDKkoeiKu9aci51znqNtMz8dGZQMQ=
get_LastOperation
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
-(&s8
ReadByte
#=q1tLM5Gk001IDETj3RhJ2ESaIo2XgaV2vMWhqISqSHy8=
#=qRxR4aJg8TX8oM$OpeoviZQ==
#=q2V8VN1ZqnXOBhkZZr6w3VA==
ReadSingle
#=qOxeV7mwtJT4AH3HtBqNUXw==
set_IV
#=qzx697Szk1moqO$yUynaioQ==
#=q2XZFEYqbf67s$PRf9Xyx7Q==
#=q1abXKhVCyzVldE9ra9z81A==
#=qgHxgiBgB0FhzEGOOs2Dqnfh3XnJ7nEmajCNqRqFR3Fg=
ValidateSource
#=qA1_qolTI9aVdwnEde3ubqM6zKBigTZiyb5_iHpeZQDI=
#=q3fzZpU7POi9yYKua762KimE0tXDV2VRrjyJcPuwXgTs=
name="Microsoft.Windows.Common-Controls"
#=qxp6ct4JGLaMDbwg6fkrIEw==
#=qCA$7lFkUlfYTBh0Hp6uY4w==
op_Equality
ClientLoaderForm.resources
-!& 4'
#=qRLk0VFphuSTh16H1MGZUv_HwKU6b1$OQZ0l10zUjPKU=
#=qbbSw65PC$nto6DJiWxTawg==
MyGroupCollectionAttribute
#=qA5pFz5LZPgfUa5zon4beRA==
ParamArrayAttribute
<generated method>)
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
publicKeyToken="6595b64144ccf1df"
get_UTF8
ToString
#=q1t2nN1p2nWkytA1wjQ32JyClWcTGIZMOEV9XOIYf1xQ=
GetHostEntry
`.reloc
#=qoKFLFqm7bb3VWsU2QKXIQ4_6anGbTCWiZAfrNlgq8fc=
#=qLYpbsprg$ymVLeNEwEpYlA==
#=qG2DPieaEKCS$j6T6yTf$qg==
&&*}(
&&*}e
#=qSyCMza09ItB79lrZlFBuQQ==
#=q$mqGRbJ2J2TNgadoLHYnIQ==
-m,Ol
#=q9tI5WfBIFIPW_84mZnHV05cJ9fSyOCl9wA8lwPxs3PQ=
NfefeffeefY
WriteAllBytes
#=q$XxqrIH7dyYqacMzR_CjGA5JAR0vUKiq1f0DFqS1mcI=
add_FormClosing
#=q0g2hVR4CYkiIvLHeQL6tUkW2KQhRibG1DIo1pReSOj8=
ParameterInfo
#=qWbDVCvJRlY$nWsVAToK13K8LD9gZFcJQAtBUvjDEcyo=
SByte
#=qQ9gevS7b4oTsdxtV36c3$A==
#=qrWKlHKCxTKueolOR4ohc7D_cBhjLv1zNIcftgcigaGU=
#=qKxL6kQaUyB_6jIG3mQUGOw==
ReadChar
Start
#=qEbf5uxiH92v$7mL0TnmsnA==
#=qvJ_V3lJRnVEW6EI74n63zg==
#=qFxElXT3T_$sB_0gpbmQGIA==
#=q7wsNZ$btlm7uRzkYXMkJl8JrBCKSYJt4if2WiKQrObs=
#=qYGU8a5KOsYzqpvljkWGWKuQS9mZuJYQa$8g5J6c9rho=
#=qxRbSDXwo6eARhpCjqJa2Fg==
#=qEn9Mtg$AIqWbq3whj1y5N12e3KXi_NwIIcl2i$FXNSk=
SocketAsyncEventArgs
type="win32"
ConnectionFailed
get_Exception
System.Net.Sockets
#=qOn6YhA2JjwnYZ_7D0fnnEw==
#=qu0EIqDRT_HlTe4PqaMKdozL1lQ0SgTtqFucuF2vFq50=
~utVN
#=qI5Vms5JVXaVkwalJFV3L6w==
SetLength
#=qAySeqCaPs9tWWTa_P8M4Zg==
-l&~s
#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs=
#=qtcncUaS1HcVKUD5AEGHBokWqEL$GDDjoAu8asy_oLis=
ffefeeffe
ffefeefeffe
#=qEDU5bqS$T9T0k2xHaznuPTNI8j4z6II52ItUe0wjyZ4=
#=qXCoQdguduOewiATPKLDvyekx3X3r68VNkZOPBX9O5lY=
#=qvJN63xerlaB42Q0XUG621g==
Decrement
PluginUninstalling
#=qwnMPoJqYBxCKR$s5x3I3EQ==
<!-- A list of all Windows versions that this application is designed to work with.
#=q$sTc1AZMnHRC7q_PL2hWs4JIEJoo88_IAFcWtrdNt$4=
</compatibility>
feffefefeY
#=q00kXQ$0a$SV9DIgRtf4NWQ==
SocketType
#=qdw5QBoXX8FR0LrkjhWN3qw==
ReadUInt32
#=q1ZcUbkVKv7wahbk_Am8y6A==
#=qJ2Bo_iSk1Tt7sQHk7C2ESQ==
System.Windows.Forms
#=q0zLeEY98tybLc8FS6iVEWjGp4MNZxETphcH7ohzBXuY=
#=q7O26Wc9N845khaV1IlgZGg==
#=q7Tql80HUgCLaL3e0n4j7ew==
#=qCSC3Khfzx9$ef45TjPThpcJgh1Y2yjEovdFzCbywzqU=
#=qiGEsYAsOSz$jy0hyBv5MGPdLIlePpwWMgCE_Abe_mLY=
#=qHU4s4cJ8BUWy$MQH9LPGxTniDgLcWFlt1CmhZ7PNRWA=
#=qoKX_5NDx$uDAqG3r2Qdnaw==
-?&~]
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
IClientDataHost
get_BuilderSettings
_Lambda$__3
Single
#=qXjNBjXFhVcOvrRAG8alfq96_gJ4jOa0wwNOaztY3QjLWnMT6wXGDzBnHuUkef5N0
STAThreadAttribute
RegOpenKeyEx
#=qX52fPnzDspvxDLERxqgnmVyN3O6kmNVEBrlqQ9OVPeE=
#=qsqmAgLqQh_pOiJq5Mcf5Ii66zl6iLnAX8VtqTy$uxhY=
get_Name
#=q6oykuAaezoPWCQHwIFBGYQJoT_doGKMmOjpzn6ZJomA=
#=qORcQ89THKgijJ1sWRyjf4hLd1g4H_sosI9t_gkVfZ7g=
#=qZHoyzaJ9rjmsFI5qWuYXUQ==
GetResourceString
EditorBrowsableState
#=qRUXz_3fP21juNHWjDYL16Q==
#=qcyp860KJctHXULF8nCr1oMRR0y2kU8XZrQHqsInbsAM=
InsertAce
#=q9rPQSTp$UBZiTGc7mKlh7h1QvRgfs0p_mQAaIRjRIsQ=
System.CodeDom.Compiler
#=qNQZrJgmZwpZh_4yrtaf9Gg==
get_ClientSettings
DeleteFile
Double
GetCurrentProcess
#=qU0vjurWIhbfq4$RoGXKKVfTj5MJBenZeu2wAtoCJAJY=
#=qYGqPwTlQx5HSyCMpKnJtwO$bA4uyJcKD$pA6WpBamRM=
#=q9M64o5ghSlB001vxhTt2kVIQeNtcHtzTvRgoYr2$PVs=
#=q$JqWZLd6UPV3jmsDHksd2EmkHWISQtPlvGx8vZ7hHXE=
#=qClMnNCTDhIIGUYHmdm$xCQ==
Clear
GenericSecurityDescriptor
#=qikOQWBxvreUKIkKm4o4DoA==
IDATx
InternalName
#=qI2pAr92bRdzddapVaPVhbQ==
#=qHy8pXlBCL$mvAXWQDJUnVpxgTTYNWuQ4Z7NdFPUhcZs=
#=qEKdoqcCD2XVb2atXAIOmL$Gnnk$r2oNLDVsEymHbxMo=
#=qU_ZXXWlv_8PtJY9coDWiH8$dVbE9S$EoqFVRvxhPtE8=
#=qOgcjmweVxeuvMU4cvcFOmg==
#=q0qLVKF4NbQlcaunYsixITQ==
ComVisibleAttribute
#=qWCa2pDyuMnzTMLUOIIx_zqZ1n0nAbCh3XpyakFsKTbQ=
IPHostEntry
#=qFaxhQMbuEyPeOadTfKIzX7ulwKfSulnteVvHU$QDlcs=
b`h*&+
#=qS8syUoAGHVUW8$eQd6_3_g==
set_WindowState
#=qfXdNdmKHZO9pILMTQ4gUIFhfl9KPJm2rU8y_LQsTH4c=
#=q7EIL8N8VWglyI984D7TGpzIPvdOcvYIRRwfMeKNyDDs=
#=qgPQkZ3GBDc371jzhubcNPqmxfqhr7b78DNmenmuxGa8=
#=q85afbI_HcqBFOZnC0iAqsNghLb3LsuyjFtpLEYYoPX8=
ConnectDone
#=qfpNcQ8IYoPRIQgVc_nBfXzVjxVN2nY_mFz$PcDXaKKw=
#=qnk9x1Gmlq5UZ_X95yAl14A==
#=qrpluguOr5I7WIqr51cA8ZQ==
#=qeWvkoUO61qxfYbQKV$cOPQ==
SetBuffer
get_Height
ClearProjectError
#=qCSH0DtnYKogitTpLw_M85GR1jr6BVuF$16hm8cfUYWw=
^YkG#C
-&&~r
OpenProcess
#=qKqE6jaRKu5jJvHl8RwywXQDv4h_f2ISEaHK__Drdd$M=
#=qR_QBxpRX$xZ1vjqVv0afDQ==
#=qYuHUjnyRYHZqCkKAt0jj_9qFBzmTZKte4i1ou04eBWY=
#=qAkkjpY6IHZssIsQ9hAxzTw==
Invoke
-T&s,
#=qGHv1IOurZ6januU0XCThS7E6H0kqAtBD9d30RkoHFXM=
~:}ew`
#=qOsVShdMttD8jGLf8zW9G7g==
#=qEWXagqzV$_PB$92aNfTAHdvK2qw2uvSxy$UVh0K_lso=
ClientSettings
#=qrzlCozsOJIqLxGzoulKftCL7kUWSuMYFdc1ca_yCcBA=
#=qGjStw3GYbvUue5kapeAzmPJAl5$UDUb723PSvMiCGdU=
#=qtLsfqPVQ47D3cdxmiwAJAQ==
Specifying requestedExecutionLevel node will disable file and registry virtualization.
#=qnnmAgQGEsJw4dsVn9gN4wJbRL4WqsDa_V0QuBPM2E4A=
get_Chars
Variables
#=qQoUfP$jAQrKMjDuqm54QmA==
#=qnaTZqk95Z1a8JBLdKiF8aw==
#=qwyLCYYp4MoTtTA6T$fEOIg==
GetEnumerator
AllocConsole
Dispose__Instance__
#=q5j3wvJXlnrGmRnKUHr_1SQ==
#=qyow7wBpiCNNIoap9jI9L3Q==
#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L
EnableVisualStyles
fefeffefeef
CreatePipe
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>-->
get_CurrentDomain
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>-->
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
#=qo5Pv9nXCIU9X_B8SJDUR_qgp7npNK2pA1rGP0GNQ51o=
#=qQJBwIjtEvP$UD5Stcfj2wASGBDPz6YiX1yXx_MSfzPs=
Empty
#=qTZGarPS37Dw3Z3Ipg_AFug==
#=qNdKVs_XU_xYgnUK9ZfVshw==
#=quXVzKqGldmgtXgVm61aLog==
#=qAR9aFFQPEovpFzvfokoGkw==
#=q61s8d6EIAdSsDLLjqchw1w==
ffefeeffefea(
#=q6CxZjTl3_v2RHWKegcqMWw==
#=qek1Oy3FoZ8ULt6r5iL2pEQ==
kernel32.dll
#=qvA35ZDPTM3VgF89oJb9AmWFE4pqnIDYGjeV5H4uvblU=
#=qxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecU=
#=qJRbhy7_BbunS1O6hH3MqZIufpnZboV6cb5Cv4qZI1D0=
MaxValue
&&*}o
get_MachineName
#=qp4XZ9Ss3K04S36I$7WhtwQ==
#=qMpgSfrZ_Z1PFlMpqVHDctw==
X*]x.
NanoCore Client.exe
#=qKKh2V4W51UBGXR09J__pug==
#=qmL2H5Qgs6vv79mCqS$t3qg==
#=qG8K0lOrmHWfP2KExoNv$5w==
3,bDD
#=qUDQctXsgw3eGxqcYAxP8MQ==
#=qWFUoT0l6elO8yn$hIYUL6Q==
#=qhPT6K66KztLE5cE8YZMEsw==
RawSecurityDescriptor
#=qhz4yMg0WDLwu3BJp4fYr0w==
#=qgBCfMYp3J4fCYU13EId5uw==
BinaryWriter
set_BlockSize
#=qg$lb3t6abG6vgSpzSjJlb_$AIzqYfos5cl9DWFolUwM=
#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=
<!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node-->
#=q_gCP8hm5SSW7J$3R7xJuSA==
#=qQKYqF9uhb3QdjdrkvuxjUw==
LeaveDebugMode
#=qXKuFJhTO9qh0nlK1iXbbSH7y8Djn0mggfIDxOoarDyE=
ComputeHash
ConnectAsync
#=qB7XWHK8gygwSs$Fj70FiWw==
#=qJ598Vnr_RIwGnHqFfQsYCw==
set_CurrentDirectory
#=qHj$POo$6pkhWHVC5cES_2g==
#=qAsEDmMyJR5b6o5oAn_4$qhqe51JCfsU9Gffe156c8UU=
#=qukf_DyAYprvhLsdhT4CGuA==
#=qoTZi9XCxEGJXLELWnV3yfQ==
#=qDEcM8KorEdChS9luywSNQA==
IClientNameObjectCollection
get_StartupPath
MessageBoxDefaultButton
#=qkFwCVmJ2HhZ6r$uKeVZFFfVLdddj$WEInl9bSgbErDM=
#=qEk42FAaXkrNIu2TP76IakA==
.# G'
.ctor
#=q5MtzoDWNtlkksfPTHs5qXlK2k7ZehKenYzDJQrgdOII=
#=qdPDxrK7XRQZlwY8QeW6oe0AEoOr3qND_WVi1o6l48tc=
#=qvRKdouixzy3mopZ1VtjZRIxbtiSW2GAGLD$37iVLn9U=
#=qJLXxSZzWSVDQjBBC8RxpqVbwxFaxTu3ygaLrjLvlmTw=
LogClientException
#=qJAZ7is41tIXMNDQIkGLgjRC15Eis_QBrdFx8JT2Rx54=
#=qqCUKpKbVq45Cc9OUN5wTXw==
AsyncCallback
#=q8GRQigucU81Rfg9VpK7PVLcjulhhYVPijYKMm9N3PJs=
r[D}E
<Module>
#=qXz2OER2RItZOjngvYurWLQ==
#=qXCUD4SfDr7DmFI64sweGXTg5Ns_ZxTOZPqBRcEKWTQk=
#=qhVWucYSqOmMmp4RgG95tFA==
FileVersion
ClientInvokeDelegate
#=qlMIFeU84lweg5Ul5iSg2vZUvNnPKw11XA1pEUQfzDeg=
#=q3d9CqFPpPy$rBhZvyFIRs_ElAFMHTo4ZZuE_g$Nfrnk=
IClientNetwork
processorArchitecture="*"
#=q0myQQ6i89t9SZyjYDXZrBLa9ljWEUD7zAwJyyFZowQc=
#=qKY90T141DaVDQT0DHaMEr8C6aPEoolamkqMM94Ir$TE=
#=qM_mpCWjOCBlruGH_QcTQHocD7LUJCLuKe8ntf2VtQlk=
IsNullOrEmpty
#=qD3hoTFeBJT$SvX_fQh_aIw==
#=qs202XG_JxpBwpKhptOZhRA==
#=qJMNT6BwQKSi707UHw9_x7oci6egKjto_AgHYlITH34c=
#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8
GetConstructors
#=qVl3h61LTPSW_ew_st_OlTAm7x_6Xu4hQK$pi2fSiEIs=
#=qSpdFO0arrQmbwA1JpPKL4TCAmwZYVDNVmpRQ6ryTPgs=
Contains
ThreadStaticAttribute
#=qEhveuZChxbRj66Cj2kCGjw==
#=qIe49uN8SyHwjwKdv9N2r$A==
get_Assembly
GetHashCode
#=qA4f0kKyGXTRnU4z03oji_RIPyVnvoC_BRjpESDLHXqY=
#=qL_Q_RdUm_wJ7VeVwUqRXbA==
DESCryptoServiceProvider
#=q5WjY_m3ubVFfbJuyu7GMxA==
#=qrJaovDbn6146mBrhFbUMbw==
MemoryStream
#=qhA4OqIvVSMpJakxtoytoCw==
#=qTYemjRfvVDuBO5lrz3Aq6g==
#=q35mMBfMcRRKrjeZsPOCz3A==
SecurityIdentifier
#=q65znFg0_234nfnhL4I8yRSIMDpdjAosbzeDfyRZVW08=
#=q_5hmJXim2EG1abw3Kju8nMffXDIbl5na4zXqclsRK_s=
#=qAzhW8LcEnUCELlhG4klMCnw00GcHco1N61RthSA9zQU=
#=qjcSlrUNMLgvZWN$58FXdrl22$0OjCpoqksNsslRtIFE=
set_Visible
#=qmLTtz8OEDrkzFTzYkI_Dg1dvKwiGw9blNcZSU_QqMsg=
#=qi3LnKomYQ5KrkAbxbJpKCg==
#=qjAD5jc_8Kg9x$NoAqFAvpA==
Application
RemoveValue
<!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node-->
#=qNn8WS2rooUJUoMsG84mQ7PkK4IQF8$E42cyDjfL7Kqc=
IsInRole
-,& ~(
s%dEUK
#=q6TsObh1LqPbvVPPz_YjbtgEdyXL$082jRqG42$db3nw=
#=qq2h0VNJ4eWuHP5LphH0mpA==
#=qGWcF1$SkVAOkK9Bjc82XDg==
GetManifestResourceStream
If you want to change the Windows User Account Control level replace the
set_UseShellExecute
get_X
ffeeffefehah
FdlvK
CompressionMode
#=qkzr_P52_BAWJXliKWvb8Z6oiWEishcUAemTNzwiiwkk=
#=qhYMTmNdkO7UsEcfduWinsQ==
get_Value
add_AssemblyResolve
#=qee1h2XwRBJvy2g__X40enQ==
#=qFNeaOBvMHuebCbgh$0IKkw==
#=q$jOt_Qd3idEY2i2z8zIong==
#=qoStPOR6UymX3IGbwW$iFxA==
#=qkxH2pC1tIcRyW8E4TCtfHw==
#=qecBuZmXKFD$jZa5T0d0L1w==
#=qwrVB2mw7gzmYRanSJvSoPg==
SymmetricAlgorithm
.cctor
#=qGGQk9IvbDfVOJG_jRDHqOA==
GetParameters
#=qhSKaq9YW4A_ja0UC7Difmw==
#=qr1BSJWWt4_gjKhDM1XdrUmEEDWmH$7z1xaJvthJ97EQ=
#=q0yJsLo0aFpSu9ky8R9f$lw==
#=qbbzTfwYbEfmovMRrVY462ipA8X_tt3oO3M_wSSE0I_A=
OpenRead
EventHandler`1
CommonAcl
System.Collections
#=qW1UvUJT2hH$HRJ6kt_DhXQ==
#=q3VDCpnvucWhkt3J6zytXBA==
#=qo8wG17V6QHcxsU4R0xmY_Q==
#=qjVLlQtRAzKVOtyLrw5PhiGVVmXqMJJOsTT5DxaenWCY=
#=q6FX$JRP_bY_ZCQbx1UwWug==
#=q7_KHECinDx5vq1IBX7p8Ow==
#=qK5Mf9uxDCjwDRfyJQ6kp8A==
#=qx4AWw22LafncEy7CESjbGQ==
#=q1Ld$ycQpy0q1QvYRFk1k5lwgysKVR2tJyNFjakVtbYY=
$72526e69-b989-477f-bfc2-ee79adbb38d5
#=qVVQJ$z9bl7kHgfvJohZnMPofzhiFJ4f4yMGK7Tpp6xg=
#=qFWLbBQgFiIpy22HFbhF9GQ==
#=qmvGJ0E7$XHigSQAtHtZ6z$on2iAwFLBiFtrUR$DFhQPAtVI2LIgzNztIgPvlO9K$
#=ql4R4vy5H067cy2C3KkF7Mg==
DefaultMemberAttribute
#=qGgXamaT7IeK3DM0oRfGI7LZg7FrEWNz8CI_5MUlFEJw=
#=qo_N0HkUaMUQFRCOsgr2ciQEl_IzgJy64oQzCRnN$Qy4=
/.ffefefeeffe
#=qFBEI0HItLMNpyOY0AgRxSg==
KeepAlive
#=q$E54nUJeqC5jURP4oCRU9g==
#=qMMkhBs_8vtf4989qCM6TUw==
#=qUzL7S_0eXIkbwTon4AS_WA==
Restart
#=q9VIijSO53lpTS2jV37$Suw==
IAsyncResult
#=qxHMqkcY5ri8Rsxs7KCJ8ww==
#=qv1Nmoo$HMwdd1A0cX75UdA==
note!
TextWriter
#=q4rZJEBSRFNm6PYOH7NOLUg==
#=qZbWC$V5YeersjeRitYkSUw==
GetDetails
#=q1t2S$ib6pQFvBWAJfG9B1Q==
set_WorkingDirectory
GuidAttribute
#=qrEy8UTPh_zjKUNPlgJ2H5vQaVxSgPloAxSMCkFttuk8=
AssemblyTrademarkAttribute
#=qUlcwHJCewxIUk2tiKMDjXYc$Hb1k7TCZCyGdm6C93UA=
#=qy2xCoaL3Dm6E0MYt7i8x7A==
DateTime
#=qh9KSqT0kHBFSDanZ7gXkKb1vdDfzZS3JIRcUnMfcljE=
#=q5uvtKo7rLfT5wGY5TBS4ixmbpGEL_B71rwbORlBpBKA=
#=qqn0Pbku3c3j14idd7rNOJmIbi4WueHDQGNjxpToWe9w=
#=qfGQBFs$OKLefNYKSta_Lbw==
#=qYQagvH1k4NeWsCidwFRb$sQTZXPGouROQfmoImiPGDo=
<!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->
get_Version
#=qCI9CHxEGVm3HnYdn52IpdQ==
GetDirectoryName
Thread
#=qruARjy_8oZkz3lsHPGxBMA==
#=q_ux9H7Sh7a2A98b6QB8m4w==
GetAddressBytes
Directory
#=qgbI51haY38WJ4NumXDqnLC_uKv$aRHAyD63c9HgGYzlsFjikAASqT8RCSswEMouz
IClientData
000004b0
#=qrcOHnfaYxPMN2$QaNhNmcA==
#=q6zjWArzQ8Jv_1waqxSeP8A==
#=qWFEttW6Y2i$LC7_zLCNdFCiHtPH1yR98w7TbmrS4vUE=
#=qP05CRmbt2pJg10eRU50wu1vx$mfteEn$pCn9SEbehP8=
SendAsync
#=qaSWqhswYp72H_CatHelXxw==
HideModuleNameAttribute
#=qrXs2l$bWJlHMZLHncLNYyw==
#=qeAiPMWOD6_wvQ4$bYsFv9GLgsem$trQFsnkw3WN9igk=
GenericAce
#=qs77tphQ2NXlLwCZkimhHsowpXGqSYmOGtKiGHHIs4aA=
CommonAce
#=q8FSwXWaEOgeGW7OlBosSfg==
FormClosingEventArgs
-\&(#
#=qY9NY2gigPsj8X4CYx0UCT2vGlqkgsq6GuC2fWqP3Voc=
#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=
set_AutoFlush
Exception
InvalidOperationException
#=q9DR9MBj4z9rQMPU2Q48EqjtFhU8AMGWHK02_s7IakJ8=
get_UserName
#=qJ8bMKCzzllPDbJIfPSoGMA==
#=q$fGRvwQxjFKeY$SH10p0pyPTU$R77VMKr3CcLFQeQ2Y=
GetBytes
#=qGzqsy60d_qAVRip0TvyGow==
NanoCore Client
#=q95w9MpaG4ZcgkGgnmQITOdHr5IaLXD8aC6o3EqtE0PQ=
ToUInt32
BitConverter
set_Position
#=qAk5SEnvr6iWKzWTaOapTEA_BFwuNkz68xuZLTnuQOh4=
#=qREZQml1AE$F8eb3teEaUmQ==
GetFolderPath
GetTypeFromHandle
#=qOR7qPTYp9qHTyadzUKgUYg==
#=qxH0vEx09STdEljqb$W1E7jvc94T2TeZBAEeRdiG1_PA=
EventArgs
#=qamR76KZ1klLpv5s7oSbjxA==
#=qJBJs_Q6YmbNTnGoWFx0s8w==
get_Current
#=qtxap8xCUFH7z14nNy3cjjw==
FileMode
#=qlzCbqLxFuzycCPDZStFfAA==
#=qd5f1i4cDO3tAO_bEb7g1cw==
#=qfHad4tglpNfnMqZ6nFkPPA==
#=qZRkZQGrnZUWoFBVE_TP$5Q==
#=qS8q1FyJsn2_ukKh5ONBATg==
#=qA$TQXn2i$KwpdqxTX6vvVw==
#=qEIGjjvppBA3BShbdBfMkQQ==
#=qOKSmYE47P2z$UXqGETlnfg==
#=qbMe5UnnXEF8aurHaZz6klA==
#=qDH4GuNn5iW6RFhEPrfs$pQ==
#=qJdNCQZ8JQCfthL12ut8Zgnr9$rl3CuJQ4GAn54E6CXs=
#=qAsxHG9v$MAI6$NruMbxEjA==
#=qk$cpdn6seqbcKjxGnztc4w==
set_RemoteEndPoint
#=q5hEV9yBEvglIR94FFM9OBszK4aiazrmJrQshba2kpDY=
#=qcCYGLZOh9EpzU$sjJG8ZyQ==
#=q79YE7jk$t8I7uIUVykHcVA==
#=qF7qP$SJNVn6Q0z6ARFaJgM2aiYbkFhrfYn4Rl6Odj3I=
lWKhz2
#=qQtwc_i6uv63Hs$aOrPLxrMU9lMXbhRW79NANZrRxozw=
TransformFinalBlock
#=qDt_4RPbN$YmUyKsVRrbzrjU6uaXWwjHkaZoJAcuFCCs=
#=qP42Tluk0y5t5VrN_nwVhnaX9baaRq2NaLaW6RMHNX_k=
#=qrSKFiRrFo6$kUL7kjfG3zg==
CompareString
#=qdwmMObmoGgv5eEpelZDrHiipw5mUgryufdcXXig375Q=
get_UtcNow
#=qmiBgFZvSMQ4WgT0UQIJlEGkYZhWP0gsBGd1anIAH4so=
#=qKKJCW_KTAsIH3uNlP3Z4Tg==
Equals
#=qDwymJFr9Z$8uhJ6g7so5xw==
#=qWrm21vQ8CBMZP_RBTwpusA==
#=qABNlGFDc7nOg_C39swAcLA==
#=qTMXjZFh8G1ehMXQzo1c_k7izR$ZNvDyCJY5aoZ0yOe8=
#=qwHAjqAoc2lT8vaebbsWerg==
#=qyI9vgsKRXHDyyks4VCAjzA==
#=qLLh1749MqIyRucx6BFMp7Q==
G3feffefefe
#=qObBSq08BLhHK8B6pYQSLOw==
#=q3p_D2U81K1hW2D54P32yDw==
_Lambda$__8
#=q62cZqzG2QOltpyG5v7exPQ==
[SZB+T*
#=qiNB6YyqAJbx2uPAiP1Ihw9dTNEtwaZElmpYLZcGO64Q=
#=qtcl57G6kPr7DDYeWeY389w==
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>-->
#=qQ7tSKwAULKz8TSFsLbtapA==
#=qOmCJCQ4xVqqqlvNEZD66Wg==
#=qTawRDksY2KFvY5V2vw1_pA==
get_RemoteEndPoint
#=qiJXCsKWBF9DB88uzW4b92A==
#=qo8RCFr_ecPE9NSA5cyD6QQ==
#=qQUdl15sQ0xTV$45YaAtVB9Bx2NeRc0CC_5Lr_HuNXwU=
System.Security.Cryptography
#=qw42CdKVHw2dycv8VU7DItg==
GetValue
Enqueue
#=qeADSRAqxC2FlJbA5Uc5$2A==
#=qVqTMYHwCmwUHM6kkpNkbGw==
YV= J
#=qwGYG3$xqr6oMjxRyF4i0Uw==
get_Count
#=qRtpaHvp1hQcEDS$UubP_mA==
#=q1r$Sd9Acbw6KsKv_F9uYTPvvGAfiEwUnai9OGYAUQBg=
#=qL2Az2fdQv6DkEBC_x$bbMA==
ProjectData
#=qWszclzYrfU2ikD2Jo7BLiQ==
#=qcfHq18AlWjOy12tBCM8Tbw==
ValueType
#=qaysgaPdcuRrUvev6__tYEA==
EnterDebugMode
ResolveEventArgs
#=qokX_wSaMFvPLXvDQY377gw==
Delegate
Interlocked
#=qs1aB65G6$bPi1$cdOrXkCA==
<dependentAssembly>
#=qFWCMyHOrl7QbIPkMYdiWJg==
#=qM4zv780c6Jc3GVu15xhaulIEjuiWD$RKEtosugOXKLA=
#=qnDLRD4lBlfyGeJyuSeq2WA==
-/&~J
#=qd92UVUgmlXoQZdJDkVvBpfqQ5IrxjaeWORyWFC422PQ=
NanoCore.ClientPlugin
#=qYCS3QLrXk$FWhHR$BIzDXQ==
#=qJOtLSdKNdNGjNNoElacScY2TTWmLUvN6XZsl_FLfP4o=
get_SocketError
#=qOgNXWEIS3IQJCnff_sTmrA==
#=qHdV5wMNiXS49lDrqJF3pqA==
WrapNonExceptionThrows
GetType
set_Key
#=q3C4Iol1nMl5AFLWNdE6nxB2_kG0uXzx35vvsn$gQzt8=
#=qdiuHngY4wejUsgFY5u7CtQ==
SocketAsyncOperation
fefefeffeefa
#=qDTvHA26pSwiGBDknUzewBVNt3YGW7YeSiQRH8F$_CMA=
feffefefe_-
Version
#=qpSjmalSIZ6iBUAWRLBOkQ5sPqtZAetb$LjkOVwAdUac=
#=qD_C1_4vUU8j6eQSUvsJDw_O6DZliNi$NDCaON05RwdmBpVqAu68W00hmx80mCKp6
KeyValuePair`2
#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=
#=q3eIsVMg85$T5I_yeach_tN$TJG7$vFUaeExZx7tMHps=
#=qxLboOdsVFLmyLD939$tUsnUMYRMeFnzOLiWxQdY7sdc=
#=qSl7F7iXGTH9iNXHds05fxcgA7Cydd52A6vZtHH_41F4=
#=qCy_StxaanQioOSGQ9LimCF9_Wy9AMBNKclrIIUI0AWs=
#=qUomzGDQTZY7jASgBmW35Fw==
#=q7Kx5VWqZvUxLZ2L5c7WH8A==
ntdll.dll
feffeeffeef
#=qc46h_4WA5z0UkWODs1nwXg==
#=qB8Wn1MJrSNWupWDx0sYcAQ==
/>
Mutex
#=qHtBOSXbLfhirIdzL218uOQ==
ClientPlugin
#=qeXI2ChPq1TaKaY8cTwWe4uWAyXSGUqAWxM21uH$6gYc=
9feffeeffefe
ReadSByte
#=qo734_kbse$6lTIlwlz6A8A==
#=qhnLoeDP_EbzJexQQPp_LLA==
#=qnDc3CmkCB1QeN2dXbmqV1Q==
<assemblyIdentity
DebuggerHiddenAttribute
#=qfoMVJHfk0BnMs4x6mHO77Q==
afeffeefef
#=qWsrg06gTzsE5hhHu57fJFw==
#=q$6Q_u19FhL$wNOun9AB$CQ==
#=qW1Ty88cS3yMuRwgBrH3qpw==
#=qGPdnFVTlqnS4tiFpuQulXa$2eC7Pe6YqVeImkUGsMl0=
#=qXOmEbR_8DUzPz6sW4Kmd6kaKUIQOYZdTpvq2CkB17PTlG1zEUgI_P4skJXU2VwtO
ArgumentOutOfRangeException
#=q6uKQziMZIL8_PaX2KpbPTA==
#=qvz1sVA0ePAgs1nzIHQTFVtjljpeJ1QO1S19vLxn8DMU=
GetName
ThreadPool
#=qOYQA1S8VHR$mOO6XXuyF9Q==
Control
#=qsB4PatedVyMOyo9s5n1OTA==
#=qi_z83UuaQZa6UsXCAahbTQ==
#=qQqZpewiWxGMAW$tQ9Rz23Q==
My.MyProject.Forms
#=qZvjD49iuetyLKBIiF$ZmjA==
language="*"
EventHandler
StringBuilder
get_FullName
&&*}c
#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA
#=qw1t7iX7Q4P$CBQxdhg13BQ==
#=qrQRxQdT4MC1qfwOd4n14uA==
#=qa3EpMqO3KVCTrDUnetWt6fRbeWox1uN3vfSP5v_W_wc=
#=quebj1wBCmruzAKmg6Y4Igg==
#=qhme1CFqs_evb4VXik7N4x7lNdqSfuNy3r3OUWZ1V4Zk=
#=qKpwDTqgBVuprqflj1$7QZw==
#=q2Xp4jW9C8Ta21HxmpVVhKkrHyOAsktLziyvL$pPr$5o=
#=qCaHpjtavBmCU_o5x0kJsKA==
#=qxG1wJpkOHyc4AD8gtAdxAA==
-<&~C
#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=
#=qui$hq6ka6v3VYA7sCjpJmcmNECKESf33DUzrmeSOmg8_E_GsgWi7VMMVWUGuO5wH
SearchOption
ClosePipe
#=qb0tmyILenEyH_R9DXJFwB5rGNfkKkR0Y5sGtBRsV3YE=
IClientNetworkHost
#=q9Dmi1iXzL1JAj2RiS$Q5mw==
,$&s:
Microsoft.Win32
#=qqRc2eOIidDtWq4y7W2lAhSyv$pBRJdAsYlXSRUcwizw=
#=qvbTNBihG2zARsewkRIFTSQ==
#=qWLKNBubktRcyu8vI4dIAJNOqajvyL7NccmUEC4QD9y8=
#=qHiBdWLOLLVg67b8lN8FRqgmYNWZfcDieu2MH9_zIY6Q=
#=qOsu3u3mLIa8ikCCuCoOv_w==
#=qs0qPjhSgxy3k5gj_gt12EQ==
Component
#=qcrlhteALkcfYnKFH$UWw$HzZqj8gdN8_KwUKIC_ywUo=
#=qXuSOL4ETByiwdARI_Ds0Cg==
ReadAllText
#=qUVvjDZc2eypEDWG9cFZdTg==
#=qP6OAxyfxw$Mj0oVKCDnh2VZfwY2Ap_uDBmUyxkn98Eo=
#=qsOMWyP3LvE9$utIXVnRnmQ==
FileAccess
GetCallingAssembly
#=qIOX_rwHrS_RLFL2igzRsUQ==
#=qKXWwuvxG9klNObPbc$UF0LIw0aZIk7Z0VPIncl8uFJQ=
#=qhv_9OQaSyr5PWElvgkBxFw==
get_Variables
#=q_UogavoS8ANyZp2cF0B9t7qG1b3QUqGTYeTlmQIKxqY=
#=qU_UZ3uhfwWgI9uBw5HT3xA==
#=qbFnmVfulgLVjclcqmmhqFw==
#=qccx4d_xNMPrZUHpmyYb7fIKkXAFa5XEyOIxXg$XLtBw=
#=q9WHClFSp7T8oS_DNFEbAHQ==
GeneratedCodeAttribute
#=qIKJSaaKraxRzi3AD57FKg9MQkSdmOqUcHNxKjSZFGkg=
#=qixBu4j6Hm11f3$mLrzkCcE4AVWtWeNn5nQguwdGbWGg=
SffeeffefeYa*&+
get_ExitCode
set_WindowStyle
#=qRkk_hj7p4gbUu59IVllqeQ==
op_Subtraction
#=qy1cXcK8A6uRpLlCz7UKkNw==
#=q_kGyEn8KrmBmt5M1N9cUSg==
#=qSJAMGBE37IZjr90jS4_MYNWNa1$s8PXhOErbnAhK_ZI=
1.2.2.0
#=q$7KUBFuOZT85iBmKYeGgXQ==
#=qFU5Nq8bBPIPoBGBl$k8ehEhmgSoFzsflrFNnOQsCK6E=
ToLongDateString
#=qpNR_LpdLu_eSOZVgxbr8UFRlKjbiBX7LOuGAbGS07mXUJI3AAilu14uPN_kfaTpW
#=q1vWrLhskrN4OoWzxKuDDSQ==
Increment
QueueUserWorkItem
#=qyo6slTMfgD8IrZ7nr6inHA==
#=qz5nGZygXT2sWR5FWGAcAzA==
-4&{c
CloseHandle
get_DiscretionaryAcl
#=qyMcWoZuG7jRWeztMnp6fPmxxmqfVgP7DLzGs7HeF4Mo=
#=qDJ0VTVPWfAWYghKX_DdnsQ==
#=qSh9$w8INPkos7acCjV2yFw==
#=q99eEsMLSp2$EVfl66Ua2d1YMqB58RPj30lLgJzJJ64o=
System.Diagnostics
#=q8xbuK7pqyq7mWB67vviBtOo1WSCccuR7xEQnGnyxMyQ=
#=qtS81hD$ORACBvdEkFyqaXA==
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
#=qxG$Aklpbf6gyBfAqTMmORA==
#=qqj4vWwKBJgvjF_JTc8V9cQ==
SetProjectError
get_AddressFamily
set_LingerState
#=q02vg4rlYSKrSiDNi4xWbtg==
#=q44BQlEuOnjFd0LbnzKKIIg==
:hu'a
CLSCompliantAttribute
#=qy7SaTx6mT2Pix1CP6ET1Hw==
#=qyU_gXk4hv73zg3zoSZSLhQ==
ReadDecimal
ffeeffefeXa*&+
#=qpXMe_UDgWsOaRVi$02jxzg==
#=qM9NIml9iDZh$Fjh9MocFWw==
#=qVqLFp2u1the0Txg1vhieSw==
-&&s9
#=qmzYu_D9f4dvUPauEaU7zvyNjCyGp_73Xn5SffrcfQAU=
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
Encoding
#=qZDHx38VzWszDP$NdqQpGo3ak_Z$zbLpODJse1_Sr2hk=
StringFileInfo
Dequeue
#=qi6IJz6lHhd8GI6qygHcvTxSTD2wk_BSYwC2NR2eR0yg=
#=qaPkEKJmdD7BgG18R0WsnHA==
#=qbYAYBaHwcEbf1CaxjAi1bw==
#=qGjp0Vb6efONwANkcKrMTkIBxJvr9AleFfJriudyTw3c=
#=qpghRvZG4ZfcsmvAYC$o8qN0WjB387Pn9cG$Y9HJ3uwU=
BinaryReader
#=qbmVTgf9cRSZkM_UgFSJrlQ==
#=q3rtw1eBB$yyPLXzQW$mDOw==
#=qD4n8L4W9wQXrF7w_31K9bjmy3jeB41mSJJrYkh6lpiE=
GetCurrent
#=qdObzsTSX0MpvDi$OPjsFh219oh6Iw7DshgNWGveAvBQ=
ConsoleApplicationBase
#=qRIR1iTmdtHs$eBwEdoKphw==
#=qth3CIdKay4zIa5SBJzx7eA==
#=qglhcKpwNlOshaHMfwiT0UA==
PipeExists
#=qFgBBonKcV6U3Je0BKZZdAZdyEla0MkDel5SRrEzLUvs=
#=qwTOYF_qEkI0dXowKJYtI6A==
#=qeE3S$kdx9R0s10U9GzzcFw==
OriginalFilename
#=qNZVIIdU4QECigaum94nwLctVkDSuRt$X4_IjuFpWVuY=
#=qRACckQ0ejzlKZgeXX_CPJUyKbl7Zu7QfhWW6eMM03VPusMYB8LREfJZQVcTGHBm_
#=qIrsTmpVUMRgxokIHlpGfmLtKeqxo7vQsjSkKUKFpH4k=
#=qt0$GxMKBUHqpa$X5z4IJNA==
#=qEVnoj7wKonGmgnYpK7PNGg==
#=qtz1ayBjdbHAw$ecbWtEnYJXs5RBd798kqoBvIJunFxc=
#=q0M0RRypoNIjajWAugf6WjbxM$GiKS9VjK_mg6sI0TI8=
ClientLoaderForm
#=qqMkZyGiL$PHkYblZrq1S69029tlEdPXkxbM_smmrcRU=
System.Runtime.InteropServices
#=qAlVTP0_ZXWJdoW5RI3VoXQ==
#=q_$06eDx4N3eSJzkchUhbnjKtHnRsckM7I4ZqcwfQO8E=
<?xml version="1.0" encoding="utf-8"?>
#=q_jQLaNdtSDa6ovA0VGw50w==
#=qyNgKOA3iTYvKx8QtBmkDXA==
get_StackTrace
#=q9lvTmS27dN6FAh4mbOnRsQ==
Computer
AceQualifier
#=qdupfYLPCEHNi$xwR52i0Lw==
#=qhRDMBTieg0MID1DJ88eKUA==
#=qj8dHXOkfX1HmIFktLFgFBNrpDhCGGJk0RPJopDOaBy0=
DisableProtection
#=qyGoc_ssbL9RdagmvuBld1Q==
fefefeffe
#=qMoRe_p4fasg7BcMJcnicWw==
#=qsx3W$FQbKM7QI$Z1TXWW5A==
#=qO4hvdkAW0_yOcwEk_VD$lw==
#=qaxeBDkuvv4PncQ$UM0p8ag==
NanoCore.ClientPluginHost
#=qy_aVo5ze7CCnCYXCQvhVBg==
RegQueryValueEx
#=qaRJX6K2L3xhR1w3zuwE79w==
Enter
TargetInvocationException
#=qbNq0eOj9Pw66KrsrDd4qnA==
#=qOTqiIHVN4TWDu4_xhgbifQ==
-)&oN
-7& E
#=qZuX180bPJwK7MhIsqenk34Le3ZCQFFLgmBb4sMlYIpg=
#=q1kCP32T3CbXwL6JS3UekkltOicB4KjO4W45iMQoNvNk=
#=qi1H2yZDbCxvPo0ia9nVnuw==
mscoree.dll
AssemblyName
#=qnOTCmwQWr6BtiNf9ta8BJg==
#=qOWs9MBREWujnaIdYgAI1lg==
DnsRecord
#=qjryTBW16mUfo_ItH9KWoGQ==
sUjT[
#=qSoHRCAcaypsR55EueXBy1g==
#=q0FQ_PiagXHm_B8aG8Ji9Dw==
Compare
#=qRHdMxv5xMrip5nI3eHU3Y52nJ9DhG_ImQVoJh$ooupk=
FormClosingEventHandler
Operators
ReadInt64
#=qNsyg$dsR$GJkSvK2TftGTNPuC8S809j_UmmfNnXTTOo=
psapi.dll
#=q6odj$nz79NlWTFUK6$Vbrw==
#=qzjreg8z0D4BPrx4RxUJBoQ==
BeginInvoke
#=qj9swjNLNpEBN8mkOlVmrOw==
|txmy
#=qRpw30Lh0nfhDryqjhyjikg==
#=q2l$b42bR_hlbzUjQTk6vFw==
#=qWBzgr2CJEoV4DPIbUzdZZA==
#=qWsAxoahmYzeECOO4WB9kTg==
MessageBoxOptions
#=qF4e058OW__NtTzhWOs1UXEJiHrTSwnIZ3q2u9UaLbo49AZaoog8nMfoDeA9BGVvy
get_Connected
System.Runtime.CompilerServices
#=qDJ8UKTQIGM$_7XkvuUdssA==
#=qkbMW3ViV2G4xkJU4KS4XYUwKzC$oNmhjZ49L9c8BrOM=
#=qCPeeDj1tZ3_XePWJJx7FTlBzWHbtSGvCe1Je6nRznW0=
wwwwww
#=q8fYxP$_i6Xk0$6OlSwUHKcvhrevHxLXqXqvszBe9OtM=
Exists
#=q9c$dxNln4J1nxxC7UNVnfSKvSgKS421$zTS6z9ahlusddEno_MZclU7Qbfc$Fyw5
#=qa6Qg4SaIgpIknX0EmOdEQg==
#=qSLl9utb6ViD7fbZHSox8oSv7PZDBMO5b6MBr_gzzHF8=
#=q7wyeNFqtiGUhQt6sicod9g==
#=q4P1tyVDbmSIMgskx0BrPh5ZxjoQy0earrulDSsNhpg8=
#=q4fCxMFfzJ9KgfK61DJRvZ5wDvDfYnqR8bhY6TGq9aRk=
GetFileNameWithoutExtension
.text
#=qg61MaViIt3ErBjuA0N9Xrw==
NanoCore
+# S&
#=q2JCFpXLqGkqf10Rox8zrAg==
#=q3_2_t217j7pS3JjemZNI07w3dukMmHXPSE5$LTnvGS8=
#=qN$clRL1tbKGnARF7__FwJg==
#=qoa807UEkAFejsz9ub3crU9Uahxxj5JIyAtKhnrEn$dU=
IDisposable
#=q6W8MK4LKkww2JvseikWqeA==
SetThreadExecutionState
FileDescription
#=qQCd2OoCcjOFxsuzhZKv2M7$UnAX8JX19NdffDxgtv3I=
WriteLine
#=qZnbTkU5kDU8O8$hMGiNZlQ==
$#%#&#'&98:8;8<8=8>8?8@8A8B8C8
#=q4kUEXPi93MnvgzV6ySNPRQ==
<!-- UAC Manifest Options
#=qeAvM9D2ZXEFg7Zo1J5PeVA==
Connected
ThreadExceptionEventHandler
#=qqsKAc3v0igxVSmn4Feg8q$1tNTWiqtCBpA_xMlgU$f8=
#=qtkqHWk1kvmO5zt3tTCyF2Q==
CurrentUser
#=q3vPs064Rj1jBOLtFVqV4DA==
#=qYfWGXuhZd0cmWjiCvW2EPw==
_Lambda$__7
Initialize
#=qTKJrybVS3pgV4uZ4KNtp3g==
-,&~~
#=qxybSLhWq6EDNDl0$FuPN8g==
#=qGfiJ4oSCDzJJaNmf22anQw==
#=q5esm6BVWqrzEai7Zgw0cmQ==
advapi32.dll
#=qKXbEtqEIo3E2xdYWIElxIQ==
set_ShowInTaskbar
get_Exists
DiscretionaryAcl
&&*}n
MD5CryptoServiceProvider
#=qiO2giJomMFK1wa5$389nVw==
System.Windows.Forms.Form
TimeSpan
#=qe99VPFgyNENK$KtARK_iPuwvOEw_NRgC00PdG55dmGA=
#GUID
#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=
#=qsY8nKQa1iMT2g$sVoLy8u9jrLGP9DMATpaFjFx3wjNU=
#=qR0v_DeAkzbUr6_Md5tN4PQ==
BuilderSettings
IndexOf
#=qovc0J7K6b9Eq_C0K46rbmg==
#=qoT5qP9FYCI8F5V3gKO7eMg==
#=qzzNUaijPluPyLfyxwDObxw==
MessageBoxIcon
StandardModuleAttribute
Rfc2898DeriveBytes
#=qgAKbtXqj_idozuy66wPGJA==
ReadBoolean
#=qlsj4Kl0M6SYgZMJLZ$QkSw==
#=qFikK0kKzvE4fvbzxpsrllMMR8oLIJtNPAGP1lZZ4prs=
#=qP_nucp5xdFjeAVWRfZ2XfmvYhkwWbeeu3y2fkxvS0yA=
Enumerator
_Lambda$__1
#=qPjPHWXGbaA$51Cna2ZaMpQ==
System.Net
add_Shown
#=qC6KOBEMWwIsQr_847d$S8A==
#=q7YEFsRA19ZrxKTBeL$y0fg==
#=qlFQRS6FW1ex39P1F_VW7Eg==
#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=
#=qXkgpfghvTKDZGlXBGI4x9veQO4JfjF7GW2ECw9$L3EvyKZGOnziwXE2Xr1EkpRwe
Microsoft.VisualBasic.CompilerServices
GetTypes
PtrToStructure
OpenSubKey
#=qwVGSEK8LoRuNWEOYfq8$hq39mmxHzM3pIeoRef7XNt8=
#=q_WoKv7McWxMc2YtmbiVaCw==
dnsapi.dll
#=qVIikDYmLtr_O$2vZcqLhHA==
UnhandledException
#=qonMVJIv_P7bZ29oJ_eSSxA==
#=qChHxg92yH05lHO0u7UrDcPo$UK1nFXIjb2DI3pyR0FE=
TransformBlock
#=qRYSdRGBC6LM4UFJJGQnk7A==
IPEndPoint
RawAcl
#=qNzt$mJakh1Nxv4vDRDjTsa1OVDKMAlRCO__qncxMoXRz8jNE7AWvE0B4WIqANR1p
#=qFlfDskRbjMOXZPvSw2W2UA==
#=qK4wGebauvtmTKO0oAyLFzHLhr9rU3HNJmU_ur7Zop$YvLzV4HzmIQ45YslW_q1Vc
#=qP3lBpu0cs5q3Lf$qXSL7q6szA7E5M9NqMzkAFV6l4CI=
Close
#=qh7diH14jww3Fm9rMJ_jIfQ==
System.ComponentModel
#=qGS6wNk5u54YEpqtjtMFIpQ==
PADPADP
#=qHtuZg55b91a614FmHMsOMQ==
wwwwwwwwwwwwww
#=qp9IgcHwNxIVh4GZl4S2tcJtSz0NII67aXwFNDcdhP63JHe9MNg0kPsAos3IUd98k
get_TotalMilliseconds
get_LocalEndPoint
#=qhbsl5nSqHjmKK5u9FniHoA==
#=qM040QWzx1oySCgUyYWc9zA==
;6$)S>
#=qUvO$SDWQpHm3uJq25yzwvw==
#=q0EPYqANhk$fGDlTztPFu2jRCdUruoFdUMwStI_GHseI=
#=qnIGrpAn2e$qTqbA22$ONbQ==
#=qcyVktfYxc51I1XopnwGNjQ==
#=qRCCuvWFd9_O8CfEZhkJtSA==
#=q37jfceDpvm0BhKQMkpktNw==
#=qd3Itd1ELDPHJxhLvt0y1NQ==
#=q2Sd$5fx_doPt8h$UdBacAA==
#=qdsDfPo0zxdY$R7euM0a_vw==
#=q0uUZuMiILVbPeB$t7lx1a0Is1IW4CfkB9ovgW99kERQ=
get_OSVersion
#=qQrBlfreeUYUGyN3hPOorGA==
!This program cannot be run in DOS mode.
#=qChXzjuiVYrb8OlqJPajoUA==
ProtocolType
#=qnoPzE9XMA8S7X5JX6ycJ7w==
#=qOicuy1VnndMMXIrDqqx3EA==
#=qCeF2tfSXulrE0bbyPxU$1ik7Jf3avSO4FKBmKNH9QLg=
ToInt32
#=qHJMw55fNEVIiKcc4ry0o7_L9hyz3vS4jgKl3KMX8xGg=
_Lambda$__6
RuntimeMethodHandle
Buffer
RuntimeCompatibilityAttribute
#=qPgHNba2TbLgSqrCvG0e5Uw==
#=qcDfNIFv7M2KbeeK2ufHf3w==
#=qxYJIjuXFTjRvt41we4akdH1WN2nLMpesVOXXsYuSrHM=
#=qtDC6IoLr5pnMo1d9qdAc2TBOnWqOdlEZHf8Itbl8cJc=
CompilationRelaxationsAttribute
#=qXIsqrB8Mw2TMQ5$s7oRSIQ==
#=qd7RJPnCy4YddvoQeTJhlwA==
#=qquFMi5Wa$w8aN9GGlN4H1Q==
#=qFZLDtLWdUONY4B_gU_jjJi4BgFANcRLPMuWuQINdRLc=
#=qVcF51voQmyGAgyAUz3313w==
#=q7$Vba9f7UkS7OwkHeUGtrn1ymWXBIMnyiJbrBxyOPBM=
feffeefefa
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
CreateInstance
#=qsUsGxFgC$BJaO_$VAtZ1Ug==
#=qsLIORBvLMZm5c5Lb9Cm$GQ==
#=qZhds7a6Pui$KE4m8ht8xuA==
#=qsUdW_kbiEct8_uosknsYUQ==
_Lambda$__9
#=qb8Z0_4AS4r8OSPknVYvDfA==
</security>
Monitor
#=qxO41EOA8VDczxcMMPD9Hv85pbiPnTbukmYyDI5Z6X8A=
#=qrYH2MBQ1J6Wu3hhoHHVW0JQwxTYC8hYBTLbQIYHNBds=
#=qWkPc$uBFgJrhuimjKXkFcw==
#=qs4p7qYamgHyRCYZsTKM03Q==
#=qXyCbQ53pEXrdqhJ6oXoHqg==
#=qo$DZvhC1PKdsChUToY52NA==
#=qGCYL9FviWCrv0prWZC8VfgL34V_6XyB$buFX2LkjbCg=
#=q5$hUSQAZNmEXcUcvGVFJrlqtw6IWJBy6C7LN$kOmTWU=
b`*&+
`%,h}
UInt64
#=qUZMwlqlTBPLi1iscPEnOdMZqp5jDsQ1UK2Kgux$Yn40=
#=qxOFsoGbvlBlUujyS9g3fPQ==
#=q5WXECfTJPQIQ2JoJDGsf9pTFKCPzQGp3$QlyT_g_ZCY=
-2&~}
Stream
#=qNc0O1YGwS4NhcbB7sgpVgg==
#=qlt$K8Ex4tZEPwTl4RuqGMw==
ObjectFlowControl
DnsQuery_A
#=quRXaU$OHlRs_89kacdiUMQ==
#=qb_soGTESOxGbPyWr9RZjig==
#=qqLNJOrQl$9SirTNF5ZKaLA==
RuntimeTypeHandle
#=qZb1TYPPMMY64aTN2MpcGOQ==
#=q9x6KBL_arYpQC$zFf4pEFQ==
IPAddress
HashAlgorithm
#=qBuMzaVqxpYkDVtTnLpbYyjTfZNKm8_4JkuoFHPxOBFo=
System.Security.AccessControl
Z6-yS
#=q1BpeNGUQvsUFoXPmB6q50A==
RestoreProtection
#=qiY1B9yU2oVkPHxhn$y67SFTP8x1Jb0botGqdUGkdpQg=
Timer
Assembly Version
#=qkxzumuLbzy2O2XsBlM3j$g==
#=qvQfNpqhSbw_$p1TB3UFgJA==
#=qDBRodZmvuO0qLafxHA9KMQ==
#=qrWXrfWfqyzD06oY$LsE9ww==
SendToServer
#=qJEtGIBRUjtEusa67yMyqWQ==
#=qVvEn7vdm6JlvG9koG0JUIQ==
WindowsPrincipal
#=qqReemZdhHj1veATVZbU2_Q==
#=qWfwpJtKOXBFXf_1zpmLUrQ==
Collect
#=q5mGK9suCIiUDZgS_YSrSQg==
ReadUInt16
#=qcp_YDS3uDXZMDFWGeFYphA==
MulticastDelegate
#=qP5B75c4g32E_HsewCKc$Ig==
-*&{c
#=q4kB_KjL2oo8adT7lfnt6ew==
#=qPbvCT$UNIh_DPMt5F02Hyw==
#=qKtJTKEkNf2mJVHcZzSW8iQIcsBglzcJJOkX7V_uB55w=
#=q4o4zrrzr7uOw3pySDBOwZtAOdlhvudqcbIbhABkQfe4=
#=qenWi8guqQrvoGB55djo0ka_844yTmViBn5_Fr2X6HAceO7AJErk_Rh7nfkfqtUbq
LockResource
#=q5fG5Wo3pzujuJKotO2WwDQ==
get_BytesTransferred
GetProcessImageFileName
#=qQbsDS5g6rYgVt4AUW_pPJ8MQlCJBs7uyF9EY8OKREmQ=
#=qyYejfncvZCW4q4y4GEV7QqOL4Aox1NSDqQmcpM4TQVA=
#=q0f150kYsIx0s3raR3xq1xQ==
Utils
#=q6ARXRSe2PbSpq5u4_c1Rsw==
#=qpE_mRkS89WMXbQTdLD7bwp4pTt2zrWY_WBF1BLz1fes=
GetEntries
#=qtussAh$DpHFmu7sm9TXJyZsrjeJ6Xm9c2y22v4wQG2s=
StackTrace
#=qc3tkHe_7v$eGA2x6krh72Q==
ClientSettingChanged
Registry
ProcessStartInfo
#=qXzCb60v8h3v0rPCrGf606Q==
#=qvvhgGCgMlZiK63M2bP1Kcg==
#=qpaOobmVTnUS0322VEUTQd53tn4HeMWSoV2XuTUOmp6U=
#=qCQ9vY8iVniiFr_C0wuoMFHQgjJIll0MjoDGXuPo1hYk=
#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q
HostDetails
#=qwWiTcboLi4zF4ycKWLBprqWhuc6ZDNNDjC8OE8DG1$c=
#=qFTBwGADWl13TibdOa5ODk_Y2qcfMGC4lp4rhrZcE84kZNE6dU4EqEk2ZYKuJAWo9
#=qK7tJUw5nsLE_rt2JHgqYI6_vH0s$mFFB1QifRuMCr34=
#=qKwlvi80KuDBelBsvucNuhRsqXRtqCfWqVH1dUPmd6_o=
#=qzI8efPARogp2CZcGB2UtfAz2tJs0A4fM9fKvuTKYqi8=
-!&o/
#=qphSRC1xHjYarc$NSFAVMID1iP8dwbr6BCaxyrkptDP0=
#=qPYtEwg1BZk5tP9KKNl$36tqIdWilqjeWcpWKL2Zxnug=
#=qmTxGiMA05lTEtoPPV6RFOih4DYS0uxrxPO4vA1H2j6U=
#=qRNkKSXdFDcR_p8Jbzx9WJQ==
IClientUIHost
#=qGvpT_A2MS3Oi797y6jojBg==
#=q0xixHwSTS$a9x5dtNZccvebVLuO4euYOepae9m2S64s=
#=qSJci08l8EqyD9KF0joWzSA==
]"Q+a-Y6I
afeffefeeffe
#=qYKspnFhL3rrV8a6zSvXJWA==
#=qzAgp3UwWT0075L6Sh4PfZA==
ReadBlockData
AddMinutes
#=qDJ4yS7fCDfIiEVFkwyEE6G3$$73HwRgy2_eKZUkxaSo=
-"&~k
#=qhE2P2k46jiSSjO86g3nB1MkLGC9_3avDpI7iYbUHr5g=
#=q98hMbgVf4fBR3MKeaM4uQI$YRLQdIr1biYYF5369cW8=
#=q5bws5LlHvLK62TcSJadQTw==
#=qP9qYgJs5_O2GP2pI$ho4ZSa8wQkwNQEBMg8VjNRrUWE=
#=qQkx1bBZns8hPde7$PcvfUl2fAairj6t_H8ve7nJO2s3BIB3t7PXd4ZR9h0JHyxrX
ToArray
#=q9LcncGbDdZaeonfU3943IQ==
#=qhufLjssUmkN_mXHuWOXl8gUDxidnVdWY$tHhp2HS0ic=
#=qJpz_ygP5AiHfhtTxRulSsw==
#=qtNbB44E34Ui_i5yJYQ5ntw==
#=q752iy7NeRDzz3UAYRlXXfQ==
get_MetadataToken
#=qAbQ42UrUbGpmkYA2zun7Tg==
#=qFY80y4KcMQywRNP$ttVIXw==
-->
#=q2LHISsr6oVwPjyrC2AFTD2_CdAouK60pDkoTs0efRSU=
get_Item
UInt16
#=qN6ip4UNq3TKArPG3ZZy$zw==
get_Now
#=qLEtx_37WeiIPQPYSN8vY0qTNiL_L6nA6vkFQwNlcU2Y=
FormWindowState
Delete
ClientUninstalling
#=q6OqJPhANvYfkdc5uh_IKsUbLoI4zVFCxs4fpu7Vxr_U=
affefeeffe
#=q7uQjJN4fKJgs403tXnERFbQ1VWp3FBsMW_1ZAWZtc1g=
#=q_0gCRmXint4znUKVJR_bzg==
#=qBk9t7p9S5R095rOkFdE8GQ==
#=qT9sog7FujhNJZHxxUXVGPg==
#=qYhk_OkZkBWola80M6EUqow==
#=q74AbaKJhduohKQ4YDrC28g==
</dependentAssembly>
#=q2n0wwv9OpsrMrxVUVHoqGw==
#=qVxXNKnhAcArgJoGGYXiyyQ==
#=q8WaW5L3_NY3KPDRN6V9mCI08mHUZbTcARcexWvaAL6A=
String
#=qxe_BfLLMHqYa_KBeLsRfpw==
GetObjectValue
#=qWNtQAckY3EoQ$HeRpEQ9MEcj4oiFXpw6QZThgsGNZIA=
#=qscQJIcBkI9VH8bZTZtABeA==
#=qXULhMbqiur_al62NrjaiXWJ8rme0bKMO8KkV356NZwk=
<generated method>
#=qalo3zYdlWWh$dYSx9JnNrw==
ContainsKey
#=qKaOsg8ghd7KyYDCm3RhDg9KJrf7McwaH92TdOJzSw6s=
#=q60UcvJzzgao2Rv_stV3rQhhxCdm95L1Gb83mKGH1VxQ=
#=qHauijmh2nJ5kHO6fTYBnJFZKkfzkWt5gB4mYS5OLOVc=
#=q2c1dOwAlqEVK063i13$4Vg==
-0&sY
#=qcMb6hxBpdyTwCjvpzaQcC5dS3wbplPqOta7ERz_lMIo=
IEnumerable`1
#=qfLFZgbR_r0GETPSprP6O9w==
#=q3$9MQ9O56ldzMJGDeTdBZw==
ToInt64
#=qkgpjO3I2rdg6Il4nyqzgDw==
#=qSbcOBh8Kf7zb$IciDxPlGw==
#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=
#=qKU0J1fiP8KA33eFK1owekQ==
Console
#=qsR25pLrAgwps$DwdB_BuUbMipiUFFEDkypROuvRRPj4=
#=qKi0KrAcAGUOMcS5S$2tJyg==
#=q5grPwgEurSn6KutVLS5_oPClPR_aCEdSRk5nKP5bDm4=
#=q8VTskDJ5TyHJcDeWmklddw==
#=qbn24Ox5i732BM_T_R4Q3RtK1pEoSIYmxE9Rba9DDKEA=
SizeofResource
#=q2WFu5tRyicebO6UkQga8SbXrngw5YigfLTTVJqQy1qI=
BaseCommand
System.IO.Compression
<!-- If your application is designed to work with Windows 8.1, uncomment the following supportedOS node-->
#=qwSqLSPEuM8lJy4sOeuH92YjPodcLquqdG$OodozwC60=
Transmission
StackFrame
#=q8d8q1KZbTCKTAZreko1Lug==
#=qgW$Sn0ALOASuZcEZHxiZDaj3mNXTljqLa5onSc7M0U0=
get_Key
Intern
PipeCreated
-,&~C
#=q7b0FP8eSMCctHkHIxEb12w==
#=qG5YZbexfSlZk_cwFxKFh4HaY$Krp4rK2HdCH8OIs4EI=
LogClientMessage
#=qEqEPF0jj3sUIryvQNEKKCV9boaHFZuHXMROqSn28L3g=
#=q9iu_XWrg9WTOw3hVDQcP8ZcABJLoMYtAY0HfRbaBN24=
#=qdDrSQoelY6gHzRt_ma5NQg==
add_ThreadException
AssemblyProductAttribute
#=qwBDUI_NSPNLYbPH4gy$3uQ==
#=qsWAbPBa1yptbB97zoAjeSA==
get_Length
#=qc7QknLi4DrEENw9hVJyfaw==
VariableChanged
#=qN76bQl1CQ6EpIJzS4bbSnw==
#=qA32zcbPIWwOaURCE8zDGfw==
#=qqROT7DfncW7strhZvp0iRQ==
FileInfo
ConstructorInfo
#=qqnp3i0xG3gb2LwEmwQLB8NQerATuB2G0aH1k$$26lgk=
Change
get_BinaryLength
#=qbWN2780y2PKcyDt_4uktmA==
DialogResult
#=q6wR5WMLGkL9afTpqmWsw9g==
MessageBoxButtons
Activator
#=q48p8EJcbwRuSJ9efJfzTZ7uyOBVlFQpnFVv30w93EJA=
get_IsEnum
#=qrmavK4kbgFTgX3_IUlEoRw==
#=qoygY$KIlhsLDneTXkJ_L9A==
#=qhPbzHXREadcUSl6d6LhVYw==
#=qVCHxDTr$$bwFMb6i9vBKRZciaa69edA3gsLNOty0RAzCorWRBUh2v0PgySYBEvZ0
#=qgN8fDYnB$J$X9QGGYQsYuvA6BpDT4GE_ca7JiOh661Q=
ffeeffefeefa
#=q6NenfQbzQYLSZe2oYrhKsEGeaR69wF$W7VvfZPx7lyg=
VS_VERSION_INFO
#=qtRuLPG6CownVXpQS2Jma6EmxR$R$u15FKPRjOSzCUIw=
-*& r
#=q6k7flm9GMlPIija7ZH1xJg==
UnhandledExceptionEventArgs
#=qbLBIoIXYNfJl3x9LHqBWNA==
#=q9RHjNFjnLkbqjNKidtUNeAGLmByWXgbKwjLfhcq9NOc=
List`1
AssemblyCopyrightAttribute
#=q0U3u45cUl83Kicjfx0RmVA==
#=q9T406SLBpfhYfDTkCrB28g==
#=qO0bmWYqIZnaB7Udo1OTvUuiP36Q9Z_7hz6URm1Yr1hM=
#=qibDx9sEkAVZroec7HmNu4g==
4System.Web.Services.Protocols.SoapHttpClientProtocol
#=q6V4Kle56uZFNUY$zkrrKJQ==
ToByteArray
ICryptoTransform
#=qzDzg9a$HVGG1G5cdhqbdwO3OG_SFijGXN8Towa37$TQ=
#=qd4_A7Y1qGQ8QAgHfK8_ssQ==
#=q3qYAJGveL_cxux6_2m4Vaw==
TryParse
#=qDB62T9X0iP_6WNTXOuwQnA==
PipeClosed
#=q8eJA0L4q0RMnuOJCvpFj3133vZRxVnxvHST9vysUWYQ=
Array
Microsoft.VisualBasic.ApplicationServices
#=qpQiSeXaCc6qGNX49vDbcMYyzv_UpV$YoUyrH0l6FW6Q=
PE Information
Image Base
0x00400000
Entry Point
0x0001e792
Min OS
4.0
Compile Time
2015-02-22 00:49:37
Import Hash
f34d5f2d4577ed6d9ceec516c1f5a744
Icon Hash
f66c7c86e9ab59ef3f289acd613a3738
| Translation | 0x0000 0x04b0 |
|---|---|
| FileDescription | |
| FileVersion | 1.2.2.0 |
| InternalName | NanoCore Client.exe |
| LegalCopyright | |
| OriginalFilename | NanoCore Client.exe |
| ProductVersion | 1.2.2.0 |
| Assembly Version | 1.2.2.0 |
| Name | RAW Addr | Virt Addr | Virt Size | Raw Size | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000200 | 0x00002000 | 0x0001c798 | 0x0001c800 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.60 |
| .reloc | 0x0001ca00 | 0x00020000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.10 |
| .rsrc | 0x0001cc00 | 0x00022000 | 0x00003ac4 | 0x00003c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.21 |
| Name | Offset | Size | Language | Entropy | Type |
|---|---|---|---|---|---|
| RT_ICON | 0x00022250 | 0x000002e8 | LANG_NEUTRAL | 1.71 | None |
| RT_ICON | 0x00022538 | 0x00000128 | LANG_NEUTRAL | 2.08 | None |
| RT_ICON | 0x00022660 | 0x000008a8 | LANG_NEUTRAL | 1.72 | None |
| RT_ICON | 0x00022f08 | 0x00000568 | LANG_NEUTRAL | 1.05 | None |
| RT_ICON | 0x00023470 | 0x00000353 | LANG_NEUTRAL | 4.05 | None |
| RT_ICON | 0x000237c4 | 0x000010a8 | LANG_NEUTRAL | 2.72 | None |
| RT_ICON | 0x0002486c | 0x00000468 | LANG_NEUTRAL | 2.76 | None |
| RT_GROUP_ICON | 0x00024cd4 | 0x00000068 | LANG_NEUTRAL | 2.69 | None |
| RT_VERSION | 0x00024d3c | 0x00000264 | LANG_NEUTRAL | 3.27 | None |
| RT_MANIFEST | 0x00024fa0 | 0x00000b22 | LANG_NEUTRAL | 5.04 | None |
| Address | Name |
|---|---|
| 0x402000 | _CorExeMain |
Processing 40.25s
- 19.013s NetworkAnalysis
- 17.475s Suricata
- 3.459s CAPE
- 0.289s BehaviorAnalysis
- 0.016s AnalysisInfo
- 0.001s Debug
Signatures 0.73s
- 0.17s antiav_detectreg
- 0.065s infostealer_ftp
- 0.064s network_cnc_http
- 0.038s infostealer_im
- 0.036s antianalysis_detectreg
- 0.03s territorial_disputes_sigs
- 0.025s antiav_detectfile
- 0.023s network_http
- 0.019s antivm_vbox_keys
- 0.018s infostealer_mail
- 0.016s infostealer_bitcoin
- 0.014s antianalysis_detectfile
- 0.013s antivm_vmware_keys
- 0.01s antivm_parallels_keys
- 0.01s antivm_vbox_files
- 0.009s antivm_xen_keys
- 0.009s masquerade_process_name
- 0.008s antivm_generic_diskreg
- 0.008s network_dns_url_shortener
- 0.008s ransomware_files
- 0.007s network_dyndns
- 0.006s antivm_vpc_keys
- 0.006s geodo_banking_trojan
- 0.006s poullight_files
- 0.006s suspicious_tld
- 0.006s ransomware_extensions_known
- 0.004s antidebug_devices
- 0.004s ketrican_regkeys
- 0.004s qulab_files
- 0.004s limerat_regkeys
- 0.003s antivm_bochs_keys
- 0.003s antivm_hyperv_keys
- 0.003s antivm_vmware_files
- 0.003s bypass_firewall
- 0.003s darkcomet_regkeys
- 0.002s banker_zeus_url
- 0.002s network_torgateway
- 0.002s antiemu_windefend
- 0.002s antivm_generic_bios
- 0.002s antivm_vbox_devices
- 0.002s browser_security
- 0.002s file_credential_store_access
- 0.002s registry_credential_store_access
- 0.002s disables_backups
- 0.002s azorult_mutexes
- 0.002s echelon_files
- 0.002s rat_pcclient
- 0.001s network_ip_exe
- 0.001s network_open_proxy
- 0.001s recon_checkip
- 0.001s accesses_netlogon_regkey
- 0.001s accesses_sysvol
- 0.001s antisandbox_cuckoo_files
- 0.001s antisandbox_fortinet_files
- 0.001s antisandbox_joe_anubis_files
- 0.001s antisandbox_sunbelt_files
- 0.001s antisandbox_threattrack_files
- 0.001s antivm_vmware_mutexes
- 0.001s antivm_vpc_files
- 0.001s banker_cridex
- 0.001s banker_spyeye_mutexes
- 0.001s banker_zeus_mutex
- 0.001s checks_uac_status
- 0.001s uac_bypass_cmstpcom
- 0.001s clears_logs
- 0.001s registry_lsa_secrets_access
- 0.001s disables_browser_warn
- 0.001s disables_power_options
- 0.001s disables_startmenu_search
- 0.001s removes_windows_defender_contextmenu
- 0.001s discover_registry_mount_points
- 0.001s downloader_cabby
- 0.001s driver_filtermanager
- 0.001s arkei_files
- 0.001s cryptbot_files
- 0.001s network_dns_opennic
- 0.001s network_dns_paste_site
- 0.001s network_dns_temp_file_storage
- 0.001s medusalocker_regkeys
- 0.001s revil_mutexes
- 0.001s satan_mutexes
- 0.001s crat_mutexes
- 0.001s dcrat_files
- 0.001s modirat_behavior
- 0.001s obliquerat_files
- 0.001s rat_spynet
- 0.001s warzonerat_files
- 0.001s warzonerat_regkeys
- 0.001s xpertrat_mutexes
- 0.001s recon_fingerprint
- 0.001s remcos_regkeys
- 0.001s sniffer_winpcap
- 0.001s language_check_registry
- 0.001s targeted_flame
- 0.001s lokibot_mutexes
- 0.001s ursnif_behavior
Reporting 0.01s
- 0.011s JsonDump
Signatures
Attempts to connect to a dead IP:Port (1 unique times)
IP: 127.0.0.1:9033
A process attempted to delay the analysis task.
note: client.bin.exe tried to sleep 400.46 seconds, actually delayed analysis time by 0.0 seconds
HTTP traffic contains suspicious features which may be indicative of malware related traffic
ip_hostname: HTTP connection was made to an IP address rather than domain name
suspicious_request: http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com
suspicious_request: http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
suspicious_request: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com
suspicious_request: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
Performs some HTTP requests
url: http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
Binary file triggered multiple YARA rules
Binary triggered YARA rule: DITEKSHEN_MALWARE_Win_Nanocore
Binary triggered YARA rule: Windows_Trojan_Nanocore_d8c4e3c5
Binary triggered YARA rule: Nanocore
Binary triggered YARA rule: Nanocore_RAT_Gen_2
Binary triggered YARA rule: NanoCore
Binary triggered YARA rule: NETexecutableMicrosoft
Binary triggered YARA rule: IsPE32
Binary triggered YARA rule: IsNET_EXE
Binary triggered YARA rule: IsWindowsGUI
Binary triggered YARA rule: Microsoft_Visual_Studio_NET
Binary triggered YARA rule: Microsoft_Visual_C_v70_Basic_NET_additional
Binary triggered YARA rule: Microsoft_Visual_C_Basic_NET
Binary triggered YARA rule: Microsoft_Visual_Studio_NET_additional
Binary triggered YARA rule: Microsoft_Visual_C_v70_Basic_NET
Binary triggered YARA rule: NET_executable_
Binary triggered YARA rule: NET_executable
Makes a suspicious HTTP request to a commonly exploitable directory with questionable file ext
url: http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/c92e95cf-27b9-4ea9-a961-5f08d3174bee?P1=1776985622&P2=404&P3=2&P4=PD62n0mbfNE4p%2bzyHMqYWf0Eo1BpP478XDrc2Cg%2f6tFDiTGKK%2bWrWL%2fU8MbcGPUmtxsWoGEpKhiIrbEfGypD2Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051/pieceshash?cacheHostOrigin=msedge.f.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
url: http://46.149.110.67/filestreamingservice/files/1c8bb521-add5-4d27-9549-25669b46e051?P1=1776985708&P2=404&P3=2&P4=kwQvDO9utagCSEtRuxdjzHbj%2banTF9yzs5Besj2uyPgaw%2fmpojpMtyoVLt1BCzhg02iufxfBHrPDsHsALLnU9Q%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 4156 triggered the Yara rule 'IsPE64' with data '[]'
Hit: PID 4156 triggered the Yara rule 'IsWindowsGUI' with data '[]'
Collects information to fingerprint the system
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Attempts to remove evidence of file being downloaded from the Internet
file: C:\Users\cape\AppData\Local\Temp\client.bin.exe:Zone.Identifier
Screenshots
Hosts
| Direct | IP | Country Name | ASN |
|---|---|---|---|
| Y | 20.93.72.182 [VT] | unknown | |
| Y | 46.149.110.67 [VT] | unknown | |
| Y | 72.154.7.108 [VT] | unknown | |
| Y | 72.154.7.100 [VT] | unknown | |
| Y | 72.154.7.105 [VT] | unknown | |
| Y | 72.154.7.102 [VT] | unknown | |
| Y | 72.154.7.98 [VT] | unknown | |
| Y | 72.154.7.101 [VT] | unknown | |
| Y | 72.154.7.107 [VT] | unknown | |
| Y | 72.154.7.109 [VT] | unknown | |
| Y | 20.165.94.54 [VT] | unknown | |
| Y | 173.194.73.94 [VT] | unknown | |
| Y | 13.107.6.156 [VT] | unknown | |
| Y | 84.47.178.41 [VT] | unknown | |
| Y | 150.171.27.11 [VT] | unknown | |
| Y | 84.47.178.49 [VT] | unknown | |
| Y | 40.126.53.14 [VT] | unknown | |
| Y | 52.123.242.97 [VT] | unknown | |
| Y | 20.42.65.93 [VT] | unknown | |
| Y | 4.207.247.139 [VT] | unknown | |
| Y | 84.47.178.56 [VT] | unknown | |
| Y | 20.189.173.2 [VT] | unknown |
Summary
- C:\Windows\System32\MSCOREE.DLL.local
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- C:\Windows\Microsoft.NET\Framework64\*
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- C:\Users\cape\AppData\Local\Temp\client.bin.exe.config
- C:\Users\cape\AppData\Local\Temp\client.bin.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
- C:\Users\cape\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\client.bin.exe.log
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
- C:\Users\cape\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
- C:\Users\cape\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
- C:\Windows\assembly\NativeImages_v2.0.50727_64\indexc.dat
- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
- C:\Users
- C:\Users\cape
- C:\Users\cape\AppData
- C:\Users\cape\AppData\Local
- C:\Users\cape\AppData\Local\Temp
- \Device\CNG
- C:\Users\cape\AppData\Local\Temp\client.bin.config
- C:\Users\cape\AppData\Local\Temp\client.bin.INI
- C:\Windows\System32\l_intl.nls
- C:\Windows\assembly\pubpol5.dat
- C:\Windows\assembly\GAC\PublisherPolicy.tme
- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
- C:\Windows\assembly\GAC_64\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
- C:\Windows\Globalization\ru-ru.nlp
- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- C:\Users\cape\AppData\Roaming\57C9F549-7B50-4C23-B307-58BAB726D1B6
- C:\Users\cape\AppData\Roaming
- C:\Users\cape\AppData\Roaming\57C9F549-7B50-4C23-B307-58BAB726D1B6\run.dat
- C:\Users\cape\AppData\Roaming\57C9F549-7B50-4C23-B307-58BAB726D1B6\Exceptions\0.0.0.0
- C:\Users\cape\AppData\Local\Temp\client.bin.exe:Zone.Identifier
- C:\Users\cape\AppData\Roaming\57C9F549-7B50-4C23-B307-58BAB726D1B6\catalog.dat
- C:\Users\cape\AppData\Roaming\57C9F549-7B50-4C23-B307-58BAB726D1B6\storage.dat
- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
- C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\Windows\System32\ru-RU\tzres.dll.mui
- C:\Windows\System32\ru-RU\tzres.dll.mui
- C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\Windows\System32\ru-RU\KERNELBASE.dll.mui
- C:\Windows\System32\ru-RU\KERNELBASE.dll.mui
- C:\Users\cape\AppData\Local\Temp\ClientPlugin.dll
- C:\Users\cape\AppData\Local\Temp\ClientPlugin\ClientPlugin.dll
- C:\Users\cape\AppData\Local\Temp\ClientPlugin.exe
- C:\Users\cape\AppData\Local\Temp\ClientPlugin\ClientPlugin.exe
- C:\Windows\Globalization\en-us.nlp
- C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_ru-RU_b77a5c561934e089
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ru-RU_b77a5c561934e089
- C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_ru-RU_b77a5c561934e089
- C:\Users\cape\AppData\Local\Temp\ru-RU\mscorlib.resources.dll
- C:\Users\cape\AppData\Local\Temp\ru-RU\mscorlib.resources\mscorlib.resources.dll
- C:\Users\cape\AppData\Local\Temp\ru-RU\mscorlib.resources.exe
- C:\Users\cape\AppData\Local\Temp\ru-RU\mscorlib.resources\mscorlib.resources.exe
- C:\Windows\Globalization\ru.nlp
- C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_ru_b77a5c561934e089
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ru_b77a5c561934e089
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ru_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ru_b77a5c561934e089\mscorlib.resources.INI
- C:\Users\cape\AppData\Roaming\57C9F549-7B50-4C23-B307-58BAB726D1B6\run.dat
- C:\Users\cape\AppData\Local\Temp\client.bin.exe:Zone.Identifier
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\v4.0
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
- HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
- Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\standards\v2.0.50727
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\AppPatch\v4.0.30319.00000
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\AppPatch\v4.0.30319.00000\mscorwks.dll
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\client.bin.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_CURRENT_USER\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v2.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v2.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3749840076-4109591986-3192690632-1000
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\indexc
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\indexc\NIUsageMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\indexc\ILUsageMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\LastModTime
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5aa75839\10fdf3
- HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\Library
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\IsMultiInstance
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\First Counter
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\CategoryOptions
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\FileMappingSize
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\Counter Names
- HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\ru-RU
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\LanguageOverlay\OverlayPackages\ru-RU\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\4ecde57e\31d9ddbb
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3749840076-4109591986-3192690632-1000\Installer\Assemblies\C:|Users|cape|AppData|Local|Temp|client.bin.exe
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|cape|AppData|Local|Temp|client.bin.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|cape|AppData|Local|Temp|client.bin.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3749840076-4109591986-3192690632-1000\Installer\Assemblies\Global
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_ru-RU_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5e8c75c\de7da15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_ru_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5e8c75c\2f231edf
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v2.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\indexc\NIUsageMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\indexc\ILUsageMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\1\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\40159611\1\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\e\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\1910f9b6\2\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\2ea32674\7\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\25f1f8b7\3\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\cc504d5\6\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7a57f554\1d\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\620ba200\e\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\7febb058\1e\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\8\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\47b2ade6\8\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\f\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\24949616\10\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\ConfigMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\ConfigString
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\MVID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\EvalationData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\ILDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\NIDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\7\MissingDependencies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\DisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\Status
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\SIG
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\11593b27\5\LastModTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\Library
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\IsMultiInstance
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\First Counter
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\CategoryOptions
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\FileMappingSize
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking\Performance\Counter Names
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\LanguageOverlay\OverlayPackages\ru-RU\Latest
- Global\CLR_CASOFF_MUTEX
- Local\SM0:4156:304:WilStaging_02
- Global\{00000000-0000-0000-0000-000000000000}
- Global\.net clr networking
No results found.
No behavioral analysis data available.
Sorry! No strace.
Sorry! No tracee.
Hosts
No hosts contacted.
TCP Connections
No TCP connections recorded.
UDP Connections
No UDP connections recorded.
DNS Requests
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP Traffic
No SMTP traffic performed.
IRC Traffic
No IRC requests performed.
ICMP Traffic
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
No dropped files found.
No CAPE payloads found.
Sorry! No process dumps.