MalScore
100/100
MalFamily
Ispy

Details_of_payment-copy_Nos__534.xls.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 42/63 Related 2581
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 198.50 KB (203264 bytes)
Compile time: 2017-06-13 23:54:58
MD5: 3eab5d298c5423ff30cef60036c43472
SHA1: 4fd1130b9c5fd2d11e5aa8f2d600fed73b59e636
SHA256: 4508bb625c6944b5d749fc10d9abef3ecdbeef7a58c6607b07597311d8f48cb1
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-07-16 06:00:04
Last submission: 2017-09-20 19:00:03
Filename detected: - Details_of_payment-copy_Nos__534.xls.exe (2)
- Details_client_Information_%23676.Doc.exe (1)
URL file hosting
hXXp://afri-oceanforwarders.com/doins/Details_of_payment-copy_Nos__534.xls.exeVirusTotal
hXXp://[www].afri-oceanforwarders.com/doins/Details_client_Information_%23676.Doc.exeVirusTotal
hXXp://[www].afri-oceanforwarders.com/doins/Details_of_payment-copy_Nos__534.xls.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-07-15 18:38:52 [42/63] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x30f94 200704 0c1e68e1ed792067bed8a700b60601b0 b1d19f7d5d0707f42fa66c5e02bb8c4477eb90bc
.rsrc 0x34000 0x600 1536 4ce2f55dbec187aef1d5e3e9e092b1f4 04be137c76b1a999fa3de2f626107545e730450a
.reloc 0x36000 0xc 512 01313f2ea2909c9c3c686f33519fce0e 71bb5afb0593ab97ed07c9b66c67b48576ef4b30
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x340a0 680 LANG_ENGLISH SUBLANG_ENGLISH_UK
RT_MANIFEST 0x34348 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017
ProductVersion: 12.0.78313
CompanyName:
FileVersion: 12.1.12777.0
FileDescription: Infrastructure service
Translation: 0x0809 0x04b0
OriginalFilename: Infrastructure .exe
ProductName: Infrastructure
XOR
8 119370
1 119370
2 119370
4 119370
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
D.dll
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
COR
12.1.12777.0
AeOcfXDRN9SFOwoWVL.uK4y3c9cSP9Q7n0TLO
VarFileInfo
"24;6@8F$K*i
c6d26209
D.dll
ProductName
e4260fc110
dldw
InternalName
.=O
sqe
StringFileInfo
lLlS2d9WV
Translation
Assembly Version
12.0.78313
FileVersion
Copyright
VS_VERSION_INFO
nch
000004b0
ProductVersion
FileDescription
080904B0
Infrastructure .exe
0.0.0.0
OriginalFilename
LegalCopyright
e4260fc18
e4260fc19
D.C
CompanyName
e4260fc12
e4260fc13
e4260fc10
e4260fc11
e4260fc16
e4260fc17
e4260fc14
e4260fc15
exv
Infrastructure
vbu
GetEnvironmentVariable
2017
_ENABLE_PROFILING
Infrastructure service
eyrj
fh
\( o7
I'\
C5GR7
\u/N
W>9M,
]6<C
jfu.
a!`V
PNG
#n*]
`w'Q(D
_MethodInfo
v#WS
|DGq
igBt
9kEk
xmxU
%gq
a|K>
mfrN
?ZIj
GQ6(
]xp7
zUdM
o/4,Eij
SjgQ
45 2W
GX\z
u:BS
~[y2
x8R4'
=B.%p
HD!C
|m26
IU+~=
wyTu
JiBP
$e .b
O:f:Z
;B[e
Si;L
(wHi:
072?
cG0P
R.]
<PrivateImplementationDetails>
vk
'%0]Q
w KUH
jGx:
pt,M
"y7BAD]
oiP}
&-z#|,
ZIh$
)ve$wuM
8*QZ
0w_g
CryptoStream
R!Cf
#OL]
!@ll
)Spt
3xtk
/d02#d
Tj[!
D[,M/
"*FQ
+B$6
dY\y
| ;a
=Kya
WSretD
nIK%lM
H'9N
; ]o
_Yv"
AssemblyTitleAttribute
NPfU]d
*R<~
5;b@,$
AkzVb
yle
bR^R
c5g?,
vJ_^[
#R|@
vVh~
B_(=^
skU%
edwS2km
Ylt}
T H7
UMo]Y
*q:>
F@5M
[l j
zjG!
RuntimeFieldHandle
/7ci
P|#C
=`lb
~H4oI
|=,x
L8 D
wo@B
iYIT
I)_
IReflect
_Type
~|Ki
dV&t
r"l\=
T(>o
q]>+n
N'{?
Y<8|hM
R ^,
uc[
(M:Sy
8" 2
cdNdo
n !9mE
CCNH9
\FL
`493(
d]|z/
vxn;
b7_;
XQf
'XSYC
VF^0|
[AFt
mVrv
l(+q
KYC<
ZY0
|Y]1
B O7=f
AssemblyCompanyAttribute
AG>Y
n6T(
uKJ3
)%rk
k# M
J#qL
WE&h
,6DS
+ WT"
s8vi)
o\ utD5
Aw1i}V
Lm|
fEvw
System.Runtime.ConstrainedExecution
'{'d
l<{5
PC4O
TpxgW
AppDomain
tXW%
NJ(
@dZ~
/?sq
9/re
get_CurrentDomain
kcb)
Xh~e
;sN*;i
DKim'
;Kr7[
@3-5O"
s]=m
$F-<
[_,[Iq
M:GX
1&2N
6@vz
#NR%
=uh[
)hv1
:CXF
AssemblyTrademarkAttribute
=,4K
}TXr
>xh(
|Q|Kb
~^Orz
;,]\u
>y0W
btF*
Na:
o0Er
;[nw
ybi /
).Xx
~')3
Y5iF
&7Dp
8^vlL
%.K]R
#Blob
o%n&
vlqn
O.J+
{ hw
5{ L
mh)G-
#Z4)
}u Q
8sK#G
tgKP
A`5m
"NXf
)kPg
ZtpW
F%X8
f}p
AssemblyFileVersionAttribute
aJ4g
]Hae
g~JS
F)Rz
)Qo+
O_*m
DOu.
J^/_:=
0/3O
+ [Ss
Ze!B
c{SB
'?)H
dI5 T
{@f+
:EVr
tK%=\R
,r9o
R5S`vnH
9B+w
h(>k
_R_6MIj
&pF
`6O(
5<$o
#9b?
yJ k
"Ij7
x{,o
=uf}
zQ9 'B
%>#BM
;Z17
?pA
Gi [
}A/I
iOL
6mVG
pd{k>P
Vg&d
I<[v+-k[n
DQqH@
mr%|
nUFS
9[t)
C,6sax|
get_Name
-.E.
!a7O
#-9I
V#f8v
)d9
EM$?
4:Z|9
[R g
lBR`
$K{H
w X8
L(Wt
K(L*
k~76
zp 0h
z S\P
;:v\?
Yla?M}
2/3C"(O
stYs
4M{b
a7hrP
n$|K)
2H6K
(=AqY
~T,\\U
*ioj
2qIa
O5'Z
dM\0'
crI[
a}h)!
"~"f
^B{
!u(&E
o<S+x
mY3T
X`' W
R&J)Jt
LF:`
o]onzC
tFbx
c |'
%ILA__D
System.IO
%;W{
.2C>{
@/r%I
3F?
Mntr2
)j5PS
0}Y~{
Nb~!
NgJ^
.text
L|A@
k ^u
) U5 P
yM9Qe Obm
EGl5
abK3
!Jx
G/6Kz
/+1p
8^DI
w|q}
jw )t l=
N&fEv|
4rrd
#40K6
{+E/
K]f|
-Y^G
KmpO!oC
Rm^{
iO<TM
n|x<L^
~;g<b
w\Mh
#~h
b/@}
[X1Mv
%<?
i[H
,LVc 4p
<G@
= YH
69^H[O7Z!9}
"^S.(2
+8K.
B10p
K}.sB
IsLogging
Y,
.Eyb
F}32In?
.#Xr
@v?1
-_ 'Y
,`KT
V4fK
<\5"\c
D,7{sw
HZC
)6(&
W*Gj
W l/
/UC]
.L3^
+T8+
Iq{5
#U _c
bVX%5
0~ [
7^
E8F0D540F6C2AD4D0FD45E832A4C4F6A33B77905
/uW`
*,y3
?[M&
!jh
{ ho4
2a)B
M a#
`.rsrc
/[65
NlLp
6 S*
vkq
^`%75
cK"?
r [ 6u
o(e&
M\v(
zw YZ
)$x:{H
CreateDecryptor
-qLa@
Yld>
~| K5Ywg>
`:E 6tm*
Fo,;
[EdGQe
_Fgty:9
0?1-o
OymR
9G N
= 38
n%C_
z6I4
{ Zs
.sP
/Hyf
D>YZ"
Mp3%
set_IsBackground
QHNu
vKV
>R_=
Em
^!gi|$
ZK1d
*Z_ |G-a
8Plh
qcF#
~Lh<
c^)
C6wh.
aN$4=
5UvN
p{?//@
!HBz
I5K}
w#~F
=/dH
ylg[
;pj4
?bw>
tnDg'x
_H p#
Z|GVr
Gs$S
9%T'
[S'v!
CT0
z=!Q
g2
i"R,
3hE
_ ho
U"E4l
\.xz>6
HK|}
mx.\#
'vfI
[ Z
[ An
Vp Q
(:!
80P1`
>52gy
:J}`
p*5
t E9
QS:/
"r z
JFz
#set
&i t
KIW*I
qo_?
eRCr
ka%J
0b]g
Oe/O,3
E Q
kA1$ u
GetMethods
7y9.3
pj yo
mP=c
Write
scZ
TRv.N
)"Zr,2
<Ke%
[?:x
L9:i!6
(JFF
/jYw
b=tR
@Xb] 1&X&
5_ ~/-
6,"_
^C)B
Xpn\
%kY6
z(qc
9aL=
tNsZ
YW 4 +
1A2]
`ro+3
kv0,
+o-^X
,E f
\N5*
HY:F
i>Iy
Invoke
I9e'
WrapNonExceptionThrows
Q^Qw
>o?^m
j,lGh
&a W
u]qYJ
OS[%
:Az$
3R
cXu{
3%O:6
BSv7B
H=`@
q :,
85V&
DP&p
A(Fu
ns,3R
U<I#
xIq@
WPmDg
JsOD '%\
aP+h
HDhi;H
_J Hc
fjr+
&*8V
&*8W
STAThreadAttribute
&*8Q
rLNT
IHDR
inCd
~(,_
Jj8X@
r!B+
op_Equality
Vi9H
FqJ
<d:<
2LM
&X 0
@aHo
{U{&
[zQ[
V/WG
`Q~u
e'Xs
&*8l
[QJ#
@t.h
{M"}
__StaticArrayInitTypeSize=16
FuKbL
`rW-
System
Y bXR
:vC6
{a+A
UR;y7
Cn ,
C@:>
t;uPo
6W8.
j5y%#
q)\v
N7'[M
Kxh.z
) uF
!TBC
CX$r
+M[
T>.
<crHx
>&p8g+
Oxx,
&dD^
;qe!
u|;?
VH al
u8_n
ab0 GW
Kjp`
=Ra3
+[w1
#Strings
paiz
W]C
R"u4
q !g
">]T
*G0%
2;Pt
dqY2T$
^Li,
*3@gJ
X U0
a]kL
V| k
-O+WoXXa
ZnJu[
)'(Ph
'wp0A&
u<i2]
: tC
Vc1C]ew
? c(
&@fmT
Vjh]
Q\Ru
V3Zm
o''a
W\0Dj
mxBdWc
j;{+
DeyeUF
$+h
Uy/
VQo
jMo#
4w'0
0gfE
^V 5
97OX
*nd@
POaG.
[9r
4KpMc+n
Bl*
(?m;f
U K]
I,!*
rcp*
gGQw
PrfC
cryT
t0HJ
| x_
v#K-X~
wi!{
'X_x#
Ho 9
Ymk"+ S
'A>sp
IDAThC
>pkZ
hamt
?*g =8j:
ZTK7*
$92b6a0ab-9e88-41dc-acd5-4df6bf8b91f9
W$po
Z b)
1JCB\
+@ E
mZ0l
)(|T
&+j f7x__
BK1%
4z\i
@r\*ou
{: q
cs~\
?w/`
upzb(
Z_+L2
p5AE
{4Vl6
h>2.
GetType
}Ei)
^l<8F
:*,VochrXT
LQ%4
d/4q
X ?i
G0;P
p.ym~]j
]vIO
=z9e
<+ }
[NL6
v50'
z@ >?4?
?#XJ
ky+76
kdL9
#XT-"t)
rK~n
&7p
hKP
ajbz
9Ld/
!p`
^L3]3
W5st{
}3p[
iIix8
m_E+
^p?u
)=Zo
Q$'V
>FnIf
h0yP
f-=oQ
7|r^%
<Vka
xb'*E
Hyne
K M""
< wa
xAQm
Vp=\
oEt q
@U|/
"p&M
bpy]
O}'*
FBNaDw3
c|g"
Zf/Kg20
Wi}_
Ka^,
vM@}2
O m)
_e;V\`
TfcB
u7"
glvn2)
2Lb[5x
n>#8M
MPJ}\
"&S%o
O?.h~
+;[F
<jQ:
qs 1NO
*oot
s9v1m
VF:M
?h`5
|+HU
K>11
OfdfL
%xB/X
mKiW
\NE2J
dp++;
09\;
:>`4
k.\|H
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
h1}3
5@n<
1R
fOdo
p2,9
GYwHs3
2d2~
A7BG
1U I
S*%s
zUAWz
vQ{i
n)vFkcP
'y,(
9`A:Mz
xQ{M
'Tt}
rd /
sseU
QS x
f=ozwL
j `z
Cu x
K~8+Y
eD}$
p+Az
EJ !o
2KsI
t/?;i-7K
[~>-
e8hE
+suG
JonC
Js?Yd
MethodBase
m8^;
# #<`
DV%E
FmTti
6M1sR
eN('\
bb'Lg
%0"7v3
17,J
\{;i
)l}~
pRTN{
$xnV=
n*]h
<lGu
8 B:
{_ZT
ty0(9
b`Pg
?np9
Gqr@)X
){Z&
fe#xc
\p{B'
= f'
#I&h
4Jv'
XTx
[pK8
W76"
w~jM8
Pgk$
-jP,L.i
Tos
CcDgX[
l;uI
>=E
ZtO0
m:g/
*DwS
kP.*=x
:z$I'
@:&5~@%
aH.,
ValueType
GuidAttribute
.[Iu*ZDu
,l j
q5H9Xm
@ix@#
cg^f
bfFV
)dYJ
:B/=v
+R\c
seJw
t" P
e'tR
0wrr
A9Yw
+6:,bHN
) zD7
}*G~r
/m.K
C~"
*?cB
+"7y
$D8(
a*^AI_
=6)]_
-g}g
Ff2x
eQM)]
/CX-
^ -Q
@D01
?B l
*J k
:*FV
]Po'
(g5l
>ZEx
%f7o{|
.P`[
l{eZ
kjx+
5.,<
0N1@
}&2F)
:U1!
k~&>
x$j"t ;
xV cj
u 6gk
?u2H
d\EO
QSQ"
~_/<
ZvcY
22NW
%f)R
@8iMm
qT%P
>mJ.
B' u
^[64J
#kU<[
aUKqO
[&s
a[*:o
/HW=E
^T"<
(}ot
DC`boL8
]+Pa'[e<
LJ]+
=tS%
I6n-NR
2,2"
vd C#R
6 q
H+ 5
uil31+
BL~
n=Q<-
}|A-
1m6
Sfbu
mP"ei#
^P@'$
oa#h
o> gq0y
[V%H
]}!G
t0nX
HY{.3
X88QO
e4}-
y7#R
9<Lj
ICryptoTransform
v ea
8X$r1
CriticalFinalizerObject
pananames
oB.69N
P)^>
`StQx
PRb
"oV-
X>tI\
Ez5! $
c9^]
>q`]
]0e4G{
:0}V
v+pl
6 x0
8)*oj
aZ?
(S S
i nD
e Gcn
System.Security.Cryptography
P=rE
/):#
MemberInfo
[ Y2
o"M/el
LxU$
!Jo1
-~A
Start
hkKG
)4Pd
GzLp
Y p%r
k <v
<R*j
93aW
Lk?X
y}7
.GL5
2ke:S
6 V;
- OO
tI@B
Data
V `FD
*wiBG
)<$W
0av.
;+.z*
=H4W
[5! _]
dr'8
|hbu
NlAr
MM-C X
k`p/
8s
A{I{
V^_{
OZ"DjR
xL.$
GR^H
;O8l
pHYs
.ctor
4J,|
%.,~
IRM|
^]~x
Z;Mv;
%;A1
PE( d<OB
/{ <X
A0z2aY
,hr7
'mdZ
6J ;
HD8f
}B^[%
l_B!
,=;_
@ ;[`*L
SGa%
6;9ff
Si2t
mRi?
a963
L5aN
L/<-
[l+R
et\<
1mz'Mh
eq J
Bz\#Y
Sf4)H
S^'"
9rY!
1|ls
U"IK
a_7i}L&L
LsaK
FNV Ki4O
{cClCF6d
$:bN
0p8xpHm
.cOh
/'@E
&[-4
Oz]YcA
_1Ut(
8)t~D@
Array
nR4G!
z? }
:d&n
R!G
]+1'
AQh
]N$D
@.reloc
;=12p
acG0
3@V2I
0+yK\O
O'TDb
Jf]zF
~Ni
V:W
vb?
, dfF
Byte
[&4K
e[e1
CryptoStreamMode
Dispose
)zZ5
GTBW
\he&
A rh
?v;,?
0 G=
v\-h
x<<
Ff4zxd6je
L6C}_
System.Diagnostics
AW|j
ep^C CXT
_ g%m
Attribute
M(I|
("Tv
;6Tm
(USx7
??Cpx
__ #
Bj \
5Drd
L\6U
p wa
n&P7
x':rBk
lA=D
!nsN
Zm5'lE>
'dESKQ
%s[
!OTE
7/~L
)V9
m5a2fX
8~<!
_;xf
jZ4q
FC`KX,
swq6R
U("JWN
pananames.exe
gfTsI
8YbF
CeZ
O@*Iw
adqhvXD_P
:i/J
CF{A\
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD`Kq
i"KU
ikO$ 6w
`7tg
8\bM
{#uz
aB>o
XW~>~
FjhE
Q</GE
q8UeK
9 Zh
(@(9~
RuntimeCompatibilityAttribute
Dr^i
lN}v
@<Ym
(f \
Q>z,j
3q.&
6 s~
80c8e654.Resources.resources
Assembly
+\|
`k4'
lSOj
c}S}f
45DMa
=9A{
?6@'
Rog
g2o.
)!b
o7!#
I:GN)&
Sm|W
~tUj
. ?l
[ Mp(
^Vp{B6u$
7qc7
tXhX
-\LV<
Nalg
9E!}7
S dZ
C73qw
<]@{
zs'+{
)rS<9
.#b]
C3g2-
@trS
">P,
`Q5X^
oP`+G
4(B_
^<F4
xQ2a
2BOm
Sr]B
3<U+y
a,$./
_F)3
X
@8V|
" }G?3
M~"dw>}
TN n
.A}CE'>8
~Vk(G)&
ParameterizedThreadStart
0 h/
?c\M
Dr@.$
Phq<&
dxff|k
FbZ6
&?m)M
'vMd-W
iE]0rL
}W&d
ilPO
a0>)
'6$x
Wav
i6z,
_54
&-)Y
44
15vN
#jX<
HzYi
"+%)
J+KRP\
ddv/<
w1.'n
$+gI
>Pi`
3y4#
pwf 2
@Mg^Cg
OX}%
UI.s
Ume( M
=bDZ
a}(T%oe
%[0QM*
uyh7
d6T
=_6?{
)\6K
>tPm
S L>
u#AV
eH ~
cz2q
1^ y*
hg<eO
3jbIp
9@%L
`QeuA1 A
Cj$$
(R m
*+Tx[
GTZ&
d2+o
P{k.l
;ks$F
8
=4o
pUggg
dY;h
h/PrcH
IY?kA
5ZovN
S^Bl
KHw)
?UZ^8
;y 4#u]
" Y/
l/$&{
[WX}
2fd5
vOlq=-cq
F5b0
K$p(AJ
e!t*
Za_N
|NI;
; }X:h
.y
R'Yz
}hE
jOb]
iT2u
T_~W~
OQ>
X !z
%"dnn
Q)@N
V qI(
n2.1
CaCgn
o@9bG
~viM
MPsug=
$\V'
AssemblyCopyrightAttribute
"$C$O
ScOz
k+f
pT]6
Y 8>
?*{;
4_`y
{ N\}i
'r:D
W+-
nER=EJ
*!S" i
BIcfE<
;u`^Q
<-)8
VuH#
WK(#
kbBf
uJ?!
^?_}
nQA^
Fv-5
@ _
q0,|r
=`}@R
mDj^
%{L#
"mi(
%n6<Q
Z@p
H:4*;
Y 8q
mDj>
n{=t1
6F%
l6lSj
9eY;>
Y 8Z
Y 8[
Y 8X
Y 8Y
d[2 u
^ksJ
TaFF
Dm w
75_qyyg
)=4D`RG
D<0N
x.wb~
k|?z DF
W"ZM
6DLCi
6A$e|
=D$=
u9 -A
e(d0
D-2/
]{(&w'b
a{IX
]!!-
D$em0
v q;
1&V*44u
Type
T w}g|
v)F )#S
pdAe
pananames
e46K
{ #Y
68GJH
i bQ
L/Se=
":+2
j &~V
;H'/
CsN5
6x)g
:9I:
Kx' Y;
D>zd
AfU
r4 Uh
UOuA
Q.M{
y_`D&
%^Ky
gAMA
`?-c
P|T#`
6kE
HKnqZ
9.<[
}[;>
~aZ-
SL})
/liV
qd=Bx'w
^en/
A!7$
B [s
`{na T
4Sim;
W3UTxg
S~!;
X:}!
.cctor
Aw8ho
r`O=Be
Tb!wKuP
Mjcf
; YK}
mscorlib
_u6\
#f}d
J5u`
=wl{
+7J@
2s^K
qvO'
5]$&
I7G2
VhbW
e,3&
,&R$a
GetMethod
x~I5
Fv[0
::q@
Ii^G
dvEy
{(h
;C *
>?k60
u@Ph
4Xba
aj.b
RM)r
frOh
;I}
o$E^E%
K_Pul2-
dw"
B 1%
IG%I/
Hfgp
System.Reflection
=5wD/
_4%9b<
{awALb
HgnU4
ttb*Ew-e
RuntimeTypeHandle
^;gp
dV/4[
IzMD
*m=w
v"%[N3
Ojgp1
b:Xl
nitRb>$v]_$b
n81%
+; 8
BS(ME
mLIe
[sXe
qkU#
h7/+
hsQ>
jrvp;
jMu1
R#5h
0M@R
X< 8
OsmV
ubms}
bq 5/P
Jewj
$z[$
K? b
ttg`9fzX
s+qz
Fr\x!/h
@fys!
m&1&
iFxaz
`LIn< i(
\x:!N
m7w@LK
/'[4sE
A.v
X)B:I-
o$<mu~
4<V.
HsS
s$y0/V
v76a
f|k2
{ _=
ap f
o|:,I]
=1^`
\bGj
AssemblyDescriptionAttribute
x<k!
Hd4A
evTiR
Z5ra
)+@m
"6!Lj
p,X)
brS'
nwxO5
vn"/
E::3
(8]J
IUj
8%mn5
W$F^|
7;iv
0 D=s,$
6g eU~
C0=u
?U#-
f>l'
O BG^
b5E0
B+>8=
bua%@
^ l
ZYRcxcrEu
u(TZ
fELi
MRSx
<<0e
1ngzA
i U~}
)e?r5>
wO)Eg
>("HT=
rk7 ~
FEU]
oTBg
27xS8
4"Q9
zx{Q
*P8Z&
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
=&Guv
5-Y95
aLm)
yEo@E
cUkoh,
6~$G
0"*
{k+r
Axew9
Y(2
g%bxh{
UKz@j;.Aj^w
OAIF
2A w
mscoree.dll
!This program cannot be run in DOS mode. $
RS4f
KjEQ
Jo8{
KA9:S
!s$t
cJ|6
cY,%
KT" m
7bw)0
"e c
7\tt[
\n'.
k0:
c4/ar
Q*s1
;Sw]?
sEcK P;
n %C
18SD
X;fA
6;qP
0"ND61
TN y`+
u=-Re<
MiL9
Bs=r
!6 cB"
U+w%R
`(Y
/x;u
# }xjew
Lh!>[i6
& >5
1f*w
f?}[
nS)#
e<(gM
v[3y
2c@/
?_7J
zYF^
}Z1"
blmX
ap,e"1_
@+!i
RrXh
zH/zS
93I <
=1Zr
* iL7
',&T
BSJB
HN4sm
WZMP
<VHe
dw@X
)[*L4t
{ "1s
r=ug
euLA
: [6p
a 5/
[iT
B1Gq
l=r{1
P#7r
CB%U
<HdnI]
E
A@,z
Soio
!&U$
,xgY
| Lc
Y/f/
OT G
gdGs
m-/M-A_
|,&
Ywe4
jhpb
*=KE
!~
vgVVVN
B.O9]
CdQ
-yBA
mWeqn*%
u@d{
C:0j
;$^>
F}!X
K&,5
na9'
|On@z
;>J:
6~+K
bq2. R
,U*
VOF
JkTW
-&>f
zn [
UDHx9Fz
HWzI
1eFa
xr^9JuY
RijndaelManaged
%9D~+"
: mlxy
jIv[
~;Hn9
r] i
Bytes
!QVM
*G3Ip
yT4(
zX0O
d$A25#
K Er
)1Pl+ l
EtY6
hqr
kpbz
8pF~
=&V@8
:20)
CcRBqx
z6 [
o<*
` #.
k6+N
x;5u-
M)_?
memoryStream
VlAT
?)Pv*1
p%.Q0
Yb0R
b aI-S
"cJ\7
~i.
~zsV
QEOXT
" dK1
F{ L
jv.\O
x(\0
Int32
3d@jey
4%45
t-Zq
PC@LJX]N
PB4Y
9x$GA
H3;\
[4}J
Pikp
\;]R
OGQz
`>4J
4*Tc
'Ut
MethodInfo
hQI\A
la(L
bmH^
8)M
@k?[
NDHe
km11
|R4X0
WVXe[p
CompilationRelaxationsAttribute
9L\SO
dg&0Y
rPPw
JP7%
KJi
q=vg #
Ttcc$PK
V\/4
I`(O
KmN8
y>6[
MemoryStream
;[f
)b+.j
[PV2
pGjB
!; M!
x(Nz
${%"a3F,
M_&_:
f`[S
<$x
fY?V@CL
[+7i
BAy.u
N|9
0>E!Y
uz"GX
p4@CR
$tt9
UzB(
:;n=
+tjU
_d@V
GM[cl4
I}YJ/B
YAn9ND
Qeo0A
r:
QKHL
Vp-;%^
OyT;
CX{q
`?'fs
:coh
L/WP
stg
z9cmQ
y)=N
IEND
1Ll*
"9Sj
r'S3U
LZ'd
eOf SB
,m\b
f{5V
ll8?[
vDYd@
}8X0/
v pY[U}
JT`"p
,pHJ
\^l#+f]
@R58
`X7.
&!-.O
Gy//
p~;A01@
XwJ
5~c\
ABdw
%Ou<
: Z-
()87
0177
;_%"wQh
M9W
WPspE
BnZ;
vKT!
l\<@q
3*2
Gs@z
kvt;5h
6@4[]$
r^m/
;t"Ma
Psb~
ba'[6I
Concat
= 1
s4R=
;-Lo:
$|Z#Y
/`(F
IW`2L
;t6}
|$2z<J
-7o%
0 f'
L?.]
Ad[f
C {K
+F^M"y
IdU/_d
_CorDllMain
2~l
1ZC8
]\ q
Cole
;@ r
CompilerGeneratedAttribute
#A(6
^:qe
L9_
"RVMf
X<3R
tP A:1Tm\
DpwKd
w:|O
!CH4#z
AAh#Vsq
8wT
f0<B
=3X
7+rw
3V=4
Ogt
ngROQ
e>;Y
Z;L1
VHw
|)j=
Um "
E6mE
)!J^
*r$}
V$^X
@6eu
cgA_
QX8Nv
C2<K5H
G^Az
AH<<!
)UiD
~zt(
$( #
NO8w
# 1*
0fBqw
~ ZyQ
qCY9
T#"3
|>60
QI*
q|T^
Q1,R
i-r@
sDDd
5\kx
(A4B
Vla%6
B@c5
H~wk*COeKj"
8c|K`
1uY&
iu;I
p!WC3\
.-t/^
?Mq"
%zzZ?V
0kkY
%?0S
2T$P
g7v
fg@zN
#f\bw
hf@Z
XnC
:@Hh
Jph0
V Cq
L:rM
v !n[
0h/d
8:{U
z65@FV
;P*#
:8sbj22
#1Z
XO;Xw
'0]1U
gvi%
gX%
+2Ak=f
]WFL
t)vd
&E#K
u51#0
String
_CorExeMain
Fn(}
T(P*!
s-%[
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
XOsB
};> ~
}[>7q
|@I{
=+5e
"a8D
x7+["
1s#{Gm
J]PfS
DebuggingModes
InitializeArray
Gb[1
mo$+HD
y@bk +
#\'{g
=Ry
J" Y
FlushFinalBlock
? EoE
m*7%
ftN(
>*7(
-2hZ
2qy_
ToArray
}KB"
.uN$ komY
# 5f
:}7
g @*
)HT6
-`.mf
7CRC4
:r[+N
uN(h`<
Environment
d`Sbp
WgKf
[3W=
]17y
P>rd5
Nsm
6w>{
Lh2 K
un.6
aI0(
26 }9Cmr
]M6&
iq/q(
Sc]q
*J}&s=
RI:(&
E:pM.W
4- a
Load
wK_V?Kv
<Zs_?F
{7!7
Hewh
"g2f
8A '
Q9 w
J"xX
R.&w
MQ @
{"WG]
@PE[
10qO
/p^`?C
+v<!
\C{&
fG&s
lC*$
-(65S-
8dCK\
DebuggableAttribute
'c s bSc/
(H|q
/DS.
UtT(
q=&7
5yY~
lT-.
Qz yk
X-'X
<H9d
GcE|
4lY[}
#{e+)
TE`'^+"%2
fXZ
n _ J
zUHNr
<ufO
$1:Y
{}ho
fWP%
+b>\
RuntimeHelpers
yENqA<L
b~/X
ZLx>c
@Qnfz
N(!7<
1rZxM
<HK
Pi;h=F
%]| n,
k"s[3
ngW?
vF 16
Xb[a
U/F>
/[SM*
=a $M'a4
d6 &V
_Thread
> <q
5rQd
Object
Rg<+J
'a99
mS#j
$bZ((}
ComVisibleAttribute
cLl
b &
^~+_ p%
&}\}6
t{`c
;_h{
2&]V}4XT
dIr =
4s,bl
~/-\
r"5N5
RsTg
get_IsAlive
[[*1(2Isr
Jr@4
lWlx
SVUG `
OUIw,2J
5n^!
wTt<][
AssemblyConfigurationAttribute
@qXs
piCe
g2 J
: RU
\pr4
c'F+
VD
1.0.0.0
KfpY
"\ha
_?*X(
K`I6"
]o3%3uve
@9A~
8xR$
Vf>Z`
h F3x`m
&0k4
s|>{
JZ1=
9: 2
(8u
+^S;
JW&e+
O A}
\"UZ
(Nn95
_J$O
']15
}gor
~<izL
0])|t
;nnk
Pu4w71b
zfl&
}O bG
lQ+3k*m
)EyN
@B^NS
!]TY9
cRvdQ
&4/:
wn|^S
aW2#
`nM!
_Mq!
Q0Xj
gdtT
Q,f
Ned:S0
2B9FF6DD616D7669069CE958CD6D3E0EFB2F3765
t_bXAt
SZQKf59
o^J'
S^vp
/J L
,(hu
<QAn .]^
'.<
Yv9y
`g%'*
Fihz]
wcmpaZ
$b41K
yT w
c-~
E
4,l&
\;VB
; oD
'wLF
3+Wn'
{e5}
>0y*
8R2y
KZU@*
get_IsAttached
A(`j
[R/G
nYc d
eD\C~4k
^YiXR
tvZ7
FailFast
>$SZ
)E0R
%ite
~ROw
{lws
,Ek%
?t{~
M1,P
TbiG>uS
WapK j
kPz9
Twz3g
E,,9
&~AD
Oy2| l
K82=2
4,~u
j*={
\<dz&Bk
_ Lj^
_qGF
|r.o>N
System.Threading
:%O^
[Xcz
'qq)
u5jx
3>BId
iJi
OshwJ
Wm z
w.]^
r"n}
sl
PbGe
$N?6
tX=-
xE!3
G&@q "
O|&q
W(i.&
Xp_9
ITtX
`LP
nl;1T
]zQQc
)H+0
?{%E
N*E[,*o
Krg2
&.]-
!,GU
+5S'4
%yeG
yh G
x;n~
zR(
_<2t
hDxe
.hw a
~ y,
o6wP#=
"nOI/
^Ag~
n^Vc
;,X3
D_8Z
cGU,r
>LlK
e%8Q
v$?j
I@v_
x 8M
>f1O!D
\OGp
!VG-S
#=j|
netA
2k3
:;RF
,=awM"
>I<,
Uyjl@
nuJ#
qpi
DU@5
7 8C
0OkW
.q f
e1FL7b
dE|K
y&Bvh3
U w"io
&<{h
T.3(
Lfw2
RT^o6
p O}
't3
mQw:
{ 4W#
F- JJe
cx_0
kbY&
@;B(
hD6lM
?vTpE&
FyK$
& lH
4K"ok
\Wrv
Copyright
h="i8
EU|SCn
<SK45Q
^G>.
#*CN
e=R0
D=*W-M
7J:~
T];DJ,
,]q4k
g/[Q
z;eXh
"^L*f
'[Ld
^+f(
S6v`
v2.0.50727
5fQU
S|0v
7k>+
h){
YC|dA
` gM
8ggPA
zMc
g)'~
laB%
data
d ||
D.:b
^?v|
jk",@
Uui%p
-.k
>s$<8
fVoO
>;f
4P]+d
~IDAThC
l yv_
h wf
>I9\?
[a}U
wrA1
qc~U
'vNF`
y"9SE
6qIy r
^"HqQ
HXk5s
L1nP=h
u1x$<
,j# wE
GetTypeFromHandle
ySVD
"K {@}t
\{Bo)
kb12AP~2
4j[j
/ c,
SymmetricAlgorithm
V_^S
>S?G
1`-
.3nW
~C
m{g[
"+'#
n [
.-bk
aQ~$z
sCa*R_
|sPSj!
%7Oa
,Ad7
!vhr
0:&b$hgC
Ox -
[tHA!
K!gJ
nYrY
+J E
=eBg
B6=B
a *A
k&%r
7eidP
p0Z#
J=[$C
L5n47O
Apz vO
mc 0Q[
']im
9TC
>FmR
^Y
H*X
;X%9
k%Dgp
?L{Fo5r
fo78!
cRrwQ
:U')
I8k2
t;}m
1=_
R=hf
]1mT$
B~u(
7Ew|
C/?\
+ p3eu
0fk\
5X`^
io"X
u`j3k
System.Runtime.InteropServices
]w)
1h5`
wPX"
"51^WC;
:UlN
t
a;Z4;j
IEquatable`1
I@y[
.6ku
#f$r
$vAG
?UW
:hu<0 AI
+7)fN
O+;ZQ
<"sbj
::]m
@tDL
System.Runtime.CompilerServices
9N$+
{/
k"8#!
$O9b
SuppressIldasmAttribute
?,.L
KdM
s+Y3d
"}4N
ZAa
1S`T
O<"_
b6hrIK
Wn 0>*
HgH'
05}
FlY-
D#hi
mI o
483E6A1BC286829209091889C17731F48B80EDE5
.l#I9
&>P
^ LeZ
4n(e
C@\
er5c
" h9P
~)lSZ
=2?3
&E/\L|H
#&9G_
C! ~
v]y?
IU+?
x3uT
j?l&'
sFC`
IHx`,
!G]U
L0vY
J=):.
A-.#
|Ui
6KB3
P]]xz
IDisposable
_g3z
]e79;
+8=4
TI q
#p {6
Dzh!
o$l<
|f7$p
o*Bz[
xYbS
AyM+
]SG"
QmO2
w_>/R
#VW5
0~")
X 6/n
}m-b<
<(l2
X#Td
Gg8l
AssemblyProductAttribute
T 4)t
SC%
?U, g3
Equals
> ZH
ig,?Z)
J9rf
<Module>
l8qp
9(@ U
MTN~
!:u8
?Z;b
3']
C`(3
Zi n
w3*+3
XrAY
M ;+
mdIQ2
,{Vc
$<l2Q
[TL-
'CB%e
"j>8
9;//
a*S+
2017
\t)#
{T ?Wr
/D'r
FJ^-
VCoT#
/P}<
ij>~]
D.dll
TEy+
r!p!
H""S}
ctM
yG'N
)d-r
`}jA.
^n0k
^|%0(
o(67=
!X33
o0]N
]Nd3
#GUID
#L7;b
h)v|hg
i jp
"9\0Nc
zP!V
kvu|oc
=dL
1t\
Yi~5}
r* k
PvB'
O44-
AZh{
!MG;
p_(R
CE3XH
*pvNP
^@"]
$~VE
BRMk
Kv5>
DCU[CZ\
vEf3u
h5`"
<OhhR
0T9c
J0so
Q H_K8
8EJ+
U{x|>r
!:y*k
z[>E
^. R
|APN
>Gw)R
iI._dlW
& k5g
" M-)
;t1:|O{w@C"sy
Thread
8rg7
=X%0
#aGS
Y> S0T
B9U}E
jICd
@?/V
)c6b
)U S
Debugger
hT,\
O;6u_
Q?[Ta[;[;
|Ty
+dFk[
;sKL
Y5~|jY
867=
get_CurrentThread
(r7E
C]o{Ah
+QfKS_
)./p
b)jT
EP ~
2_@Y
R.b5
\"m8
in*-
Z#zo
<h(6
&^>
zE]t
YHdk
3^I"
o}kE
>`shi
%F}%
vI*?
mo~4
=Kb&
Yos[
nrY)h
zA>Q
SHKA
8kBj
q:Lw
6o)v
V2,n
bs6<
H1;or#x
s79Br
pXBa
.hwZ
[F-T
* pI
Fu:q'
PyQ
\e2
.K((#
fnDp@u\
0e 3
xKA:0O~Xci
ujlz|
oN{Q
D?^&
'YO
[qk?
t&aCp
u>>
ytd v
$>r
C3*"
sCDv
j~0z
#5Bt
mFJ4|
-QX|
`ssS
=Dvp
t@??
SMg2|"
9^;Z[
*[;z
V~Pc
Hsi] ,
-DB z
-,S8
DTM$`
iug?]"
!Oz`
8ilNl
]B;+
;-6
UA+Y
fT
JpKq
y_4F
v!t9T
xRTk
;8=S%
1Q,1.
\+}L?
(;hj
=*Y
&ez(
DALV
qiz~W
S 3>
!k/(t
({*Y
System.Drawing.Bitmap
.XQC {J
.mIB}
2oro
W{ sp
D!?&@|f
B+g8
&%@:*
jA`a
#[%_Ps
D&F5V
e 4.
y?cb
<<#^u
F_bVcK
^A_o
*PRqe
-CRZ
_eCO
5yvY
:pAbS;
&}G+9:s?
li|+
#|G
evHi
^ -,@
%*C
VfNp
NF;
)s7z
Sleep
+5 O
RDYW
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2017-07-17 11:12:15 2017-07-17 11:15:10 175

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2017-07-17 11:12:15 2017-07-17 11:15:10 175

9 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\Details_of_payment-copy_Nos__534.xls.exe.config
C:\Users\Seven01\AppData\Local\Temp\Details_of_payment-copy_Nos__534.xls.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\Details_of_payment-copy_Nos__534.xls.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\Details_of_payment-copy_Nos__534.xls.config
C:\Users\Seven01\AppData\Local\Temp\Details_of_payment-copy_Nos__534.xls.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\pananames.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\pananames.resources\pananames.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\pananames.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\pananames.resources\pananames.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\pananames.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\pananames.resources\pananames.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\pananames.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\pananames.resources\pananames.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Users\Seven01\AppData\Local\Temp\Details_of_payment-copy_Nos__534.xls.exe:Zone.Identifier
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\AppData\Roaming\app.exe
\??\MountPointManager
C:\Users\Seven01\AppData\Roaming\app.exe.config
C:\Users\Seven01\AppData\Roaming\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\app.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\app.config
C:\Users\Seven01\AppData\Roaming\app.INI
C:\Users\Seven01\AppData\Roaming\it-IT\pananames.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\pananames.resources\pananames.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\pananames.resources.exe
C:\Users\Seven01\AppData\Roaming\it-IT\pananames.resources\pananames.resources.exe
C:\Users\Seven01\AppData\Roaming\it\pananames.resources.dll
C:\Users\Seven01\AppData\Roaming\it\pananames.resources\pananames.resources.dll
C:\Users\Seven01\AppData\Roaming\it\pananames.resources.exe
C:\Users\Seven01\AppData\Roaming\it\pananames.resources\pananames.resources.exe
C:\Windows\Globalization\Sorting\sortdefault.nls

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\Details_of_payment-copy_Nos__534.xls.exe.config
C:\Users\Seven01\AppData\Local\Temp\Details_of_payment-copy_Nos__534.xls.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Users\Seven01\AppData\Roaming\app.exe.config
C:\Users\Seven01\AppData\Roaming\app.exe
C:\Windows\Globalization\Sorting\sortdefault.nls

Write Files

C:\Users\Seven01\AppData\Roaming\app.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\Details_of_payment-copy_Nos__534.xls.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\app.exe

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Details_of_payment-copy_Nos__534.xls.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\18f26c25\63cad5e3
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3be6bd3c\14b2174
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Details_of_payment-copy_Nos__534.xls.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Details_of_payment-copy_Nos__534.xls.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Details_of_payment-copy_Nos__534.xls.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3be6bd3c\3957645
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\app.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|app.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|app.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|app.exe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\schtasks.exe

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
gdiplus.dll.GdipDisposeImage
advapi32.dll.CryptAcquireContextW
cryptsp.dll.CryptGetProvParam
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
advapi32.dll.CryptContextAddRef
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptContextAddRef
advapi32.dll.CryptDuplicateKey
cryptsp.dll.CryptDuplicateKey
advapi32.dll.CryptSetKeyParam
cryptsp.dll.CryptSetKeyParam
advapi32.dll.CryptDecrypt
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptReleaseContext
kernel32.dll.DeleteFileW
kernel32.dll.GlobalMemoryStatusEx
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW

Execute Commands

C:\Users\Seven01\AppData\Roaming\app.exe 

Started Services

Nothing to display

Created Services

Nothing to display

Detected family: #Ispy

TheSystem Itself @ 2017-07-17 11:44:02