MalScore
100/100
MalFamily
Malicious

chis.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 17/68 Related 2710
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 495.50 KB (507392 bytes)
Compile time: 2017-05-13 03:46:30
MD5: 207b78b947340ed9bd5028f2e5e7fe6b
SHA1: 8e573797a767c677c643d99abba26a44b02e50f5
SHA256: d288493aabb94311f5150401710256daad38f240e12d712097ab5df21a268964
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-02-20 13:24:05
Last submission: 2018-02-20 13:24:05
Filename detected: - chis.exe (1)
URL file hosting
hXXp://prosciuttiamo.it/ice/chis.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-02-20 12:02:08 [17/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x47cb4 294400 ccacf623a055a445ce832a5da3b76256 920b4e1a14d6e124670ad80db95174ce10319c38
.rsrc 0x4a000 0x33a60 211968 d7c054e7166948e9121d03a65d7efe4f c489c119423113c17d32eb638eb2d9b815107a6f
.reloc 0x7e000 0xc 512 8a4249cddb5bcbd870a492ef2aeeaa85 4b63d0cf51f9b08439629466e3f88c43b076552a
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x4a130 209740 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x7d47c 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x7d490 996 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x7d874 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 Ace Hardware Corporation
Assembly Version: 0.0.0.0
InternalName: chis.exe
FileVersion: 1.3.1.1
CompanyName: Ace Hardware Corporation
Comments: oyonayaweb
ProductName: Accu-Chek Connect diabetes management system
ProductVersion: 1.3.1.1
FileDescription: Accu-Chek Connect diabetes management system
Translation: 0x0000 0x04b0
OriginalFilename: chis.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
1.3.1.1
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Assembly Version
+5<^}
chis.exe
dxy
9f1ea853-81ed-b642
VarFileInfo
Comments
9f1ea853-81ed-b643
9f1ea853-81ed-b61
9f1ea853-81ed-b60
9f1ea853-81ed-b63
9f1ea853-81ed-b62
9f1ea853-81ed-b65
9f1ea853-81ed-b64
9f1ea853-81ed-b67
9f1ea853-81ed-b66
9f1ea853-81ed-b69
9f1ea853-81ed-b68
ProductName
9f1ea853-81ed-b624
9f1ea853-81ed-b625
9f1ea853-81ed-b626
9f1ea853-81ed-b627
9f1ea853-81ed-b620
9f1ea853-81ed-b621
9f1ea853-81ed-b622
9f1ea853-81ed-b623
2018 Ace Hardware Corporation
CompanyName
9f1ea853-81ed-b644
9f1ea853-81ed-b645
9f1ea853-81ed-b628
9f1ea853-81ed-b629
9f1ea853-81ed-b640
9f1ea853-81ed-b641
StringFileInfo
b70a75ef-07b6-a5
Translation
oyonayaweb
Accu-Chek Connect diabetes management system
InternalName
FileVersion
Copyright
VS_VERSION_INFO
LegalCopyright
1.3.1.1
9f1ea853-81ed-b639
000004b0
9f1ea853-81ed-b638
ProductVersion
FileDescription
0.0.0.0
OriginalFilename
9f1ea853-81ed-b611
9f1ea853-81ed-b610
9f1ea853-81ed-b613
9f1ea853-81ed-b612
9f1ea853-81ed-b615
9f1ea853-81ed-b614
9f1ea853-81ed-b617
9f1ea853-81ed-b616
9f1ea853-81ed-b619
9f1ea853-81ed-b618
9f1ea853-81ed-b631
9f1ea853-81ed-b630
9f1ea853-81ed-b637
9f1ea853-81ed-b636
9f1ea853-81ed-b635
9f1ea853-81ed-b634
9f1ea853-81ed-b633
9f1ea853-81ed-b632
Ace Hardware Corporation
E|BQ
WI!A,wn
e!o
@a<N
Tg7x
!U_|
r(A=
3 S~
nEJ"
w5xT7
63E9
<7LT
PNG
R TN
$J]b-} ~
A}|
/?O"9
CRglh-
/t]{
=9cn
Wu_:3
f+>8'Pjww!
V~wz
q,ivb
6S#(
IGy>
S4~v'
( a?
v-cC1
U u:
%oBE
`q81=
#D0m
^F7"k/
|Q;%?
get_Height
H xT
_Qa#/
/x}u+
6vP3!|M
r eS'
{q\
L>XH&T
<)]i"<<f
"xJP
/\$$
NYYb
1 *!*
7+-{
hx@J
6&Pc
{4cw
O@U
L)*1}
@ U/
9-@T\
- So
sXMQu
Na wT
Q^Sr
= < < < < < < < < < < < < < < <
?vjIq
,&<y-
mDg-a
9;Xn
T=oT
W1^f<
e^- :
Z5:j:
ey&^r
#XmC^|
"hcn
<_Xd
OnPaint
^7^!
xWtJ^w
#Ke6
M`k4
System
e{SK
wBMk
_rXSI
Cioe
s$Zo6
L y 4
02)f
4C328BECF729897AC2F385EEC7A4AC09D7AF383F
Le4r
ControlStyles
zoY`
[N
get_FontHeight
m8{|
hVQ?d
77iu
L26J
K9}0g
|`".
dp$e
yiHV
CompilationRelaxationsAttribute
al*U!j-
bHr46
yK)]
H[v};t
p;>}
[WVO
ZQ>zt
L1Q_p
#sC(
o3G<
OverRect
}IDAThC
ILFBv
F3u2q0
+3"O
?w3B
'zYB
gQ~5W
WB:
m<)\"
@ }4
lHV -
ryio
Z`yp
[cEW`
3$|-
7"m_
y\YD
ILmI
+<V_
SW`C
4"5R
5N!N
r (n
PS i
Pkl_y
E`Fi
v[p$
$7@
8I )P
?7TK
51b08224-5621-b0.Resources.resources
SJ\^
d~~E
< M7
yW%W
v+ P
=1n&
`G*<
|u y
1/K1
-,vJYo
3bOt
=Q%2
]8&3%
xva
E,r)
ue[&
.Y7P
k[4JV
1 V)
_1a*
AssemblyCompanyAttribute
w;gI;
0ssO
o7U2
Jm }
0Y&G
dKe8
vN_X
.D;=
`"<:
R:u[l
],!/
=*=,
RmQ]
Qt,u
h+|W
C*?D
E7F(
kccZ
eB&}x
us`(
MCTF
%>0Q!
qX=FfX
+>Y5
h"/V
#4:0
r{]~
w`VQ
d9}O)&
vk)t[
]c 4<
XSx$
ujt &
Zx:1R
5t&1
Ck]Y<K
O,kk!
ResolveEventHandler
g|]\
iQ U
AppDomain
lhm0
*'q
TbvU
>3H*
~,t?
Yi Y
1 Qik
Q'+{
7c/-
qu".K3
k!mpa
1Un%U
CA/D
%r
pMBS
w<\
h.X4L
BINA
HX8Eo
set_Alignment
:1-
\q;
-%W.
uyM@
6e}@
0ZNI
g$d?
B\eBM
Zw|eYk
lq0fU{
v[l:B
sS[>A
'M8P
o~ce
C6x[
$=n@
=0;x
]#iB
t+M&
3C5(
+$c*
matemdeea.ControlFolder
g&z,
F=n3P
])m%
8k`W
_/k/
Me+)
p_TD
;^P?
M=g"!
T\j*
\Xk(8W
Yo/S
L*=v
_9= l
o 1_I
pkq
Kk}BB+^
f-Rh
(~p]p
ZXyp
F1>>r
y6Dw
y+Uw
U76J
(q{5
EJA<R
RS)N
=6Q7
MF*fo
Me+]
[S2G
Control
WHfp9
o#6V
X)@
+?4V^Q
d$6b
RnWw
?STk+
2-Cb
;An~&
ztV:
f85=
SE{h
Mf9*
!,'^
4OlQI
xUM"
~Sot
V9pJ
Jx?-
PS"!T
w1H
OIsO
Y^^K
Qg]<
Type
.)O(
0 1u?
>)YD
v|ku
JLbc
OBQrn6
r @G
8RwMq
hKzE
c1}2
LHB46
63zYD
AG HwJ
D> t
YQ5(
Z"3j[
{[Px
System.Text
U"M1
%o"e1
7>'X
j1Nvg
G=&^
W=EkqU
Hr|GM
3 =
HOd.m
R?7 mZ?
!iQ[u
!uqI
E,/cC
K" ]
k\Z4
n&0*C
_41
5Swc
Ow8G
>Q)Z
2%eW
EI72<
+hVo
gZ}y
zYYr*
D.n3
Char
WQ
v(-i
n!H#WnH
( (M
oOm<
D1[Yh
6aQp
]n
N4\)
VsZ 7
"'mM
Ov Q),$-
,j/c
Sbi-f
1 Zr
T [i
lXcq
L{ wy%g=
%1Eg~
;Nw
{e_:
f3 w
2Qd6
?p2k[
:yvdV
c a"
MQ7#v
L/fMC@ [
T^Oc
!a1
6@CDwCO"
Hic%9U]
1# G3(
hVuHk
#N9D8
U3GX
S]I]
cY 7
,cb8
uDS?F}
zH.6
vu?eg
"]9
nHl6
%'"g
qy :k
3naig
+A E
5n\<
Me+(
SFT(
!KQ
"|q--
Y%]e
B.Ue
!hHn
ISY/
.J6Z
oU2 @
sw,Q
_`74(
JB%j\
XKp[
@0W60n]
yacg
|#4m
U-#D
|b[s
|q 5S
Gg)?
Iw{~
$Fs]Ol
pBA,
QguU?
>l)/
graphics
(,h-
5aq3
RKmsHc
Wm3?
.text
MBjk
gOf}
ACjR@h
mo|k
Uh[z
hEL / ot$w
q?Qn@4
k,UI.gaI
|.E
YZk6$)
_|+&
=rLv
w!OG
.Bn*#
5/Z%
$]G}
T4Jt
<9]* 5u
_/?7
%X 0
r|WG;
fjo<
AK-K
;&?>
o1 2_
]g,I
,Qrz
e0FG9)
IRz8
4*~qg~
"57G
JoC^
{e'
bj6PfW
r-/b
{-| {=o
SI,
TMQz
{o3@
& A)
WkBpt]
(kh7I
M$Y5
t#GA
+o$_AW9
5,G)+@
R`rL
uwTS
pa/^
/0F ]
x 9>-Xi
k5 :.
MN;[
}3cR
~J3
7SkQ8H"^v?I
k$bf$lg
c{iw2N
ym{qi
| x%T
6OgJ
;Zg1
9<aj$
;BAOd
JpvE
/0F }
;2jq|$
K"+b
l!-"
dm[O
IList
1iAW=
agX?
;|*}
D;yoH!
}o 7
hfOQB
?cJe
<"9H
:C-aK
GnU|
get_X
1z^/J
'3n,
) P8
~=GiG
%n$tf
W{%
M@34
u!O #
Fq2s
><+
`.rsrc
FS+J
Kg;c#
'9NH
Mj!e
yG[l
Q4.H
Z$ b
c%A@
4gi
ZC?D
q]1:G
['r)R
(:z=
!-Rb
i.{%
bTb
0Ab#
,F+m
<_">:b
5b*I
<zYB
hp}m3
gQ(m
` Wz<6>
QA|e<
!5c;
oxx\
{ eS
;"0p
)sOj;
=7Y#
|u6-
lUqK
ST']
!3?R
matemdeea.Initializare
FmOVx
~!E$nK
^.,T
:iMG
o}zw}
5+ }
_IBj|
%ji|
{}k =)
no4
<ww0
ibkG
4,.
SQKo3
o(/}}
)\J'
V4k{
J{T_
$)"(
get_SelectedIndex
.,<uk
UZpl
\xeQ
u}V*
MCGz
Lq^&
)1*3
%\ae
GtjU
49zm7Qz
]).z
!H[v;1
height
KVM,
NDG-
q,}=q
BSP\
MouseEventArgs
*uP z
2x}nd
XW0'
9/]q
/F "
V1Cc
matemdeea
o6 F
4R.x
Zfw S
p@=P
[~c5
;QDb
@-n=
iqBU
]Oia
,w5I
/1F }
qZ16B0
rI!t
x,j"
{zH$
l{#F
_X$Z
1.K.
}Tc1
{OKh R
Cz'[
dskJ,+
nwXKY *
Y5t8
E~FI
7c"-"J
UB>a
@QI<E
xl`
.Ae1
~EuP'
I Aj
[:uh
=5j
#KX}
1[:f
Vzeu
RA&
BFu4f4
uxvc0'(
System.Runtime.InteropServices
U[Es
0+Nt
4|_7
k2y
jjU.
OnMouseMove
$P$,
!3sM
Z\a$
FS{3
^v>}3y
8Ef^`'
O1Yv0
+Hh{
zlY(
R:u_
FC{Gq
xH x
AjUCQ
H*dDOp
7T%W
s46!
System.Windows.Forms
BnEK
C'3V
ngf r
>2HH
u;@=
lp}X
r6S]
kO{6
OnCreateControl
=1i
)%zW/5B
7_%.m
/~cb
40g$
L^V'
\gJq
gbae
\+))
Hovering
N(`U
\2e:
l2U;
7"Hw
get_TextBounds
^a0a
Su}@B
&^hsUQc
>dmM
WrapNonExceptionThrows
@8xE
2#@PGS
4W'`
g"|;
Q.e(
sR<+En
ip@Z
C(gH
!##,
!)Rc
Console
yx@%
K/(U
]@:E!
M[ "
Ta(w
"k^TxF
H&b\
_{6MT
WD_S
]EZW
MjM'
/$]h
8S]*P
]. U9
7"Wc
}Vc
}Vc!
3ax79
hCF
pz%d
J["0
@M15T
#5n
j<&]
Ld#D
"P!q
X0wSG
wwVQ
Ax}k
1OK\
&*8R
TC;a
O(s
&*8Z
matemdeea.exe
IHDR
2E@}
6EFAC0EE8C248566D5441213E5936E72128EE1FF
e{3I=
ufc
!DS
oYp\
$x+Z
*R`b:@I
leh
1}b^
\]{C
jg
,)UT]%
&*8d
t3Dm
T7P$
rc3T
CW@}f
&*8i
]* '
Y!Uz
G7.iV
<'gJ
XaORl
|X_^)
i +(]
?&C?
EventArgs
8ec T
sJ3
5u/'/
A_@bH
{">yX
'm0'r
USc*
gaEi_
FxQW
{G[*
u8XS"=
9kIi3L
UWp-
p1z'
tk3,
M$g]
S|Kd
&6x5
.xes
)z.b
4Vgq
m v7
..K;
u3 46
"Gc+YP0
o U
n?#~
%0k#
zt3u
@9Ij
(^CQO
tdI-
TfbL
]Vc)
:V~
in<u
h}q- O
<;rKP
w3 }
obL^
nKN9
|^U
C~G.@
7/yb\S
l7 B[
s<-C
4 l| U
=DO.
c?4L
1OW&
5zGn
IfUL
Z4G1
M h[6
mW%O
kkKl
f a(
jD)E
T>Qz
=4)*'
&45p
`Nha
C[c~
`q^u[
3Mc=}[
VY8t
HB>Y
xG\y
g"SeK E-
cS|c
nG}P9{
w\}D_`G
&i]v
Bj5@
textBounds
VkJJ
Qg,X$
p'Ll!
3f1n)O:==
gtG#
e/l&O
Ek6g
5?H/
^cJH
.4*alW%I
width
x &L
LHB44
'lPK
7orw
-FgR
get_EntryPoint
+E*J
{-sz? O
"N@<{
] 4:~
}at.
p< h
!-Sb
=a"p
roH|
}"D'
5}<^
_DD6A
7e{;A
5|ZA
`^C0
$7tI
u GB
{ c
~mVT
]:lq?
H fE
8q)L
f$0fd
6 Q2
| Q5
d_jqK
add_AssemblyResolve
+i.z
IDAThC
S'`BC
3$d>
M8Zcc
P^)!
AssemblyDescriptionAttribute
a~"J
set_OverIndex
wca*
!f+F0y
CkB>
GqM#
<CZ"
UYu
zYN\}
\fV
|/Gw}
f T?<@
`t}x^
>l9X
+<wY
OverIndex
NG[N
9+@0
TabControl
G.zX
e K$%F)$
,)ZQ
\!ei
3}*=jSE)
RJp+Q
@(SM
GR P
!yr5L
Ck'
^r~t
`_/&d
)BSwJ
ru9a
d](#
wm~#a
Ki/y
5X 3e
DOyH
yW &
String
-B4
'-I"
ES&t
Color
QWX$
1KK1
{nO\
C|$8l
s@ B
Wo~q
System.Collections.Generic
^:GI
=+GD
|W0p
fo!jBT
Jp=a
set_BackColor
Pfq[
m8Rin
O bC
CEon
q%dZ
{'>}
jk K
/b#e
Og)4
Gf 9h_
get_Width
hA'O&\%
_Tsf
"wC
W&HzP
)M.D
ec=)
;,0-
Hxxy|
: 1[5r
I9b$
eVE#
DEK-
M77b
3 Oh
Cdsfssrd
g [Y<
mm2_@.
VA92L
EpZ
aFTF@
`/\V
Fy2[
get_ShowKeyboardCues
0K a]
)UO5"
YEO&
{*7'
'&0M
XzO\
pgi.
lL6V
L`}N
b$7"0r
w:F6
"'aF
Mcig;
6_O6v
9Jo/
item
u*-@.e[ZG*
<VkU
b"IRm
;^,-1u
$6of
-S*E
E ]0
KYz7
dCwb
x6 1I
@Cpc
\*;rY 7y^
-Rv2
Yset.
^@?C
wiX
X"~@
';)P
%5m3
Tb9 .
_G"|dB
3}Lak\
WF->Dr
EY'c
X"~B
];(f
i;@cD
>HR!
kXQw$w
[x,0
g(My
Math
!D F
wUT1
}Pc@
?WJ^x
e@$S7
>UsA
YY552
M6 !m
wi00
>*b7I9<
.xGD/
7SJm
S.2<m
#;nu
tG<M?
H:jpd
Y])
nT'S
ltKwHI
+ H'
gm<y
^/~@
(UqN
V?m
]ZEE
!$oF
LI1
U"t:
MeasureText
F`q4u
e3,5g
VrP}
LHD?
6)t[-2Nc
Td x
Q6]2
QKA=
^Lu |LgH
Aj^
qv<|]
)oY&
oYCw
Drc&4, 1
W`pq@[
j^{@
s;+5
J|aI
/_` }
UO^4
$y[t
}vbz
q 4
~{f4
\fUo
rBc4]
p|2ud
|U|h
.oU;R
}TR"T`3v
E-W' Q
K2&w
{IDAThC
w%9[
MethodBase
,x.=
k_ =
S10F
#Strings
oQNvS
/;b;
*So
Hg#)
|0*t
c!dULz!
?N$w
IDeviceContext
q]C
#W@b
~CL{
!bQ<
O"BBSl
+EcPO&Ks
67'^
-:RE(
Hy6-
`"B$
4=nx
System.Linq
V<v
l.~$
dG{)q
$4q'
#f%<
e8k
2ex
A5\Y@
XR]R
System.Collections
mscoree.dll
7 .R
uMRBw
Q/dm
vIhB
I]mq")
!7 >B
*WX.V
Z.t=
bR+&
'2[9
#x_L
A8;H
Xxl&
0&]dY
W-gL
!YOc
co%z
t{#Z
]6D+
z4BKV
g3s*A
4@TfW
h~YD
HV u
qW1%v
u\el
lRGf
*!BDfo
GuidAttribute
64B5
GQAW
=W<Y
h43H
b 0
;U{>
Ip7f
WL>
ZH:x
\o8U{r
`Lmw
}>P,
#$.QUTz
>^CT<Gp
9AH
=iGq /
SeparatorPaintEventArgs
get_Count
.pw'\
/+`Jn
get_ClientRectangle
.vs*
M +;
Tn
|!QV$Gj
X|#)?&
Mo!Z
Yhx[
7*e1
a:qE
ButtonBase
AJzH
rMTx
> JA{K
Q-+b
=My6
5C^c
Ip7\
?G/
System.Drawing
-d]wE
75T"l
}2#D
39D$
IEquatable`1
fIGa
b]S(
xm;V
&uCeq^
+4)=
lCj
{+RN
p[M
98-<T[
JHB+:?
>:Zc&
&$Dp
NA_ h%
@}<_
!,z|
~%b7w
"'`@
p':.
]f r<
>hf
E6Ty
|G65
S 2'%
KICt
G&k
E1aP
(>9A
V-Lq
x)Ne
j7 $ T
,-Dw
Q`gwM
J+D$}p
G3@*
9b_Yh
kk|_-'
ToString
@"+6
5H8B
R:bO
3E~F
H?WEG-
f8G,
wXj7
LLJO
'#J{
8n1au
_L'D
\27
cM}DK|
L.bA
U!NL
)J""
~UI
[d5`JKfv
:=1"
nWZ4>
FS^3h
[?a8!GI
W~ZWjy
3=sJzW
6;54
kq@8
aqna
&GQ?
L#-
D9T2
NHB46
:GW\9q|
6z+X
Ba(6^
?a ZG
l6aG
5- <
{-\2
aaouf
K5SA[
/.K;
1.K1
%+ `ua^
uCNO
1.K6
h 3
Enumerable
I <
;p'b
'mcI
!+zo
3GvP
?piV
1.K"
Va0p
^X5s^
aN'zR
~$J;
"0{s
Xt7P
SX$O
nY@>Z
< MX<
LMC6{
vq@y
TB 4
:.H0
^21q
gVc'
&yHN
oy'G
=70'
nqY1j
Lm7Le
-Rb
nOPb
[ Y2
@6 Su
QVa
4]
Zd7q
x7<>
%5j ii
Uis
;z}J
7s "D
w+Ov
hVY^
O0h
q|Kp
NQ3h
R F =
l: &
"E\)
11@SM=
i;?8
ze((
BQz"
lbKV
get_CurrentDomain
Data
3~6s
], 4<
Tam
hu$Ht
WkRH
get_FullName
F6_V
L ~^
&[bJ
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADg
by{5@
`B;F
+d-'p
get_Hovering
CKU/
LHC46
in_#V
VC:4
@Ii#le
s {{
7rtw
y,(U
BoundsSpecified
n@mp
lme0m
pHYs
w+W[
I3Ts
Ren7<
2J,
[w{0{;@
p O;(Z
&PZZ
y?><*
mNZ"$
get_TextFormatFlags
rH uN
(}me
.lkG
5]&n
l*vgfafu
M\qqY
BXw>=
Y2R;
0X $
{rM,?
CtOr
S,Rb
3Z^t3
Invoke
Qa3p
`% `
]A Q<
v3>H
9(A~[
l%#t
h:^=
hO#$
\R^
G@e>
label
v-. u
8/d`
+UR &&e
)mHa
RZu>7
):UBI|
za_HX,<O
Fn:e
W\pp
?C2T
A- a
+#6}!<
cKFsT
-&H <^M
xaiQ#k
%nd#
@%dX=
9FI
Y n#Y
->s[
GEz#
-06!W
#a9Zw
]OzO
4S,&'>
Kspw
B?A {
75NB
e =]!
b}mSYd
Pfc7Q
,7B~
^BR
0#AM7
A,{V
EG&DK
cMI^
HTwi
Array
2lMQ
7 um2
K7$J
j=if
]CbTh
W<=ZD
l'cm@G
[Jtt# "]
*s3u
@.reloc
c!;~
GetTabRect
LU)E
6~^G
{@NL
bJUG
l'wz@
l,hv?
L 8$
xHR?
i;D&
YO@Q
A-M#
TabSizeMode
Q)F y
;p]i
o6kr
du"F
Byte
jYL[.
0vn,
rH`Th)
aBy~&Z
CM7eF
a.-[
E$L
uYb'
F3R@:
nsuxuH
qLmY
bJY^
/:nI}
eF)
|?~y;
BV8I
-f1S=
v-Y n
!wk 1
W20t
7 kb
WyA
EK,I
l-wN
bC[h
CreateInstanceAndUnwrap
-t97
+"4:
4 U9nMd
Y};u
08g&
*DH\
m T0Kx
set_Font
4DM
I/B
QDQ]
.ctor
(x`PB
~-{%=bC
'; (
6-Re]
1 zE
3N J
Y 8T
Fw)!
), 2
qL |r
)^IVI
GCK=
"T8+
6C`k
Y0x8
0OdF
get_Location
~'Gl<
OIk?
Y 8l
Q1w'
Y 8q
PWF.
d'fsC
=}]5
1O3dLF
m\B)
%!U%
;dkXI~7?
DcV*)H
))O{2
1YfE:{
,iTA!
23a#
;#'IS>
hgjI0u,
MF*fQ`
:XY
`4l,
(d-`
Z0_4
RDgw
w8d!
Pt&s
D=uS
.A "
"'g@
`~<p K
0uHZ
9mT@N
}sG
&&[#NT
/fg_
[/0F }
os$g
S9%Q
r8|
d}Oi
OGQK*
20Z)H
oGlh[Z
?y%?
'6aP~
^Hex
Ug%E
Q yF
%*v]
59\b
)HvHWFg
+,4Q
,seI
o}u%
RuntimeCompatibilityAttribute
+\JE
8. U
z7_24
G>nU
~9X)
ZD9A
y[uh
LvzP:
Assembly
K5'1O
~@p5
O ep
VxB9
s@5K
_ x\
uwm s!c
O6(;O
'Vlp
}{P%
AgVT
zP>*Ta:
}A.miZ
P/Qx]
>HPY
yA@,
Graphics
~hEJ
_W4 p$
5. U
m|C7
Invalidate
f]5I
"q1 R
6SW!
;5.E
}%1f0
vs>g+
JKhud
{q@u
Iq9CcP.O]W
]^By
/,b.
ho0`
[+zX
%;yu
Size
1\aPX
e<E"h{q
~q%70
Mt+$
W=X`S
]& 3<
ht9*hR
1W ?,(G
go_|
], 5<
CJ*]I
cY^,C
=BZ^
.*_$
(O6*
[2xb
(r0
bd[5}
D.+kd
Y5/F
CDJ%
Q~YI1I<
D5hnAAz
inp6z
N #Y
x{1f8
28B/
ly/4
r(g*
!-VJ
= W
d WS
ZP@K
vn|
Aqb\
t2#D
cC k
:Vc.
*T)w1
7>w8
B(?
2lWyN=
VCTU9P2
78w9
>;sJ
e^E-W
w+LV
06b3.
d9(2C
X }1RT.`
>dX%
MRU{E_n_K
0ec5
\&?P
Bm>5
*rmi
z t:i
8#@<c
1?V W
RuntimeFieldHandle
HDrv
Lk(
WR)0
>Wm>
CqaQ
W9B)
s] D
SNy >c
+an:
&b!`i
(`wn
)E[#
%WpI
[5.~o7\ F
Z?wo3(w
e]hY
cCW8
&XAT
u1R"
l0T(
6^F'
DYaKA
X N
/ZbH
nd[lb
#Blob
Q8_2y%
X 4
X 5
AssemblyTitleAttribute
X 3
get_OverIndex
Yg]qb
Q0El
EC?#Iw
M=L$-
""D
X '
q6lX
"'/V
IC%,(K
Xhmf@&
[10T
'B+7y
#E3*
V%MzU
+)[mo
F.=v
z@N"
C,RT
M~-Z
nKAo
@B:")
Vek
DC%,(K
$-,:
G3)
J/^}q7
X
["#T
#' @
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Wu`U
>[+Z
m"*L
6k:/
9pzi
"lZB
DeB$
DW_a
pb.<
;69C
83H[
specified
BaseRect
h9KCPQ]
IWin32Window
Y(H<
Zp*hRXX
!)rc
0;{
\)KA
*"L
qGH- b
@\$d
C r`
\>Vlp
l#ps
X3/%
h~T!`
xSER
S^,|!
+?,D
PekC{
dtvs12U
~K)
^my[
"_[{ ,
0=$"
AssemblyProductAttribute
QM8YKQ
foiGCq3 n
po+5R/p[
_gGi
Gt7#
DeBr
%HP4o#z
T3x9w
url*&
2018
|}rZ
vHB2'/?
D;%m
8j9d?
m0s4
}%cH
Cei6
w.e930-
3v6*l
bIVtS
T_",9&
LabelEditEventArgs
vMhM^
&e;uKJ
Y 8:
<Pays~I
Y 8?
dil
Y 83
fIl*?
fMAs
`QM[y yd
ObT9
xci=2
[R`&
0
;7v>
Y 8$
t{M'
L7AM
N -W
|e+(
b;V
1],1
]%-)e
HE+;DZ`o
oA0p
Fv T
s G4
/1nK}
eSOw9>
q@1/TD
Q3'@'
8_mk=
YDrbx
KWK~
Y 8~
6F%|i
RuntimeHelpers
$-)w
Y 8j
|Bv]t
Y 8n
M!:)
q~mc
<Z,Oo
p Z[n
W*f`
'3>Cv
]q!//
:s
Y 8Q
J NbS8
Y?i6
!8/!C])
Y 8J
z ~s
UsRR
L:ig
4e>wa
CE# /
+<T <
7;Y~X
a+&}
9$Uh
JwO]
0 i$
3u P=
+0 E
fQL:
H<9l
>TOS
p1lp
Vh9K
9:xJ
Exception
Q,V[
U)Y="
Y,5b
Vc!3
w[ln
:4P;4
(.2Tg
a'q~D4
2za*
rx!t
dOR#@
x?Yd
0I4'
}8cs
{ #]
% f=
PvnVX
vK{x
U*[lo6
uWjg
S=_}
_\
C$,F
>UX
\a8{
QUL2
/0F }
1jP0R
?)I m
Hn= b
/[;v
!)
CM ,w
oNoj
{G<C
ii4]
F0]Q
h T
dcQU XFr
|SJh
bo 2L
+0?
lGTQjC
OQi}
8!@h
" zQ
=2C89
}B47
'>)/
get_Font
{FRT
gAMA
cPD4x8<
o9*;w
MQ)MLd
Umn
Uth:
M}^8?
2&C [~u
w Lud*CN
{+9
)I8f
%LOXSPbhrn
{|Qj
{9 !
C<!q
[E(m'
#UHS*I
0HlhJ
0~J6'4=;
<Lgq
ZA S-N
zs41
~ }=D
8S?1
]pOg}
@K%[
.cctor
*qdw
QV8l
mscorlib
i4gh
M8nQ33
$1_G@$
^Pr6
f!80
y4#!K
``j#s+
;JPfN
!i;.
StPg
Y Su
b@Vb$
)e"N
Z]k<
>3+)
S.d6
414N
q;Gw
'ni"Sv
J_8l
+$J2
-}iQ
UaRf
9p_0
-~Ss
"'a2
.@3>
get_TabPages
AMe+)
pao\
AEHY
bQ+
J}<
=, r
Qw?d
x' [
'YGc{
kkt,Q
lnB[
iC@InU%
mjIDvw
Eb*F@
j[fV
9Rz}
5!y:[ZwtEJr
w|_6
w7C;{
{r8D
value
S}$+
Sd%K
5PhNS*&
/m,a2.
pr9^
Ki@m
System.Reflection
Xp*3
DJfm~
S\uF4
G,~V
[HC4>
q|!2
B} _
Zn>ol
3;n8{sV
wX.7
R(HH
/azE
[b7s
mpb/
GHCL
4=|j#
~7V|aUU
^7&
!x6q _
MEj,
*FSAw
1jUp
3cFm
1uM6
!D l
`'gJ
mWL&V|
8C]VZ k\g
1l"
[2(g
&CSVW
|sJ
3~UfF^
T^S<
=9hj
_6gcj'
Mi}m
MZZQ
kV`E
6F VS
LYt<
.CTZ
JORR
Concat
]Y5f
MpOd
.>7:
8`T
O@;1
8KpSb+{
Rwgm
]#rY
6 .Z
pTl5
'njg
hUXM
P~"
Incarcator
u^Y Id8x
4Qa4+
(~d{
F U7
)
Y59I4y^+
j|4q
1QA9
Tyho'
S0j3t'
7Jq_5
w.}c
2QDAg
K0M
#y~'
Fjv#
1I7Y1M
@"U]
:5zG
O2AW_@
H 4i Z
`,\%
C?ezX"DcW
_,*>
DsJ
ZeZl
IP@=
4fb{
Xt'r)C
JV@l
>)&8
=*#Xk
&,9N
}9 _b
e q
~ |F
C|>M
BeDd++
M5^Q
Rb6
PH&E
4s*+-
H}>
"'e@
R2mP
b(EDf
@`t
5<@E
P'BD
NB@5u
>$d?
mR-1
?=6n
(=\*
ComVisibleAttribute
Mwwnz
MeCS<
LayoutSettings
n >m
7tsm>y
@KD>
w1*i
\7*T
+f E
W7G><
6G/e
B4F0
D`dDKV
`4S-Qr
Pma[
G{jJ
.7fF
"/'qNTv
4o@K3
A*\F
*x+%W
FJyj
ZJ .
k *,Dy
DL/
+bb28
@19?
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
u 5
0zC{
6|ep
kR|LG
FwTz
UnLpr
&NYQ
wPun
UA1p
LHB4(
=}C
?hKW
Rw:r
Hz rHX
/\Zo
oEnL
7Pj 0
get_Message
!This program cannot be run in DOS mode. $
f+}
9I\E
HO R
} @+
O)L1
@oQ(
M<>c
EZWC
/aBV
p,`9
@b>E"
p:X3
$W v
3?V8
FH*
|y\f
_{|9
k][0
e!tD
!H8@
o["y
as!7V
gb&po
%GNte
!-TZ
0pC;U
#'g@
C?SE5J
<#s;
ejNF
&uO]t
RN?R
WuW$
6P]\
Sj_
%>kr
Jn]_ k
Load
3C_3
=BZ;:q
ZkrZ
yT|M
->$mI
-{MM
AC%,(K
&OT}A
J-rS
5*@]R
soyM
<t\
E9v$
SioVc
#WD[
/ ]
+avC'pH{
&>a'
zIDAThC
-78I
l5XS
e<\~
w f;}
m?s,
4qF{
%">'?
XH&#
%UG>(s
Wo #<
$8!XxGn
Mq|QM
<,0`
d ?.
Ab^UsJr_
9@E4n
Ei\Z
g2Gg
BSJB
<|pf
c:pV2 E
si$G
uY<uZ
u{D}
P7 N_
y c`
[*'h
t[\i
n1ujO
75]y
&sm2
`Vvr
r,aV
-F.n?
xCc
2( P
(E%a]K
[k8]^
-Xv \
Lu2O
,8?Z8
K6w}
Wv_Y
-"eJ
Re+#
9dV'
\t"L
K`ea
~_}V
( L%$
%.pT^6
yUf,1
p ?An
%-\/
kXel
f"x8 <
<6 $n
h&hu
wu@|
hd @\Z
/}J4E
C ,(,
g/z Si@
=7C$t
o$PX~
9_Wq!
NwOw
eN}c
H%A
AL l
1kx}
w/p/p/p/p/p/p/p/p/p/p/p/p/p/p/p/
BFN +
_(iFy
+Rtu
'%`:L
^1J}
N]~F`p {
l -<
%ezV0
mL"\g
1U./
x<aaHH
_;ip
&%ra8
%IxC
Z1*j
afL}
2\\
7^/)
K;q3
v*Y}
&4 %
P0`zA
P{e6
T] E2n7 \
I{D"l
lWD7
VgI3
InitializeArray
dSJ!G
<il%+
d mX
HLEv
#OeN
InvalidOperationException
'oy~
'/fF_
AssemblyConfigurationAttribute
[f0Y
gDTj
NFv6
Y<LX
/csI
u6 0
I9 )
hve{
|.K;v
*-?"e
$2dfb58ad-c6e2-4bc0-b679-9bf97373aa5f
XO_Y
wL;=n[
2 *.
ck
M $b
(`2`
cqji
pB;l
aFVBo
RRK"C
a) S+
OF4F
fuK?
~M94
*s|#6
Ua0p
:5@%o
UzfT
o8~
m$K
DAiny
oKV
qW-.K1
w+ ?q
7A^+
yD+i
@.~Y
{"Ki.<
Ev2J
AssemblyFileVersionAttribute
}aRVV
-i?C&
@9\tU;~
&n?K
4S8/U<1
8o+r
tVc &
/@Fl}
U&1{Kuj
x+~yF
$wN}
myGe
xN.K
(b_+
E^,
q 1.
uG!Pa
{ogT
ubu+
oT0^
]~B `k
fKx@
oA%:0{
$luh
B>qz
S%6T
OnMouseLeave
Z=Y{
!dc3
k!bB
% $g
/FJC
L{Ms
`.}H
=]W5
$go#
=7O$
a^. +
XhfC
:J^
.P?ZG
1.0.0.0
iRX0
(X&r
TuY'
Wvz
"c'd\
=a\p
4(Kl6
-T+A
Uu0&u
ol^zT
FfI8i
@?)Rs
Dw%E
CJ0Q
fCU&f
Qp.^O,
bfKkZ
ig>1
Ayq]
y Vc
?jS@
{W >
NY5
s`T]k
(=13
get_Graphics
Bic_
ResolveEventArgs
:K:m
System.Core
+4 E
l-D-~v
9Zn|
wON
/bC63
** zt
UIc!
6 .y
Z+g%
=7C$
6{[^
zh1A
@\*l
OnControlAdded
4xAo
get_White
_r8%
;!F=o
_f~]l
C1F=S`{
#/
G?BB
|shf
GICA
U>5
+mhS
PaSiP7n
z:.{}
wn&]
7<_6S R
=7B$
46*`
EV
%Q~M
?vGV
:SoZR
]&31*.
tq +7
Cqlz
!PZim
J| ;
;Tl:
)!`6
dW ACf
LHR56
IEND
eF|/
$_<}rM
~.^#
7(cb
,BYKv
|ri}
6~z8
/5F(}
Q80.K^
+e;c
oV[mR
mR{%'
)0^'
+ARqu
K az
lo}U
=+}K
Y*r^Ob
Gf)Gg
x6v,
BT/R
2u`0
RzoU
x Z)
zwDRR}
LU]z
Q4V3
UURB
<\w*
A-A!
RX@
~C?0j
>?>[T
matemdeea
w>7}
1MKiG
,dpy
g|pK
-C#F
MHi 6
#D,W
@e[L
, X6
lp=?
<ln
F Pb%e
Rectangle
T}WNs
L))dL
t|~MP?
9?IT
oL)4s
wk?g
jb-c1
,Yj]
u0mK
0a |G
qKmY
m?hw
=& -DR
M7NH
&!y+)w
hwq#
C^_t
wMb5
6 L#
-bgg9
4/ n
:3]Q
,dp1
7gz7
,Cf }
StringBuilder
Y*I1
?-19{
Append
|7_%d
TabPageCollection
' Sc
+%<R\b? |/
Mf2,X1
Uw9=
Cgrq
HfW]
XxZDT
7Dlm%
RJ2x'l
X&af
!UZI
8+
t6>a*z
h~X&A
F7 $7
! x
r5i|
AJK,h
MNa&B
k@j|
ryf@
j=qe$
p8{
|rp
, %`
!y A
#Me!?
mQ9`
{-Yu
8x2 ?
tc*s>
K;kF9$;
[h?=
c }Ps
rcmL#
Nb( znt ,
get_Assembly
h/{eCk9
LVz^H$
$6Fuq
1:!>
~Um\
qr5F g
9 ^e
RbC LP
,d?-$Y
[D4`
BeEVt
(=7P/
tZMx3
iC:~
.@H
%OEDH
xe_T
Q*)1
**C7
4vS yK
cO<2
r"5"
p/3.W
x=Z^s
zWq1
O$~N
)l-Z
<h1,#
X?Q;C
]vq>'
Dabu^
S/Zb{
orb[
MZ 1n
mqw_+p1
.i{4
zY]qF
i _
s xC
k/xP
%[j)
$;'2
9}It
bNw;
w ,c
T1_(^
yD76
wfCG
Li7 Dr&
miFj
4%+tB
qlMp
=H[^$
e4D\
yPZ,
.wt'
'JSI
RMky
@3?C
/0F }
Nfbn
3ev{
5T>e
;K=C
tMd@
Xgdt
LfiN
[y!\H
Me0*
d:T><
~H3e
d 6$A
7@\~
,:D*
3v|Y
9tsw
r,y]T
0ck
84":
#$P[
uZs=~
k!vV
^^'a
us~L
N\`Pc4
;"U{
[w^sQ
bP\M
X8.
|>0p
UNaE
z2)
M]0V!s
Font
039{X
textFormatFlags
cO2:
`'_e
Zn`mVv
bK`u
$EzF
cH^sC
E:b~
[IO`B
X.wY
@J tP
1fK-
Lq*@8T
%sj`
;QW~
` /-/
_3+E
8U.,
yQRBC
hH%>
8%U5
a Fp
' g{r
_CorExeMain
sz?(
S+\
+^"I
aCSl
!fsr$
gQ T
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
VfJB
Y/P:
dit@
0)>Wu
G.=~WL
TextRenderer
get_RightToLeft
N2uu
z<Ug
_@3I
$~}'\#
`n^H
\-ST
X"bE$
+"f,R
:m)3
iRK&?
0y#U
g*E7xS
1w+M
nXr(
$A(h
/hr }
n>w&
6}p?
sv&f]T
I%_gq
>H,4W
9 |1
MintSeparator
CSVp
get_Text
emIF
ToArray
fY`iY6.Y
`QWd
WgX{
/k9r
EditorBrowsableAttribute
:QV
u>1"
a{ug
.1te
8TyGgE
@/&)9
/8F l
p"3'
ZAa#
= cS
BD>,*
f_Y
KBf+q
$/-. m{
<79!
P4ce
j&:Z
??%qT(]
8`@ )
k#"@
p2;
w#%+Y
X&,t.
^K)v
L+F8
kPe8
H1OX
aF ,
j"!as
7ie}rT
KfCM
$#sS
lX'{.
>;"Y{
+B>p
5lw\
Dfw
QMe+)
,=*Q$
7yG%
=V1'O
!))%!9
5{!|
00 c
;86"
Tg!v
>e3+
QDe"
/@ h
Q;[U}
L5:wl
>XI[R
$/L>'
yQt8
} ifds
4mCWY
TabAlignment
[9>-{ad
d}B40&
'> i
?<ve
=jG{d
tR.
:KqX
oZ?Vo
,~R"
K (!%
+c)0
LO/
z$Ol
!ldTm[
V61a
lthw
v.(F
Sn}P<]
X*>&
z/y-
}Wc!
a(J,0
vf-O
)?}!
m#a*
0e+#
v'W'
)P)Ubb
FYu~
S_7
ZtGrT
OJ87e
Jo.}2VwF
`DTY(y
1/DD
:}Vi2
nrk9
_uM
^UJ&
.ic*d
T >L
CCx-
<PrivateImplementationDetails>
Bdvj
$kfQB
KGdV
c92
hJu
w^FE
QDd
$g?L
J 8,
Hac
Sg4&
XTj
H/^A
a.&0
2U*U
],*Gk
|B,Q
PZs6
/ |~
agRz&jya<
g4s
xi"f
fS^{
v2.0.50727
*a,Y
&*0=
z|7U
6@5n
1FyU
:r@IC
GUCW
-tft2`
aK@
0LwL
YNvQ
^C&X
_i^[:
Object
'.EU
!L?O
} ]<
(&xMbnIh
y'D77
mMOPc`
b6Bk
U/tr
Ru?Z
0 yk
2xz+
O$ND6
\y ^
CBB
] o
2VBO
;UkY 0
@nPE
6,Z6g
*}[{ )
2g>V$
5.h(X
RightToLeft
MZ'
\_C~
>a0]
n\Bd
]( 4<
}y+e
|Fn
H\# /
4&M|
J2nF
PX.1
907Z
e5yt
}`F%
"o~m1
/m?-
4_r@
Q'{& O
5d0p
X1{G.s
W|v(7"
\%b,
ltef
X"#S
atMBJ
z\OH
2Ba@H
0<<8<
4//m*
EditorBrowsableState
zj -LNG
-G-`"
|[0p
'EuZ^
I_ Y8]
MethodInfo
[Q4}}
PaintEventArgs
et#-R
G1Ag
RBZp
V?r:
$Mn
KEsd
_`Xg
/YFy}
@R%M
U0b[
PaU
^WV5A
)8i]
g4_2L
;J)2
7Q{2
~QP3
:=KU
iu_R
; K3
Pj\N&
`b(xvj
%B}5['<
%E`xNm
oT*3
nK`x
E@EE
g X|'*
u- Zy
.}sZ
MarshalByRefObject
** D
b![N
nE<^
*@J0
_y);q
fMMw.~
]]7U
'-1B
qa
4'a$W
]e}TJ
?ssdyh
sRGB
%3E_dP
=<tC
sq '
cU/n
/z s&-
@VQY;a
}E\GJ
ydNk
V6[=/D
,s 4
xen
l}Rk(
CC%,a
"%d[
Ly]N
~3 }
|"Q%
zVs
Q+}A
<B'~w
z`3t=
1$f9
vQVX
XbpZV|
E!w|
G[.O
get_Control
_m <
g>vq
}@(W
p`Ol
fit"
l.5~
tw5b
}U5l
SetBoundsCore
.U^p
& 8(3
lkV{jE
nu'J
oa^
Contains
U=7H'
'% 4
L9q>
t%{=
Y ~y
_D_3
bIn15uN
}VP
El`
*e0p
Y cz
<<Klc
?U^,
=%WJ
B?dxzT
fhAKM[
1<=GO
x|D
_w>
T/3K
H6P,H
KZ?yP
}F
pw"n
@S0n
d y9z
BM|o
/:tez
PJDE
+0F ]'
#rb z
BxsKp
-DTgvr
?E::
? 5H
Me )
cU ?*OZ
dii[
w.]"
1(ag
3 0
Zh]4x
%uS<
!'g@
Oa!
/ R}
XSN=
*QB=P
g?|E
e{+)
X?v`
'vc
AssemblyCopyrightAttribute
xG#z
D+~P
S5N
;pg_
HAGar
1SK_
BN>L
4{T&U
#cb m^Wo
N,Y%
P3Fk
F'"8
set_Width
}q$#
ss ^
H{BL
Fk:y
"n?
8 tYL
MS|q
[+n]
12QpR|
C|b%gn
-sb"bd
!CcP
s)(r
YiFTQ~
_y2~
aSb
set_ItemSize
Te;`r
u@`| /
RuntimeTypeHandle
XH[f
_Q.n
W\xj
ev<7C
xVuW
Q?}0
UR^O
I#Q(H
P} ^#||sp
%&RX
OZLv
8 2-a!
{D2:
4,p(
/s,D
+]La
?PFO+L3
BPj7ey8
0E0FA1A62DEEBB1E981471F7A1F5C112CB0A9C65
+/VU
gPor2
q fzL
}[@/
\E/C*
ip}{
>*q(
7:#G
M`+
j;:-
wr6%
RaY4^
O`Y*H
u=*(
Uy 1$
:8,+%
!fw)
zgy'
t(z{
PdT.3
0l&E
*^s1
Z'nv
D Op1
&a|
he q
Mu T
Nn8MR>6h<
Z7|T
nQr;
)> \
c5/-
WRn\
/%R`
a@&6
t u%
4iVw
I37C
5`S *
eU-X
{6p|T
/BSJ
sdz 1
WDb!{
-jFYG$
"${
7y$k
h0`C<q
_d
nKgk
F:3c
/5x<
}Zc!
G^E2H
Y%y$
zieK9
;[W/
UBY_
bM74
quFtn
gk&d
o!_C
"W71
j{v I'
q#! !0
;4jK
vC$qK
'{ ~
DEuC
X;S3
g>>5
C6T;(
yE_J
@oVpr e2
DG\@
kF,zB
)%'g@
.y +
xI_L
w^m/
#E{8
E71M
]AFYR<3
Copyright
/=x5
"'H,:{I
i5F
ArgumentNullException
~`F$~
+W
&5E-
wl;ln
"PC:
tBZ[
^N]G
Wb0
n,,;
,c/l
Point
~Z H
dprD
iZhV
ReR1
17#e11Q
# =N
r6l):E
}u J
l~|h;
}oT$j
ER !U
*.av
O}EY
;J?
NsM@I=
C<s
OG46t
f 4Gy>/kvbD
&A j
TextFormatFlags
B09B
j`sd
HS4U(
_Xoz
&!Oo
xq:t
}]a4Z
%O1P
-qR|
A- x
k.K;
e_.R
j-|z
6l4+d
)R~x
UjXE
(0O_
6Y!
}2!D
X Nf
]gQ#^
I#7&
S" 0.
%#qx
T0-X
)xJE
o5N:
2^N
M][<'
d^ mb
]0qE
l$E/<\}(8c
UdQT
VMFQ
P~o]
h&\/
GpLu
b%D:
>9'o)f;
`=:"
ET +
5BPv
zY@ E
oj R
D0.~
^W6qv
sLi.
u!J]p{
C|YB
F9rg
QRkeu<
S>pU
' vD
FH&=
sWrO
|jV$
lw7H
Ta0p
J810"
WNpf
@g7 w
]q:I
S'&f
7Zk Pc
6S3}
0:KA
e3c<
>F)[
P2!Y!
vg'O
[~E)u
]f 5'
Z ;K
ETa;
ft7Z
<c}Vi
PM]O
Bke||
NuUa
+J E
/H}-
FVo-
O6)i
}VW(GQ3p
_(Q<
Zq q
}(CB
j'a@
\ ;I/
JSK})c
i-Tb
ob-3/!
[/0=
mzbb:
Lzj3
8.en
_1Bg
-@N@LH
rM8\5*L
81u85g
_%hP
~IDAThC
DHG47
+P@"
_0 ){NH
xA M
Ld1[
((~/D
56g@
NM\m
M`*]v
?n3L
E,*I
NoRf
487I
Ta3p
#GKd
2J;m
jpG1pI
A6R)q?
?Ua&
ValueType
:WIk
Q TF
vl<
HkPp si
X%ST[Oqp
Y? s
z<(-
o:Hv
vhi(
7l5V5C[
u,Pb
DeDy
W_ gd
CrbWJ
f}NC?
I@gc
}2%dC
&;|8
9H04S 3
1k|3
,k+:
System.Runtime.CompilerServices
Uc#D
- /Y
XO%
_$}1ZZ'
SuppressIldasmAttribute
mvC)
iXK}
< < < < < < < < < < < < < < < <
82w,q
-#!]I
~ 8A
?7H#
VjsC
/vo6
@[Q/
K-<|PRI
TopTabControl
Gky<
I4Zw f
5Lk
\+3 2
6K{|
get_Y
l^Kt
y[jT
~#2P
avo4
Krh0
Mgjt
^E/F
U2#D
V~m
21z5
s3oFx
]> e=
QXY+
'&AZEP
ItemWidth
o:z-
k!"u
+w^H
0$n&l
[R>4<
V7gzL
SG|6Kp2?
T4H>l
=$td
}2)|
Fin2d7h
~%
VLfo
XcOW#
Zjb6nDb
}xc8
`{|:
bsiw5JC
(P>r
,[Zac
IDisposable
~K!7
}?aH
Y^P!
Oy:?
K 'O
6bf<s^
ControlEventArgs
lum
D4Fy
!6A o
ti@Ev
&cld
g;:
;Lz>N
/U7ix
P|:~C`
485g,.Vp
%/3[
@l&|L
#<2Z<
) a0
0q,M6
H4qR
oA&m
8 -Vi
V %^2>
ep?|
G"0 Q(
, a
( 'l
: B
ZfEGr
~EQ*
}+vX&
WWeM
ma [
&I#\gS
[fJ~
<Module>
8|'
TextBounds
![:2
/}e
&yt?
h)dL
Wx)O
",Vb<
} Mv
@|6
2.K0
=ji!
\hk}E
,lF ~
H!q)6,
tq?}
d1en
$.u1
oU%.
s?ue{
!6 ; I
H QQ
|2FL
3,dQP
l4-%
L:QL
IT ~
D@W0q$
]qgD
0oo
56Bn
,TQ#
? X
BS7Z
z}EDLHH[
FbA>
Ag8<zN\6
qy P
gh4jO
d<kA
,;$\GU
VI.p
R2pKa
3,r#
D=&D
ND2
(2MW
xoG1|
> Qk
E"5k w
gvA*
n #t
$eVq~
<Kw'h4
#GUID
!-RbO*YA
k&$6
3'WedC
DGQP
XP t
LtCW
K'vf
1%no
set_SizeMode
xNDt
t5b,
]<[D
L&tD
5XB4/ #
AZsE[
zT k
&SwHV
^#i_
<w/)
hA#x
i 6r"
LVC46
3VZWMEU
+.vG
(&Z4
s<W9
"Y|0
LalU
@Co
s81N
:_3=-
hDhP
u*8w
C" +
<.9(
gju$Z
S$* 0^
~ K
&z,
_X'-
V@c2bmy84Y
p1)RaP
ad0r
j~h=S
S:00
cKgZ/
ELcK?
$o*J
^UU
I9zz
!H0%
U{K&}FaZ
[Pg[Q
s Na
J(qI
fp4g
9?bOL
k0ysz)
7\^]9
lfP-S
hu7>
| /yQ$vn
Ba/
x&` Vb7
&~<:
sU8IoO7
_V7A
),GQH
,Ym+YH
e p
3[j%k
Sz#+
hP@l[
3 B,
s N+
/KC }
)# 8R
G!H
#![T
qAvX
7C?x
x9zJk
&|Eh
>lQY
.=6QE g
JMXO
>1L$
("3"T
{E]z
F(8v
7X*!
v2!D
:2 B*
-1S
2$!
o&+.
7}wF
=$9OT
set_X
u( v
CEG-
j>M"
IEnumerable`1
up5(
fal4Zmw
y-~I
D7cJM&
ZK=r%
~/SbXu
a7pXi
]19E}
Fb7$
zB1B
DD,D-?,
.}BT
]* 2*
Fcz(FS
yw$=
-wSJ&
r,(Dl
_;`^
Y2)3
WWi<up
#l'I
. J4
V$B.
T)s
7+0x
gH{j
GetTypeFromHandle
J""F
o#EnN
Md+)
Iq(JV
[Z<
get_Size
j\\jZ
;uu?@
5ts/7
QzU5
^UGf
rrxG
qI[[
E
@}{YV
~.v}
2"Yb
G<b$
{sVY
;t g
[5Q7j
LI+VB
System.ComponentModel
ie.E}
-z% 6ao
AssemblyTrademarkAttribute
2O9*
]%Ki
Vb!8
i1Ue
Bx1e
(\!!
sG$:
ea+B
h.:m
h L3S
BH3#
MQ#
+lb)
o]UP
hL^zpo~
Oj&^
#nB40^
$udP
/(b[)
@^ CL
Y"w
DHr^
cs8G
{Yy/If&
Z-h
NM{G
Q/!%wg
V &%9
"K7y
(F{4
mf*+
>(^b
X](7
GH"<JU
Zjc2$k>m
X7Rt
P'N-
}I9if
CC E+
cA+C#
@-_G
l_3lW
*<3K
WUz
`Mt-J
Pp*.
evZb
sI~k
6DF71263AFFB3296BA91B14181DAF02693B8F22E
Gso|7=
FU[Xsu
biaJ
G+Ul
?ijo
zShs
AU k
#'gA
dD_{ra
|IDAThC
m&)n
n8 )
63TG
K GZ(
~_m=
sl_D
Pya(
%dAO
Er~*S
=n=-
U/2YT
1eZ1
},k{
`L ;
N[1!>
WriteLine
>Me+)
System.Drawing.Bitmap
v9W
{e"p]u
9+H
Y7'$
zSwP]
IDAThCc``
GXW>
SetStyle
LBjd6
TG=@cMU
+|UQ
{ZDk
+ gz
?3qmJ
AA116D4CEEC324F997842E90883AC815F1858929
Hx F3f
84Du
~'5,Y
NJ'W
x`c~c
Me*
."`:q
~SF`
]i{ n8*2
4EO_
@4<|
{ac
`:1e
I&<x
or}_rj,
9 Si}D
4=Q8~z
v,QaW
]^ B<
] )S}J
SFm
0JPt
_\6[}>
1"X]*r
*sU}
5,{R
f koU
T\Kb
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-02-20 13:23:33 2018-02-20 13:26:25 172

10 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-02-20 13:23:33 2018-02-20 13:26:25 172

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\chis.exe.config
C:\Users\Seven01\AppData\Local\Temp\chis.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\chis.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\chis.config
C:\Users\Seven01\AppData\Local\Temp\chis.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\Globalization\it-it.nlp
C:\Users\Seven01\AppData\Local\Temp\chis.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2280.33643500
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2280.33643500
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2280.33643531
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2560.33647953
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2560.33647953
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2560.33647968

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\chis.exe.config
C:\Users\Seven01\AppData\Local\Temp\chis.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\chis.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2280.33643500
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2280.33643500
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2280.33643531
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2560.33647953
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2560.33647953
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2560.33647968

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chis.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\410fe546\7307cd04
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\40ef5613
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chis.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chis.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chis.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\10592a67
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.SwitchToThread
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
advapi32.dll.RegSetValueExW
kernel32.dll.DeleteAtom
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
gdiplus.dll.GdipDisposeImage
ntdll.dll.ZwUnmapViewOfSection

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe 
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-02-20 13:23:33 2018-02-20 13:26:25 172

1 HTTP Request(s) detected

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • Hostname: www.download.windowsupdate.com
  • IP Address: 2.228.46.122
  • Port: 80
  • Count: 1

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86400
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

#infosec #automation

TheSystem Itself @ 2018-02-20 13:24:20

Detected family: #Malicious

TheSystem Itself @ 2018-02-20 13:42:02