MalScore
100/100
MalFamily
Malicious

Brochure.scr

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 20/67 Related 1999
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 181.50 KB (185856 bytes)
Compile time: 2017-05-02 03:29:24
MD5: 6dc544f2fe3aecff02138f1880ce5ba7
SHA1: 74e49bc2b63e15f9aba5bd7e578e8c7530e13bc2
SHA256: 1138f8675754172e5d10f33cbb1e34c52d8aa29ceadc13fecf82e22c15082047
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 ?6/QN+t .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-02-11 20:54:03
Last submission: 2018-02-11 20:54:03
Filename detected: - Brochure.scr (1)
URL file hosting
hXXp://flashpointy.xyz/mail/Brochure.scrVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-02-11 06:31:08 [20/67] VirusTotal
PE Sections 4 suspicious
Name VAddress VSize Size MD5 SHA1
?6/QN+t 0x2000 0xb9e4 47616 a0aadd2f65faf8e2917edae59c718fe6 4a214a26735658844fa374937be195b494b1f941
.text 0xe000 0x1c830 117248 327366da14f49f77163be40e64b53f66 268aaa7005778bbe989490ec754aa52e4ecb883b
.rsrc 0x2c000 0x48e8 18944 cae0b5634eea4cbb2d149270a5a14469 a0425798ae4dec03a02a73b01c4dfb2f820f13f8
.reloc 0x32000 0xc 512 91840e499f62c8a5bca414c133ca0d9f da6b88fb648e7a3430f23bdd04c74e5586783866
0x34000 0x10 512 d76a1de72db623060708b7c6dfe47f8a bb5b3ae83849ba79248a8c66bbb4c81d8f8331d0
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x2c130 16936 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x30358 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x3036c 908 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x306f8 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 Mariner Health Care Inc.
Assembly Version: 0.0.0.0
InternalName: ORDER123.exe
FileVersion: 12.12.6.4
CompanyName: Mariner Health Care Inc.
Comments: asuqujezuficep
ProductName: BenchMark ULTRA
ProductVersion: 12.12.6.4
FileDescription: BenchMark ULTRA
Translation: 0x0000 0x04b0
OriginalFilename: ORDER123.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
mscoree.dll
KERNEL32.dll
IP Found
12.12.6.4
URL(s)
No URL found
BenchMark ULTRA
U4c
2018 Mariner Health Care Inc.
VarFileInfo
Comments
90K
51fb67a4-f2d2-5d4
51fb67a4-f2d2-5d5
51fb67a4-f2d2-5d6
51fb67a4-f2d2-5d7
51fb67a4-f2d2-5d0
51fb67a4-f2d2-5d1
51fb67a4-f2d2-5d2
51fb67a4-f2d2-5d3
Mariner Health Care Inc.
Copyright
51fb67a4-f2d2-5d8
51fb67a4-f2d2-5d9
0.0.0.0
OriginalFilename
51fb67a4-f2d2-5d18
51fb67a4-f2d2-5d19
51fb67a4-f2d2-5d16
51fb67a4-f2d2-5d17
51fb67a4-f2d2-5d14
51fb67a4-f2d2-5d15
51fb67a4-f2d2-5d12
51fb67a4-f2d2-5d13
51fb67a4-f2d2-5d10
51fb67a4-f2d2-5d11
Assembly Version
cbf5757e-c1fe-05
FileVersion
51fb67a4-f2d2-5d20
VS_VERSION_INFO
StringFileInfo
InternalName
000004b0
12.12.6.4
ProductVersion
FileDescription
Translation
asuqujezuficep
LegalCopyright
e6s
CompanyName
ProductName
ORDER123.exe
_v)=
h,CdK
`K<FQ
4cqmV
m DC
f,&~
)A|=
.}(-I
Du!]7j
f+Ye
D:\pC
^#5/A
J~dR
PNG
N-V.IZ
]7^T
ObjectHandle
J3`A
=Vts
.E[ M
>0E{|1Z
}@qVb]'g)r+5M4G=#';iaQ/A#
9kQ
I< n
uU$(S:i
5 t<U
ResolveEventHandler
AZ2c
n#ZE
LM~wHW-
g-IW
:$*
$0380d2e8-e4ac-4361-9355-30a1e3b767e9
7zUOX
k}fi
O5.'A
`5~6
3zX
S68=sg+~
g6m(
sS%6
8x q
[fv
b Hj
CQ0<
JH3>gw
Z(% |
lH T
uE)6
GTO%&
+Qvf
'6>{
nv>f^
s"]q.
7U\X
9 kq
(4d?
)w p
8R+s
i8uS
`k~ )
Marshal
FX8dC,
ia?}
.V c
(dy2
|-!O
+FJ.[w
SCzA
rAH_
&49+
(N`@
P* &KM%=
op_Explicit
/FQXU
aP1w&
}IDAThC
E[}S
'Re-
) f;
_c?V
}wZl
"P?<
?-OI
;EZd
}{.sv
EGhK
@1CjqG
F_c6
?@F"U
<h~p
><pl
'.wg
w^n
mFxQy
a@N,
m:<6a
$%Q8
~Cdaqa@$_73HVKH9*gpP1Kex3
Duvu
m$C|Ic<
| 3F
UXTAQ
nFIRB
S"6'o'
p]7^
AssemblyCompanyAttribute
4rsj
2szlz
d@Pk:1
|cG
n,Dv
;H?l
=~fn
" Xc~
R0 r
FN h1
HwI#
!nlW
"M(M
W]G^i
5OdFuMD+B_Q4IEVx471BGrM8'
Y #r u
Enumerable
uDZ/
G_|
wYGmU
i< ,
AppDomain
[?45{
[T@=
[-&/$)P^Y &Xkx&P94:Pm_E$!
:_ALw
pm\I@
get_CurrentDomain
{[Ee
4C r1
_II~
z?VL
.d>8 )
i G&0
"dLY?
e%V 0
O\c'
`Q{ \b@;
+wR!
D,\%u"
`M Kw+W;
-6R{
']@Tq
yq
o<LeCB
'(eW1MX@)_!EU0{R-7)ZV{>l"
Sng0UHo
EL#p>
d!M
z``O
mO!9
A~+L
jE[%
hAF#
AssemblyTrademarkAttribute
$=f`
`7OA?
:r0+1\8N[Z[63/:^+I#j8@%|$
XoO+H.b?1
j+(n
8r pL
Z>lG
Y]Oj[
8h:R
Ik4
66Y$B
R6Z[}VOt[{ZZlPB-;|+f89R2%
#DJq
Mf~P
!cz%j
h =q
?/4{
?!j'
)mVK:
B#AR
#Blob
;c)y
\+#oY[%E{'DwX)/SNZ-ft`it#
c0/B
,Y:o
FH7A
5(Kp
Hchy
>Vag"
(((
joD#
aAQ64
Iazi
s\i[
.]1C
Type
DOhb
s}GLo>IXAn\Y1e]tTTZMy6ey!
v/X8h
V&*s
`T?J
}o;
>[<p
LW,+6
*?aH~
,5gc
@d5T(Kul2
>vL==
%"hQ
Br 8
?p|RI
7E3Y]J#}),q1_b^/6; WB6)2$
.sTz
7|65
S<"5T
>dU0Z
Br J
q,lK}
UM [
lwUQH
S3^3?
2018
;j/t@Kn'h=>ZapsaFJ$$\ ,L&
hU/^ 3
A@|G
#E fd
8KrF)@6w
O8W60O28,_(VV78r&pV-i"yw!
Char
#8&J
m_)%I$
UE/x
=tz#
zlf$
TZ n
KH9^J
0!+`
7ilO
}$3WmI>X&W,rt_xd@=AwKV381
.IRK
iW`4Z!*f>]@2"$o={nbRR*z6"
-"%s
L@:7
}RF
X|C-
Ay?
TSXr
HXu
%AMm
7U03~f9kYduzM7?8a@BlW@7Z
get_FullyQualifiedName
%^
^Gc]
t[WE
s$EX
f3 &
;_m=
6n(.
&Y80R=S\s}+fZIqkJg KZzma
+@B,|u
C&jU
Fd+8
}^#`
p:}`
Ms:'
aF_&
v{:OMz
?EC}
C#6c
^6Fm,[ktO[[@EWie7=~ Rucm&
(=BzCG
Le m
qwOh~<0
oXT
XI %
C-rS
[e %
5kum
@=C
7;EO
qdybp
.text
I2aG(D
S&f0
GetString
bGM'
Component
=Y^>g4)[(v3-AZ"zC)=mb/fz,
{8I,T7JPjOIDV!%m:+\dxe;)#
oq&E
Rs:"
j`.1=(
:kT
W *J+
~xeV+
$&/(
@xR<
?BNge
;bEf
qJi>
u`F<u6a|X6(Q$Tfk46@ks|h!#
]" $
|KQe
4/zK
VUT?si
lt|+
~s*|
V^ ujY
R#;E!P
m5-Ff=
xtNYs
PO/
$4mj
&%1Z
?G(G,
({)_{4Y\J)hM%>~]mpfRsG%C!
g tO
[`K|
(WmH
1R"J
=t$
OK!I
P)Q@
P}E\
4se'79
bZzg`
"AP5L
mf5|0)h
`O73%
nQ,=
8nLA
ANA`
AugQt5
&MI@
( &
'TE-HU"
In-r
riz\<
R7'<N
1/n9w@@[v;nr78\5r@z/"fND"
nI]]
'^ @
~J[sN0
j?Ez
-)Y
!'7m"
9D=-
uO3s
r#Ou
v2$z
RkUiA
dw-~
$nxp
,x>B
K+`1s
l_jX$Aw
DOt^
$@|T
nYd)
o=VI
r~7,Dn
48JkO
- sHs3VD
GetTypeFromHandle
;6R]
CP_'BM;:u
3ns45`
L<rN
:?RG
UQ?x
^>Z@
Y"1bI`
s`%
_H4$
7Y @
m 9_
C?pd\
x "?*
^AIe
ZQ=R)
dJE^
|69dH
jZ2 >
IMgf
R^f]
;QA<
dnMc
5L~y
3#QP
'=m[iaI-$?+6)csa;NgIy'k)"
()g%
,u!#
dB tP
avPL[aW*K
[<?H 3
arpgly?8Bc
?YV&
:~%~
N<oM
i ub
(
^akX
lYfr3
~*e[?
?kN{
`n uPW
Q~;U8 :M
YBwh
BW)Xn
\Z;Y
nb]\
X%z
MAB[ m
}p$ O
=JGOV
Write
LC{|
a/lL<]CTN=<Bs^XfXpqF&n@a!
>Yy|nQ%47@V" 7"ofSY*[IHD%
'gW^)
7$,,;(o'x:"7hwu/j$eb:c%&"
tViQ
Ery(
get_Assembly
Wu|l
J,B
Tp.@*
kY5$
]X0\\
qBj,Y^|
vkl
IG#"
0p(Y
]JbP
~enP
8<r>
$ ^%
|KcRV
~qfIup`/xN&Z9'kQU6hzp$6r$
-b@`
System.IO
WrapNonExceptionThrows
5F-q#
[3nO \
%e]9
K\ W
EHw]
Uc _
N|4e
Console
c7`<
'VYm:
MB4\
(2mQ
G[rS
L gV 7
K;Pz
(JTg
bRaX
TkZu
L9%`'f
(|=v~
8M >
UCF5Xp}#mN%?}[-zoV&=b]fX!
&x3{eo;)%YCep7XB)>L0rce9
STAThreadAttribute
_y&0*985g|$Z>$lT,o=dT;J\,
!%<`}
%yA,{"B0Byt?2FA!8!EMV5E$)
*Fg :
IHDR
=|X:
jL.@
,9`_
1g,q
T& Z
.k{+
)?AM
o(v?
b 6f
T.r,
8"r<
TlVH
-zA&
co d
System
` "W9
/jctq
<jGJ
d_pq-"ut!y-XCqs#g>SV0T5g"
'Vk+
v_NA
(?M#
IIww
B?NX
&:UJ|A
k=s)
_Z9@J
(Bl
P|; zd
CreateInstance
dyiK
y/1!
SWZc
._Rphx
[C #
*~8V
MethodBase
#Strings
]BT"
;Fi@zx
GO;XJ4kps3T^N=rUA_dgzPx]"
}B8^
/gV3\
[Zjh))
oZ7 )
,~1%
4F1FE45CC8C0F845A1A23E6C9C2F14C54148BD4C
:lF
IQ0C
tw7RRJ7
U:[}H0
VirtualProtect
)DTf
w#i(
%b}{;
?udJoA_
3x&n
{Dt-
gU(7 Yy
Ht=a)
]L%O<+\Rzi\HbhVDzk{PSX"|"
I'lL
_2@08
get_EntryPoint
XI9i
(uB)R
L?ey
Module
h&l|S
>,<5%
Dofz
$*6I
XgeY
_,+hu
->Wm^;d
=`&]
4w1tkL_
add_AssemblyResolve
IDAThC
TDFN
AF]gr
Tn,C
System.Security
!N@JV
psK-
hLvk
21p;
\l^gc$p"r_!mi~O4{oP7dNA)"
d-^}
.$M0
U|E@hq}UL5a>3*}7^VT<`U8i!
szw F
_4h;T&NX
{<M=
e{V+
,cl"
(rjv
@GO6\
W*g
8y(@4'6q),`'WzS)Fw=FX9+F%
R+K)p
NbMcOaN;9#WC/le~+8Z0@,Hw*
Y_SE
$H'k
*v0$
sCdc
~IDAThC
H~BJ
5SU2
#@8tR
zzY
vvmP
%;6k
Intern
%tE8~
DG>%
I,qk$%@T + \5MY0({bM8N$V#
9saA
2!XJp
92.n
SE>V
rDJ}
@zXi
get_UTF8
8SS(%1;V
;D ,
$O}@+
O)FG
$^q%]
]$g"
h%'9
4{rj
mWm.
b <W
2M<
}4*&
CgB$}R
uUcI$?
-t
IcuI
|6Xbq
JIl_7
V +_&
`mtmx~Hb}Np!| ?o!D7{QUBk#
QR j
4EZ#|k
&{wA`
B+| )AwoF+Ga"pqJ$cxfmDCL&
fxjh
&(%4
GPRKA
EvEh'q
Gsli
@sU#
_1zt
7U5.
Rk$PV
_A6Q%&b
(5b&1
OK)ft-
!{vd
Z_/L
M7~I2
f|E{
j!s
jb\;@
A@ w
bDF:
s]< 2
.3L
K~U"
O3&1
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
$7]TKp`^:},C)/rc:kjpj~H]!
Uet,
g'"$@
N`Ps
KE>1H"yfIV!i&iz,h<53^v$3!
r9zMd
gvkq%
$\7P
Vs<W)
Qz-B
m5&r
n ;
#n _'
6XX9'v
"]7FJ
\@!'
zW2
W;"t
/y$V
AU^D^w
i*/_Xtg
\0K1
5 fN]Z}0:NK"Z7mkUOX @%&S,
;8.^
]2#m
+SV*
nN-6
FQk^.
**'
3/v.
>/6!<i
<g{Z
GA.w
7rQY
k 5UR
u!M!!
Yv=t
{IDAThC
3TS.
8sRf0tIp
VA;+
x`D+
1?O)a
o9 I
cL%FO
WX-`D1YPiMz\JmxD:;]t%' x!
T=*q
R>d`
UQ#(
x;SPxz4HdyjD?E@$p ;Ux>Il"
755V
Iv9`
get_Length
$g@j!J
YQ.xBR@
1ix`E
SNWW!
ixU
N5eY
L>h_
,%*&
"O
N;(h
P chj
|H9g
N Jd
\\H8
};> 1:
2R ;jr
IEvidenceFactory
K0$a
bmlQF
l$/|T
yZP4n
ValueType
5_>;
<9K#<5IV|`4A93S' ^D5e%[1,
14CjL04t^KSU@_Wc:7J]L-7S"
#R L./,*
f=Nvm
u(fw
`7,}
\ H3
}-M[u
w|Z>
+YdM
uf4M
[xf*
y}XuuL_
eI2G?a
PMGJ
=.{oX
}? J
"z;n
8oQ!
System.Runtime.Remoting
grUz
`1'-Lad
NZl9T`
%- HU0u3,S"7)?&uM"nW:X1i)
~?~^#
[\ N
+: s
e/"'b4
H:x?8
.Ag @
V"Yz
7?rf
g]h.
UCHG=
;?hII
{]MpO
YA-,
dmjS
Eu)#
U K |
Y Y8
80?96$me|W6UncXcODFjJ[Xr!
h#T=
c&.b~
UInt32
r4b#=(
>g&-fW^Ee+eQVm/xU0zSlL4M
7CZ;
1+C3%(
G<eP
ICustomAttributeProvider
FE%lr
ToString
lx +
GjvLY
-#WP
&6,@
w{ix
I:FXS56!kjDBr2i#W3:24w]<"
eD|
/[|U
LVIJ
iDL!
}~
]Bc! 0
$DnB
6Pro
G%5La
O!
v=oVU
ServiceBase
Zpq{
t Cuj)
2o qY
Wpx-
.<$
gdJp
,q F)
N,2^Y
]Dal(c
P)3A
Y\ia?:k/C%$D*:D7VKZ#J_S_+
HJii
Q /u
jgCEg
MXA9
~&75i
9S9L
_N,q
wI0g
|OdZ
}5(F
AssemblyTitleAttribute
8xZ)
eVx(
r d ?
I@$A
j3i_
*}8u
c"%n
;O*^
q&qa
&`F!XW'Zwq`x7k$5?;#$JJ%!
^PO@*
96L B3
AJ5v
Installer
Lp}Su
` h
xh b
5V;.
Gondv/JMs/)'lR: VgA5mIK4!
EO^j}z
_$_
p.qs
fIeWGr[y0w9~[y_TGEjJm\r+"
z 7[
PAOr
yTtcMrU}`jwSF[]a%x-[=OdX'
;@^H
R);W#Gs
$Nws
'@yu$
Mm[=PE@Gq21sE>:-LxgP'213%
Nwf.
Data
DZ*
*.h
WoDf
=2vN
88lX)
hgx\s6tb?ZL5Lg%elC~#n+7L"
x*7s
W]SN
+r \
cte5
p4;=
qx@
c|;c
pHYs
.ctor
%n7"k1t
-"g3>
VyDNM
D Ao
get_Message
Container
K! b
@ 32
P"#7
9R(ZS
N%Db
5y]8
Invoke
+6%A!
N@xOzj
==<$\\\
F(2
9;9+
{+wT
/@OO^
:5QS
;M{m
HJ2RZ
( 0k
w;Y{mWfyKkY%f)M"En4)fWrj#
w`w%
?hK\3-
&sq+Oi
Xm1H
[\OZG
vZ
)ooK ZA
+'EQ}F
\2fP
+SeP
jH)R:Ejdm<R+\VOZr8)j!+Nn!
:)]E
Array
3uS=
^@cDKYeI,}@EzR>QR0*nQV<P
t=^Uf
-&"Mh
~.l8
@.reloc
t_[=
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
?~}\T
B5C].
;,V>z6
pgUr=SE
11D|ii
Zg$\
7^*s
BCT2
9o,H
UgA-
w@Zk
c3Yy
Byte
get_Chars
v4cY
w+c
NFy{
,dzF
5#!7D
fu|%
]71
_#x]
'(d|
*DN.J
&OPL
*%$PC
C !sJ
8jSs@U\
{i&B/
;Hy
(S)J
-#AaL
R^<|jU=N2ihn/))k<HXgSa"&!
6GK~
t P}
G #L
6)xc
~2=}{
4Ngc
pN{>
ELjr
!25&
*z$Y
v~~%p(:2e6*T>f>$H#gx8 fd(
ky&G
]64OU@;ynWM0*M*Y*qwI)%WF&
zK|(\vF
Bo!8~`
sI4}
fqnI
o3v.
<eZ&l
. -,
3FPo
}c3uz
Kev
$) Y
v>^Tt!J
J)cOK
~vG'[';c:Qpui-:KWXa+Vg<z!
A89 $
bQ|F
? >AG
TH/
'r:<f
K/&Q
6&Kz|
x3<*
V+0O/+NUC9}XrGG=/yS?4v98$
1t4O
6R{I
RuntimeCompatibilityAttribute
tww3
|9'w7
$p%
Assembly
14y'
Z\Etn
xR?E
CuTineVoiFi
gMlq
TD{_C}q
TkIlxjg
FUAX
MM6Z
G7Zw
""4>
vds4
Ee8iG
zjyC
ZF.)}
02:U]
T\o5
b;K`Lh
2~r
_.:H
:NhGY"
2E c
m%M?M! ra4c3=c()O:~g|a^;$
:Cu&
hq'SCQ
_*,'
qy
bb@`
\F!B
#Oy-
NewGuid
I/8Nn
nRhj
J {G
?=$c;
set_AutoScaleMode
4,2x
6"<P3
F+W]
`.lc
"~Rb9
{*J<(q
"j0.$
@RU(
76u(
0WI\GED
o@sCVyc
zIolr
$t!20":
_ +L#
B,h"WS/PFIyXtC73HcoeW#%O#
y |\H
q>&C
fZ id
/?5
;$:#
L^\{/
~tmS3M
o!Cg
]_gA
{qf5~1s1noL@eYou:Y}>&%b)%
HR n|
ISerializable
RuntimeFieldHandle
8Odq
9=`%
KY%+
T{k.
2 Iq6[l
U^B<
8|KuzF
qB(}^
5 $0b
?O;d
$^J9
I7;?J U
|%ML
RXO%
i $iK
Z6V ;3
x]];
lREk
GuidAttribute
EVi
.wnx
Zx8Ww
z `:
wJ=,?0y#z-}O hu*/nSta<t8$
dq^=
}z_
C>q^
F}nF
SSXF
tD/_
J _?
"<'s3x
+Q V'
ARY8
UmRm
ContainerControl
^%i2
zz6'e
/ WP
+`:/
U!*"
ePb1
@<'umq
`kNOl
ReadByte
u0BZ
?U pY
}Jn
lpo"
!%1i
s-r
@B$$
wNO'
Sg-~5!
4G'(
3938BC81D6744E6132D35B8EE3FD83E74B1FD35B
"]<s
mI@5
(o[}
R2Z$^
m 3HT
xrD:3R(e<1M_ x9/XRHR{`9u!
W^Kx
AssemblyCopyrightAttribute
yTWN
_]0!A9m`ZUZ>a[Gg (U_&yBj!
2Go__
zH P
OHbc
=N}B
PD8NZ;
qXrL]B
4i?"Q|}f1
]C;H
}8Kj
Z%%G(`o^qE};}NmsX_mR-2&'#
t'w4vz
fL?.
K#7c
eH@!
0Cyn`cS)LIqB"5UH`MLG(5B("
*Shff/Q1/}V6-e/&^-*WW#nk$
_})]
B}2pm
RuntimeHelpers
3Ctc
4u"i/
f +D
MeX
1? 4
XMA1
] hl;WW#q"|+E8Bg|8022w c#
TxGk3
2s7T{
K,.q
,%KEFz
J.#l
6 l|.
_j<1
L|w
0&B!
WedI
^G3[<TY
Z$//
CeGX
3YJAb#cqV'Uik)uXi/8}E[{C"
[`hi
1:Vc
_0ey}
$WWQ
Read
QI|.
+ynUbB?Q
KM}A
X~s5b
1h$MR<
3``,.s:y
DTW$
u wZ
sG{'2G'H{|{]ojN:Qk:'VH9L"
J4*{
(r!<
6{:P
c4_YE m4kRF*8U#a?3H232M`&
UserControl
%+z*
:pjv
/?KA
gPW92f;O=D&H/szi` ]7/gq?!
{J9K
%U yV d
e? 6
jXhW
1",'
<q9y
`;!dZ
A/TWQ
iFjx
FHgm
uW9T#$
n0]I#
ht#Rl~
gAMA
d1O{
TsX
NNXe
pgNw&
2AjS\
6 B
3!kJ
AutoScaleMode
0.+Y
m8pu
MarshalByRefObject
b7 s
}b3<
=v\!ODj#b%/yY0Id})%Mm_j!$
m2QKADuQpsq\QRIwUE];Wp0b%
@[$
'gyM
.cctor
]]rj
$1BP
*)@f
#ReV
wW 1Z?}
mscorlib
CdZ`
e g8eH
%Q[~k
DpSfoD/
u$,m
m#{A
$OEfyii
CVSd
BMxY
&94,
4IaE
/KT3
3j$U
\ Yam^
FqLDLG9\\#Q<Mn%j# ,xU%)%$
#k@~
-smc
488585407832E1D607FF76BB604A5571EF8AA795
=, p
Guid
T78) )
b)F:
fFwF
9pQO
vBC
]mV}
xvNfmz
pJ-o$AnJyN4LJnx!&M8ok[+p
&;&t9_0:0N%_cO9B@\!w]gji#
c.:T
!a@L!/C{]ToU*'eq<O3df0B("
LAHS
Z*W9F
System.Reflection
;]mm)/
s]}x
/.me%[4
s4[[Z
r-MD
RuntimeTypeHandle
jMu{
pYnd
GR GR
-8+AZ;
(d`]
>DowL
<N>#
oA>S
BD139A7EE4561AC0E9DCF2CDA8239B5A37E444DF
Y~]b
FZPGH
"#&O<]
#(@1
zpeh
{3:^
w):#
"LRq
9Rtl
~n ^
|M9
CC5
Append
r(H
ys |
lc)T
#Ee;
System.ServiceProcess
p)Hb
s.-: s}
P/4`
)}zY
8x99
D~42p~
Ih_"Jd
Is^@z/
U/L/
rU9(1lmN0("@-/^$QG^E<U%`!
]9_;
AssemblyDescriptionAttribute
[VHP$my
]NK%
tatm5(;-?p^2{ZD9dAjGW<Jb"
Fpu4
8yqRB]-+JYLu[sOS|$!|1D"P"
_PIE
Eo6@5
;_U
.|4Q
[WYF
CHWsy
pq}{
JN5"ODVN!|<KM?s03M*C_uV['
+^hq
i"`S_
Vl_>h
!7 hg4
]ARE
9\rr
Y<^
GC*`)/L+F[0f^`syT&y9^oO=
X|0>
w& =
APc
j\ #J
F;}6o
b[UN:
EvTMI#+(U)Y%Do,x"%g)#AB&(
EsI1
u&@^
#DSd
GTSn
pkMD
IyW5
(E %/
gPpT8^Du?n9`JgrGQSp?T~,j#
{x2EP
_-YA{
Qg8z
.r\&
oScn
h6oH
System.Configuration.Install
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
93m5A
:/>\UC!5|)"9jAmL"2<g%Uw2'
[TW o
{%D1
tyn"
L X`
e0PWR#
)s/G
mU-B{g
mscoree.dll
!This program cannot be run in DOS mode. $
Xg9i
[]V%
G6V;o
#NIK
?6/Q
S$4Mol?1,a,#@I}u%|r>#!<u*
_]U?
y1Ah
`Q[T
Dispose
rGiH
"Wmk9
@TcH
i5Ve$
g K]Wv
Q{XoifAeY3;5>|)U_/CG)eJv
GC#>
@epabvYXv*4Ao1ppZ5t!)!]H"
FN(e/dBmCkZ'Un=NO6:%pz c#
j4Xt
5/C}AK]fK8ms6,s/4j<)@#f6"
TmQF
Wj;<:
G@8fXR8+3B@labPzUw`bO,Vi
k#kB<'aF6pK 6V?\_);Zp5Gu!
3IM4
ICloneable
b9/+L
].76Z[Tb2
saXY_
\OJU) c
T^h8}
rp[khZg
:1#oj
b4xB$@
;* f
zIDAThC
6b3VY
hl*~
!|t92d
M?-h
-!'k
KV.s
BSJB
b bR
PbHY2
>kzYk'b
;)g+
]J#>
"?O9RlG!y
.MwS1
RN{Z@
CuTineVoiFi.exe
IContainer
L5::;<
(*zdMW
K]X V
XR5=
JIoib
`RME
4Z.b@U
T Y'
(U4D
EG.D{$C(
> s&
cE(%
IntPtr
)U3T
T8J=8
c`"^
w@)"
F xZ
System.Linq
^d&GB
=uc>
|5H%
:)+}
2.4)?
}p7I]
Di s
WeXc G
Ed^G
br[Bw}@^59+F4CVP-K/&J;rt
\_0n#
4^MO
:m /
*^L.
r T}
$6f4
InvalidOperationException
t7hD
}L5M9
d4B|a
^tBV
$QC[
'<~{
Qch`.
cc;fy/
rd%9 [kz
sSQNr
L9#Vy
olR}
9Iq_f
UPgT
7{_
[xb6G
R;jW)
c"}
BlockCopy
BMe7$:
?HI2n{x`tb3w^Fxbv3Gi=>bI"
S-jSx^4C|$L^E*KAY,^aL-Ru(
*5_&&kN$)@iU>@tE-42IT>Gg!
c0qh
B|v\65
'=a|Y<*{A`|4]&[EUI*{Wv%R"
7:$4
)T T
qD-pk]&oc
`Au\
m1Vl Q
f:+s
G0`>0`,yg
n6^oIV%<RM?6Bq),fCqFJX7O#
k?:-
~l/ZK'W{XATE[[Lp4iF~N,$6#
FBfK3
>Y)fE
g$H'.t
|#6\8T
y $p
.VJ'
]*m1
BpzF
#@ #$
ZuX@
(;*m
!#7$3
}uef
3pvk@/
D9P`
S tSr
5.lm
:eY5
>A:zn
;(0W
j{ s
<4ko
rY)
pnn
{JdLKXBJc9}BfV1`|y\DMf Z!
JM,H
:vR8S
R-cj
RR L
%%G*3q,m+5MB"NE>Y P\i,WM"
|$%F
xEp28B=@Z,w%c+p_X8bJ2004-
_wu`K
rT|&
!dF-
Q!:1
_ h%}m
H9q%
MethodInfo
.-8y
Zf4k6
E' 5
?fwm
ijxW!
R~t
c9fo
CompilationRelaxationsAttribute
b;^/
L.M2w5
]:)$:
#s%}
2\E)
Sr.Nm
MemoryStream
P DZ
2=3Ry)m
Y{*
Um0
83w
ResolveEventArgs
System.Core
9'<v
[7@4
ozM:fCQG
i#S'
'm[N
#rd`
2% y
i.i~
hAgw
;\R2^
fmx/
dTvY
MMwNwL3
"JZX\7Pn"`"0kAY;TBB2p$Pt$
bO
g.XO
~vOP
rS?@
;3uJ
'[jXjFHbr2TAuVkng&B/P#Cp"
~aaV[?Nw
<RQO
510,X
-i:0
xp?2D
.y]`
2u`u
A }5!uR
%sV
};UvZ
|)",
!xA#1lK5`
YNpB
IEND
s*FY
J + QC
clH9
C{lz
q8}TX;
? 7a1u
Fp+~
"P`"
Y4{a=
0V9g
x:u(
% /e
x"wR
#Y9{Ey
T5pv
!!Zd
ji(u
AMXk
]e$=%_e
*IH5.
%Kqt/
gLF`4
hrFk+
Ebo2

Pb?3,
>{KjSWKk,
<ztH
JO v
4Gc
8e'^
{.3ZS
h:0fd
`@p=-*
Q;{^
mc=B
v@y.
g&}p;
Concat
qbn
QD#euk=BqHhU3G|*v`awuhM2%
~S3V,
7cfIcw]`<9{ungf*!Zc`!Na#
StringBuilder
'L&.
Bdl
3 ]#h<
N,1K[
^V [
P ;-
<.]/S
!->:
fzh
I7bj o'
?]DI&0g
MQ;-
~y"c
g>Y}
HR,'
Pd:c
GM$UKPfkt_D`v8gY9v0[D'xo*
yY.k
511=
,xS>
YEby
U`;g(
x9Tw#:
[U,gD
mya+6
8I{S
3a|Q
lH P*
Oo<M^
mob?
2g>!C
DFolc7{
oO*}
wkFYhM)=o>7{=wwK1vh`]3EV$
AssemblyFileVersionAttribute
< .B
Pv"S
\E|a
System.Text
40nu
we "_k9royU^/T#^>Vn~n5;9"
K`OGx
g#ym
.-rm7
#<Xj
n<feI(_q_)w6DX[$+[wI#Z5n#
KS2V5E]
ve"t}8zE9NgJzt$ge:XE9%K~"
5.1:=L
u);u
!-*{
4UW`
;*9;
dd$\
GetElementType
2_ {
\a'<
iZBE#q[%D[Dzi|#}5-oS@YX!%
8c=(h
,0I%
F"tm
l$ g
#z ~
L0 4
UWp{
A&.94!
NOq5
+\31|
h&%mZ
1Dd $u
,0'8$
$)^u
?Q(6
)OQqHS?}xBh7&UO"{ykb,MdE"
/ Zy+
re?e
&B ^
gP' e
y s.
7n*ig
5:Q#]K|r?U3(p38?%USD|oZ9!
';6g>
~^8?Zw
<wDJ
_!(a
QB4K
(#ipr
WJhmJFE
u2 3
Xam&?/Ks]#awGuN])@+$-BD\%
+ 6C
W xGu+8q'EG'@_Ilc,x%G&f*%
iWnRP
2ts!x. m
RUC
nkYt
i92y
String
E1MO
c tX
_CorExeMain
aNwsr
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
iil5
d}}N
IjTi,:pb?HC`j
;7z:
44lp
w)))
19wT
>cr:
I/p9
InitializeArray
%x:f
S2Le?-
btO5v
R=tQ
1toa
8@`b
d,OY
Bq;l
1K1X
W1Rbu>
ToArray
,K=@
&<Rob}O5@Pa-/R`H+9eizY,|
O.+/
IEnumerable`1
k 'B
/^Fl
[,B
un @
RG*7
vL,o
@(%
Eh$+
B-[.KLI"Uo
3Vs |%
\.r>
Jp J@!
R[e[
'1br
#l@i
<:f47
rIiS
!-%-
kGTS
0Q5 K
xF9.i
$(=]
Juj$.N
LL"l(c
H:UN
GoGh
8, N
SR/T
8A3{p
Load
VXlpd
K]1g
:)cUBp'
L"U)
>JieT
get_FullName
g8
oK^"
5=IX>B
&&fA
45];
U;Oyu<
"nD
<5\t*+
RGI (
P2:U
b/Dv,
ra R
%uSN
Hm22
.}W`
".rC
vcm0
qB9Z
Mm%t
+2[
2wo"X
6k 7T
7?8MxJ&H3T $J%hFH!44"e-_(
G(EEu9
.p hL
%.K@
VOE{ =pwEoDOb<X@P*2$KF!f$
5xq+
xaBj
P3I"
#
Ry T
#=L=TN
wtS~&O}G9>|6s3;yEhdwhk11
D"'BUafq8&_DyER4JQ*&i)~&'
cDF:
i]cu
xkFm
}*oBq
Z3&<
&to(SV"
+5IiT
DkVWM6
y_/
uvC0&qKUz@!^SU2q#D'eLr#g#
$QKF|
N: t
rsZ=8
QAA&
_Ek<S
;1%A
Object
AsIa1C`sSr*/EjN?Vy34\#tW'
bP?'k@
-I}Bi
OObs
\gaM[;QX
'LA1U
[(*yH{\
ComVisibleAttribute
K(_L
>]YL
]k0X
h)P~
AwF2'
^/i~
l(FihJ]aAe)a\r_DqNGBtwHM
y`{ F#
~s<0a
:Gi,
b)^Qp
,yvi
"cb,
=*#+
2q\F
It~"
H$@d
'@4Q`@j
Q* Q
LknL
0) g_
t_#8~
?gE
AssemblyConfigurationAttribute
MjC=
;gM~
Q#Yd
}/:N
!9F>
S;m&
WKhnY
Vy=s"[
9chPG g^8WrQ]%MF5aYK_{:Z#
1.0.0.0
Q1JS
@x3`(@
+ #
4+<p
eu]4q+}[8]}2=Cu$5u>kqkN]#
LpOY
cHw3b
uT\Qd
Cz4
Ndk]
|-wo
#9+/_
>S$8
Stream
c *G
t:#pZ*Gl[]={x~DrvL;FO`pV"
?Ih 2
sRGB
gY['
N!c:
#r l
09Zc
Z3HC9
v,yQ
!37Zb
CreateInstanceAndUnwrap
e1ZKU1#O)ea)5,{o\Z,$"|#!$
hZ J
sU;*"J
LhY.
MgL>
eMJL}
>lEI>
%-tb
% Ua`
Fiu;
5zZ'
:L1e(
"t ;
@>Yh
MGhXx'
UC^4
JM.a8
i+/Oh
,0tk F>3P97mf *T?K629 8M*
b/*49F
YHSvH
oc^^
l'),
GF:&
2,z3%!"06[-!
:cm,
b=Rw
VjXUc
=fl0"[nPf
6c 4
>RRo7
%a4u
set_ServiceName
;;j#'0z>"WRW}]Lf{hzg;VbL!
ipH-Hw
q7M;
1d?SL
[ffR
mvNq
rdXr
|vW
`Yr<
Fu +
3Qzm:
]8mK=
;.~3u
8KY+
8Agc
:s>rriN+#DYhA5uE=<ek^ ]8&
m<~/
VoZl<
_^%
xX$BSs
0.Mr
Tw9B
5Os[
wADd
dUA13
Nf<
Sr{Uq8
b[T2
aI1K
^W(-#
,F B
G.*AE
KtYG
Ax!A
y:5L!
J K\
pvzTg
Ke1>
FbRz
,$\Ut
{ec
_"h?
&?a
=O`A
,1/(M
GetHINSTANCE
U hq
c7/|
Buffer
+Pel
2eZUa
GP
Ckw
T(\Z"
Zj9O
Bpdl
w&4Z@
A5L
+_:a
K)*Z
:6n!u
]|k0
<MKWm
Ijwx
&l~t4
fR#>s
I0#z
g p
S_ n
6HH
82y<
p^T'0
'c!H
]fK'
@&EJ{
rdV1
J3O+
~5l}
w,>&q|b7EBzc@4XK=rlEu307
nzX
nZ5H
`.rsrc
%PaD7
#pu#\>&
Iu^5
m6'D
P3st
y''%[n?
A%V D
[Z<y
eglu
ETB5
/U]O
jURuyyz
X.g@
~%a
y '/
Copyright
GlKN#@$m<aiKU!7lA@oA8C$\"
ArgumentNullException
?gf^
c 3.
M[e/
c*nsX
gq7-`KAW7t,63Sn_xq$nok+F!
]hu
Ym,n
|hhC
YY
v2.0.50727
_4Pqj
'` Z
VphMZ*l,]5mE\O^d(8Xg' >*+
Oe 6
a4DI
PwP&q
jgw5V
P ;*
Y%t-
}.<q5b{
bf?$
#.%(m
FiaVX
gG=
]G:8
dLrkI
dg;`
gfU.
aQN)
4VML
UiYS:
&`iS
D#[F
Exception
B(O%&
Qx6
gRT.
Bry-d/V
k}r`;x%
&Ifo:X
.{r~J
_ND)
SF!c<
j@{U
[*~z{
jE}2/$
AF*C
,zW M
~mHD
kernel32.dll
a~>.(
D, un0E
3mk9]/n
"9Bo
Cm;8S Xb6!x3?vS294KVZ8&r&
Vh
s5AWw
>9B]t>5x8ix'4PFa#ZdhV@iD#
p}xz
5zK6R
tDuu
Gtpu
,w1u
ii (0
Bze9
,Vz0
:61=
3"GEZ$!?tEItnd{2z-vdEb;Z#
Bk: /b
M: V4|
61$wE
EBFKg9
n35}
S YV
Ij x
"U}O
2c:l
5}}Lg
<5')t@
{$>8
Z 21
7jQ0J
8WoYUW]
Lld<
eo 7
NWPg
System.Runtime.Serialization
SQ73
I^Ew=t
Y'rE
=V,;`
r[ <k
= MV5
ce (
$ 8-
QP=
M]%K4P>%rz%0)sq)3,'&Td,t'
1i(h
1.n5
Fi+q
Somt
p ddv
+(Xv^
%i.y
+fW)
tZz.K
System.Runtime.InteropServices
z^&0
?_X[
&k5:
+^>o
Math
d.pF
\n+;
0b.H
"7Vz}8}nZBZkg)'#q\=+GD+K$
Lr(`1v
64 ld
efYc
OjE?
System.Runtime.CompilerServices
mrWPJ
]ggD7
h%K2
SuppressIldasmAttribute
mUXn
]"q%/~<)heVT:s<l,DX5C@{8"
ox>t?vO4UK
oYzsZ
Qj98
ogVL
E;^1
oo 3
r>o6
p+*o
McvV
= QC|
Yp${
2yF'
Nb|C
.(O
#`p!`
gh+ZT$FZ$2Qt):g:=Eo]9#;Q)
xk=D
d '
)+JN
tj_+_;|%< +cL:bTGEfDRqFl&
C[^f;EAZ&hM
9J44
RRkg
!!!
F[8(
vI)
+i-w
rh;
2;Y
=op~
.YX=
u~O *6q
IDisposable
,spZ
Jy
{VIX
HZ2\
[j+R~
V)o|
sR2
dGI$
Ix>;
^iLtX<|
r]]R2
O^J5DN)w3y~/yp?_)kVGaa4q
wkZ/r
,Ue
7}H7
{8@M
zI]z#:t'4#uEUo5&22T"@;@e#
]SG3
;bu7
sv==75Os'`3,({W)fnuiK'8n"
NoT.f
"K&F
AssemblyProductAttribute
)P8di
rO${
}fL
H e"
b {1p5
Kz^P
<Module>
* :Y
OAHd
{>Z^
&D%*WfDLhp
ra*e
?w{8
{@;]$
)-P
|?W>
< [1$
eN?
_`;Z
d~I'
wzy7
-^'h
x?.
nG
m39]
{-Vz
n #n
WP[W
Atm
t<!:
cFy9U
(~C0
yI9hvA9|)z=J%ouo,IKNX$'p#
ef*y6
B3lMA
<\9 w
k`ny
aZ
N$ )
=\c )
H0<BJ
HjXI
MLn&
U2 p
*4l
EKQ`
#0AnRozW2d;$3\H~=_];5#uR
`["K
xfFI[
#GUID
+(s`,
'vs)
]8CL&z:9h\-?}5iE(p>UUW^`!
*?j8
|p<Z
2Z}NsUv
/&OK
' ro
PF49
w]F{
# id
u/I6
nGlcy
Kuta
yk1U
j8)w
c!NE
ZIit
pV|E
E{'~?
uBo 4
;|^4
}[-Z
!"#e
B(1*ae"/Cj3c?'C0aQuY>ml"%
(2!Ee
PyT(
7:W}T4Dk
{KC|
B`Yr
>sfI/h
5)[\5
s%i
@a4w!3%
A2~E*
Encoding
n[a[
x ~o:
M9y+04xTcQ1/4<H^'0X_oE2i'
}JVmY
k?o\7
e#2 ]
2h|fO
,+%,
get_Module
&P8
x9H}yT|!IS1*+,]Xl@" D8~K*
I:NF
+t-x
KL)!
3Mprw
u!`8
.% h
b5'(
f$@@fGk'D$5*d=Q^Ic)#`+S;'
V9HNN'
ujds
, \-
&*AR
@VvV
< qH\
?{+2
L[7?
Bw{fPiD
7A)c
WTHKSX
6wtO
EB42E840309FB0207D5F8C9D2ABC7D8531629330
|A;F
?[-7|1WQum19;~nn+o6tp#^B'
nX+b
System.ComponentModel
wi*@(
w>W&,
rE g
Xj*]
:( rv
7(;8+fB+Xe*<x%"R4\,EejD]%
&kjs<
-L}rz
[ 6mv
Oy HU
1z8W
1Fj[
C`o@
wLD~n
KE=Q
@cpH
/TP?TNYmfB$fR!Z+yHKpH8[t
nh)6I
,-6??
+SNZ
F3uQz8j:aTUEL\RT?6?VM*V#+
iNvIi
(i^j`QgU=qp)Ac7'2I;:eC`h!
F`~~
q ;$&
o-7
nTBX%4
|lX8
H;=SGL
System.Collections.Generic
[Ob+Q
)u_c4g
J(8i
N4g"k
>^j1
=Bk3Ib
zB#Z
|IDAThC
Z8^c
System.Windows.Forms
Sb3T
v@:j
!TVy^
!L Y
M_h3^
9! x= &
x9p
B;2r
6<u~M,?&tEP%Gg%CN>/iJpUu%
WriteLine
azR=?H
System.Drawing.Bitmap
r:R:zCBt%svZ^#:ukJlhXNW4!
L*kf
hF:5?
v`s=
1S~Y
C!/i
8c#4(
2app|
disposing
VmcMT6C%>Xmy(WT!FxsTi4>n!
C=gleJ5v1}_OzI!0N`#|W$vs+
kS7y/$}|=v
^A2?
1O76
Q:>4
ux$T
}Zfl`=Mf#:eZn0V_G/h]?H_F#
,.O=
387d01c2-451a-9f.Resources.resources
>S T^
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2018-02-11 20:53:38 2018-02-11 20:56:29 171

9 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2018-02-11 20:53:38 2018-02-11 20:56:29 171

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\Brochure.scr.config
C:\Users\Seven01\AppData\Local\Temp\Brochure.scr
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\Brochure.scr.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\Brochure.config
C:\Users\Seven01\AppData\Local\Temp\Brochure.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f02737c83305687a68c088927a6c5a98\System.Configuration.Install.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Users\Seven01\AppData\Local\Temp\b234783d-544a-43d0-8ee8-3cf35fa77940.dll
C:\Users\Seven01\AppData\Local\Temp\b234783d-544a-43d0-8ee8-3cf35fa77940\b234783d-544a-43d0-8ee8-3cf35fa77940.dll
C:\Users\Seven01\AppData\Local\Temp\b234783d-544a-43d0-8ee8-3cf35fa77940.exe
C:\Users\Seven01\AppData\Local\Temp\b234783d-544a-43d0-8ee8-3cf35fa77940\b234783d-544a-43d0-8ee8-3cf35fa77940.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll
C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Users\Seven01\AppData\Local\Temp\Brochure.scr:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\CuTineVoiFi.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\CuTineVoiFi.resources\CuTineVoiFi.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\CuTineVoiFi.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\CuTineVoiFi.resources\CuTineVoiFi.resources.exe
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\CuTineVoiFi.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\CuTineVoiFi.resources\CuTineVoiFi.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\CuTineVoiFi.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\CuTineVoiFi.resources\CuTineVoiFi.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\Pictures\myfolders.exe
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2344.10854843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2344.10854843
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2344.10854875
C:\Users\Seven01\Pictures\myfolders.exe.config
C:\Users\Seven01\Pictures\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\Pictures\myfolders.exe.Local\
C:\Users\Seven01\Pictures
C:\Users\Seven01\Pictures\myfolders.config
C:\Users\Seven01\Pictures\myfolders.INI
C:\Users\Seven01\Pictures\fd3e1dfe-00df-4eb9-b213-cf13237697ff.dll
C:\Users\Seven01\Pictures\fd3e1dfe-00df-4eb9-b213-cf13237697ff\fd3e1dfe-00df-4eb9-b213-cf13237697ff.dll
C:\Users\Seven01\Pictures\fd3e1dfe-00df-4eb9-b213-cf13237697ff.exe
C:\Users\Seven01\Pictures\fd3e1dfe-00df-4eb9-b213-cf13237697ff\fd3e1dfe-00df-4eb9-b213-cf13237697ff.exe
C:\Users\Seven01\Pictures\myfolders.exe:Zone.Identifier
C:\Users\Seven01\Pictures\it-IT\CuTineVoiFi.resources.dll
C:\Users\Seven01\Pictures\it-IT\CuTineVoiFi.resources\CuTineVoiFi.resources.dll
C:\Users\Seven01\Pictures\it-IT\CuTineVoiFi.resources.exe
C:\Users\Seven01\Pictures\it-IT\CuTineVoiFi.resources\CuTineVoiFi.resources.exe
C:\Users\Seven01\Pictures\it\CuTineVoiFi.resources.dll
C:\Users\Seven01\Pictures\it\CuTineVoiFi.resources\CuTineVoiFi.resources.dll
C:\Users\Seven01\Pictures\it\CuTineVoiFi.resources.exe
C:\Users\Seven01\Pictures\it\CuTineVoiFi.resources\CuTineVoiFi.resources.exe
C:\Users\Seven01\Pictures\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\Pictures\it-IT\mscorlib.resources.dll
C:\Users\Seven01\Pictures\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\Pictures\it-IT\mscorlib.resources.exe
C:\Users\Seven01\Pictures\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2592.10859015
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2592.10859015
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2592.10859031

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\Brochure.scr.config
C:\Users\Seven01\AppData\Local\Temp\Brochure.scr
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f02737c83305687a68c088927a6c5a98\System.Configuration.Install.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\Pictures\myfolders.exe.config
C:\Users\Seven01\Pictures\myfolders.exe
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\Pictures\myfolders.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\Brochure.scr:Zone.Identifier
C:\Users\Seven01\Pictures\myfolders.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2344.10854843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2344.10854843
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2344.10854875
C:\Users\Seven01\Pictures\myfolders.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2592.10859015
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2592.10859015
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2592.10859031

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Brochure.scr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3921db76\5a816334
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.ServiceProcess__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.ServiceProcess,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4e09b20c\39ddf3e3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Brochure.scr
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Brochure.scr
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Brochure.scr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4e09b20c\47563096
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Application
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\Brochure.scr
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\81585F4
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\myfolders.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|Pictures|myfolders.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|Pictures|myfolders.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|Pictures|myfolders.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_CURRENT_USER\Software\Classes\AppID\myfolders.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\48F9A1DF

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f0603e4\73843e06\66\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.ServiceProcess,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Application
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\81585F4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\48F9A1DF

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Application

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.VirtualProtect
kernel32.dll.GlobalMemoryStatusEx
ole32.dll.CoCreateGuid
kernel32.dll.GetUserDefaultUILanguage
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.GetStdHandle
kernel32.dll.CloseHandle
kernel32.dll.DeleteFileW
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
advapi32.dll.RegSetValueExW
ole32.dll.CoWaitForMultipleHandles
kernel32.dll.DeleteAtom
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection

Execute Commands

C:\Users\Seven01\Pictures\myfolders.exe 
"C:\Users\Seven01\Pictures\myfolders.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-02-11 20:54:20

Detected family: #Malicious

TheSystem Itself @ 2018-02-11 21:00:03