MalScore
100/100
MalFamily
Malicious

alex.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 12/68 Related 1997
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 511.00 KB (523264 bytes)
Compile time: 2017-05-08 04:52:48
MD5: b410d6237e70eb719570f04675d32285
SHA1: c4c9b462eb2dd648b0f162b1d5dcdaf3cb4157d8
SHA256: de9b9f46f1bce12b3588358c1ea89c82a745ccbf46e9c0fe6d9a77657b33edaa
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 Usq@AW[ .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-02-15 11:51:03
Last submission: 2018-02-15 11:51:03
Filename detected: - alex.exe (1)
URL file hosting
hXXp://prosciuttiamo.it/ice/alex.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-02-15 05:48:55 [12/68] VirusTotal
PE Sections 4 suspicious
Name VAddress VSize Size MD5 SHA1
Usq@AW[ 0x2000 0xd900 55808 8b54cb94334cd80f9593702e70635ec8 2276115a90cca9c7425d5f9169091638a758ff99
.text 0x10000 0x3dd48 253440 3371d053cf70e6a63e2bbf95f029c93a 5e449d8e02f88ccf3f0a06736eb09f2d7b83316d
.rsrc 0x4e000 0x33a38 211968 e4cee20db6e1d17d424e2ceb9104319c c5c2a3842b86bcaad2ef490fc978a44ec50754c8
.reloc 0x82000 0xc 512 4e4a67c1ffad72c688ad19cfcdc4fd13 d14eeb3fb7574ba336983085b070684b350f4b1d
0x84000 0x10 512 da8c3884b98792b6bef8967fcff539d0 68e0303f596b209249acb6097527889af6738d8b
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x4e130 209740 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x8147c 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x81490 952 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x81848 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017 Duke Energy Corp
Assembly Version: 0.0.0.0
InternalName: alex.exe
FileVersion: 6.8.19.2
CompanyName: Duke Energy Corp
Comments: ibadaqayubowigar
ProductName: cobas TaqScreen West Nile Virus Test
ProductVersion: 6.8.19.2
FileDescription: cobas TaqScreen West Nile Virus Test
Translation: 0x0000 0x04b0
OriginalFilename: alex.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
6.8.19.2
URL(s)
No URL found 
Assembly Version
2396b960-b6bc-f518
2396b960-b6bc-f519
2396b960-b6bc-f516
2396b960-b6bc-f517
2396b960-b6bc-f514
2396b960-b6bc-f515
2396b960-b6bc-f512
2396b960-b6bc-f513
2396b960-b6bc-f510
2396b960-b6bc-f511
2396b960-b6bc-f530
2396b960-b6bc-f531
2396b960-b6bc-f532
2396b960-b6bc-f533
2396b960-b6bc-f534
2396b960-b6bc-f535
2396b960-b6bc-f536
2396b960-b6bc-f537
2396b960-b6bc-f538
2396b960-b6bc-f539
FileVersion
cobas TaqScreen West Nile Virus Test
InternalName
FileDescription
Duke Energy Corp
Copyright
fcbe0f03-56eb-83
Comments
OriginalFilename
StringFileInfo
000004b0
ibadaqayubowigar
Translation
6.8.19.2
VarFileInfo
2396b960-b6bc-f541
2396b960-b6bc-f540
2396b960-b6bc-f543
2396b960-b6bc-f542
2396b960-b6bc-f545
2396b960-b6bc-f544
%q^
VS_VERSION_INFO
2017 Duke Energy Corp
2396b960-b6bc-f527
2396b960-b6bc-f526
2396b960-b6bc-f525
2396b960-b6bc-f524
2396b960-b6bc-f523
2396b960-b6bc-f522
2396b960-b6bc-f521
2396b960-b6bc-f520
0.0.0.0
2396b960-b6bc-f529
2396b960-b6bc-f528
LegalCopyright
alex.exe
CompanyName
! %$'&.-1043536373
ProductName
2396b960-b6bc-f54
2396b960-b6bc-f55
2396b960-b6bc-f56
2396b960-b6bc-f57
2396b960-b6bc-f50
2396b960-b6bc-f51
2396b960-b6bc-f52
2396b960-b6bc-f53
2396b960-b6bc-f58
2396b960-b6bc-f59
ProductVersion
G7v
/ReG
V<~KB
~][O
4eK@
wePS
t_5:$/
JQQ=
;i<u
dx1%T(
+5fL0
P1e"
[#u
dU>bU
T'4u
WH|
PNG
r]{V
T(u|
VCj?o
d39
wWeu
i}
3
bg}U
bV%aZ)#BU@eBPdef`wt] N;b&
tKio
nBgJ
N,1:s
piNZ
@W%j-
Fy9"l
..*o
q*=<
j`}-O(
?*H_
1Tdh
399N
{+_@~=&~Yv=s$<@-@IO';9*a"
"wS4?
2jG]A
ok	dv
^s`%2F
V$v/g
cX9w
get_Height
|h64
?;M
C
W @
({TOZ
:IMt
'Mf!
e(	nv
Y$F{
^U	7
\K"O-K
i:>H
wuFA
:XXS?v
\vbZ
v)A(
Vh>t
p?fw
aCt
.
NohH
_&2Y
LY
`=6Y
e\KM
6m$^
&ZU^
Q9TQv
othKD
`m$
rgM "_9<
Jljf
:CEI
o9N:b
"@CZ
q1x3
$<W
dR0H
Version
kmB&
<eOOc
}M\

-
*c@a
L@;1
h:C)
L;Zu
X
(+
%B&:(
."T*
qeY^
,k%P
9J_]
set_EnabledCalc
/0:cHhD^$%'D=P B0_/tj[:4$
~mGr
y7[X
8op8r
#f@g
uqd8
wL_S
Yd@_
c}-`A
GBs
euIR23
F$bE
iI8{"h
'MpF@
7[
5
H[n
tSxK;
,hsB`
1ar5_
o*Na
R,k>
(v>,b
ControlStyles
`zeu{_>=:t
n~5e
XPOM
Marshal
:	LnU
0jC
K
v$|PcEs
dY <
Kj"qJ
<Od'%
Bd:o]
?{sWs
6?Og
IKno
p$S])?
7g*p
NeA!X
gGWP\
`B4b
?Au/}
%>]x
36Ly
 S
zjG'
i14A;
48(y
u8Ql5Sq
op_Explicit
RuntimeFieldHandle
E<Vb
#?N
}IDAThC
EVmEs
B!1P
2bH!
ObjectHandle
P0+
l "n[
eDO0
*.
]f-
5lQ9
*	.i
|SQ7?(qJa?],*4Mn[ChD%FDA'
Z)e\
96<D/dy?;SnzFQwHg;>3p2##!
8k9nU
r6Q9
(RGXs
rB"n
$5$8
ZXJX*J
3Q)d
/:eq
EndInvoke
kUu
)Dwb
g4MW
PW-"
N$7#e
.l7z}32
OH)c
\k"Y
HM;
06ukYY
Kf%R
7`may$oKA3"u2+#'7(QkId|l,
wwpG
gI	!}Kw
8*=!
OI8/,S
Kqe<
mm}#80M^Qs}Q**F)U;Z>]q]j#
m<uP
9AZg
n,A7Hz
c.[EDY
"l`]
#V_o
q]\Z
H-hI
LI$x
5=iC
uhni6
\V\=b%
ZJ7
/UdD
trjX
Sz{,
set_Alignment
S_pC
AssemblyCompanyAttribute
0sXA
oU@},
#cu%
uw9w
2h/^j
WT?G
3J=gJ
?n[m
|{'K
ENvU_As>i;{[fil|nzu]'RkN!
z{Z|\W}~oK[q49kNF6U=!+uL"
Y<aE1,
TB<87NM2djo&0Ch3TQUuEbk=%
s\('
jj@
S~'i!
l*ue
>.P2y9b
B	F7
8Vr
-0cq
j$p^
';4~C
@\>
fRrB
4Bo*
C{l]/
D8Y)
18|t
3Q
C
Enumerable
Fg#{"
1gZi
ResolveEventHandler
C'#{
%k\B
Ub7b
J
0w?u
ZrXL
6C0v
AppDomain
68[SIj
V%M
u/y.
}h+{\
+}jM
,c:|
4hKW
t"o#t|
]I)
_r4q
get_CurrentDomain
!X#R
AD%u
w(#/
+wR1
gs9,
@"xt
tp\g
A$|kRR
I4b'
`saq
Q:/*
SUY$
`D
P
JAND
dQzY
4ic|uz
je6
&bI/
3ahR2
PFXh
Jaq7W
w9_Kg
vBwwT
esb
Yd7q}!f-*<u^@0$w!!F3#-c#+
KDU&
o#6
Y<	X
/HzI
as1]
huW**\
n[Q{
kG<S
AssemblyTrademarkAttribute
}IlZ;<
seQ.
3<^
q jd#R
c/AOC&"^^l -d@|a@jz',@-m)
Cy+!
x9p*
;Hz#
A(PZ
5*JG El@,w@L=:HP?>cvs/,_(
q>,$
?LR~?rW
}rdlT1
+k"+
EM8B
>qH2mY
UVi
8U'
]qW
f!R!y
Z`=*
GtG,
O,NtJ
54z}
[356
,_z3aCjlHuM+jxL{=^OrYBX="
+<rD
^7d2F
SVvV
3vqh
3lK\
Y
?
zzW^G0*I\ptV\k;qU0~[h8$:
7LK
Control
y]%p
._>
a|J$
GetFunctionPointerForDelegate
{G@
N)Wu
1i;i
L0`g3
qR/_-
)fS6-
CuS9U
4DqY
!W<S
U(]3
ew,x
99RI+
2)L	w.
}7ms>rr
Zw`/
$
<Dc
/JiQ{
k$A\
^Z4EM
BindingFlags
TPST
t:M/
_FUQ
Type
1J	d
21 {(*b~~3[eXT[%lY?V;|x}
A,^D
S<\R
Pd;B
^hw[^
wP3&*V
CF
!
)`u?K
;\afk//U8qA}|0`)B)wWZs2j!
"<)=m[{@:LD~uU%GXPG" /;&#
FE<^At1
'J<z
lzjK
v";dLx^eT]cn_Zp\iIx5l&`/
MI&'K
q9;sq
!c|O
=NP3
,"P+
.k5L
bb,S
GbW|M
3^(~
Cursor
CMz"
4#p0
fwNk
WeJ"
ZdBT
d~y_H
,g9tT
t"u"0D4r|:dqoW8Xn#:f))C5#
Gq&iD
lS,Y
Ii&F
BdA5M~$: s]4 S0Q&EpST:MO(
h(!!oBu
n0a4
Ph|?<y3lZiM_yTirZzNikOJ1"
jIMQ
wV[j\
Char
S%dg
QY>7%3
P
x^
W<IRL]y
QGni
9~=i
pC;JNz,uN8`M12, g3>VvJUU!
s{kY&a/%B++&#X,=0v7W}~F"!
PFZ2_>
GetValue
O:.U
>|fx"y(=NlbB=jP7)fIGY$h]+
|8wo
K`dvM3WlS7`;MR:V4agH~n;>%
A
!|
OBzt-
YsvD
FfnL
*2;\
x|nP
*bGf;
get_X
get_Y
~UkP
*mnl
8=WSb"
E!g`
g
HZi$
[e!XC8~OfwkXe^aKX0r6LxCx#
L_LE#
ypN9A=K
RvY}
]#m(
mk*YI
qdp
B<!pn
,^4E9
LPccZx
Yf(
Bulme
K
\.5
P&	A
M!*:w
$nJ;8h(7i#fW3#hAU&R)1*U|#
u#\e
\9Y5w/Gr#tzi3U?WY:^GCgXD"
.,v
4'O(
q8Qd
3RZM
vEE)
Hi#_hQ
#OMl
N0B(m3O\ s$[O=A;Hy+yER?3!
ISynchronizeInvoke
c*jW
fcQ!1q:HXsq)B[Z~/TPcYa)[#
:I.koe
T<~fp
Q><W
czAO
+6ATy4jQ
d4q	'T*
3(cRn/
|BB&Nb
1fB/
[\sR
wX_Q
)G[U#
SbLb
s<nr
a*na
b~op1
c#Zt
|7
b
Yv
!
[z`q
nY@n
l$hD?ctr
/]lUV
u\D&
75^:1mR(
/ s*n
R9F
w8R.K
F]S
>
&<]y
&F]"]owb
41w/#_
?6@l
EY$c
PQbga]lE@y~YB"Au-z'=_m1W
%
3jM:
.text
2lxC27
GetString
=|@q+u
:	 D?~
@Y&j
9P=J
wDLb
0yrr
e9VV
qdN
6mWpf
}gTS
^uZ(5&LV
%1OE
G]U Qu
#|s{)[
Hw%~
HPx
0
SQs`
7winzi
~pBiz
7o9}
^RZD@
sHY/
J)B?
LyE!/C>6W!]]s<]AM\0Sn eB#
z]U#`V
{[dr
d8mQp
O6.7
XbPL@
3[4E
yM#W3
ST_R
6	B	I	U	a	n	{
ugTR
o6"{4 4
s?MH3
8 *,@
nkk!
>knQb
nR0wo
<4SzIG(
7mpk}!LSE#=@esck5o?*kHR%(
En]B
brR0)
Gx6l|
e;$
3F1aq{
n&"7
M`m|0
1o[k<
Ht{7
WuPTP
/8n:/
L~3"a]+
0V F
tH7c
IA.|
Console
P&5z
x^q=B|X
28%W
Us@m
mbL
7ky%
sPb>M6
iU@k
RQ4o
*Y7+
/-'{
u2E)
dAyR
Q2R|F
bWrW
/FS&
w}TG
1%mP
_uAV-
$:.
M*ny
(8y|B
Zk(;n
'-\*_
rbu4
->;?R%B
Q6cR
;D
?f
W;,R
ZKUQ
I
O\`
_ug
!tJc
xKx_p!
Ly|c
+l\r
1~1.
FuZ`
0%<s
7_lAq
`.rsrc
j+e=T;duQW8('N$3l^UK!9_Y'
v/g*
d@T[
c{$?_x
e@Da
z5.O
:x7%0#L9Mpr20"8G6C01-YA%(
-7 .
9vzx
|LS7i
%{9M
u@b9
9/Yy
get_Default
eH;75
&}YEG
,*[<
@tv6
F_El
:%RR
]ohT
;R!
kernel32.dll
][(3
result
QBq	8yr
4ij~
Csq!V
/!;%
L}
~L~
JNe=+
-|\h
kE97
u/L=
PyRhs
5_1e
w~V
)Vb^
"R=[
[+Q
G;A!>
k#yl
pKbt61GWbE[):'9/*#Uqz!W;+
Z3[G
^^X
.wI
}IR0
nrp0
ANo[ylE
xM12~GbY4a7y'Rv^3L;&~>j:$
NLiD
82=
|=jC
W)/L
Ohy<
fs<%
)<5y
dF"6E+
(!<jJ
jb|9%
RGbAW
O_G&
m$;{
tw8F
lWuL
$s!]
Y=l@
get_SelectedIndex
2=g''?
,uS7
8(dS
F/ z
q!{!]
h*K)!
r]p\
{LIK\
|.)+J
_NqKC
a	;F
T$!0
>rg!
|uR*
^5JE
VbGd
MouseEventArgs
\?Q-
INs|
C|&
f)4
+!>~
Bx	|
BQj-
NY.~%Fo
v|x>
\X/V
}CsE6
P)%s`4\ jQ_dR*;_c #Devq+
:nd'
u3\Q
Y8*@=
FiH1
KL6a
3{<=U
egX|
YB
=xm[
W+L$p4+`2X/WLw)TVfcpBc9F+
Nc?h
I2@v
rs8G
Rx]
v
5/wy
6y6F
30f_
(
Yd	S6
*"'mM
[(Rw
%etw3Z
:zQy
hFcP
ANH^_
kM
-Vuu
[CJe
AI,*
3/BcK4{
@/bn
R>F2
NWatlE@ftA9U }xDr38U%(C0/
.)p!
F}9(
Lc38q9 N
VS S
z=@O7D_R}zZ;!I5%B &9A0Fi'
l[D4
"mN)lU*y2 Sqk!{Q0,?9;aL!
lwp*@5
oEvX4mAX*|Qbt-~"yK!73'Hn
TqW!*
xEip+
XJX*V
N"_j
7QuJS
MJ	A
~yJ*
E2DF#~A
Tr!kY
}(VH
Write
vo(
H?}_
OnMouseMove
<$a\@6?ZgX]QkRIK= P:?%u6"
J{~!
rijh
UzMX
'je2
5kmR
bt*0
iE!<
!MOP
C#sG
3)X9
&;\RY2#
get_Assembly
fXrxy
o3&y
_zo!
t~d3w
x:Wy
{M"N
}i[5
EAs{XCGC`KvJ`[]U_8*X5-5O%
G<uY
Guf$]
`fHq
%yn|
vdM]
KSiG
/%Na
#yWz
z[	@
dEt"y1
JJJ+
*5n^u?x
!Ikt
m<~/
QjmFH
}
RtqF
keI='
fA.6
)CF`f
Z=wP
y|>T
#QFm
J6x!
IHDR
System.IO
7IHll
WrapNonExceptionThrows
){K`?
=uC{
U=+1
:xy@
oxTR
WBP1
[/1{w
x^r
J>FI
f1C
/G~'
[Ei?
`|/p
[ 
7
=6
37
y#'r
]-]M
J
Z|
6uJEo
N^6i
rM.W
pY2i
ElB]
=lq84h
-=2$ok*
G7<G;
x!"x|L
E|cJ
Mta(
-`L-2A
q}P:s
i^mE
"aU#!eTO
gi!n
Dr
9j7]N
*P9n
m5cq|
<H]
+KswtC
4!aw#
lX)8R
HMUF
8k;/
agTjc
]0fbw|
}?$*j4d4;Vr58=TRr90=#REY"
6gR8in
Qvs
c
jm
||mx8
/QZd
mVYP*{sJlf}6EJN*5TvWksIY&
{Ma$d|CHXQgSymIU(pI45QX|
)nf-
0P2j
&j;fK6
`c(4)mzM7C&+zxd#i[_9;Z[[!
-{}&
JQWs
>B=Q0
y^ ZYR'
iYEK
+GX<
gs#M#D1bnyLTkZ9a"WIYCt%+$
%G2eM
Ist
`Is
;n5
$Z6L
?6YR]
1v[5"i,m+j'%N^]j]:e#Ec:>
Q>s0Wlb
M7Hz
u/b8
:-,ckKKrZUzA,LyC=[u&BJEo"
1TQkM/
"!0(
t`"Y6D1)'=B,&:!X[UR1 emK%
RFZ_
[32u'U_@N?EDHNU4_ps75sZW
EventArgs
|SR~
K95K`
VP	z
ypa#a;
oewzW
)JcK
cPq
WoFC
=)sc
$oy=_
t
L&EC3|
"[#=
8hV%rs
DN1z
hy\}
x&9XA
moFT
Cd{K!>
xu
!>9
fN_j
xeW$
b{FF
,/eCz
q7U"9u
QcqwVs]$aAgD7VMPU=0bU1)5#
huxUh`
%~FJ
$yNo
z]H*\8
14Zv
Jlun57?pB~SVtuj3Y6I5 (cr#
&0@A
#ZsF{
biNCEBbBNTOhW@jOJOPhZr5H$
GRX e_
63+!t
CreateInstance
<38O
iWr+
sVT2}gPq<58>{?oYSQs4 \/4
2my
3EA-c+
#[/|
*
GA
4i8
>fA`Hn,
MethodBase
#Strings
8Zt"0XAf
N=M~
EQ
W
8hC)
auA(
Mk]LV
->xjm
k
P1
ZXM(!
!T:J
5hxA
3`yB
V5Ne$Rh
%X6.
{\;D
W;ZaF<
W?n~
LI2`
L1r.#
uq\3^_
G6Z6
!!NX
j]T
s67m
$K7QT}
aP3;@
aO f
#G{)+~0A_y!H7w)@Hk? J3:$%
Environment
a$8iHZb(@eV[d}C$?P<2O-a?$
4F%Gb
ZXJX*V
-?2=a`V"'a
VirtualProtect
X>4~-
b*^D!
z-lu
;G3r
OY$M
)C|v;?0;bBW*8B[Q!Cp{&HS<!
}R~S
S|r0#BljC@cH[;Ik7Euilj8E#
qMA}
G d)
sBU"
j*EGlR
:JL
nHv]R
u{$.
~Ju
9n?m
get_EntryPoint
6"a?KPcj^I?+MsZH7qzSoj6P'
ijm`
(*g
5Sq+
W
{	k&
F4C
:}	P
3=y1g
s"y$
@
@<
Lxvi
System
+^%}
$O^~
W"h@
X/<
3dp>s
n;ZE
d;]W
Z@|
Up6H
c,m2
2|a;
9nTs
/9PR@q
[Q
GetType
~PI
<\&f.&
o)z)
vyb]8
Ld
Q
zPQw
add_AssemblyResolve
q4zk
J#
U%|[X
=cOf
IDAThC
z]$B$E
]H;4~'?on`i:XeZ/HurL#Db:"
oR7sJ#r2p)#L{)0aJ'_0Fncq"
[+Q|
0)>dpTC'!-$:lT4V&GE$i+M"
x(y^:`
qa|mp
AssemblyDescriptionAttribute
QT0|E
^@>"
;Xt
t
set_OverIndex
2;I<S
5HV%I
Q5c
"HMx
Es"C
D
Vpa
a}ct
~Us9
<R1<
{_P8!ggy
/L?[
\aP/
g!
=i
Fa_$
S_ST
LJ	F
30X#QDpn|r7+99jPr NUgN,i"
TabControl
kDP7
[AN@
u Lh
(#v]0
~vg]-t
J?5B
Pz30*kP
(7%T
\^D
(cvA
3
VKC\
H\
P
9s}.
@#]#.
iyK4n_[BO'J?I[t\RZNCR$6D#
=v$
R&Z$m
>LAsK
@AW[
rV2w
Color
%lX]
N
FBr
8KlmE
V\)|%!
^bMu!{97ki;TNr;g(e%+i&$A%
;37D1
Intern
8qH6
/wl6
Pf
\
M1
Cb
ET5|
Y%q)
SG@VO!3|@_vmU[^D x\dB96!$
HBz
l C1o~%0
set_BackColor
}%
x%{
DKXrs
KF+I
v"7,
[7Z?_
get_UTF8
P\&JCJnc2ytU[vj# v7w<GYB$
R<L
$O
get_Width
}/wf
]*p3~9
xlrM~,l
b4&)
C6Yv
HmL>9B
N
8o
{v	V
ajbF
66X@-I2hh
ZX	{`
d1[KUb
vCg/
r(;TmB
y? a
[|LV
M-qQO
?n81
j!:
get_Revision
o6.d
3W
D_y3c
6N:td.
Cw0u~M
D9:y
k'Uz
oW4f
&XPA
t!BJ
:]kje
59A#y|Wi
ze@y
FX~'
&X-`+wJM1/7+yl~yzN)PY/On
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
,jNV
bXL7[
Icg
Cb[|#N8V1N_4>D,%$zH@`Y9I$
5t~P
-Va"(
[A@=
=y!B@
)ddP
a&[
# ;XZ
".M
$b\p
oe:z
Q	tREO\||
T#5ft6
nug1
A1KD
p<m0zi
#^H mKUU}OPe-eAjFt|pu2ni
Y4~oZ:
4/PZ
]~X
zdIim
4>Z:
/=Q;/
7TK!
% 2f
^^^8
~G^+
0}Bq
__EAG3Ai\NU_8e9,bNrIijBn!
|N/;
CY&
r
nm8x
j#F-
iI2'2a
UtbH
Dl9n
\[oB+
tlv-
JVk!
z5*x
?9h%
:a7$KCN3W4!cSmHP(yfiKj3=!
xC	u
o28
2-C^q
BHR=R
\PTju28IKi=23P@xvZ?')z=f
,0Lt<
5ez=0
m<1s
System.Core
Jrf=
JYDK
EF3_z
2oZuu
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
5h?W;Kw1-^y0,h<?0HkYe(N='
a+l]
<M".V
)3,S
SlAtlU
=Gx/I&bC0$"[|=fv\I'sY8i%,
Z1])
>rI&
16Y
Jo#;#r*_=
~{
soO'p
AQ9q1nS
<_%0
0S-*
]K9%
s:8)
|4k%
-JH2
jZq7
UC9F
Nz<ub
,xq"
ZM@7VZNj</I3,+'eB9L7[WPQ"
7]Pq\
G"C
$&?b/lppO>[?80EgIgX1PE<^"
-pLd\
sU/Re
ks!o:Yc
4xf'
X
+4(+
f89{BDL
~)a
tP
fg:/
;	3U
]c]+
%W/{_D}
H@w'%GC};IgL>-:s*g>+oMSM"
[Bt76 C2
5jS	I
,8DA
ModuleHandle
uc)D
]IKo
"M50|7
;HPn
sPL\
Mv=2S
NcJh
1^rfV [<SQ:Gs@aa]fBI:JU:&
G<0^^dL@4qU -iN:/2'r:0y?
D~'s
K3om,7f
`!K;
NC3LR
>eNQ
yj&
{IDAThC
xJ_\
$4<
J_a<
bM''
> &0~
0v9{|
Lr[Nj6
i-LR
#,zf
I{E&1yWUt&6ROM=ME>g8pfCx"
XIJ_
2k%YI
wc4t
e:|f
>
L8
I}SI!
&}mM
&B8u)
>}7.
IOS~O&
Y(R:
Y#L`:O
]H7.
7G`uGG\JAHXS;ol~wWC^]wFU
x\_yC\Tn
6BN)4
JjMUn
H(Bv$h|koLM0X{C*yTC['oQp!
`
Wc
SQ} r
9;pa
m)nyZ
get_Length
+ph
iJt%r0
{1/j9K)1*-fP65l:\x":%;x\
7PGp
J*6
WAhX
6fgs
/{41
;'aQ;sa
'vTl
&FH
`.i
9%&'
qHjw
[\l);k
oqhV
PoL0
Inw
Contains
l_|=;
U^rc
h!)j
q2n;
-coV
>Pk'
!&~'
Y*P~
H<Zz
eBr*
i}=/
ValueType
E|u\f
$}C8
+3;
D8a0?
GuidAttribute
Y}:}
i\{]
($8#
3y"u
RbdCA
N?p [
.w2v
7QXv
w{6?
$a198361c-9640-4663-8090-b4ee8fd1b591
fD@
"a8u
!UX#$
r&Y~
w/J0
yD_>
<\!]z|p
~fOY
ZVF#
Zi/E
`:=qY$H *i,7VH^wMJDIVFHw+
{f|;
EIV_
.6 fIK
get_Count
x%Y%
KAl<
v-So)Jj|r7}7w?;zSm{scvO*(
GEqu
1LMM
1
d5I
Hf?)
A	w=
i{xFh
MAl@*)3w[$+//0v1bF`~WS}8#
(sz&
System.Runtime.Remoting
J&5w
4tOS
<=eM
:95q
'c:T
Ln3<
9d(w
c+	T-HX[?
N6[W
o>hS
ENu`
GetField
h}c
JLHs
<"%eO-q or%sK7]s4<Fw/=Cc0
<,KB
r++X3
U&ZjJz>x?%nz3p|2AU{T~|g8!
`fY'(P=G'I5Edie@qBi2HF\?%
8 b*f
SuppressIldasmAttribute
2w(FX@%r_~Xn(f{ A<FMoe[ $
`'t8
q6
&8~T
{s6h+;bv)SYcDI)74cql8R0-'
+]L Z+C?
uO$\
`a-oRmJ"Vj_#0:c}pG3^jh5W$
>0D,
(`iZ
)EOr
"s%
~*}H
NeGV
u+>?
8-Uz
*JXI
d'l]e8#
Iidf`
=.97
t{3
QnO:
xe|*H
UInt32
@H{R
;\JO<
i,-~
7&f%r{
w3+9
VNA2N`h|3G;rVU|i1a]pmi;K
get_Version
3z	S
[kK
ICustomAttributeProvider
PIK6
i}\=
ToString
JtK
IDAThCc``
0AM'
Ul
I
!)S[
eRb%
JZ(r{#8
0h6}
G'#~B
f	LYj
Et,u
Fc1E
VIdc
Uv~]/
R/	/
"5M7
9K(~p4R!(Io4KCD6x[]X72iE!
oOTC
hn;87?
;7.0Z
c^Wf
:S@K
X
ADjpZ
aHf?b
;kiJ
3PXn04
|I4s
+$SO
hAu`*-GzBzB?U~,EcOD7j_}d
gRCg
e_:+6_
P(V1$3R xq<-DL}TbwzjP26t"
Ria^}
Z\i/R
bm
[{@W
)
<UO
y8 @
!vEz
ServiceBase
t([r
(.9f
UfP
RY\3^
>.[m
Bd7(
=ILF
4cV'
MulC
GetTabRect
E~Pds
\ {m
q3
(
vt}
lKcsMW'>W)OcTJ10C}S\@tr`
m=7=
k/]2
ySO/
y/Ch<
]uV.
?fy]V
&v	u
KY~9u
y~JY
}Ozq
,VBo8
,x`s
AssemblyTitleAttribute
lgKO0
_`@1
5u.8f^
44dfA
~W/sq
$8$Z
\gip
EB-?
-:v>KV
sL(
WT
F&i=
nJN
";qSP|.7);
e6di:>@B"Vo=Zu{m4P(SZ%$J/
<@tj,#E0E8`7p9:B3Q[`CKA'%
(0x\I\
QCar{dW
Guid
~r3V>!;,1+/I4Fjw!mbF\\{:%
}ta!
!J7)Z
+gUWZ
ST%9
y_rq
teX
m1^
,0ca
(L$D@
,`F>
!'sAt
+z\O
};J
i#_U
/o!<+
<LUE
1*+uijH\8o* e>;XTdp}u7E7
nA7+'
gXS>~xh
<;pQZ
xnSi&
@nN,;
@+w:d2<iesq0hRuAR1prmnS;$
ZRKz
Ump2
YxlhM[
lma-
KG]d"
E(!Rd
.&$i
!FOT
P^0@|
~
xAr
;(a:BU/mj/wgZ8YFp>%fe6Tg
(PVzP1
m1+g
`ZRD
*Os^
nX`"
Data
'zJ
6l{I
WE#L
VtD47
" RuX
K Amv
'nGSLkl4R;jC$zculs~UecB4
-6A(T
Enabled
%c-}
dIcn
Wp*SL(B [?#H@5a~I4`E!Xbq
&osy
8t65
K
"<t}
@=oW
?#=m
(&pg
<z>P/:;7{b$^OH4}k*bqV!cT$
)[Tc
7Hl
}m"T@2FA(C9+OK95\d-c3=<r!
+ht`2mV
pE:oL
lTd%x
A":<
1"><Y
pHYs
.ctor
$!
e8
m)>r
W$B:STP, ")z`q2?J|\1oKra"
z$(
ujZD,zId
n[$FOm
>Xew
8
S>JA
In8M
"2W8
~u<I
yI#2M
JRB4
get_Message
Container
q!?:
>}XD
Yie!
_t+E>.
3ja?
Pr
;
`=su@W+x\>&e/wgjw_R=l-6x#
}f9(1
"y@?*
'U-z
EH/{Xi
Main
QnOQ
<*+
%m
/ynr
,rh9
6#W{+pHzQo#[$!?Iy@&IM`Gc#
O>
}
Invoke
QXDz
.Mz"
ZXJX*
R%we
{Dt^j
ln
k
13jwr pv'sR1%={_BUdtjI|n"
?	/+
B8!H6
w/)V
w4g9
/|^J
4Gls|
+f\;
UozH?4
KQMU
bzeG
oyb
o%'WR
u?7
kBkH
DnL)
%)rq
koSv
=5z
p4Q,T
	`7
Y5/Bh
Q2U
%
wP
!gqQR
x[3^
H[q
fCyW
Module
cjef^
0.EI
*(2e
RM9*
;^QiiFl3pp#yQxGzGx&2\'*D-
w'2`
Array
G*-,j
G~tn|
[I ?
TH;5
$q>:
tB#&
\yo7?
9vpK^&
c%D Ut
@.reloc
PrS[&
Of ik
wAN7
.')/r
t|W<"g
'Q4N
|
bhX9
H$Il
?cI^@
n%N)
R[Z5
$u[TA
]P[G
`oAN1
?K>V/
vSeA^
X2h^
Z2 S{AoM ,r*W?(6|cd2a_9/%
TabSizeMode
W=[h
'83,y1Mt)S66%:@,mdSvy<$>%
UN+|@
Byte
get_Chars
EM"
K
H4b6
{(P
ksUI
Y^q%
nZe]k
&/bW
qS]X
,AYJ
h-^`v5wM%(cp1B$0!p`EqHNr"
se
Ti
N!3`
4[WL
S9SE84
_	;niR
"{tB
1#

H7W'<U/WC:Jo RGeYA$H:)-b#
RD
2
Xu!%
T'ZP3
~^WEs
k~O
FuW?~
&%PD
nAh_{
1orz"<2U`z!uE{v3rl~7Bf%W
At3?
SkXr
Z/
p
t3LwL
C+96xBKnn=q)H]R0~g"+0j1C#
5!)V
oR^G
3=G
l,tSFYg`
N7P^
i/4M
"yD]
2
4?
:/im
CZeYv-
O`Yg
D"QpS/??|][P1Gz%'k[ZELr:%
}G*[L:
FgoP
9rcTd
lTo~
xu^6
get_Location
zV1d$
,[B&
BNko}67b+%$Ii'Do]')&/x9h-
UpaI9O\9Fz``u|z5z+6ii;N-$
"
9m
JXMLth
}h"}
t{PrW<}i(nkT44K+h{L]wZtE!
{Qhs8'5J5<aa)J2wYMRmo-&1#
pxw+
cj^D
r?p`Y
y0.
1Ov-
(5%R
tCk5
FreeHGlobal
;sV|[I,Oo"%w6dv8}3&(lk!~'
WV'0LF
MB.54=
_Z?b
_'72
3,n-c
BxGm
2dG(
Wajt
dy-Q
o#84
ZQ_j
{b-Q5m_
ECA
d5_"
j,`k
&:;iq1)X
op-G
1%O/
\ScS$
L*q,@(v,( 7uuU6oKoj@!d[|
,?*|
j!20
,'._`
_rdC
lf+iY"
4
k@
Msn zL
;B *
I
'qx'/
a?2
^`%;C
{*DQ
O0|R
RuntimeCompatibilityAttribute
,7B05
A
~D9
KmT:
/<(b
jC\$*M
wcZ>v%
+R(+
mS4sY
R~hK
-\
BQ?
Assembly
,g;T
1lU
oZG?=X
alB<
V~vF4y`[~)kH3w7UIzr5cuD=!
mj@=
+:o1
XJtS:
U:4Y5
(&[t
(WG8C
KeJ
VS^:
.scQDC7
uC+B
QzE,7MBnR&-bUCV5dsRc]s+I'
>i`'K
6'456
K[wj&
a&sTRp
/Cey;
9>/|
n1m$_
}~G&X
$L40/
mlu2B
iS~D
|'XZ	_y
R
;I
<tOpKE
s~u8;#
4H~`B
Czp]X3@
Invalidate
Jl'cw
{3_%Wu
Xdv_x
KYi
ii 5v"^e>\wc5#lZ:_lg)<(I
H\2Oq
9pBD_
Fy-"@>
$P\T
LWZ?
FOClA
l8xX
E7	O7]
&cq	Y`
Fdc8
#<x-
|dXA
Size
+i!N
Ks8`+
AL\
wU<wZ
-/f;
NewGuid
#fv-%
6
~}a9
-BXF"8
dq#
D/ R
#=tV=
@c)Mw>OP'
set_AutoScaleMode
MCMp
3sq
,>F
8	-4
RiQz
PfS8gK
g(j	]
hM/}&
i_|'%
H%)w
5@0i=N
o7/i
y `h
$w6
+io:f
j%eo
eA*<
@|b<
479P
4V"c>
|y .
RTY=
<9n)
m_k
IContainer
Dir.d
/@st
o2IU
ni2E
^xr+
OWNwX
hN[
ac2A|
_<BG
+F z
uA1'
{OSw
CzG{
LN|d
%-}R
"w(%
fjk\3
"UpU"
ohs>
[zWs"
3.
9
.jL2<O
O()C
iGxt
ZfiH
k}E
ISerializable
kLww
U V.
#5h!v
'LP8
.( s~
$:Q/
fx
.
9FN|
"-jXhs0
#JOKv
Z(1
lh@S
a+[
;Z4>
h3_1XA_
CYnt
[zRr
&lF}
*clh
9w
FWA!l
y))!
QumJ
43x
nAs,
}b>
m-]SQ
#Blob
*W	N
u
ZY-6
5.9'
-x&`
#,1?
=q)
GY(#
Qaj-j
K{`
'+UsARG#su;db*j 6w/AaZ!C!
w\i#
[C
mi
#so5
i7"l\
r%C]
VBDfL38#Wy0ThC1H3^F {Q7=0
K vvg
}?Fpa
niV
h&jI
tt$p
<BW
AH-SC
>^[G
EKdm
6Qw;/
WQSe
:$V/
cPWE
G?1_
HSN>
g`&6
tij$
OMty
V
fg
?'!"
MEOp`
+g|/O
SH.-
ContainerControl
rF_
l8"4EA0!NFa,:ESMux%\%k=l!
Fo)s
o0pD
Q.61
EU%R| ]i+*bAh=%ow|z+{d'X
mKZz
pr3-
|XI>
_)*x
)'7hY
2ZsL?
972T
\P?>
.\~V
](
fx#/
,{G
k;Q~
e*4T'rK{7Myns,QQp[Fq6n[f
#.6q`Q
k=)[
ReadByte
K)5v
}
5
Z5eUD
weh\v
V?g;
@Vo}
mBc3
eo_!
8LhZ
3F1764884A245F1B3FA91DEC2E25339F23787561
k
21
Z'ow,0{<<:4:_`LiX{ C@|5p
JdWa
77aQ
t-C0c_F
5!@~
IComparable
6h#FWUejdsILE6&-!77UM<2$
vLc&
RiK]
&rxM
~7Y*N1
$I+V
SYV9
6x0
5,)w
[c)^!aJ
*CGgG
AllocHGlobal
ZK&E%h*
b$Y5
;VFp
e=-|
&O,$
AssemblyCopyrightAttribute
5/RUt
a)r)q]
DdhTS
K,0<
sos&+<SW"b-qODS,(DTy$aK$(
/	Kk
n}P[
*~5_
`*c:
#C
H~X-waeCCH+&?%C0R2zla:&7"
.pCL
XkDR
vVU
W#5D
0Z'9
.bG.
l8yx
]3lY
3(o"Y)N
w?y$%
kI$X
qid
TK6&5
Z,/1
+kkbB"6
}]MZ@-
Wd>7W
a2L9W
2
x
0\es
NdSOuLeyk)hV5|i^:pnw-?2)(
zeH5
rsD;)FjRPqS0[zcV6gzxs7\a&
M/*`xxC'^\
H!
uE
$js;
+Lh,
2kc0
xKqk
_mSG
V@v#
^-DJ0
)c
H
VfY
)
;-n#
n+%X
7BZZ
SXX-
$dPj_y
4Z&"$
<Module>
J
LE
]I@o<D
:w8/F
Cu4YTG+
,7`
lz{"
(d8&
cx?q
Mc7]
=b5
=c>h
$2K@}I=
|8C_
|kE~
s*
:YMD
k!n
|"{V
|O<?6
7Mn:
ControlEventArgs
*cVx
_l0-
&a"0d
/5C.
w0Wx
]	^M
x(2U
V`S
iZ\n'
ni5]
g~un
5{
%
,6m<(jv+k*h2G<?>&SJe,_uZ#
an)w
set_Enabled
H2,%61
5_DS
8Cq8!
V4ls
I~@W
/ti#
j*%xnD
mu:Ai
m	`
HL$=
Read
/[;Te'
|Q+\
2E
/
x+BO-~I
X-G8tvwY
,bp&B
g9+5
6ogs
2+SP
qJf9>s
sqjH
rAw,P
#&wv
uR-$
?';d
ZwN~|$y
>?M9:
~m=oF\_n
-|ov
g8j"sub-gQJZLOjFcrk1YsH7"
O:Av!~LVF%sx"%7DG{-yyC-)%
get_Value
o:!=[
_
\wQ
S3-
x.tcs(
E$;%
$LPI
+Ia
)
TVX.;
Rj.
q.&T
BTFKMv
ni(a
>
(
%
n{
t%.!
ti?H
8)"
'
1r
&A
;v
gAMA
g
a}
pCJtB2H
<fLQ
D^~XnS-dS3c:\"SabR}b(10o#
TL}~
MuQO
I#Ig
R}~LJ|9
|&{JNv
bOC+
ENCN
AutoScaleMode
J:@]#
&
Bh
.nSS
MarshalByRefObject
w~MI
7hZi
D1a6!~ZX
gomo0
W:wG
^gnQ
&lcur_
I@n[
.cctor
<Wx,
Wb:O
AsyncCallback
q_'h:
@*WS
nRnn~
mscorlib
=su!)
06d.Mj
Lti,E
H2VD}d
cU?iw
{T}
Nvjv
e{J-
QqmW
c	 I
_.rK
$sn
v
j}ip
QY*O
Wp2Ymq,
&Z,
Ug%i
zxMS
^{_n
W"Khm6/GiZf</Ae;?DWWi%4?
AN-r
7
It
get_TabPages
e^'=
AMZr
Jl:D"
,W]N
--(-
?:uH
Ouam
ah\cw
+)V:
Ws:9
L<S"
UN|U
;}(*
.g$b?fL
}dm?
`50*
s}\0
nU@
!D|>
R
Hom(
;T
;
xP
ipU
`^C?Q/
:h
/7*J8`
#@~O(g
iE5X
78RP
Ch\"\E3xFO-?8X8(#!P#7{[I,
yB;P+
R(7+=h
lj%f3s
System.Reflection
u,Yl
UW|9
4|+
[{#R`
X&=
5d=L
^+U;
,OK
qLk6
>5I^
RuntimeTypeHandle
0{0#
7L*tj
!zZh
GLa<7"}f#GZAxGK:a&D:[-jz'
)Wqe
ce>
?uQ[
3B
P
[~7,
BoLf
~<e0r
3?E=Q
L/]%A
?+x;
,59&
jZi_b
&[d
dr[B^
[0Z6
Z?j4
&6=K
C?(Q/Y-i'
5E/v$
|3G-
~?2wS^
7I[;
VIwb
sender
p6?0<
~R9l
Rldta9g&je'2 V(iN*kXeB3C*
|Yh'
U
j+
K{s7n(#
E`-wS
\VrL
aI
'
!.1z
2|~{^
Append
zA!@oa09GO6/W7e+taGL,I1K1
J`Z'
S%X%
w4,Q
w,;&
System.ServiceProcess
op_Equality
Rdbi
pZi8}"Rshu(:+C*t7@LB2X6C$
w/cx71/a`1l>)$\UFoZ_VR,f%
A#MV
=001
+.	Sw
z(HT
ceEE
YuG
P+|
jgkj<
; x
3
8m
?	DK
YY>0
t?G
2>:Ou<
.CZ6
wX}2r
plz|L -
Y_kt
6K)G_
/r?[
CgPp
i-%
T3fgwNGGF>aIi<i*F$"ea=#f"
;]xm
ZGD+!N
q?%e
9@h{
V'^j
p?v,>
U_fx0
dNv8
sgk9
Y:+O
{/o
wvBb
?d%L.+
MnJ~
IQNWw$?0Hu,!MUo3Zk4q!5]@G
D+)N
}5m{4
`}x(
)0Y
q%h>
r	2P7
q#z\
*(
t
{ Nl:
SQM|
wrF(mi
f"]
%Eer@~
yPj%=Mm:U%%4&iIW5g1pCWVa(
p4aQ
n AJ
32+
"f)%K
2[O;t
95gMV6J68P:w^#<g&soJC"[#(
l	<h
H-z61
!d^F
\W~
yl*{
]*kQ
P+(\N`m
ymt}
{.k$
F{Zi
[R6-
?ZYV
2~@@wq
gbWeg
dGM
~+
pqVF
o|,D
lI'b
mAc#~
eat3
<oOC
DNs78
pBY=
=2}d
-,[=
;}&*|U
'zro$R!Z4hnsLtzxZK#U!Q%k
zx$g7
0-n/
|] m3
P2NX
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
ZqyQ?7
Yow#Y
d_V^
NCSWE
zmT]
T8l7?1
B-`3&
kq8k
EC6'JzEDg"e$u6}=x:wwtOI)%
uQpKt5*eq!+4idL"@"LxofNe(
):.
vAFi
2ZpZ
gu$+
n-d}tTUP9ZsRKonk,n?L^*AR'
8G
SY{<
mscoree.dll
!This program cannot be run in DOS mode.

$
3KeR
k4
callback
~\o`
|^U;
t
AoX
]'c&1gW;
"8Vz:0
9\4}) w;mS9F\dDG)9uI=d,\#
I"4"
$:}E
_?g-
#fqE
'&w
uVwH
rQ<v
zPF5*7
l/\X
Dispose
$U>,xK
5	)
gx]:
3r;i
0'Q
"G@P{
k5<xd-
>[d6p
}.#
:
D1X(
>VHa.
j2VT
TnmnI
4E2BE99140D24066CADC84F74FA899FEE5976B68
a[ifG
yyMZ
NF*8
pSDZG
sj	-$
kE{>
R.OBJ
xM/1
aTA
*?+
V$Y!a
p6g_
I1\FlVqDu`bf&X'1aKN#cu' #
~3Kx
TFn\TL
4saB)<
4J!a
f`=h
983T
vQwEx
$G
FN&
v8yD6j
&yqa
vU5#
<Y:f
f*^
44
A
vLx\Imp
[IZVYq
wCX4J
m3&xb
z76S
b6u
on[v
>9ee
^VJ
>>Ic
;{yy
-	i
Rl\_
~-,K
TVD[
P^YBA
,8@.
*"5P
P
PO[3
i	_D
f;zE6
oD0C
vm:F
-A<l[
r1HIXFY,1sHSH_hIC%$GH0`Y*
[4IVe
Ro(#
vX.
^_&![
`qZC~_izb!Y6KV}uHI]S)8{I"
tTLp@9
41!"
b#w]
BSJB
010g
j,Ql
v 3|u%7g94_d}}o3#'Fm9"`,%
5RJb
:Rdoz
}+mL
y97
L3C
'[gd
<,7`RD/_Qp3K,IY 1!`y`sQC#
J@6i
V0,?~K
,o-)i
^&cm
e Fw
K%pt
~S`z
R3er
F=^Dkm
MY`CV
@<l{
JVm#
Ay[BT
BlK
rfh9t
ko+
?O_U
-dE
)-'Iu>~v
get_ModuleHandle
1iE
2EO:
/Th$
3fNu#D
(6hN
DI&jQ
=
%
s;LWQO5+
>NDo
Y	y-
RChz3'Q?T
L;R>
v.sJp
twoji9
r;>
s0o..
uKy+
IntPtr
[<I
{$<,
x:tj
;5`j
pHK8
,}9^
a}g~1
n+zQy
S08+0
@-[n
PM-/>
xVHk
LVe[.D
_C	B
%pf
LuV+
EFy!
_58
5Pt#Pt
}*<m
~:]moI
w/p/p/p/p/p/p/p/p/p/p/p/p/p/p/p/
;z4*u
@Ri0
G2]/
L[U:`c,f+o/[c06| 97rV=x;,
?E 7P
b\IR8+:hp#*!@<z_3,!f9O[h"
cK:=.c
Q>?V
K,qku$)AH,4Oaai^Uph<'goz
}`;6d
-#&
~FU?7
{p)]
System.Linq
t=k0
]^$vXsV?
[B0	G
i_y:{`>P8hx}*r\A^r>M<Et,!
5OU
Cg4J
98p*o
]Fvj-
C708234F139063BBE3CBE2208BB6ACFACBC50333
InvalidOperationException
fwLU
<YYE
&Pb7
_|V_a
tXCI
:j*A
k]XX8>=p;7NDn'psYt)5EGG*&
=)
c
>KU
I6F-(o
D#C=6
-]I
Yf
=G(iQ
d{J1
j8n|]r9r:J!@{aP0z;mc&uKp!
(USn/ZIS}2E{sp,t]G~lnR)>
I;lR
31Yw
7\AR
GVQj
\`_#]
&'6N
8/.]
f4e+`ZcBv?m\_]?E%v0kX"aC#
>`:r
fIH~V
k5YF
VirtualProtectEx

n\
^gr5
y*E`&)Q5Ur"!\g6/]LdG$%+\*
&bfjr
GXa^X
|}B,
*SvXT(! n OQ>q=e~WWA%5|$
H
ph
$k;
BlockCopy
U/r@
Eoe
I
;Fhg
vqjz
OB$7
]Tu9
=])O
Ke K
get_FullyQualifiedName
*AI-Y
x]MiqAwj`2PgBE2c{-Rd^i$:"
Qa/]
y)|)
W`X5
>K;j
D
0J
x}Ro
Fe]5
[}`
"<Kl
\'I<H7:Ue nQaM0E~H#_hF`A$
"#B=
GdQc
mSOl
~
(@
8@cP
(rCv
^mL_N
+(h
S
u$P=$Q
D[Y
(:L)
o.*_q
&j(D
-Ws5
(sCRkQp;P4duFa?n>+j< *cq!
U[+
OF4`
3q|4
ja>P
k=ok
rH&f
.G=
z^il
$82*
}pF^
vf/j
8eF.
3es]
lECM<3DcV
`yxJt/
iK0M\3dF?{p^M>{^8&RG[A[s'
w&Tk
UWPQ]
bnW=
)ItCS
;y|<m
w,'sBf,u%<y!]=WHt7=o;m|`!
RSPb
2@{}[
gu4b
~P%uo0s
i{Ep
"L})
u>IS!
*5<-{\4C>KDjcA7]%n@?Fq3S"
va8N>"%
;{E?
h%0Z
;qXW \
h@o?
8'*~
tqhZq
f{
c
=+(C
F\)%$&~t_S
yV&
53?b{
l	<7^
I)\!
-gqZ1
[b}us
Z`g=
Ja
$
}lmd;%
CZ~w
pIPS
"m\7D
9&O
g\]:
7?MI`U^&GsR-lAJlU(MQhGF(#
-0UD
XS25
g!'V
(
/:
}"M
J?U=A
MethodInfo
*@P
F
9id?
k|u\
$,u{
d#NB4
ZY#!_
v9Pm
~p5n
aIC?p
CompilationRelaxationsAttribute
HXa
$&2r
,
8Br
*@1R
xB%dRl_%{WIG7t|;r$dz;rY6"
TabPageCollection
9W0Li
9#t>
M
.f]-
+1S
p}ey[
6OI1hB&D&[n]eF,5q!/ZE@rI
MemoryStream
a+"8K #I^u_t'B/A~~gdz&$-
kT=E
/.Ww
/
_h~E
Q`]f
~=/e
e7SHH9"5\v#uhJQ/IdiA1N"a-
&hNV
ResolveEventArgs
Q38"
1JMI
y\Mk
qR|a
g Y9=
i;&K9?
B#G"
u-K0
47u|
$qz4C{=
i|\9
X#^~
_*Sm8n;ynyz*? Ho\BZDGL^5
FT7V`@
OnControlAdded
)hkKnwcYV[XQ49l9q~OThX[v
[I5PO\
8dG +
MvJF
}}9&Vs
w!B<r/
jfjO07?
~i0c
w3j\
629h=
)A+PydC$OYCUD,k=?VKL: #W-
|u_J\
@	k~\M*K
i"F%
V>KPuR
FvdI*n=s
}
M$
.?WyXIfet
-DAtP
-eU
]bye
CY+9eEX
GD3
L:F
H
{ZegFj
Fmva
DFva
!5BSg
p
ku
.}lC
/kaW
+S4)
azz:
d1KSoM4R?;{72[]F\h+cT3/4%
6IfgmDr^
uBwf%
4ed=
?`FKw!X09-eX6Ds:y[t5Yi+H"
IEND
@Kk[
~_<?
M' '
/,K8
H|4I
4]V}
=
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
y)(*j21{-reSkl06?!L0Gq?p$
kJ?.
f3"5$
MT\_
diS=k
8i|3V
2UWzua
=W'H
N
%DC
m00a
szJo
lQkX
&\43-HO`9b\@,FJ%)(8:U!HU(
DFUF
>AtWo!!k"8#_Rzo&n$BH\15$"
H?L
$72kJ;c{$dj!0XZ-GUg]&Ryd
bOAM
qa_6
#lS|
O,6v
2g=]
_BFQq
6@~z
u/a}6
_ v}
Qx|y
#"{5
y>u3
ZH
Ux>F
qmZ
$5B
eya<}
xnY,
fQ'`
sbS)
@WhR7
!<=:yv0
0S}W

vHRX
Mutation
U]`i
\jg
SiD8r
Tt;w
Rectangle
biN2MM
pr)
M0
zQ
RtRc<
1Rhl
get_White
W<g
s'O
Q
Z1 -G
r@`tc51*~51b\@"@jcA%Ngt~"
dl#B
dN??
WG0.
372^
[xD
$>
}
]C
>3cc-Xs\Izp']QYT)po2zePj"
d-+
of<bB
|"^6Z
J2
#
z]t1
Concat
1??q
!3I[
.	2T
StringBuilder
}d?\
3d@*
f7J@)
jtGdF
vqsB_h
D2S)b
-I$l#"6Qf
=rQ87
]mT2
7KKe
%JtF
mOk)hN
#mkP
Ps]Wf
)cM0
"a]\
bbhz
r[[X
"JdM
lq8P
|Qth
`XuP2C
<dD
EmtK
AvLT
HeJRR
%o?68@=br]4m1QU|+^T)7,HZ,
7Te\
F=`i
6l6n
v=sq
buILz
Wqz
a]+t
get_Hand
U?:/
/KN4$
]bGk1
QC/5
5d#0
ViL-
)L3I
=yKv
xHQf}0q]wye72E7da]txMi&9$
mMx
:c
:A$)
7s(#
Y<v5
&
kQb,
02>#u:
9Nrr
CX3q4
get_OverIndex
?NAhC
56b'
aVc
##[OMv
eHMA
S /u
7:7
[2/_-j
Gq)$A,[Zqj"+2%m7}Hj{Ea?$$
*bCJ:
g4-\|2~lxd+\$[Gb)k9='18r#
%=_>)>
*qGR
Ru/IZ'!{Dww>qqo$9hEc(^O&
AssemblyFileVersionAttribute
_lj$
)W-/$J
PgMS#
P\1`0
System.Text
@j
-*IL
T92Z:
aaEzO
J96oa
XDWNW
^w*=d@
K*)|'y7~ ><SZ )j>M a=j}0
w]SnB
x<Jz
W'-ae
\dmAG
#*BGv#
k	V
qNa?-%P*B1($pFJCYz>L2*=4-
4WCG
fdk
c\2
9MB5F
HRc5Q
d):MG<
,]X{r
j`b]f,
0p~xP
?3o.
&!@Q
[]	;
?H:[`
<I@
)
,mynz
nPt+
jeCO*
KQ$Ms
#Co1
u9qJ
HI+
GetElementType
@
4
;(gE
=Zz|
QnIP?! n
Or)4gswl
'I?-ue&A
%MjMrj<z9$[#yTkt%|K o&a )
43O[
}w(%
(+
rq2
f91b2dd5-77af-7a.Resources.resources
K N|
1^b
z/qt~[63
GNW3
u={;
oG8"i
aC6IS~S
%<I;
l:%i
qIM9
xfv	$
p:jq
v
9m
7IA0
'2&#
3d?rS
;(@$
bHWah'W@p`;r4'_<4/<x?m0/(
7eR_{
~W7/~
]g7v
@cP~AcYTXxg(yFHv'8j=QvQp#
mXVpY
TWO`
@t+_d
z
	z
xoWV
74!X
p
>I
ENn^
h$0H
t4nxP
m<P;
%KX<
%ky=
'KoAUq#_#:Lt,(4N~4v{6`Fb
mf&c
umm^t
m9>b
v~	-"WZ*
DgiE,>@xS/2A:Pd+]o*:{?8i)
4+!Z
F?N'E %K\C@^k=~&[pVYN+[r!
0lY,
rgZ-
<5?G
g`Q
AQn
FieldInfo
Font
'T/<Iab
59<;
]"Il1
gm
t
}{k7
Xo)/G
mSQCb
R3tGc
Yf~j
M8av
0
aZ (
&uKP
T7S2&
..<d
qn?03e
Ox/;v
^d13
2g}W
AX1\
S9hN|
Jch9
3$|f
EWpg
String
@[g x
RQ183
_CorExeMain
EC?d
V}+
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
>MuC
qe
1
wxh;
>rQe
a]vZYR
V=p5&
AZeL
object
mJE
5o}k+*
1>I'
kF(/F
$ww?.
H0~e
c*9';b
tu	A
wo>r
\%r^
MGcN
InitializeArray
8OD
\ O<
x@\EiL
SJ`q
}N#k|
%$/>
RHT,
epQ2d
YW]5
U0cA
UK7v
xA}
KeyI0
yMP
]+l6
N-{W
no(MX$swcy|W_d~(7)nRL*tn*
6<H
ToArray
}[Uu
F^ax$
|*VW
E{c;~B@nJOpD=Zq VUDG5a2s'
wo2kI
OnCreateControl
GcWP
])#C
$VB
[V[z'M
/?#ex
%[^R
S%_a
n89@9
3d1H
/8Se
rwI~vtJF1m5Rs/TZo@_-ptCq!
dbC
GYzGI
6d|*
7O;k
CNbv[
%JkG<
1m)c5)<cE
|\8#K>
:Dy'
`Y.%)4
/{AU
get_Hovering
m{pUu
u5N(
<'aq
+IC
zpd:|7+o[*6pn8'C#Z'])DJk$
jL_i
3WoC
?vb/}
Hx	.7
OUv[
x[83
5TW1&
#>jq~
Load
DZ-h
]1Z^
Kr@~
u
N ry7
<q3lg
5wb[
t4L1
xY&p
v`SW
wj|Z
=&+#
System.Drawing
\8<{
L!;k
%j{4I
DZdp=
A`r@
eBk)@k]^m)yPEJCQ#^^Lwv4L'
tHZ2V1%
M7a!O
get_FullName
/#9b
uIlY}
+pvs`R
7e n
BIh^a
=S3Z
=gU"3w3
u&!T
5	*l
ehZq
`5Gy,m4]0(aJ*%_4_0:`amt\"
,+(x
BeginInvoke
8Nkz
D(a
`#zG
ar5#
5 Z"
83Ls
9*%W
P?\1
]m+p
Mvc<
y!8Q &UJXshO{0L4Yxxx"q--&
n^UR
qd{/
C~;l
O;'|
^\&m
3aM<=2
BNbU
,N4ug
Ou0@y
|QK!
4KcW
+s[o
I<jM*j
@uaO
Txxt,
H\"`!X
vcVX
6`X
a'Bw
B!M~`Y
z4Y;
+}B8
RuntimeHelpers
<ix'476#4h`MRqG/Pv|'Lf/Y&
qz;?
5*6D;b:qw0!KOXhLwGB(6awM
.[\RI_
=&R%d5@cIlGHC"+>P J,(\y9
c%U
L#J2mk
>5W4)T
i|`6
EV>
l|:m$
x&=0
?KN2
+DR@
^
'w
UserControl
s%u#rH
S6[\
_+s
35Xc&ONu_vaP ' o!]I#wL<`'
get_Enabled
^l`Y
N0e,@
V>>1
DJ(Zf
eF^m
]BY8S
Wc>j
m$M$
>:M~u1
_ hV
mL[2
n&Ow
Xad
Vh0
j.c%
<,qk
[g'Q
)wNq$?nW&
WWy7
B mF
M,tTaG
set_DoubleBuffered
%0X.
b^a
[\U)
Object
hEtYG
Mj(Y
*^uH
3gQ
=?p
@%h{8
{W&,
FLj.
Bp#8Qy
b+
n
~nVw
<_"
)$1=/
ComVisibleAttribute
nptI
G
-"
G8^n
VLv9N
2*EX
fdn
Rcw
xR:[
IQc&
l
da
{ ,W|:{O!$B<Gw<PBX"jY ,U/
|Iq5k
u![4z
xrD%`
p`O<
?l3%
Eq?n
FQei
JUP-Noy
,|\t
WNR-
1(FPt)8&
i0lTl
=k+K
[2Dd_
nUKp
y;$
_"d5
:5|s(
VY1</
jcJ u
IWIn[OAl
rn+L
[$*^}_B5\38>-sI'yYTg2geB!
5};V>{
kC|
ro9X68
CJ2~
C\s
AssemblyConfigurationAttribute
=~9A"BnqY1^6~t1E\zGfg1iJ$
F9s@
i.ma
iWxi
Yo7T
1B8\M
vkhB
|tV$
ihyV[
V$?g);
y%
|y
OnMouseLeave
1-z(
"Pp\
1.0.0.0
Xb"b
M]w#I
n	#dU
_?2hf
znnVE6_(9PYo)ED^x8u5\=61$
sQ!d
%bS}b
T7F\q4T&@GKy&ZM#/"`c)-Y3*
.VX)6
iXU3
VBf;
cT;K9
{!B*
!7s
1Wq`
JioT
Y/GD_
97w7
7S.|
[Ko]
fa^/
@aY8
JF*6e
08y$
xf_bV
hbicJ{
Stream
u)#
5UaS
'
Krz
*-aJ]\:*:?,Nne}"TmWJwJMR!
ejbBP*#Cbz>Ky9>702WqRt1b&
sRGB
|:6yz
j/P[
(I4umz
YZX9
zx_x}/
D1NTF
tI,B
G 8N9
)&T
$-]p?
UXRe{a:RIKhFBr;I(Mksx IG$
1+t.
n3]tK
)=wi
CreateInstanceAndUnwrap
#4rd
_*u,
0?^
H
`1>=
ki*!
WvPK
>C{Z
x]5,
,GyC
Q9{tLsq';Oa4J_v;tmh%K"l1!
^By=
#}2r
N}
0c
|T83D
l*ga
#%M$
ugs1
vx>H
@.t"|
m5
<
z3Tg
>`*j<
get_Control
0(6[FMJUhy*$^SMQLu84 Om;'
RO?I
K#1;{Q
Om(
Confuser.Runtime
A,R
UN3Y
QZ\4YHpX]8?<mWSAY=IS?:%n/
a9f}
A*te
CKh8
<-5-H
`;*"/
?eG%
c
]V
sn29`
;K(D
}gK_l
zTT>
85'6N
h4#W!k
x4Nn
'Ez%
5950
RnFXh
$U_
))@C
"g^t
(%*l<
r!E]
oWEM
k>sZ
`K	i
NuuOV
$n	h=
7%}30
<x~,Y
OV'S
|DN94~.5
9j5`
7EI~
Ynd,k
>?3K.4
INj7
Q"Si
>'N`0!5em%7y|\F%?WR_k u8-
+w >5
set_ServiceName
;c(;u
&U\j
n:LH
twVz|
N(^u\]
SsUpm
?_b
,mv~
#$"Y;Q6
a,':
{Sa
:CG
ol4`
x({S
l+}_t
&eZ
!X
MhX
Cab%
^1]c
3&@
8fR
NJCC
vXd`
#zfF
3{%1
bO%e 2X!L/z'iT#7%?q,kS(l&
5?Np
Q",RW
>K`Zf20U2[q"H05&[$Z)8J\c
SLUz
*	85
v*-_
V.P=
`}wPS
D]D
@H:3sz|
/>"pdN<kKQ Ho<fc|pe|j *U&
dgAp
7X,
D'0q
\"=YJ
d6QG
za,W
GNOu'[
^7>
set_ItemSize
M$
#
1yrL
cwu&
:J3J
NCK
gIX/r
l2b-
o8
`
nYzg
oeCK
}wn$HBC"}>L[Cd,6+z$g#(~I&
o@M
V6<f
^N|/L
-?ee
m$Ll
{`e+avqNBwcksg+S7X(&=}Rk
qCVf5
PKbp
SEjxm
PF?
#R4=A
lw$EG
r?R*
HI~3o
lj:!O
v'6y
C>7i
6$-Z()&<fn%I(_96M+0J;O\N#
3J?K
RA@+j[b
7?_Vo
GetHINSTANCE
>c8>
l[[r
\\+,
;e8Du
-+{S
}kVi
p2{gGyDC>Wr&Bb^VwL)*|[:f#
hAO{
C|o%cB
30$i
R<o*M$M
w1s,wo36)`vqJuS|5c'![ZZ(
B;IH
cA2b
`
x-
m^Sp
tEs9
=`ak
NtVzY
FUF:
:d:$
bLq(wt@<a07ggF>#]B7Vgp!e!
^|'6
&A6`sLIrq_i}_Lm j#@e+zZ1#
=}cc
&k5l
p9(%0
ZEs$
p>
zYX+
w21A
G%%eq
TJ;T
8%x^P
R65n
EVxL>C'
#CQh
,if4
JVyY
e o
9
-e7=
2^l
=Hx
-R}6
$p?j
Vk	"
P{UA
eLHW0~z
De `
{eco
r`5C]li"q_W}7r6>,Lqm|hJ8
,NZ}n
"^<A
F}"s
0	uNf1'
w{
~
A\hm!x
#39/#
{PHjY>B^_\xJ?O0i]%;kK3q-'
l
Qc
U\"#
<:}2(
\j0P
N_h#
,OFc
}9d&
0C\ZGEK`3M9AD4ZcC#?ow Fp/
mEIW
X%0"[4
O2UF
Ph4k
@pW
/q.n
u}/
p
tGkB
3GE:\
k3Q#
*r3L0
d
gr
sS!q
Ark.exe
2{Et
i&Iz[]u$
DYPTe ,,;~49gx("_u>+pWQ31
KC3D
ZIK]
:-9`
&Xf&
Copyright
KB
yr
\jL*T
ArgumentNullException
r-0
;	w52
M. 2sM?
Z)xq
get_Major
NR6/L
8UI)
6ep2
]"w`
?Maw
=tY<U[c }g?Q_(?L$me/>pB]$
=T'
ILE
Id?n#<
7KKa
Point
C!vF
,J(+
;]_;
,-j
>@rBo
[Oha
'w/EK
V+o3
NK8Mf
v2.0.50727
'82A
VZ??mfO@(y*R1<JB38da$]*K'
g_`/
]?Z>M
5EcfMM
l_e/86?c
(`)a
)-X
DT*7~
SC=O
e??e(f<z\jC\'5mAl_^}5mEH"
8"GC
cr/b
}~J%
3%
N%i~
8[T:
zZ4`bfJ
i}_n~J
gVO\k
{q~
2nzfX
OQ'`
YU_x
`%K0
|82=
IXEx
kE7KD8
g?zM
Exception
TC2(
g8l8I
l{%E
s
z
D7sHd
Uf_+$s~C?
bX^;zv
=v#t
d<G5d
g/ID
,kSH
&g+A
w+QT2
hxkk"
GPWV
_vn
IN04
rQIRMb*^}
o0SDUq5
X~jw0Mah9Q&3+|,%FOg&*yX6%
'I4]lJI{@'H(oC@M_GU9PY\j
[pi
Q-$ro
Fv6V)N
NYF
[[p
lD`(r
|'	a
H;
Z
^.>q
#O7u
!qAN2
GetTypeFromHandle
IAsyncResult
0/.*h
q@Q{3V0{
AB~&
8bz}
,q=`
@
F
%&}p
kXJNE
7Xqz
tDuy
$p}(
n?'
ay~#1
{ $
C.ke*
+Xtz
iuft
'b3s
;Dl
a|5m
%R\M/O0,/M!,|A1S)ee"wo+g&
u.,V
GetDelegateForFunctionPointer
a}w\
>u)(
;U	L
IZZl
Lc[
V-X
n~)s
X>.^R_
+ ju
"`)2
jtF`
%^V*6
c! B
AUP\xb!4
aG2L7
_Ru~
euH"
!#|9
`vfz/y
flfB 4Ims^7pI[z2ld;GvPM,$
{FwM
)&!d
BUF:
L`//
rI\M
s
a
2r	f
P8";
9a"W?
zeUN
System.Runtime.Serialization
t[f`u
<Q"y
w	c-
(u]
vff$E]S
#r@'
]:C9bIhH7e%;&-l/qX{'xKh[1
}[eA
% yR
R8P{f9=
eQZJ
M$%5y
_!Ve
1/p?45#Z|oPWL%<l5pW`k'_`#
{P+h4%j~ID>_f1r]p9rrR 2$!
O=<rE>
=\hJ
B}I[
|AC)
~IDAThC
]0q3-
\/R.
`V^UDlM
Yd#I
?2,V
XK(.
veE?
{p?=
System.Runtime.InteropServices
)M-q
crD(
`Bi=
bm
zi
6&zh1S
7&J,3
zn
`K
~G6]
Math
=Z@N
:?Ic^s-@]SW-Cig$YZ~LkMjV!
]0g}GxU8HF?=m?vF HlFnPw{#
6yLO
=HyU
]ht%?!<
U2Arg`17@^%J=R7lZlS`c8nM'
a^%%z]!#%evCu6e,~9="/)g"
L~Rh
FIO68]QO
;|$V
}
f^H
CNjwE6T~a$&O[wS*"f5</{ b$
kw>3'"8ltYvqIWx}e;B|[OZ5"
Qd=/
qE	-
System.Runtime.CompilerServices
fZP5
O[hJ
]mS`
'H}T
a\i,x1+
Y%>$f$w
A2;3

~|w5
5KCf
M?Nv
5
zB
[8C;
_Q0a</qV,7yz:qxoOlH'34LQ!
phw>
1]W_
qM*87
b@t"
|U 8
C+-]
E%Y%
P"6>
/Y_WC
&kF]
Ufz(
lI4=
FB7R
7GZ4
Z,)!
l3ii
J.)MUy
cd^c
-u0AS
bxd	<ro2
%8-+I+gQH&sCHv8q@eDQ^([a(
*r-K
SD>J
'/Io^A
=r??y}
6hbpt
)r#m
d#n
0[k1
vr6_]
*MXI
0\rn
[~<>
T,<J
Cg[\
l
/8E
>Cj>VA
f(>I
Zqvr
$w~
~;RW
ntxt
TAG,
cM1L
{!r|
yl\\P(BAkI(&|!nl=S8WW"""*
l-!I
@ZWH
+&E\
p:?/
>)'i
GD~G6S9
?[+wkkwTz `2y9(R9u/\m=-;
V-$/
"D\
'#@U
CB/X
Q)HL
aHHww3&)=:d
SzRw+
?M|D
IDisposable
@et4
(g-q
)
4!
$6`ZIOC
+~J
S )a=
Buffer
O_!
wNzf
&CoO@
OPPVQG
U%3J
I(v3
ViH|
X@w5
GWjF>
"p/|
;+o%&sOJ2{BI1CnG^kq$_f{"
{3"C
]H9M"
: u\
[{Et
3~>m
3bgO
WRX{
eqM
+8J:k=]
g'Yo.Q
stMq
1
3,
.5cUM
#012
}D?6h
5;}k,
AssemblyProductAttribute
'dm:
v5TQ
FQ<3
)j?
cW8U=
')_
*
[%GP)
?\
<
j^='
4#>8
V
>@
>yE,gI
|UZ
'ME*}R
|k
bO
Q6K5.
kH1;
rAs%
GsJsu
NI-@
R%y
u]S1
DoN:
/{~B;A7 4
l&/ S *E[f)uIa'W84rKi^\0#
MC
i
;^>SJ7a[&=]4IQx1YINxxY[F$
_"X|
MulticastDelegate
get_EnabledCalc
ZPaZSXQ
2Tp'A.6pL
}J?K
J
tE
!m_pData
_IOt
set_Font
e
?:;
value
Kb%r
/L
}
NLE[~>
2018
T\v?
Gp^1+i4pal<&%cm(]1^5#{as#
8/*
U{T=
$A%.b
rpqL
GTzZLX+O@w@`?@\t*X3[ >Zk%
of:v
r%v
FB="
=N!6
J:@'
Gl"K;
Uei~
q1tJ
yhKS
mRog
]6|^I Yd7c$0M,:\kG%"nPRz
OnMouseUp
7@
u!)g
6O<i
@n.w
Q_Eg
R*1
System.Drawing.Bitmap
e;OZ=
]q%i
]WRsV
s3N>
e[ADP
(u.z
LPv
/5"h
d(&I
=fy
xL+=H
6h+BI
dP~iT
#GUID
^Trr
q_.C{5T
c'*
D",+Yy
xeKE
!!%
a<5Rs
CfQ1f
]+y.
emZ_t
set_SizeMode
):>a
01]'v
wVztH
|QXz
xF,.
^N~x
&G~S
\daWsr>qN'];Z[dnVL+{$R70%
+j2}
`Y^:K
]MX
fW<Cx=Zx=mA(^Syzb-k!',03"
yIDAThC
5"toP
rnr`
uh8F]
5@Y,H
=H6
U6x_
/A~|l[
JR=y
m>*[$
!PdK
t`A_<
Fn0?#
dXus2D
Neeb
y
VGpo
eyGH
~!H`
/&9)
n2VcBp;Pc']pC}%cq^O,go-_!
*ZI"
KcgDz
qKw{L|y
pwU*
8;h+t@$9j
@Hb{
[txU
X
+U
H
6p_<
9)^U
W"~~
Nullable`1
^5Y_|lF@]
DN|>
QqH
M)k!
]d`L~
+
2_K7
-)s7:
0?rsX
r7GF
R5)7v
s;P/
|Xp*^
aDC\
&idt?
Exs!=
AnKHEw[qm[k0B(N/^J6:r{N"
get_HasValue
Delegate
eNr<
[W$oh#
v+F
;?&)
:7)(
3O5j
Q4	\
iVsj4JMrI\~`r/A:egcWlsd&(
s|?+l
ze%-7
[r!I
f
wC
gJFt_m
*O<R
Oa3B3gd
$b.{w/
3`k[
,HP(y
j2
^
H$KK
o|
J=
FKY
TBIy
Encoding
4a[o,
sx d
n$_e
ta+Jx
z4+xF0_o!tnZ33ey4J!<yDI{
=X][
2|T\r6dU
}Nuj
|DX*
C^fr=
JZ/U
HA~~
?*i%\
unL&Uy[~C>\,c4:$Wn2v}7Fn!
>h
D
EV
3#9{>
IEnumerable`1
pM	a
QWL/
\&D(7(5_UL}_@?$vGfuu@1k1
{=O
6d B)
get_Module
TabAlignment
m)^m
y$Gc
z
08p
D(x9
26b#
E.Ml
4~GfE;
ua
xY
fkZR
Co0f}
n6Gu
})9Lyeu;s* h/p#089p[v"Dw(
RlV
bN5.0
3M!S
WQf9
#!0
C=.%
_/x6
7N4Dm
ZiLT
X,n0`ZFWwg##ent%A'bL)xWI&
O;S~"
aij
UJ:`
Cursors
+;hP
:?+9{I\*KtHLwCSE7'6Ge:_d'
_wh
*%{1
z1e,\<
get_Size
igP y
CO=	<	<	<	<	<	<	<	<	<	<	<	<	<	<	<
Ks1F
FLC
f
BwE
1C.lH
yLOt
3uGi
'Uy%86
;\]]
^
o!
E?_C
*=e1q
=3+/g
DSTp
System.ComponentModel
1~D>Jg3uZgg\i8vah%%Uh:Ge!
f'c0^
oLA
u"3<
C40VYB
{j,H
94U`
436534A617CD86B8557AEAA31D433ECFF38B112F
6doQw
a%TKqH3-C={1p7%vH802&-L^$
q)7u+UaCOfXu67D/;{RI}(dx!
b{o)
lnd{+sT
lXJ<=T(y],bpCf%wFNy,$G[c
O4@MM
/L[rA
n}Feo
k"N\
J&.G
zV7I_ }Zo/qe@jzDSt(BBo)S!
A{Bi
eD#6
CAKk
'"fz
:@#eG
DisplayNameAttribute
?$L6
3pL>
>"pY
_$Em
`%dW8D>*3='LfP7:\iCjCgU\"
m:3m
LZS1]Z4O/jX0zjZz6VqnV65P!
%o^v
1 E:
%fos
j(t
',+V
C648C0E55DD0A71600A3C979FEC05C180303B2F7
{j^$1W
z:Sy
xqW=
q
{U.U@
;tTI?
%k+F
4lKl-GT]
!l(Q#138yM"H>qp5~&RmyE)F8
E9TZ
X2#MmA
xvwVI
0a4p
O	}5
o17LBQn/
Arz9
o2\CL
iC=I
|\r*zFp4\_TK;w2k_/Q[^P!|&
tGr
kTy$p
e:9s5
dP;*
System.Collections.Generic
pLhIh
d:ku]
1qA
?%X+
R~;M
Ti<
lH
c2e$
~^Lu
1@jmF./
<]'N7
,[)3
M*b
6~2d
|IDAThC
5L&C
`QyI
System.Windows.Forms
s;vB
set_Cursor
sAFz
N'jX
D~irV
J?_yJ<'7(e2u}R7[=`8Dnd_M)
<@b>
tSi[
M
0_X
6%V71
onS+
:3LkxeKbV6 HV$r'uK|vrxK%$
%k0lACB
$C|h,3%
8>&k
Xq:d'&~N7:6ccXX_Cc!#<DW5&
WriteLine
*)8)
2P#KdG'lhBY&tk$&,"z6xMFL%
oIu6w;2indG7++(O%ZxApP>9#
c1%^
` Y|
EQdzn
HX;W
#@iUH
-XNa(
248z9%
k;Tt1qUD_yJJjq''GNQv9H(="
Vk#&
#eT?
bhQ[
SetStyle
Zn|
l^Q(
<:[%
FU*0x))s(*!},wx*VW?V~:vK
1W_sZ'#4,;,La0=)5bQHl&(n,
|$p
RZDyU
LD*9e-(('&bI'tX&hl!,>LIR!
disposing
$b2
|UR\
no2W
QbR
O3E**
PN#qnM
-$M$
[=<JA
S)dF`=y(u1)n)DVwH1\zp}Qk&
*f?"Y+
zPhc
TmEw
wYWu
bw=qp
s^`@
YJT]
%6yo3
@%T
+Lo}
9Zau|x0;5"FeHHW#)7"UL Y?+
Q'p 5
#Gg)
oX$x
\!0g
hJ%r
PS;=5;"
xp5B
4yHC
ME[G
/{p
e*(`L
s5?!
liBun
Qh*qZ
dmK!
vSrY
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-02-15 11:50:35 2018-02-15 11:53:26 171

9 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-02-15 11:50:35 2018-02-15 11:53:26 171

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\alex.exe.config
C:\Users\Seven01\AppData\Local\Temp\alex.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\alex.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\alex.config
C:\Users\Seven01\AppData\Local\Temp\alex.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll
C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.INI
C:\Users\Seven01\AppData\Local\Temp\31b2410a-1024-4ec5-806a-b69c1fdba5a6.dll
C:\Users\Seven01\AppData\Local\Temp\31b2410a-1024-4ec5-806a-b69c1fdba5a6\31b2410a-1024-4ec5-806a-b69c1fdba5a6.dll
C:\Users\Seven01\AppData\Local\Temp\31b2410a-1024-4ec5-806a-b69c1fdba5a6.exe
C:\Users\Seven01\AppData\Local\Temp\31b2410a-1024-4ec5-806a-b69c1fdba5a6\31b2410a-1024-4ec5-806a-b69c1fdba5a6.exe
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Users\Seven01\AppData\Local\Temp\alex.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Ark.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Ark.resources\Ark.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Ark.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\Ark.resources\Ark.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\Ark.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\Ark.resources\Ark.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\Ark.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\Ark.resources\Ark.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2412.26460093
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2412.26460093
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2412.26460125
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\1433218d-7bdc-4ed0-af97-5f839a4cb54e.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\1433218d-7bdc-4ed0-af97-5f839a4cb54e\1433218d-7bdc-4ed0-af97-5f839a4cb54e.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\1433218d-7bdc-4ed0-af97-5f839a4cb54e.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\1433218d-7bdc-4ed0-af97-5f839a4cb54e\1433218d-7bdc-4ed0-af97-5f839a4cb54e.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\Ark.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\Ark.resources\Ark.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\Ark.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\Ark.resources\Ark.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\Ark.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\Ark.resources\Ark.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\Ark.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\Ark.resources\Ark.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2584.26463843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2584.26463843
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2584.26463843

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\alex.exe.config
C:\Users\Seven01\AppData\Local\Temp\alex.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\pubpol23.dat
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\alex.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2412.26460093
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2412.26460093
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2412.26460125
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2584.26463843
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2584.26463843
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2584.26463843

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alex.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3035fc5a\375c7a1a
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|alex.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|alex.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|alex.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.ServiceProcess__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.ServiceProcess,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\337da671\3850e7bd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\337da671\1b71387b
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5fcea75a\3c9c8d7b\67\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3c9c8d7b\46b95040\6c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.ServiceProcess,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.VirtualProtect
kernel32.dll.GlobalMemoryStatusEx
ole32.dll.CoCreateGuid
kernel32.dll.GetStdHandle
kernel32.dll.CloseHandle
kernel32.dll.DeleteFileW
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.SwitchToThread
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
advapi32.dll.RegSetValueExW
kernel32.dll.DeleteAtom
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
gdiplus.dll.GdipDisposeImage
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe 
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-02-15 11:51:05

Detected family: #Malicious

TheSystem Itself @ 2018-02-15 12:06:01