MalScore
100/100

pay.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 15/63 Related 2258
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 310.50 KB (317952 bytes)
Compile time: 2017-07-12 23:25:37
MD5: 49b89e8c1db5c51300519ea6d5b1143e
SHA1: 6b173060a91f25c3562cf1dc8fd279354a1816f5
SHA256: 18c2535f6415dd369c99f4749dae417bae71b1bbde1a3f0391cb59fd2f09bb33
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-07-14 13:48:02
Last submission: 2017-07-14 13:48:02
Filename detected: - pay.exe (1)
URL file hosting
hXXp://gulfseoagency.com/new/hn/pay.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-07-14 10:08:11 [15/63] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x47774 292864 8f3baa3d8b8465cd5ebfe64cb23c0fef ad99783efe9b6f236758b1632db141be6b22a8c4
.rsrc 0x4a000 0x5ab8 23552 58955a70e41dfd422fc741958795ca39 1f7da1b33c5bccd38d91818a5e4007998d3a180c
.reloc 0x50000 0xc 512 587a9ab78e77198b152490ee28de07e3 38e8e0fa5bd95c12577f45e97e7eab3f047b4b0e
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x4f3b8 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x4f820 62 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x4f860 600 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: (C) 2016 philandro Software GmbH
ProductVersion: 3.3
CompanyName: philandro Software GmbH
FileVersion: 3.3.1.0
FileDescription: AnyDesk
Translation: 0x0000 0x04e4
ProductName: AnyDesk
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
LegalCopyright
(C) 2016 philandro Software GmbH
3.3.1.0
AnyDesk
Invoke
CompanyName
VS_VERSION_INFO
VarFileInfo
FileDescription
philandro Software GmbH
3.3
EntryPoint
ProductVersion
StringFileInfo
Translation
ProductName
040904E4
FileVersion
?4H>
{#3B
x# o}
/vM>
>#X-
iY:|/
Yr DXD
:S"]{
m14o
(TYZu
+x;jV
NsNgN:NaN
l8]kU
PNG
&R>V
i)`Zk
=I^0
dJU[
IF1@pX
FR0&6
A7Bc
=Koc
dxbi
] Bu^
`Y1v
rQ
ICryptoTransform
C1/rx
}Zgl(
S&iHt
vq]w
jg>lN
^88
qE+1
nRI8Lg
{:qyF
T T`D
A Dhi
\LgvW
]R)P
'BsbB
^OJp
EQ-
A~+|
e)nA
b*9N<
,pc b
.jC`c[
7bT1
6e$'0
;d5'Jkc
VPh!
NyQx
+5Pq
eQU-u
kR']H
F>^x1
'".\
0Hc@
!f)k
R" M
N2N9N!NrN
U8$3
j={c
{=;f
b^1f
I$f?
N|N)N
N N&NIN
Ymhx
a+^%
Ylt2
,@ v";1
^])
v*t-
X);
IZNk
bR7|LQG
?1J-
N&N N
<O,j
&>HO
dB Y
kp\I
3_A\
1kLM
^=|'M
y" k
[G+
CompilationRelaxationsAttribute
w`nk
^R[M
M3,87NL
NiJE
NdN*N#N
aQ^R
p9vs
h;I\
CLZ.
L>@A
d1Xcp
;(g
ju6
}.C~
mscorlib
Q >%
5:)d
Um#XC
z|{ 1C
W_ms
|c}Z
9L{W
!c.t
,DhB
.f u
T3Vv
||F
QM}/!
V96E
PmR^
!=X~:
vL{O
"jn |
|C6>S
>nS@VZ?
MDq!
uKsrv
:d!
5uXH1\,4
P._J
W:A
V ;U*
qyA.cj
U>y1c
<Jit
hEVv
T[*
Wt>/shO
k8+P
Db R
&^Dz2
;RtI
k5e4
zF))
} l'n
'X bm
BXfx
>nCJ
CSe3
JU tU
"i72
JEOK)
/ @=o
3Ch4
[?*m
l:{
] V+
V/6X
swQu
$>F&~
DF$
\{Bu
}G"
N-N_N
^1`/y#
{HRH
vT !
:D;"
^hpYc
Z?*^
a5rIs
lDCu
qocA5
["H`B
z+| J
S^rP
x]UL
oL?P(
v5>Pm
5E0s
MV.Hs"
nLi:
_Av1Iz
hx}8U |
zX[f4
e n
B3b)
D/ B
d?Sf
cF2'
In<2
c0TU'L
I2aJ?
c*(~
MZ&_
U7\c
KVQ]k
d"jD'
7i9#
s(|A
8K$M?e<7m
]{A
a),e
0 yu
5JU U3
%,i
@SF/
NzN N=NkN[N
-.-mq~C
KXVh
K{>K
cPt]
9|SXn
{_:3
fAtd
{@ yE
3iDPo
:yTt
QO B
dwek
~(JD
a0Jk
H9<
cB@SN
y9PJ
Z! QK
oR:$1
3+Cjzn)
]1.H
TK+]r
N NxN
n gZ
K wJ
Wx-h.
;apmX
3 =Z
(}c
)Vc
N(NNNkN
aN4l
RU-z
t.BI
>li:[
xsIy#
Apfwm
D1m0
;/"p3
y6 #
H\}?D
@d !
? K-
z 1@A
YSQx
U|Pbs
eh{i|E{
E=91"
E, y
d~B
!($xw
<D9F
'1<2
tD2 !$
ok=(g
-ThZw
s<Rw8
>lWH
~fL6
!H2"
gL21
=')0
5ngx
x WEZ
Aa?&
l1|d
;34X
!=(C
C05
E54E
WVa7m
7\|'\r
sP#
DA0c
/CKD
(Fy
XXjb
% s2
\(Y1
=v$Y1
uC #1
(OA[
M' .
System.Resources
8DOR
z_<3
$6(4
o*FZF
}vA
m|[D'
vnC?
Rq*?;
4:O5 y
9w;X s
Yx~DJ
8U~B
zE_>
k}.i
j!BzT
Kygo
} $t
[$i
5e8T
T %T
.!8NZ-
q=)X
(ePj
mwjV
3YJZ
-)N;g
k:[\k
`w Ix
a43k
`.FN
DialogResult
Czov
oJCA&#
?Tu%=
*\}gT3
M_GQ
)k|O
o|[A
.text
8KIDI6
_CiW9f;
1-BB
?s(
e*GV
=*Ak
%*V
GetObject
oJd$
\k:R
P?&z
Vp'TUOja
Mc:&
r: >A
y ]:
J0UU
1Mg]6
4/!<
\#k_
NZ\7h
|mG.
b)=#
^QKb
pS4
jm9tVD
Yjp]v
_%/0
/W r\
!.Ss
[^iSKrVPc
SkipVerification
Gchl'
Rwow
pyB/RC1
<HV~
[+$6Co
odaN
OvNsN
MP =-
|Sc
Wj4=H
K'u`
I# ?
}oZ-*uH
c%qFz
LKFp
E\<]
p8L@
!fo>
]~;2%C
A i<
nJG2
Z_AIeH
GjA=9
[P@[o
*soMy,W
9:Za<~
51 9
}-B p
~ ##
?=0b
#N]K
BP0i
19h
ddA0
+n
us$e
UQz^Vq
`1@h 8
)tW_f8
UYo`.
_X}]
_Y]e
pn)q@W
aEUf
PB!C.
1q5`
:B
xqHh
>H,k-
]KpJva
`.rsrc
p)FdFv
,3vZD
XynG
(b#t
QZp9u
|_D2
rMRK8
dM@R
{uAAt
N/N0N?NVN|NWN
Q5lt
5?>U
w(Vg7
7
LgNfN
B?GkP3eK7J
yZha_K
@UE=
NvNCNLN4N
!IA
~>3
nv'`
.ctor
\Lq
m]$,
JWo{")_?
,^=,
nSe~ pC
]v5bO
3:N N_NEN9NRNJNhN3N
rfe+
NP~E
ZY%W
a<y$F/
]~m9\+
'"sat
E/G
5mNXN
.7fl
VufW^
* Dv
'\g}e
1)Wx7
[.HW
2XKcg
Kt27:
&qyF
E D{!
VPn\m
nmg'
aPB X}
-7f-1
.51;
(nJ@
<~my8
s#1{
WHh
s3PT6 4]
98`>
@{Z6
<x#e
1#t:4S
n=s\Z
@^%pz
<2W!
3p*Q>p
Load
U^BL
$!ii
y5Qi
'c4(
}6lY
m j)^V
+)cB
LA4
4qsC
+mX)pN
?I?2
BEl|3(
$fA{
k0|o
JO`!
y?y&
| TC
<gG#
($i{P
+$"}
iAbT
ptlGO
NvNsN
1@1a
TR$
I8J[
V<*)H
@O%P
a,% <
~ Gt
[o^d
/d=nDY
.4QT
`q&(
0o3v
6_="X[Vp
LY404
aK4<
;P*e
9-O
CdzDx
! 5#mNL
tCYY
`=}S
N+|(
Cv1M
1 4RX
N\NqN]NMN&N%N#N
N:NiNkN/NDNJN
Q 'f
"hmx
gqU`^b
;wE(x
O+,!
KB`_
Ew5R
+$ K4
zm|
YnTt
<IW(tl
SvZ
.MWP
#w/N
's8?Pd
.g4C
*AN N+NLN^N,NkN
-E(,
lc 7L C
9aUc
4mNXN
get_Assembly
/KU
V?Bq
T6SL
yaoa
u*w<{XG
e3~d2
_X!a.0
Yal25
3Vo<
=KuD
( Rk
Q1 ,
_]z!
!0Za
L=F-
1.vW
WTv's
)WNQNCNtNtN N7N*N
pD!D
9.zB
1[(O
,>vQ
<P)W
M2mB},UC
IHDR
YkNd
Yi|!
WrapNonExceptionThrows
SKx|
P?&h(
ILo
lLL Y
UIGT
[vJ8
y.cm
- {r
~x_D
@Bcf
<yRiJ,u
s=8i
b^YB
h MI
M]rH
_3<|
8*{V
{7v7
HEO-
t-P/
n?G ^
NLd6_
!`!`W*
NoN(NqNMNNNYN?N
W')G
ph3
p`:r
o~Z9
j+;P*BRk
(]to
B #D
cXz'o
lCgnX
C6^o
lc8`*(8[
*gI#
kN:)@
/tgk
#oPfi
q-%W
A]g
System.Security
M`.ed
>zpk$
qEJ4-
y?PgA
8~B
cGS?
Cd3j
:1#M
sP:z'
mDV
ij;!
d;;J@
_qOI
System
( <Y
N8N N}N1N
NeN4N6N,N
P?^TTl
LCL!_
HgFDKy}D
L:I"
(WNQNCNtNtN N7N*N
&Fnt
o1d
p "\
#(=?!JXr
j7sI
K j3d
q+=C
R f'
rpul
Y]`%
<!-*Y
Mpg)
-]?Xh
i.WW
[C 7
DdJ]
"f025
{sxe
1 9
#Strings
5-c5&.
f-*1
$ t%
o S%0m
\QQ{
plu`
:oA>
jNL:
tJ&C
|fg[
Yl +
5]d
>Ye ~
Me)q
-EC9\
Z^>*8
F$J;
Si0L
j8xe]
+E$+
^U =
e6/p
PK;Y
mZ<mU
C8w\.*
NhI1
jE(i%qhT,
bXJbN
hDTD
@=
;QBD
J;8c
=_/?
. LF_
I^=L'
M0/U
20%q
]dm+
+yq @
F/=
EErcQHo|
QDWxRN
D OioWy
$;S
rW5!
`u56 PrG
u91\
k!89u[f
q>]*
5[wV
q`f]
F l':&J
y9hv
U\s"
T 7
]"?
=}p5E
-U #~
zgj(
)^uNz5
\;" ]t
]\LH
;}HL
4Bf$`
a K.f
+`Z7
+;D,h
a<0V*
lejz|
<oW$
HkYiZ
j j2
Y/i#
#u Q
VleT
7Lm)
9jZ?
{W]GG<
lOv2
.Tu<
?o=S
p_r#
}/ON
8mF#
fOR!
|> A
3m=f
jlH|
@slT'
W<
AJbMr
8!@X
tRx=
1sB2
NPNUNNN~N
|,v*
kV`+.C}
J,uq
>1w ^
.3s_c
-`-*O
5=A#j
:a
=W6qn
Z[/I
v)S$
OM*c
TZ9F%
xoO+h
_CorExeMain
z+:]
jInr
3s[
wuGz 9
N?NdN$N>NCN9NGNLN=NaN0N NxN
Nnlg GVh
$BC
d#c9
*<P^
X1lga'
:/kf
^0>
3g#e{H7
ZLD
-q l
,L]l
sR4D]
.^;;
6o B~
y`U
$YU-
93Q >
$Hz =
z'e=
. *>
~4 :
Z++D
xRW@A<<
nC.J
O]8o
-;(H
=W%(k
; *r
NONuN{N4N
3bpBQQ
Bg3*&N"+
[;"5
RuntimeCompatibilityAttribute
:O@C
I3=mL
(TiK
)+,"
c]B,P
}Wn4j7
)?5SW
{<A
rCx=)
-7"g
V;Mr
NVNuNLNtN
YIi=Y
xM*Y
i:~0A/
IEc3
!<~|d
+QDG
qf,|
c Zae7A"

bp'j
0?AAB
D2lOK
Zx4A
[p e
G> MQ
;4d*
(pF/
}a<
)wmmDL@
_7]{
KZK)
6Qv]0
) -a(I
J\^F
8| '^x
B?XS
c0>B
:N#Y
_x?(#g
Ae@1
y'o`c
bYJ,Lj
= "` 9#
aY`fM
NLNgN
zzO=!+P
7 _a
h !
Frg)
(?g-
;;h
L/SO
}ROm
,T}5x
-l:8
6LYr
< )m
d9X'
z{q9
Y0>p
Ff *
GNn#
N&N NPO
"')\
[xkS
3wls[
S (
>97ZH
3>$(u*o(;
&#4Jsy ej)-p
66Kk
'WQj
He"Z$
I9,~-
Wnwv
Zg~(
Otk1
Interaction
d)Bx!
W|(}P(C
{0}c^
C."c
%h.Jg8m:
p322
W ~"
h+_J
P7_0
8V.}!
O~cZ
$%O4/
%U;}
JNd
dg3E
m%|2
/pMV
5\t+n
32q?
,-0
93R
B&`C
w$O(
qFd[
KdG1q
j^d_m
$j X
J~}c
i|H
0~Y,T
Mr$
NR(@
/!7=
wV[c
TPHB
8%)U;w
PN"`Z
.<'|
"#kyKs
Z{SL
.w!
o *>
=zswe
xazo
=,j8
atP~U
vjAE>6!!
;"pHe
o3|x+
`r-6
da6
SiGj@`Z
^ Tb
TFX<j
1vL&^
%\'$(
?8mv
x^;p
So?s
A:NsNhNmN8N-N
\4w
mQFD
<RlAY
a< ~
7+b2
+(Yt
U{%&
=Z%9
6!Fu
B-2X
cOl"M
\CoX
] E</
& q?
C@$H
Te6I`<
u/6@
C3'f
z=V4
<Y|cM
UDDC
c0UDZG
sx#O
n=Uug
aym|
'0DR
EL/t
Cmr?}
1krS
kz(U
h a.
'I^&
d<L)
N?N{NoN/N4N N
_('O
_#FZ
C;&vP
+]z
ei(]
Wo(z
NCN-NWN&NrNdNuNfN
NqNRN*N
!iQ (
+Bj^m]
FB,WI
56NK?
?j:E Q]d
~LU/
L8]
>TC^
?j=U%
HxG+
N NhN
gudRb
g\
D$Jf6
\]O^
)L&e
t }I
L^6$
CcFX
vgO2
c?Do
OC+]
>|f$
*>]S
T>as
[jj[X$f
#@:f"
V/k,5
7xU,p
#IneUa
lJNx
).F>
NRN|N2N
t kM
Hc(TW
;b F
;RJ='
or8+
[cx-
D g7
M#O
3FXc
UMsB
A3(8E
9Aak
+\]m(f
System.Security.Cryptography
sLJ]2%P
rq A
!>D]
,dJq3^
C.]N8
`op/o[
gNa>
,_E3
ozW^
N%NMN.N
0 TvzW9
,I?i0
.nW-
uhg^
)%D~
O,)"
1 I#
."G_
s&'-
7{h;
U+9-
I@;g
YX j
. 5jl
"^Z zw
'qcV)
0(be
jcUB
HM=I
cLuM
Xl*'1@PMt
i\Lf
f"M0^-
7h0
)&@
_'D4
tN99
}6fL>
?&8,
f!F
_8bQ|
O oVZ
R_wL"
NuNuNFN
b 5U
/.OA
)a4~!]
]Itg
AN|?
TpB]
qTi
jpKI
{LbJ
*7L2
\,>3
Lgs2'
+OhRC
;Mma
&Y/"@
K'\n
6M @
1w\v@[
hTOu
^G5J
aA1+1
s1qe3K
@~3F
>.n"f
LL$
<Tnt
(rBa
TdPe
moJg
34KV
r?DA
C" x
pnS o
LP~c
~W "
u&^zn
NbNHN&NFN|
{DrS
MzFF:
@)i8x
O~xZ
:jNGN3N`N
G e0
]Dn
Jz;+
n(!#
m}@}
7{b)2
fajK
)63R&
RG'
31cp_
\vd8
9 >f
dRIG?UN
ZN;4
@liKc
k>A[PU
6FsBcz
@.reloc
+wp x
in4(J
7Vyz\
d;%;!n
m2Fp0[
N!N>NzNyN=N_N/N;N
x"4!(
-D<?
;UHu&
H~}w %
Lb30Q
)l7c
SP*;@;
1Ps_/
nY}4
)#=(
n>@eh
FqJ _
4;J?B
[@g4T
rtlStu
{t
g"l$H
GUs+)i
NFN.N-NwNPN"NvN!NnN]N
#hK
fr[B
%p oA
~h q
yqT9<
]u+~
`s+V
-KLY
U\JiEK
St~&
J'52
/j/>
-f I
b]@k
@8F
*=8W
HqE|
LKfF
yf?.2
[(K"
U?6!
k7 w
An!y
PS|
^'|s
9JCMfq&
[f6C
wkcE
@p&
- cK
<Yh/C
MessageBox
` *S
.P*WR
o2(
gT0c
ex[
+"*0
AMnL
h:(@
h@!bz
2]lt
9k,Z
;^G"j
NsNW
57?5M
;]ZX
\iM%D
xe(H
RNyT
kb~'
|=Jq
N3N=N NSN3NIN
d5tW
~)^t
|C>,
+'z(
R~kfnI
.9[z
A9rk
85 aU
KT&n
"b#pp
}c]* s
l&Pc
QDC=
z3*>
3-d"
~q<r(B
:Ofl
%n's6
bb7"
zK3tua
23
J _8
t4sC<
6.AL
Assembly
qZhI
R_0 yI
DrHz
{$h]
cC\I
%.X9
8pC
LUD.
YI.N
\iT^
dzph
NSNINBN:N
jRp-
xZGw
[ O5
aQ97(
`V=
#&{,NE
4:%J}d
2X 2
+6v]
E)1*
R2kLu
yxez%n
>s!B
qL[}
aV0e
Ie<;
)1.d
L5NB
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
V"Lw
9:/(
IDATx
|61o!
!u\v?
b:Wq
UnH6
Lv}<O
$6X`+
47Tq
>h)4
?=@ t
R`^F
LmK#
&1AE
Bmh#
ou.K
`Js<
[/(Q
KJM*K
E+G/.OK
l(PlS
fA|B
74aY
Q-{mC
c tU
hQuhm
PVqP
78wT
DMzul
FH>a
\uIM
N0kS
\S*@
.cNa
mPw
w`RZp?
PJKT
q|6>
I*Aw
SlamRe
ks4
N{NKN1NRN]N
';}7iS
|(8?uQ
@|;+hu
YIvW
5[%^
nDpi
w[f <
N\N N
= [R
x _8H
2U\r8f
?0G0E
S^<UE:
Bc4S6$
=s2m4
>188
=}SX
fKxA
: G0
N~NZN N$N
0`aQ
H!T>
7dL4F
r?K^f
N:NhN}N`N*NWN8N
N!N>NzNyN=N_N/N;N^r
8mCo
)`6b
N< :
\2uF
NpNBN7N NRN
/jUor
mXRI
ak6s
sn3b
i5HG
Sl`,vO
_94e
e^9Ly
"S"
L$8]
J,pE
FMr<
+N^j
#Blob
gjxW
FpZp
NcN,NXN}N
2YsY
p+ciL
f1D5
e m>
5Dm
8' >
2^)m
skp | @z#
o;@F
'F
X0F Iq
- "&
J@EZx
Cy|<
>?Gw
@*y08n
GS>4
^L;l&
fG}f2
QW[z"
02Z
XR "b
Oxx-G
g_L=G
16 h
b{sDt
\1T?
iyi4e
!=-,
&2]P
cXE(
xb>r
UJ)/z
x)6VG
^ ^R
d+()
>%oM
ds C
dR1GPw )
OuY'Yu
dAr5K
N%q"
5GB/
uc75
+Q+_V
pufII
u,?
V6R9
}j{>
7,U.
~d~W
kG. "
1wg&
4G u$
#Fd7
cJW1
{0Wi
3;+~[
;{ |
ycc.
>GD~m4
SrA{
L}aQj
Ez.4
zA` {
N2NyNWN
W<BG<b
^<-5
\LH=F{
\P^
*Xi{K
P5TX
8sIe
EbP9
44C
o4vQ)
3|P ;c
2/'a
.resources
- hEWdc
yd)
M9+P
$le{
?*{/
^D,4
JN%o
jfC3
(QD
5h^o
~ 8^
E+gh
vp@=
[\"
0qu}Y
>I 8h`_{1
~ 5A0
ddt'
qP9<
1 v
Ul-J8:
~#F>
`J9c
+D 8
U A
U,76srm
&#~C
ayd(A
:Yc:/z9
%g:o
)FaI
US}>
0 N-$d1P
5o-"c
%9A
Z}3!
; ""
?JTt3
Y-*-
Type
<iq\k
=0lE
mH%;a
ftg/
$Ab^
4&z%6
GE*b;
?)W>
vbK90
%2Q&ltU
tOwQ
q $3
xYxD
SNO8
*R_V
s3I
T}[@
K Y@
v0z5
BSJB
5qxH
C@-yO
D+VawG4h
j)?5
u r0`
b)*3
uomP
9#F L
M eSQ
w}c/
N_@c\
QAzr
pd7Hp
z]{-
w^x,
q[+.3pg
SNO
w-*+
nx_ j
'1>.
NgXF~EB
2UM
^ h
#`GV
&=)5"
T*/e~
I"5Q
Tzh=
w5Q?
/>/|
TVG4
+>1zi
M-}3
2<v}
QOZm
v;0d\
^puM
Q]I'
" /b
`28?(
AddRange
rn`Po
\d-@
%r]4/Kp}#
gAEN<
))rBV
C I|dI$
(dB:V@m
[#pIq
r EJ
b [
)a!ve
iS,
]: YX
_XBy
~c:
*9L^M6
i<es
+G%yz
c9v:
k*yiHj
m.-r
l0y]k
M1W@
Lm=
PR8#/
H_,#
p*b/'
q*4JE
|"\,a
>i F8
. 7i
MRfD
o9u-
sS v
~Hz#
d-\A
:P5s
V%[VzlPu
QDnz
3Jp?
\QL,L
:p T oCq
a5`C$)v
(F4pa
\)S?B\
aw^P
dC:=
d:|+U
"/qG
hFV~
J:WJ
dhz^XK(
a0M D
P-a#
Y>jT
ZG_$
i>zv7h
,H)-O'
y yo:
3c+Q
BRo!
!e1p
(3Y;Q
Vn~
\X82
$5$ 4
System.Reflection
Zh9L
uUn?
W?Ae
N-N_N\f
N N[NrN
RuntimeTypeHandle
/`M"
DRpC
p$V2
FsGuu
*=zY2YV
D'2`
RsiH
11V
EBEX
t"k>j
P2W&p
2EW9
PDvw
LTS;]
@4'P7
5 $TB
}<iK
aLF
jFr, &&~
N_N*N|NLN
0ju n
Jdu
~p|}
H;\>
mulL
I;+/F
DO}u
7KeZ
B'u2
F?9K
kz-)
L]9X
lM^K
Tr6T
`~po0
t vFX
"X5
?@$>
!4CA
_J *
kx!
&nL[X
J[?1M
r{he
iI&9
@Ib^
g$_r
_D?-
9XL@
@/K4
tjw
k0Ks
`Av?
Pky]
lQW4
ZkV&
D 7aQ'
V&N)
5'@P0
h:6E
j9]N
Z0o|X
6Rk"
so'R
.pt)g
):R:o#e
iwl<I
ks4
s@w
]7&r
kt>Nk
NdN*N#N#
z"7$y
>\^
g9;6
l^{+
yiP.
*x'~^
1&O
_VUg
_un@
Xy84[
ySi (A
!v%D
5IU8dBf
W6qtmL
sz 0
TpMl
0&.:
FY+A
Y6 oQ
("RA'
O 7U
5lZt K
KS~Z
Y*'
&].%I
8L7<
OW\<
:H*}
U HL/
ZZ)9}qG
,0eJS
e.+G
4xp,
E^"6
^e&V
~7OKY
hswO:V
W L>
u-|p
mM$&
N\<
C'&x?
zfe$3
s Po
Z[+i
DR+O
F,v{
Iq`-<
bk<H
x11
#(+
w9iuj
6wt9'
get_Message
!This program cannot be run in DOS mode. $
?-Z
{OOxF
.5dx
vG)l
i;)fi
Ms@ C
a?/G&
P9ST
K*Ji
w]A3
KN./
H}f~d
Xb5p
[YhC
Z#JPB
^J}E
agM.j
.ePz
'~)6
$UFh
6hp"
N6uJ
L-/7
"|jX
-H),
T\a&_%
';v'
hqW0@
?6.X`
m2 =
$@xE
B[t,
xk8OT
t1&nC
!?jOY4aj`
`6`)
JTd\\
I\[N8
}v0miK
N.NMNdN N~N NkNRNENENVN.NsN
z,>'}
k&He
LOLZ
>XfQ/
rj}E
!'BTc
+JiC
e\$P
" *>c
?mw+Y
18aL
`~H
>t 0
NCN-NWN&NrNdNuNfN8
#GUID
'eBc
PXTr
mEb3
4 P=
W%s=
r GE
[Bn
5miW
WaI2
NO($
0L<a
*o*o
[RI
.j+C
{[K1
1 (%
+&#m4
J` u
`x*&
&9X'g
o: @
8MnX[
nl O
'r)|$
a*_PIJ
46ep|$&r
x`\)
:>,v
NbN_N NLNDN
l01i
_ 3E:u^]
VU`F
(HNc
x"#B
1i-;
kR*m@
?fe"
7k {s%+
fbE%
"vJfC-&
K3M|h)
3'H9
+`SP
NCN;NfN|N
v6Xn
,Wq}-
<F!+
]@OV5O
5)6w
gs'P
_[|\
^v>|,P
xH:X#%:
#jL<Lg
N,NVN`N?N
YF8x
F.NVN
VfO~`h
kzc9
CuZ
>}15
bhaU
!BI(&X
?7+(
'O,t
uk7=
S N6
|C`Fe
uO@0X
rL9c
!|s
-G9
{4YoXMkS
r] I
RijndaelManaged
#&e
=gJLC 6
W,y$>
L,Z`h
tws/05
d`lSG
X-)$A
x@y
.`(60
pE&%
<G3~y1"
NUNnN?N?N
xZf$
=<c*
zAT{
~|}|
v#S
T k%
wvp>(
0=b
+^<
ms^DJ
4 \U
yD4c
psnjG q|O'
[:/td
8 g
r3]2
~ >b
>du+
2Nv]
PtpU
UOUPJOGe
p+a^
U"H+
_ L_g
g "
S%<xt
'"ir
k-8!O
0W(K
7!YVJ
STvb(
Xl9Zi
=mOF
!LWB
t|y>
set_Key
dpw!
8ny
CxN+
N;N<N1N9NzN<N_NIN
}[7GG
EP^-t
i4j+ HGx &
e-<;%+
w:)0i
"/Zm
t0 ,
JdCs
WD(PPG
VRFOxM
BZN:z&R
I5 ?
T^|1
HL)~:
Ag4s
z3|;
`/\2
XF8r
?T5N
# ,h
y Gg-
="3-mx
$6tJd
&<d
!ozM?
\ Rx'
MethodInfo
?%Py
NE}sp
& 7
oz6]
DdRX
}R.$
cbLd
C&I!
YDBb
z Qev
n-|[X
=0Jm
~q-gw
*QU^x
CallType
'}\J
M}51
_$-P
-15
ou* ~
[&S*P
1egf3
8ACc
3d{q
R3E=&%
jbFJj
n~@O
JG 3
iTL2~
X: v
q,0H
[/tC
?t h
UZ 5
?s*w
-\x
Pm4Z
EnJF
yaEi
ev,Y<
KaG/
9X2z
]w:qS
KQ&`
<A}c
|\3 ,W0n|
2_7
}5U*
d[&I
=un3
,Bf1S
G9]
j.Lc
ke0E
>^V}
M `Pw^/
]-s2
"&>N
z*24+!
+#\e60
/ScF
?8 f
Ac.3
Oc@K
N+N4N
2PYV
kI]~c
n{e!vf.
V]!1~
m >X
,>v\Y
;$7^
Microsoft.VisualBasic
oO8_
3rvNi7
J@}
pq\acm
9TIU
XQ1@]
e[(K
hYA5
h[u1
<ch!
Hd*;
@}}X1
5<X
^%TF\
7K}Q
,_?xa
4SlUt
ZPV92YP
y5Cjid
% gS
U>uR*
2}@ Z
6-z'j
Xn_
\0%(C
*Fr~}gF
y/pU
#gxb_eH
JGTI
Ti/D
Q"md
YbL(Y
E^{i
_)&=A.
vg,?SU
|E'de
ZI5S
`wrH
7N\
&x a
^.IW}R
tyY:
P}d&U
\YL_
JVpZ
9sKV
6YO(l&
Jt$}s
sA)V
H3V8
P"Pza
$a]C
SyEK
VaD@
<Efw
{<]&
0lOz
UQqB|;
|'-"
Oz!3
P: %
yh<`=
yW.+
2kRN
@8ax
8agX
?N.
mEj7l
^H7?
7Jz ~
List`1
SwH_
Z>\^
Gk1=`N1
pp\(C
*'qg
,cuuK
\k@a
+9c|D
)-'1
P w"{
^!^(7
m}3
NbNHN&NFN
nyHr
=z1`
Zq*i
4"A_
?s)
NyN(N
1FR-
u.mj< 1^t
5 Ng
,aB WQ}LQ
l(9[:
Ilg>
G8qYK
& uM
0 0e
<lke
+b1m7D
ts}(z
F\
wT0?
R: _
%50d
h5B9[
>r g
A{ 1`
,?C"<
K^,Q
TL`|
0Lv
i `=J-
<~=^
R<a%S
m>'Z
[,/=!
Tc>Gr
G7&z
>> ;
5kv@i>
"Z{%
A@qg
z8iC
pDWH
%#(n
y#< M#
NUB/'
n\Jd$
;M/L
lB%NHUh.Q
N)NmN:N N
ResourceManager
"%S6
Show
}JN_
z=+y;
3%b2
$D9h~
jq`_
>g4\O
[t_V
{aK es
FwNc
$ou
@PK=
"'=3
y80dB*
ew3'
:B :
ntdg2^
dNI
7{s!
;[uE
tp%
String
6uLy
1@Q V
Z& 7
1g],
(HcliVS
|0En
\o\bFoO
NpN1
1Z =
ap#2
z=C
Y|x:x
=*E|`
*hjxG.
{<-/
cV e,^
G%"WD
xAV5?~
08-|
H;=1
}$=?
nZ$eGm
|f #'
['P8Z
g" $ R
gD`
RjTyt
Tl#h`#
c\7a
8)`}
RLi
'v9q
Q_+n
J ex
[&'j@sD_
z!e0
- 54
H6[m1i
#TFyF
* b6
\4'h
FeD_
_?"]
ilN%
ToArray
DjQ)
Dl+ z8M, x#u
B!rV
Pgx;
5<.i{
z'<f
UnverifiableCodeAttribute
evC )6
I^D5
"8:w
z6%V
z==/:
oT])
U9i*[E
_oKM
8FVp
N NDNUNnN+N
"V{
T`Wn
d]M8
v1m N
L Oo[
b1|>W
Rj}) I
%9poZA6~
98NqN
fn)O
O_f*
}9Kl
+&-E
|k)60
R;fH
Uo0tI
vI73
\s'H
mmOI
?]I~V-
,y\f
,7 >7
<*2W
(+:!
.o*f
B2m e
(SUU
'8NH
$|5e
SvKJ
v#]c
"uff
G. *[ZH
D(eJ
bl mz
z6|T
/ 5;90
bKQvM
mjt6
,(nL"h
7KDs
E/NhS
6qwM
AFAH
KWeCm
!VG'
[UUzx
*v >
t W
!}z
S1m-
ar-hj
q,
H(9_
Hpp8&
msO!I
pVF
qU]"
r62XOj
-n3E
=75+E
zWRJ
7js>
>'*#
HP@n
LZN<
M( \
T`k^
l8o\AX
k(tG
<<MH
%:K<C[
[~N3
m SO
w bZF
NFp'
a'IP7
| 6{D
4?C2
U(b1.Ou
G.NVN
~~2j~
d &
'agf<
Gi9?m
.A\&T
N5Uje|
Pu"&
p}u#
Object
cTloR
-';-
Z{AB9
<^I"d8<
i@26
U1rO
2:N N_NEN9NRNJNhN3N
x}7m!*K5
s`fl
!fxq
FfK;G
`I@L
?EG6<Q]y|IT
z|R}
|X;@
O kz
4jyI
d@'-)
u!5IU
_q%
N/NNN
)Nm?
w 5D
XoP[
`I{w
?8>
h wv
/ oE
z'>#\
"w-a
jJ&L#
e22i
+:bG|
&Ffb
\^sN
{b*r
NsN<N
##h%
dVFh
VLP
7|)4At
&=Se
34 C
;,W,
3ZN5E=E
4oi8
|Kv]
a &O:
|o][
V,WFJ
* \~J
e$u9
JCBx
-7<jy
@3>v
zz~
Xy0d
nKV0
x54!
WcLp
tnjHu5
32u
`@^)
1"U
q>yc
Z\rh
oclea
shQaV
9az8\
}IBP
@:NsNhNmN8N-N
(b&W
),=Ci
R}H0
)hsg0~
(}tAg
vvP,I
nm3
8)@uG
eOa>
Qf'oJ
Z2V_
6y?Z==v
s_@A }
qO6
W c,TD
c7_[u
3cTg
4Y//&
|'g~9
eYU"
e6E:
(a3 3
5m6L"c
",;r [{
B40/
pg pU:
MgNfN
mp|S
g[\pN
OP)@
.QvCG
'SV
9/ F
<v}
X)`:w
40;pM
`.g`
dqe
)iR\
'q$(
d0q|
Rvcy)d2
X:y3
Dp[5
ffFj
=csjnu
u-Gs
rSOO`
[O :%~
;U <g[
D50D
PKK3@
Z$2<t/8n.
vN?/
c]yd
f#8{
Ej T
jup
9'?1
IG "{}uh
+`]gy
u (K
ui'#7%- |
eWn44a
JZrqOz
iZ/J
q9cn
9w<'f
g-O1i
NDF Q{@
]e)~
)W}g
<N 0
w@Ta
KN9
PADPADP\7
=/< l
JTz4
)UJox
dy :
iQ8<l
<c~3
&)a2
N&Z|&
0..$
%u}A3Ghm|
]&[q
;=& P
tzv:
Ga @>
% $)
KE;dzx
b;6`
&xgg
H[o^nq
^5Q
System.Threading
,[;>t
6mN4
.4\a
{`M,\
>}qR
]`qX
~`#L
u;/k
x`F(t
?wYy
ndocH
Ja'-
t d,
;7I{
P]UB
O6!`'
NxNNNKN
X;+R|
2nM
;@uQU
1H`m
VtpI
x%h>AS
N 5Tj1S
|Ru
v9qf
x"_C
x&]`
]:Qw s
nZ#w
]j~G]
0^ey
K={]
=4Y2V
tR.)0
*`&m
[c8,
:v,"L
:cky6
m%</
Zep0
3"m%~
C Q~
^Nk\
C7M%5
gU:ETZ)
C5>-
L.kc
?g x
?M~E#"!
9' Q
odgA
oK0l
>{k9K
]R9OTq
Z,(4
1F\qh
dNDB
`.?Z:
23M@
w,an w
?u);
gbq6
{9 B
g) J'T1
/p~*
~P][
m{ @
!RX1
pWd-
m"p"
?Ec%
]tkH
_u-%G
:#43
(?th
umG
x(9'SM
!;Gp
?V%4
G&Vv
\Q]2k
| eM
}l?S+
"z !]*R
K3{6
=f)M
4!?d
sOVC
[%aN
QO;yxp2
|::=
W{)1
ks_ W
qnM
~ .4
EsN1N
Q r4#
aT
P[xZ7
' ZP
^@)0 h
CbBg
rU +
$T<
pa=.{
+19
9:t6_
v8?
v2.0.50727
+lbQ
d%A5
5=l
+FMO
D'c&
AF\u0s
`IHo-
?Mh4#4f9
N6N*NRNGNeN
~9@
mH{
yV19
lunr
#kM
tLygo
9:l_=V
=<w"
+y <Y
8~K9
}U}}
EpVSOulUq
CaM\=
kWYi
fj}/
i9)cw
Zu_z
z%d8Z
WcU;
L Z
Exception
DV^x
b/ '
+AN N+NLN^N,NkN
6eP
rvB9
?|o:
5J 8ndA
]+Vo>
+/%k
I<<w
3b,d
=1j=
\~=-A
db2e
HNc@
y @~
R6G#
GetTypeFromHandle
T(_U
l%6B
Q7d/^,
fp98
hfPY
CreateDecryptor
SymmetricAlgorithm
{MFnpE
/7!Q}
O6)!
cjs$
h6z$v
rV;d
fjUJ
c-hX
ZQ^*sV
mAYA
4L8t
Nf:t
3)pK
,A(3
[Bb"
uhBu=
w|0A
Pot36r
}QsF
W p}
(vr,.
9n6f
]RN
`X<7
Q6 [
k[2I
u0{7x
/#i"
7$B]
k- 4
p} C
P3FR
f[9_ OSz2
s 6kBl
o# GP1
< 10!\
NWNCN9N~N
{! k{
y8OU
Uo~nQ4Y
@N8J
zP2kf
System.Collections.Generic
;~Es\s
p*t!+Ezzx
QV/A
[Y@
O x$
F8 k:
QN^t
k4N{
jv&S<
yycu
#IzDT
tJwA
z]?+
NkkTk;pXda
o/o|
Oe N ?
:Ew(Db
P\ C
@| A
;JbR
x ^9p9
+j1[R
ZJIs
jY(j
\d%mY
VbCS
]\iMz
dZ{M
#f:E
`.$O
bYeH
oH*'
System.Runtime.CompilerServices
Irc!?A^2V
`FO
i6L>dZ
w84v
*SN?
KWIxn*
["|
n'E+
Nvs[
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
v*c7e
+J$s
Q@Fw
o@ ,
M.T|
Q5pa
R+"Q$n
C#wY
iUb}
<HiD4
b| X
vR.vj
KiYH
4Sf4
y4zk
ZN&+
}pIA[
1G[M2n
1h^*Y
TransformFinalBlock
>)EY,
B)YW
| ,x
NxNWN
flWu
d2'**
\{lx
+#}j
sDs+
@pFB
lqqKL
1%J3
,8h:
+vmI
Nv_2
&+F8
3)YDD
_mq(
v v~Y
<Dfkz
pf!OM=
*\C*
-Z9e
C=[qB!
E$ Z
'Bx+
i?tV
ssxgt"l8
a'N~
3 8!
ybz 1
g=88p,
\_i_
lO*,
_l]$
N(NZN
+QWBt
~L,;
8#(
l #
}s(c1
`w
[X?6
y'@jw
bw50
}FX
|+Ct
-W
$T"*
sN G
3=IRJ
"U1FD
`nI@B
Wz%3
v;85B
]c!q
uQB
R ,1
(I''*sf
c$ Z
[EXqP W
i_lf
T)tu
R> i
@.5o
ag(fC
?^Th
W.nW
X6>=au
1!5Go
b@.=
N NPNZNXN/N1N[NENtN"N]N5N>NiNAN
&R/Ke
mscoree.dll
@~3E
e\t4
|QFS
9 o'N&
1,e(uG
ngd =4
@GOK
gk5
:^8}
3kQtN.
"5}[
6EV9
$EKB
)cI2A
N NEN;N]N
?vY7
e9WUlm
Bc7IX
tGU6)j%
""H}f
t_a_
yfs
;jNGN3N`N
88NqN
~vmrU
F>I`|
HE8*'Es
ip1J_u
"!MD
(L'2J=
|"fS
17r*
4w?
B&":
uedbRM
p GV
[<fZ
`&a]
'n(bZ
{'K"k
h 2/
52tU
;J_
* ^'O
cuYJ
(f}T3;
WY O
INo,
8 G*@
g$tI
:b%^
bm#g:
"b&Wa
{6wPG
q!M!/
6W;O
.f E
%}wZ~
!_w]M
;y6Or
CR\bt
e{RJ
$ 7
^ UH
sF]icD
q0PlX*
J@[W{=s
5\6L%'
PmEf
NyN:N
MU?h
S]1" %2
tcm)
Js(9
zs 3
Mxb^
v(=D
`gO>
I:*!
NnN6N{N N/N
{A"u
7sjF
G^fOQg
s8'5
fBm2
}c?*i
Thread
2DDC
OaPM
Ap!v
:y"*
y>)('ln
0bo
uMfj
278GX
a:s<
i\7f
s2l%
u7S,
=UOT
_nj0
;I'T
.78Y
k^5M
YXjg
?LHa
jsYR;Ne
ITZY
8/ q
3=pBm
IEnumerable`1
oH}
{U\\
set_IV
\y+n6
NAN.N/N
yH/F
nvcS
6 1v
!:s&v
%?!`c
]@f!}
Oc7
[AJO
ws3q
5I\iUQ?
dU41
kx1c
XR<>
sr2p
AaL
Zog:
~FX3
N N)N0N
NUNuNONUNKNrNnNUNANWNkN
7y\]
j<'j\
?;?7V
<;f!
G k
c@^"
oT`
`OGR l
%r*".
jT]8
N8N N2N?N
#~w-
A[+5y
{yYa
tt[jj
:a2%PIN
] "k
2m+'
3TQY[
2rs)
=r=#
$S]\E
?r:4
ymI9T
X&bff
@_X^L
3H/m
wp'2
.)2BQA
[|&g
IHPLJN
,:
hqIz
e |,3
KZqwppa
'+~e
ha</
n_/Y
p3G>
K_[WJ
:vLK
Tt>l
+B\v@
%i43
[%cY
XZr)
N{ 5 X'
N}%.H;
cjrng
|y #
:2|[
ZwLL7:
[]1R
l<g
YtD[3{3kN
NnNnN
:x
nY$W2
Zo|-,
O5j{(
If/p
N]NvNoN N<N
%wdU2
6TU2
m#
))-Xb=Ko]
'K<z,v
J`bG
'~^u
)rZS
JW d7
VQV_
nL~;b
-{-T
z@3U
ABw`n
Im}y
CallByName
TU#&
b%b+
5u5
!#.}
System.Windows.Forms
DC^*
2uk_
C>ywt(
Kns`
Tx9P
C$Uy?wD
7{wG
Z]`l
H4v\A7
?2pCN[
*"3>
/%rK
XV"K >
}_FZ}
^Jcg
IEND
4kUJ
'Zq(#Jk
QYG
@ 3 )
zl Q
0SIl
&'.k
M,\_
GG&Y
eeJH
F38d
W!wg
g:w?e
QpMq
J]Lo^
_jQ)PW
Y9b%
y ha
N(N[N
`Mk
r89c,
,Kr
/ SCA
_g9-GS
GA!p
TEx)
b,SA.g*F
D4Xn'
>8EHXHXj
=hds
D UC
t6t&2
lAch
]/^D
g{s(
>|w[0
#Gv[z
Sleep
'{w
.PgO,m
QJ
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2017-07-14 13:44:26 2017-07-14 13:47:17 171

5 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2017-07-14 13:44:26 2017-07-14 13:47:17 171

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\pay.exe.config
C:\Users\Seven01\AppData\Local\Temp\pay.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\pay.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\pay.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\pay.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\pay.resources\pay.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\pay.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\pay.resources\pay.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\pay.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\pay.resources\pay.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\pay.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\pay.resources\pay.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvbfg.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2384.19239390
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2384.19239390
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2384.19239421
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvbfg.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvbfg.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvbfg.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\pay.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\pay.resources\pay.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\pay.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\pay.resources\pay.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\pay.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\pay.resources\pay.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\pay.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\pay.resources\pay.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.19241671
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.19241671
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2568.19241671
C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\pay.exe.config
C:\Users\Seven01\AppData\Local\Temp\pay.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvbfg.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvbfg.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\SysWOW64\ntdll.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvbfg.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\pay.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2384.19239390
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2384.19239390
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2384.19239421
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.19241671
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.19241671
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2568.19241671

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pay.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3787e0c8\5be450c9
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6cfdd7e0\4c16fece
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|pay.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|pay.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|pay.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6cfdd7e0\389874ab
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mvbfg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|mvbfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|mvbfg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|mvbfg.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xcvbv
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\xcvbv

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xcvbv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\xcvbv

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xcvbv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\xcvbv

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.VirtualProtect
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.VirtualAllocEx
ntdll.dll.NtGetContextThread
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
ntdll.dll.NtSetContextThread
kernel32.dll.Wow64SetThreadContext
ntdll.dll.NtProtectVirtualMemory
ntdll.dll.NtWriteVirtualMemory
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtTerminateProcess
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.GetModuleFileNameW
shfolder.dll.SHGetFolderPathW
kernel32.dll.MoveFileW
kernel32.dll.LocalAlloc
kernel32.dll.RtlMoveMemory
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
kernel32.dll.LocalFree
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
advapi32.dll.RegSetValueExW
kernel32.dll.CreateProcessW

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvbfg.exe 
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvbfg.exe "

Started Services

Nothing to display

Created Services

Nothing to display