MalScore
100/100

payments.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 15/64 Related 1999
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 316.50 KB (324096 bytes)
Compile time: 2017-07-12 22:10:30
MD5: 91e9e3cc7a1843027ac77377144566ce
SHA1: c91b74cf66f33969a63bb9e3bc277c39ad226d72
SHA256: 780a4989d2558e3d9c1aef91a6b849cf6bfc9a5a117de4987b4fb13948f96b39
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-07-14 13:39:01
Last submission: 2017-07-14 13:39:01
Filename detected: - payments.exe (1)
URL file hosting
hXXp://gulfseoagency.com/new/hn/payments.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-07-14 08:27:14 [15/64] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x48f74 299008 10afb827cb2151dbad8edf5c51d30767 0a3f97c05a957ef1ee5ce634e1e62f700cf3785a
.rsrc 0x4c000 0x5ab8 23552 e697665de6690cd9f3019ddd3e19f54e 8543624c4b9e2ce3bb76250ec3da388cffec4de3
.reloc 0x52000 0xc 512 77f139735eccb5dbb5897b8bd0c0aee1 975f1ddd4e6b5c941eb3e2dab1fea011cf1e2d2a
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x513b8 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x51820 62 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x51860 600 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: (C) 2016 philandro Software GmbH
ProductVersion: 3.3
CompanyName: philandro Software GmbH
FileVersion: 3.3.1.0
FileDescription: AnyDesk
Translation: 0x0000 0x04e4
ProductName: AnyDesk
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
LegalCopyright
(C) 2016 philandro Software GmbH
3.3.1.0
AnyDesk
Invoke
CompanyName
VS_VERSION_INFO
VarFileInfo
FileDescription
philandro Software GmbH
3.3
EntryPoint
ProductVersion
StringFileInfo
Translation
ProductName
040904E4
FileVersion
W<%/
uB6d
N;N^NxNyN~NTN*N3N N
r}
oLi"F
M&>cB@v
^KNc
PNG
v7`{
_ e6<,C
<2 h
Gc? #
}-k_b:
r;ss
2TZ~
1@K;s
!`An
.fExN
9*8t}
@*%,
#({s
2 uOY?|
{Z23lz
1#AH
_-i lc
z>o\
u5J_
h4.%
\I6e
I "w
m]PN
G!mE
|)3aP Y
3=Nz
l.;R
W&]B
O`c
ihl$
^(-jB
;}Lo(
5,_<
DVb yQ
(vY)kdo8<
YKHs
,"Xh
%@b
qmK)
L)~L
ALd62hBt
N~s$
Q&fr
{WIX
)3hL
7zb,
Y\5ON
s4m
&x5lX
y?s`?
'Ub^S
3(>e
-`@<
*6WA
bp};>
}hs"
#zmU
v^*>JX
x\ ` f
c=B_V
4,sS
N NiN
x,#B
_#!
<2PK' L
KgDnx
Z]`l
%g 9
kgPt
0dh<
C7SY
Qnt<?R~
ke)+
+Y#U
"`tT
"_HTQ
vM#s
c_y?
0w@V2
c{+y
qP#%r\
!+=^
W;.Pw
Z! !
Ci;qN4
= ((
0!iW4
mZfcD0k
DialogResult
System.Security
Y1[E[
ruG<MH
zA_
s)6uJ
?fAo
'(w8
n:Sm
yya
hzCm
tI'Ji
I G3
u S"
,F9O'
NENkN9N_N
1h _
?6YZ
Mb4|
N\NUN
dY) )FA
fPX1f
uLZ.
O&w
VgCL
k/ WDY
8Il?
4 #&{
NCNZN
3M
N<N@NoNZN)N?N;N=N
Jw]h9Q~
S,x@
1A4j
7Mf5
3<va
-%}M!
^w b=
LO0)
]o_W
!"SC
Y%y@X|r
%&4u
iXN
RkAy
A\|&
ResourceManager
C7?
t(&}
Iwee
N+N{NLN
H N{,5
:gj4M|
2L2V0
w-"2
dF|.$
U,~M
9`w Z
~&p6
$ G]x
7;JT
Lk++
Q"=G
/ _6n
F"Z>*t
N)N~N+NKNdN#N NGNIN1NuNANQNPN
"WQ2
0q.)H7
>s.m
G6~,I
T0E
kpp@
`5 h%
i?7%d
lYVE
X<gv
._pl
^?E|
f;{.
ja+
+BeV<
*7PM-4>r<
43c[
v2.0.50727
IR{}
aZ7b=
;H?'
) F}
TkX0
| PI
|UB
YW5 Y
| @WH
hWI9
ov}3
H(N'N NHN@NxN:N!N`NjN
Hb 6
L16$
[ 60Q
p F\
E /
M]b#
ta{hd
v5>Pm
fYP
Y@H=O
;, H*
]}Aa
Z(u3O4%U
y @~
;jK=G
W9{Y
[Ip6z
6v,R
"4GP
cdvD
y"()
zw]=
XF a
J_cX
xGPn8J
ZQkf
K q
4IYs
">[t
C%r,
ex R4
Yo~Iv
TeBO
cThTqi
[$Tw
:a{P
$j {#2
5f8R]l2
#Blob
]e{c
zP5
jk)
.u}pr
=Zasl#
Jxtz
9UO&
YQK#
jO9Vb:
1ms]#
Ti`,+
HSYG
,J
<qx$
x<6R
3/wl
T"c#
bRa
Xw3_%E
DzU3
AguZ
E<c2
~D&~|~v
Type
l*KBf
wb{o
~fLo
N6NhN8NsNfNSN>NdNMNdN
;?7USx9
N/NGNANhN
r#66L
W7^3
|"K.
@N<d6x
e)tyW
Vzzma
*|`22
}L}]
.6z%
/>ng
!0Za
LOIW
59 ta
!> D
=L2B
IQ0LD
}Svo
d* '
}2[D)o
[~~'
Lpb&n
n-HTM
]Hrfb
,cuuK
&( SP
z{-zM
2 zsu
{}fs
Eb|K
p31u
`S4>
W<]cE
xiu*
Y 39
d9l8 -+A
WVa7m
b4*M
&^ A
T)8N
Bpz-
!Kdg]>
_g9-GS
>)_#
#m]\
bDit
U5EH>
I+c/
=OdS
jwN=5
5A@~
-ro/
1='?
xc <
5@NrNvNGNBN
pKi.
9Gn~
ZQ2L
"ioFzn
z5twqj
P
R1Q, =&
A}?c
f4b~9}$
cz9wX
x GY
/K67
W)60W
05zY
O<v(D3
.F%
g2^K
d`SsB;
b1nkYdnm
y>w^%JX?}
ED_xu
3qav
u oz,
R {!
#.&a
Up.X
p=/_\|
m*hC
.ID,
N`~5
gx7f
R)B
_ fT+o
K"9L
dSHUB
=EFn
=|kl<
NPN\NhN0N6
.text
List`1
( hh
#z\CI<5
?s(
?s)
!^:H
9~5iD
GetObject
}FO!
rD;V%
1zPd^
dp g
-Cbr
.^C
~";BT
8u(x
i1S!
l?TJi
S^Q,
01D
=(.U
zITX8
ts'Vs
XI`=
)[aI
J6>%6
ta?>$3C
<2LI
|ER'
w((y%/
kHb31N
y5 R
<,Hb
j#5M8
`,V8
Ru2[
SkipVerification
,|r~g
2%,h
x*4&
Cg^@
:t~
E]~c
N~G7
^_aI
q[t
V<an
x]ZL\
y|$IQY
NrNWNuNuNkN~NZN~N.N
]9( T
N;N5NYNmN
h3o%c4
W&-Q
!V:7
7 `,o
E^fF x
e;fEs
Q><w
=5I1
hg %
k('w
v$nl
t'Z)
3+aqt
Z0_
HgibC}
N/N+N
)5~<Vr
|y5{
R_wL"
8/ 1
ikV
m{ -'
&;e-
`5jr!
KU#}
ZbhE
NYNQNLN
P&5)
|C\iI
@=H\-
FAUM
t=)dH
,G+9>\V
N NNNBNvN
l n{}
*_Tx
c_Ngq
7JNi:
X/@ $
'8 w
VG y~
K6G(
`.rsrc
~{r9
28\)F=N
G{P8
R2.V
L#W7
`EkmZ
|jD'
9Wc<
rBd
CreateDecryptor
~Vra
&u,'
0MF~
(M-E
j\u2
&%l
)c>.7
: K=
zv5
N2oi
{yYa
z[B;
% 5L
> fQ
7.*K
r9=$R\
eM!
YXfj
W- l
}-^@N]o
-NPZ
NWNrN
}et@
[p<Z
|#n
ba _
olQ@
|HQ%
sZn(
Z< ~M
*fM*
Kkn
laLpk
*kA 4
| EZY
.\&!H
UM ;
y~,e>
v'E+
)xP4K
1tm9.
>F(Nq
% *)
]xV1Bl K
jR:NO
j dZ
_b$E
(^tEV+~
,, B
1Qi
k` (
AV)Y
NbN6NCN0NFNSN3N
sNEE,
2"Tt
9:exB
NpNnN?N}N
Hn4>B
#F}moz
&PRZ@wYQ2?
)OS6
f>{e
%o}L
L/@'
FIfe
(&Qc
q)c^
8z:*
b5u_g
AEg
lh\Gq
LY404
ID_(i4
2`Na
SeH"O
"}8R
7MDA
(4fq
O|*c@7.
w<*La
E r
gWG1Y
oVP q~G
9LY?
set_IV
!SQeu
jJ]?r
-Cq4
Cc e8M
4"Ht/gT*]
i & i
q%N)o
f+!o
uB[(
pUW
A|D$Wr
P;9p
|/ $
4{$.;
Ppd[|C5
/Sn!:
l9g
FrP
System.Windows.Forms
t:3}
}Ove
$1sYR]
O Hen
A,&nM
y8>d_
c8@+lC
*`EqEr#
| DE
=TW1
SHY_
>A/&
m/t
VW(R
<v}
_2?]r
uW{z
fs{7
k-^V
PlzP
_x;qPk
A-<E
k9o7
8~hS
^dP]
f+3A
~^VZ
MgN N
)yTJ
RuntimeTypeHandle
<vQpO
%pVd
) k+
bdo2X
([%'
x5>v
Tx9P
VaD@
6YNvN=N>N[NDN
42E9
{jvhC
7^M"
G6|@,
O|Rq
d'jr
Cxn+
)*rC
_3<|
cv0VY
NcN1N
S/IM
R;`qCZJ
;Ycu FN
pz%f
"_Xd
):QW
3(bLe
[y*L
}LI,
.EGZ
EUvY
esuo
7*M1<
8#^5
9WV 7nf
WTv's
IHDR
G -9
(!<t
49a1
|tiHKD,f
NKN$N
rspQ]K
Y&w?
$P6m
>G5fQ
FS<O
u{ ;9
sdES
jxa_|
PK 1
cPk
\L3 y
=8f&[
R/3rG
System
h@ R
CITYe
^O e
2/KgV WC
Sp1n
f2h
}K?=
xW9Q
RPL#
mt%
rheE
AUU=.~
Ck){k
pU:6
\vh^
6o B~
M"Q@
$A/
NS V
#mq3
cLb%ErZH
;{YT
0crB
moF7
KSdaj
f}Tc
t;nC
pRN)L
%C8T
,3~I
^!,go
#Strings
nDkoBt
% .2
0=gB
TKy9
zGes
Uxw;o
PA8=r-K
fM]&L
ved#
_-2W
PV_4
Lv<J~x
;ZtX,
yS]$
1ba!.
;X.z
9i'
d{cp
E5v
)*T;
V\=:
DK VO
Bvjd
*3t
rWPh
XQi
zES.S3
}iD8
fH{W
7Ep2,
i4kg
669s
_HQ4
6Bx7
[9rd
m$82F
Iy#H[
rW5!
lA@b#
Ui5^&
LM+a
s J)
A:c@
h XU[
|e_e
IxJM
%x`[<
>?'Sc
IO F{
1'lX3
e_gI.
K/p;%K
+B_.
*Tis
HS[_
Cwxu
+W!UJ
d8|.
Z +(
Qz{&
3(@+
S3v;
!_^]$
tg&Hi
qVJED%
l:u*
#@5z
\/k_
[emB f
FP0~
\ ,h
aRGH
mPw
eZ %
g~~>
!kZi:P V
#RB|C
N7N9N/N$N[NWNjN#NoNjNmNCNLN[NcN
t[ y8
5[wnfY
H I4@5
wVX6
Z7)>=
/K&-
4@NrNvNGNBN
_oKM
>S
qJ y
/e6P
s*9d
2G -
ZLlq/
k0q(
CPEe
S( 3
Y;8l
nqD15=V
YWRQ^
dJnC
) Lp
N=N&N
String
W6sZ
6uLy
O4_Eet
N!N2N9N
+!?s
pXEz
0J'R
bh{lv
Tg e
bj^^K
eI`G
HGrq
24fy
"h7$"
e!u<'
e` X@
3w9(?
,./1
){VQv<
!*0 E
VaN>
vL{O
]7wU
H-sY
U_3`
egbI
(s&4
tzGr
wm$Z
QCb0p
fHb\4>
<Uc@h
wBj6
H_I`
.xvDib<
N;}}4
PcW;
U2,4L
4I@$9
'x"eA
&U;$
n] WR
/ a
JHLl
pp\(C
, k{
wW:
N5NeNwNFNtN NiN|NzN^N
N]NVN
Tp:
H Q
%rD
ll67
b#<@VJ
;pMp
i# jJ
pRdG
V3V,
7wIP
B K7w
}73-
3>('
ILWr1
OLXa
IC?wN
ej]M
O#lyD
}j5
NPN\NhN0N
cK R
,eb@
JW5D
g/d
I)!l
J5u2@
NgNbNuN NdN\N?NiN3NUN
jmdsgv
N]N6N
zWT`
av#
K,MZ
^[C4
2JKq
q<cBv
|^jUP
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
QTr`
zwOEi$
^o*n
e 3<
u]pb|
;bzv
JT:T
EkiK
~=v8t
vu$
0Ej}
0=t|
VVV3
_|R`
4E H
;O^x
{6.DH
$6o4
.g*(|M
+9S,
["M$
Hc{F-w
[x+~]Q R
?}Ag
w4!k4
4qK=)
,b5*P
W:A
[\(C
GRB=:W
q4b,
;K5{
8Crm
?,
pe8X
e:J
ab\
l+"@H
N/ h
mN{8M
HPvO
;qf>
:? `
F6Dy
]bpG
=/4Cx
jEG
aaH}
.g\fN
Azz (
!3g'2#
[BW,l
!HEx8
P.OGG
"u+
M{6R
N;Cf
PY,m
Rm6ejq
M;c|5
,&+b
97 )
mSi<O
~vw
JZ:`
j1nKc!
|Y!Ve
W|8M_k/
oG'|
_|`Y
XL5z
FR 3
y>W'
-Wl*
u*zJ
!+ LNa
lxAx
BrNSN{N3NLN
F|Vv
'& ?
B+De
:Mm69
8 Lg
GX;?
BAC=H
kLW<
^6rNs
dg3E
TZ&m
9.K]w
:U?(
yC^=
!wLV
tyFA%
=l;<R
t:#e
Hf<U
+nLYIF
nfW+
?+-^7S(
]MAr
e@$c
HWvP
8%z/=Y
&KG!
jsce;/
n:(F
l"~&P'
%(@>*
crJx
HDV X
]]Ea
bZ?l
.Gg|
US%]
! /z
=zm\
Fqzw
g`<e
#3s=
u1> O
:CL;C0
R`-[
PIxeC
e,;Jn<
k1@!
Q_x 8
L@hR
^OaQ
96vG
pe?)?
U@C /z
(TQcu
Zyc3
R^ ;
XO.R
p :o
nGU0o|
DGjuV
LB#);
fKH+0
R-^9
N*N\N,N0N9N
A,jH
{8Sf
KF oB@{o>
k s~
8f
7|mh
yeM3
PTf 9
:kZl
Q* J
ho{*{6
8]ND2
\L^g
iR_8JW
wUCj
.nW52%
_ f>
b$[s
yT08
hEk1,
Db|N
4@r
>:xB
t{=3
{Ycc
Pe&H{
?uX1`,BZ
fd9K
bD~H
s'tm1
Hf`A
Jb,
)@Yl
"i72
^8xO)^p
R+ar
V.\
lIcV
i\[]_
)0|[nT9
`g#+9C
t#M=
bUI)$
z<>7
w|>k6
Qo5*(l
1A0b
/7M"Z
=E'*X
q9|k
)H#?
i2P^
*!~R
YM;?
>tBlcZ
& 9
eF6R^
xSz`
- Eoe
)}w"
`kQ_
|Pg'
~LU/
5"Otc}@
(`[m
<{;W
beaR
.3Cj
iTA7
!=}z
<L-)
H\K`<
F^q
'g%cWcV
?0O
Tp|
ICryptoTransform
l3 ?
l:{
}"u5{
3ITh
KboD#
mx?D
]<-ZW
")""
:HJ!
do T
>CCZ
@~3F
?9/#
jZ%?
{]w?
lKZ
8Lx"n
9Aak
3*<I:l!
RKKt>
M7[{
FlD+
PADPADPFa
5c .
pJFP|m
I8>i
%v`PI&
:Bi:
lTrR
?wCD
F~O$js
t)luD
Fm=Y,
xY-]
6C r|
sv k
ss F(
X+~'M-
0&r_
+a3~g&(M
*G6c
+M:o
f4[-
N:s{
),Xd
z*u5=
g6{Sw
U{'dpX
+j"iA
BPPz
9lp`
/B`/
\8RK
lwTzh1
:; @3
_|k]r
n/<o
+,%%_
Y/"x
<$d/
f!F
~88"
Tb-|
Zd/&d
, hm
_!=VB
jno>M
'O 36*1h*qg
nFT3
Q~TtxlX
jpKI
.ctor
3m}`T:|
b?ZB
y_D\N
1`zT
!pLs%c|
S#+~
=zlg
)a6>D
h[qF
(TYZu
j]@0
Ry SN
! ,k
OPL/
Ii N
Y2uO&
'.5v
'`sA|G^@
&=P
$A H
e'Y_Wh
OdDp
$*\lz
zTRGs
EL#J
dE<#
YCVZ
87\ya]
\ ~b
rtX@P
LP~c
ss$'
k+G)
40)
}W61
YI+#e
51ts
{5pz9+
!WK>D
a ziv_
K437
bQ!IR
/W{i~
r\gt
F( 3
NSNyN\N
N_3;
(o|J
ImwZ@
7) $
pw-&ej_
5j|\
( f8
WrapNonExceptionThrows
gKPF
IY~y
3)>O
Rskj
e,Q
Y\GT4
"oc$
XURB
?V;`
NX}
vg,?SU
@.reloc
M/S*
%kFW
6}x?
8C=%
Y}+
iJp4
V|Ai
gt&n
pAj!^C
<p u
%$jL
3]\^
H~}w %
~8$
:bkF
CxT"
IHVW
>6$2
z%vv/#fn
O'H?
/SD
[.hQz
kavo+C
/d/{
PP!>6
X ,O
gvmfT
kFt7
63:L
TDiC''
aoNc
v2K/
PZ02
4g<=:f
*uKWTj
}{AG_
q 2{
x*i-
`-w\
1^ l
-}om
FGSHZP
T2k
g<d&nI
~~&A
dO)s'
2EN<NlNzN
V:a
SI.}
Dd)3
1H,;wz
5}34"3/
].Hj
NKNeN N
s}/U
y nF{l\R
bgK/A; =
c)2
DBL.
P~X9L
@~3E
fo7?
:5JH
YU$\
?mH
PqR^
'?3i
@D|{
`n0:
cZo 6
mLkNe((
w2%X
! 2 >_AKd
pzw`
VvXH
Qf+z
G6XT
G>[CW!mz
R|f&
jR#~60$_H
FmQM$B6
rV{d
df$=
/z4K7
Yi{H
p`a2
kJfp
ej[Z
k9Z9
5Yl)Q
d( x
=-CL
2Btm
VV3|B
gD :
&ck;
21AuA
Ve Em
lxlW\
NV3T
c PR
bz}$R
}PRqB
+U<Px
-LD%
S>V{!s
RuntimeCompatibilityAttribute
,\btPS8
:u/i
>pTZP
C#K(:
.Ee$T<B
>Vp
nF sJ&
Assembly
s}U
M]q0
.resources
y"=^b
Ouc5
LKB[
NTNtN
WaBvE
A_)E
6x:!
>QD1
`"7k
NYNlN3N9N+N
Q'ek
V|k=
+6O!T
uf/j
!+. Xz R
zFq/)C
\At*
<}Eyf6
]~ p%
d" G
J.Q&
:=T/
&N_u(
cu<N
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
GvX"
tx(!
# ']
kQp~
K7W
s0:9
csHV
SQ>9 Z
A-n+
&h L
ZhFUw
Zv1 G
;=& P
nXv\
GHbB
QK!Io
9=$!!
v&yz
M*SJ%
.7vc
PGJ0]9'{
h@UU
" E)
ua \9
s{W<
Fp,w
SJQA
uNw|
9?B
7F _
oIfA
D Rn
5 =f
tgm.)
gUoLA#y?
RIoE
*p]B!7
4@p|
qL{K
CH7~
uTHkk
p`4-Y
] AI
8Ot
kUac
XtK:
2+TA
xh6
YgfR
4p?A
=fkGxP
U#5|<j|
DXCB
go@;
Z2eb
jB ox
/JMO
h\<yq7
3,cu
>"l`
/i&
Om-
0 %xD.
35~}-
ajX^
^_3\Dk
;-Z "
RVXVh
*\*4m
P-|j
lwu'O)
[fB\`
`{7B
iHu$
o@Cb
[S Y
Zpm7
TzOm
e5g=
6*|#
uo
G*h&%mJT7#
`CkIA.w
E8*$
WgOo
}M~+
yF0
G},f
"~5l
Y" J^
a(U;
0\B=Y'
i5&p4x
Show
N*NONtNMN NLNLNoNyNC{
%<y>X
&:<D
3,8\
1h4{
8{-J
2T1T
i%eO
}$=?
an#o
NhB5
vZ,v
'=ZB
/M\
2N=_
r-J=
p)O;
z`"
L~WF3
NS&e}e
,D.m]*
Ewy^,
smusJ
1[>l
2_OX
PF"&
ipu6?
j9 a
JTZ
EA>dCL
%YYX
e#b9
1UM(*
07W*
l@{R
|>PDVRXb
<*K:OO
nQ}x
t4sC<
Z {!5
m:.p
>L*|
n%F$D,
t?CrC7
[^<c&N
.9?z
@&Tx
E1N1i
*jr:
g _
N`NvNjNNN NkN
;v7~
(_'l
}&CF"
LJ
BUR'
)%%^k *x
S pX
t#O;
VIf}
]->&
y>89|
c9a1d
,jM(
^C%}P"
%X+1h
hH(F
gg-k
VfO~`h
/Di8b
QQ8s2
mG[L
2*04
9'zC
+*u]
&9T"zC
/,3R
N`N NEN|N?N
^J Z+
. w
kf3zK
vA"R
SWSf|
jZ54
SDQ
`J#TxS
K`9m
Pii8q
liL
2Gb
aokz
zgs
)-?l9
0!_A
$X0c
Gq 5"
~L4,
u?Ne
+Pp=
[y7m<
I.|W
6y2R
Q6 QqZ-
SB&|
PkRs
{$5X
7!6o
{|{7*
o9Br
44 S
0#-5
mAGH
YaOE
MethodInfo
Gl;v9
"V%
BSJB
C@-yO
SFQBK"`
)s0"
@n,OT
vhH,
c$ Z
ca1L
J/ca
B) Py
<uAz
O%bP
xra
UB1R
70?B
VHZB
U*#\
TF @1
c+xY=
;Mk
wh<A
"ovv
5Nexr
gm|F
JU<;
_ y_
p5c,{
,%9$
?c]!
U'8\P
:-9
ktGf
Jv~m
a|X5U
[CY')<
:Xp3
_~mOJ
>3 {
B4IMhD
eVpB
H Z
l@Q+)
(An=B(
gA)C
}jll
$Sn0Z
!17
iU.mRW]E
"m@@N
NTNMN,N|N
@# naqn
mscorlib
k"8D
cS\ii*Khd
gL~@
;a?^
zN#
[| [4
\x\p
eL<8.
{4 x9g
gs'P
Cuxe
|Y8gj
rI!|
P Ha
3_(R"
aWoI
Wua
Vo v
9X~
MR9SC~
|"Mu
d<0[
N-N NDN
y ch
)r)vI
Y]9G
,[ C
I-0E
w5cD
VJjM
tpa?
J:41
N N(N?NINXNWNZNmNXN/NyN%NTNAN1N'NTN
hBFz=
H6^^&
.e@
1jU6
dzp>
ikWqoc
h'vba
+?z"m
Dg~
kt#%
VeXX
)2|af
wBDv
System.Reflection
0r!z
S&yZ
EaLn_
gYLWG
=tbp
EFzP
V:+Qt
h)upd_
JOH k4
(00}
f\'
yrn`
/]Q)
q q
h RJ4
!|&a
}_He
uk7=
mE?N7
;Yx[
~;-n
3[G|
*z-#r&1
]|E9
1 fi
$_ix
21@I
System.Runtime.CompilerServices
XjQN
mFL"
-yh
J$o=
Z[G "
)DP}
Y:H
dfy0
DOQO
l<^"
{N~,+
+p+`
YDVa8
#$,1
6g'B&!
~|r?
!&/8
QZl u
,/J{
p]no
!mt 2d
MVOX3M<B
LtqY,
I!*=~
& WY
wX2oO
"D
G]eC
,]7"`XL
"3jAL
0e&VF
@W\I;
M Nd
piH\$
-'bm{
/R z3
1]@~
=:Ot
}{:>dW
b&[b
;*QwV
a~<
a"3N
N=0)x
U)=BY
9fxbZ
1Kv[
J`'@&
MessageBox
Se4
_)&
c']
Wgh_
r+2?
BJOs
owg(
N_NCNtN<NrN
}zz-
z0{>-
g&sZ
(*d3
qDef
]|)P} K
7-BL
uR,l
rO ]wp
NuNUN
=W4i
Z=5R
=3BU
"v 9g-Z6
|}8M
]>&r
_I|L!j
^^4F;r
e\qS
$sMD
~sJF
fhB0@
+}cv
T4R#
Z>10B
Pj<i
N-U&
MzBE
F\&_
%FB.
m&0
get_Assembly
}t-Rw
E}0|
&5Y,
&DM+
7YNvN=N>N[NDN
qG/$@
U0x'na
~/~~
Z. .
%YB>
|UeE
SBP_{Y&s
x11
7o&I
y"~L
HsH7
O w!
get_Message
!This program cannot be run in DOS mode. $
k %%h
y+jK
tzY3
F9|D
DF[emf"
8Q\8k
GLAa
=:C}
VUv\
w(FZ5^
kYSV
>!Vh:
+4{!
_PI}v2Eh
B1UZ
U8qg
6> p8
&ID{|
ZDUrf
n.Kf
R4GhY
h~yf
N`N N.N
fx{z
{{,f
u+J3
g!a$
modqR
{_<N?
s-YB
k\iXo
K3>uO
Kk \%-
%q@\#
#HzxM
(">xh
*}u?
55e
sSubK@
x~?R
kss"$g
N wri .;
.c4a^B
W.&%X
R`NJ k
#GUID
hO2q
BB5'L
(K6|
T<\Ko
[L&.
>GD~m4
B=UU
=V|'
PXn (
,GVZ
N!NSNSN
"`/7On
|]LULU
''Yd
rAP"
KQB)
txZ_} $
C:i
C4)K-"q
HX*
8IP|
p"^dU
@t~
6;gi
pLM%
SoB0#\&r9
TMf'B
:sxP9
KMZm
N*NONtNMN NLNLNoNyN
WeQn
8 x
|1hO
6>m/
Q08V
d2)X
System.Security.Cryptography
2'h?
Kj\g9
qS{;
7C_,K
~O4}
W4k5'TY
P.vX.<
<e i
!%wO=
[{"U]
RE:3
q_m?
<i6
NsNxN
f1;'
[pi_0
0lu>
hM\r
`6VG
BPg
M23t3
]r21}
dWZi0
`g,a
*F }z
w/TK
.&@\
+ b
*fu\
><x&
qT3h
AT.%
}"M3
2(D@TJ
Fhk$g
"su {-
g>CV}
zAT$
byT2P
LW2
iU &a9s
>)GYZ
<WZe
o(<M2rV
;O .
+2t)4
g^HD$
lyU_
NONkNQNSNzN
J*Hz
*m<H
-G9
^de\
({CD
>+b:
\Va"O
s!Ly
n ?[SE
TAy(W
lJc
dH Ri
ko|z
1.i
p2D|
$OvB%N
LVYJ
TC`[ .
9~d)
p6B(J
)#$/
bO>Y_
=-Q'
BrK~
:%Kp(}
pyU!{
lH/e
Sn m
J)<
^3]<
k0=B
Vj98:
FIB-
X=;;
Lz7&5P
X)zW
N3]">
(A>(_M
-Kve
J~}c
)P8K
?;+1:
aFt}
b*!/U"]
E6'P
1hU!
0W(K
'jhx
Zp>t
,m{[
yoY8_ ;
))-W
c@6G \
set_Key
(5}F
U>")
N\NHNRN
$ `*
dvau8
Xno&
^_X'Z
)2&k
RijndaelManaged
gB8+ '
P"duk
T6a@^?c
qC dC
HK7dR
2;&f;
GWT%
%<1B;
],c
bAC&
$&2E
jpH
H #!X
CrNSN{N3NLN
41go
Ej/.^
9[CJ
_uc
vC *c
f#$_
l_"B
KO'_
$`jDV8
sL-5
&d3b
)4\7j{
(o-M
}W)j
WwTt
jna@
I;6:
>V_+
CallType
Sx.6wm
_h u
lN'c
!#QA
NMNxN
kDaH;
{3ni
WLT.[
W ~ r#
.^LO
`OP
5]pv
ygc3
nW5Q&'n
cWR[
>L8b]Uu
]: [
EQFc
PQO6
QSRi7En
VEv:Ds2
IDATx
iMQaT
NDNIN
L 16
%7Z5
K'r.
9)W`
.45d
^G3Ot
Q b:,;
:"w)
1\hx
;AkL$
5rr=k=
Vrn
> |iw
3== +
I]cbx
.2L9J
+w~#
^aBF3m{
6L1
|9 3/>
^75$L
IEND
;;.j
<!`&
NxRh5m
Microsoft.VisualBasic
ugqL
B`c2
ov`Wd
5(f]
;< Z
{N 6
mXsV
@, S
#Z_i*
\8 /]$
`H$Iv
$;S
;2S__
'gis
5: d
wdaec
F<S 8H
TrC8t
FN $
BMky&]If
q?5S
ZlyX
Vd baz
M@")
g]%
x".[
[6\/
_l36V
@xhe<
3(2tW
O+0v/
MH8D
c86j
8Y=+
9r]!
Az\
5 <8:
o; /
W 3R
2^A
L@2/
{ l&
O~lsV
Ha9J
IXVC
AgJ=DS=z
s 7]s*
ds[V
We1pl
~ll8Q
qlWmx
iPx*
.Uq|x~+
nQlt
#`{zC
P a Ghm
pW8$~
,;IL
I#8
GMQv
&x a
xM>x
pxiQlD
6 $Q
yi6Z2b
Ynim
Rw`*
d/+E
hu.6
o.Mn(&
?;iU
F+%A
|F!
,A <
?CiJ
h .9Vw
jTEO
9 &*
^=|'M
=ik)
>"&M
?B?a:
); i
#U7!$P
7Faa
XTXeV
ikLa
`:t3
=T x
L|<D
OW,_
>HB`0
TM>!
]_C
N#NyN@N2N-N
Ni)
1b %
+` 7$Q
@J>T5
2?9pT
wjUr9>
hOf=
=H~"n?
9,b]^
Juc|
}~ Bf
hHD#]q
xD*5
^kpQ
*mCD
V7(nQ
+Du?2
w}@w
3yi(
Z@Fv6i
37Zs]
B6)@W
' 6C
<qZf
System.Resources
cQ` cJB
5#y0
M=FL
c(CTB
I|,97
` +%
!Y
}p 7
q@af
bIC+A,
]$+}
&+=kToR%T?
H:No
x9h!
P,:q`@
R'ww"J
L~m??
2[2/9b
v:K
._g
\}4Qn@
oyIW
:Onh
ZySw
01+EO]
>pOc
4>$T
b.k
~w`M
K~ 4u
(YBS
#_sW
58HV
|Rf
LqS]
Hs/v
lTsRo
Y_K_vp
?'Hi
TIh!
1YH
AifU/%
^=XS
%;s J*
8N%U
gA~z
[ !r
1PWAS
oa8= 0l
?'UWWj
m=>Q
[CTD
\s07
9iwy
=T@
p9&
F>$S
69>3
4V
Ku.dN
ap|4
h ig
ysko
)_ (
!Dds
'u2Y
b*Et
AhCyk`w
PGp?
osP`
<]6>
pUMM!P&i
APP!
G^7.="y
2,bF
Jad'
_CorExeMain
* OH
$X(V;C^%V
9a1s
K2iv
&A9g
N6w(
; 9S
N NCN2N
qK3 S
?|"3
q1=l'
F,zS
V^d\y
0}HBS
-;^%
'SCRf
N;N N
H#an9
?H%@g
m|}
{_3B
|\N[
?>tA
(?g-
[7PH
BI}B
OpL<
T2Y#
9I/J
?r!gL
ToArray
}vOo
NANsNZNaNxN
8l9M
tI_NWW
j1 "
UnverifiableCodeAttribute
pl*P
DbG'GP}
g^#}L
.^{K
a,7d`
RkyP
SgEh_
bY7t<ja
N_@c\
' TU
=mK{(
i> @I
X"`1Y#
>#(p
_ 4
XPA;V
#MZkj
k$u%
US1#
Ay7u
T,aK
oY96
GDQ!o
,b 0
+NZ,
}?T@mx|
'p~G
Bb:e
94+2
3 WXpP
T?y
VQxY
Load
Xq{lKx
8 \N
G+ :
#z.i
m^x7
3 q<
+TZD
H%#H
N,N|N]N
" eI
_t<-
tL<]
Jx$y
@tT_
zh]-
7&bGqQ~M
T)/=
B)l^x
^InV
3&9ul
3V'>I
]QMB
-f:*
3T[bv
Z"q2
i{tu
%MSr-
lrS&
]o6l
.GR/
EQ$|'
oC956
4{I5|
01$j
hS g
@>-a
M790F
B:iU
.d5q
&\ Y|
aC0#P7
YxH
a@Vk
h`RY
_y#|
[G N^2
{<\-
b5"
-Z['P
0`xW
+$-"
MW<$
Iqm-^
HL)~:
q)68 ;
&s^ LEc
'sz
?,C'
_d(dv
^K?Z
GEz.1?c
x>YU
t<e<^
r;AU
(\KU
D \Z
0Pcz
Hj`k
?(wR
Ib5DO
.p_F
K _F
;%qt
XOY}
mk ;N
|R}J
NNN`N4N+N3N!N
$ `
Object
1"% ,Fr
I% ~
"I*D
[:K-*
7| m
!~Rr
lC6V
8Qq?
!x:7\zE
'W qzO
%H?GH
ZGi6k
,Goqh*
[E;a
-4.8
/XG
iWAi
Z9"bC
/'. P
AF_`]
|&'[
i6R
G; t
wT!f
.v_2
v?96
;I$0@
):5zr
X[:X
x`{l
Hc[=}
`6qY
1"C/]
w Z}
gHg<
#GlCF|@
E6<}5
%9t4
Interaction
]z}-)0
Y &~=
,uDY
|gC6
@) u
wp
^ L:
HF^,o
[|C%
U# `
n(%H
(^INN
BNF)
TpwP
^3wZ
gb*eb
zEew^
9H[^\
LgN N
!dny
x54!
NZNuNzN
2w`fFcP
r{{Cr
g;:
&Z
bd>5
y'Vw
i ^l
'1:F
1&\[O>
EKa+
VI$I}
~ e
L}Q61kJ
]ZGd#9
<ZTXi
DEv%U
=t-_g
BF>$JK
m N
6y?Z==v
?(!_
rRuem
wZ^dA
e2U
@ ![Skd
axTS
N_NBN N
N NRN|NHN-NaNFN~N,NSNEN>N*N4NoN
CompilationRelaxationsAttribute
Q*W
M2!!O!
X <
Z!
pkwRFOMc
Dbd
QMfa
b6L,
r4%P%
T
8Wp+
2hN (
!O<)0
a7 kd
1 pgv
LN8XBfl
sY+E
ia;a=
'.)k
\H {
|cr2R<w
)f#
zy<8
&!:
fu=%
a ]b
t@jb
.n([t<W
`@v`C
Ah$"|s
fZy 1~
p44&
TkNN
-}.w
UrY
yAx?
YhP\\
fJY(
=a^QK
y'B2
++n|
SiJ#
cE+C
.7:/
w;Vonb'
6e[)
s %r
xF>
),4
Q{=Uh
Xj_1Q
Q_w2
OxBY
DnD|
JHp3
p10"7
k]Cz'#
$s4"
{TTxn
:9``Y
pcu2
(.ns
Aok}
6 3j
mb1EH5h|*
kiZJ,xaZ
['Tl/
Gw M
EAPm
25_,
_
System.Threading
mK[7
7[1G8
nhiN
6mN4
n<h@
0RvD
l%dc@
fR80
vB@{y
>XR(
foHj
NsNtN0N]N
8xv`
tgyF
6%M6
cjrng
Gr F
H99P`
FV<CV
Nz3f
cpGh
NXC7
:aP=
K$^x
P= D
O-}CfFJGEdO
EdVFc
kxcG9
kMJ.
5_iI1
`d{c3
/1& l w>`
6#o#
<L\#Q
#:CC]#
<@_a
8*>^S
wf8PR"
MGl]Z
wZmO
FaY9
j.dG
H1p%
. /&u
XKZ Q
&]'[#
js}.5
6inJ
`3c|eJ
(OKX
\[W
tjgW
)EFn
2kBy
s )l
h&thF
S+ V
`N;~
||UO
!w
<DAKC
UY;-
EFL2
eh"U
6hF&
JJ '
D^ iA
=E~@
0g'h
]O9i
G`O*
|jO
i!$D-
v]|#&y|7
wL%r
gq\]&r
hVbq
J4K
A2a74
'@}1
^LQ(
pe M
x15`
b{a9
<O(Du/
Eotwg
wFo N/V
Frqk
vHS("
4] EHnH
|qLHt
R8(\
A3be
Xy}
o+Gb
GRGO
9-@JO
YEGC
`2H-
Ks_w
E@S7
=Zx2
FfL]"$
ylDy
Ft =
pZ6,
pQv
8.<hp
PW^Q
/U09
Tf/
SD?K
!OZ_
~.13:M
6wN$/
%{BRij
7l#
1js.
c dw
A 3Z
8&!8-/x
S1Bd
t6"U6
&.<[]
NRNQN%N
jzjQc"
FZBO}
{I`a
nn3xT
8p \<
=SR;
zz S
R] "
I`R|
,f2,
ej F
*eUQH
&k|?
>t$N
YW:m
9{/<
[54j
A~+|
z4,
O$ ]
Wy->
Fz OA
b'PH
n0cU
:3&`
uy%0b
}^gl
hS>D
&|LV
Exception
sl}Y3
3GMD
x4:H
?'wN
q8:%P,=e-z
Rn0 soA
{hIL
c0*(
b7K|
GHEU?
V )3p
a" M
K2>qp
UM)o(
N/N N2N
r82W
$)Jn
YG&d
mk.+
99|
\rJh_7
6&\f
,h6W4
' l
%{?-W
GetTypeFromHandle
A,.<><
qo%K
Mf7e
FP{y|;
D;L~
/A& >
da|S
SymmetricAlgorithm
QsSq
BZxg
,}R8
YwE
EdjF B
`<E"
f-#!
.$T<
%6+@
&'hE 6
r^`F
jEtS<
%A@|
^I/v
1S a #{
n-MG>j
lB0(
+1/%s
Ld?8
NvN%NIN8NMN?NPNXN[NQNmN
X vr
0L.o
Fmy}Y
CP18
5uE;%aJ
%s I
XuwC
[+n~
*0}_
\?;O
<y{r
=$3.v
%:0p:3~
%w&lQ
Y3J3
++a1
H+[(
=kI
EVc
GK\$
:iRju
Aa?&
" e6O
sx>l-i
;ZY1
*&b?
b|Wo 1}
UL{)
w37SDj
H 8z
u{fJ
B #)M
0n0)4
Xp }
V83
|ieN
qW6J
v<12=
#s:Ty
`i^.
wXD;
Yw3Tw
I9kK
dr#K=x
P;;z5
a.$c
ES9s
K8h\
1a /
Y6bOo
[X5W)
}"
t%hO
\4q4
k%*#"Kaw
N N+N
A!~-
NRN NmNRN
)podf
$K"Ya+W
hzW:
N{y4#e6:
u1C5
,s:[U DW
.5I:k
~ON
2mM(
uc=F
NgN N
9M=u
Uwc_lE>K.7
4je|`
d^st
N>xZg
g^j$
-Z+R
[jFp
\L a
G9?
,#L't#fo
;vP$
r`d n
vJim+
<iH
)HOF>
8af |
UCz;
3 vGQ
Tb~kR
O2P4x
<I4l<
A !
8-U]
[mV
sP*'?a
KiYH
1lE /
&ppt
KX?{
]l3T
t-^4
Rs3M:mr
v )
hum\#
Ct
U<51kI_>
>m)i
?a{c
TransformFinalBlock
?jm
d2'**
}9.2
QDd#Cs3C
9q=
59s9
PHo.
_/IX
=zZ7
tyDC
O^ 5
k3 m
>diM
Nv_2
C j}3
}h86
`W'\
k,n_
w!-lI
&&rJ
1n4
uHEm
Wf75
"D>j
u-kA
aV]2gu>
Z~%YeWCz
p`q9
qrq.
rNXO
KJ$T
GP6J
*Z~&7
K^> 7g
REvN
qmj7
bmAPO
NzN NBNRN
{uwCT`
wgyt%oY
z5DTf
"uZi G
y{^ f
,^ $R
:QAA
]`>a
1--~
wsu3
]}fz
(I''*sf
tk7:
OGY:
&DNy?
r#hp
TnjC
"|^2PP
J N0NAN
[:wH,
X7]<
) g
FLh*j
Sm%O.
p. 9
|qP}
x/ j
x[r"
=gJLC 6
Dxp!
%T@-CC
^AJz
:}=H~e
PUK^
NIN!N\NEN*N3NbN6NzN<NbN|N}N_N
o(zA
y+h c
h%e.
JwN[\
\(jI
EyW^
z664
~GaM
wIg ?
27eN
l)-Vb
4uDR
)|j$
KR!2
D`HG
\rtJ
fnH:
Xx*%c
D}@Q
v3&U
MsfW
59e#y
O^Q(
19s<
%hHn
AO5^O
69w9
5{uY!
uz9S
1_z7
s'g'q
Nr)DLq
= :b
+H^/
XA/>
~8eE
%M*I
zE42)
E?\
Di|P
N5N2NhN6N(NlN
|huV
LPvH
;uG3E
#v`
* Ki
RB4-G
>188
U3>J
p&mh
n-P a
% GA
d#Ks
Kj{kk
)z#l
& $b (X
N2L0+=nVos QU
P&y#
FD7
j k=
i vi
K N0NAN
W~.`S
7)Y--
]v<>
Ml-
)Caq
S%$l
VFL4
bl?Rb
N%N\NpN=NgNINXN
ce 5
Qgxc7
}6sIx
Thread
`BxY
kJ)T
f D7
}.h#
vxH] <C
g 9Z
XnQ>
jo!f
:tsfOv|/^
yJz
JTxo
9*@pr
bp<c
no/e
%sP&o
MaIL O^
w0ILNc
0Wy+
aQr&e[
KXFn
1ul^g
NGD<
()w^A
3EN<NlNzN
payments
b+NI
V@u|]
W|Z|2
VD3z%
o /A
Us@Nb
IEnumerable`1
>-C@
f X)o
g2*Vf;
enu/
K1([
eph2o(4K
G B(N
$nrL
?&Mh$
]a^i
E*M9
K T0z
mB}t
<~p&
gpbj
|H_.
=CO37
:pRX1<;
&c=oy
|>6FK
r-nv61I"
Rm022N
P( 1
z2sn
W` oi
IO[D
z\v1
<;f!
io0Vzx6
YKZ2L>
.`H
^DQs
6Ay=?0
<bYT
P6!D
Fc)D'
|ohN
ZP5W)
}qU2
( U>
kXQl
YfA #]>h
gZ8q
o:Yc-
W#MW
rw3I
[#ZR
]z]G-
dz1)
rc-%
}6J-EO
Y_Wz
q;&
#z$:V|
Cu[G
bi]D
{ S&
#9xJ
|},6
E{:*
K^,~|
mscoree.dll
XZr)
b|Sw
\ iW
q!J=
G%| 33
W+SIv
lb,)
L/\tU+
$#p+wh{
I(N'N NHN@NxN:N!N`NjN
Pv r
4k0 X
6[ 6
y 5
H3IG[
{M-_
{lVh'QOM
$YYF
~\ =
LwqH
System.Collections.Generic
#(Gl
._cp
CallByName
0\sc
k *
a)Iw6
U{d3.
, t3U
1\6h
`:2
V*oR5
eNQG
NRN"N
a"bg
y MB
5>z
PH6W
U[fV
w"G<
,pNDS
';~l
u|4F
UxVZ
u:~aj
=4+)0
UFES
2L^
AddRange
@9t{
51o(J8
:jIo
3e6wHq
Yrr(
CF,&b@IP
sRzx
DV)_
,3G2I
Si)}
hM<^
hn)q
a)>a3
$*H|
,U$i{
&wgC
Q {t6b3
%TK)
dk \Y
c|yP
p2n"?/|
3Nw8
Qv1q
CE8B
sjoH
o&w|
Q+ q;
k}ZS
2X1
k!GP
;5 '
@<NN
&h,]d^
6m&!-
Zz9 G>
4({}q
&%Cy
uDPZ]
Sleep
i c%d
g>$2
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2017-07-14 13:35:58 2017-07-14 13:38:48 170

5 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2017-07-14 13:35:58 2017-07-14 13:38:48 170

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\payments.exe.config
C:\Users\Seven01\AppData\Local\Temp\payments.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\payments.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\payments.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\payments.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\payments.resources\payments.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\payments.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\payments.resources\payments.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\payments.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\payments.resources\payments.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\payments.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\payments.resources\payments.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xmidp.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2072.13268718
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2072.13268718
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2072.13268750
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xmidp.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xmidp.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xmidp.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\payments.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\payments.resources\payments.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\payments.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\payments.resources\payments.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\payments.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\payments.resources\payments.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\payments.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\payments.resources\payments.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2240.13270812
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2240.13270828
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2240.13270828
C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\payments.exe.config
C:\Users\Seven01\AppData\Local\Temp\payments.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xmidp.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xmidp.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\SysWOW64\ntdll.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xmidp.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\payments.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2072.13268718
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2072.13268718
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2072.13268750
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2240.13270812
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2240.13270828
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2240.13270828

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\payments.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\766fae6d\3989946d
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\17719904\1e7b95ea
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|payments.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|payments.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|payments.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\17719904\3a8f694f
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xmidp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|xmidp.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|xmidp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|xmidp.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xcds
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\xcds

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index149\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xcds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\xcds

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xcds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\xcds

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.VirtualProtect
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.VirtualAllocEx
ntdll.dll.NtGetContextThread
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
ntdll.dll.NtSetContextThread
kernel32.dll.Wow64SetThreadContext
ntdll.dll.NtProtectVirtualMemory
ntdll.dll.NtWriteVirtualMemory
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtTerminateProcess
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.GetModuleFileNameW
shfolder.dll.SHGetFolderPathW
kernel32.dll.MoveFileW
kernel32.dll.LocalAlloc
kernel32.dll.RtlMoveMemory
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
kernel32.dll.LocalFree
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
advapi32.dll.RegSetValueExW
kernel32.dll.CreateProcessW

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xmidp.exe 
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xmidp.exe "

Started Services

Nothing to display

Created Services

Nothing to display