Detections

Yara:

AgentTeslaV2

Auto Tasks

#6724: Unpacker

Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-06-05 14:51:31 2020-06-05 14:57:21 350 seconds Show Options Show Log
procdump = yes
2020-05-13 09:27:58,365 [root] INFO: Date set to: 20200605T14:51:30, timeout set to: 200
2020-06-05 14:51:30,093 [root] DEBUG: Starting analyzer from: C:\tmpt2nfl3rg
2020-06-05 14:51:30,093 [root] DEBUG: Storing results at: C:\tsLbxSRJr
2020-06-05 14:51:30,093 [root] DEBUG: Pipe server name: \\.\PIPE\LpNFbeJ
2020-06-05 14:51:30,093 [root] DEBUG: Python path: C:\Users\Louise\AppData\Local\Programs\Python\Python38-32
2020-06-05 14:51:30,093 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-06-05 14:51:30,109 [root] INFO: Automatically selected analysis package "exe"
2020-06-05 14:51:30,109 [root] DEBUG: Trying to import analysis package "exe"...
2020-06-05 14:51:30,249 [root] DEBUG: Imported analysis package "exe".
2020-06-05 14:51:30,249 [root] DEBUG: Trying to initialize analysis package "exe"...
2020-06-05 14:51:30,249 [root] DEBUG: Initialized analysis package "exe".
2020-06-05 14:51:30,406 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.browser"...
2020-06-05 14:51:30,421 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser".
2020-06-05 14:51:30,421 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.curtain"...
2020-06-05 14:51:31,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain".
2020-06-05 14:51:31,187 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.digisig"...
2020-06-05 14:51:31,265 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig".
2020-06-05 14:51:31,265 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.disguise"...
2020-06-05 14:51:31,281 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise".
2020-06-05 14:51:31,281 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.human"...
2020-06-05 14:51:31,343 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human".
2020-06-05 14:51:31,343 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.procmon"...
2020-06-05 14:51:31,390 [root] DEBUG: Imported auxiliary module "modules.auxiliary.procmon".
2020-06-05 14:51:31,406 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.screenshots"...
2020-06-05 14:51:31,437 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-06-05 14:51:31,437 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-06-05 14:51:31,437 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-06-05 14:51:31,437 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-06-05 14:51:31,437 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-06-05 14:51:31,437 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-06-05 14:51:31,437 [lib.api.screenshot] DEBUG: Importing 'math'
2020-06-05 14:51:31,437 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-06-05 14:51:33,484 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-06-05 14:51:33,515 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-06-05 14:51:33,562 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-06-05 14:51:33,562 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots".
2020-06-05 14:51:33,562 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.sysmon"...
2020-06-05 14:51:33,562 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon".
2020-06-05 14:51:33,562 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.usage"...
2020-06-05 14:51:33,578 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage".
2020-06-05 14:51:33,593 [root] DEBUG: Trying to initialize auxiliary module "Browser"...
2020-06-05 14:51:33,593 [root] DEBUG: Initialized auxiliary module "Browser".
2020-06-05 14:51:33,593 [root] DEBUG: Trying to start auxiliary module "Browser"...
2020-06-05 14:51:33,593 [root] DEBUG: Started auxiliary module Browser
2020-06-05 14:51:33,593 [root] DEBUG: Trying to initialize auxiliary module "Curtain"...
2020-06-05 14:51:33,593 [root] DEBUG: Initialized auxiliary module "Curtain".
2020-06-05 14:51:33,593 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2020-06-05 14:51:33,593 [root] DEBUG: Started auxiliary module Curtain
2020-06-05 14:51:33,593 [root] DEBUG: Trying to initialize auxiliary module "DigiSig"...
2020-06-05 14:51:33,593 [root] DEBUG: Initialized auxiliary module "DigiSig".
2020-06-05 14:51:33,593 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2020-06-05 14:51:33,593 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-06-05 14:51:34,234 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-06-05 14:51:34,234 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-06-05 14:51:34,249 [root] DEBUG: Started auxiliary module DigiSig
2020-06-05 14:51:34,249 [root] DEBUG: Trying to initialize auxiliary module "Disguise"...
2020-06-05 14:51:34,249 [root] DEBUG: Initialized auxiliary module "Disguise".
2020-06-05 14:51:34,249 [root] DEBUG: Trying to start auxiliary module "Disguise"...
2020-06-05 14:51:34,265 [root] DEBUG: Started auxiliary module Disguise
2020-06-05 14:51:34,265 [root] DEBUG: Trying to initialize auxiliary module "Human"...
2020-06-05 14:51:34,265 [root] DEBUG: Initialized auxiliary module "Human".
2020-06-05 14:51:34,265 [root] DEBUG: Trying to start auxiliary module "Human"...
2020-06-05 14:51:34,281 [root] DEBUG: Started auxiliary module Human
2020-06-05 14:51:34,281 [root] DEBUG: Trying to initialize auxiliary module "Procmon"...
2020-06-05 14:51:34,281 [root] DEBUG: Initialized auxiliary module "Procmon".
2020-06-05 14:51:34,281 [root] DEBUG: Trying to start auxiliary module "Procmon"...
2020-06-05 14:51:34,281 [root] DEBUG: Started auxiliary module Procmon
2020-06-05 14:51:34,281 [root] DEBUG: Trying to initialize auxiliary module "Screenshots"...
2020-06-05 14:51:34,281 [root] DEBUG: Initialized auxiliary module "Screenshots".
2020-06-05 14:51:34,281 [root] DEBUG: Trying to start auxiliary module "Screenshots"...
2020-06-05 14:51:34,296 [root] DEBUG: Started auxiliary module Screenshots
2020-06-05 14:51:34,296 [root] DEBUG: Trying to initialize auxiliary module "Sysmon"...
2020-06-05 14:51:34,296 [root] DEBUG: Initialized auxiliary module "Sysmon".
2020-06-05 14:51:34,296 [root] DEBUG: Trying to start auxiliary module "Sysmon"...
2020-06-05 14:51:34,296 [root] DEBUG: Started auxiliary module Sysmon
2020-06-05 14:51:34,296 [root] DEBUG: Trying to initialize auxiliary module "Usage"...
2020-06-05 14:51:34,296 [root] DEBUG: Initialized auxiliary module "Usage".
2020-06-05 14:51:34,296 [root] DEBUG: Trying to start auxiliary module "Usage"...
2020-06-05 14:51:34,296 [root] DEBUG: Started auxiliary module Usage
2020-06-05 14:51:34,296 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-06-05 14:51:34,296 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-06-05 14:51:34,296 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-06-05 14:51:34,296 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-06-05 14:51:34,531 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Louise\AppData\Local\Temp\Swift Copy.exe" with arguments "" with pid 2428
2020-06-05 14:51:34,531 [lib.api.process] INFO: Monitor config for process 2428: C:\tmpt2nfl3rg\dll\2428.ini
2020-06-05 14:51:34,546 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:51:34,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpt2nfl3rg\dll\ykzDkG.dll, loader C:\tmpt2nfl3rg\bin\PKbodLE.exe
2020-06-05 14:51:34,812 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:51:34,812 [root] DEBUG: Loader: Injecting process 2428 (thread 296) with C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:34,843 [root] DEBUG: Process image base: 0x00FF0000
2020-06-05 14:51:34,843 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:34,843 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-06-05 14:51:34,843 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:34,859 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2428
2020-06-05 14:51:36,859 [lib.api.process] INFO: Successfully resumed process with pid 2428
2020-06-05 14:51:37,750 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-05 14:51:37,750 [root] DEBUG: Process dumps disabled.
2020-06-05 14:51:37,750 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-05 14:51:37,765 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-06-05 14:51:37,765 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 2428 at 0x70160000, image base 0xff0000, stack from 0x5e6000-0x5f0000
2020-06-05 14:51:37,765 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\Users\Louise\AppData\Local\Temp\Swift Copy.exe".
2020-06-05 14:51:38,031 [root] INFO: loaded: b'2428'
2020-06-05 14:51:38,031 [root] INFO: Disabling sleep skipping.
2020-06-05 14:51:38,031 [root] INFO: Loaded monitor into process with pid 2428
2020-06-05 14:51:38,031 [root] INFO: Disabling sleep skipping.
2020-06-05 14:51:38,031 [root] INFO: Disabling sleep skipping.
2020-06-05 14:51:38,031 [root] INFO: Disabling sleep skipping.
2020-06-05 14:51:38,031 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe4 amd local view 0x00100000 to global list.
2020-06-05 14:51:38,046 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:38,218 [root] DEBUG: DLL unloaded from 0x00FF0000.
2020-06-05 14:51:38,234 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:38,656 [root] DEBUG: DLL unloaded from 0x00FF0000.
2020-06-05 14:51:38,796 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x13c amd local view 0x058A0000 to global list.
2020-06-05 14:51:38,796 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 2428, handle 0x148.
2020-06-05 14:51:38,828 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:39,281 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\EduPrintProv\\EduPrintProv.vbs', '', False, 'files')
2020-06-05 14:51:39,562 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\EduPrintProv.url', '', False, 'files')
2020-06-05 14:51:40,000 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\EduPrintProv\\wusa.exe', '', False, 'files')
2020-06-05 14:51:43,515 [root] DEBUG: set_caller_info: Adding region at 0x04F80000 to caller regions list (kernel32::CreateProcessInternalW).
2020-06-05 14:51:43,625 [root] DEBUG: set_caller_info: Adding region at 0x02620000 to caller regions list (kernel32::GetSystemTime).
2020-06-05 14:51:43,656 [root] DEBUG: DumpMemory: Exception occured reading memory address 0x2620000
2020-06-05 14:51:43,656 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x02620000 size 0x400000.
2020-06-05 14:51:43,656 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\2428_468160336455166662020', b'9;?C:\\Users\\Louise\\AppData\\Local\\Temp\\Swift Copy.exe;?C:\\Users\\Louise\\AppData\\Local\\Temp\\Swift Copy.exe;?0x02620000;?', ['2428'], 'CAPE')
2020-06-05 14:51:43,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\2428_468160336455166662020 (size 0x2e99)
2020-06-05 14:51:43,687 [root] DEBUG: DumpRegion: Dumped stack region from 0x02620000, size 0x3000.
2020-06-05 14:51:44,000 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\2428_468523872455166662020', b'9;?C:\\Users\\Louise\\AppData\\Local\\Temp\\Swift Copy.exe;?C:\\Users\\Louise\\AppData\\Local\\Temp\\Swift Copy.exe;?0x04F80000;?', ['2428'], 'CAPE')
2020-06-05 14:51:44,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\2428_468523872455166662020 (size 0x5c0)
2020-06-05 14:51:44,015 [root] DEBUG: DumpRegion: Dumped stack region from 0x04F80000, size 0x8b000.
2020-06-05 14:51:44,046 [root] INFO: Announced 32-bit process name: MSBuild.exe pid: 1304
2020-06-05 14:51:44,062 [lib.api.process] INFO: Monitor config for process 1304: C:\tmpt2nfl3rg\dll\1304.ini
2020-06-05 14:51:44,062 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:51:44,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpt2nfl3rg\dll\ykzDkG.dll, loader C:\tmpt2nfl3rg\bin\PKbodLE.exe
2020-06-05 14:51:44,093 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:51:44,093 [root] DEBUG: Loader: Injecting process 1304 (thread 4256) with C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,093 [root] DEBUG: Process image base: 0x01040000
2020-06-05 14:51:44,125 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-06-05 14:51:44,125 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-06-05 14:51:44,125 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,125 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1304
2020-06-05 14:51:44,140 [root] DEBUG: DLL loaded at 0x75300000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-06-05 14:51:44,296 [root] DEBUG: CreateProcessHandler: Injection info set for new process 1304, ImageBase: 0x01040000
2020-06-05 14:51:44,296 [root] INFO: Announced 32-bit process name: MSBuild.exe pid: 1304
2020-06-05 14:51:44,296 [lib.api.process] INFO: Monitor config for process 1304: C:\tmpt2nfl3rg\dll\1304.ini
2020-06-05 14:51:44,312 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:51:44,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpt2nfl3rg\dll\ykzDkG.dll, loader C:\tmpt2nfl3rg\bin\PKbodLE.exe
2020-06-05 14:51:44,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:51:44,328 [root] DEBUG: Loader: Injecting process 1304 (thread 4256) with C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,328 [root] DEBUG: Process image base: 0x01040000
2020-06-05 14:51:44,328 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-06-05 14:51:44,328 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-06-05 14:51:44,328 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,343 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1304
2020-06-05 14:51:44,343 [root] DEBUG: WriteMemoryHandler: Executable binary injected into process 1304 (ImageBase 0x400000)
2020-06-05 14:51:44,343 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-06-05 14:51:44,343 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x005F0000.
2020-06-05 14:51:44,343 [root] DEBUG: DumpProcess: Module entry point VA is 0x000467FE.
2020-06-05 14:51:44,359 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\2428_2136511961465166662020', b'3;?C:\\Users\\Louise\\AppData\\Local\\Temp\\Swift Copy.exe;?C:\\Users\\Louise\\AppData\\Local\\Temp\\Swift Copy.exe;?C:\\\\\\\\Windows\\\\\\\\Microsoft.NET\\\\\\\\Framework\\\\\\\\v2.0.50727\\\\\\\\MSBuild.exe;?1304;?', ['2428'], 'CAPE')
2020-06-05 14:51:44,375 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x45400.
2020-06-05 14:51:44,375 [root] INFO: Announced 32-bit process name: MSBuild.exe pid: 1304
2020-06-05 14:51:44,375 [lib.api.process] INFO: Monitor config for process 1304: C:\tmpt2nfl3rg\dll\1304.ini
2020-06-05 14:51:44,375 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:51:44,375 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpt2nfl3rg\dll\ykzDkG.dll, loader C:\tmpt2nfl3rg\bin\PKbodLE.exe
2020-06-05 14:51:44,406 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:51:44,406 [root] DEBUG: Loader: Injecting process 1304 (thread 0) with C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,406 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7EFDE000 Local PEB 0x7EFDD000 Local TEB 0x7EFDE000: The operation completed successfully.
2020-06-05 14:51:44,406 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 4256, handle 0xc4
2020-06-05 14:51:44,406 [root] DEBUG: Process image base: 0x01040000
2020-06-05 14:51:44,406 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-06-05 14:51:44,406 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-06-05 14:51:44,406 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1304
2020-06-05 14:51:44,421 [root] INFO: Announced 32-bit process name: MSBuild.exe pid: 1304
2020-06-05 14:51:44,421 [lib.api.process] INFO: Monitor config for process 1304: C:\tmpt2nfl3rg\dll\1304.ini
2020-06-05 14:51:44,421 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:51:44,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpt2nfl3rg\dll\ykzDkG.dll, loader C:\tmpt2nfl3rg\bin\PKbodLE.exe
2020-06-05 14:51:44,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:51:44,453 [root] DEBUG: Loader: Injecting process 1304 (thread 0) with C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,453 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7EFDE000 Local PEB 0x7EFDD000 Local TEB 0x7EFDE000: The operation completed successfully.
2020-06-05 14:51:44,453 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 4256, handle 0xc4
2020-06-05 14:51:44,453 [root] DEBUG: Process image base: 0x00400000
2020-06-05 14:51:44,453 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-06-05 14:51:44,453 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-06-05 14:51:44,468 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,484 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1304
2020-06-05 14:51:44,484 [root] DEBUG: SetThreadContextHandler: Hollow process entry point reset via NtSetContextThread to 0x000467FE (process 1304).
2020-06-05 14:51:44,484 [root] INFO: Announced 32-bit process name: MSBuild.exe pid: 1304
2020-06-05 14:51:44,484 [lib.api.process] INFO: Monitor config for process 1304: C:\tmpt2nfl3rg\dll\1304.ini
2020-06-05 14:51:44,500 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:51:44,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpt2nfl3rg\dll\ykzDkG.dll, loader C:\tmpt2nfl3rg\bin\PKbodLE.exe
2020-06-05 14:51:44,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:51:44,515 [root] DEBUG: Loader: Injecting process 1304 (thread 4256) with C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,515 [root] DEBUG: Process image base: 0x00400000
2020-06-05 14:51:44,515 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-06-05 14:51:44,515 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-06-05 14:51:44,531 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\ykzDkG.dll.
2020-06-05 14:51:44,531 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1304
2020-06-05 14:51:44,531 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 1304.
2020-06-05 14:51:44,531 [root] DEBUG: DumpSectionViewsForPid: no shared section views found for pid 1304.
2020-06-05 14:51:44,562 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-05 14:51:44,562 [root] DEBUG: Process dumps disabled.
2020-06-05 14:51:44,562 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-05 14:51:44,578 [root] INFO: Disabling sleep skipping.
2020-06-05 14:51:44,578 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 1304 at 0x70160000, image base 0x400000, stack from 0x316000-0x320000
2020-06-05 14:51:44,593 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe".
2020-06-05 14:51:44,640 [root] INFO: loaded: b'1304'
2020-06-05 14:51:44,640 [root] INFO: Loaded monitor into process with pid 1304
2020-06-05 14:51:44,640 [root] DEBUG: set_caller_info: Adding region at 0x00090000 to caller regions list (ntdll::LdrLoadDll).
2020-06-05 14:51:44,656 [root] DEBUG: set_caller_info: Adding region at 0x024C0000 to caller regions list (kernel32::GetSystemTime).
2020-06-05 14:51:44,671 [root] DEBUG: DumpMemory: Exception occured reading memory address 0x24c0000
2020-06-05 14:51:44,671 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x024C0000 size 0x400000.
2020-06-05 14:51:44,734 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_1578514111445166662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x024C0000;?', ['1304'], 'CAPE')
2020-06-05 14:51:44,765 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_1578514111445166662020 (size 0x597)
2020-06-05 14:51:44,765 [root] DEBUG: DumpRegion: Dumped stack region from 0x024C0000, size 0x1000.
2020-06-05 14:51:44,921 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_391145496445166662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x00090000;?', ['1304'], 'CAPE')
2020-06-05 14:51:44,953 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_391145496445166662020 (size 0x129)
2020-06-05 14:51:44,953 [root] DEBUG: DumpRegion: Dumped stack region from 0x00090000, size 0x1000.
2020-06-05 14:51:44,953 [root] DEBUG: DLL loaded at 0x00450000: C:\tmpt2nfl3rg\dll\ykzDkG (0xd5000 bytes).
2020-06-05 14:51:44,953 [root] DEBUG: DLL unloaded from 0x75350000.
2020-06-05 14:51:44,984 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:44,984 [root] DEBUG: DLL unloaded from 0x75350000.
2020-06-05 14:51:44,984 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:44,984 [root] DEBUG: DLL unloaded from 0x00450000.
2020-06-05 14:51:45,015 [root] DEBUG: set_caller_info: Adding region at 0x000A0000 to caller regions list (ntdll::LdrLoadDll).
2020-06-05 14:51:45,015 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_1831301931455166662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x000A0000;?', ['1304'], 'CAPE')
2020-06-05 14:51:45,031 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_1831301931455166662020 (size 0x129)
2020-06-05 14:51:45,031 [root] DEBUG: DumpRegion: Dumped stack region from 0x000A0000, size 0x1000.
2020-06-05 14:51:45,046 [root] DEBUG: DLL loaded at 0x00450000: C:\tmpt2nfl3rg\dll\ykzDkG (0xd5000 bytes).
2020-06-05 14:51:45,046 [root] DEBUG: DLL unloaded from 0x75350000.
2020-06-05 14:51:45,046 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:45,046 [root] DEBUG: DLL unloaded from 0x75350000.
2020-06-05 14:51:45,046 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:45,046 [root] DEBUG: DLL unloaded from 0x00450000.
2020-06-05 14:51:45,062 [root] DEBUG: set_caller_info: Adding region at 0x000B0000 to caller regions list (ntdll::LdrLoadDll).
2020-06-05 14:51:45,281 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_2034156742455166662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x000B0000;?', ['1304'], 'CAPE')
2020-06-05 14:51:45,296 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_2034156742455166662020 (size 0x129)
2020-06-05 14:51:45,312 [root] DEBUG: DumpRegion: Dumped stack region from 0x000B0000, size 0x1000.
2020-06-05 14:51:45,312 [root] DEBUG: DLL loaded at 0x00450000: C:\tmpt2nfl3rg\dll\ykzDkG (0xd5000 bytes).
2020-06-05 14:51:45,312 [root] DEBUG: DLL unloaded from 0x75350000.
2020-06-05 14:51:45,312 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:45,312 [root] DEBUG: DLL unloaded from 0x75350000.
2020-06-05 14:51:45,328 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:45,328 [root] DEBUG: DLL unloaded from 0x00450000.
2020-06-05 14:51:45,328 [root] DEBUG: set_caller_info: Adding region at 0x000C0000 to caller regions list (ntdll::LdrLoadDll).
2020-06-05 14:51:45,421 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_1288075016455166662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x000C0000;?', ['1304'], 'CAPE')
2020-06-05 14:51:45,437 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_1288075016455166662020 (size 0x129)
2020-06-05 14:51:45,437 [root] DEBUG: DLL loaded at 0x00450000: C:\tmpt2nfl3rg\dll\ykzDkG (0xd5000 bytes).
2020-06-05 14:51:45,453 [root] DEBUG: DLL unloaded from 0x75350000.
2020-06-05 14:51:45,453 [root] DEBUG: set_caller_info: Adding region at 0x00220000 to caller regions list (advapi32::RegQueryInfoKeyW).
2020-06-05 14:51:45,453 [root] DEBUG: set_caller_info: Failed to dumping calling PE image at 0x00220000.
2020-06-05 14:51:45,453 [root] DEBUG: set_caller_info: Adding region at 0x00550000 to caller regions list (kernel32::FindFirstFileExW).
2020-06-05 14:51:45,578 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x5cffff
2020-06-05 14:51:45,593 [root] DEBUG: DumpMemory: Nothing to dump at 0x00550000!
2020-06-05 14:51:45,593 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00550000 size 0x80000.
2020-06-05 14:51:45,593 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_1123171725455166662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x00550000;?', ['1304'], 'CAPE')
2020-06-05 14:51:45,609 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_1123171725455166662020 (size 0x16ffa)
2020-06-05 14:51:45,609 [root] DEBUG: DumpRegion: Dumped stack region from 0x00550000, size 0x17000.
2020-06-05 14:51:45,625 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xdc amd local view 0x73720000 to global list.
2020-06-05 14:51:45,625 [root] DEBUG: DLL loaded at 0x73720000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7d000 bytes).
2020-06-05 14:51:45,625 [root] DEBUG: DLL unloaded from 0x754B0000.
2020-06-05 14:51:45,671 [root] DEBUG: DLL unloaded from 0x76E00000.
2020-06-05 14:51:45,671 [root] DEBUG: DLL loaded at 0x73D80000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-06-05 14:51:45,703 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xe8 amd local view 0x6FB30000 to global list.
2020-06-05 14:51:45,703 [root] DEBUG: DLL loaded at 0x6FB30000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks (0x5b1000 bytes).
2020-06-05 14:51:45,718 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xec amd local view 0x6FA90000 to global list.
2020-06-05 14:51:45,718 [root] DEBUG: DLL loaded at 0x6FA90000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80 (0x9b000 bytes).
2020-06-05 14:51:45,750 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1304, handle 0xf8.
2020-06-05 14:51:45,750 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf4 amd local view 0x00160000 to global list.
2020-06-05 14:51:45,765 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xfc amd local view 0x00170000 to global list.
2020-06-05 14:51:45,765 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 1304.
2020-06-05 14:51:45,765 [root] DEBUG: DumpSectionViewsForPid: no shared section views found for pid 1304.
2020-06-05 14:51:45,781 [root] DEBUG: DLL loaded at 0x75D90000: C:\Windows\syswow64\shell32 (0xc4c000 bytes).
2020-06-05 14:51:45,781 [root] DEBUG: DLL loaded at 0x74A70000: C:\Windows\system32\profapi (0xb000 bytes).
2020-06-05 14:51:45,796 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 1304.
2020-06-05 14:51:45,796 [root] DEBUG: DumpSectionViewsForPid: no shared section views found for pid 1304.
2020-06-05 14:51:45,812 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1bc amd local view 0x6EF90000 to global list.
2020-06-05 14:51:45,812 [root] DEBUG: DLL loaded at 0x6EF90000: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f8420d8c6ede777377fcff48a4beaa2a\mscorlib.ni (0xafe000 bytes).
2020-06-05 14:51:45,828 [root] DEBUG: set_caller_info: Adding region at 0x00190000 to caller regions list (kernel32::SetErrorMode).
2020-06-05 14:51:45,828 [root] DEBUG: DLL unloaded from 0x76F20000.
2020-06-05 14:51:45,828 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x1cffff
2020-06-05 14:51:45,828 [root] DEBUG: DumpMemory: Nothing to dump at 0x00190000!
2020-06-05 14:51:45,828 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00190000 size 0x40000.
2020-06-05 14:51:45,875 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_1199953016455166662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x00190000;?', ['1304'], 'CAPE')
2020-06-05 14:51:45,906 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_1199953016455166662020 (size 0xffe)
2020-06-05 14:51:45,906 [root] DEBUG: DumpRegion: Dumped stack region from 0x00190000, size 0x1000.
2020-06-05 14:51:45,906 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1d4 amd local view 0x00500000 to global list.
2020-06-05 14:51:45,921 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1d0 amd local view 0x00510000 to global list.
2020-06-05 14:51:45,921 [root] DEBUG: DLL loaded at 0x74A50000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-06-05 14:51:45,937 [root] DEBUG: DLL loaded at 0x748F0000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-06-05 14:51:46,031 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x73810000 for section view with handle 0x1d0.
2020-06-05 14:51:46,031 [root] DEBUG: DLL loaded at 0x73810000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit (0x5b000 bytes).
2020-06-05 14:51:46,828 [root] DEBUG: set_caller_info: Adding region at 0x00AF0000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-06-05 14:51:46,843 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0xafffff
2020-06-05 14:51:46,843 [root] DEBUG: DumpMemory: Nothing to dump at 0x00AF0000!
2020-06-05 14:51:46,843 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00AF0000 size 0x10000.
2020-06-05 14:51:46,859 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_1447569678465166662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x00AF0000;?', ['1304'], 'CAPE')
2020-06-05 14:51:46,890 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_1447569678465166662020 (size 0xcd76)
2020-06-05 14:51:46,890 [root] DEBUG: DumpRegion: Dumped stack region from 0x00AF0000, size 0xd000.
2020-06-05 14:51:46,937 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1e8 amd local view 0x71230000 to global list.
2020-06-05 14:51:46,937 [root] DEBUG: DLL loaded at 0x71230000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0a65164b17e5c64bacdc694ea2439c43\System.ni (0x7a5000 bytes).
2020-06-05 14:51:46,953 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x73590000 for section view with handle 0x1e8.
2020-06-05 14:51:46,968 [root] DEBUG: DLL loaded at 0x73590000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\175df210b784212def386595c25caefb\System.Drawing.ni (0x189000 bytes).
2020-06-05 14:51:46,984 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6E3B0000 for section view with handle 0x1e8.
2020-06-05 14:51:46,984 [root] DEBUG: DLL loaded at 0x6E3B0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5669120680b52abf616f3876387ca2cc\System.Windows.Forms.ni (0xbdf000 bytes).
2020-06-05 14:51:47,687 [root] DEBUG: set_caller_info: Adding region at 0x00320000 to caller regions list (ntdll::memcpy).
2020-06-05 14:51:47,687 [root] DEBUG: set_caller_info: Failed to dumping calling PE image at 0x00320000.
2020-06-05 14:51:49,281 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x00540000 for section view with handle 0x1e8.
2020-06-05 14:51:49,453 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1f0 amd local view 0x00650000 to global list.
2020-06-05 14:51:49,546 [root] DEBUG: DLL loaded at 0x74E00000: C:\Windows\system32\bcrypt (0x17000 bytes).
2020-06-05 14:51:49,906 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x204 amd local view 0x71090000 to global list.
2020-06-05 14:51:49,906 [root] DEBUG: DLL loaded at 0x71090000: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4ac828c8c4c76f3ba59f8f9c7dab1cb3\Microsoft.VisualBasic.ni (0x19b000 bytes).
2020-06-05 14:52:01,578 [root] DEBUG: DLL loaded at 0x74010000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-06-05 14:52:01,593 [root] DEBUG: DLL loaded at 0x77150000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-06-05 14:52:01,593 [root] DEBUG: DLL loaded at 0x75560000: C:\Windows\syswow64\OLEAUT32 (0x91000 bytes).
2020-06-05 14:52:01,625 [root] DEBUG: DLL loaded at 0x737D0000: C:\Windows\system32\wbem\wbemdisp (0x31000 bytes).
2020-06-05 14:52:01,687 [root] DEBUG: DLL loaded at 0x73530000: C:\Windows\system32\wbemcomn (0x5c000 bytes).
2020-06-05 14:52:01,718 [root] DEBUG: DLL loaded at 0x773A0000: C:\Windows\syswow64\WS2_32 (0x35000 bytes).
2020-06-05 14:52:01,718 [root] DEBUG: DLL loaded at 0x77140000: C:\Windows\syswow64\NSI (0x6000 bytes).
2020-06-05 14:52:01,765 [root] INFO: Stopping WMI Service
2020-06-05 14:52:09,656 [root] INFO: Stopped WMI Service
2020-06-05 14:52:10,328 [lib.api.process] INFO: Monitor config for process 588: C:\tmpt2nfl3rg\dll\588.ini
2020-06-05 14:52:10,328 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:52:10,328 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpt2nfl3rg\dll\cQWFTB.dll, loader C:\tmpt2nfl3rg\bin\cpWvdgQi.exe
2020-06-05 14:52:10,359 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:52:10,359 [root] DEBUG: Loader: Injecting process 588 (thread 0) with C:\tmpt2nfl3rg\dll\cQWFTB.dll.
2020-06-05 14:52:10,375 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x000007FFFFFD8000 Local PEB 0x000007FFFFFDE000 Local TEB 0x000007FFFFFD3000: The operation completed successfully.
2020-06-05 14:52:10,375 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-06-05 14:52:10,375 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed, falling back to thread injection.
2020-06-05 14:52:10,390 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-05 14:52:10,390 [root] DEBUG: Process dumps disabled.
2020-06-05 14:52:10,390 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-05 14:52:10,390 [root] INFO: Disabling sleep skipping.
2020-06-05 14:52:10,406 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 588 at 0x0000000070F90000, image base 0x00000000FFC60000, stack from 0x0000000001DC6000-0x0000000001DD0000
2020-06-05 14:52:10,406 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k DcomLaunch.
2020-06-05 14:52:10,484 [root] WARNING: b'Unable to place hook on LockResource'
2020-06-05 14:52:10,484 [root] WARNING: b'Unable to hook LockResource'
2020-06-05 14:52:10,562 [root] INFO: loaded: b'588'
2020-06-05 14:52:10,562 [root] INFO: Loaded monitor into process with pid 588
2020-06-05 14:52:10,578 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-06-05 14:52:10,578 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-06-05 14:52:10,578 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\cQWFTB.dll.
2020-06-05 14:52:12,578 [root] INFO: Starting WMI Service
2020-06-05 14:52:12,937 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 1448, handle 0x60c.
2020-06-05 14:52:14,968 [root] INFO: Started WMI Service
2020-06-05 14:52:14,984 [lib.api.process] INFO: Monitor config for process 1448: C:\tmpt2nfl3rg\dll\1448.ini
2020-06-05 14:52:14,984 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:52:14,984 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpt2nfl3rg\dll\cQWFTB.dll, loader C:\tmpt2nfl3rg\bin\cpWvdgQi.exe
2020-06-05 14:52:15,015 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:52:15,015 [root] DEBUG: Loader: Injecting process 1448 (thread 0) with C:\tmpt2nfl3rg\dll\cQWFTB.dll.
2020-06-05 14:52:15,015 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x000007FFFFFD7000 Local PEB 0x000007FFFFFDE000 Local TEB 0x000007FFFFFD6000: The operation completed successfully.
2020-06-05 14:52:15,015 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed, falling back to thread injection.
2020-06-05 14:52:15,031 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-05 14:52:15,031 [root] DEBUG: Process dumps disabled.
2020-06-05 14:52:15,031 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-05 14:52:15,031 [root] INFO: Disabling sleep skipping.
2020-06-05 14:52:15,046 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 1448 at 0x0000000070F90000, image base 0x00000000FFC60000, stack from 0x0000000001506000-0x0000000001510000
2020-06-05 14:52:15,046 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k netsvcs.
2020-06-05 14:52:15,093 [root] WARNING: b'Unable to place hook on LockResource'
2020-06-05 14:52:15,093 [root] WARNING: b'Unable to hook LockResource'
2020-06-05 14:52:15,109 [root] INFO: loaded: b'1448'
2020-06-05 14:52:15,109 [root] INFO: Loaded monitor into process with pid 1448
2020-06-05 14:52:15,109 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-06-05 14:52:15,109 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-06-05 14:52:15,109 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\cQWFTB.dll.
2020-06-05 14:52:17,125 [root] DEBUG: DLL loaded at 0x737C0000: C:\Windows\system32\wbem\wbemprox (0xb000 bytes).
2020-06-05 14:52:17,140 [root] DEBUG: DLL loaded at 0x734C0000: C:\Windows\system32\wbemcomn2 (0x61000 bytes).
2020-06-05 14:52:17,187 [root] DEBUG: DLL loaded at 0x737A0000: C:\Windows\system32\wbem\wmiutils (0x1a000 bytes).
2020-06-05 14:52:17,359 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x2a4 amd local view 0x06A10000 to global list.
2020-06-05 14:52:17,515 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x2a8 amd local view 0x70E80000 to global list.
2020-06-05 14:52:17,515 [root] DEBUG: DLL loaded at 0x70E80000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\81ab4c39c6a7c9f50721aca2db09b417\System.Management.ni (0x106000 bytes).
2020-06-05 14:52:17,593 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 1304.
2020-06-05 14:52:17,593 [root] DEBUG: DumpSectionViewsForPid: no shared section views found for pid 1304.
2020-06-05 14:52:17,703 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 1304.
2020-06-05 14:52:17,718 [root] DEBUG: DumpSectionViewsForPid: no shared section views found for pid 1304.
2020-06-05 14:52:17,765 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x2f4 amd local view 0x734A0000 to global list.
2020-06-05 14:52:17,796 [root] DEBUG: DLL loaded at 0x734A0000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils (0x1e000 bytes).
2020-06-05 14:52:17,890 [root] DEBUG: set_caller_info: Adding region at 0x00810000 to caller regions list (ole32::CoCreateInstance).
2020-06-05 14:52:17,937 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x81ffff
2020-06-05 14:52:17,937 [root] DEBUG: DumpMemory: Nothing to dump at 0x00810000!
2020-06-05 14:52:17,937 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00810000 size 0x10000.
2020-06-05 14:52:17,953 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_932029082175466662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x00810000;?', ['1304'], 'CAPE')
2020-06-05 14:52:17,984 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_932029082175466662020 (size 0x2164)
2020-06-05 14:52:17,984 [root] DEBUG: DumpRegion: Dumped stack region from 0x00810000, size 0x3000.
2020-06-05 14:52:18,062 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 1304.
2020-06-05 14:52:18,062 [root] DEBUG: DumpSectionViewsForPid: no shared section views found for pid 1304.
2020-06-05 14:52:31,203 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 1304.
2020-06-05 14:52:31,203 [root] DEBUG: DumpSectionViewsForPid: no shared section views found for pid 1304.
2020-06-05 14:52:31,203 [root] DEBUG: set_caller_info: Adding region at 0x00820000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2020-06-05 14:52:31,234 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x82ffff
2020-06-05 14:52:31,234 [root] DEBUG: DumpMemory: Nothing to dump at 0x00820000!
2020-06-05 14:52:31,234 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00820000 size 0x10000.
2020-06-05 14:52:31,249 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_596243570415966662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x00820000;?', ['1304'], 'CAPE')
2020-06-05 14:52:31,343 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_596243570415966662020 (size 0x235)
2020-06-05 14:52:31,343 [root] DEBUG: DumpRegion: Dumped stack region from 0x00820000, size 0x1000.
2020-06-05 14:52:31,390 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x35c amd local view 0x008F0000 to global list.
2020-06-05 14:52:31,421 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x358 amd local view 0x008F0000 to global list.
2020-06-05 14:52:39,375 [root] DEBUG: set_caller_info: Adding region at 0x00E20000 to caller regions list (kernel32::SetErrorMode).
2020-06-05 14:52:39,375 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0xe2ffff
2020-06-05 14:52:39,375 [root] DEBUG: DumpMemory: Nothing to dump at 0x00E20000!
2020-06-05 14:52:39,375 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00E20000 size 0x10000.
2020-06-05 14:52:39,375 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_10943524239176662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x00E20000;?', ['1304'], 'CAPE')
2020-06-05 14:52:39,406 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_10943524239176662020 (size 0x2c2a)
2020-06-05 14:52:39,406 [root] DEBUG: DumpRegion: Dumped stack region from 0x00E20000, size 0x3000.
2020-06-05 14:52:39,437 [root] DEBUG: DLL loaded at 0x73490000: C:\Windows\system32\shfolder (0x5000 bytes).
2020-06-05 14:52:39,875 [root] DEBUG: DLL loaded at 0x70E70000: C:\Windows\system32\vaultcli (0xc000 bytes).
2020-06-05 14:52:39,906 [root] DEBUG: DLL unloaded from 0x75600000.
2020-06-05 14:52:40,421 [root] INFO: Announced starting service "b'VaultSvc'"
2020-06-05 14:52:40,421 [lib.api.process] INFO: Monitor config for process 472: C:\tmpt2nfl3rg\dll\472.ini
2020-06-05 14:52:40,437 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:52:40,437 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpt2nfl3rg\dll\cQWFTB.dll, loader C:\tmpt2nfl3rg\bin\cpWvdgQi.exe
2020-06-05 14:52:40,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:52:40,453 [root] DEBUG: Loader: Injecting process 472 (thread 0) with C:\tmpt2nfl3rg\dll\cQWFTB.dll.
2020-06-05 14:52:40,453 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x000007FFFFFD4000 Local PEB 0x000007FFFFFDE000 Local TEB 0x000007FFFFFD4000: The operation completed successfully.
2020-06-05 14:52:40,453 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-06-05 14:52:40,453 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed, falling back to thread injection.
2020-06-05 14:52:40,468 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-05 14:52:40,468 [root] DEBUG: Process dumps disabled.
2020-06-05 14:52:40,468 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-05 14:52:40,484 [root] INFO: Disabling sleep skipping.
2020-06-05 14:52:40,484 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 472 at 0x0000000070F90000, image base 0x00000000FFBB0000, stack from 0x0000000000E86000-0x0000000000E90000
2020-06-05 14:52:40,484 [root] DEBUG: Commandline: C:\Windows\sysnative\services.exe.
2020-06-05 14:52:40,531 [root] WARNING: b'Unable to place hook on LockResource'
2020-06-05 14:52:40,531 [root] WARNING: b'Unable to hook LockResource'
2020-06-05 14:52:40,531 [root] INFO: loaded: b'472'
2020-06-05 14:52:40,531 [root] INFO: Loaded monitor into process with pid 472
2020-06-05 14:52:40,546 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-06-05 14:52:40,546 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-06-05 14:52:40,546 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\cQWFTB.dll.
2020-06-05 14:52:41,203 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 1304.
2020-06-05 14:52:41,203 [root] DEBUG: DumpSectionViewsForPid: no shared section views found for pid 1304.
2020-06-05 14:52:41,593 [root] INFO: Announced 64-bit process name: lsass.exe pid: 2776
2020-06-05 14:52:41,593 [lib.api.process] INFO: Monitor config for process 2776: C:\tmpt2nfl3rg\dll\2776.ini
2020-06-05 14:52:41,593 [lib.api.process] INFO: Option 'procdump' with value 'yes' sent to monitor
2020-06-05 14:52:41,593 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpt2nfl3rg\dll\cQWFTB.dll, loader C:\tmpt2nfl3rg\bin\cpWvdgQi.exe
2020-06-05 14:52:41,609 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LpNFbeJ.
2020-06-05 14:52:41,609 [root] DEBUG: Loader: Injecting process 2776 (thread 3820) with C:\tmpt2nfl3rg\dll\cQWFTB.dll.
2020-06-05 14:52:41,609 [root] DEBUG: Process image base: 0x00000000FF730000
2020-06-05 14:52:41,609 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpt2nfl3rg\dll\cQWFTB.dll.
2020-06-05 14:52:41,625 [root] DEBUG: InjectDllViaIAT: Failed to allocate region in target process for new import table.
2020-06-05 14:52:41,625 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-06-05 14:52:41,640 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-05 14:52:41,640 [root] DEBUG: Process dumps disabled.
2020-06-05 14:52:41,640 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-05 14:52:41,640 [root] INFO: Disabling sleep skipping.
2020-06-05 14:52:41,656 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 2776 at 0x0000000070F90000, image base 0x00000000FF730000, stack from 0x0000000000184000-0x0000000000190000
2020-06-05 14:52:41,656 [root] DEBUG: Commandline: C:\Windows\sysnative\lsass.exe.
2020-06-05 14:52:41,687 [root] WARNING: b'Unable to place hook on LockResource'
2020-06-05 14:52:41,687 [root] WARNING: b'Unable to hook LockResource'
2020-06-05 14:52:41,703 [root] INFO: loaded: b'2776'
2020-06-05 14:52:41,703 [root] INFO: Loaded monitor into process with pid 2776
2020-06-05 14:52:41,718 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-06-05 14:52:41,718 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-06-05 14:52:41,734 [root] DEBUG: Successfully injected DLL C:\tmpt2nfl3rg\dll\cQWFTB.dll.
2020-06-05 14:52:41,734 [root] DEBUG: CreateProcessHandler: using lpCommandLine: C:\Windows\system32\lsass.exe.
2020-06-05 14:52:41,734 [root] DEBUG: CreateProcessHandler: Injection info set for new process 2776, ImageBase: 0x00000000FF730000
2020-06-05 14:52:41,750 [root] DEBUG: ResumeThreadHandler: Dumping hollowed process 2776, image base 0x00000000FF730000.
2020-06-05 14:52:41,750 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FF730000.
2020-06-05 14:52:41,750 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000000000001850.
2020-06-05 14:52:41,781 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\472_649646843415266662020', b'3;?C:\\Windows\\sysnative\\services.exe;?C:\\Windows\\sysnative\\services.exe;?C:\\Windows\\system32\\lsass.exe;?2776;?', ['472'], 'CAPE')
2020-06-05 14:52:41,812 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x7800.
2020-06-05 14:52:41,812 [root] DEBUG: ResumeThreadHandler: Dumped PE image from buffer.
2020-06-05 14:52:41,812 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 2776.
2020-06-05 14:52:41,812 [root] DEBUG: DumpSectionViewsForPid: no shared section views found for pid 2776.
2020-06-05 14:52:43,078 [root] DEBUG: DLL loaded at 0x000007FEF6EB0000: C:\Windows\system32\VSSAPI (0x1b0000 bytes).
2020-06-05 14:52:43,093 [root] DEBUG: DLL loaded at 0x000007FEFB420000: C:\Windows\system32\ATL (0x19000 bytes).
2020-06-05 14:52:43,093 [root] DEBUG: DLL loaded at 0x000007FEF6E60000: C:\Windows\system32\VssTrace (0x17000 bytes).
2020-06-05 14:52:43,296 [root] DEBUG: DLL loaded at 0x000007FEFABC0000: C:\Windows\system32\samcli (0x14000 bytes).
2020-06-05 14:52:43,312 [root] DEBUG: DLL loaded at 0x000007FEFBBF0000: C:\Windows\system32\SAMLIB (0x1d000 bytes).
2020-06-05 14:52:43,437 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1c0 amd local view 0x0000000000D70000 to global list.
2020-06-05 14:52:43,453 [root] DEBUG: DLL unloaded from 0x000007FEF6E60000.
2020-06-05 14:53:11,812 [root] WARNING: Unable to open termination event for pid 2776.
2020-06-05 14:53:12,218 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x360 amd local view 0x70E60000 to global list.
2020-06-05 14:53:12,218 [root] DEBUG: DLL loaded at 0x70E60000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\culture (0x8000 bytes).
2020-06-05 14:53:12,296 [root] DEBUG: DLL unloaded from 0x70E60000.
2020-06-05 14:53:12,296 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x00F40000 for section view with handle 0x360.
2020-06-05 14:53:12,718 [root] DEBUG: set_caller_info: Adding region at 0x024B0000 to caller regions list (ntdll::LdrGetProcedureAddress).
2020-06-05 14:53:12,718 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x24bffff
2020-06-05 14:53:12,765 [root] DEBUG: DumpMemory: Nothing to dump at 0x024B0000!
2020-06-05 14:53:12,765 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x024B0000 size 0x10000.
2020-06-05 14:53:12,765 [root] INFO: ('dump_file', 'C:\\tsLbxSRJr\\CAPE\\1304_17730712502876662020', b'9;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe;?0x024B0000;?', ['1304'], 'CAPE')
2020-06-05 14:53:12,781 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\tsLbxSRJr\CAPE\1304_17730712502876662020 (size 0x663b)
2020-06-05 14:53:12,828 [root] DEBUG: DumpRegion: Dumped stack region from 0x024B0000, size 0x7000.
2020-06-05 14:53:12,843 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x368 amd local view 0x00900000 to global list.
2020-06-05 14:53:12,921 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x370 amd local view 0x70DB0000 to global list.
2020-06-05 14:53:12,921 [root] DEBUG: DLL loaded at 0x70DB0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\51fb28e8a54a8d8f6021415d47477ab4\System.Security.ni (0xb3000 bytes).
2020-06-05 14:53:13,000 [root] DEBUG: DLL loaded at 0x77270000: C:\Windows\syswow64\crypt32 (0x122000 bytes).
2020-06-05 14:53:13,000 [root] DEBUG: DLL loaded at 0x76DE0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2020-06-05 14:53:13,093 [root] DEBUG: DLL unloaded from 0x000007FEFF630000.
2020-06-05 14:54:57,468 [root] INFO: Analysis timeout hit, terminating analysis.
2020-06-05 14:54:57,484 [lib.api.process] INFO: Terminate event set for process 2428
2020-06-05 14:54:57,765 [root] DEBUG: Terminate Event: Skipping dump of process 2428
2020-06-05 14:54:57,796 [lib.api.process] INFO: Termination confirmed for process 2428
2020-06-05 14:54:57,796 [root] INFO: Terminate event set for process 2428.
2020-06-05 14:54:57,796 [lib.api.process] INFO: Terminate event set for process 1304
2020-06-05 14:54:57,796 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 2428
2020-06-05 14:54:57,796 [root] DEBUG: Terminate Event: Skipping dump of process 1304
2020-06-05 14:54:57,843 [lib.api.process] INFO: Termination confirmed for process 1304
2020-06-05 14:54:57,843 [root] INFO: Terminate event set for process 1304.
2020-06-05 14:54:57,843 [lib.api.process] INFO: Terminate event set for process 588
2020-06-05 14:54:57,843 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1304
2020-06-05 14:54:57,843 [root] DEBUG: Terminate Event: Skipping dump of process 588
2020-06-05 14:54:57,859 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 588
2020-06-05 14:54:57,859 [lib.api.process] INFO: Termination confirmed for process 588
2020-06-05 14:54:57,859 [root] INFO: Terminate event set for process 588.
2020-06-05 14:54:57,859 [lib.api.process] INFO: Terminate event set for process 1448
2020-06-05 14:54:57,875 [root] DEBUG: Terminate Event: Skipping dump of process 1448
2020-06-05 14:54:57,906 [lib.api.process] INFO: Termination confirmed for process 1448
2020-06-05 14:54:57,906 [root] INFO: Terminate event set for process 1448.
2020-06-05 14:54:57,906 [lib.api.process] INFO: Terminate event set for process 472
2020-06-05 14:54:57,906 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1448
2020-06-05 14:54:57,906 [root] DEBUG: Terminate Event: Skipping dump of process 472
2020-06-05 14:54:57,953 [lib.api.process] INFO: Termination confirmed for process 472
2020-06-05 14:54:57,953 [root] INFO: Terminate event set for process 472.
2020-06-05 14:54:57,953 [lib.api.process] ERROR: Failed to open terminate event for pid 2776
2020-06-05 14:54:57,953 [root] INFO: Terminate event set for process 2776.
2020-06-05 14:54:57,953 [root] INFO: Created shutdown mutex.
2020-06-05 14:54:57,953 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 472
2020-06-05 14:54:58,968 [root] INFO: Shutting down package.
2020-06-05 14:54:58,968 [root] INFO: Stopping auxiliary modules.
2020-06-05 14:54:59,687 [lib.common.results] WARNING: File C:\tsLbxSRJr\bin\procmon.xml doesn't exist anymore
2020-06-05 14:54:59,687 [root] INFO: Finishing auxiliary modules.
2020-06-05 14:54:59,687 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-06-05 14:54:59,687 [root] WARNING: Folder at path "C:\tsLbxSRJr\debugger" does not exist, skip.
2020-06-05 14:54:59,703 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7x64_2 win7x64_6 KVM 2020-06-05 14:51:32 2020-06-05 14:57:21

File Details

File Name Swift Copy.exe
File Size 1669632 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
PE timestamp 2020-06-05 09:16:11
MD5 4d6dc2778ab1f2bb454a090be1da2220
SHA1 f6e9c46cd4c4f9166ace9c2f04a61bd0dad58ac8
SHA256 45a5f7786e3c2bcf5ffc0c4cc16e4a0d534624cc096bfd1bec6054cad0d6ae92
SHA512 f2be17697e6bb48810464d44dd26f9d645417439721082d3f3550bd8769fe9693a2106d511cd313f577fe2a03d89be88c4a8c2c73377a79a7646e012d89c20a5
CRC32 54A479A4
Ssdeep 24576:ttb20pkaCqT5TBWgNQ7aOoYXBbdbdURWu6yK9R1Oacue3fwY7bX16A:eVg5tQ7aOoYxbdbqWf7qwOF5
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction - unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 2428 trigged the Yara rule 'AgentTeslaV2'
Hit: PID 2428 trigged the Yara rule 'shellcode_patterns'
Creates RWX memory
Guard pages use detected - possible anti-debugging.
A process attempted to delay the analysis task.
Process: MSBuild.exe tried to sleep 777.1 seconds, actually delayed analysis time by 0.0 seconds
Dynamic (imported) function loading detected
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegisterTraceGuidsW
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/OpenThreadToken
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/OpenProcessToken
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/AllocateAndInitializeSid
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/CheckTokenMembership
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/FreeSid
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/CreateSemaphoreExW
DynamicLoader: kernel32.dll/SetThreadStackGuarantee
DynamicLoader: kernel32.dll/CreateThreadpoolTimer
DynamicLoader: kernel32.dll/SetThreadpoolTimer
DynamicLoader: kernel32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: kernel32.dll/CloseThreadpoolTimer
DynamicLoader: kernel32.dll/CreateThreadpoolWait
DynamicLoader: kernel32.dll/SetThreadpoolWait
DynamicLoader: kernel32.dll/CloseThreadpoolWait
DynamicLoader: kernel32.dll/FlushProcessWriteBuffers
DynamicLoader: kernel32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: kernel32.dll/GetCurrentProcessorNumber
DynamicLoader: kernel32.dll/GetLogicalProcessorInformation
DynamicLoader: kernel32.dll/CreateSymbolicLinkW
DynamicLoader: kernel32.dll/SetDefaultDllDirectories
DynamicLoader: kernel32.dll/EnumSystemLocalesEx
DynamicLoader: kernel32.dll/CompareStringEx
DynamicLoader: kernel32.dll/GetDateFormatEx
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/GetTimeFormatEx
DynamicLoader: kernel32.dll/GetUserDefaultLocaleName
DynamicLoader: kernel32.dll/IsValidLocaleName
DynamicLoader: kernel32.dll/LCMapStringEx
DynamicLoader: kernel32.dll/GetCurrentPackageId
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/Wow64DisableWow64FsRedirection
DynamicLoader: kernel32.dll/Wow64RevertWow64FsRedirection
DynamicLoader: kernel32.dll/Wow64DisableWow64FsRedirection
DynamicLoader: kernel32.dll/Wow64RevertWow64FsRedirection
DynamicLoader: COMCTL32.dll/RegisterClassNameW
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: kernel32.dll/GetVersionExW
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
DynamicLoader: msvcrt.dll/_set_error_mode
DynamicLoader: msvcrt.dll/[email protected]@[email protected]
DynamicLoader: msvcrt.dll/_get_terminate
DynamicLoader: KERNEL32.dll/FindActCtxSectionStringW
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: mscorwks.dll/SetLoadedByMscoree
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: mscorwks.dll/_CorExeMain
DynamicLoader: mscorwks.dll/GetCLRFunction
DynamicLoader: ADVAPI32.dll/RegisterTraceGuidsW
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: ADVAPI32.dll/GetTraceLoggerHandle
DynamicLoader: ADVAPI32.dll/GetTraceEnableLevel
DynamicLoader: ADVAPI32.dll/GetTraceEnableFlags
DynamicLoader: ADVAPI32.dll/TraceEvent
DynamicLoader: MSCOREE.DLL/IEE
DynamicLoader: mscoreei.dll/IEE_RetAddr
DynamicLoader: mscoreei.dll/IEE
DynamicLoader: mscorwks.dll/IEE
DynamicLoader: MSCOREE.DLL/GetStartupFlags
DynamicLoader: mscoreei.dll/GetStartupFlags_RetAddr
DynamicLoader: mscoreei.dll/GetStartupFlags
DynamicLoader: MSCOREE.DLL/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetHostConfigurationFile_RetAddr
DynamicLoader: mscoreei.dll/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
DynamicLoader: mscoreei.dll/GetCORVersion
DynamicLoader: MSCOREE.DLL/GetCORSystemDirectory
DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: ntdll.dll/RtlUnwind
DynamicLoader: KERNEL32.dll/IsWow64Process
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/AddVectoredContinueHandler
DynamicLoader: KERNEL32.dll/RemoveVectoredContinueHandler
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/GetWriteWatch
DynamicLoader: KERNEL32.dll/ResetWriteWatch
DynamicLoader: KERNEL32.dll/CreateMemoryResourceNotification
DynamicLoader: KERNEL32.dll/QueryMemoryResourceNotification
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: KERNEL32.dll/QueryActCtxW
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: KERNEL32.dll/GetFullPathName
DynamicLoader: KERNEL32.dll/GetFullPathNameW
DynamicLoader: KERNEL32.dll/GetVersionEx
DynamicLoader: KERNEL32.dll/GetVersionExW
DynamicLoader: KERNEL32.dll/GetVersionEx
DynamicLoader: KERNEL32.dll/GetVersionExW
DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: ADVAPI32.dll/CryptImportKey
DynamicLoader: ADVAPI32.dll/CryptExportKey
DynamicLoader: ADVAPI32.dll/CryptGenKey
DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
DynamicLoader: ADVAPI32.dll/CryptSignHashA
DynamicLoader: ADVAPI32.dll/CryptGetProvParam
DynamicLoader: ADVAPI32.dll/CryptGetUserKey
DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
DynamicLoader: MSCOREE.DLL/GetMetaDataInternalInterface
DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface_RetAddr
DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface
DynamicLoader: mscorwks.dll/GetMetaDataInternalInterface
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptVerifySignatureA
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: mscorjit.dll/getJit
DynamicLoader: KERNEL32.dll/IsWow64Process
DynamicLoader: KERNEL32.dll/GetUserDefaultUILanguage
DynamicLoader: KERNEL32.dll/SetErrorMode
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: bcrypt.dll/BCryptGetFipsAlgorithmMode
DynamicLoader: KERNEL32.dll/lstrlen
DynamicLoader: KERNEL32.dll/lstrlenW
DynamicLoader: KERNEL32.dll/GetModuleHandle
DynamicLoader: KERNEL32.dll/GetModuleHandleW
DynamicLoader: KERNEL32.dll/GetProcAddress
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: GDI32.dll/GetStockObject
DynamicLoader: USER32.dll/RegisterClass
DynamicLoader: USER32.dll/RegisterClassW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: USER32.dll/CreateWindowEx
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/GetWindowLong
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentThread
DynamicLoader: KERNEL32.dll/DuplicateHandle
DynamicLoader: KERNEL32.dll/GetCurrentThreadId
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/CallWindowProc
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/RegisterWindowMessage
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/GetCurrentProcessId
DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQuerySystemInformationW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoGetObjectContext
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: ole32.dll/MkParseDisplayName
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: KERNEL32.dll/CreateEvent
DynamicLoader: KERNEL32.dll/CreateEventW
DynamicLoader: KERNEL32.dll/SwitchToThread
DynamicLoader: KERNEL32.dll/SetEvent
DynamicLoader: ole32.dll/CoWaitForMultipleHandles
DynamicLoader: ole32.dll/IIDFromString
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: KERNEL32.dll/LoadLibrary
DynamicLoader: KERNEL32.dll/LoadLibraryA
DynamicLoader: KERNEL32.dll/GetProcAddress
DynamicLoader: wminet_utils.dll/ResetSecurity
DynamicLoader: wminet_utils.dll/SetSecurity
DynamicLoader: wminet_utils.dll/BlessIWbemServices
DynamicLoader: wminet_utils.dll/BlessIWbemServicesObject
DynamicLoader: wminet_utils.dll/GetPropertyHandle
DynamicLoader: wminet_utils.dll/WritePropertyValue
DynamicLoader: wminet_utils.dll/Clone
DynamicLoader: wminet_utils.dll/VerifyClientKey
DynamicLoader: wminet_utils.dll/GetQualifierSet
DynamicLoader: wminet_utils.dll/Get
DynamicLoader: wminet_utils.dll/Put
DynamicLoader: wminet_utils.dll/Delete
DynamicLoader: wminet_utils.dll/GetNames
DynamicLoader: wminet_utils.dll/BeginEnumeration
DynamicLoader: wminet_utils.dll/Next
DynamicLoader: wminet_utils.dll/EndEnumeration
DynamicLoader: wminet_utils.dll/GetPropertyQualifierSet
DynamicLoader: wminet_utils.dll/Clone
DynamicLoader: wminet_utils.dll/GetObjectText
DynamicLoader: wminet_utils.dll/SpawnDerivedClass
DynamicLoader: wminet_utils.dll/SpawnInstance
DynamicLoader: wminet_utils.dll/CompareTo
DynamicLoader: wminet_utils.dll/GetPropertyOrigin
DynamicLoader: wminet_utils.dll/InheritsFrom
DynamicLoader: wminet_utils.dll/GetMethod
DynamicLoader: wminet_utils.dll/PutMethod
DynamicLoader: wminet_utils.dll/DeleteMethod
DynamicLoader: wminet_utils.dll/BeginMethodEnumeration
DynamicLoader: wminet_utils.dll/NextMethod
DynamicLoader: wminet_utils.dll/EndMethodEnumeration
DynamicLoader: wminet_utils.dll/GetMethodQualifierSet
DynamicLoader: wminet_utils.dll/GetMethodOrigin
DynamicLoader: wminet_utils.dll/QualifierSet_Get
DynamicLoader: wminet_utils.dll/QualifierSet_Put
DynamicLoader: wminet_utils.dll/QualifierSet_Delete
DynamicLoader: wminet_utils.dll/QualifierSet_GetNames
DynamicLoader: wminet_utils.dll/QualifierSet_BeginEnumeration
DynamicLoader: wminet_utils.dll/QualifierSet_Next
DynamicLoader: wminet_utils.dll/QualifierSet_EndEnumeration
DynamicLoader: wminet_utils.dll/GetCurrentApartmentType
DynamicLoader: wminet_utils.dll/GetDemultiplexedStub
DynamicLoader: wminet_utils.dll/CreateInstanceEnumWmi
DynamicLoader: wminet_utils.dll/CreateClassEnumWmi
DynamicLoader: wminet_utils.dll/ExecQueryWmi
DynamicLoader: wminet_utils.dll/ExecNotificationQueryWmi
DynamicLoader: wminet_utils.dll/PutInstanceWmi
DynamicLoader: wminet_utils.dll/PutClassWmi
DynamicLoader: wminet_utils.dll/CloneEnumWbemClassObject
DynamicLoader: wminet_utils.dll/ConnectServerWmi
DynamicLoader: wminet_utils.dll/GetErrorInfo
DynamicLoader: wminet_utils.dll/Initialize
DynamicLoader: OLEAUT32.dll/SysStringLen
DynamicLoader: KERNEL32.dll/ZeroMemory
DynamicLoader: KERNEL32.dll/ZeroMemoryA
DynamicLoader: KERNEL32.dll/RtlZeroMemory
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
DynamicLoader: ADVAPI32.dll/GetUserName
DynamicLoader: ADVAPI32.dll/GetUserNameW
DynamicLoader: KERNEL32.dll/GetComputerName
DynamicLoader: KERNEL32.dll/GetComputerNameW
DynamicLoader: KERNEL32.dll/CreateIoCompletionPort
DynamicLoader: KERNEL32.dll/PostQueuedCompletionStatus
DynamicLoader: ntdll.dll/NtQueryInformationThread
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtGetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetSystemTimeAsFileTime
DynamicLoader: USER32.dll/GetLastInputInfo
DynamicLoader: shfolder.dll/SHGetFolderPath
DynamicLoader: shfolder.dll/SHGetFolderPathW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: KERNEL32.dll/CreateFile
DynamicLoader: KERNEL32.dll/CreateFileW
DynamicLoader: vaultcli.dll/VaultEnumerateVaults
DynamicLoader: KERNEL32.dll/FindFirstFile
DynamicLoader: KERNEL32.dll/FindFirstFileW
DynamicLoader: KERNEL32.dll/FindClose
DynamicLoader: mscoreei.dll/LoadLibraryShim_RetAddr
DynamicLoader: mscoreei.dll/LoadLibraryShim
DynamicLoader: culture.dll/ConvertLangIdToCultureName
DynamicLoader: KERNEL32.dll/FindNextFile
DynamicLoader: KERNEL32.dll/FindNextFileW
DynamicLoader: KERNEL32.dll/GetFileType
DynamicLoader: KERNEL32.dll/GetFileSize
DynamicLoader: KERNEL32.dll/ReadFile
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: KERNEL32.dll/GetACP
DynamicLoader: KERNEL32.dll/UnmapViewOfFile
DynamicLoader: KERNEL32.dll/LocalFree
DynamicLoader: KERNEL32.dll/ZeroMemory
DynamicLoader: KERNEL32.dll/ZeroMemoryA
DynamicLoader: KERNEL32.dll/RtlZeroMemory
DynamicLoader: crypt32.dll/CryptUnprotectData
DynamicLoader: crypt32.dll/CryptUnprotectDataW
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: CRYPTBASE.dll/SystemFunction041
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/GetClientRect
DynamicLoader: USER32.dll/GetWindowRect
DynamicLoader: USER32.dll/GetParent
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: ole32.dll/CoRegisterMessageFilter
DynamicLoader: USER32.dll/PeekMessage
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/WaitMessage
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI
DynamicLoader: VSSAPI.DLL/CreateWriter
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ADVAPI32.dll/LookupAccountNameW
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: samcli.dll/NetLocalGroupGetMembers
DynamicLoader: SAMLIB.dll/SamConnect
DynamicLoader: RPCRT4.dll/NdrClientCall3
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/I_RpcMapWin32Status
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: ADVAPI32.dll/RegisterEventSourceW
DynamicLoader: ADVAPI32.dll/ReportEventW
DynamicLoader: ADVAPI32.dll/DeregisterEventSource
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: ole32.dll/CoCreateInstance
Expresses interest in specific running processes
process: MSBuild.exe
Reads data out of its own binary image
self_read: process: Swift Copy.exe, pid: 2428, offset: 0x00000000, length: 0x00010000
self_read: process: Swift Copy.exe, pid: 2428, offset: 0x00000000, length: 0x00197a00
self_read: process: Swift Copy.exe, pid: 2428, offset: 0x00010000, length: 0x00187a00
CAPE extracted potentially suspicious content
MSBuild.exe: Unpacked Shellcode
Swift Copy.exe: AgentTeslaV2 Payload: 32-bit executable
Swift Copy.exe: AgentTeslaV2
Swift Copy.exe: Unpacked Shellcode
MSBuild.exe: Unpacked Shellcode
MSBuild.exe: Unpacked Shellcode
MSBuild.exe: Unpacked Shellcode
MSBuild.exe: Unpacked Shellcode
MSBuild.exe: Unpacked Shellcode
Swift Copy.exe: Unpacked Shellcode
MSBuild.exe: Unpacked Shellcode
MSBuild.exe: Unpacked Shellcode
MSBuild.exe: Unpacked Shellcode
services.exe: Injected PE Image: 64-bit executable
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
The binary likely contains encrypted or compressed data.
section: name: .rsrc, entropy: 7.87, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x000cea00, virtual_size: 0x000ce87c
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Louise\AppData\Local\Temp\Swift Copy.exe
Behavioural detection: Injection (Process Hollowing)
Injection: Swift Copy.exe(2428) -> MSBuild.exe(1304)
Executed a process and injected code into it, probably while unpacking
Injection: Swift Copy.exe(2428) -> MSBuild.exe(1304)
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Attempts to repeatedly call a single API many times in order to delay analysis time
Spam: services.exe (472) called API GetSystemTimeAsFileTime 929074 times
Steals private information from local Internet browsers
file: C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Login Data
file: C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\profiles.ini
file: C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\key4.db
Installs itself for autorun at Windows startup
file: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EduPrintProv.url
file: C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EduPrintProv.url
Network activity detected but not expressed in API logs
CAPE detected the AgentTeslaV2 malware family
File has been identified by 24 Antiviruses on VirusTotal as malicious
FireEye: Generic.mg.4d6dc2778ab1f2bb
CAT-QuickHeal: Trojan.Zapchast.C5
McAfee: Trojan-AitInject.aq
Alibaba: Trojan:Win32/Predator.37f633f3
Cybereason: malicious.cd4c4f
Invincea: heuristic
Symantec: AUT.Heuristic!gen5
APEX: Malicious
Paloalto: generic.ml
Kaspersky: HEUR:Trojan.Script.Generic
Rising: Trojan.Obfus/Autoit!1.C045 (CLASSIC)
McAfee-GW-Edition: BehavesLike.Win32.TrojanAitInject.tc
Fortinet: AutoIt/Injector.FIC!tr
Cyren: W32/AutoIt.OM.gen!Eldorado
Endgame: malicious (high confidence)
Microsoft: Trojan:Win32/Wacatac.C!ml
ZoneAlarm: HEUR:Trojan.Script.Generic
Malwarebytes: Trojan.MalPack.AutoIt
ESET-NOD32: a variant of Win32/Injector.Autoit.FIO
Ikarus: Trojan-Spy.Keylogger.AgentTesla
eGambit: Unsafe.AI_Score_83%
MaxSecure: Trojan.Malware.300983.susgen
CrowdStrike: win/malicious_confidence_60% (W)
Qihoo-360: HEUR/QVM10.1.B441.Malware.Gen
Creates a copy of itself
copy: C:\Users\Louise\EduPrintProv\wusa.exe
Harvests information related to installed mail clients
file: C:\Users\Louise\AppData\Roaming\Thunderbird\profiles.ini
key: HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

No domains contacted.


Summary

C:\Windows\WindowsShell.Manifest
\Device\KsecDD
C:\Users\Louise\AppData\Local\Temp\Swift Copy.exe
C:\Users
C:\Users\Louise
C:\Users\Louise\AppData
C:\Users\Louise\AppData\Local
C:\Users\Louise\AppData\Local\Temp
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Louise\EduPrintProv
C:\Users\Louise\EduPrintProv\wusa.exe
C:\Users\Louise\EduPrintProv\EduPrintProv.vbs
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EduPrintProv.url
C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.config
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-2.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Louise\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Louise\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index39c.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f8420d8c6ede777377fcff48a4beaa2a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v2.0.50727
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.INI
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol214.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0a65164b17e5c64bacdc694ea2439c43\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\175df210b784212def386595c25caefb\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5669120680b52abf616f3876387ca2cc\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4ac828c8c4c76f3ba59f8f9c7dab1cb3\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\81ab4c39c6a7c9f50721aca2db09b417\System.Management.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
C:\%insfolder%\%insname%
C:\Windows\System32\tzres.dll
C:\Users\Louise\AppData\Local\Elements Browser\User Data
C:\Users\Louise\AppData\Local\Vivaldi\User Data
C:\Users\Louise\AppData\Local\liebao\User Data
C:\Users\Louise\AppData\Local\Torch\User Data
C:\Users\Louise\AppData\Local\Comodo\Dragon\User Data
C:\Users\Louise\AppData\Local\360Chrome\Chrome\User Data
C:\Users\Louise\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
C:\Users\Louise\AppData\Local\7Star\7Star\User Data
C:\Users\Louise\AppData\Local\CocCoc\Browser\User Data
C:\Users\Louise\AppData\Local\Chedot\User Data
C:\Users\Louise\AppData\Local\QIP Surf\User Data
C:\Users\Louise\AppData\Local\Epic Privacy Browser\User Data
C:\Users\Louise\AppData\Local\Iridium\User Data
C:\Users\Louise\AppData\Local\uCozMedia\Uran\User Data
C:\Users\Louise\AppData\Local\MapleStudio\ChromePlus\User Data
C:\Users\Louise\AppData\Local\Kometa\User Data
C:\Users\Louise\AppData\Local\Yandex\YandexBrowser\User Data
C:\Users\Louise\AppData\Local\Amigo\User Data
C:\Users\Louise\AppData\Local\Chromium\User Data
C:\Users\Louise\AppData\Local\Sputnik\Sputnik\User Data
C:\Users\Louise\AppData\Local\CatalinaGroup\Citrio\User Data
C:\Users\Louise\AppData\Roaming\Opera Software\Opera Stable
C:\Users\Louise\AppData\Local\Orbitum\User Data
C:\Users\Louise\AppData\Local\Coowon\Coowon\User Data
C:\Users\Louise\AppData\Local\BraveSoftware\Brave-Browser\User Data
C:\Users\Louise\AppData\Local\CentBrowser\User Data
C:\Users\Louise\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
C:\Users\Louise\AppData\Roaming\Comodo\IceDragon\profiles.ini
C:\Storage\
C:\mail\
C:\Users\Louise\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
C:\Users\Louise\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
C:\Users\Louise\AppData\Roaming\Flock\Browser\profiles.ini
C:\Users\Louise\AppData\Roaming\K-Meleon\profiles.ini
C:\Users\Louise\AppData\Local\Microsoft\Edge\User Data
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
C:\Users\Louise\AppData\Roaming\Waterfox\profiles.ini
C:\Users\Louise\AppData\Roaming\The Bat!
C:\Users\Louise\AppData\Local\Temp\Folder.lst
C:\Users\Louise\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
C:\Users\Louise\AppData\Local\UCBrowser\*
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
C:\Users\Louise\AppData\Local\Tencent\QQBrowser\User Data
C:\Users\Louise\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
C:\Users\Louise\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
C:\Users\Louise\AppData\Roaming\Claws-mail
C:\Users\Louise\AppData\Roaming\Claws-mail\clawsrc
C:\Users\Louise\AppData\Roaming\Mozilla\icecat\profiles.ini
C:\Users\Louise\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
C:\Users\Louise\AppData\Local\falkon\profiles\profiles.ini
C:\Users\Louise\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
C:\Users\Louise\AppData\Roaming\Pocomail\accounts.ini
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
C:\Users\Louise\AppData\Roaming\Thunderbird\profiles.ini
C:\Users\Louise\AppData\Roaming\Trillian\users\global\accounts.dat
C:\Users\Louise\AppData\Roaming\Postbox\profiles.ini
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\51fb28e8a54a8d8f6021415d47477ab4\System.Security.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.INI
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Local State
C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\crypt32.dll
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Login Data
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\profiles.ini
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\logins.json
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\key4.db
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\signons.sqlite
\??\PIPE\samr
C:\DosDevices\pipe\
C:\Windows\sysnative\en-US\KERNELBASE.dll.mui
C:\Windows\Temp
C:\Windows\WindowsShell.Manifest
\Device\KsecDD
C:\Users\Louise\AppData\Local\Temp\Swift Copy.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Louise\EduPrintProv\EduPrintProv.vbs
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EduPrintProv.url
C:\Users\Louise\EduPrintProv\wusa.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Louise\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Louise\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index39c.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f8420d8c6ede777377fcff48a4beaa2a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol214.dat
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0a65164b17e5c64bacdc694ea2439c43\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\175df210b784212def386595c25caefb\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5669120680b52abf616f3876387ca2cc\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4ac828c8c4c76f3ba59f8f9c7dab1cb3\Microsoft.VisualBasic.ni.dll
C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\81ab4c39c6a7c9f50721aca2db09b417\System.Management.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll
C:\Windows\System32\tzres.dll
C:\Users\Louise\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
C:\Users\Louise\AppData\Roaming\Comodo\IceDragon\profiles.ini
C:\Users\Louise\AppData\Roaming\Flock\Browser\profiles.ini
C:\Users\Louise\AppData\Roaming\K-Meleon\profiles.ini
C:\Users\Louise\AppData\Roaming\Waterfox\profiles.ini
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
C:\Users\Louise\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
C:\Users\Louise\AppData\Roaming\Mozilla\icecat\profiles.ini
C:\Users\Louise\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
C:\Users\Louise\AppData\Local\falkon\profiles\profiles.ini
C:\Users\Louise\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
C:\Users\Louise\AppData\Roaming\Thunderbird\profiles.ini
C:\Users\Louise\AppData\Roaming\Postbox\profiles.ini
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\51fb28e8a54a8d8f6021415d47477ab4\System.Security.ni.dll
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Local State
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\profiles.ini
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\key4.db
\??\PIPE\samr
C:\Windows\sysnative\en-US\KERNELBASE.dll.mui
C:\Users\Louise\EduPrintProv\EduPrintProv.vbs
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EduPrintProv.url
C:\Users\Louise\EduPrintProv\wusa.exe
\??\PIPE\samr
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\NetworkProvider\HwOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
DisableUserModeCallbackFilter
HKEY_CURRENT_USER\Control Panel\Mouse
HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons
HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\Swift Copy.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSBuild.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v2.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1339698970-4093829097-1161395185-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index39c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index39c\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index39c\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7d68d7c1\726315c1
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\MSBuild.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\9C0191DC
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Classes\WinMgmts
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\Scripting\Default Namespace
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.JScript__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\WMIDisableCOMSecurity
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\IncrediMail\Identities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
DisableUserModeCallbackFilter
HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index39c\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index39c\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\c8\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\780ee13f\c9\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\ba\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\304b33ae\cb\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\46ad1249\cf\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\553abeb3\cc\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\324708cb\ce\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4bf62c79\c0\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\3dc46903\c6\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\5086dba8\c1\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\c7\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\257bdb20\d0\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\bb\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\12d2be49\c8\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\47\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\3e045c21\b7\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\23e7306f\5d\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\6e527edf\b6\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\191b956f\3f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\9C0191DC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\Scripting\Default Namespace
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\5c\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\61f4f6f6\ae\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\41a2a33b\5b\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\WMIDisableCOMSecurity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\c0\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\658578aa\c2\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
lpk.dll.LpkEditControl
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegisterTraceGuidsW
api-ms-win-downlevel-advapi32-l1-1-0.dll.OpenThreadToken
api-ms-win-downlevel-advapi32-l1-1-0.dll.OpenProcessToken
api-ms-win-downlevel-advapi32-l1-1-0.dll.AllocateAndInitializeSid
api-ms-win-downlevel-advapi32-l1-1-0.dll.CheckTokenMembership
api-ms-win-downlevel-advapi32-l1-1-0.dll.FreeSid
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.SetDefaultDllDirectories
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.IsWow64Process
kernel32.dll.GetNativeSystemInfo
cryptbase.dll.SystemFunction036
kernel32.dll.Wow64DisableWow64FsRedirection
kernel32.dll.Wow64RevertWow64FsRedirection
comctl32.dll.RegisterClassNameW
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
uxtheme.dll.OpenThemeData
imm32.dll.ImmGetContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmAssociateContext
imm32.dll.ImmIsIME
shell32.dll.#66
ole32.dll.CoTaskMemFree
kernel32.dll.GetVersionExW
kernel32.dll.VirtualAlloc
kernel32.dll.OpenProcess
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.CreateEventExW
kernel32.dll.GetTickCount64
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
advapi32.dll.EventRegister
advapi32.dll.EventSetInformation
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
[email protected]@[email protected]
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationW
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
ole32.dll.CoInitializeEx
kernel32.dll.QueryActCtxW
ole32.dll.CoGetContextToken
kernel32.dll.GetFullPathNameW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyKey
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
bcrypt.dll.BCryptGetFipsAlgorithmMode
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
ole32.dll.CoTaskMemAlloc
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
kernel32.dll.GetCurrentProcess
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
user32.dll.CallWindowProcW
user32.dll.RegisterWindowMessageW
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
cryptsp.dll.CryptAcquireContextW
ole32.dll.CreateBindCtx
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
ole32.dll.MkParseDisplayName
oleaut32.dll.#200
oleaut32.dll.#2
oleaut32.dll.#7
oleaut32.dll.#6
kernel32.dll.CreateEventW
kernel32.dll.SwitchToThread
kernel32.dll.SetEvent
ole32.dll.CoWaitForMultipleHandles
ole32.dll.IIDFromString
kernel32.dll.LoadLibraryA
wminet_utils.dll.ResetSecurity
wminet_utils.dll.SetSecurity
wminet_utils.dll.BlessIWbemServices
wminet_utils.dll.BlessIWbemServicesObject
wminet_utils.dll.GetPropertyHandle
wminet_utils.dll.WritePropertyValue
wminet_utils.dll.Clone
wminet_utils.dll.VerifyClientKey
wminet_utils.dll.GetQualifierSet
wminet_utils.dll.Get
wminet_utils.dll.Put
wminet_utils.dll.Delete
wminet_utils.dll.GetNames
wminet_utils.dll.BeginEnumeration
wminet_utils.dll.Next
wminet_utils.dll.EndEnumeration
wminet_utils.dll.GetPropertyQualifierSet
wminet_utils.dll.GetObjectText
wminet_utils.dll.SpawnDerivedClass
wminet_utils.dll.SpawnInstance
wminet_utils.dll.CompareTo
wminet_utils.dll.GetPropertyOrigin
wminet_utils.dll.InheritsFrom
wminet_utils.dll.GetMethod
wminet_utils.dll.PutMethod
wminet_utils.dll.DeleteMethod
wminet_utils.dll.BeginMethodEnumeration
wminet_utils.dll.NextMethod
wminet_utils.dll.EndMethodEnumeration
wminet_utils.dll.GetMethodQualifierSet
wminet_utils.dll.GetMethodOrigin
wminet_utils.dll.QualifierSet_Get
wminet_utils.dll.QualifierSet_Put
wminet_utils.dll.QualifierSet_Delete
wminet_utils.dll.QualifierSet_GetNames
wminet_utils.dll.QualifierSet_BeginEnumeration
wminet_utils.dll.QualifierSet_Next
wminet_utils.dll.QualifierSet_EndEnumeration
wminet_utils.dll.GetCurrentApartmentType
wminet_utils.dll.GetDemultiplexedStub
wminet_utils.dll.CreateInstanceEnumWmi
wminet_utils.dll.CreateClassEnumWmi
wminet_utils.dll.ExecQueryWmi
wminet_utils.dll.ExecNotificationQueryWmi
wminet_utils.dll.PutInstanceWmi
wminet_utils.dll.PutClassWmi
wminet_utils.dll.CloneEnumWbemClassObject
wminet_utils.dll.ConnectServerWmi
wminet_utils.dll.GetErrorInfo
wminet_utils.dll.Initialize
oleaut32.dll.SysStringLen
kernel32.dll.RtlZeroMemory
ole32.dll.CoUninitialize
oleaut32.dll.#500
cryptsp.dll.CryptGetHashParam
kernel32.dll.GetEnvironmentVariableW
advapi32.dll.GetUserNameW
kernel32.dll.GetComputerNameW
kernel32.dll.CreateIoCompletionPort
kernel32.dll.PostQueuedCompletionStatus
ntdll.dll.NtQueryInformationThread
ntdll.dll.NtGetCurrentProcessorNumber
kernel32.dll.GetSystemTimeAsFileTime
user32.dll.GetLastInputInfo
shfolder.dll.SHGetFolderPathW
kernel32.dll.CreateFileW
vaultcli.dll.VaultEnumerateVaults
kernel32.dll.FindFirstFileW
kernel32.dll.FindClose
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.FindNextFileW
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
oleaut32.dll.#204
oleaut32.dll.#203
oleaut32.dll.#179
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.LocalFree
crypt32.dll.CryptUnprotectData
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.NdrClientCall2
cryptbase.dll.SystemFunction041
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
user32.dll.GetSystemMetrics
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.WaitMessage
vssapi.dll.CreateWriter
advapi32.dll.LookupAccountNameW
samcli.dll.NetLocalGroupGetMembers
samlib.dll.SamConnect
rpcrt4.dll.NdrClientCall3
rpcrt4.dll.I_RpcMapWin32Status
sechost.dll.ConvertSidToStringSidW
ole32.dll.CoTaskMemRealloc
advapi32.dll.RegisterEventSourceW
advapi32.dll.ReportEventW
advapi32.dll.DeregisterEventSource
ole32.dll.CoCreateGuid
"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\MSBuild.exe"
C:\Windows\system32\lsass.exe
Global\CLR_CASOFF_MUTEX
VaultSvc

BinGraph Download graph

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash Icon Icon Exact Hash Icon Similarity Hash
0x00400000 0x00425f74 0x001a71aa 0x001a71aa 5.1 2020-06-05 09:16:11 3d95adbf13bbe79dc24dccb401c12091 eaec7ac88885e88c11458f9d4c17790f 46be87ac0b1642103cd24b65425e8058

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000400 0x00001000 0x0008b54f 0x0008b600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.68
.rdata 0x0008ba00 0x0008d000 0x0002cc42 0x0002ce00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.77
.data 0x000b8800 0x000ba000 0x00009d54 0x00006200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.00
.rsrc 0x000bea00 0x000c4000 0x000ce87c 0x000cea00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.87
.reloc 0x0018d400 0x00193000 0x0000a474 0x0000a600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.25

Resources

Name Offset Size Language Sub-language Entropy File type
RT_ICON 0x000c47d0 0x0000eac8 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.43 None
RT_ICON 0x000c47d0 0x0000eac8 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.43 None
RT_ICON 0x000c47d0 0x0000eac8 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.43 None
RT_ICON 0x000c47d0 0x0000eac8 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.43 None
RT_MENU 0x000d3298 0x00000050 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.68 None
RT_STRING 0x000d5458 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK 3.09 None
RT_STRING 0x000d5458 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK 3.09 None
RT_STRING 0x000d5458 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK 3.09 None
RT_STRING 0x000d5458 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK 3.09 None
RT_STRING 0x000d5458 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK 3.09 None
RT_STRING 0x000d5458 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK 3.09 None
RT_STRING 0x000d5458 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK 3.09 None
RT_RCDATA 0x000d55b0 0x000bcc66 LANG_NEUTRAL SUBLANG_NEUTRAL 8.00 None
RT_GROUP_ICON 0x00192254 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.02 None
RT_GROUP_ICON 0x00192254 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.02 None
RT_GROUP_ICON 0x00192254 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.02 None
RT_GROUP_ICON 0x00192254 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK 2.02 None
RT_VERSION 0x00192268 0x00000264 LANG_FRENCH SUBLANG_FRENCH 3.39 None
RT_MANIFEST 0x001924cc 0x000003b0 LANG_ENGLISH SUBLANG_ENGLISH_UK 5.38 None

Imports

0x48d7b0 __WSAFDIsSet
0x48d7b4 recv
0x48d7b8 send
0x48d7bc setsockopt
0x48d7c0 ntohs
0x48d7c4 recvfrom
0x48d7c8 select
0x48d7cc WSAStartup
0x48d7d0 htons
0x48d7d4 accept
0x48d7d8 listen
0x48d7dc bind
0x48d7e0 closesocket
0x48d7e4 connect
0x48d7e8 WSACleanup
0x48d7ec ioctlsocket
0x48d7f0 sendto
0x48d7f4 WSAGetLastError
0x48d7f8 inet_addr
0x48d7fc gethostbyname
0x48d800 gethostname
0x48d804 socket
0x48d754 GetFileVersionInfoW
0x48d758 VerQueryValueW
0x48d7a0 timeGetTime
0x48d7a4 waveOutSetVolume
0x48d7a8 mciSendStringW
0x48d088 ImageList_Destroy
0x48d08c ImageList_Remove
0x48d094 ImageList_BeginDrag
0x48d098 ImageList_DragEnter
0x48d09c ImageList_DragLeave
0x48d0a0 ImageList_EndDrag
0x48d0a4 ImageList_DragMove
0x48d0a8 ImageList_Create
0x48d3e8 WNetUseConnectionW
0x48d3f0 WNetGetConnectionW
0x48d3f4 WNetAddConnection2W
0x48d764 InternetReadFile
0x48d768 InternetCloseHandle
0x48d76c InternetOpenW
0x48d770 InternetSetOptionW
0x48d774 InternetCrackUrlW
0x48d778 HttpQueryInfoW
0x48d780 HttpOpenRequestW
0x48d784 HttpSendRequestW
0x48d788 FtpOpenFileW
0x48d78c FtpGetFileSize
0x48d790 InternetOpenUrlW
0x48d794 InternetConnectW
0x48d154 IcmpCreateFile
0x48d158 IcmpCloseHandle
0x48d15c IcmpSendEcho
0x48d738 UnloadUserProfile
0x48d744 LoadUserProfileW
0x48d74c IsThemeActive
0x48d164 HeapAlloc
0x48d168 GetProcessHeap
0x48d16c HeapFree
0x48d170 Sleep
0x48d174 GetCurrentThreadId
0x48d178 MultiByteToWideChar
0x48d17c MulDiv
0x48d180 GetVersionExW
0x48d184 GetSystemInfo
0x48d188 FreeLibrary
0x48d18c LoadLibraryA
0x48d190 GetProcAddress
0x48d194 SetErrorMode
0x48d198 GetModuleFileNameW
0x48d19c WideCharToMultiByte
0x48d1a0 lstrcpyW
0x48d1a4 lstrlenW
0x48d1a8 GetModuleHandleW
0x48d1b0 VirtualFreeEx
0x48d1b4 OpenProcess
0x48d1b8 VirtualAllocEx
0x48d1bc WriteProcessMemory
0x48d1c0 ReadProcessMemory
0x48d1c4 CreateFileW
0x48d1c8 SetFilePointerEx
0x48d1cc ReadFile
0x48d1d0 WriteFile
0x48d1d4 FlushFileBuffers
0x48d1d8 TerminateProcess
0x48d1e0 Process32FirstW
0x48d1e4 Process32NextW
0x48d1e8 SetFileTime
0x48d1ec GetFileAttributesW
0x48d1f0 FindFirstFileW
0x48d1f4 FindClose
0x48d1f8 GetLongPathNameW
0x48d1fc GetCurrentThread
0x48d200 FindNextFileW
0x48d204 MoveFileW
0x48d208 CopyFileW
0x48d20c CreateDirectoryW
0x48d210 RemoveDirectoryW
0x48d214 SetSystemPowerState
0x48d21c FindResourceW
0x48d220 LoadResource
0x48d224 LockResource
0x48d228 SizeofResource
0x48d22c EnumResourceNamesW
0x48d230 OutputDebugStringW
0x48d234 GetTempPathW
0x48d238 GetTempFileNameW
0x48d23c DeviceIoControl
0x48d240 GetLocalTime
0x48d244 CompareStringW
0x48d24c WaitForSingleObject
0x48d254 GetStdHandle
0x48d258 CreatePipe
0x48d25c InterlockedExchange
0x48d260 TerminateThread
0x48d264 LoadLibraryExW
0x48d268 FindResourceExW
0x48d26c VirtualFree
0x48d270 FormatMessageW
0x48d274 GetExitCodeProcess
0x48d29c GetDriveTypeW
0x48d2a0 GetDiskFreeSpaceExW
0x48d2a4 GetDiskFreeSpaceW
0x48d2ac SetVolumeLabelW
0x48d2b0 CreateHardLinkW
0x48d2b4 SetFileAttributesW
0x48d2b8 GetShortPathNameW
0x48d2bc CreateEventW
0x48d2c0 SetEvent
0x48d2cc GlobalLock
0x48d2d0 GlobalUnlock
0x48d2d4 GlobalAlloc
0x48d2d8 GetFileSize
0x48d2dc GlobalFree
0x48d2e4 Beep
0x48d2e8 GetSystemDirectoryW
0x48d2ec GetComputerNameW
0x48d2f4 GetCurrentProcessId
0x48d2fc CreateProcessW
0x48d300 SetPriorityClass
0x48d304 LoadLibraryW
0x48d308 VirtualAlloc
0x48d30c CloseHandle
0x48d310 GetLastError
0x48d314 GetFullPathNameW
0x48d31c IsDebuggerPresent
0x48d324 lstrcmpiW
0x48d328 RaiseException
0x48d338 CreateThread
0x48d33c DuplicateHandle
0x48d344 GetCurrentProcess
0x48d348 ExitProcess
0x48d34c GetModuleHandleExW
0x48d350 ExitThread
0x48d358 ResumeThread
0x48d35c GetCommandLineW
0x48d364 HeapSize
0x48d368 IsValidCodePage
0x48d36c GetACP
0x48d370 GetOEMCP
0x48d374 GetCPInfo
0x48d378 SetLastError
0x48d384 TlsAlloc
0x48d388 TlsGetValue
0x48d38c TlsSetValue
0x48d390 TlsFree
0x48d394 GetStartupInfoW
0x48d398 GetStringTypeW
0x48d39c SetStdHandle
0x48d3a0 GetFileType
0x48d3a4 GetConsoleCP
0x48d3a8 GetConsoleMode
0x48d3ac RtlUnwind
0x48d3b0 ReadConsoleW
0x48d3b4 SetFilePointer
0x48d3bc GetDateFormatW
0x48d3c0 GetTimeFormatW
0x48d3c4 LCMapStringW
0x48d3d0 HeapReAlloc
0x48d3d4 WriteConsoleW
0x48d3d8 SetEndOfFile
0x48d3dc DeleteFileW
0x48d4b4 SetWindowPos
0x48d4b8 GetCursorInfo
0x48d4bc RegisterHotKey
0x48d4c0 ClientToScreen
0x48d4c8 IsCharAlphaW
0x48d4cc IsCharAlphaNumericW
0x48d4d0 IsCharLowerW
0x48d4d4 IsCharUpperW
0x48d4d8 GetMenuStringW
0x48d4dc GetSubMenu
0x48d4e0 GetCaretPos
0x48d4e4 IsZoomed
0x48d4e8 MonitorFromPoint
0x48d4ec GetMonitorInfoW
0x48d4f0 SetWindowLongW
0x48d4f8 FlashWindow
0x48d4fc GetClassLongW
0x48d504 IsDialogMessageW
0x48d508 GetSysColor
0x48d50c InflateRect
0x48d510 DrawFocusRect
0x48d514 DrawTextW
0x48d518 FrameRect
0x48d51c DrawFrameControl
0x48d520 FillRect
0x48d524 PtInRect
0x48d530 SetCursor
0x48d534 GetWindowDC
0x48d538 GetSystemMetrics
0x48d53c DrawMenuBar
0x48d540 GetActiveWindow
0x48d544 CharNextW
0x48d548 wsprintfW
0x48d54c RedrawWindow
0x48d550 DestroyMenu
0x48d554 SetMenu
0x48d55c CreateMenu
0x48d560 IsDlgButtonChecked
0x48d564 DefDlgProcW
0x48d568 CallWindowProcW
0x48d56c ReleaseCapture
0x48d570 SetCapture
0x48d574 MonitorFromRect
0x48d578 LoadImageW
0x48d580 mouse_event
0x48d584 ExitWindowsEx
0x48d588 SetActiveWindow
0x48d58c FindWindowExW
0x48d590 EnumThreadWindows
0x48d594 SetMenuDefaultItem
0x48d598 InsertMenuItemW
0x48d59c IsMenu
0x48d5a0 TrackPopupMenuEx
0x48d5a4 GetCursorPos
0x48d5a8 CopyImage
0x48d5ac CheckMenuRadioItem
0x48d5b0 GetMenuItemID
0x48d5b4 GetMenuItemCount
0x48d5b8 SetMenuItemInfoW
0x48d5bc GetMenuItemInfoW
0x48d5c0 SetForegroundWindow
0x48d5c4 IsIconic
0x48d5c8 FindWindowW
0x48d5cc UnregisterHotKey
0x48d5d0 keybd_event
0x48d5d4 SendInput
0x48d5d8 GetAsyncKeyState
0x48d5dc SetKeyboardState
0x48d5e0 GetKeyboardState
0x48d5e4 GetKeyState
0x48d5e8 VkKeyScanW
0x48d5ec LoadStringW
0x48d5f0 DialogBoxParamW
0x48d5f4 MessageBeep
0x48d5f8 EndDialog
0x48d5fc SendDlgItemMessageW
0x48d600 GetDlgItem
0x48d604 SetWindowTextW
0x48d608 CopyRect
0x48d60c ReleaseDC
0x48d610 GetDC
0x48d614 EndPaint
0x48d618 BeginPaint
0x48d61c GetClientRect
0x48d620 GetMenu
0x48d624 DestroyWindow
0x48d628 EnumWindows
0x48d62c GetDesktopWindow
0x48d630 IsWindow
0x48d634 IsWindowEnabled
0x48d638 IsWindowVisible
0x48d63c EnableWindow
0x48d640 InvalidateRect
0x48d644 GetWindowLongW
0x48d64c AttachThreadInput
0x48d650 GetFocus
0x48d654 ScreenToClient
0x48d658 SendMessageTimeoutW
0x48d65c EnumChildWindows
0x48d660 CharUpperBuffW
0x48d664 GetClassNameW
0x48d668 GetParent
0x48d66c GetDlgCtrlID
0x48d670 SendMessageW
0x48d674 MapVirtualKeyW
0x48d678 PostMessageW
0x48d67c GetWindowRect
0x48d684 CloseDesktop
0x48d688 CloseWindowStation
0x48d68c OpenDesktopW
0x48d698 OpenWindowStationW
0x48d6a0 AdjustWindowRectEx
0x48d6a4 SetRect
0x48d6a8 SetClipboardData
0x48d6ac EmptyClipboard
0x48d6b4 CloseClipboard
0x48d6b8 GetClipboardData
0x48d6c0 OpenClipboard
0x48d6c4 BlockInput
0x48d6c8 GetMessageW
0x48d6cc LockWindowUpdate
0x48d6d0 DispatchMessageW
0x48d6d4 TranslateMessage
0x48d6d8 DeleteMenu
0x48d6dc PeekMessageW
0x48d6e0 MessageBoxW
0x48d6e4 DefWindowProcW
0x48d6e8 MoveWindow
0x48d6ec SetFocus
0x48d6f0 PostQuitMessage
0x48d6f4 KillTimer
0x48d6f8 CreatePopupMenu
0x48d700 SetTimer
0x48d704 ShowWindow
0x48d708 CreateWindowExW
0x48d70c RegisterClassExW
0x48d710 LoadIconW
0x48d714 LoadCursorW
0x48d718 GetSysColorBrush
0x48d71c GetForegroundWindow
0x48d720 MessageBoxA
0x48d724 DestroyIcon
0x48d72c CharLowerBuffW
0x48d730 GetWindowTextW
0x48d0c4 SetPixel
0x48d0c8 DeleteObject
0x48d0d0 ExtCreatePen
0x48d0d4 StrokeAndFillPath
0x48d0d8 StrokePath
0x48d0dc GetDeviceCaps
0x48d0e0 CloseFigure
0x48d0e4 LineTo
0x48d0e8 AngleArc
0x48d0f0 CreateCompatibleDC
0x48d0f4 MoveToEx
0x48d0f8 Ellipse
0x48d0fc PolyDraw
0x48d100 BeginPath
0x48d104 SelectObject
0x48d108 StretchBlt
0x48d10c GetDIBits
0x48d110 DeleteDC
0x48d114 GetPixel
0x48d118 CreateDCW
0x48d11c GetStockObject
0x48d120 Rectangle
0x48d124 SetViewportOrgEx
0x48d128 GetObjectW
0x48d12c SetBkMode
0x48d130 RoundRect
0x48d134 SetBkColor
0x48d138 CreatePen
0x48d13c CreateSolidBrush
0x48d140 SetTextColor
0x48d144 CreateFontW
0x48d148 GetTextFaceW
0x48d14c EndPath
0x48d0b8 GetSaveFileNameW
0x48d0bc GetOpenFileNameW
0x48d000 GetAclInformation
0x48d004 RegEnumValueW
0x48d008 RegDeleteValueW
0x48d00c RegDeleteKeyW
0x48d010 RegEnumKeyExW
0x48d014 RegSetValueExW
0x48d018 RegCreateKeyExW
0x48d01c GetUserNameW
0x48d020 RegOpenKeyExW
0x48d024 RegCloseKey
0x48d028 RegQueryValueExW
0x48d02c RegConnectRegistryW
0x48d034 InitializeAcl
0x48d03c OpenThreadToken
0x48d040 OpenProcessToken
0x48d048 DuplicateTokenEx
0x48d054 GetLengthSid
0x48d058 CopySid
0x48d060 LogonUserW
0x48d06c FreeSid
0x48d070 GetTokenInformation
0x48d07c AddAce
0x48d080 GetAce
0x48d474 DragQueryPoint
0x48d478 ShellExecuteExW
0x48d47c DragQueryFileW
0x48d480 SHEmptyRecycleBinW
0x48d488 SHBrowseForFolderW
0x48d48c SHCreateShellItem
0x48d490 SHGetDesktopFolder
0x48d498 SHGetFolderPathW
0x48d49c SHFileOperationW
0x48d4a0 ExtractIconExW
0x48d4a4 Shell_NotifyIconW
0x48d4a8 ShellExecuteW
0x48d4ac DragFinish
0x48d80c CoTaskMemAlloc
0x48d810 CoTaskMemFree
0x48d814 CLSIDFromString
0x48d818 ProgIDFromCLSID
0x48d81c CLSIDFromProgID
0x48d824 MkParseDisplayName
0x48d82c CoCreateInstance
0x48d830 IIDFromString
0x48d834 StringFromGUID2
0x48d83c CoInitialize
0x48d840 CoUninitialize
0x48d84c CoGetObject
0x48d854 CoCreateInstanceEx
0x48d858 CoSetProxyBlanket
0x48d3fc RegisterTypeLib
0x48d400 LoadTypeLibEx
0x48d404 VariantCopyInd
0x48d408 SysReAllocString
0x48d40c SysFreeString
0x48d41c SafeArrayAccessData
0x48d420 SafeArrayAllocData
0x48d424 UnRegisterTypeLib
0x48d42c SysAllocString
0x48d430 SysStringLen
0x48d438 VarR8FromDec
0x48d43c SafeArrayGetVartype
0x48d440 OleLoadPicture
0x48d448 VariantCopy
0x48d44c VariantClear
0x48d450 CreateDispTypeInfo
0x48d454 CreateStdDispatch
0x48d458 DispCallFunc
0x48d45c VariantChangeType
0x48d464 VariantInit

!This program cannot be run in DOS mode.
.text
`.rdata
@.data
.rsrc
@.reloc
j*Xf9
t$$j)
+t\HHtT
D$4PV
j%Yf9
j%Yf9
j\Yf9
D$LHP
j+Yj^f;
9~$tW
~89~4~)
F4_^[
8VWjX
G%_^[
F4_^]
QQSVW
WWjdh,
PWWWWh
R$A;N
4SVWj
u h$.K
u h$.K
(SVWh
D$ PQ
uGVj(
j Yf;
j Yf;
t4j"Yf;
j"Yf9
j Yf;
~+FVSj
jH[f;
jH[f;
PQQQQ
PVVVV
C f;C
jwYf9
\$ j|Zf9
L$LjxXf
9T$,u
M(9A
E(VSP
j!Yf+
YYj!Yf;
`~EjaX;
^$9^,u
D$LVP
D$$;D$0
F8PRQ
L$X;|$8
=ERCP
!"#$
!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRRRRDEFGHIJKLMNO
_^[Y]
Ht`jC
j0Zf;
Yj?Yj0Z
Y^_[]
QQSVW
PYf;E
jAYf;
_^[Y]
|$`AU3!
D$pPV
D$ VP
?#tRf9
,SVWh
Ht<Ht>Ht#H
tgHuM95
t-HuC9
twSVW
u _^[
\$L=<
D$ PVj
D$$PVj
D$`;A
L$8f;
9D$xu;
9t$xv7
F;t$xr
t$djm
t$djn
:0tDR
:0t'R
D$ ;C
|$L9D$4
D$4;A
\$0;X
;|$|r
F;t$Xr
9t$ v-
F;t$ r
(SVWh
QQSVW
D$ PV
D$ ;F
D$lPV
\$PPV
__^[]
Gt,Ht
_^[Y]
~Fj0Z
9w?f;
f98t?j
^j|Xf
!\$43
9^Xt99^\tA
98u#h
#E(VW
uaSVW
t$8]4t
@SVWjw
<GYf9
jUXf;
Ht;Ht.H
_8C0tN
u h$.K
u h$.K
PPPPGW
Y^_[]
ZCf9P
@^[_]
SVWjA_jZ+
uBjAYjZ+
uPVWh
SVjA[jZ^+
jAZjZ^+
9E v\PWj
9u(v?VSj
;5<"L
YYHtIHt8
<$t6f
<$tmf
<$tmf
<$tTf
<$tPf
<$tPf
SSSSS
t`Ht1
HHtPHHt-H
HthHt3
Ht[Hu
VVVVV
Genuu_
ineIuV
nteluM3
Y__^[
PPPPP
Y_^[]
~pjCXf
SSSSS
jxYf;
jXYf;
jxYf;
jXYf;
uHjAXf;
jxYf;
jXYf;
jxYf;
jXYf;
uWjAXf;
t/HHt
j*Xf;
j*Xf;
htHjlY;
HHtXHHt
nt'joY;
jgXf;
YYjgXf9
>0t<Nj0X
Wj0XP
Wj XP
VVVVQ
-t*j0X;
j0Xf;
+t"HHt
j0Xf;
j0Xf;
jdh(nK
;5<"L
t/HHt
HHtVHHt
>0t-N
;=<"L
PP9E u
tRHtC
t;Ht+
VhT)I
URPQQh
xy;5<"L
;5<"L
;5<"L
;=<"L
(% *I
(-0*I
X-p8I
(-`8I
X-P8I
X-08I
X- 8I
X-p8I
\% PI
(- PI
T=phI
T=`hI
f- 8f=
f-00f=
f-00f=
tfHtWHtHHt/
SSPQSW
SSSSS
SSSSS
?:uBGW
jA[jZZ+
QQSVWh
j"Xf9
j"Xf9
j\Xu;
j"_f9y
t"f;E
tAVSP
PPPPP
9E WW
tO95X
j0Yf;
~';_t|%3
;_tr.
,SVWj0X
u'j0X
Wj0XPV
PjdSQ
-jd[;
WWWWW
VVVVV
QVWSj
Ht+Ht$Ht
tHHt*Ht#
uJSSR
SSSSS
SVWUj
;t$,v-
UQPXY]Y[
SSSSV
SSSSV
PPPPP
bWWWWj
PRPQh
+t"HHt
9] t"
SSSSS
t\j=S
t$9=(
PPPPP
PRPQh
t5QVW
PPPPP
j$Xj(f
Mj$Xj(f
&j$Xj(f
Cj$Xj(f
0SVW3
f;H,sC
Gf;x,r
f;H,s
Gf;x,r
t$j\Xf9
\SVWQQ
Sh(*K
SSh8*K
PQSWQ
QQSVWh
,h|*K
,h|*K
,h|*K
:h|*K
tbSPW
3h|*K
3h|*K
(SVW3
u3SVh+
}*j%h
SVW3
j|Yf9
j|Yf9
j#_f98u
j:Yf;
t1j;Yf;
t)j]Yf;
j:Zf;
j;Yf;
j]Yf;
j;Zf;
D$,PV
t<9\$
D$,PV
D$ +D$
D$$+D$
uDh0,K
u,hH,K
Ht,Ht
D$ Ph
D$ Ph
VSSSP
Q,8^=u
8^<t1
^<9^4t
^,9^0t
^09^(t
SVWjc
t%Ht"
D$0;H
f;D$hu
9f;D$lu'Iy/
|$<9T$4}+
&f;D$8u
f;D$hu
{f;D$luiIyq
|$<9D$T~e
8f;D$8u
T$T;P
#D$ j
Y_^[]
f91t,SWj,[j.
Qf90u
L$ ;T
T$XRW
|$dC;
D$0Y3
|$<9D$$
t$,j$
t$<^f;
f;D$D
u-jHX
t$4f9D$<uM
t$0QVPR
ttHtb
t:Ht(
T$,9<
D$<;D$$
jH^f;
t$0VS
9|$Pt
D$HPV
C;\$$
Oj XCf;
Xj CX
Xj CX
j XAf9
Oj;_f;
j;XCf9
Z9N$t
@T,2K
@p<2K
^f90u
Jf98u
~%j;[f9
j;_f9;j
Hf9;u
9~$tV
@_^[]
j"[f;
t$j'Zf;
0h|2K
ujOxg
j0Yf;
<"t|<%tx<'tt<$tp<&tl<!th<otd<]t`<[t\<\tX<
tP<_tL<
9w u2
9F t}
j0Yf9
8XuSj
j0Yf9
G'QSPh
G(QSPh
G$QSPj
G%QSPj
G)QSPj[
G'QSPh
G(QSPh
G$QSPj
G%QSPj
G)QSPj[
QSVWj
QSVWj
t'HuF
DSVWj,3
Hu/f9
D$(P3
D$(P3
<SVWj,
Ht'Ht
Fh<6K
.hP6K
PPPPGW
Y^_[]
Y^_[]
YYj\[
<SVW3
[SVSh
PRPh,
(j.^f9
SVWj*X3
Ph<3K
Rh,7K
YY_^[
PSSSSSSh
tEhT8K
t4hd8K
QQQQP
QQQQP
ShDwD
Sh|6K
@VPQj
QQVW3
PPVWj
YSPVWj
,SVWj
j0Xf9
PPPPVWPP
QQSPVWQQ
j;Yf9
j;Yf9
j_Yf9
j[Yf9
tFj_^
j[Yf9
D$,Yu)
QPWVS
JtsJJt8
Ht^Ht)Ht
HtYHt!
uKP^P
u+Sj)^j
Y9^ t
Y9^ t
Y9^ t
jDj$X+
tmht2K
PWWWWW
WWWWWh
,SVWj
t(h(;K
j*Xf9
YY_^3
0SVW3
0SVW3
8:u7j
T$\RP
T$TRP
T$TRP
T$TRP
T$XRP
Ot1Ot
D$DPP
D$TPP
D$LPP
D$dWP
D$dWP
D$dWP
D$dWP
D$dWP
D$8hT
Yj\Yf9
D$0ht2K
PVPPQ
D$8VP
t$ SSj
f94Xu=
PPWPj
D$<Phh
\$D9Y
t7Ht"Ht
t?95\
SSSSW
Nt,NNt
QVQQQ
SSSSV
tfHtYHt8Ht,Ht
HtQHtL
PSj&S
PVj&S
QQSVW3
LVj83
BtFHHt>
t8HHt0
HtIHtAHuFj
uA8L$
D$<PSW
D$<PQW
QQVWh
CSh8=K
D$8Ph
t$$Vj
@PPSW
QQSVW
@PPSW
D$8PQQ
D$lPQ
D$`PS
D$DPj
|$(WS
Yh >K
Rh0>K
Kh<>K
DhP>K
=hd>K
6hl>K
/h|>K
u&VVWSh
VVVhP=K
PPPhX
PPPjH
PQWWh
PSSSV
Y^_[]
PPPPGW
Y^_[]
Vh\@K
L$LQV
@9D$ v=
t$0;t$$t"F
L$4Qj
D$$Ph
u h$.K
jG^f9p
Gt.Ht$
jNYf;
t5jGYf;
t-jOYf;
t jHYf;
tUf;E
tEf;E
t?f;E
t6f;E
t0f;E
t3f;E
t3f;E
j3Zf9P
tKHt:HuQ
@uOAj3
Ht#Ht
t"HHt
jNZf;
t.jGZf;
t&jOZf;
jHZf;
tUf;E
tEf;E
t?f;E
t6f;E
t0f;E
t3f;E
t7f;E
j3Zf9P
j5Yf9H
j5Zf;
jAXf;
RtMHt0Ht
u h$.K
+jHXf;
jHXf;
t'f;E
j%YFf;
YGf9H
D$0;D$|
X+D$$PW
j;Yf9
D$HVP
j;YFf9
j;Yf9
D$hPW
D$hPW
t/Ht%Ht
u h$.K
f90t'
SVWjD^V3
D$(vK
D$tPV
L$PQ3
L$,QV
9t$<t0
L$$QV
L$$Qj
L$$Qj
j\^f90uJj
f90u;j
L$ Vj
HthHtSHt?H
D$0PV
HtEHt#Ht
t"hx2K
D$ PV
D$4PV
D$(PV
D$(PV
D$(PV
L$,hlJK
XVVVV
QQQQPVh
L$PQVh2
t$8Vh
L$PQVh9
t$0h!
D$PPj
D$L+D$Dj
;T$0}
;D$4}
L$<+L$
D$4+D$,
D$,+D$$S
D$ WS
D$(PV
D$(PV
D$(PV
D$(PV
\$(+\$
|$,+|$$
WWWW;
t^Vj$
QQSVWj$
_^[Y]
u0Phg
_^[Y]
#E(VW
E(SVW
#E(SV
E(SVW
#E(VW
f91t%QV
@_^[]
SSSSS
PGWha
4SVWj,
8SVWj,3
#E(VW
#}$WV
E$950
#E(WP
PVhlKK
E(SV2
QQQQQP
SSSSPSh
WWtGj
tCHt8HuO
tDf91t?
@PPj!j
u<@PPj!j
uS9q4uN
Wj!j j
HtZHtEHt2
VVVVV
D$,PV
9t$(t
D$,PV
D$,PV
D$,Pj
D$\PVhL
\$ph+
HHtPHt,H
HHt,Ht,
PPPPP
D$0WP
D$(Pj
D$(Pj
D$(Pj
D$4PS
D$8PS
D$4PS
9t$$t
D$4Pj
D$4Pj
D$4PS
D$0PS
t/93t
)GHjG3
PPPPP
@_^[]
SVjDj
PPj PPP
vphHKK
YhTKK
Yh`KK
$SVW3
tySVj
D$ PW
D$$PS
D$(PVS
D$ x,
D$(Pj
T$L;t$
D$(Pj
QQSVW
D$HPV
L$DQh
D$\PWV
;|$<}+
D$XPj
D$XPh
G;|$D
D$TPSh>
D$TPSh>
G4;G\
D$(PV
FhTLK
D$|PShK
D$(P3
D$TPSh>
~t8\$
D$|PShK
t$$SQ
D$(PSh
D$TPSh>
D$0Ft6
uLPPRj
9G0~X
G0_^[
t]HPS
QQSVW
tXj]Zf
@_^[]
jHX_^[
jwXf;
SVWj0Zf;
rEj9_f;
j}[f;
SVWj0[3
r3f;E
j}[f9
r(f;E
J;s|s
t4HHt
j"XFf
D$$PV
9\$<t
8$tvW
|DB\Yt
F;w r
j"Zf;
t5j'Zf;
j"Yf;
F;w r
Vh`5K
|$dEA06
Z9T$$
D$Lj;Xf
C;_Xr
j#Yf;
PSSShl
PVSShl
HtsHt
HHt?HHu7
t/Ht%H
EA06t
RRRRP
D$PhL
D$dhd
D$ PV
D$$PV
D$DPQ
Au"G3
Hu+Iy2
HuqIyx
D$$YH
;L$ |
;L$ |
HthHt
D$ PS
D$LPS
um8D$
Ph4BK
-hhBK
C8X,u
~Bj _j.Y
Yj.Y;
Phd$K
PhPDK
PhhDK
t5HHt
D$(PW
D$(PW
D$PPS
D$LVP
9|$(t
D$\VP
T$4+|$
QPQWVS
QPQWVS
QPQWVS
QPQWVS
9Cpu'
{|Uu!
s|PVS
L$$F;
;G4u7
7t;Ht5Ht"H
;Qd}0
t&HHt
;F s*
[r>f9U
'tdj0Yj9Xj
tHj9[j-^f;E
j}Zf;
j-Yf9N
[r0f9E
wXj0Y
>}uQ9]
r<j7Zf;
9],tY
B9A vL
B9A w
B9A vL
B9A w
?)uC3
9A0~=
C;w0|
M(;A0
;y0}j
E(GC;x0
8Rum3
FC;p0
GP;WL~
AP;yL~
uT;yD
t;;J s%
jHXf;
j;Xf;
j.Zf;
C(;C,
C|+Cx
C|+Cx
f;C4u
;C|sc
9SXtY
f;C4u
f;C4u
}l;C|sB
;C|sn
t$;C|r
|1;C|
;C|s#
;C|s`
|9;C|
;C|s#
;C|s`
t.;S|r)
f;C4u
;K|s'f
;K|s$f
(;K|s-f
w(tY=
w!t*=
;K|s$f
;K|s$f
f;C4u
;C|r)
f;C4u
-;K|s5f
f;C4u
t4;C|r/
f;C4u
;K|s%f
f;C4u
t4;C|r/
f;C4u
;K|s%f
;K|sg
f;C4u
;C|r)
f;C4u
}V;K|s,
f;C4u
QQQQQ3
-PCRE
bad allocation
CorExitProcess
RoInitialize
RoUninitialize
Unknown exception
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
(null)
( 8PX
700WP
`h````
xpxxxx
log10
atan2
floor
ldexp
_cabs
_hypot
frexp
_logb
_nextafter
?X&eB
?h6_~
?7Tf(
=\uI=
]vQ<)8
|)P!?Ua0
Eb2]A=
hb?O2
2ieO=
|W8A=
np?z
u?^p?o4
Pex?0
y1~?|"
V%A+=
?|I7Z#
>,'1D=
?g)([|X>=
?IT$7
:h"?bC
@H#?43
Ax#?uN}*
r7Yr7=
.K="=
F0$?3=1
H`$?h|
&?~YK|
sU0&?W
:]=O>
CqTR;
AiFC.
<{Q}<
hI{L[
<8bunz8
?(FN\
K<<H!
m1WY$
?#%X.y
F||<##
T~OXu
<@En[vP
?RbSQ
<zQ}<
<8bunz8
v<'*6
l,kg<i
<@En[vP
UUUUU
?Dj0Q:W$=
Lyc>=
?C;0=
?4j<=
Nl,"=
?{fHn
5s3R6=
RUUUUU
TUUUU
4lkQg
?ju!4
?V:e:
5SmT4
*+xi(
?ZEM-'^
?>6)}
?{yK+;
D<xZu
?l$G~
^\sY0
?e')lW
UUUUUU
333333
?333333
?UUUUUU
?$rxxx
4lkQg
?ju!4
?V:e:
5SmT4
*+xi(
?ZEM-'^
?>6)}
?{yK+;
D<xZu
?l$G~
^\sY0
?e')lW
UUUUUU
?333333
?333333
?UUUUUU
?$rxxx
?UUUUUU
|u?!u$
Nu?-HF
d? cf>
#wi#:
+*tsJ
s{c|H
UUUUUU
>o3fW
s{c|H
+*tsJ
?c3y?
#wi#:=
?."S-
A]?VJ
Nu?-HF
?uZEeu
uZEeu
uZEeu
?uZEeu
?UUUUUU
?UUUUUU
?uZEeu
uZEeu
uZEeu
?uZEeu
?UUUUUU
?UUUUUU
exp10
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
e+000
('8PW
700PP
`h`hhh
xppwpp
CreateFile2
i^^?(>
Y:/(A6>
MVx:>
[j&,>
?6FID
?5L$.
F\IE>
?A%My
B'=>>
in]D>
F"VM>
30}->
0)LK>
?43-s
?P`E5
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`RTTI
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
1#SNAN
1#IND
1#INF
1#QNAN
!"#$%&'()))*+,-./0123456789:;<=>[email protected][\]^G___________________________________________________`___________________________________________________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{__|}~
OOOOOO
OOOOOOOOO
OOOOOOOOOOOOOOOOOO
OOOOOOOOOOOOOOOOOOOOOOO
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
OOOOOOOOO
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOG
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
OOOOOOOOOOOOOOOOO_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
________________________________
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO____
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[:<:]]
[:>:]]
This is a third-party compiled AutoIt script.
GetNativeSystemInfo
IsWow64Process
kernel32.dll
DllGetClassObject
UnRegisterTypeLibForUser
RegisterTypeLibForUser
oleaut32.dll
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetModuleHandleExW
GetSystemWow64DirectoryW
GetProcessId
RegDeleteKeyExW
advapi32.dll
Error text not found (please report)
DEFINE
UTF16)
NO_AUTO_POSSESS)
NO_START_OPT)
LIMIT_MATCH=
LIMIT_RECURSION=
CRLF)
ANYCRLF)
BSR_ANYCRLF)
BSR_UNICODE)
ACCEPT
COMMIT
PRUNE
alpha
lower
upper
alnum
ascii
blank
cntrl
digit
graph
print
punct
space
xdigit
no error
\ at end of pattern
\c at end of pattern
unrecognized character follows \
numbers out of order in {} quantifier
number too big in {} quantifier
missing terminating ] for character class
invalid escape sequence in character class
range out of order in character class
nothing to repeat
operand of unlimited repeat could match the empty string
internal error: unexpected repeat
unrecognized character after (? or (?-
POSIX named classes are supported only within a class
missing )
reference to non-existent subpattern
erroffset passed as NULL
unknown option bit(s) set
missing ) after comment
parentheses nested too deeply
regular expression is too large
failed to get memory
unmatched parentheses
internal error: code overflow
unrecognized character after (?<
lookbehind assertion is not fixed length
malformed number or name after (?(
conditional group contains more than two branches
assertion expected after (?(
(?R or (?[+-]digits must be followed by )
unknown POSIX class name
POSIX collating elements are not supported
this version of PCRE is compiled without UTF support
spare error
character value in \x{} or \o{} is too large
invalid condition (?(0)
\C not allowed in lookbehind assertion
PCRE does not support \L, \l, \N{name}, \U, or \u
number after (?C is > 255
closing ) for (?C expected
recursive call could loop indefinitely
unrecognized character after (?P
syntax error in subpattern name (missing terminator)
two named subpatterns have the same name
invalid UTF-8 string
support for \P, \p, and \X has not been compiled
malformed \P or \p sequence
unknown property name after \P or \p
subpattern name is too long (maximum 32 characters)
too many named subpatterns (maximum 10000)
repeated subpattern is too long
octal value is greater than \377 in 8-bit non-UTF-8 mode
internal error: overran compiling workspace
internal error: previously-checked referenced subpattern not found
DEFINE group contains more than one branch
repeating a DEFINE group is not allowed
inconsistent NEWLINE options
\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
a numbered reference must not be zero
an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
(*VERB) not recognized or malformed
number is too big
subpattern name expected
digit expected after (?+
] is an invalid data character in JavaScript compatibility mode
different names for subpatterns of the same number are not allowed
(*MARK) must have an argument
this version of PCRE is not compiled with Unicode property support
\c must be followed by an ASCII character
\k is not followed by a braced, angle-bracketed, or quoted name
internal error: unknown opcode in find_fixedlength()
\N is not supported in a class
too many forward references
disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
invalid UTF-16 string
name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)
character value in \u.... sequence is too large
invalid UTF-32 string
setting UTF is disabled by the application
non-hex character in \x{} (closing brace missing?)
non-octal character in \o{} (closing brace missing?)
missing opening brace after \o
parentheses are too deeply nested
invalid range in character class
group name must start with a non-digit
Arabic
Armenian
Avestan
Balinese
Bamum
Batak
Bengali
Bopomofo
Brahmi
Braille
Buginese
Buhid
Canadian_Aboriginal
Carian
Chakma
Cherokee
Common
Coptic
Cuneiform
Cypriot
Cyrillic
Deseret
Devanagari
Egyptian_Hieroglyphs
Ethiopic
Georgian
Glagolitic
Gothic
Greek
Gujarati
Gurmukhi
Hangul
Hanunoo
Hebrew
Hiragana
Imperial_Aramaic
Inherited
Inscriptional_Pahlavi
Inscriptional_Parthian
Javanese
Kaithi
Kannada
Katakana
Kayah_Li
Kharoshthi
Khmer
Latin
Lepcha
Limbu
Linear_B
Lycian
Lydian
Malayalam
Mandaic
Meetei_Mayek
Meroitic_Cursive
Meroitic_Hieroglyphs
Mongolian
Myanmar
New_Tai_Lue
Ogham
Ol_Chiki
Old_Italic
Old_Persian
Old_South_Arabian
Old_Turkic
Oriya
Osmanya
Phags_Pa
Phoenician
Rejang
Runic
Samaritan
Saurashtra
Sharada
Shavian
Sinhala
Sora_Sompeng
Sundanese
Syloti_Nagri
Syriac
Tagalog
Tagbanwa
Tai_Le
Tai_Tham
Tai_Viet
Takri
Tamil
Telugu
Thaana
Tibetan
Tifinagh
Ugaritic
WSOCK32.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
timeGetTime
mciSendStringW
waveOutSetVolume
WINMM.dll
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
COMCTL32.dll
WNetAddConnection2W
WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
MPR.dll
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable
WININET.dll
GetProcessMemoryInfo
PSAPI.DLL
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
IPHLPAPI.DLL
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile
DestroyEnvironmentBlock
USERENV.dll
IsThemeActive
UxTheme.dll
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
RaiseException
lstrcmpiW
GetCurrentDirectoryW
IsDebuggerPresent
SetCurrentDirectoryW
GetFullPathNameW
GetLastError
CloseHandle
GetCurrentThread
GetCurrentProcess
DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
DeleteFileW
FindNextFileW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
GetSystemDirectoryW
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
KERNEL32.dll
DestroyIcon
MessageBoxA
GetForegroundWindow
GetSysColorBrush
LoadCursorW
LoadIconW
RegisterClassExW
CreateWindowExW
ShowWindow
SetTimer
RegisterWindowMessageW
CreatePopupMenu
KillTimer
PostQuitMessage
SetFocus
MoveWindow
DefWindowProcW
MessageBoxW
GetUserObjectSecurity
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
CloseDesktop
SetUserObjectSecurity
GetWindowRect
PostMessageW
MapVirtualKeyW
SendMessageW
GetDlgCtrlID
GetParent
GetClassNameW
CharUpperBuffW
EnumChildWindows
SendMessageTimeoutW
ScreenToClient
GetWindowTextW
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetWindowLongW
InvalidateRect
EnableWindow
IsWindowVisible
IsWindowEnabled
IsWindow
GetDesktopWindow
EnumWindows
DestroyWindow
GetMenu
GetClientRect
BeginPaint
EndPaint
GetDC
ReleaseDC
CopyRect
SetWindowTextW
GetDlgItem
SendDlgItemMessageW
EndDialog
MessageBeep
DialogBoxParamW
LoadStringW
VkKeyScanW
GetKeyState
GetKeyboardState
SetKeyboardState
GetAsyncKeyState
SendInput
keybd_event
SystemParametersInfoW
FindWindowW
IsIconic
SetForegroundWindow
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuItemCount
GetMenuItemID
CheckMenuRadioItem
DeleteMenu
GetCursorPos
TrackPopupMenuEx
IsMenu
InsertMenuItemW
SetMenuDefaultItem
EnumThreadWindows
FindWindowExW
SetActiveWindow
ExitWindowsEx
mouse_event
CreateIconFromResourceEx
LoadImageW
MonitorFromRect
CharLowerBuffW
UnregisterHotKey
PeekMessageW
TranslateMessage
DispatchMessageW
LockWindowUpdate
GetMessageW
BlockInput
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
CountClipboardFormats
EmptyClipboard
SetClipboardData
SetRect
AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
DrawMenuBar
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
USER32.dll
GetDeviceCaps
DeleteObject
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
CreateSolidBrush
CreatePen
SetBkColor
RoundRect
SetBkMode
GetObjectW
SetViewportOrgEx
Rectangle
BeginPath
PolyDraw
Ellipse
MoveToEx
AngleArc
LineTo
CloseFigure
SetPixel
EndPath
StrokePath
StrokeAndFillPath
ExtCreatePen
GDI32.dll
GetOpenFileNameW
GetSaveFileNameW
COMDLG32.dll
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW
GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
ADVAPI32.dll
ShellExecuteW
Shell_NotifyIconW
ExtractIconExW
SHFileOperationW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHCreateShellItem
SHBrowseForFolderW
SHGetPathFromIDListW
SHEmptyRecycleBinW
DragQueryFileW
ShellExecuteExW
DragQueryPoint
DragFinish
SHELL32.dll
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
ole32.dll
OLEAUT32.dll
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
z?aUY
zc%C1
-64OS
pqrstuvwxyz{$--%"!'
`abcdefghijkmno]
Qkkbal
wn>Jj
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUWwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUWwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUWwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUWwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUWwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUWwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUWwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUWwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUWwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUWwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUWwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwwwwww
wwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwwwww
wwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwwwww
wwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwwww
wwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffgwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwwww
wwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffwwwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwwww
wwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffgwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwwww
wwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffwwwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwwww
wwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffgwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwwww
wwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffffwwwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwwww
wwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffffgwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWwww
wwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffffffwwwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUwww
wwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffffffgwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWww
wwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffffffffwwwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUww
wwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffffffffgwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUWw
wwwwwwffffffffffffffffffffffffffffffffffffffffffffffffffffffwwwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUw
wwwwwvffffffffffffffffffffffffffffffffffffffffffffffffffffffgwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUW
wwwwffffffffffffffffffffffffffffffffffffffffffffffffffffffffwwwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwvffffffffffffffffffffffffffffffffffffffffffffffffffffffffgwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwffffffffffffffffffffffffffffffffffffffffffffffffffffffffffwwwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wvffffffffffffffffffffffffffffffffffffffffffffffffffffffffffgwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffwUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DFfffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDffffffffffffffffffffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDFfffffffffffffffffffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDffffffffffffffffffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDFfffffffffffffffffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDffffffffffffffffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDFfffffffffffffffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDffffffffffffffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDFfffffffffffffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDffffffffffffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDFfffffffffffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDffffffffffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDFfffffffffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDffffffffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDFfffffffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDffffffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDFfffffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDffffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDffffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffffff
UUUUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffffff`
UUUUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffffff
UUUUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffffff`
UUUUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffffff
UUUUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffffff`
UUUUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffffff
UUUUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffffff`
UUUUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffffff
UUUUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffffff`
UUUUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffffff
UUUUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffffff`
UUUUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffffff
UUUUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffffff`
UUUUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffffff
UUUUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffffff`
UUUUUU
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfffff
UUUUUP
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDffff`
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFfff
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDff`
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDFf
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD`
tDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDp
wDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGw
wtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwp
wwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwww
wwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwp
wwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwww
UUUUUP
wwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwp
UUUUUU
wwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwww
UUUUUUUP
wwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwp
UUUUUUUU
wwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwww
UUUUUUUUUP
wwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwp
UUUUUUUUUU
wwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwww
UUUUUUUUUUUP
wwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwp
UUUUUUUUUUUU
wwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwww
UUUUUUUUUUUUUP
wwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwp
UUUUUUUUUUUUUU
wwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUP
wwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUU
wwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUP
wwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUU
wwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwDDDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwwtDDDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwDDDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwwwtDDDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwDDDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwwwwtDDDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwDDDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwwwwwtDDDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwDDDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwwwwwwtDDDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwDDDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwwwwwwwtDDDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwDDDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwwwwwwwwtDDDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwDDDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwwwwwwwwwtDDDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwDDDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwtDDwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwDGwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwtwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwuUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUV
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUf
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVf
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUfff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVfff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUfffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVfffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUfffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVfffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUfffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVfffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUfffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVfffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUVffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUfffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUUUVfffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUUUffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUUUVffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUUUfffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUUUVfffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUUUffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUUUVffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUUUfffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUUUVfffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUUUffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUUUVffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUUUfffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUUUVfffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUUUffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUUUVffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUUUfffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUUUVfffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUUUffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUUUVffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUUUfffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUUUVfffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUUUffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUUUVffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUUUfffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUUUVfffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUUUffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
UUVffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
UUfffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
Vfffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
ffffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwv`
fffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwff
fffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvff`
ffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffff
ffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffff`
fffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffff
fffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffff`
ffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffff
ffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffff`
fffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffff
fffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffff`
ffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffff
ffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffff`
fffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffff
fffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffff`
ffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffff
ffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffff`
fffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffff
fffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffff`
ffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffff
ffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffff`
fffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffff
fffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffff`
ffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffff
ffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffff`
fffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffff
fffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffff`
ffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffff
ffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffff`
fffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffff
fffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffff`
ffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffff
ffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffff`
fffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffff
fffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffff`
ffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffff
ffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffff`
fffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffff
fffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffff`
ffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffff
ffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffff`
fffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffff
fffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffff`
ffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffff
ffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffff`
fffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffff
fffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffff`
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffff`
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffffff`
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffffffff`
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffffffffff`
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffffffffffff`
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffffffffffffff`
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwvffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff`
H}AU3!EA06M
nnN|G
eANOk
6hBQfd
X4+?5)
E'K7^hx
v^^`I
nX}6s
,/kjMn
"LU7{
)Wt~k
cjwvx
XDX0_/
wCykM
.P;!iq
GA"\9
TxMi(
[Hmd%
0OT#2Q
X1h%6
qczP%)
F'2vH
XCh\~
98.=7
[C 5\
?$^zr?!{
:-z5x
EC(ux
t<UCW
dHAxR
tr1s98
bFDIC
-PoX
*djiE
IYt#_B
YQH3<
e~t.j
[`p[W
&,3N8
mr{K)
il/qKL
j90pG
}2P]!
:FVut^
f~#t*
%t<w[
sqWSw
p(4#Mh<X
eF!Sp
-',Ijbb
hSaQ=
CkMP3
XfGdjX
3e:nkll
~RwRd
ToxUUp
!e^S+
AmbE\a
+R":IG
;F^z$
]f?o.
hk<Rz
Hwth0
TL8:K$
[U 4{
=)u6A'
;x[K1
s\(!}5
ANZm/_
iSfN-c
qng!$
Y{? P
rgk[$
"j6L*
tC`1~9
^-k(m
}|['u
~xIv>j
r<tQ8
u4{v3
1&{0{
%R 5!r
*a)uJ#
xu!-5R
((mC[
smu63{
c#Lgi
jy,"Z
q:HY7
:Yh;J
v<w8>
p]$O)X
bC6X%
ru2CQ
;:mn(o`
sad`)c
hQ]IW[
^2E&2
`OYz:
~U=?zk
V6 tz
e%T%K
^*h#c
ry*>^"
#~"<d
M`zhZ<
3cO//
(Nw,\-
[{00k
'N"v'
/88e2
;PB!c
-3e:RPi
v}eEN
k6"ZX
{FguI
Y:xrE$
^IZjH?
K$ X^
afE*/
mxRQe
Vktd~
P9#MF
/Bx,aC
Q~OY\
0B94Q
p^Y9o
Zoxox
R'FRs1
)DZ nI
iWFGCY
OgGFl
xC?swX
?mX[tdoyz
Xz?_m
Ay>#C
(/Q=oQ
vq1QC)'Lx
U})hlU
3zW>2
X~g|;
xOGxar
OTNfYu
%nBld
7^MnG
Z~^$Ll0
1XF%/=
yMD>\YA
9Ol2X
G?s-p
T`cjh
$<TUA_8
gQG?A
U(TMN
(T6Oc/
}J'v0
znda3i
ju\!X]x
H$.s9
-&pUf
;qP*s
{,n6%
Ac9y+G
*Rtl5
NX`0fb
jhD<|*
=)_$xmL
LQUr^
g[xm<
@G$P+
2t`UV
$WZj'c
_Z'`r
foJ6V
T$qjD
R!w D
a+9Oo
O=#HaI
^Bvrb
*X;]t
S^)Rc
X`AzM
bsg*9\
cLQ3[
|y'n*i
k&itJ
yz&%jH_
i~Tj{0
e.aV=
*~G6N
xK056
DjTq7
lp}0&
w;GT7
3)u*%
HgHdb
Np^CW
y/cZXnnK
ix_ nW
jr'v
YPz/o
^1eM=?
)1CJ2c
e^53~
u=,/c+?
>{Xxrzf
R*i">b;G
ezZ#cl
nR_aMX
T=J^Q
6,5 ?
P^dA0{H/Ij
Wqvi
vR\^/Q
#4+[zET
<pg0\
4UeVSG
J'Sk'
)s`|C
/`(o-
($ty\
*zxuN
Hd+$#
G|"P\
A]3&O
+~_H:
,F2+!p
RYkU.
2W&q<0
?0]T}
-5.-Td q
3 x$.
bn2\=
E/] &
&D*8R!m
fm;N?I
a5{kk
v#qF$&t
koloi
)0:]b
V)tsK
MSQca
R"eYhq7rr
g+Y?+n
JXGBQB
H#M"p
f*]UI{P-
&0Es7
iewfD
e}V$L
Nb&^^
9R^IKvD
rcwpZ
@KT_f
2DOw{V6
G=JQm
u2x}-LHJ
}|4$G9
So/$P
g(/@
)3D>PV
!<1;D}
"$'pNQ
1J}AD
Z*!^cQ\j
eou_+
759Wy^
DK'~E
?}^z^L
gjKN/g
t}%(g)
s;CFf
aPZ+VK
r8q+S
fYXs/N
Wo; (
vN*P[
g,tgJ
;u<>oG
1MnWs
<#HQ?
rN\M3
fHd<n
#mHLv)
KP6^Vp
SHxps
JWNIP
?.we\
nB,N)
jg*>c4/
LJxp?
0_\RRL#
A+LaK
"K]Ku
~0<5F
HzWc0
Aa2:M
ia]tR^U
\Cfrn
"R&O
sI->V
`}Ba~
._[%:Bt
Yh1-Op
YjBz\
{ _w/
4I-lz`
dckl|
EtQz%
qLRet
]p*4g
d[HX!
>|polA#s
`!y8wO
E*NB2
aX!K1
XN)Q>
JT3E^j
qr+Os'
mA9P5
O p.#
"Vj!UW^
lvt83,9
PZeT;P
eyBO}
[<IO#
h7Cy?
f:ku]
0bJfaAx
BzoPuc
yd0$aD~j
"_6aQ
H #wV
ND/S/e
Nq|#5
s~+?:
K(2t\
?|T" .
jC`FvY
[#V l
!!]QLkm
yf\3>
=}"oh;}=
A!.;@
!/^*H
/E64fa
~Zs/"
\(RFN
R7Aq'Ml
,e+t+
gC!TeX8S
NI_?:
yWc:p
|"Rsg
\<F;q
1pD T+
{uc!52k1
O*fq(
c=B*s
-+1!9
c6AKv
tER4"
_a^l|
DQ"XD
]K}&K
G4%=U[
*'Wvl
KhS"e
(mL7N
~GF>!
4n{@?
{2fl3
"1W8t[
GlT$;
ZfQ$5
-o^g>e
@%s#gg
#Zd"M.
ey\4E
` p[P
e]*:~
|.[R H
efK0?
Q<T-O_
qp^}F
Gm^+&k
5z+nc$
CEOY|
T"U=,
rs!ZW}j!
)ad|+/t
L4NCR
*=oKhXp
kAm^ET
2btc'V
iv(tP
O} ;J,
[J<$%
C(B|n
&qz^$
ZEP_k
nsS-a`*
N[QaX
[&cnJ
{-<96
_>3M'
TxfX7
8Ml&
EGA*S
5V8A1
57")~8
T&Su:
;[BqB
o('Xp
3X4Tg
82U099
Dk{1PT
<}e_?_1
=awX~1
l?3MD
lntob
!f;#{6&
nx?k ]
PW7:\
Ho+t1
)QKm'+
+An^]
^'I<B
hNE,,
]=fY(
OaVJg
!/>o|
}LI/Sb
LmX5d
{FxySR
u~4"7
"JmS])y
{sKsWV
_+\qWP
d&{FP
C3AfB#9
\%b"#e
`qW#}c
\O_2^z
GuX1UNBkJ
m9%>|U
[f3n0)G
w{y$Pb
.oHiD0
l?T)u
pvpP~
!"$Z-
V?|cmwh#L
X^PDN+
B_=$#
.+9**P
420EcN '
v/SEd
9S7OjB
'r/J.
h.Z!M
;b8u6
Pn-R/
HTmw1B
o[C~^
CvwP=e
/[O2fB
TsZQmn
@2,QAY
~!|h1h
cy7Yn
',&`CG#
7!'@5
X~< S
'VC+,*
!$R#h#*>T+
[L2YF%
&E4lE:q
qw\'/'
l]^\0
8h<HS?+2
cjm^Nk
NY;tlR
h^nXy
W5NI"
=9q?wL
b]:E)
>X)825
'Y]RKF
JMUeJ
'n6C
H<]TP
$pc<g
3I\^N6j
"@)f7i
BGu%qu
s^)#%
nf/ud
Aqz!d
:':90
D2T~l
YbeOe+
BFRAZ
i]+%s}
U?h55,
q/ua`
E+.l`;
{f4-h
|'v^%!
p5K7l
tasQ6
d#.B(
e^q0d
mj,4v
gUXJ6
~={F*
dMoOB
b:(Ddr1
c.ED%
\xH?c
/ 8(p
:MEZA
~FKQId
$eZ-|z
~-b~D
E,bD
\"d(+
rEET0
}'b$"H
Lz!_Ja
9'v-~
u5wxH
w<'S9B36
-M.HC
\>t<|
r5sz&
;h-XL
}M/c!
MGe/q7
\$$;;
emD`_32Yb
Md.M?
*j"!oZ
L$/W-:B,
hp8wc
bu0i!<!
IfNELF
w=TN~(GEd
9]]0E
0[7)w
y#x-Q.
!wMJA(9
2}+66
*:"mCa
xVGF]
E74FP
uPi6O
H"p.z
yAv[C
<Tt{u
?fEX2"m
j!-l0
69>sz
B3,ZO
<vl`P
M*]}n
-fMz)
s1zy)
a~Up9
g1B!o
E"z#4
g.K;@w5
0(|iG
EE$E.
&04]C
~+3lj
JSq+S[)
jQp6#
O7n3Q?D
&NbG;/.
[i|f5
)]`EGE
{TM`0t
.Hi2,
Or~Zb
E'l=1
iYPDU
!6U<![u
u<ax]Bh
0%ET/}K
o).<J
<hj/FNN
7adOC
$>:5}
gLzv5Myh
RVg[d.
Vdz1Oq
0nD)E
O,Qs[
\U=$N
`wz}2
a2l*g
x$b5-+
IilM,
E~X6E
dSX~p
t)OiC
Dj{>s
E\A?v
WKXU7
~C!V#Bn
P;P-y
F\zX<
j_d!/
+'E`!
gCL[%D
MUqc1
K_sS>
Lp~I,
7nJ)M
;`[j!OU
CC+Alm
vZi|A}TCl
OB(I!
^;C)0
yP:b`k'
z/em2
L-G\f
Er!C+^
kUMO8'b
n0t;w
/u$=]#0
}ESCor
zaJ+{
zIHxg
>ng-K+
^c;OY/
Q>8e/m`
Z{NdF
oig{u
I|;=d
xuS%`
n,Q-{6
XPOTp
6\Ht]
E04C`|
rF0 L;x
|Y~q)
aL-hJc|
j7poJW
8#7cMb
uvP\s
fKjA
!}Gh<
g1wiS8
K [A>
?P9)d]
N4!YD
w"5e%
2`V`N
JS\b)
"E*TZ?7
;]CuQ
'bC#gUH
[j2<7
#$l\)
@Y:KzF
#kgb>
<#S=f
F$Awc-
Z1uB+
J:OSU
\FX4p\4I
"P[KZ
eF~b'(B
q}t[d
Gf_:5
U}@=iNR3
).JKh
I&qjC
Rocf8
OE83=
=]9)m.
8.a{1
mG3D8v0
o'$Mxe
yfdreP
TK\/#7Q
-KFMpW
b%7fL,
t2!E<
.UJ\KD
}fDkm
6Q,Q[[
lLdRF
p9^51
)U<l/
M6[rj
a,G/a
V&edF
U\J_g
~"11E8
Sl]4vt
wLQ!}V
${/jP
!$14=}i
Z $4L
MtD3q0
2_?633o]
>/E<l
&f/L2
;,0OV
uE'!O
NASYak
[.UJu
`"P$8
sm*kj#d
o)9]daY
-$[7!Et
^3k^w
~JA?$
_VlyU
Z^+-)
B),'@
39/Ui
(a#|F
S!i;a
#FSQfie
Zi(Hcw0bo
9>KJ\
Wn*ap
\GpMX
E}+fg
Tr[2el
|)i65>
_VjLx
&'h_P
5$4d|;
RO a=X
mk.^CH
U+HR0g$
AVul&
:O0m[|
Du} Q
PC}{I}
pKnf)
KqN][
r#5V"
0q.Xg
4<{>0D
lg$[Y
Ey&sa
p5~EB
v<l$=
@Aoe&
I8z%%
aQq]F
|F,Hxs
!6*M~
b-Dxs
bOg`_,
quBtb
#}xhV
THHsT
JVRFO[
-L\7s^
9yvU$7fMQ
qAL`#
>CWAF8
]j7`}
K_qbFh
G^Pu1T
MKNu{O
bb3~$
g{9sV
^]XWA
B"&Q4
Z6D?:
5>v!C
ELW9^
Y1CF<R~
rP4~a
Vikje
H=Bam
LWgrY
HcaY`
9;]O_Y
j"d%je
%*$x$
Lx\ n0pn\/
|q"L8
zkw0la1K`}u
y9/N9
TAZX>i
HsNyy
&{QR7+
qkS%t>
_+iv-
vm^Rr/
t^VK(u|
VCU C
,sW.b
/$Z`Wl>
Mnn?l
+R\}+~m
~Wp<,5
Fh"$?
\Ya9}
ik?6o
Y.LKa8:v.O
5ftbSG
:[#Ln*
dgp~PLT)T
boFB;A
]Ll3f
Yx8o4
sKY?+
v?X|?MK
@zx[s
f+R92
<lk%~
t:Ldd
p}Y[At
}gm0[2
:[w66
uxPl_|4
xYee)
q*IQGO
[YHwB|W
gMyn"
ipu'n1
^Kmj/
k4R+`
;4s`O\0]
HD=L(
OL][IZ
P{6zS
IjYqS
W8`rI
b[bU$Y
T-crs
oBb1f
lWlj-*:
iQvi$
]e0j/M
mH>|I
Aseym
Mt3mn_Z
8[*SV
`MW I
lr5)S
:6GqSE
x?(qt
jlau0
1a{N#
M} HXY
YjiL<<
r%Fld
M8YuD
45=R`
)`O`wr
asmluw
@7Ivm
:('d+
@#6x%
U)U|q
135Uq
ueFS
yr?;h
5>1dk
Rxmq.(xh
m.urW2
~SE=0{b
6qry{1
OH:>y6/I6
<6H]G
w!X8K;
Wx$,s
F<@z|
|z[d`f
Gw^5"
zIkHs
K"NBRnS
@N3bT
73mkp
K(;!.
c{RN0
P]&[(
0lSS,:
DNo~u
$P-64
y=>[VAja
L3nKNE
!-=Ta
8(%qT
#W,uZ
WE#8b
,g8$N+x&
lP:ry
FxNU/t
(Zoo-
8*dJ>
AFu2^
v*T)c
gy#tV
P>:3;
H<DS$
(&gArg
pO9\_
cvISh+C
,,;]>
2XKX*
SG%O7
0GyR\
M)3O=
cYku,
1|EhK~
0a,NK
x'Z]M
yLwSj
%e5,(
2Ujil
]c0UGj
K2oD)
ZID3-
OX"8D
#,.n&
}m,8Sl8
Owipp
q5<VN;
\aFOx
=OV,}
r5rA0
{B)!{i
yPu5$1
@4y[=
JMBT}
[S}s9
bF1W^
p%>|_
+rr]aH
DY#X|(v
i;V'd1
WD)e!
kF=)B
Jfcxo'aO
&3x>T\f
j|BfuE
Q:s`9
hQ~R?~
|A#>>
4^2P<
c.UE'L
10_p>
h+`..
(Umn^
2T%D8H
*1G!a{?
]?bb
nChgN)6O
\wKj/T
yQh0*
XLO!]]c<
!dMl/O
qLj+c
@^Q"`H]vJ
anIW,#
i{rX6
~WGIh
B1H2a%
t#|aL
rE%FV
;aLFr
Z<1_h
aSS3^
RP]uou
S svojDxS0
)t--j]E
g%BfFK
_i?)T$
2=3?m1C
m49=Q$
M!<1$
n Y_6g(
$GnLyV
,@Ul<
W:3WU
ejJNC
~~Xv}
QC%OH?
&7jylg
zYy%V
@aol{
5vh'P
">Ndg
uN1Rm
Gr?_"
}!iZ&
hua5`
dR6+/
2!!'<
(e0Co
KQZ,t
^L'6c
2_t|
0;`Y!
EsX!N
1- '>
=Ph<f
\t*Q=h1I
=;Yh]
Unkm'*
+uw^o
##?O(
~H6f&"
ees)G
W/mVh
29#C0
0)n{~.
'QUXJ
e1.tP>
/y,;O
w"hmt
9yZ~l
3L!8V
[ks~S
(8:4H
k$ST:B
O32(a]
a1vGi
m7Jpo
3L+=r
e{&"6
{gS,c
.h>?,
A":FO
0A79n
Amkmq
.,\s<
HQn[9
" kCr
D{d&_w
;T\5d
RjY!5"
p^eL1
?[vC*Z
Pt5M/=
/ZJ1;)(
%V([1J
q*'zR
<x{M}
'A'sX
>izl-
/<HPE
3<>Tt
T'.w1'm
+;`r(
qj$fW
&lM15
XT530M
E,K+$&
T?O5Q
u9#H3
wF_P!t
/uT3A9G
wMIR,
6).\Z
HDC:c
<yIxm
Jer%v&
yi;(f
um,s=
RuoLD3
oc7O+
PIoSk
,Va|@X
YCLM%
0RPts
rxA<t
E+8YB
.>cS|3
48gHa
Lvw5y
C("6]
\+#{e
s|2'r
Ug7t1
[b"A}PS
i06=U
1SU08
xtr<,T
]sL)-
!PElb
Hv7YB/
_?Umo
bdW&n
>WMx/y
9U}~<
RTe6r
(d4+J
N^{O8".
elN/E
WMG;^
F,L% F
+D3K6m
6Q1PTG
&iNUX1
R_bdw
e./(U
DXIhs
UnO g
diG.7
.[YFQ
7G`h*dx
m]A8NC
q=V<X>
m4-5?
_Rj]&
}NfQ;
#-IFSp
KsxE't
d[+f
>$h?>
vI&{W
U(K#o
K3Ds&bO|
NB2m2
B*]NS
^fCbW
I*V]u
k_A}*
'Ff`-
ngqE+
J3?i>n.
gxJQyv]7
r[&KIha9
8YCQ>
kDOWP
~p'+E
qAv*h 9Y
o`|p[
SXn:~t
%_-3%
i1&u]{
2dYyi
(RxtS
-5S"+0|
_"r&4
Z][Iy
,B~m5
&\ZP_
9uQ<}
U>`w:
*^ @(
6f}f/
xQ,(>w
tVr5gN
rZ"#v
8Ggqr
H(%@JZ
Y-&$E
WHY#1
*qnCKN
I"d_'
\{5h~
]c%9kz
%N8[r\
EmfCp[
g"}hy
n9g(C
N0I;,
>%j}d
O(vxC
":hHjS
'[>\Tw
F[a8Yzi
~3]X$
iu`@j
bJX4=
HgD_x
# #Vg:
*uLT$
LLy>&
&lRYqm
16OVw^?R
2GNcm-w
7ON"s
6*HsR
Rcw:)U
|[-rJ
+\vhPR
UvPUim
u;$c&
+9#;&
)I>t^
|aC/S
<%iL8)
(PypW
~bfWek
y+})0
Cr'Hp
0-7-
-^l&8
C?gX[
AJ9M)
dVxn?
2aifs&e
CZ$;X,
Tv;j~
A4+gK
MdND$w
!7MM
&_g,B
Z}L/rliW
v|E>
}V&37
xit$&
L%lx'
1R0k#
/:*Ot
'g;Zq
/@^ rl
w$cBI
~2Y6N
gc;BY
{T%$Y
t}%#t.
?t8E}
ls9PYf
u9|\X
L.fhU
1~ioZd
[YLt;
T3KZ_
]86uF
XI;fkK:
1|^k0
3*vJM
:=zwYn
1C3Y"
Rj.$],
W&^$|
]i|6)
Cr!pC
Pa2gZ
M=NE^
0JtFt
(&d}`
't4,n#
oSoe6(
#=WZ\P
Va{$<
JH9oQ
oD9IP
3;(h)
=>S^^
vsaI8
lG_0$qpi
>29vd
):'Ykg
RW5Tf
9`';1wL9
THTe<
mQDJm4
POuty
g;7b0
m#RK!e=
l=N.i
1PEqu
/V/bm
$>aUwni&2
z_xs>
;N8]d}
VST12s
/+6<m
^ uI4V<
azQH:K
1b[=<
O&t^y
yl;rV
R|n0I
ecJW6G9)9
ieCvP
}K9s?
S<Xuy
"_N6+
W_8JF[
mS"09
#5fqi
|%rYC
V%pm-
Lo-j~
j|vr>)
PGX/6
\HWsd
ZPtfz
<~/*U
Yc.F}
DoV>9
;,B&l[
~3>sZs$
:T}f}
gK+50
&&M0p
&mDPV
ewaEz
\l\A#
L(P8G
>.j?g
6>y!B>
/$6{E
tr$0AV9'.
jBM1>
P'hEl
Pz~]Q
gW:0C
#>Xx9
xr{j&
u}Qby
~H/Qs
t{XD8
9$%[2
RQCW[
-""]1
RR$$q
tb?JUo
(^Ds
7mx;B
6OxlP
d^e&.
"#2kP
qP8|z
R0&Dm
RX'qD
~f9.h
RyLx1
\sX"9
8;M,,
x&qC{
{NR|`
A>vYs
.R0[k
[DV>`
sYpn`^
S/]<CP
T<c/>
#(MrO
'C[i9[
wqPS60
QH"[mO
!<a3G
L;21%k;
li1=L
mI#c}
eiQ:>
hj6Qc
,t]JNDX
$\_Mg
Z8K#[
32}`x!
r* [e
(5RTK!vh
E}%J6,
dDem6S
[I~[rAD
LhFv-
rP4Uj
#.&gg
RkK.aL7
Oa'Q3
T8eG$
$477Sg/v
E;>}2
3 81{
T}OQ/
FCld
,2V/CF
Q"h!CC
w).t`'g
G&}+U
-SX[j
D}1;K
(&cN=
fr&AQ`
l8{q>k
?0UKj\
[A9f$
5]gr
;PNSW
0riR0"
E+vKY7
!_>: .
E4sOm
F(Zs(
dk|_AgX=
>LwQ3=
+"9;J
GiIqs
JZGcO
*wkVU
?q$P6Z*
(I.*s
FI%Xvz
).?!9
{TsMK
*O'Xo#
3x(:ONSi
=c;NJ
(u_'ht
3#o6-
5j)),
0=#Ap:rzd
p#,/A
Dp]EE8
$RE>G
yLttaLO
`bWOa
!+iXR=
>:k-O
t')[XXU
jA;U`#{N
DNwNt
j[Y~E
G~^Yf
5l"o"
gS_0R_F.
P,;C:&:j'c
`;M1S
Ch.M&
FuKzV4
=vTP~\
RPjYn:
hO)c}
K"}5G}
DWw5g
P/yrsL
=aa|hN
Y:~([
9ymxI
Y*a0vo
V3~UB
`i]uM
%iTZc
x;XUSR11
?DoFs
1DZLn"
_k:+l
!aLIh
\d3nI
Pcg`2
;dY)`
zy!GA
]<+k]
l3|V!
Zk>r]z
{h0ye
fKu\T
{t0q$
~/.u]a
k|7Pf
P(uvI
GVCFQ
Fs&`s
yc-D1
5Z'0kt
3O:>U
<:a;Y
e+x$7R
l!#@t
pP0g?
E~ROiP
8Ohb
`_\<[kSW
x/Px
1q>&"
E#`Ky
u Z)}
#WTE{
3!|aQ
#!vda
VK*x^9
*-92v
y%2Ij
|C;E[
-a43w
*%wz`
\p;YWm
~1!e2
_rI^h
$=+[I
w*:!OZ
/mujz
VP/av
ulq{1
3MOr(
l?9">Sw62l
:TLk
=rx=p
B`n$Py
e+\O99
6Fiav6/
$nWCQ,
]IZp8w(#
Krf^8
t6*@:w
^E8:3ef
9Zl<u
xN-'#
f3"Qf
f)cpmU/
,='CK|y'
5mzji
ACMku8?
QYl0O
~{nW
AA$[):
<s9Qt
Q;go_
z;El|
aLT.COgX
@49{D
#-&X2
7kCZ8
}5-)]+
I?A"%
"elJxMg
qJdNm
I`~m~
biV0\Nn"
^bON'
n;FhIa
Nz8_qS
S$n90
<Y8no
0y!qZ
<MkXS
1+[!6
8#Ej`#
8&Rgi
XpnL:W
~Cw8;
D'xS,
)NY8&x
L>w|h
8hU%v
Xf0Q4
1uz]6x
iO~_T
M).FT
uK`h$
ZTjU_
B'zw%
tY"Put
q{y\w
b3!DK
xEV,'
N,K]S
]tX*/p#
2^4hM
L_\-h
um:@!
EPJB"
~58]Q{O
{W+J{7
GWg$B
n+%A}
6`#t<tg
oMa}]
HUkHZ
k8>j-
J{J,x
jdN-r
UNb7v
.8EJN
t4'P,B(
E[LB9*l
#<POh
b$xF{
L-NnbAr
jUy`W
EF<i#
8qtTy
"Q]T$]
Eo3{p
R$68)
QE^!d'7
!&wkY
I%nX#
.T\fT
j!u-{
vd(tl
L5gYj
Nd!YU
b!b;G'M
^/9%K
+d^@9T
J.P)$
8&ULG
#jle}
&!mL\
{U_,Jt
~6"M4
4c"/^
'q,qL
!7^?I/*Q
vUf%(
3|ma}
)}]WZ
=!A]ds<
WwEc2
r3"?b
7cO'r
&M%)C
z0j'I
92?yR
}cH]''(
>jHRw
arv~q,
$Przz
<lG&'
G^>/R
.K,TX
71`JI
K 1U(N5
HU`"bF*w
edW&$
X.H~)Y;
8~b.c
By(Hc
ZO.B"
2>BS[
c`(Rc
,hPIq
~eCjg
tg5hpG
ke~.C
V2T-R
7=QrH
d;1Mj
g9Nib
wG0t)
&k>YP
71;*"
yv-p^
8/^4ik
Z?\[lgar
g$E`8|k
cBe#u
;L''T
{6<&P
DQP>r
HA!Im
^ZjEB
'.]1B
^}r.As{
}J}%b
\(0Qn
xCxytC
88t;z9
5DZ!FVX
LpvPyrT
q%nyw8
h_z6L p
6.f G
BhXG2
;5~#`
PcB+p
Ad.Q]5,
|gfWGF
)>y_^
N eA)9"
FN_k[
6L%W$4
8b}w'x{
47zQCk
Q#wqx|L
P7,9C]
D 4Sr
`DqYu
h)x)J}
\>,~
6Cq2
LYNt"
1X#Q(
LMqCT
]P`J+
dyl]b~
NP'[;God
RbH$Q
:A:c}
nE:RH
s:5^@
J!fW6
`"nG5Q
O^OmA=
&sxGY8
:MhFg\z
:9Hu[
3&}u%
Z;55b
dHxh`)
kMu1h
H9mXI
wA.H#
/']o]Y
HU(U+
a$.$wI
J-QP+
Dw'L.
>&^?d$
]2Ey+
:hms!
:Q_4Q
av|*b
1=oBo
t>sI}
|d'!?
Q)YRXwW
JgsCW
) t(J
0 ZO8
3;/m)
nD%8s
\oNnQ'
FaX&Nep
k~9$x+h
)E6>>R
!dxtJ\q
Btln~
:L,Rn
q4D{L
7!bcn
g$b-)
/B9WqP
hjf!?
J{XZ[-
oflo]
HbSb8
EB$to
`?~{cN
B?s'Q?
iAY~F
VQC+[
I}-Rg
GXC:B:
a1t7v
(8cv/
f|E7H
w5u4w
a.&#6
Da76Y
BE}Vtm
FCE/i
,?LBWOw
rs%5QO
3ydYi,
>g!}p
mk[e%R
mbj0F
lf'j2
y,_*F|
%2`7c
I>N./+
WnA,[
0g-tBp
4oJJ_
(n5Yy-
|^}Vn/v
\Da0k
}|;+iK
qh$pE
akQ!b
:kMd/
MpeGIRd5
&*EK4
x'2TbW'Yg
]jR_Y
a)IC6
J85l)
`Xz3=
WS|!B
IShO>
VB:Cu
<9s(i_
QB|7fp
(V`?T
<N+E4
H.y{ex,,
cf";ETn
czlQE3
R5(9j
#I.+0
A!f}Z
eeN"N
\<hFMXw-
ZzQ%#
r;ZAw
c,&4
3N$jO
q{dd]O
j0Xot
#8*6t
GU{_RtW
tlRDW
+?OJ1!D
YahQ=
dZW[T
mZ9aa
%U;85
5V8H!r%
eqyj<6
GG/VB
P pbU
RI8'z
!Dt~'
4WyVH
n6Rd%
z`@FD
d; %~
1wN+|
NDa\s
zq3&,`3;2
7.h U
=6WZ}
|"zF+
c +Tf7
]d\l>
~|@T)e
Ar[JZ
kEQyb
/e/kl
T^rcY
,"@yRT
CAO:z
)_{%lc
Bn8'T
Pzcr9=
a n/b
xINzy*F
PYGuFY
v:*<m
d4n!'
mk6g.
Q5IU[{h
M\n8f
/;Q":
_n%<r
qw`0+
_.BtN
}xXFyn
;akeiQKG
91hvw
aKnb
Vcl%~
!S,hD
pryg4D
4L7n_
q\Sp;
Ak$r]/_
:`$4r
Rn6Z\
/hCVQ
n,@"'
kFIQt
KU/pU
G<wg[
&p7YQ
jeTiJ
L%c^(
V]tB
V,;_i]
;R[#6
Ff-n!\S
^Jhll
Sh2$L5f
Ld9[
eZV=wW
QTnP0
xz+53
?Vrx1ul
T%?'1
CN/_6$)
nF6L/
S,7Nh_
gp'Z#
vY.-L5^
{x7cv
PL1FDM
cc7ue=~
-}5]O`
@KSU4
X61z~(k
6]-\Qw
G>xnE2
lI#)o
B&t&5
64&HoUW*
u.FZf!p
r!>#m
l]t9R
n^e.bk^2k
,8H{}
2` il
JcV,{
dm|%l
pw<|t*-
<ZB{b)BN
$H?Rr
IAd(,
F=OE&
7`#D4[
Ljj4U
}uCjWj
6M$P=
+o|Sv
O5e&!
pyzIW
NB}?[B^
Q`Y%2q
$B2ZEV0
4,#TBZ
%SJeF
a&CNJ
Q{t*t
ox*S8g
5eFA-
(%?Xb]
|qUSj
v;ni&[
c3d=z
HpJ$W
rsR}Y
|G+:D3
<&HS(.On
I'KBk
#}#+i
>/)}'Q
TVY|+
LC7.C
%i5=S>
yc-h>
D>yzU
)_X;Zq
h;jWS
5sT.<
Qg|V?
y.=rq<
^*D9zm
t6Md_
I|gDJ
=&2m<
LuRE7'<2
`]tPM
vE3dcy
#Y][b
`E)"F
Ia6mf*
[2H7v
:[X*Q
_lu~c
$"jur
:0fwGw&
`d? j,l
WU4eK
8dh] &
ysNa&
sD!v46
vjk?I
y'>mG:
Zp^:<;
S0b,n
ymW&B
BSH!?
bM}>{
*bZt?F
38Lay
%3a24j
}; x3E
@W.a}
`Vz{9
;}xm_
l^mF}
t^J\J
3NO\3
#Y1vj
Xsv'~
S*8)v
3KMz5E
z//jE
aehTW1
|Tvekb
!iG6a
M>h9#
$qt9t
%;dQN
*nuD[
']k[W5
SJvL{
4{6w2l
ecgi.qbSM
P{'}0
?=9|ku
m$C8}J
`^AAp6
jm#3N
: /G=
Z|jZ
&DhAv
@+uinUA
c7ty3q
:qli$
5MZ'(
7jUXL
qUz2y
U?"fR
n|$`b
jgWg(f
0UL9(
y[8>i\F
:nPb[9
fB'EA
5IRy.
(&\s:<
4I z^
>GC-`
jcrln
8>m7-
>0FzL
60"8X>
br\Ft=L
%-CcM
T*OE=
\BhQ\
I&ot)
Y<j\wBuX}
{Y?.w5`
[9|^T
*[Fq4
qA.HO
TK,+:og
q\wRtdx
3++wsXU
"Dmua
_4M.xv&
nr_9Y
kiK!,
,9M"O
niv|1
}ab1f7
%qASD*
&Y=U3
PD[w8
jZ;Z.
B8]@^
W3U6`
T^g4F
LQdz:
P}UXZ
MEn;Q
6'E;`&
X6$!%
e9K?6
v~i]_A
".#!~
~yw+`
wG5Qf
fvrW%<E
3t.]T
$vqkynXb]
FCb.m
ZoZ66f
a(0N0&
8QEvuY9
Q%It_?
mF-oJ?
8acCt^>
ikAR+w
af[&T
6z4n?
7iUzv
hum:7
r3QA\
5ap_v
6Kd2J
{{MJ3F`
fU-Q)H|
;{hB~
88(Aw
wiNMk
{/bB4m
%Fz}b
Zo5 i~
+/@NRinL
?"cUp
i=FZ,
Y6(l:
tmJ~M(
{@NN|qp\m
[>H`8M
Msd'/
K:Jc2
a2()C
5-){)
i`'t{
6tA(FE
Z7/S_~
oS05s
x}fDh
PuZTpC
FONQr
T(,`P
BgDw.
`T[4)
j`XVu
Je*ix
{rC2c
lZZZT
*]V*47
y+1o 4#
eLwN%
+iuuL
14\#! p$
1mv>I
e*0AU
|ZCrN)
vwQU
ix1OD
R'<m-
K7x1"~
i'"nv
g"Fv]
g9/vC
FrTPYwP
]Wb h
}4^4!
3\o"~JP
TEMmI!Y+{VL
6*+`;
^gF6U
-QRxu
6LY67
Yi_k-4
`_exp
lQ*VHy|I
"H|+}
[:vIf
}?q`6?
=6rk!
5h&@w
VwH+U<
)9<gKB
#ZNe:)T
tm)]D
.`Dv*
7[Kch
XO6=i
ZKxUk
8_oeb'I
6XIT|
&G OfM
;nBqB}
%d+g\
1vj5a
7_^jt
p)s%s`
8A~,v<^
$-FGg
|\"`+*
}ztjM
xNuhU
Q=\";iv
H]$m1
ttEo,
h5g=Pj
GpE),
o){#+
)R_T~
wT>nZ
>(rX\
y(LDx
}*c.7Y
})/ob
ulw,!
SMw}m
8+r_3B
@7]X*
447G]
!WHBe
8"kZy
3m"5\
! og_M(
RGSc\9
2g9?*
oMh!Ci
jg,,@P
3j|W;
h7%0]Hk8[
^.~9q
Z MZO
40_Sd
)`\bY
\SL6E*
U4-rJ
vt]_?k
?Yh$`
-Gi8(
k+ZP;dh
ddN+VVQo
>Y>//
[9y~p
_h]b<
ZR==(
q"_i[
PBnaD
"r4Qi1oH
:F=>,
$iz-1
~;GGdn
jU,{k
YaR`Dv
ff[rz&
7*dev
/tXz(
vL_$D^ ]
U16xPA$
xT")T
;YYR9
rGb/Y/
A}& &2s{8-?
R}jET
i0S>/b
EBx v
9UO0_]
rF_CV
vLLQq
0<rn{
/\*dJ
km^wz\
i7xI!
Y_].N
6*K$<
NN?Ij
%-[^7
*M>3k
ku/1x
'(xFJ
`nAt"X
J7k0e+
!)(@;
`,PPSe:
CSY]l
x'Mwm
&WWHAF]
X7TR'
s`Ld`1`
@/h3a
?H$2.
R7 2D
0M![rH
9l|0|
}l5Hl
V{_y+n}
9pZ~l
=wB^y
3#SK`
~Ne&y
j2VV-
NsR%]q
'VG0y
&'t8Q
a'Ph;
!YWgE
,UnvD*}
K+upL"
%<?p`
^E73lJ
@Uy_>
l)M)%|
&)A]$,0
6]b$$
?LqrD"
py#.A
Ub#_{B
"h]rq
$T:yW
A_ISi*
!!K24T'
+JQ+8~3
)e8(d
pZ7Lu
8S/t`:
hHSex
:#=n7
~%B#Q
"K"6A9)
Hq^L5
rmNFc
T`Y+;rT
1cNGu|
~>JiJ
#q`?r
=h X3
,+j.;
'YKmhM
b,+I(
Q;'k]??z4?
|m#43
l$1%)
uG#{m
wN7{zy
%T6~|
_?q4A
:285A1
aN+3i
x+Z;Q
ROLcc
2|qGi*
UK5q7
M}pNE
9(9tE
1}jQW
HBir"
-jC$N
2Bt8g
'7Lpn
&K7S^
xvxR-R
jPyK[
Ugux!n(
K~[^f
O4U+f!
_SR_:
u3sQi
>HfDn
3y#@*
~_o8St
.<I>;?_
S9EZi$
:~ubX
Q&UHA
oLO#}d
KdU**
0ScV:X
["#UjD
T+(tF7w6
K/rJci
Iiu+|
tgNi^
:N!qF
d<dU}
S"it7m
+p#NNp]
GV/}N
!LCHn
*$eG=
3"_z#
9LNg"Q
5{OK=
6qoy0dz|
U(K$_]+
gMq"wd>
.S]<d
g-io,
&V8eJ
h]+$"
z[fVBp
}[}'tx
?+5^y>
*7yX}
G'qze
fk&`
?zKqc
C!w*
BYPA9
R6myO
wscae
y_"EqTl
y'bz4
FS}>U
_;w<!S
?n,cf
b$g!/
EK_-pg
<I[&=
qeeU;a:
[*x8g
,[b+d
TyysL
ZOinw
p,+5&~
L<r8:
`D#c60l ^M
_<)LA
:.G|&
1HI[n
<?t/j
A-A[H
{)]h0{
l18<
X#<&K
$}%H.
{y=e$/
kXHP's`2
)Mt5?
zP_kCD
gGo;!
;~-\B4
Jj'w^
>qt-"
+3p*F1:z
Gws0#
FWtrh~
WGW*-
?y'},
XUJ#.
JfFxnL
jTyaU<
sO]pJv
q$Z2I
SpP9j
>Msb3.
84"L&
<[na7
)-<n&
PxR$^
ArxOWf
Pp3=,`en
L$hSU
uB3dn
S<z4]
`^;}s
`LlEn2
+wSg!
qiyR'>
\'tNK
M?4[D
#qse|
Eu%'
G>}qpDM
_++5[
up7n!:z
wesLW
W8rC10m
hRiW&
jL=?*_V
h]GBV
Hr;YT
jBt"\
-Jh&{
T}7O#hY
?oou\x
X6W\,
0CA&q
^-Jmy
b1n5L
\!WEj
F`4iY
7]D 9
RFgwty
6piYm
dACtC
an-I?S
ZYuw/
>DM7~
4$&VS
'?l%[
K&xXb
[b|7k
0wC}\d
]VvA2S
-8tj=
oBVA)
DTO^(
l#lqu
-"]t0
UIpH34S
*&hOE
$K1sO
dPo#5-f
nR$h%Q;
<>oh`
HR=&iO
$:{=Qf
FnBF*
*rX8c
AXrV2
J#EyD
aQ{.t
y[ef~
&U;:1(
|5Sg;AkSf
()D!+W
6^LkgaU
hlyGY
\Gp7\
[4`GHP
&7q|M
YqQ??
.Ld#(
f4<G*g
D*\8I
~>YD/\
X*wkZ
j6S.m
Sxr{O
_8?^~
'wxMh
KSZfQ
\Lb&p
Mw]e&H
C6;YfiE
DX>D`
zQ\9m$
jF26+
oHMO}
OnQ,G
=Voa&g
B?5N-a_
PlHmsX
?ANu:
Y;DbQ`
rFunQk
79T~u
PrnPj
D'e{_[
5}Iea
C(PK-Z
C7:[1.
mF~G{
{Q{G8x
y}7iS
80]<j
dcamFD-
Y:(Kd
|lDk#
)1g/h
*4qNAU
W&S5(M),1
`Rhc9U
uLbx9j
<N\qm
#Xeb*
/w)\O
uptv"
cj-Te
xF6v#
=R{&Mp
Kx?l_
c$VjM_a
)<PQHj
45d[Ic
gt-'r
,SVZ,|
:%%KwE
kE0L}.k
-LYp*Y+
UZtC
1d_.f
iQw0b
U[=%S
Il3<aHN
zXqs._
Fpt;J
R0Xa2
h~CXWv
@iT-]
!wrsV
Cc`$6f
b.7|j
TG~-9
2u&zT
GY'qn
nROi/
u(CLg
ViiyR!>1
nGMkR
|`;M]
WI<<%
+K'fw
Y%feP
K\g;6
/\l#=
v]\Qn
qq:w}
kFppp
?%W?)
~G,r.W
uFFH`<
C'`HO2
~j!jT+
+K7QC
/77DH
/016E
zyl|U
,U<]H
"",#uy
+%M9(@Q
FcL'k^5
v3?wb
Vw^k!r
umejg
3_)&5
PGj6<{
>JAL
oT!7~
I4uJ(
=;6'^
c3;m$
DeeHg"
=9n;-
jy!o^
(w-GK
]QJcZ?
#X]3w
5K?R{
"!0+X
\%rfv
0K[)9
/Uh;$
ilY]A]
<3Y#H
,SS]A
i)=|.
9_u#C<
h.qIc
L2seD
=^::q
e.ujT
<KHt2K
5z$H69
g8WfIR
;$t_e'^
E].OdE
bd.K<U
\|uOl
&SU)0]}
Bm=2CJ
v=O#Y
BTXTy
i;/j*
Y=bX3
nQQ1*
dIEBz
f=gHb{
'<`Y8t
Ra+O"]
I#c5?b
%=:*:d
r&OWP
AT|x("n
fLwad
MtX0G:n
nWU2L
'sp4{</
aO"[TW
bATwj
?|h(.e
c{0x9|
AfI!S
zqq/:5
#\Dg$a
/uAL
u*r}%8
6Cupw
cN>y]
_fdvD
%To\V
.BMMK
?5Z&X
q>^8+,c
FFCie
rWc8&
~&gJG
9XB?{sw
~|o0[S
QC$Q7
GIe eL
]gZ${
;B?\c[
9{Svm
:zD=4P
PEO][0
V\dK?
1Q"qw
'.~rV
r9Top
~mfLd
3tm6(
^5pDf
s8|^^@
Jm`PK
@"xA9
S^w'Xm
O=L-/
>YpHz
^\#z{
=T^v<
tf Hg
=<kPW
6T;cB
`qX-p
bqMSu
m=.m_
]=:I5
SvmL%
4U[iVQ
$oZI.M,T
ckKoN
GbAKo
ZR+$1
}1M`t
[!!lB`
Z`:) <
*Ho p
OSXLP!|R
~.h4+?
\#kLPl
\M,aC
{L'qd~j
pNVX|y
aJh6c9
,bt`4eD
$\NL!
[DR1h
ol:xc
UG/UH
0Wr<:o:
]nYPE|
qZrz~
sNun)
q^<U+
c<Qrc2
_cXk'z#rZt]
zbg0=
++age.Plu
^1;zY
/?7G>
$bJjp
k:KT.
Z+'"u't
dh|w<
#>K-$x
Io),,
6hN(2
kur3G
Q7)n{
(B*hV
!nl(;
wHKvS
M3E$L
rr3T\
JWRE5=g
vC947c
N ,07
@aCWi
fyz=B
g(,wO
yR f\
Z<@v!
5%u8-
!N##U
4h=`D
YEID:
9\b}u`
{Wo1q
>Y/i,
v8AfOh
4zo2f
S+ygM
@*7:v
.TXsS\R
~C8)4
.(zgem'
\w6g4
<Ub,5
|%MH$
"Y{,L
Sj{r"iD
8rt7b
gSp8W-
Yvde_
F1SxaTV
uWr_n
V-fn?
25c/~
1vpWy|\
<P"Bu`
'5v-)
h6Z#r
2Lt,I
!qAWN.
59Ey}V
97m[)
R/FOA$
gzX]8
1pGcE}
7Zzjf
~u6|n3
)q"4-=Z
>&3ph[D
m7!T.
>}?k"
36Zr}
Rbm1Bl
8Jq|i
i^n$/
m|D+$
Qt[3J
fIQh,v:N
"S}Zz
;]hgg]L
%X8#j
Wq'!:J
%d\/#
nRMk"j
d"YE#
ly6B0e
e#4JSI
r03\M
_(vue}
S}AGa
+6NnT
'Gf%-ON
VUe~Wm
(IGlge$
Pw#c80
"3u W
gyr_m
WR!?9Sv)
d7#2%
.&-u'}
uL}LSC#6
!C^.Z
qH>J#0T
O5*dU
*9^L_
!ENo]
d24.HW
l^sv:~
'hSp!l
j10<X
]5Rgx
Gx7cg
%GS?K
IA5N\=
*"l=m
B-_AR
.&S<2N
YBzb+
gQm)Y
[fmrR:
EjwCEI!
&kOlx
k)^(^!
S[h~A[
A'1)8
OnbVM
r="Oj
6s#e8
j)\6[
&6_&q
K-t>zD
{k!#l
ShZN;L
dLsG
Jw:FP
;1qwA
Xbd6rK
4t-g|
koo=r
vd{%H
p]6g7c+
:w!GJ
KaD{f
9~|G\
=ttP:~
L0$ZE
truO?d
m=Szm
#rc-.
J|/nX
_^useW
} L([x
)}qix
}=3LM
vs#r(
&Xod\!
)g/L3
#(# kW'
oi&*od2TO
Z_eCtxa
j2\UO
a1GM3
p!Xc^H
'l|,Y
zE:l/
bhFw9eO
%&a<M
Mp E_
` ;-)`
8yFPd
.1`}Qg
x1`2.b
6k.(XyfS
uw,.Q
VsU+9
jj9;q
F_%iC}SO
^.p~;
/I`fo
7i9F(
t0yR%
WD QT
ji:cP0
4c`[E;
T^T&P
\y.$Q
HjUF+
~D#L${
b(9&a
r~-[tx
IJJu!
e|xp&
;4V^2Q
BL`Teyy
:G*Pr
BCcW0
xRH~W
U\C%\'
w*2j?_
0<<V;
e-D%
8HC*>q1
QCV`8t
.?_3S
2xS&W
WOcQ*
\mNVz
8_qAp
Rrkm#
YV](}
a a(?
_cPR~%s
B)!Gi
bV~<+
D!l1G<
t)8yI
Vqog#
<N:bL
K~bg:8
`D`6=
Lw^jx
os87<
M:#H}3
^n9?_
cjJj&
.'Q"H
OXw[m
Qdc#77&
yl73C
i76>*
^U\t{6
3uTa+
1j%0Z"
k\g^H
k$I|WX9
HDXl0
6-Vw|
5{92l
-ylkV
PZ*U$
?}s.*
0n1f%?
RL01o
1'ZE[
Vv%"\
?qp}(
{*;NY#
=Grkj:
sql 2
][6:w
?TUi%G
c5>:`
7DQYV
uev_
f[-xC#.sB=&
=+8-MIP
@d?<e
Dhrl
F?f+*
OXDn%
D*Ow)
9g3~z
+ZYin
4NHfn
+$'Y-
U<<BT
"u!8r
b(z=QTJ
5pNTh
G8BA[
~Fn?.
a:UFq|
_u j=
3a3b"v]
Av(pg
2N)bI
"prd:
?,MZt
xb,|:{/W2
<]#8t
r42Ku
MSh-|
XP`'
AU^JK
%0Ue|a
BC0y6#
SdG{+4
%R?Oz&
GG[-c)
m}6ox
=Z=0&
4C;u2
NRX&d]c
a]nXu+
@P1iQ
)N/WE
IH-DT?V
T-\fm
VXpJ}
a_k}.C
L?61Z
;SUw]
]CK,F9
e=/Za1TQ
Ysj!yE
"m6';
$hwF<bs_
Radu^
Q;EOs
kS#qih
[:SJ^d
O)4Z;I
FR%n1
e`K=&
TGJ*]
N:~$=1>
i^NSee)
}l916
S<X[<
sxg'p=:X
,wLz_
VJF.&
|P2E-
M%jJ
fR{cb
~qTNi
kj-}#k
|e##l
jq1I)
3v=zx_
Mt)'L
w$fpd4Q
)!&'\
(-|xjT
* qH#
+&TxM
I80k_DU8A
|d#"q
J:Q,g
<*4Cd$-
>y<oo
]Rk,p^]^
3R6R3
,T-)1
*STO2J
S>_H7
wAN7~
71V$5
43Ie{~
f)N(P<wp,
V3wV)8
)C.ey
p?AYI
qd0KE
l%hj[
{],A[
H#+"a
m(M(QD
Gq{>_
Ft"qg
'}/U-n
/aRtfw
Jx;:.
~d\o*
T_524
NL+T9
.MN-}
n\XQW
m&\1'
) 53u^
7cQG_
k7P5R
E4yIW
;2uSv9
E!PbS
QeuMju
-88/$
Okw4,
E:uvH:
\aFL96
>l*p#h
p'g4=^
zJr)|P
<8D&g
4uy+qK
S$aGN
L``;[]
sN7;`
M)SrB
:cYI#
=+"fS
fCF7/((
^um8lAtV?x
K-$ :
.$Eru
ug:+M
=oXDCc
t%Y&w
mn(bC
!_|zW
\N#.9&
!dRs`'J60
}qzrE;Z
{A[{}a
UadF;
g]<71/
>/"/~
]`<CJ
PXM_0{
4kK{p
bXYqx
-ui|"
=~_;{eM
V8kA|$G
A8~6{cE
,<g7S
y^/Hrx
xV$D/
N%[BS
:KBKj
Up`=2i
\$sV6
\Wj)R
od%}x
*PCNHD
pFS{D
(dz}a
+=G%&
`Ha3l
n[Q^"j
54f="Ca,
/pewI
aB~'F
pnyvh
}K%p4
h000=
;@r|R
2;'R"#M
I[K8_
(h<3]
12)Chf
7`tc)
+1&u.t*
qll;C;R
De3|9V%|7
[ZW&]9
zT,[O
G+uUX
HGWjSm.
0gG:h#
[n|fv
*v$PN
vWHU
/XrBg~
kA`F+
J'ifIdo
CF2g~
vN e[F
@`|5z[JX
mE9kA
FU+5OC
?l/X/;
9?(P.
Fjxl-
<U(6`|
2IX=n
$3S3\z
J1w=g}3
W8F}t
e*SS\
wj^I`
lBHq
-/V(Xv
*\9.:~
k`MEG
3]p ?6C^
Uy]'.q
v&Xe%_
AU3!EA06
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
</application>
</compatibility>
</assembly>
7!7)717=7H7S7^7i7t7
9#9.999D9O9Z9e9p9{9
3.373;3K3T3X3]3l3q3{3
4$4*40464<[email protected]\4b4h4n4t4x4~4
5!545=5Z5`5f5l5r5x5~5
6!6.6z6
9*;b;
7 7.7S7
8!8&808;8R8b8y8
9*959:9E9R9d9
:6:<:B:u:z:
<(<-<7<A<K<U<Z<_<d<i<n<s<x<
=G=Y=f=v=
>!>,>J>_>h>{>
>"?,?2?8?>?D?Z?d?
0/0J0W0}0
333U3[3f3m3
7/8)9
:H:M:Y:_:e:k:q:w:|:
;X;s;
<,=E=z=
30F0_0}0
293C3O3`3j3
> >$>(>,>0>4>8><>@>D>P>_>
2"282e2
3.3G3a3#4s4
416D6
=_?i?s?}?
8 8/9):0:V:Z:^:b:f:j:n:r:v:z:9;
6:6B6P6
9D:K:
;z<0=4=8=<[email protected]=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x> ?$?
1$5+5t6
: :$:(:,:0:4:8:<:O=
1&293
727D8S8z9
;c<{<
=H=\=p=
3$3+3T3X3\3`3d3h3l3M6`6i6q6
7#747M7W7W8`8h8
9n:y:
2$3\3`3d3h3l3p3t3x3|3
3d4w4
949A9e9
:2;I;
;k<r<
=A=L={=
d0h0l0p0t0x0|0
596H6M6V6[6j6
9d:m:
<#<F<k<
< =$=(=,=0=4=8=<[email protected]=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>=>
>t?{?
4#4-494A4
:>:P:
>:><?h?
G0N0t0|0
20353
6 6$6(6
:<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
=:>+?
2d3=5
5#627e7l7084888<[email protected]\8`8d8h8l8p8t8x8|8
9 9$9(9,90949D9H9L9P9T9d9h9l9p9t9x9|9
[email protected]=D=H=L=P=T=X=\=`=
>">.>3>
2-3D3
366e7v7|7
=+>X?
5'696I7
8)8/83898C8M8W8a8e8k8o8u8
9#9)939=9G9Q9U9[9_9e9o9y9
:#:-:7:A:E:K:O:U:_:i:s:}:
;';1;5;;;?;E;O;Y;c;m;q;w;{;
<!<%<+</<5<?<I<S<]<a<g<k<q<{<
=%=/=9=C=M=Q=W=[=a=k=u=
>)>3>=>A>G>K>Q>[>e>o>y>}>
?#?-?1?7?;?A?K?U?_?i?m?s?w?}?
0!0'0+010;0E0O0Y0]0c0g0m0w0
1!1+151?1I1M1S1W1]1g1q1{1
2%2/292=2C2G2M2W2a2k2u2y2
3)3-33373=3G3Q3[3e3i3o3s3y3
4#4'4-474A4K4U4Y4_4c4i4s4}4
5'515;5E5I5O5S5Y5c5m5w5
6!6+65696?6C6I6S6]6g6q6u6{6
7%7)7/73797C7M7W7a7e7k7o7u7
8#8)838=8G8Q8U8[8_8e8o8y8
9#9-979A9E9K9O9U9_9i9s9}9
:':1:5:;:?:E:O:Y:c:m:q:w:{:
;!;%;+;/;5;?;I;S;];a;g;k;q;{;
<%</<9<C<M<Q<W<[<a<k<u<
=)=3===A=G=K=Q=[=e=o=y=}=
>#>->1>7>;>A>K>U>_>i>m>s>w>}>
?!?'?+?1?;?E?O?Y?]?c?g?m?w?
0!0+050?0I0M0S0W0]0g0q0{0
1%1/191=1C1G1M1W1a1k1u1y1
2)2-23272=2G2Q2[2e2i2o2s2y2
3#3'3-373A3K3U3Y3_3c3i3s3}3
4'414;4E4I4O4S4Y4c4m4w4
5!5+55595?5C5I5S5]5g5q5u5{5
6%6)6/63696C6M6W6a6e6k6o6u6
7#7)737=7G7Q7U7[7_7e7o7y7
8#8-878A8E8K8O8U8_8i8s8}8
9'91959;9?9E9O9Y9c9m9q9w9{9
:!:%:+:/:5:?:I:S:]:a:g:k:q:{:
;%;/;9;C;M;Q;W;[;a;k;u;
<)<3<=<A<G<K<Q<[<e<o<y<}<
=#=-=1=7=;=A=K=U=_=i=m=s=w=}=
>!>'>+>1>;>E>O>Y>]>c>g>m>w>
?!?+?5???I?M?S?W?]?g?q?{?
0%0/090=0C0G0M0W0a0k0u0y0
1)1-13171=1G1Q1[1e1i1o1s1y1
2#2'2-272A2K2U2Y2_2c2i2s2}2
3'313;3E3I3O3S3Y3c3m3w3
4!4+45494?4C4I4S4]4g4q4u4{4
5%5)5/53595C5M5W5a5e5k5o5u5
6#6)636=6G6Q6U6[6_6e6o6y6
7#7-777A7E7K7O7U7_7i7s7}7
8'81858;8?8E8O8Y8c8m8q8w8{8
9!9%9+9/959?9I9S9]9a9g9k9q9{9
:%:/:9:C:M:Q:W:[:a:k:u:
;);3;=;A;G;K;Q;[;e;o;y;};
<#<-<1<7<;<A<K<U<_<i<m<s<w<}<
=!='=+=1=;=E=O=Y=]=c=g=m=w=
>!>+>5>?>I>M>S>W>]>g>q>{>
?%?/?9?=?C?G?M?W?a?k?u?y?
0)0-03070=0G0Q0[0e0i0o0s0y0
1#1'1-171A1K1U1Y1_1c1i1s1}1
2'212;2E2I2O2S2Y2c2m2w2
3!3+35393?3C3I3S3]3g3q3u3{3
4%4)4/43494C4M4W4a4e4k4o4u4
5#5)535=5G5Q5U5[5_5e5o5y5
6#6-676A6E6K6O6U6_6i6s6}6
7'71757;7?7E7O7Y7c7m7q7w7{7
8!8%8+8/858?8I8S8]8a8g8k8q8{8
9%9/999C9M9Q9W9[9a9k9u9
:):3:=:A:G:K:Q:[:e:o:y:}:
;#;-;1;7;;;A;K;U;_;i;m;s;w;};
<!<'<+<1<;<E<O<Y<]<c<g<m<w<
=!=+=5=?=I=M=S=W=]=g=q={=
>%>/>9>=>C>G>M>W>a>k>u>y>
?)?-?3?7?=?G?Q?[?e?i?o?s?y?
0#0'0-070A0K0U0Y0_0c0i0s0}0
1'111;1E1I1O1S1Y1c1m1w1
2!2+25292?2C2I2S2]2g2q2u2{2
3%3)3/33393C3M3W3a3e3k3o3u3
4#4)434=4G4Q4U4[4_4e4o4y4
5#5-575A5E5K5O5U5_5i5s5}5
6'61656;6?6E6O6Y6c6m6q6w6{6
7!7%7+7/757?7I7S7]7a7g7k7q7{7
8%8/898C8M8Q8W8[8a8k8u8
9)939=9A9G9K9Q9[9e9o9y9}9
:#:-:1:7:;:A:K:U:_:i:m:s:w:}:
;!;';+;1;;;E;O;Y;];c;g;m;w;
<!<+<5<?<I<M<S<W<]<g<q<{<
=%=/=9===C=G=M=W=a=k=u=y=
>)>->3>7>=>G>Q>[>e>i>o>s>y>
?#?'?-?7?A?K?U?Y?_?c?i?s?}?
0'010;0E0I0O0S0Y0c0m0w0
1!1+15191?1C1I1S1]1g1q1u1{1
2%2)2/23292C2M2W2a2e2k2o2u2
3#3)333=3G3Q3U3[3_3e3o3y3
4#4-474A4E4K4O4U4_4i4s4}4
5'51555;5?5E5O5Y5c5m5q5w5{5
6(6:6E6
8;9C9n9v9
:-:I:T:\:g:o:{:
;+;G;V;a;
<,<Y<`<g<n<y<
=K=T=
050T0
141S112m2a3
4$4:4S4r4y4
595d5u5
5Q6n6
767B7e7x7
878L8Y8`8f8n8u8
9Z:y;
=&>V>
2/7B7j7o7t7z7
8&8,82888>8D8J8P8V8\8u8
9/:3:7:;:?:C:G:K:O:S:W:[:_:
<U<Y<]<a<e<i<m<q<u<y<}<
<9=a=
?.?<?C?I?O?t?
1x2}2
8T9}9
9^:h:
;";&;*;.;2;6;:;>;B;F;J;N;R;V;Z;^;b;f;j;n;r;v;z;~;
>+?7?>?J?O?Z?q?
1N1o1
3*3V3c3
8 8%8*8/84898>8C8I8S8Y8
9*9/9:9?9Y9
:r:~:
:4;L;
1'1E1L1P1T1X1\1`1d1h1
1*252P2W2\2`2d2
3N3T3X3\3`3
5$5/5A5S:
[<_<c<g<k<o<s<w<{<
>\>c>k>
>I?P?e?o?
1$1-161V1
3;3Q3[3a3l3
4$4+4?4E4g4
4a89:
<*=5=S=
3^3f3r3x3
4[7h7
<I=o=z=
424U4
5<8k9
;'<O<
=+>h>
?-?<?_?o?
020n0
323r3
4N4Y4k4
4C5U5{5
828r8
919<9N9a9k9
9":-:?:R:
:7;Q;Z;b;
;g<|<
>$>.>T>
>!>,>2>D>N>W>
2'2E2L2P2T2X2\2`2d2h2
2*353P3W3\3`3d3
4N4T4X4\4`4
6#6-6?6I6k6v6
7'7=7
8X8c8z9
9::C:Q:
2'212A2
2U4g4
6'60666?6D6S6Z6
7#8n8
8#9H9R9
9):/:X:s:
;^;i;
<,<\<e<o<u<
=!=+=A=T=j=s=
=&>+>C>L>a>g>q>w>
?$?<?M?S?Y?`?i?n?t?|?
0'0,020:0?0E0M0R0X0`0e0k0s0x0}0
1#1)11161<1D1I1O1W1\1b1j1o1u1}1
2)2h2
3"3,3Z3m3
364;4M4k4
4&5,525C5u5{5
6Z6_6h6m6v6{6
7)898P8n8
=5>M>T?[?
577=7c7i7
73787>7B7H7L7R7V7\7`7e7k7o7u7y7
939T9`9|9
:+:;:i:
:,;<;U;w;~;
<)<;<`<g<
=<=H=
>6><>C>
?,?d?
0<1n1}1
2=3F3
4)4T4
7K7T7|7
7*8w8
9!9G9N9
9X=E>
5*5J5_5i5
;/;E;M;U<
2K2a2w2
3)454M4U4
6f6n6
7^8f8
8I9x9
9O:c:{:
<J<R<_<n=
>5>I>T>
0k1l2|2
3 4?4
4)595d5u5
;'<0<
=<=V=
=P>d>6?K?w?
0+080B0i0|0
081B1L1`1
1%2?2O2v2
3?4K4U4q4
6/6K6
6 767r7
7h8r8
9N9Z9{9
;H;O;x;
=(=4=I>Q>Y>a>
?!?x?
1>1\1h1t1
2+2F2W2`2x2
363=3
4=4E4h4
445L5`5p5|5
7d8l8
9d9q9
95:F:
:I;U;];
;#<R<Z<b<
1.141I1n1
3c3o3
415:5I5U5d5p5
6!6*636<6H6T6`6
9(9T9Z9`9f9
< <5<C<e<
=$=-=5=A=I=[=f=n=v=~=
>m>x>
?,?B?a?
0.080g0q0
3)3.343>3H3[3i3w3
3Z6h6
8C8P8V8
9:9D9J9
=O=[=c=t=
>(>1>>>m>u>
>(?I?N?
272I2[2m2
6E7M7d7k7~7
8)82878=8G8Q8a8q8
8'969Y9j9p9|9
:%:=:C:L:R:\:g:
<!<)>l>w>
> ?k?
5:6Q6
9a:m:
:1;6;<;C;
>!?/?I?^?l?~?
3D3p3
3a4m4
?0?6?;?
1=1T2
226D6
:;;p;
8&8:8I8|8
<.=G=
4 4$4(4,4044484^4o4
5K5]5}5
;#;Z<
0)1~1
2/2K2Q2u2
5<5n5
6#6)64696A6
7T7p7
7"868
9O9k9
:1:{:
;-;4;o;
<-<4<D<d<k<|<\=m=~=
? ?.?7?O?
2)202I2n2u2{2
2L3k3
4+434b4
5V5u5
5#6s6
797n7
93:g:
;4;N;h;
=%=W=e=
>&?B?
0)020S0\0
233A3
5=5:6o6
8L8_8f8m8
9#9^9
:P:q:x:
<4<W<
=D=s=
162p2d3k3r3
444V4m4~4
6.6N6
7/7A7M7`7i7|7
8&9C9
9*:4:b:
;.<T<
>#>*>
?N?t?
6*6?6O6f6v6
8P9m9
:8:A:L:R:X:
<!<F<]<q<
< =2=
>">e>s>
j0o0~0
0Q1\1
2#2?2a2{2
3>3}3
354F4
>b?r?
0115191=1A1E1I1M1Q1U1Y1
252}2
2F3d3
374L4
4C5I5T5[5n5t5
7&7O7
9;9D9i9w9
: :::H:i:
:&;0;?<
;E;v;
;3<J<
=(>R>y>
6-6H6p6
6j7{7
8%8B8y8
<D<n<
<*>7>
>C?X?e?
3l4s4
515h5
8!8%8)8-8185898=8A8
=_>h>
0I0]0d0m0s0
1U1h1
2\2l2
373h3
3i4n4|4
4G6w6
7f7t7{7
818];};
="=.=6>@>[>s>~>
?-?r?
617s7
8;8Z8r8
9<;p<
=q?x?
3k3v3
3<4v4
5V5f5
5%6f6q6
768B8O8o8
9&:I:%;e;l;
< <0<A<H<u<
<#=J=U=k=v=
=C>L>v>
?9?F?g?
1D1T1[1a1
1%2<2L2
3B3M3T3g3
4%4;4P4a4r4
5-5I5
55677d7o7
8!8'858;8N8T8_8e8k8v8|8{9
:2:D:v:
;*;>;T;w;
<.<=<G<N<
1<1K1l1
1 2_2m2v2
213I3U3l3
6&7g7
7=8n8
9&9J9V9
:5:F:S:`:s:z:
6!6%6)6-616
8!8(838Z8
:';?;H;T;
;B<k<
<$=O=
=7>F>`>
0 0$0(0,0004080<[email protected]%2I2
3P304D4
6e7t9
>&?A?
2:3P3a3s3
717A7H7|8W:v:
;J;e;
<,<k<
=2=_=
>">(>J>
091^1
3.3J3x3
8-8C8Z8
:8:[:
;`;r;
;,<h<
=+><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>
0 1.1y1
2i2~2
2/3D3|3
4<4C4O4V4]4
4*5D7j7
7<8N8_8i8r8x8
=Y>l>
6)7b7
2<3M3
8=8l9
:=;`;w;
< <Q<a<n<~<
=)=8=O=f=
0 0;0
T2`2s2
2W:x:
;';=;
4)4Y4
6-6o6
= >m>
405Y5
5B6I6g6m7}8
:P:V:
;!;2;8;>;N;Z;v;
<<<Y<
<*=0=6=K=~=
0 0e0w0
>=>%?
192O2
2_3v3C4Z4
4L5c5
70868X8^8
;\;h;
=e=p=
>0}0F1
3:4V4
:%:,:3:::A:H:O:V:]:d:w:{:
=l=~=
=8>D>P>]>
?"?)?4?z?
1#1.13191?1M1]1f1o1
2=2I2T2^2d2
3 3&3:3A3
5B5U5`5i5x5
626^6p6w6
8P8g8
>Q>c>m>
>#?p?
435Z5o5
556U6
:0;7;
;/<S<
=0=:=
1[1a172q2
6.646
<N>S>
0-0E0k0+1}1
1B2s2
8+8D8j8x9
>@>h>
?8?e?
050S0^0
1=1p1
2H2q2
2*4'5+5/53575;5?5C5G5K5O5S5W5[5_5c5
; ;$;<;T;\;d;w;
<$<.<5<m=
7W8b8
9(:K;
2 2'2j3
6"717A7q8
8$9I9
>0?6?w?
1=1z1
9]9!:f:
<7<\<m<
='><>_>
:0^0p1
>0>5>V?\?a?
0 0%0/0
3K4V4
5!575j5
6'6Z6
7%7\7
;X<]<
="=v=
2+2I2h2
4%5;5\5f5
868W8_8e8
829X9r9
0b1p1}1
2_3s3j4B5y5
?A?R?
050Q0_0m0
081R1e1
1,222t2
2)3/3
3*4P4k4
4#575
7;7D7
8L8R8
8F9j9
9&:I:g:
;/;I;^;m;
<2<G<]<c<r<
<7=i=$>x>
?*?4?e?s?
0&0L0d0
0*1H1t1
1#2[2b2u2}2
2#3d3
3E4c4
5A5k5
7 7U7
9$9+9X9v9
;f;x;
<P=~=
?&?N?p?
111A1q1
2-2i2
2O3g3w3
3,4k4
5(5Y5q5
5"6L6Y6
9?9~9
;.;x;
< <$<(<,<0<p<
<Q=h=x=
>$>B>a>
?0?D?U?s?y?
0M0^0k0t0
141B1P1k1|1
1$2/2Y2k2
5F5v5
62686h6{6
9(9D9P9
:2:j:
;;;A;];h;
;!<;<
=%=6=C=
>E>r>
?N?Y?u?z?
D0J0o0w0
1/262A2E2I2M2Q2U2Y2]2a2e2i2m2q2u2y2}2
3%343C3n3v3}3
4;4e4
5$505E5O5Z5e5
6F6]6r6
7 707G7Q7z7
8 898D8
:*:7:G:U:m:}:
;[;m;u;
=-=:=B=P=
>!>v>
?4?H?T?g?
050P0v0
0'1R1Y1h1
252J2k2
383G3Z3`3r3}3
4"5B5e5
6V7m7x7
868^8t8
9 :+:
:"<,<D<V<d<j<t<
<)=>=D=J=k=z=
>4>j>x>
?!?=?M?X?
020Y0
2(2B2r2w2
3,3F3d3|3
454<4Z4s4
5L5{5
6+6K6[6
9B9h9
:":?:
;0;8;H;Q;a;q;
<+<6<k<x<
=A>q>
?>?[?m?
$090M0^0
0)1?1J1o1
4#4B4T4a4
8:8F8X8j8t8}8
9A9H9m9q9u9y9}9
;,;\;c;@<S<d<%=)=-=1=5=9===A=E=I=M=Q=U=Y=]=,>9>A>L>o>|>
>A?G?
2b5x5
: :*:Q:t:~:
<-<H<N<T<n<
=6=J=U=
>5>A>_>o>
>p?|?
0)1J1
2=2e2w2
313K3
7D7P7a8m8
0R0m0
1>1v1
1%4*4q4
6H7V7k7q7
;);7;Y;c;p;
<*<@<
<,=z>
>V?b?
0$1B1a1
?1?D?
00<0{0
0'1k1
1S2c2r2
3"4+444<4I4n4
8.9F9Z9
:&:*:.:2:
8+818A8
8%;+;
020E0h0#1
8k9z9
3n4r4v4z4~4
5"5&5*5.52565:5>5B5F5J5N5R5V5Z5^5b5f5j5n5r5v5z5~5
5T7d7i7s7
0"0&0*0.02060:0>0B0F0J0N0R0V0Z0^0?3=5,7|7
7>8{8
:A;S;
1;2H2~2
2a3r3
4=4N4
6$6/6
96:::>:B:F:J:N:R:V:Z:^:b:f:j:n:r:v:z:~:
;";&;*;.;2;6;:;>;B;F;J;N;R;V;Z;^;b;f;j;n;r;v;z;~;
;b<o<
=:=i=
=^>u>
=0G0a0k0u0
1)181G1Z1j1t1
1n2u2
3,3T3^3
4Q5c5
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
<J>Q>
4 4$4(4,4044484<[email protected]\4`4d4h4l4p4t4x4|4
4H8h8d<
091L1R1w1
5%5P5
5#696P6]6i6x6
7D7|7
909B9T9f9t9
:-:?:X:e:m:
;>;S;p;|;
<#<:<n<
<#=-=:=e=|=
=->:>S>l>
2_2j2q2
3O3Z3f3x3~3
4K5X5^5
5.6u6
91<K<
2*3L3Y3i3v3
4)464A4K4V4
5"5&5*5.52565V5Z5^5b5f5j5n5r5v5_8x8#:
3V5H;O;g;t;
0/1`1g1
5-9e9
/33373;3?3C3G3K3O3S3W3[3_3
4#4'4+4/43474;4
868:8>8
:W<}<
>'>D>a>~>
2+222
4t5C6R6E9
3?4Y4a4h4
4g<n<
<"=)=
==?D?
8%:C:M:
=/=9=b>i>
6.666
8#9=9E9L9b:i:
=d>~>
>_?~?
*0F0N0
2!3=3E3L3
7 7(7
1T8n8v8
4"4*4
939;9B9
:2:::A:
=c=}=
9"9&9*9.92969:9>9B9F9J9N9~9
:":&:*:.:^:b:f:j:n:r:v:z:~:
;>;B;F;J;N;R;V;Z;^;b;f;j;n;r;v;z;~;
d8h8l8p8t8x8|8
:0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;
< <$<\<`<d<h<l<p<
<$<,<4<<<\=
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9 9([email protected]`9h9p9x9
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =([email protected]=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?([email protected]?H?P?X?`?h?p?x?
H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<[email protected]\4`4d4h4l4p4t4x4|4
<,<0<4<L<P<
X8\8`8l8p8t8
6l7|7
8 80848<8T8X8\8`8d8h8l8p8t8x8|8
= =$=(=,=0=4=8=<[email protected]=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
? ?$?(?,?L?P?T?X?\?`?d?
L2P2T2X2\2`2d2
4:<:D:H:P:d:l:
; ;@;`;
<(<H<d<h<
=0=<=X=x=
> >@>`>
30:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
<(<,<0<4<P<T<`<
>D>L>T>\>d>l>t>|>
1 1$1(1,1014181<1H1L1P1T1X1\1`1d1l1p1
6 6$6(6,6064686<[email protected]\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<[email protected]\7`7d7h7l7p7t7x7|7
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<[email protected]?D?H?L?P?T?X?\?`?h?
7h;p?t?x?|?
0 0$0p0t0x0|0
jjjjj
G?A?A
mscoree.dll
combase.dll
am/pm
Hja-JP
zh-CN
ko-KR
zh-TW
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
kernel32.dll
R6008
- not enough space for arguments
R6009
- not enough space for environment
R6010
- abort() has been called
R6016
- not enough space for thread data
R6017
- unexpected multithread lock error
R6018
- unexpected heap error
R6019
- unable to open console device
R6024
- not enough space for _onexit/atexit table
R6025
- pure virtual function call
R6026
- not enough space for stdio initialization
R6027
- not enough space for lowio initialization
R6028
- unable to initialize heap
R6030
- CRT not initialized
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6032
- not enough space for locale information
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6034
- inconsistent onexit begin-end variables
DOMAIN error
SING error
TLOSS error
runtime error
HR6002
- floating point support not loaded
Runtime Error!
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
(null)
UTF-8
UTF-16LE
UNICODE
zh-CHS
ar-SA
bg-BG
ca-ES
cs-CZ
da-DK
de-DE
el-GR
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
kok-in
ko-kr
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
((((( H
h(((( H
H
USER32.DLL
CONOUT$
AutoIt v3
>>>AUTOIT NO CMDEXECUTE<<<
CMDLINERAW
CMDLINE
/ErrorStdOut
/AutoIt3OutputDebug
/AutoIt3ExecuteLine
/AutoIt3ExecuteScript
TaskbarCreated
AutoIt
CWM_GETCONTROLNAME
NUMBER
\Include\
Include
Software\AutoIt v3\AutoIt
#include
#pragma compile
#notrayicon
#requireadmin
#OnAutoItStartRegister
#include-once
#comments-start
#comments-end
BACKSPACE
DELETE
ENTER
ESCAPE
INSERT
RIGHT
SPACE
PRINTSCREEN
SCROLLLOCK
NUMLOCK
BREAK
PAUSE
CAPSLOCK
NUMPAD0
NUMPAD1
NUMPAD2
NUMPAD3
NUMPAD4
NUMPAD5
NUMPAD6
NUMPAD7
NUMPAD8
NUMPAD9
NUMPADMULT
NUMPADADD
NUMPADSUB
NUMPADDOT
NUMPADDIV
APPSKEY
LCTRL
RCTRL
LSHIFT
RSHIFT
SLEEP
NUMPADENTER
BROWSER_BACK
BROWSER_FORWARD
BROWSER_REFRESH
BROWSER_STOP
BROWSER_SEARCH
BROWSER_FAVORTIES
BROWSER_HOME
VOLUME_MUTE
VOLUME_DOWN
VOLUME_UP
MEDIA_NEXT
MEDIA_PREV
MEDIA_STOP
MEDIA_PLAY_PAUSE
LAUNCH_MAIL
LAUNCH_MEDIA
LAUNCH_APP1
LAUNCH_APP2
MOUSE_LBUTTON
MOUSE_RBUTTON
MOUSE_MBUTTON
MOUSE_XBUTTON1
MOUSE_XBUTTON2
CTRLDOWN
CTRLUP
ALTDOWN
ALTUP
SHIFTDOWN
SHIFTUP
LWINDOWN
LWINUP
RWINDOWN
RWINUP
Script Paused
[\]^_`
'+,-.
/!-012
789:;<=>?
!!!!!!G
NOPQR!SS!T!U!!!!S!!V!WX!YZ![!!!Z!\]!!^!!!!!!!_!!`!!`!!!!`abbc!!!!!d!
!!!!!!!!!!!!!!!!!!!!!!!!!!!eeeeeeeeefffffffff
ffffffffffff
eeeee
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhihhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhjkjkfljkmmnooo
mmmmml
qqqmrmsstuvuuwuuxyzu{uuu|}m~uu
jkjkjkjkjk
mmmmmmmmm
mmmmmmmm
mmmmm
mmmmmmmmmmm
hhhhhhhhhhh
mmmmmmmmmmmmmm
mmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmm
mmmmm
mmmmmmm
mmmmmmm
mmmmmmmmmmm
mmmmmmmmmmmmmmm
mmmmmmmmmmmmmmm
mmmmmmmm
mmmmmmmmmm
mmmmmm
mmmmmmmmmmmmmm
mmmmmm
mmmmmmm
mmmmmm
mmmmmmmm
mmmmmmm
mmmmmmm
mmmmmmmmmmmmmmm
mmmmmmmm
mmmmmmmm
mmmmmmmmmmmmmmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmm
mmmmmm
mmmmmmmmmmm
mmmmmmmmmmmmmmm
mmmmmmmmmmm
mmmmmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmm
mmmmmm
mmmmmm
mmmmmm
mmmmmmmm
mmmmm
mmmmmmmmmm
mmmmmmmmmmm
mmmmmm
mmmmmm
mmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmhhh
hhhhhhhhhhhhh
hhhhhhh
mmmmmmmmm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ttttt
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeennnnneeeennnnn!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeenhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhmmmmmmmmmmmmmmmmmmmmmhhhh
!!!!!
ttmmtt
lllmmt
meeeeeeeeeeeeemmm
mmmmmmmmmmmmmmmmmmmmmhhhhhhhhhhhhh
hhhhhhhhhhhhmmmmmmmmmmmmmmm
mmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
!!!!!ee
mmmmm
mmmmm
mmmmmmm
mmmmmmmmmmmmmm
mmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmm
fffff
mmmmm
mmmmm
mmmmmmmmmmmm
mmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmm
mmmmmmmmmmmmmmmmmmmm
mmmmmmm
mmmmmmmm
fffffffff
e!!!!!!!!
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmee!
mmmmmm
mmmmmmmm
mmmmmmmmm
mmmmmm
mmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmm
mmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm!!!!!!!mmmmmmmmmmmm
mmmmm
mmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmhhhhhhhhhhhhhhhh
mmmmmmhhhhhhhmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmm
mmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmm
mmmmmmmm
mmmmmmm
mmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmm
mmmmmmm
mmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmm
mmmmmmmmmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmm
mmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmm
hhhhhhhh
hhhhhhh
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmm
mmmmmmmmmmmmmm
mmmmmm
mmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmm
mmmmm
mmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
mmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
SwapMouseButtons
Control Panel\Mouse
0123456789ABCDEF
ELSEIF
ENDIF
WHILE
UNTIL
EXITLOOP
CONTINUELOOP
SELECT
ENDSELECT
SWITCH
ENDSWITCH
CONTINUECASE
REDIM
LOCAL
GLOBAL
CONST
STATIC
ENDFUNC
RETURN
BYREF
ENDWITH
FALSE
DEFAULT
VOLATILE
%.15g
SCRIPT
close all
@EXITCODE
@EXITMETHOD
@GUI_CTRLID
@GUI_WINHANDLE
@GUI_CTRLHANDLE
@TRAY_ID
ADLIBREGISTER
ADLIBUNREGISTER
ASSIGN
AUTOITSETOPTION
AUTOITWINGETTITLE
AUTOITWINSETTITLE
BINARY
BINARYLEN
BINARYMID
BINARYTOSTRING
BITAND
BITNOT
BITOR
BITROTATE
BITSHIFT
BITXOR
BLOCKINPUT
CDTRAY
CEILING
CLIPGET
CLIPPUT
CONSOLEREAD
CONSOLEWRITE
CONSOLEWRITEERROR
CONTROLCLICK
CONTROLCOMMAND
CONTROLDISABLE
CONTROLENABLE
CONTROLFOCUS
CONTROLGETFOCUS
CONTROLGETHANDLE
CONTROLGETPOS
CONTROLGETTEXT
CONTROLHIDE
CONTROLLISTVIEW
CONTROLMOVE
CONTROLSEND
CONTROLSETTEXT
CONTROLSHOW
CONTROLTREEVIEW
DIRCOPY
DIRCREATE
DIRGETSIZE
DIRMOVE
DIRREMOVE
DLLCALL
DLLCALLADDRESS
DLLCALLBACKFREE
DLLCALLBACKGETPTR
DLLCALLBACKREGISTER
DLLCLOSE
DLLOPEN
DLLSTRUCTCREATE
DLLSTRUCTGETDATA
DLLSTRUCTGETPTR
DLLSTRUCTGETSIZE
DLLSTRUCTSETDATA
DRIVEGETDRIVE
DRIVEGETFILESYSTEM
DRIVEGETLABEL
DRIVEGETSERIAL
DRIVEGETTYPE
DRIVEMAPADD
DRIVEMAPDEL
DRIVEMAPGET
DRIVESETLABEL
DRIVESPACEFREE
DRIVESPACETOTAL
DRIVESTATUS
DUMMYSPEEDTEST
ENVGET
ENVSET
ENVUPDATE
EXECUTE
FILECHANGEDIR
FILECLOSE
FILECOPY
FILECREATENTFSLINK
FILECREATESHORTCUT
FILEDELETE
FILEEXISTS
FILEFINDFIRSTFILE
FILEFINDNEXTFILE
FILEFLUSH
FILEGETATTRIB
FILEGETENCODING
FILEGETLONGNAME
FILEGETPOS
FILEGETSHORTCUT
FILEGETSHORTNAME
FILEGETSIZE
FILEGETTIME
FILEGETVERSION
FILEINSTALL
FILEMOVE
FILEOPEN
FILEOPENDIALOG
FILEREAD
FILEREADLINE
FILEREADTOARRAY
FILERECYCLE
FILERECYCLEEMPTY
FILESAVEDIALOG
FILESELECTFOLDER
FILESETATTRIB
FILESETPOS
FILESETTIME
FILEWRITE
FILEWRITELINE
FLOOR
FTPSETPROXY
FUNCNAME
GUICREATE
GUICTRLCREATEAVI
GUICTRLCREATEBUTTON
GUICTRLCREATECHECKBOX
GUICTRLCREATECOMBO
GUICTRLCREATECONTEXTMENU
GUICTRLCREATEDATE
GUICTRLCREATEDUMMY
GUICTRLCREATEEDIT
GUICTRLCREATEGRAPHIC
GUICTRLCREATEGROUP
GUICTRLCREATEICON
GUICTRLCREATEINPUT
GUICTRLCREATELABEL
GUICTRLCREATELIST
GUICTRLCREATELISTVIEW
GUICTRLCREATELISTVIEWITEM
GUICTRLCREATEMENU
GUICTRLCREATEMENUITEM
GUICTRLCREATEMONTHCAL
GUICTRLCREATEOBJ
GUICTRLCREATEPIC
GUICTRLCREATEPROGRESS
GUICTRLCREATERADIO
GUICTRLCREATESLIDER
GUICTRLCREATETAB
GUICTRLCREATETABITEM
GUICTRLCREATETREEVIEW
GUICTRLCREATETREEVIEWITEM
GUICTRLCREATEUPDOWN
GUICTRLDELETE
GUICTRLGETHANDLE
GUICTRLGETSTATE
GUICTRLREAD
GUICTRLRECVMSG
GUICTRLREGISTERLISTVIEWSORT
GUICTRLSENDMSG
GUICTRLSENDTODUMMY
GUICTRLSETBKCOLOR
GUICTRLSETCOLOR
GUICTRLSETCURSOR
GUICTRLSETDATA
GUICTRLSETDEFBKCOLOR
GUICTRLSETDEFCOLOR
GUICTRLSETFONT
GUICTRLSETGRAPHIC
GUICTRLSETIMAGE
GUICTRLSETLIMIT
GUICTRLSETONEVENT
GUICTRLSETPOS
GUICTRLSETRESIZING
GUICTRLSETSTATE
GUICTRLSETSTYLE
GUICTRLSETTIP
GUIDELETE
GUIGETCURSORINFO
GUIGETMSG
GUIGETSTYLE
GUIREGISTERMSG
GUISETACCELERATORS
GUISETBKCOLOR
GUISETCOORD
GUISETCURSOR
GUISETFONT
GUISETHELP
GUISETICON
GUISETONEVENT
GUISETSTATE
GUISETSTYLE
GUISTARTGROUP
GUISWITCH
HOTKEYSET
HTTPSETPROXY
HTTPSETUSERAGENT
INETCLOSE
INETGET
INETGETINFO
INETGETSIZE
INETREAD
INIDELETE
INIREAD
INIREADSECTION
INIREADSECTIONNAMES
INIRENAMESECTION
INIWRITE
INIWRITESECTION
INPUTBOX
ISADMIN
ISARRAY
ISBINARY
ISBOOL
ISDECLARED
ISDLLSTRUCT
ISFLOAT
ISFUNC
ISHWND
ISINT
ISKEYWORD
ISNUMBER
ISOBJ
ISPTR
ISSTRING
ISTABLE
MEMGETSTATS
MOUSECLICK
MOUSECLICKDRAG
MOUSEDOWN
MOUSEGETCURSOR
MOUSEGETPOS
MOUSEMOVE
MOUSEUP
MOUSEWHEEL
MSGBOX
OBJCREATE
OBJCREATEINTERFACE
OBJEVENT
OBJGET
OBJNAME
ONAUTOITEXITREGISTER
ONAUTOITEXITUNREGISTER
PIXELCHECKSUM
PIXELGETCOLOR
PIXELSEARCH
PROCESSCLOSE
PROCESSEXISTS
PROCESSGETSTATS
PROCESSLIST
PROCESSSETPRIORITY
PROCESSWAIT
PROCESSWAITCLOSE
PROGRESSOFF
PROGRESSON
PROGRESSSET
RANDOM
REGDELETE
REGENUMKEY
REGENUMVAL
REGREAD
REGWRITE
ROUND
RUNAS
RUNASWAIT
RUNWAIT
SENDKEEPACTIVE
SETERROR
SETEXTENDED
SHELLEXECUTE
SHELLEXECUTEWAIT
SHUTDOWN
SOUNDPLAY
SOUNDSETWAVEVOLUME
SPLASHIMAGEON
SPLASHOFF
SPLASHTEXTON
SRANDOM
STATUSBARGETTEXT
STDERRREAD
STDINWRITE
STDIOCLOSE
STDOUTREAD
STRING
STRINGADDCR
STRINGCOMPARE
STRINGFORMAT
STRINGFROMASCIIARRAY
STRINGINSTR
STRINGISALNUM
STRINGISALPHA
STRINGISASCII
STRINGISDIGIT
STRINGISFLOAT
STRINGISINT
STRINGISLOWER
STRINGISSPACE
STRINGISUPPER
STRINGISXDIGIT
STRINGLEFT
STRINGLEN
STRINGLOWER
STRINGMID
STRINGREGEXP
STRINGREGEXPREPLACE
STRINGREPLACE
STRINGREVERSE
STRINGRIGHT
STRINGSPLIT
STRINGSTRIPCR
STRINGSTRIPWS
STRINGTOASCIIARRAY
STRINGTOBINARY
STRINGTRIMLEFT
STRINGTRIMRIGHT
STRINGUPPER
TCPACCEPT
TCPCLOSESOCKET
TCPCONNECT
TCPLISTEN
TCPNAMETOIP
TCPRECV
TCPSEND
TCPSHUTDOWN
TCPSTARTUP
TIMERDIFF
TIMERINIT
TOOLTIP
TRAYCREATEITEM
TRAYCREATEMENU
TRAYGETMSG
TRAYITEMDELETE
TRAYITEMGETHANDLE
TRAYITEMGETSTATE
TRAYITEMGETTEXT
TRAYITEMSETONEVENT
TRAYITEMSETSTATE
TRAYITEMSETTEXT
TRAYSETCLICK
TRAYSETICON
TRAYSETONEVENT
TRAYSETPAUSEICON
TRAYSETSTATE
TRAYSETTOOLTIP
TRAYTIP
UBOUND
UDPBIND
UDPCLOSESOCKET
UDPOPEN
UDPRECV
UDPSEND
UDPSHUTDOWN
UDPSTARTUP
VARGETTYPE
WINACTIVATE
WINACTIVE
WINCLOSE
WINEXISTS
WINFLASH
WINGETCARETPOS
WINGETCLASSLIST
WINGETCLIENTSIZE
WINGETHANDLE
WINGETPOS
WINGETPROCESS
WINGETSTATE
WINGETTEXT
WINGETTITLE
WINKILL
WINLIST
WINMENUSELECTITEM
WINMINIMIZEALL
WINMINIMIZEALLUNDO
WINMOVE
WINSETONTOP
WINSETSTATE
WINSETTITLE
WINSETTRANS
WINWAIT
WINWAITACTIVE
WINWAITCLOSE
WINWAITNOTACTIVE
Cstatic
CaretCoordMode
d1r0,2
ExpandEnvStrings
ExpandVarStrings
GUICloseOnESC
GUICoordMode
GUIDataSeparatorChar
d124c
GUIEventOptions
d0r0,3
GUIOnEventMode
GUIResizeMode
d0r0,1023
MouseClickDelay
d10m0
MouseClickDownDelay
MouseClickDragDelay
d250m0
MouseCoordMode
MustDeclareVars
PixelCoordMode
SendAttachMode
SendCapsLockMode
SendKeyDelay
SendKeyDownDelay
SetExitCode
TCPTimeout
d100m0
TrayAutoPause
TrayIconDebug
TrayIconHide
TrayMenuMode
TrayOnEventMode
WinDetectHiddenText
WinSearchChildren
WinTextMatchMode
d1r1,2
WinTitleMatchMode
WinWaitDelay
ERROR
EXTENDED
PROGRAMFILESDIR
COMMONFILESDIR
MYDOCUMENTSDIR
APPDATACOMMONDIR
DESKTOPCOMMONDIR
DOCUMENTSCOMMONDIR
FAVORITESCOMMONDIR
PROGRAMSCOMMONDIR
STARTMENUCOMMONDIR
STARTUPCOMMONDIR
LOCALAPPDATADIR
APPDATADIR
DESKTOPDIR
FAVORITESDIR
PROGRAMSDIR
STARTMENUDIR
STARTUPDIR
COMPUTERNAME
WINDOWSDIR
SYSTEMDIR
SW_HIDE
SW_MINIMIZE
SW_MAXIMIZE
SW_RESTORE
SW_SHOW
SW_SHOWDEFAULT
SW_ENABLE
SW_DISABLE
SW_SHOWMAXIMIZED
SW_SHOWMINIMIZED
SW_SHOWMINNOACTIVE
SW_SHOWNA
SW_SHOWNOACTIVATE
SW_SHOWNORMAL
SW_LOCK
SW_UNLOCK
TRAYICONVISIBLE
TRAYICONFLASHING
SCRIPTFULLPATH
SCRIPTNAME
SCRIPTDIR
SCRIPTLINENUMBER
WORKINGDIR
OSTYPE
OSVERSION
OSBUILD
OSSERVICEPACK
OSLANG
PROCESSORARCH
OSARCH
CPUARCH
KBLAYOUT
AUTOITVERSION
AUTOITEXE
IPADDRESS1
IPADDRESS2
IPADDRESS3
IPADDRESS4
DESKTOPWIDTH
DESKTOPHEIGHT
DESKTOPDEPTH
DESKTOPREFRESH
COMPILED
COMSPEC
USERNAME
TEMPDIR
USERPROFILEDIR
HOMEDRIVE
HOMEPATH
HOMESHARE
LOGONSERVER
LOGONDOMAIN
LOGONDNSDOMAIN
INETGETBYTESREAD
INETGETACTIVE
NUMPARAMS
HOTKEYPRESSED
AUTOITPID
AUTOITUNICODE
AUTOITX64
UNICODE
MUILANG
\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
AutoIt v3 GUI
SOFTWARE\Classes\
\CLSID
\IPC$
runas
Error allocating memory.
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
SeBackupPrivilege
SeRestorePrivilege
winsta0
default
winsta0\default
ComboBox
ListBox
SHELLDLL_DefView
largeicons
details
smallicons
CLASS
CLASSNN
REGEXPCLASS
INSTANCE
[LAST
ACTIVE
[ACTIVE
HANDLE=
[HANDLE:
REGEXP=
[REGEXPTITLE:
CLASSNAME=
[CLASS:
HANDLE
REGEXPTITLE
TITLE
ThumbnailClass
AutoIt3GUI
Container
WINDESCRIPTION
DESCRIPTION
SOURCE
HELPFILE
HELPCONTEXT
LASTDLLERROR
SCRIPTLINE
RETCODE
RAISE
CLEAR
Dcdecl
boolean
short
ushort
dword
ulong
variant
int64
uint64
float
double
hresult
handle
int_ptr
long_ptr
lresult
lparam
uint_ptr
ulong_ptr
dword_ptr
wparam
idispatch
object
struct
clsid
InterfaceDispatch
QueryInterface
AddRef
Release
%s (%d) : ==> %s.:
Line %d:
Line %d (File "%s"):
Error:
^ ERROR
Error:
%s (%d) : ==> %s:
Run Script:
AutoIt script files (*.au3, *.a3x)
*.au3;*.a3x
All files (*.*)
#include depth exceeded. Make sure there are no recursive includes
Error opening the file
>>>AUTOIT SCRIPT<<<
Bad directive syntax error
Unterminated string
Cannot parse #include
Unterminated group of comments
Shell_TrayWnd
REMOVE
blank
question
warning
Line:
BUTTON
#32770
StringFileInfo\
\VarFileInfo\Translation
04090000
DefaultLangCodepage
%u.%u.%u.%u
0.0.0.0
open
alias PlayMe
status PlayMe mode
close PlayMe
play PlayMe wait
play PlayMe
SeShutdownPrivilege
MIDDLE
PRIMARY
SECONDARY
D0x%p
False
%4d%02d%02d%02d%02d%02d
Default
"%s" (%d) : ==> %s:
"%s" (%d) : ==> %s:
^ ERROR
cdrom
removable
fixed
network
ramdisk
unknown
close
closed
type cdaudio alias cd wait
set cd door
wait
close cd wait
PhysicalDrive
Removable
Fixed
Network
CDROM
RAMDisk
Unknown
ATAPI
Fibre
iSCSI
Virtual
FileBackedVirtual
READY
INVALID
NOTREADY
READONLY
UNKNOWN
\??\%s
GUI_RUNDEFMSG
<local>
EEnvironment
DISPLAY
msctls_progress32
AUTOITCALLVARIABLE%d
^[A-Z\d_]+$
255.255.255.255
Int32
Int64
Double
String
Array
DLLStruct
Reference
Object
Keyword
Binary
Function
UserFunction
Table
NULL Pointer assignment
Incorrect Parameter format
AUTOIT.ERROR
_NewEnum
get__NewEnum
Null Object assignment in FOR..IN loop
Incorrect Object type in FOR..IN loop
Not an Object type
Failed to create object
Invalid parameter
CALLARGARRAY
Variable must be of type 'Object'.
Invalid characters behind Object assignment!
Variable is not of type 'Object'.
Incorrect parameters to object property !
WIN32_NT
WIN_81
WIN_2012R2
WIN_2012
WIN_8
WIN_2008R2
WIN_7
WIN_2008
WIN_VISTA
WIN_2003
WIN_XPe
WIN_XP
InstallLanguage
SYSTEM\CurrentControlSet\Control\Nls\Language
SchemeLangID
Control Panel\Appearance
3, 3, 12, 0
USERPROFILE
USERDOMAIN
USERDNSDOMAIN
SeDebugPrivilege
winapi
stdcall
ubyte
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_USERS
REG_EXPAND_SZ
REG_SZ
REG_MULTI_SZ
REG_DWORD
REG_QWORD
REG_BINARY
(*UCP)\X
ISVISIBLE
ISENABLED
TABLEFT
TABRIGHT
CURRENTTAB
SHOWDROPDOWN
HIDEDROPDOWN
ADDSTRING
DELSTRING
FINDSTRING
SETCURRENTSELECTION
GETCURRENTSELECTION
SELECTSTRING
ISCHECKED
CHECK
UNCHECK
GETSELECTED
GETLINECOUNT
GETCURRENTLINE
GETCURRENTCOL
EDITPASTE
GETLINE
SENDCOMMANDID
GETITEMCOUNT
GETSUBITEMCOUNT
GETTEXT
GETSELECTEDCOUNT
ISSELECTED
SELECTALL
SELECTCLEAR
SELECTINVERT
DESELECT
FINDITEM
VIEWCHANGE
GETTOTALCOUNT
COLLAPSE
EXISTS
EXPAND
msctls_statusbar321
tooltips_class32
%d/%02d/%02d
button
Combobox
Listbox
SysDateTimePick32
SysMonthCal32
Msctls_Progress32
msctls_trackbar32
SysAnimate32
msctls_updown32
SysTabControl32
SysTreeView32
SysListView32
-----
@GUI_DRAGID
@GUI_DROPID
@GUI_DRAGFILE
\P{L}
\P{Xan}
\b(?=\w)
\p{Xps}
\P{Xps}
\P{Xwd}
\p{L}
\p{Xsp}
\p{Xwd}
\P{Xsp}
\p{Xan}
\b(?<=\w)
\P{Lu}
\P{Nd}
\p{Nd}
\P{Ll}
\p{Lu}
\p{Ll}
align
struct
endstruct
ubyte
boolean
wchar
short
ushort
dword
ulong
int64
uint64
handle
float
double
int_ptr
uint_ptr
long_ptr
ulong_ptr
dword_ptr
lresult
lparam
wparam
SCRIPT
Context1
Script &Paused
E&xit
(Paused)
AutoIt Error
AutoIt has detected the stack has become corrupt.
Stack corruption typically occurs when either the wrong calling convention is used or when the function is called with the wrong number of arguments.
AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
"EndWith" missing "With".!Badly formatted "Func" statement.
"With" missing "EndWith".(Missing right bracket ')' in expression.
Missing operator in expression."Unbalanced brackets in expression.
Error in expression.
Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.#Variable subscript badly formatted.*Subscript used on non-accessible variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.
0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
Array maximum size exceeded.+"Func" statement has no matching "EndFunc".
Duplicate function name.
Unknown function name.
Unknown macro.
*Unable to get a list of running processes.
Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" [email protected]"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.
Badly formated Enum statement
3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement.+"If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.
Can not redeclare a constant.5Can not redeclare a parameter inside a user function.HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
Assert Failed!
Obsolete function/parameter.4Invalid Exitcode (reserved for AutoIt internal use).+Variable cannot be accessed in this manner.
Func reassign not allowed.*Func reassign on global level not allowed.
Unable to parse line.
Unable to open the script file.
String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.
VS_VERSION_INFO
StringFileInfo
040904b0
FileDescription
ndadmin
OriginalFilename
WFS.exe
CompanyName
AppVStreamingUX
LegalCopyright
BitLockerCsp
ProductName
CallButtons.ProxyStub
ProductVersion
827, 892, 926, 795
VarFileInfo
Translation

Full Results

Engine Signature Engine Signature Engine Signature
Bkav Clean MicroWorld-eScan Clean FireEye Generic.mg.4d6dc2778ab1f2bb
CAT-QuickHeal Trojan.Zapchast.C5 McAfee Trojan-AitInject.aq Cylance Clean
Zillya Clean SUPERAntiSpyware Clean Sangfor Clean
K7AntiVirus Clean Alibaba Trojan:Win32/Predator.37f633f3 K7GW Clean
Cybereason malicious.cd4c4f Arcabit Clean Invincea heuristic
BitDefenderTheta Clean F-Prot Clean Symantec AUT.Heuristic!gen5
TotalDefense Clean Baidu Clean APEX Malicious
Paloalto generic.ml ClamAV Clean Kaspersky HEUR:Trojan.Script.Generic
BitDefender Clean NANO-Antivirus Clean ViRobot Clean
Rising Trojan.Obfus/Autoit!1.C045 (CLASSIC) Ad-Aware Clean Sophos Clean
Comodo Clean F-Secure Clean DrWeb Clean
VIPRE Clean TrendMicro Clean McAfee-GW-Edition BehavesLike.Win32.TrojanAitInject.tc
Fortinet AutoIt/Injector.FIC!tr Trapmine Clean CMC Clean
Emsisoft Clean SentinelOne Clean Cyren W32/AutoIt.OM.gen!Eldorado
Jiangmin Clean Webroot Clean Avira Clean
MAX Clean Antiy-AVL Clean Kingsoft Clean
Endgame malicious (high confidence) Microsoft Trojan:Win32/Wacatac.C!ml AegisLab Clean
ZoneAlarm HEUR:Trojan.Script.Generic Avast-Mobile Clean AhnLab-V3 Clean
Acronis Clean VBA32 Clean ALYac Clean
TACHYON Clean Malwarebytes Trojan.MalPack.AutoIt Panda Clean
Zoner Clean ESET-NOD32 a variant of Win32/Injector.Autoit.FIO TrendMicro-HouseCall Clean
Tencent Clean Yandex Clean Ikarus Trojan-Spy.Keylogger.AgentTesla
eGambit Unsafe.AI_Score_83% GData Clean MaxSecure Trojan.Malware.300983.susgen
AVG Clean Avast Clean CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 HEUR/QVM10.1.B441.Malware.Gen
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.1.7 55169 1.1.1.1 53
192.168.1.7 56221 1.1.1.1 53
192.168.1.7 57251 1.1.1.1 53
192.168.1.7 62371 1.1.1.1 53
192.168.1.7 65119 1.1.1.1 53
192.168.1.7 137 192.168.1.255 137
192.168.1.7 55169 8.8.8.8 53
192.168.1.7 56221 8.8.8.8 53
192.168.1.7 57251 8.8.8.8 53
192.168.1.7 62371 8.8.8.8 53
192.168.1.7 65119 8.8.8.8 53

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
Defense Evasion Credential Access Collection Discovery Privilege Escalation Persistence
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1055 - Process Injection
    • Signature - InjectionInterProcess
  • T1045 - Software Packing
    • Signature - packer_entropy