MalScore
100/100
MalFamily
Razy

87844.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 31/67 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 1344.00 KB (1376256 bytes)
Compile time: 2017-12-13 06:59:39
MD5: 89abee532ab6532b360b79e2394ebb4c
SHA1: 39bfc7dc34e89bef2361b235bfebbe5fa92921e7
SHA256: 3cf70f0343ce66c1ac52b00fba64d7f319f7b728aac04705c9db2811551c2ec7
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-01-21 01:33:10
Last submission: 2018-01-21 01:33:10
Filename detected: - 87844.exe (1)
URL file hosting
hXXp://totheleagueyh.com/ping/87844.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-01-20 19:28:10 [31/67] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x38694 233472 ea09f2f11cf1ef18b3e842c23373fd61 5380472399dc19eb2c4c5dcbb9b677d515b1afa9
.rsrc 0x3c000 0x114ca4 1134592 1219da23413e3f59c1de70a41adf3100 6f0bcb4969255fb99397322b9788ffac4542833c
.reloc 0x152000 0xc 4096 fa4b4b98607f93f2785cfe545b5e086d b8121198e3646046cc41d6254387896be992dd6b
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x43ed0 67624 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_RCDATA 0x546f8 1032694 LANG_ENGLISH SUBLANG_ENGLISH_UK
RT_GROUP_ICON 0x1508f0 76 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x15093c 872 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: (c) Ace Hardware
Assembly Version: 13.19.3.17
InternalName: 87844.exe
FileVersion: 17.13.10.19
CompanyName: Ace Hardware Company
Comments: Ace Hardware Launcher
ProductName: Ace Hardware starter
ProductVersion: 17.13.10.19
FileDescription: Ace Hardware
Translation: 0x0000 0x04b0
OriginalFilename: 87844.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
17.13.10.19
13.19.3.17
URL(s)
No URL found
String too long
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
 
Ace Hardware
VarFileInfo
Comments
InternalName
13.19.3.17
StringFileInfo
Translation
Assembly Version
FileVersion
VS_VERSION_INFO
Ace Hardware Launcher
000004b0
(c) Ace Hardware
ProductVersion
FileDescription
Ace Hardware Company
OriginalFilename
LegalCopyright
CompanyName
Ace Hardware starter
Length
ProductName
87844.exe
17.13.10.19
i\jY
$*qg)uX
D_`(wx
MW.{
Ff-V
G
r~
1,h2
qP]r
?.
z'
B"W0K
bK)y|)Z
w}@M
=)|"
n<ou
/ej*
JKcI
"C&
Q?N!
:VmW
l4{JI
U{Q/3
PNG
}3P2
">
hdFW
g!{v
^U(
G!QU6
ig$
wwTM
D*	E
BrSv
WebServices
NxP7}
_0<A
__A+
W=07
[`R@
[ZTQ
moC
~	1vo
1<baI#
w.B$!
{G+[
l|V^
GetInstance
<
m/|@
)B`m9j9
E?kHNV&
^nVV
)qdH
1xM),
_d46
xP5C
4d+\
N@Z1pS~E4]
,&/I
S5p7|
]u43R5
*T	{
m1*5+
Ace Hardware Company
\Zb|
uDU\67
t3UBdL
Z)pD8J
lWpg
rbjnV8
,80o
}a.l
8!ou
VG-:
0
;[)
?I3<
t,
Dx;F
Zl'?_?
d?PF
Lp#&
r=qN#
N-F=c
'wyL)
H'dN
!h["c
ruPD
NsIj
|J9F
3'K[
xVak&
~9^G
\D#j3
Rb_}
1mhi
oiPc
,</D
~!6g
L&m:H
Zd1W7
]bu1Nr
_07
j
`+pU
jTPyP~
@!	)
M
q2R
FUe2J
vzjmN
B*N1
637e
W0p'
BHFp
AI	KL>(J
[,ja
Sn[3
{t)7s@-
F'k`
k#:w
/LgS
o@nHyx
[=&
j>Bd
_9l$0+
pMh}
Int32
Ym
HFF~7
%;'R
i	yk
-(n#
30
hI
59@X{
?O1d
O1M4/
.gJy
!%~U-
o^zh;
z.
SWH
WK2.
/]a?B
_7k]
RBh?
8C6
h-VV
[N^
5gF
@K"\W
^CG
A%@~
7mwx
87844.exe
NvE
_x&+
K~eR
d]b	3
gdao7
%@Ej
r`gw
~n+T
rz~)*$L
]<pB7
H ,J
%91e89{
9C=>
B"Ev
J-&,<
67jRrR
QqNr7
GX&No
^FPF
Ht7e1l
wJ1
sPD__
VNrV
*ndm
BXH+
hc#N
_o'PQ
CAh
VZ?(<hA
w05Y
vrj+
SIb0
}l&z
sQ+5
5T|:
b$xoI5
`-5\
ng.P
5&a7Y
*
io
+}=j
`LVh
E!T46
4>f>
9(V%V
W;|y
V116
xx
"cV
f
k
enL]
gxC
/umL
)&t'
=OFy
:`nE
C:^\
1HZz
e4gu
jf[i
RZz(
FV{$G3
j?6#
*5A-
W@XZ
R[MF
f,
Dy
FGW^E@v
]2nWMJ
>8<r_F
AlmS
sb#
J#NnSv
,4~O
@(bl
;9	^
]e"r
@^	Z
;'S[
lc-G#
J8z
0b_+
mE2\gsm
@D6owN
B3[2
oWt
LNYM
?q>4
H"DH
I<I
AssemblyCompanyAttribute
O['&"(*
:1r}T0@Q
.kQ'P
5Zn
*^=[
7JVy
/H?UA
O1~v
\K
O'8p
;Zvq
WTFC
Q[IT
sgy~Oal
CYuR
pb/7
eRtT
}I>A1#(s
2;?w
get_Computer
a$K:
v\-$
23f9
v
U+
~K4V
%@$"b
nkpv"iTfZ)*
|+;q
n9z;
M|?K4
_0O*
sQA v
~M#e
@~><
P.x^Z
+([
M)ud
Dz'OE
?lok9
-m$Xc
?
m{JH
M_H#
NFj2
%%r
kPZ1
]]3
-#`0
SKr[{aco
-MSq
c5$G
003+&cb]
qSI
wLsE
G6wB
'(Xp
stRRb
(c) Ace Hardware
F74.
dVdw>X
k
$US
6^vi
t0lJ.-$
3}dq
G_je
%tr]
EGz;#
58X
N!i]\
+~*gD16
T1hp
-5-V
9@L<
`o),
`;U7
2heV&
bl4Y[
[n/w
vRx-N
yWS9
.3,
.Hp
D
y#LU
T[wb1tC&
s89k;
4`^i
hzx*
V>jH
en
<m
y|
dW>
|,Y+
?wFV
9z9z
fBV7
`4^%M>
u!fFW
^h;mWX
E3
j
N
ToByte
_-O<;
&'sdY
_)Jt
89~Z\
AAA~
!SYo
l-8c
|$Ae
odU
N~+4
4T$y
F=Q*
JG-4l
LateIndexGet
<a!
N	 *
xS?/
unM\
I
UF
5dtGW
;wC|
D40y
CSBm
!^iD'
"@a[1
[vrya+^
k*#{
wA	q
j.r
#Blob
06Xd
$bD-
{c%[
4ScXz%
0w R
#.=[
rgSh
#1&0[h
&>hN
M(3#
--`hV
tW'2p
T+n6
;7[
#{|C;@cp
MuWP
,y|YhX
D7_4
x!Gl
u
.:S4
KS!G6
_f~i
L6YH
[EIH+
!$%Q
>D'Z
Ypt_?
1*.@
TcmX
4	7+jxrv0
D=.i
W ${f
(xt3t>i
*-W]
]i-A>E
M`k|
cAfS
\GdI
)F6
Type
)>By
7	0
ag{)8
tKh$
/WKE3
`@Xp
6
J{
A|tMFf
`v-g
H;D
j
Iu>(?]
5b9]
HtRN
b^>z2>
$Td
o8a$
J8,`.
n\4&
),80
f@o+
0E<Ulk
&c/7k
=i_
n7_*x
5&}
Yds'j
9$I9!aV.
{~Gl
)3&@
L0Uc
K3~?z
:F0
.9[`
jT
cgf
w@"G
@'t;
L.^h
Vx;Yho)
, (g
Ku-F
>Z	M
3$Zu
!Xz\
p1rp0
QLlt:
uJ(Cw
2?m@B
j,dp
3Z&"
SCiU
]v
M
#
b)
yV;}~U
Z=ttz"
LateGet
a{nf
Z>eSp
Q
Y~
NkpF9~
"X]}UPYw
VH7T
PJ.qd95i
7859
t_AF
$AuY%V!*v
YJxp
QwPUd
6&?z
_N<}{Re
S)Dj
q~+0
o'C
.S|A\
Y_Q;
G,H
~6@W
.`2
*U4X
$v;_
:V%f
Ox$R
G1s:x
jmbY
q`{@
KV]FA
CGF
;9u{
,Yl
0jnV
P|gH#U
"\I$
3 v
iXZJ`
YY&i
gx@x}
Lqu
7}67Hi
S*/=
}:Tg
17E#bsT
DI_M
N
gc$O%W
l`SE
E
jr8
t-Ms
9-R^;U
q~wEE;
1z\o
[|'
ae1[
aXJst
dWA,
b Ni
wNV;
G+<q#&
]{QD
ps!r;
8C9F
fz`%
tmh%79pYKSN\?6
[*3o
>&\
eIM6<
Xa.0p
yxe^
4gEL
{QJ1~
/}@c
R" #y
eJY|
ZPhO
.text
m_ComputerObjectProvider
!V^'
[XA:
rQ|
Xz_|
"
Cy\
GetString
`LG
wT9o
cTvn
i}1\0
YWGB
!jOT
)FX.^
Rw_Wb
%9yZ
C>36
^Us/
b)3,
,+)[
s@
3
1!ziT
>>
kI1n
mGD2
q[@-u
Wf_X
Mi*-
OWTh
}+,Q-
u\Lw+
.F{CS
qgml2
^JtL%$
W
ufvcV>
Id^fllc
^0x5
F	M\Z!
MyApplication
NHV	X
c6<=
X.Um
$i2
|^#
l+6]^
-fO
4System.Web.Services.Protocols.SoapHttpClientProtocol
3C4T{DU
}KZ)bC
/*!^
Ls3A
=B@zfI`
MI3
,1yQ^
Q:86IC
0OwJ
)QD{
.EF7Z
eZ$`
gGv$
0W#'
y40r_
/3#
O$ZO
0BK!2
^GVP
`1[l5
\(}	L}
D }a
eY<SQ
az(?
:j&.
tHUh
\g?_]]
"tm]
[81B
Lj@G
`k+<
*@c&%
l;0K
K=v'"
1GCU:
Uy[m
l;&:
yox,
H!nU
RI}3
wqUa3
="}tjK
b:?4`
:k fCJX
SF%H8
9kaX
'?J=
oCO
V?5Jd
g/Pn$
uYF4
.P|x
RuntimeTypeHandle
&`O}0]
*TGV<
^y^(s
|-
U
%Z\n
g7v
D1#m
`Egy
b
|,t
,Q)ff
Ii\M
b}
C^@
1qtu_
Conversions
+s+
LYeL
6r|
#r2
|>7SG
`.rsrc
)(E]
VWz
E6yyX
e09Y
Yk$3L
?3RY
ifZT
744)
v3";1,
w:VY
Ug!B
P	"Ya
cH iG
AMAF
get_Default
F#+^n
#ls1
!IIj
*@cA
@3	;
59>0
vyty
lB>
oG)6
=HmQv
5It=
tvQsE$
Q"2&
}z
a
FEI &
@T8-
}'.x
B7+]
V[K
K.1+S
S}Y
Y-~P
N/c>#
$a/n
VVZa
g1u)
X_-*z[
qQ{I
<YdP
KvPgs
V_"A_
IUfb
no,
BHV5
(>
mH^U
zBP2
GetTypeFromHandle
}R\,V
9
Bj
xF,;
B NSb
$j6;
}I;$~
++|+Y
(rBHK
k}6Z
m')\|!
)*MD
XmXAH
zP82F
/ws3
LuC-2k
,yFt
mV^g
NhH
L`Ib
.Y:k
bIcXX
Us7o
#e[3=
`3p-
Computer
kR`F
zvWb
JI0}5C
-pdm
i->e
z"uv
Mq&m
B;8$
&441
K&@mm}/
wAsS
*-5-
=eW"
.}0t
kQW!
%H>r[1
aJ^y
get_User
*?<@f
)XTk
@g'(
&SH;7
1B=p
],ZX`"N
CpG
aD\$
QN=8{l
7chm
Oh
g
?
%9\
@vr-
e#*pjgI
j%2&X
;.#@	9W
8T[a3
W/HU
9So(
CQ#RjE
'{M;
34N!
RXM$c
(V;|by
F<k27
I|zY
j62>
,[cx
d#S{g
#.D?
dP/ 8
4~_{8
3l^
%oTfZ
j~zy
g[f$q
@Y_v
thBH
q]#
/U)D?
^*>R
~O7F
|K@i
W\9\
a6{)
Z%^4]
l#hv
_H?
x-BI
\AZu,
c6Z%9
get_Application
?b7G
m&
O
~fCh
Y/<g{D
N71(2
B7
s
.muS
"[o
<djiIp
8/27@
%,g
CQ;?1
F|yfy
C)Yf
!`)h
{Q_7
J#"@h
n(U	tX
YviJ
y03w
v Kt
STAThreadAttribute
@Lq!
ML(\k
# -[s
z*e
WH1&
_#*Gw
o  4"
]`u8
}|6)
(K*'
G O
^q
0Qc%UY7j?(}
IZFK
p#gQ
?P$]
Wxej
FiCq
9\Od
:c74
y(ysT
Gt_
#<_Y
3fan
$
N/Wa
/QO]9j0
Ylsv
lHvSqdkG
,h~
O/T
"rKd
bXKzh
mscoree.dll
yv9Lu9
('^L
9:
k
_y.{
^}+O
hxM0
DB$z
K:'BMY
4[`B
X-}P
U%Ke$
[&Tw
cO'Z
m{pOn
V5}j
Uvh{
4=Km
Ob

D%*^
PgV[I
]2D.
WrapNonExceptionThrows
zLx1
?tLq
85f^P
{U~:
_wYD
Bvc.R
0nhk*
iaDaB
jVD-3
4!y$z
m5f<
]~Gs
^D}sA
YyMS
7Eiz[i
LSvxO
6<<<
o[5j
;f9<
dfQ1[)
Z
vw
:~I`
Ikvf
&Q\8$
))\y2j4
S?hf
6V#.
wu7
~^h'
A+qv]
{
#$
uV;B
j)]DF
)#:S
x3K`
LU$
,L\$
~&'z
HBpc
^H}#r
:qGy
JY$X3
S.Pg8
om+S
;:Pl2b
;8_{pA
GFCP
0HoL
DCI0
D46r|
T40~
hecXB
;d~'7
.]-cvE%H
PcZq
AeMp
bffop
O2Pm
Eb0.
uxSLo
IHDR
gl	P
xOZZ
?yBe
- +
9!~2
[
Lh
%1#t
/bm'
z}OC
e&`2\
2.]y
V"_8O
7JPD.
^\y
g3[6
he[q
{:J.
:Iwo
9eF}
<E"I:
T;'a
AZ~/
p|<Y
q$[g$
1"#U}
G&b "
)3vq
7C	K
%9V@
:k.&
B(i*
3Du1yz
#E,B
3
Q
6CW
System
~D{
E"ZHi(v
`	z57
Application
>=k-K
;I:'
z6JU
Jnyd
GetObjectValue
pmh=E
;lI/
1i&:@
Gc`8[
yd!`F
%<M!^
D<~
nYI`O:(o|
:kyV
#fuv
PoH*H
&L|e
WI4*
E(^.>)
$6m;<\Lxqvu#
|+4E
;
CZ
whp9l
a"\
nmZH
39m64
>BM`
u^4r
(W;/
CreateInstance
8*ak}
RoVF8
.%(H
1ZBS
J-.*q
gfi'Z
'3=3
#Strings
LU<
,5{L{
%xfN
=<!V%Je,n
nMs.v
Lh
f
iMze
Kd_&
(Aw1[
DI	9
#3|:
<v?k6
l)gQ
QYa!	uF
,"wb
Sk>%
>g
_
EKiP
q"AwG3
1uHTk
28c~
br=R
{!>&
p>sf
9'70
C~_!
ModObject
2w'>G
.fst
$*SP
(9Mp
SxA]
ums
|x$%
_QW?
6s<2
Bn}n
y
s
82/Y
=zp*
9es2my
MLs
AwSY
Y=ma
oqEdT
43 :H
-wB5On
MXs.
c
iM
,i80
}IiWD
M4zYW
l4;Ll
]MA~3
q QL
zLAUt
[C28e#>(
urYK
~I,"
w_3
i&&N
NE)r
D#i}9
W(DR
*,!!
z<	)
*O+L
qJ2Ld/Soq,
8d|(
-0/&H
f
W<%
C^us
i4?
-w:{#
GetType
(>to
]Ug%j
)0&a
>\\?
=^`O,
9alMb
nUxl0YUhR
hiRb?
b1Bl
yvPQ
/=30G
.dQ
ThreadStaticAttribute
MyGroupCollectionAttribute
9"q<
!O	b
eOD`
nh'
?kk(
Sxht
-@i
>^4%o
ui.('7Yq
Wg~^
HC	_
[S458
5&yt7!
MdW
g&4{
IcC_
SX>P_I_
{m#A
IV^1R"
Js=`
LStS
=ZqnwZ
#p|I
q^Ob2
[<yL
UE
hj
B]$
}ru3}
\gU$
;
1p9
W hg
7/a
:y7a
?
f+e
<TAY
fHO3St/
Zi
pc7}!
5@lU
y0%2
7GBJ3
^t'f;	uo
J1)%Tc
U3WW
9e#(
{j?g_i
>'76
:USv
H/8C
)20|K
#4Xp
8!-pi
B"V1
I{AJJ
+a2/
BNW
4FED
B?:YP
6<Z
k|
Q
g}	B
P29?lvbq
MyTemplate
O[8{g
8|;a
,j%|:
n@3F2
8.0.0.0
gqRh
D!*_:
'(fo
G/u_v=G
Rwk
0
l@2
jKYV
Vk|U
JwxPO
TYH]
#
_l
yhzA@U
uZ
4
@o(F
J-bQq%
-Ab&
NEtBU("
{W`f
+p'M
'qUzcJ
;	cz
(>%-F
MfU"
C#ivYS
J}ll
p,C=
I$*j
sR9`
Ur+$7
H=`Y
RyPA
s
}eq[
-]W[
4<>(
jflKK
5-
o
aJnd
M%9D
$IgCi%
qeR+
ioV{
1dkS&j
{VA{4
Skfq
X`-\
]>b^;k
X%
%Bqx
TaY"
90<N
2xU[
?Kc?
r(?Y
e1B/S
j3^;
55
guN8
cs4(ML
BX0`
PcY?
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
r*I.
:]nD
w0u
/s^M
"s4A
'+lC
Dg#K
Z.+9'
26-O
fc~Jo
J-7a
uf)r
fU
,c^
&PJ
0B&
:sx2
4p*otQy
&hY~
[DV?
2pJ	g
u>|1'm
jwz22m
System.ComponentModel.Design
EI|
SdHrp9
ZpRZj
Kxj
%,LD
d"5
,'8e
5\6*
anZ;
=Gp
qz]?CTw
1">_T
_aa
O6/
QL!S
d&Q_.
Bc/$
|MOJ
F
.>
okBWv
`8(~
7Y.z
VK}HG
mvs.]
OUI2k+#
Qvhl
/FW
u^:]
-'q'M!
MOnly
aS%b
& T}
*LPk
hsCW
I\.cw
3q]c;C%r
z!}<
NHwW#
}z0ou
HXk+
nSg8
k
i
dnjN
NR9
87R!HeCp
RmD
ShE;
_'+k
t{
|
bA"#
i-@jnyq
.%ju
Jn_$b
I11#YF2
f|fI
9ge`KtgI
kfUX
n4}<
hE6)
WY%x
Rp
i
0 V~
9rwpz
:u,E
IU)s
L!U
N)f~
c<"<)F
CmPHK
N}@Up
|Bu<
WG,9o
{P#Ur!
3f5]
0S^tT
R~x'
}0xG
Y<[{
Zweh
\s(
9c@
2*tM
M=9*
Xha
_ZG<
Ace Hardware starter
noG,
SO"U
J~/
^T6W
7W8(6}Ac
kO!?
A
Q%
mG~d
q_c*&
bIy]
9-CW
}W$*
@3O>
{	oC!
[Zr
F z,
?')g^
N{a:
-j2)
=6
k
l'.$
puE7h
$/J5
bz%n
i4-8
]5ZM
915De
ZIia;
S9N,
6I!IWT<
,;@7
x9_v
Y.,E
O]nw
]/A0
-PmKR
|ztN
cD=;
3j#>
W`g
_1Hv
Ih3s5
_>pW
~@
)a
qnc"
WNy`N9wa
Bva]3
Byte
h}o;t
W+#fs
PUb@
Khq+
"$_g
B	37
>47`
m@nG
\%"x
f|"LPX
2
a}O};.-
j]_S
;.4'i
75/2c7
)Qe
w0n,'
TWPK
NK3U
2IOQ
-R]d
uS~
dTcl
h6FJ
nt^#
<btL
g~
10vE
L4H>
BPa-9
]E4l
_jtX[P
p!xOu(
%V.Q
aP=(`Y
EC]s
S5U
N`,G)
*..?
I
p
HT<W
&@}!
UkX.
l$p\
m_&RN
!vvX
VYV}
\J%W
f(SQx
+gFyZ
j*k
5I^b
sQlw0
qev`&
zNb,B
"<l=
$O?y
dujf
J_s|
-|.
WYG,
#)R>
@EXL
#S}}G
nlq
8Jn
J_(K
E2L<
`e
[
XehR
"eK\
M=d^d
ZS!`
HB@M
7fd
d'
o!N
V3c}
kC,)2dw3
#Z
T
RX]
>
--e
.{J2
YH#_W@$,&
5t5h
cnID
g$P6
Up
4<x;
<~p~
\r	M&K
p{0>UG
wvAn
Bq^3@
~PbX
9}"#E
85d%p
bRrtr
k9W*
:$j
#*=O
$^J#Sky
Z?htP
w*]h
}^6?
QB+5R]qZ>
ri@m
=!'.
Z^^.
#hD5
4Nh{
;02q
i=j
'rt
wo|N
.vGp
i	A1
J*r!+5T
bTOqX
l$^nj
"
:E
K!Q
9QRM
cLD0
q%"D
.Z$:
s?*$J&&
Avg
EditorBrowsableAttribute
yt
zhv.?qZ
AK{`
pO=i
Z9 [j=
'u>F
ToString
T/)m
JHM3
"|JS
a[?=
&n3/
T/yy-5
es'=
G+JaWXA@
,{lBL:}u
eXP=
3>=K\
2J|
n^2B
YE5t
qv+u
LUab
osmeat
XcX=
.v5s
?bU*
Ffic
)rzs
V#q
$V60
c,=l
lN#f
E5""
:#=-
!V7y
N3,w
g*~*
"TbP
]tzem$
S<Kj
5*~k
[R5}
K	@N?
[|K0
CHTS
$IW
BM6/
=#FLo
@56'
B[l/*
?_&xDq
=*9R
Z)'z~
sN}~
Ipn-
04O
Pz.5?m9CFS
DebuggerHiddenAttribute
{=y
ED*xgP:]
G6}T
\OvM]
McodI}
Pa('U
}z}?
-]K|
7c=O:
Qt(I
%]aZ
T&wG}
Q#Lt8
qzGp
pP/i
81Dk
Bsmh[(\%4
AssemblyTitleAttribute
DHP%1cF
g/
Yu
_FB
=z}-U
*/n
(
@<61n
r`at
/Pi&
t%4C
7JVN
sf1rIz
l!Y2
9BN>
!B+=
^I}Lg
!O$_
#CTA\
~T0O
'FG"K
yg{q
Q#OS
J#og
W_<sF
"w_0t
#3oV
."#'
l"EW
MyWebServices
Geo.A
;O7
0gJv
&(#C
\O$J
Create__Instance__
Fq"T_
iJ,
tO-S
h=|W
U`{
2\I
v;-;
]P0d
o})?
nxFg
R/Ji
%]7X-
0>+>
-L .X
$ck@o
w*Lt\
W< o'd
-P0fN
+XS<
tqT_
b5Ra
s=15U9
O{%W
4"M&
^"T^
uk?6
IDATx^
V
\b=
p(Cv
Y;pO
ENOV
/:9U
G0o|
pGD[4
l^Z	`
Data
OV;'
%SG
)
+9>
k]X"
0-HX!
b
G0
nEWo
t\f
7h)Vv
Fn%8C
(qi[
b9mZ^xd
Cxt
?Shl
f9	z
JNXn
inL>
Xv
zbF{
OE/
D}tl
~~KO
EXXNR5b
z(~
8DAc
p5n!
rY_c
K6@b
Pm$4t#N
m~p9
N`}Q?
F|ak
pHYs
.ctor
#~2S
zLj
i1	5
8}4
wN1m
jKn;
#th&(
DPA8
8-\bk
g/*h
lfQ`
9sKD
jB`]b
;?
"
HIoW
{7.8
C~#z
`L>,+Q4
(u

e"*k1
D7'hsp
gqke
K
I7
aac?`
F7El
_MkB
=q>vJJ
Main
a']
2
c{/QS:O
{sbH
LoCMg
HcJ0}K}&
%>ID1-
0]2
Jj^SV
3~
l
D!>A
nQ(
$%
v
'@U&
vBxsF
^wNWU
?5)
##_N
M]l:
rP_&NM>o
xH ~
i7v-
)p)
WK[Hj
<KT@
/o-bn2
$tb9
E*k{$
System.Reflection
wg5U
n|4]
c^*b
Ace Hardware Launcher
.DZY
z`P;t
&17s
o|e4
}ZK#3
e%"$
clbZ2Xw
s*	V*m?
CompilerGeneratedAttribute
)OZ2
oNv
}!bHF
HN<!
TKl;E
^Cq5
B+1E
Djl9
R{X5
S?	l@X
+)T,
U&d[
f7?0J
%dho
d'f{|v{VBnU
<n2D
jUF4J
H:H7
G?"j
KI*.0
TL_W
\&kL
W~gAL
3K6lkJ
!!N}E7G^
]THw_o
nuE(
M\@O
-
L
n;eJ
PcG5
'f!A
@.reloc
/}id)|G
[	ta
%LwJ
_78b|>-T
!?s&
wL3X
h*))7]
~wworP
P>
^Z
/L=]
ag9j}
0%/r
qdS|x
16bK
wCn<
~lbK
GqXh
my!g
7}\S_C
Ir7X
g!B
2v<j
N(2f
#,
j_
zV
0~
1]99
7Y%1
3y#E
u>m$2
?=<gMQ
QkK@
(5TS
>vR|
@Q9N
^R/s
{[z|v
F~CE
Rq"
CmLr
BVm
h|'lf

eS
Y+-K]
uso%
$T2
Y	o*x
[8g$1
?n(P
jimu
System.Diagnostics
&Y&RlotR
`M24
Qr2?
3iE(
w"E
kyM7~R
W<!s
=#?t
HAlN
eV`)!
~K24Ico
|{?@
("~
d&W_
1%~
g:Zt2
RzVU
SRehA
EeFQg
Mg%|
=(*,
LAiHE
.EZ?i^
,e|
.}zH
mSyY
?$|t
#Xq;
E6<[
+:U\H
[oK(W
YO7FE
W0[]mz
E@i:$35-
YcIK
1\$5
yhz6
qX(s
!u=W
(|^o
y
Ox
q]ck'
Y0x+
]ZkMK
:&)o
0Myl
X6W0Z
'YH{
wR>*
&/O'H
<T E
R%ds+
ZonO
D>w'M
u}Wa
W`0_
m\0.
-'6
O92e
s2VL
|4/6:
S_gt
K#=F0
%g95
IzQ
z%R?9
zLGp
E m=
tmw2
v")%D
\)*
oo0'
("89v
l;ak
~U3t#9
Ql!D|'
888t
L^6%
ElqIfC
sZr
zs[
Ud'	Hr
M+7'o
tBRm
h=||
:"uL
T;.
}x0jd
dVQ\
J
F\]Y
NSZ(
EU"~
e-Q6A1
X
<vX_ME-e
M?!/T
Sw{z
W$-k
L\Mm
9i,3%
Xc3>
dqdQ
-\eU
u|
c
ks4q/
RuntimeCompatibilityAttribute
~Jlb
Zbfq
JTT
H-jx["
Y\Iv
}_/!
]X67
mj>u
R+'O
E1^r
T6F}3\
fEBP
gay|
P='`
.(+
j
^/'E
hj[@4O
ojQC
f(wDo
@(so@
\Sf=;eV
e	];
K]L^6_
VpeQ
<75N
ZS,
it<w
O'\-3z
9gUTR
U&GOO
6Ti#
%K7R
x!z.
<Z2"57o
=bTw*
LHG#6
[	hk
7GZ-
3oT
U}C(
B ~4
85bsi#r
MlD1
uTq|
tAd
D0op
}tiJ[
XPro
+birp
+7i6E\>h/
=w2t
:Yc1
PH8GH
[SX|r/
Yrr%
BB;
Xl;
Tlk!
xY_	
-
+4tYz
- k&
xZ"aA-&
i/FT
FLmod
A$<N
=""UB
A7XJ
^?
s
hfHt
eXFpF
ZuJY
lLX6
B	_8C
W<
?$aGa
5&\9
K\2Y
u5;ZJ
ikS
5V!"$=
'bl&
- 3L
6AQi
Fr>?
6J
y
.''Sau
/#Pn
oJ^h;
\e!4
iL=}
rN
j
JhnJ
fEGe
r#KT
"g[b
U(T>M
DQW7
!l1e
B:*%N
R,<%
.0S/v
-DBnm2
q3K
r
4t
-v[]
Y jG
ReP
\mJ#
=M<w
Z~7d:
K0UYv)
}1\%
ajDU
xZUC
A)SC.
:%$Z
r^h
u9"_+
;"23
7K]x*
Y.X:
My.WebServices
)))c
Dispose__Instance__
+8c=
1ORt
nvfSQ
@um]@
TJ:j
*NP#
!as3
w)7:
,J'?
7(G[_
R%qsEl
v~=>?
LNNy
f^M+
I,1&
BAg_f
=`#
2H+W
f{~~WA
j(F
V3@Q
6K&_
A_U,+
Jv-c
DDXW
DC	<
UdbH
CP?N
"Z@A
Z1{
gWY\*@
F,OD
k(?)
`>"Yt
*xZ>o{b
|cY4C
G	di
ScRn
Se/_
(h}Qh3
W*?sF
Wg]bQ
'J;8
yWf<+
`
qZ
Piu #"o
0@^;
fQ	5L
|n;,
%|/|
3pve
Au
6
*Vjr
jakd
^@
k&
:L&"$
+-*=h
va{
<8ww
.j7J
>tLBY
=I=
17.13.10.19
rWZ2
,&Dy:ej
V
ex"XX
!6&@
:*h G
[M
#g_@{
z7|m7
RH*R
)\@<
m_MyWebServicesObjectProvider
d{TK
He=ypn
4y	[
P91
a7DP{
~NOc}
p[|8!
H~^RC4,i
xZum%
eq_
-sbk
Nf'zX
;0qD
4AZe
B.MZ
O4JY`bv
FYq9
n~ji
<EAhO
R
x8
qKiq
NfZM	P-
M
5=yS7
xCP>
7{??n
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
ZjIJ
{lXY;
C?5~
7_(E
)ZZE
pi7;
w[ms
555x
-ZM?f
DuA2
aMPL0
\2.'
0|kp
3Q/[
Is[0|?2
6:.e:Y`&
r8K2
`[*;:
!ktc2
n&Q8
4KU5
~l()E
`rRI
,}D
}16!
p2S8G
oxQKk
rWKR
z1L
dA_]
p<b%
%V[w
de'Kn
lLs|
SV6
3Q
>	&XN
nZ,
|~cO
1mHom%?
}*38\
}2Vo
(.[,
Nre'
K+(R0
W$io^em
?+fUI
3UvY&"F
*gP?
ugx
E^7
G`/j
q=w]
| |k
4-
iCEXrc
"p7i
a+. s]-:
QK(
lQnkd
=C 7
%H	dOw#
+g~_
vhQqm
]/lu
07
-
OM%.d
uSQ
%8Kn
:pQ
}|AJ=
C/&Cp
:YY;
]&o{
P`3Q@
,q^Z@
DN297A
W#hC4
K	>K%|
j8],^
Sk
3cZl
ARD
`
%Q}u
IXqI
_M%h
a^PMG
4=4*
Y>QB
k	,!
1JA8h
b>Cw
p(M
9!z_
"^T[
m%D l
EzrK]
<D=>
/!9"D
INy
m
xw5<
VpRgE
b;1
i.21=
J:wZ"
RuntimeHelpers
rV,
6|U;
?0Mv
J*K
#N:4
M7:K
`m-i(Fv
0m:}(
L
!/$Qc
0!<Q
"@_Pf5
]#^Y
|vO=+
Ace Hardware
T}wF
O4J
MJ_iZ]
!v__Y
Z4b+'{
"/pyaBi
u{f6&g
k4?L
=qd
A_$r@[
~_
wls/
> NfB"
+.+H
h\q%
SbKP6
pA&C
4	|4
;ib
#
b8(
x1~n*
sgjI
6GDD
w
^y4-^i
s=&[
ZW7p
lj =
F*g`
tkYC+
xFT1J
hK{/
g
{l
+\I
nA)I
S+;t
fo`y
P_lsl
_EV=
G@ZE7'A$
\tW"Y?
@
P
Evw<
wy)?O
{X^E
$UQ
I9,$rv
7[
D
9];(
DR8
,,P_s}
+0	a
4?cv
hck7
~QZ&
BjRp
W_)I
$5$
O>Vs
@(^{l
H{b_A
_hWD.
a=|v
`CL
%w+&x
Ir.N
qf)b
$jIw
CqN?
n
c-
N@%\/
ToUInteger
5s|=
PNRo
b*D
zD
1(G>
9
*y
8S
Zx+EA
}&fyw
xq[@q
b#<x
e+Nd
'+Gt
1r7Q
->=D|
[6f.
u4.:
{je
jUj8
e$U'
b|F)
gAMA
v}
v
P?A
~&bE
L
1e]9
eJ{^b
82)
GgH}6
?B\0
wg!x
.QJ2_n
><0i
*<N2V
zMO8
pE@]u
8w5d
xha{_
sc[-P
}\:a
FE2^a
?.)F
4{_o
Czc}f
Hvh9
dO2I
K*D6
*:&A#B
$/o3
/@`s
.cctor
GYb0
[CO
8 B
J{doh
JsC*JC
g%jg
1`]
4!S+V
mscorlib
Tx~`
]M?Wz
'lzW=
{Sc>
mb\T
7! x
$Y{\
_V1N
I[{I
Aeo.&T
i)7E
#rX?
(rgUgp';
Tg/))Rj
=G/Kcy[a
*SiH
rU"c
1\zQ3
]50q
-_]ku
@x(K
GD[n
TqpU&
pSGz
,jn=
vM8M
3;G0
TCz5
AndObject
/^KPjO.
3}U2
_J/&Kj
1TmM
U:.
M=6P
AyF_X
IJihdm
m_UserObjectProvider
ysIp
|x_0
m
dp#0K
^=@:l]
@3sL
t[w#c
~@[$* l
?No07Q
}c4'
]J;H
n_9
fd8?
"y	8
l7g>
POlu
?kAN
F0w3
~:[	8
3y!5-
r!d
6= ~
SHA}
[N}bou}
vr><U
79ZkU
E%OA
BmO6
5[ow
m:B4
2tD8
h[t@Bs>
RVFD8
G#t#
J:&<
"?87
q}Og
~(>.
ajtH
\b}9(
wwm'
)
r-a
yX\
3vU{
.jM:
49>K"D
LFzp
n`"}3`
W)#N
r1$J0W
h$}}
O~/_|B
T`TC
h.QTyp
$: k
)&o!
p(o&R
U])+
2)8=
I@zGL?
w0oU?
UBa]
1D
!}R
lIS&:
0ji5~
3ERA]
y:|#
m ;M
VEWd
xW?g@
mV
/ISYZh
p>Npy
System.Runtime.CompilerServices
-m&
?
5GR^
yiS!
l1hT
FWt
T5?3
(ygB/
8;Lk
(|+3
Object
_j}8P
F:@d
7J^Q
bSh+
4n<
z =M
a\.0
J/+"
$+O'
g~*
ag-4
BX4Z
TW[_
;'o)Za
f0rA
n46zB
$u"
HdXP'7
y	0c|9
FHGH42[
s!Vx
[Vy&
jc%6
PU~
uK':(
X%s6
[<_V0
6o4
gXU@o
c/	cMb
:Irg
N>jq
zn
~
HN/
msR%S
L/kf
6dSz
Lu
o
AssemblyDescriptionAttribute
|KOQ
|"RJa
#HnS\
&WDC
BVap
1-cG
,I'xa
\
@o
gxc?
O2}k
*3Mj
l(/=
&2Lr
f'Qm
B![Ue
)Z;cR
)%VD
Ffv`
?o-
aMK
g|/fJ
:kS
t0
z
v{M0
(\/eP
f'|$
5f/"
mD{9
n9k?
I\ei
.~"7
,$~-
*oYD
=$w<Sf
tnanP64wA
>!j
jE1n
hlm3;
-"yS
O
+^
vA%!
&D]:
w/h/'
BSJB
[YGu
p9 Y
H9rz
IKKB7
G<X(P/
[W
T
}7)-
F+%s
4D#R
='W)
Jnli
v)Ra
aV`k[
Ie)Z1Yz0H
F'gB
_FIzL
`x	3!+6v
qezi
a:Nl
DWP.
/Es!
qpNC
Y{VX5
U+P]
;1x_
1Bdh6
L]_o)
0@ka
[-M
nV
? #`
Ig()
1r[P
9#dz
#FC/
ZK]0
j]g5\
5R=?0
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
51)g
3^v?%6
GrBWZ
C8i|
@sI{
eHF
xpxF
HjS
.*
8O5
y{-
Uc7q
c
V'
?uY
x3%8
%UwvS
ZsUA
#77g
t/-}
;(B5
YGKb
!This program cannot be run in DOS mode.

$
PEj$Y
4hJ:nz
mTiKo!
QPF	9
vjE"
XrPJ
[{B%
tJaj
*Sz
eQN
TKJ5
,j[;#
'I
+
'9(!i
(3%[M
,),S
tXF]
7{Izl
R)|d:M^j
!Cna
647
q/W|
ZS
bE0\
GetHashCode
FNAzP
S^{5
S-aN
i7p)d
uy5q
QJ;'Cu
riG8n
FDy'"
rLMo,9q
C)	W
|nQg
d;?-
U-)5
TT=9
s?\T
+IBW
K+77
[27*
SPs)
xbTcD
oUG$f
{+@*0
"{ [
IBt\
iR>w
Et5(cV
fPc5
QwS&
q}zW
4Y;
65'$u
~p8z[zW
]&r,
*)!7X
5yYh3
SR;|
T$5+
,y^&
c^_h
JR0c
F1
*I
[+wP
KH\P
9CtB
K64l
lE'L
9{+p
get_GetInstance
#GUID
J$U2}
/|Hg
t mR|J}k
J7*B
UlDQ+
~J`#
"q1
fY9V
h#nN
B
{h~,0J
4gC"aq
M/dK8
w#gS
1:i7
NkO>M
Ad8U[
s<gU
.Z2ys
K3MThMj{SJ
?zdZ
_AJO
_]xoB
QQp8?
={	V
ufbbd
li;h
t/F@
/	M(
N2J%p
t	a8
Sd51a
My.User
k 7
OF<
H]siJ6
EA/
iFu.
+lp|
O5>W
^y@
L~d;8oxCi
yPYSP<
jQ)]
0v8,
|:)D
J_Z5
h18V
:
9AAG
SM`p
;4eo9
X'I%{
:y`lJ
}Z.,!
%TKyI
I]-s
^Y,1(
>9:Q
ak*\
lNB"h
#knkr)
=UB0
\Y-Oo
o/HrN.
1@fu
'@v"bvg2
#-c)%C
*)7J1
?wZ*
1n6d
<i8l
!h^P
y{.wh
u!K{
FXSN
NIh==#
AhX=
>#Cd
D'4%
Ff.j
hi_`R
551*j
(84`N
<ZvO
^Q^8
V&
%
~HVA
=P};k
$S;^
6zZ^
u.V.
2JVb
UG1M
1V'jnD7
`j)7
mJr,
~1mT
x/yE
@Yn7%A4
]d6Vv
37#\
~PT!|
nG~*
e
C]h
_a6g
Z
y,)w
D.g+
`[1)
;tH~
^4&0
-ib
LE<*
HQ%J
58kk
M
>M
Bo&d%
(!:.H
06r.
02)n)Z
t-'6b
l2_M
KO<$b
mi
Q
4O>1
O_Qn6
5G)#
=Es-
ZNiVu3&
obn$
z
Nz
ZI`{Z(
,a
"7nP
*~Ss
?iO`~
+A)n
9
2'S
v@v`
J-*d
sbbe
,zZ=
EditorBrowsableState
Ibb@
,j&!
pr
._
t1;*n|
Y	KV1
H7{8/M
>0=J
/8C|
6`@$Ko
ZJ=a=
'5jU
YJp2l
u!wUZ1k
,Jl`
>dM=
{m|RF
f@dl
BR`)g
]x=T
lG24
e*/?Rh
fqM-b
]g6z
"hb$
g-]
1ALpN
o2"'(A
=q14
;i0v
ms-T`0V
(6fGj
gm21
/zi;
$d%`&
Q4YJg
/Q=U
65S-
q;3
aY2}
OC/D
~
RV%
MRDg
mP^&
YLWeS
dhx
?v1M
UGAJ,
`YGz
tQ7v
?;Bt
}E~=
L1 [
U>"$
P+'"
.J0"
b}hs
xq;w8
:Q>{Z
QPwvXy
4
_CA
|G[P
$!cW7
"U,U
!Hg`
v9{~
8m=J
6wPx>
ran*
wHp*
oKeD
0b,
zrP2
KLq"-
A4/pf
pH_xY
NWcXE
hc~nfsp
WKJm
, ,J=]
&G*h
_FCb
@
e5
yJcP
C4<}z7
;}](
+[Hh
T=?1
)q#M7O
G}0{G
#h""
_ A,h
B#Y/
lMds
CRi'
W.\_
BN*s
+++k
hYX`
eX8C
I<A
n
9:9VH/
=U>#
7}8S}R
+6zD
[
a
/ Mz
i0d$4
-oBO jL
jh&>P
KS1|w
>6
%
CompilationRelaxationsAttribute
!-,K
get_WebServices
wD4I
b8Fb
String
hV0\
5SMG
&GP,2
5C$Ov=
C)uG
"{Qk
CPsf~_j6G
N1fO.v*
AHR^
:2A3
f:_Z
d/`s
stf*
g8m |D
K|?m
$Z.t
x	cR
,F7@
!\7;@P
?5	k
Ukna
)7P9
Kpvi
1d~v
IHSL7
w. &un
/rD
qqE
Pj~(E
@w?a
l"?0,
I/*K
zR~Av
Lk5S'
RiiYU
ts@&t
^zs.
!	hRmd
9`>
G2,G
StandardModuleAttribute
e[m^H@
kluS
{A4*
7<U,d
'u#h
u=]F
/*%
h#$:a
D3s`
lC
(?(3[
77^o
{{;|
2nE[
_\}(*
[>Z[
9v",s
=u
Jx~5k
r
wi
gT87
[fx0
#nC"
rF[
HideModuleNameAttribute
%fnC<
otc`]>
2^'$
nO-<UR}
{	|N
|r
{
HLnGY
~
o@
*,+i
Qa)
#]79
A_0U
l?V1
1
Jv/Kr
Microsoft.VisualBasic
^y5!2w
}G4
`
.	.K9
E?eR
s\M
*	^x
yt%9f
f\r3
DLk!3
xC<[M
BI	p
]VekW
oD4)s
E7gr
kCYE
[d|p
kso1
<^<b
(qO;yP1?
l-Wc
'
YN+o:
VC[P2M
f}Yd
8]=
<-7/}
G!p*
'$V
QOo[+
]kWSU'
4&9R
\8:J
HzaA
yl'e
|bm1
yf)P@g|
~zxtyj
)
000t
:HoS3
7qUo
u2T7D
}{Z
TdWU[
]ORM
h0	R
lB1x
">uM
iF=V
Hd$:
.iH|?
|#SU
6		Q!b6
3nxu['
8i9h
.y)
z_:e
J#ebgL
!,)T
U5I!
'=IB^zN
;~Rf
UCWGn
BJ-87
4mbf>
;%e
V>
WV&%E
g[0k#
" IH
}g8l
Px2K
0D;	6
%Y.X
GGEi
OZQk]
Concat
s9\r
Y"iw
xI+1cF
ULtH
pBeQ
\wBhp
<2zs
*I.t
YkU
<U5U
d
g6
jp;D
:^N~
.QK`V
yNBS
$!kAH
uDa\Qb
-2En
daZU
]i#i
f=^:
~;!
+*tq
G#h1
B{VK
QLwH
v	%e
?0RzD3
{	QF
<gJJ(
zCiu
zczo
o2{X%
p`4}
{$k8
:H7nx.;
9VD6
.g=/
+)~Q
76Cb
<@]N
Ic}q
D&]f
08d]
sx'jx
4Bdo
_y@n
,C:M"w
-B
<=|(
QL&b
>
&A%o
;x4	(
:nC}=
9zcz
Af>X,
eK8
`	k'0mB
"~*p+
b,5&]
E;&m"
,H0H
TtP_yJ
1|ZZj
<}R,
JAiR1
M7+#
scC{
r'<%Eo J
R@$-
%keC,BGOt/w
AssemblyFileVersionAttribute
P%
.
A'Oi
wi9
System.Text
ENjv*k
jUy!
~",&
/2E#
/YuM
t~3h
WS*[
_:bTl
4+G<H
vVP?
hd%6
&QHc
1Oz\
zoPH3
<R.
8'%6
{She35tD
oCJ+%
/@D%+9
F~ *
p]zb!S
xisd
W3M8
=U
2
2Bp[8VT&
mLh|
5NX
rG
D
;dn
I(cU
'sYe
:5=
6KSy
|Z*c
n\m?X#U
RGv*F
ZT%jF
`<tj
!1a5QT
s[*:m
PA|Z
&zK)
@x\@
1N2y(
7*1D)
ZFwT
&-bf
kY))
}8/)['
///v
?q#{
H]E-[
2-5F7
nCL3
n}VS4
KLv%
j	su
-OnRU<
6nNL
|}Mr
z6
8
XX+h
k*_`
?t~
57C2
I	k
mIg'
>/,
I|Ol
F4=%
Hh)Q
.C[au
2E$G
si.p
0s@H8r
6'Y/$w
1X\*
0 0>
GwDy
ss6A
J))~
x:XQ
Q*+4~`
_-wo/D
q!mb
^y6
eP{r
sna-
3fz7
DOQ)
0Rw>
yJ@?/xQ
_$b0
3@v.
P<%h
08	g
MV/]5
X8L
_KJV!S
(Aa`
H@4
`/*n
0O|&
I^)0(
PCP'
7.W`
c,^_
r<
8%{
G
K*Iv
g4Q}o
Y<
E
/:4z
]u(L
|
:?l+0
o5F]
y_t-jW
{HM!
ktDM
ns}_
U#e-d
\>kr~
`*DWT
2	oBq?
uVuo
Dt&RH
z^N8
"""f
)Tx2
%P:{
_CorExeMain
)>V#
U#tjVEb
hc/VP
K
eG5^1
'<"-J
IS$n
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
g}m#
z"'4
v,g_
mf],
&C5
4H
0
1cPa
d#R2
c3-a
ueis
.ZGr
f 1o{
P'Wa
@m'	k
Db[a
8(CT
xuo4
4O+k
;)wg
8z~uTT!j
T[Zk
~}Ll
=!P]
\l2l
1/^],p
S;F9G
\sB3
hUBe
Microsoft.VisualBasic.CompilerServices
gToq-	byKo{
N=!^
R3h
<,	|
7=<ig
rtYU
Twn>9
^Ejg
U8.2
CMq~Zi
)_@L
wLUJH
5PXtJ
K4.8
MyComputer
ugeU[#
9P#=?
Ax'E
8yfb
kf99E(
euS7t+JIW!
h^"k{
'G.p
i?S
q7kT
3'AU
(.VVM
"vtk
1%<:
/S`
OqQ$j
l4Hc
t"lv
xvgB
94NO
?/|)
User
3oO/
IN."^8
4T4{
@]<X
A]ne
KU7;
8^b	cTv;
s4uS
"AW`
i>vj
E9:-
QUAU
ga6sH
m9H@
A0um
=CcL
cG<i
SY_@v
ApplicationBase
txe
.-%D
^(&C
XECq
]De
2rPJ
!|e1MN
*K03
[z*Bi
F;>g\
C^l\
M|?-eR
>NK/
u<%J
%V2d
9|X>
L_ _
VKD+
#9*9
ch%X
zI+
1S{
U[#eIJ
'd&}KQd
KFe6
<$2
r
sw$H
9fRR
r3<[)
8tFy
dLrx"
08k
u0N|~}x
zCTm
Gal
Z[N
xhP`
cIz]
6qn?s
z;?,E
"#RH
]H	%
w&zx8
UBHXkXd
>CD
@qGE
NLPs
g!$)
b$eK
z-W6
FIrD
X:Rb
4+ZM= Xd
Z~$
`pt'
at./tK
0-A8z
"jfp
mHpQuG
~BJBMZ;|K0
nHA,
Uc8)~
4>>
Q?~
IcD}
LgFI
St"IV
JtLmp
<*2wo
apI]
HuB{S
1FC{
.#ZmHl
WHw
l| R
[D3/
w"| D
|]=X
X6OL
OAvdxV
*28;<K
?;|o
IB
)5oh
5t}R5r_h
HelpKeywordAttribute
0^v9
h*|6
M`MU;2
_e1rS
3!%S
$Un:
gU\C
Xm:v7(I
s`-c
lI3Q
cKr@
+kA>w
2La
EU?*
1]QK
a'K~;
I7h@
H\^Y
W,vI
GYjwW
$afF
j<.v
[rC!
hb$w
4c3
jf1[8
T{MX
T/\Gh
5gaEp(S
*fp6
p-p~^
HBqg
H.lrC"
L^!I
@wbp
LFw,
$q
,P
OFD.
/z;W
SubtractObject
FnCSM
%I*'bxG+
u4Emr[S
G!)v
nTug
4il@
gsZU&
L3^$
?b]v
8QIv9JU
L)01-
sR0@
eLZ
kGnRh2
#v_7m
>pN>
Qtlh>MHbf
LC)@F
ComVisibleAttribute
Mqg/
poy0RG
QN
P
DMk.f
2d}e
(F{co
8IzD
G7CI
s,h/
p!:n
f~E(2
=v`LA8F
J"1S
I][a
G5"tO
'i{s5#Xd
O~.Jw
J=K	h
@:jj
: 
_
&>CL!>~
0i|`O
BxO
U
*
}6
z;lU
h7_YA
1}
Ld
WI(K
},/Q
B']kF
0#x*/
9NufI
t$)-y
9$4f
klb\&
V$bnD`
+Cj=
OJYP+<
t7N)
Gnz9L
~<*n
8+
HCI
)^S~S
s`lu,
#)BV
zN
-
1SZH
o*^1M
aw-g
{h/9
aA
!,OJB#>\
B3;}
rG=x
(1Ww
m[wu
IdYTt
nC.Resources.resources
bntxm
<#S	y
4e9-
O#=!
:XP3
:Om
/(tD(K!
xv~w1
AZdo
!!jQ]
S3[#
(Q8ZW
WkhV
~0Wk
n:#i`
<Wb\
0
	+
4w*h!
EJcE
t\gL
fnN
rgf
.o
c
n4k
1
U9o,{
w^ui
3{zc/
SK9E
9WN
!
kV<b
'9WM
4y7?'
BhE{
6A_G
Cs\F
5s# /
Vp\_^
$%WH
[?:p>
S'\u5
A@1I
.&lP[
fwE=
mkM#
>qp}!v)
^z-QH
HZ,T
O3c'y
4jGx
sRGB
%#p
|K*{
.a8Ew
xP!p>
"<y
`l-c
W'GUX
b+$
k
yml
Wt6Qi
jyu3oL
FG'	g
b3pa
!d,f
<nL@
%lnz
}(B,7d
S=P=
S UvQ
VK@
Lj~|
h@d+9a
MJ^S
9^C
Bnu}
.	(TQ
87844
d5Q(
v.
\
Xc&
]
y9bP
>1!hT
2z+#
? zs?l=Ag
ae[3
J"o;
Kr]dr
U-_O
B

<!
LaAR_
.~ D
/i<aC
<vMS
6=@i
6O@-
]g]
^=Of2x-
M'T
/MB"
,9
	3
4iz/
2{rg(
M$^cm
!Wv~P
cp*n
LbIm `Y
U$g
a
_6/
C7EOTN
4G"Kv
5SOW
m_AppObjectProvider
s7F5
nye
!
N
U@itF
Z:Pv|0
719/_
R"Q}R-
O
G>:T
|_fA;
lA~fa
k=vMu
<>	i
.U;_
%"<2
Vf/U=
cO
?m^O;
V`3
ro	F6
-OwvL
)UlQ
FN;u
?{w0
7],n!
V<M V;uc
~4By
Occ)9
5g3\+
nCm,
)9%
A3)a
<"g_D
1&"d
icW
cvUI
4$`J
zX7l
4wv<PM
8r$v>"i
*/(5
^M(_,
Bt{4~
o"
OoD!Y
CY7(
x`!H
oB\?
>^n_
System.ComponentModel
9^lQ3
Ulg1
peG}
1zS
AssemblyCopyrightAttribute
d
+R@Jvt(
h)
@
pCtU
!e5K
\F6y
~j[E4
L~!fM"
p$}f
QRp,<
LM1^
2gA7
?}0}
2ppZ&
G6./D5
5zVD[
DLG!m?)
)7P>s
3mb/
^fBt
mxvIn
UL0\%
n_{^
CMLS
l"wS
,%![
-bw
y;|<
{&au
Z)^G
u+CaS
[b4P9
!)a]
Hz.3b
,y`H
[p/I
?
DR
5e4'
t5Jbx<
%!5d
7J\o
FD+g$
9gK?]S
lB%
c\.c
8]fU
_M@%f
0`J
l^o ;u/
y}B@
O1C};
W6H6
3 Eb
FVi
rL"R
System.CodeDom.Compiler
P\
VY+
QO*{b
mv.,Z}
Uf49
sSYM
B0P
1
o,_P
k@(u
oz6?u
fOc"D
!N
q61{
_G h
gC+x
"1}
x9;0
N}Zk
5~'&U
T_mg
/$Yz`rE
=#E
ms@e
z78$fC
ZY6eF
ogYE
IofJ
;>-:
[-58
o<m|
cPNh
2R9
S5xV
G$)\g
u5bg
m8C4
BrP.
JuN{ogI>
&|{g
4kf_
|,p8
SZ?S
uzS
9d(2
4\T`
j!^T
nX-O
%'Rh(
'bV!7
wB(6
X#Y,e
C<]dRQ
=1CG"
,sGF
Ek*p
lrFO
E	^=}%:
LO
N
U,Su
Microsoft.VisualBasic.ApplicationServices
Wq
sMd
27:{
#.:|
d0'%:9V}c
;@gv@
XHIIN
W/3
MM+_[8
scrk6&
*Di
Z(Tr
/(KBE?"K(&p
lt<vU
5[/
MUkx
hy{t
1DV/
LhL~D
vmOv
IDATk
kIFI
2M

IKnC
qoF;W
)tYy
js&
-Y_`o
_ZAW,
2Ub,
=X
;
OrUCC-
_&c;=?~>
zNqE
>+^9
Dsy<
d@8Vx6_)
%y[w
*|z`M
qYeh4
&C%]
XvVu
+
v.
[#+F]
XExf
^~c[
8mz8
l2F#
;oBd>
})w/
<,E5<
KOJj
p+bo
e{TCT:
uM1E
`@Cg
2@0J
#E{#
,m(aja
N fp
?azS
L'6/V
V1i$y
AddObject
)o5|
lsf?h&.
E"OihVr:
EQwk
|QO,-4
My.Computer
&5Lh
waa/
7m'(U
:ct(
f"v!n
;hM{H
^hn[
v2.0.50727
P~yF
Z14u8,
Operators
xn)oL
{>(RS
O0,F7
gsM&1
Tc,,0
84>3
w8@FF
=/zz
ArS:g
s>d5
A9U1Px
)\8|D
H+PS.<
[HtE}
\,@?
tE_l
8H/p
Sdi$
?_1;d
O 

#u
Vk]}x
WExr
=YOe@\
0XMK
tO5E
wqup O
>yMc
}tjA
{M.8
a>* ]
dzPp8
Ji2q(
~Upv7h
kP=OH6
LORH
mv\4c'Hd`
; ]
[-aR
<J	&
#iEX<
f3hO
RKs
7xx<
bQne
\A.|;3cY
1k0G
|0"
:P4%o
ae
<
M.9E
8MV#
tTLxk
x[&i
!;,{
q
!
f
X}
NZq
5hA2
`:h]tb
|Tte
/11fT(
>Ya
||
"
_y+z6h7
=	1@
CT%
A
.b
}koY
s}t-G
<=tOs
jwHL
[p	nG
%7k^
@IzS
:+$p
VOFx<Xl
gy
;sTl
pMFj5!
~97x9
930-oJ
<l2@
:yZn
O	m8
wbjQ
}k|tc
5D T
F;^.
KP`.
Zt /
)bUW
qsp~
o!HZ6/
7B%:
e<*r
sE75
/(^kAQ
]goMUJoKp-
t{#(
96$:+
IW4$d
}]TvG
}d0D
KUU'
\e\
9M/s
\
iy
`-6q
@=fz4
jTy
E$*/
Gdvx+
,)aY
*0co
instance
+Ah}
M	:
Ur
,8o!
`JM+)
{NhT9
J[Mw
?g{J
9b5V
^COK
mv
D
Vy6t^
Pkt"
9bC>,
i^#V8D
k&%j5:
^ "p
w}:J@
ys
P
T6[}
,SN0
iE+!
iD}S
q&we
!MH$:
E+0
'yB-
J4?6\u
bw
^
>(h#
[ ZZ
H!8D3.
e(T~
4O?p
lU}I
d;VU
9sm`K7
w4VVD
#)lg
xzIT
9] s
]CzP?)3
5iMZ
6A 
q~B~
#j^6
*hE)
jP!4#
IKrx
Vn	X
UT@z
l'Z"
wBN)
%%[2
}#i9
Zg] p
IDAT
B2.dE:
aPl\
A4sfa
q<MM+
FD$<
KwB!m
tsCZ
System.Runtime.InteropServices
Q"`m
ytGyr
doNZ
X1+lf
NTZ
rp"d
<<O\
+$+V
&a}
=/D2|
B0-h.
jMbfg
>f&;
v,s
-(~LN.U
ueU1i
ubU
C
Yy
=qURNc
UAsi
jq
OA
.'9G
!/-e
)DV&
_4/E7/
!$8=
fIOA
H=}R
u]y;
&?!P
xd'k$
k"J%
>qv
K}@%
pWYQW
U?==
{&2X
wWuy
=qb$uh
7~.@
Ei\J{
L3x06Rc%
1_
R
4?=r
iT<r
#|J
jvHU
.aPU
32<7
!b=[
+DMd
fs.$
IEND
;_~!X
NewLateBinding
$N*
v9	IgD
VUh~
;5(&]
Q-Ro
T*"L
q9d:
(=WB
U$"]
9mz8
%YVLPc
J$?
7
:C@
SD
AI$,)n
~K\y
(J]Hl
>|:W
Kh`0_
hhP|
Ucpl
8XqWFR
sAVq
hSk'
'&=V
ax#>8
Z6x4"'p
47<N
TBs:
Nbi0
PU<Dn
Lu
G.w=
N#>
cJZpvMV
}
r{
2E @
[2uc
3"KW)[LR/
\-MwT
&V%(
=P>]
K\X`v
1fla
#5~g3
`~L|
F$U^
reMy
ng,7)%
K\P
Ion[
y"q6
s6qnF
FGuW
SKCzg
1w
d
r#ls
eC~?
G`(P{nk3?z
]%W=
e
j<:p
-p-
7JnI
Sl=
17V
6|5!
|JjsTl_
H&~
~vJ\)
?~EW5+@F
F@76
f=w9
Zu)9
lrULiF
aySd
iJw6
D-sN
9
2L
BwiV
+`i[
H0JP
#3>Q
/|u-
Oqtv
Y^8"
'2=7
"
C]
oh	l
o,Bh
Tg0
1%[R
,wp~
mI31T+
_*5"
My.Application
X:7=F
!;zYrfm
fr
?
\sx9
S_A)^8
*B![
6ATR
a^5`
AssemblyProductAttribute
<=*3
Ni@Mb
kV5e
$QQ^
[Cvx
GV(b
FBl;
Rx}m
Equals
U]M+
Ezo{
p1=&
:X3
aRZj_
?ssw
U*tR
<Module>
!i^dF
-gGw
CX6v
!*P{u
j1Xv%
Vakb
UH	C
Bfv
:b+o
5D.u}
CMH*=
9Js^za
($7`
HzTCZ'
c~o
tK!8
OA+X
`(cf
G0
H[
1q8K
nN&-
jN"[.
&	;@
oU<
Ya;U
TQ'{
qZpe
*.[.i
c?VC
[=E"
z|nk
D"Y:0
+Pt[
JvtM
UInt32
Vyp2
=PW_'P
V_F*;
yQ:F
=<#t
2!rS&X
i4:y
|zw
^dvD
me0i{
H(
v
;5;^
!TZF
m`$S
EM>
VU}/
;;;t
M?k(
`IVD
oinJ
fx[B
[3T8q`
a>>U
:8iU
]`A{
[)Hop
~(v!b
MA	O
{6UA
KF	e
Ww.
System.Drawing.Bitmap
#}HA
GFl,
|qLf
sg>:
Dm}Q0)J
g-hlQ
C1ik
Q>?>
Vf\'
-=k:'yz
v\W
]09V
~<[f
C4~e
t<hg
VJ`y
\QC]
?NL;
_P(adM
VL]'
`dLL
!Oen
p`q-
Fh`
&r`h
3F>c
{)
paJ
BD}^+
YA@J
B+I
s
#x	#
tvvA
FAbu
O6(
.p.G4
1iWI
zzu|
7k@R
nA!)
!}1L
B74L
f3uW
+&sd
m/Iw
uP[*Ca
%@E+
3na>k
8XwH
%;h
X]Gv_c
)o~W
Bb	rV
U:n$
j)|*
1-WE
mI]`
_(]S
ToInteger
!H%,x%
~'!]t
Yd0=
tSMr<
T;N
qUg#0"
-y(Qc
!=-I'z
FQ	!?
4Q?vr
xmy:
ypt6
Wcytd
0\}v7
Ap3Z
mR}c
W\lS
'ij,
#wP\
7q9o
Yu9
"j;Jh
F_>$#
PtDp
iKZu
Z]a=
rx
b
mD8c
!+F@
s&WB
Fo/:@=
:Z/'
r~<s
EiL3)&8O
^
$g
zY13
_zP-
Llz*i
Vz3ue
zV9=
$tz_
{CBJ)w
F2KT
Microsoft.VisualBasic.Devices
9@*Q
o+~u
=d/^
A2O
W\~A
+=<s_f
#iEL@<,
2F!UR
N@pF

'"=M
'L4}
$e3Kz
eY4
Encoding
*N;-
:	!N
T fXE\q
aP%f_
r#.n`
ffR`
4T7x
}nt
S(@)
#Y=u
D=4F
nP&D
#z/m5
C9G%^
WZHF
R@YJ
p'?N
V)`
G_#r
=G`\
JfPe
&L"A
v$Q
K[Jx
Izv"@
(dJM
0n?OQ
d?u8
m)^b
U_3$=
_O#jg
fe+
rq\)X
o[WK
BLJjd
E:&
lMB)
,+$vJ
ZS}Va
x O+
%a=j
nEg7
fpEnhL
e)yd
(5J0
c1Lfb&
/vn#
|~%H
;OA| &
DF.(
ziHE0
zFvX
S[Do{Yj
=l|
)!FU
;'R?
ddFk
TF]HY
.}PN
6-V#
jc+(
tfFwr
Cc:>M
0+_
ipW,O
^;|{L
2%ub
b(^J$
i/"z
MjX69}}
uJ)p\?
\gGv
}4Q%
Y<W+
iVtz
1LVK
}6op
4(Jt
E8u@
m_ThreadStaticValue
Y}JK
Q)$@
q`F%
'Qn?
bYlH
Agk1
;mN_*f
5V2w
$ajj
pNoQ
M+V;PN
$5Q,
9"QK
Activator
enY_
1G@7
QO*g
*(i?'
W^3X;
yEd}E
sSQult
zF->
UkD~&
y3k6:
973'RG]
JSe
Ge~(
kRIs
qg|{=
.z}z	.Q
B[5N
Ycnt
R@os$
;p_!*
H~x[
@<:2d
Cay
uJFm
IFOy`
[({g5(
?hl
@t3s
c?(5tf
nc$$
7dZS
I5T
$$Y
LP``}
,b"Hg=1
Fyc~
YicL
(%q$J
<<RrO
`^c@
MyProject
A&9
"P+bjR'
m>;
bq-8e>
'm;clkJ5
]Xl:
t-~9
fHsa&
l\V;
~DwZR
^Y"&
S*T
!NbCf
w
#&
i\)M
J?B@
w.uT
hmFz
AOSaf
mkrV
Q_Z,
Z^ka
"
{#U
x
\
wmF
~{Iqu
Q0w@
,VW+l%
_+/#
R]:W5
qIRxD
4`Q5L
4k(o
q;}j
G[@nX
F.~
0J^e
osvF
WXo{
csvN.
E7{s@
{JU6
{?Qx[
<Ot+
{MgM;
m_zq
{;Y5
ThreadSafeObjectProvider`1
Az|
6
c	'y
Ypta
l;6N
[##L
Olip
`1^-r2
O{
)
1e?
}_S#
GeneratedCodeAttribute
y\CC
4R%BC
79`L
fW+t{\MO
@$2.-]
jJG\
XorObject
.1~%
Uu"
UXPx
M|
^
1o%!
vb{L
30!3n &L.
mt8|
.5K
Hd(}
z
BYlH
N"3
|zB^
!o{}
$;7@!
*84?3
{VTM
yOo`
ljv
A
w^m8
n5!"
am&s
\:AQ
jL{j
Yj?W
b]p~
F_bMWN
7v
J'
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-01-21 01:25:03 2018-01-21 01:27:58 175

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-01-21 01:25:03 2018-01-21 01:27:58 175

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\87844.exe.config
C:\Users\Seven01\AppData\Local\Temp\87844.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\87844.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Users\Seven01\AppData\Local\Temp\87844.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\87844.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\87844.resources\87844.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\87844.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\87844.resources\87844.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\87844.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\87844.resources\87844.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\87844.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\87844.resources\87844.resources.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2352.13275234
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2352.13275234
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2352.13275281

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\87844.exe.config
C:\Users\Seven01\AppData\Local\Temp\87844.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll

Write Files

Nothing to display

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2352.13275234
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2352.13275234
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2352.13275281

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\87844.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7673127a\5fd09545
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f649f10\7d858111
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|87844.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|87844.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|87844.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7f649f10\c2e2027
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\87844.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetACP
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.UnmapViewOfFile
kernel32.dll.CloseHandle
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipCreateBitmapFromScan0
gdiplus.dll.GdipGetImagePixelFormat
gdiplus.dll.GdipGetImageGraphicsContext
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
kernel32.dll.GetModuleHandleW
user32.dll.GetClassInfoW
user32.dll.RegisterClassW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
user32.dll.CreateWindowExW
user32.dll.DefWindowProcW
user32.dll.GetSysColor
gdiplus.dll.GdipGraphicsClear
gdiplus.dll.GdipDrawImageRectI
gdiplus.dll.GdipDeleteGraphics
gdiplus.dll.GdipBitmapGetPixel
gdiplus.dll.GdipDisposeImage
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
ole32.dll.CoCreateGuid
kernel32.dll.GetProcAddress
kernel32.dll.LoadLibraryA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
kernel32.dll.ResumeThread
psapi.dll.EnumProcesses
kernel32.dll.TerminateProcess
ole32.dll.CoWaitForMultipleHandles
kernel32.dll.DeleteAtom
user32.dll.IsWindow
user32.dll.SetWindowLongW
user32.dll.SetClassLongW
user32.dll.DestroyWindow
user32.dll.PostMessageW
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\87844.exe"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04b_64 Seven04b_64 VirtualBox 2018-01-21 01:25:03 2018-01-21 01:27:58 175

1 HTTP Request(s) detected

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • Hostname: www.download.windowsupdate.com
  • IP Address: 2.228.46.112
  • Port: 80
  • Count: 1

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86400
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

#infosec #automation

TheSystem Itself @ 2018-01-21 01:33:27

Detected family: #Razy

TheSystem Itself @ 2018-01-21 01:38:02