Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-11 18:27:59 | 2025-06-11 18:58:44 | 1845 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,084 [root] INFO: Date set to: 20250611T16:18:41, timeout set to: 1800 2025-06-11 17:18:41,144 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8 2025-06-11 17:18:41,144 [root] DEBUG: Storing results at: C:\qDdlkFnGz 2025-06-11 17:18:41,144 [root] DEBUG: Pipe server name: \\.\PIPE\wXevDSJXBA 2025-06-11 17:18:41,144 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 17:18:41,144 [root] INFO: analysis running as an admin 2025-06-11 17:18:41,144 [root] INFO: analysis package specified: "exe" 2025-06-11 17:18:41,144 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 17:18:42,113 [root] DEBUG: imported analysis package "exe" 2025-06-11 17:18:42,113 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 17:18:42,113 [lib.common.common] INFO: wrapping 2025-06-11 17:18:42,113 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 17:18:42,113 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\Ultimate_SAMP_KeyBinder.exe 2025-06-11 17:18:42,113 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 17:18:42,113 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 17:18:42,113 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 17:18:42,113 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 17:18:42,300 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 17:18:42,332 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 17:18:42,456 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 17:18:42,472 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 17:18:42,519 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 17:18:42,519 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 17:18:42,519 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 17:18:42,535 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 17:18:42,535 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 17:18:42,535 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 17:18:42,535 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 17:18:42,535 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 17:18:42,535 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 17:18:42,535 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 17:18:42,535 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 17:18:42,535 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 17:18:42,535 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 17:18:42,535 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 17:18:42,691 [modules.auxiliary.digisig] DEBUG: File is not signed 2025-06-11 17:18:42,691 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 17:18:42,706 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 17:18:42,706 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 17:18:42,706 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 17:18:42,706 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 17:18:42,706 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 17:18:42,706 [modules.auxiliary.disguise] INFO: Disguising GUID to eebf7374-c733-4252-9a71-d3c91b91d619 2025-06-11 17:18:42,706 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 17:18:42,706 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 17:18:42,706 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 17:18:42,706 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 17:18:42,706 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 17:18:42,706 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 17:18:42,706 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 17:18:42,706 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 17:18:42,706 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 17:18:42,706 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 17:18:42,706 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 17:18:42,706 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 17:18:42,706 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 17:18:42,706 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 17:18:42,706 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 17:18:42,706 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 17:18:42,706 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 17:18:42,738 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini 2025-06-11 17:18:42,738 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 17:18:42,738 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 17:18:42,738 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 17:18:42,738 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 17:18:42,738 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 17:18:42,753 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 17:18:42,753 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\EeGlvdpK.dll, loader C:\tmp_gell1p8\bin\PoaYJsgW.exe 2025-06-11 17:18:42,831 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 17:18:42,831 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\EeGlvdpK.dll. 2025-06-11 17:18:42,847 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 17:18:42,847 [root] INFO: Disabling sleep skipping. 2025-06-11 17:18:42,847 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 17:18:42,847 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 17:18:42,847 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 17:18:42,847 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 17:18:42,847 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 17:18:42,862 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 17:18:42,862 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 17:18:42,862 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 17:18:42,862 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 1336, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000 2025-06-11 17:18:42,862 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 17:18:42,878 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 17:18:42,878 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 17:18:42,878 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\EeGlvdpK.dll. 2025-06-11 17:18:42,894 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-1 <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-11 18:27:59 | 2025-06-11 18:58:24 | none |
File Details
| File Name |
Ultimate_SAMP_KeyBinder.exe
|
|---|---|
| File Type | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| File Size | 743424 bytes |
| MD5 | 39921ae030188e1fd4e844f5e38fc8b8 |
| SHA1 | 6250b9876a7a8a14ae77ac59a6cda25a1275d9fe |
| SHA256 | 519844976cd2f66164e113a4f44bf29f75601dfa48963d6f5455c02ceabe59e6 [VT] [MWDB] [Bazaar] |
| SHA3-384 | 4573d446ea7f1eabee1414288172bf697dcc1d8534eaea9a286dace047a4a4f3753fb8ab65ea2c2f292bea3c113e9816 |
| CRC32 | 9AECE323 |
| TLSH | T17FF4AD61735CAE62DA7D06F65551C2B403665F194871E27A3CCE3E8B37F1BB02A1CA83 |
| Ssdeep | 12288:FOcmrcm2iGmSMkuDAE7c2UibXVabxHMLKFhcDRGI8lhvoxxkW8MudbCgJ:F0NPSMVghaRIxhvo48uN |
| PE DotNET | File Strings BinGraph Vba2Graph VirusTotal de4dot (0.54) |
AssemblyVersionAttribute
%WG`N
gqur^
.*$Pf
groupIDlong
U9eo,
toolBar1
0C;vPr
p$XG2
defaultInstance
z.YmG
6}o<*
7nG//
h[Kk:
8WDjdvgr
FlatStyle
set_FlatStyle
mscorlib
d!-EH
j1u{4
`K#,
Ultimate SAMP KeyBinder - Untitled
</x:xmpmeta>
stWo<-G
b+q/+
M#txV
GraphicsUnit
UUUUUUUP
W1)%a
;,/[3
yjTB]g
textBox23
mscoree.dll
fKL/Z
B`UxKY
+ln8D
{[/si
Ybij#
K6_)(
+\Vh$
Hcqb =.
TEpA]T
r@N<g
checkBox1
JoT)$
set_AutoScaleDimensions
|7c23
KN,rU*Z
Kp!@{
7F.>>^
get_Button
:g:xB((
Contains
id%\u
Leftlong
XXX{{{
Bx,;q
5DATW
0}R@O
q\E~o
CT{{1
lcx'Y
Hd4u*A
fYpWY
<2!-Y
StringWriter
GetEnumerator
CB:d1
+Gu])
set_FormattingEnabled
hGB;?2nZ
^oj >
'/kuy
topOutsetlong
4.0.0.0
:HuQE
LoadFile
Xge=X
zB&b&/D
QE2-H2
Send T Key automatically
rB]g)
BaQ6S
2,T=h
1;\,H
CRjs9
<rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:AEA977AEE96ADF11B2D5B2F56147C0AB" stEvt:when="2010-05-29T09:19:09+03:00" stEvt:softwareAgent="Adobe Photoshop CS4 Windows" stEvt:changed="/"/>
Nqt`m
{L{wUU
c0]iA
S;Eou
#wK?V}W
8,Fk*
RadioButton
"\U\X
Azsy%
%%%###
T3p*M5b
3GK<B;
8BghO
6@t,_
s`N/d
5:.zw
U_v6X
get_Control
{7RJ2
TextReader
Numpad4
\YwZTr
GetHotKey
wRGNI
)s6KNZ!
j>ZPt
WPKg@F
ZIi2
tW8%N
0Yi$E
Combine
}y$:D*
3\Hg&C,`
dddgggMMM
c|_NRM-
G\Z[|I
GetValues
8t 44
YLknd
slicesVlLs
!mg\g
kiCaH
<?xpacket begin="
FormStartPosition
add_ButtonClick
iZW-r
cX2&3p
LY>cL
mtf%FJ+
DF?eJ
U3e2.e
3System.Resources.Tools.StronglyTypedResourceBuilder
set_DefaultExt
2qJWhug
|aRE-&
YKE@Q
x9DY}_v
KjMA=
htI,s
InitializeComponent
|6<D>
Nm$3;L6
%NPhotoshop 3.0
.s, L.
W[v2%
30@Kr
*nn6-
Mk~OR/
horzAlignenum
:t*$hJJ9
/_$re
get_Transparent
s3Ef,-[
fIKEhc
%])FcE
<?xpacket end='w'?>
2.IH<
,Svq|qQ
!xJ)rCy
33!3o
_L/wnA
{qmqop
%Vge{
nCode
SK{0=Y
+])!'
-!~bz (v
SSSxxx
o.S,n
RCTRL
Pj(OM:
fY~W 7
=hOLCk
8I&!LS
[HotKeys]
System.Runtime.CompilerServices
wwwfffwwwwwwfff
O?f/\`Q
Ultimate_SAMP_Binder
GetFileNameWithoutExtension
?;Bk`
|>!RV"
'A)A-Bl7
ovS!+
%3C](JBUk
oO)O%<
aW-Ix6
:d9[YhB
openFileDialog1_FileOk
qo%[e)
toolBarButton10
]io%HZ
FrameworkDisplayName
h6iJJh
yq#bl]
System.Configuration
"J6\y8
MiI?Ey
Jm!#t
Numpad2
_.{Fv
SystemColors
JVO0J
c<SF{
=cyUe
Application
UQ2BB
S|Oag
l?"31
,MPtD
c)dr{
B)5?6
,/\nY[,
%%%kkk
comboBox17
NM9Nr
".mKB
S{{']9
"9>LF
ESliceVertAlign
CompilationRelaxationsAttribute
Y#Ijl
)K%JR
|||WWW
!<T@/a.
c7:Bf
%o8~X<
set_Anchor
#-r&fc
\LIi%
,V'-wd)jEe
o%w3C
System.Drawing.Size
>DUvaA
$Nb[a
2]M,'?b
)*+AmR
Q0x[*bT
j.p<0
set_Style
tg}vx
curDir
m:@>}
yp'XD
/2eO/+
mmmhXXXpVVVpZZZqjjj'jjj
8A5)K
BRKm%
z}L ;
jUx`a
~]NEL
(?[s?
F {Gf,y?
/M>|p
wLc.}
nnnkkkkkkkkklll
RightArrow
~#ZYr
P>~u1v
vKfn[
<Module>
checkBox1_CheckStateChanged
An exception has occured during the loading of the file:
pAk#s
setText
Gf7NE
NWb-:
yLCBS
.Y{=Mo
toolBarButton3
Hpc46
askSave
vertAlignenum
*8U\H
j^[v)
Do you want to reset USK Settings?
>C\z'
Wgphu
L/*Ka
ToolBarButtonStyle
:ry5&u
Subscribe to my videos on Youtube
oeJro
AssemblyTrademarkAttribute
111ttt
tXB"@u
JSTNi
.rl 1
y\&Lq
I]OEs
I8{N|
m Dmhm
Yx7q}
e!8qQ
D)p7`
[SendKeys]
GTA:SA:MP
`dm*FU&c
will disable the binder while the ESC and ENTER keys will enable it !!!
MdEj<>
DDDwww
!g@{y
:^iz*
vT^;{L
OOa-fFC_c
C#}E2
{qk<Q
ubzV#-
N@w.x'IQR
,eH?s
J!RQ[U
Ultimate_SAMP_Binder.Form3.resources
\1pB>
zOg,s
toolBarButton6
'y*QWIS
$!(T5T
%Nd,W
Oo]zb
ResourceManager
q%Nz[
MS@wGyL
DqizS
@hQt
5@olb0
HookedKeys
get_CheckState
pZ4#8
10.0.0.0
LKw(pG9
6Ye[M
/ti%ou.
<HdUFY8T
wwwYYY
I#i#r*ET
._r2L
EnableVisualStyles
:M,i=
rightOutsetlong
GqhBa6
PADPADP
KKKbbb```bbbaaa
lDkN
textBox1
3hQ&~&j
Cm_M}0A=
jn+f&
f0P0.
x^g-k
Q:LxJ
hUro-dlU
"/2Et
Nt\sU
button2_Click
0AQq
h+ZS`
C_nWW^
XfVG6
>8@J`
uBfV|
n2?xq
Woql56
FileDescription
__<BA&
;^N0"
uc~\n
f'=JB
11010101
AssemblyDescriptionAttribute
82j5c
ImageLayout
>F]l$)$
Q-%"[9
set_Text
S_^/)
.RbCj
23313
pVs6Q
eGJiH
KKODl!n
2-NDd
NOTE:
)LI K_
/r.?+
^d.3Y
]b5g9
{;h{Z
Send ENTER Key automatically
s"Yzr\v
Rc2iK
aN L
>g< }
>6cR+
f[Kka
Button
F-Ldx
]D{F_q
0mB[;w
',\]E
,-f-%
remove_KeyUp
Yw:NW
"9|$i
rQGe%
Cqn./,#
,W@wF
RE|L7#
W_{^^y
KWoe4
GetForegroundWindow
H?'l6
3Co7/
@aQV .
KeyEventHandler
gEc]5n
CultureInfo
iS%,&J:
comboBox14
~|Y:/
Container
V/u=b
Boolean
bfffff
888---vvv
Cxz=@!
vN289
cJ3mrV
!55U<<<
zthQW
DownArrow
g%*PG2
openFileDialog1
AutoScaleMode
h`T2*
I@FLR
IBuN(*Y
7O-"Kv
M+W2A
}Z?N&
CLl7I)
Ej;q6
set_UseVisualStyleBackColor
G$j}M(
AKp$#v
z&Ed&
:kfvb
~2yd_
i4pkH
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.2.2-c063 53.352624, 2008/07/30-18:12:18 ">
J{p9-
Ultimate_SAMP_Binder.Form1.resources
?n5Xz
>$gz324
set_Culture
g[JUf
kQkYk{
rLW4~
+SiULg
EvKhm
2p7@_D
|''9Wa-
hv=:T
nl`^Cw
.JDna
ZMN-R!<
components
FFW4u
StringBuilder
i}z4|G
V'Q$W
rQU]%
J{N#K9
Concat
G]3n1
Point
I0p7I
_9]rb|
comboBox9
ObjectCollection
DllImportAttribute
8UgmN
#j[m$
?koo7
bN>iD4
`'2z-
,6@:&
*PPhotoshop 3.0
H0o9w
FYHdZ
gZM#1
^^^YYYPPPPPPUUUQQQVVVSSSPPPYYYQQQQQQQQQQQQVVV]]]
v&EYX
NYuwe
SRA(G-
M~82L~
cy==AM
%Egzz
WsEpFA
DDa}aR
->z^*
2010:05:29 15:45:33
System.Drawing.Icon
UaK')k
[j]_^
uoo iD
Start Minimized
n'_9=
iKVXI
PPxh+
set_ClientSize
{ENTER}
0i1Zj
Object
{CjUzEh
@hL|o
textBox10
QPW+V
JHQF
CCCKKKPPPIIIQQQ
&GyK(
8g,D/*
V8Q7p
s#0:e
afRGj
p`;}h
_"+WL
t5eQ0WP
8'znU
C+f<5
U/<tX/=|R
unhook
uy`#]
n9peiv
L+0\v
AV!kM9
b77AK
LmYxf
set_Location
RSHIFT
,F/Tte
xviDQMrR
?G/g{
2K,tE
$]&.D
sOhQYSR
AEjGnx
=s5`)
TzSTW
2,:RvDG0
DwYS.B
7Su63{w
js&<9
%w/W>
???EEE
IDAT"
q{f$}
fEl!q
set_TransparentColor
I:8.Qg
eH$Wy5
b-)bi
L[F$h
:VY':
9xCm\
PerformLayout
LZA6i
vupJ{^
HBCN%
---jMMM
Rk75T
kb1c$
<lRmJ<
y[2qU
cPs+ps'
s%!1F
dCZovq^[
ToolBarButtonClickEventHandler
ZXn4u&c%
ghk_KeyDown
i";>j
textBox26
a[GPA
:dhp[J
Assembly Version
v1C21
by.3B@
|*c94
Sc ;U_
p@LbA
1m:7u
comboBox29
height
/K+@l8
XP3-|@[Q
DSv6u
G:QY@
-96sl
:gR=#
'k*EZ
PPQ'J
KIq(=
3IQZG
OriginalFilename
2zT7)k
PkMO'
!G!osJ
x(J3$
set_MaximizeBox
c\b+T
SmLrB
FileDialog
LinkLabelLinkClickedEventHandler
IT$cX
B;XS:
nAtf+
m-3t#
SHuKA
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
^k"3
ToolBar
O,;/f
/&$&\
7UK9_
get_ActiveBorder
,/y@%
"?N_E
kv$yq
ZL$ t
System.Collections
LAn5-\
r:8\>h
G,wK0
*@Y+&
IconSize
toolBar1_ButtonClick
TextBoxBase
$xDp)"g
IEnumerator
$this.Icon
K6:mt?
flags
TextWriter
ShowDialog
get_Default
}}0A=
h<5FU
me~L;Y
DELETE
WH_KEYBOARD_LL
UMMSt
+dn)Z
FileAttributes
T`kQel
Q]fHeo~9
.8N9S
}JfVm
FormClosingEventHandler
Jdfm(
F^L[y
9iCCPPhotoshop ICC profile
1Ga:c
set_Cursor
]rWos-
:6H2a
"[^w(
add_TextChanged
web#[kf_
UhkCZ
PPPnnn
@.reloc
vkCode
W 5F@(
width
MyKey
,g=yR
Control
comboBox5
&D`c4
,-h/]
H4G5b
#Strings
L)r|V
222+++111"""222
E;-IR
dn4>\
e1fXA
_CorExeMain
BeginInit
imageList1
MW>u@=`
]ZO:6
(tB=>[m[y}s
|*(*N~
khQ5-
vmqyV
sSdp=
<rdf:Seq>
</rdf:RDF>
*s+PH
<rdf:li stEvt:action="created" stEvt:instanceID="xmp.iid:ADA977AEE96ADF11B2D5B2F56147C0AB" stEvt:when="2010-05-29T09:19:09+03:00" stEvt:softwareAgent="Adobe Photoshop CS4 Windows"/>
KXs>O
;;;ppp
7B#6%&()
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
&T49~
}N}g/
\"w/J\
MessageBoxIcon
j`A@N
N>HAD
8#5P:
nZAur
K#i9[YGA
*yS+$
2Z2n2l
pictureBox2.Image
.text
weMvV
;I&.[
E#8Akl
X5n v
set_Pushed
v{F-/
add_LinkClicked
GroupBox
Tahoma
c",d,
!S'sMa
{PNF^
M)].U
[kIK3+M8
at>jh>
exit.png
set_InitialDirectory
!8cXq
HYWi=
i22Wb
*F22:
Q.H)U6uLM$
Mkkl7k
- T and ENTER keys can be sent automatically;
4^#P=
PH/[#
vI1'g
miFP-
]]]dddiiiFFF
idHook
0MDo:
1cHW-
dsQW9
^46v+$
kft0:=
TMjMGt
Oa}gqc#
uIX::
:"6_7P
label1.Text
nnnqqq
czy%:
4N;6M
p^gsy
$tW-W
~iclK
l!/W5
$m0:x<G
v9y~>
w+x9Z
label1
keyboardHookStruct
button2
HmZX5@Z
>d-5!g
<dSft
';LhQ
NCl{d
1sh$2
`^W7,
eXk80
M:{b+Jq
bgColorTypeenum
xb"1I
$[yw2$
mn{rr
:::555
k2ekTP
[^x=}}
REeJ'L
Iih$NX
em?k`}
Ezcdm+,6
GetActiveWindowTitle
set_DropDownStyle
Ultimate SAMP KeyBinder - Exception occured
\7V_h
.O_/g[
?v?dQ
AssemblyCompanyAttribute
@[FpL!
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADA
fPiE+Rk
J[Cixu:S
tPYkY6q
Cursor
WG6ov%
r;w)aLF
q?2l:5
i?JaB
%2jp6
k(J{,
Delegate
>]B{ov
Typeenum
1PBxiP1
7mRNr
;]>($bXoX47Q
|<PAj
WSMz4
-3x0IO
w#Bn+
B_m]W>
](%eDV
3">W,EK
comboBox16
vA+{g%~
i{9D;
IAsyncResult
l?hS(
j(S[eF
=s_X]
-UK)q^jiA
CompareExchange
bL>Ay
Obn|,3
NvasZv
.T4uZH
ALx0"
5gN5z
(ZJjET
2w$huv
ESliceType
n/0Sr}Iz
X_SC=1
fELax"
{#:tk
,3hiR
a%!ZQ
>s_z,
=7-D/
callback
}uEQy
kF.O\
6UlzE
radioButton2
ControlCollection
}d6+N
X^1s!
L@|:`
ySNDj|
ZnW@W2
\YXY*k'
+N$sU
JA~^<
set_SelectedIndex
3_K$E'
Kj^Ze
}"umfkiMo=_
QU2sp
hhook
I~9=9
Hf]/4
;;wM_
Z\Isso
zQ7Qc
CaCl>O?t
sqy3[
Xd[u$
~l[]?
ComVisibleAttribute
pictureBox1_Click
MulticastDelegate
comboBox7
get_Text
WrapNonExceptionThrows
<rdf:li stEvt:action="created" stEvt:instanceID="xmp.iid:96860F12206BDF119F1AB0538305288C" stEvt:when="2010-05-29T15:45:33+03:00" stEvt:softwareAgent="Adobe Photoshop CS4 Windows"/>
###$$$
UUUUUU
<_UGuK
#DjM5
SetToolTip
6F<ux
j<wD
checkBox4
E]7]W
eUeUffUVUW
g)Hq'
A Particular Window
0-*c?
Il'1S
.(Del/Decimal Key)
;O7Wo
textBox7
@4xSd
" id="W5M0MpCehiHzreSzNTczkc9d"?>
Numpad7
QRS_wQ
(Vsld
Errik94#_6
get_Assembly
;7@70
vl_J,vLZ~
r``n-
#B{q$
[9Uz{zt
M).,q
&6o 6s\
g-[,'
vr_ac
YA7k8
.HJXj2
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
add_CheckedChanged
U9K;L
UPArrow
1JRZi
vco7[
4(JU%
JWF~*
aaappp
LoadLibrary
hMxLh
OpenFileDialog
n8.+7
k~n%s
3*j\Wb
DuvVud'
r2>Kk
q,)x7
>CoB.
rrrmmmjjjjjjjjjjjjlllooo
PSC.;
+O/J`~
ZYc/t
LA]S2EM
LoadSettings
'x/#m
SStbL
|=8=G
b|r$7
+q#,b
HT8r!
,Jq/0
Yu1n*
{NFbe
aQ17KV
zc!_n
?F$A8
]]6.j
2/>wGg
Y@UIa
>5!Z'
E`Ty;Y8s
->.(ho.a
M@W0/
OEeAP;
hEE>L)FKV
Mu"1&
mqLj}k
7EkBk
ToolBarButtonClickEventArgs
419TS
Q8v4\8N4u
88#I,
Convert
J"cHVc$
+++DDDwww
^YE!S
X&g3.
Ultimate_SAMP_Binder.Properties.Resources
N~[+rP
add_Load
wwwwww"""
[-{N5`nc
c{j9c
get_FileName
{y>Co
<xmpMM:History>
n x/`
All Windows
comboBox28
%9.46
XFA]+u
comboBox11
Numpad1
D1Grg
~dj[q
lc.2E0
ApplicationSettingsBase
C^LPt
,_iWm
zEeu!
\E1QF(
Save Current KeyBinds
r1W,K
C(BNS
Arial
P\qn{
]@l9##YLf
!!eaI
~@J\XQ
S\4&j
LegalCopyright
HcGVG4eZ
k:101
TEzZD
k:US\
button4
textBox19
2.If you run samp.exe or gta_sa.exe as Administrator
RAc89
3gB_S
coQXvj
170:4
iS[SnN
)I)>f
yCIuU@
dG#Cq
'@~0=HJ
x6.Pd
!FYx+\
WM_KEYDOWN
MessageBox
'hB#a!
O0d2"
YUEUOU
YYYUUU
`$f?.X
TLwj[O(
`cW/5r
disposing
>/~^;o
Fi='+
System.Windows.Forms.ImageListStreamer, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PADPADPBj
t%=UI
14~[E
#Blob
j?}q=
}o{Yg
Utilities
nFL/rs
&[*R]n3,
hd+,$Y
J&r"b)]
textBox27
K`;F
set_Checked
?HSGC
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
b)J$2
v+(9l
checkBox2
textBox24
)LNoj
6`z<h
M_x;%
`.rsrc
dD/Ld4zn
set_ImageIndex
A\4%
j+RjTO
7o~tY
9J~P}
<(I91*
Numpad5
M2}\h
>GWw
nhB@~
P+xkFn\&+
sJR~^
Cj v/Os
comboBox25
yP$XP
yyykkkkkkkkkkkkkkkooo
New KeyBinds
get_KeyCode
htAVVE
Form2_Load
4qU'm
QbaN@
?=]?4
Cb74I
d4SAQ
ir\tz
})]YP
g%X1C
Z@~X)
%E*(QN
: VrR[KtP
B1not|[ k
+P#h
ContainerControl
T4zx:F
value
5=0(H
AIDATx^
(a3-/NPe1
GvLL:
set_DropDownArrows
z}T9MMe
nnn```
PB I(
B3C456#$DFG8
xq7?(\(W
EB;_@
LwP}t
@=;)X
vabP7y2
}!Uzs
Directory
:ADtu&
N~>oq
button1
Rm"E:\t(
U\uZL
9QF{$v
E7?D9
@wU?szNY)
YW_[#
_z&A%
}C+ae
b)ow(/&
ZQMyz
9f5#&y
x,Ye"
o_GUc
comboBox6
comboBox21
+m,NN
],HE%
nlB*9@m
+oNo+
Interlocked
@TMm"H
+0(<D~q
set_WindowState
ayI*v
3XO$gT
KeyEventArgs
65+Cjq+F
4FBa\
e2K{5
8?8,Ra-
radioButton3_CheckedChanged
I$s]He
]e.Ac})eu^o
(Y6+I
`|nD[
SVDSV
JIM6>
User32
Mw2b[
d9aAS
set_TabStop
t$f#i
TR4$U7p%j
666BBB999
>g%!$,
x'ZL3
burn.png
IEi7k
x42Ma
.cctor
Numpad6
cb`b`b`b`
`g!3%Q*
N3s,=
IconData
add_KeyDown
</rdf:Seq>
yz/\9
oa"e-L
J7W8^
R3333
000004b0
set_ShowIcon
SetCompatibleTextRenderingDefault
E{v2=
get_Handled
lQ"M[
QFKa4h@n
}0vSg
]Iuw#
3==23o
QG}vn~#^
ddjJ(
textBox12
comboBox20
FormClosingEventArgs
`SK!66
27z05K
MK:GG
fDHfN3!t
B#dc$:
ztdDi"-
@j4,}
QQQSSSMMMPPP
+BbB,K
d3)mY
(>`aJ
eeeAsss
aGHl;
A'z]=
Form3
555777
$this.BackgroundImage
T5Vx5X
:ZYI'
tc+&@
111$$$
Sr/O/
]zR\c
]#r=T
n=/s7
FontStyle
ET,oF
About Ultimate SAMP KeyBinder
"XC(F
];Vj7
:$T*;r
QA]+v
@F$yK^:
HHq~j
J!-%hYA
<^e?tJ
kh9]G
user32.dll
hWK:
T![Z][
~zcjL
W{,f7
+++fff
#>Kl;
Om?5W`
UVZ[:
%~CNE
Adobe_CM
jr>?jF
Send Keys To
Ej+QZ
f{U.b
upf_5rs
Hj\Hhj
Nr:&;m
S2\Z7
U5#N]
l:#t^:h
;O QP*
RF-}=
ds}.-[
(CQs&[u
groupBox2
Version 1.0
S5-B]
"G}?73
WM_KEYUP
NAj7{T
{ n.s^
88DY@
"<323L*
|fZVL
KeyUp
,__`>
@s3k(
p|;y}h
_=uX
v{m[|W
2'/n<
-q{7;
get_Buttons
cqu$h
&&&"""
Z@t5=
&[`RO
YEmo;
set_ShowInTaskbar
!["Q{g#p
PS:xa
ker5h*
Rr#s4
E6h*M
```vRRR
w.Cru
jj/uKoF
vgO20
HZ-ZAT
Op?OJ_
set_SizeMode
Nw!,y
pictureBox2.BackgroundImage
LMc:j
mCZ1
System.Text
H~7{f]
d]3ene
u#px}
g_|D/
T:~3r\
1\_38Q
3k?D`\
n~6-8>
z%dr>W@
SuspendLayout
2qqi3
K2jo)
333kkkggglllkkkjjjlllkkkjjjnnnjjjjjjjjjiiijjjnnn
7vX3nuvJ
j/`B^#*
cellTextIsHTMLbool
333cccYYYUUUbbbHHH___gggggg
Hy8&\
Z7/"F
@v6!N
OOObbbaaaWWW888bbbTTT
Do you want to save changes to your current KeyBinds?
\y?z_iW
keyboardHookProc
textBox28
;[?=J
^XUw5
Choose the File to load at Startup
fffnnnTTT
:TbI8
l|{oE
kR_nD{JO
)5]@7
jynI)
ZZZ<<<WWWZZZbbb]]]
j)Z()
ImageCollection
[=T.7
l'C_2
%KfhB
wR4e~
geG06
JBX=+a
HR2@f
jEW%m
7^^av
?dIlB
WindowTitle
EventHandler
count
=T|Fp
WriteAllText
(K9W-+
omn#@D
#dlf(
KE.a>
UnhookWindowsHookEx
PictureBox
Pgeed
ua!PF
toolBarButton11
I]ikyZ5j
fE%ajL
textBox30
B_[3gJ
v qL]<3
)5#"v
UvhQw+
0^`_W
"I2Vt
uo<gYG
mn7N4o
ed;*bsR
TKP+m
eWT,v
3QhTP
comboBox23
s#wr&-
b$jgV
r2~Uy.
H}[!>9T
(,\j_c
IContainer
ReadLine
urlTEXT
f>EYw
dYkCYm
LinkLabel
Copyright
rjKyz
%X6C}
CheckBox
System.Windows.Forms
GgOn8w
%M(A
>>>>>>
6mY5O
X.3ot
(ISsy
?*4g
eKU-E
vGC$ds
v`1C>
textBox
Z5RY?np
f'kzV
u,@aC\
get_Items
z{9Li
R#*{gJ
textBox22
o@.n$
A4QYM
\<-{w
GetWindowText
EditorBrowsableState
7>1OZ
zw*.=$
r~7c-
JrfDF
]]].)))g
9#q`V
B'S dbW
iNv~x
BJc9t
EndInit
Ultimate_SAMP_Binder.Form2.resources
LSHIFT
@WuJJ
^+mQW
label2
hRK}<
jfn6^
/lb5&
comboBox8
:FY.Xo
pqF_^
R?0:ZY
0;ywD
R*1wa|
agMrj
ZYCw0w
add_FileOk
TTTNNN...
{FWS|
;#m13
|gVX*
set_BackgroundImageLayout
boundsObjc
.2lX;
INSERT
=sTRH
sender
Ultimate_SAMP_Binder.Properties.Resources.resources
document-save.png
\z\Kp
fV+9T^
FormBorderStyle
http://www.youtube.com/subscription_center?add_user=TheDarkJoker094
=-/^;
-;ddb{
remove_KeyDown
Uh:Uyb
J*Q!J
iP^P_0%8&
Numpad3
n<o4(4
P [n]
N ^$f
KeyDown
rL *s
I|||2
resourceMan
fffhhh
*chWQLR
e\zV{?
IH6sn
=d]}m
nFH[CEnZhk
CompilerGeneratedAttribute
[f+Mw
oWR<O
a9Fe5
-u#['
=6e8b+#
?~*7~
Mm i<
Form1
Z46l^K
BFCZc
6ilo2t{I@
443o1
G`Q)&Q
Array
$+DxV
8hvLN
2010 TheDarkJoker94.
kkk\\\XXX]]]mmmXXXVVVZZZjjjjjjeeeccc^^^\\\ZZZbbb\\\YYY^^^qqq
n")u!
XGE@}|aw+
comboBox12
default
"""www
- Can be used as an universal keybinder.
QzOx=
4ym(#9
K|zZ:
textBox14
&B*\P
<dUH=A
5Nn,yY
lB5F>s
z;?2uJ
]0]qqf
+\n[Ekeu
`[Fa*
,Hw$?
comboBox19
\Mfl5g
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
^M;qj
textBox9
\4Van
[`.{WH
^xc}(
Ultimate SAMP KeyBinder Settings
0TfU$
ZB9}6
#qjc^
|pN>~
yIjt#
Default
comboBox24
2 Xdh
r5)#Pv
87_gf
[usVX
JwAYnl
Open...
yG'?u
textBox1_TextChanged
>Z{!*_Qt
List`1
!<IH!M
YnLjc
d]h:R
3:7Q@
l7VKf
setPath
1K##jj
(noIs
CommonDialog
_}pYg
-L^:W
{wMT?4
globalKeyboardHook
set_Icon
j%V"[G
(980u
ReferenceEquals
eRr$5+LS
27qLCc
888333
2,,wQ
3Jwc?
LEi;.
set_ForeColor
+#XNP
textBox15
6L XK#
`d;("
hookProc
1.[F~
cY"'Hf
0?d\>
}Nys"
DebuggerNonUserCodeAttribute
Ir,<Db&
textBox20
0Sl:2BG
Dispose
PR9E;5
}U/ze
_)-<P
*6JuX^,mOx
aGZF_} %
WM_SYSKEYUP
System.ComponentModel
get_Message
=).)!>SQ
k%6p5
"2-AB{+
p|~1>
-r1<zcy4
65T?S
_y%#b1
zdn^S
5MvL0
qou5?
?[]M5
=OL2l
Y%'nl
qqo<M
h,Adb
<rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CS4 Windows" xmp:CreateDate="2010-05-28T09:58:02+03:00" xmp:ModifyDate="2010-05-29T15:45:33+03:00" xmp:MetadataDate="2010-05-29T15:45:33+03:00" dc:format="image/jpeg" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:97860F12206BDF119F1AB0538305288C" xmpMM:DocumentID="xmp.did:96860F12206BDF119F1AB0538305288C" xmpMM:OriginalDocumentID="xmp.did:96860F12206BDF119F1AB0538305288C" tiff:Orientation="1" tiff:XResolution="720000/10000" tiff:YResolution="720000/10000" tiff:ResolutionUnit="2" tiff:NativeDigest="256,257,258,259,262,274,277,284,530,531,282,283,296,301,318,319,529,532,306,270,271,272,305,315,33432;4A59D9CD8D273AF54EA1E262514616C7" exif:PixelXDimension="763" exif:PixelYDimension="648" exif:ColorSpace="65535" exif:NativeDigest="36864,40960,40961,37121,37122,40962,40963,37510,40964,36867,36868,33434,33437,34850,34852,34855,34856,37377,37378,37379,37380,37381,37382,37383,37384,37385,37386,37396,41483,41484,41486,41487,41488,41492,41493,41495,41728,41729,41730,41985,41986,41987,41988,41989,41990,41991,41992,41993,41994,41995,41996,42016,0,2,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,20,22,23,24,25,26,27,28,30;3413E4B65426D7C8C6205631DBC5CA08">
CheckState
M; cw
d3]y%L
Z,mD=
p>52#
&WSl^
</xmpMM:History>
zfMzFM
Gs2\5
IntPtr
checkBox3
fn*XWl
SpO=k
~8-L&#/
V9l*%G
x<|<9
7c$b49
POeqFA
khzluM
SP/Rb
Aij?P
Lo~2V
?EZIN
32C(TXr
k^@bP
k2}%zro
1*Js`
#1,t7
get_Controls
;{,s[
@f]9&-_
dV=(=
5lM,J
PmM#"t
,Xzy~
Program
~oURH-
AssemblyCultureAttribute
FDf;H
PageUP
toolBarButton9
1u-;
W7MX<^
textBox25
->=f(
IdU?4
,l 'C
mcffo
G|Ixp
GGGDDD...JJJ
E|q7+%g
RtjL2#
textBox11
GNx,x
\Akwk5
\dJi-y
!D_(w
V.FXi
Pl8V9
Adobe Photoshop
udmog
h|5>\
.Fp l
dqD]Y
,FV/.
+FLti^
</rdf:Description>
ToolBarButton
11 7
!7C7P
H/H/H/H/Ht
87PPt
bq,~l
qs8u.
LbIE[
=N(SVSV
DnKj!;2
{K;In
3FQa<
Mp.%W]r
:}kNz}3
gta-san-andreas-orange
/?@^c
e%B2C!
LinkLabelLinkClickedEventArgs
/F5=q
(CFE&
VarFileInfo
WAL^G
kJWH4 W
",MHB
~v9Je
AsyncCallback
M5qaU
qo<[m
G}VCE
es22H
QN//*
kZeLEqk
glGv9{
p}RXT
6r[!@
g%F:(
ReadAllText
DebuggableAttribute
cI##B
Z:@e{
$8oly]
M?{h@
Ultimate SAMP KeyBinder (USK) is a freeware.
_2;h6
$7@OF.
Adobe Photoshop CS4
e!_MxZl]X
Culture
aa]Mt
On<L)
1>-e%
QIE=5@
get_ResourceManager
set_FileName
Pc:}w
1.0.3921.18678
ENR$#
8='Qk
r[)8z
sssLLL]]])))
/?~!?
_%zir
Label
MsgeTEXT
SizeF
$IJ8Xb
[EUNS
For bugs or suggestions e-mail me at:
get_Pushed
^!hl@
comboBox4
*7EOC]
wf8=6B
IDisposable
k_cL1
\DvT[Q
v`@49
#f$ex
KK}1;
)ihVkh
^Z+b;
1fbV3
PY0/C
%V.ugYOU
~ZSEKR
Kx{2&3
UZ'&@
=cs59
m@kNk
set_StartPosition
LyG :B
o[Ss0y
2010:05:29 09:19:09
'@qHDn
1.If you choose the option to send keys only to GTA:SA:MP then the T key
`(EC_
>er'VA
:BJJr
-vWR1wdS
T]E*VW
>G~-M0
e4 6u
Form2
l\b^G
kkkl\\\
N$]*!
document-new.png
7OR}Y
+\9[+
S\Myw
4s\I$
ComboBoxStyle
iMH]z
2#ip*
ResumeLayout
pictureBox1.Image
}x\\d
Y;&Gf
rosn
$67lh
32M0-
originenum
ML{Z)
then make sure you run USK as Administrator too!!
AssemblyProductAttribute
P8*SSm
2`]XJ
q9P(.
~~~ccc}}}
ToString
M)n3j
f>[5!\
wxlQe
jjjeeeKKK
Q=_Oc
!!!:[[[
PR^@I{"
2v0FA
{Pu,F*(@@N
Kk=JH
l^<'^
<rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:97860F12206BDF119F1AB0538305288C" stEvt:when="2010-05-29T15:45:33+03:00" stEvt:softwareAgent="Adobe Photoshop CS4 Windows" stEvt:changed="/"/>
Split
;7)VEZn
%(JLEA!
method
\n|[Z
xJ[t,&r+
PageDown
System.Runtime.Versioning
P3f6`
GetWindow
Numpad0
1'' up
LA*{A*H4
TargetFrameworkAttribute
"t:vr
K>NW=H~F1
7{Mcl
ESliceOrigin
leftOutsetlong
<34vC
SaveSettings
=%r^/
WM_SYSKEYDOWN
aoI;oy
EYrsF
*coBh
Finalize
G"07#
Ey$RZ4)
g%Fxr
set_ToolTipText
yn97c
}ud{Y
ToolTip
qqqfV
QQQAAATTTRRRIIIzzz
TextBox
k0'lm
V{~#K
,$1MQ
0iEZP
Do you want to save changes to your KeyBinds?
&$HQgyj
:`~>>
<<<!!!333555555000666
K,H%n
m&6ky!
4Z4RE s
jjjbbb
NHU55
(kHCUS
textBox17
h&.M(
Mgs[}
button1_Click
USK Files|*.usk
[?Ke5~
*)grG
Fys5^Q]
zk,ngK $
`5';A
C\l;,|
9&WO<
uuuVVV
MEMK2
LayoutKind
(woF'
z=JqB;M
FFzc>
get_HotTrack
cellTextTEXT
{(bK`
2jzvc
Icons by the Tango Desktop Project and Jonas Rask Design.@
GeneratedCodeAttribute
set_ShowToolTips
AssemblyConfigurationAttribute
;N>2K
&3';7P
add_FormClosing
Q>'z*W"2
Ica&LC
oL}FA
o^O}X
$\eNj@
U&UpN
="+oQ
#GUID
M0W@W
loadFile
[WWZT
Ao}!U
ToInt32
=joDm
]N*)_
U6F6s
ijjA2
Features:
hsukM
O[]Jn
1hd6`$
comboBox2
)vnuw
'jbsW
MMyI2
qqC05K
Ye^MyL2
a}DKY
7^~@o
c72OMQ
SetKeyName
i#Zn3
7_c}l"{
E_&B2=
ooouuuwwwyyyUUU
comboBox13
toolTip1
hn *3q$
EditorBrowsableAttribute
<1v'2
get_Brown
pictureBox2
*H;MkJ
Ky=OT
DebuggingModes
ssom$mon
6#5ua/7
on)ud
*]G?!
vR5Y=d
\]rnB
'WR:b
H hUIn
^TuTfM>
Ultimate_Keybinder_Settings.ini
Ultimate SAMP KeyBinder
6FC^F
"uwWJ)-Z
if?DW
:fKYMu5
ToBoolean
j<e:cb
threadId
Form1_Load
"dk]#
+>R*r
t4I|%
PGVjE
4GtWh[G
o9g,@
0&^mv
pu#w!-
W[`]p
h\H9M
V9}bD
#yh4B2
YKi4K
StringFileInfo
CancelEventArgs
v6f6o
&!N,E
l=gS8Kc
([ETD
Wo's_
yUZ(W
9nVN!
Oph9F
scanCode
_.?Hw
*-G&2
M&+0-bu!
yr{^Da,
comboBox22
ListControl
MyKeyBinds
textBox6
#\5.9i
get_SafeFileName
MoveNext
z;]qc
l6hz9
*"dmF
+6eTT
set_Image
k_8M~;<
[Settings]
$/m\X
X@xd8gX
_o_kU
XN}t_f
MyWindow
"iDTo%VX
7H79m
Resources
r ZbM
culdv
d;p/md
pZ]O<
2010 TheDarkJoker94
[=+)\
+~0f:
Ultimate SAMP KeyBinder.exe
[7O17
8r"d<
4Y/%/>
@#icicicicicicicicici`u
0O#+W
index
,H]T
#q:)*\F
set_ReadOnly
button3_Click
autoGenerated
button3
jE9LJ
gP?VQ
DialogResult
w.G_z
W5bmv
nsTQB[
~Ms_
hSn3%
&System.Windows.Forms.ImageListStreamer
Os^K[+\k
:N~u)Q
czw#o:
mq?t
}1Z~3
"""fff
mXldA
'Q31b
Rz3.xX
vvvpppTTT
LL?bP
Qx-}h!t
xX>4S
UT$*F!
#KkPH1
}89@#<
E+Ci$j
Top long
TlT1S&
T{|v]T>E
GuidAttribute
+z6Sp6
J{zx~
{c'lU
+p_F&
UUU{{{
]!3fT
|O.28
9ASG7ilK
set_Font
document-open.png
eeekcccp^^^
)w{OG
am{y<
UUU(((
|||aaa)))
(*tDR
%UXyL
C=cgV
g$e`nD
hq,>^
3#rOg
b*fZZ
qLM*^u
hm%KY
333333
F>5@Q
7r5RHt>
D{,Q;
E/l5(
,-c+lbY
UvoW.
```DDDwww
lrd)p<
System.Reflection
.NET Framework 4
N/H<ah
s hLgM
Ud`o\
9&'7(
M6nZ!+V
set_BackgroundImage
:VI&7S
PR_i/!kRS&
666AAA
http://ns.adobe.com/xap/1.0/
p|J&)l
KX{.X
/|(?S]
imageList1.ImageStream
System.Drawing
h~MTTq
ToolBarButtonCollection
`;5K!
zzzqqqrrrnnn
Y,/drh)
Z{1m=
$q)"J
Q$'*z
c>J (
,-m4/S,
r4^an
`)m-QY
87z^<
]68eYDj~
&Q0QU
D(U?M
uolP5
uH@M6"
sSc,9
Image
{]P,{
a[G>F
0 3aTwt
d1:adL
textBox2
O@hr0
PhiE=
System
@pwwwwwwm
Haj"2
K5kR| bP
HcNoYU
P'kIF#
:1010101
-i|NA
999555kkk
.NETFramework,Version=v4.0
Ky**~
AssemblyFileVersionAttribute
textBox21
09!FC
'8a@n
M=97U
bnAam
IXF"13B
linkLabel1
`<"bd
$9IX)
8hbs<
bHn["
^Egt>^Ef2
Zv!A%*
GetObject
kkkeee
\6&FK
--^+t
zs5a8
H3UG6/
5.ow@
3""&1
_tYL,
NY&"NG
nullTEXT
comboBox18
n?w7g
_n%=C
{yis7w
ISupportInitialize
vM.^x
vZ@Gg
]]]VVV
V90 /
&&&
S;n?upwu
-OISZ
W&Ai=N
y#MCuU
MG>X1
YYY!MMM
w2"vO^
ImageList
iZSgE
`Z5J85J
USj5{J#
444DDD666
System.Diagnostics
8#tq<;
AKHb*%X
set_Filter
Numpad8
Nd+ftd!
Int32
VS_VERSION_INFO
,S&UJj
}9TI'@
set_Divider
21wGRd
7%%-Y
-S7p7]v'
)wSWk
w)KR1
%5mOp
.yqb;
pD$yRS!k
C>S[?w
Adobe ImageReadyq
]8zi/&.iGtQ
Zr;?'
SettingChangingEventArgs
...ZZZ
RuntimeTypeHandle
w7&7;
r9hxb
]Mh<9
BeginInvoke
Foo$*
r?_7B5/
a^H4T
gU j?
Hk]45aW
WGOWl
111<<<DDDAAA
pictureBox1
SL%a%
3Y'wOb
{).T^
4R:/U|
Q"{A(
#QE3c
Exception
S2PiS
)Z51K
},6Lm
wwwwww333
sliceIDlong
ValueType
lS[xA
,,,"""
uIOB!4
LD\G9
2dD)V
S5(=B
<rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop CS4 Windows" xmp:CreateDate="2010-05-28T09:58:02+03:00" xmp:ModifyDate="2010-05-29T09:19:09+03:00" xmp:MetadataDate="2010-05-29T09:19:09+03:00" dc:format="image/jpeg" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:AEA977AEE96ADF11B2D5B2F56147C0AB" xmpMM:DocumentID="xmp.did:ADA977AEE96ADF11B2D5B2F56147C0AB" xmpMM:OriginalDocumentID="xmp.did:ADA977AEE96ADF11B2D5B2F56147C0AB" tiff:Orientation="1" tiff:XResolution="720000/10000" tiff:YResolution="720000/10000" tiff:ResolutionUnit="2" tiff:NativeDigest="256,257,258,259,262,274,277,284,530,531,282,283,296,301,318,319,529,532,306,270,271,272,305,315,33432;FD69A79C3A793E8B6B36D9290FB18632" exif:PixelXDimension="286" exif:PixelYDimension="258" exif:ColorSpace="65535" exif:NativeDigest="36864,40960,40961,37121,37122,40962,40963,37510,40964,36867,36868,33434,33437,34850,34852,34855,34856,37377,37378,37379,37380,37381,37382,37383,37384,37385,37386,37396,41483,41484,41486,41487,41488,41492,41493,41495,41728,41729,41730,41985,41986,41987,41988,41989,41990,41991,41992,41993,41994,41995,41996,42016,0,2,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,20,22,23,24,25,26,27,28,30;25EC9A3F19FE2DC8A4FC46012709E47C">
rS[TsHo
wParam
get_Images
false
h=NG'
d[E:U
666bG
K_c!J]
comboBox27
{qqo#
`?]==^
j((M:T
~kD{#n"
;nEsx
n=deI
h/_Lj+
/Y)+Wn
TIbJtH
Hs 9|
Color
%(+j0
iiitttuuuyyyhhh
Assembly
W1Znq
Synchronized
4MS{d|=
Zd\\,EIK
[um>i
vx_$E>C:
O#Lrl
[Q+B[
iX)gP
!Ge(R
1sugq%
F!#b<
$fkT3
1um}wi
V]0Pw
2Hy6AlJ
<V~n{
> DJ<1+
\3t[[J
JY>LR
*Tf+N
Save As
nBQ{JP
<GRxC
KU-ON
System.Threading
+EWht
K}HJK
Rr7IW
EXl#KY
ProductName
SaveFile
&tQJDFY
M~dZN
AssemblyCopyrightAttribute
|MrJ[
YCpNL
[4mOe&h
---w-
d4k -
rNe.)
AQaq"
5m1#e
set_MinimizeBox
5c1Iq
hN8|_
I~KS$
~_j+.
ucI4d
JUIc0
jM]1[-
fKM{O
{Igim
8ec&[Q
lc`i_1
H*S!1
eRQS@WO
lsf]T
{c\Y$_
L0b ]
P/MV^
NCs]F
get_Checked
!bMCt
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3afSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Oh:Sm
9S,]=
#qB$|C^f
StartsWith
7SMXA
c=zOW
-d3K4
&$fXos
c &0
j@Wb\l
1cqs#2
@707b
Ii<:c
aI5",y
IH\Vr
I*KN8
6,R}c
TUV:#
'4|hoh
set_Enabled
U(`pK
bottomOutsetlong
CallNextHookEx
:h+])I
"V4Vte
NNK8e
~q6Qf
wlL_V
EtO*`=3
FileVersion
(fS/M
17_n+])
aRHPE@
DEACTIVATE
N*qKM
*U/ WJ
"W0f8q
335ebk-
LrC=1
nJ*C~I
jF-^{
Yn3mF
F ^|6
f\oO{
mP[\]|CIc
X0u"3
RNv+#
+B[H%
preferences-system.png
I!.Hp
\]NW"#+
LCJuuQ
$8ebb0171-f897-41a8-b262-a0cafcb2321c
mopYR
_ba;"
7J=QX
{TtOn$tZ
E8^>X
3PMh:
AnchorStyles
0,CyOF3
w>zY>
tQ9&;^=
Send Keys
gP8/P
result
M_!Jta
vY^{M]
7KH>6
e''j-
whaX/
\MW4Z
uW4&2
De@!M
@7 7`6
Qpusp
nt?,Z
%.-,8
dl#wq
Bj:2@
u>kI"G
GC8S|
"o(F3
}|<8~]
<AT+j
-Txgh3t
textBox8
3Rx)-)
-frhV9(
7{Ah<
Gi*1s
!'>"!\
y1=%X
- Over 90 different HotKeys to use;
5!7Xc3
Hz<)M
!yZvn
}l~^5
v4.0.30319
W1`iG
lpFileName
(((<<<
zxW_6W
5@}E4
xr~3vM
,'y) \
0POPH[
&@W0_
XvX&o
$YEKn
thedarkjoker94@live.com
JI}jEL
<:FONM
)X+>[
;ZQC1%
w=:ys
kdlHk
q20\r-
cHRM
WLySp
YSr#E
khxB5
]As.+x
(n30O
C?9%K
&eU 3@
nRWFB
*Ns)7
ZLfv>
set_ImageList
ESliceHorzAlign
tF"=(
G6IQ!jx9$He>
FsjPj
A/l5{"
$S":v
%,ddz
RZb's
u#2ARN>
D|l-%
[iYBN
OOOrrrXXXiii
add_CheckStateChanged
tiV&Y[
4~_u:(
<|Z@3qi
UUU}}}^^^
_U]Ji
TB*Hj
*yN,+t
[;{((
PV$E%Ku
eZ%,K
I*TrPvZ
qwwwwww
02+{<:5S
t-lifm
m?>+9
S{y|p
label6
tK0W@W0Wq
ykp&_
u:v6;O
KKKccc
5:;<L
yGM*Q
/wJF1
,^9^F
Sby?9
Process
InternalName
h,[IZ
os3;H
n)!C#
toolBarButton8
@4?>>L
textBox29
IM[ba
get_Name
6oY@w
)1F&1
{K!Uq
ak[1vO*
U5~v.
PQo$n
d51@}K!
toolBarButton7
cG3.6
h5P{A
dEU6te
resourceCulture
gwl\U
:rP|5
http://thedarkjoker094.blogspot.com/
5@NxP.
- You can bind up to 30 keys;
L6e-y
8BIM'
mb`b`b
ImageListStreamer
V6oQk
njd&b
.T3-:
u@W0_
HnnsII
String
6?7@w:
kernel32.dll
Adobe
HAY-_
q@|ZYm
nL7c+
rZGY1
set_Name
W^z\N>
1=@'C
A)@yZDw
u5ro3&
IZ/:$2H
jBZCI
8VJ%\
altTagTEXT
!!![[[lll
Enable/Disable HotKeys
\Csim6
e[G@i
*oWdN
Ultimate_SAMP_Binder.Properties
hJHj_o
~`NQ5
Ak272y
?j>!z},
)P]#Q
UsG9"+6
O?{_>
3dv.+
System.Drawing.Bitmap
S9|dA
h#sb)
ButtonBase
comboBox15
linkLabel1_LinkClicked
set_AutoScaleMode
MLcO\
SendKeys
W^c=
_=3gF
QKq"10
Q6\wCD
J]#)x
5wa39
@'2<TN
(S+h$>d
l0_rU
|@xKZ-}3<J
m[&q=
AUCkv
EventArgs
o*17J
Dt5B/
StringReader
toolBarButton1
FormWindowState
comboBox30
VsV1
RGMQ9
(l7XU
un)JQ
gUwuuuuuu
get_Culture
ZeM1($
comboBox3
Cursors
!)J[jBQ%
f[\'c
222888666888%%%
,V;[v24
ESliceBGColorType
mQMU` cp}
x<c ~~
333@@@CCC...999CCC;;;"""
mc#}UA
^4e<+
textBox5
Exists
_,BkQ
9_-aDnYRgY
%,[HU
'7GWgw
WKN-e
MP1P2
PictureBoxSizeMode
9a6%C
JT-y-
WriteLine
~CiT[
Btomlong
Browse
{4{nm
j{CFs
.n=d7
hkC\k
F7_]y
QJ_);
#rxD1
set_ImageStream
C{WW.($
]rj[DMF_NC
L%0%y
;cQ-Ir
SetWindowsHookEx
osVyE6muf
7=j;45V|?
StructLayoutAttribute
k]{xR
v82_K
06+(`
OuA}.
AssemblyTitleAttribute
6mq?L }mu
@[Ajk
\3*}iG
,zA%K
fffffff`
q`8Lx
dwExtraInfo
More Stuff on
yLEYq
!This program cannot be run in DOS mode.
),X[7
/M/F5
vo c<
c!&.NT
@"">{
GetTypeFromHandle
.@b+x
y,OR4&/
System.Globalization
jE'wTJ
comboBox10
,:*A-
v!|DZV
T?Z&a
#e6"f}i2\
GetCurrentDirectory
iR-FD
STAThreadAttribute
G*@m!q
IoG$R
DVI-j
HotKeys
y.S-u
@> sX
E[yFZ
/kl}("
<"e)G
WSystem.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
_"{(@Z
get_SelectedIndex
4K!d*
IDATx^
@.jWW
SVgI?|
:IqA<Z
PWS|d
wCZ`<S
X3V#OA
"2[_:M!)n
#%Tse
eV:'&
button4_Click
lOROo
YourKeyBinds
Remove
saveFileDialog1
Yo4=:
56bozS~
obame:
sgw9h
textBox13
k\[m[?
textBox4
---r???-OOO
~~-M+en
object
======
H&A$R
]9u"[
H>d~K?t
=8xa?
>\8P-
@%AM@
v^-grM
MessageBoxButtons
iQe)M
SSSppp
_]KvO
AddRange
B'`E<iPFG
BorderStyle
zFX4e
set_Size
-u*\xE
%kpw(Pk
6UdV`
acaumw`
(]FOy.
qfGRD
LP6n}
O#doq
?Dm{Q2
CJ4u@
CancelEventHandler
vm]$S
"s*`.6`
KkQl|:7
FZI@7
8$XZ0
Olu|%
oSO|~
j70OX
mJ#$P
6I,jV zf
\ZX'[
2tb3&6{
{G+}+
e{Vs$
5USJu
y/7>)
tE)KTw
v>)"Q
JE*<L@
clLI4
System.Resources
+poE'6
fileName
textBox18
E!{1H
*,%@'
}6eFy
btey.c
ie`MA
settings
HotKeys Enabled on Startup
o^]mkU]]
slice
SettingsSavingEventHandler
'tbUi
m!z]!
Close
F`m*'QQU
4OJWX:
>G);{8
S`-sw_s
jenZ+}
5<_eO
label5
Es(PJ
- The keys won't be sent if SA:MP chat is opened;
,XFf1
ComponentResourceManager
Translation
U)rOL
MP73tw
jYr^c
50>?H
tajFf
textBox3
_>4uUZo
EEE
*KcWK9u
Z5)EkH
IGdI8~X
'[o$5
Y#[W)O
textBox16
set_CheckState
I@aS*
RuntimeCompatibilityAttribute
get_Item
CY|OG
uq'}7
set_AutoSize
.ctor
pQ$ur
SetAttributes
set_Title
Z_o3\
e,s1`
eeeqqq
N{rW#
LSw/o
FFFbbb000DDDbbbCCC
set_TabIndex
get_Orange
SettingChangingEventHandler
4o!c_
ProductVersion
68S8t
cewmh
<<<666UUU
-o~yK
ComboBox
RV^hH"
HM7pt
Numpad9
toolBarButton2
#ylmfp
;%p5H
set_FormBorderStyle
set_BackColor
get_Hand
\'"Jjs-0C
f"u#y
OAPqQ
G`*h:
```RRRPPPQQQQQQUUU\\\QQQPPPQQQQQQVVV^^^
Q1["j
.iPEkj
(iL(s
FfaF4d
hU;7G
^'?`T*#=
op_Equality
[FYff#
Yd5Iq
N:ACX
8]/b\
fZdow U>U
)%'QM-M
K?7s>
v{/qd
SPSSR`*z
XL>yb
vfNom
F9nX$6
C:\Users\TheDarkJoker\Documents\Visual Studio 2010\Projects\Ultimate SAMP Binder\Ultimate SAMP Binder\obj\Debug\Ultimate SAMP KeyBinder.pdb
- All keys are functional!
radioButton3
O@A)SM*
HDkc+
EndInvoke
Ob|?k
$f1-s=
Invoke
=EcV-
LCTRL
&H%Uq4
5o2]D/
kXXmIJ
'NO+3
/NG@B
-;mxsj
Cancel
{3 s)
;5(g[
zuznTy}
;^Ugzv$
SettingsBase
Exit USK
V'#7Q
\@i&N
aDu|\u
K|(B-
m Q6$w
-%ACCZ
q-eFx=
s!V]:
BUIiB
uaz|,@
a,B#P{S
^\jH*;t
NbfT?
r2L@p
|24]>
add_KeyUp
lpEUd
y9m5x
Xvl/lw
Waek(
add_Click
Form1_FormClosing
%.0gLj
1Efb2
~+eq$)iq
System.Runtime.InteropServices
-[6FK
Adobe Photoshop CS4 Windows
Ultimate SAMP KeyBinder -
info.png
%%%d###
comboBox1
7LS=^
v,uf5
)*CYq(
>6S0`FAC
tV$P?E'
#Tq2B
YYYMMMVVV---???OOO---MMMPPPTTT666uuuwww
tEXtSoftware
label3
<HNHt@9
M)!Al
uZkpz
7~az[
System.CodeDom.Compiler
hInstance
DEO</
comboBox
~}1'Ah
*4Q#+#U_
)v[~3&
L{g7F6
System.Collections.Generic
+G 5Y.2
zQmxa
p*B"W
`rb",
label4
toolBarButton4
7GWgw
F#bGJ2i?
sC}**
Settings
ZOys{k
radioButton1
O;HMc
Rghtlong
EA@-{j
Lg7FGFZ
oF*Iq
-yb;n
checkBox5
System.IO
ar);^.
[^Km-
Cwgq-
GGr$`
p{$D9!
3d:Hv
1.0.0.1
{VI&'
Start
kJH5qo
l[X)n
FBM!O)
{A8@;
zB(GP
get_Current
lParam
LeftArrow
""""""
groupBox1
i %+B
SaveFileDialog
% iZW
rvS~g
dOXK/-M
Pq'q-
"230r
oq<Ewh
"""!!!
{[["$
{Fhm)
&X.}G7
$I>^&
^zygk
JkbdU
[7W#,{
AW#5ZuY
.{Zkev
set_BorderStyle
y,f*Cx~M
GetString
1fwcO
ZgF:B$
set_Cancel
YmMjS!
=To<{%
eeesssjjj
/9@os
- Untitled
cQm"V
RL2Bu
J-NpR^:['
Automatically load a File on Startup
CNhPJ
toolBarButton5
hkt5*
uv>TN
,"ulB#
o\1\+a
K!N .
VA_f0
c7|v{0
|lymhE
Tg4br
1RIaC
~z!NlI
comboBox26
| Filename |
e35a54846f4cc598cbd1468eee1b0872d9b19ae2dafbfd7b313055e7d8b311e1
|
|---|---|
| File Type | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| Associated Filenames |
519844976cd2f66164e113a4f44bf29f75601dfa48963d6f5455c02ceabe59e6
|
| File Size | 741376 bytes |
| MD5 | d8907c68bb916f750f5f4e5daf2902fb |
| SHA1 | 9e81a91951b02d94b876762aa34aca68bd2ba9b7 |
| SHA256 | e35a54846f4cc598cbd1468eee1b0872d9b19ae2dafbfd7b313055e7d8b311e1 [VT] [MWDB] [Bazaar] |
| SHA3-384 | cd541d847c1e7cad9b5fb4739a3f227a742ceede162f6fa771e71d4ed7419b8b3e809bc5d58073a426fc70d27f4fcdc8 |
| CRC32 | E27F6882 |
| TLSH | T111F4AD61735CAC23DA7D15F64552C6B402665F194871E2BA3CCE3E8B37F1BB02A1CA83 |
| Ssdeep | 12288:V2cmrcm2iGmSMkuDAE7c2UibXVabxHMLKFhcDRGI8lhvoxxkW8MudbCgI9:VsNPSMVghaRIxhvo48uN |
| PE DotNET | File Strings Bingraph Vba2Graph VirusTotal |
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | PDB Path | Compile Time | Import Hash | Icon | Icon Exact Hash | Icon Similarity Hash | Icon DHash |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 0x00400000 | 0x000a7afe | 0x00000000 | 0x000bd528 | 4.0 | C:\Users\TheDarkJoker\Documents\Visual Studio 2010\Projects\Ultimate SAMP Binder\Ultimate SAMP Binder\obj\Debug\Ultimate SAMP KeyBinder.pdb | 2010-09-26 08:22:36 | f34d5f2d4577ed6d9ceec516c1f5a744 |  |
6100708f528cc57da96fa811d68f338b | 96ff9be472c7f8976e706fb38c8277e6 | f2a2ecec489caa21 |
Version Infos
| Translation | 0x0000 0x04b0 |
|---|---|
| FileDescription | Ultimate SAMP KeyBinder |
| FileVersion | 1.0.0.1 |
| InternalName | Ultimate SAMP KeyBinder.exe |
| LegalCopyright | รยฉ 2010 TheDarkJoker94 |
| OriginalFilename | Ultimate SAMP KeyBinder.exe |
| ProductName | Ultimate SAMP KeyBinder |
| ProductVersion | 1.0.0.1 |
| Assembly Version | 1.0.3921.18678 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000200 | 0x00002000 | 0x000a5b04 | 0x000a5c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.63 |
| .rsrc | 0x000a5e00 | 0x000a8000 | 0x0000f780 | 0x0000f800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.81 |
| .reloc | 0x000b5600 | 0x000b8000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.08 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| RT_ICON | 0x000a8630 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.64 | None |
| RT_ICON | 0x000a8758 | 0x00000368 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.85 | None |
| RT_ICON | 0x000a8ac0 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.93 | None |
| RT_ICON | 0x000a8f28 | 0x000002e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.30 | None |
| RT_ICON | 0x000a9210 | 0x00000ca8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.81 | None |
| RT_ICON | 0x000a9eb8 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.69 | None |
| RT_ICON | 0x000aaf60 | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.31 | None |
| RT_ICON | 0x000ab5c8 | 0x00001ca8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.89 | None |
| RT_ICON | 0x000ad270 | 0x000025a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.75 | None |
| RT_ICON | 0x000af818 | 0x00000a68 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.71 | None |
| RT_ICON | 0x000b0280 | 0x00003228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 1.82 | None |
| RT_ICON | 0x000b34a8 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 1.77 | None |
| RT_GROUP_ICON | 0x000b76d0 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.14 | None |
| RT_VERSION | 0x000a82f8 | 0x00000338 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.42 | None |
Imports
| Name | Address |
|---|---|
| _CorExeMain | 0x402000 |
Assembly Information
| Name | Ultimate SAMP KeyBinder |
|---|---|
| Version | 1.0.3921.18678 |
Assembly References
| Name | Version |
|---|---|
| System | 4.0.0.0 |
| System.Windows.Forms | 4.0.0.0 |
| mscorlib | 4.0.0.0 |
| System.Drawing | 4.0.0.0 |
Custom Attributes
| Type | Name | Value |
|---|---|---|
| Assembly | [mscorlib]System.Reflection.AssemblyTitleAttribute | Ultimate SAMP KeyBind |
| Assembly | [mscorlib]System.Reflection.AssemblyProductAttribute | Ultimate SAMP KeyBind |
| Assembly | [mscorlib]System.Reflection.AssemblyCopyrightAttribute | \xc2\xa9 2010 TheDarkJoker |
| Assembly | [mscorlib]System.Runtime.InteropServices.GuidAttribute | 8ebb0171-f897-41a8-b262-a0cafcb232 |
| Assembly | [mscorlib]System.Reflection.AssemblyFileVersionAttribute | 1.0.0 |
Type References
| Assembly | Type Name |
|---|---|
| System | System.Configuration.ApplicationSettingsBase |
| System.Windows.Forms | System.Windows.Forms.Form |
| mscorlib | System.Object |
| mscorlib | System.MulticastDelegate |
| mscorlib | System.ValueType |
| System | System.Configuration.SettingChangingEventArgs |
| System | System.ComponentModel.CancelEventArgs |
| mscorlib | System.EventArgs |
| System | System.ComponentModel.IContainer |
| System.Windows.Forms | System.Windows.Forms.Label |
| System.Windows.Forms | System.Windows.Forms.Button |
| System.Windows.Forms | System.Windows.Forms.PictureBox |
| mscorlib | System.Resources.ResourceManager |
| mscorlib | System.Globalization.CultureInfo |
| System.Windows.Forms | System.Windows.Forms.RadioButton |
| System.Windows.Forms | System.Windows.Forms.CheckBox |
| mscorlib | System.IO.StringWriter |
| mscorlib | System.IO.StringReader |
| System.Windows.Forms | System.Windows.Forms.TextBox |
| System.Windows.Forms | System.Windows.Forms.GroupBox |
| System.Windows.Forms | System.Windows.Forms.OpenFileDialog |
| System.Windows.Forms | System.Windows.Forms.ComboBox |
| System.Windows.Forms | System.Windows.Forms.ImageList |
| System.Windows.Forms | System.Windows.Forms.ToolBarButton |
| System.Windows.Forms | System.Windows.Forms.SaveFileDialog |
| System.Windows.Forms | System.Windows.Forms.ToolBar |
| System.Windows.Forms | System.Windows.Forms.LinkLabel |
| System.Windows.Forms | System.Windows.Forms.ToolTip |
| System.Windows.Forms | System.Windows.Forms.KeyEventArgs |
| System.Windows.Forms | System.Windows.Forms.ToolBarButtonClickEventArgs |
| System.Windows.Forms | System.Windows.Forms.FormClosingEventArgs |
| System.Windows.Forms | System.Windows.Forms.LinkLabelLinkClickedEventArgs |
| mscorlib | System.Collections.Generic.List`1 |
| System.Windows.Forms | System.Windows.Forms.Keys |
| System.Windows.Forms | System.Windows.Forms.KeyEventHandler |
| mscorlib | System.IAsyncResult |
| mscorlib | System.AsyncCallback |
| mscorlib | System.Text.StringBuilder |
| mscorlib | System.Reflection.AssemblyTitleAttribute |
| mscorlib | System.Reflection.AssemblyDescriptionAttribute |
| mscorlib | System.Reflection.AssemblyConfigurationAttribute |
| mscorlib | System.Reflection.AssemblyCompanyAttribute |
| mscorlib | System.Reflection.AssemblyProductAttribute |
| mscorlib | System.Reflection.AssemblyCopyrightAttribute |
| mscorlib | System.Reflection.AssemblyTrademarkAttribute |
| mscorlib | System.Reflection.AssemblyCultureAttribute |
| mscorlib | System.Runtime.InteropServices.ComVisibleAttribute |
| mscorlib | System.Runtime.InteropServices.GuidAttribute |
| mscorlib | System.Reflection.AssemblyVersionAttribute |
| mscorlib | System.Reflection.AssemblyFileVersionAttribute |
| mscorlib | System.Runtime.Versioning.TargetFrameworkAttribute |
| mscorlib | System.Diagnostics.DebuggableAttribute |
| mscorlib | System.Diagnostics.DebuggableAttribute/DebuggingModes |
| mscorlib | System.Runtime.CompilerServices.CompilationRelaxationsAttribute |
| mscorlib | System.Runtime.CompilerServices.RuntimeCompatibilityAttribute |
| mscorlib | System.Runtime.CompilerServices.CompilerGeneratedAttribute |
| System | System.CodeDom.Compiler.GeneratedCodeAttribute |
| System | System.Configuration.SettingsBase |
| mscorlib | System.IDisposable |
| mscorlib | System.Type |
| mscorlib | System.RuntimeTypeHandle |
| System | System.ComponentModel.ComponentResourceManager |
| System | System.ComponentModel.ISupportInitialize |
| System.Windows.Forms | System.Windows.Forms.Control |
| System.Drawing | System.Drawing.Font |
| System.Drawing | System.Drawing.FontStyle |
| System.Drawing | System.Drawing.GraphicsUnit |
| System.Drawing | System.Drawing.Point |
| System.Drawing | System.Drawing.Size |
| System.Windows.Forms | System.Windows.Forms.ButtonBase |
| System.Windows.Forms | System.Windows.Forms.FlatStyle |
| mscorlib | System.EventHandler |
| System.Drawing | System.Drawing.Color |
| System.Drawing | System.Drawing.Image |
| System.Windows.Forms | System.Windows.Forms.PictureBoxSizeMode |
| System.Drawing | System.Drawing.SystemColors |
| System.Drawing | System.Drawing.SizeF |
| System.Windows.Forms | System.Windows.Forms.ContainerControl |
| System.Windows.Forms | System.Windows.Forms.AutoScaleMode |
| System.Windows.Forms | System.Windows.Forms.Control/ControlCollection |
| System.Windows.Forms | System.Windows.Forms.FormBorderStyle |
| System.Windows.Forms | System.Windows.Forms.FormStartPosition |
| mscorlib | System.Diagnostics.DebuggerNonUserCodeAttribute |
| mscorlib | System.Reflection.Assembly |
| System | System.ComponentModel.EditorBrowsableAttribute |
| System | System.ComponentModel.EditorBrowsableState |
| System.Windows.Forms | System.Windows.Forms.CheckState |
| System.Windows.Forms | System.Windows.Forms.MessageBox |
| System.Windows.Forms | System.Windows.Forms.DialogResult |
| System.Windows.Forms | System.Windows.Forms.MessageBoxButtons |
| System.Windows.Forms | System.Windows.Forms.MessageBoxIcon |
| mscorlib | System.IO.Directory |
| System.Windows.Forms | System.Windows.Forms.FileDialog |
| mscorlib | System.String |
| mscorlib | System.IO.File |
| mscorlib | System.IO.TextWriter |
| mscorlib | System.IO.FileAttributes |
| mscorlib | System.Char |
| mscorlib | System.Convert |
| mscorlib | System.IO.TextReader |
| mscorlib | System.Boolean |
| System.Windows.Forms | System.Windows.Forms.CommonDialog |
| System.Windows.Forms | System.Windows.Forms.TextBoxBase |
| System | System.ComponentModel.CancelEventHandler |
| System.Windows.Forms | System.Windows.Forms.ImageLayout |
| System | System.ComponentModel.Container |
| System.Windows.Forms | System.Windows.Forms.BorderStyle |
| System.Windows.Forms | System.Windows.Forms.ToolBar/ToolBarButtonCollection |
| System.Windows.Forms | System.Windows.Forms.ToolBarButtonClickEventHandler |
| System.Windows.Forms | System.Windows.Forms.ToolBarButtonStyle |
| System.Windows.Forms | System.Windows.Forms.ImageListStreamer |
| System.Windows.Forms | System.Windows.Forms.ImageList/ImageCollection |
| System.Windows.Forms | System.Windows.Forms.ComboBoxStyle |
| System.Windows.Forms | System.Windows.Forms.ListControl |
| System.Windows.Forms | System.Windows.Forms.ComboBox/ObjectCollection |
| System.Windows.Forms | System.Windows.Forms.AnchorStyles |
| System.Windows.Forms | System.Windows.Forms.LinkLabelLinkClickedEventHandler |
| System.Windows.Forms | System.Windows.Forms.Cursors |
| System.Windows.Forms | System.Windows.Forms.Cursor |
| System.Drawing | System.Drawing.Icon |
| System.Windows.Forms | System.Windows.Forms.FormClosingEventHandler |
| mscorlib | System.Enum |
| mscorlib | System.Array |
| mscorlib | System.Collections.IEnumerator |
| System.Windows.Forms | System.Windows.Forms.FormWindowState |
| mscorlib | System.Byte |
| System.Windows.Forms | System.Windows.Forms.SendKeys |
| mscorlib | System.IO.Path |
| System.Windows.Forms | System.Windows.Forms.Application |
| mscorlib | System.Int32 |
| mscorlib | System.Exception |
| System | System.Diagnostics.Process |
| mscorlib | System.Delegate |
| mscorlib | System.Threading.Interlocked |
| mscorlib | System.IntPtr |
| mscorlib | System.Runtime.InteropServices.DllImportAttribute |
| mscorlib | System.Runtime.InteropServices.StructLayoutAttribute |
| mscorlib | System.Runtime.InteropServices.LayoutKind |
| mscorlib | System.STAThreadAttribute |
Usage
Processing ( 3.21 seconds )
- 3.065 CAPE
- 0.141 BehaviorAnalysis
- 0.005 AnalysisInfo
- 0.001 Debug
Signatures ( 0.07 seconds )
- 0.008 antiav_detectreg
- 0.008 ransomware_files
- 0.005 antianalysis_detectfile
- 0.005 ransomware_extensions
- 0.004 infostealer_ftp
- 0.004 territorial_disputes_sigs
- 0.003 antiav_detectfile
- 0.003 ursnif_behavior
- 0.002 antianalysis_detectreg
- 0.002 antivm_vbox_files
- 0.002 infostealer_bitcoin
- 0.002 infostealer_im
- 0.002 infostealer_mail
- 0.002 poullight_files
- 0.002 masquerade_process_name
- 0.001 antidebug_devices
- 0.001 antivm_parallels_keys
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 qulab_files
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.14 seconds )
- 0.129 CAPASummary
- 0.009 JsonDump
Signatures
Checks available memory
Queries the keyboard layout
SetUnhandledExceptionFilter detected (possible anti-debug)
Guard pages use detected - possible anti-debugging.
Resumed a thread in another process
thread_resumed: Process ultimate_samp_keybinder.exe with process ID 4728 resumed a thread in another process with the process ID 4728
The binary likely contains encrypted or compressed data
section: {'name': '.text', 'raw_address': '0x00000200', 'virtual_address': '0x00002000', 'virtual_size': '0x000a5b04', 'size_of_data': '0x000a5c00', 'characteristics': 'IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x60000020', 'entropy': '7.63'}
Creates RWX memory
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
The PE file contains a suspicious PDB path
anomaly: the pdb path contains a suspicious string
anomaly: the pdb path contains a reference to a development path or term that may suggest a non-enterprise environment development/compilation
pdbpath: C:\Users\TheDarkJoker\Documents\Visual Studio 2010\Projects\Ultimate SAMP Binder\Ultimate SAMP Binder\obj\Debug\Ultimate SAMP KeyBinder.pdb
Sniffs keystrokes
SetWindowsHookExA: Process: Ultimate_SAMP_KeyBinder.exe(4728)
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\*
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Users\Packager\AppData\Local\Temp\Ultimate_SAMP_KeyBinder.exe.config
C:\Users\Packager\AppData\Local\Temp\Ultimate_SAMP_KeyBinder.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.localgac
C:\Users\Packager\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Ultimate_SAMP_KeyBinder.exe.log
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dll.aux
C:\Users
C:\Users\Packager
C:\Users\Packager\AppData
C:\Users\Packager\AppData\Local
C:\Users\Packager\AppData\Local\Temp
\Device\CNG
C:\Windows\assembly\NativeImages_v4.0.30319_64\Ultimate SA472f67d2#\*
C:\Users\Packager\AppData\Local\Temp\Ultimate_SAMP_KeyBinder.INI
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\053d057c90af827d0929a6aba7feabcf\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\053d057c90af827d0929a6aba7feabcf\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\dbf675a2e7564fd29ec8b82b29a1a2fe\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\dbf675a2e7564fd29ec8b82b29a1a2fe\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\eab83bdd6eee1b956e2c8aef88914cc1\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\eab83bdd6eee1b956e2c8aef88914cc1\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Users\Packager\AppData\Local\Temp\CRYPTSP.dll
C:\Windows\System32\cryptsp.dll
C:\Users\Packager\AppData\Local\Temp\DWrite.dll
C:\Windows\System32\DWrite.dll
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\tahomabd.ttf
C:\Users\Packager\AppData\Local\Temp\en-US\Ultimate SAMP KeyBinder.resources.dll
C:\Users\Packager\AppData\Local\Temp\en-US\Ultimate SAMP KeyBinder.resources\Ultimate SAMP KeyBinder.resources.dll
C:\Users\Packager\AppData\Local\Temp\en-US\Ultimate SAMP KeyBinder.resources.exe
C:\Users\Packager\AppData\Local\Temp\en-US\Ultimate SAMP KeyBinder.resources\Ultimate SAMP KeyBinder.resources.exe
C:\Users\Packager\AppData\Local\Temp\en\Ultimate SAMP KeyBinder.resources.dll
C:\Users\Packager\AppData\Local\Temp\en\Ultimate SAMP KeyBinder.resources\Ultimate SAMP KeyBinder.resources.dll
C:\Users\Packager\AppData\Local\Temp\en\Ultimate SAMP KeyBinder.resources.exe
C:\Users\Packager\AppData\Local\Temp\en\Ultimate SAMP KeyBinder.resources\Ultimate SAMP KeyBinder.resources.exe
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Windows\Fonts\arial.ttf
C:\Windows\Fonts\ariali.ttf
C:\Windows\Fonts\arialbd.ttf
C:\Windows\Fonts\arialbi.ttf
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Packager\AppData\Local\Temp\Ultimate_Keybinder_Settings.ini
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\*
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Users\Packager\AppData\Local\Temp\Ultimate_SAMP_KeyBinder.exe.config
C:\Users\Packager\AppData\Local\Temp\Ultimate_SAMP_KeyBinder.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.localgac
C:\Users\Packager\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Ultimate_SAMP_KeyBinder.exe.log
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dll.aux
C:\Users
C:\Users\Packager
C:\Users\Packager\AppData
C:\Users\Packager\AppData\Local
C:\Users\Packager\AppData\Local\Temp
\Device\CNG
C:\Windows\assembly\NativeImages_v4.0.30319_64\Ultimate SA472f67d2#\*
C:\Users\Packager\AppData\Local\Temp\Ultimate_SAMP_KeyBinder.INI
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\053d057c90af827d0929a6aba7feabcf\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\053d057c90af827d0929a6aba7feabcf\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\dbf675a2e7564fd29ec8b82b29a1a2fe\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\dbf675a2e7564fd29ec8b82b29a1a2fe\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\eab83bdd6eee1b956e2c8aef88914cc1\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\eab83bdd6eee1b956e2c8aef88914cc1\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Users\Packager\AppData\Local\Temp\CRYPTSP.dll
C:\Windows\System32\cryptsp.dll
C:\Users\Packager\AppData\Local\Temp\DWrite.dll
C:\Windows\System32\DWrite.dll
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\tahomabd.ttf
C:\Users\Packager\AppData\Local\Temp\en-US\Ultimate SAMP KeyBinder.resources.dll
C:\Users\Packager\AppData\Local\Temp\en-US\Ultimate SAMP KeyBinder.resources\Ultimate SAMP KeyBinder.resources.dll
C:\Users\Packager\AppData\Local\Temp\en-US\Ultimate SAMP KeyBinder.resources.exe
C:\Users\Packager\AppData\Local\Temp\en-US\Ultimate SAMP KeyBinder.resources\Ultimate SAMP KeyBinder.resources.exe
C:\Users\Packager\AppData\Local\Temp\en\Ultimate SAMP KeyBinder.resources.dll
C:\Users\Packager\AppData\Local\Temp\en\Ultimate SAMP KeyBinder.resources\Ultimate SAMP KeyBinder.resources.dll
C:\Users\Packager\AppData\Local\Temp\en\Ultimate SAMP KeyBinder.resources.exe
C:\Users\Packager\AppData\Local\Temp\en\Ultimate SAMP KeyBinder.resources\Ultimate SAMP KeyBinder.resources.exe
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Windows\Fonts\arial.ttf
C:\Windows\Fonts\ariali.ttf
C:\Windows\Fonts\arialbd.ttf
C:\Windows\Fonts\arialbi.ttf
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Packager\AppData\Local\Temp\Ultimate_Keybinder_Settings.ini
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Users\Packager\AppData\Local\Temp\Ultimate_Keybinder_Settings.ini
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-64934406-199802361-3218922526-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectWrite
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache\Parameters\ClientCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-kr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-kr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-hk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-hk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-cn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-cn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-jp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-jp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\Software\Microsoft\Avalon.Graphics
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-64934406-199802361-3218922526-1001\Installer\Assemblies\C:|Users|Packager|AppData|Local|Temp|Ultimate_SAMP_KeyBinder.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Packager|AppData|Local|Temp|Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Packager|AppData|Local|Temp|Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-64934406-199802361-3218922526-1001\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_CLASSES_ROOT\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}
HKEY_CLASSES_ROOT\CLSID\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}
HKEY_CLASSES_ROOT\CLSID\{7693E886-51C9-4070-8419-9F70738EC8FA}
HKEY_CLASSES_ROOT\CLSID\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}
HKEY_CLASSES_ROOT\CLSID\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}
HKEY_CLASSES_ROOT\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}
HKEY_CLASSES_ROOT\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}
HKEY_CLASSES_ROOT\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}
HKEY_CLASSES_ROOT\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}
HKEY_CLASSES_ROOT\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}
HKEY_CLASSES_ROOT\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}
HKEY_CLASSES_ROOT\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}
HKEY_CLASSES_ROOT\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}
HKEY_CLASSES_ROOT\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}
HKEY_CLASSES_ROOT\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}
HKEY_CLASSES_ROOT\CLSID\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}
HKEY_CLASSES_ROOT\CLSID\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Tahoma
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Arial
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Microsoft Sans Serif
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\policy\standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-64934406-199802361-3218922526-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectWrite
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache\Parameters\ClientCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-kr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-kr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-hk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-hk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-cn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-cn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-jp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-jp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\Software\Microsoft\Avalon.Graphics
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-64934406-199802361-3218922526-1001\Installer\Assemblies\C:|Users|Packager|AppData|Local|Temp|Ultimate_SAMP_KeyBinder.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Packager|AppData|Local|Temp|Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Packager|AppData|Local|Temp|Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-64934406-199802361-3218922526-1001\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_CLASSES_ROOT\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}
HKEY_CLASSES_ROOT\CLSID\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}
HKEY_CLASSES_ROOT\CLSID\{7693E886-51C9-4070-8419-9F70738EC8FA}
HKEY_CLASSES_ROOT\CLSID\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}
HKEY_CLASSES_ROOT\CLSID\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}
HKEY_CLASSES_ROOT\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}
HKEY_CLASSES_ROOT\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}
HKEY_CLASSES_ROOT\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}
HKEY_CLASSES_ROOT\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}
HKEY_CLASSES_ROOT\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}
HKEY_CLASSES_ROOT\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}
HKEY_CLASSES_ROOT\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}
HKEY_CLASSES_ROOT\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}
HKEY_CLASSES_ROOT\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}
HKEY_CLASSES_ROOT\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}
HKEY_CLASSES_ROOT\CLSID\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}
HKEY_CLASSES_ROOT\CLSID\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Tahoma
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Arial
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Microsoft Sans Serif
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\Ultimate_SAMP_KeyBinder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache\Parameters\ClientCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-kr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-kr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-hk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-hk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-cn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-cn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-jp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-jp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Anchor Underline
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache\Parameters\ClientCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-kr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-kr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-hk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-hk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-cn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-cn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-jp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-jp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Anchor Underline
ntdll.dll.RtlWow64GetCurrentMachine
ntdll.dll.RtlWow64IsWowGuestMachineSupported
ntdll.dll.RtlWow64IsWowGuestMachineSupported
Local\SM0:4728:304:WilStaging_02
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.