MalScore
100/100
MalFamily
Malicious

xela.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 13/68 Related 2056
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 620.00 KB (634880 bytes)
Compile time: 2017-05-13 03:00:08
MD5: 712f92012debe7718f98455662ae99e9
SHA1: 44a2993dc8d50d3276e9d39226090c5b8f391641
SHA256: 8fe7052fd6395ace55ec10e814a5dde00afb0ba8157fd25934c24940d772a5ec
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-02-20 13:00:03
Last submission: 2018-02-20 13:00:03
Filename detected: - xela.exe (1)
URL file hosting
hXXp://prosciuttiamo.it/ice/xela.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-02-20 09:11:49 [13/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x66ef4 421888 8ad1e894b4131657e524160c56f662cc 05df88441a56d9961352d83fde69356a3badb447
.rsrc 0x6a000 0x33a60 211968 5cb4300661a5e99ea56e18d56c910f4e c03a4084198c81e3972fd578597fcd7b43cec6d2
.reloc 0x9e000 0xc 512 52c7f7f546b0f831b85b220d34b06508 305e3367bb0aa4432058b7ba6fe9a534e4c4c7d2
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x6a130 209740 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x9d47c 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x9d490 996 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x9d874 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 Ace Hardware Corporation
Assembly Version: 0.0.0.0
InternalName: xela.exe
FileVersion: 1.3.1.1
CompanyName: Ace Hardware Corporation
Comments: oyonayaweb
ProductName: Accu-Chek Connect diabetes management system
ProductVersion: 1.3.1.1
FileDescription: Accu-Chek Connect diabetes management system
Translation: 0x0000 0x04b0
OriginalFilename: xela.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
1.3.1.1
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Comments
InternalName
2018 Ace Hardware Corporation
Translation
ea412a9a-28dd-8019
ea412a9a-28dd-8018
ea412a9a-28dd-8013
ea412a9a-28dd-8012
ea412a9a-28dd-8011
ea412a9a-28dd-8010
ea412a9a-28dd-8017
ea412a9a-28dd-8016
ea412a9a-28dd-8015
ea412a9a-28dd-8014
#C_i
LegalCopyright
oyonayaweb
xela.exe
ea412a9a-28dd-8068
ea412a9a-28dd-8069
ea412a9a-28dd-8066
ea412a9a-28dd-8067
ea412a9a-28dd-8064
ea412a9a-28dd-8065
ea412a9a-28dd-8062
ea412a9a-28dd-8063
ea412a9a-28dd-8060
ea412a9a-28dd-8061
ea412a9a-28dd-8034
1.3.1.1
Copyright
ea412a9a-28dd-8070
ProductName
ea412a9a-28dd-8040
ea412a9a-28dd-8041
ea412a9a-28dd-8042
ea412a9a-28dd-8043
ea412a9a-28dd-8044
ea412a9a-28dd-8045
ea412a9a-28dd-8046
ea412a9a-28dd-8047
ea412a9a-28dd-8048
ea412a9a-28dd-8049
a8beb85b-011d-54
dxy
VarFileInfo
Accu-Chek Connect diabetes management system
VS_VERSION_INFO
ea412a9a-28dd-8057
ea412a9a-28dd-8056
ea412a9a-28dd-8055
ea412a9a-28dd-8054
ea412a9a-28dd-8053
ea412a9a-28dd-8052
ea412a9a-28dd-8051
ea412a9a-28dd-8050
ea412a9a-28dd-8059
ea412a9a-28dd-8058
Assembly Version
CompanyName
ea412a9a-28dd-8022
ea412a9a-28dd-8023
ea412a9a-28dd-8020
ea412a9a-28dd-8021
ea412a9a-28dd-8026
ea412a9a-28dd-8027
ea412a9a-28dd-8024
ea412a9a-28dd-8025
ea412a9a-28dd-8028
ea412a9a-28dd-8029
StringFileInfo
ea412a9a-28dd-8031
ea412a9a-28dd-8030
ea412a9a-28dd-8033
ea412a9a-28dd-8032
ea412a9a-28dd-8035
FileVersion
ea412a9a-28dd-8037
ea412a9a-28dd-8036
ea412a9a-28dd-8039
ea412a9a-28dd-8038
000004b0
ProductVersion
FileDescription
0.0.0.0
OriginalFilename
ea412a9a-28dd-803
ea412a9a-28dd-802
ea412a9a-28dd-801
ea412a9a-28dd-800
ea412a9a-28dd-807
ea412a9a-28dd-806
ea412a9a-28dd-805
ea412a9a-28dd-804
ea412a9a-28dd-809
ea412a9a-28dd-808
Ace Hardware Corporation
Kp3|s
}Pc@
et0+
d~Rz
\h\k
PNG
l])F
Fa-}
>U2 y
le|t
kYa!%
m)Kf[
~}8QO
ResolveEventHandler
ei@=
ey5q
EHi#
a1K(
[R.Vq
W9J^
otr-
6&Pc
=N#$
MBSL
e2i7
;Qqd
7QI)\=R
O "`?A
t#GA
a,yV
*ohn~sY
1*r~
ZK/W
4C328BECF729897AC2F385EEC7A4AC09D7AF383F
2T%/
L y 4
C@I
VOL&f
=[2F
pnKy
uw&K
%G M
3U^i
;rLE
+52A
" E]
RwA||
'zYB
y}A-
Tu"
';6v
';6x
x;uJ
y4tT
dY-0[
(* @
y\YD
0f91~Z
<259f
q h<
M\~b
E`Fi
|8v|
x&'l
KeQF
<j~q
VgC^
HK!j
iaNl
4{$(}
*k?A7
7jyJ
~ 6
& "y
b34\
DIVs
:.H0
`"<:
0.Yq2~
:?O'
M {
SR7D+
tk1R
gpd
mBXy
b^k2J>59
_L'D
C? <n
-(JV
#}$
PXn
get_Height
kS|/4
|JU[m
E9O@|
S9>kYI
tdNhu
t jkg
CJ8R
1"*f
bKmu5
iG!d
EZa>C
uuil
_1a,D
6o m
Jh"3
<3>D
"pu-
KCKM
=S-U
+m
:HTl
3B4X{
MF*fo
[6H-
O?~?
d M
AuOz\kL.[
7+-{
'i7%
zx;?
OIsO
Xt 4-r
AorV~
U:ZQ
w I3A
BRgz
8ML]o
u^,%IW
8^20
qdp]
L>Ad
mhj,
!N)Q
:NJU
Char
Ondy'+
6aQp
]=mC
_Ros-`d
"'mM
v"n
s B\
B@0m
t,"
]IZ,
}WW`:
mE'Q
? t!s
idlB
DQHRM0
1S_wG
QK74
[4{
l+M)XCaw
EG=gpA
5C#
D>DBP
mW}n
^fd%
.text
\=uO
@@xH
25y^
>8
wU @g%
>wX~7
-=<L
L{ v
^pj?
`|BO
*Nvx
!V :kp
o3x!>6]
!3|CX
4mCWY
[R{~
>L;
^?V]
/2ix
-k9u
;F>X
a1049
K*]!
9='8
LHC46
oh MB
T;m_
`Mm
P >@
[xQz
YVnR}
~=GiG
2iOn
p#x
4c@2&
1LL3u
BoundsSpecified
VO~J
*M5F
q]1:G
)j{P
sIf_
-&}A
=:%
NJMs
RN4PR8T
}r)v5
Ea[%:
6:NW
XNvI
8pQ
>|8f
w>*+
ob?s
_ib3*6
Nd6:
f5 FeE*
/C'o
j=bH
a\zp
V.}pf
x]
O /
zgy'
u,T%
c3Z?
/0F }
[}Eiv
KJ~T,
H]e/Z
.8,G
rwZw <&
i`8J
<BAk;
E6pi
*n]VK
KxYo
e~1A
=e'@Y
RA&
JHB+:?
tKA[
}t@q
&dO'
qu".K3
get_Assembly
pehq%
Cg2T
ms*_
A<S4
l,E
-=
xR:/0R
Hovering
xfYr
7-i'
1_]Z
lH!N
oR]
MFLJJ
*6h;
>64(S
ndl2%
lYL:&
U\)OL
d;Y j
3ax79
xt n
bJ'Q
J$-N
IHDR
System.Security
-Vcm
#5n
leh
<gRc
:?MV
H{5\
System
EventArgs
uj05M
@T9m
5? m
m v7
fP#T
4WS!eGn
cfvZ
G)z;
MethodBase
Mjn f
b' AF5
AzQg$
| x9
*?4jq
\3~8&
4or.@
"E\)
LHB44
(RT]#<rez
!,!\
VIsO
T0VS
0j|P
get_ShowKeyboardCues
z:' E
tCTF
w&vO>#
kL|5
DriY
LzyG
: RN
+NSF
IDAThC
^16#
5<ZY
21W)
lK (
FYy
}hHt
set_OverIndex
k=;z
'Rfh
Mt+$
"Jvu4
MyCcIO
zYN\}
bt+p
T*2:
q3%
KYF
SU m
"tH;
f fUK
;eZ
OJen;p
gIo+7
;|*}
6$=+
8%U5
4/EN\@
Wl#c5
)C Q
kt5
UY]\
set_BackColor
_CorExeMain
m8Rin
_sn*
)sFP
>?C[Q%
Z5/
@q&.@
b2Q$
\` \
9A`o
HT {
.eUIC
?od8
&I!$
@.reloc
4Qo
*96w
4:Lb
r<BFx
/S6-
y4ac
=7Y#
-|Lr
melS
w (5v&
G|td
~p*
^@?C
E,>
i+4W
oq2~
l.pD
f6B@
{TDu
U=7H'
!D F
nhPA[
Q<:x
?0~t
TT J
(% S
i#~D&
a$Fk
H4m<
_fbfz
24M!
set_Alignment
'!S*N
sEBg-O
1oD
$Iu8&^c
/_` }
q 4
/Hw
.?%B
`QWd
{IDAThC
39/X
$|mk
AwBg
wg[-
|/'Y
2?>C9^
l5*9
0&mv
]_Up*o
E?`<
o2`
]* '
YJ? <
'A@hI=
"@ghRW
n+!^
X?v`
O!7f
F4p~
17#e11Q
dnlE?
2`L\
get_Count
,WK2
;#3h
QsI&T
@MRf
O"q8
O$<Z8
@G3&A
pn^kl
DPyP
get_Font
gHQV
l#vn
%Rw
!F7'
M]0/w
sM9;
l"m
]f r<
R-m
)l&R
kx \.:
#/ T
vrnQ
]c 4<
Enumerable
eN2
iDN
/ e)
<#ll
Tc&b
g#qTo.
GetTabRect
u?L,
Z)sy
~>Rq,KS
D+"#)
fq$
n6 w
@e|e
xb{0
Xt7P
nE%9
r{kf
TB 4
t$ny
<79!
+`}k
j+$\
Y=sc
B$=(r
i'_8
"IT8B
Lbj3e?
Ts,7
11@SM=
/uO=n
65-B
!%^_
QY3
bOV,2
mS8zl
dCva
tvs(
MintSeparator
&5"^-
in_#V
hp}m3
0kvd
w4M8ONDB
_>s5
C{%' =,
;6)<
0r5r
avLN
Y2R;
O:N?
|>&1o
[/CIB
Invoke
k`fl
>}mE
9(A~[
d? P
):UBI|
cx-[
O(s
g'de
5jJ'
B?/W
vly
-PRD1c=
T\Kb
>Wm>
Array
% V`X
KQMn
~O$1
gaK'
,~Ym
xEd3I
/ dg
.]/+
gcL2
au!2I
Bdm{
@[V5
0%/M763
`"B$
0n7f
H]oo
Y> s
`Gn%L
*4Pv
}X?v
3)IU
W20t
&wf.
s%aS
,Xr_
Qva%
A-,+>
nP:w5
*0<OQ
kDzn
gVc'
eMSzR2
^f`3
T.;,
D~KF
8uwx
3,r#
FYP( U
T &n
get_Location
l%[(*
M}-kMRQI
Je|
_>^V
s*u[e
-ne
R! W
$ZX%
: 5H
RIN$
|BE/
atLz
R4cM
N.,C
SX5l
get_FullName
g?gT$=
MF*fQ`
1SK_
^rT;
q$Y%
Me+(
$ uX
*~E@#
SYR(r
H-M}
RuntimeCompatibilityAttribute
K*!Q
~9X)
~eG(
C6ed
55K2
Yh3e
ApPj'
7J<
W0aJ
7 KS
jd@z
faR0
1F^w7
LayoutSettings
s\#`
Invalidate
)u#JE
~'i
^)'
/P:" r$gaP\
8AN'
Size
`*~#
.l+up
cY^,C
=N%x
z z
UXh&
O qn+
,$`A
cC k
8eI7c
(4 )
/1F }
<n|B$
)gSj
HQ)"Y
6!{dU
Jy^
@\*l
tww3u
N[@(!
.{T
q +O_
BN0qq
~^ P
h;e?
M=L$-
MAolVtW
c_
C%[(
' :uw
u>d
F/@:MZp
(L 7I#+
MO'qc
f+*
`*6H
` -YrZ
!Igw
W-7W
jf L
$_W:r
M+M^2>M"
oxPf
yv]J
[E.d
zw2]7)
R[4~
\!p-
4a)4
SFS6
O$kU(J
u>vG
set_X
[ j,
a/&2W
sDIJ
J*,Al
z&]j
?~XT
Y"$)}
;'K,
l *Mo
:?1|
P;-nd
mc,M
r%)_
%?Ph
3W=T
B}_tX;
\gd85
G|Uf
FDwqb
PH+u@
.r[(
c^y' }[
.'Dt^C
pCe$]
nC9A
\%'H
>TOS
sL;
"E w
~BfK
!%\@
T7P$
S=_}
M3 '
K#~&
YyG5{m)F
UDP4
zk$Q
a&A;
s|<2;
:-@?
:*<u
9Qz
m|,b%<G
:aqh
?t:8[d
LHB46
d{lR H
,qgbdok!A
4 %D.Q
?[\LU
3(QR
z[(7
MarshalByRefObject
0~ ,6
>v+
UZye
a2=
s!X$p
mscorlib
san+
&x0E
4dT~
*j<!
TQyk
!vm(
ipd
fWJztv"
\ATn
XfOAQ[
f+R=
pC\^
Tn~H^2
S\4hy4
>s}1
H? u
r3Pw
qFoc
27m]y
H8yuo,?5P
H)h-vP
RuntimeTypeHandle
:@Vn
"Hv6Vf
9 8u
LKv"
`'gJ
U*tA
U$FlK
yk[t
IghwH
:Z1z
(e&S
EoCd
S/n
["x?|(
{P4b
WkcV
]& 3<
PX.1
>UD_
VGUN
HdA U1
AQ9d
cO>2
jyjd
|<"
Fi_2
(=^+=
na 93*
hN3"
}uLCZ
)W*Y
x4mNs
D.n3
BYd2
IV.^nsY
"/'qNTv
Dq >g[
TUX:vk
ghxe{
?W,S`
d5xH
D` s
MVu_
!This program cannot be run in DOS mode. $
. \
dqp1
0<{;
tEe~
-qN}
7Es;
5r -
I7Il
=o_R
4Z{]
F,)^
#WD[
Ovp{|
"<Jv
L*p#
L+ZZ
4RJ#r
J"G1Ne
ZC7?
Ng7x
d ?.
Cco&
t *Nr
.rF Y
D vu
u3VS
Q0*F
?xx]
x::uK
#.XM9
[HC4>
|:%)@
aDk`
Re+#
1"74
)FVlLx
K/"8:
E*VU
<*<K
YIS8
w%!#
kxMZ
fA$f
Cz1e
}(*Q
System.Linq
\{~/
4/ ,
R8`hwG
p>zT
W $#
FQqi
[wt5(6c *
=O{v
/0 L}
8(PM
_"-W
gwDX4
4+{(
jM2 f
f@)}U
xR(XD
@3Z:}7v
:5@%o
j<21
VcG]
iOCu@
.,/tn
~Wba
^2y J}
3oS'W
=m^yJ
/@Fl}
z"iiu
lF\eWZ
#iB
9sr2M`
yr=] )
h6:*
Ewhz
X(l=
Z4[eK,
get_TextBounds
9oB`
=7O$
GgQE
MethodInfo
I1bM
L4)o
uYAR
CompilationRelaxationsAttribute
h Ev
.xo]
{W >
T{$yo
+4 E
=7C$
tqIf
i `f
|$#X{X
{:BGC
*orkdA
c&Qf
46*`
qb$Ccn0
51Un4
GaX -
aj2_4xy
nx<XL
r~6R
O8K}[
/5F(}
qvM7
MVX|
K?@~O
=HL7
JMR!
a@ll
^YV5
1E2:
(+Jj
CSGe
[QA
Cs5P
>F)[
MM]RDGA
|C -
9 bt2|
uzGd
SP9_
Rectangle
W~Y^
y YB
d^f'
M7NH
[~]X
Concat
tn1%s
YlfZD<~
VkRv
ul/m
"} Fg
(t;M
`zQ
ULpc)
I2$F
1x1n]
};S3v~
2|<e
%)Dh
P^#M
D@ H
r5i|
,% UEi
-^N
ERE5D
S7lF
CdK %h
b/#w
P!}r
o2V(M
[D4`
System.Text
1x5J
Wn%zW
r"5"
-#]H
Vc"a
TG0u
],ab@
@}>
wfCG
{(FWt
)1*3
KzK{
+SBj
O$Rh
Z@eR
$DcW
{doo\
1; 9
2u]Q
4xrU
Me0*
ybRR
8s]$J
p @8G
5[Ow&
&\N+
(-ig
UWp-
>V3f2
;]9p
,BYKv
hS<|
k.%,)
j!NGj
3]+1~|g
J+Fxz
Hku<j
sz?(
Q*Pg
:f4
mBK
l"Wy|D
V_t|t
~J K
nXr(
/hr }
L7eR+
>H,4W
QtH5]
ToArray
OnCreateControl
X5h,\
k2Mc@
]J?Z
Y'A
4V]f
6#x
2/MA
w+v\
m=gG
PJu1
*F[q
o H&
,n -
|2 u
9mT@N
E Rk
I~2B
FXGh
gza
2L2
/~hQ6
0e+#
l>/9
[8<#70
4@*c
>!<'
c$Ru
9:xJ
`(X6
i^up
&{ K@,
,%k
DZ ;17
<~Qa
]U[X
+(;Z8j
bjy>
#+.i
og>I
1FyU
DgG8
\}x}+
n8 )
sh_ u
.? y~
.j!&+
OCqd!<tV
I2?F
(a yv
748SN
H\# /
qgs!
;a{L
Cs.:
fO_C
vMin
M7i0XA!
/c[9
{P]-
{( `S
i73]
=o3HeM
1.0.0.0
~<ql
dsoP
cM+R
*r)G"
r(X(
esY1
8ue[l
5}}M
+$J2
{@+r
G 3
d~=L
sRGB
`@gE|i&
CreateInstanceAndUnwrap
JRHZ
JSoeDs"
T"SJ*
/&Ek
WYZIE
SUS/Ka
!M$uH
Hg#)
$t"&%;
%A+Grb
qi|o 5_
t*_7
t3q9
%(QRJ
]]f30
]s7
*f9H
RD(S
i$wT
(Q `(
75NB
+'\J:"
P' x
('-C+<o
hBNM
^j9#
sL^M!
~Ta6
:1l"
=gWX.by
zn (
o@3w
gDKo
)ORW
2J,
u;< V
b/;Z@{}
nP^ng
Ulgg
}+#(h
=(G[
'5IVyHg
n ;
:}Vi2
ln.K
3S65
LVC46
Q[T:)
a@&6
#@ ueq6#r)
K9~7
Q:`K
6M;IlYq
L6,c
"${
Y}!0
qcl0
m+NK
bM74
=nIe
i&dt
`}id|)
,D:X
nY)
l[72
'Ns
QSjO.
0 ~P
<Fp
$Nu
Point
e5T1\o
:={Y3
@}<_
%[E{+
]I}4
A+eP-)
'>,)
L:Tb
W0+
&E-E
hiX32
yIa=
OA2:
~iG
#jlW
S" 0.
Mg bRq
nTvFl5
Q }i
|43O<h
YJ)a
zY@ E
$UZ<
~Jd-
P {c
@{ {
~h8onk
tnx^
^fCs
0:KA
+H$XmU801
&IQB
_Y=b
W,i
"U"1
FVo-
9utL
:7"Kx5
RK>R
5zGn
*.nD
{%GZ\
e1kt
D$ 6
l3g J
TD_'
GbgH
56g@
JnXO
L-XE
a 9tX;
KZi,
C<8V
3Hu>
4Efj
r.Mc%7
P-zm
^s/W
RC~L<
r-/b
Kf)z
xxY[5
QO*I
4[ 4
H}/p>
4^4<
$DBZ
!Tc!
fN2q
8Dl>
21z5
Iu=jb0
Jl"7
JCJZR
KiA'2
Q:p|
WqR,
sX<+
Zjb6nDb
w{~ vb:
PTW0f
Y8q^
n,H
A:W]
i ^I
485g,.Vp
r!Fa
.NVB1
V Ck
nT"y
1Q$t
P<YBC
AdXj\
}7-
-$^,B
Pexa
TextBounds
x|}C
S`ON
a)wq
R]AK
graphics
2.K0
L_H
*2^M
Cpy-'
l1-gl
ip# wt[+
6F VS
]Y5f
PI;
Kx!8
ZMI(8
z}EDLHH[
dwR`K\
1 (x
Cy#Tkt
:|e_
yLtr
.0ZA2cU
#GUID
&74?
set_SizeMode
g/z Si@
9/b[
K}>Od
5XB4/ #
4l_p{
9ymW}
v_ \x
msqMU
qLhSFX
i?=m
Xv.y
~~
~~)2
0.C5
Joy^
TfV{s
Z:4Sp
4'O!A5I
Bk$'
.U//:<g
**C7
4w1E
:24s
R 1Q
7C?x
FIDAThC
SU@m
m:ni
>~; qU
xY9T
3n>,
^{Wc
cl!L
@/&)9
Sg:b
Fb7$
#sT*
=tq
Uc#D
|r)ii9g
}y~I*
fQlrH
t5%-
i>oc
zz](
get_Size
r?sS
\pc!H
\aGf
]nNVS
]FN4zj
=<>n
M +;
=v~L=J`q"
d(
M^vN*.
x-/3@f
"K7y
H@L=x
}Zc!
\e;+}
?XYk
`Mt-J
SjC<
z }UUe
Qm6xz&z
fS#/
ZY0
@9lCh
op@U
63TG
/19"
`rY+*I
zI9(
&*v.s
b:(a
pdTV9
4M*
,_^G
SetStyle
kK1<
<S"x
5<&'
s;d\
Ft2' m?I?r
K'aq
EI72<
/#-?m/
Ji&~
0BVtL
=uaC%%
v\SV
L*k>
Ea`w%
2 (<g
F/0\
=Io)
tIE?
>qT:
(U>
X D<z
u8l`
svIx
U S
KW9j
/ASnn
s=/@
Llf0
h6sIT
1eZ1
'} K
"95R
-N77
QJ f
= < < < < < < < < < < < < < < <
j^orF
vEMs
2Nve=
M,rW
_Qa#/
Hx-
+4C&}r
_c)?
z:&I
/g-{
z:&F
BF|D+#
ha#s|
"-9v,.&
DrD M{
Y?J![a
sS
Bw u
Z]DCnj
R\df
OverRect
>fi6
w !?^
k|6d
Ineh%
~&fa
Ya~0
81Rt
XO3~a
=l\w
qLR<
q<w
=1n&
,3YU
'[v*.
O}/hI
I=8,
&GK{'T#g
;Zvb
w;gI;
0ssO
gX'+
7!aR
BIxh
],!/
.qg6]
1$f9
_u k
$~-/
k k`
AppDomain
5pKE
v2.0.50727
B:89
Eh;!
2.a3"
;4 /
=I'u
HQ^!
1-~~
;_@%
Q{T)
+%17n
.h<X
Rn<G
^1SdQ
Z4~S
nILc
(ef%
Lpgc
o 1_I
kLls7
vYL6
vK8u
V3h"
c\Zwq
Control
AA,R
\)KA
(fl/
$-)w
; %q3
ILcf
Type
wz0#
SWmA1SP
V#5k
o9Y"p
5:T*g
Qs Dw
CoVj
%K# S~
v(;,
J}<
1#%G
CJ2#,
4YL%
qtw7GO
@~n$Ng/
ePKY
1 Zr
tHIKw (%
@iij
.z t
'L.o
k!~j
x`-\
d~a-
[Y'O
%V|x
h;P5
K{Ui
JQL`
sYw3
uhL,
5m ~
Yl/&g
w}9O3
pAz8
7'U
P-)U1
dE4Qd
3/^0
q3 2
:4xZd
aC/"{
)^*Q
Pb j
+ u_
p!=-
jcL%
#$P[
tP%Yu
^!jF
1ZeO'g}
KPx_
m#Pm
qu%i
r6O@N
|j`[
cnbNMn.
eszv
zoY'}
7Ag3
,k @H
y!&"
B/R_'`)T"
R.J^
4U_W
tf+i
lfVL:
(: g
E;!eKn
Oo9z
\&Ei
!A9REr
~ZIn
osDi
]t<Zn^
pEI{
S[iv
1|$
mG M
`.rsrc
T-ie
>Kn6vX
#P7$
yG[l
;MC-k
4f#T
Wdh <M
ZC?D
NUZ ]`(!
atuX
!-Rb
U^HU
<'gJ
1*Bh
u:@+
xqwX
ki/1
zV P
{e<~
!3?R
$>Gk
;40D
H]A[
:v:S*
aPYN
v2.qT
.5'^
d?3Wu
tIye9:
]TB
!o L
Gy!mv
`F>P"
v1=
}:`P
%\ae
hu7>
<MO\Y
`}^RN
q,}=q
*uP z
z"{?
\*!?&
matemdeea
Lo)6~
` d
D}[_
A t'
:{2/
qZ16B0
N]Y`*
udbZ:
U"("
kN$Le
C(:i
Mx&pn
xE>D
s2 2
xl`
pd
g ,,<
w`VQ
1[:C
}$G_N
"c|x
/3yg
1&Fd
k3boY5
s46!
5dj
Nm P
;)78
pH.|
NNYm]
d316aA
Y3)b
c t|I5
>dmM
b/.q=
BTSU\
W8bnbHI
9Q+7o
J<bN
aHtS
0~]
"$M
RU5B
<01d
{ eS
:)}(^
`b?$[
iS_
' Wy4 mK
z&<a
>Sky
)XP/.p
RightToLeft
yec
6EFAC0EE8C248566D5441213E5936E72128EE1FF
'Zz
d&&K
'R,
pNp
In:&
J!"
iwK2X
' /[
Xr]TI
|U mK
^yT0lx/q
/' BYSX
X"~@
X"~B
V~`m
5v7}
`#-w
5GG[@
;NKL
gAh
/.S `laW
oS|K
|Zs
oL#
HB>Y
z{'.c
&i]v
Q10>
Zd7q
3{]E
M_*[k
<gx8
E +a[
_DD6A
[d-
z>dJ
I7W>%#
2Ev^
<z -
hDf#
xiio
Fz@4F
/T[l
Pnhlr
9J\&
MLm73
9 8f
TabControl
*S$,
H_md
Ck'
9r (!
4IWy
P)uT
"-*M
@)Ns i
1A^A
vOrvk
CEon
dC:9
Q!b+V
W&HzP
I9b$
oJf-
geC+
M,iDU
}T9<
Q#atD
HV u
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
B1dZ
?7 '
:+qp
/I p
~-YC
( J8
8$}L
@Cpc
Bf(Q
}N5G
W5j?48
#lP{>
sl[t
-v$`
95A9.
,Ug;p
eyvp
P{9q
v8'L
'PFl6
3H(|
>3j/
.n V
/enH
Op>l
55n
S{~bcO
/;b;
IAyd
}U~D9
9/Qb&6
{mH
drkg=
}`F%
],*Gk
9Dy9D
XR]R
N&+;,4
U+VC
|P9F
\BWC:j
Contains
#x_L
m.>\
d7 O
0"r)Sr
;<4{!
~'$>
-cok
ValueType
+]La
#h~.N'
;&-3R
0l&E
T5hbp
g%gK
I+d!|
44-`
-?U2`U
.\Ca
;}_R
NC/P
ButtonBase
0"
],6Q
ekh?> ^
&45p
^X<f
.Hqn
HmpD^Z
[*hV
ZCcD<
u1l@q
>&yQc
*Eh`&Z,
-
F;zk
"'`@
S(ob
u(/b
x)Ne
u=@>
t$Hlm
ToString
i8?qb(5
yZ./
P33u
^F\4
L}Jn
kt7C$T
-%;}
#]`B
w3VM
%d?(
KKY
}5Jdx
T7\5
Qyb[<t<
qw>=
hD8r
kfVaG
NHB46
Q5Z|
50O2
ORjL|
/}1"EWFD.j7@
f)wva
2@d*CN
\~s
9S74
0K?
C MG?
piw]`K
+27^
L26J
w6/U
dp@(
hc;\J
@y5r
lHNT
J7|
!R,(B
-Rb
[ Y2
O<@[
WmP
QMe+)
#qQRc)e
alaU.f
J~|K
>Q)Z
width
.bW!
#h G
Ua?(XS
K@;0
I/8+
[ Y~
-'n%
>x24d
Nh`D=W|
{wb 6
+6~2
RS%r
.ctor
L1]W
Dj ,&N
JJ2+l
get_SelectedIndex
8kh0=
kRSQ
'-<^
U0=s
NA3^
Tf)`
0X $
NA3N
1KK1
get_Text
"A=;
A7)r
M=I~
_{ @
KJg?^
U4XO
i.?r
c[l
' 73
F&E]
MnU0
Wr3g
b}mSYd
RH<g
QWX$
0\OG
{8 |
@4qJ
^I8I
I;zZ
{@NL
"xB'I'HQ
g]'j
{(Aa
'HS8x
TKk|7w$Q
:5I $
#GYAw
a ?.
l*Se
x"Iv
s`*=
+@"3|Y
+}(.
-'j]L
& p
~m1W4
p+j@
), 2
N*IE
e-Sd
uG6
@aA!!A
P9ks
lT:6
F<4
/{gdF
`QUBs
~8iwc
88[L
:`4T
e/ig
2f*0
cZac
r8iJ0
Pli4i
Tm+~
+W.C)
i-'U
mcjU
7bv(
Ug%E
)HvHWFg
'.gSOWE
X{5Pk
+q\d
Mi'E=#
|0:@
uyDA
-a V
Tl6'
IDisposable
P^)!
;!ds
5. U
Gm[Mg
1B:VGF
Jdrw
8m.M
{r =
"R=N
a3`N
/ <J
h3Yto
|@L}B-
9jin
9b<h
{NJ\B+R
?-jb
!H8@
;)u{
Q},`
!-VJ
tI?z
sda
=fus6
`82Xp
HUU/M*
uVqe
y8GS
]a.9*
`+R+
^rz9
aKq"
E}\U%
Lk(
UYJT.B
#/PN
CqaQ
"Ky/
#URc
! 03$AE!
$uOo
|]m(
y('z
ZYGp'
~Hd2d
>XI[R
7WLP
dp"{
w}H$
`~kv
n:*
|L7!\
dcbG
H,kmBg
l jUN
"+xzE
">HDp
eT6n
,v#tM])L
[{w\
eyk~,2
2'+2 E
v^z@Z
!)rc
S&1B
1HZ|7m
R;4(
2pZ,o
;rPT
7; {&v
tiBqR
sRZ;s
K:=p0
;'U4
DeBY
O:K8s
Y 8;
pde*
n+yG
~h'f
ZFb>
aX/
Ukl"
Y 8-
SJgia
y=,m
C%1p
Y 8
GZn6
~H&P
Y 8}
Y 8r
Y 8s
/;}S
E}Fx
&LZ!<6
Y 8Z
8&NM
Y 8Q
Color
pi30_
HIH D
Y 8F
Y 8D
+3_
M_pD
kR4
@xK}
VI.p
BNj
JKRp}
xKX"
8 16 "ZeY
iR|g
@Wzw
6O Hq
eJ]VT
|5Nl
WT O
YUTJ
/0F }
hmQ
gAMA
B f0()>rt
~d|
-<~e]
{9 !
zKO*
<J.3
LFd;Z
K<yq
Ta0p
En
kg&r
cc0]9F{3^
)@qO%
N:^|0
x{I*w
get_TabPages
f^Tsj
1?hPGfv
2'%
w=<\
w7C;{
Z ,d
a4ps
7Ed%
W~E*
}139
%HP4o#z
xLfB%Mj
3bJL
=9
6 /g
eZe
+Muq
smXC
+Tkl
`SLA
yQg8
fFw)
zd)LL
xsk@|
2%a V?>
x {~I
#OAK~
Incarcator
u^Y Id8x
>e6 .G
gd3OA
`YTL<}
ljEW\
7@BOcK
t<fM%
=ASM_
:5zG
1OK\
'V|#
lTQ<
y&@X
]@:8 2
NB@5u
+:E ?m
P_E
oXGx
F [*
Ew.K
#$.QUTz
:I)6
bsJqh
A [?
% N0
ZJ .
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
75Ua>
XAf [
~k/t
!LF@
otfqa
mscoree.dll
`1B:
^'K(>
oy,'
gy6D
Yk 7
p?hi
qI+3
R\@TF9
{B ]
!-TZ
QuY@
_)?Az&
ICloneable
4H"t{
RIB1
%]1krsk
P>e;
WLMMM3
U [s
,{^2
umnI
*NR$
$:se
lW26
4qF{
xjt,
LabelEditEventArgs
matemdeea.ControlFolder
&:e*]
^vX@
I,,
074]
+-*bGI;
M mZ
0@RP
}| =aWK
mA:
UaRf
0E0FA1A62DEEBB1E981471F7A1F5C112CB0A9C65
;o/tN
&~)2
eYV9
UpX~
5w+.k
eXq+l
,\&|
qmuC
&uO]t
zyKl
|-_ tw
IXA
ug9-
e3bCl4
$Uhn
7(cb
6V$L_
7^/)
S^2(
ifZm`
Dg&4
yIDAThC
I PT
z2Ve/
ern3J
~_d.
^{&{L
1>p7
9x|S
*mP$
6ENU
~M94
D>o&
{Cqo'
$+,IV
g<[=wp
[)6>)5
%h[//[
33Y1
GF:i.
Hgh?
YWET
tVc &
{|jv
t! Z
-TiU
bHD_
7<Os
zo\7
F4C
O)}\
=a\p
Zo7
}>O0
0u [
-~#e
fCU&f
*op,*
Z%qR
get_Graphics
t ]q+]
aoWX A
q_v*
wzQ[X
\?r9
LHB4(
OnControlAdded
e<E"h{q
>3+)
,`L1
0M,/
pE^;
fnL%
xA M
,FF0
qzTK*
s<-C
= < < < < < < < < < < < < < < <
5AML
<0-RA
v}t.
efmH
og)(=
'M=.
& Gk
fy]o&k
"~1
;s=g
e<\~
S*>
get_White
7s5$l
arm1*
b+SYRd
dtM=
|CWsS
@xLSs
V!v
CF? -
aqjH
]0p
tkWt
==u]9
f_k7
/xk77 M
1@JX
uW'0
_1a c
+>Y9
ejI#E
#Me!?
<sZ2
:1-
mPB5~1
>}GC
LgQ\M
:hNs77
K[N"
rGgu
|Uvh
2,X3
}nf#
88_l
,O{L
DQ\T
~]m
y]2y
DP-
2F/~
Ndhr
Ha]
Tf}o
=o4E
77%z
G&B^
r,y]T
4ci'
.efTX
G`~L
/TT
+8CW
1IP.
G(3=
1#En
+b-(`
k%H+
D);bF
_$w
9CpK
yQRBC
hH%>
ICollection
_e,&
V(p2
|U1A
|hJb
FU 1
\"1>
?I%
c{zhq ~
?{ i
]7 d
r+}
nw(.
x]K@
gzwN
nfsY]
amCu
xsp0'nF
G}C:
8JS
MeVS,:e.
= cS
=.^6<
'm|^
'OYW
pzTI
get_Hovering
i<f"
aF ,
F[pZS
\3eopL
.]5&5
DhEk
cb'8B+
\M7+:
~ W0A=
_;KN
[bE3
QDe"
]k):%
WX9*
L/VO
}U5l
pg>A
+\Rt
6A k
wIDAThC
06CS
hz4X
/jAL
Eifa
F3 f+
f36eO
'E r
f-Rh
Pnx*
|_<D
% ]Y0
T"|x
^UJ&
hIwq
C<,q
0|w+
cy30
7QxH$
CY+G
`g8[
}wV\
*FSAw
L=zx^3
I:zC1
^qwI
`)3
3E~F
. ALk
9Yy
08 hu
ComVisibleAttribute
21/0Lg
To]Rq
/\Zo
m-[x
0f>E
>a0]
?P,f
2ir_
;2*F
&]yi
KNa3
Nq'P
k Fq&I
g'Pp
;iAV
=
loT(^
fVna
fN |rD
@838 T
]Z>~
Tm24
fVnv
?#>NT
";a+b
W$5*9
t{i-~2
-*<%
_;sV
?>w,
b /j5V
Dh*4
dB"_
wR9#G
)Ba3
]e}TJ
pZke
3E-~ 9
?K`;
Spvw)
,z@W0gg
XgK{ej_
U:bO
[Qh46
gT>
T[ac
get_Control
83[ "M
1/K1
39D$
I7F
6H '
R9f
H' K
M~2u
K&xWi
Qd{c
B7#t
;Lv[)
+0F ]'
X^73Q^%
Hk-^
+bR9
R!M
]@90nQ b
voknG
V2Xn
\$/SoP
MS=[
U}fY
set_Width
xP$e
u .;
MS|q
tlcJ
H~eY\9
<c}Vi
] .o=
G 9Q5
_Kq'
$s4C
T.z]
ka<.
PK%
neFf
Lo;;[
..K;
;3(@
tx='
YlN|g[
[((S
Llu+
c0cO
Z-NE
oV)U
RaY4^
o329jJ
(\M &\
}sG
uqE:
@a<N
WI\
[-^\\H
yq5N
p+=H
kIw!MMJ}s
{e"p]u
84Du
P$sB
9gj
;Ha[
~sxj
ex4]~
\XRt
w <s
Wr#k8
Wb0
Y0\?iYMf
H(FT/
9AH
N\K%i
5u5&
+x_S-
./9M
Qw4b
z1<w
kVDi
Yu,X
2\Cn1
i#'pQ
Zin<
k.K;
A- a
OzK+w
bcqM
*#4
?&J-
GWF0
F E
Exception
5RX?
;Zg1
)RN88
fMV(y
ZY0
pNd1Cu)
VY.s7
v'G7S
\^=!1"
I6|<K
aEQW
a5]3
=4i'
ffQG
<:qmn
]f 5'
s 5I(V
fCpB
Pb9X
SrB@
/3A
wwVQ
TC;a
!kUX
\ n=M
=My6
'7p+
_Gf3
Z Xh\C`+
&YH
+D_m
&?3b
[T]Rw
t`?4
Q:,FQR
}M, R
OverIndex
Fn(sI
DHG47
;_Q@id
4o*O
Math
$wK`"S&
z>qo
+`<2
;ZRi09
w99G
J%V2V
}a b
WJ]jGs
LJgS
ZjMl|&
SuppressIldasmAttribute
a>M.
j@{0y
P8Of
!D/g
TopTabControl
\#J=
3nji`
$Lz-9w
J%On
Fj+2Y
u<hBD &7
3.wg
Ukj^
LxRBn
-fMsX@
]> e=
?"+<
+LrI
08g&
6<,F
hM!w
}2)|
Fin2d7h
~%
CWqQ
}e_j
k_:4.
oV]7'
~_`L
}?aH
;$ N
H!-{
;.Wt
=y(wf
oOJX
!6A o
^WM
sZUt$
.6 u0@,
)E[#
'S#p
mXq
g?SN
/.K;
NIe\4
FwTVj
D.+B
4elYC
AssemblyProductAttribute
tNLL
up}}
YN"-
<Module>
8Z4*+Jh<6
jH:tN
c>3%
yWG
k3P'"
w- u
#'gA
#'g@
uKs!% $
DgL5cx
];@
H2n~
qy P
v5FB
9B'q
tqJD
| m
,$.A
c45/n
E"5k w
|*5|
0X^+
!-RbO*YA
oyXK
WgX{
;KEL
K'vf
BO-J
|8-K
5jOuz
qW-.K1
.>d Q
2Qk+~%|
DGu>
uLGw
]zU}(
En" )s
ad0r
+a
urKF
?R;O
b"}k^
K>QT/
o5y=
z,[OM
k#bO
3>U4
K!hj
*9tO8
+{Qk]
.MN
2yeX
3|wi
X^\C8
jpG1pI
l~+6
J%Vp
v>Nd*
5~\qzI
E`Gp
YUkb
&qrM
*I$C
>;/c
% s-
qE)sK
c |$
ej0[
E
2O9;
e{w7-
KeP!
System.ComponentModel
44:7
Vb!8
Kw^Vv8p<l
#nB40^
i3X B
FVr\W
+|7>Uc
O0]f71
*1D:-$&
~+ S
['%!
M<>G)
<JZR
P\Fgd j
1U7h
7}R!L
6DF71263AFFB3296BA91B14181DAF02693B8F22E
AEj$@
uP4j
mgB>_
HEBT
|IDAThC
m&)n
System.Windows.Forms
\rm(
kH0]
R d(L
fy b
'0.M
kq0`
Md+)
Q A*
Gm'}
[GQ
>(^b
d}B40&
j}1WJ
c;q)
Tg7x
3 S~
LuJu
dO=c
{$Jp
sA9N z
:7_
( a?
Q<Z
-%V:}
8(k+<
ox;c d
Qu4S
w9N
{AVf
0WndL
EGPk
/YFy}
oUO{I
AEaT
9) LH[
c-o2
->-dB
$[=9~
h 3
Y6{L
:{&"
xG=Sy
h6/s
Q-ShC@zA
3""
Z,l%
Oz2d
!sx u
#u?
4P2Q
8|8-
bE\j
+]#Q
c rm
r1W0l2
bHr46
;'w"|
]hE#
U. d
l*L
#-*W
oG K
NgN$5no
x@6^
Gt?+
FJlqp0
&N+\
*<0*
iH4R
}oYU
CwKH#y
WWeM
_|2i<
5\|'
'fQB
CNOOy
y\.m
b~;;
aTdS
=lMzT
xct9
D$ua}
\<^N
rQ||
Hr26
<L)]
^]o+W
get_CurrentDomain
>C@a
CA/D
(~}n
^}5)
q !97z
SetBoundsCore
$lmw
G,k|
zU=g:T_
dwl":
(0sF5#
)i$ 5
-zQy
_~);Fp
3?oM
),B!<
McH/
Me+)
S6:j
], 4<
,]]r
+3xXO
Pg(}
ufvf
xV6a
PBbz5
QAA%
N-8jb}
Rk;V
<iv|
Me+]
#Blob
Q'|02
.|G\
a+Uq.cWR
oA0p
Hszy
IPL v
C}Br
ej)
-1#M
Rqcs
O0h
2%eW
/Y4e
.56X
DePz=
T [i
_N7R?
*#qe
%`_O
t0X$ S
d i<
w[AT
get_X
get_Y
,cb8
{+;xJ
qaSvP
$0\yf
V[&D
k\5k
+A E
3S$r
W4S
GHCL
7{~W
~ F]x+O
FPJB`
ruC-Y
yI"
YZk6$)
|\ )
#T|Dm
lK/
#R9
>l)/
6#QY
m?CTT
7>14"*
*B\jp
`=#&"
(c2'
TDo:{
|hpd
$3{f
lqz<
C5s0
e/E{Qrg%K
=Fu[p
jt{Og
3~V%
.Z$cH
kguy
<Mf~
w3$D^t'
:k!o
W(vB\
'_6q
r@[Yis[
37`|
wll)
vw2/
mz s\
:65)
KMC+S&
<zYB
}VW(GQ3p
gQ(m
CQ^!
n7!t
matemdeea.Initializare
l^Kt
^.,T
}TM*
X U<
NY:x?
G9,$
4W`|
NwwL
e4D\
I$V&X
cSY
height
+Mpm
96#C
G9y,
L~k
uC ?
<9W?
r.u>
gmYH[
v"oy
l6*bx
Sz<_P
pT{x
<2}S
-G"~B
W`e #
Cz'[
I Aj
SwLO
-].@
uxvc0'(
wU$U
> "
mvBUC5
cuCG
p?|cf
/~cb
V"W4
N8G-
/^Vv==
|ECR
WrapNonExceptionThrows
;hoDLVw
z1p1
o"`@
M$mgH
w/6p
K<[is
9!Vc!
qQ@gr
-;xvu g
}Vc
}Vc!
3 tb
&*8]
/8z]Y
ufc
&*8M
&*8N
Fn{HoX
t;\V
Jvh[
H =z
.C5q
ADl.
fJh6/0[D
!n \
HF cJ
p.D |sq>;
q mD<
t2#D
QZ{D
eul
+FHZ
y9t"8`C
_yo:I
w/ch
Qi ^
CeL
;Td@
[D`^O=
.&sP
Zc@&r>
Qa3p
&Oi_Ti
I^KI
2^:!
Uz6N
00ch
|b=
O He
[fr3
c/|9
k#nX
!`/M=
n|3J'
Cl"r
-$b1
a +)
{6%2
J|!uN
tM`4uFx
`!99xt=
j7&E
is>#C*
\a4|%Do
SU/z
L
M8Zcc
E#[I
#pNR
K 87
.d5
X}B$=
@pP]T
tC0e
vd&?
|_2HQ
:<'G
VLu*
CID2
G.zX
-=uW
Py> '
H<tZ
J7KC
vj8<
+[Sp
\2vm
M6wo
,f#fV
NK{: .
-=n<
<k1I`<
}.R?
uWjg
felI
l.KO
9:w3
21@Cn
L+!?{
77-Y
%k 3^Q) C
d!s)
AEHY
Og)4
oyy<
get_Width
P\q
J Kc?
CONL`
\#}b
_)Ef
%OEDH
rt:gN
wL2:p
rTuJ
S0j3t'
zZU- h
?0Rw
item
dmTi{
PaU
gCFU
Z8:N
E ]0
:'Y
P0`zA
<jd:KQ;
gH\\doq
FDq~
8j)
c4U)b
[hKH
&4N
Z??ACU-
=7B$
+H s
X{64
?hW
38 @n
}tRWm
rQ0k
{8"*
px>\
Q)F y
AssemblyCompanyAttribute
) AMj
HwHw7
(uBE'
,i[7
wsb
I0W+k]3t
;Ya4
{Zw 2/m+
F <r
|tAR
J c "y*
PG;D
/^ k.
a;PGu
K;T-
3Y0r
&x5"
2ex
P6c
uMRBw
R >
730o*
("b
W>D7\{
o)e,.[I?gdK
GuidAttribute
FT=XC
dkkV:
7y$k
'k}2
HCQlN
`ErM|(
=a"p
g ?U
Uz4
ut<1>
Yhx]
AA116D4CEEC324F997842E90883AC815F1858929
M cd
}2#D
V^@5
C"+U
H=i-r
WXnN{
98-<T[
4Psib
4jw_
_@3I
*s=9J
l"<se
%O/n|
BV=k
8M$ge
R9&V
]3v3
R@]sgH3c]
+vkj
X6_6n{=
" 1~
01Gy
llP5
dX !l
n8qzbr
G3\%Cp
1L_#
/J]u
x_@'
m_5KtT
~P mF
A-}
Q*=Z>-
5eRYv
Dh"U
%+ `ua^
? 7
UJ5=
AssemblyTitleAttribute
YmpY
E$L
H#|H
2fF+
~\h=
};s9
2!``ax
D#B)
9|)}+
X4QP&
ig}4
1)5X
C Zs
RJI!
~sU:
n& q
:nVe
zI6i
.9n "|n/$
6wWb6Dp
5jn`
4O==
J_qS
}3cR
b;RW
$LNP
}F"END
fnvD
gFoK
L+2`
2Ef%
zh:IT
7N!,
[F]
OdDL
2Hi:Md
dlXh
2yck
Q27~
g,%f
$|n7
a}#ih
h"uY
IQ.d
l)0pL
>@zY]
:!kFC
v<E(xN
1%Mi
DEuC
cd u
4JwK
4JwI
ny!;
'8
G_3n
W<=ZD
Nu.O
:'JNKiG
_yotT
UV!~y
$.V1i
A-M#
TabSizeMode
\ZRN
FkVH
0vn,
bUxI?;
@O,E
-_~c
}#`W
xyh}|\)pM
WL>
Y]QS+
(7H :
*ch1z
7 kb
6TW7
\oGR`
\VS
ch>d@
@!(=.
=baY
+a":Oy
7MU9b(4
d<Nf
,/V
sH;;
Y 8k
0OdF
label
z\fd
Y 8r
czW9
avh;
G&2[7
#*<$
9 Qd^
+KQn
e q}ahR
;Hyy
R)H"
&qZB.
#}.T
M_)s
H* "
[/0F }
Y hs
"HlBR
}8H?
/YBk
8. U
oN_tx
LvzP:
Assembly
4s4G
N1bHq*
Z55c
7v?{
!5_#
b@'L
&g,|
zP>*Ta:
/gpzC
u7>CS
i'X'
Yzd,
[F$l4~M
i18`
4"<O
PM+J
x22o
"q1 R
lA*/ pq3|
AMe+)
%HA]ghI
YA=
JZ&s
rA *
CJ*]I
*dM_
2~+h
HQG=g
NLcj
^}\!
<o-5
|&F7
|KM`
|~r}
vn|
_SxR,
a@k
EoeR
IJK7
[,E4C
g%WT
}MxcA
F/G?
GR Ao:
9zCAB
O'#b)D
Dh_"
Yk G
MLMm
< ]`
rHg
*9Sr#6ko
1C,e
\ wO
)7$=
]`T^X
khl|~}}
FLcDu
d.ij6
%d42qO
""D
XUCn
Aqqfci
V%MzU
6s:6
M~-Z
Hx[+)B
E; u'
&UKFRG
}2!D
$<Ej ^h
+t&:
\{KkL%
specified
nCNc
} Qb
?T)EU V
2-Cb
;7v>
{FoUfu
Y{=JE
K?~F
FoBXc
|[0p
X'0R&
y{2)E
ytH hK
;4u h]
w>2E
LV[I
}%cH
#(-l
<7a_
t 1<y
HE+;DZ`o
d8O-
r`J#D0
r2ZTe
L1"V
yT|!n
sq-U)
$|#B@l)
3 Jj
}}G7P
vj!HN
Z?}t~V|
;h1P
Cpq5
CE# /
2/U<
gFa3
Pl\;
LGko
wpg>
IConvertible
[Ca|LUK5
L,G<.\
90D
<96~
Q'8B
D8'~
ii4]
}}6x+
}B47
cPD4x8<
!,z|
K .|
-I%m
/#Ge
B}$_"
1QuV$
5OrCG
yqH{
k_ =
G}-e
.cctor
'{ZL(
uEmr.
Ge<Q4
kcr B
.V&D
/li
X.pX
w}8{c
uJA
Q="v
IQ,>
&t(]
MU)C
/whW
t1wW
I' k
[g`vB|
^vIs
-~wA
_xJy
MCjA
<9]* 5u
System.Reflection
a:dn
\C~5
+$9TA
_jDh
z]6Z
3N"f
0j:y'd
qv}I\
03Fy
+zto crc
get_FontHeight
%cl,
@KG-@
wbv9o
'h J1
>x0N0
o@&w+ p
<JRH
~0n!
PwTp
_?1BKY0
AssemblyDescriptionAttribute
9z:)V
2qS?
}S,Uu
:9l"
%4^r7
Fd#<
8 1aqo
Z}p9V
/#`{
#Qa[
7Uny
WY3a
Y7'$
wUX
mtgY
Rkw%`
/Es6
A*\F
/"nE@
0d8d0570-51b3-42.Resources.resources
1uM6
R.J.
UA1p
6lZN
6,Z6g
[agK
*r x
'J~^
V;=0j
:@Jx
7H,
vx7d&
*k$J
O6m( w#
v& 3
yb0z
bUJw
:xwy
-=g'Gf
z 12"|
E9v$
SioVc
8e
tgB6
F(15
<7D
D8Dds
w f;}
xR{r\
Q//=
:Wi$
81Q@P$
%B<z
,/w6
desV\
TE?[
C8!T'
:Gex
KLtUy=
V|6M
%~oou{
| Xel
3FF"o
Idx=
miFj
Lu2O
DR`Fr8Bx!
w2Hr
"eON
7"Hw
( L%$
E@:,b
H=Q^
Ea^oY
QpK
?EZ!
Df0n
LZ5m
Jov&
5[h&
1V7|
vA\
~xJ \
Ltth
ShFJmY
Yp[T
]vL:
N4+c
/_j'
UtRU
69IA
#)VI
KkSw+#@
=HP
D W;d
P*RL
&|O)
[:G7
0]`x
2Bw
|.K;v
) nI
':$9d
Zju_
~h@u
CdN(I
XnpT
w 3K6Q+
M}Y\
3p&7
dT p
T %>
Pnv$W
]~1jc
R1iM
e.F5
$EzF
8~`a
'p87
q 1.
{C6\UK
, )9
@+zl%
XG]
;tGbb
>fN
2E7?
i39q
buh)
/W/C
Yc?;
xh$F
,ts[k
TabPageCollection
bfKkZ
Hil<
x`y!
~&D?
NY5
ResolveEventArgs
s~ 6
q4{
zieK9
cjYpA7
;kO2
CKaxxYo
I`cp
aac;}
E\Hz_}
]&31*.
HIq
6qPT
h>Ps
pBpd
3.{8W
vq5!
Q80.K^
UF-F
UPo_x
T[Us
P=>l2nkz,;HM
Z][|
/c9:
S|3]
{^#u
ACG-
8`DQ
=:_d
O/ b
MHi 6
a7pXi
m'ODD
V-,El
|U$!z
6UD?,
7Jqt
Rheex^
$0</
l*r4
{ex5
!FgC
/Shb;
7 :d
o`k7fS
O`hS
:j?z
h~X&A
Ba&\Z
iT`>
3 >s[
`>rx
-ken
{-Yu
Jt O
#.n:9
b;nGf
>k
K'b
AssemblyFileVersionAttribute
63zYD
qX,+
.@H
gubr
IRlw
"i%%
VDmf Q)
O$~N
t8"I
QN",W
zgCj9kT
vg'O
]vq>'
X:Ur
+2ca
_L.^P
%[j)
{ASBz
'4]Od
uwprO
.!2*
45t_ l
{1^ 7
a6I%
n^p'
<|j8F
7\U
Y VBb
>: q
BeF^
K| D
|>0p
C^<v%
Font
3I6j
vrI^ khVu
!.u:
kG%*
po~("
G wK{L
*!sQb{
.A$l
$ZO)'
').%=tI
B\*_ I
D3`a
gNvd
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
get_RightToLeft
L:G4%
z%:OL
a{DZ$J
O5 -a3</
bG T
k:Vn
u$hh
OrIU
-I% C
5lB
$lZ}
!H.4R
}*Cx
N_by
|pxT
;lYa
gy%[]
6tWMG
;IIH
u" *
<YZM
9L21r
%hUspsz
gO. s
??%qT(]
w#%+Y
{f_lY
& wQ6
owt
/IO3k
;1i
&6]=
$#sS
jeU('
JiFp
KJL}
Tg!v
6]Q x
7#Ul
System.Drawing
u:8/
Ajvc
OpL`
}z,o
Id5
2a=5&
Gocx
J*JX
}Wc!
Y;^
Th1R
&ALw'
S_7
.^ Y
*"Z#
1/DD
dFwN
FUQ&px
_uM
K0p"))
q'b.
,Cv~b
YHqI
Ai p
YNoC
Vc!3
CasX
Vcw
up*2
1?$-
d&^
\[@QUN
pE\u
@aFy
1HS'
LR\i
EqMy
k %i
|sp
T|"oY
MTIB=
wj!|=
CFxpQH
pR:"_T
fu'T@@I
F!qQ
]n-&
}g4\0r
*fpS
EditorBrowsableState
AssemblyConfigurationAttribute
^62uQ
A]&.
y'q1
t#RJ4
*D2F(z
~iDZ
W( J7
QE&}
*R;o
zZ_f3
'{CN%
4\Bc"
; K3
wM>N~*v
PYs
U';L
/t(-<
,]k:
D?P
o)=
D+6c
D]o$
||#b,A
zWq1
)PuQ
N\`Pc4
3`J
/8F l
/:nI}
_8N-m
L@ 6cMU
8>9g
<$T r
}8cs
Z&|QzGo
']fn
| "h
w.+.
#rb z
9=zd7
[u(vwJ
S[Q}U\
1(ag
V Y5
IaC^
:N#S
/ R}
;z8Qo
#LbE
#/c]F
q*W
'vc
QG|V
AssemblyCopyrightAttribute
2Kn
=6Q7
m<~/
c}:[
q$X=
WUD*
/mhgJ{
MNdE
<m;0
( ]x}
'?QF
D "Z&Y x% da
K>F5T
edF
XS7>
4,p(
2FjQ
e p
sbg&
^Z/T
XQ(TB
M`+
P}D*y
$bj}
0rtI
%UZX
6.3S
f`3?F
Vs>w0AkQ2)
/%R`
RQF9:
g2874
etES6
#Rc57D
L=]:
`EbY@
-fK<
::~.
ji1[uj
Mm sG
ls5J$
FM.K
6 q+
6]Zo
6PVA
_I(fj
."`:q
cNnp
L ln<}?
g eQX
<)]i"<<f
w^m/
8gzIf
j(vR
ArgumentNullException
U0AM
c ( @
|9| 1
G-WP
+o$_AW9
s'ngy
m.+GG8
In?y
S|^KC
3><*
~_P6XU
=n-K
v4-
TC)>
/1nK}
textFormatFlags
EL6/
!_];
4]cot
>9'o)f;
@RAF
6
/,d%%
E> 8
FH&=
H*dDOp
^a0a
Da5&
aJ+ njg
4ZC8
s#^
%U?i
< < < < < < < < < < < < < < < <
JSK})c
i-Tb
zvSs
wCDs
|Bv]t
}]K\x
u `X3u}
o[{T
|W0p
YM_
4O,v#
E='C'
N4/M
tGSb
oMn)
g1yr
oH"m
,-L23
EjRJ
9H04S 3
(&#$
#a+O
> y>
LLJO
skT@v@l
*P^>2
*j^[
?I
@\ %"&
p~60
33G?
x -*R
R]0
T@ N
NO@(
6 f
0$n&l
set_Font
#mBa
JZ ?&
}xc8
D9Lg
c@3e "i7G
JsXm2
D'~K
ControlEventArgs
FVKn
2!S6.
`YHVV
a_%:Z
F-Bq
+/ FGm
=` 3
,o_b4~
value
gb\
p3P!-jNzV#
3,dQP
2018
yc}S
jY4z
VzC]_
6_W?
<UfV
qDL~
}UhL
1oG;
r<5J
(~%
dsb
9@E4n
$"<M
T*TS
) UI
|o'E/
'3kM
6:.R
E8_O
sfUT
0h
9d1l
4(Kl6
;F 7cq
c=Et
>ckx
' RxG
LHR56
3dLX
, X6
NIx>R
_t} `
xRse
Yx:-
1LL31=1Lw
R3SgR
3 B,
BonE?
ivA*
J|R.L
)>Ow
a {zu
&tuN<"
&~}K
lX'{.
TabAlignment
iL50g
ch9O
|OY j
~yh
j,7S'iN+
w,sB
0w\~
UTzp
Zm:w
{X]xP
IS8\
CO= < < < < < < < < < < < < < < <
xIDAThC
.f>?
_>bNl
^cdN
[yn:
X1cb
6+#t@
8omz
2N}
{k%n
s_yG:
C1Dy\
mf*+
hEY{
/x4J{
<@i+su
8o6f
ooUP
}|'G
j_|`k
U[/.
G\J} O
~s>/+
9MFk
Ma<9
}&j
d[([6
h z# y
0oo
WriteLine
Q%Ta5
@Q/E-
A6rh
k:691]s
\tM9
rQ
x`c~c
}D3*
f3L'
@9!x
@n90
.vfE
\%(M
*Qb2
[s u
97rI
9yA3A
m cn_Se
0+ZeD
r(A=
m1{Z
(-[
e#xs
@y]
B#Ida
/b#e
2}/=
x'[jhc
5ve&
b6S/j
Lw73
X;r$
CR2,w:
7dCqC
c%')D0
OLgl
GE&`
8S6:
'1B(A
D#[D(l
dU u
qz/o
jqCR
Copyright
OnPaint
e<>`
?]/j&
]h(
5h aY
=Kyb
(=7P/
,?+(
f{ O
kqft
3I4
ControlStyles
pk!-
pMhZ
.OmH
W LO
[ mS
E(z)
RuntimeFieldHandle
Ax}k
}IDAThC
]4k7L
gqEIm
y}QR!
Z`yp
TlPc<
87$Z
EQvIPe;
:M&J\ "
;FlT+
FA>T
:K{~
dU^R
?`OG
u8Zep
TLfhD
}4RQ%
dw{
ey[3I
t)\h
oTgf
dx~k
YD<Z
1%EX
S~n6*
cxKtz"00
'Y6/
b'Ti@
M :A
_T*|
22No
:<c)
J CB^
c&+< ~
05J_"
XSx$
t5 +
<z6D
U8vc
oDGH
D RP
8h29
ugE.
e/9@
gSvq
S"d4[
PaintEventArgs
0#tS8
,! ]
])03u[
fsOu
uJQs
AssemblyTrademarkAttribute
],s
/fg_
7 N=
T7)]
Gv@4
g9Xx
m#D-t
>(m7
Zr(xi%
o#6V
|?&;
^X`4'
5|wIO
9@Y6
3Lfq
G $oog-
}rKJ
uK\ I
tgoT
XGx6
?%/?
qcWD
,F@;)
0I4'
>)YD
=_s@
"#6T5w
Ip2s
\<aIw
b5`5
X @
Muw-4@c
`Z?|
[-'q
r :$
W6 "
}uw7
y|h&tT OH@
R1_1
tngz
qcW?
EHbP!J
H*3j
!KLL
500r
U2#D
w68*
Q/2$
M8q/g!
pMES0
Xh4'
%|:s
u_ Tl
6Y!
"FvJK
NxinU~
vN|3
kn1\]
/PU(
/io:
i_TT
Afq'
&rm<
TniW
BaseRect
I@,
N/4
]^ B<
+} 1
)lJ^sG
WE#L>.T
6_ZHc
[jq3iG
zJ{Y
COg2Dh?
^iLX
EQy
JzEW
[qPx
wF@H
&;HOyo
"J8K
Xs9R]
Dx-ji
#282
/0F ]
>/",,
!C!Y
:sU|0
I{ _~
*#
> )b9
h*< J
JpvE
/0F }
wj<~
XiMN
vB7J
!'g@
F'"8
lNpQJZ3R6
^JSx
Yk(+E
=V1V
ge0a
,YMX
`0z"
I.,d
;e#f9
:%H!\
=TkU_
Xju
RQ}k
) +62T
9.(
wh/X
NY[K
[R>4<
JRUF
KzUZ
)yz
wSKM
> Qk
=m I
`goA
v%=r
tjv{
MouseEventArgs
Tv!`
+Z$G
O/4z}I
@4NJM
<#9|
BU:@
5WVX]
_X$Z
}Tc1
aDLG
rCby
'PG).
7c"-"J
A|ch
Y J\
E;w|0
Tbf3
*@J0
bMt v
%?L'1
OnMouseMove
o/2g
^p]I
QO2y
-fYG
$u/U
=1i
,{|N
pOpN
w e*
-:C
_rk+
b"#\]o
B.Ue
Mo!Z
gt-F =
9}3wG0#
9.z`
!)Rc
Console
-(6p
U1? P
|~9#M
Ta(w
i+7
]. U9
C.6|
F?uy
pz%d
j<&]
\o.#
S@ X
nm/t
lm8
Graphics
k:XJ;,cY
matemdeea.exe
fS _
g87l
-kH<
;G{{2
84)]
q/!,M,
Efbv
>kG#
i-u^
|QT4
?&C?
i1 4
8ec T
hSEZ
r|<C)
B 09.
Y,(Ta`
[Ieg
o2[a;z
u3 46
LqA~
%0k#
Ugw~
]Vc)
[N
[+zX
6ry:
System.Collections
\! :!
ks&}
SeparatorPaintEventArgs
+EN8
6Qy
y&yLF
!-S*
UL 5
VY8t
q@1/TD
*slw
textBounds
&?H4%J
Ro'/
& Y
get_EntryPoint
m4*:Z#
h$gb
9j?9
8i e
!-Sb
s&^%,
YCBP
#' @
1rt3
nu9<
r W+u
>>X#7WmXI
E2 Q
uH--
fxzw0
{\ b
`xzu
v?Q/ov
;47OI
z0Ao
3"53
kK\6S
>~8T?f
iGE@
1]5@
|Yl"
\e,Se
[Jiqe
D q;
T}C L
$Lbr
_y$$
R7S
=q1^^
nRPns
d\uQp
"'a2
#?]|e
\jK<D7
%nJ0
^2.7
Cdsfssrd
>2Iv
$c< 1"v
bJY^
GB8}
"'aF
`[s'
NM\m
G1;-en
9Fd)
9}*0
6nP
"dM<
)Nt&
23^
System.Core
x* p
oV[mR
;o o
?/V3
{}E~
wYSZ
|q6U
LHD?
q30
S/Zb{
UCER
}ROn
f*uc
Ta3p
$[j?2V
n Ii;
}TR"T`3v
96xf
B=cG
#Strings
@[$_9
@w\,
IDeviceContext
KGdV
kwTs
46#
RG+$8
xp;A
QMm`
_c 4
s@Re
U_l
!7Q]s
#A{s
IEvidenceFactory
kyi)kHH`
bs@%
4{T&U
h~YD
H 4i Z
%HH8
jMpS
2%h`
YjWN
Jt$OW;
e+tn
OFo`0
68K M
vRpYa
Kn?
ht8D
KctQE
<ya
u-*V
RG n
Q-+b
j'a@
es`
#"/e
3w,{
t7r
agUj?p
?oWD
$B@r
0h64
5?D m"
diR~
9p>g
a\-B
P<<K
, Y%
'5fy
W}`
0`qu
V74V
'[G6
f8G,
u;Bk
e0}
]:50
1VTFv ]P
M Ey
:ndk
I252Yr
ap*
_6W
KD#o
MO5w
YB :8
{8L%~
,[$0
DX A
5-%aI
T0:8
lc[a
1.K1
1.K6
=n]"An
!+zo
1.K"
P+sQ
1.K.
* Qc}
},)N
-cPZ
/`m{[V
kv1iH
h Nh=S
pLTC
(@*
+csr
`h:NT
vqxH
T5n5
qQ| Z
$|'7
7?)Z 1
v;7
Data
16*H
|lh43`
3.;!m
s {{
/QV`
uH_:<
kV5]
,F+m
9c9Bao
pHYs
P3zg
>/Z6u
get_TextFormatFlags
S_M)
+SGJZbg
kS\Gq
S,Rb
L9y$
:t<
&I E
Tk@<
<MM)
bh>PC
(^CQO
[bUky
P]:e
-06!W
6jTAQa
bd"v
i. 3 d
Hr LF3N
k,$}]
'1~ {
0Au,
$<RVn
L~Zg*
QguV
7oCZi
])<F
/Oo
zg+NrN?
9SnP6
Byte
CypY
\X(
BfB8Z
uf^\
,+z5Jb
R%7z
8q4rD
C<F`
hp_T6
k {
Jq09
L#w2
=n<Ep
]A Q<
)^IVI
(y<#~
y*<K
lH2r
,Z^}
~O25
9!on
|H4:
=P'
~##U6[_
-,891
in/\J
N> h
add_AssemblyResolve
.)i
Xs5-h
:cZg
%gTu
[DF8
>qc%
"'g@
y"j=
\'8 8S
F/IT
121B
&^Bj
:F(e
~u?'
%( F
lnB[
N4oj
O0As
.8~F
SqG{M@
1\aPX
j6@
_r/%
xO}T
v}@Z
T'GH
4,`H
sj'+
Vg-z$yjV{K
J AA=
eA(K!#=C2r
O8D]y;e
-q ~vz{:$
) T~m
Ahd-
\S$u/G
T &;
|A,XM;
t\bz
,-mZ
d-"8.
e^E-W
{ZDk
@66O{
rEL*
{&(*{
Kt_kY
;qx,M
Mfdb
X c
AHg@
6dNH
S'{9
Gf)Gg
)=u[
X F
G4`@G!
@doy
X N
X L
get_OverIndex
"'/V
B_fc
OeG8^
6oUfb
U~U~
Nlj'R
Z)G.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
jV6US
AzM2
Ua0p
zIDAThC
L;c'
+c)0
D ^6h?
4L>
,*oL4aC
?~&//0
a7 S
R4rY
m%fJ
"%d[
I}@
T+Cw
vHB2'/?
>Te$
E=z0)
<]2o,
cIE4m
89BW
5y%$
-~ )
[8"^
l L5
# B
|e+(
]Xe1
TextFormatFlags
h&\/
QpPu
Fms-l
5}7<
rX#LF
@WUT
` \:
M!:)
djv3
DRW>
3/#o
R?mT4/
rXIpKu+
]f;J
by8y-
+<T <
.E)
#pbZ1\pc
w<i2
tq?}
{Xo.
y'
@ ='1
[|G"
<) mF
PW:)s.n`
dOR#@
x?Yd
h1njB T
-.bN
:5k2f
~n5?j|[
B6qy
u(*%;
get_ClientRectangle
1/vv
W] 6
EIG
rVDI
< zi*;L:6
@vyK
^t6 `N
]pOg}
U[o(
c:\:
. |g
yd@/
^ mhZ
;JPfN
p4?Ev
q`9+
<7OgK
`j*
Ik^t
d2d}K
1FIN.Op
,vy]^
UQ&.
%T\ru
j &g
}>G'
2x$[iI
:MgJ
x_pG(
Py^u
|-E%
P=6z
@t1S'.("
kzIK:
q]=e
@4!1%
bAWQ
yLW|
PrZy:
[RYKB$
H2_a>
YIda
yx|L
- D"
lV-2H
<_aN
b2rTN
@ny`
Append
yvNp
c(0]
M!y3i?
(RKS
1WD24
q5v5~
Nntw
cPJ;
w4e+V
(Oy{
=&o
2QDAg
w<tx
6ytn
J~ `.
tWop&s
_,*>
/fY_~~D'
vL+Tu
*y=d
JHPPGA*|
e q
513Z
"'e@
g^C5U
6^ea>
vGtA
'2[9
C4W}
RA{E
B4F0
`4S-Qr
)}/
3jn'
rSyn
zdgc
UnLpr
$@A]
=}C
!ek2
y;.?
wHJV=9*t
get_Message
q 5P
UsM@
rnoh6
^"4_
yU`^
Bg!+
MZ/}
Sj_
}]^Hxz
aGj +S
sVd]
+!z3
C6qn
MpF_J
N?Wl
DJC(F
<$2T
7^`qa
Q$V-^
VDy:?R
`}ZdO
af;K
BSJB
h T
SOT
')O]
S)PNz
MeasureText
Aa_f
x w
> yR>
sI~k
lb\H
,8?Z8
IlNQ
xva
^nI{Q
S]W
.pVUl
\{Nv^
J"7OVb
dD!\
=7C$t
h2pd
BBGr>
$DPq
_}9A
-S*E
-5|b
TextRenderer
:6L#
] j{
InvalidOperationException
P{e6
m9+H
QA.'
xsC?
:^:0w<
&V?L
bSZ\m*Oqy
xGvZ<
&,>gYR
*s|#6
5>AE
+]dpH.p
UW8>
>_M\
/AAI&sE;
Q },&e
(?{
Utp,Q(
` /t
ef
meW
guSk
u?B5
3Q?`](t
r%=7
[@;<
l; u
9fMp|s
P[Xcp1IRO
^<~w
]( 4<
B3=q
RMt.vn
4 jQ
(X&r
YPR+
g^!
o |
jC>h
h;t
Ri3X
UIc!
| d2
v:xMc
r*R
2xN
K7V?
@E L )A
]B\"
U\wD
oIa^
,YS+
NGpMS
1{fi
IEND
Dp>_
#hC&q
'=wD
U^Q\
H4qR
w6:2:l39S(r~TV
r;T03
-MM'6$T
pU"u
AD@;
uyAnxQ
matemdeea
Uv<'<
_iTL
!l1.EQ
-B_*
Iv{S
S@$C$
/csn8
P%oB
z{3Y
e G
8' `
StringBuilder
' Sc
"}!K
* 6L
K"^
F7 $7
| , zZ
3$|-
568}YG
$Lg q
moSE;7
]oZr
ct^W$g
93K+
MJJd
YH`
$6Fuq
B ^~
FC+
~NcH[
J>k
iC:~
Q6S N!9rp
:VQ0
oFLv
3_R2
Knah
i _
MN3S
eCmj
?[Qq+
@HB&
P)u##Su
Q}#bLklt
xEjB|
;D6;
Zw,Of8
LP2G
4x|)
1G9C22|R
m {
G/YC
,TJI
N/^
sJXw^
783 z%
Nu'2$$
c&l "6
/y_r&yW(
=B3O
^*% b
2f^Cc
String
czuXV
VccxD
."-N:
U o=w
v2!D
h O
bTQ4-
4 $f
% ,
bMzl
InitializeArray
s5_+TuM=
=W(9
n sr<`
pfD"
9 |1
^*?It
;Ad`S0u\l
a k
EditorBrowsableAttribute
{[I5
;"0p
.=#>_
*)M?
u?<:
W7N
p Gt
z 44,
,=*Q$
)t{\
Load
+: E
2U8=
'-1B
^B&U+-{F*
>l\i
lDwY
X+O#
?aUu5
IJag
c;J&
*m>
(O,T
XUd p
+ .[t
H#=u
1` d
<PrivateImplementationDetails>
V-m9
RuntimeHelpers
\ !R
L2Tk
.0_y
m)#*_
PNK2O;
BP)
sE`
X# [
L6E>
c07t
9SB;
DFww
~(\ *
:t<;_
WngYcA
O\6
^C&X
Object
Pt b ?
$4q'
jJh.
b6Bk
|1Bl
r@+!
IcXoZ
f*'xy
B`9B
9Rm|
akdT LO&
5d0p
;Fxo
2Ba@H
tJ.J
\kih
[Q4}}
et#-R
OnMouseLeave
^TNE
^ }
d`/(k-
h[S`
fz=;2
: QJ
a,-}=8&
T c
7gUU
5!xsq
A88h@4
R}Gb
kJ5.
o/Bu
NwLw
&*kN
E4oq
dH;O
KD =E
7udE
Va0p
bE&V?n
}VP
*e0p
M@4_
]Opw
I;\Q
4N9K
/8j@?
_w>
:;o_
@jsop
@dx
VE j
[]61$
jK<X
x-kR
Q8O2yl&
u^]PZ`
<iVA
Me )
_QF"$h
^G?vO
}p/
'#_0
o#4l7~
e{+)
A~hp
a8|r
; ;/
v 'v@
9i!xi
Fk:y
I&]I/
2pAJ
12QpR|
/b]am
)%R@
ZgDv@z
]RO`
set_ItemSize
+g CCF4
-=y~
mni
>Me+)
>fI`d?hO
"{d>
cjT;
VA92L
AKDi
fM^.
8=U2
<e!As
D?4z *
Ohej%
$$Dy$
=gm9
2"_x
![p4
=,ea
f&uv2Yb"
R38b$ec
Mp|~
qn"`
%be72
SjbgnI
GE}N
)%'g@
%&jH#
w-/\
$m,'03f:
/SXm O[
lA2y
WwaYw,
9p #
Tdk=W
Q0u_
i`L(
Q+(Y
bQ+
cQU1
kP{#(
\l&N
rWiX
TSpV
z i"
1n `
?S %
/w[#
U-#D
?NiW
^`E^.
T0-X
!k&6
#do+D
RSIj
jlxq
c%A@
GetTypeFromHandle
UR4Yx
DM||
SU"&
HS4U(
C^c>w
f( OW
e&$Z
"XwhZ
X5~n
Aa!i
{G[*
Ob" yqL
uI9%
FsB4
tI9$?
gn39
hdsae
B\DoK
pViU
n |Z
hi t}
^/=P
~IDAThC
9]u>
O9)x
P99f
System.Runtime.InteropServices
o>{v$
>yt!
k(f<P!
$/R
]ZEE
FjY:
&bj4
t7zw
!YOc
}2%dC
gi(6
`$P[
System.Runtime.CompilerServices
*pC:V
n)Iu
]k P
;.&[
#;S2!
iH[%Y
0}GC
FZ5Q
^E/F
sg b
lK-
'&AZEP
ItemWidth
rOuK
l5y<3+qy
p)5
fEP+&
] >T
"7@ }
%.sS
h=7T{
?' I
#&fh9
%IMV
\pB>
*-vQ
rV&ks
k)d.
j)w- (V
7t >
Ue.t
qq4
r&:-
V&Yf4
uN7*
GLJh
#8{B
2:!4)
Akg
qpE>o
FT
;'!!H
",Vb<
,lF ~
e<{
\QZu6
+t_k
< yx
e11?
X{'-}
tQ1)N
;fz(
~g\7
Tjdj
9DR;XqK
SBg=
D9a@
%MIA
Jo@1
1%no
B/ *`
L6*gJ
/i:h
ch]1b
m/<Rb@
-i?C&
LalU
#kNJ
%,pf
~ K
bNw;
isGE
8{UxBL
/Nbl
GTJ+
=vt[
.mA[
<szN
),GQH
?i7C/
S:0z
/KC }
4%+tB
>nrc@
.=6QE g
F:}l
F(8v
8n1au
<Kp>}
L u7)z<
h4<0
&+4;
IEnumerable`1
C;Kw7O
POtB
]* 2*
5LEXOz2l/
n VRK^
\1[w
{ApuI
A Z}
IPTY
tOZa
bBvx*
Mq#h
bFhRI
@M* F*
gd-C
}|5S
L`ca4
i{wV
Ny^H
y!~X
&TZn
NC{g%
Zo^d
=|<'D
d_ Z
*4R. qTF
9#Z1
ET +
^qxm
@VQY;a
*<3K
System.Collections.Generic
&xt53
|drn$
Yf)U<L
'Eziu
2#Ub
zI-S=n,
ix43
i4Jd=o
. @I
N?Q]
System.Drawing.Bitmap
*c`rc
S)%95j
LBjd6
,Cf }
~-i#8Ra!(S
]dfM
IZ$.
+';v~
w!i6
q/ |
x&ZR
Me*
$0576c510-a69d-4625-9e2f-d3258bed5878
`:1e
], 5<
n}Ka
\,\*
!pBC
OLlu6
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-02-20 12:59:30 2018-02-20 13:02:23 173

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-02-20 12:59:30 2018-02-20 13:02:23 173

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\xela.exe.config
C:\Users\Seven01\AppData\Local\Temp\xela.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\xela.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\xela.config
C:\Users\Seven01\AppData\Local\Temp\xela.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\Globalization\it-it.nlp
C:\Users\Seven01\AppData\Local\Temp\xela.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2288.9643468
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2288.9643468
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2288.9643531
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2548.9647828
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2548.9647828
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2548.9647828

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\xela.exe.config
C:\Users\Seven01\AppData\Local\Temp\xela.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol21.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\xela.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2288.9643468
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2288.9643468
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2288.9643531
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2548.9647828
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2548.9647828
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2548.9647828

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xela.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\410fe546\7307cd04
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\40ef5613
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|xela.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|xela.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|xela.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\10592a67
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
advapi32.dll.RegSetValueExW
kernel32.dll.DeleteAtom
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe 
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-02-20 13:00:18

Detected family: #Malicious

TheSystem Itself @ 2018-02-20 13:06:03