MalScore
100/100
MalFamily
Malicious

chisom.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 17/68 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 512.00 KB (524288 bytes)
Compile time: 2017-05-08 05:07:13
MD5: 92572f8b89b391abb79a7ae51644cee9
SHA1: fbfa806ff32d986d28e0f9e9128e15f5a94c04d1
SHA256: c348ed6d73383ae525d92d1791bfcad93a1c23dbc5020d510790a8d83db4c92d
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 "0EX?Mm .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-02-15 11:45:03
Last submission: 2018-02-15 11:45:03
Filename detected: - chisom.exe (1)
URL file hosting
hXXp://prosciuttiamo.it/ice/chisom.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-02-15 05:41:10 [17/68] VirusTotal
PE Sections 4 suspicious
Name VAddress VSize Size MD5 SHA1
"0EX?Mm 0x2000 0xdc30 56832 e478d3c675d196516b13afcb3c9b5120 d2d98fdc3f40d576a4430771ff3eca0270cac7c1
.text 0x10000 0x3dd38 253440 f04b1cf2162b4c0914ccc259d37dd353 051542b98f43c6a5fcf03be70d13b0fc4872519c
.rsrc 0x4e000 0x33a40 211968 a74f52ccf5f7484253416ff759a57878 e92dfbbfe13b374c58d7e0b74b12ed6cfb5bbd61
.reloc 0x82000 0xc 512 4e4a67c1ffad72c688ad19cfcdc4fd13 d14eeb3fb7574ba336983085b070684b350f4b1d
0x84000 0x10 512 da8c3884b98792b6bef8967fcff539d0 68e0303f596b209249acb6097527889af6738d8b
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x4e130 209740 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x8147c 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x81490 960 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x81850 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017 Duke Energy Corp
Assembly Version: 0.0.0.0
InternalName: chisom.exe
FileVersion: 6.8.19.2
CompanyName: Duke Energy Corp
Comments: ibadaqayubowigar
ProductName: cobas TaqScreen West Nile Virus Test
ProductVersion: 6.8.19.2
FileDescription: cobas TaqScreen West Nile Virus Test
Translation: 0x0000 0x04b0
OriginalFilename: chisom.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
6.8.19.2
URL(s)
No URL found 
d68b2f7f-79b8-9338
d68b2f7f-79b8-9329
d68b2f7f-79b8-9328
d68b2f7f-79b8-9327
d68b2f7f-79b8-9326
d68b2f7f-79b8-9325
d68b2f7f-79b8-9324
d68b2f7f-79b8-9323
d68b2f7f-79b8-9322
d68b2f7f-79b8-9321
d68b2f7f-79b8-9320
Comments
ProductVersion
FileVersion
cobas TaqScreen West Nile Virus Test
InternalName
0a2e4131-7be5-70
2017 Duke Energy Corp
Assembly Version
d68b2f7f-79b8-9311
Copyright
0.0.0.0
VS_VERSION_INFO
Translation
OriginalFilename
StringFileInfo
d68b2f7f-79b8-9341
d68b2f7f-79b8-9340
d68b2f7f-79b8-9343
"!%$'&.-/-2154647484
d68b2f7f-79b8-9345
d68b2f7f-79b8-9344
d68b2f7f-79b8-9316
d68b2f7f-79b8-9317
d68b2f7f-79b8-9314
d68b2f7f-79b8-9315
d68b2f7f-79b8-9312
d68b2f7f-79b8-9313
d68b2f7f-79b8-9310
%q^
d68b2f7f-79b8-9330
d68b2f7f-79b8-9331
d68b2f7f-79b8-9332
d68b2f7f-79b8-9333
d68b2f7f-79b8-9334
d68b2f7f-79b8-9335
d68b2f7f-79b8-9318
d68b2f7f-79b8-9319
000004b0
d68b2f7f-79b8-938
d68b2f7f-79b8-9336
FileDescription
d68b2f7f-79b8-934
d68b2f7f-79b8-935
d68b2f7f-79b8-936
d68b2f7f-79b8-9337
d68b2f7f-79b8-930
d68b2f7f-79b8-931
d68b2f7f-79b8-932
d68b2f7f-79b8-933
LegalCopyright
chisom.exe
d68b2f7f-79b8-9339
d68b2f7f-79b8-9342
VarFileInfo
CompanyName
6.8.19.2
ProductName
Duke Energy Corp
d68b2f7f-79b8-937
ibadaqayubowigar
d68b2f7f-79b8-939
=a)
d
G	2\:<
Zmde
92|i
3fUw<<
3MBt
TVZf
j<oVbO$f3hDV"YY=wSe_i"kC!
3){YZ10%lP6c*L>l[/OYpu8E&
p<Z4jRE\HHra^@yL+]"s@q6W&
4%upx
,36nd|
3DJW)xEj:
kO-
M'zu
Int32
FViL
5>!oG!B-'oi%<vv{>//XC:I&,
=D\b
U1h
QdVps9qE
ObjectHandle
crWM*Agt:|qEEf9qTp}~pksB"
#pnC
=S_
SVJ%
WSI#y
dDmd
p!D}
>%"_d@1o\wWDUxL>a )4:t#1!
{Ot(
frrS
I3Q,B
C~/YS
[]xV
4<g
1~w\
1Vx+
ResolveEventHandler
l#{j]
MWTZ"+
get_Height
,'}+
c`G^
Tl_0
q}vf|%57)^_S$V[n89T4GN,I%
fyrZc
tr-l
(,A-
e`vw
*zy
~Vri:6r}*kPpU\`L1yisv~:`"
wDi
cM8X6`
jG'J
LC_]
q:
;
nYuP4
5nk]
x^7
n*aPI
pH@oh
|U*
1
i]
gQ.<
|rv(
rtLZh
+	L
]h`Z)
Zu
RylM
YD|`
~b~^3
@#f
Version
!^ B*w
G*
9\{F
E89T
EbRt
tKUh
)c_5H
`AIe
Ku>`
pDhjm
X
(+
\4pP#9Ym>7CKq[?UO'edXI;f%
Gtj.
U\Y>&
sxKW
fYv
QAP5
set_EnabledCalc
dbs(B!HQw[<x6<oPFe&T#;? "
L`pF
jkc)
in,M9v
..
ST/
m(	u
WDri
~)D_|
.g6}{W
AOfI
PNG
1Gc
\Oo.}H
^'GE
`&vKyI?yq5%K?bRf5>o~pGB6%
&&{ rU
ControlStyles
v1;[
XnVs
Marshal
yny8
pR#I
-yiO
H?v{q
20:'
hWc*
Bm8d
(	`t
IwA
fcO"
KS!dh
v+;
bY[_r
S7MY
Le*
{(f{
|U9c
<"yv*
7u
[%6D
FIHO
G&ye
WneC
cV W
op_Explicit
RuntimeFieldHandle
WJsp
&H'
h&>)H
L~+e
U_
}IDAThC
,${Bw~
ec_6
hc03nY
VW8K
VV	U)
BJ@6
V[!
@jtwJwK
cN<|
*Up'|
?T#j
GoZ)
AoRn
2*6)a
Y
=<D
/dv6<
;|=)3Vg
+5ii
ZXJX*V
"38a
}p6`NVO%
ZXJX*J
EndInvoke
{|o4_
<XZg
'01D
wW:{
e/GC#
S,X0-
#G
	r0
>-/yf
qJiP
(5V%<0B0 Y1UGSU7k&6<EcCx&
QMDu
x;cG
W`R}
Jj=F%
j|;(/x
x;!b/
L}8DAR
J/d.y,
WHD|<)CD17/)Hxep:x~_*tY0'
eyb7O
P\b":"
"
>4
n-ss
y^y]h
*!U2k
,qdEw|
x!A"oy
Point
?Y}Gi
4~SEx
U
TP2
8Wi
ZT8Q
g%oc/jbkIsg1To/4,'isprM\!
0SVM
,BD:
dShE
set_Alignment
!F/8
AssemblyCompanyAttribute
83VM.
u#T %,S7rM+<T7{/oHH*0/7`#
O4$>@!
PyG,c
E[Ta$=Wod
+{FR
L
Ye
yiOdr
zUiP
@WXzD0J<&s87vAs!ViLDh_P *
NO/%
6Id?V
!"w?g^\
yem|
k{[t
Xg r
8v<C
SFg<
IH'ik
eY&ZW<w
Enumerable
LhzS'
g-V!
`\Y,S0
7&
&,
|*Wg
a|x-
D7t*
5l_PG
Xx!\
KPUJaTK)^aG,PJ87vQWdEo`O"
*8~RI
$Duwi/>q
p>%]
bH>y}
xbqQ
+d;J$P
X[JF
9MUm
A<cw
@Fmt
get_CurrentDomain
y-)0f
8deF
cit[}BY=B=y$rJ|^wECY>2#C#
F E,
"+OuK
sAY\
mrq
(
J7x#
[5q$hh
(k
m
@sNr
~0*&
`O 4c
T"E~W
}*pv
bx{Vfg
Z_
,k^0
084n
'n;9A
dcK"
j'+q
+EuM2
&VTu
N1)r0
AssemblyTrademarkAttribute
V,NXB
]17T0
0rD>N1
|P>T
['|v
}s8
MqHl9
A:[d
/
juEHc
}/Mf
g%@:
O/QD00
zh.JN
|x4+??
^i3N
?5sa]
<o-I
HbQ/l
9[jV
26i'L
<Sw+=>0[BY}_> JGS$Qk6#QS"
!.{;7
p o;
72b
ZD+S
ebWY
Y1c3
9-},4
get_TabPages
A`c?
OC;}u
xV2Ih
#Blob
Control
TA*1
ty8z
GetFunctionPointerForDelegate
<1AD
s!8{Tt
0GL,0LgyM5xZ>hh8+c-*9^'s%
-(i~sT
7.9?
g	u2
SQpB"
M'!S,
p~~no
f.hM
<uCQ
&`aA
8}6^
&5m|;3;R
^
}i
>(r
|\O
b-1.tG
4A2)
id(s
K	wx
umk
<*P
BindingFlags
?H\[
I[uC
wBENd1tZ~BcGILC`cR!#% DP'
Type
%IHI*
a'JS
LeKEp
:^|%
$ +X
m-
<
dy_ #pj;h
}x5f
9/.
IEnumerable
UZra
]z '
XQ5Q
bJ3'/2]P
r-]m
AbE"G
>+UC
C*8;g
;b>/
#	0	@	G	S	b	o
\G+
45Bm
X:|m7?O"?u` +zD(I(BOQLVe$
dZXo
rT.
\
)!(yc
;lj"F54`Ai*7:<a["y=~w3E]-
RS Hg
Cursor
KPKW
'n[N
Z 6X8
z4
ZX
zp_
uKJd
-Ytyf1>V=;%7ld{AF#w-[p6L)
z>'7F;VK\d|M#C^;G=JtoTD #
$fLU
?
|{
;Emr
m|)9|`
&N#w#q
6?N
Char
Z&P]l~
g:lu
(B*v
TvD|
oKc~
g}qm?
hhJks
A	Dq
T5R%B
"{s
L5uGsEe
O@CA
@n@9|
8rS^
x=?
GetValue
lFBg
F{b!X@jmqHJQmy!`Y sl++8s&
$jX.
Tnmt3
=ci!
{cc!
^SY1r\
;
)2J
%{N-s"
)J%}
get_X
j(Yap
!?w
\3E|
%$fx
vLxx
;`B|
IzX!Y
~IDAThC
!r/c
Q6sf
6F\
wO<'
[&+q
VirtualProtectEx
Lm=KW?_}8w}MzMs N*Mm%mMw#
(.>G)
~/>3
{iGh
get_FullyQualifiedName
=<<<<<<<<<<<<<<<
=7f1
Y]jGF?
pf/}swM
<i
F
A<qv!>x@{=_J;M|UX6'"PSG4
N-hc
P)&5m$^ 2&"*IY/I7DEhhqVc&
ca80
fS=K
@8!o,"r<sU1E6^:1i8>M3T)1%
T:t!
pXV6
/"j(
58@-Xv
Ui@
z6b`
=x@
|A6x-
XaD?FNiN6jEErXa)',~4K5+z)
K/c<u"
[fM)7l
#Q/UgGU!?8
[v>Q)
>fx1}
$3Jln[mlaF1a1\<iN6hcrvxB"
$p;f
]$!\
1]X
HN.9
u2k{
do$4
=-b3Z*7>iW(\'<EqWi(/Ezg_"
*sBM'
ewKxS
K8AR
)LFg
|5Sx
,iI
}
q]s!
lQ{iWh~+}gep``EQB%eT\=_X
\}dZ
Pz}x
}q+6
PF`Z
P8<q
dqjn
.text
xR*
].!8
%$Kx2
GetString
k>`T
:Xt["
I<m|
kivs
VsiZ
J?Q2dV
={.(
xt~OA$biE
E[B=]+
-'Wam
fbVK0o
Nst
\AwC
KLnA
r"a,k
tD1o
]vyK
];4E?
~g,=Txs
Rs]x
object
l[4P&JN(5z*dy8f5#o)!fII %
C"G*
]Udm
G43e
Q?n37D
~FBE
E
W{
!]yW
h%""r}DNP(a::X+_i`mF(R-f
iq/
;o^~
y"WJ,
d|ag]
rf,X
wbQ!
%NECJmH
},i>
_TK
Z1{w|GR
[YuY
I>=%G
4;5v
}w0-
E*qa
h\{:E
X\)E
B>`LW0A
1RO
1rtH*"
rQrj<
`!*y
u!vE'
<2Mu
'|8d
&yyA
3L&vnl B%f?Zg=L2 cwLQm*A%
HDyuVA
oqFAYC
'wM<
F
,
&n)IV?G^Uq'zA7eeM{1Q'^DM#
Ul%M
+}Ml
:O[
;$GwwH
NFK
"N|zO
\cb
3dPE
]^*3H
o	
IMiY
(T1,3
get_HasValue
D20k
z
0}
caA{
Zx:R
`ZeS
5{
P
vQD+
{|
A
GetElementType
lf8_
:o9i
(z
!
aj	D
|zm.2
n	?o
FB
V0xu89@&rAm"XFGKXKgzaF1x"
JtuJG3Bl{x"EahlS4|bvX3K&&
rD!P
v+A^
+`B
?!u^
y"LH{
JuUc
rOA:U
M
;k
GSN
TrOz
4);@
nyeY
axcREv
`.rsrc
rQ*T
gUwr
1l,C
_,]P
Id/
!|<
Xe!
jVwV
q|M
H	0[
<\Hg,C
wd.
PhEn
X
Dl
b-C
Y2]>b11
kernel32.dll
Qx4aK
result
"Eefw++Nr*Hz#T~%ci })&F3!
Pf(#
B}b
g[ ,h
a(">f33
+w#YTW
}ESk
dh a
Zkf|
|b`zM)
=4m
m2YIr
UM2hn
1N6a[/X"VC,1}A2^h>L6ET1(%
\wIN
ERM7
$l]x
XJ\g
+@m
JW'VS
E!~i
p6%3
?~|p!
)CR&M|aT'>^FZKp)GAla6&y<
Ppe]
Z*\	1
gBwC:
^J_qr
Q-'w
'H7L$
o)DzJ$
[rOXTq
`-|7<
n~rsL
jbB$s2DcxQW"?ylRf>kF##aR!
r]cR
b`
!
B6^z
Jb+W
oix\
W _K
MgC-
j%a7
}~\u
<	t(
nZOjZ
;^>t
Io<N
:7Jj
@".H
*H]H
{A!$Lu;APMOn}y[bd*+rXW'C!
3s
fu/
=n$EI
`mh]b6t(H
J
{-z
;"me
!K,:
Hhdt
zina+YwLa(MF*OFRqjU 7mv'!
lz"I2pG,I|]@38:+4w]?7hdX
u+:e
MouseEventArgs
U^n:
|#Jp
:"+Ko24
m'X+S
uMsD(a/-E}jTdf<_3#':vV!I
Yv4d
kt(E
ef-C
,sPN
v~l
4dP
kt(H
_'eO
}-vm!
A1Nh
t?|]P
|XOB
|-Bj
{+9(T
6T|\(%gxxX?r7!g}{+jsOW%>
jkcO
S_\r
+K)heA/
W?DE
!Bj]r>o(QK~0Bc#,A{`Ig^V?&
_pAn`
1.xl
+XBY
} =EK
Is_U?;XqZy5~9[M85\a!:eTi&
a7u#\fY#
tYK]f
(
Wck]
L|n#
NkBdf
'RU
?
<Q",
sender
c@
j[}P
\U8G.A
SmYO
LRa
#zf''u
cmEv
qog="
h^P2U
=XH&
&+]H
}HRt>
.EB
-BF$
EF=bK
qi\J
XJX*V
=<O-f
9!)?lF!L1|(?=PmX4Vy*kYhM'
#sRs<I|
r;M<N
Write
Nx0A-
SYR@
Sc0/i
OnMouseMove
W%Tj/A`
%J3T
.a8t
G
87
5_j%
tK/a9
+	c
Nq0"pz
get_Assembly
L
H!F
m#Q^
4'`c
E.7E3
GDt%
">%
jk}x
"R,[JW9
~gM
C%`*
W[56
d\>"}
i(o
\
:zG7
&K`18B}jdW+&2F&I$BKY+7-6
kJh73z@'d{;/TaA #/c{ZfEi
;g10y1j
#=qo
8_y^
A#R{HL
;35L
}HmA
{5/x
0wbN
N5Q~
PpI@
DzI"N
k\W`
Invoke
B=uHo
.%-u
^H]/vN
System.IO
oC8U
WrapNonExceptionThrows
E4J
Z
b1=Di :*9oBtf$L0zFVE}994-
8 Rr
>3ACs&)K!}'}@?R^HzmI:v@F#
W'
3
"~XOO
?-?P
p($-Y;
@3_ss
9Ed:mp
aGHYX
.(wDK
Console
wH1#
bl?WO{Tb2n=]eVdWq<%<9]b $
QCWY
zG2U
AY{r
k-2qnA	f51
K	1
2;'
+
-
V&c
zC'>
_^ps
MM;U
*'1u
AsO]fyxCJ3v+7imyES?$Bj)b#
V\)\Mw5
2|-A
a	#b
IHPtYbtkkC#'7,<10w3T7=>e!
5F$&
iMDj
K=(KR
XX$S
t'A0
-"@d
6^-~
sRMr
op>k
E|&s
lq1
q
k5
(
HXQ%{
Ef\Vqs
2H=VR
EGRXb
G-;=
MSQ)t
9] 4
TWOO
4:@ip
8.1d
\Q%
l-	Opz
IHDR
${zk
s1R+i
System.Security
L1Ey
p0RCC
\rlF
C$MM`
Ev_W
M)"knDL/PZE:7;F,*Qp9J(TK'
Omq
;.N'@
uM0
n3K5
QTV
1-!?
r-j2
D%m'YH
4}'&
H8g~
$}2
X%fP
9Q''
w(6\,\
]E?%
7BL"GJ]!
8,yu
sZApiu
4-Uv[c
s%I0
#5W?b
="I`
Ae<'
g
C,1HChAT^d
@$J2R
&Su
System
EventArgs
6~fA
yBB(uU1
#R8I
HE1o
G(XS
H(/\l'KfY/Z/+}G[fIg7e?^B$
:O8H
?]27'
$:ne
p	>
.T2W
C,7wT
pDs]kZ
11#y
8<{b
';}t
\	d'
z8F"P
]6n]
k)|7
C-[*h
"+[QQ?
h.Ne
/F ]Y
k~BVu*H53T}:H]N!7vq`WQ_#"
CreateInstance
]HAzez\.
E3	=
0je(
%YyE
S3=}cc
>usc}
:5[#
k"Qh
RnZj
MethodBase
#Strings
-V$!
KSuN
_OQ^
VnA&AN
System.Collections
c+Q;s7j
ZXM(!
#*Z
~>ScU
;m$
tAx
Z "BZ
Q:"zc|Q
Lv8]
sX$D
u+M@
<]^l7(&38
l^ZC
1Xc(
3g\6
%s;#sp!psSd^k_lQ*H-U=QyQ
f[-
Environment
get_EnabledCalc
(q4Q"7
rlEN>
&b#T9"w8Q
VirtualProtect
?^g
+@P`
hSs>,
)(j_
%{~!
0 BV
Yq@h
Q#F+5
2;LL
/m;XQC>E2r/q>@~D/H7ZH!:z!
ji,jF
(Fu2"v}89P/9ja%(Bv6f)3*y$
P]jf5I5ihhF7BB0wd#o% y$N%
?Bg)y
4dmhxJZ_(
Aiw%
get_EntryPoint
27OGr
L}E.
jzc
jc5G"
VN%B
5qjb
~2(+w$I7rQ2F\[3jGEm"'#nB'
BzJI
z7ijo
#$GdY4
BMcGW
d{25
D,p
/
~h
9(JW
kz}8J
Ry8eW
Vvp^
=F0
P	v0
<r$AL
MEy?
57p0R`uwfm:K1{L2-Cakg5A;,
2J;W
GetType
rEU$
.?2/y
b-;+Y~0V
9hhU
k	3V
K6#la
add_AssemblyResolve
u,ym	XH
(:J9z3
IDAThC
k6_
;<Fe
SAX^j
iM
'|~|
f?\},
Ar'
set_OverIndex
iY1/
8m!}lq
vwM
m`qg
I}Ztp&
)0Po+
RiM}g6F:
h G%)1HwJ}UfVGN9k2ZFQg/h#
6+Q;
]>[A
i
=~
$@o-
OzLv
tHwww#-)
#K?J(k
rF(~99
8;@g<
Ok_'u
CPNwRV
a'XR}
gq\B
TabControl
P=:;=
Sm8*
)Qbe
g)F9
?1mE~.
.u7J
Vw9c0
4'-6oE
?cfx
_cBc-
2XSr
)lBb
w0d'
TbCxI
p}96w<nW|-$Ied8 aOIT$\f)(
3FO(
}Nv
r*Z+
B#iw
]V](1
\8E|
3*(j
R<)_
Color
$EX,I/LR
aUr7Q17Gv;cd%-\2~sg2>%Md"
=SH\JZ
x 8+]Mwedr\2Ow|XDVhYh>c[%
Intern
%(L\
AbY\
LQ4%
y 66Zu
set_BackColor
" ~e`
|9) GJ
2ASYg.
_ =K3
@)Yh
PRJHj
XyEafi
pp4<K
s/
,TEP$
>4Te
get_UTF8
7[d
/.<-
get_Width
E{6!
(\KE
~2j
Oaj1
.6N\
Kd!k@
ZX	{`
D#`=R\
QvQ.
$9$$
{#TVY
8$Q(
2t0YZ
zcM
P
get_Revision
=CF3
v3T
XoFY0
}1z8AB/;g=)OensBiA7CK+i{,
qd,qXKCB85wg_\Z-5+vE'}&\$
mSFAlQWOZFik5[t/xGDJ7G9b"
n2uP&
4LSe
;o;.
dW-4h
P_//
3|9
#o&1T
z^N'
E1UWQW%rlZ=59}F4(!YjOHl9$
pOPhwQ
'	aL
(91O
|ICF
);w._
LF$}&D<ZD3j(!|"RERgNf,|}#
n{j/.
q=K06
v%sS
'{\!EL
6|0di
iA,gH~!tuwbD?ngVdVm=G4K~!
Vo*)>
WvZ$
GD^-
r5,T7ne
tsGiqMe~;
?&~0
rMP^
@T_8K
ZhW~
ZH/U"
BDoz
"$:v
Y9(8D
@Al}*k\>pDl?CY/V"s,jp<6x#
b7M,
gQ8l
ZicU}!
$:I<
/,1>7s
;@9(4we
+P?;QP
8rM-
{P&*
!@Z~
1%qS ,
a	_T
DcO	=
eF4[+
]	\pS
T=4P
??*r
:SHt*
pjfi
BHo"H<UEg\%"9WyS'kKKXB:}/
System.Core
:BX%,
i7}Uf{RH
T%cB
^<\{
_-!U
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
o	dy
~C]<5L
+G/;
b4a
BZL;
%(e
B\&r
izLO
Delegate
>LfjN
XF1
]UP[
|[%$t
ddVh(D
QU`m
!Lyd<k
BsHh
]_.M
m2,TN
%'(*F
vj8=#
CG0x
zy%)M
2zeS
]db8k
g`a(
$jB
,6Gb
f!iK
;Fma
X
+4(+
m>S/
e)
rT
-6n4
Y~/]
#&E&^D
R
%4
{jjx
5Z$
t6PZ:
ZKdt;z
ES|?
zMJx
ModuleHandle
&|; e
,mI[>Iym
R'!B
(-z8|W
pe$+Gx
m,Z3
W~NS
M8kM
gdo|
{IDAThC
z&cD
M(
(+V[&QI{prcQ|&n9^x9@FhwR!
q
fEu
:n	@l
<N2$
#Sf7@D\+D9
DrnD
NuA-
Zr
@
zczmy'Q-
:krS
@3x_O=gmw(O'5 L2n'|,pzA>!
tt$k~
8%]bGKu4o\C^Pjx8r7i:YI_&"
>v>B
?Ra-oWci~UND$\kZjDzyw\=)$
i]/&)8'iWmZbL_JO|1|/M`TL$
{{G\
GFAb
mAMO
o
wXe
6aR
X!@Q
xEdA6
set_DoubleBuffered
&q{O
ewZl
RNR
get_Length
FQ-Kjd1|Qjk;}S*bp$Cgxfy;!
(vjA#
V4iL
s3Y[
ed!C/S
:w?6
PI3|
'e(GS80
fs#qe
D}K4
mmeHy"-endS }3Dt'3d-UUI\%
ampn
Priu
S=N;
Rh20n$
GN-=u
i}Gl8
?{MxnhBw
mbwx;A
P=((
<0@fe
f!2I
*J},gR
Contains
2/zz
_Qj
h^.C
Hvp
0
}5LO
IEvidenceFactory
teOm_
*x/i
9RBrJN
J9^\@Qx5>
d2eyHIu~[sV#PbEp(qqPjPHe%
GksA
d|PF
Z.VW
P{$/#wa9
}L"a
ValueType
PJ.(
_F&&~
_~6&~DsM
GuidAttribute
B5}`
\Q
q
}="or%~
K`WN
AMlMo
?U[V2M/+<;IS0V^9SRY &'oo(
I\e+
i):ry
\IqI
f\/'
JAQ@
EEa:
[Jk/
sNLeg_@E`<"=3[*qW) _v;[7"
z3<6(
tDp9Ia
t@}r
5'Jjn
z-&H4u$$
"h@0
&z;y
>1Z#
B;:eVR^%Nwt:x+^D2\ew@MO`"
get_Count
u*H]
6U?0
i\hsNIJtDTTbv[Pf6A*G&zwu#
;,	Ld
}=eOY-8+
yU,\T
'fBd
fe
System.Runtime.Remoting
gIoew
U"XF
}e{(Z
Klo0N
LB(*hB(:1UlXY-,)/{%!fQNH!
GR[G
V]

Q48Bs
|?&.
a.UT~
{PRAbz
A`N0
sucnV
$ASG(|Kc{y#CkoyxMpGGp~mc!
z-C_
p%L0X
7gox
GetField
T"Pr"`<CW
edqc
kR:dw+Dn2|dmKCb07B-P1fg^$
6*g7
^cb<
EkN3
($80
|7'#+
!;a6L+gxF
}MKo]z*F/?t2mu/Rj2I^oF3d!
T5=s\
"aT"FmF30D1TH"qW7Q9IgbXJ!
I	g+
qV+iR=(Djrj`,7_E'?\E02|e"
rLHt4A.e
YwU.lH]yz+
$"L[DvJ=)poH;;=mmgq0FZ({!
g8	*
74Ce
?w*TJ
8]_rl<y0
sX^"7
'c2<.
Sg`Z
3UZO
P]Kk
e( Al
O'eLPVW!|hL6bj5S)HBbTbUs
MT|
59u&
R*}2%
UInt32
4<A<7$JJ8$Y'O&1hY7r6:fb&!
LMwN;
EoJ;
n\a&
-=:i
bk8&
get_Version
}1k;8O8m/MY6yPIu@PBj/[iJ%
U~)6
HLIU
uRU+}
ToString
5&H8
w[Di
y[t0
>M\Ad
#(_T(;n
8'<Q
<*F
)
fRrN
f(Y
(6/f
<48P7SB
M?U!V
7q9?k
X
2|z?
%e6D
Q%U_
xr&S
g0%p
=R&T
skK0=
2Nrd
NV]o
ServiceBase
]"Bo9
tk#4
~:"6#
G:^]~
*iT-
C/^?
EYBs%e*~$
M]
+p
k*=R
4#FQ
GetTabRect
I}r~
Nb0`
;<MH
qZj9
AA,U
V#g|
rWc{!
L~}hB<
Xlkn
Nq`x9
+L_Y
$)UJ
RW$%z/w
4m4k[
%2 
x
*>]=t< ?L%\M9*mj,DH=R//(*
AppDomain
#`WY8
WX3Y-
AssemblyTitleAttribute
4HvJ
K#X7
Ji
1@d/~
8;\e
A'S~t.
pL O
4Yn=
bd:?
0N57QTVj,Pq|kOg$#ob#b@6-
6!l	o:>V^
vwhb
n#i "
Ru"2
NcU\$I+T"NH: ma@L$g2%#;!+
l+gP
gHo'
a?7A
:GB\
+u9E
6
!2
>
(W
anxd
W
g/
K<:
%dIh
TGSEv!
gyV)
B
!x
qOA:28
t
7L;
	g1
C{eyo0*g#<8jY<Eg8)jK2!_G*
x.m{
3|CD
~AZ_
< 5^
9OO&
eag/
h1'}
RRHl
n
~_~u
lj/K[53x&*3:~$01-'ue5XqmC
JhF"K5q;2(lY$NHSPrSX# Pm!
#^_|
O(*s
2g2>
I#l
rpg=l
X!MF
qH@AX7
/tk
Dsh
[s5Ck>
90MV
F|it;
P	3g
SLlV)&
BBEQ3B
~D6GC
HTG_
I'Zd
wM@g]
DI~c
:, L
1lzk`
Data
'0)v
PJ!(
4DQ54/
;S(O$#
)Y;%
Z)xtt
okC2o
yZ D4B-{>U\rsycK%##;]8Q!
Enabled
9A.9z*
UNo6Jp
ZT'
YV^ax1
vR'9
JgM,
&tVCKtH
7q/Y;
BqaW
mcii
/aBvR
Vou}
,I*%
a9y_R
KCT%q
sT,uP9g<=|Aj+,*BK@rYDdRk"
pHYs
.ctor
j*mRu
8
.2
;?Bh
wp0yB
get_SelectedIndex
n	";
7
tu
q3^v`
}Y#}
get_Message
Container
KP[Nx.
]]*t
)5J;
P,w:0
"-uu
NZ-9L{
SG/I3
^_v
G*
DT<
W`7
t3{~
^Rz{
/,9
q+
Main
/*I d-
"b;OI
.+oxvT7
callback
Go"
Q)0W
*B`S
g~nlb
f<D
ZXJX*
MaiG
580?
Nc..
_DgQS3J4;^8! lWq\uMFx[*t
1R[ X+^
VBR
]?ei
gik8h
I y
>@P+
r'
>m
@}m
<5&,
xC(Vn}C
s
tV
"-Cm
'[r|
<L\t
c0tr:
)>=!s
M*y
vtsLO
]Z%y
pv:'wPs
FCul3
e+p
%/r0
{ss&
h.ft*
@k@PL3~zVt! v1p$&t1z3Xf["
}4sC
BbMK
R	1Ssi
Module
6QjY6^_@D5>X!fxD6-uZ/=R*%
-i&q
o9im
Array
++=1
get_Location
[T@"}
KbF(
pN
C
}zln+
@K,'
usHai+x/A%>BhX0$LcfWy{I$"
j!:
5l)_
$b-qs)OkWEgJ_pR?rrl(4K"~#
`Eu+
@.reloc
PX;Q#H
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
!aPi
HRS0
J.{m
o8ag"_
x)_
}vEM
cg8.
eOFk
T^=E/_
3 D*
(vF^o
GG6
q8(Y
bvK89
:{ZC
j6>Zyl
GmPE,m
5cWA
'#Kq
C8<b
cb uE
TabSizeMode
du"I
Wb|0}
Byte
get_Chars
"S4
PV>U
^#U!T
@K,b
;mv
aYmN
uK~F
.QK$
Iq.r
#]a4
[zA)PX'rDI{^5)R(1#`Tln#t&
Y7<`&DnIm
1~^C
[sZ~
1G90C5)Ns8%&DvP%8Bl)e)U#&
5(0+
D_B$
I}mR;
GpoP
%T1Q
LR}Ba$
;

g
u%ZTD
AgBA
N](qc"xMF,EyE,z/0>J@XwxM!
yJ:7,
:B3QPg
+T
D
pEs,
t0d.
WSV6 EsQ^WL>&WA/sir p86Q$
}E`{j?1d5c2tveqez_B)Mj+H%
~lsm
t_<s
05v&
+kHJ
[@aQ
j9<
J?;y
!2IR
\]d@
z.p9B
#g0w
X+:
BG|l
?j	!
`hQ]
Umf{
p">9
Zo?#a
z'L]
,
neOl
"~()
al/y
WOnG
3,k5Fe
UbG"
Yq[t
zE(c
^wV-
i<QV
mk8Rh
1:-&
REK
9bLww
B
 `
`$j?
lX2ASq
F&<7dK($I+VsZ5}rY1*o/@e8%
wo&@
G&#G
7p4;d
!SJW
0a>q
UWfB
:'./
#L![
j=Sj_
kvEfm
A4hDf
U4a?Qp#m&qzrH|Z[mchYt6y4"
!EVj
96QQ
8nQGe
zrU?F
WZW<l
87[
{
FreeHGlobal
_]}d
iN]Wn
Lwww
nM4
wXg)
Wven
@B'F
zoAy
K-eI
pD.W
Wk'[$Jc%y6/;sE6:R$@`Z\*
pg6V
Za~-zZ
kT>
OrgZ
)(,h
FN^kC%*S{9!LG k4eF,/ <{]"
01!w
K_jC
!2^l<
B5V}
ydl}
lU38
<3K1y
y5Z{
+6O:
*wl{6`O3jQ5o 3d`e7}VKS%C#
L+
f
dW%8"
Nwhf]
no:q
z?GBFY
4%ho
sa{p
;YQ1
h=&=X
RuntimeCompatibilityAttribute
2C>n
EaXXXZv.5
y,AXN5
uZ P
78g;
+R(+
S^oW
~:&3
Assembly
vOtx
;d+^
(>I=
lLa9
LTK
.*F+
.E.|
Aqc}K
]Zk"$
kX)^w"v
7PU
c#/*V
QnhkS
g9Vq\yY6MRaaTtGn2|<R;`:q$
u]Zo
yOwaU
yPUCJ
IA:r
2#]E
,LY
&
HImx03cAG|cc>n2Z:|LFr\SV&
(C$p
^vnu|]
[6n!X
d!K
']*}
$)0)
+LhBqJE
pKq+@ddr2VwMJO78Kbr)e2I(
qr1s
){j/
e/aw/
N_j4JC
BVe@f
yEWL
Invalidate
\)8J
DO"`
`+.N
Ld(rs
Tu9K
8w2e
&@"h
Qz#]
_Q=
&E%[
(
lWf
@p#!
|Pz ^
x,P.
Size
>kmTo
OHY
N wXH|ZWj?=Yif2:WE6U??!T#
URz
p6BS
(Cj^9
NewGuid
cpt7
||jB
^:&E
set_AutoScaleMode
tYf*
0]Fq
/$vt
G9>0
t]q
D80`
_C~J
AC'U
uFUt
cVCy%6iS3X{29z;~,'nZ~e~)%
>sbD$
mGKMs
9Jj0
n._/
E.`zo
b$&1F,
Sq1I
]h,H
qV&K
dYnGST
<u0b
u}0
4f-L
t]4z'#
v(&(
5z~)
9k8
IContainer
.8LC
W-~b^
bg)7
?BwcJ
t
]qR
(wD3P
+08
7
+t)C
N'7\
T9M9
*%
1
v?@JS^rK/2&4;)UzWIGE=ZH?1
Iro^
KQ'Pq
H
Y<jJ
3vi
Bq5xs0TmzWTF!$kf!=1^$CE/'
ze\-(
yo{Z
,b:.
E3t0
c~Xv
UN5
+2Fp
kAph
ISerializable
GP'|
1k/S
9Sc&
sPkO,Q
i0bq
h;h/q6
zyr5y
1Ny5:6?v_D3*O<y0%fIR$%]HG
`Wu`;to
',YAx
Z(1
dN4*J
Q8Vub*
Q(R,
L;-w
eL$;!
g56y+
+\$z
s3e=
Vk!u
hqJ0
T;u
af=|
pc%_
dH4a#1RwHW`,>rE+{,8onoSv$
~?yT
df;b
kLy$
2+
,eB1SE@O>V(?^vG3S2e8J:Ff5
>`1,|7{]CK/=%G?g+Z}NIhj_
sd_~i
5GP
3OOM["
E(V(
get_OverIndex
EuY4{
z"Gc
6TD),<
r%U3
,vAT
;vRcqi
%|CE]6
PK$NL
|
02
7DeO
~Q=E
{3OA
0&$
zCxYb
ljzbr
a%@P
z.#D!
w!-C
n>Ei
wMo+
x2IKsKz
NOQz
nUJ6y)
VDSSG/i
p#Pn
x^0D!
JQfOz#
u+uP
<KWM
wtV+1
Rb:`G
p|9{Z
|~
X
^rf
R0/3
l;[*&
ContainerControl
VR~'
e;zMePe
:??c
HLUq
out@
bK5:Y6ziOMe+l<av\v&J~xhc$
KP75W%c40UgOL(02W{[0rr1y'
<*	~
'Q2EO?I?{G2zmO+T>~-EfJR +
8=XSuw]YW>L5<*CTxd1xVo%5
dq{S>.
W9nP
'ms.
GEY|
afz1m@uqvc-\suJT*7v xi<["
JVj#
|_u=
}/ M
,}%
#A#8
LufT
ReadByte
3P5@32
@`as
Fi[L
W\O_5
lO l2
S5tKr$;
H<B^
F2v9
k+ 2<byTEU}[s"6iRb,x0(`($
E#P<
Ou-n
]/C.
3F1764884A245F1B3FA91DEC2E25339F23787561
-E4[
9C;G
<J9F
G{pY$B
~jH(!a0Ye(n"}L03?=gHWlS+$
&,*A
IComparable
A_$:#
s4
~
0e}C7U
se (%
I&nR
~f"l
?a"@
z{5%e
AllocHGlobal
JKj9+U
MGoN
E7gM%"
6z
o
rU	*|\
M7{X
/uU)C
AssemblyCopyrightAttribute
lW0j
QmB)>"uZ(2BV|73'B]ghmbC}"
?P .Y4
o(98
KOBc
7WX_Z
eandKlkKM
WR>^
lg:|4Xi|S
'!)?g6
U$n{
bWgS
%UVo(nRC6xv*k~?_Ku_qck4d!
N9H:
)p-<(I$
p:dM
P1\#&s
f&Js
JhKf
G:h	xt{{
dm/h0T ;
X~K<;sc8)`M#}78:;2GI='!n$
e=bo,N{
p'M"
w^f^
udwt
];^n
-{A>
Ht*?
Z|e6
|L|Q
wot1L
aG4L~;
5s5y
La~d
Xa`
v<49
u>,qi
#i9ci
*?d|SM
95zV4~L}g`_GFrvMi?L"|tXs$
m%b_lJCAe}0q*hn'3@t~8I8h:
X
K
,o-E
bII\
8ojs
kL7
<U}[
?T^&
bu1R
q`du
f~9,:JI,H<P$ 2zkToQGv>M@%
K:XL
Gm|
dH(_
T40H
*%)7
F^)>
XKrP
Tv9Q
i= xn
jQt
Mn>H
xN
(
Q`4
w/`{jW
w'5
R_J{
_FpP2v
Ge205
F=}'
[`	s,jfs
K6e
5m	a
&zJ}H
"lbO
`d5S
ControlEventArgs
LZ"1&;l
F4Sf
ECerU
dDNc
.W|2BQ
W\'B
7O*
wD{@
r*Pg
(2x	%
{YI
:CM^k
x
JV
set_Enabled
j:iq
Exception
=#p=
_M&X
LwLw
0>rN
]Te#
(@ShO.
[u8uI&73$#(oK_-~!u6}3==,&
Read
$FoS*q
@J]'
+9U4
{Qr>
$CNc
A]0U
G8[`
Vj#'
($
;P
gWn+
d<$%7
gE{?
rbD.K
Q9<_
,C{p
@oV*
Ybk4
?@#9
MEP$
%>T/*/>f<;8V4n1t*XtqB5w$*
get_Value
-^py
C"s&[
Q#CO
I0Gk}
vW.B
J;P}H.8P
L>m:
"P~H
%J$Me
DFf}
?jC
$1f6
m~/Ii
WsV6_
w;p(:
RZly'u	h
~Q13
~ [ wEQ `
3d}p
%JQ
?cAG
_"Z
2YVG
m[yp
Ms]S
[9RO
gAMA
fK8Q
Q/>ds
<cs|d
~*5~FE
dRb1
Utd,,
*wRm>
mmM
~
0
nJ	Dka
"r+*V
AutoScaleMode
/I Y
y>TU
l$0m
rR]5sw
%Ya^
+i hr
MarshalByRefObject
'0/[nIX71H!):}Tg"?u_,#$7%
pS&Lh
:R!
z;uN0B`6vd GT>=1]}>?U\Jn"
=9<
>P=l
j3t}>SIx
E+f9
>K`(2A
.cctor
^:YI
JjcG^ 0
AsyncCallback
\eiC
6IqS
P;`*
im=8d
y4*N
mscorlib
<IN^)
8Xn"x7p3
Alsds
l_i
c#%
wd!8JK
jq
$
_G8
.Qg<z$
9z KD_Y5
y<
Z
P9 >o
x/y])&
ShXL
1$fe"~
Jn#J7
=~'?
@*-B
0}tL
|)K,?
TOi*Z
]3U{
Y{g/
gu6}I4jVzd9,Q@s_Dd}jVu'1!
-X\'lZ
LPK{
/Dzx
d^>W<
5
	D
)kD{
`Un<jW
NbM]
CfLh|W5W1%3JHBrj6?aJ5J$P$
wA^:
11ON/?
%6	
4e+h
mTgp
0y<b
qrY^
Q`H@K
^enD
Guid
B{GV
MFG;=
oz&3
E$B2
}cF+
u*S"
\!vVbm
$)\Q
}oK
9i.{
7jD7
M:4
`km#X*
ZfP2
Flpr
TWil
b{7E{
B euU Y
(bZ9dS
?^g8f
F@.T
P6))
,E>i
si5u
-`gy!C:=1z)-%chm@7-;KBJb
XK
V
CMN?
System.Reflection
YGZ
~|P3
2`wR
'kb3
:.v!
\%3mo\+6l
=	(5
]1_%6F
|BRhc
XADm
RuntimeTypeHandle
TFBy
^BmP
3h4M
y fX7
]XtEP
o|Y>Zc
?o+Q
Go>
u|m
xFHr>
AG
k66
cbP
vwIj
~*]'k
Wk(-
5'G1
Lq+[
l2:X
5[b
i
(; /
:L<?O
8Qp5
[Nlv
GS(
hr6c?)1]TzP_0;V5DB7,J,9a)
aZGf
!Kqc
Xf}
R)gJ"=2W{_N*oq]xLgIRU]G=#
!hF
System.Runtime.CompilerServices
yM{p235UL~E:bYcE>##"2yRi#
vNK/+
K
JDz
yds\K{
a}hv
9W_Dp
@X~]
7OS?
Append
KW1_H
##4g
p}TV
sxB#
(F/s
\0+<4
=4QTXi
Uja|4>i8b,+-WEDh1Iuqo8\l!
System.ServiceProcess
op_Equality
m<(]g8
t&mX
:Y#A+
@W<w
h1~/_A
w:BF
~ktu
l|:|~
}q_
w.pF
'qrJ|
rUG
/eM:F
U0[`q
p}k.
]&`~Ww[
v2u ;
Q*x6}
b_qjo!3Zw!HWG#CL_7"h_9Ld+
Yb#v
'GR6
[I]\ozq07
AssemblyDescriptionAttribute
^djw
6?<gJ3<myS>c: T &ER~j/yt)
#Mg*]{
*;yp
E[\Sk
8sy0
JgKi
&~wm
+;nU
dEO&sd2pQD=2/\p}a2j;L%sX"
7ElC
a4|iV
O>18s
]JIX
*92k
Q@9Z$
MWVv
]Vn%lwvIaI,0wk]L93^9-B(\!
Qop1o
g}'O[6G<i&:rJTa@Dg`hXs?m'
+'@7w
.NS?
<Vw]
UeK`
?yyVu	O6
RPrr=
iFM[
*^ug]
7[n
y8d9z
2Azm
7f2n
/L|
P8`J^
xG>
O>#u
XwID
z!O!
F6sO
ey'Md
<M}"m
c)!k
xadY+
"ZB
zLL~w3
~}P3/lqaV|Es0@6>m~&f82s}
QUC%1
S|O]
,-8U
SPXY[_{2q,741-UkY2Q4x"Wo#
^2Er
`H[M
]8-E
`w$*<
{xnv
6
^]+
f{ P
}*kW
_*<&
=,8T
q)ocQg
=i_{
"g@
=
83X^
w(o)
[tI7^
2w1-c
%y
f_
hGVp*
C6cFK$
nf6>?D2\Vd ![~DTG'Ui3o>{0
y56$
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
2vVx
u
nz
6i!O
yE
peC(
@aw,
+;`IvYqX6Q%4D#/sRs98jF,~&
kP>;
@X)>
S7Dx
&	xX%^
qoamC
bC3R5
U>>.k
`[~%V
&U%i3
mscoree.dll
!This program cannot be run in DOS mode.

$
jItG7
N&=O,AT/GLR&{nu_FJgA7mlE!
RbCu
D~GF
gu-j
"8mG[
,L~Hi!b(+>#4H:p=93$qEZAl/
(RYN
X4tF
&xQDv~E#zRW,eE^v+l*+E6t4
gRhV
DJ\uQ#PhBL{/amt<86\{BGZe$
4Ps
Dispose
^1tV
M9V.
Z]Xh
"\>3xY%ww^`F)3DdQHZU8:(-!
x-nv
1c[7
)]Yt
SL|y
4:G#
}r`bA$P
I,|Rt)0%u)nh1 u=/IRcU$C/
`r5v$@_
bmqHW
hCQ8
G+LrA
e|QWk
{z	Z
S@kYe
pKb6a
)
gQ/
:L.;
/*
B
%WNTH6`
Dl'
K4;:
nUH)s
*`EG
Y}
hFW{
"`w(
4gaO
bi{U|
5;p+F
^`9j}
~t:u
N.f9
'k)I*?97E3;)
:w)|9o
{D7C?
92t6
gw=Z9OROw
R+'
W?{?I
nxEi
io*[5^dfp,&$4\SJ6&dV3@>/
vZV!
Vvm
]epk
7/#c
5PX?
R%
xz}t]
u2Q=P
={;0W$ 7Xf|d`%&T{ZCW'~)/$
dYZe)d
")s?3@
zIDAThC
4*5<
AkZR
]s\|
yMu
-8#$BL`7k@*EOXd$</lVD8-_%
*51#
Dag}
Y{Z!
`Y~T;
6^~]r
:_ ;Na(<:i6UQ';TeFGIEj5Z$
+iG}
4m8!fxq
ZH>I
\
c7
=c;]
DEs>
/"IQ
yIZf
BSJB
xT!hP^8Ux~cltq@6c3,/!S/k
D_jB`i
Hb
0
ZmnO
vzMl
UC /&VQx^vf$&7}t#XGA>0Kj"
p70/
&e)+
M!!n4)
8}sRX29
c|aC
/a]ya
l	
T
6:=-$7%2^{'lk [5G6fd%]'*%
/=;5
/Vx7
&?BY
|,%lp
qg^7
V3m2
MLOT
1JwA
=ri6
:GWC
get_ModuleHandle
K!c+
YeF'K
N''
Q'pMr
vk,l
Dz9F
4jW
WU8H-
Wv_O
S~A]|
oX(&p
get_Y
IntPtr
>+^
erbs
$r'M
/g%=
2M
)
$O:|
2i>8
?-43Xj
OC61g
yLEi
3{<Y
;Kp}VQYlNRwEYl:=A[)Ts[;-$
t;,7
nN}^
~85`
_!mq
cQCz
P>ES_
?A~[
iA7
a|;u
"^db
7e4'
A5[<
@4~z
dFy
-f=B
Fy'H
K
?;"ab
JICV,
}zG%l
ZcyWj
System.Linq
ZH],-
5a|Wx
*6Qq
8Sym
6fDv}
NXO|
huL1
FHC~R
C708234F139063BBE3CBE2208BB6ACFACBC50333
p5@s
2dfe6a27-2bfa-cb.Resources.resources
yWcJ+T
c~
_
jI+FT
m+?fKXbB"nRhF4Y!TA$yebmk
O%Iq
o&GQ
l!>nS!U6"Un^c+3IjybtC)EZ"
f\Ee
J@s
uqYJ
3:6p
^w |
0N0XGM]Ej*SwKPPBb\]D5#^\#
.k"V
)lWa
,B~T
6#dg
T=ea
"w\-
InvalidOperationException
xRvS
-;mC
SDmY
Vw15
_j@IQ
*akjA*
v/V}
uM&LZ
?6
(
O_#j
/hc32
NoS
LqG(ks
.Wh
f9n}
vwVE
,Q]Y
uxU&	|D=
o%P8xx1u
O6UviG
BlockCopy
`	/:
{FF
a1T
z]R
!xFY[
McgVb
_s7k
v#e9~
MHXF
%zb4p
q!''
.mqMg
tjv;
qhP#
:@Ko
a8uNMm
!
qq
!`J
0u,vPTB^1JZ?}"H^,t^f2cNt!
P2BUK
ezQ?
?y,z
6au+8y
Od1F
Do5m
.seP
Fe]k
G$s,
`Qi&
Sw$VqC
A9-j
(OM
5OK}.
4k:
T-\X
R iQ
}@Z!
+!KS
sSVa|
_2+h
15
vA
]R4
A7z4dE2igx-:cS%/HY{\fOj^1
k3$t
au8
@yPf*
9jk@pe
V^ -9
4,V?c3=pH
Lel7
EEyG
%<lR
dL6_
'q`z
_0s;-Lg-+I*7S/u<D&[fx"P"&
i_OP
~iCL]
{ECf
3]uo*o`pLWj]@4X ku;QYN#<"
r#^Q
;Vy8
pY\`
: q_
kz* 3e2;7,wG%WfxX-hq{r&1%
U-
g
\Tes
["qK.
LT
bCz~7]
'I]8
MethodInfo
.J<r>-
}Gpx
K5rzs*e&y>9X?zo~x!va#4^y#
Z:fZ
*J?~q
(PD|C3
R[zU
_{}N
`3VO)
N{F>"Tk
+7:a
&W4
CompilationRelaxationsAttribute
A[)z
E[~;B
cOCe
;S]"	%
tO{7
<B[0
)_h|
TabPageCollection
'~6=
j&G)
MemoryStream
&zvGIqq
6i:dR
Hvo-gl
5V?b
-~t^y
#nqd
$e.P
ZI5i
H#r]
D$t1
&U	b
ResolveEventArgs
\'BA
7`Q
6
)_x
TZr^
:Cu+'
dJpnJh;2
w
Ks
L1{3^
&,@}
he-!B
bdPx@
.	_*
#=?_
OnControlAdded
Y0%
Zc/I9IP
8G:
e>s=
'zw-F>]VA2?1OT8>uPV@LJv6
T|
s%p
Bu/0$[X"PNx z'oPWhcpET\{!
{9j9
iK\nP=Bv'u)nF -&dj?F88:F%
8frI
&#6B
*
j
P
`M
,JP",
d?]x
Fdkv
c[?,
$);
m"^y
QD?
!"l.u
;^<d~H
xla#
/]f
pa.{C
A*o2nLRiM=*$QwZ&YwE@Pk",%
78/H
,?-6
Mos=K
{Gz:{
vDaT
f,j>
{|E|
3h,^\
wXXRLD
k	gwh
5pTsY
ZW	t
?4H
nmlt
IEND
yf@L
fbq{azbs^_8k#74|~\!(;Ep^
W+LHK
gyh"
UY"~@3
(Yrs
oTohO
pNY:=
^Pz
)8i(
x6
K
=
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
o"@ 
1`
0g,g1>$VG&+4CEm%&_rDL$|u'
IW9p
VT>uR
07Z}
nrxFq
qQPOsc
F^)]
@L1'
Y~Mo
K<J
rf	o
y=el*
(685
P(oo#
x+!Q5E
1ToA
.WP=
Ik#p
;9N&F
W}!Z4
dAn
(BI"QF^LwuiO812!vJ 7w)Oh#
q+X,
xK+x
Oz[-_;jt,arp8!KkD%W4MM v
"n{gQ
eYZe
p\|
X=AZ
TO>w
<LkJ
Zc9Z-
>>s0
(a}@
\r{b"
e,<`z

^B?vAjL
R{w&
,~A
Mutation
rLL-ucXaQ(7p|L1+sb">ULIC
z9}{&
Rectangle
De8H
M.eS us%
5F-U
R"*"
+mhf
get_White
d0+\V4Yb~!+NRuh_u6*,,UKY!
y$e<1
1IYwb
2#(tkqnK?4B4IJNL ?oy,+)&!
f~&u
eT3+6
Ok1O]O{rZ>B%+87LW$T~z}la"
bD;+
^$~u
Concat
RdDm
1TyB
?,)
'.lv
WbIU
0Y'*j` ~b+hYKcDW't-n:aF/"
StringBuilder
ECo*It
+!}!}W
e#U {m
a,%R
!4EI
`v^`hP
Gv53X
y<b\
BQ2-*Hvp
0B;t@K9^}Js[_%`c,9 a4Ok9#
8W'tt
}HgWWB
cpg7Jud{ap1R 0q~_UaFxIN8!
8*f@
yI{=]
=\|
0mjINH&nJ($BCm\OB9\?]q:+!
Cki\&e
ueMJ
jq8gXZ
r}tv~5(h
,hZ-
BzQ25
x:&8 @p\{P$","[t'Qm|SW6E#
!ra
>f;3
(h6b
z1?/,HS!hOUb[xQR$P/)iXO[%
ZJ?c
3\cH
qW%~
UyevNa
get_Hand
>'x
4;hZ
s"Hk8J3e}DB4h74\8`Y^g8O2'
(f3o
IG?:%
JCgF
ud4@{
!rw\
(
N"
lWyCZ*&U}R5E7l9:%w/)cG$~&
QcPcU
sL8VV
z/Y}n
+Bj_x
tHKTR%
a1#N#5
ZBp
K-&s
UX>
5k!R6
\07g@g
hlc6
z+F-
8]t? ;
T	xE
R{8Af
+P}~A
RM(2K IMk2SE=k:g"Ie!gw>Q&
l5wx
E5?J
-5A52N? 8~R+GcO*Jd; L" $1
?^]-
mmKzR1
AssemblyFileVersionAttribute
tZ5%r
System.Text
<} ?
i^dn
T8S/
0
H{
WoA6
`J%sp}VY!$sP3p^2^/5Tt#"f#
X|W2
*=JU
f
V'
SR~q;
eVM-
7XJ,
s|x`
ErFu
Z1%o
!@<_
@Y><
~st!
e\f_
5:e R
x{fd
~
@mKz
fWmu
/jFd
=(:vL
"1
W 
]
yzKn
=3P7o
`F$C
VZb=
.c_!k
D
cB)
Enr
6oRm[FH~Fy!\^|!KLT%|,`=%%
1>:(Qmz&k_~_PT)T)Z($&pQP
}CA~
~97Ied
2}C.
E{>8
b[Od:
(+
stwI
(/V_
[9?67
\Er#
*65z~8
{,J6:/
U@!z>
;'Nu
0h/8
C[FPo|bH!o8Rw|;7G{1\r1+?
7nlAX4r
oTR#
Gjo_
t
(U
)	kZ1
wl1N
3
'=
aRZ.][,
ELPr
c~YJVi
v?:B
l|>PN`nO-07/P*^K>@h))<+$
tscM
qR"WPSnMcj+^Bl'Q6:K"Bm<"$
-tM~
2sAI
"=Q
k"-LajP"pI"]ul'`&$xOqu=%%
,wI?
)B$#
5j%qU
L,s
f"w	+i
-pW"lm=8h[ ^YPE?swbxl}uF
q(\24
RzaZnc
VQ1D
O^|1
y__EXKXT7
k {" A
~il:T
qCY`
PH\
3^u9WQ[\~wf@6X*L15HsE/SV&
4Qg!
S"e1
pB8E
YSt0d
=]bNO
S2`7d
T
x
!:`6'
&BlGFwl:~>l+F(dTwhn`*Qaz
!qay
FieldInfo
Font
rU=M
LXi.
M0EQ
HbrQ
M)fb
@f}j
TUP0hG6G:}
K2J-P
k9+HL
0
,k/&l+#L
rwG
DIpk
XOD
cMS*T
E
Bl
.h3l
[!iv
pi:x%d]`CHRKvc)?C$[~!1=)#
S&'E
y^>t^
"CYy
String
}nHk
Cya^
H\'l
VLwL~
_CorExeMain
,%:n;$,T6!v|/YOvO4])YACE$
y3qsb.c1
xJ&Y
-):e
b
va
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
4pIV?
QdxK
a|OK
a.~
{?7P
J95Wu
LGlO
>S+2
"iT(
yCB!
K2
Q
A!_K:
@<\3
+=Wi
z]s86
f;V0
+B Z!z
Y$Zr
InitializeArray
/@OoO
9X	(
A/}8
Lj'XeAk}\nr8!{iTP&5_O}YG'
}po
%>alTi
o6Ao
I~)^
~S:
Y^oR
Ulawf&L`t"K
rSS9
XUcr
*A?2
M)Z
3	T
CnDi
Bs^3
KeyI0
;+wW
1
E$T
zvoM
,.S>
c%\*|
ToArray
qGe
m
>RYc
P9'6
OnCreateControl
G;3j7
GQ:m
k1t%
FE3(
u`U3
t2&cn
V_=+
n`Y"
y/5k[C
]~
bynz
t%d5
~9stU
YKBu
%870
D"U:
E$G0
R@,m8
\MN
)Y. H
:-\;{
#YFt#00
DrIl5
_e;Z|lI}AP(7s|5D^+Obd!6;"
M\L$
CY@!
oFWll5Z&IW>G%Xe>"|pEw4CY%
x<OT
get_Hovering
0cQa
87wf3
jmcTK
O; 6v
d@{e
T/Q:#LEWco_)AGS6=c"x=j6b#
Hfa/@LMTM\$Ss>5NNZ/R[&V4!
5^\+
-\vS
wwB
RB9P/!~KcU(j[MQ2/f)leAA@'
%^ap
_
Le
^9+;
R|qo;
Y>$"
K`?U
Load
H8YN
f
z7
K&W5dYB7
N9t|T!
\Nci
d~D3M
v;0vX1i=)}%l1V|^$*JNuE_J-
System.Drawing
TUh
urP7
V{mXKHK
rs[!
Uwz8
i}b(
get_FullName
tTR
o[?R
#?{!X
LMs#`(u
gqm
Uw{l
^)o.F
s)91
$u1%
X52
*s~x_
BeginInvoke
'!Uj
!\-7F
vVF>I$K];G!
s\l)
l_6
uzK"9!
bOjU
$	Q3
v@81
j7rU
NERBr
Z25|#n
/3qK
-7l-
tX.S
1,L(%l
s
hgH
LJK,=
(?:g 2N
%JrW
wQrVV
b2-?
OUjK
"Im/
+_7N
t^.-
o!7(
hP[;
TRml#)
9=)*
_;:G
4E'cl
w/"J
RuntimeHelpers
7	z\
Zd<a
N!67u
lu7A
;kSg;
K/5v
e$NsW
&i
`E
R,[,~d
UserControl
2npZH
get_Enabled
k	W+
n?c'+4
oR@-%8I
ZMd",
G):Q3
\~
c7 N
,L
o:&')
n+O
NE
|>).
cCFKBb
"p	j0
>,P'
]bJ25
[vRHk
kYrp
Y>$9r
%OSG
eZ{0
;LkJPv
y8s:
xdW?
r:]
/tg;0
\j41}
Object
;p\+
OJ8]_+-AH\
"V Ke
$Z]
hYK%f
y`y
b.-c
(85"
c}c\kcT
;a|N
`u)-Mz
a}!+~
wo#s
sen
ComVisibleAttribute
qI*{
+)y
k30>
@aPW
Ay1N7
5t>v
>S#o
>")3
V3<^
}=3dfT
/?oT
XOn>
4E2BE99140D24066CADC84F74FA899FEE5976B68
9BRjPH
wd\1
E$p=
pqpP
elVw
v5n*
[=_e
nVG8
;YDH
IyR#
TT%5_
<&H~#s%&Thwe?/(Hp[L~43Ey
GCB;
&;:/NaSW$,%DecD#p-`/Wip0$
doYj
{x}P
8@aG
D(?j
5+zr
Ss(h
cyQ3z
AssemblyConfigurationAttribute
D()Z
,dSq/
<'LH
Tm_Pn
.jr
j\M:.B
TV=Sy
H$lW
7O%p
!
+q9!
Jw)(
Hp6M
*
[S1
W%JA
OnMouseLeave
Eq??!YSGH'4>$I@7(Si^XO&K&
eZ%A
2c}P
@j;Q1
1.0.0.0
389,F'BG#u3c:tW#>sMNyv]Y$
}Mu
B`q1Y`
l~&>
>nGL
Jh{
_Ka7@
t Y<~
S&Fj
l^GJ=
kY[W
{}hSO/,9}*1n3SpyNAG$,Qd9
JKWG
H>!7
W2W,o
:MaP
,<J2t
E$"ie9>TvgUTx]{[bT_",f]v'
8q)
Q
f{i9X
GgAW
^rZ~t
!hk\'
B&QL
~P^wXQI
JcW:
(f%Z
L+yX
0z#r
) Z?Xc
Stream
S|O
soTk
]F>I
J?FE
fuQ'
|07E
s<Zi
(3
sRGB
4IO!
v>'g*@
+QKB
MV (=	c$
W'1{
tXW(
yk	`
}\L#
R<PZ3n
j]X7N
9m1t3
bLk?
#!H<Lta
)3N	m
>d#e
*?<.
2%n	M
CreateInstanceAndUnwrap
$l?i
K>qQ
FK{
Y!p@
6VT
O)+(
{ ?{
[E>.H
J 7<;t@y^}~QoqC!vJgej}=2
P]mjZ*
chZ&x: k:"gRqh3t}<N9\m3t
C;DP
R87-&}
V&-2@y
{^/E
}jhQ
&n
get_Control
VzI7
.-Dr7H
aGqGE#[3yi3NIW'u(4c!!1-:1
"b<!
eW4f
WlGy
(S=H
Confuser.Runtime
/oIs
1%|p6k
U[kP
Q0mxz
}Uj$
R	Ym
J|=4"
G]N
c:69
'P$t
f;8>
N6] !
.-iq<
@{&^i
yAY)
5SO\
$8605c7a9-dd85-4eb5-9786-b40b6a2f36b9
Cw+8
$Dnw
|MIY
RK!o
?-os
/"5A
orT
f+`t
iCE0N9-+MOxC\dg0,;5Ov|}#
7G\rH$Ayu?-EAO$vUr8{"`ey
xxM'
cEO^
6flq
#^(idu
>Vx[
EZ,<N(mWAk"b{!a"T|=y&-GQ,
;U\M
3J!6
k+O\
FRh
O8u
T&mMs(P^p*=24l+~6Kcz![F"!
V>tL
set_ServiceName
9hJ
HN5nO5{I36FnplMm|*mcT01f#
A,m~
*CZX
v bt
x_-A
I+({y
I^N*[6nRC4RAL1`NcUrOL5^}"
P0ip[lW8O
n]-U
,
}|q8"
ouS4'
BiK8
Aj{(`
Wu>>
s{|;
+aey
{kvEP0
adA>8
Ge])
x3nF
@3w
DKb+Hy0?i
QF&%
4;N~
vi@/@
.-hjIq
Od&g<m
r{I+
a~	t
@:~c
9cbN
yA:\
P/{#
Kelr
+shGgKo
BtFg
b[T0
|)aO07/
Uo;G
4#jb
ob7Q`5
Rq{C\p=:D?~2Fp3dW!"UqM\!"
set_ItemSize
+4TI
hd[G
pBo(kY2XsA!3V>'Z0F;ntq^!#
j	Q[XS
I?Y&W2n5hx?4L>*A4F42+=Pv
<"]<X
a{n&cm
SrRe
;5m^
LXe%
Z6{s
23Xt&S
[f0w:%I Yd>RGn=Y_%j?ZOtj+
Q.Y;
_(_{R)
4`[4)
:q:
X7fta
A
NG#
L~Cr
H|6E
iU!6]
,yLy21F+q@8]ZZZy^)OXz0BT+
@__I+B
#-=@
&8tqG
_b;K
r\{2n3:<#e<?}^=j3JtMYSq\"
GetHINSTANCE
MNxo
%gLPms='O`"S@rT_Eke%r:Ai!
81m3LN
oVr
Buffer
*tp1-QM"
D$.h
g1#sa_B
n	x$
!JLU
_<ig+3
vX^R
@EM5
rAUKM
#C4;u
xw&I
P'--8
/Iq8
/g'
ek\1/54f9B5Qsa~64Qh!q'\2)
=,YuK
9x^gWo
"Ljs
H,ZZ
1g$"F4enHX
ThD
q
32:c.l8
OBG^Q
!7_R
?IDqh3OQ, pP1eP'9^)Qv}'|!
]1k2
(:]M
|[f ?
=v?*
MbRbU
*Jck
%(  Z@44\^i:0~tV8rm|Rz=g&
[5~hGq
Z;YR$
V,J-
3`.`
v!c)M2
1#Pi
$"r6mP~IYmr^+WgK@v~rOOd1%
)##1}hz
kdW]
7JJRV<
[kCkQ'Q@v2?Xz%oVDboS>?V`#
mY]6E
=
?%<
+
yp
Y/>X
;8ne
_#n<r/
_p`1
Ml7G
24ui)(YFT[a7<H~2Tq}m#AWg'
\,^
5r+H
[5+V
`rN'
}.<m
%N%P=px+5YT$&~idKe?F\-7=!
B,mv8
qLRw
0!f1gZClz
D!m.
?f.n
6Oj\M
-*pV)2Ef|1]t9#-T-O-^AXI#'
m*?C_
"0EX?
W	cK[[
FVX=
|qYid
wc.S
TZQ:+^Zn9srH<]^)U_(!Q%Ji$
!wym
#z|
>-
^:
f
Z{
z]Qq*%ID
!C9!
=P0V
)El5
vB+~ZB
\<Ib
f<>4
F2,mb-@"2( kq$R6-VDp2@XN#
I:Qj
~j*O2
*r6P
E
D*%
0p'
Kls:
9x9*~
Copyright
oBjX
cJKOP(CBe2]Ym>J<,<m9KOz2$
ArgumentNullException
+U1.
Bi%Iz3
7SgF
N~E
}{^x
get_Major
Q:$m
+eG.]
7K>Tn7>S
'95-
l@8D
`h3qk*
f7
k
KBmi
Q8Hwg-
vO)cE
^HQU
jZe5j
0;g@.I
,J(+
A~E	?
PL^>E
6H{Ao
vr5UM?
X`	#
DP/B
v2.0.50727
^ESU
>f(D +
7E!x
/8cq
*8Onx:
D!Ii
^UgN
ZBmS
9M"
`5(/0
:.>
a6S8e
1"#Ny|
K$<%E%
#+vL
{FxW
H3wx
get_Default
od+{
%iH?jLDQ8A6JXz10r=1q ]zq:
vu5+R
N@t	1
<KCV
y
f
#&xT
AOn*+
[i[h<x
;I%W
Mhl(]L!|<wC?;n|l`Jq+w#W>"
Txu
~R,C
vO7NWN
V>u9
_8t*
sOp5,
GdL~
nRP}kKVoD2a(W5ttARE~3kro#
EiO8
y?#M
jG3
,^ELE
GOwy*(
p&Z`
hNvpQ;
3;E`
$UB0
ku}Azt4LASTIu70hvCvg&&`6%
mJ?:V}b
I#9$
>+>v
%O?O
^O?|
Mu~ u
<]_
sw}:
o*E[^
0C67r,
Nj%31_H
\f^
6=q"
+sJuwe :EcoA@-n}a?crB-X%%
E	,V
\GcD1
e4X2
"A8eB1
=s=-
T Wy
*%Jbj
GetTypeFromHandle
IAsyncResult
q]IP
c0)zru!,&U(NGPOO@OK[xh8T"
pFmK
k-vQ
U2fr0
yEqSP
@ e
R1$|b
w#j#=[
}._g<
#=Yg
L?Q/xT
X?Le6I69=v\R>%J!oE{CEsVC
k~Ec
+H=rU
:EUj
;;;}
TA;w
cf0K
8SQK
GetDelegateForFunctionPointer
((n}
5 /,
Zk!B\
:dtX
yh%xb
I-+z
>6pN
<T6M@
G|%KD
++aw
]nSS
n7D1}6_
vx;J#
O)PrSX@
S/}A
qoY7
.Iv&
hvD;k
:W7o
a>m
-?>m#TtqjI%On+q+gcVlq'=k!
,R(>
Duc:
u<*/mkb
IyRMC\/
,1Qd
yIDAThC
.U@]
a.6:
Yg7\\=,s7fw8
w
Jo1
4O2A0
System.Runtime.Serialization
N-$dn?
{
U1
^h'K
EBO]
y
(Y)
zJR]
t$PH
2\	$
+)]
RnEW
PvY
t}z
`I6lH
sTHes
HWDQ
_9Q?`
\wiLP
hO/H%9&4OzK,b$yg4q$Zt#$z,
f{lL&
\=hn
OcG6
xgd'
Cj5i
1<>Z6
Hu2&J^
U`Lv
o)sV&
-L4g]
F%,Z
qB?&
sMC~
9	*!
XK(.
qg\.5[;xj
7
UA%+v
Zb<3Y
System.Runtime.InteropServices
nhUR
SSne
fO^87qJv)gn9y+ML+"{/ZLkO"
MK>}
[7,l>
+c3'
LVE
Math
1suv&G
IEquatable`1
sW`=
HzQI
gGv|:
lFQm
P%5#K]-p=L\KF(qAB/j9Jx8|"
GHH7
)pis
$!\2
7hyV
sBH#
;w6^
AOuM
sON,a
(; L\M;Ql""'+5>l_(FK3Fl6"
KZi2
Ka31/:{
G6_VZ
efYc
IComponent
LdUEN/
q;lURtWRp
l'fd
xF\{*3wX)Jw6+UmpEtF$F:`_#
\_Z"(
v'$
C<Rc/nJ
SuppressIldasmAttribute

M}foG_
onIJ3dMcetyz&_$4+Z@ob~G{!
ER+K
cUKKv
V8=mS
EH6E7x
kHAH:
0p2\
NyFD
#V {
lS~G
kUn4)jD
g_1x
k@f0!
}iq:
$>ie
.t9s
a	ZW
J]C
$.479cEL
d[\+
V`uF
)
4/
%P_Ao@
]Ru
EA{{
_&Va
U$"L
E/
g(
(r+
Q2BRl
IB_8`Y
N2J{m
Qf$4
m&Ob
a??f
(UTob
]-x:K
L%o-W
l{mSv1
2'+G
y]n
0Fb/E
Q@NYj/e
&\_
p%>o@Y
{2AKq2
kIu{
-12F%)I
]WeW
c2	F
ab&?
set_Font
Sg3
1NLw;
:%	v
set_Cursor
JJDN
X]th
8p+k
Qp]/Xl
Y!K
c0bk
{*<U7U*I
6oEz
<=5C
91*4
0Jwr
IDisposable
p23+
R7ph3CdM
I^g?
g$P
|_A0
K"<g
s
6}#U
^
Z~
~K!=
/QL>
gNOg9At;}Q),&,pcxJN&cbA^"
{.>Y
b3N$anYjx4PCoNDAs"@?\V#P
_8W[
B[81
1VJ4
#BNp
C@;OA"
5A EG
If>Y
6v}F
foR@a
}?>v
!0UF
:{lv%
4Q=>[
oK	@
vyoo
,u`
1P/#
`H=S
pEE9Fv[@-9mS+qUu%|AVQSOE&
>M4DN>fu_<F;$;D=C9Amus{9#
5w+8
~,C7
gSp
AssemblyProductAttribute
8c|v
6<D=zdN/Vw6e;OmKs@S[]M4{
dH a%\\{<P'S'9}Ww/;7Ye*j"
!9D3
9(wpq$?Q#$N)L!f]!B$>F=6t"
;@EA
+Kk+7
jZ{vl
C7x:B
HQfl
Gq\
WRGu
[ vJb
R+@Cc
<Module>
T9J
^p,
5f&zqK
3DC:<[
#k.;&L
(X
QBrh.<$
MulticastDelegate
?aG.
)hP]E4
<A-v}
KQ-W
^@91v
LsD0
r`;o
R
xA
K-gk
{|dk
!m_pData
f?uZ
q
>+5
y1TbbuxCT l44'1:9q;Xoh2?'
value
v,Fp
=Iz*
2018
Tr9EH
.}Gn!
q3dv
GZQe
7`P&b9t^=bchg7LPB<u:-oFS$
+-4B
30Su
WaFp
F`$Z
|
p:F
urr3
}kK5-
x7&
7|9Q
|ARl
OnMouseUp
Sk2_
'{EP
| _P
sB(5
$ZPl\uk
j"'K6=U5
3jea&/
F[bL
F=-"
FslGiwG,d!W"wJ6,9Vb8:Q<?"
f4Q$
L7S'
>=wK7!!xoO#-~xkUx@o":#YY*
O?v+TLHj769V_I<B<y+R!YO)%
lgGP
Y*K
d
;z+
|3khj+
?M
#GUID
$38p&
N/r_e$
&J|:
+zTp[
59~2V]
"xU.
G|h
aQBA>
Z,Cf
wL6s
set_SizeMode
P.y8
7<h
2
lU?
DGBs6
vI>1~
Ef5
>&
vq'{
f{)z
B5yc+q!
`Z3>
RU
!Fu:
WnxG
~$SzHF,6l
dOX[p&wtoj
pqb.
4RwH
Al9L
&>	~
;>3
uV%k
>Hn/
GujF`z
wW7R@z
vE9/b
%.|~
C{tj
}voc9
*2t:
9erl
e
?,2Q!
#zXr
X
+U
Q[Lc"4e
H11na'mE 2s#V+
}k?[fQ
Nullable`1
=h&$
6vdn
A?rM9
2yUW
d&nXWGw^[ODh$b`Uh}D*;\4c$
abs3
Ai	I
XOS'I{]
EVXzos
Ra%U
Mxz*,
`N<o
7S+fO
"+T
JxO3
y:	Rr
C hy
$}^`!D) >~ccC7{4<#,+ %-Z"
sXf)(
9x_>
!9=fwtthO/`>^^Xn1'V;;!$V!
t|%
uCkr
73*>
APE=
Cgv~
hYVc
qZ9+
h}NT
2,oQ
5R|Dm
6A+u
w_b}
KNw9opr
<
gA
/a++
#	Gjhb
ReM.v
e!{$
Encoding
T)':;
4
gTEV
"~iJ
XMW6O
>m7Vp
aKWh\
nid tkT
|WFs
\HF/5
a>44G
R^'Y
bw}.
IEnumerable`1
gH7R
|a2Y>
O .l
V
/9
r
_#
J*Wj
get_Module
TabAlignment
?%06J
|x<t'
2dq(
$2a/
PFlu
~.WV
?:).
,?F~
d|={3
ZCSz
"0/k
Rd3{
tK{AF
dNuT6
{'?w5=NE<He]?!^A`\*pz"}c&
IDuh9
}:Dt5?ik'F {Hk)3Ed5/+_iu+
>){I
mtJ+v{
wlQd
4%vS
Xt.K
<OP%
BWq,J$|7
Cursors
w6s\
f~N=
^mqjHD^IwPv'C23mQ"cnS5M}'
=yO"
j?f\
1
\
JB9wrdJ~@u((CFgUj8&RNSha!
yq8i
get_Size
OU2_
;dj,
n*#i
!)mC
%%:7
zU7+
-Z8*
G--Ha|
P(vllk
y-<`}
8+`V
xj*
3/2=p
9_IX
f
,G
}Br+
System.ComponentModel
xlH\$p
Ark.exe
koM`V
/R
`
:Nkv?
w\e]C
+v1N:|
436534A617CD86B8557AEAA31D433ECFF38B112F
_nP_
+U4J
&"G\o
;BGU
'I4uuoM(n7:EXkF+G0smcBl0
[Zw
];2t
^fz=
J?1\{zmdT~sX{WN2pOw>s9F0
DisplayNameAttribute
($0t
N(&:
wFN.
z=>'x-
=T1n
Yl^^
oyO[
Rn<IK
6h!
[U7\
DR-
&zb5
C648C0E55DD0A71600A3C979FEC05C180303B2F7
:O5=;
f||v
h#5Y
Fz( G
[Hf0
:9Vc
ML"2mL5$O/NoB1$KCRiQn'h:
{U~{
-Kbn
U
@"
X8!j
"5XX
5r^N
Ii=y/
3]0v
"0]
2O).
v4*
TfG{w3{aghVP^s(2&5DCAc4R'
,lMK
~%co
kW*szt
D#kb
System.Collections.Generic
;glY
lo~ZFE
LjMz3
sYgo
th-6
Boq/r
`e`V
@,u>
+kjS
F3wU
4ear
|IDAThC
System.Windows.Forms
d+'J
)>d2
y6`
.2	Uf
^.Dp
~IsQ6
@5-m
#hZhmGg
d(:rv
sbB
=
_>J(
xbI}*
%^B=
' jw
gDs/j
XS#B
cB}]
VG'l
?`:R
WriteLine
"f?a
'I9@&
aOB+$$
System.Drawing.Bitmap
2R3HTj
jnN8
C]Tc
c6pX
aAWv
C,SV
gtLN
ChlA
IDAThCc``
%OSIX
;#JOVq%
SetStyle
_<%{
8uH!a
G#zE
J"X8
?Z^q
r8z8G
&1K%W
QK);
]gbl
disposing
7}w9
9VTMk
?	{y
!zqf
|v1,
}0~*U
|ME\
|bI47
IAC2?
D	G_r
a|Ngf
Wh}s
G&?l
S5Ls
g;)P
?DR/zq sX2@`i%)]/DNgCH=F%
-9pR>
I7}inV4XO(;0"5L;^ L^rQ"{%
St;~V9@2E#~Vd(g+ai5Jmqv[$
?ut"
qOn
\^WA7
NY(z
m9uY
.W*G
\L ,8f>
agl\
y+b[
BZ{
j
YDcoQ
&.|B
ej{M
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-02-15 11:44:34 2018-02-15 11:47:26 172

9 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-02-15 11:44:34 2018-02-15 11:47:26 172

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\chisom.exe.config
C:\Users\Seven01\AppData\Local\Temp\chisom.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\chisom.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\chisom.config
C:\Users\Seven01\AppData\Local\Temp\chisom.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Users\Seven01\AppData\Local\Temp\e23dce86-2e98-4add-b62f-3e620c5e0d5d.dll
C:\Users\Seven01\AppData\Local\Temp\e23dce86-2e98-4add-b62f-3e620c5e0d5d\e23dce86-2e98-4add-b62f-3e620c5e0d5d.dll
C:\Users\Seven01\AppData\Local\Temp\e23dce86-2e98-4add-b62f-3e620c5e0d5d.exe
C:\Users\Seven01\AppData\Local\Temp\e23dce86-2e98-4add-b62f-3e620c5e0d5d\e23dce86-2e98-4add-b62f-3e620c5e0d5d.exe
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll
C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Users\Seven01\AppData\Local\Temp\chisom.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Ark.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Ark.resources\Ark.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Ark.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\Ark.resources\Ark.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\Ark.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\Ark.resources\Ark.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\Ark.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\Ark.resources\Ark.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2400.34860171
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2400.34860171
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2400.34860187
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\0130651f-e802-4ce4-afb0-29a079d60afc.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\0130651f-e802-4ce4-afb0-29a079d60afc\0130651f-e802-4ce4-afb0-29a079d60afc.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\0130651f-e802-4ce4-afb0-29a079d60afc.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\0130651f-e802-4ce4-afb0-29a079d60afc\0130651f-e802-4ce4-afb0-29a079d60afc.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\Ark.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\Ark.resources\Ark.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\Ark.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\Ark.resources\Ark.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\Ark.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\Ark.resources\Ark.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\Ark.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\Ark.resources\Ark.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.34863890
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.34863890
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2568.34863890

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\chisom.exe.config
C:\Users\Seven01\AppData\Local\Temp\chisom.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\chisom.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2400.34860171
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2400.34860171
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2400.34860187
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.34863890
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.34863890
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2568.34863890

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chisom.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3035fc5a\375c7a1a
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chisom.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chisom.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|chisom.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.ServiceProcess__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.ServiceProcess,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\337da671\3850e7bd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\337da671\1b71387b
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.ServiceProcess,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.VirtualProtect
kernel32.dll.GlobalMemoryStatusEx
ole32.dll.CoCreateGuid
kernel32.dll.GetStdHandle
kernel32.dll.CloseHandle
kernel32.dll.DeleteFileW
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
advapi32.dll.RegSetValueExW
kernel32.dll.DeleteAtom
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe 
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-02-15 11:45:04

Detected family: #Malicious

TheSystem Itself @ 2018-02-15 12:02:02