MalScore
100/100
MalFamily
Razy

Productlist.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 42/67 Related 2234
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 212.50 KB (217600 bytes)
Compile time: 2017-05-14 23:05:26
MD5: 55ca18e03909bbe7b8a7d73cb1f64615
SHA1: 900cafdc20891b82dfa43a59e29f93e8d0c9490e
SHA256: 8ed56a355f6054f9724970c4b78fce3d1057ece9a0ee8e9f7c5d9ef461c18e5b
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-02-26 13:54:05
Last submission: 2018-02-26 13:54:05
Filename detected: - Productlist.exe (1)
URL file hosting
hXXp://mlhuillier1.cf/Productlist.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-02-25 00:33:36 [42/67] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x34704 215040 e6618fb3e511993520e6f43ee9de8f40 2b9064f93c9c2e4488f578f19e7d923ac055a452
.rsrc 0x38000 0x5b4 1536 51c65ea377bcba86646bf7542b098fd7 14e47cac55d4b89c42e20efb6cdfc78c16782ae4
.reloc 0x3a000 0xc 512 c720b4be0c147c269e53ddfed906e812 1b1b339adf5343f838c094a31a77854dc9892af9
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x380a0 808 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x383c8 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright...
Assembly Version: 0.0.0.0
InternalName: Productlist.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: ebosofeyegorevafuyix
ProductName: ADPtest
ProductVersion: 1.0.0.0
FileDescription: ADPtest
Translation: 0x0000 0x04b0
OriginalFilename: Productlist.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
3dbafde0-3066-5c28
3dbafde0-3066-5c29
dxy
3dbafde0-3066-5c22
3dbafde0-3066-5c23
3dbafde0-3066-5c20
3dbafde0-3066-5c21
3dbafde0-3066-5c26
3dbafde0-3066-5c27
3dbafde0-3066-5c24
3dbafde0-3066-5c25
Copyright...
Company name
FileVersion
3dbafde0-3066-5c9
3dbafde0-3066-5c8
FileDescription
3dbafde0-3066-5c3
3dbafde0-3066-5c2
3dbafde0-3066-5c1
3dbafde0-3066-5c0
3dbafde0-3066-5c7
3dbafde0-3066-5c6
3dbafde0-3066-5c5
3dbafde0-3066-5c4
1.0.0.0
+5[b
ADPtest
StringFileInfo
Translation
VarFileInfo
ebosofeyegorevafuyix
Assembly Version
Comments
VS_VERSION_INFO
InternalName
3dbafde0-3066-5c13
3dbafde0-3066-5c12
3dbafde0-3066-5c11
3dbafde0-3066-5c10
3dbafde0-3066-5c17
3dbafde0-3066-5c16
3dbafde0-3066-5c15
3dbafde0-3066-5c14
3dbafde0-3066-5c19
3dbafde0-3066-5c18
0.0.0.0
OriginalFilename
LegalCopyright
2d1457d9-9edc-04
CompanyName
000004b0
ProductName
Productlist.exe
ProductVersion
<<GEM
F8~@
Xo\6d
dF| *
AY/9p,
cl]c)1
Q "A
WX}#
jnHU/
WX}%
:ryY?
PNG
RuntimeHelpers
gnP+U
gf.tJ$
J oQ
:aR?.
o=lC
U'gO5
Ics |(
&rSx
z? k
9@VJ
^G&e./
hHXR
get_Height
HL_d3
"FjI
szWh
@uyNUrLXL4
%dMz
)Cp*
]?;'
_5OJ
:,eB*
_,yO
&.@(]L
V8^
Vre
nn8a -"
l1oW
> .[c
u.'_
E jO6)lg$
O%O l(
_q) B$
:"v&7
X x
_<7k
cTkD
-x~Z
U/6;$
O<a.
:/ F=
Z[p;2s
8+q
cLLww
;gp-
Copyright
,/NRM:
_ai? =
V=FZ
n]EZ
|osi
/XOs1H
IbJh~\
AssemblyTitleAttribute
?:^o
\XdH
&\Q
lDR5_
che#
s1jElO
b7cl
i{$>,
tN0AT
3|-KS
315
SnsP
po8GKs0u
^35&Z
Bs:U`zBOov
3pY{-
T9KK
90VU
x'K0
4i!9
RuntimeFieldHandle
|qjXv3
Kx.%qF
N@Tt
&64A
OverRect
`0 %
.Pd)
xi?f
-<m ?=
%g_p
^]5C
$R24
n9mP
t>H|
B}sq[e4
o#Wu5rko
~tp^N
t=e)6}{
Ei7k_
t,Pbi8*z
8{lp
( x%
&}(=n8Yb
GqCS
yK{vC8
#yQS'F0
D{H"
}?_-O
$9DP
rXZxA
1Gm]
[(p%
O[1O
NQt8
<Ak,
aui?
N>ah
[ &HQz
3@nM->g
set_Alignment
6uYR
AssemblyCompanyAttribute
>5mzLNw
=.=l
.'#$
RskN(c
s [p
q4W1
e\v]
xO?
%+J<X
q4aa

j{3V=
e$"m
XOWc
~Fx
K4p?m
System.Security
} ]B
L-ANJ3^
$3UM
siz5P
Enumerable
NY Mn
wsF"
3Z5
m85}
x2KC
AppDomain
iT8P%Q
Rx<nS
7]"N
hgKx!FaL
/j{5
L ,(]
}^lQ
iAA/
Jk*q(
.uQ6<
$TV R g
SetBoundsCore
VhL(
PaintEventArgs
P=TC<D[i
! ${
q@a
!FsY
/Jb'>e
R"{]
xAs^
AssemblyTrademarkAttribute
yB)V
& )T
ihK:
=S-(
L6Dy^
-)'Zd
"OZ_
qy b
WmXY
t9~I
4DJw
=JJ1
aLTG
MJs q
;Yn
!svX
!K`:ci4
Ka<
h.HB
LY +
#Blob
Control
2} ]J
fHH6+
9d3w
:*sM
$Q F
;c)o
%>ln
\V_ac,
2{}O>o
6qi9.[
?C9&
7To8
uIDAThC
: P:
AssemblyFileVersionAttribute
[Bi;
;'l^
if5p
oJ-4
7KSop
_Du
/Z,J\iP
Type
,/nV
a_ -.J
0HA3
>j_g
$bGOl
s0x9
|ZrXlJ
xoqU
AzV
LzP@j
'P.G
..( M
% I=.
fdV2
gf4 '
"S)*
u{MI/z
3 zD
ke8l
T ,%
L`hJ
2Y)R
9}y)
;I*_
<yvT
P@9W
`~B^
<PrivateImplementationDetails>
Char
*/,k
'{I^
Jpg{
\4Pm
I\)L
(7w_P ?t<
_bW4
{dI.wp
D!*@
pXLjS
{ZsLw6F
- 1R
Z*6*
get_X
\rK
Zj5'
rLU?
[&(H
86jI
- ~~
'o9^pv
L_V:JX^
'l^es
sT+kB >
-,qi
6K1e
,h=o
E"y}
Gb`G
<E$ )$
RiLe
PPA~
<m x
Qyo6
hj ]^;bw
w] u-
_4HDu
b K8 <
)vcZ
Fj8-|
M@nz
NO?r+
^[~
yXVA+
)[,^
HSo,
qH^U;
BaseRect
vzo*
.text
;fL<
KZN
HGLaT
dMR{
m&/
KN|'
e\r>=*l
,>g%
B[2Xu}Db
E 9z?
a]-D
k28
ujN
F,nw
j /J
B(tk
d7mU}
(p<IbZ
jepO
#Qwr
\d$
!tfp>
ro ccQ
eT @
F>f .?q Ha
$6uB
&CfKG
/=%FN
Vj>%
0El9
<XGH
YKeS9
oTPAz
<0e<.?}
izxHj
%Om.-"
tWr^-
"k9s`
RW0b
Ff K
zHezm#e
&rUQI
s`G#j
a2IB
-o r
Ptk_
n,&
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
(Mk%,
-k9L
t`i[IA
VDY'
1,NY
q u~
xQ$Rv
J&Rz
t"P)
](K]Y
IGiS
,vy*
MN28"Ep9
\'JL
HAJbs^
`.rsrc
~ZJh
=ymTi
BoundsSpecified
get_Y
,vy?
viF[
e%Q<#
E(2-
,T#)K5
g*Y
h?DrM
+K?(
W):m
nv'(
IAii
^ 5G[
<+/
Rit*zm
[0=:
*S+%V|
9nHXT
0" V
3Hkf
-{rg
Qn_'K
WbdC
R3Pb
matemdeea.Initializare
@i!t
g#(_e
KNJW
d]&U\
(j_5
mXf?$
%36n
[[zf
e_WB
A@B %
2
=o;Jl[
(&kl
CN (
dd8L
,vy.h,
RAoq
t=}2
| &H ,
La4E
z8.IQ
dKcw/
F@R:E%
5)%8
gmi^
Lu-og
g"[6q'
:9{+
A74AA0950AD5B451848A01CAD02092776D92775A
Xy@>
eZ_
height
ControlStyles
J4:
9;W~0
lt6c
MouseEventArgs
J.f:
dKI/
DVqY
~} .
=\^<
72_dS
matemdeea
Dd0}vJ
{Wbo
X^P>g
r xk#w
s:ab
)r m\
,4?
7gW
j'WV{
UVY[
`OZ<v
#T~C
Ymn4
N2Q'
J H
j^XE.
T-u "
OnPaint
Fsc^;
#*)zlW
_9[Z
q"1\
:^67
`wSJ{l
OnMouseMove
#9iZ
P:6]p
h05xc
gFh? >
`8C~
WqNW
get_Assembly
9rVLW%
get_Message
xuNr
e>2t
cY)6`fz
M}4@bK
Y6ws
OY y
ERS7
KKM\
s6EY
mscoree.dll
QI^{M
Nj*0
v6V
y%cQ
G,_%!
Hovering
{R%5
{eLt=
JlQm7
[(@X
S[1_
matemdeea.exe
u(-?
get_Text
D^q>"
sIDAThC
^BY(f)K
0][kr
WrapNonExceptionThrows
B"UA
/Y~0
_8*:"
^T#blh
RuntimeTypeHandle
:N$ ]N
@;6R
>ECh7
*S$g>G<i
*9|u
(P'wp
e&u\
W9)E
s"~~
t) ^
K#?i
4SZ:>
XqL ys
;3D*
uV;M
$` b
/aG?
jGUl
rtI{
0Gi?
Hti8*{
l8c8
y:.i
0]QAl
K>GP\
qQ!]
k\7Kp`rF
{(mZl*
IHDR
&*8A
&*8B
4!M6l6
_T :@J
0]QAr
= l`
:'?H
PG=7
f9nA^U
x(|ik(J;
&*8~
s~-k
X46n
9(V4
]eJ
TSJuiV {
i79+
^Q|*
-}^@K
J=%EC
^%F}
5gvr
-u:LZ
System
EventArgs
K_H>m
nJ:;
YjQE
r}(g
rC;Q
e Fd3
B,WTh
VimS/
Bc~lWHTB
wsK<:^
-2on
FsWe
$hK/
J8024=
~M&&a("
8/h:
>~}
H/m>J
d78Jn
M451i
6<vP/
oIDAThC
MethodBase
#Strings
ymsE
OG6x
>*Dsn
System.Collections
Hi2F
Ypyr
/B{_skTx
CL u~
B)1H
xdkP
i.}8
oC}|
N$m/
F9kE
yEVnK?
VBP=
jU8e
Y70D
eQQ(i`
^va:
*QiI9
.SP
CD{
<j:~
textBounds
K-]M)
&pD]
m7~o
Fg5?b
X}Wy
[s.u
k{u?
<T`
NOE)0
!9N
>FsUG
/*}NT3
Fusl
get_EntryPoint
V%f%=5
Ei[4
B[p5;rC
get_ShowKeyboardCues
`? e
i Hj
PLhF
%9Po
l{I=x
jH56Z:?
+ \`
tR3f
Xvy
KW<p
?Rb~4
eB> 0[)B
ka ,
(*~N
IDAThC
9~Ml
R qU
.'i
AnGB
<bS
u*4
#zC}
$L_;
UoEI
+YC1a
iK|GY
@C{hh
)D;
U8VQ
kfM
zsQQR3
NQga
%XjErr
26*\1
\2if
(v<
TabControl
%<2#[!_D
W,8'3
oUPpz\{
M'aqq\&x
<_O+
si\g
)^g,^z~
Hb]N
g_iW
;B|Rj
`u5A
l 1
zvLV
1tK!
44y3l6:7"
U&_pB
[G.'
8*%jO<
Hyi )
8S 2$
N ~BJ>
Fy_)
^x.,^9
>x@l
-p{%
he(-5
set_BackColor
~=D4
/^28wy
oBPAk
3ovh
l:h#
get_Width
Ls=0
ur6
OTPAz
|r`8`V
DlCO/mFB
eFf<D=
.fIU
[?)V
*ng|
zS &b
+7 E
HV l
m~ e
t8^M9I
$401b8014-c24f-4aae-8859-43c834f7ccd9
.Ko(
>1MR
Ew6I
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
C#%@)
Hui9*{
D%?-
6}Z7
.F;0
5gw3
<#s
item
Ew6m
TextRenderer
D{ z
lzG5
H4Xtl
G?j5
J+sT#
+%ULG
'n3K
.(Mk$,
Z D<A
q}uBT
3jD [
=1i]VMN
System.Core
>` q
1<qn'@
LLPI'Z^
J5bRar
RGig
=a>"
{3wC
U[pF
%< ,kB
9|TmC
5v= b
z,RX
]o_Z
#rV8
h)uE
Jm `M
?b6;
_ ={
v`[Q
C
oSxe \
nePuu
<tXJ
^gS$
3iO
a <
CGIbvDW
2=Q
ku*H
w ,u
UO!
6r/x
uzP[
.V;j
b>6#P3
0[DL
i4n {9
'+1Xd
f&kj
~=i@
p}!&
iIDAThC
fI~l0
Y' g
BiK-
J>$>P
IDeviceContext
!o,X%~*O
&[.6
I%`Z
QY_3
MZBLi
+ <t
<K.
):R-
Jc|>
Y}'IK
]ob[p
ap?6
z8wMn^
V@ Nk
D7@s
F4ly
haLC
=7 UWsd
6?Mx<j 2
H}8s
#Z.qL
\2SQ
>/^).w<k
FqJ\^
lTPAz
iLu4
|<f=
x4K^
i,>! e
Contains
h@A>:
@jtw
q-%)t'
2gJW
%UUo
amIr
_?:q
7sok
ValueType
_zf="
OTSC
GuidAttribute
vbOa
^-#d
rNANF
(NvL
Ch9<
=|KG1P[2
w<8Ct
hf[Lr{
*+TF
e)/eSa
1 p
SeparatorPaintEventArgs
+@d g
get_Count
C=h
DsZm
:yJph
`cT
get_ClientRectangle
7pHel
mn^PR
=5w8
\Ks~
ButtonBase
; bg02I{p
WET
"sGgS
?S#?
U~tKZ4
IEquatable`1
Gk>S9{
W$w.
F>-_
8UYIo
`8?\~
(yTn6I
T^BX
PWgA
jZlM
q(mk
nstDr
(Hb~U1}+
NkK[9U
31$ [
B)ey
/krM
+ f6h
pIDAThC
"Z@ j
mx# ]{
ToString
ZO2LO
qY +
>$ y1Z
ca &
`]dX
_ah? =
OZi
YIWY
D\:k
b =:GR
D?`
6HXL
9v~sW%
VR#<
){wc
QAxe
6g}W
sg{BDU
x5.(
-OOI
Qb"}
-}z
"%F&
7!}E
dY +
~X@o
.5kZ
6 c<
x+\r"m
GetTabRect
pM@+i
.w&h9
s _
s3:}
+-IKZ+
m|~%%
F`4
ir+k
(hA}
c@gR
6=O#,<
JMW-v
<}37
~Q=<
Es1E
D h7U
(CH)0m>
D V{
w9[M
-kXN
ZSr_p
QmJ$
`xeE!
)osSk
l_rXI/
XR~8
D7M"
B805
3W-
gx%Ar@
?W:<
K.,p
FzH7H
8j^
Q`kr
kNiqp
[ Y2
A\1F
RHM&
MNS0W
A4I
-\ty
4R8>
luul
]4`D
R#
81J&
\mEl
\.7;0
width
PT/%
T{6Q)l
(Ou73
B^';
W% d
B&}i
tek[
Data
=k?8
oXXO
2^*m
L 2[K
Gu G
1g v
$d:G+Y
7 BV
m:59[H_
-j2CT%
MintSeparator
'*tq,I
uR/G
0]SAr
a:Ia
?'=9
k7pJY
^Uha
x5 8
eQ(^
pHYs
.ctor
m;L]^7
cv r
''
"9,_8;<
~]qkK
get_SelectedIndex
Yy7k^
@UBh
@VP^
N.AQ,
.k/s
{O`_
"{1m
tm<2F`RE!
vVu,1*Nr.
W%pQ
Invoke
k^D&
6 @
3>A(
^Dw1
DcR*
{t . U
>\?Z
5C__
LLA:JZ^
tFYH/^
jO
_)`r
8K[ak
.FRb
?>cr
?*<I[{
3c1R
OnCreateControl
N<A(J
zN"/n(
GetTypeFromHandle
9E+r
Vb5-
r\gw
8rbmg
W(9Z~
#pZ"j
0YQAb
.fnk%
B&oH
ll4
N+O
|y_B
w =y
yUmp
Rx_
S9VbP
Hg7,
b`D<&j
Array
I D%
VhfY
? u"q
.6;?
%?K3
sjoj
E3aW
@.reloc
}>:G
fOs
P.%W
K6u{
xvBU#
TabSizeMode
rl W
br%x
LIA/J
Byte
4!`:
d `{
Load
P1pZ{Nd\MG
Hui"*{
$JK)
{=G*
)FF^
p4Ta
H)RQ
Q8[s
kFiFL
+5p`
UinE'
2(N;
6QqX
3nr=H
DjZ5
&Or"
;Mum
j;U!
<f*-
,{y9
CreateInstanceAndUnwrap
h=#4
d <e
z0d c9
="cn
(Mk$,
Y v {4EX
rfY&{
Eg6C
tm<2F`RE)
/Y x
TbkM
y6cC
Y 8^
0.o%
K./]
K f
G\z~(R
get_Location
Dw {u
label
eqDj
P~q`
cNVU
0f`>
){w^
[1rxk:
(tp;
add_AssemblyResolve
q=RM3^
bDmu
TA&p]
&,;t
3y0{ S
Za&n]`
Nl O
GrOe
YJtvTW
LWrY,
'7 6Q
V nIG,
&?a?
g2d
o! ^
Y8v{
'vy*
\4WH
sKHbt
^<,a
)yI=t
hl w
OW Cc{+~9
Z=^\
^xVE
J&V*
$ )qr0>
9vtw
0>M:S
jkAb
Mnb2
plph
!SLq
Assembly
BL?qU
[W :*
dwhA
L\AVJ
Ka'C
q&.$
7\n c
Gja,
@@ # 'u
S:p+
)COg8*
H- !
E9)-
y*_Y
hFrsV
(Jk$,
f#'*
jY ,^
1UvukU
vWpd
LzXf
ga Fs
LayoutSettings
Invalidate
Mk"?
set_OverIndex
\3mc
j]TP@i
T,5~
\%M'
)0b1
0E=}
W6?v
)~q}
M'Gm$f
IFh+x;?
ykv.
u(B3
l;| $
K'y
StQv
<q(%
iYl
CPfb
@|1%lU
;"PI'`x
\U 2
VY+C
|y8
+< v
p xfm
d Jz
j,_1cL
C|G2
hNA
X
Eg'Z
y:7
oII,+
Lii@w
8C 4s(
X8@@q6
Sok+
s@PC
?6;3
*PL
> tv
) E!2
EI%C
30663199D3AB07B78A8162ACDF2B72649EA79565
%g VX
x[ E
tZ1
fnAO
q-<a
&Cw O8
4Rk;
Hvi8
32R>
bR$<C|
R%6a
X |
rtLXnC
4Q4?E
mZXOp
-~t7
twM7
Lq"4pto6M
R*qv
62Ya
pd8<Od
$}e
I ,}^
z-Sqs
AssemblyDescriptionAttribute
X E
[%:w!iX
Nu_{
P Yy
b5 #
PnU*PK
c9jA
fFdh
yf,&U
BC;$+
f9mA
X >
f99A
$\r?9A
07T9Y
_pA) =
Rh\r
4j#[
S lg!
oXs?
%9 =?B
t ]<
RuntimeCompatibilityAttribute
KL23
>~a 0
Bk;g
L,8K
#J;Z+#<
A\EL&6,
=Y<S
dmGmP
ah"6=
/Yz kR
!dn4
b9@V
, |}dd
|c
>[+R
nWV\xWS
H!%?
specified
}xs.6?N
dH'z
2g,g
0\zz
]QIr
M[\W
z"[d
h="3
LLAzJZ
sN X
3O XSq7
;799
e.R
;bIV
'N5K
\K*d
%h;\&
\4 O v
8L7'n
h n8
811NLO7
`q*]
K,&
o0-F?.
7,U0
fp-a
cbac
.?vU%
$5>w
FCA&Ys
"&"QQ
E$!<$
BN9S
Ql\6N
z k,2
Y8*e+lj
set_X
rk@`
] bJ
)V=yQ
$H$
.\v5}
s@s8
C)M^( I
}ziy
;ukx{
Gf#1
$-k
SK@g
DZq~
|e+$
TextFormatFlags
< E%
9'Y+-
lU+h]ksH
Ga")P"
W6
rvY$
LLA9J
".lu
m(L"),?|
<Module>
{lZ6&
5Q0/
?u4h
_nI]
IList
Color
[:NXtu
^G%$
ZT(60
ControlEventArgs
.Ut@
7 `&h&
E|)1C"
H>@T
^j{N
y{qr:/u
O>/(&F}
zu&r
gR2G
%-!&
x$KS
V ;#Fv
`Z G
Console
ib(?h
[>}%*
@5FE+s
-aDTuAp
kSvU{
xVOP
+"zcLR
Xt]g
TDoH
/ O<
#iDwk
PP1R
5I x
TekEl
vfdQ
<bdX
vr.Xq
mi.q!
get_Font
=cl
gAMA
x%q}
A~#8
4%X\
?yoe
vcpq
<_oC
fyZ%
u]"9
MarshalByRefObject
MDRh
Q8+D
yJHV"
.cctor
mscorlib
oTZ^v
\:Cj9M
nb3ES2
b=[T"
/{K
4 E$
e*/Y,
^L04hsG
MeasureText
^0s(
7>va
0X/B
U.?:
jf~8
H:V
KhH-Mu
Wi!De
get_TabPages
fIq.
V@-8
J?=6q
WBjD
,\l_<S
+[]~
\u-O,
3[`=
" =Do
0n58
+BJY
".\-0
mAI-
O5/i
T+}M;Q_3!
'wyb
x2]!!i-
_Assembly
System.Reflection
,wy*
<M9tm
J#n:JP
8Nz
2H(%
7_
&oR}i
AcK>
n]7.
l1vB
9)~ZWk
,'pt;
(`T.-
I1D[]
fyh{$
v*)[
miJR'
]tAj
q |0
! k<Q
nP,|
Ab]^
j'FZVW*y9
]#Cz
knQu
F[!
@C}bl
A3Sf
pB/N;u
K"d13LO
yp-$
Size
Append
~Pou
get_FontHeight
HEB_Xh
tw:Fww
Nwv_#@
/PY
Rhxs
V1?#
Incarcator
lm-g
N.&L3lj
8[J,\
V!L7
LLKHiZ^
\5v<
d$n\EY2|
%nN
'yBXJ
& U
f0ra
tmg$
#jA:LYO
RLca
Qh+Z/
9 2p
9W:F
O{K}
Y0zv
%4!
0b3<
adLk
~.6;1
"1.e
^|F?
8{ey
P>-}
?|wu
-[pd T
O 7P
oTQJz
`0hn^
6/S,m
ahr.vBl
?5 u t
1jeoJ
b*<O
6Vh3|%c
`1 Vde
)jKX#W
N6i:
>3A@
/2U7
_rus
%Bb{
# N_
5i5D
w&}8
6uPQ
F\
xe5}H
's>m
Q*sU]
]|Y|
nJn&
^Z&E9f
Z;\x
]qy_
M}Fb
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
GC.44
za-
<aq#
T1k_g
d3Nr
y ~I
"E9M
{XXu
^e0<
/ sV
8nVk
8c0KI
XXtm
JWFt
KuSm
!This program cannot be run in DOS mode. $
2d#K!?
28pB
aK_E
DO$t
]Pt^
M^k9
r|
OpOM
p s`
`,UT 5
CjjG
Un)A
<8DO2E#
-w92
W:d@
Ms
KK0?c
yX$
(lUc
.g 3
6Z42
8;+t+e
w_M
@AJhZ-w
E,Jj
n '
|?B]
ICloneable
?{v$)
~$S*
j#Q_
*W
y1wT
_AppDomain
[<_ Ij
4 F$
_am? =
8KR3
M e/
v,sF
fNV.
y?te
Ejy|n
:GA|
FsSm
|f/j
j.y^O&
^K%ll
>wPE
;C?Z
IO)R
]1-w
KYwHN
oTPG~
q*Tz*
`\v=
LabelEditEventArgs
K: ieQXd
kHCl*
}vV-7
!q6A
$8Yt_
matemdeea.ControlFolder
C1<4
K9*0
9cb}
BSJB
/{M*
L,vlq
S41!
7"U83$
2AV{5
lIDAThC
Ik8
_ai? =
Gh b
o<!Fe
(Zs*
f6$.
(QM
e|),
w5v
;.-q
[e/?
E
Rp-V
set_SizeMode
Qc( $
6s8
:\"*
EP uV
$Ng0
)2JGc
Ke OX\]f
)])C
&*LO
qB]~
x+NWJ
>zCG
/JY+
Hui<*
}q7{
M.-w
Nu+5
iE_ !
#lN!z
3*88
~EQ] %
h4:2f
f b{
=8NJ
NsdMl
System.Linq
PiPa'
ABKG6
/]@A+
ss+I
F[C{
6@jD]
InvalidOperationException
nIDAThC
68i@k5Ep
=PM/
Mfc
a Tg?
kZ>G
HFe(
QhZn
Q;L-
)o:KS
@~xgx
#uV/ZG
!S.ccZ
Xxt
SZ:N
@tZ!
{`*%s
a6G\
0l<#
H V>
bP)$
zEozV
, $+
ezM &S
]"mX
Cc _
/"'PL
bM-8&
}Oo
W^QZ
( d
u{ 0
-cBgnY
`k1 :
7"%
L7T[:
x$[T
\_A
SZ,8
pASQl
U@XP
d! r
jIDAThC
X6/029+
.!8/L
,[J5R
nr
@R3<Gb#
Es#
M*;C
evG5
6S$Mm
8Fg(P
zy y
D x6hv
t`]"
g'G,Y
(Ma;%
H:s%/
Int32
;R9R
FoIKlj
#TQ}0y
<dh:J\v
%0E^
'5 E
-OC:
Pp3/
jHNu
_"?M` o
D Z=
qgq:
e1Yq
-\!k
ErqV
get_TextBounds
{31
>Zm.
b(/X
lRq:x
`wc`
MethodInfo
86V<
dCr'
1.0.0.0
D5WU
EhwH8
zO_X
MA^k
CompilationRelaxationsAttribute
lN'g
TabPageCollection
y9=_
%"&:
Sx+6/
f^oNFo**
Uz \
k"
get_Graphics
6917
<:5y}
+4 E
cR$g
x5[@
eq4
%"T5
u0HC
&1 b
,z~f
Fa02f
${-
EG,/
LLA;JZ^
*svD$
(&Ddo}
9_t9
g>"WW
nn\x
D[!c
A01728AC7CB240F8E599AA569A1D4BD25D7B0F01
IKs~m
}o<g;
dq8+g
Gy*]
tlo&
LA J
}T<
Ke@m5
_am= =
lp3p
IEND
^2*
4-NI>
+(*y
_%B/
ResolveEventHandler
9gYf
HT ^
r8QQ~M{
F `V
9Qf=
sjVOxcN
.\D>
EYdY
OverIndex
PpY
L)W!
?cg!7#
\PyH9X?
Iv+<va
*.@Ln
;r69
/;q}
NvWg2-
!,)L
matemdeea
yp'm
na1V
A{8e
);|c
T:^y
t.-w
e~,d;l
Rectangle
[?UV;
xAMcT!
Y]8B
M*qc
get_White
J}>)
f'^
IB/#r6
`Tm4
g#$E
FG'5
H/m2vd
*JO7
Concat
k'IJ
d.*A
L,)c
StringBuilder
GcVT
~Q X
H" Dw
K>g";
;{ &
yllD
M @ZU
.TBrX
@?w ~
get_CurrentDomain
sAN
:`qk
_xvO
>s*m7
x7~&
<WOz
R<'U<
z;_<
%@p/
[*nDO
VH%
b1fw~
j%5Bz{b
get_OverIndex
tE<G
vTw*]
Ll!/
E _
&)>5x
,lG
Cef^
Xfax
9xmx
(3NH
HCt)
Za @
System.Text
FUQ
-h<z0
iEla Lx
'P=
M.Oj
.]<q_
.1D
!WlM
l/',
d{6C
7l\YdgS
E~U
],_E
myLZ
ENx_
W+xXH
rK &
q#f$!
~<
?m\/
;,Ld
.E4e=
i Rk9S~ W$#
C+B6+P
kIDAThC
YE\I
f(;d
Vi0U
K{Zqf
lb(
~pY?
1Y'1z5P
~] !
~+A]
x>Nq
D^Re%/
<B}
Ma8"
Mk.C
$6~
csAu
e-ME
.B;L
52y\
]%zZ<
<<#65
>nL]~
oUGfz%Sjs
fO3>U3#dp
{N'U%
]F)>
~)Uu
2M 7
#(Mm
(Ic_
u.)
RBOh
PUN9
24i|HC
C }z
-5Y
g^io
VDwOB
8eH5
2> 3
MOMw
@Y}[
gF?5#
o)+f
Font
Etx6.
P`<q0
A-b0
*fG@S
KHR(
)w5/
yHqW
`&bI
.a`
.t:uE
4Zf:V
o}eA}
PB!vg
String
} 1l
CFp{
4+w<j7,
u n:
I8u=
s@N Hf
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
IComparable`1
x//
d%6<
get_RightToLeft
04`e
U~-B
$ g3l
w,SN
f"Gr
/|maES_
~Q2K
Z-`H
~}ycta
InitializeArray
ad|b
Oc-O
l!(r
Is0<
WXc0
g"w{
)ZqX
'#]4S
7m*}
#JUA
}wb_D?
i[tM
^XF|
^f%J
4]e4$
}})!
ToArray
9)S}
f3:,Q
'S2
u.-w
?\ WC
EditorBrowsableAttribute
yW%gZz
get_Control
e];S
ks x2N
gVtF
svd&
~]Vt
H*~S
S(l3x
]DvL9
0K@R
hbZJ
get_Hovering
_3lcC
6e!]E
k- &
JS44
Bg$
E F<q
wj3=
U`&K_
z Bv
=c~
2 W$
mIDAThC
"$E(
GX3R
\!H&r<
rISlx
[PKl
System.Drawing
N(x
TabAlignment
o%C{g
get_FullName
0 X=~j
}VuA
"^@ ;
d$z3
4sR]F
WSICt
661Ez
6;Ym
FU{&
:$Gu[L
V[;\
\&
T%O&
}hA`
k9u_fH
P6I
v">I
N =BWZ&
x<K^
xm5*
VpY%
Bdvg
IcL<
te\p,
Y `OA
\B\bQ7
;hQU
Y_9*
DS[0
YEdmBi*
*,PNh5
!9|~
jl3d
3Rw6
>\CH.
B)c0
:P u/S
1>Sx
U]O}
%D0|
Rf[
q!OA
H-iK*
S(g.
XV6hV
Et6K
?w*7
%i>.(Y
2s@i
Y!'D
bAo{
&W}Z
Object
b\-_+
!i.
PtWquH
r+\7
,2bwS
Y>0-3
''sT
*`N
0|?DZ
#6;7
ComVisibleAttribute
[Uc_6
Nl;
w,!
aed0e8ba-e9f9-9e.Resources.resources
Q]Mw
e4 tZ'
^:OjC5
ef9q
]-U
Er%
RightToLeft
H G.
-]")]2
':W
u9&[9C
NM0`+
`9iF
+ 1]
p=Dd
ly~.w
oq6r
wu,sly
x*cai9
]dZ:
_3cF
7 [[
& <+
6 Q$`n
]CZT5
/>5k
oG`Bz
n`:M
)Zpw
-yL$
EditorBrowsableState
AssemblyConfigurationAttribute
%)Cq#x
~\]^o
g8*4(
%$(
K E
;mBo^
*iL>
OnMouseLeave
Kd<8
a" o
c7@?b
+$q}/~
J[r:
5oev
N^s?(
B|\m
TUQz
PH_Gg
_CorExeMain
iEs'N$
gs5g
k)tw
"[fR
Qy;
+|HI|
BwO7
+H!l
"M2m
pG#C@
~:u(
x| /
bO7A}
{.I?p
>FR
16@M
lZX
S7%e
R <J
udXrNw
qVVY
3jGF
80`<R
% q>
?uX 8
]N7
{]Y9
m5 9
w|m[
J6]E
'WV{
AWh
P \6
eNB]
_,
N1lL
DY(
yfhK
"B2A
r}0t
RfWsq
A `2
/YIq
SV.F
^lc+
Z,E@
){qx
G k%
bt&|U
8~6qt
[ ;"
c~vx9
ck^`wW
-%f9
`
j ~P!
/wd_
l^^ 1
)P/my
D=6!
[${b n
3yO$
.'om
} k
#hMz
(llc
F1Ad
Cdsfssrd
[bVH
Am4\
? 7#
tm<2F^
4pto6M
qc/fDU
|=E0
}}Ya
~0|e~
AssemblyCopyrightAttribute
88,k
-<c}[
set_Width
vGJr[
P?zKW|
?2(6a
E&tP
]>M|
/;"$
@ps
>V 5
gGkn$
; ^
bu5
ResolveEventArgs
n4Nf
W0s9
b]%G
Nb/F.
O+^e
?o^4
AyP7
qSN 2
ON(y~
b\5%A
g0B8
f_Uo
87YW
S_47
. D$
XG8Rf
utCd
FB%`4
M7]nS
'9B
A& 4>Q
MtJ1 OVI
M #m
^avQ
Cp '
3M6Y
{JO;
"pUI
HZm?u
f%B_
kJls
Vzr@W`
_%dz
p3Q0(
,KbB3
9qSv
&Gm ~
LHs.Mj
GSRm
LN~A{xG@
'dCyLK
Xv>?
dBzo
"Ozz
41E-
U@U<
69m).
,wy'
%"X
v vg
Klsr
\CPv
\_.nB
XVG\
RUG0-T@
ZY0
OnControlAdded
K`2N
>:q
,H2$
yv~]OvIp
mY +
e&?Y)><
HED
t U{
I393
nFPm
gL@r
?9U6
=_yI!
*)cJ
985U$)^
c }t
K L*
!GNf
F}u":
c"z8Y+
ArgumentNullException
,vy*x,
yw&o`
DDG0Fb4
c2Ej
ZrXlJ
)&cH`E
G$34d
ms-u
hnGm
Point
~SHh~
_ai?
Yom6
`]u3
:)&h
v2.0.50727
n:cQ`
dB^G
(leb
g<6
\2[8
1]QAr
t/f2
|ZZ g
ouO z
L`C8
1 g*
hEl//^+V
+j8H-h
%/$K
ndiI
!1"tx
5F4CD488B6C62923B122E22D4E77F8AF79D83C1D
C"! <
r{Nd
&H(+
o;1B
Exception
_ -
;hs%
B@\Z8
textFormatFlags
y7r{
f S9
qg.t6
LCO;c
0]RA
ld2)
aMIQ
,S9/
AgR>(:
[$W8
RR*Z!
-ADw
V{i7
t_Vp
Q1KX
$grj8o
V[:DDF
QT]&RBL
dBx:@
"|y2L
^eL,z
e@]ezxy
lxw,0
#ZO:0
\jwZzqa
sBL
d?9#A
z/ww
/]!G
O= @
O>d+ KZ
ISB|
Graphics
Tnrl\
~|a%
GzxgV
s##'
0#o`
,xFJ]
_ vQ/
Y8vv{
}&#$
b;Qx
Xl?*
M<]U
(-]D
Qe\w
~| 5
r:@d
\V T]8jb+.
5;"Z
<H|k
SE K
z8K
System.Collections.Generic
Bg-hA
Sd>w
2 +&
c";G
System.Runtime.InteropServices
jMxEd
irjA
wW.u
Math
.Koa
A7 \g
=gE14n6x
D0D;
][dL
_>38
'c0'
MeAPp
*m)4u
{#nL
,(}pXd8
-~x9
sr#qE
z?-39
tg|+
o$^
!u]FX
System.Runtime.CompilerServices
2j|L
F9f-D4
SuppressIldasmAttribute
VE- C
/fF4
Raq?
x/ 3
!BS(
_Mv<
_ap? =*
`5KW}|
E( 7
TopTabControl
FsWm
o 4^
xvy,
YC3F
9OC;b
@O$SU
vfq_
3k=DA
R0@?
LP:JZ^
y1KZ
'z_H
t^?
Q*qJ
Owbf
LxEN-!
j2EK
uZoU5
ItemWidth
DWWc
0&3A
Z;|2
4(%R
System.Windows.Forms
set_Font
(<2Fu
xYl0
tg%4
taG*
:.P;
(:7B
xsAT?
C 5E=<
,N&4J
\67D}
#d&%
#'x!$
?<Y,
kw6g_
R"::M
F Bm
Y 7$ [
N8W\
j 9Aa
]?W\
'IbB
3AS0-
5{eO
P@A&
L:GA
e$1us
Ds1x
yz+U
?|Rx~
qj_*Dq
qR-/
AssemblyProductAttribute
?[Thl
Uk!x
){q{
){qy
[]MC
tH2!8y
N_Xd
y4c7+
\(Ma5=
bv/RS
TextBounds
Ur
MHn,
>s6H
W7{_ G
XO5n~
graphics
awJ>
=>F
&x'G`
8 &
OZNT\
gZ!|
8s%5
value
`u_Mj
zX'7Ly
w!Sg
H27)
2018
QO@b
s[3g
{7C @
_]Z
56D155C606EA313AFF1DBAFC75907739C475F299
b{Zd
u\)m
!AWo vV
LpR:)=
s K
UQ*,Io
dNK
PW\vu
m iU
'\H|
AQz8
[_*.
= isRx97~AWV 2
'w'V
q,,K
@=sp
6w6?J
)}Qw
#GUID
0qoU
0D2y?
\@$J
"9YK*3
-~:@W
F`+=
,NeRc
mn}G
VaoA
TR@.P_
qIDAThC
3lo{DV
!+X$
TWdz
=XS6
}O "
~yq
PDQ
3ojR`
hHW,
$hFcUb
MId
set_ItemSize
^7:Y)B
v5<ee{
>a,%
4m-
rWLt
;nXQ$"
Hui9*z
*qlf
|}TP@zxA
Nm"/2
Q<I[J5
{qr=
~| .
7+N\-
[7h0
K$`r
|@
pNPY
athF
P_<\
2u n
%(HVl]
uX%Z
x1K\
x1K^
q2u]
m^0P
@s+r
^)|M)
NdD)
S@k/
j14"
iX'@
6;b(N
:Hdu
:{DL
XI5Z
why[/M
IEnumerable`1
Y+m%
Q<wD
us>~
F0hkS
V{ ~
t^-Y
`\Y]
g1^ 6
pf SdU
[Qq0
@%)z
d|}N
@]'
e.Ik
hLzB
&m3;
.0-t
/mA`
.1/@(J
5h;!
3}y;
#.6,
)8v;
pMz
get_Size
yt=w
<JFd
(|k.$%|
i %_
J(~ o
I2QY
IVHm
[f?l
AhC(
!g-
baZD
s,vy-
,s{@d
N U
System.ComponentModel
V= {tO
<upd
M$qW
!a@~?
4G]!
C_#%
HTi"*h
/@ns
E}:O
|i,|
)zZY
jtC6|
jJ.pJZT
IEvidenceFactory
(3 i@|
y3'.
$mr
vxc4 G
<+z"c[
NQu p
!\8|
R4Y!
=u L
1q#
a<e#V\
)9X_
REdI
lMB2NZ_
M 6P
\5,"
aXU]ml
MUi(
xe.K
$_6\
U&1r
>0nr:
{:WD
'onG
$Fgj
xA]^
>Xj
H\NQ
a=_5
U>%A
2=<3
G6f,
get_TextFormatFlags
N)T[
Oc!,
;S2`<
gL|o I
$Az0
iR}'Md
WriteLine
3f9m?
System.Drawing.Bitmap
/y8 /
y(fi
) _ai?
4 ?4W
G5Wa
;DF4]N
EJh0M
89o}
SetStyle
gwPjU5
i<7Z
.m$
(td{
GxBK
}JV%
xVe9,$/
2\w
+ _pqIr
r9q;
z+w>
3F91
_ FA
u/xg
*Y5X
lu|#
S*A2
GeW$
Pewh
79AM
5(Y$
Q!~Fo`P
rj\{r
F65p
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2018-02-26 13:53:28 2018-02-26 13:56:20 172

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2018-02-26 13:53:28 2018-02-26 13:56:20 172

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\Productlist.exe.config
C:\Users\Seven01\AppData\Local\Temp\Productlist.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\Productlist.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\Productlist.config
C:\Users\Seven01\AppData\Local\Temp\Productlist.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\Globalization\it-it.nlp
C:\Users\Seven01\AppData\Local\Temp\Productlist.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2108.16866437
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2108.16866437
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2108.16866484
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2368.16901171
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2368.16901171
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2368.16901171

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\Productlist.exe.config
C:\Users\Seven01\AppData\Local\Temp\Productlist.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\Productlist.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2108.16866437
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2108.16866437
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2108.16866484
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2368.16901171
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2368.16901171
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2368.16901171

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Productlist.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\410fe546\7307cd04
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\40ef5613
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Productlist.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Productlist.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Productlist.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\10592a67
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MDSCu.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|MDSCu.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|MDSCu.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|MDSCu.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.SwitchToThread
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
advapi32.dll.RegSetValueExW
kernel32.dll.DeleteAtom
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
gdiplus.dll.GdipDisposeImage
ntdll.dll.ZwUnmapViewOfSection

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDSCu.exe 
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-02-26 13:54:08

Detected family: #Razy

TheSystem Itself @ 2018-02-26 14:06:02