MalScore
100/100
MalFamily
Malicious

oleri.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 14/68 Related 2697
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 615.50 KB (630272 bytes)
Compile time: 2017-05-13 03:04:01
MD5: d9eea652e097a3f9f950fc6998682ad0
SHA1: 773a2461085609843b85a605a80cc2fc9a79d5de
SHA256: 26212b78b526d1c8226341f66dae4dc88e0f3bb9f7d57f7cc2404a2d799a21af
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-02-20 13:09:05
Last submission: 2018-02-20 13:09:05
Filename detected: - oleri.exe (1)
URL file hosting
hXXp://prosciuttiamo.it/ice/oleri.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-02-20 12:01:30 [14/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x65c34 417280 f1153d566e8352d9cec0208dce2b43f1 4bff82a52020f50860f650b5fd45344703b7deef
.rsrc 0x68000 0x33a60 211968 e47838565a4d2686e1004d6b1a39a46a 5e9f84b362c39b1b553994215a8ecd4d6e1c0edb
.reloc 0x9c000 0xc 512 34712aad9c27d8ed324e909e3d5f2dda b1ba104550d4e677c8067c486aaba479c082c5ce
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x68130 209740 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x9b47c 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x9b490 996 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x9b874 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018 Ace Hardware Corporation
Assembly Version: 0.0.0.0
InternalName: oleri.exe
FileVersion: 1.3.1.1
CompanyName: Ace Hardware Corporation
Comments: oyonayaweb
ProductName: Accu-Chek Connect diabetes management system
ProductVersion: 1.3.1.1
FileDescription: Accu-Chek Connect diabetes management system
Translation: 0x0000 0x04b0
OriginalFilename: oleri.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
1.3.1.1
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Comments
abbeca4e-7abf-7323
abbeca4e-7abf-7322
abbeca4e-7abf-7321
abbeca4e-7abf-7320
abbeca4e-7abf-7327
abbeca4e-7abf-7326
abbeca4e-7abf-7325
abbeca4e-7abf-7324
2018 Ace Hardware Corporation
abbeca4e-7abf-7329
abbeca4e-7abf-7328
Translation
LegalCopyright
abbeca4e-7abf-7356
abbeca4e-7abf-7357
abbeca4e-7abf-7354
abbeca4e-7abf-7355
abbeca4e-7abf-7352
abbeca4e-7abf-7353
abbeca4e-7abf-7350
abbeca4e-7abf-7351
oyonayaweb
abbeca4e-7abf-7359
abbeca4e-7abf-738
abbeca4e-7abf-739
abbeca4e-7abf-730
abbeca4e-7abf-731
abbeca4e-7abf-732
abbeca4e-7abf-733
abbeca4e-7abf-734
abbeca4e-7abf-735
abbeca4e-7abf-736
abbeca4e-7abf-737
VarFileInfo
abbeca4e-7abf-7358
abbeca4e-7abf-7345
abbeca4e-7abf-7344
abbeca4e-7abf-7347
abbeca4e-7abf-7346
abbeca4e-7abf-7341
abbeca4e-7abf-7340
abbeca4e-7abf-7343
abbeca4e-7abf-7342
abbeca4e-7abf-7349
abbeca4e-7abf-7348
1.3.1.1
#/In
Copyright
InternalName
ProductName
c87a2ae7-fd71-40
oleri.exe
abbeca4e-7abf-7318
abbeca4e-7abf-7319
abbeca4e-7abf-7312
abbeca4e-7abf-7313
abbeca4e-7abf-7310
abbeca4e-7abf-7311
abbeca4e-7abf-7316
abbeca4e-7abf-7317
abbeca4e-7abf-7314
abbeca4e-7abf-7315
abbeca4e-7abf-7369
abbeca4e-7abf-7368
abbeca4e-7abf-7367
abbeca4e-7abf-7366
abbeca4e-7abf-7365
abbeca4e-7abf-7364
abbeca4e-7abf-7363
abbeca4e-7abf-7362
abbeca4e-7abf-7361
abbeca4e-7abf-7360
Accu-Chek Connect diabetes management system
VS_VERSION_INFO
Assembly Version
CompanyName
dxy
abbeca4e-7abf-7338
abbeca4e-7abf-7339
abbeca4e-7abf-7334
abbeca4e-7abf-7335
abbeca4e-7abf-7336
abbeca4e-7abf-7337
abbeca4e-7abf-7330
abbeca4e-7abf-7331
abbeca4e-7abf-7332
abbeca4e-7abf-7333
StringFileInfo
FileVersion
000004b0
ProductVersion
FileDescription
0.0.0.0
OriginalFilename
Ace Hardware Corporation
o"3#N
}Pc@
=}KMY
}n`U4
g-c;%
u7tlfnt
S@d3
$l<&-
PNG
eEa0
rj%>
l&7p}
*hKm
{i.ML
Je|V
JS%y
^i0~
~MLw
ResolveEventHandler
m]PA
mn'z
kXj@
1 }
6&Pc
<+-j
d#:).4
, Q
vU_0
Q e1
K+>)4
t#GA
# cKB
t9m:
/ZjH
9)_K
X_$.I<#
>f2>
L y 4
LC%Eb
"<>G
%0BY\
*uou
5 f4
syFqa6'
O-o
4Gkt}
YBU%
'zYB
6BBAn
VR-L
f<*w
.Rx~
F{(V
LEjq
*3gx6m
y\YD
m{('
0I+z3
txR3c
WP_&
{M ;
TbW
E`Fi
*_oY>VXx
pYu@
4ZZn(
1sr3D
T' &
DLD8
&8bE
s5 h
8uS^u
`"<:
D|@n
%)R
1nBT8h
]S3S
6reT
]c 4<
Enumerable
S@G
R)Mf
H5+U
WeE
}gSD
HEAk
cI1@O
~YS@N2
(M/-
$bNr3F
,: J
735=l%
FbC-
^o-
kueO
{ z\
S#Y50
0a|/
Jr((
f-Rh
s22)R
; :|uH
w ]-{c
ogK9!
MF*fo
:Q0=
~Fqc
Ol9A
WwJV/
get_Hovering
(WRn
<0!:
lYfo
dDl}
9,|
99,
Q$OT
yHr>[
OIsO
_7?_
BKM X[+
LHB46
#q:+Kb
%KD.u
XA|M
RdpN5N
JZv.
Lz,*
M.mk
c^X)
Nm<
%T\d
D.n3
Char
d:5-g
g "z
|i?:
<dY
H:Y~t:
o#6V
"jO\
QR,>
Rb=`
l"PM<
L~_I
[ Y2
[ Y2
IRFry
kt7(
5>&S
h0D*X
l=|-
2YR-MK
."gf
x1N
gv5c
Wd_d
.text
EC)
:NclF
4[
1SoFf
>RFR>
b84+#
k?t)
! h"f
F wg
${,g
aP&c
k_*I4
C?6_rr
4mCWY
U)kN
@_m(
lZ& wd
fS$D?
=GXV
7x}18+
ojw-
:}r
b[DDM(tq
Z@m|
OAT[*
oSi-
@3=x*N
f;r4
(@;8
/B6
(F^f
9Wd^V
~=GiG
$#_0
Q3W'
Hb'Kt,V
UaO6'
.Yo{
q]1:G
8NzW
;$>W
S ^
EurV#
N(~
j'}L
08GI
DmAj
{>oH
! >K
n)06
3<X:
Cy1_[
Ra4&
EP?kZ
Kqgx
p .F
Wo'n:
/'[Kx
E eKFy
@GTn
;M{.
-hEyU@
wkZ%
')V7
~ *@;
CxCK7
zgy'
Rw$9)
mo4j
"bvU:
q3z+bl
T9,[-c
Pv%6
amhQydU
Nl&{
R^c}
]Bq_
=tW
/CH#
8#n #
X'd7
=G-
qu".K3
get_Assembly
z o0
6|1c&t
[ol5
ENeAU
iP\Y
Jk7u
g ]~
o*$dQ
Hovering
bp'~
'fB,N
/I;
&$P|m
Bz
H>qu
N8SU
bHr46
u2!<
bJ'~
c5LOre
T!)Z
y)Y|
(8-*
IbWI
X=#
P^ )
7|b?
T$\;
IHDR
{rl=
U0Nu
it1K
#5n
leh
|oqV
OC'v
w,/; Zm
System
5O2
}h ]\K
G"*9
!.lB
Y <
~!.Ob
m v7
e^-:
nD'Z4
Cs5mv
`8me
( g>
wjLW@
MethodBase
eizwZC
JwK6
Font
jeWg
lX*JQ;]
0d~a
cvTiUI
/]&M
yj=/
cVZ"
a'o:
O1Dmy
qZ"<o
width
s]wG
LHB44
Kep
j#|E
BNAK@
get_ShowKeyboardCues
5CCX
W5@n
nAWF
b}mSYd
c\ Z
R /*
L7cb
qO{z
+zlh
IDAThC
P^)!
set_OverIndex
N`w
T5v}
@rC-
+@ E
THfw
dm"8
zYN\}
/~bX
>lK.
5dyPf
g[_
MouseEventArgs
d'0S7J
H|Zu
;|*}
1UhOS
.N6t<
rjcv$
%6[u
set_BackColor
\]&X
-8,f|
m8Rin
G/Q1
,$u0$
xY}
tm{s"
MgsX`] b
t.s
I}SD
m>?U
X&C#
:om
>|c
= 6=>[
K IM
@Z=N
KrPEn-
DnjE
H9JV
mfzK.
=7Y#
q;%t
3 h
:+A%
&7n(_q
^@?C
9\?(
nH3'N
e (i
m8x$?Tb
U=7H'
!D F
NJ(
#'6~8
Q{EX
Y&N1*
_PYqw
292(^
Qe`*z
}Tx~
n8OA:
g-[X
_ !A
<nHW{n
t9&67
DB8F-
_:X<6
_exy:j
3#f
/ R>^
/_` }
q 4
$tUu<
VB_=
HMu
`QWd
{IDAThC
/tieua
x6|^4R
-EJ!
I2 o
%g&<v$
>p? p<H
>I' `BMn=
Y+* ]
wF1wf
KhCl
QB{X
P NR[
DRXs&
dm=U
K.{4
O~q$
+iz{
lNzQH
s<OZ
Z"y0
R^ T
39D$
v2[
*7kLC
go}o2
X?v`
Vm&>
Dh30>
h9I G
17#e11Q
7 `{Q
9AH
fV="
o|fL
Na=:V
4<F:jK
`$nB
T =?
bjt:h
?.K'
J:+&
H` R
(&W_
9 Q=g
&J'B
_"1$
;B <
&HVnfQm
Ss_u7
;ieR
-8&
77qL
y 0!
[F}E
}Tc1
("{uHI
?EzB
J n?{
]f r<
" _Cc
#h9y
+J a`
0j6Q
(wQP
n_;,
7 Z&c
Qd8
^.wy
3F[iu
u5+4
GetTabRect
SjEN/m
<ts7c
e1+x
9:m:% z
I|65
Z[.M
$&=W{
Jwe{/)
Xt7P
N&l 0%:
yZ<-
2q
_ox|cm
TB 4
IG:nf5
D|oD
Wi[
y<Ml2
2n_d
bd4U
#YNW
X_ #
mb-1.
*pYInO
O0h
11@SM=
8fZ&
a1()
"Hxk
0a`&
LUhBi0L2
p0`]R
W}/g
36*la0
e9KP
kt l$
Ct M!wJ
MintSeparator
in_#V
# #v(
vzq
p\)=
qr%&
Gu`.;
R7;w/
-0uv
r_ u
Y2R;
&{^]
yy'=2
r.Hz
Invoke
9(A~[
I!siB]
0dxS
AZ;j
):UBI|
LIX~)
0FQt
c3}W
O(s
"){I
/ -*
-,%'
CP=u^
>}{zs
M14
M_Q P
M+iT
1(WL
1KK1
#^,!
?!ObZ
a1fM
%OEDH
O)d,
DX^?
^!y
XCvb
><g0
".Lu
u/S>
`"B$
wFRJ
vv$BSa
. O2
R5E/
,t38
IfW D?nk
mop[/
/d/P
EJvD
Z|lD
H?RH
gVc'
]Ab;^
pQHW)
Y,.F
0(]
{Wfa
3,r#
get_Location
U Oq
OGBI
t].=
!9 FY
s|t#A
u!Z2e
Ix9.
EuQ D
9mT@N
1$sv
IList
1SK_
n,pTN
_=Inx
Me+(
:ZoQ
|V#
RuntimeCompatibilityAttribute
4Ym>
~9X)
{y+4 0
D,_Si
vNV[
*uT
.1 ]
'[J>
N? '
4Z6$
_yL(
N_\t
gV!6U
qidA
LayoutSettings
Invalidate
4?I^I
J"`Wk
[Ydkh
@IR]Wu
0uvq
Size
$BhdiN
U{~,~d
cY^,C
9) A0
.$l!
}E:Z
EO@-]
IQBy
{.nKY
)1Qt
,q5V
]7y=
nE@m
U D
cC k
<kN;|~
IuY%
M2hZ
,"'eo
/1F }
Z 8?
!=oL[e:
"5rR
ISerializable
ZMO
s($+
aJL0
@\*l
: 7Y
:hV
z4-
"SGo
']jIgl
=$H1
]G [
Y|O
d%dH
R]s&
Me+]
$zQ%&
Cpr
G">lL
I6W}
j+?
M=L$-
$97a1a08f-fec7-425b-8644-b475dd7cef56
^W}VY
SxjIq
vH4sQ'
0J|DW
({`Z
0D.qap
iul:
pBuu
{X!q
Y0e
Gau?
iW+ PAn
y[ #
-P.]
aL :kF
fkSl
hqr]P
KQR(
"EuP
%,m"
i-+"'R
o`[ 2Y
7hx\!`GR
CEx)
set_X
exM$w
W;_af
<CC<
x+$M
ct:b
9k jF
r=,'
/FgI~
Ovh[
/1nK}
Cb?|
\7ZX
tOww
&jZn
:V=q
~PnJ
:t }
l[ol#g
BoundsSpecified
>TOS
eL3,>
cU_K|
fPDm?p
T7P$
61I !
_>uf
l"on
&nkF
S=_}
yg t
"Fq'
uo80_B
1\Zk N&
`8ab
m57fh
el<JS
.Y^ B
hMi9
P)'2
T<aP
R!kv
VagS
,MsC
p4[%
A&]
ApYI
MarshalByRefObject
q]z-
"e$zh
k F.4
mscorlib
*C3i
R KB
!mu0T6
3gtB~E
I{3UhHPVB
<T>6
sN2H
6T1O
H76w
2>G
p!He
P2bs
]v:$
`4R~
osc8
fdNY
}]*|
C 6Ds
v=qK
t' `
&IbXRl
`'gJ
W?VZ
ILx(
$ HWKw4y
|5
"BRT
W%d#
_?9i
\|&N}r
d#@xT
a!EG
$Q3[Dqfk6
qGU+
| WZ
J13
<65?h)
&V(b
sYo}
M-5s
8+1[
Om(c
GpTH
UW#
>C6Z
ysuI/
`]av9:
LWJ(
A':yi
<PgE
jyjT
M8R]
}~{])
tMtt
wm*u
R 'a
sx Hz
*b|m~t
"/'qNTv
: f]
!9&w
P{[X3
6 I
<s( NY
XkGm
-;0/
^ct%
!This program cannot be run in DOS mode. $
@]A}U
F2 3
<I|7
^xT+
D.0<
abCz
hg\&BK
(GRB
HW^R
fA',U
"'mM
zm-<
R#Cm
}S*}]S
7|Y@
aEk\s
UZ%
ek4N
yfS
] _l
#WD[
:<rY|$~n[pD
h<YV
J6#z
Gd6P
X
"I*
d ?.
{8W2
+<T <
DS6{"5
f{C
Ab\f
>X:X
Uj]nh
[HC4>
&Yoff*!M
Re+#
*w$S
ph:QLJ
#&)"Xr
I^Fr
L u+
ug@e?PQ1
/R>>CU
_* r
C $ E
1+R?
R+v=z
System.Linq
0mX"
E'RV
ah'g
R{fs
jT)4
gmp{\^
Ek/q
!+lg
< %*
4zW'
$YwT]I
gq~{{
F`ib
vE(}
dd1
(w"A6
/!{}
yx
vA?QQ[$
b P`
B?z3/lF !
%E_D
:5@%o
Pl/
x21<
9drW
7zvP
op7K
#&TX?
c.bP
iFZ7
^Wh/[B.N
=];s
"X|/
l-3"
Qz6A
2.w\
get_TextBounds
}mpv
j`nR
>L${
=7O$
/gkn
x>D/*
MethodInfo
iVO2
19h7
<Z.|m*
~#k
f*U ~Tt|
{W >
O (
CqaQ
+4 E
di8>
=7C$
.za6
D|Hc
u'_%Gc
j`n+
G]L8
W g3m
D^Ln
Ze3 ]>
U i>G=D
:~S#
n01V
e]HRI
46*`
twNw
QW9^
-eu ~U
d,
aLHc
.P.@T
TN)N
tL6iAm
|yb-
CSG[
`4#
T?_7YA
1p+U
Y"UT
RR!d
B;wm
Em77#q
\/!,j
{W"c@
RV%
>F)[
I2OM
Rectangle
sfu|
`Q>b
A&w/
M7NH
Concat
HAZ@#
:d"2
Wy{l
MP*/
,Cf }
}uv5c
x[ 8
`OLK
vR'
jbMRi
)1JO
#is+
r5i|
B72o5z81@
]Zvq
^q7>_
dGj#v*
, fJ<2Z
get_OverIndex
?"keui7
b]hb
; yF
6-Z_
h99
MR iq
[D4`
System.Text
/c 5kW
eojeD)
r"5"
oXUe9\
W;mb
k$Bk'
BxsaPF
B4lU
c @GF
Component
L>zS
(@hg=
wfCG
>#r0
jN4h`
)1*3
/0F }
N -C$
f0ODpxp
yCy9
324xy
Me0*
Q|O
Y]u2
KoY
:-4Q
:Rk|
SKepY
UWp-
Q!-o
O$R
,BYKv
41n6p
'>*0
B pZ
GlO1
2.Iw#
z%uc
7bL$
G#W6
sz?(
Z]Z]
C!>H
ptou
4P A]
B.Di,
u[@k
.x);k
ra[l
/[{gu
2,s44
6oXC&
nXr(
/hr }
b+ B/~U*
>H,4W
S#y(7D
NB )
ToArray
X0h@
OnCreateControl
]%v@q
"SCG
)O|y
"HQKW/
vT@ZU
ez%/
<79!
Iem:H
":2@
$[y0
-Q k
]- /
} Z
Lvx>
Y?R}
g0>G!F
!nT5am]
XioR
]Y*~
get_FullName
{2~x3
vg/H
%$q>
4ML]7
VvUL
*5?I
x}C.
TL(3
R w[i
p.:Sb2
bvwv
[~=
v*Fh|X
0e+#
|^o5
}De;
4mqd
8' yW
wMrToL
f$o#
9"x
73Ez
hc>9it
9:xJ
:Y7J
"&e&#
~ RY'
UKy/
o3C)
xts6
V]g
^:r!
1FyU
oQQ$
/bKA^R
5k<^W#G
]2Jpt
uv6*
n8 )
^1#a
tDjuf\
%*Qi
0Hu|
>dkI
}|"/
H\# /
BBU
0Qnw
bZyb
e -a
/tN
uw`-/
Nql5
SZBJ
-p5c
} =~
~,pt
'8 +96F(
1.0.0.0
0Rp
@d^S
_CorExeMain
tHx'
faLR
z]c`
N#,6
acbDw
K (5Ca
+$J2
3<3N
naI|
z yx?
A6#8m5
sRGB
fS6d*
Ezq8
{ *Pi
a2hq =T
>v7?
l8\y ^
1O<'xe
CreateInstanceAndUnwrap
lI@!
1#LI
4gb#
,,n} y
,DH5
xO%9C{
LcN#
Hg#)
Hq4M~f
\Xo^
/+wM
m+np&
>/["
f~69
9=e>
<\g
qO7 ?
Y$[f
rszK8
:X29}
*wJOD<
gNW^s
75NB
.K1m
ekY-
gk ?
htd
3gz`r&
{4T
t?lk
0X;m.
5.Z<
WF }p
M7y0l
.H J
("n
j|if
A'_h
9lTq
uhMU;
)rv
~RJg
8S5D
[xDQ9
9y9'
2J,
JX t
0 vh~
>S]A)
} ?LU
qT]Z4<x
PkYW
lsRn
u8">eaT
{YST B
]\F,
L_%P
& eR
A>Xz
^#@p
^GuT
h"4]
LVC46
HL%[
/dT_
Bl12D
=v<lk
>[fewq'
a@&6
]b0h
2yUi
"${
s,g,
bM74
_p''GNx
I4w
^'ta
& I|u
3w~e
1B_ *
#d5-dV
Ru]c
Point
zK;E
@}<_
EbcH
k"]y.
`f[Qod/
z% ]
'6,@
0;Fd
JCGk_"mm
S" 0.
U&XgZ
|db4
S ]O
H??
h+hyLfe
,e=D
4n7<
m*H
2E_Q
zY@ E
TEtt
xlDn&
q,}=q
wt~'
#"ne
+V{<
_u+)
0:KA
K{tyao
":<K
fDH@
_.MG
FVo-
0%;}Qd
TZbtww(%
z' U!
5zGn
sZj9
C=Qu
drN
,8^Q
K4Ay|
ogF;G
zp@
?Use
xc ;
v/?
NWoOW
Kw c
tBUe
56g@
Z0Wx*
f/"J44
`sP)_&
A6tDU
fkUz
xG*J=R5|
m#l*
P9+$
hD/
r-/b
`_pj
U*Vs
a__@e
)|YXx4
OverIndex
p#*9
d:n{
Ul%@*E
^Q"h?
21z5
)8T
6s{p
@Us
<PrivateImplementationDetails>
m\zzF
qEbg
{a\E
j2E,
tt@}
Zjb6nDb
.e8!_~
5g@d
|$Y
bI&/
L8k@
?1@
XpSw
485g,.Vp
!(H9
]z+M
3A{>a
N,eu
?xLZ
mw N
Abh{
$.MGQ
6EgJ]
-`]fMt
r0YXw
TextBounds
m|ZE
BkaU
{Y)[s"
hIghUQ
@|_H
K!vmNz
graphics
D9 ka
@M.',~x
fX z
Yq*S6
{%AC
;4 5
EditorBrowsableAttribute
6F VS
]Y5f
cS)R
9ZL"|
qnjU
z}EDLHH[
ns`r
X*r%
EPx
j\vS
b(t1
Tw4<w
#GUID
:xO`
z\jK!Z
.cqb8
set_SizeMode
3ocU
g/z Si@
g5HcT<
5XB4/ #
MwMMw
lR_t
XY^(,
QSm.5
qf<u|
~"hJ
<c J*
`@R/
BpP,
x0P&rt
;!uT$
"kxl
(7JH
:' j
/'Jf
n'GST
2unj?
e p
9CxRv4
-XXR
7C?x
|c6L
Mag0
,j5T
@/&)9
lOd[
Fb7$
+<YT
Aai5
Uc#D
CB"xp
+Ts
7|7Bxd
F\6`
mCH>
&h8^
lzbk$
;Oi ^
[LPZ~
O- :
"UNc
]`8;
U3(O
":6P(OF
L y~.9V|>k
M +;
dlU:G\
mscoree.dll
YXQU
Yfm6Vm9
"K7y
PN ~
~ ,T
av|v
EM6rb?
sYgQb
>M~6
&- n
tF#4 b
k;Vzo
FQhz
/0F }
ZY0
.v;
VXm>1
8w4
63TG
[1k@
o?][
]^^F
j3I~
^(!Y
SetStyle
RyB9m
'6[r
k9L'&
Wts
le.^
l>n0A{
XtDt
EI72<
' 9+
33|@
Bti1
Qtj/
|I5 <
{>r&vfK],
q_kA
`k9Rj^
2 hI
(ARX
;*aT
@Ena
N60L,
4>>&D
{9 !
Y(a
DW J
5"Jh
vMF8
u>B}?
g 8/
Ol(-
7 ?:
6&6va
B-De
y.I#!
^ElM&
y-4
= < < < < < < < < < < < < < < <
9LX(E
Kf+,
FTC!
h&FH
\ Yo
)MJc
!g-n
~z HY
>p-Nl
_Qa#/
c}b.
S3P S
Uf ;
}6n|
DpbE
4Am_.;
3rj$
Gimf
K>TMh
OVO;q
Bpu=
v}:S=
QvTX
OverRect
qy4
.i?&u
RA&
JHB+:?
(*d
L`5
{2"?
4.L5Q*
@=,[
,,+)`
Pu>N
8rRp
=1n&
Sf_f
w\Xe
5S4.
AssemblyCompanyAttribute
w;gI;
+gjRN
~KPA
() #
d=G
MkVd@
],!/
Q|8
{ ^B
G=D-f'
mdS2EY
(v F^
}w!T
1$f9
ks c
ccLN
dfL
aGdD.
FeG"
AppDomain
Q%$O
35L
z*Z<
\_k5
\)K3
4[.q
`kqr
w |a
vM0!
aYu@
*OOI
:48z
J>a*,Q}T
5HK@
Y (
\b5r
>&6Th
X 4;
BpdEQ
Control
$p73e
\)KA
>cuJ
~A]x
Eg\
bOcYCj
$-)w
Type
jyQy
S<vXC
Gtu{
n wg
G_XT
U)+=0&D
,8am:hq
,1gi]
r0\*
TH-?
[ley9C(#c=(
T%d-I
?d'q
_]@0
Y]7b
fjHA
pmJu
1 Zr
_VU
9,
>^-P
3Eik
Ixlj
7"Hw
a<1j
n$Rb
{"y7
1L;^7
q^Wj
&^
@_4f
/plN
Led'7)
;Y 8F
U8iHxt
C; N
;4x"
[VMH
>jn0<
0Nx(
}3)'
g>YO
HlI}
;dvx
u}c!
?So_
jfNz
!PQ/
#$P[
|>0p
jnV L
|N[v;
a?:V
&Z\
ax:#
AW~[!
^ dJN
Wt /Q
3j,Xy9
@ J`WC
oQ5
PBC
1vI:
0fFVvDv+
AvjQ_
sl]v
m|cD
(zhs
CMmf
,fx "o
i3<K
&iv)
Y(i_
$%4+
7]/ t
`.rsrc
2Uh''
g:-4v
yG[l
H/m!
}C P
ZC?D
!-Rb
<'gJ
4 le
]-xb
!3?R
^Tq(
)Vb+
J l#w *
CJ&
9?Fr
x61A^
pO8
I.JJ5
3ax79
f+lm2
TrXE|
A!m!F
MZAtB
x#93}C5
&YdCH
hu7>
L! @\
`R<$
Gh$`r
*uP z
matemdeea
z\0Z
&um
+bVYw ;
|eh"
# q7r
<cI|1
\,d'
1ZDP
qZ16B0
6h?(
ah/
kcV2
&2cJ
xl`
ncIbc
PdzR
4JJQ
bf[m Z
w`VQ
,o)X
gyZY
K;dtL_
'f>d
hf>^
0iLJ
JK}@
lc2
zbWI`W;
?U
fNWS
>dmM
<;c\
-PMnX
S}u{
{ eS
, #}
5r6U
1OK\
cV,$G
RightToLeft
6EFAC0EE8C248566D5441213E5936E72128EE1FF
'I i
BY +
|XLCt
TCT?r)&q
iCHY
$GX
^J '
4lYL
p z@
i-Yu
u^Y Id8x
|mCaJ
inQ#
&`C4
eW V
O/5g
XTNK
X"~@
X"~B
^6S
tv4;'
P_N X
yW'cA|
YXv0
#Strings
bb7@r
u |-
"jv
6BhD!
^~Mxe
u3f
!FCz
Z7gJoqc
BuWQ
Zko]~9
!abo
NA1X
HB>Y
_]BW
&i]v
{y=I
I&S@
Hz>
Zd7q
yL/9
2QDAg
5Nh6}
_DD6A
/yl
3)ut
h+94
add_AssemblyResolve
q 22G
7!.
XfyO
qkp[e
S*Z3
)G*u)
fyzo
#*1Yi
5 U
Ck'
!E)@
SU&}Z>
f^{"
70kE3
N+ETw
E_n=
o:A
{'w6
V =rY
Y1H*v
z^d[
O\ W
CEon
Js)ny
h)oL
4@j`
I9b$
\5UU
{Y|]C
b Ci
',j(
HV u
\p<m
/kxxl
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
qkOI%]
c,UsY
928q
~Ddq
sN l
@Y$3
I<m
-S*E
]>"H
@Cpc
DZ`l
&jIT
~lc8
N!5
D fU
{|&((
Sxn?
5pM0W
Ji`pXs
OB;\
x5l@6
(fZa
'nxX
hx]6J
G=b'
=bq_
fYC5
7I3)1B
0v&9
jL_T
<qdN&
*`]W
[sd%
q{Ke-$
;#%
/;b;
^C&X
p0`r\Jll_b&
@xEe
}`F%
LG&U
],*Gk
XR]R
;n2K`
"Nd
:CAV
nh(AnC/
1Qf-
Contains
#x_L
v*Su
w .\L
3px,
,TUZ
mh y
_x4<
ValueType
+]La
KY#
bY<r
0l&E
#$.QUTz
F rm
&9TO
BGm@
_x4M
s8}@
`4S-Qr
2M 2_
ButtonBase
T:,x
^]5
,<:y92
1FI7
whd+
"'`@
%!j%
B5WX
|g25y
x)Ne
zcmR
C39K
^y "o
ToString
scXq
osrD
Bm!}
lQ`.8
8n1au
GWmn"
dZA+d
8|aW)
+ '|u
-7#_%U
tMLKP
QI*)zfCP
iCJ#
b3mV.+
Z<tjk
wf}+:?q
Eb>x
NHB46
yOz"
0 ef
!^RE
l_,@
^r0)
\~i
f/b!
s0'v(
L26J
. +l
L12>
{ B
-Rb
YX6=N
y }/
2_3~
[ Y2
40< y
/GNn-2
QMe+)
Me%H
>Q)Z
>Q)W
'oG3
"E\)
orqZ
q&*_
|#yw
gz\5
10 $~8
mXGv
.ctor
M%4d
ag[8
get_SelectedIndex
t|\DV
RuRPoE
<9XZ8
{ ) c
,.d\
cy t=
0X $
pKo}2o
jO.
get_Text
13T
(@uc
G-f)
-GSt
Rl*q
;"3A
!k/E
v<s u9)x
18NN
v7[B
8efj
;,d,
zssN
QWX$
,aN-
@.reloc
qH V
~D1~
{@NL
Vy_l
5 w<.
G'DX
[$e7pY
dtI7
34}xv
&"_q
o,A ,
C_{]/[v2
FsyI
o-e,^+
O7c$
[sZ|
:]e$
fUp;3
L~Q'Y
xaOK
{+{]t
<~je
nD &
,\l,
A`sL
n~]S|<]
), 2
k- 6/
T\Kb
LZ=&o
)agK
$zVz
#NpIS
bgDLMR
& 0
f,w
fvei9
I9`Y
m/]uTZ
Q g=c
)QA)`
k:<y
2hZ-~
Je I
px 1
WVM \
-j$HTD
Qxa6
_s+hm P?
V-Vm
G"@g*,
k2IK
Ug%E
)HvHWFg
'K6j#
o!Q.
=}0c3F
*_;S
xg@i
$o)#c
R1" [?#
OC(r
PO*t.g
<#\
5. U
Td P
9dcq
NS)UiW
]] Wb
dl2X$A
jQWs
j+1l
lsbR
Mt+$
/)j^
m<Oi$
)-];6X
Dr,
xPP@
!H8@
!-VJ
/qE2xRO%
xR!8
_ChG
x4glz
s=%{
#e~-
\f>V
G rl4<
5T,N
gBx|
:qtYO
?A)e
W%M{
xl (
`Lei$
Lk(
%i%)+
e}OR%
i-@L
B6O%/@
w93n
~1E
8X r;w
A-=&'
hW<r
u9Znv
ACb94N
{869
M9
`af%
|7p~
)'KPv
>XI[R
8H~C
#oL9
yx St
z_a\0
? n4
Jv,2~
JX)^T
nBZc
!)rc
^asm
HN;BH
glS71
/j.)
$gWh
L W
7 ~v
&7th
(G54
m, 2
v= `
fQ&\
TSVm
LabelEditEventArgs
,qJ;
bKnqG F
n#,E
areb
=mb&
tDS=
aMFP
$jO}A
45}m
`j&&/
K3kro
]$8m
+YBU
?wl'L
pS7Tl
j_Lo
Y 8T
c4 >Ky(A
P +"
^y [
=*?|
[Mq&
.Yt0
VI.p
"\l]
5hv"\S$,}3
l5l]
5 iF
dZ1vl
6$h,s
M}`6
("d0z
uEH4
iI%$D
B:^vz
h}l5x
5C}R
agU?
gAMA
kbhN
MJbfT
~xG
[)vUe
%K:&Re
U@z
.ra{
BZ73vC
z2 s`
Ft.vLO'
Ta0p
rR4i
>" K
'4%e
}z A&^k
get_TabPages
&5:/
' +t
t.F][k
QJ/b
-]gQJ_
get_Width
w7C;{
|!%^
B\}D
Svx'
4p.PCW=
0sTP
y-O&
G'BT
%HP4o#z
<gXNj4
DI>7
%1<BS
Z)F[
*7]9<P
,8?Z8
%Cem
ox bZ
pX5T'K
'Wv,
||o
TM*\
\,qOq
US S
t},h
b 'K
QQz<
Incarcator
`->T
=?pz
HnH:
}*]Y|
D^x^
%Z X
Hj2JI
:5zG
jlP$
gN^.
92<L
Q <a
b ,ax
=H!7V
NB@5u
W0!8
1,+H
_\1md
k>Z'
jM8]f
6QYX
:cpH
1P(F
D4eA
obK|
x ^m
ZJ .
RBMu
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
x!j\
*Rnt
4 :a
p5}f
gj9
BecsdO
BhPo
H' O
:=G*!9q mt>
bJj$[G
z|Ck+P
q Y
F,Hyw
8)!+
.x|j
iA@AQ
!-TZ
#&YS
1,V#
wi<+
z~_VwE5V
q@XW6
b0U
bwzES
Fi@
mmJc
Wi$jp
f "T
4qF{
G D/
lYrh
matemdeea.ControlFolder
@Je#%
_ sCp
Emgg <
Jkx,
EI9!
9T ;
UaRf
IMO |
-,1T
d{ '`
0E0FA1A62DEEBB1E981471F7A1F5C112CB0A9C65
:-?%^
Q[SU
A|V .~
ymX~
%N h
U/94
$zq,
c~ `Z
&uO]t
n]w^U
FaPir
4g_x:
7(cb
lvCprl
lrC\
Rsh
-M},
P*@&
-4
7^/)
x:M9
rZ~[
TIdOF&
k</Y
]vB>
InvalidOperationException
't([/
DZ04
=,`?
efBb
4`s"
.|5;
XwUG
@>Gs
g$lX
%X<dz'
XF{(PC
V/QA
'p3kM
a^;w
=>n8
~M94
#_N%
kFC7
SA3b
o0H\z9
Fsb8
f H3
H_tu
tVc &
#[1
bq;UVr
1FE{
4}w
=" '
<0O/
YXlX
=a\p
0z3R
$Tsb
fCU&f
'B0ME{
get_Graphics
=`@W
K@a{m
pKErH
LHB4(
OnControlAdded
(0i
e<E"h{q
5?a{
>3+)
Dp:e3R IKt
?vIEy
QiA%
2xE dx
NA`)
b~JV
7I2^z+S
'8G f
n1j%
j_P{
xA M
L#8l
.<YF
gYo<
s<-C
= < < < < < < < < < < < < < < <
lz\d
>d_]
}5JE}
f1+?
LY8
\o=V&$
~?=k
F5C]
\g._+
~wVP
e<\~
y2@<
adY;
P:/
o1@ P
u^j]
A<8SE4v
@fX|
|YB:U1-
#nB40^
x3R l
{%sk
|t.9
>^T!G
F1O,
-ybm5
:Vhe
wkC[
,80a
aa1
ctaQy
D1q&
"ds'\
e^UQ2
<*k'U
#Me!?
C:3/
0,kC
VgH,
SRsF*
bcJb78_
3Nuw
6X=iQ
v#0x
:1-
=_4P
Jc>&
&}].
%INL
W#IYt a<
>8qq
{TP(
ud7$s
**C7
'<l|UA
g#yS
CSz#
GnZ75
;Vy|
]](8
e4D\
)t_|
/ ^{
-f z
w-G
+ ($
&FPf@
lE)t-U1
4p)Ubu
_"eX
Nanm\
K"#e
lK.l
<g]A
q M3AM9
q]~.
bji+
keko
iJpf+
a<a4
!&@D'
WG "4j
yQRBC
hH%>
,B'.~
| & \
!^yB
( ;Kn
hkPL
iw37
FcIAR
n]T
;S:p
NiW'Wb
v<;
,MF=
Mz;/
j 8'
9gZ
(&pE=
NjNb
io>S,
= cS
M.js
@v|4
tl)qS<
l`DS
p($wav
bbL=
X&2gj
nRZ"z
aF ,
q}3b
]:f5
S1Sz
uvuek
QDe"
}U5l
LeS0
Avio
xz:,
Pnxo
<ZC&!
NyK2r
P$Vf
?K&Qq
^Xmc
[b(<
sNB~<Nie
H0}:
j(o
VoQ>
:I?3j
uCz
@ ,0w
^UJ&
j5c'
t5<}
w S+
~ikC
ef@f
k1X)
l#bv
LRnOub
aS4z<
ZVcC>
h X-hv
%l5*
!;c8
[<!k
YA?A<
u!F I
*FSAw
&N/?
p'23
*qQ2$
vzjV
3E~F
ComVisibleAttribute
r$MR
jSbO@-
6,Z6g
nM!
/\Zg
AoVZ
<9)RD
d8V,@
>VVr>
H%*
IG%,
?KG;l
!HIwK
SgW"O
Z@X$
~n=N
#`I~
659=
j@V?xG
u W'z
4Y +
Udjh(
PFs6;n
A/mNd
tB 3Z
>pf&iM
;\MUGw
cF_Mq
K%-l
uMRBw
!oOE]
]* '
}!:4
6[S}#
get_Size
FO$6
]e}TJ
[\1s
4~fd=
h -
^i?e
2/_
:28Y
,]T7
u+x{a
S<gM
get_Control
~ V<
xwq$/*)
pssB~)
1/K1
q%Q{pN
y93b
/2r|
."O8
nZ[_y
fnNc
9Ow~
RzI1O
kN%`
+0F ]'
0=~a
o~Cc>
8]'Vm^w
Py+v
^# ],
`na@
}ws{
]zVQL
.{A:+*6S
[Z=Q 2
:9)Q;`z
;@ J
#& @b3
~yrlQ
set_Width
KOG&
f^n
MS|q
<cdp
v!amf
**Gi5h
{FO
@d/M'aF
VlrN
:6O7
iA Q@
Vc2F
<c}Vi
=!yK
jyNih.R
..K;
A@k
\"o1
nU@IL
RiFW
gFq>R
<F_x
u=o
8"^uPG@
RaY4^
c` 2
}sG
@a<N
)cH=!gw
e{+)
Ya?o
k?\B
_(.
> `_h
1F^&
|"p4!
[@8
(Ak7h
#6:"
P_e\q
{e"p]u
j</$
84Du
1LSw #)
KGdV
w4s5
,, @f
:BCUD
6s )
Copyright
ewPIh^P
#b'Z
c2o
Wb0
W?yj
<TmN
*&EV
I%!c
=a"p
;!j4
b*Go
8sA7
!GY
9FH`
get_Count
<TERn
|?FQ
pN (!
k.K;
A- a
tK7H3ZPb
Exception
[slY
\6%I
;Zg1
ZY0
y6syb&G
N hR
["Ep
6w*Q5 0
nsT|/
7;%
nJ@
:%\
_Kn[`|*:ov(
p8gN
\\#;
^ %q
]f 5'
z"!y@
5_-i
6a 6
AA116D4CEEC324F997842E90883AC815F1858929
wwVQ
TC;a
OSZ-zl
+J E
O?sC
T%"5
6Nnjr
eYWa0
wI/VS
X:B%
[FHwwHN
0x0C
R\ax
m>Yv
hTVZ
`Mt-J
Md|n
BYNE
DHG47
8;F~
iat;67
udY$
}2#D
Math
C|? g
,-|H}R
A9_/
RA?dv
wm`n1?
23^E
'H3R
Cq L
LSe"&V
LESE
TopTabControl
[$a5
s46!
m~tdx
'5Rh
|$t+
]> e=
'Nf\
{i`f{1k(
#]kj2Td
08g&
N_[lg
15 D
}2)|
Fin2d7h
~%
]uL$
$<)ek
}?aH
aiE>
14W,3m
C=?C
!6A o
y8u[
W@%G
Z0QP7u
)E[#
|Z)$
/.K;
J=z`
AssemblyProductAttribute
:4cg
5 s0
5 uu
j=Eq
3KLW]
Ky #}
<Module>
"Vdc
$S]0
*RXt|D
(+ M
Zyo.!J
#'gA
o(/g
GE~\
{:FD
C O<
P 90
|VgD
7XaL
qy P
RRg =X
1v/$
G|q;
_W>U
o_]I.
E"5k w
]yxlQr
!-RbO*YA
r5{p
WgX{
[ +
K'vf
n0U!%
%P7N
ihb4v
i1qB4
'{E(
j*H5
qW-.K1
YSP8
'a1)V
T__e#MB
1=yp
ad0r
XE~U
L-ig
jP9+
c]ry
|r~Gq
Ibw[
0\W
9l3m
~D)#
Qbw(
T M
MGF]
P2~@
^m:Rk%
o%~d
jpG1pI
0W@+I
350[
_?GgnM
5grf$
f# x
WA9{
ZZFI<?
<&WM+-TZN
7H8Oc
0?1C
reFX 3
ee7~
/zd
*Npa'
kY>m
rw1Q
get_White
h7WD
System.ComponentModel
Y: <
8NN3&&
M]2P3
Vb!8
e6fF
A<s }
Z!3`
[ ZG
*)mQ
j~0g
HM<E
Wxj's!
6DF71263AFFB3296BA91B14181DAF02693B8F22E
f0=d#
. \L
._cN
.}O\G.B
|IDAThC
IP%z
m&)n
System.Windows.Forms
bY~z
GsnJf
Sj}wHb@9
8Qjl
-t> @xB
W5*Yj
X F
DsQ 3$t4b3eE
't9=
Ee-a
RP;2
\\pE
G\L "
y=;q *&
,vCW6
Md+)
>(^b
,o9'7
4AX V
rNr .;
d}B40&
ww;H}
jxR.
~re2
eX@RJ3
Tg7x
3 S~
)d>t
\"N]
mz([(w
PwD,
|G%qo
WK _
Wg%{w
!PJU
12U:c
mO_n
( a?
L*1 4Ci
XpFA
get_Height
Tj>#
j!I$
;;+{
B^Vw%
7+-{
a$&3
Q 2[.?Os
/YFy}
9+{KBD
)2g0
NVcmH?
-YK~
~Mht
sg+1G
}BBM
22TTp+
Bgb%
+THoj
Es*/s
6-h|s
w[,1
]4V!:0=I
c'&
cnc#
*Ji^
29 I
[ q]
_?>$
` jK
5wQF
m!#H
)kz!x
0105dbdc-c2cc-ed.Resources.resources
[-\v
DOX{
Y@<a D
sQ=y
''&'
`Ok {'
L|11
W!#n{
U<>G<p9>
X]Di
~*y7
wU"8
I$%k
WWeM
QK.>
8t/{e
set_Alignment
+bc7
Cy5zTO7
i 0;
.D<rK=
:w7a=
<g0R9
`#R'
$f_L
% _1
f7p8V
get_CurrentDomain
pqWjF
bh LH
CA/D
UBT
\brX
SetBoundsCore
V-Ei
K ?i
W20t
Me+)
_MC6
], 4<
1eZ1
q(HQ8x
>4_V
P B/
s:XE
_ivb
{#"f
#Blob
iF[ rJ1
b"Dql(
JXn<5
M5<.a
jWZP
:e6K
UR9G
4TCuU
8QTD
)&<D
oA0p
^0\
[a#
X~E>
{jrrr:
X={@
U]e9
GK!H
6G~(k
3e^b
v'FE
2%eW
krA`
8_ 1+
*kMF
4 q[
KR))i
T [i
*:3,
get_X
get_Y
os)^W
$ &
wdk`
#b:*C
,cb8
vtBYp
~{S:X
ce0r
Twp(
KZ|B
_~ -c
i5w~
nM+O5
GHCL
IJ1w
g e
k!Wg
!9td>(
wE: F
)0ls
?LDRS
Z@I7
Ut2w0mLE
{<U:
W #P
YZk6$)
},R:
t9~
n>cG
'4un
{d L5
ZGU
JSl5
x}>6y
" wx
/3/YR
1v0q
,H(
>l)/
n%awZEBV
CUrK
bGq:
+o$_AW9
mGp#g$
b8y4
Tng-
0n#h1
DMqc7
u@&G,
@9tEZ>N
7xQ
U=c
dVg`KS[
KE)4
<zYB
}VW(GQ3p
gQ(m
[%&\
,.!bO
matemdeea.Initializare
+,q[
l^Kt
^.,T
GJ (?B
J'_<n
HTT8j
x I-
E]E8
g}G>
>`/7>
[6M({:
ivj?"w
Tq}R
-9t7
kkB_
K"hNI_`U
k-}(
Wj,R
Q -O P|
)?)-ZU
( t=
4;:9
0rEEW
j>^F
q@i5T
"Frn
e KX`l
Cz'[
cgX9
|K4p
8dm$
JlP*
I Aj
-UMi%}V
uxvc0'(
oZ5Zwl
N@k[{
y fx6
_\6t
M 5u
'|Z,
af\zQ
ZgSN
P4GV
w$}2af
/~cb
lj&L
Ls*%e
t/Ry
Vlkz
`AOk
WrapNonExceptionThrows
,~Zv
-#FI
w*;SC
RuntimeTypeHandle
Vql
r,y]T
5\Hw
}Vc
}Vc!
VQ8l
.WY!H
QzX"
RuntimeFieldHandle
l1Wb
=T$%
xKRg
ufc
=.^"
&*8H
&*8p
&*8q
&*8|
oojc
OV %
*yld
e88#
$|7~
r&$rp91f
pV9v
-Z9@l&
A[Ko
t2#D
HG5C
2X4E
sn&$)m
=Zq@
'iUj
z?zp
Qa3p
0 ,`+:
&45p
_Y u*
[yQM~
\uDq*Du
F Nz
O+ J
3TBDV
j>Re*
g)kn
87lY7
w0i7
dow
aSIw3B _
NZmD
JBL0
M8Zcc
V~Kn
3> 0
tQ "
),4`
G.zX
%NS+
I"(.Ub
Q=){nE,E
]Ja(
84c1
>As?|
Array
Zg>T
kEq&S
Color
}k\/
uWjg
_;VP
<ve{
9ad
AEHY
Og)4
b:mx
uSKko
u)`yfL[z O
FRJz
-%EA
d9hW@
|rTnE
IKBR
i{}r/'
:9`?
C}*8P
,<yk
S0j3t'
g!I>
Q?UH;P
J6 -
item
'.*:Q
*lgA
CM}/
PaU
RXUX
E ]0
. YrF
P0`zA
S1'*Ugj
AdnH9ma
n@oQY
%p<|
o-_e
*_Z2
C7y
OsS2
/p?h
=7B$
Dhr
= ji}:
kDmY
'|`G
Q)F y
D>&L
0ssO
,?&m
]sU\
0uFr0p
r Qe
- A
Ic>_
(W:}
fuY/z
[IF+
?rNH
2YG]
2ex
k} A
\Fv|
*k}{
dP |
o`+
\1 f
[z}!
t*T:
H#I"F
GuidAttribute
ZgWzN
!Bl[
8*]f
)@GR
a*e-v
gb1/
wAM^
7y$k
#5c(
*9r^LL
N'>[
LhLg
b8j2
`hjc
(Dw^
=My6
r=c
myfZ+A
xPdg
hM[D
K+;?
98-<T[
>W]/
_@3I
&jt4)
Fwy3
a HV8
bXVx
gR a
M'TG
Q\ -
5}!nx
h!1 z
w:f:3
`AMd
4o,KT
{c'J_
9b`
pB6
FJw>
EhT#
U -y
2 a5VLF
eTj1
I9*J
|~,
^Y+V
MjKw
]2p
{1e p48
kOtGS
%+ `ua^
9c 4f
h 3
AssemblyTitleAttribute
-4i3!
g<7O
`.E[
l`7al
E$L
%~cSzTxR
df'@
Q6MgSf
*u*Q
tgbF
c34\
b2">Ew&
9*ZG
{GE0S^
|(~
<;Vb
:zoU
5++s[
!$`H1
/81=
prt
kCz'v
9c]Lh
h:`t
ev1i
o%Q+}
8d
4.C\;
D8%u
}3cR
jP66!
VTih
8Z
tMws
\7|G
8\=+
R !
N1ff
x .U
ixA_
,_ I
e!l/65
xOGL
)Sco
674g
DEuC
{|S
OY
hr|
KqJ8E
W<=ZD
3jS2
p2K2
A-M#
btR~/>
TabSizeMode
B;I~W
?[ju
0vn,
WL>
s9"o;K
%`[(
eQqv
OMOT
7 kb
H`SU
g&$y
l bl
`EL_
B|#;f
apR<
,,{)O
Y 8@
B TB
vC=@
*,Yk
t3W,
;>@~5{
0OdF
;j=03
label
P'oI
Xm[-
c&q/
Qq)Ic#
g: -
r;XQo
Zn-5
Ub2<
$:*#
jaFXL#
:KFTb
jfo(9=
r&L%
[/0F }
N-fK
`PIGk
</{
ssg]
8. U
6/LZ
viI\
LvzP:
Assembly
Nr-B
:zL:
*y =
/{ ')!
@QSoR
Pk7K
h!D:?
x+%A
zP>*Ta:
^E[7b
TZ '
-z0H
,g ~
o 1_I
d@P\
\9Nv$
"q1 R
V{sd
b2-d
AMe+)
rVQ6
@5%4[
fAm4CEq
1ykV
cO\;
B2ZW
vn|
e$.
#9#r4
jrGb
A_;.
EjfmN
EGV@
Ti,}9
-p|,E
-`9 :K
)\?j
LSG}
GtnI
PR$iPQ)
""D
zm7Vn
an+4
~P$x>
Iy/M1Oe
*v_s
%DL@
|#[:A
V%MzU
M~-Z
twMN
tOS
kUwP
I| `E
G|1$
X~r4
0K0p}
{D(6?
}2!D
WDAm>l
^0-
0G+l
;7v>
R^{u
lexrR(6
fBj`
WH=5
^7!v
|[0p
uuXA!{
92}r-
qmaI
LV[E
{3oY
}%cH
3/QQ
9HI4
+&iJ
l"K1
\>,CE
{t~=
HE+;DZ`o
kQX:m*4
Yy5
p[E K
A;#xL
*uI)4^4
!CI'
z,<
V}4,<G
dOK
]1w I{
CE# /
+0 E
@[wv^
']=W
`OVt
UG~(
tP}
= R!
')s$'
ii4]
\pARX
-kF$
B?\K
Aqc7
d<>@
}B47
^d,s
cPD4x8<
!,z|
9'O`"
% _S
ou1cXkr
k_ =
]qm\&
l UpYBL
.cctor
0Gs
\| >
?4nB
Xo/9
+"eb
VaUp
db"z7
}2(%-
C|TG
Xv7cg.
MG9v
k#j\
9Fml
[E/z
(hV>
xdzK-
L7pir
kg,WG
6x\_
$O"
OQ"@
*Z}<
|I %5mi
%V@]
x Jq
UcYB
SoL
7'/*35$
+B/D
R?2v-cK
Ou<e
get_FontHeight
T `.7
G>~s
c[^*C
T@k7*
F@iB
$4q'
0rM}X
XM:Y#
[mu;z
szrT
AssemblyDescriptionAttribute
oyuy
X`qX
B Gn
0qb{`
*W^%
%mu
`,1/
RW"{v
r2r@
CJ*]I
_=7m
=)'Yb
=o{(
$r<B,
8939
?16
+x1 ]2
jk_cp:
q50O
o mt
Y7'$
6aQp
{ 2a
3{Q
(dD`G
@@MP
A*\F
1uM6
UA1p
KjE~
'%Tr
HIH*
/\Zo
a]^B
Dysm
p;O|&[
ut1b
x6M %
_x73
k~qIo
H\rm
?j<q
@Wwv
xyJ%
7x^~
&6+l
ppmZ
[R8W
!tow
mrUx!
8]
^SAV
SioVc
OxUGO
p&Vr
Bapf
zIDAThC
w f;}
a"GzYM
NMru3(1
2V_.L:
}_F[
'#Bu
':AJG
JNp%2i
miFj
Lu2O
L!=^
1+>K
RF]
7){`
( L%$
LGU+
JE-n
%2r4
nydN
J$~[
3c:N
rH#X
_70E+n+
xcmKK+
;1\U
_AppDomain
ets-
e ]f6
#>c#
` }[
:^YH
=X-:
U5nr
G| HS
s-><>
ed ~
F+<hM
ed _
dNKZ_{
W"s|
(UEo
|.K;v
3LMsj
hp}m3
.+.Ck
n0Ha
1l~o
[vB^yE
jAIq
kg#xO
t+[M
m#Yb
hD*%
czl:
2Rw?
'`c@
H`I$C
_VFe
q 1.
;j v
?6<t
^Q=N$
5Ma [5
NbG#
.]p_
YOYp#
~)4ltRM
m_s;
F #b<
Qy=|
[S C
#/i
0= I*
9MaR
<S'D
=dtW
bfKkZ
NY5
ResolveEventArgs
rnLv
f9u]
zieK9
|/w
fg$*t
^KO|
6!w3
J)aY
]&31*.
XJUD
r+&3~
~W:Kl]8
YZHK`
Q80.K^
MLV.P;nAo
IComparable`1
Y4`
d0qJ
v%7+F
I 0q
d9o(M
.UmG[Wd
{X6QIO
MHi 6
ivEw
a7pXi
Zom3
^M"Ma
n.v6
\ T_
/`&<
Tew-
K0/p
!}HFw
C .j
yR'sj#
h~X&A
0vR\
/W0~
:GxK
@|'w
<)}5
!JNJ
{-Yu
[Od"
5wnY
VWC4qt
o[X.
Ti=i
qfJ
dg(8Qn
AssemblyFileVersionAttribute
)_co
63zYD
|zYj
%E3/
.@H
+hpk
r~J]
L=_h
{\ N
<5.&oEq
c# s|
O$~N
()oy
vg'O
(5|
]vq>'
$ L K
Mo>1I
~2C
Uqzf
%[j)
cX~Q
a6IB
i5[L2
8cC)V\
;vnA
-}#\
}C^|!
Pw bN.X
3@%j
(H
<gD
PS;]
3*}&h
Nr\C
CcQ
DV@+
CpiK
@Q=d
epiW
XQ d
q]y_
8%U5
bm=!G<
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
get_RightToLeft
9~F*
\<k;
M+&&B'
dw 6/
9Gu*`ujD
=f#Sy
! 7u7
v=v9
[Yj8
%w* /
E?=#P
xE}U
Sa1o
i.2b
O5xsG<)
D \p0\
& GG
y`Oi
*RFi
??%qT(]
yip3D
]jvt
w#%+Y
( {&
v\qa
R2<5
$#sS
T'0>
(r*D
(Sn<~f#CH
Tg!v
AqJ?
System.Drawing
`< ;
]kK
0du@
E}t`
{o C9|
specified
k:p[A
)m1G
@d"r
b?4kd
l{cx
W =C
W_ !
4C328BECF729897AC2F385EEC7A4AC09D7AF383F
}Wc!
`CuM
,+@x
S_7
1/DD
dTi
_uM
h/F'
gE&~
tez-
x^E$M
Vc!3
]/ 0~`
qY]:
={99
c !:
!b#d
]i$}2
7N4+KH
dE
o {k
e/`s
&Y)
?:3.K9
ckS
?b]|
u~VI}
RN~9
(p}'
QLnp
p{=?
%;dT
9,N
)CcnvJ
Jm1Y
6\!$
_Assembly
d@;wN
#| zE
/0F ]
EditorBrowsableState
AssemblyConfigurationAttribute
2P{(
d{ /L}
DR'
oalM
-cX$
; K3
s,N_3-
I_ @x
-ouwE
7%
t6:2xf
*@J0
&=6i
0@tVd
e#Q-
rOe4
zWq1
uB %j8
D m(
}='`
N\`Pc4
u*(\3
/8F l
b/e'$
3J-r
/:nI}
`;5-
gyx]
U.#:
v(#b
}8cs
;>s{
[m*?
^D V
V# j
2 &b
JyE9
@%va
D=Ry
H>~g
{KpW
n+*
1(ag
S6P Y
2'w*M
u"Hb
/ R}
'vc
AssemblyCopyrightAttribute
*/Cc
7TyF
=6Q7
T4m;l
Z=,fS'
GDmU
W\n'
y97h
&zgb
A@xw
xq{]
SJm@5q_
#7`vW*
,(*n(
4,p(
G36X
/@#\
DP`:
M`+
JF-X
PHoBv
uc= H
q<M;
$6<.o
t0 k
&B^%
,*:X
;WP*2
/%R`
<;?+
QJ4m
.s!b
:</p
{c7G
Ji!Qu#
}Zc!
~U$p
oR^
;#b
."`:q
'%ioM
QM|!z
R$B1
t\M`%
.yzW
<)]i"<<f
Ew02
w^m/
-uxj"
6#2]
ArgumentNullException
.&+E)-
E85P
Zr9T
v2.0.50727
gyy#XxYE
A-`2
ZTb`
T3cL
Fk`F
4H6|
aN #<.!
wVXTs
\ t
ml ;:]cI
nOlc3H
textFormatFlags
8Zx_
,MU>
]k b
>9'o)f;
- k
}DKbV
Mg[f
;8I%I
7+6$n
FH&=
uZaI
Ii4*
%"}^
H*dDOp
K!eD
<z2z
QQ %
^a0a
]&Ew
E F/,3y[
_au6
0=/ l< )Ng^g"
8 %/
[M%-
<53$wz
X}J<bCA
R~T1
< < < < < < < < < < < < < < < <
JSK})c
i-Tb
}7hkW
|Bv]t
1>* D=
?DHbS
|W0p
ET8r
0iT
_L'D
$l/V<
.}A
n M1N
.wcE
Le6[
9H04S 3
KCf
Md/g
LLJO
fD/+F
C5Z!
hPvzJ
)I9
s_(K.
( `0
`eV} gQ
>'By~
P]F04l
[.z?
|e#L
0$n&l
ix|d
set_Font
}xc8
X=7f
e$S
d8+ s
hX&
/n]-
uJ9l
a}GH^
vN]g
Fvw>x
+o;f
}EHh
QqlG
6Q.#
+CT!
(gj{
R x{
Gz3^
\N>%P
aGiGaG
,32,*7`
~.>/
value
hVl~R
3,dQP
2018
]2{.M
JvK
Sy
(=U
-P|(
!/hf?d
$q<|Um
vGz)H
ZhPUs
y`Zc^`
8g:D
n"mH
0%na
9@E4n
oxP%Z
GD8/
([fx
9E#Z
>PR&
K 7
COXt
:! 0w
iw(V
ie#AE3
4(Kl6
Z{Zf 2
LHR56
-WZ~ ?
KjQI*
\/C4
T9Pr
8=)*
, X6
%\ae
@ DW
|>!$6
I:b+3
3 B,
ZKE^Vd
:Fz%
r 5
cG!;
\sXDL|H~
B#xUr
Z JA
lX'{.
DqmZ
TabAlignment
4RYy
>a0]
$7Tt
_^)d
yX
~kV e
CO= < < < < < < < < < < < < < < <
xIDAThC
}W !
Q6k:Q4<
?!Q[(G&
S&}o[
Vu:o
=|3
$]4t
yHCs
5 rR
FG!/u
mf*+
?Mc+
dRd8Tg
h+ Y
>+(Y
q`n
I(iE
)Y#5nU
hL0]
06f
-}?,
4UEv
=RZk
||+&
< 0Ri
FJIH8@
0oo
WriteLine
0x R
m`xB
Rm r
> Qk
oSyA
!7*4
vz_5
nmw@h& 7
OxwGY
x`c~c
zwO/
r*4mie
]oI,C
6jbT
r(A=
R\F"c) r
~ZPTW
^}qg&
r>CX =
/b#e
wE\DX$(2W
O\ {>N
)~,k
{WL.>
!L*k
&88h
oe%u
SqVI
{AUsY
3sk[!M
c(~f3
d~`O
.2S+
72i%
)AO9m
~HPy
O"v %
4DFT
JS6)p
(=7P/
S|u)
~|u5
Q;}xO
ControlStyles
\3/)
&>M#>
{D2uf
rSNJ'
F" G
Ax}k
}IDAThC
~M~=
25tD
jy@:l
%#;0
Z`yp
>Tz '
ymiA
M$]Fxq
}"@
@YNNO
4EX)
A; K
qV=N
&1?Ia
4f=OrQ
|+aY
Tp[7b
6Z~Bn
F!m)
viJlV
.TA+|
PpCMQ
8LEe
1o \_C
XSx$
Lfwa
E$*y!
,kzdcw
k)hg
vYuP
NhU0cr
R8)P
I*z]
O9b}
DmfwPS&
eL R};{
PaintEventArgs
<vIk
]JT^F
q qJ
l*{C
!*x4
AssemblyTrademarkAttribute
r p
/fg_
\zl
nJ8n
K#J\2
I+x(~
9?E"
*$ A
n & A
M<R-
3l2)]%
?]>v
uN~N
2-Cb
cK%y
#.oR
\B+D
C5 R
k9yl4w
zj _
g]JBb
0I4'
a}j
>)YD
K ca
E{sv
"jGjD1
$rNd
9k~r@
[KYp
tSR
_Ykt0
P/ ou
b(n6
~)~n
"s(E
\!g*
OhVH
*p
U2#D
qNl7Z
C]|O3
DRwr@y\D
!Llx
,*fn[
lL"
y~ *:
;?*c
d +.K
W \9
KH0r{yH
\[va
3XzT
L}5t
bY'U_
Y_QL
PmrO<
^11F.gu
ux7gG
g2\5
}U>K
od?Taj
BaseRect
7N5Y&Cc?
gUE5
]^ B<
R:GK #
\w1%
.VCm
j:p_
K{1K
.y~I
/sAv
ij&~
StjsX
LP:
PG0.,
System.Reflection
Xv@J
]|oh
N@U,
M/3(
WCkRZ
:}Vi2
oFi'D
%`\8Q
nb7?
{.Z
JpvE
/0F }
E_S,s
#rb z
F$ab%i
!'g@
=VD6
F'"8
0y)ZX#WQ
t%Y\
S),
li ~
?+ZS
?4k'
] k]
JY'*
PhUm
',E\[(
Sv~ ;4
9c5O
Ep_TM
k!mQ
js5e
vgyf
[R>4<
v*}{
D }5 2
3RK
dD[2
@Qo]-
)FX
IVUU
lt6~
SHH_
;~[F?
w=R]
KB'Sq
7%\oU
C04t
1\kfw
j-;{
u-,k
uFE8p
j|r_
Q_U'
-qL^[
@i\.
4{;0
_X$Z
Nq[?
I3klg)
-Y{K
OnPaint
7c"-"J
&R> eO
E#9Q
IwHJ
(c7_=
_E<i_
U^.
OnMouseMove
}3*l
Kx~F
J:`~
X !
T~=2
3w.]
";i?|
3KN7e
=1i
+Dp<
})EO
<8e^
8`_
=:)s
B.Ue
Mo!Z
!)Rc
Console
.2m n8
Ta(w
q'!n
]. U9
CEn?
Olh2V<QAzN
pz%d
j<&]
V+'n
Graphics
V]y%
7vZW7^c
matemdeea.exe
t Wg
|^hYB
e#_*
;=*b
l *r
{Nf?
'[*W
M\ry
MK#e
"sCL
R"(2ud
zB &
?&C?
*ni$
8ec T
T`LW
b"*\
ITJ]P
d~S
u3 46
S33u S
%0k#
]Vc)
QHxL
[N
J2Va;!
oY n4V
FAZ}
System.Collections
pw(z
T.PSV
s!Zy)\
SeparatorPaintEventArgs
s=*,
?NRg
g KR0M
bV}E
wG7~
@)7j
VY8t
9BbW2;
q@1/TD
textBounds
.x,A
ya42
SQ,
t F|
get_EntryPoint
-2K;
1c:>
)>K@
*8t=
"S'
!-Sb
u\A'H
}=l
8nUI#
d0?-}T
NWg6
D!ovaVg
1_#%Z
p;Qd
fUXO
BaT"
YsaWqY
:PUx
v!i@._
nvob
%e@Z9
D5g'
)_{
$r %Wkf(
k2&[
Pbm=
IFp]
Bhx?
KZVO`W$
iEg(
v 8
>C b
/~
"'a2
&U5HK
8kRhs
>= Z
aRa1
@ '9
#{F'
S -G
Cdsfssrd
=kAL
-J:Z]
MSa?
bJY^
v5wB
EjI$
^au44
"'aF
t~|p.
ydQ:p$
}:I4D
TextRenderer
eM }i
Qc<j
4T83
:I((_.IIk
%O]/D1
)x2T
ow"F
> S<
X3 2d
Z Yv
CJKz
System.Core
XT>;A
oV[mR
rYkM
7'Gcs
nSsK
/UzWv
'/kx
?xGf
LHD?
M@#z
S/Zb{
VueA
{["\
L+H~
Ta3p
}TR"T`3v
;"0p
l ;q|
zY|:
r7~-
[+zX
ControlEventArgs
IDeviceContext
|-la
\Q^a
RJ-U
eL}#
I4W&'D
M{${
`MYf
cMzG
x2ka
&jr:
-f}I N
E:>&kF-
|QO?
4{T&U
h~YD
jNQe
sIz9
;lA/
~\tkq9
GZpf
VkI+
MG}i
W]'>(\
)b2`
DmuU
M1b!`9
Qvti
&T'|7ziP
e1=3|
jM U
!l!N
/:EU
Q-+b
j'a@
z "S"
X"`^
IEquatable`1
}#T>
v9v>
iL2Z
SuppressIldasmAttribute
uWU $
Uz#
R\.V
6r3&
^c[EJ
FT+^
xRho
u\YO
{tw)=J^`
}Y-z
"I.d$
@cu ^
Ke_7
1-EwT
v< {
L@'p
}s1W
^Q9,
f8G,
]B((
Ijxk
M=76`
9 ?d
?Cz2
sE0o2
G: l
*82%
M!4t
w ntpz~[
JKBf
{j7
eI()
,w75I
)pDg(
1.K1
1.K6
`x I
!+zo
1.K"
1.K.
:CxX
:.H0
uv%l
kN3+
Zfwe*
-hJ]e
wS bt X
}[l{
:Af
WYUI
1X[Pn
Datw
}W7SNQ
Data
uw4c
~Y*F::r
JO
{ '/
LHC46
s {{
!}8Hk
jMX|>f91
,F+m
pHYs
>M|4
get_TextFormatFlags
@ 35
Pnx
S\lT
%~L
S,Rb
Q_\!oK
GLBX{;
SvsdS
sSuk
{7%)Y
S\lt
]u4TY;3
(^CQO
e{L#L
4V?5
fVt6g
i p/
-06!W
()F{
}2=
ls>#
4Icl
)?Q kLT+
-n8o
4w{cF
D+^^=
(gX&
Byte
O3 t
f3$:
7[#V
:dK
%ir8
('+;
OTRG
[Upb
!hO!
}&UI
paq2;
7a S
]A Q<
)^IVI
#' @
Qa]A;M
7]5@
MF*fQ`
Qod
H Hw
gMHF
"'g@
E08x
^Ko^!
>]RJ
m895
)iM~
'`t(
lE3u
T{xE
SNQ3!
Ni}DgdQ
mQ|P
UcbU
vz:d
kmKR
_ +q
.59xU
zEMFn
(
ZR%ge~
_M%.
57Cm
Eq^
ZMmN
_&QM
lnB[
[4 [
4SP3
1\aPX
k5q/y
]& 3<
r =lK
j\{
C!7=
j@F*
iXyX
(}%Sj{^
/|5cK+jX
p[}OU
]lnS
1F+6
a`;hk
sbJn
e^E-W
{ZDk
s.uV
~`S
>Wm>
otz>
X i
UGvaU
Gf)Gg
E9v$
~ Vo
uj2
oR[
{3NLw31=|
"'/V
mH+A
X /
Ib+^
TabControl
_R.e
W"K~<
@ePO
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
[*C$s.
Ua0p
j*S\%
2ew:
+c)0
d=qz2 @P
5=ybb
36&c
5-A,
k .E!Lj
&2KP
36s&O
xsA6
V(EkC/
5YN@
"%d[
7FB_
e.Rj
j[2
!x)
vHB2'/?
fe4T$$
YA/X
{ph Y
9 SZ&4l
-y[~
9d7kw
Kqk
|e+(
|>-;
#g}h4t
sJ387$
TextFormatFlags
8"ne
\'-k
h&\/
/F$1
s +.s
@c/T
m< q
*ZnO
,F)!V
.jQ[
M!:)
Jp8)
O}==#
>&}BG
ux9W6
gC{#
z`F-
m~=3
7[iD
~F s
Ui}CW'Gm
tq?}
lRfp
cA+\C
B|uPj
dOR#@
x?Yd
2ys8
mEzQ
@O\,
"r/)^@F%
$;&&
H Y9
get_ClientRectangle
get_Font
1IUm
C=;)-
ZO y
36ES
q+F\
lf_z
]pOg}
^N4S@
|61 n
NQYO
^?7E
;JPfN
ynE8
#'g@
A{o
y cd
{POh
QOfF
J}<
6(+"
J~7B
.caY
f $U
YsB'
" iU
yXD
("@^
/5F(}
{!is
X 2V
t<k;WO
Jsyx
Nb<>Jz
A{4[
yX> c
ikqU
QsN{
C4/Z
;V$/
y]w'
|xoE
Ztx'
}HU@
n;"O?
iB _
Append
PX.1
eJCE
f2T)3
5jtF
;LXUi
IO`x
Jhq:
nG .
0a<g
B< ^
'P 6&&h
v<_!;
H 4i Z
zJq[
>enpu
&9~vjR3
_,*>
Ww}V
5rfs
g|@L
%:nCvh
e q
X({
DrO!ZV
OO jF
"'e@
Qi/$>z
j*g
'AGy
'2[9
B4F0
]e >
m.fW5
4e6"
S'r\
PMF+(
B,|
UnLpr
9t3m!
C=oO
g$mH
=}C
"b(N
get_Message
height
}LX
6z4H
W,4"k
>!D3
U:ew
DKbo
Ai&gZ
/4L< ,
q*;V
&~ZU
8Bu T
]0/9
Sj_
8boj
; ,}
}O4R
9|)j
6Z&'
QMaE
4Psb
h:6 :
=HCS
xRkc
RD_f
(Ffl
ZqDzWW
a^d|
J,`!
w$S:
{Pr`
BSJB
E,2:d
BSJz
qT)*{
h T
W $M4U
)uGp
MeasureText
Caoy
[ 8<
sI~k
0UR&ja
xva
R=dW
h<Kq
dN>(
h$_uW
q~Ft
=7C$t
gbPR\}t
h1j=}j
*9#*
TZ\
fJ:
FfYW
PtO"
J?\C
P{e6
OA`W
_guY
K5\n
))hqS
HD U?1
t#I8
I^._G6
I+|/
(~"d
<8cf
yKF5
9 ?4A
s.JV
*s|#6
BsCx
V?}GHoG
n>oB
uSey
{K t0
0::-/
$[58
_8&:k
?+
*+V=v=
3H:G
:OUi
Uh0=
#\TB
~Qj.
jH|,
<pLKW
x2t|I
"' 9OF
]( 4<
s>jL
~4:h
Ky <8
(X&r
-PB(=j
P '~
q'_O
el}-%^z
2Wcu
XDn>7
_+*8
UIc!
:=[
iqaP
<tk*
3 X
8,GO
i%7F
,T#t% f
%>z N
` v qBZ
/6h]
8aJ,
7Vsp2
*Sw5
5a |
H#MK
IEND
$uO_8
cm:Dp
IJywP
{tFG
H4qR
gh0S
*A<m
s?J]
s-KQ '
K[#
8O
tNP t
matemdeea
P&u2
Ja,.
lau5n
!pc#
VQ <
SOzuC
U.-?kv
DaX,
StringBuilder
Hl41
TabPageCollection
' Sc
7['H
o1qW
j!Rw
w j_
bZ{-,1v
F7 $7
EEduy
PV{!
$1:G@f5
3$|-
_qd4
/w6<
+tF'
<C;Ln
vtwk
l\H sx
$6Fuq
cy26
qw>%:8
VIou</))Y
|cA L
iC:~
ys&U{
f@s|
4Nc&
?fkZr
ZqQ,
Q%_e
<[Nuq
z( ~^
abKTf
~^I#
i _
T1;6hf(
A6ho
?(hev
"a.-
H45
CjB5:1
4%+tB
Df?,
a^+Y
X=\v8
7Yz/
M;Ue"ven
O~[f
ZlqUN7
WY#o
_QeR
3m|}
&*v
$c=_"
Qm1,
C81X
=/Aa
$EzF
?>t=
^a<s
String
ga }
o!-&`
; Z*
&\"93
r{R/%
InitializeArray
Jn`
XR)
Gl*'
&q)I$3
9 |1
` -0
$bC
jP;/.5
/@Fl}
\]4N
hi?,
}(S}
AcNZ
p$|D
D4 {
q["E
<P+d
`| r
sYO.z^
IC i,L
t}|f0
,=*Q$
C^U;
A,= U
ihh(
Load
E,%~h
@Po3
1BKK
'-1B
_LCeTa4
M/H
!dj8
l/4Y
m;H~
xX3
z<*?
\,;#8
gQ}q9
'vRi
H{lf>
}Q W|!w
27X~
c}QeA?
@j5|p
cX \
602[
W_~aA
RuntimeHelpers
KlZW
]* 2*
n:]
=Jk9
&-Z
[-46
apQjN
^Z@R
^ RP
&+@r
. OR
ZS z@
q*qU
_@7T
"3d0B
Object
f~JOJ9
zL2z\f?
b6Bk
d>Kk+
KfKA
{`p0
v}4z
`c0$
f;cE
&A$C
:DL#
5d0p
l``\
^`mN
jm('}
2Ba@H
#cmP
U+ Ah
YDyY;m
&; m
4Xr$rd
[Q4}}
et#-R
~33T
OnMouseLeave
jc%
3c-9d.
h]IN
~UwvO
>lyr
tX Y
pfd.
}&zgc
fGm7
PZ|
q~gT
(X(+
o T6W=
CompilationRelaxationsAttribute
\{=s0)m1
8ACXq
Uy&SN
\-RK3&Ey2
8\WT
7@U
zq\`p9N
Va0p
8\W$
E
}VP
*e0p
'_fm
hhrf
_w>
WEwH
mI?W
fh\
9g[E
<o}U[(
Me )
x5nc
ux :3
>H~_
$468
0 ]o
3c'k
XRE
1cNOw
Fk:y
12QpR|
fyW\M}
[/3~
Czky*
4RB!-
set_ItemSize
sn}w2cP
>Me+)
(.r' $
:,Q^
rh- ,
& 6M
'] 6
VA92L
`,+je
i9{K
=z-`
<g(2$o 0
a/fPE
w$Vp-
d6(q
~a4~
/, sx
1.H0X2I
U[#
eTR~g
7(ruP\
C4$<=
x[sJ
QjER
A^YHCt>C
OMk"
kn%u
U1 3@
(#=L
UF/ 6*X
k1Oz(
cWC
H9@
GvEP"NS
MAK_h
)%'g@
bQ+
n1 XI
p@(a
s#Ph
lELp_&a?
JU5J
rAp,
6Y!
U-#D
dZDh"
T0-X
zPDF#6SZ
tK&b
N!bV
H"qD
< < < < < < < < < < < < < < < <
k 0o
ET +
E9DQ
c%A@
Ju2q
GetTypeFromHandle
]7cq
!Xy]
7<xc)
K3aqOG{
XjZy
HS4U(
r3>&m
yZrz
.4zM)0L
~t,5
WJhl
%0~Y
:A[>
fcDRb
= kS
{G[*
;vF/
System.Runtime.Serialization
&x>,;
2xb(S[
:ph5J
~iI~
vP)8{
(<[PN
U0oz
~IDAThC
fktSq
VELB
System.Runtime.InteropServices
$T{
NM\m
].?q7
003*
EventArgs
WF-+.
]ZEE
U8(`
(MrK
^+kk5
<?E*
!YOc
mo0[
}2%dC
System.Runtime.CompilerServices
ETgI
})$(
tl @,~
zX[_
4.)r
^E/F
Mx'j R
tzL
'&AZEP
)#Z)(
ItemWidth
=2?-
N`b6 e
1{G
nd&x
U1p\
^Zes
s$~zA
Q<td
q(,R
B<>r
wdj
B<>m
F64V
!ZR4
pX7m
';vL*
m@|V'
xN6r
s{3G
#n'z
_>rA?
Wn\+-$Cp
",Vb<
, .V
3ALE:z
<rB$
,lF ~
[2gK
XoR V
<9]* 5u
n6 O5axJ(
3Z]H
.dv/f
Z@8(k
O#3s
W&HzP
> 3 ,
~S0`
>wII
M=A'L
c~,3
Z^MI2>
,oj!
A-Wu
.DR
l8LshC
IfgF
& dm
Kkj
&4-r
w@kE
1%no
lfY,
2.K0
}#N5
`&jx\
dn\%
7X+_V
-i?C&
LalU
Lh*.
KT C
~ K
,HQm_>9
bNw;
x:}@0
10@%
OM+pd_9
-!0ZFwL
}MDi5
(Yr Y
),GQH
k)A:
/KC }
5 mN
%v1
.=6QE g
s}zh
F(8v
jQxs
V3x7
v2!D
~G*'
W/*ep
!Ew}S#
IEnumerable`1
A2]#
aOce
_?JY
+{2N
3exF
v'$n
q[9S
T/ 2
1@] !
;OF=
(,73b)Uf
bN,~#oT
2L&(
Ft%uO
'B4gf
Cs?S
m^Q1
cw]W
UQp-
zA2|Q
{:Im
)uM!AO Zs
Qm~2
s0,%
g_$-
?ubZ
V) pN
J$4
"Hp@5
g{_
E}AA
@VQY;a
SC"&
bb}K[-T8nu*@
*<3K
System.Collections.Generic
#-v<
N$DW
)MKW$
c+B2 _
az$%
L]7a
+i8z
.%^k>f
Iv a^
5}J{
RCiu[Y
'QW%
System.Drawing.Bitmap
bNoBO
D.(
LBjd6
:rzLn:
"}@
{_h_$
Wa?*oz
jFt0
R}$I
y6wa
r_28
|Ksg
Me*
{Rp+7
*Sy$
zYFz
{%c ,
c4c##
`:1e
N3 2S
eFam
"VJDIj
], 5<
>45u
*vE,
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02b_64 Seven02b_64 VirtualBox 2018-02-20 13:07:57 2018-02-20 13:10:49 172

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02b_64 Seven02b_64 VirtualBox 2018-02-20 13:07:57 2018-02-20 13:10:49 172

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\oleri.exe.config
C:\Users\Seven01\AppData\Local\Temp\oleri.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\oleri.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\oleri.config
C:\Users\Seven01\AppData\Local\Temp\oleri.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\Globalization\it-it.nlp
C:\Users\Seven01\AppData\Local\Temp\oleri.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\matemdeea.resources\matemdeea.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2540.6049390
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2540.6049390
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2540.6049468
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows
C:\Users\Seven01\AppData\Roaming\Microsoft
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.INI
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources\matemdeea.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it\matemdeea.resources\matemdeea.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2820.6053578
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2820.6053578
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2820.6053578

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\oleri.exe.config
C:\Users\Seven01\AppData\Local\Temp\oleri.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe.config
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

Write Files

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\oleri.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2540.6049390
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2540.6049390
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2540.6049468
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2820.6053578
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2820.6053578
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2820.6053578

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oleri.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\410fe546\7307cd04
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\40ef5613
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|oleri.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|oleri.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|oleri.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1e5833dd\10592a67
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft|Windows|Templates|index.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\index

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
kernel32.dll.SwitchToThread
gdiplus.dll.GdipDisposeImage
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
advapi32.dll.RegSetValueExW
kernel32.dll.DeleteAtom
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection

Execute Commands

C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe 
"C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Templates\index.exe"

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-02-20 13:09:21

Detected family: #Malicious

TheSystem Itself @ 2018-02-20 13:24:02