shit.exe

2018 CMGI Inc.
1qc
28e472a8-148d-d08
28e472a8-148d-d07
28e472a8-148d-d06
28e472a8-148d-d05
28e472a8-148d-d04
#")(*(+(,(-(
28e472a8-148d-d02
28e472a8-148d-d01
28e472a8-148d-d00
%o_
Uqw
InternalName
28e472a8-148d-d09
Pulmozyme
0.0.0.0
1.0.0.0
shit.exe
28e472a8-148d-d019
28e472a8-148d-d018
28e472a8-148d-d017
28e472a8-148d-d016
28e472a8-148d-d015
28e472a8-148d-d014
28e472a8-148d-d013
28e472a8-148d-d012
28e472a8-148d-d011
28e472a8-148d-d010
Assembly Version
CMGI Inc.
FileVersion
Copyright
VS_VERSION_INFO
28e472a8-148d-d03
StringFileInfo
000004b0
Comments
FileDescription
Translation
OriginalFilename
LegalCopyright
obojazibeqeyar
VarFileInfo
CompanyName
1773681a-0609-98
ProductName
28e472a8-148d-d020
ProductVersion
:!H!
b7 u
FsE
<?#T
ei&
lfG|8!dlArNCZ15`}@cGw0"\#
PNG
1uKb|
b6
P
Q
2k)zB
fr}}3
^("I
Z&#d
v&EZt
q?d/\
CIk-
'jCk
f`"gPG
ggoVR X0{lJI%~i`t\q/5"Hu
>;sSK
%yBh5
ResolveEventHandler
b&h_

2mt]
UZtJ
k%c<0Q%\Qm)s6nKt(ubZ:"M!!
rzFXhMN
QWQT
cgJCZE+>:g+Dm4_`(JKvT12$)
sbDq
s(O=
4v/d
YrsL|
%V{/
5	J%
0!mC
Ohi6
oFSNX>
"-=daBNU%`wKjTk5R&Z`R <`/
B'la
^o$[r
F-k
5*DD"VTw[n_'*)B@R5!CO/O_*
f{yE'zziC!NqT| ]W]Q3g%wO!
hrO`r
n5j<?
yi%~
G?Ec
Ajjj
X
(,
R/y'u
Ey`~]KN@
:xODb@
k?M
SoC+thk6g^w\5F,\Trqi~1mY
G6SD
d~H=c
2%
e

,
%*iA
Aw34
SlT
M
Ya
]8w%d
}7;"Pg
)	XO
/9I7
||H?
(_|UsSfrdvFqR6kuE;I]=09@"
-a<=
$IN3
{y/
%L3
)p_umI
%>r%k
Marshal
N8}
S=Kib{%mtjCP4QB9y+HFYD5{
h4J$
?J4\
*fJ%J$9P-@k>qmgnHfedhb;m%
Nz6x
fQ|6/n4!4(Cfp7XQ%~?4>O~z"
6Y
GT?M
>&!e
on<=
op_Explicit
RuntimeFieldHandle
System.Security
9N7!+y
<6\%JEb;pB`OOw7Y9A~z%&i|
XJX*V
`IE
*5"08
4oNHy
C#uy
=<Er
6,2X(Zyz7/f|zc5rAgI?h"+A$
< rX
/HE;
y.	r
SA	A
#AJvM
SH._
ZXJX*V
2Wwi
ZXJX*J
EndInvoke
~xcR
YkL=
et]'
V*#gm
zmm$
|Zv<()a
T:w{
K?wv
Me$9O
4('(
tPqX
##iG
i$x>dNL
*NaI`
8@.*
1s[1G<
Byyy
E21$
6]'7+:'i"iRD%SeE\b10wsl&$
!K<~
IQ3,{
/f+YZL>2d'N; liSF@,cAd,,"
#I1u
AssemblyCompanyAttribute
xL d
73::
aaax
8sBs
D3oOo!O
;`&Zz
U]xN'D
L`Q=
a;#R
C` M
LDW|
`%%%
F(5X_Q^&g9k[Eiyk[h(;9;ab#
Gdq 1
&H9*
w7U@
;[`p
w$pm
r88`
gGs1+
aaaK
Enumerable
Y)
=
Z0h2
zTkN
<J[a
w[zanm&?qm>n240?H K7No@"
mMrI
AppDomain
g-X9
U.j*h
K_D/?#=
&''5
.Y9_
get_CurrentDomain
Z
dZF)JShzJ
3s5M
jS\>
*&toi
KVGh
=b5
BLPuf
EqUi
W 42t
4M&''
a0)4
Eo`G
bl3Y
y3!YQgIQG}a^=-WtuA[+_E8x!
,s|A
1
yrpx
AqyG
V9~z
4<b)B]_:/=={y[+$Mf3Q=u&<
Z*Va3
rQN
0p]KQ
cRNX
Cpgv0/sP~jIuu'SE4Tp{[FBF#
DPx$a`
L[nT
w={
vqxX?!
f	$,!
pcb}
a/s4
_:{'
C8nK
p!"7"xB+rNc/gQGQe"+z5:z`"
6crb
afe
$`5I
r^fRD
JjyvK
s		#
|Pl7rI+md0N
>4M#
P%0:
2)^#
>wW
8Ss7:
#Blob
wP_S
/Z0Z(
!Og
.$el
#s/hC
GetFunctionPointerForDelegate
9`W_U
K! v
dG/a
@/$N
udg
Q~>|
JX?;
F#7[e,Ez3r:a9#)YY[85j}z/!
KR#T
,eT`
XoyvAa
NPF*
b9i^
g}i%
uIDAThC
hv{:>!g0_BupH^P64PCTx"W"$
(|G(
cHeY
7%2@
M\
Qv
s_J@
\_~:;z
<C
d
Type
Mpar
7cdF
LC\[
>p^u
f#E;	zY
IEnumerable
^0rJ`
@>qT
`CvP
aRN%
^K,%
$#-9
U38n
oooj
f;_J
}xZqWD DXe3G&&1+$Jt(}c@{(
r9skQ%
60LNyE
.]ZP
7`@O(
'<af
w#k`
:QRq
>=bmH
Cdl_
HP?2oRz,>Z](dZ&qc?3"WH!3%
D}XNtH~`q&5J9k(QAVb>5+GW$
I,{{
x:(x
+Q)rI
{I^N
d$LK
{	=
1iAw&I-}
Char
0OWh
Y,k*
:9/
B"Y
TztM
cR~	U
LN_Up
mNs?
|#K)
Mt\c
h;?TEE
#bBgkG
'^J+
GetValue
II$xS")J
_5v{
ccc+
V<6$
QjY)
7
u
@Jv!
cBo9C
vQ`M
4
UU
POvA
KW&G
8R+o%b
qiLP
gj/!
rJl<
okn{H?
dA:9[R001^8cuv-DZ&):X|J9%
nX{mm*DjFt"*GEy0ku\QT0/f8
dh	[F
X3uK
r9^{
zFaG
FnnC
h&G^
8Px1
np-z
MmQ;
Wm"i
ES
+<
mZU
+LLL,x
Pxx I/S:]Y{g-78!O=1#?R K#
x)I8
V999
cdW[B
f2-$
65X9
`d	ql J
^#D'
~c>&^
W2yb
Version
{9aZ
Tn.4
#)B(
\9I!
c4yq
kLC|"&(KUU}j 6`LPe/\|h &
.@=o
IU#gr
sY>x
9uL&lA
Es6I
KZf
na1[
]}yA
g
U5>>wL18`F4K9:A! Zj:)PAF-
}===
.text
=1T
dT^jy
GetString
TIx#TDS#o!bEzDjPR6O'G3:5&
&TXS
t#bs
lQle`
i8ES
de$B6
YS6Oo
fZq'
v:A&
)yz
E\NW60=Y1$Rav7VFX@%"o'p?)
u(\Q
*3C
Q {A
=<VW
G{-VS+A
h*wM
Af?)k/_2,]X}A"S"'W974Lxl#
Z[
|?,'
[g(N
N/6
ELf` k
z^mzy
CCCN
]'Q^k'I(#&)}2/s:XrZ|-\C,"
C.6~BR
i\8gg
`14r
td8r'
A!GB
"M9
4o\b
---<
I"q7
?s-!
chCP
($(O
`HAP
ji>v$U
iUm9
YYYa
G3#&:W}Z^t5&HalnDQ4&!hNE&
Hec?
76=6
@	M_]
:zbN
C#-/
Sm3=
7;K/
C_h#
~f\S6,:>3oC4nCQ0'AcA2;\}&
T<\q
-C^V
L${S
<c<cz
fs@;O
96B7C54AAB2A025279A23EAF9DF8BFE02DDB6554
$>c
D5V
y xtf
R)^z
*C	J
\y~wMq
uPy8
,-[e
@NREH)
Fgg'
BYUt>l
I9i_
Rh+Q
1_@$
:0L
.bX$B
zuSU2
LL$	]
QWm)u_
R>X 7>|=MAQ\r5|U+}5?D+9x!
\G3^g[B&bw8{v]?V#AKt m,)%
}Z?~=
Mo
{
|3%~
[7\)
`.rsrc
~,uO
EP8$2uuAn X$x6cOI18Dx>uI"
vw)
P%?H$
6W
#N(-A
j@B(
3XB@
8-
K
\~Ba
kernel32.dll
8>0A
i=22
ey,
_.wF}T
u~8b2'
)/d|
y,9f
mI&J
y{KY
awa|
o{\?bs
B-8\
|$"je
G[Eh
+O@
>Z
!uJE.
:	k!
/Q6?N
36\bw
nK"%
RJf
2jn
fW_FN
[p2=
$Xm`
!$V~W9XHr\f`Smc6V7jo'&?<#
fcWe
Labeling
lER;=
nQ>*
I=tc1
r S9
+ctC
NW\7
%4eGp2trz,6,!abm&PT]_J/T'
~3o-
Gi
\ru$.
rCm
By;}
fHw."
5/T$
]7/e
of	lh_np
uR(Y
5wSR
(w+
:s[^So
(iJLRl
A)fl
nD|_Tn
3w>S
yTI|
P(055E
n-c$'^
:(BX
e^G*0`
mC6Ay
Xg	;
m!!
u/4<C
X[Wz
GetProcAddress
t[3w
$S3+
EbhN
xPzgW
>>(i;m
H2	,
t895
h;?T
zJJ'
czz:N
'A=NkA5p|'V!(FErI+`!7f+>&
:qR3s
e
kx
!Vy2e
3]W7
{yx
7\b9
[hih
?@D0
DfxNB/
2eHC
]vA
h~[$
9D+
)ssD
Zr;W!DfML+K`9&l:$'I+T4Zi
_K&8;|0
~0uJ
Write
0#*
gffzf
get_Assembly
honl
}nc*Js"a{Mj8zvCC8>LF(gYR$
}a:v3
{W84
y*]#3?(B3W~L#f mRaHJz6[a$
K{R#
;|dEvFY7Y18e/We3O*>Gw>:\#
Eo)j
(Ch9
S*-1
[@-$
b1t]
<e/n
n)EA
9s&+%
Q(2i
]7Dm
+{CO
WW8GH
.J	T
~G\k6
*jd]
b
'eU`
8iZ\X
Uk[6u}
qFtE
sf)dn
N82
System.IO
+X/e5Q}
WrapNonExceptionThrows
hK{_
2tMTI
z `IS4;,o:WF)13Jch!5i@WV
4_Q
^{.$uN
P,V?
0^@Z@}
Console
"v"7
9S5{H
)WP2
bN"A
zltHJ
P!
v
ZXJX*
x<];
YC_{
_W^[
P5y
^~>Kp6
gq&ha
R})t
Axqm
~>ad|CooLed %:oHnFCi +xA'
LV;s
j6i%
S/[:
n
>r
3/f/ld.~
lBh)
STAThreadAttribute
@b=:
$F"(`!>D|+#DP'^\ckK}Vp$:
L{{{
IHDR
7W0qUBlz@"k<xdcAfiwO5b91%
QFm
<~4c
y_7^
o34p
H}QK#4
)O}"4Z0hG8[GN+ d4*H#tP0p"
jw}P
1
{t1v
ojZ!
xQvx
]kS;<h
y$cC
D('
x('V^
h<'av
tR+.[xJ
sSu
I{Q5j
bXyN
`,sE
G!pYg
07-K
1>fhEEs(pQORB46BZ5{}JL-0%
%o(0
System
J;	&
KPQW
-\rz
"~	%
E)?&2
p*{P
UaO57
%Xy
6Ld>
p>[,0V}L-?c~S"0<'2i3cNE$
f3Q~i
'Z=
{Ig
G
mZ-*V
#jj[Os
pm{BHA$CKSBi^t$/~G8(f[z}
,#=d1
:FZ`
^eVA
{ec
<(
{*+M
O#tmJZfp%V(aZ?@T)G@]j8*:'
%	E,
`Z #
=e'"x_
oi{K}
GQzu
yNx<4
oIDAThC
MethodBase
#Strings
uOC#.'
3+v
wSD?F
FFF;
:
A;$
4H3@

+S
$$ 4X
5	0yy
'sV|
5.qf=
iI
x&*
O6{d!
]5_"
&kk%
AdC$
k"I$S*28wB9i}$^Ii+GF>^+{
gFGg~
e.i4
AWw{1`*aC@Z|LF_J$FA?l/a2!
!UxGJ
#,]
tE\,s
VirtualProtect
&w@s
pbmx$cDfHWkc&1<UIz{k"kx<"
"###x<
dn<o
.jWxs
1&JA
vE@!hW
6mrFSn
eRI
fy
1{`u
5e#Tf
get_EntryPoint
P%Dj
@LVm
A1YhK
wlnZ
d)9PcT
z#*W+hda\Xi5h(A[g<h9"} Z!
&OZ
J}{
1eYf
{Mj
~$E0+_o
:%<F}=
L
WxEkQ
Rm0A
|
-f%JjG<4?svk5UK\9as;'X'-"
GetType
CaJOb
s%8M
;x.u
et<5
LjAvS
x^:8
eT7d[[
add_AssemblyResolve
``>CYc
IDAThC
:	dI
|[E%k
4KNi
r
?G
`t:P
~b3=
%Oxr`
I)wh
Ce:*{w
OY[D
~D-&fc!PC%HDN#K@oG"qp)M7%
~7j=
(5)
]XtS+
_3-@/{
56hS
(q+F1/
fl}xV
Ol+3>
U]XI
n]+3
||Lyt
]
>4)
m|Jy
dX-KG
4VJS^D1_R2 UkXpJ%<X29Fq7*
|~!6
i]7_?=M{Ir E+rKmquOiB+RP#
{W91
:v~3
i[=*
dJnK
X,Q.
:a
:
L}|z
#F0>c>
FtD]
CL0
YW8f
@}}}
ri72
RGs7rfUh'i=nQT W%kY}-hx5!
ECMT56#2s
Intern
[f;m
?Xlx
w^5\w:];[7\$b 1HZoN;'&*!#
p1'0
FMM
gb_
t
ai~%

%.?s
736233E219BB7E039E52BC5958DDD47D7EC53D9A
'P{)
4r2
get_UTF8
;?Lc
eVKr
|qkq
rF:b
x@94}
X90v9
|IC<
QHj]
333N
7;{U
o;_6_d
[dj
get_Revision
%J6
{ek?
$KE
F*X
[YYD
mU2B>
6W,beBwPFd*'(&+]KnWy\$x_&
LX$|
onut,
Sxxx
x<^3
)
y>$
]Ho\
"J:h
]^!0
S5b
a|<{
-s_S
(NgT
<CF
Sek[
}/g/
MIH
dR{x~
.S
>
]Z~b
&*=!e~i:I
^ng|7@*
/{3&
?@2I$
y0LN1G,+S[GR5=MN0tT ^5{B$
fe^c
_+hm
%!p{J6M?bK^MECQIFzD%6lg""
7
{p
14Z
Y0u$
wRwx
{\
t
(%r
z.0t~_nf
O,=l
ho p
e`
`|||
aXNT
{vO%
}"{cZ
_5J|e
System.Core
lb4j
]9m}
CreateInstance
!6C3y
S=Iz
[7h[^EDBHl!c,7QzlyYzCF%b
>xa[+O4D\t*32c]nr+xA_5{a#
7\ks
oU,&
C7=/
eGO2
Delegate
s7k0
VQc2Rm
A\$s
^tl^@
;QNt$VKD4PvBSS*pJ")UKI#_!
...D
akR0
%B<mHw6bINN7K]xKDq -&n{M
(
4Sw
E6FGk
vwws
1pG<
(nK
@T}-GT
SB/i+[S
X
+4(,
Rqlo
cFtP0T@
vD}?)\
DqY"
|}19
cc'z
ModuleHandle
r,I)
Pyyy
IdZK
*s}k
t/!bY	1
'(<f
7}}}
a}&hy
t+-7
i@Y<g
<Sn:k
EgJa
iIDAThC
[
^Q
<]BT
d3.b
:3>~
%$']
{Jm-*
W,c
~TBT
-4p7
ktJw
KdJgr4;J@\l>?@1%84(Q7`LE&
-;}f
E)m4@Qr{hY:o&C/N+'\4@=jV$
get_Length
Zwww
K%-ERN
4%UW
;p:$
ZXM("
46$&n
"u~
###(
|i&*
GR5g
RB"A0
sfl<
SHHq1v
C4"/
p
IEvidenceFactory
s/3n
2^,P:
|r7UJ
&}{
F7M};
GuidAttribute
Kt5+
Oyyy
c|<>
uGSK
;[lF
$ILOO/
ip*"OQ
>N"6
_{Feg
+v='9%Cn;+sXW,[X"?&HsfZS'
kBs!
zXrR/
*.
hD
]$L
Y,K
=XJ
;9;3
V'ME
Un;t
$g#)
|;hf
,N,ad
e]u6)
nn-t
{Y,N
(aoR
/Tx&&(
XUSV<rG#
z00+D
<1}|?
JZw^
ToArray
GetField
0+b

Wxxx
3LY
Tt!y
77	i`
H/6'
BT1T
S}N'
2T	kkK
ULUG
&uO<{
Mr]
$)sw
3s#c
0
'
l0cJ
\Mo^
QW,
PIqN2r+fJMty\8x{wa/*,Sb'!
#F!eZ
UInt32
\0uc-
e# #{&
;s2yM&
get_Version
>/GM;2jY/*82$M=L?'D:E;>B$
yl=
j
8|{
c-aN
@u|}
>bTj*'
5
Yb'
ToString
1@1I
*y
j(I
a;C}
U)xp
|%;T^
]^w`t
)lJ
<h
n
#Es\r]Ya3qevqUt[7b&:g}z_#
fk-M
8Hs<'
LIx~qk5U>a_[Iz<DM~rM}Pku!
cA)D
;Y<=
X
w]8
tMRbDi
t{hhcia{0R5/qX`3QwBVV}a4!
bt4D
]|T|
C?%Y
U.&	+T
Ez>*
Br)v~v4=Vh8<lKcuMb#:<7Qo"
sZ6_u
~\%e4
:s-.
9fF;
IBtTv+CCr[hxo*:G9C#*[tTz$
fVfy
mn`p0y
x!uh
_foWE
pYMo
U.!~6
g Bv*
V:J
*]66
YoN,+-
-&EL(.
s9v~A'N{@\[
[www
y.sp
VCVx
1Z6A
2	uz~}TA
I[1]
p'$YDo
AssemblyTitleAttribute
U$JaX
PJ-^JZ+w*1ZOx4ZU_QW4JV^V
zrp?
jTr8
?7^]
X,222
mKNNK
m{J@
93Hj
sgT
K=)V
Rle"
\T/a
sG/2
\wEs	h
^zBP
E2Nkh
yti<
!9=g
Uxxx
/-^9p
r?\
E2IWhHq-2
r6y0
5kX#
C[E[
fVqv.
sMd&ocj+
iM4	jS8	jQ7	iQ8	jP7	jN6
l	v8
cquih>k-SH6k28-{cj%0U\K4
5r)ul
Muo7Es2
(Av7r
G7zj+]D:]YA'9XBe>LZ2ZE]W&
X4	o
cQWl b
<Tcv&

CCCc
JZZZ
+~"k
a~vH
oz8#
@5ti
A/S
})	}lnst
Q!]=
\ >X
Data
[o$og
^2h/
xl(
4crj
5'A<P8Io<IC(DW>SW/Umo<!2'
uBH_
SnNH
";#GA\9F'W$lT+6/pl"XTg5@#
np`c
fou,c
~L$B
yr%<>
+	1"
.
7?
ptOdC
<AQ
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADM
OkPdF
cF'D
=159]
Ozzz
pHYs
.ctor
W~{bb
\f#n
R74+B2R"wSr*GPNc4x s%!j'"
wH+;]/Q
$Zp4=
*5pH
get_Message
55t^
8==nz
DQtf
ifgg1MkPVUU
J!'E
fyn1
S^'a
|4%r
5]&~
I|58}"l\mzHc'8etBHy"%-\?
!>1FQB'URC+Py]a9Jvd}w=/=/
Bi.M
$+-;^
4M6n
Invoke
um+8vQj_
h^2s
Yob4p
YncU
OBS)
,YW?
aMLn{@L
Ryyy
whGc
[^CF
6BzA
!8E4
k@N
r*LlL~
~SY^H=
H:?k
Rv}d97o6%YtVCu82=Dv4f9<z%
w=z
B%u=
Module
[LZ"z1q`~g rruXkRX>U&B5c'
Bzu:=
Array
rTnG:
):DZ{
j!:
S'={
G}=@
+o^u
@.reloc
XR6#
`ALX
NR9)88$rlVx=C$|jVl~Ij0'\$
@Y< 'h/
cdR
[w_J|
]@N
8c2E#bB
%`[D
?f`4
K&FX
4ZX6
(}[
3w	VF
`s+
/eKnk4B,\,3$Sih&rvG{^U}e$
Byte
get_Chars
2hF
"h~FF7rH
n.w5
m~#
.022
Pd>L
>5]D
{?S`u
n'8Wv7\j_St>/e'T^XGe)qZg$
am;tD
9%+Z
[t6OJF^]aUc0Si#iV4H3l< P#
fVG2O!
j'<J.
bAl3
E	b>
.\`zz
n
~~~=
cm@
1Auf`
N{{{
NPkr
s[f?"
("ffu
GYKI
^.Lu
/9K+SH
6<N?
x5-a
?qc|
SNxK
g)]6P
a]7p
{HUk
^stO{
el2!^m
!2m}
?Ld%^f?gV;:K@3/w=V`xkTq4!
3w}%
p( p
gwY*43%Gpy*)5&hVBA@xOXo:!
`ui_`
DSg
Eq
<d^z
[@vV4
]+?,l
x<N.
KUUTU
c&q.
{=DO
, F
set_ForegroundColor
AssemblyTrademarkAttribute
Qyyy
S$ErC
Zd3?
xPTpE
a+AY$1tX9(EnkW*Q1EbX ^3u!
BXS
FreeHGlobal
7=Fnl~
DD.x/
Wh	5
2'_aUSbBQ<:p}AX:<+;WrRKl!
jF).9
(c$?
n<)M
xPbi
jN7	iM6	jK4
O*q\F'
?R-J
^G;UI;S)u@%mS7L6po@)N&Wj*
uPyp_
l9B2
fkY}\
]*`8
4x)0
WJ(u
~h8Jv 2p
C"1R
~^6Ht%E
Orq
v;MMM
E	TX
RuntimeCompatibilityAttribute
7=}
iZE5
~6]
SGP	
R
+R(,
<"t5.Z
={G6
Assembly
Zi>#
4Ps0
W(e
)?mPFZ7xuCbmG|@gD,W$LU@F#
@=3%
vxGo
i&zq
.I<h
eq
'SKM
Nnd
`M;>99
TR`	"
&dhq
~`
]K!EOrk3
O<C.?)m
zJwq
K]Jfr]0_pcLSy#MYM@G;'0Eg
.[Sx
*>BdA"wA
%e9a
!"Rk
UJP;.
$q[
S___P
&qt\hR
>x9YY
o73`
l4A
:}4Y"n%t!!cd7B<G0]uu`\dA
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <!-- UAC Manifest Options
             If you want to change the Windows User Account Control level replace the 
             requestedExecutionLevel node with one of the following.

        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />

            Specifying requestedExecutionLevel element will disable file and registry virtualization. 
            Remove this element if your application requires this virtualization for backwards
            compatibility.
        -->
        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>

  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <!-- A list of the Windows versions that this application has been tested on and is
           is designed to work with. Uncomment the appropriate elements and Windows will 
           automatically selected the most compatible environment. -->

       <!--Windows Vista--> 
      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->

       Windows 7 
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />

       Windows 8 
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />

       Windows 8.1 
      <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />

       Windows 10 
      <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />

    </application>
  </compatibility>

  <!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
       DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need 
       to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should 
       also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
  <!--
  <application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
      <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
    </windowsSettings>
  </application>
  -->

  <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
  <!--
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
          type="win32"
          name="Microsoft.Windows.Common-Controls"
          version="6.0.0.0"
          processorArchitecture="*"
          publicKeyToken="6595b64144ccf1df"
          language="*"
        />
    </dependentAssembly>
  </dependency>
  -->

</assembly>
e\uzv
}W7S_[
:D(EG
U D_
5#s@
IEL)V
^]Eg
O	2
nrM8W
^1T[r
;
N5
BD?{E&9WgkySwJB3$A_/u/o&&
mtwl
M>>~
>\?,
(Y?!
@1	c
DDD;
bIP}
RJ;Xu
SRd`OYDqf%*)[{}Fp2N;}aM'%
ou20W3
q1Y+(PaeZd;Zi"caOz9q\f(t
w`V4tK
4tdd
@=LRQ
W~Jw)
a$I[NbpSI/N=|^qC5{;Nh;/R!
;iLM
++KS
"'4g)kIpxB]_:"Dp%gunn\dE
@uf
7
pHW
=@lpSCGa*VLK,m8l1EJAI1o5+
Y>5nL(
7
d"
fZ
|k
!H]K?
rJLqZ;T|16\XP(FnYJJ0m5qh%
]1@9
nqef	?
Uv%O
)ri%
;+g8w
ISerializable
Gx"
^vo
W]
f}M.
TYz0
Jity
S xBpYO3W6X=r_(QOmu-W3Xo!
67A.
Og!
Z(2
dyLt;1G1IV50C?3+IntUA*5;2
WXGjo5
ZFYf
~Z0v
+g5
[Mpo
!%^
R
V{I
iLW4
Sh}_
hT%Q
'/%m
$
R	$v
~H`m
-V&IX1l5lOp>~z(?GvM|`jAT&
3{Xx
Ib'D(W
OpyQ
pIDAThC
%;
lzou
H5[B
P=U
Yld
8
D	@q
,`cp
s.2%
9jyL
-m(a
qTU,
DlrIV#|3l`itqX|t\6 >};C|!
(]0CPNX*s$M`]J2zdaR1MK/,(
h2;Z
,mm?
]+rh
Gj.=
Z*OHe
%S
z
{s*J
^On;
y}9e
6-/Z
T*E___
)bA;
=0joV
<+8
wK4R
r	@
V
79^19
ReadByte
)bA.
u;lg`F]sn/]]<T"i=0(o]"rX&
Dt.
4
P~|Q
/v"u+
t&u@"J
2oW3
Gf.t#>
0
El-
STXlRy
m;!/
R3HI
`Gg
n,+
ccj8
(iF
AllocHGlobal
k
Uu
*0 *
?Ws&.
AssemblyCopyrightAttribute
k:-d
6pG"
^iqJ
gcs1Z
4CBR
'>wg<8y6P6U)GK2[^8B/T8:3-
+#(R
Labeling.Properties
onV{
r}k4X
*q^Y
55Ha

gvGT%P
Fp]uHxS(
}wy2	Q
Eo6rh;|
$Id2
XKp:o
)hH
H^-XBWr
kMiD
<]qu/
4q[=
V	v/
'aOn
_kZZ
Nl'wA
CYrC
g7:2
_pT7Kb~\L
2&Rx
P6_zT=0WY^mPfS,NHDCz2n5a%
?Kn*
WwX%
G'2F*'r~i\|c3Pny(8&H'[>b#
=(7l
rUsl)R
X&"F
9P*is
ejytg
kdV
DPl\=
`08y
(|||
74)#
ov
I+(
F"({9)
\fff
/]Yl
`=Y@
BindingFlags
r,V,
ikmR
.La'uA,s
n>{g
FcJ2e
V6,|R
i288
JIA@N
SW#`
=5AM][
Read
yaUO
M
[
8=h1
A#S5p
bVoK
J^%X
T*\1|
C]"R
U!wc
n
Z
>K^~o-
JGl>W(
Wlvi
get_Value
0
ej'0P
,[Kq
-U)W
S9|
;Q+
gAMe
aQ2=
7UmR
c-0#w]=?
H_KR
$r1aM
W}j
jyR6
1p>C+B

]C%^
-
gAMA
Io
z4<
K+,$v^
(jXL
FI62
4Cyn
E7e+
_{HiTHKHd`B]nAPg6 -yj7{/-
#JBW
_)b-
Akk+
MarshalByRefObject
=sHt7
u5S\
+C42I
RHgr
wb8~
xEV ehW
.cctor
1$skb+
068}
AsyncCallback
JTpg
xRK@
,dix@
yRwv:MU=,,TI?(6cs?4mBy?F$
mscorlib
60n
-|C!
iZ
1M
NMx|
X
Wx
kNWW/
cbY,K
AJ:F
Gmd&6?HwZ?$tXfh^1}3[&Gn%
?}}}
5=)&
obs,
kmR%
tV`*
OmK0
u:Il
!M a
-i$R
,m^v
5-P<'!-sH11JzN#=XxbDs9ef(
-<w6
Iv{rZN
=T8F"
>q6
{v^M
j9g|
Bnop
*s~
s%$M
ZX	{^
*T*y
*'a*}
0b0RrnG
"+)Ie
0;;K
&EB:
ro`k
x&>k
U"S]
jMuX
Ff]JZ
H	:CV
,Y@XO
3tk
&#k-
System.Reflection
GO1^
-imX
<aai
~^=+Y#4v
/2>>
A"a_:
RuntimeTypeHandle
Rd--
===P
j-	!
Hu
A",
) 8y
)qff
+
Ci
-te`
/H;
>Q~9|r
915*
2A-wB
~Q9*
/kfff
AdYv
Uywm$|Z$o1 b3T9B`#l048Tf!
Append
H%}X
xd8(z
3}cd
op_Equality
1Ks5:t
urz
8-g(`
xtp~
%fgg
ze8,
8VSQ'
z>QP
Nq"}
]@{\
yEgg
'JG,f
%e5#
Fc9>Bi
(|&
s/$;
0.~3
KQgKr$(_]nwVqPwh-BK}b7\s'
{Yk`v
r]3k
nuty^
P>SQ
B<P*1L9OZgdZzl|7fef?8W#<!
,vzAi
AssemblyDescriptionAttribute
CES\K#
9\n1xW
0E+. 
h
j+Ze
*JXjA
|V SSfP
%ZW'`
|>O,
vH@b
dO6BE
{!
-
nLm#v]
H7HrV
+tr%
jz<^>
g0Fw
U?PG
lq-gL8NQYxzt5rRS(d<1Jl$Z$
Lo@$
aCKBk%c
1UDZ~
YN\
Uhi]Z
$
?_P
?&b"
o|dKlhJ
x)%r
!l@]?8
1nes
ConsoleColor
Rxxx
viKq
vu;-
b'xU}
U~wO
;f4%~
z*+j
)/}1gdYPdnF^^wz?Y5x'U\Zc$
ut#B
>B@%,_(0//578'K5Iue9Ecr1/
MOK5
1c?|0E
/Q-h
r*Gq
]2)$
O)!?"OF
5E("
a_3i
5>pD
kPhERp
A,M:
~qx0
<EHu
H|[Vck
.W7
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
I+_`
5XAu
MF05*c
%Hr[% "qBrrsFV?Um,~XfaOx#
hRQ^~t
Ovkr
\\fg
\rI^T
+**hoo
mqT
,
s@~
mscoree.dll
!This program cannot be run in DOS mode.

$
''1Ee
/uo<
+;)a
LG|>4
/r}QE
3c|n9
lpDt
pmsr
LOO7l
5]n'g
<NvL
F0Mk0
3/z@
p8L6
#~4:
x:f$
/1;YK
D
@p7+
:QJ<
`Sx<
59D956AD454E11CB19D38BBCDF00934A2172C343
ni[u
cTxn
JeLI
t$8D+&'L^K9jz3ue)HOi5f\h!
Y`|C
,vpk{g
ICloneable
_nD'&
i80D
{jZn,[
|#ta
Ua?L
jb
$LCi
70ya
])=L\za<u9=(x}A^kN_]zq,`"
g-AR
744D8
Ap
r51Bd?uiJ-/Xo"R8I3@X1suL$
m?Nu)pq
OJ'dQ
Cf$s>
QkjG
rIDAThC
&KUT
;b%}
DB]
w$].
"Z4l
LabelEditEventArgs
N3)@
?$/+
M@Wg
YdXp
;H{
s|	X
YD
f
!^X@:
BSJB
%f#]Y=$ oEZ%*ylVllAf<3Yw!
$te\
IT02
4U;C
pO|Xh
8YSz2F
tAZO
/Zy8
pZu0
'EZo
5qrhc'wSCTfgJo4$&Lra2crH
c(]#
lIDAThC
sN\^~
get_ModuleHandle
SN-f9
T*1>>
fd!v
DGt0|
Vz$4,
7?IM
&8-
YoY	g
IntPtr
\"!.
>lL
D%kR
$uM1
14m&
!!!
]Pf[q
wwj$
2[AO
V#a)?o
uCu4<
!U8vMT
LGbsWX)fMz^#3pA<u$1@`r$a#
;HH.
S7y8
7teM
2Hr:
*26}
W.Nc
YAGu./
&o8^
]}bK
@C!!
g)r&_/zkAOC-w-#X1Um#"sq%"
X6I=
u
%\
F{)18G@b)^<z^;1rIv!DZ?gw!
0{uk
m_J/
System.Linq
V#]#
{mk~;
atT<5#PM$@z%XCkgTDbtJBP3%
g@cLjWjj$:>ou&$y% J6Nt0~!
&Ix%F
InvalidOperationException
u9le
dP>f
,6`[
=k&,^
!N.vb
tgfD
0&\6
)OlWZ
d?7(1 *
sI
%}|u'$
+vw`
%%%	!!!
O+@O&w
1Z7y
7V/?
h#)
[e9t
eyBb
t*0c
AERIy
BNMR
V;>H
>^Gs
ECv1#8@xP#?PL pG@(qHi:{^(
NCV{
5W([]
h|t_SyRuI l&uG&'$P13`,sD
sBKs
BlockCopy
@>
e\nm
(`2d
tzXv
E}1i
KT-}
`_K"XBrvb'ewWJrTjT,X9<8>#
F2xI
DG7'
'~z
4r{}<
>\p
x>Gy8
ozC,u
I&2[T
:736q
58>FF
sc@2:UV
2.S
{1'
|
rt
jIDAThC
WG.<
Ly
P
LTWW
23ob*
`vmC
43e7
<Ou[we
vj
XB@/W
k;O7
]S'N35L3
yvoyuM:1W
$[;H
mc,f`
`ui_
NC]y
.3
QO
###
ON.
J0Q],<
RE`
vnE"c
$},>
"/(4
Ue({4
@	Ga
-|/l
WVW}
}sY~2
'&91
[mmm
wF:"e"
^QPn
Ywww
mnk
]oVhXE/M
7D=
Kam"
d;e7
:q,2\&qd4c3c\{bOq:<-NX`3%
[X	a
0VGe
@R'o
MethodInfo
g*4P
L1Y+
V1_
J
7)>
XMnrR
l6{e
CompilationRelaxationsAttribute
i *Zve[bv\FBg/>]soH{$:%'$
6Nl97
d9:_Nm)~
{8}|#D7C
Ri39
qP1
y" 
Vn"
nZ7oB}
#"/"
8qFN*,P[5 6gq4Ax\,nsHWPY
MemoryStream
5.p+
$A6)c
Q,=>`R|lqJwi<&%xHW*pC<}F
>4N1]
ResolveEventArgs
SSS
f)`A
"	w
pMv[v
{D`d
?OBOb(
J=f
`Z.@m
}~VaQK|)+_`l~gV;1?VN}G(o#
,9v(
Jt)1
ySQ5WhPU# DK|D[spDO-NzN9$
.]A
IDATx
YU)c
,U
^%]
QIjc
N)C^
Bu(kG6W;%0,):L'F|qxlhy*c"
va|S
X
+U
{q|;
&[!D
6;!;g
JKZ:
Q:	j
fb"}~
Txxx
n4MCQ
^%?t4


u\
rStm{
d=YQ
>p	o
>Df%
HO&|
OMD[
&!mM
Hx({Y<^gR${7K+?=gu&#'K:`#
s)`mw?
y;@'6D
HmGOl
.l'\
"7uh
@
7
XRBY0
V_ e
1bB=
<(/y
&V~f;
{)$!'
SI;
]}
R~%,7`
().O[
3{3^qfGS7+s2?hDIUB2+yW07#
}0wTHi;W)0h8imPwv'2PmmwS
Qh+
K
']AdK
MM(kr=jk^6[q0}(*4RFPrwk<%
$YeO
e%u,
~)MUVq/
-{yH
$c$l
uoa"
~^dj
FY\Sjc
iJ$>
>go1TV?\w4[A{pQQl~$!1cIF!
7KKK
BHMs
sL U^
Labeling.exe
$pww

705Qd
Mutation
G	]??
rD).K
]xu7
>&$I
y[gF
rt4X
rh f
coXkh
O@]<
zI%gt
Concat
F'bq
ylll
~^#m
^vHj
StringBuilder
a&;U
Y**MW
5p
w+e?g
B&;%
4eG@S
jRbb6j
xR*j
B@wijqnWfj0t@H@+acIGlc")%
3s^ ^4
i_=z
>]d^(
=>>>
p+)>
nrSA
9dQF
E]JuMQ
#
o#u2(
cqyT
DQdff
t<2$
D"A2
Ze``
LKVv=+Q1gR$edEf|Xm0NFZj*$
_TR\EAmdi{3ZYD#a!4F$Zp}:#
9u>$
B>;R
"""
_4b&%#ZKjv;>pv*SR\v6t4<$
,BCd
U{=Q#}
%&'')
T)6
]&ejEF
<gKH
S{$9
Q)<1k3c-]/R<n{n{6| T!?/1'
5a_.
v{@
pv
=
Ijo[O
$Ot~wf+
$	EQ
^vEi
W80^x^<v06b<%IC77gO})bh{"
.(}m
8gv>?
~_c[
LPk)
qzOl48h?hD&O)(Pq55>_E(AU+
AssemblyFileVersionAttribute
H0Z#5.
System.Text
=]t/_
A
}wt
PAr+H
7ngD	er
Epu?"'4-U=K89 ZOr'~4_YDs"
PPm>
Icw?
[e7Vc
XB6q9FA
LNNr
s;pzfjx5f^d<A4mmLPyr8Vpt
l(6F2JSF}&)+"Kd{XPLc~c'F)
|NUn6
fq
>B/x
#'LE
Z#vV?
<Xa{tyW3[V10J(Ot5`<fxG{o#
wyuN
h&My
Z'pULO
kIDAThC
|tqk
=xK?i^f
ML@x
B@qh
T.5
~,}1
3n#s/
GetElementType
:"T_
;-8
8|_"
+E(]F
}xf4
\5;b
824A4435D06C71A538CAA34B0528BC74C59EBA59
(,
N8f*
nvU8
TOZDE
Yj3<
S>s i0
xgG&!r[utsD,;-;K{^t=01iU"
R*dJnC
uWX"
+77(0
SHA`?l>{23;61,/L8?[Ld:\-'
'Ss
53!P
:lSF
qYB g
P~Be)MlF;d}y,)nBb[wpXOL%%
*bYVP8;&76KD5q4 j`if4P+,%
\Is4O
m(X?
$m'7Q
?g|Z
5(d2
Vwww
gQE5c
\.;5
_q|
/lTu
\yYH
)tUU
RTlC
=tgd*}
V`1((;GOOuuI~ec&i+) D!mS"
:+8B
uc]
i</B
G_
ZeV
EkWt7
0C5Q
!?]
dF
hnoO`:QtBA1!^)V%<Rv;<nh#
meX^::
*Iv
FieldInfo
B!D)
KdRF
)J9]Jl
5HJ)
MK{b+!
@4Y2hh
0
aI;K*Rc#|npzSZ8n|3dmg:ay!
v{,7
?$Y+
mb`q
1-@v8BpLWh$l&2G;d&aP)[j[)
1BdNVPz,O:I]1aU$dHKw7^2l
String
#OSfX!JRFt&<D7K`,6oR;teN"
!CpS
g57
_CorExeMain
v@E_
5<hh
?2V64W+of5wM_B!#d10> Yb{
<\
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
]

9Y
r@D6&`
2?'l
8>{%
B"dc
<BD7
1<l|I9
J"	z
:s\.
S#X98+WF@o>Gb>\a5OoJXt]~"
FQ-uyI
InitializeArray
W"GI
{6eK
#[Ks
>	:=
^'?>
W2;6
d(sE
\.DQ
9X^R
]]]LMM1::
<^XG
oIDATo
MJ 3vSN
a055
hcVX8:PRIK"G~bk9jlBwFPVH"
KeyI0
)"`
kv)9z$cy^s7Cy9cAF2H|}@dF!
|@Q'%L4&&K7 <5(+dmovWI%l-
###
e
s<
+tww
+u2"p
SSS7
IEnumerable`1
1
b.,+
n%+fU]\-_Zm2RJ~Lr#V'!pA""
ox~z
Environment
s,>x
.oXC
\92=
~B!=CX>Gl7L$UOi9jY*"wJ3r
AY:Rt-va#/R?_Pv|8XMAJ:;H!
L20&SxR01; 51*76*mGJ<7 Z&
"7,ob
I-%c
.
 W
w0p]
WX$aX>Fw"B)A{CLy}>!M83Qe"
"MY6
}BxL
FHMs
lQ*y
zS
V!`~
R}Da
a-9s
zLCH
^,[~
*\E(~;50&)9JUf?t@#MsRaGd
&&T+
KExYp
'ud%E
N9[~
iZ<D
<Dhr
Load
mIDAThC
DVM#/ht
t3u0k
}1V
ym
EH
`cx|
/.J^
4W^A
mYZ>
YQp}Jd<jg^HPZCM1,)p|@nAs"
get_FullName
^pm
?)As
"ctw
dZk\
7]
e
OK?nW
vxx<[O
2[IeC
ZTtl
Uv`:
Fn
BeginInvoke
:`d9
T_2
I
::.)
dwZ\LhGq
w(a!!/J6@Z1zwuQ<0AG_eb381
ex\?
?2>_
_Ed&
9qRw
ad0A
HlbT
e-yEg#aIEb!$]l `FK0Zl%ux,
xpcu
cUq?
o%2o
A'^%
,5Y#
<Rz`
SetCursorPosition
D\ u
Qg
T
5F"hs
eU`)
=*7;sh
'I[
+bE
wpG
V~_)-[
R"G%
Wr&\
h8GG
3"o:
eaWi
Hx<HM
=^V((jQB5:&$~ C!A4G4H?H}#
ila,>c
RuntimeHelpers
WPGI
WPGJ
p=o,h#
UzdSAajKs[m<v1Wwg1fP %0B
2#|G
*eH$
}:~S|[',JKTY'QKy13@:SRK($
d1
Q=n>
twH*%]
[8m<
tVBo
!`Jh^
l-^
,Yud
?111
[?W_
y[L\
u6I"V
117V:
fn0F
6$Xnu7/~}y
,t'ix
&}N7
aC0j
M"9F
Rp{
o$;#
)XA/\yy
'%E2
Object
,H1
92Bh
Gt)f
OOid_
ComVisibleAttribute
au'`
nB2?
#s<4RsM
meKI
Gi:%
Xi&E
Lk|8
).BJ
x,3Ie@Uq4|*,b/C}`%o'T24R%
zB6G
(~kt
4sWV
p#&
VjL
#ZJvs
fxH|Z
DyZ,
}o+=U
0@-<
5!P#y|
Zje_~x
-&0LY#
abp
2>>N]]
{>JN
Sui`
2:::
E!7yq*!(?BFZ8jgWMsJgj!7m#
LR>
H
nw|b
>S$Q
~$&Uo
nIDAThC
"nJbUv
<[yU
76fV
AssemblyConfigurationAttribute
2YIe
2UqL1C
nU
@ @0
@ @2
hQ|b
&
u8%{Wqg
qT'T
w#hL
6_
1&QY~
O9f.
V)25
(Jzj
2+"|
A}}}
+;TPJ
lk
r
?oI
F8:3
eIy
8
B@^7A
w*!
{{{
5Mo
UE")
j-h_$+
jB{";wcD
?~BF&
sv2
a||<
pHsS
Stream
q>r}
p`k^
?v-99
zb!9
$Xu
v0Acs_jiqVh74+>bb`+plIE=&
~f0|
3xsp
h~xv{Fzr0OiQ]U+|B6#S>$(Q-
apfs6A;e?O6M!~RdyF?}iv%W$
wu=WX
CreateInstanceAndUnwrap
e(G}
tU3)T
,rr
fhkE
VEaO
xP[~9s/zc!NU)F~&_yJTdg83!
mb<Q$'{C+IE{>/Y&}##S9u#+%
~:uXJ
y%B~gB
sPpib;8{9)Cl1KKS5Iq8ThVu%
x8i/
)4Xy
*fF
=(8:`??FUHE$7c'mp&IZyQ<(#
!&O/ :eHs"xks%?T!I+<xA_k
MDVH
Bxb>
DQ]^0
8+hb~
HwtW
Confuser.Runtime
5MI
B@D:
/
g,T
LPt}
d2I>
=[Km
8KWv
|hKP
"w o 3T`CNCW Zda@Tv}tw }%
]^
d2I2
{j`\8
PA$x
<6Y}fZ:fFabs@J@;`)g-u<&]$
=Y1+
^y>P~!ZU[,o\5^%G3da<GdLR%
k&:
i233C
~9,JZ1
0N\j
7:?K
}}}l
xxx
yPs:
VSjm7
{
R/
$$Y
;|}
dhw
T2rA
RO-Y
k!h
S$NZo
wuU2
j-2>
<SM2
bFEI
n^DO
wiI5*?--:UC3\&Mns3Bc9JQ*!
y6}|
gRqo
w JxL
'A/2
o&V0
rX(0
=.QEs[vh
A>-Dn
8V\A
jijBP
]
$F
Is$m
6m,2
q?EG
#JHe
gG]~	>
Xi!
Wd9
-
W^|J
Bb?J>
4t#[
F3&
:GZr
Pg"i`#
z'*	Q
}x9[
gg#XV
Z{&kXe
(,FF
]\T(
2B`*
QL&i
ValueType
NAF/
"ebA
$X:#7
={G9w
H}Z	gPY.
f-<
bsU2
rhYd
Ym%89
c:qL
r!I91
)=B`
]DxQ
3/$A
Hg\#
D^=J
c]Vg-}T
GetHINSTANCE
h3FB/;
&C/k{=c+PGM%ln<ZAq,{$6:8'
Buffer
?h<$
SbZP
>TUu~
7v,VI
A"{tnN/DB6Z9c_Zn fqh#_,+&
,|$A2-
Y>j^3
49?v
}	NS
innf
:PR2iUR
]+2M
1>"l
9?w)
Vsv
*\GMB
juH.
d[?s%
}Ky9
a`&T
h
!!
8q%
/Y~"d<
(h!\,
YYYa
Dty\
k7S
c@
+z=/
@q1;b
q1$/TMQCxkLZG(P^< &ffi[y$
dtZ^	Iz
?vmV
n2{PXF4rjAp'8Z-!;)3fH"6]/
3w1*(
][Q-;G
4MkX
9Lx;
G@B!
255
@ga^a*&!{44)b>!Abm2:&U>5+
=+~/s^<&)3n{"mEd[*/li]C:%
OilG
^pf/,
2mfno
ANWx
aVI^
>viL
*)cC
q(vg
qw<G!6Zw}?d)s?{4B<$HH%+B-
V=E4e{G
qK'pN
!\>p
`8_p
DJd&
^N]f
(/>Jr
Copyright
8
e
E:
&'
eD%_
9)]P]V
ArgumentNullException
oCD^
C~Cd
get_Major
.!q5
&HG%
P(0==M:
%+*+
h4J8
\h*|
N~x)
/}Jb
2i#;P6
!C9d
30]u<
,J(,
k!!w
sc{S
v2.0.50727
zo?
zEM^
mv6+
6nz_
gs
/NhtH
Bgx^
+YtUk
XF?5
d[Im
Y/F(
m#E\M-
+www
-SQ=%q
9w%A*
HE y
.;Q-
Abt7
W9,,
cTdK
ia7%'0L7]s+XXh!"?4gMRB\F'
&4edM6w
b!1
/#y)
`
E2qY
`4vi
}9-])
MLYR
0s}e
g#,9
X_
^.dw"
}PE/
,Ut,
BUk<Yeh
g
"X
Exception
U
00
VPNk
A\8'
IHA"
ppA]0
z3}P]
>3Ka
6/\O'8^&
-===P
-M}j`a
NoFF
n"DY"
:n]r
i!D>
_NJL
t9)FW
x4'ATL
kC`g
iZ>	)
GetTypeFromHandle
IAsyncResult
yXn_
"&&]
OAb0F
Z3nc
nnnj}}}
?65z
:6E|)6
yNAy(-|aZvUo7B<ytO"_Xwx7
;F~f5_Y9NmC{T E=;N(~QUV""
lVJi
GetDelegateForFunctionPointer
$1MW
6,yx
?E\1#
{X)Q
e_S
+M3.
:U@d
#Y<y
)![A
O@Zo
A"#V:
Ec$d
SVtm
`iEMq_
)s	p
;;;
$viz(!X&"klY)R[nL1t,HU@C
N5d9n1Zz#&SoMPU:F0/b&&ES"
_xD\d_Aa
h4J0
L:~Yv.
4Q\`
System.Runtime.Serialization
[}}
u{JT
JI"+<
UOq/{>
\t,7_YvNq=`;%D"VGA]h^ZBb
mj$G
:'se|
pO-`
MHyLd(wX3n0UF(h&+jyP2%D~&
Yfj8
CI"#
oD:%
iBd(q7?EAi_]H8&lCAU0/b-r&
IDAT
LoadLibrary
E$METU
XK(/
\/Dw
Dbts
System.Runtime.InteropServices
JLOOS*
Q_!
d
<
REVG
N>U(
KcDhU
,x0)
Math
)Q~m
x}uk0
uT}
~-7oB
Gy1)
@i32
U4MchhhE^nA
p+P;wpDm'M"F&S(#:#nhylzH!
zm,[X
uExU
Fb"E
H1a|
d
:6
JfbG5
4M|>
n]J<4
+%3^,Ciut@J,n%S%Q&N)9GL@!
DOWVV2V>OHk]=nftS^"X"i+Z'
W#ha@
+&Kw
bB`*
BM:Er
System.Runtime.CompilerServices
4B{
^'W5
hf@KY
!{TE
'b-j
kOCh
SuppressIldasmAttribute

Wwww
IEND
CmgjC
H`},0Tl/'S*$$mdSNoj<Cl|K"
UWMt
2K)B\
%jI$
s>2|F@V
(((
c&bVpr
ei4q1
}s#
F>ie8;fau?}1KD}tSq=Y"[qZ$
CJo
4&-e@
"OruE
U`;;
PT[(3
3N`y
0fK.l
a@WL
W`7V
`0w6
P(P,
$7db95934-126d-4db5-b1b0-041241a846ab
mx HYd+sjr+42gje(=%UG>AO'
}BD$rLP-kQG1,+gKs:+Yu15h,
i2i	p
\%`t
c+_%
=8XsX<>IwF!k"Wv'qQ~j\iJv(
~Y)*
^g
7
GJ5
7C;
`#HG<
uq/]
:TFF
ns^`
9M$q
System.Windows.Forms
)u
H#d|
2A2i
xwbzY
\\	|
Tbbb
c@bc0
'fXz	:`
!W&?
xb"s
*+
"
OnG1
+sF&Zn
5*K`-h	V[
4nJ+
U$"8
53eA
)pcty
1V2YtU1L}!Wa(*6p"U=Re#qo!
&L31
,azz:
SBC#
u;6[
U(HU
Q\
d
}QW
b|dF
6Q.`
r&:?
mw S
@JUh"a
2"a>
QWe\od
Og:<
]G^[
Ar(rS_
o*z1
~hZ^
x{SV]
tad;n2BrSA$Bufr:7CS?iplE%
AssemblyProductAttribute
aEoI9
R.ZMS
!CfI<
7o1b
pcV2w
ZRa*
~:<)d
vq0]iO
|Y*:
<Module>
'.G9
O 2{
}1N5E#+-c_HKU!IJ"ZZ_=(HY$
s}HJgz
E8XV|l
~
=O
kB.T
bLMM
MulticastDelegate
ahrs
Af
u
yY;[
Ib`LX
F#G#
AiQV
/E?v/bG~$Qe6'i9-`um"(hQo&
B.u@
!m_pData
!uC
9&6{s
-Ud>`
E0Md
/p-R<:\7
2018
Y4'3
/z{
zeTS
:h3t,1
B'ob
timccceSS
g/yoM
}t xv"
vV<D
Z
d715a1eb-b7fa-af.Resources.resources
vByM
)NG,
,f0]
4QZc]
&$@
\d}
R;ce
\wWI-
n@s0
~#S=%}
+'mjZ
Jh)}
#GUID
Vxxx
b'Ps1ub{-;y4K2&_[Y+?r[pz!
(*&1
'bUi)=^
1p/_
hzzz
z_zH
pjjj
y+Sl
6"uO
C{dBbDjM
cJe6
4Z|CI
dg,9
qIDAThC
Rxc}
4+_1{
RDO~wW/
q*Odw
;ltF'
3e&L@`K
V|pn
uLNNr
UgsB
T8.Z
"FU"H
j 4pW
NVIL2
y&Y?
$Ezt7
:4Mcjj
EQ
&O9+_i
nZ
Wn_=>L'Xaen:o[D\Y{XNBQF_#
><~{13v<p{V9g=Ft,%=4)  J*
V\94
Nullable`1
?8HK
LMM111
HC!$
:[aJ
P0~
8{")
jT"m
+F[Y
get_HasValue
I26uX
Sdto
C$~+
^b,
PnA)Uv
{xa
T:ag-RulRh}EFwd/>2({E^E-(
v3Yw
pSOE
:T=j
V`_g8
Mkq!
u`VY
J$.'.3
y3`hP
4T7o
Encoding
4WKbSc=K_OcT]uWr)h?S XW?!
0zf`
System.Collections
?\V
lA|/
!&&&8x
>4(z
R!(y
^_@U
]P&i*
Yz:x)Xm
CheckBox
LMM9
&MZa0e
m2'd
&^X
)r'AOIm$<HPEXdrOHYmGK`Gm'
<r{V
get_Module
S|q{S
}{.F
c"QI
UUU,]
D +(
MTY
R]NJ
o8yQ
s9DA
=lK
_Vf7
T$vc
xkB&
z
2_~ao
ntku
AkY,
.e5i
x&&&
iuhc
_Sgk
jm2
:3L"
(=-/
get_Size
CId&
+6BEL
YP79k
O
'p
3I/l>/[
?8M'
Rapp
6iVO
(_,}
>:e~3;ZG{PmEtN#%u$B:| GG"
+`D
[+'b
j}5O
~Ya]
=^Fm.
LNN:s
q
OC
=}}}
@l1
OMMq
|
78B
j_7d
KnVS4#5<SF-FUYw+6"T18QIu%
C=`Er
z'*t3!jR9]!d,et")(U<7Z)T
{>$.
(/geDmM[E/u&3k{v50W7;'i1$
^;s#h9~R4h8^;'^Sye+"h>M&
y2$Z
\j6O
-EO$a\;i>&lvai-`"LJiX@f,%
BKS1
^F-3?
.&)p
:g5:
jB0jA-
:[mG.k
q,/M
ELbG
bbbK
GA<3Z
L3	XL3	jG.
U_g5=@'Wd==1;PS{vA7EJ#2`#
;
m;
hX;X
G['
u
i
O{{{
System.Collections.Generic
`!+_{:wrms: '=J!&E"2fL#t%
V$'
`0Tr
T>vK
6kH[
H?p,
_!=w
SJ/L
)jI
U}'''
t<Sm
@0@\
PR>'!I0hp
ZMe:
rx7:7$@
o
4+%}
;My6BW
N4{d
xfD
My<q
qqP*S
`;$K
x<V8
nN'P
WriteLine
System.Drawing.Bitmap
Hsw2z
"^g
9KX
c#Nf"%PbyzK
AamYZ6
2,p9
f@~"#
bm8&
\.7%
Z	e'
M4BA
BuR&
]*F
L5'~
2jR<
hmg%
MJ`L.vc
S;/VS
;M
n/u
A702A734650CD2C7FCC9ECA1935B4F5D05E596CB
Xxxx
v}nJ
87/,
,=Z0H566fqo )0F&w~K<g7z|
EFY\
lVXI'
DC9FO
1L<A
(
z#GL
qEGb
#?X&
*dE
4aAVZ-0e7E%bvW|i #*w#R|1#
x52OoPHorSsPd<n0--H]ZxyQ#
C7(ws
GO4@=P|#j<3DUN|B=&SX-nVq%
a
kX
V-e'
b$:O

9 Behaviors detected by system signatures

10 Summary items with data

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\shit.exe.config
C:\Users\Seven01\AppData\Local\Temp\shit.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\shit.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\shit.config
C:\Users\Seven01\AppData\Local\Temp\shit.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Users\Seven01\AppData\Local\Temp\shit.exe:Zone.Identifier
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\Labeling.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Labeling.resources\Labeling.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\Labeling.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\Labeling.resources\Labeling.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\Labeling.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\Labeling.resources\Labeling.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\Labeling.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\Labeling.resources\Labeling.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Local\Temp\shell32.dll
C:\Users\Seven01\AppData\Roaming\app.exe
\??\MountPointManager
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2452.19240765
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2452.19240781
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2452.19240828
C:\Users\Seven01\AppData\Roaming\app.exe.config
C:\Users\Seven01\AppData\Roaming\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Roaming\app.exe.Local\
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\app.config
C:\Users\Seven01\AppData\Roaming\app.INI
C:\Users\Seven01\AppData\Roaming\app.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\it-IT\Labeling.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\Labeling.resources\Labeling.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\Labeling.resources.exe
C:\Users\Seven01\AppData\Roaming\it-IT\Labeling.resources\Labeling.resources.exe
C:\Users\Seven01\AppData\Roaming\it\Labeling.resources.dll
C:\Users\Seven01\AppData\Roaming\it\Labeling.resources\Labeling.resources.dll
C:\Users\Seven01\AppData\Roaming\it\Labeling.resources.exe
C:\Users\Seven01\AppData\Roaming\it\Labeling.resources\Labeling.resources.exe
C:\Users\Seven01\AppData\Roaming\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2740.19245468
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2740.19245468
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2740.19245468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\shit.exe.config
C:\Users\Seven01\AppData\Local\Temp\shit.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Roaming\app.exe.config
C:\Users\Seven01\AppData\Roaming\app.exe
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll

C:\Users\Seven01\AppData\Roaming\app.exe

C:\Users\Seven01\AppData\Local\Temp\shit.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\app.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2452.19240765
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2452.19240781
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2452.19240828
C:\Users\Seven01\AppData\Roaming\app.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2740.19245468
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2740.19245468
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2740.19245468

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ffc98ee\45cceead
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\71d51106\35665e29
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|shit.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|shit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|shit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\71d51106\45b6710f
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Application
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\shit.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\4D16194
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\app.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|app.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|app.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|app.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_CURRENT_USER\Software\Classes\AppID\app.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\ED4B8E7

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Application
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\4D16194
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\ED4B8E7

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Application

Nothing to display

Global\CLR_CASOFF_MUTEX

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.VirtualProtect
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.DeleteFileW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindAtomW
kernel32.dll.AddAtomW
mscoree.dll.LoadLibraryShim
gdiplus.dll.GdiplusStartup
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
kernel32.dll.LocalAlloc
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.RtlMoveMemory
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
shfolder.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
advapi32.dll.RegSetValueExW
ole32.dll.CoWaitForMultipleHandles
kernel32.dll.DeleteAtom
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
cryptsp.dll.CryptReleaseContext
advapi32.dll.EventUnregister
kernel32.dll.GetProcAddress
kernel32.dll.CreateProcessW
ntdll.dll.NtAlertResumeThread
ntdll.dll.NtGetContextThread
ntdll.dll.NtReadVirtualMemory
ntdll.dll.NtSetContextThread
ntdll.dll.NtWriteVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.VirtualProtectEx
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SwitchToThread
kernel32.dll.Wow64SetThreadContext
ntdll.dll.ZwUnmapViewOfSection
gdiplus.dll.GdipDisposeImage

C:\Users\Seven01\AppData\Roaming\app.exe 
"C:\Users\Seven01\AppData\Roaming\app.exe"

Nothing to display

Nothing to display