MalScore
100/100

TTcopy.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 11/62 Related 2252
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 314.00 KB (321536 bytes)
Compile time: 2017-07-12 02:24:34
MD5: b2dbb79ba3acc9f5f037b1a3a68810ca
SHA1: b6518fb5641178c37bd0e4473757292e403a5e56
SHA256: 112a5091da15ccf51070204c59f9f4346b11b75e07d6ee718cb798cccac65e3e
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-07-14 13:45:02
Last submission: 2017-07-14 13:45:02
Filename detected: - TTcopy.exe (1)
URL file hosting
hXXp://gulfseoagency.com/new/hn/TTcopy.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-07-14 08:26:15 [11/62] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x485e4 296448 acb22c735c2b87b573a69b78f312ddd6 5d4bf105d668431f6e45123bae5b996c17286a02
.rsrc 0x4c000 0x5ab8 23552 e697665de6690cd9f3019ddd3e19f54e 8543624c4b9e2ce3bb76250ec3da388cffec4de3
.reloc 0x52000 0xc 512 beff2dd6093c963c67af3b15bc33585b e8927c4fef508fb34ee9a03967f2f8a05d514d23
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x513b8 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x51820 62 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x51860 600 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: (C) 2016 philandro Software GmbH
ProductVersion: 3.3
CompanyName: philandro Software GmbH
FileVersion: 3.3.1.0
FileDescription: AnyDesk
Translation: 0x0000 0x04e4
ProductName: AnyDesk
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
VarFileInfo
3.3
040904E4
System.Security.Cryptography.RijndaelManaged
Invoke
TransformFinalBlock
philandro Software GmbH
Key
StringFileInfo
Translation
(C) 2016 philandro Software GmbH
FileVersion
VS_VERSION_INFO
ProductVersion
FileDescription
3.3.1.0
LegalCopyright
obj
parameters
AnyDesk
CompanyName
ProductName
EntryPoint
EBM9
(cn
5?_<
JDg9
Hx+#9yMP;
S:l&
CYVx
0H^
ldx4`
)+N}C
O`ix
>NoJ
rw
1gbc
N NvN
e]r/9w
7{E;
Z]`l
*'M3
Hs|MRT
<`m_
6:aji&
o Y)
qYKJ
X 8
Wqf_
fY1#
`bVUS
C7_4
$KtYv]
$P>*uT"0
k!= 5g
'qha!
)YP"
4Q4r
RBn#\[?
O"YJ
i0JV
3CYU
H{0Z
$oF>
+_(OT
NUNtNcNgN NoNuN
O_p(
&rS^
4(ox
DmVfH
U;eC
I+m
'[y3
Wy.nZG
otS]sr
{ ,y
^A`3-_
bc&,7g
GHC&z`
-WgC
xPL+
VO^|Bt
:[`0
zhG#ylDCE(G5
Fm[z
fw,#
U/1H
sHGK
|G :
,a9
'D9m
a6(a0
Rr k
[@f`
(i3m
s{U V
wj>:
lJV\
SVRt
v?q
`\42U|
!UM}
m ru
wp|b.V,I
Qv%
System
J'vP( P
UOZ;
bra
a'8:{
:&f^'
>^]X
s<8[O
n5=W
G?7K
q>PY
r><Q
8/YHj(?
A,u
D^U
2u{\k
BYwU`
UtXH
ZK!f
B&|
@[S-
NxNcNiN N5N
' 7?
c/ $
[Sj:
^T'Q, eST6
]~tW
6~#`
Y[7S
V aD3
1&Bqy
Y,IYw
/l_b
F@P"
Jn,%
NzNyN N8N}NEN?N)NHN
/Q)+
%>Hl
(WbX_
WNP?p
]G>
n!D
iO V
79f|
w-/<
WX:e@D
oo1
6}(-
C~yVz
(kN5N
NTA
h2x
gAi%
rf+4
&>Rd
wU$S
<g-|
IrB(
SMFF
GJ?i
_g?:
51Ij|
1;7g
H**
<n9X
vL{O
Y 2<
0c)N
h>.&
&)=&
y)WQkI
u'"p
_!,
+ [3}2
#7V
ge+g
'%IZ
Go!36
oBuu
.C!P
7Fy
W:A
w+O:G
> X4
&]w?
E"f'
gVW|
U>at'N
\!:d-h
EW|U
o1Sa
"GZ$n^
Z0hf
\FZ3u
6yipo7V
AH7^
"O#>}
\BG+
I0.lG
jA4{
+"Y1
d>E;
J(]S
~!QU
System.Security
}tvJ
(n:X
}M3f
6}Y>
Z65+
jbeaj
3f
EnLr
Io'
PMy+"Z
List`1
pH[B2
l:{
o4Ky
CnN3NHN=N N
`3KD
8M7[
Fgw$
t6t~
PG "
\VQ44
95B4ah
y? O
Mb|.,t
`]{nC;
get_Assembly
PADPADP
Tw]#n
U%@A
3y;x U
CHPJ
Ph7A
?.Am-H`
`O|j
_*Pe
@I"*
d,F_
?eZe
~npm
$(yV
}^d
;H-E
nb8S
Ce$>
yeSxg
U_7^I
!oD
+G(
> {y
cq)C
GASWm
AQ%Uf
N(qL
a@#\l
n#Nj
YN0
UnverifiableCodeAttribute
$9 eT
,1NL
) 94y-
'[_ e
_P54
Yw+^
eZC
NdN NANMN!NINZN
v;YW(
K 9Go
Z1r
pY__
Y`g\W
{Ws[
:I{bg
#Blob
od)
5s NK
Cm7>!!
TM &V
NlN*N%^
8zFTI >
:3lT
hI#i
NANkN`N'N N
vMA!
a^ 1
^L.
k1Ic
$~pY
>X3k
*9^1
w"(me
arHc
MWLJ
rI5g
Type
'GLW
A~+|
:X +
-],
Jfil/
lm:E0H
@Yl
%~IG
KYk+G
.nc7l4AY
:%E]
CYnB
&4Bt
w@ Ma
TUoi8
2.~TD
J6@>
@]m>k X
!0Za
fw=X
4V5N
W^`Y
iLh3
r`csiQC]
RV2Q
'Z@w
-Bt %
Pqt7
t5jIpE
-I=[
(~j#
"I~<
4U<R
]J:'
=(gM
PROW
;hlj:Y
h]d
xI#j
KyZx^
96{s
>\%t
zAcx
eP u
p#F
d`!w
4}IP
ecex
11OuVp
l; e
Aa?&
(Q<]
<,B
get_Name
BBQ~
String
x-fU
5Ze#
@Lp`
QUCkC-
WVa7m
{Bv^
~="8+R
Y@0?41f
#y]2>
3o;(
_g9-GS
vgDL
oeamz5
q4)}
VPu}
7vpn
;c~r<x
FC=S
89;b
9~
{N.<
J<,X
qCM5
B?lX
|b[C
NRNjN<N(NwN.N N_N
1b7%
Qh>Z
a )2;t
:32"Yf
Ab[p
xD"(
T )E
b$n\
27Q1
U~63
Bn f
f+$-
NFNcNxN_N NDN
V|*02
AOq)3-
eIbM
}qP NP
Hf2Gn Up@
FK%46
d*sw4
HJsV@h
Y 7<?C
|Xg7
QRPH
ittRT
Pwr2
k73j
.text
])n}
NRNXNgNENiNANfN N~N3N
.$q@
' %`x
1Gb==oXX
jV01
E'p
+Nls&
kw o
Xn C
y5be
ar<o
#%%x
5PiH
Ssx7
NqNGN\ND
6yN_
9 >E8d$
fqj'
U!GwL<$
JSurp~
*(;"S
r8fU
)#Bc
0&6c
3Km
'qT^&
g}#
l~^uB
MH\\;M
?P.ZI
SkipVerification
}Ge/
y3FX
p% B
OSTu
!vP80t
4u Q
D-/e
b,e3
fB).
T:?
N3/"
V{Z6'
;Z@ON+
JZs 3
m*k w_
dnHM|G
%.J@
NkN^NkN1N
Otq
I(
X#$ n\y
FEOs
v]0r
S0t=bN?
f##A
N8+e
]ouZ
ve}Dq w
n%snn
f|`!
`E{^~K2
6hvB
Z mD
1>eg
qr!dD)
u'FFj
BOs0
D'gx
#. MLoLa
R]c P\
O?"<Lh}/t
29PIH"
}b$.,
+ k
.L^~
l#8RhA
[8 ]
;0"6
[?'Cno4
`.rsrc
Ib3!
Br(k
h",T
/v O
1@ -
tC7KyH+
^;[z
ukI,3}Rp
!$IZ
$9W+
g W5
pg@8
6K
Q)~ `
&Rf6of\
vkGH
X5sM'
Snp p 3
{yYa
SZb?8
ro-J
Wwm=kl
zpAOR6`
N=NAN|NLN+N]NJN8N
wuc5
/Je&
lLpG:7/dj
m^rY
[C~"\
ZM\O
t D(
eeH;
'8Hv
djYP?"t
=c!Q
e%z,
U Hq
q-m
uEVz)?M
[>SQ
cw3"
52"{/
I:o9
7Ga
Pd'u
bXC?
)$OT
QZY*
Km P$
WcU@
:QLe
L7~B
,s y
.8~js6
=qdW$
M](V
@YS
)"NANTNeN
m]M
.dhn
iOyF
eVRM%"c
Vw%I
\ zH 'H
Q2GC4
0Gf
?@6%
clSt
Y,j?
Y~ U
p?o%
uk7=
Aj7&d__
MUA5
+j6O V
e 9@
(@dZ
I m
k+V@
JM i \5
} Rl
>!3[;
Mup]
j.EW
B@NqNWNdNxNONUNrN
ksP
pqP5P
[CBa
_v js
qLd"F
v {?
LY404
T9F y
C' "{<27
Y'NBIg6'
Giy=
#Td-
t4Y* r'
/y{9L
X%K9u
X,B
"mIgw
.i$0|_
^|Vj"
NYNRNrNPNcNqN%N
& Bd
_5e.
Xc/%6
,tm3
hzAV
}OvU
S:)(
2Po~
q0:X|U
$n6OJ
<1 ))9
K.Ro
R z<
P@.=O
'1=]"<
).9 p
anZi
,_-7
kk`b5|
~#$&
Iz 9
}Iz <}
V,O?
System.Windows.Forms
&"\8
nRH>
Y I(t:
pl<#
iGVk
Vfao
AZP7
| -g
9760
RmA'
}qj3A
3q`Xb
K"6c
eDnwp
LS QM
{W_]
pnqR
.;V!
WrapNonExceptionThrows
cYo!y
VuRU
YBKA
3 -I
y9;D 4
crZ_
{2$x
[uIU
mP)U
T-hU
RQPj
*@Ld
z Vg
Tx9P
8lb+Clo
TIKLBiB 7
Q-bc4x[-
6A&8
80n`
_3<|
pXpe0-*.8
~hFJ
y @~
|BF
8Ekd
N9NgNkN8NJN
eu2W
9(d*
!A,4
O|RH
*hi
v2~*LW
+"e/
M|Q,@,U
D>Oeu
B(pz
]#x]
"2K!
4DJ`0
WTv's
IHDR
F9"x
ce2 K<BQxQ
wO+'
Q7@>
0<
8(Co
h0EvI[
{#M Y
+E9Z&
XUBTV
ixGa
4w T
a"=v
+6;J
Ts ]
?sAz
6Q4C
{8x.
V8N1}:
46#sg
LP~c
N N N$NtNaN
__LJ
pF[*yz`)
U<px
*_I%
cX*'
d+dA
GWMa&
~S]
<hVk
g?N)
lG)
6o B~
5:m5
ik40
[x3&
ztTq
3Dg
yNvK
NdNJNBN+NlN$NxNyNDNCN)NyN N
NVNXN+N&NjN7N N"N.NYNFNBNMNyN1N@NtN{N
@0?B
BleY
bF`<
I>`{
04lJ
^J2Td
Ina]j
#o|r1
L2)?
'F&B&
#Strings
~n`p
k)
M0C>
u~`$
ZPu=48
p6*:
H634o
bwl&
%^+/
6El
v?5
^Q@Ku
"zikX
;VKu
w]~J
@N#P
vk)B
LhQ
t7e9n
6zxA
;g ~
@IN NmNVN
CWdZ
Ic/;
S3?
l/}
TDTG
%U8<
7w7\#
'PR27
vQ%Ad
& v.
xL^R
6AL)cT
`KTx
PLz*
=J224
3=Z7}
I!%
)3bg
4Gkx
sIil
Q$_^
76pI
(Jmb
EK[[
jP^f
LAF&i
W}K
GetType
ffUQV
jws#DYE
~u%tr
p0_O
5'D!S
$y\V
wO;GgE
; +r
zeni
a>Ft
Y Y*j
,Wv/
M #|
_}4o
,h8qR
=$ OA
<XkU
mPw
7@{Z
I{dylu
;X<z
CGh
Ok fL>W
W5}
Aq1j(
NNNaN N~N_N:N1N|NPN
NmN^N|N
/]|)
Ik)Yj
Dq:KyJ
Ku:iT
m7} [
O(DeM
HqvM_H!r5
^KLA
"d{
>,>#
J|Y/
hr~,6
UNoV:
0!i
xMZ/.`
jpri
K0N9NSNbN N&NiN
[i<]
p`Yy
~[M"
!Rz
z:3X
ht)W
;wl
A@R/
39u@
4| 9
C_c
bq l
Esx
gFQ0N]?
YSqi
NA@F
br^"@
hOi(j
"W$T
_n@-Rt
~oWv j
~X>
`:TTU1W
_> z%S
iU2
fWET
_psZGDF
J:]@
_9bY
VfO~`h
A z.!
TcK9
D%?
_.
r FK7
8f"c3
4]a
,)#d
/P?2
_:6t
9SPEg6
Vs4c
hle\
@.reloc
x` ,
ZS)zNJ{
Cs%A
XTMZg*I2
o<X_
#vJ`
~2jp
R_ Bz9Th)Rq
HSqR
$@KN
)~^X
ZVQ a
#TH89
~~X
=04P
a@.+
bx66M,
drxjc
Fn?jb
B'm]-
IF7+
5DB,
/:I@G.y
v2)T
+FKI
om "n
"ZWP
?'NZ
EfTX
WoUa
k6=;}O
m:;P2
+r9
|`
Vw[#<
&f',
HQ|Ei
ogy
nnd^
Id _B
Eby2
y(i+ V?
o3^d
%*-o
bpQxpPS
wUTX
D>(-
%OZ<
20c
`94
vWT?
~\ME
f@U/
^q D
ZICc
xxt!
3s>.
SUHJ"
1>:$
!Fr [K
DS>U
h^L-
(?g-
f&,H
6JR"bZ
QSf)
-;N
]`ym>=
*n!
/Pvn
!UW 4
,z6@ r
N Gy
"]E|\a
=@
) dN
Y!9DsPi
&B s
qxaI
ByYC
Mn@y
pxR9
VxcL
FSgGt
_e{
bMt!
?4L~
?O//
i?$~
^ec[
L"]/
oO*
6y A
7vOi
fo3YF
Y:((
WjC
j+%U
>=$^D
n>yX
/fhK
$IkrH
[z
F~f_
tqS\0
.o^W
aAdt!dD
NXN N
Ut;N
_Y7~ci
Y1St
C@NqNWNdNxNONUNrN
tTAO0;
U 'NAo
.v'<T&l
\%hW.TH
sj9t
e rP
pnV2 Y
.&w+
\ed;
wd: 46
A/V's
2:tt
/ ZB<
@D$Z
hP.l
P?vp(I
t07]x
~&;{
P *9
w6 f
d3izB
&c@j
um9&H@/
tqmN)
alZ+
aJN%
%H6' G
3SUe
BnN3NHN=N N
3lE 1~
PZVDr
G I
\F1^
03>R
!OiG\
gh`@
;I2>.
"MlJ
|wIb
f~Kr)
QS<;
a!9I
yfs
N%NaN
b_ P
{0mu
N^T^
S) q
TQ3^
e\wFh
[;OTTX\
f}e"d`q
c\R'K
&}FU
_yf#*
67@1QK
y>s3
v [q
,h@q/
'Ye9
o+*,
}/{~
(`^w
X r,/
2HMEY
ejn
d%tg
`%3A
6 7.
Ik$+
os'm
qQS>
>&$
N>NuNQN<NB
"s%F
\(*j2/
"i72
N`N N(NuN8N
mF Uv
u(kh8
S:+~
_Lly
QE ^
6O~L
t(Q
IGSy
9^E!
+\4_
\$vE
t=:;
P%c+
`4a)
M#Z{
6|S&AZ
{QEi
dx1
v%Q<UM
8 9^
~LU/
EXO
gi`
dZc%~x$qDi
cZ}C
ZkGg
6My)
0|0s
<D]Hd
k ^bNWQ
aM@t
,`^]
d}.&
Ns#J
`>"V
,)E?
U/tk&A
n#J"U
P9PB(
&0:#a
Zu!|
~'l<
NAs(
1T5t
/da[
N_@c\
oD*%1
3a=_
P0K8
]F&e
5T c
LateGet
Y 29
._lY
j8}<0
Hk k
E>#2J
xgW@
NlN*N
SZx
Dm$u
C3~
Jmo
[eAO3
r-~*
MemberInfo
kER
ydL8\
(b,)
fM}J
<BM]
N A_qQ
l~E6~
jgOWK
yu_al
lVV"
pP?^
;xVlM
:;gf
3r M
d+8[
aGNQ
n]"
Sn05ip
~ <#T
LateBinding
~Xgr
;QW
,tz9
E4E\
ZtP{
xt<t
cvwqP
_pUy
Tz?!
@@Ze
X^6/
~hRz
IEnumerable`1
~p9g
f!F
MWw,S
MC5Q
Z[Yi
Z) J
2x%81
JKP$
iL+ ic @ij
-M~ 2
.ctor
"RB,'
_Ju
\ bl
2ouf
oY
l~>
s~0L{,
YKiYi M
?"L&
lC0G))6
$>$SnN
mscoree.dll
WU ]y
1~`9
Seaw
v6J0M=
M0?'
8VF?
| eL
PLFv
@#)kR
@~3F
<"J=6
Bq.;
\9J|
? ]N
(G}eZ~
DS@y
rW5!
*&TTS`yr
W,pK
'-<h
T Wy
>aqV
o^3"
Y-\:
f1WeD
>^Z'
8 D+<
[+fY
N~N%N5N^NmNWN"N
VQqM0
`+-v
&YQz
5B%C
>j1_
tMin
]u9.f
Ccp
zil
S:6_
dQ1R
zt@D
35w1
' ,EqJ'
ezE.k
V^;;
p8c&
:Qu92A
kL{*!
qDD?
)N#"<
*pG)
wB.&
!,#!%
NeN$N
CdY Gq
J&'Z ^p
4]@M
KP _
/V]v
x f\
78TV
O(O "]
^)up\
G*|g
4!6u_z6
#{Toy
O`O4
DF 9|
H~}w %
&aYI
|`)U
f`hq
ebJ(;
1f1G
cn {
^+W2
54jj9
?^FwU
kyh1
L` @
]ys$
%Tj2*
&cG_
h`]s
o=u!
Wo|M
3yU
/WKOT
i ns
T-I<
6mN4
7X_P!
(L*tZ
~g:$
b\6g
WG)~3R.
6m\f
O^/P
ng`K
7^W.m
'{@o
5("R
<AGn3
.YQ9
<*cg
ENjt
Jj;?
nI l
(TYZu
FV7p[
@~3E
FEo'
MessageBox
2 kL
[#DQW
q78R
# 5c
(/2b${
bv'p
$ xc
uiSuB
3/"x
=FLn]
Xn <
N|NfN N1NQN N2N
qc0cZ{,~
JE~.
*<lh
m|>'
}y)@
GjWj
\>8MM
-.ON
}s+
w*/f
m$DY
&LFM U
'5w)C
.wj8k
_L^F
xu w3 @
q]rk
D W'
otaRFr
F*5u
,RhJ
~N5L
my:PMDh
!p5)sM
[P,=h
%*+*
NN_^
W,Sx
+($7Hh
RuntimeCompatibilityAttribute
%Bdu
"geo
}$=?
Q]G
Assembly
Gq'wb
.resources
6n} "SJ
NCNFN[N(N{N`N
K~05
Microsoft.VisualBasic.CompilerServices
`C3K2
3m Z
1S/u
~L%l
iU*yM
()R"B
l@"H
|M)#
\5Ik
S%"y{O
P"y=
*9^t4
m_ ]N
jcDO|
M5 ]'
~36sph^
S^o+
ILz}N
~q +
NZW`
-oLVLB
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
T fu0/
&!!5
dX H
2EW,7
52+%L
0 hp
<j3Za
A,*
s'VI
$ J`
tQAU=
Oc [
Activator
wZ%)p
dvTN
3@s{x Oa
G9oj
&{2`
bt Q
/y0"
* (x4En
!}z
zjCFP*#
316. %
k!D ^
9]Y=h
1J }
eX&*=]
M EXS
2<0$
)RZ=+b
1zFk
("g*
zl*X
.:N"NSN-N3NIN&N
U2*(Y@
7F|gw
i +4
J7'sGO
JV}Ca
$m-{ m@
Y;t
vMGv eV
IvG-
|$FL
|0_AX8
. iZ
J~}c
[5Yj
DhSK_) ;{
EReg
>188
V- wZ
Qa5,
b@5*
8a;^
G1/8Q
] Hq/Z
N>NuNQN<N
rWj7qn
~HjL!
QDC4
RHMLq
N%NBN@NeN+N<N9N/N>N
x=:Z
+ely:
vZ.
ZR3'%
N>NoN%N
N3o?V
~'E(
G]>-
v)EW(
:tw
Jqds}
x #{NW?
+mmR
Fu `6
1}\k
3WB
l &O
JAg z7
F,)c
7\p-
L, K
3I)CUhzR
6i,1;
qP:_*
)igI
RG43
ufN]
?%god
0K$
<Qh]
5On ,
h^HMhT
S8`~
Iv5F
Yr3Z
Dv.)f
AYr+
-*uup
FIjh
m-5{
7o.z[
p"1;
f,.=
Eg;+
Show
FbCh6Xv>U
N,%K
Y,OM
:J,i
.p9/
^Z p
.>$X
i7/ J
-jAa
k.JE
rJN0
i2x
|^Qt;zjqM
l*0*O
([!
Qs".
xm9k
}6f8
+x4M
0>e:z
~2Mw
T7k05~
U9hK
5&NH
DC;#
p Jc
}k)^
oVOp
X* e
(h24
~O=1:
t4sC<
Ok\dS
l.d:uAc
n=@U
uh.Z
NVNhNtNyNONjN@NaNRN
n#kv
ng,
b =/
V 5-
4X*|
FM2k
hwP'&
p'S7
J/VY
h(E!k
X[ D
O) A
Hft4
kT *}
HK<?w
/ u7
!:FE
,zVk
cYaS*
zckS
Y&*4
^2|q
<$_O?
OaKI
NVM-
GNJwn
pOH?
2vNCN;N
{]q\
?*-i+-b
=+}k>
:eWk
4Mo
b7<0
3)*)
lqua
%;ZUl
e$6"
$;O?
A \4 C
\D$"Zn
oyt5HW
1 i<5
^HF:
.-S6Ey
Q5J9
ESzx
],aC
G':z?DL5
O/6,n
p@Ez"xo
T-^G
7 ]>
4Odw
_[B:
yQ!{
wT30
|>P-
_"fIj<
{@*@
xxx3Ra
}>Q
KmHYi
nH@3
;.$H
wTZK}k
x 3k
^^?H21
{r~V
YVmoMT
X K]'C
%KhLD5
O!JM
n1H "
m62b
znf1J
3 X
-=Uz
ix|wl
,2N.
BSJB
C@-yO
!|H'C[t
v0z?
8@8&
mtO[j
D<tN
G]xO
ZM%)
nE\+p
#,@9X27\,
f>& -
[ 1@
A'h3
1*u
y& >
x@RD
w().
uS "
qq*c
!rMk3
ur $
-NwJ
QaM>
^Y,
h9 g
!u0]
?(Z
}wD^
Ev) bD<*
qE<g
sv S
$GN4
3YAX
^~q3
NK'i
B
bEj)
13XAtz
u$g.
U qFo
r< G
qGXp:
+gkc
3vNCN;N
Q|4a
"uA\
JKN&
pOZc
]1cc!F
jG S
n$>Vl
%Mdf
N(N$N
RmWLpz
V Xn
6|x%
(<Zul
]w8zQ
+F=2
gSGT
*r*-
S+ba
vily
L;:#?
N~N$N
I6X9
lg{P
*Z(??
y?Csi
{no4
S}_Z
Op@-
Q+RyM
G 0F>+
mscorlib
@Ws;Jw
@1yYC
V^Gc
H%&@
~ -:
b?DSE
3j`7
f;6E
M,I;
Xto_
SaOB
.6(fHM
cZq/ds
Mfu1
K"NGN,NEN
?*Qc
SXr+
_q!t
/PU"
N{NCNeN>NPN
U;7N
|AzO
<5S6r
0n)'6
;GSy
aq3:
arnV~
"1b]G
*|]j
)O.!
.,YH
li<'
IQ_S
GetProperties
Join
\j N
*TEo
System.Reflection
7(S=@or
s:TA
]xz7B
:\%.
N(NRNdN
RuntimeTypeHandle
::\97
]*yq
K'JF
&Ri`
dzXB!
/:N"NSN-N3NIN&N
:c ?
`?_3]
_><s
eg/+
~#Z;
X<UR
4[0d
NF5
0U5&H
`j(<
6{M5l
BxM1
AEhu
s[y)
aI5G
u.K*
cd9w
GetMethods
"SKHk
1 w
R%)G
kFda
J5.
'Ys#.
2Dh%
u*G/
X%aw
QdU0
*cUJ
8Wdn!
.wmsx][
op_Equality
/prZ
MDUp[
v i,^
!C5m
5]]B
Y8*GG
~6oZG8P
J+JQ6
n\"9
'.!D@##
O,xQ
RVFhn
dL_e*
2o1b
x}USh
YQ
U: U<
'l9HV
-Xe^
~(|.
uA$Tv;
v?9z
,M+/
eC*2
testfrdp
Qt[(
]`hfs
]@eG:
|Tr0X
^ii
Z'qa.
(a#HB
<=!2
^n`k
Jg8b
dBT?
N N7NZN N
[~Ze
[ pM
p 'kx
3gN NMNcN>NpN
28 ((M
_s@/
*5Q"
xq\6
i?
<u\#
`r34
8Q'Qp
CQ+S
,:Fp
tT|*
*_Cto
Z#n7
%,%L
Z)9@
^6n)
cMDRwI
}GI@Vv(
Lv.tO
@hmc
ZFB)^k_De
ox')]
)cy
iL[dE{
='4T
pp\(C
~u9\
E e|.
bp
~ DO
;m$p2Y
$ozv
mdFf
n>
.L yq'@
RZJci
-eQX
9: . \
rDTkj`
0T2:
KnuI
$(3}
xb]R>A
#+#f
`LFR
>V9e
n?O.
M5lQ
w&o*
[nx{y
x11
MNyS
get_Message
!This program cannot be run in DOS mode. $
w!AM
+{&o
-kp`k/
PL.=
-X U6
?oYV3u
:0;_5E
xkUBB
gO o
rH~c
w;F\
jlYBf
d%d
/$XSy
*$g[l1
`dI~
yxhpz
Jr=?
HhMD
WZqX
c"9X
:0n
R/;v
dJ(i
gPLI
<ei-
@W A
3c2
B`^,
NqNGN\N
qa&g
1_ba
+Wo~V
q >E
n)(l
Ebno}
Y,e8
AIN NmNVN
orrg
xud~Q8
Ff "r
F|U!z#
$} {
U1<UtK
xDAoYr
.4EY
T )m4
nJ*@Z
HG0$
"7`T
g%Yh[J
%NQ[N
F8\#'
;Zc
p6@"
>GD~m4
?^H'7
[09G\
)-"?
C`C*
P3Eg
P:pM
mg_y]
&?B|
}[6K
$BCp
CT='
M?X+
:+rR
hN@=o
GN(f-
q^$ W
N NhN}NnNfNONcNHN\N
{1R.A0
mysq
x[C[I
7?7[
M=N*N
Nb,
9Aak
QXX}s
JOrxJ[B
t c[
NyN"NLN+N(N N2NoN%N@NKN%N^NtNnN
V}XT
{eV;
i/nv
@yBz
;ecV
d/Ek
VVx*
*P0d
@|d ?
}KR!
{O0(?
NQNiN7N%N
V m>'
D}fl;
Nd*M
]\Jb
eMW;
#or
2`+dV
"-Ef_!Q
yO-3
=eq~`8.
d 61
aF;9
U'bx
6Z>@8@v
Vq9v5)
3Ru4
WEJW
h[o;
GdCa
W0P .
(6Qo
W ;)
jTM-
UrJ!
%c Kd|
Z+&m
5} [
16 \
E8 v
Oi (
]Z;[-=
EQUi 4
vI'v
[v z
?C(_9
h7.D
n`FN
8z=\
+hq
_2Q(
LMgE
",nB
!G/
DC8*
d:?h
=gJLC 6
O~'|xE
bXzbw1c
:;T6Q9
Z" DH
@ >s
i $oj
fq2t
9 8t
m+ue
-zt:
$GlmX-
2@},
U"kwN
c7^.
$.Gi@4
ba)>
^wQk
q*;0
NhNiN
5$b$
us#j
\ m6
S1O^
%0o#
t(Jm
qDs&$
27~|
^_ 2
4g%+5
+ ]!y
v |
0W(K
idoT9
h"'C
N4N]N'NsNEN/N
N>NbNuNtN?N$N
sDw&
Uh`l
M)8y
C4:Pm
QS2Kc
0;K!H
]FXs@
M(;S
b52s
4< H%<E
c9m+f)
{}PC
-aHt
jAp8=
t(%M
Int32
j=n;A
F} L4^):
DPw_
NGNQNBNxN3NON
MO/CefS
0Pl~
y0 2
'9qu*
HL)~:
!Ji6{
j%H/V
NeN+N6N
QE E
Do AB
.C`?
u} S4
t Co
4@aNn
mkQh
b*JV
MethodInfo
eb'A\
QjRU
_!\^
:u\+E
%2:f
nOv2Erv8i
Z|z5}
CompilationRelaxationsAttribute
g1L >}
JI!LSb
/wy
4kS]*ha^L
7~DxT
!SA0
3Zvu
Fia~
,nnC
Cxt>
D: -
N~Ji,kM H
(!p{
wMD}g
pL]8?
DzN3NPNzN
O .R
<*tl
J [D
]2Y`
{M4(
'2T(
=C[e%
v5>Pm
qT`{\
Q|6n
IDATx
mAlp$
W~VZ
^L$q
I&7kO
! t6wq
Ju/>V
r./)N
!NJ`
?s(
l?#+
`[,
8q#!
\Vbs
wcU
?E6u
N7Y
f;(\<
V 3F
|Xh{
IEND
|k?_
}%)Z
Microsoft.VisualBasic
_!.k"
==U
([:nO
SZrE
=u8I
PJn8<(
gkY2><
b,xh
9c/{8
++~,+
j-./
^G[Ot>+a
|E`.
/#ZZO
qV t
+#3e<
T|+=
uoUV
< ks
g3h#
3j:g
!g PT
E?IB
/jP1
`h&h
NjN!N|N{NkN
E;Q?
:@f
xR*-
JXok7
V,^](Ls3
MQ^.c
4sjX
VDrutK
6X8b
Q,
qFC&@
Zf4^_
Z[@0
q[dpax
S(3G
1 (^
j|P):
tB?+v
#Q+K
sZ[5
ZtzU~~
eMT^
<li$^
V+vq
ZnEe
&x a
$v3i
DialogResult
?"7_
J 5
[UN=
mlzR
{' w
4:s{
I75Iy3b
xG$B
m.iG&
( ^p
20=^
4np$<F
;5@uM
^=|'M
;4fj
kW:,
= Icj'H
W/_e
VaD@
cEp_
K~
;mSK
op |
U"/9
3)OX8t
u "
g\ <
T6a p
C]Cb
-o;)
) Ivy =
#*/
zZ.Z
)@nl
H3a
}x0Z
{STk
yH+y
/TC`
U@"$
0i2K
) 1;
^&LPg
f}F_
hF~E
MBcE(
UOnq
,cuuK
M{tp
"}78
h L]
N*N,N
2\t
System.Resources
W$ .
5]eq 9L
U(]j
POz~s1[
qqldC
( sM
JT 0h
?s)
J\j/
C) 6
h5bO|g
Jsz'
?ANmNaN/N.N[NKNzNdN
G1$"
3etcb'
Kt Oz
M&
-~ I
Hu/7
([,F
OD_0
ggaU
rc e
@]gN
9T[["
>.5A
VR(.
>nCfh
8w.8
Y[2$
..{+
F %S#
F>u)[
]ydF
zK3b
==eF
[nR@^
)t_o
N|N9N%NaN
(le/
;}$S~
i VR
{ bA
J"NGN,NEN
^J[
jbFK#
Z~-`
@ykP
3UQN
]x.:
WN^?
Gn&\
OR|Y
]=dcg
'HtV8
LI`P
xxz>
ResourceManager
4%hq
w(P{0
]=`6q
^89g
rEy|
WH[k"
/S}h.
F 66
ht7_#s
?UKP
, ui56:
q+W(
dxJ5
_h9vQ
7.$H5?
upRy
3gasG
he:E
6uLy
~R8bH
P9u`U
qBqqL
(V3V
Rv$zi(F
:!1:Lo
qJi)
+R^G
:RY^/
EzN3NPNzN
PropertyInfo
NBNBNBNiNxN*NhN:N_N5NxNaNoNlN1N
NJN-N_NFN^NVNpN
qqx=
& !I
h`~>
6.d%
VM+s
L/D~
O&+7
9mX)Q
\x:
oR_WC
)m d
[&e=
qh_2
w1OH
\y!v
ToArray
>9[6
+"C,
<~gi
b2iwZ
ukD@
I I!
S jT
uA~+
-3I3B
g{:Y
"%v%
,tGZ}
_oKM
D><nqZ
NKNJNMNIN
aLK7
on!zA
gvlW
EuO}:
?I7m
]Oa
%F|sB
[O]2/
.+DL
`C%uH
B?tl
|GwO
jpKI
wc@
zJPb
9hB
7QJDERfAj)
w/U+G
J!P@r
imf
#8G(
zAdV
9UC=
.>jfg
)frm
-?v2A_
,&#~
2gN NMNcN>NpN
3QsJS
1?<tn
K'AA
P]V./
8\1}
TO\O
u\m-
^7-7
Rdax
N%NRN"N
fu:
? ?
EfzG-
NhN^N~N&N
LG2|@5
K5h_
Z,70(H
reZg
QKmx
pHC_
r~Ka
({6,I
2O6q
NFNcNxN_N NDNV
~FMe
=x<g
Ci.}
XU .
)KN
"zs
43/ip
_FlI
$,Gpu
^8 4T
f[H8
hR6z
% ;VB
fbYQ
\h _
,~T0>[
/5 |<J/=
'=^!
Z!wd!
F0q'\
+9:>^
3HNw
R ;_jQ
Cy%$zo
|F5$
5dBW
gs'P
/Apm
\l|"
CreateInstance
7G^J=
v|?t
5;i+
AuYT
/sLE
L|/T
eE#C}u{p#, }T
.#+Zg
Object
\ ]}
{J+z
\;zP
"Nxe=
0(sH9%
)[|&
EI;|i
@=>e
2x-{
@0`+
;SyPc
qS =
kGf!
/\Zv
z#vP=
}Qi*f
P;@3
6:8Z
vhvg
}.6
T\B=
1 U5 !
@o #
z8 <
t 79o
o9F6
~ <:
9J2I
(_^s
HC;wJ
R_wL"
y?;X
:EZIF
m;[T^u
QI0\
8PbtB 4
Z`<v
C| bMU%
9)O;Y>
0x-)\
RW?H
8U$X
6p}@
]#cQ
\.8k
#p_
W][H
?Dd^
V7mf
eHW=
_CorExeMain
?FfF
ip52
dg3E
x54!
|07x
$(jt}E
H1- 3
sx2th
}HV!
6-3+
vg,?SU
GSjN
%V v{
!W6^
z+W A
HDbQz
Bsw-
xt/+tA
k?x5LR
UylR
0 qI
1L1n
M &o
K +DX
TF<fGiw
!C\U[
6 fpg
6y?Z==v
>MN.
(wJ;
m!u\
/6u@x
!v[7
G3yD
9j%9F
.x{j
<v}
G~$,
Q\x7
<?,
T7%:
<$j9
v1I`
:Ni)&
Mg!Q
FN<<<
gh>y
CbGx
* vS
V A<_
\Jxm
NuHj
c O#
w2|zo
T]2-
f"Z^
Df jv
S{htVn
2mW B
}=VFzL>
E[T
p<Dw
o8>Y
~6wg)
x$A\
1}L.
ds$T
h Ts*xV
BvJ<|:
,na
9k@J
R[?y
U-mB
RnAcB
xRuI
so)l8
/Vq:
7$'w
V5l}
y;3~C
DKTUa
|pX~\
{|.p
vYaUZ
;=& P
})%:g:7
uk2w
?>.{
PK&
/xb6
HUG-
dFfA
:qb(
!TIZ
"c`I_gE
<MlU
'*x
XU9-
psI
K}<lh
$5nB
Ek4@w
D9>>@
*|)M<
E8 L
G3!6 S
=}TE.a Nk
cjrng
pmw{
@=R *
t.9x0J
NO$l
C!d_
>xIRqsT
l:mfp
qP<z
&)8]
nDVX
b}d\
qER_Pa(d
o 5o
>%9l0
#Hz1
uf!Z
P)Sn7H
10kA<\
8l&]r_
X}+Q
//Z=
rn4
5(Q!
sQU3
a3B@
q]U-
Cvs9
l^ H
PO@4N
QQBI
yK4]
#@3;
("NANTNeN
{,!J
z<0l
.,(W!
)>;0
WkqF
=9 u0
@loK!
`N;j
-OHw
r7t+
-^ @
g*AV
-g/#
VDeu9
B-TV
K4 {
&./6
uW#&:o
Kge!B4H
Wx*D
J(`= p
=T]
O 6X
&n48
1g3AsY
:w3G
yK{v
czF_Y
6= ~ay.
Ut{%
{x}n6
-hoQ
-'CX
xx|V
zH&A
oiG>
/~~
-<D&
met2
N9N^NCN]N
>lpqF
_w>pHE
4e`h
gg2X
{k'n
nt{Q
c;Wp
E)]qm
O8Cm
PU5xF
T+ 6|'3
8?&|
T pR
A.b`GS
r4j
{f<^
{E 1lw\H=nB
]:-
mRF[
/(<
X9CL
v2.0.50727
LKTp
ryNM
BH,{|
+vg)
MYP:C
SSDa
)% f
^C>
6H H
=BTr
!8f:
-G9
ubJk3
)kN5N
GHl_
o XU
7yey
'u_)
G%0k
:\B]a<
qNC
eXU!
Exception
U}IY/Wn
-< J v
>r6
>: 1)
CL9l
.uE'
fY=}
XFjJ
#k_1d
I4aQ
7h7'
.kot
8LJa
0 MKv)f
Ar_[Ah
S)(-
dDCV
y5o'
Fv&=
ZARP
IBH'
L8vN
tdN
GetTypeFromHandle
ma[g!e
N]NONcN.N4N*NbNTN{NMN)N N)N
a~[e
"o{\Rg1
'A(R
JsZ\)
^h7Rqr:9X
<)1e
3Dj$
g3F|
r^;7
.p3H
&!n^
'ZGz
$F?w
}t[T
Wk w{
G+3=n:
9*Gc
,Du_)
Q&jU
u&n~
`S3L
P_@^
q @BH
&K_S
H9-
w#-4
`` v
?wHR
}EvWw2C!=UG
TE a
T#<}"6
Op(;
q7\N
tAOP
<+=:
GetValue
|s?0J
6Z,/
nuK`jK
]5P
=G( ~
"qHL
O84Cd
>v""
\ i+
: OA
`[#J
z&oDI"Xx
~D%f
4CLo
P10ed
<q M
sNShz
k1ZP
})$s
GQM4j%
&sguL%1=\
.9e318
zt7$k
lA
s C4
]Gl?
S]%a6
`, c
TUz'
q05'8
wC`{D
y#<-h.
g L7
Mwx0
\._@,T
6XLL
_dFc[
N,3S
b p`
v-L]
!$8F
}m D
K-7G
;Xf_
\0 N"
System.Runtime.CompilerServices
cy*&eu.
Uf5p
0SUko
I$dW
@8(Q)
29/ `
NpNMNeNKN
c5Li
j[,w5M
'KvFrk
=6: dD
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
HN5P
aiiR
9 Ck
z^ H
d'B+
Ot'
or3Ib
KiYH
O}]5C
u>n2
tYp>O
(xAH0
r.W]p
4Hn*
xg`r`
X/n]=
-?f
8s|e
@w h
<hF
U":o
0XbUF
K*a6
ax"}LR
<v5&R~
d2'**
oP1B
1V}:Fz
@Lu
Kc0Y
g-UYn
p}?(
__ %
ro<
QzVn
gC )MI
zbc*5KAq
t%dn^
Nv_2
cB$vV
j2 m^
DpYL
T4W4
rl#=
`Iv3&
X1fgf
KeWs
IuW4E
J0N9NSNbN N&NiN
!#A
=p]p
JK,P
apo(
ZbT8^;
uzrc
U>0l
3W7`
Hdoz<
N5N N/N@N5N\N
(/PlH.
VChx
Tv||
hj`S =
,1tF
A&:}
NPN!N}NBN
ayOO
;4i=
86iU$
XN Ns
UYYCS
x+> :K
?B)l
"%2c
[wM
?1Q^
< H/R
o(/&
|zu2TT/
nYw ^
+s |8
EYR
uU G
}CFES
qs[
'S-"
I,5:
R0V6
A@Nr
|s;
x ;E
70;y v|n
(I''*sf
c$ Z
>ANmNaN/N.N[NKNzNdN
&le5
DO-e
M.8 N
jk @r
d)3%
G;g
{d"M
at1x
s?*j
tBVAh;
-:Zf
R"]L
wGcg
tVUH
N|NgN#N|N
h$&
oo'5
(~rW
1\Yl
[id(
K/sJ}
&J/D
[ %T
@P}
pCRK
s5f2
>P~_JUY%eRc5"
`w:*
H3hk
{T\fo
oT34dO
t2/w
%J;?
fp]5K
~ }em
=(z)=[
mAHf
]F@s
Bnltm
=1rL0
-?/"
`jQ59
DF.>86_
g eBmC
#GUID
#nDeD
3U?:r)
)htd
on@w
w3Vt
W263
2_&H(
SG0EG
ShP4
XD8J
-h'f
%Fm
?p@iO
1hQ
TMwun
}>- [
e| r
oct
yM=tb
(:]G
fZ|
=oF_
YVkV5x
Tq&q
PkF1[$
4PjV
qt_ D;{y
II$
V5ne
[yX#
NVNkN
zN]{
H?}&6
<2B&
SaBB\
6&XQ78f#l
B7j>
M NI
D
tF?:-^
OQ$
h-Wc
^E K
WUD}
$;S
r\{L
EOQ]
S sF
!9K"wz
\bhO
x"OX
VgVY
>6pa%
c@vyf.3F
^].I
fVL2
?YXX
6+2=
P %}
S* 3
)6:vD;
5uR
r#Ri
>1Sto
>!/p
7|,
:T=h
*)%r
crlJj
)~K]Kf= 4
jO0w
1xb5
yeT_
it5B=
*JK0}
4$+1)XX(w
Gch+
<S, j
tf1
n/NEuk`1
5]{I
hEWd
R`f,VG
f"EKl2
-iU\
dZOjJg
%SVk
'VS=
lA5d
wZ]5
E4(]
G/99)
#/c9}U
nniy<
LO~d
n2w*%
5ZXQZ
L=N*N
z{*>`
'oqcvj
|%JvGK
n!H3
o..ZF
x O.
d{.mr
_zbx
R}"
2: "
y*.<
cUqs3
LO `
<;f!
H3Lf
C-F<
[{#4M
2Ww
J4{Z
C|c"
_/x]
;'\K
6\Sg5
iaOwB
3YbX
L[%R
+!P
E_M`\(
mtRC
q|tA
pw!#6o
P.]c
NiN$N(N
>6Bx-
ZE]QP
>X#0
:Qy7
\c }
Zk[B -H
}r+uMs#
WUzS
-kSK
HQ<z
AwE
B%ZT
~eY sd
7 >}
jd0&
AS=<
XZr)
Z79V
Qx C]8S
2;M{L
/~-qh
v]1K
NiNgNHNdN
~\V[O
,wMI
-,wF
sy @
in8,
IzYvm
hb|i;
-MDN
dQ{&
|S5IS
>Nmc[
Rnre
s]A2
^3PV
^Jg_
System.Collections.Generic
WKtH
|<EJ
8h?Z
B<d~
z('~
uU<?}
2qYm
$K0w#
Zh)(
gFy7(
e!_(T
}iRb
cpK<
&_ 9Ho
lT4t
U~ ^
P9+CW
D4E>+
k&%G'
\L>)m
xeJW
A[hAp
AddRange
hM Y
y5i~
U*#a
f=1@:u
L2tL
_0d*
%dA
cO_\<o
='}"%
IhSvL
O*}ql
jdcb
Lq6$
C[mV,
XZKN
vH/n@
(4lR
,`<v
2"3
G$DG
= H
LateSet
6%b-
4a5@y
N?41
F| ^J
)E w
T&3)
55QR
_bE
JLk3
]Aon
PNG
qXk<
#>D`
c xS
}# N$XO
% #P
s(w,~M
zk8?OD!
KvY$
/\AM7B
A8jb
u[\O
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02b_64 Seven02b_64 VirtualBox 2017-07-14 13:41:59 2017-07-14 13:44:53 174

5 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02b_64 Seven02b_64 VirtualBox 2017-07-14 13:41:59 2017-07-14 13:44:53 174

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\TTcopy.exe.config
C:\Users\Seven01\AppData\Local\Temp\TTcopy.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\TTcopy.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\TTcopy.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Users\Seven01\AppData\Local\Temp\it-IT\testfrdp.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\testfrdp.resources\testfrdp.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\testfrdp.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\testfrdp.resources\testfrdp.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\testfrdp.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\testfrdp.resources\testfrdp.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\testfrdp.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\testfrdp.resources\testfrdp.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chlome.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2520.14450015
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2520.14450015
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2520.14450062
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chlome.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chlome.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chlome.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\testfrdp.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\testfrdp.resources\testfrdp.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\testfrdp.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\testfrdp.resources\testfrdp.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\testfrdp.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\testfrdp.resources\testfrdp.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\testfrdp.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\testfrdp.resources\testfrdp.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\it\stub.resources\stub.resources.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2792.14452359
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2792.14452359
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2792.14452359
C:\Windows\SysWOW64\ntdll.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\TTcopy.exe.config
C:\Users\Seven01\AppData\Local\Temp\TTcopy.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chlome.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chlome.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\SysWOW64\ntdll.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chlome.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\TTcopy.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2520.14450015
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2520.14450015
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2520.14450062
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2792.14452359
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2792.14452359
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2792.14452359

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TTcopy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\623d8bcb\34b777cb
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|TTcopy.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|TTcopy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|TTcopy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\41a99de2\36eff4c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\41a99de2\4de6d5ad
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chlome.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|chlome.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|chlome.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Start Menu|Programs|Startup|chlome.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Chrome Updater
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Chrome Updater

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Chrome Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Chrome Updater

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Chrome Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Chrome Updater

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.VirtualProtect
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.VirtualAllocEx
ntdll.dll.NtGetContextThread
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
ntdll.dll.NtSetContextThread
kernel32.dll.Wow64SetThreadContext
ntdll.dll.NtProtectVirtualMemory
ntdll.dll.NtWriteVirtualMemory
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtTerminateProcess
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.GetModuleFileNameW
shfolder.dll.SHGetFolderPathW
kernel32.dll.MoveFileW
kernel32.dll.LocalAlloc
kernel32.dll.RtlMoveMemory
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
kernel32.dll.LocalFree
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
advapi32.dll.RegSetValueExW
kernel32.dll.CreateProcessW

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chlome.exe 
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chlome.exe "

Started Services

Nothing to display

Created Services

Nothing to display