MalScore
100/100
MalFamily
Malicious

Procducts.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 41/68 Related 2582
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 212.50 KB (217600 bytes)
Compile time: 2017-05-14 00:43:54
MD5: 85c3bcdf4e0f409a875d4e75a746d61e
SHA1: 662bf383a0f9bafa8ddad2dad7bcfd6ea6265dcb
SHA256: ef3bffb94918de0a43f66524cc43723979640dea5737ca26d60edfe510aec07b
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-02-26 13:57:03
Last submission: 2018-02-26 13:57:03
Filename detected: - Procducts.exe (1)
URL file hosting
hXXp://mlhuillier1.cf/Procducts.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-02-22 06:43:49 [41/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x34534 214528 2147537d5969c4dabff551437e98e16b c174ac997bc6205b6922b985d877504401c588ca
.rsrc 0x38000 0x624 2048 654fe2dbbf6675955281e44dcff757e7 3dc1ab57f83ebca1ea00cf96914a085cb4b57be8
.reloc 0x3a000 0xc 512 88c168d4124fe638162f50c259dc6f78 445970219888200018fd4ca7f962213bef422e13
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x380a0 920 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x38438 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 The MONY Group Inc.
Assembly Version: 0.0.0.0
InternalName: Procducts.exe
FileVersion: 1.0.0.0
CompanyName: The MONY Group Inc.
Comments: ahetixasagimet
ProductName: Tina-quant\xae HbA1c Gen. 3
ProductVersion: 1.0.0.0
FileDescription: Tina-quant\xae HbA1c Gen. 3
Translation: 0x0000 0x04b0
OriginalFilename: Procducts.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Assembly Version
973e5e88-eae7-bb
dxy
VarFileInfo
Procducts.exe
Comments
HbA1c Gen. 3
ahetixasagimet
FileVersion
Tina-quant
0.0.0.0
1.0.0.0
832c57aa-636d-2c19
832c57aa-636d-2c18
StringFileInfo
832c57aa-636d-2c13
832c57aa-636d-2c12
832c57aa-636d-2c11
832c57aa-636d-2c10
832c57aa-636d-2c17
832c57aa-636d-2c16
832c57aa-636d-2c15
832c57aa-636d-2c14
LegalCopyright
#A^s
Copyright
VS_VERSION_INFO
InternalName
000004b0
CompanyName
ProductVersion
FileDescription
2018 The MONY Group Inc.
The MONY Group Inc.
Translation
OriginalFilename
832c57aa-636d-2c3
832c57aa-636d-2c2
832c57aa-636d-2c1
832c57aa-636d-2c0
832c57aa-636d-2c7
832c57aa-636d-2c6
832c57aa-636d-2c5
832c57aa-636d-2c4
832c57aa-636d-2c9
832c57aa-636d-2c8
ProductName
832c57aa-636d-2c22
832c57aa-636d-2c23
832c57aa-636d-2c20
832c57aa-636d-2c21
832c57aa-636d-2c26
832c57aa-636d-2c27
832c57aa-636d-2c24
832c57aa-636d-2c25
832c57aa-636d-2c28
832c57aa-636d-2c29
RIJg
Tg7x
c,~LW
r(A=
3 S~
L'7-
TH@w <
7g? N(
]afh
PNG
( ?$
&$ z
?Bsg;{
5,X(o
$.^w
VOp}
( a?
HI (
m_0h g
M[} Z\
z>a<
'O x
fJN$
r!sP
Wb0
1eZ1
)S\I
W_x,K
7+-{
F6mhi
E$L
leT L
6&Pc
p!cm
$3^b3
r>_
/YFy}
4p(mZ+0p
[jg&/
rwUa
d1]|<f5
MarshalByRefObject
%+ `ua^
kZC<
H<a`km
Ffc+
nwN{
rbW0
Nc= L
S%"G
E%?qq
K1?L
QM6H
k{d0
:8<th
12Q`
_Qa#/
H~_s
b $%
%5/+aX
r1Tn
System
SSPn
&.7
Int32
TH>+
(>[rr
L y 4
AA116D4CEEC324F997842E90883AC815F1858929
*{{
4C328BECF729897AC2F385EEC7A4AC09D7AF383F
]pOg}
F&ZA
ControlStyles
<n'e
%~Jp
[N
0R|x
S,z
xNif
ZSSw@
[ %{J
bHr46
nKvZ
/b#e
S&f2
+GI/OmAE
1@A%
\=oCs
OverRect
1FP~M
T'jf
/#um
m;FK
%ma+
dVVz\
HFw5r
"Cm`
dx+b
:3 b
mscorlib
bxz
j)e`k
j~5F
JHB+:?
y\YD
1.K.
=oPvcz
uT4$
js:`b
]D}@
E`Fi
1&vyN
DWGI
ir~z
ZS5
K[Kt
=1n&
dN$m
WWeM
yiAR!
TB 4
OnMouseMove
ZY0
D `&*
set_Alignment
AssemblyCompanyAttribute
w;gI;
{xJ2
Ta0p
N*0{N
`"<:
"~GW&G)F
],!/
/{ _
Y.3
}L"c
c /[
*/SsOsQ
%*E<
5GuA
1$f9
]c 4<
XSx$
:#m&
_L'D
?yI.Zl
3Kz"
ResolveEventHandler
~AK`
AppDomain
s9V
|D8_
1>H
+o$_AW9
OnPaint
o1AE
1S8s
tJ25
SYZbE
CA/D
rpd3~o
o @Bi
{As\
SetBoundsCore
e/V2
f!{{
<sLWMq
q"Y"L
^SH9
b{e
,pp]15^
l5*!P
/KC }
f=V)E.
UTEZ
MB$3
_I ;
=7Y#
AssemblyTrademarkAttribute
$TU+t
/fg_
Me+)
<yxr
lM=B
y/O^q
e:ui
[0>k
o 1_I
UZI
"v2=
s my
1YMy
!p2
bRq
9-Y i
G~vw&
Ar]8
V'`evP
MF*fo
btT<
L~u*
Control
dyV\
AX_@Y
o#6V
_DL(<N
RB [
~>86
[KkD
2-Cb
\)KA
O5`
LQiZ9K
azR\5h
? 6f"|
yvFF`~
-2apn;e"
m2B}3
uIDAThC
$-)w
Q1#Z
OIsO
vM,p
~MyI
Type
AMvN
[D4`
>)YD
RuntimeTypeHandle
,K?t
0y:!
uqvb.
LHB46
cx'GD
/~cb
*-}0E
:Z).
:9rsN
G4H>@
!_X:
gq j
R8m%AI
nav\
<'dR
a Y9
; .K|5
Y8#P*<
K w"
"Z*ZK
.@H
21NM
%krh
' 6
hT~AD
(zWk
yG[l
W `
95_i
6l+~V
2%eW
M!:)
:z <4:
D.n3
Char
Q>YO
t~L}0
+R;i
WZ?xX
4PVm>
p4n'j
%Raz
String
+* #k6|
2]vT
dn#wIR
[ tG
qq:[xc
]%"D
)5^6
")R22{
7"Hw
#il
y0>e
o%kO
XyWf
TN?
V>[=
{+2H
,cb8
8E#T
Hc =
L,zh
p[H}
Cr&L
XW ;
6Y!
.Vq3
oDjOJ
;*-.
O$~N
6}P1f
L26J
?bml9}{?
TUz C
GHCL
-D1
PW/6
=VHn
vy+/
3_W95A
pU.hv
BaseRect
1FyU
n1aVl
im >
.text
GrZi
ZY0
79qN
ycpW
PV$)
CB M
$Fe'
YZk6$)
#$P[
&y XK
|>0p
X6&>ow
*/[Oe
zg3t
_f +<#5.
fbbb
F v=
ow2IN_
,3M/
Y$d(
Qzo(8
xZ|A
I82s
%yib
4mCWY
>l)/
GEou
r-/b
_i.d
V'lu
AoSz
t#GA
#k e.l
c (].
9u0_s
/0F ]
"'mM
#%l|
?Ke0
\yh),d
#Tl}
LRW?
k/tU
i #(
j<&]
;Zg1
JpvE
/0F }
A A2
q]1:G
YG"/
get_TextBounds
#rb z
^wxFw
!'g@
~w31
>!Dri
4gWt
`f(
6@,E
u&NN
uatI
-/ 7
`.rsrc
'hvT
]9
zY@ E
;yBv
qo>1
R5A?OhP
ZC?D
z1iyc
(=7P/
!-Rb
m$*1}
<'gJ
,F+m
>|8,
8d^Im
_I|`{
<zYB
JC?
<K"8
FR:%F
gQ(m
M]:S
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
<?av
XpJM
DAvE
5qg5
'nH8
Hwww+2
!3?R
S?V4j<
hebe
l^Kt
^.,T
RaY4^
k\(z
4*MO
mmW5
/IYw
Xt7P
{M7s9
lwDK
&(l~
B6!u
4If,
,{5z
}$%x
N9QU
> Qk
GERe;
'?XP
Gm4Od^
m\t#
%\ae
$[E.e
;&;vv
7>8r
height
|qpi
^+79
get_TextFormatFlags
MouseEventArgs
^bQs
*uP z
Upg5"
Z0VH^@
matemdeea
W|(?
{0]j
!qNs
(w%`
xzCZ
5Fd
&*8"
tME1MwA
Vo[]
7&;X!
M"SZz
OHx8
YqC_
!Ryg
_X$Z
Cz'[
o&OB
+<+
WnY>
7c"-"J
xl`
^z#f1
V%MzU
-t)k
I Aj
ZgM"
RA&
@`z =6)@
uxvc0'(
\a s
33 I]l
fN!/
YnP cq
0X $
w`VQ
$:~
get_Assembly
ob4Y<P
*TK`f<
|_q8
95Al]
%m ^X
s46!
?mC%
OnCreateControl
=1i
4LXHP
$#sS
S,Rb
-yCg
h)Zv
@R S/
Hovering
6gY%
R23l
Invoke
bjo<
KUI%v4
gr*g
^a0a
B.Ue
b"~r8
cK c
>dmM
WrapNonExceptionThrows
hixJ
4}u_:
Mo!Z
}01^
m p
%X{f
NL{<%
__r%
!)Rc
Console
Ta(w
d>Q~
get_FontHeight
6}B>*X
wM8K<
d+/w
?v{J!^
]. U9
}Vc
}Vc!
3ax79
3mu$FBRH*)?.mK
#+&I
zYCY
pz%d
bwlk
nB(I v
Pfp%
ztA9@
r8>e
4yED
_=yp
`^S7S)c
Ax}k
bPK
1OK\
&H7H
&*8_
O(s
matemdeea.exe
IHDR
6EFAC0EE8C248566D5441213E5936E72128EE1FF
ufc
e]F,
k _^
iOq7N
#5n
leh
&*8p
&zFzM
kYx":
;b r
ljyi
T7P$
gh\\
1Vu(`,t:
Y"\3@Xp
&*8j
'k:
&-wz
k~NQy$
)y0b
Kcf* =
xx1pj
?&C?
\FhqJ
#$.QUTz
8ec T
R|GZ
N''%2
'zYB
O8Z4
AAQ!
!bn)
7tH[
>ikB
BZlATz
[.l1/:o>
O0h
m v7
%vV$
u3 46
Z? e
h^vVv
X"~@
jWn>
X"~B
PSIc
(^CQO
{\;z
y}2c
wwVQ
]Vc)
(VH[
0Q8
w;mD#P
R<:
sx6`
MethodBase
#Strings
[+zX
0-x
Gb+J
\WwX
Vv'Dip+q O
@<w!<O`
eQIi
*4v
bm/V
SeparatorPaintEventArgs
Z+ws
v<AUu
&45p
TA(X
VY8t
y&*/
n&N%y
Z`yp
]pS&
q@1/TD
MWNL
&i]v
6r n
textBounds
;>Da
Bi,E
hf] \b!'Vt
CQ5_
aL-O|9
|yQ
Zd7q
^bl
rzP&;
width
\?19L
LHB44
(: &Q
rJ ]|
WGFC HE '&W
&FnY
Z\tjNS
;0O*
9o6f
!-Sb
SXnqS!FLR
L+Iy
_DD6A
,'~(
#' @
add_AssemblyResolve
3q>Q
IDAThC
9Uq0
M8Zcc
f0xx
9E@42
7_ikt
P^)!
{n:|
wp@6
set_OverIndex
Mt+$
+@ E
w;|6Qkl
!'89
XjU?
<Xv!J
.(Uv
3MI7u-@}
Wqo:>Oi
%1$6
TabControl
bRxpj
G.zX
~{(E
{V:j
.Y6G<
+c<C
Ck'
L$Rb
xQ[NM
}p'E
|^\xR^
;|*}
(QCCICQ5
t]U&
vN7%F
,t?j
Color
(kV
1KK1
rIbW
uWjg
NoN~
JTe^
lyxk
m8Rin
CEon
1"u8
ooQ.
"'a2
AEHY
Og)4
;>30#
^z X
n0AW
6SCk
O>$krv
}J)}
?5~s1OL8
I9b$
CD94|
ZW>.
Cdsfssrd
W<=ZD
Dta&
5Y/M
K'vf
olRXZ&]
bJY^
3JGo
S Mf
HV u
"{J
2v/De
S0j3t'
:X[0
hU\7
t2#D
"'aF
_vr:
H\C@
e(;e
%$?s
item
L\4&
=T5+
1x%U
g\Zg
set_BackColor
NP@M
E ]0
!GdwM
CudR$
TIn^
P0`zA
@Cpc
^@?C
5" 2
Fkzn
rKmu
%0k#
tI%*
-S*E
UWG74]
U=7H'
!D F
a%c5h/em
System.Core
}Pc@
D[sH@
dpD6
6^e)\;
,\ f
oV[mR
Kz&p
1+J'_
_) fp
O~w1
e6o5*
GCASm
vMf"
&k?Z?
xKG%
K+xw6+9L
`F2
m25dx
+yw/
M6e>4>
Q0eT
LHD?
-|okt}h
NTLs#
S/Zb{
NB@5u
oTN[o
1Jus
Q)F y
+6Ap
bDRK
ULXSa
atwJ
/_` }
VRbYZ_
nZtV
0ssO
oIDAThC
qQ-26#
}TR"T`3v
&=Z
*>fz!B
Vz/A8{
~O[s
j9e wE
2ZJ&;
} 40
7.:+
/;b;
IDeviceContext
\;$6
|rd*
KGdV
Y.jIpC
GK@^
^C&X
Z.B=
E'&y
}`F%
0vn,
2ex
],*Gk
kpr
XR]R
E8T'
uMRBw
]* '
Rn\C
: EC}L:
j9z6
o'$
]( 4<
T:ef
%TS*
i|hz
Contains
#x_L
>GH4
%RfO~
TO)F
B1u`
6NF>
}XC.
X?v`
4{T&U
{Dm"
X|~D
ValueType
<I!@D
<0eS
+]La
GuidAttribute
\BB$
CfAV
0l&E
qRSL
Iqvws
7y$k
C1}
17#e11Q
EyNM
w8fv%
ed2Fh
9AH
{T |
Pb1
get_Count
,buN
get_ClientRectangle
Qa3p
wr?
[sx#G
ipP;
w is
ButtonBase
vVczDF
sc%:`
f |2
SHN%
=My6
{&X)
Znj%
\RET
a W5
J0^Jf
}2#D
T }
IEquatable`1
6efs*3
U 7,2
.!f#
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD[B-
;o*N
2v-}
#1B=
2; ~
jh 8
_@3I
}Tc1
tszL
\| 0#.
f'^K
]f r<
j `T
b=,m{g
$f en
#!5#
Gu d@
x)Ne
\2)4
pIDAThC
HB>Y
h\[s
ToString
]A|Eb
q~2K
f8G,
LLJO
jbC5h~m
Enumerable
f20~
'B+E
}d!1C
(jyR
*Lgk
t>'F
l> C|
yvQx37^
#H.>zd0
1A n
@4L.
NHB46
SLweO
[[>D
|?6=xW
0}-X
GetTabRect
ezc}
Pdv!x
1.K1
|Xquy
1.K6
q:i5
BC`
AssemblyTitleAttribute
!+zo
nOPK
.)7k
Pt/{
y"B9D S`
;h3r
)]Vme
.>_=q
EVOa
7}z,A
:.H0
S/Yc
-Rb
P.Ce
UA1p
e,D#7u
:u
[ Y2
~37;hq
sj$z
~{e}
QMe+)
>rJ"
fmr[
[& }Y
T3x-
mf*+
Y 8G
Vq$\
S
:}ya
>Q)Z
g'X)
u4!
jL (0`
"E\)
11@SM=
get_CurrentDomain
Data
x#{7
Z: I
$\Ol
*4fn
5 Us
MintSeparator
LHC46
in_#V
}3cR
s {{
w,sR
z\a1
get_EntryPoint
;$98pJ
NK;]
BoundsSpecified
69 9
8@
7M#>
ZA~n-
l!b j
pHYs
.ctor
1<\E
ql^BG9r%
02}`
;6_,
Cx hz
get_SelectedIndex
xc 3j
/ -z
n<L~
get_Message
x9&|H
K:cT
^*l D%
{=DJhgb
3UbX
+M E
Msf'l
Xrq
Ad+p
0\]x
/a1C
aF ,
3' R:
5USec
}C!C
/+L<
get_Text
YH'?
}VP
21z5
sEmh
9(A~[
Yb{q
7 N%8
BY!vy
9 >"
vNG3
):UBI|
3,r#
_YF?*
{SeA
DEuC
zc@~
II.X
-06!W
get_ShowKeyboardCues
IkTsY
b}mSYd
D|.0g
1b|L-
PaintEventArgs
Q87t
u?77
0OdF
IGpQ
Array
02W3?d
QWX$
VBf:[
<,/v
$n|b
Gf)Gg
&$W1
">%H
%OEDH
@.reloc
-U~S
a7\t
u;= J=
DKu+SI
s':{
{@NL
<m86KW*
h=F{
^Vl6*
P%CD
8g<X
A-M#
TabSizeMode
`"B$
Byte
Jx\V
\\zh
$%Fl
xz\{
0i>9
=x!%
,NCT
WL>
4w|f
W20t
yN)
x&W}E
7 kb
+Pm>
u+n6D
}=;O
V uSQ'
h*jb
+Qbx<
qLmc
v (A
gVc'
)Yr=x
set_Font
d}-\
V}'7*
~vQgYS
1tUxro
rpJZ
aCHo
), 2
]A Q<
)^IVI
=6{/5
1 c
T\Kb
}g`if
m+V[
get_Location
hu7>
label
r?nK
Y 8r
}U5l
=ggy
VIhaR
}2)|
jqz~
Fin2d7h
{'C.E
@::3
Bs#=
3V!4
~%
]POn=
>?ec+D7
V6r9}I
Ho2`L
V $^
"'g@
#>PQ
B[|%
get_FullName
[/0F }
MF*fQ`
1SK_
n*|y(
aJDJ
Me+(
Ug%E
>6HL1
)HvHWFg
(*f9
o>4.
R}*5
2D#*
2*df
-n;)+
get_Width
8. U
1cG\
~9X)
LvzP:
Assembly
S9lm
' 2Mw
|0-=+
d/2
]SZj
<' {r
zP>*Ta:
LIR>
lf+yW
#_o)
*^44
Graphics
RceNc6
G |=
2U Y
?zQW
;J"\
feD
hp}m3
lnB[
H[6W
z0d_R[pe
}<aE <
[stG
HYyOJK
J}<
<cW51
AMe+)
Size
K`qR
1\aPX
80bGl
fo2}
]& 3<
z_~O
CJ*]I
C+c
o\,
CUJ_SrJ<m
$mj"
"LGq
|Nh:x
*XTR
O 'l
:^n&R?
h 3
!H8@
3KPE
WCk8^
!-VJ
.]aT
vn|
zYN\}
cC k
"&6-
=-Wm
05ynJ sR
%2 ut
\oIQ4
`'gJ
e^E-W
"fJ;
|5;M
/1F }
SF~e
% HA
a0?~k:
6du,x
ISerializable
RuntimeFieldHandle
Lk(
Uwt"t
>Wm>
#Rw{9
YQ.,
}Wc!
CqaQ
@\*l
zM[
8h
^iJ
j +&A47
VNR9
se4f
F$d0
IwOB
{eTT
M_8Y
X F
8A
[zNA3
84^D
2K@*p
lij +%
#Blob
:^~XO
X 7
get_OverIndex
xif6D
M=L$-
""D
>XI[R
7}6(
X ,
#WD[
!$ z
78k~>
RuntimeCompatibilityAttribute
,5GQ
M~-Z
\@I6
]g\r
q)x$4|b
9\Wb
c1d2
~mSu
?< Y
7%7]
X
j2M~
t_%dg
s G'
I 1tJ
#:e&Y
SHB;
<wrag
)cvh
specified
+c)0
kOI7
S" 0.
a,aC
}2!D
S, 1
ifj:N
Ia7R
y'x9q
;@qze
n}4
a]E{
|[0p
!ZCPz
>|a4J
bO<i
.U#u;
"%d[
*;S
*td1
,M
vHB2'/?
`yCDT,
SF\0R
B.Ig
Y(. >
Cb]
Bm#_
set_X
ggQ"A
TopTabControl
)P6j
K4jv
JhKp
Y 8(
~[ >
3S=&u>}
Y 8#
lK*
77&k
kTN4
~WR_
HE+;DZ`o
1c3p
n&NwN
oA0p
bM74
Y 8
/1nK}
h&\/
k}!d
aBFU
6FG0
<c+/
+/if
matemdeea.ControlFolder
d)@?
Y 8h
G[_8
hl B
Gw7L>H_
S]0
Y 8X
V )1
7T?&
TextBounds
Y 8P
cACLK[{
s OS
Y 8M
8OHm0
CE# /
pVb,dQq
D~Ops
[;Z$
tq?}
_R 7
>TOS
VI.p
9:xJ
Exception
5.rE
<S+7
}Q$0|
9R#*N~
]rQM
x?Yd
<4?L
'Bj`
CycJ@
S=_}
#]'.^
35f 5:
UJ OW#
ii4]
/0F }
Ie=x
3)$fA
Cleq
\i_'t
}B47
get_Font
gAMA
1,k/
}J23
!,z|
(: W
graphics
(]ukf
{9 !
rKUR
qA {D
Ozl+
k_ =
%x% f
w_e5Z
.cctor
tviFfV
sW&W-R
<2fj
c$ p
i&u9$iv
{mCy
Y9GM
LayoutSettings
7#Qq
WIe8
tAD|
N z>
:PhBrH
Invalidate
? _#
Iw9y
#'gA
6_mE
9)h^
E&,P
#'g@
KhoV
z *N
0Ii9
UaRf
KkpP
->[Ik
l/O
get_TabPages
0yTS8
}{$>5A
"q1 R
FE|Ck+Gj
lRsPL
u@?Q
zts9RY
m1p
@m f
{63?
], 4<
KN/r
ck+ w
w7C;{
{ eS
=5$lD
<9]* 5u
'5rK0
,>j9>
System.Reflection
r-f3
[HC4>
W&HzP
%HP4o#z
7$#S
{G[*
<M 6<
fk79
DMc.%
:bu:
AG~B-
NhCS
:/)( p
i|F]6
V<Y,7LN
l*NW5rFq
6F VS
]Y5f
@gY<
-l#_
Append
xva
+8)N]
h4 "KU
+Q E
6Z}x
Xd ^
{?{9
TQ0.
Incarcator
u^Y Id8x
%Y(=p
$9.i
*mQ]
W`<Y
ksM2
{|*?
z}EDLHH[
Va0p
!qL|@
2QDAg
PX.1
d1pJ
,2$*
H~ t
:5zG
(+;^FEf
0 K%
(:QI
M4B<
_,*>
MIWa5
n8 )
H 4i Z
#,,3
e q
/PQF_
gHvx
"'e@
#$`kF
V 7I
ZMKz8&
lrfE
'dj]
Y7'$
'2[9
8 =C
0I4'
B4F0
`4S-Qr
Iu'
sO\1
"/'qNTv
A*\F
SJ]7
ZJ .
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
NV#F
Zi+,o
EiqD
1uM6
UnLpr
,a!=
yx"@
=}C
Y(25
6,Z6g
$6k
6aQp
1m ejr
!This program cannot be run in DOS mode. $
.A>w
(& ?D
&h'J'
U[HHS
J YMqhUV
E h4D
Tyc9
O +Ta
% F
[L%>nR` /Q
'P4T
842%
]t w
Nq}\
Fa1
!-TZ
$)<x
v6 6
#1*7/5
Szp8mq-<
gmz
9`'kC
:dpX@
Noa'
f1bu
6>3#6
ICloneable
1=LwwwN
1%no
^m_S
Sj_
W8c$1
1 Zr
//z/
\4%N
+t L]
T [i
k.t
(k'S
>hf@\]rm)
Or:"
XAg%
2&Bgnx"k
E9v$
}V2(ji
qsf/
SioVc
jjxi
H\# /
rIDAThC
8k
xgLU
3T,N{
8q
kp`e
-_H~
\n*3
4qF{
8z
LabelEditEventArgs
4O "s
/C\b
{bS%bf)1
Nxk[
#.!BV
i+nT
wd*FuL
d ?.
S4/S
2bd<
9@E4n
+<T <
P8Kk
BSJB
[:Ub
4IA NA
Q8\S
h T
(sdl
"-vm
6955d729-7163-c7.Resources.resources
* Io
MeasureText
KHp\
0lu}
miFj
lIDAThC
sI~k
Lu2O
xel,
,8?Z8
FBO~ K
Re+#
'Gwr
get_X
( L%$
%Ft2
get_Y
L~d^ZH
n|Xp>
PaU
ZjS
cG$&j
#3!=G
={u0<
}`Is
,v8:
=7C$t
&?Tj
j5cWN
:v<c
System.Linq
^v'o
Q Ts
`/9~
&uO]t
_AppDomain
\}FlUA
mI]F-:(
<YJ0
[?k3
w ZL
4Ztz
5. U
TextRenderer
wXf"h
/,z)
OA`O
7(cb
RFIH
'1\Y
w12;Y
7^/)
-DNh
InvalidOperationException
P{e6
{ZDk
cjSf5
~) \
hqr0
iWUf
of|g
ULGH
:-fgaC
k6V^
EditorBrowsableState
[i1S
h&vA
cg2K&
|.K;v
?/9Y
8(1Iz/}&$
hN rh>
A\ xO6
jEyb2'`
YDiw
2e Z$#o2
Evl>G
3{p@
avs'
O `jp
Zwtfe
5'Bkh
R&ApiR
A(1O
~M94
*s|#6
Ua0p
E@ENyf
:5@%o
F;7J
u37fU
%E_I
<:PZ
jIDAThC
$EzF
BXVc
-i?C&
@-[2
tVc &
/@Fl}
,Ex.
a'jl7" 2T@~
V(}.
q 1.
IPCY
?2KJ
n^e0
G'5=o
Q:Pc
RrB
=7O$
:BQ#
74=<
cy.n.K
MethodInfo
2LeAZ
ISynchronizeInvoke
(X&r
m&oF
F'[o
=a\p
_/ ~e
@ (Q
TabPageCollection
|j V
Pg0e
fCU&f
>u")
bfKkZ
M+RU%
3U'
,9\ !
{W >
NY5
get_Graphics
,VSy
ResolveEventArgs
fb"&
G-1Z
+4 E
\d/c
-%lcX~9w
w f;}
76/ ZF
UIc!
4<'v
LHB4(
=7C$
#6.|G
OnControlAdded
qS&G
arb8]
X o
g76)
C)gY
Cc^)
=@k3g
=7B$
"'o"^GX
'7kA@
jM>)
Ck =q
Q[ o;
%3jN
]&31*.
J2ge&
xA M
M`+
=MfuNr
IEND
T`|:~
s<-C
?Ykw'
/5F(}
Q80.K^
PP%D
szP=
H4qR
1@oI>
f=HS>
I!&}
vp+r' ]
X P
tw39
f iT
DFN< o
x>B
n ,##
UQ$0
3SN
9''7>
75Pg
>F)[
matemdeea
uK'Y
4C&;
MHi 6
Mn_\
e<\~
a7pXi
nGKe}
%Yp`]
Rectangle
:.4b`
>"lX
s2v&/
G~U~
s~dP
WeR9
qIc-
,)RH
M7NH
h'4lz
4WF8$s
Concat
K=~C3
R&|ud +_
,Cf }
StringBuilder
lW5+
L tP
_Y"\
{T4*Jd
mb r,
' Sc
#`I(&
&&&n
?7(<
.#EF*&|K
]fw5
!#F7
=/m
r*X'
r_b.l
h~X&A
F7 $7
r5i|
+#mO
( cBV
3$|-
qu".K3
G1$W
c(6T
#Me!?
{-Yu
5y^?V^g"
_!v.\
oP'v
PRz
:1-
"J@f
u ^{
}|:df,)@'
$6Fuq
3g SVk
mwd/
BJI;
Rc[j+
lI9#
]^ B<
AssemblyFileVersionAttribute
gkx5|M
IP=9G
E p?
63zYD
)R9U4
]'OP
iC:~
vjcx
"%kp
#+E^
**C7
P/E~
-uYq
.oQgn4
r"5"
JBVb
yT,
~X_
9gwX
lGn@
:8^ui
vg'O
\DFS
kSzV
pk 6>
J>V
]vq>'
U=2d
1@J"
,sJjI?f
^$G2
"'/V
hD%1
i _
%[j)
y sd
S)s q%
*O`E
72%=
wfCG
4d3t
7C?x
e4D\
% `
)1*3
#O:3
FCC%j
3nHp
ljFj&Tc
T.Cn
/0F }
7 +N
" wV
l%42_(
jo .
8Q8IAw
:&{=:
Me0*
0oo
uG=?Z9
CreateInstanceAndUnwrap
E=T97N
r,y]T
[G8P{g
"VoW
UWp-
y|F:
Font
0&ZI
i@b% W
,BYKv
OM][O
$-L9
Ta3p
.yXi
P l!'
O5yL
})7WW
yQRBC
hH%>
8%U5
_CorExeMain
_)\vK
sz?(
$Z-'t
q 4
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
)'PWc
QDy+
OLsM ?
W0C r
@? C;
get_RightToLeft
4ec'q
*QCiG
j_ /
qte{=.=
wDBU2
_ =x
_ =y
vbz`v
InitializeArray
,s '
\U`0
nXr(
/hr }
iAkh
7 8!
8p;4
u[@J
>H,4W
9 |1
9"nW
>d\'
ilOA#N
rN *
Mv|IV
\akB
.$ .
t+p;
ToArray
\2X+>
`QWd
K 51
EditorBrowsableAttribute
get_Control
#;5dR
+ j{E
;"0p
= cS
<79!
*Xny
u=0*
hHReA
??%qT(]
?wXy
D">k
w#%+Y
get_Hovering
|zba
r{ /
4A:x{
Sx81
|IS
Hg#)
4^\i|
Tpkd
gP-P
$.Atq
5k%7
F~A63
Load
mIDAThC
Tg!v
aqk7
QDe"
+: E
e7$k
bc&|]2
'-1B
_T44
System.Drawing
^ ,H
D \J
?o '
_zE/
9mT@N
~&Ws
Fb7$
;JPfN
ih|Q\
j^5\:
H"_;
'MoE|h
/MzR&
r /Jo
^y?=n
@Z~dr
"uza
g/z Si@
1#pvw
f-Rh
0e+#
{4.Y
/) t`n$
S_7
6wiK
1/DD
:}Vi2
:)-#ju
!)rc
QS4m
_uM
^UJ&
<PrivateImplementationDetails>
|"BFJ
.d5g
xYY l
RuntimeHelpers
+NB_\
Vc!3
>!_+R
f:?XT
;tw
L6BEmX
v2.0.50727
>yVW
7;r,
qo}L
A#Bw
OXoIF9
=nD0
*FSAw
>@8.
Object
^Y!P
Q4Y)L
$4q'
/ ZV9
m}>G
JkNWUZ
b6Bk
3E~F
"'}@k
ComVisibleAttribute
l<(]W
ZYA
}&AB
0+6[7
>Ehd
}r x9U
(6E+
4oY"
|:bp
p1L'
(>Rw
5d0p
[P)"
OkE,=
8czQ
2Ba@H
nIDAThC
pNH$?
h Hi
AssemblyConfigurationAttribute
jWef#
1'J
[Q4}}
n $o{
et#-R
tcWR
OnMouseLeave
`^Z0{L
'{#1
Ai7
1.0.0.0
EG9<M
7DG #:
P|z|r
xXLY
; K3
5#)"U
)/wo?
a/Et
/`m#
i t+
+$J2
x*#l-
wc)W
nrl+
*@J0
nBg\
4{Yi
<e;v
Jf59L/
RightToLeft
]e}TJ
Wx+f
mM+$
zWq1
Xq^
L4Oz
Jmo20
E"5k w
.~ ~
N\`Pc4
CompilationRelaxationsAttribute
F' j
Hy?J
[}( M
vv.-
;M4&
=4vmV
>Y E
8I'a
,NBW
^?]|V
}#a/C
/8F l
;;,`
MDhI
Zh15 g
R?G/
/:nI}
1/K1
39D$
L*9v
ZJbB
z!dN
i\6j^
twJ
*e0p
}8cs
_w>
kT2
T,8`G
N',w
et=n
w%l}:G
_@_)
3w]9
75NB
+0F ]'
$uMSB
Me )
Th \
$u0{
:Q|`S:
1(ag
{}7$
3rc< i
/ R}
/8r'
<R0%
e{+)
KJ(s
'vc
}%cH
&wFh
P:-!
=6Q7
^5]u
b i+
set_Width
h~YD
RU<P]?#
H aM
Fk:y
\ <
& zPu9
WRn[]
12QpR|
2J,
XyxK:
|ih\
e~%Ex
set_ItemSize
c>J;
<c}Vi
,^|$
^G&\T
q%ld
4,p(
f!? @
>Me+)
n?oE
dx(n
0E0FA1A62DEEBB1E981471F7A1F5C112CB0A9C65
hd2j
s3z8
n&2%
~=GiG
LXhZ
2qMn
$0k}
}sG
zgy'
6kr1
LVC46
!-RbO*YA
B4A
/%R`
a@&6
,";JWK
/k.r
s_
$z (,J
t+RF
e rx
1zs\g
LgO6nq
C4 ucX
"${
0~X3
:s)$$3XC
U2#D
Z=!l3:
}Zc!
J"L
vD2K
PaSt
= v Q
/F744
cJNg
{e"p]u
H:@[^'A
84Du
4%+tB
d._l
1T i
Hbn5
}y^4
D2.V
1&Yy
rv *JS
H +C(
)%'g@
}IrkU
<)]i"<<f
w^m/
[BM$k
Copyright
=o.[6
p4oD
ArgumentNullException
ovJa
A-){
e<E"h{q
|e+(
K6_P
&inf
\gV
bw :x
Point
cCR|
)eOP
RVUd[h)
>3+)
AssemblyCopyrightAttribute
w_q
=a"p
@}<_
E1b|%
. :Q
p9OQ\
_~MW+
bQ+
k($+&
MS|q
Il j}x
q|@/
MpnK
"K7y
TextFormatFlags
/b Ae
2PNp
O+"1
@ ?'sS*@
iz]r
k.K;
#9.5&
A- a
4(c
:JEK
zfm-
DG`Bq
k%\/@
Yvq",
D]8|n
U-#D
eHEai]}("'kI
.`\`
YV3,
o]G{ \'
rj(h?!
T0-X
+} 4E
textFormatFlags
%kNM
uwO8n~
AO_!
iYqg
cY^,C
B"CY/e
dtlw
>9'o)f;
trKc
c}P+`
Fz6R
c%A@
@`8o;6}
eqB;p U1
A)@M
F'"8
GetTypeFromHandle
KMfb
FH&=
q,}=q
*> v
d4-9*w
qK)-
"ySAH
%0~}
G ~k
HS4U(
7>OJ
p+fap
0:KA
H*dDOp
w+t:
]f 5'
lQ}*
7.B4N
RlhzZ
Bk7x
]]}_
Z(%2
V_@5
w ](
TC;a
Y2R;
h!d7
Q-+b
FVo-
bY e
0PO+
E1Qm7
}VW(GQ3p
M<m:
5zGn
s)WG
System.Runtime.Serialization
`8/)
RjXZ D
j'a@
JSK})c
i-Tb
n}=]P
0v<B
|Bv]t
,q l
OverIndex
&ejr
DHG47
|W0p
n7PHx
DDr|N
System.Runtime.InteropServices
56g@
NM\m
}Rj3f
Math
zieK9
"209
]ZEE
E zz<W
bH>cR
UL?'
Qb)Rb
i$@yz
AJYr.
<O:_
o 9Q
X] .
..K;
=,]9R7
!YOc
f 0
}2%dC
9H04S 3
#<U1
AssemblyDescriptionAttribute
System.Runtime.CompilerServices
RQseE6
Uc#D
B}[5v
Q_};
R+W#Vc
SuppressIldasmAttribute
xRrK
6T^S
)E[#
matemdeea.Initializare
mwbO$
.Vd$
8iL l]
QprL
1*P* >
zCOp
Myrls
6}8{
r|_6
O3G
^E/F
\!#g
b\`
.?f>
]> e=
'&AZEP
In"C
ItemWidth
I:8$J
ypY*
0$n&l
[R>4<
hg9t3
08g&
;J}uv
98-<T[
~r.1dX
t vH
t*e&
i*,W
e!'s
U_Hrp_j
Zjb6nDb
}xc8
*#KlpR-y
EventArgs
IDisposable
!-4#M
}?aH
3{ 0 .
GRzz
ControlEventArgs
mKVe
!6A o
#CxW
>/r*!
485g,.Vp
T_!9To.^
"'`@
0?G
#)F+9
?5 !
VA92L
Me+]
V@Q
AssemblyProductAttribute
UJ-7
6-A)
J7zl
]zP,
1.K"
yeDySh
k ~`J
<Module>
N~Fw2
=orHuS
jS@v)
G(QuL[{
C*t7i
ShLv
-04'
",Vb<
Mv&,`
`<,1
,lF ~
8SIPN
Wr~p
v/lB
ja)9OZA
e]V9Fl
value
~"f!
{yE{
MA&GF
3,dQP
2018
y5K^?
|O &
8=~F
#DFdv
AiJqE
qy P
oU|J
b+!Ke_
;7v>
jI4m
Dp:5
]R_(
thk<
if~
p9'lA"
}z _
]!cy
Pe#<
^<9i?\
Uv,Q
A !z
KdPl
g6g! \
#GUID
get_Height
kH:u8
6 a
z:np
y`^z
UK<`
WgX{
[ +
1rB.
P d >S
tl>B
:QWkt
!2-Q
set_SizeMode
.' Ml
}%#(
T9ta
2.K0
KFQ?
5XB4/ #
ICustomAttributeProvider
# Zz
qIDAThC
')Ow
*vV
Pv)g
~5'p
E&I9
>X 9
0=Ep
qW-.K1
)n ;x
sVxXY
LalU
7.XU
:2Mt
.~|6z
4(Kl6
<wo}"
@a<N
Zne@* fWF
~ K
Us|8E
bNw;
`NPI
:'$
ad0r
LHR56
SsXTb;
, X6
o$*G
dOR#@
2[JXl
q<>$
<wz1A
FlhO
/]E%
System.Text
Agl;f
nuJ
),GQH
p/NV
2O`
e p
Fny>
3 B,
N4O
@ `]:*
| dw
OOWO
|'>]y
]ief/
wKtb
fZII
jU4?
.=6QE g
5K1vr/
~8A?
F(8v
8n1au
v2!D
3JY q
[7lC9
jpG1pI
46*`
$27f0a3f5-3886-474d-81d5-d82d459b5834
) 3bX
IEnumerable`1
@/&)9
[}2+[
lX'{.
TabAlignment
YW_}{%
88C#<
m*B
2`6\1YkIvSqD9
$u$l
]* 2*
AaS
?>_0
-TlL
>a0]
d L6
0GWr
Md+)
T;;6{
_|Tm
8`1OT
get_Size
U:'n
7{YRB
E[y0
;p8]
get_White
FQf$
System.ComponentModel
AWBm
aitM
^ mD
Vb!8
M +;
2"bz
R}Hn
Gcd5:
LD,0 u
|8g_
#nB40^
hZ6!
mscoree.dll
z|nd
$s^<_"
#'dI
/\Zo
/.K;
`kQS
9 UC
5XO~
'\:H
ET +
&*H
v8yI~
~<t6
@VQY;a
5@o|A=
~,",
*<3K
`Mt-J
System.Collections.Generic
6DF71263AFFB3296BA91B14181DAF02693B8F22E
uuL7
i8Qd
jjd&
Q6wG
#=Y_y
"=h}
OWV_
m&)n
System.Windows.Forms
63TG
\5Q%
!V./
O]j
):Y
1 ,0
6'do=M'\
'{k2Njz
!n q
Yy\7
LYQf
_`S|
1?3v)
WriteLine
System.Drawing.Bitmap
< ?%T
U#`]
L%^4Gg,
OH4x
SetStyle
LBjd6
|WGQ5Y
Yfh<)
ClI03#{G
x`c~c
Me*
."`:q
HS2m
cPD4x8<
.!GB
qZ16B0
F@ -
:&j
`:1e
>(^b
*=wX
w+D&
], 5<
nJEg
0ng~
EI72<
d}B40&
U6ic
,=*Q$
Z{mr^d
[oYNJ
O~s'
_#.-
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-02-26 13:55:45 2018-02-26 13:58:37 172

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-02-26 13:55:45 2018-02-26 13:58:37 172

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\Procducts.exe.config
C:\Users\Seven01\AppData\Local\Temp\Procducts.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\Procducts.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\Procducts.config
C:\Users\Seven01\AppData\Local\Temp\Procducts.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\Globalization\it-it.nlp
C:\Users\Seven01\AppData\Local\Temp\Procducts.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2348.4874671
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2348.4874671
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2348.4874703
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2564.4878250
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2564.4878250
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2564.4878265

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\Procducts.exe.config
C:\Users\Seven01\AppData\Local\Temp\Procducts.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\Procducts.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2348.4874671
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2348.4874671
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2348.4874703
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2564.4878250
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2564.4878250
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2564.4878265

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procducts.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\410fe546\7307cd04
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\40ef5613
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Procducts.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Procducts.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|Procducts.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\10592a67
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSCDUI.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|MSCDUI.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|MSCDUI.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|MSCDUI.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.SwitchToThread
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
advapi32.dll.RegSetValueExW
kernel32.dll.DeleteAtom
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
gdiplus.dll.GdipDisposeImage
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSCDUI.exe 
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-02-26 13:57:05

Detected family: #Malicious

TheSystem Itself @ 2018-02-26 14:12:02