Analysis Report · CAPE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Options	Log(s)
FILE	exe	2025-06-11 00:35:24	2025-06-11 01:06:42	1878 seconds	Show Options	Show Analysis Log

procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1

2024-11-25 13:37:15,053 [root] INFO: Date set to: 20250610T19:49:49, timeout set to: 1800
2025-06-10 20:49:49,039 [root] DEBUG: Starting analyzer from: C:\tmpjeo7jmad
2025-06-10 20:49:49,039 [root] DEBUG: Storing results at: C:\PEzIRr
2025-06-10 20:49:49,039 [root] DEBUG: Pipe server name: \\.\PIPE\VpMOLa
2025-06-10 20:49:49,039 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32
2025-06-10 20:49:49,039 [root] INFO: analysis running as an admin
2025-06-10 20:49:49,039 [root] INFO: analysis package specified: "exe"
2025-06-10 20:49:49,039 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2025-06-10 20:49:50,086 [root] DEBUG: imported analysis package "exe"
2025-06-10 20:49:50,086 [root] DEBUG: initializing analysis package "exe"...
2025-06-10 20:49:50,102 [lib.common.common] INFO: wrapping
2025-06-10 20:49:50,102 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation
2025-06-10 20:49:50,102 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\AntRenamerPortable_2.exe
2025-06-10 20:49:50,102 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2025-06-10 20:49:50,102 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2025-06-10 20:49:50,102 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2025-06-10 20:49:50,102 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2025-06-10 20:49:50,399 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-06-10 20:49:50,430 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2025-06-10 20:49:50,461 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-06-10 20:49:50,476 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-06-10 20:49:50,492 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-06-10 20:49:50,492 [lib.api.screenshot] ERROR: No module named 'PIL'
2025-06-10 20:49:50,492 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-06-10 20:49:50,492 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-06-10 20:49:50,492 [root] DEBUG: Initialized auxiliary module "Browser"
2025-06-10 20:49:50,492 [root] DEBUG: attempting to configure 'Browser' from data
2025-06-10 20:49:50,492 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-06-10 20:49:50,492 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-06-10 20:49:50,492 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-06-10 20:49:50,492 [root] DEBUG: Initialized auxiliary module "DigiSig"
2025-06-10 20:49:50,492 [root] DEBUG: attempting to configure 'DigiSig' from data
2025-06-10 20:49:50,492 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2025-06-10 20:49:50,492 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2025-06-10 20:49:50,492 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2025-06-10 20:50:12,914 [modules.auxiliary.digisig] DEBUG: File has a valid signature
2025-06-10 20:50:12,914 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2025-06-10 20:50:12,914 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2025-06-10 20:50:12,914 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-06-10 20:50:12,914 [root] DEBUG: attempting to configure 'Disguise' from data
2025-06-10 20:50:12,914 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-06-10 20:50:12,914 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-06-10 20:50:12,914 [modules.auxiliary.disguise] INFO: Disguising GUID to 36738bfe-e135-459f-8cc7-631c1501d06a
2025-06-10 20:50:12,914 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-06-10 20:50:12,914 [root] DEBUG: Initialized auxiliary module "Human"
2025-06-10 20:50:12,914 [root] DEBUG: attempting to configure 'Human' from data
2025-06-10 20:50:12,914 [root] DEBUG: module Human does not support data configuration, ignoring
2025-06-10 20:50:12,914 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-06-10 20:50:12,930 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-06-10 20:50:12,930 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-06-10 20:50:12,930 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-06-10 20:50:12,930 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-06-10 20:50:12,930 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-06-10 20:50:12,930 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2025-06-10 20:50:12,930 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-06-10 20:50:12,930 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-06-10 20:50:12,930 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-06-10 20:50:12,930 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-06-10 20:50:12,930 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-06-10 20:50:12,930 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696
2025-06-10 20:50:12,977 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmpjeo7jmad\dll\696.ini
2025-06-10 20:50:12,977 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2025-06-10 20:50:12,977 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2025-06-10 20:50:12,977 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor
2025-06-10 20:50:12,977 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor
2025-06-10 20:50:12,977 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor
2025-06-10 20:50:12,977 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-06-10 20:50:12,977 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpjeo7jmad\dll\fUnvMQup.dll, loader C:\tmpjeo7jmad\bin\fRhCbLSf.exe
2025-06-10 20:50:13,023 [root] DEBUG: Loader: IAT patching disabled.
2025-06-10 20:50:13,023 [root] DEBUG: Loader: Injecting process 696 with C:\tmpjeo7jmad\dll\fUnvMQup.dll.
2025-06-10 20:50:13,180 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'.
2025-06-10 20:50:13,180 [root] INFO: Disabling sleep skipping.
2025-06-10 20:50:13,180 [root] DEBUG: 696: Full process memory dumps enabled.
2025-06-10 20:50:13,180 [root] DEBUG: 696: Import reconstruction of process dumps enabled.
2025-06-10 20:50:13,180 [root] DEBUG: 696: Active unpacking of payloads enabled
2025-06-10 20:50:13,180 [root] DEBUG: 696: CAPE debug - unrecognised key norefer.
2025-06-10 20:50:13,180 [root] DEBUG: 696: TLS secret dump mode enabled.
2025-06-10 20:50:13,180 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542
2025-06-10 20:50:13,196 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable
2025-06-10 20:50:13,196 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0
2025-06-10 20:50:13,196 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF822E30000, thread 2272, image base 0x00007FF60D500000, stack from 0x0000008EFAA74000-0x0000008EFAA80000
2025-06-10 20:50:13,196 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe
2025-06-10 20:50:13,211 [root] DEBUG: 696: Hooked 5 out of 5 functions
2025-06-10 20:50:13,227 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-06-10 20:50:13,227 [root] DEBUG: Successfully injected DLL C:\tmpjeo7jmad\dll\fUnvMQup.dll.
2025-06-10 20:50:13,227 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe>
2025-06-10  <truncated>

Machine

Name	Label	Manager	Started On	Shutdown On	Route
win10-2	win10-2	KVM	2025-06-11 00:35:24	2025-06-11 01:06:20	none

File Details

File Name	AntRenamerPortable_2.exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
File Size	1382672 bytes
MD5	02e1d059e44be8872e0fa8f237ce6be6
SHA1	34bdfed1b70fb0c221cc12bd5f2ab340eb367b40
SHA256	648b4ffd8dbf9b5ee9a7273d4c17e958061ca9fbe46cadfb9db7ad580d9157e3 [VT] [MWDB] [Bazaar]
SHA3-384	5b03bf81d3ede2532cca9548248f10297476196c2e3f26babae1ff0e9f9018b027953fb02b6f135d57b821b9c087c93e
CRC32	2232F6EE
TLSH	T130552351A7E4D095E0E25BB166BA6B632A3278149E31580BF318FF5FBE70B04DD0874B
Ssdeep	24576:dg9DGaoU+GF9svjgu8EicfecECetBpCbN2QUMkzYNNQynwEBu0HQ:m9hxivjHN+pCbHSY4P2uD
PE	File Strings BinGraph Vba2Graph VirusTotal

-N|xJ|

>[jr?

/,L-V

THy[3

@.data

#dN>#

(>o'Ci

IsDlgButtonChecked

&5I,a

D(G\*

5R^b/

_RV3dn

*-7H;

ue8x)BKaa

D{{9~

pig)^

Htn!j

G\j@UP

ic!>ZG

^tD1/

Oj)~i

!q]PV

=XlW ) =2sh

c;|k{

SLc3Yh

<XT;&.

K#pz95#<

YGC*Z

lQIFOW

DG}z*

d"{}R

*,Va37o

8 K6E-

*]3_q

Lz?`j

R)VD|y

zpm:*h^?

kt:I8

DH?t"

QPCjr

GetTTFNameString

(_sPR

CreateBrushIndirect

rSF'D

&*|@2

=|a99

|CRd_

9-g+[

>*wY

DEu.(

nqOp(

y:_:B%%

HU3lA

Y*L)o8

.%TXY&

EVB:l

Error registering DLL: Could not initialize OLE

|/d`+

^[S+p^

=0=f=w=

>r1.p

4bs}w@\

ixu(w

|q]?@s

Nk*(1o

D$4+D$,P

?os(!;

>GpT8

]n?4d

ZV:IAH

ROgJf&

L<nY:

n7F[~h

r*CU(

\i3djM

oC!5XQ

%u.%u%s%s

4s:g|@

LoadLibraryW

'it1I

'*:.[

T0/~Aw

SL^xZ[9

# 1C<

AF>Ni

:*nMJ

C*RW*@

J&^j-

*rP?%

?if+H

V ucaAYK

s >I6%

2X~#9

y&cbY

<SG1:

^[Dy+

6,f2,,!

!U/(nZq

I@0#Q

S-Qh;

5G3Zs

'|!Kl

.;uM^x

:QThO

gkZ[M

[5l`ZJ

YO|Ec

'#D=%=

aw!Se

wdah#b

@:(kW.

;>OWX

\M@j

jz)pp

]0k.h

)TbRP

)e!#+

1$`@n

Elax?

bn#_U

@vP(

zDmJN

|`DRHq

~u S~a

P1!I|L

"[|WH

nVMl~\

WriteRegStr: "%s\%s" "%s"="%s"

p>X6Q_;

0"r6B

Funy~.

)MZD'

=>W}"

@/E\Y

;L;V;b;w;|;

$fKRm

gL4kOck

%s=%s

_<l!?F

`lD<R

y?Y}`/

\Temp

Xlh[7

CompareFileTime

9K9lq

Rename on reboot: %s

B%nX{

.3VaU%

)}j$}]

+ne}}Q

http://ocsp.usertrust.com0

y:@%!

2+`@h~

cL(/y

P7hd0

,qhL1

q"f3i

DKP:Oj

snf=v

pB[pF

4!hBJ

Vh-K'

x*)N]

fhY~u

+Jfd~}

6k9/{

Vtl~].

v~Qd*9

BWf2S

mXPia

C_H@U

{#4_fv

GO^78D

.>,xNo

t{|}~

UgukZz

Tyo7n YC

+,z7#M

/F_ 9d"R

ueRank

M;M$Dkh

FV\{(H

~OKP>

2V;_]

e, F?

[5n\E

c35Oy

#`c={

lstrcpyA

(hi/Y

?]Hio<

fav9V

logging set to %d

b9d q%

}ddR^

AdjustTokenPrivileges

>+*Es

plDe`

b0@}&ne

`flV\q

c*igkq

MG>BJI]

q.6ng

ygsC2

(!?$E

5NS?B'o

Vd}w.

G]n#?u

5Z]-K

${)*p

y^J#c

baKt?=

p,uze

Q.$h}+

qJoTm

{bIHJ.

":[<4

,V-$ k

%96>_&

;+<P<w<

hJ8Mr[

Rbp")

yBKuJ9

-03=-NA

W)]f>{L

ADc?`Dgr

Gx%:+gW

;_!]WE

Auj )l

llv1G

^e<_?

6$#S2,

q5hVL

^zp<`

xmlstQ

UVYD.$wj

F*/G0

P:*Rz

#2&$e

aYS1b

EC6*_

+AMXT

K;l:{

D/!w@

XSYVIn

H/|EeLT\

r+m}`U

I',CQ

GGg]OQ{

LDVN$

\eml^

h##yUs;

4~sa_

[IfHoKj!

D&zAw

kvBXK

UQIj4Y

zHwaE

S.6<d8K%

?xT0S

_;G,Vo

qz$R2

w 2R

iSuXQ

GetModuleHandleA

RMDir: "%s"

gz(/)

k3{I"

jA&#XBtrd!q*

OkD c

dl+96

m2dQ2

! LWa

e:01oNF

-)Uh)Ul3

bucl4

T&y|6Q

,sU+r

c]#12tPaS

L/v iDE

.rsrc

"'f/EH

<3<S<X<c<k<w<~<

p|svY

"#H%}oT

#;{|.

-~:=I

d7H.T

ZyI),

x<@}&

X53/`:

h'hDm

U4rl+

UKSsc

0B>i#R

lXgNW

QHSS}

wS|'}[

]mB[4

CRF[>b/v>N

"6Fty

GJcrz

v)S?P5

qVV?d

p.$mP

V5x!4R

<D6#:

GetFullPathNameW

Znu6WJ

15-.HE

{HetD

P%_{fP

LUW2=Nr

7-K1"1

%G#1e

D"FL<P

XNbq&

j(BEt?

oQ2vL

97uyfA

D"QA2

H$yvO

b (}{

Wv3tA

CcVU"

\ 26p

a[t8+H

\ CmG}

f-)L|v

?c'{V

V}g|p

QIKtf

&YvO)

RegEnumValueW

oJ6Cg3

SeShutdownPrivilege

lN[+XH

DV8-R

iK^%AvI

6z0U~

s,99}Y

.5{8a

8"_9q

g#l|C

?A8JVF

c5)BW

NSIS Error

".cZS

EUAl"

Im6>F

9E9V9

CreateDirectory: can't create "%s" - a file already exists

T$1k_

.ODO80a

x]15vz

fNd15

rn.o~

.text

r$g!$1

(0Kb`

d*z&4

`*sUH

z,>2~>T&

HQASi

/q^C2

aYNde^RgHB6

OvVrI

Sy(4?p

vhLq1

rHsB9

&V*{9]

}r_L5

}CGmv\

$%('U

oJK+ F

XTSa{b

.z1lT6t

C?a?4

o[UtN

e|SFS8

DI(W5

AcV3y

s]cs<\

9~5.k

g[3G?

y]OOk}

J1E$*

^j\PN

WriteReg: error writing into "%s\%s" "%s"

m+Bgh

M-iOO

a <EQo

v'f"D

cK`A

S.;Wh

3lrh]

E0C0A

}C(Lc;+

p3S<u

s}J77

y"yDM

3'Z,,

uB/f>%

f3>/L$

+Symantec Time Stamping Services Signer - G40

{`/a)K^#

vZ<H_

D?<JSRj

j/d/F`

;!;';-;N;W;n;

E8X6U

`Gj\`

d{(|WF^

68WUC

{uX-Z

ysjG[

&B^o8

DD1qgV!9

Nk+yiFV

RMeI%;e

_x)bS

?V$+h

_>fUQ_i?

z-U*b

UkBL#

PVodw

']PW&a

I.I)dg{N

r32eV

uV}Dw

o)HJbkv

!@Z)e

(`fwu

DeleteObject

\=+;u!wu

<MV2G

EmptyClipboard

@\{lBl

>fK{5

*o=^a

>zlh5

@kKaZ

aGa!$

ZQ:^x

-My5Y2

Az_-_-R

91Li>c

N}%I|:

O(fym

oUT1KBTa

@,nH<

w]Jx.?

RG !/E

*U$V9

l~aA8

N8>RogP!

c`xS0

pj_tW

{C$2Y

y8DYx

)~RUe

bbBUN

lc!.uKH

ooV<#-

nf,Fv

'KHT{nAV

H2B.C

EndPaint

ztp(sK

xan-L

`1S_D;

Bk.i0~X

Hu8#v

#lIm bD

b@t|h

^CSAG

C[[>g

-*[5*

MXe*:

Inmm.

bEHPR

~5;\,bL

)_MS$,

/a=Ft+F

>%d9a

\-9*k

X&dz

{z%47Y

"`u^8,

k6|10

~s+~H

5GP~Y

80858A8i8n8x8

r`y\/

CL]xIm

L`Ruc

^9k*R

x5Ba;

(58{c

Ig fX

tPgeu\.

2DMrj&

,/+B#

z*I1D

/E6kc@

wWqqJ

LegalCopyright

1F{C]{

!C-W;

H}$rJi

SendMessageTimeoutW

Exch: stack < %d elements

QYHla

MNNF^

W2i~T

{]z}SR'7

8`;~f

81/Om8w

SetCurrentDirectoryW

V))[Zt)G

n[ks@k

40C$(j1

-e:Io

@_"HW9

VL$ZH_

p,6j1

q.*h*J

Sghv~^

=nim(;a

rd(k<

-?w1.f

BSmvW

File: wrote %d to "%s"

GetMessagePos

4((,p

[R\Jv

FM]|~

RMDir: RemoveDirectory("%s")

l"j{$

zg\%[

2}Zsa

+p,rw

N3FJC

wsGDM

~ApWF+~J

(t)|o

$_BiU

:$/to

Ax- :

}GSRJ

909>9c9o9

http://ocsp.thawte.com0

4"bSL

i(TF8

JNvz"3I

NTEJt2Bg

iZ;qR

ImageList_Create

ev?W'

Ha@$-j

<c^E=

;FM'f

,$}T7

%F6-\

\NvE]

gi4blk

u]"MY5

JlOjYS

*YpaW

bQ%_;

dGbnk

\4&|9j

LNRV)

KNcfj

bp}"T

Y=>%1

LWY&K

85nW7

TZv5J?

A4;Bi

5\%{=

w>,lg

2cfl5

yQmU|

B|g%f

n&-zio#Gl=

jtq,7

~g>59G

hI|R{

sl[&X

p<v@$D

e+s\>

COMODO RSA Code Signing CA

MXg!4?s

"bO_J

000004b0

84/qt

^NY6l

iwP^/

ncB_e

5XE?N

G`|H1

OPp!B

_lb2r[

I2];lk9

, :d7

$)|<EA

$!hkHz

AddTrust External TTP Network1"0

B0RW+

4p*a>P:M

\H &`

FO%}t

}k#o,

xZ?Q&q

=[y ]o

|1|!U

5w?HFY

p7!J.

NQCK"

r/}EH?

oiDX 8=

u2\!s

|_m K

3X/x0

NdrJK

Ku"Pq

{lSp=$

c/!p(

c'aE.u

0Y0i0n0

F\9cv

kpT]!

s]go`Q

OIFX~

D5>,7

h%WGS

5xyO1

mJe/6

3*(+C

i\emx

`pqOf

n$0<m9

)Px8?*:

(@&Eo'Q

"z_0x

|c`rZ

m6-;D

'Mq,#

@~AxZ|

:,U6{d

lC9+R

For additional details, visit PortableApps.com

cD+`Y

NQ3T[]

:hW2e+S

TEc&v

File: error, user cancel

W{*!YS

=(4<]

iICl2

-)v=F

`q%"O|C

U8g9T-1

5@70@

]KHBg$

|{WCF

*`RYr

msctls_progress32

JE8g>9,3

SHELL32.dll

B "f,

jh.b)*S}

hHQJ4t

.$rxKu+C

?>u43

B}U+#A

Tc:ss|

K@D,NM

RMDir: RemoveDirectory invalid input("%s")

cg,=")w

h?T$m

#Wx?5LH[

f#.;P

40%.qh\

YSwvT

->uf]8q

&MQcM

ShellExecuteW

0y>)e

pT@c(

H;LjT

g Ah

kf|3J

%yxF_H

Op_qhE

GY.\X

9E8um

3P_7SD

/CEQU

o*{(Qf

%$iE]

Zv6`%S

/ P6pL

CreateThread

SetBkMode

upuMI

l4ll&

3B}my

K^(bEK

a9G1<h(

<>+j:nIN

RiU|O

^thGS

Q?$j.

5G6Z6

j+Qz<2

}km;i/

TSn:`

V([qx/

'.O4Y

Yj'W*wo

5A<mBb=

y|Q5#

M`=?c

~X~9R

{J=$h

'#l6`

/zqHZ

^&goA

sk4+1

w*!1t

Q*@W?

30 ~z

q:qs7

CV:DImRo

,G'q+T

Q*P7W%g

ExecShell: success ("%s": file:"%s" params:"%s")

]( U:

I:^Uvl

zJaY>O

:ny4R

&Q'?p

D"~%N

bT-vd;

GEmgf

bd {<

*f3@4I

(buoE]

Wb[]q

Iyz3J

c*u%

GetUserDefaultUILanguage

+1L"`

uh(r$_

<Ko/>

$vLFw

0#O`f

e!7+d

7<MuX

Q:[?_

ZHSx#

Ant Renamer Portable

EjqzU

7rt5RR

l{ l)

i49EU

/-P?pR

:j wF

I&0iz

Pb@6j

PortableApps.comAppID

<ruPBrNU

@\020&utd&x

FindFirstFileW

wsprintfW

Yo}Le

r0*?_

979=9

vFCk/

rKxku

+_N4`

cc,`-?v

=<:(t6^

% D3t

4++vf^*|4

UBlm&

}FZfQ

1&2U2a2g2s2

A,\km

_EVI)

N `9+

)Mh)Mlf

1%1a^

y#v`[=

]$xh=

73i&k)MH

Nk@[-'`

l[<+aR

zg.`7

H2)q:

'@6%*

D/{|h

Ss4:$

G'/6c

#zGt1

j8WUHBYs

<+<4<J<U<m<v<

x%w\o

i]K9C

d~Gz.

*cV a

abmTL18r$$

23}ss

~dAn&VY

EP0f'

4:iSG

UF~N\

(F/ay=

[IJss

#Wl^Q8

4/4o4t4y4

J#gu-

-39ZpY

0_sxw

)[_wr

BhEBE

#t!zF$

$:~2}

y8 "<

ldhSTJ`

"H2T_

}<w.G~/2

9l<x@j

(m bs

| D#|Y

)SEj3

f'bOI

[b^Jw[kW5

~$4.5!

5bH2;

W\.je

Lr7*[

C5)g

IDATx

+D>]p

U~:~)

y?:?wAGiUf

?jM1S

:R@#mi

cj}o(

~%'rd

!a/:ZN

dC4u=B

4CH!6

j<~=W

MaE)J2

ER4$4<

G" 4r

0M}^yv

4{IqR

OZS@}

Z'br

]B7B&

`@e}^

oBOb1

Gay.#

nv?y\

&0W7RD

3,{%5

FfHon

}'y5V

No#/FX

4O67jBh}Ny

&EFPd

Ey#(]c

V%dsu

Xbn})

a}^JL

Q,BQe!

qSuv_

;! >_

IK7Fg

<1 2"

fO\i\

WideCharToMultiByte

334_]

8b{kw~

VarFileInfo

272q2}2

X+-O2k

gHZtI^

O%1Lly`

^}P>$

BY)nO+9

&=,lw

Szt|;

3|q]H

=up8b

FF~g>S

GetFileVersionInfoW

wlo>

a Abd

!rT=J

5TzT"%

PI-$O

detailprint: %s

#lA0$

CreateFileW

7"z&y

FWZF~

~^s$\

=<^[_a

\j{-~Y

`Rc@\

p^vH[

iSdQFk

'AA50

CopyFileW

^P73vd

YeOA9`

^zD!_

?4;er

17TCM

r+[R_&

6xr;T

|MDGO`o

*KPs}

&1<.-

SHFOLDER

r)dFqz

O==D9iD

{WG42.

]jR+L

996yb'

.@kM|k6/

QDpXQ

wO_7{

as}&]J|

eVu.~

[b$7RX

L[fQq

Module32NextW

@B4f{

YrBVV

]((,'

tq\b)

^!,>rO

hNoIy

lc%d0

zp'ha

>8X%p

|oe8D6FM

*/^59

'GdFc

r}qdxj

)tTPlj+v

GetDeviceCaps

ELB15

G6%Hd

}K~qm

s)PRc

HKEY_LOCAL_MACHINE

gVVN;=

50/8R2

{.hIM1

5aAo64

9?iXbT

=P=*T$d

Q)O;=R

TXmA,

XAWxo

KA.Zm

w@"|I

KERNEL32

E)eb5

/T~qzz

*n^|!

(l3nu

c>\\S

3.0.18

x(^6u

z)Uc:&

X,Xw

WriteINIStr: wrote [%s] %s=%s in %s

3EI>\

khKtA{PZxJnk

7Ei@a

we568

t:8??L

9H9(>z

E5YkP,V

H&^]>

,*;dywj

<AzU5

T8"DN

aEe_]

@S}g</

SHGetSpecialFolderLocation

wvsprintfW

s(rhq

EDK;v

p2CN;

n !sJa

3(A+%

UWvxv

u_uOG

&q|w9j

~}hB!}

c j2R

h1{N5

|^Jrf

wlUs%

MLQ#H

i.V{Q%^

m{70$e

Lc$e"B

:;6i`

4?>4?

i\{5yE

;<:z]

|^\E:l

ZEzZF

HbR'{+

wL#J\

WriteRegDWORD: "%s\%s" "%s"="0x%08x"

#-,OYN)>

46d=f(j8?

:BfP_

:hH[fH

Pv'fR|

/cTs+1

b<3Tv

oG?~'

4 gti

xM0f]wF_

ZJ@pC

`X_SQ

%][ev

(54{y

4iVmI

TTuUX

$]>0]

:0Uno

70azm

+WyPcd

q3{]:

FUDVS"

;LHy;

NXREX

&`nEM

A'Ftbm&

]B$:Db}W

`\nrEz

olj}xyGK

*:Qu|K

YQK5k

I6Z3\

R\B=xl

Salford1

E@X>{

4ksZ

!<C=g(4

7TkGs

qz,Vit

8z"^H

Q'+|?

J^qB/

7XX&3

Guz~>Jo

IYi<3f:

9K0#Y|

%;-eY

n/r?>

tH>gr

0g{N%;/"{#

wRGOv

D<yEd'/^~

{!S7[V

:b3Ee

N0L8?

SetTimer

J&Tmay4

}j>NB:

<[.Fw

|vZ58

~A3V/

6q7v7

EQuT|

FN\oH

.IGn6

|-h/ (

G`-_<

~ ,NQ

~%?YF

j[xSB

R%hcm

aQ2G>

n=(4G

22,U?C

7=0NRY

{@o}b

Aq,Oc

H1Vfgh

!5Ge8C0

New install of "%s" to "%s"

3Vg.T`8

`-cBX

GetWindowsDirectoryW

DefWindowProcW

Td^)b

"D?2j

\[)ai

*tz:/

@E(:.Y

0WZHBMko:.2

mfbpY

~Q[h&

5W7\.

<?C("

<.^n=

>&>P>^>e>}>

E0j,iO

GetDiskFreeSpaceW

wj[.9

23a_d

=<Z:c

~s5{h

Sleep(%d)

ul,Xa~

t%$fU

634wv

e\Q3M

}39% H_J6j"

7Aa!?@

?smO=

N7K@

><7]hl

A]`.,

Zti>BH

+a)+n

XR$m%

-1(3W

iN,IS

A-B-k

z6]S(

Rw)gO=

PqWN?c@|

KF&xR

_jlvzyxb^

1=A;g

'kP^`

+vAZbL

|l||W

\FmT69K!

F2qnBe

&+ymc

EFhS[

5Py3U H

)37[ZY

?HbPyd

|CiH4

YU"wM

H`mES"

6w[WHl$

:D2&q

KE.'U

kZ]_H

l3Afq

;!;2;A;T;

K>l568

WNNOP?

3Coy(

|.ah[

e:^Si

uV8tuSF

ox8#p

2hG02

$i9?u}

^!,|g.~

1G9A'

IJl"eh

)&w%Mq

GFeO@

)wVNt

X`3~X

==NN6S_

64Y<gRf

d1,GToO

*_>ORS

MoveFileW

:]$.H

Qu=Vrb

http://nsis.sf.net/NSIS_Error

%@dAx3

COMODO CA Limited1#0!

v24$|

)q|`[

Bnqqq

7&<\0L#L

7T5\1

cPQLo

E+/a"z

IEFNlD89A4/k

yB/<e

{frT<Z

U!Tz6Zd4

5(lh5h

fS>9$

6G.e"

_O)hc

/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$

)]@$2c`%

b3,)L

J)X;V

TSZX_

S$~xI

j'OeD1`

cxk2+

Y"n^O

L^D\M

K80OTLD

P2}mNF^

O|10'I

>!)|#

`81Ne

2K7lX

yQkM:

;nmVnG

\pR2MU

zr}f?

%g{?I?

.gOgqh7

b$}U*

GDI32.dll

%x|xo

JPO|}

,W<0F

I|Pv)Gdg

@>#.$

GHk3_Q&0

DR|W8

txl;%=

jM>XE

H~}<nN

A D$s

7{AHW

:3FPs

[rsnXD

B/-&c

SkZc{

Mw8%`

&X5)>]p

w6Poy

gQI>|YR

http://ts-ocsp.ws.symantec.com07

HKEY_CURRENT_CONFIG

l`01'

-dVs[

BringToFront

6yV#JjC

COMODO CA Limited1+0)

>B!s%g

_\}-x

CwW=7p

>"W<uo()2

4I\}\I

u:FeV

rvg'R

L("}Jb!?

201230235959Z0^1

Ohv4R

&N}Jn

Wc?]$*

XU_^RL;

os92%

=bN;I

l"2wj

<)6Je

[&riH

#E!=%

u/$]f!

z1yV#

3`j.Y

"COMODO RSA Certification Authority0

[UISaYNd|sg

wsgUqV

3.oEg

#8=?.

@V\lD.hH[

dqjl^

G9/F'

Qi2r4Y$

Q0(y1

Pm3Yz

s6tL3Rq

KX'(w

w4I3+

]F|y"

BoCsk}

(Yp|=

+pM"+1)

Gu6:Zs@;

F,,WM

f)D_iJ75

2l99qq

B$UQ5

$)iyamD

%gDZof

en6g|

cWEnl!

`dTwT

6n(7a

x5}0E

Ah:"U

Y*bUJ

*%4r84Cp,#

%`]x1

t_qg Q>L

Psc=2

8@a\.

t$(VV

6:dWb

PortableApps.com is a registered trademark of Rare Ideas, LLC.

GetDlgItem

_A T7

<pFp%%

Y:L%*K

g8|A#|

+-4kj

-iC%j

q:27G

'^nm.

2-{Y1

K.Ne"(3uvIS0

m*JpH

7$F^E

_C'rm

;TPuo

<4*F:5L

r2u-Y

!This program cannot be run in DOS mode.

PGCTl~aD

9+9L9Z9

"IAsPS_u

JD02pm}b

s<ra4

)+P]m

C`!4F

<@B6%T

6XMs7\1,\

@;>n3&

8CG9*

Ul"Lk;

ZA@v`

[T{Hg

R@>X]

5LKEVI

@yzg\

uAk|i

D%zfMv

',T`

QT!.:J

gls(y

FCVx|

:vVjQ

&-'{"2iF,

Iu5q0

dB^W@Y

,K3bB

/:-t%

Z:K<,

"Rr^R

JZJ!5[

"M+/R

rcQ\H

xd2;@

l9AzY>k

N:QkR

cX~dj

)9X;1Y(&

U3+jj

RegDeleteKeyExW

gvuCM

%1."S

~x3zm

=vdqH!HZ

['0 c

O]yQ V

H2/6BV

C*L|\

yPu2xi

d )/N

nlrpF

RqeGYz

CopyFiles "%s"->"%s"

-AC64

HTjh&

0-kq>BQt

v~yme

j1x[~{

%6vi

!|^g&

!:UVx

X$mNE

^0|dm

-AKD?

q=G"uA

rZj"Q}

(F|41

l9$t!

f[4T-

Le}O)P

lnYi-

m8HH

i=?k6

7" u$

pb+[L=*I

HCqx/

~wu\4P

t*a?L

\aH`o

1y]wO

Z!w_J

DKon4

fly~ n

Translation

-#8-(4

Q+JfR

vhmlF

';AeW

5>QV\

C^%$"

*d#xZ

;biZyFMJ%9

V6[&X

I*O]h

9,:?s

BTR [

e=tH\

C3`t,L

&WeBf

F^L;Mg

Roy;V4

^omT

4:B+U)

;_x{M

0"I^k

w&Y_ra

XKydV

1X6lYt

> _X!

l1/l>W

?'vh}

:+mIm\!

XCZfT

yu9;n)

b#`-o

P+r[Y

kDyYuc

R[TTRhj

=)a&n

_y@wJQ

vqO1L/

\B$wYm

CG.+:

u{U:t

]h^d<L

0qZM-f

QXgw:

pn3q!b{

n5z8Z

0fywC6-

+ZmSj

""'c+

)@~EN

,\O9q

X2 w\29

D>Fz/*

D0u$r

_)=(e

=}<(jg

*6KiO

x EI[

cMsEc+

SWHh'v

)54Fo{

?U^|!

efz|g

A{$0sQS

2Cn8U

9|edU

n*DD1#

B?}||

a6oKK\

SO<*1Y

GM*qz

WG(As^

kB4WV

l6Is=

V_,Z\

!2#Nh

'7x!]

qJvly

-2%<C

sUR7n

Hj\("

C7r6pXf

?Y{O5

P2:r{

QbQZ]Y

6(};=

2sY+F

]1lJ}k

:F2rr

_KymT!W;

#K1}c

R|uZ_

wetxtL

l '_A

0^Q*h

#`c@ThK

hF`U=

CVjCH

F];m/;

#\nWgc

Ky@-I

d37b6QS3\T

M)<0#

5OZNN

(B(Wvm

nmLup

"7<Bk

LdpL`

@|pfs*

Skipping section: "%s"

FzHB?

QPoV ]l

dDttj

_Y1XS

XfvZL

kKb~m

be!f:

-)L5J

@ !v}

pr{J,

)z6wW3a

@ap[E:

n1H|8

X5*o`HN

0UMIg

eO__B

y1tHgx

?]xHM

Uy*qo

[q}6p0!ZED

884B=

KdnMx

Z $S*

SdRMv

install.log

[^Y*d0

0$2QPe

gjNfqKbA

A\mY$

5^6L67

*{+~QG

dERGT

AZIQp97

Z=%E>

Thawte Certification1

2-}&F8

fj^$[

x<ZUYs

W:APbA

j;O_%

@jY8H

ua2-j523vy9

D#v~"

}s4z=W

m)T5

.J5KzM

NC~&Mvp

V7NgN

ef\y'-

:}ffC

ix=:~

m\27E

t?(mt

N?5~N

ciQLu

U9==#

EndDialog

;Hx*G

15sg

>r9D}

~)*)J7

&W2k&

Me8Aqq

SmxQV=

L|>ni=

%e_?&

+,%*x

#=p%h;

KWR$tm

IW'gh

jZ75G`RC

s$eL#}

g%SLM

+iRt:'

5:%:#A

.(dIo

u6/(<

@#L5V8

nH4EZ

s?9O+

O3Gz9$

8=('n#

l1_:@T

#xirx

File: error, user abort

KH(=c

:7?o

xfQvD

0Vg`{

Lt8VQYO

Z!p7(nI

-x%3Z

4m+%+0

t/~Ks

I/t"S

k~z;p

2w;rD

IheaB

K%D-!

oYtGF

pyfB\

1#101>1J1P1U1[1f1l1

O^gVn3

sf.=|

$;rtUQpLt

invalid registry key

PpXVq

I`T[+

A/Eg)

`^)V=

T~;)uD

L!*Lh

q%~q%1

USPK.

9q?_$

a'md&

!x~c}E

lH1g4dk

VW+&g

dBd,6h

9lg"^

Nzp?y

Wa^Tiq

O%WOH

?;A>#

verifying installer: %d%%

%AG}_

v`7{"usET

eiP7Y

qbU+F

elW!P

^bHpx

%}c=L

D{2}j

SpIoN

!([8G:

V;+zZ

@0_Ht0

*B|1)GJ

1u]B"<p

LEyO^X

Csbzj

Zc5!

<+{/G

LoadLibraryA

%!*T|]

*E.BH

SetFileAttributes failed.

323V3j3

f"fLW

EhNIV

45(,Mp

nk$'5;x

1KIh,mEa

SHFileOperationW

A2qA2

+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

&i\cA

NtN[b

EV"Zb

Ud-Ew

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d

3R]yj

4XM>i[

ba8RmS

;EyNS

t%+HN

}}Qu_

*}=)$-w

? ?K?

,y;@.

SUd+''

vu^`r

4A52[

8.5"#

3?[%F[a+j

;w>[Q

},/!<oL

H;-7b

GetCommandLineW

+r87'

7\IE,)

CU:=&'9

'!;"00

9Kr0W

QbroN

H@&sK

C7Y0i

hX_lbI

mj~`.p

Ed+EL;E

*=yaV

moDuS

e?}%I

w+p K`?F

WJFxu

2It+4

eLLBw

'V#~>pokV

8[%p&

*I8U<

1!1*1

i$6~sA

BCuyH6

#M!oB

e*D98~

YWV9]

Uqe41K

+7Zo@v=

c;3;|Lvp

'd;WR

C-MWQ

CreatePopupMenu

WriteRegBin: "%s\%s" "%s"="%s"

FileDescription

J:$M`F)

iXJY$

W0f+^5h

PDs=x{7

Sm$&r

[H?h^R

S.22.

3yWit

Ti|}7;

j'_FtYDk

6oGyi_

W{~m93

\DxXr&o

2~4,{

b~?C3*

~-/~*

Wj"d+

mGe1!

{#V9k

_ BF+C

D5=2#s>pR

Y\\6jL

HKEY_DYN_DATA

t%O$+

jpf-)

qI_.i

eqRn)

SetWindowLongW

=fysu

!U<OT

D@tN|

GetFileVersionInfoSizeW

Dl`L8

.!q/{5

*?|<>/":

)7{7g

MN-h"9

Ro+p!

&bT)T:'

q7!+]

&m1](

BLZ7{

tz>?r

zD~Mz

{0qGo

3? 1?`

)%-ph*

zE}bR

~l*-Y

u'L>-

R.b"d

oY_|2{a

wn-nx

mNd%>=

GetSysColor

CharPrevW

&62:(

Z+cj@

E@n)[

U9k+s

kjnCo

8,888J8e8y8

ZPQ}G

7/sNX

J(EwZ

j*=^&

WriteReg: error creating key "%s\%s"

?Nv@[

^OYVt

6["/-

, '-c&

m'C^X

RCRamkt

IfFileExists: file "%s" exists, jumping %d

Qyn_k&K

KytG[

)P`.Q

FE`?x

g$]:%

Ts3am

Western Cape1

8Eayu

j6fyt

DnTrWV

b9Eo|i8

,oKY]

4ZS6ogc7`0W"

OP>7Q

\YKK$T[

*w<V#s

SetFileAttributesW

@]c0VH

SetDlgItemTextW

?^v^L

]<G1P5V

55sMf

GetModuleHandleW

W%Wz|

+*=[79

iZq`P "

x<#vX

3O+e*

_O8@a

Rf\Hg

+33V5

w/|)Jq

+5*+.

(:0|i

e>e'N

9*h~"

s#&CW

nD-3$"

wt<xjT

>"`$-

g_rri c

K|y{V

V RjtbOA

!yL>%e

=F3WlM

TtJ?h'

1_<x"

(`xP}

[KfkaxA

4eT6]

AUw9Mc&a

\W$;X

:(:.:@:F:L:R:Y:_:g:r:x:

c0#K)

;m/pR

T Le@

'Wa'|%

)z;{E

o;(80

:`nYd7HJ

i0Ny#X

IDBD $DQ47

{-snG

4P4DeQ

So:yA

h>tv/

WOn<q

NylzFTI

f@)1V

9dqEMYi

^,zKD

xEDpz

HdFqr

~[6qT

!TSMcj

`pV+m'

@cP9)R.4~c'

Pop: stack empty

!:5<~35\

Wp!{{

`m/AC

S[%1\

&X~KZ

P S*a6

.-3\v#

}BmLV

<Gz?X

qMc,A-

zB!+;

#=H$9v

iwkz!

+Y3bF7

H~M3q

.Ot=/D

t%EJ6

Yo1s7

x,jC)

].u0\+

,/aPla:

3-3:3G3T3a3n3y3

/caK_

OMV^K

1Rd%N

P#oHa

zLprD

Tr{JmFO*

.r/F`b

JLdez

zIo'\

Kcy$m,

(J\ei

UL\FV

X~-2Mw

iz3Os

+i/(S

{djtl3

?vxyKK

X?#9:

TlAhZ

lstrcpynW

s71dj

v;5z-MR

Zisb"

[24+-

RichEdit20A

V|d=G

GetDlgItemTextW

q;B)P

OzP+S

|7\>W

|bdr(

8bs^_

xfA#p

BTY=$QV

S;1}N

m&BKG!

F=&G 6

FR/>

#kj`-

7zW\5

f[)Eb

!++>f

T*fBy

w`lFXS0

J?*&

-s.. fp

zUO76Br

niM48KWREBm

M<gE1

/1"v5

y+x18T[

MessageBoxIndirectW

W?|#e

j,4w*

e+aIw

O|)JMTe2

7j6Jj

!lXJ}X

{lDc&Qk*r

|7*z=w}

`j;!.Gg

More information at:

~`e:7Ro

!Du*0V

]@h3-

:gIbt6

tVq_l

\0$Q@

C\7vr

l@iiEY=

;DooR

2.12.0.0

DAQf8

v?`hf'

$r''j&

T<+$#D5

_="ZXzD

b--lr

MUnzF]

1<]uBe

~X}9\

GRi3]

X Gp<

^G6F+@

?PYdA

6>6J6[6z6

M [@S

v40`JU)

O*SyR

Cfz=]

4W-RER

?MmaX

U@&A~

r$qF:&

=pY;w

A:J&g

Tm'L

"Geh4

eX+Be

V|">1R3

g+`F*

MIdE

V{{7w

HM1wl

GetModuleBaseNameW

SetClipboardData

2H/|^

ZRy_o

Symantec Corporation1402

e?\S\

pDvIU

f[&KM

2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t

/(bq9

pf"TrfZwO

[=#</

t{dJ

2x:J*SL

E'5va&

]mW){W

YKJcy

7C^S'

CreateDirectoryW

.>gsF

i0.7;

U.]!m

7,dJ|

xr8b]

j/9$u\

,|q6,,

.http://crl.thawte.com/ThawteTimestampingCA.crl0

$B(*N

$ggQz

2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$

)ws$8

9l-^h

&1fOi{

m)7>XG

eNL~CXjx0

-ohWhg$8%k

h8dF,cA

6.6T6c6

Js_D!

z*d"7

zF]Wa

ckFUy

#\TXU

|kl8H

130509000000Z

@XU(c

%_Tuo

SA#8Fwh

E&`^v

brMsJ

sV08T

mw=v%M

2Z.K.

YAHRqE

;}(|

#+x<Q

8DHL`

{V}Mb

Y6~#I

d/uxg0

OI;F6/-

W]Y>\;

t]V2o

]]h3P

/z+~Zj

\xebz

B=@zl.*

#<"M;

AzKT\

7*757@7

[FDbVP

!V9qd

Od9G%Z

l{Ly<

','-]${

.:-V[

6#N}K6

vRn^d

u{KRY

]?dSv

Q>U"I

OUn*VdB|

ObyE}

/~%*A

gU>7f9B

(@zO_

z*kqP

hn4},

U{G}B

jkg @

x@b1r4;VyU

O&'&C+

>~}7G

A_I0}@y

A#`[B

.DEFAULT\Control Panel\International

W)~9[2"

J'`YO

97(?86I

P:Np8q

q)KOD%

?NAWw;

lstrlenW

A4ZPY

g0e0*

#}3@_

'*~jI#

f.5%W:

YD.69e

ME+y;

ad'h1

Comments

5Yyh\O

KKSDu

OipJ{R

O#*{y

t<(LEi

7[*;>

.QIZIg

Bj 9;

\dyH2J[I

}_h5k

2tQ4C

URY{L

8!828j8t8

nCSV]

H9d7HW%d"

File: skipped: "%s" (overwriteflag=%d)

FS,6:

SN20s

SetErrorMode

4#!yx

A (iJ

nbTY(

e}RDz

adp@(KsX

o^a_e

:C:O:

y3+.{

)PG0I

_A>VS*

YV0LPR_

q0vk>

X1WtT

2E0@9x1

SHGetFolderPathW

n!c-d

/LO6K

7T@oE

R.Wkx(NSE

By0'K

U*Z4{U

544S$

w<8QW

~HZr[C

AddTrust AB1&0$

sT_v"

G2HaM9j

[ bu5

{gE9:EK

|sdTv

"r!+,

c&A^)

Kn22S

KiT*t|a^

nF@mo

>bz-M

3O'(A

=,:pm

.k;5j

s2E-Ro

[*<c9{(L:

RFn8f

B6K(z

H_!JY

g^0X,

w,]mR

oxNmH@F

6iRCa

UHtsk/Z

s$X>Y

Gh8dA5

0.0;0I0]0j0

+\{wWv

{D6Ium

$Y{ZV

1A1Fc

*w*Ml

%PvlX

"_` `

]=KW,i{

77Q>m

&`!vb

,-7@_7|

i2/F0

==>zeo

lEzc)}

4KK=O

P+qUT

-6Sco

t/jU"

TS5"@{6}

E{MT$

CdQ!t

TwB5{

O$j?\

JvMzS

}z{3D

L8[V-

YIkqr

'c"`-u

7FbnkL

DhZ,Y

z.whz

2?2P2b2q2{2

O?^D<<

uu5QH(o

"$l\<\G

\SGkedo

:`"tn

J@6.Ms(J

(XNEu

O&*DM

&R58q

installer's author to obtain a new copy.

'o2"?=8

223@3I3

]^=^A

taq{-

!K'e==QQ

`D,hC(

4Fk#}

&H}'+=<I

nShN]

k{ctS

y.wjL

PSAPI.DLL

Tz[Y

XT0l

ADVAPI32.dll

G{f*/

yEy}D

;jt:T

aVF7w

\FvKh

MessageBox: %d,"%s"

>"?@?Q?

b"q{P#

tS5/j

\cg O

zB8 p

%|o9Z

]+k//

LTb9(

C112a

Sz*F;

GlV%vF

o*[!Y%

>IPAG

?0=0;

150707151027Z0#

SI+4]

%[h"/

x]Z^b{$

u6#*.

vT:Dh|

5+5;5I5W5i5x5

'{+WI

JrU$b?

C&LQ=

)j{w2{

rMCFs

"UXw&)

"s?b[

+hkkY

;nvxQr

RMq0Hl

x*)er

GKjfU

gA1#I

rObR>

],^Q]n

x/&0@\T,

&w_a_J

%M'Fu

]&khjg

>$KT+

gUY]F

Q|@+z

e3[%T

u})MFh0

2Gz{Nz{:

GWoZ7O

X.0I`

{Kb13

a)pZm

@m?`)#N

HYp):<

8Oj7Ky

\T_Uw

A^>-h2I

Q>\A<

!Q}th

D\/`=

$x9'=

)4KuOe

%:Y:@

AntRenamerPortable

lsw#S'

+ZEG\}h

Fe up

04^`k

020T0y0

VJ(l7

9by-}

Y9U&Q^

tl&M76

~h)$&

r:q#|

s[^#6

]!mqJ

Q(ISl

7+b01

o~J~$

=m>*Ak(

!<O/(

%Is"O

G&>A15

l Er.

O 692

zxH%]

)tkQ4

l/|1)

Evgdw

`Dq1{

l3:n(

rE![C

1]lBK/`

Ibj 7

X|k=@

Da~K6

q IP.

R`,)Q

1ie.`

((L0,/d

SHGetPathFromIDListW

FY\?EAml

6O_Kx

w/Xxo

4 B-+

9r Lu

24h,|

OMq;S)2)

JPm}y

Y^Le8A

`Q725F

"eg5j

u!JW4

-aF9^

~R\z1

x6c)/3E

;u?c#D

W8//,

]2(S>

y<`=T

\dB5*

'+6*.2

' 44c

d/914d

:QpD>

y{bJc

QR0.r9

t:BXB

g<vua

OyTsm

q>C![

,tp\fo

z$9Hx%Q

.N,bJ2

2+[vF

Rare Ideas, LLC0

WO`9^

]#J;K

_b3-Ysw

Dhf9]

DO!Q4h

zB0W5

Rotm }-

T:uh

CreateDirectory: "%s" (%d)

%gynZ

K!OcB

pS?}G)

lstrcmpiW

0C)4d

v E#~

L^^|.

?9'%`=O

pjN0`(

nWUNc

ADVAPI32

s}0c<

~9qtuOuX

D)Bt

|sN#(

q^>M-TwTQ

(&@E<2

]Q9$M

LegalTrademarks

1y.#V

1<S+|Wt

SnZ)h

)Lhi$j%!0.

D=,'7:e

SHAutoComplete

;;n'v9vtb

(=2vf

VVE=rd

]]j|u

1VQ>4

j0$)z

/;nK4_(J

CreateToolhelp32Snapshot

ReadFile

=V"'bem

@skNO

sv%`9

zLzxT

|3WA<

RegQueryValueExW

cb!];

HX[=n

NulluN

DrawTextW

Y*WS2

rdVL^

&hjrB

|m92W

lr! ]

Lb}DJ

>RCW0Q

/>4^j]~

qZ]3g

GlobalAlloc

\idw,

2\<EMl

@+o5Ip

x"6Ye

sw")4

NH}Dk

KTrAo

Module32FirstW

qa\.Ko

q9u]kqQJrKL

GetTTFFontName(%s) returned %s

]m{tZ

'r>xv

\|{Ou

nZr"B

Error writing temporary file. Make sure your temp folder is valid.

s695

>PV7<

&bs4h

#HI,{l

ikAS5q

0^9%]M*Te

S^y)'wP

!5-Ji

'N]TB

>/zBl

VSX\il

yDc$-

gpGmXSz

7*+7*?7

bQY,h

_dH=.

'V'ye(

>-q_6

UQ tw

1~(`(

@=0wk

:*,&<

#<?<r

UFP.2

6's+g

&`0l2

j3ni"P=

Call: %d

w^ZH=b#^"

z>(O:P_

@^)Y}|6

ZQR\

wo<S

t-Q0M4m

P5+}]

lstrcpyW

Rgmjm

K=nP3I

[tI}<

87<um

I-%HI

uJVLXe

O3?25

L28 X

7hiuU

L0Cb%

f|1h)

?2<H#

U5VC(

18QO)@

'Gi9u

uhHgL

3N:_Kr

oR+gJ

9Qnmq

7(3q4

E89E0}s

:AY{a

KGsb{

y3k/fR

OmkLa

FruZ!U

)7uSe

OF(*y

>N>_>i>

EwA2%IpN

!iVOuvG\=p

v7;hT

POB0-

h`)gm

b}ciTASx

SetWindowTextW

SRRr[G

LdxW%q

Cx%Ec

4HJ9sA)

)5R?>

pks&

@B9Do

E89E0

_k /fJ@o\

j\z)]e

+}8T[(.P

HO@DFFDD'!"

VmBt;"

#da4V-

j1D%k

EnableMenuItem

H^D[<

s{kE)

\b|cqM

P9XnW

9Eiv:1

qCyiI

2(7`-

{@Ek=

Error registering DLL: %s not found in %s

Nna9m

B<lT%

xv{%y

8 w!tr

`i4xR

xa $.

"iY4qZg

z=3'^/

DGzwF

k0%;3

5j%e!

0;HBu

AU9$<

[_w!I

xji-X'

ole32.dll

{{-:p

kP=#9M=

,.uKx

t(`()NFq

}8N%f

Z-~>b

X9{sCi:S

(R"RL,*

n*tx!m

E!Slkk;@

Process32FirstW

8?mR.

#V~nY

/_3DB

TCpXG<

GlobalUnlock

eD_MP

vbTy `

Eu[RB

C~Ls}U

XURW$

zz(>-;Y3

%vBd1bP

f-NJH

PgLUT

p[bBx\H

N{"by*.

Es^1D

20=Z h7

.oiD;

AntRenamerPortable_2.12.0.paf.exe

767@7I7S7_7j7s7

1r"vPCx

!%r@C6

483`kby

Ww_#L

203Y3

3*Y"r_W

N2WUIBIikK.28

o;mai

r_hVVi

Z\rMM!%

F}GKB~

s<[U8B

`Qr![

KNx|4

Dbxw8

E:Af}

ma@!>V

v:mdI

1PS[K

&k!?e*

jOU[R`

z5CV=

;oF=Q

kVV-f

3WIvn

#x38c

^d/$=

0._.(

:CU6&}f

4VLQ!

z?RH~

)X7ga

cjfU6

#hvch\

LJ'VqWe

AF7gP

e@tVK

c4&ir

(lk.q

3;<0A

Kk(p.-I

c:E(&

U4>tz

9jU?54

?f*aM

'H88Dvb

%>-]^hz`

z~@q=

Wd0VH

b;[SY

0c3Uv

V~Rt6

^8%`Bw

Og~=S

aWSiR

B=#$@9

T((:4

&g_^$

W^68{

<W`hu

X+eX,

:#hK{

./O/

=I|7L

GetAsyncKeyState

e]^2@

s:p+<"

KERNEL32.dll

UfP8=

T!'@umy9

xr'"X

?-?I?\?o?w?

Ayvud@

m^-nv;

8ocTn

!hni`a

6#616i6n6

4lUp@R

J!(:r?

Delete: DeleteFile on Reboot("%s")

WUlo<

#r%~.

.}5j2

uX:mFY

n$c8S

?FRH@63O

C=1V;6+

4\x$N2

_)G1m~

m_f) ^

2d6)w(

&#Ju*

w8Z_[

zU3ZB

5Y%EW

iaN{3

}wIYD

8i6LBx`

3AQUa

DTR{a

!X`FuJ

oYDFS]1

SendMessageW

}N' {^x{wI@P

bPdP~i

7*Y{QSk

Chtww.

|)BcD8H

Uq3#~T

\_2Z%'B

qd_YC

!<nLv

9_n22e

qtd]K[

/RI\hunY/

)kL}=+

jT(pH

:+&:S

9_qT:[

979D9L9w9

zkXFn5

O:Se'v

Yj-6n

zv]kg"

Jqa=g.

Ly@ev

Exec: failed createprocess ("%s")

r\:mY

IsWindowEnabled

O3o-$

ASaQ4

;0T;Y

R90m6zW

/X,iV

>,>1>6>;>D>I>O>S>Y>_>v>

kd|#-)

c34Ie&

eay,1

B1\*u

-f'^a|,

iDO>#\?'

E+j>o=;

o= :z

x+?-YP

c>9p:

2fD93

@"-t{"s7c

DgVQ,E%%rg

/)WVF

AJz+S

9g6ad|

f=<hY

ODE?5Yx

)l!KF

;3E%P

"%ic_

n0]V7E

FileVersion

!x-@K

RBjIj

AN[~]E!

\zNU)

?`0cf9

D>!F{

i|Z$-

kR"B!7

0[}@J

Meic/

]jr2S<

DcG{P

kvp^|

L1<x:

QNSfef

,vVX^

~Nv)+

c@G0Ln9'

U\+*hS

ZNhh\}m!

Z7u-=7

i 1>j

SXUt$

39WC(

#=$bm%

|_5mJ

NY/b8&*

L9&od

D$$+D$

_7GA9

eCYch

7#@W|

nWplV

56e|!

k5/5O

FhwD^

/@qX|

%*bwJD

7WBSq

qDS`*

w+U9[

CheckDlgButton

DAu(&

v'A4V

XIz@#p

#bsNf

&`.sEzP_K

1-RZ

9JD #

6#>#4'

X4`iW

C0d0P

9nM603CIf9

$\z72bHS

-c?bb

2*WYU

SqWl)

DeleteFileW

(2kkt

d-!~G

,k\2|

EnumProcessModules

;Q]XAr

o;Znw

r{NlJ=

InvalidateRect

ry%)/

:cF#E

BwN>f

bbEO}}

NZ4N_

0g#Mh

cT)w3Zj

|ce9oB

w4NG%

_L7,%%f

mW`h

^40@H

rD;6L@

&#qJd

awo+<

=`,h2

eO&6*

tyW9u

)n{nq

Zdy0Y

*W8b<

8[v0sz

z}pFOy

sIS(d

5nV9`G

JYspE

LN2DC

bt5sj

y4-h* 4

-z9C[

.qymB

]F&9{

tK{[;P

'V?"`

GetDC

j49ZPb

-OkSy

1W5J(

`z_*rp

b`P,d

#rbAgg

ZT9j*

(=ci$

K@fam

`J$%lF

O.4|r

;Gv4+

;8*wEZ

fLC?A

Y%X};

K{3D]

FindClose

J!h$.

E'o$,

e:i?<

MulDiv

Ki,&Z

U{g {

B !94sa

mgy]&

va($|

p}ksDM

4EjsQ

X8O>~)

o4M1>

x9hlin^

cE_^=

m&nXh

RegCreateKeyExW

)^~4u

n&ZKE

cPOo-

x4j=pY2

Oh"wj?

`KYX:

@)"Fo)

SVLwbI

0h|N-`3

V"`2B-T

vSH@al6

vpw/}

kfkCO88

URM[[

7$6J1

eT !J

qI}m!

C"BV2[

OA]]5w

<0:08

Rnp-

_2"R) wOg

=7+1JD7cRL@

;6;;;Q;Y;^;d;j;p;~;

CharUpperW

DRs,SI

gBX_!m

Kwj<w

a$j@k=

b-{B4

WwtC'

V9 yu

6lQ&7'`

0%C}W

qrRh'

Ga$QU

e7U[!0

a1CpH

Ipatg

5r_h%

CoTaskMemFree

T"+{"p

{(sFRA

C,g'N

w|!#di

2[QZ)H

\A2cC]

iazS$

vm7;c

EJ'XV

]^\DD

S#>v/

3;g'4

A_BE.%

GetShortPathNameW

!Dz=K~}

?gv|]9

,)`7]

Cc|xb

<E{1eR

0evd-

aB."Ms

K{pfY

p`;S0

*mF(8

L"=AfT

4"4/4C4_4i4

Jc~4+

>F5HZL

48G]!

'\BK/

R}3&w

M~1Ca

mvfk`

7Fez3

CreateFontIndirectW

Rsm4g

)zWBatL

B[D!l

+b/k4

;=i"y

$9j?!

eGhy

LoadImageW

MKU4+v!

V/5G=

huV'@h

)T=Liz,

8Rich

VkVF

GcLQ.

J:7|8

IfFileExists: file "%s" does not exist, jumping %d

HKEY_CURRENT_USER

'wd4U5

Y3x8^

%2g#~

121018000000Z

$M0PJ

D$,PU

s3pmip

dKSYt

5&s>e

;rOKU

p[,zu

6=Im>

b0fFr&T

FuKcc

S'k^H

]X{s'HQ

?RXt;

yScPR

kkSx7l

yN]9Z

&z ]t

Mhf>]

j8p+k

=MVmLp

E^h8f

ScreenToClient

;\)W,

p<'&?Y<

4<z4S

*wG%8

dSL|C

O]-oB7

WN=0d

Tp*Hv

G2e)"

_z>\Z

^`ejOK

F;IDt

-|X[.

U8eb?1X

4q59gf"x

CWVWin|

FCK{YY~

qEJ?m

?x(g'i

GI5Oh

n yS!En1hM

2im^6~

~4bm0b

#(^*-

Yl,Ib

ProductVersion

eaOUF

` !eM

lZ`x;l

qpU01

N-7s4

\e9UT

Uz_j2

6:+Bi

+-]q8<t

A@u~*

RichEdit

Q)1vo

|t\iC

(!s4FD

|&ArC

8#<PTi

NAv[o

5Katt

TNOA]

^6Zp`

R^xZ$E

/QA[l0l

&|TFV

0t0X6

?kJb9

mlv:@(2X

D5@{y!

ceaF5

#PB(U

GkcPUU

XOWxwS

D_4*L

>}{ R

:YZK*x

!l|]R~!

E\~,!

u.Z.w

@O>Fi

sq'[s

(+ey%

D8uHh

tnyU6E

#j&Z2

E7|fq

@g 58

'1@mC

]!6#V

a'Nse

?dLuCY

Wp.4J

cY^?;

St%5Ay

A87S!

XDSl+

N-t0[

SA<[Y

E6}I8

V?7@M

8vP]N]

D9(c~

[6?y?z

K`.&U

J~;?d

8wUT2

*2,D,/v

kT@=L

bafIv

Wv"a\

E%*"I

Z7Opp

+~jzZ

yMGY|-b

settings logging to %d

WE#mt

COMODO RSA Code Signing CA0

<x`&J

][XkW!

[r0s8

zY%nc

s4R-T

Cy6q0h

$c^R}

9n}c,pq^&

S>[D|

oqBxD

#z*o$

;}2w^A

'`,E<

Unknown

h_u27#

j>z7:pk

xpD\_E<Z>

T^`^E

,CT&*7

,j@|l

!j.W[1

3zfe!

*Ujrj

[?j7~C6

3*f]l

O@ntBz.

iQ\{e

o=|83&

~^GnZS

sw$k)5

~M4m=a

%{b2z

I;?aJ

WRotf

Q%x ;

rSAe?~J%JVX

`.rdata

mTE=ea

RegCloseKey

q1Z&}

>JM*[

l1G\G

42Rx0h

A@$>tc

`Eeq[

<6C$UG

^7&P<

okB r

q_FDe

kb[%V

ZJ@K~

kk[Wf?

:8KeD

\e9Sr6tM=G

Rare Ideas, LLC1

[UZm{

|y.{D*

QGXKM

/.Ka6

og:qjZX

w4Xht

J&/+f

gk-Hg

5VqXZ

Jh{X!

=rjH3

B/uuV

E8I=D

>3 k]

m[aYW;dr9

HbDv=Z

['^]^

`9`AH

L$<"p_>$2

9Z{4lbm|

^}L<1w

j~J5h)

#!@W@;Ts

k0TBz[t]

']z[31_

3Aca8

or|a)A

'R.v?

KFBY&H

SC()9@o.

g3YQw

WritePrivateProfileStringW

#w.=Z

Ka.4SL

C`?fhmwv:

"T~UXW

!~[6N

Version

&F_qy=

AwQo:

rpBV"i@

nzT@\

+AV.G

{qu|H

g$/;Q

New York1

:r@yQMP

`:Y0:

YSpdH<pf

5Rz!D

&mzWF

|T`p4

aq4j"K`

O%u97

Q7o%z

P<vC\

IfL@&

F'O^dx

m6?q}

uaJ4/

gKJSp

Eh{5"Sc

%9-wp

~c55~Dz>

i$T8T

a-[/:H

X+.l[

|M*s

5o1|^T

iF1Jp

#FQdj*

~</8E1

}w?J:

kK>!c3

https://secure.comodo.net/CPS0C

-ycD>

d|~O%

/).Ha

SysListView32

va5rt

sV5BK[

CX^r*

4Efb6

BSlKdgM

KeQ4H

CBj-O

eVs~r)

/z9A^

HwCR\

6<1ZcgH

]2](L

]Sz,Ss

UW!vk[)

's~mn

\vvxQ?

SX-<+

!jFnX~

DC>3O

z/|>N

Qh.!+

46rP5

Q4[5H

|16d;Z

+(g"!

T>t!q%

xbjA7

(0h+#n

{!\J2

4#464G4g4~4

pk1vq

GA!{J>H

unpacking data: %d%%

zIdEUf

JVPqFb

IkA!z#

6.646B6H6Q6d6

yq_;U

kChYW

4bz'j

U8zsn

@C<O^

4GR1(

j^ct

=2SPt

2a=&&

W'.t#bz7

vI1*/r

\c^\cr

#Mqhv2

e1:Kd

MoveFileExW

z[Z,j

wf>~h

lIEbS

t0@p&

File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"

-GECh

B.e[Y

Y'^&(

k^JA

Pyb_\

m(m`~

Y*3B4

[0UM:

>[6#|T

:hICrN]

F'_Tk

o=:?>

ZAg}(l

!J80p>

t$(WW

1fS=6

T t54g

o+n?b13?

9!}QIs<

P=!w$

EuF,\|

z|K8YoC$,

|A%6Z

_ba7G

x8a0v

_(|tD}sc

[&7,gn

.+:OM

KaiT[;

+aSW;

NullsoftInst

+,DHI6}

IDP$,2

Cw{G0

?:JMwc

}813R

{7p8%

t$,VW

)i`H]

w;]=6

^478O

4j-M<

RMMRIB6

;`f}`

lT2xg

ufm+?<

kH/M'y

~@q^#

`ImEG@

"F6AeF

Y\-_L

aA6{ti

gGD&_

%02x%c

n"Mu8

RMDir: RemoveDirectory failed("%s")

i=x2i,

zZUdZX

?#?F?Y?n?z?

sOf}v_

w#(R'

:`w[<

Unp+2

\c?%[M

N/%w+

?~!L=

}YQv:v

yj01*

GYo".)

nZvD:

iS}/K

n:-8X5

yl:w"@b

BFqZt

d$Jt,

jUkk;Y

b]ncC@E

/tQvm

\q &;

CC0=*

,0[EC

PWSVh@

U4QG!

^" >t

okJqw<)=

\I_^o

QQt2g

T?hM[

hcOL+J

|#qG<l

[g>`,

q~+%ko

mKW9w

$^HSb

(cy!_

8 u6a

~8Lc:Z

[0@]/.fOA

<)dry8

8<]tw

oKG?o

j%k*~T

m<^P!

0yY2g

Section: "%s"

(krDI

U >:]

hym*c

?zd5

USqwG

ZLE*Q

2R49b

.~j[{m

/F'zx3AQG4k

Ed`!z

z1)l`

"Zyv9VqV

V#dH;

C}9D$

Aborting: "%s"

{:TKn3*

Dt2UN

gx7+JG0

F5z-?

e-Ihn

Lsvl

//)VAI

$nAz'f

<Jzr_

Greater Manchester1

<%_}9

nWV8&

gm']t

(;5*#

#`VTk

1-/v/

oc1+o

9a2@Z

U2+5V

Fe[1lX.

+#vBw8

Q*o6Z

GwNz)

hr{V:

W.Q/F

ppd>zU

}'%Iuw|k

7+\R7-y

,LC$g

27zE8

hLUWV

a i7r

}P~ T2[S

,7(oh

d28*$

lNI:s

tcsgx?

a$2f3Su

;p%jD

bd62n

]x@b"E

Q?7SK

od|:V3

&}+n\

0@yt?

)Z?V%s

cSlim

Y_4Vo

nBW=X

;2#C>

Z#}u0G:&

?EyZs

ei2?(

9Sdi5

6,W09

Co%wB}

xh~XZ

uky-+

j;|;r

8'> +

QsBuK

aXY>

Jm5-vH

5On6C

o4 "TT3

90my1

OriginalFilename

)hwJqY?1

3S1toD.,

000530104838Z

YFpWNEbn5L

w7.HL

`+]g~P[

?wtR

}L[eh

4(515

A,FuMZa

OptoM

I#{X >v

!4o`~\

<_1i'Yr

&OND`\m

8~3<I4l

};@C#

9mJ=#

kZ%LR

I2s}L

Z@S>/

U,aQP

4A>A"

WWs$Rh29v

IoXPO

JUtLV

:{c^y

;I"|V

\<]Ve

:ef4I]

{hw0cb

Ed|:9j

@.reloc

#*H>(

"iqE/

\"R^x^

EgxF1

*uAAh

|2I)V

vDnB[

Bp-E)

).^rl

B7yBQY

C}6R0

%SpDGZD

Ka*SP

OS"(<$1

w^}CB>

[,z`&

|Aow{xI

0{yjO

vg5<d/Fh&1

zkhJM

<:;t54]

xldg'

AlskHs

<j<o@jz

nOsF+

lLT,O

osl\n

P68,=

D1QA$

2"=AZ~

Tis%E

s;:uE

TU]USQY

.b/G4

GGZf+Zm

CharNextW

,]9z~

:PR&'s

[[iZk

<*p8<

XW[Y(

m#,.U

jOq[0

E1cbb

}Z*-t

P{nlmP

DeleteRegValue: "%s\%s" "%s"

;Ua,"

CreateDirectory: can't create "%s" (err=%d)

SetWindowPos

,mM"<

=0;09

/I$#Z-

>"hcS

hx|v(

_$ UT

B60nh

yw'}0

!{zF<

a6tn=

/NLS(

**j/^

jz5sxS

5&5,5b5k5p5v5

Thawte Timestamping CA0

Y|k\u

-G{S)ew

lr$EK

$f0G<

.V1!

VERSION.dll

yyQwz

lstrcmpA

R<Gv`c

BFCMaW

x;qZ};

.oxZ&<1

#i3xI`

qgCI%

(*^cCCk

"k{%!

.r8U&

^^'$(

[PWE>

e<eVe

}w#kH

T)OvK

~KX$f

]r#|r^?

71!a@

.u[+$

i<x}M

Thawte1

$?l`J

%fuC8

$ 6@`

d,4|h

3BU{[

3E/v5

|pkszn

=*=9=C=M=

!&k#=

U<w4u

J"%wi

3http://crl.usertrust.com/AddTrustExternalCARoot.crl05

/33,[w

GR:{c<

JO~Mo

:-;[;c;l;

="RI=

Y<STl|]1V

A<|N/1

85P*g

9'2b8

rH,KI

KZ1d8BC

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46.5-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>

abbab]\

9.L?WQ

v.] b

|O-BI

IB67"C

Z~c.b

=>Y;$

GetWindowRect

+peQV

h]gWq

lv~^O

5<&sY

~)[=7g

80604

j"(?9

(I(TQ

JP1%Z

,/KPip

IJgOB

1j>|O

2007-2015 PortableApps.com, PortableApps.com Installer 3.0.18.0

M&V4I kC

TDM-s

j!J>?

fdF=?

RkL~z)

%@r{U

InCh4;

]B](cw

bI&pt

<L~2A

e0c0;

8(#G6

GsbD$

j [f;

T5\aB

5[>_>c>g>k>o>s>w>{>

V arv

6?$qC

X9s.}*h

+n,l

A!bw?

TfyMS

ymrbh

8>t`NP

[!TOs

[j0Xjxf

#{eV"

F]PP^).

rApAe

%{-^J

~Jq&D

m'QQhF

pUtw8

zD2d]

UsL9V

q"je[nu

|0^^{

160224235959Z0

4{&hC

2vxO7

YWLVQuXLD

d{=R<

Z3$>V

AM|'hR

H9[t7

2.X2U

w?Ijk

z7i^0&

g-ppw

)5\NK

}&,*7

x$caQ:

]E%fXg

8$_^\

DrG5}c<.

+Rl_f

G]c/j]E

e5@B},

=TYt?

;(*s

p*gyY

Rp;uwn

ucS\Y7

$Ojz+

^pssq

v2`,Y

pE9#'<

p0n)z _

}gn@>

^)69)=d6

[% (W

eTdiw}

>rt#}

dj359AGVWd

OzFn??o

<}Uzc

N=PEi

tno"V

5vnn6

Z?#qh

^|D.Ne7

U.c@F

4DK6T@

@m8Q,

&}"B_|VB

7&u\]

!?&H'm

tLhYTZ/NG

6WN;6

`oR`6

t%Qsu

PPC6F

%"vqL

D9eRO*7O

k&"h^

<,<1Z2

tTY,a

QQA}C0

]?skv

8xMxGQ

PPPPPP

K]Y8Pc

lI9TA$

]#yg8t

4B9H(

5"5:5]5m5s5

MO_||

u(y@Q:6=

-$-6.

6nh[15

C*zQq

;-dvi

1O!(i>;{i

Iws#G

rK&Y+yUc

\QKga

`1g,Y]

oQqTx

s:d:g

Lv#Zs04Oi

SystemParametersInfoW

f98\,

:pX$0

#r3<M-

pn4*8Xxqro

+"^xL)

($hHP\B(

~.|'%

vMaOe

wt6GU

m&~ z

ZTUzc

uDWWh

M!e@R'

s?1#r

2$N*_

*vh.IpC

i223-

XqJ~Hh.

Rename failed: %s

%s: failed opening file "%s"

HDGPC<&

xgb iisj

t^!$c

G?O#|

JfAAZ

0"dm`

}v_yq

Bq8,5

FI8o4bOv

6V-SOq

TimeStamp-2048-10

+^-FY'

c{hdt

Uw~OC

]l?\b

.qUrO

sFFWL

HE.4}

=%=/=5=:=@=N=T=x=

D$,9-

_{,=]

P${Rfw

@ ah"5

SearchPathW

eUH0>

}uU j

;}Rt/

e'D.h

6_Oro

4reU(h

x/1:mo/P)r

)~$L/r8

SetFileAttributes: "%s":%08X

a$bY80

GetTickCount

CaSGkM

kai=h

/vX~a

[o#7sJ

vl-*3Ns

As*4^@

|nx7Q b

1jEp1j$

G2O3h

7l!3@

ps-\q

o-,3]

OhRe$o

1$mEl

W1Y'

zW6om

[3paMy

P}1H$;

3}OP^

m&bcw

/8NJ>a

ic[$-

~zD[lS:

O${'0

6TE16

Na8';

RkVA9

MultiByteToWideChar

P@H0N

f>zBjG

9b<@X

[9#v'6

OjK!_

,f*/CO

{JX]t

B(\SG

/MLh0

7E-@X

Hg:0-

4ocOY)

F^YT0b

]+Th3

wg8LX

MEQ]t$

ThfVg

K,SE/{t

KbLnV

T-TTj

q3Ry~Sj

mXC!>

iekHYYG

C5ugj

`{ 0$O

@o$LL

=g<h

S6Q*O

7h$w\!

9>o2^

V74k1

!iAR

=3e`J

O,}[+

xvCU1S

!^PT7

`^^^sS

kv%}aU

6twdi

m6\ch

}&6O4

e,U.N

CreateProcessW

ZOrpL

O~n4Y

-z<_8-

C8u{:Pb

p}ojw

p0!DIq

tTY;5

KEVIt

o,I33

... %d%%

Eu<7Dp

%Q_X0

1yS#S

/=T4^[

~L7v?Qu

8e1@G{

W_0wy?S

EZ}]j

^<:8b

eWPoi$r

pGk&Z

^?Sc64JA

G@YWt

gb| Q

:0&?}(

fOA1S

L]k2;

UUUUW

R~th&-

BJ$fx|

TrackPopupMenu

p8=_,

hrTij

F"C?N

^e?,F

#/ =77

lstrlenA

V5nP)a

7@v=dA

)PWfe'S

E)iF9U

5O0:U

KJvAY

"Bn:{

L{0P(j

6c{.y

l?@,_

C</(LH6

c*DsT?e

_Hmj9

f<qBw^x

d@uC1G

0NDqx

PNG$Qt&

jO]x{

VntI@

p]Dm6M

EnumProcesses

Se<rh

&%Fu2

{^X63

"HzU!

pB=hlO

Sleep

%1O`cT0H^

HKEY_CLASSES_ROOT

A)p|G

#m}{3+

b!QNjy

%slSeF

.$ZfpVh

_~Mqa

GlobalFree

wu_ m;,E

GetDiskFreeSpaceExW

RRH|W

j^0VB

[`d.pC#

9Eg,OYn

9";>^*

RegOpenKeyExW

?wG.-

3%Y/:

#fXT{

|/rn`

4~Gp!

_Qn&s

tEs9|R

k2d)"

SJ9&-

`^'GPx

DvRM

db%,k

oY`H;

iJWnTM

pVUUv

S.BRA\-A>

M~riC

;uz,R(`

aJwX`*g

o5vN36

G[>$=:

my}Ql

ejE",+

rJ9a;|

bqRB'4

Tl!kY

2ssLu

4()E10N

9*1o7

p,1u+?$

'N^B:

huk.rcJ

")ry#6

!hY/8

p2\cN/'

Uu85GX

=M~fqc

Zdbg

Etpt

FT;p3

mP&g-"Z2

-8K2IY

>e]4*

AppendMenuW

F<x6i

150224000000Z

)a2lN6

OpenProcess

G085%$

zY(Flo

Zl)w-&

YdsL]

g2"]2

~~H+%

Wss;<

(z-T>

cP$H6pt

05%)T

eD>D9^

iBxhr

CornD

':NZc

]buxyubO

PD6@d

-b|[|

(k6E$

$SHhp

<[y.v

U6V:s

rw"Gp

M,$T1

@ka}U

ALs5R[<

\1:03

m*d}>

_7ih~

FJ!bU%

eFjLP8

v+=7#

;GOJC"D9"

HLJ:p

NH=!$&`DQS

lSx#7

1k7_"

c6}O0

a=2U*

Boe;k

CrO #

GetClientRect

WO4C:(

u>)|t

2Xvca

2-FU~

2atx|

h0f0>

m2#Xv5

S&M7wd

&LZLW/

1G=5*3

{0pZnl

ImageList_Destroy

^*Ou%

VPd^ebf;F

WxV/n

=i"jH^

kV<6p

:-:8:>:C:H:S:Y:f:m:s:

BeKo4

<^4b0

i!.=,P

a[g~o

|=Ux\

X]e1w$

*2(A5

1oZj9

83('[TH

r3@}A

99x&~

ExitWindowsEx

:{/^ljE

2o9=6

ExymC

sLZy#

R8{g&

g?i!#o

eXHK\

d'd|{

kV@i&

K{I~c8

Q,!bF$

C0HZ+

q!!WM

MaYpeH

V&'i{w

*E1]q

,bV%z

6e`#E

\vnO^

.aXtO

K0pYM

e0~m8o

>'y*z

g9HYBoe

D}!/{

vEhTdb

xf5/,

>0%:)

qtG!8

EezD!

+2jZ]

!QN}0w

69_hz

sf7eA

}17==s&88u.c

G e[h

U&S]|

U6C_q

errAmh

i \hD

GetFileSize

dC~Qx\)O]

Uk^+c]

{fCA3q'

"BTkB

:`-Wb

n<66G

dou@p

1=0M96k

U*yFx

?lHe=6`

Lpmv5

56jO:LT

9`B-Im

kf-Xn

FeU;XfY

{S0,&

r(t'PN

J\{yYc

vc%Vm

5!`A^

X~a4-

]K&u(sA

>aoEH

"UcE?S

x#iSH

eJKjFP

G0AkL`

ke-. $

DintF)=":

C?3F<d

PK#xq

F=?o*

joV04J

~S$+gw

8%scp

$"~ww&

<K_cO4

r~u|K

<p?{q

VW/ D

8#|`*

5<rs?%

`t46qJD

[w4e5

$O4J#

GetVersion

qKQC8rd

;pj~y

",GhQ

tj;t$

c!@&^

a_nz&

g76j4>3I

y?@P|

CreateDirectory: "%s" created

|H=.]

$;;PR

8:8C8U8\8h8

]cG2*

r-n\k

!pU>B

u=m_m

9Y0y;QOQ

r?`j)(

qvv{L

Y4]9pt

LoadCursorW

bI7WK

-]jie

R!Kga

4H84=

4^j7H

UB2Rv&

$`=8C

P.7qb

!0_HE

D`nYq

'vX&4

7Hrhls

l#/|S

@Aq]}

lvuzq

StringFileInfo

Nk|P_5

g}bg1

-MDLZ

O#jCR8

i+ocX

/!E.s

SHBrowseForFolderW

8Ns\\

m&q#0

buJ}#

":Z2N^h

eM#d

:UMq=

|tn|K#y

flTPqoX

f-lO`

OPi(F

BrIeB

cZ^%o

,#8kUe

7Yag]

sXeid

'4{L[

2sg5

N6J/n

+"[;Ug

,eP\GTL

l`6rE

@j\Pz

nJXtO

P[BFy

?sWLJo

w<f%n

fLjQJ

:b.4*F

\s'J)

U"4s1

Q`:V`"~

.[lk`n

h&{'U

,uR#s_

z!z'k

>&VME

9$UhO

-\=<J

uQs2'

; mDgky

7/R3!+$

lI(G3

|r/V)

zUQy6

kQV9%\LK

QSUVWh

?y'[o

\$Z|H

rk RN

I{$e

ZW>:o

-soY\

)vL2EB

_W[&[

d<epD6

20n2EB|6"

]jdB>

2Bxm]

(l!Juj

n2ijt_g9

02P8fJ

P: e_

SetClassLongW

6f1(m+

8+$8I?

.#]FcT

]4;Mhr

m[Ey&^

'e[UL

]%##9

H7~%b3i

Ik|rwJ

lstrcmpW

?~kMB

wLeD'G

OleInitialize

2LP1<

RichEd32

Z+6o~-f

m_R#s

JYz_@6

dt8B8

k{U+l

5SIhZ

K^zs/

hsEj_

oi@MN

9!9N9u9

<IIv_U

4ZQf*~

LGGNMKg

GetVersionExW

9PV-B

9::T:e:

wc!H JX

GetSystemDirectoryW

jAGC<

6xV`K

j7$P"(K

':W/,

3KT}VeA

VbdHun

Z]y-W

+i q

V`c>:

Prr0!{+

'ZCwj

0L_;e

PostQuitMessage

;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q

xJ$Tr$ep6

{l4p/

vB@R'

dZ<1;

JgKmW'

E!nX<

HideWindow

'z6hP

dkb$$3&

}{I1g

{,"S&

v9{B9]

-x(#N

mK-r*

n]D,p

]"fDz

Q)/9Y?

Pl8-xv#

GetProcAddress

HVfy#S

tYu9a

0&DiYlB

O<yyr'

ProductName

;4F?>@6.,

R/;PN

Y-B*l

s8/q",mPc

"o_-e

/sNx,u

p<[4F

4tP{#

S+[dU

kGvRS

k|s?0PQ

C[af,)

JV"*z

(5tR>

c`qzK

k&V$$

WNyf;

m*.^3

E]s{9{

lstrcpynA

b^t%N

KOt\-

t84^~

b.T,S

$F'iLD

|P.4r

2+h;6'

{@C}Z

sxy6\;

"&Aox

hGwW5ab

&Tj\R

2 2$2(2,2024282<2@2D2H2N2S2c2

Dq):$

q#e>Ec

4y{fA

/Y?;~

[cho7

"-~A-8

>dAr<

~-dS{?)7

<&}e9

2\0{l

#$Wg'

>:lVK

nS@|r

'8B#M

u4:;u

SetFilePointer

';ksW

vH]z7IDLO

^Dr*0

pSkcd>T

RegisterClassW

Dw|W?Q

U~}M-

DPz]

5$%vo

(/iTG3CJWf,+*

3.0.18.0

\u!f9O

V$i6]

lrF*m

7MYVt

}<Kg{

#YB"5lT2

S_>~}

bc%]3O

|K,$Kx^

[I'n%5

)#TY9.

qQ3tH

GGZ:

lstrcatW

#-:k`

,'}<:

%<}h"st~

'D"#;9<

(lMU=^P%*

){5?1

{]<27

}(VVu

cy1b~

yh(bX

nV%3B{

23Qe:?|

0r0^1

!-,ji

N.W~g

]Lahb

u IY9

mnd a

+kJw`

&=PJS-<B

\ca6-i

|JTg<

KH#P@.

|g+pcM

6t!$\d@

Y3]Qc

A[&@s

Software\Microsoft\Windows\CurrentVersion

imaF~

9o@(9

qU&+s_

]_N Ut

pOlDN

qt[u<

SetTextColor

'AC[s[#\

:taC

RvD_2

0-1R1r1~1

6B)-h|/

#'g/]LM

@Pb_9-

f[Mjf

"b]p`eNh

KB6p

4~+T@'

9GWgoR.

J8dUy]

lHl\IR

yjiJo

GetTempPathW

I~};pLi}im

PhB:[`

[z<I?

HXnlh

neQ7T

%sb'&

'dmV:

g/8)4(

(N>Zw

-$34L

Hi{6V

5}qjCn

xacp$

pUMBU

?Jfr5j

4o/Xj

}kQG]

*|y "

Ip*[B

r"zJ4

A:[bf<"R

L0'#K

@l96T]J

A<`Js

t7tr\d

;NPKaD4

2UF"L

Z;z8}h

CE|X#xI

Kdpy

GcD<"

QO1Nb

@_>fk

djdih

ce>nN

8'}'N

MS Shell Dlg

dOk7NW

)JZ-r

Yh0G l

M!NK=

Q.%F$

l=glG(YO

Og4~`

#FgQl

VNxQC

bvwIk

c2S\N

NN7++

H!*u~\

_$Izj

FSV/>

jO{c^|

X{&7?

<'<3<=<G<L<W<[<a<f<l<

M,'*]

9-SVj

\[Q{W

8x=>4Nu?

)yO*C

&m@^!

RAG*%

M%aZ'

H/3a8

:Z?=)

r^bRvX

Wx}2J

,ZUz

[.-Q?

3"3(30383I3P3e3n3t3|3

0P[Vm

#a=p9

*^-vI

<YK`X

-_xb)

8!808D8X8

)cZ7,<

|mB6F

z4uy@

!3O|y4

U+Uf>x

94YeTH

'vWrZ

!GJN!A

ixqv6

g*\dQ

ph]38

Durbanville1

Exec: success ("%s")

"-JJ*d0R

A8zx?

&tO;R

2LGZ>L$

v.pO6

R-y5v

l87OO4

@k?Mz)

N}I1]

xn79[9'

R\$uD)

:UYa,vkF

Y:! Th

(-oi

8zIVa

(#Cw5

vyn;C

lstrcmpiA

fL(\>

/<,s6

m<xj}7q

_aHI!

&J]^~yO

,Tq.:

AA}CtCQv

#>C7P

0huZr

"e!rx

wzLTZ

rHB.pT

pFOOHSNNSMFB&%

C]!xG

mc,Jk

&PC>H

SHGetFileInfoW

4a5r5z5

g,EdC

uw//=

G}E" Z

dr:'l?

u$9Mls

Q}*7'

OUx)0

k*uo)

]juvl

MSs34lw

111;1D1Z1a1y1

http://ocsp.comodoca.com0

ioT0g

"LB8>

,(FJj

W$[.'

p2:X8cP

'U3Ueh6;-

9*f[yFu

V,P=}

wvn!Ng

2'2B2d2v2

&A(JTB

u5&.o

<tp$u

GetTempFileNameW

IKK:+

Eo0\j

K6#hqHx

#Vhh2@

8`Z #*

Z`X1o

n"}m]k-

'$ADY

?C*r7}Z

}m&=Q

RZdBD PS

keupsT<*CiJ!

Y6Ssv

+'jru:

k'#W:

1UCOc

pfR!F

sAIf8

Ni-U"

File: error creating "%s"

06A8zP

|GFhs

U6.Y#g

os.g{]

sWV1h

x7v>(

@Q3p?

%;3Yb

DeleteRegKey: "%s\%s"

Pa].C{

.X<-y

5|9z|.

'j3[5

xeNR,

aIs!:6

=@41\

*Z|Q+`

)9@3$

BFvWz

VwyS2I1

b*XRr=

CharNextA

N&;i?

121221000000Z

"1?2,1$

xW+*V

KCj]\

]}{j>

1R"Sv

B8H,

;Ayxr

%0L_A`

XXU@7

?gYp$

4 AY\

eix&M

h}y$tc[

uZUlV

;N)VP

lis^uu

c)444

7.7q7v7

5xixKn|-/H

;-*<f"

`%-in

jf8=<Q

|f_F3I

*4'f`N

Y4v)H

6|k2l

QVxf{

X#F B

Y%zsC

~)#kl`

=L&\x]

w>|X4mn[_

5r!#WF

F!,UZ

D>,$O

&)hb{

I0[0`0

9W5!N%

}%1LB4

ffdu4

`wd8d

\(5ZN

crAaou

%bsWz

+FtF-V

xG ON4

.y=VPD

2O5+H

FtyL:

A"e}~-

99:f:{:

H"=em

jE]#ldnM

Up63X

Sb(##

,bQH%]

@+dp8

0vjkk

:Xg)]

eB(WwZ

{Xc"!

<eevs

]a]a]]

UfO"m

a@ZuI

!%-v]

7A-M8

GetSystemMenu

5`W0R5

?4xf)v:TIR

8\iex

H-O^r

ggCjd

{Mc7;

qUBAj

nXlX-(

[bVr{

OqxA-

S d\-

g_n4U

n+=W}

g ,h#A

x)h!k

Z>#)g

nrb?Xrk

SelectObject

Z[M2(

!5}O\e

|ktdv

jCsv+

Ct+.S

E<P].

)@$?z{a

\N0Z:

7'M=F

N-w-)

;jKoo0

|dOr4

SUVWj 3

?C>J9i

Px6pz

%>x4f**

<8+`6

ylNQo^V?

ka9ZYt

uFOU[!

5N+|o

o_:GW

A cjA.

5ly+%

7.L"5

CreateWindowExW

jV]U]

`jL[C

l`#DC

U_qH%

G66(a

M13as

SetCursor

RegSetValueExW

ZL$&a

M?g?2a

7L#i:F

diQcVez-e

|N';.8$

~',ik

v|fd%

SDJ'nWc

sU\Yn}

m$Z'.:

Kr|Qtuy=

y$>k(

tf(aw Im

yh|5v

-$ A

;~44-

EDQ2S.

r0I^A?

>Iv55

Da5V} #

YSEY[

}bpP"

B-o@mm=

Le[Jmd

oE;!v

gkV'i

LoadLibraryExW

X7~fZ

&dB7*

+)Or9F

$03C5

Hw}]rbH

dWh_4

100091

F.8Nt

jPOPLXmjVKKWMEA'n

8HfPF

ZJx1zG

`IT5#

g-I6R

D&Obd

][>;{

>X^n"

]O}6wM

SiJ?yA

{X7.C/

MuXGGX|

@/^+M

9$|~<:

RY>r;

ZHbO7

U7@&A

k/d$F

:2NL1

:JuN:p

E<Om+

T,4^3

'D1lV%J

|KOL-

#`9VI

y4D6?`

FillRect

:<WIH)

o61;N

{JxL=

bgx['6

ho;JC

\AD/0N

c]NHh

C^`aJ

&v_?a

-gb4&|$>

W^bM(:

HI}?h

-3>{c

)j@lq

:;h}g

8mrvo

M+l5+

,peME

nYS5L

VHL1b

sKQgs

]ixGl

<61W:=l

3<o\\$

.2u|B

!A{L4

/$z$ojH

Vv-S1

4)bnSk

I%DBP

'Q^oh

ldJ~J

l! 9c

HgL[

NaLy:^C

o2kl9

#>32l

[xU(&

F>`Jn

HKEY_PERFORMANCE_DATA

pD?>A="

p|") d\D~!

cm>Fi!

kpN$<

9R 2|t

1\:jG

AQuQt

P@DspVa

D4vr*.

P,3a+

EQ;Atnq

TLoEn

B}]RVj

c d,'

@-y"sL

'.Yvd

CoCreateInstance

D`.pI

]&Sag

sr"'.{fy

Rename: %s

KNtaTm

k4s}J6

SQ+`f

\bvv]zz`

6/d!p

GetFileAttributesW

S'ycq3

PortableApps.com

l|Ym)

P$CS\

4%444@4I4X4

o#:q`2N

a~Qcsno

p+pK~|z

N\p%`RH

rxHOK

A=yea!

:<(H8K

rCQ*.

"Y7rls

/2|3d

zTl=iw

wc&]X

DispatchMessageW

fxWBO

H0/ur

f%0l_

r:8]{0>

>YO:m:

{l7j=

)=UWr

<-i8gb1

TimeStamp-2048-20

_t5a7

6{jTl

hUY3A

|iV@yC

hra+

>1iT=TkD~

-gU3o

W-M-#

%Xm(d#

`1\VA

</6yE

BeginPaint

Pnr1'C>

nJ7j$

(!et>

v.UF$

l&sUf==F6

ib]xJ

w@^X9

,4Ena%al`

!8]`r&

zyMtLZw

-C2/s9c

~s.G>,

&`eD3

Ju/8l

.gEdy

hyq7@

q(X9.

P {Eu!m`

jm.H=C

Fm.A9>

Q8a,KO^

8p!DIr

@D0I*d

w!#8/

MfeuO

\B4#8

e/z/tz$

8l3F,

J`BS2

Hm#&*oL

)WFD2r

dQeN])

\FNsVgs:=N_q

olw'z

>5Cg1

)_.YN

>a|L;

A;8BV

72iYT

&FpX!y

eyWG/J

J|T%sB

aPK"9

!ArkBcY

fND3H

I]*@{

PRW3ZF

781g##

.5&Mt

h?%Sg4

BBL#%9

ifHq[

^HN2S

f|B.C7

|+fy"

C`[MD

nX3Gfx

R}DXRZ

PTC=Np2T

os@Rno

Q-.{d7

@$4s1X:

_(KN;0}

iWgV]

.*^B

NK1kW

-B+)S

5 Ns~

w_\$n

:j=md

Wg=0w

Ps.wM

(11)u

AfZQyK9

^_,k[

8oK40

Vr_kw

y7kb7

)f~U`j

'Symantec Time Stamping Services CA - G20

^v #w

yi6s9

5wBZk!

KR.QY

Ra1U?

ti>$UO5\)

MqT~x^^c

pN.8'

m7'kA

G+n/6

TY<GPJ

U(OM6

[Vl41

p\cOdK!1

v6]H}G{/

O3oxU

,:u'r

G/\0u

FyRxL

EE.XX

@&mpX

`4Fk/

2Q6zT4

Be#Nm

4mx7xn

iWsC=

EnableWindow

*Ubh"&

l"`u:

\Microsoft\Internet Explorer\Quick Launch

B"v*Dt

n]1J]LX

;:ihd

n5$"-

nfsOA

CloseHandle

!;p,M

u;Z7o

5I?e8

%j+$U

9xk()

y$XZz

9V1mz

5"5/5

jsNN?

Wq|h_}B

c_)!u

H.V]X

-Pd,q3Q

@}E>Yh

n[sGN

R(kKO

g^bQ0

.}vI8

T3<]^6

#q/f-L

qV$;r

w+;pr0

'`N{ZD

DQz>e

IidYH

Y\whO

EVE4d

-g:q1

"TJyK

Rl}^>

|X)Px

S(nca

-y ?c

z*]hnH@R

PRe*>

V3'$2

%XwwyC

&0$0"

97j\?7>

]OL/x

y3xR}

!XDC}

YQY7C

'2hd'

Os:71

] 7eAE

:m{6m

4#4*484C4O4f4m4x4

`nm=g

R+:]J

uNja|

V86Cf

Ii+98F

z7w2<<

Ve`t2DE

m:V{l

1.(1r

A'*s=v

ai'US

_%\Hx?

g2vJF@

,k9We

7{Cbf

:1Mua

,ul,N7r#7

>e7&?

5-Z X

xA@PO[g6

*KS`+

>+9KT

WhlB,

=6xz^

LQ/}7U+

n1/V4

`[!E\

Cidm{A

1c}7z

0[Z;$J

.txue5

v(hRA

Du5QA

eB#pk-

.E]8d_D

1;[a

122Aq

3pA-P

2~=2SR

lWzAc

wnw.fI

"}f6Q

s"mMo

^7MT<

p{"sh9b

*9?Z&(R

,wRl+

Ze&P_ai

created uninstaller: %d, "%s"

%u*X/C

COMCTL32.dll

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d

`v6)G\IT

L}*Uq

zk{q>r{

PortableApps.comInstallerVersion

200530104838Z0

=cQ(]j.

&e| %

?:.O[TH

&g_2H[]d

:Xbmd

C")]+'W

HZRf0>J

a-XXK

C!X/_z

" lWCA

<?'cr

pH+>'

RemoveDirectoryW

Pf"2e

q3bRAb

0 0$0(0,0`0d0h0l0p0t0x0|0

gree@

6j;4F#

m#$zQG

-?kb<{

Ey_ep

qq1p_.

RegDeleteValueW

{_wknb

2907~U

&VYH9S

;2yev

MN{]@>i

@r{lH

!`5%v

cE|4n

j'1.j

]H46;

:<@pb

vQaFY

eoN.9

ZC``3

BI'_4\

RegEnumKeyW

Ng]E6l8L

V^NS/

4"4(4-42484I4]4c4i4o4w4~4

m#l$3>K"

<M cR

:a``W|/

Symantec Corporation100.

hYc2Q

IsWindow

Bs5Hjo

@k+Jz

0=?$t2

Error registering DLL: Could not load %s

H/jh@

scR9P8

ve!@T

$)$,"

[-U+P

IJ0\9H

Vs)wbe

]i_OB

;P^\-L

V`->o\

W<H5v

PO Box 2271

W9lM_

WcL._

KbZ3*'

4`CZ+

UnzY>Ju

_`!^0

p/bUp

;6u>P

:*L]vgZ

v6|Jv

Mc:jSO|b>

-ezJB<&h

IsWindowVisible

8A0??^

OPx9 K

AddTrust External CA Root0

awm53r}>|

OB2U*{p

x&+%ij

y+i]t

k]ifz

(."gI

W=EWG

,s0Hu9

peU }

|-zltP

UM.:+

#~gO[

@Gk3o#

-$s67

=\gt#

s;Cvp

L&6"8

A^B{.}

t<H_)fp

hI6>Fyw\*

O>!GRV

Y%Zq,

#1Q#/

/Je#t

:1q12

^:j^%Z

z!Nm\"

#+Moa

\%RSmc

dC>W=

I9FD

rpWvL

SbIBG

}!b:q

CallWindowProcW

2W~FU

Lw8O!^6

x~)_f

&9nJl26

C'_U"

_h$h=#=E

tn#[.

=zSH<$0

3,'0#

'{piD

uevHq

T$e`U

b2<4K;DS

U2G8^

xm#X!

WriteRegExpandStr: "%s\%s" "%s"="%s"

OO1ae

D^+x3x~

j[b:m

V?4Kv

(`ZVM

)S3|"

^;L]!

;TL1P

qw)0E

Process32NextW

RegDeleteKeyW

M@dz\

]n%r$

M2)CLc

V{sCV%abl

.ozZ/

~p7b7Y673

1wnXk

N#us@

;5Y{p%

j=E<.

2}~(:HS

)m]~uo

b/0<H

-r)|P

9Vf Ew&#1

giOQG

Wo`@(i[

YB~1(

<bAa^

u}9-$.G

sxf'U

Delete: DeleteFile failed("%s")

HKeJQ

WaitForSingleObject

|GYGM&

wd-8:@

+@bE8

Bb"s1Z

OpenProcessToken

zRf\`

Ig3v8v

i\RB7@

uitOw

pp'wZp2

A~3in

!R`\g

r&'a-6

4i8wf6b

SetForegroundWindow

pA&Us

MJp5{

>S>{6

#~2B2

=od)D

hO"S;

@Lz49

_$?MJK

yam}l

;6,~_

<U\m5

?1?<?X?t?

#%%U<_t

V2PP<

'h`B"

ur\b@#

DRV<;

t^8#On

./+^y

e(s@:

F5s=X

ExpandEnvironmentStringsW

'oK%K

x7W{F)I

->iXFv

RFtOx

SetFileTime

l#[%;

|r$n:

3dyf(

m;$}M

s'P$K

-PCS\

"x8-)$'q

M?PK1

dp]?i

c:."n

\<ij`

B6Q_F

1R7U0

bMgbX

K\**Vf

[HTf{

ufhVSo

$e1-T#

]'.{:

}i5;|N

5\Kv'R

2;x+q`

6Mt!,}n

+zNE?

SLC '

kqE@S

j"]d}m

KZ[yz

S vh!

p'<Zp

@I+7I

ll>$v

"cuz>

5Mv?6

0Fk@z

softuW

B#Neg

$<na=cH

QtBxnjt

^J9k+\

O|>4h

;4E41x

/FB[Y{

4W:!1

buuu(

@lbr~

AR@{<

MEaFBV

c{Z^R~=

.|%@o

d'eYD|

F^@|KP

Q`h%A

202t2

"dlS>

c<=_m

yn>&}>

K .r6

bC$Pn

`0hb`

KRgn/

cB-0e

PczF~

GYTd@

^|dNUp

>^^SIg

;5<w%&E

-g2?V

;CDf/[

)rLrbo

tzK.x

GVY?;

+<D.(

3v ~*

fW@&C

XOwP!

}U@PZ

ja1|@

0;EeA

KgYS6m

vu>O=

*i8 q

|A1zd

3%E4:

"i8F>

50301

KzGq2

Z|_|q

2cUxO{

7"FwB[

AwzdV

DialogBoxParamW

FreeLibrary

IbftKT

,]q&r

D$$Ph

JwWL4

w12,2

+U^7XPP9lp

c.8o)

T?]pJ

3U0'DS

MTueD

Mm("{f

1s9#D

*xfLbi

$!+[(ZwI

RBsw6

D:,oN

PlAsc%

CompanyName

3=Ty$Iu

Kernel32.DLL

B<1Y44V

t+T7g!Z

IZN3U

1fQ*d

fV,vG

{)iZwG

?.Tg!

o~M"4

md*p

Mh}7y%

a>8);

(D/[Fi

IHQaQ

@D5<=

M\FZ?

,DrMLh

Fv`B0

j5w*Y

uBsV,

C=-C}^

J~0a<

z k>}

Jy[E5WXj)4

ZZKiN

CW?B>

2Y[Dm

:27Q6,4N

&EY`>

!ehoK

_1(<H:$/

qO09T

p@7nkW

lF-)X

LoadBitmapW

y~10Y~

SetBkColor

GetTTFVersionString(%s) returned %s

"gL1)k

.bXgy

7BK*q

y6ipkYR!

F2u%OJ

MlXFM

O%Uh9

(a>?'

)B1($

}{v:i

ZG,3T

OKgNKC

*fD=z$

^ _Ic'

*j@J.

*O{va

4LzMD

tw-ezo

QGNsFmK

cnK$8

RT{C3g

8p9<=^a

W/_Q7

i,8CO

*68Xy

Exec: command="%s"

#q^.6

R1Fk>

bfhit

(u=Fi

I'"DM

j1bfl

!Re(nl

9[ga#f4

CWG,~Z

"Whzp

$.!x.

ImageList_AddMasked

=_f\D

280508235959Z0}1

_IHpj9O'~

YnILxh#

.]!*'

)a@Oa

DzQCi

X%=O~

&/v.5

KAotH

\;qA=

?sY=],

>Z[}x

|[a?z

Garjl2

!qP]k(

p"V}</

sJF;o

@vriF);

FY:.l

.h'O*

y|!IV

J-}AN

ht=CF

E{yQ!d

GC&[$}B

!KI+OF

6&vg,T/

<2Cnb

FindWindowExW

%i!ii

xfA>P

=l78ni

zV@uM5'

iQ>wp

PeekMessageW

YCW@M

;^/"nw

K$Znl

63hU|.

rO6<(

\`:wJ

)DNb0

9bW~3

|Hw_..$

74X7M

u(KR~j

EM;P%y

FE``U

tdZc%s

h*xz|

wsprintfA

$D#or

}qY&?

rw5TA

!}T-A

C}AU"

t$$VV

hf1}q}

s#\:>

UC>U]E}

mymGt"

^{i0f

Delete: DeleteFile("%s")

:Zf'kA

T4x+@

]N5y5

MSh<B"

@/b?t

<O}rg-

Ra||R

Installer integrity check has failed. Common causes include

)sADY

?Da[+/

ICCc+454

CHVP4

X!<XN

~)0y8

$TD["ES

(Uu|Ply&

Y}rVY,

mM?+c-

Control Panel\Desktop\ResourceLocale

.+`^c(H

DSe!R

g:/$`n7=o

j.=2e9

fOZw2

j^[H{

iaSMp

QobKx

i:6?)@

|IOC[3

0'0D0M0o0

nJJ|iz

2nZ`v

og%B6

V=2U,`

GetWindowLongW

37d\j

<T#(-

1;"KW

P3_j2

I@Ni#X

9[^qj

))OA1

.E0*t

ii+Qz

rKdBY

F"&8}

{055M

/J#YJ

UBUEG

_:7)i

QU{{-Yq

*HrzC

t%Y+]

HGbj0

-?b|{

2J+w}

{{$sH

Error launching installer

ZG&Cb

!$]u?zc

797C7I7Y7|7

/N/Rt

nBW+L

WriteFile

mAYM%

/p\-CZ3

;RO0'

@QWU}

(`W"aU

DestroyWindow

5T4=Bp:

HCgNr*

I-6OG

Ec<.6:

0;1A1Z1

e6.Du

6 1lm

m)%<ZK

d[}hXm

M674"

gVFM5

&O2Q&

?<`0{

O.<JVO

LSB5<&

9"dL|

VSUbOI:

.@|axK

tM]mm

{~GE\

'Symantec Time Stamping Services CA - G2

OWdxeb

% ldnW%*

0,/~=

Wa:>t

Q19Y[

]d[l\0:

?V)vP8

NHwN9

sO\BJ

0'$3d

E+_wb"

OK'mi(g

9}[WJ

Ev|$D+]

Kn$T$(

':bMPf

%r*(q

RichEd20

%.m3I3

r5LPO

D)"'I*

7}p%Li

hP=yc

nh[a5

4/G-

+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(

IS(Bs|

PortableApps.comFormatVersion

V-'u,*

4Aq e

bD$Ck9

~-xdc

<iz?ehf4gnwl

:~}#R{

g!wT`3

{8gb#

*bw2ud

b"nV&G

BXQ@<

LSVW3

1Mm ^'

IekCCo

P+LW$

U61f(

[s!5=

RG)2m

%89|a

\1x`U

1@aZ/

([edh

psbIR

201229235959Z0b1

8YGJ-

1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1

KO9V+

nDS {

"\+T$

[7*Mn

/Au5b

RMDir: RemoveDirectory on Reboot("%s")

+tv5Hg3

myr?n^

3wR^-M

VOp^P

ojI4($3C6f,

/~aQ]

'+jM^

A27[,

qjKdxr

ywgTH

_+vVoP

7Rzch

Dc+t{(

XTbU9

0A*(4

YQnet

8B*l%

A7LF=V

^uQa>O}

%4J)3

N}G!_

}]!40z

><;(iN

mFzg(n

QK?I^YM

5zWrE]

+yV2L

)g(]$A}

#c~H1

JX\]M

2Ug^%

)<')0

VVVVj

L>qg[

3u[f5

Zlp)p$

W_z$$

nU6Et<

Wc,)%

[BaKX

P?'j>

#%rjuD

`BHXRw

sUOXScDU

?tM2}!1H

]P7Rr!

S\u]v

GetModuleFileNameW

"%SG,.V

'HyVP<\As

r{55BE

?{.D?

W[kCe

_{Fa9

"3Yt:

V7d6n

))}]rq

3$(W}

MszQ`

$24LL

C`(?am27

8W,9+p

]T|(l

=;A6v

p95~Mx

h2i z7]

[i,?<

-L<Zk

j6HQ}

Q9"3C

!le;@

l-g<]]

&]:%U

%5=]g@0

gZ:L.

-+-V,+O

= =1=

RK8+k

8? o>

`cGe_h

x!a+xY

g)0M,

e\;a'

VS_VERSION_INFO

P!d!P

z[`DgX?

/Z8u?X?K

baP`g|

k~OSu

$1E6N.

c\DfG

,G6og

A0djyx

hDlf)O

y7wgS

I/\@W

]jxdE

ZJ |[

WG+"G

:+[-B^

bg18JE

# +a&/

UmDoh

sk*e=

6@|v3>

CGRQ[

1r0W8Xn

q?ie'

oe?|#=

{49=Ii

}7;rc.

*e~<_)

xpVLR

a0"yS

=aL-U

Tc"*y

fd$wT

CV>%u

mid{FY

X<^T}

OpenClipboard

LgB.t

)0'0%

SdV0D

+I1&3

SMALHB7

OP{&;

?1J,U

U.^fO

X>W%7P>

)8{P14

kq{\V

$qu4-

zuqYq

.Q,rU

abvn&

g9BC.

.3z*U

94**wma

6[geLQ

2>.z1(k

N2p(-

Grw{E

Q|q~^

%`}I#C

ExitProcess

_r;q3

otcP3/

zu7c8

Bk;ww

UlgeOrD8

3fZXm

D$8PUh

13,le<

>2`kV

DRnA,W

NGE~.

.8 -Y1

'ZTS@

Ct_h"

Please wait while Setup is loading...

XS2^W<i

W$t#y

:_6dj

TxG h

'OIBT

M-R]b

%32c2?

e79d+

0r{dLsA

VDe2JV)

H.+d;

}e3,_

N4J}2

n"iY/

CreateDialogParamW

G%01$

#%%2=`

GetExitCodeProcess

Z>~Rv

LGLtPPp

/<#>X+P

[Rename]

9iLL-H

{"tm&

}L"Tp

Zaa=FI

\EnK;#@{

Ou#_"

"L'5qM

Rb6K$

2gX2a

Crb/b&

c@Du>

NQ4&.

\INw-@

VerQueryValueW

@]%S=

:T?Cc

g9B48

tR6sc

G* _M

*oLFv

d_4Vu

-|R&.

rjv?2

8WBR!

cJjJ9\

GlobalLock

SHLWAPI

fk/!?

kzZKmF$9ya

GetPrivateProfileStringW

{i01=+

a#PHZ

2&(03

Bj u^

_^][Y

SCJ8a

<0AEA

8,d\_

z&m{sk

y#gS*

&5UK|

Gpo/U,

I=3x<

M|hls

Wwkn9l

$3?U,d

c)dh'~

!{6,i

|qvhe

InternalName

a.A$Kg

/{<_`

01&gy

26jxV

sq;|{!

(jY~<

%/=QR0

g1u>*i

?Z\hR

?$-z>

H#nRo@

Nib!K

&%0h=

4a3xHAD

IsHVSo

/:[0N

j~:?X=

qR15`

W.LPm

En%l3

di;Ss

kTDPu

HCIs&%

oCD[3

'1^lF'v@

%2ER6v

FindNextFileW

^.WtHQ

d' s!

G ]p

{g/:Qr5:0

NvmI}s

h|SZn

V~]Rt

LisFE

V>$5-E

8 0D!sy,

2!1^8

4G?6f

C;|]n

'+-cZr}

y!z>'

tA.+M

t"G>5Q

|s]e~C]u

K1/zih

t!E0m

D3-?F

Go(V9

incomplete download and damaged media. Contact the

+7:b-

1Y0fF

?=tD 1

G\<ZR

B<0crj]

}iE%-K'

>G>ef

.<&q>

72DX

FLNOa&

UhYl?

&94fa"8

m:wM~c

s$a3x

GetSystemMetrics

q14gq

_HWye

]#ytg

~EW@k

^xe:1l

>_WvyD>

ZNNAd-

%Khv262

7u)'N

DF<,@q1

vd8K<

<s{S=

8oKefNU

aV6|abK

M*p&)

s?u%D

CloseClipboard

#l-RN

'".B|

^_:$b

XuFSI

k3Ekl9d

N24df

l.G##

u|UQs*

4xb2P

[~#g$

4#]p6

7hex3

1*inD

G(PY=

XZBSJ

!tzP#^xUB

r2hp,3

t3u1@

`X1%/]

D+}no

HK*Rr76

V}Qra

9g`%,

<|&YJ

'u+57

wU,W{.$

m@I6wx

AWB_(9

_tb $1g

.oAv7

8JS"St

g@_4[

f#yVH&

USER32.dll

Y4D]X

$/go%b

U#),<

]Rpt

y,Hv(

={N~>

(Z}}]x

651}]

@IoR'

!eR'n

&zanKh

sZTn5

0TD.U

/+Vm_l

X;J%?

.gl=v/

3N$wvj

qNb1T

I~Etw

Oa=49

o*mSy

|R9=$

V9%xK

g;0G7

x`!+b

lQJ!e]Z[h

wE~d0H

lnPG`y vbv&

bln~*I

GetCurrentProcess

wH~:Aa

IK?bM

(jNsF9w\

R(s#R

0bApt)

W[7JK

QjQM3&

H!%q!

.ndata

wG03a

GetClassInfoW

5FZa)C

0P@.sNEq

XHtk'

'9 @t!

?2?B?_?j?

GA=;KJf

s(=y"

nX sq

FhCwH

.!f}s,

mUzp-

SgH{pw

+B]8tE

X>BE;

Ye^\>d

1^3\A

OleUninitialize

0?k$N

!#g_f^

/}6ZyG_

E}hu}I

W&y9?

H}4mD3c

!SA_3

8!(#C

~\E=0G

[MJ8^

-~!kEg

bxAAo

;RYUD

[x}B!

NNs$v]

Z2QBB

sW~E+

y92Hq

?r{~*

|bTp8

DQRca

_agt4

kRtg4

Instu`

XG+nb

av.-{

1uXO;

ShowWindow

Ht@h@

eT0tE

TxN"

0&Rdv

yOqQ-

w<](j

0*"?%%B

f_Cu@

P1?}!

!F(L+z-

Jump: %d

1dwiL

File: error, user retry

me@quU

Q0e'z

zdjp8>

8?+6N

S};$q

l7} Ws

+C^)g

by/1YZ

8'#C\

qk@MO

ShcMA4

+rkgDQS

85HO\^

^s?.@

P*Ozq

I})UR5i

HKEY_USERS

P@\xC

dhMGK

LookupPrivilegeValueW

g<VBh

qIS!=E

O=omU

~nsu.tmp

3*D/@,E

69).|

;#;A;H;`;u;

ds;D{

qf}CZ

Oo.Wm!

u$9Uls

Delete: "%s"

i'T^U

nGrg)

fA P|

MG@.USd

tyV>O

nF_H}

stTCYo0

AaSO0

%\oca

f58ksIN

<}ZUc

]E'')=

j@xID8

Yd,L>

GetLastError

R34/%Ys

Q'i,sA

pwv6R"b

O3G+FA

Vx{a2

rgEug

576@6^6k6

]u)>$V

4-{||

C=\rq

s|>_U

+&/d,-U

-lap#

!?2o_g

TYXR#I

RVZ|,

"gH%n'

.#ALGp

({cFt

`8s>w

lwGZo]

Jb^Qt

'<6W^3~

6r{6R7\

.rw`)U

d^}\MJ

'n/V]

C bj7nv

i{s/0-

K2<~yZ

)wWNP_>&

PE Information

Image Base	Entry Point	Reported Checksum	Actual Checksum	Minimum OS Version	Compile Time	Import Hash	Icon	Icon Exact Hash	Icon Similarity Hash	Icon DHash
0x00400000	0x000039e3	0x0015cc9f	0x0015cc9f	5.0	2012-02-24 19:19:59	32f3282581436269b3a75b6675fe3e08		2c09465cc979677d65781d9403176c31	5c00f471cce984e3b873ef9ade242aed	71e0e4b8cccccce0

Version Infos

Comments	For additional details, visit PortableApps.com
CompanyName	PortableApps.com
FileDescription	Ant Renamer Portable
FileVersion	2.12.0.0
InternalName	Ant Renamer Portable
LegalCopyright	2007-2015 PortableApps.com, PortableApps.com Installer 3.0.18.0
LegalTrademarks	PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFilename	AntRenamerPortable_2.12.0.paf.exe
PortableApps.comAppID	AntRenamerPortable
PortableApps.comFormatVersion	3.0.18
PortableApps.comInstallerVersion	3.0.18.0
ProductName	Ant Renamer Portable
ProductVersion	2.12.0.0
Translation	0x0000 0x04b0

Sections

Name	RAW Address	Virtual Address	Virtual Size	Size of Raw Data	Characteristics	Entropy
.text	0x00000400	0x00001000	0x00006f10	0x00007000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.50
.rdata	0x00007400	0x00008000	0x00002a92	0x00002c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.39
.data	0x0000a000	0x0000b000	0x00067ebc	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	1.47
.ndata	0x00000000	0x00073000	0x00159000	0x00000000	IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.rsrc	0x0000a200	0x001cc000	0x0001b640	0x0001b800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.29
.reloc	0x0000b400	0x001e8000	0x00000f8a	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	7.87

Overlay

Offset	0x00025a00
Size	0x0012bf10

Name	Offset	Size	Language	Sub-language	Entropy	File type
RT_ICON	0x001cc868	0x00012524	LANG_ENGLISH	SUBLANG_ENGLISH_US	7.98	None
RT_ICON	0x001ded90	0x000025a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.18	None
RT_ICON	0x001e1338	0x000010a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.51	None
RT_ICON	0x001e23e0	0x00000ea8	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.70	None
RT_ICON	0x001e3288	0x000008a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.02	None
RT_ICON	0x001e3b30	0x00000568	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.67	None
RT_ICON	0x001e4098	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.84	None
RT_DIALOG	0x001e4500	0x00000120	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.56	None
RT_DIALOG	0x001e4620	0x00000200	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.68	None
RT_DIALOG	0x001e4820	0x000000f8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.91	None
RT_DIALOG	0x001e4918	0x000000ee	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.93	None
RT_DIALOG	0x001e4a08	0x00000120	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.84	None
RT_DIALOG	0x001e4b28	0x00000200	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.96	None
RT_DIALOG	0x001e4d28	0x000000f8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.11	None
RT_DIALOG	0x001e4e20	0x000000ee	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.07	None
RT_DIALOG	0x001e4f10	0x00000120	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.84	None
RT_DIALOG	0x001e5030	0x00000200	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.96	None
RT_DIALOG	0x001e5230	0x000000f8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.11	None
RT_DIALOG	0x001e5328	0x000000ee	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.07	None
RT_DIALOG	0x001e5418	0x00000120	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.84	None
RT_DIALOG	0x001e5538	0x00000200	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.96	None
RT_DIALOG	0x001e5738	0x000000f8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.11	None
RT_DIALOG	0x001e5830	0x000000ee	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.07	None
RT_DIALOG	0x001e5920	0x00000118	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.65	None
RT_DIALOG	0x001e5a38	0x000001f8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.73	None
RT_DIALOG	0x001e5c30	0x000000f0	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.05	None
RT_DIALOG	0x001e5d20	0x000000e6	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.10	None
RT_DIALOG	0x001e5e08	0x0000010c	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.48	None
RT_DIALOG	0x001e5f18	0x000001ec	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.62	None
RT_DIALOG	0x001e6108	0x000000e4	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.86	None
RT_DIALOG	0x001e61f0	0x000000da	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.93	None
RT_DIALOG	0x001e62d0	0x0000010c	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.48	None
RT_DIALOG	0x001e63e0	0x000001ec	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.63	None
RT_DIALOG	0x001e65d0	0x000000e4	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.87	None
RT_DIALOG	0x001e66b8	0x000000da	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.93	None
RT_DIALOG	0x001e6798	0x00000110	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.58	None
RT_DIALOG	0x001e68a8	0x000001f0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.68	None
RT_DIALOG	0x001e6a98	0x000000e8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.97	None
RT_DIALOG	0x001e6b80	0x000000de	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.04	None
RT_GROUP_ICON	0x001e6c60	0x00000068	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.72	None
RT_VERSION	0x001e6cc8	0x000005b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.35	None
RT_MANIFEST	0x001e7280	0x000003bd	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.23	None

Imports

Name	Address
SetFileTime	0x408060
CompareFileTime	0x408064
SearchPathW	0x408068
GetShortPathNameW	0x40806c
GetFullPathNameW	0x408070
MoveFileW	0x408074
SetCurrentDirectoryW	0x408078
GetFileAttributesW	0x40807c
GetLastError	0x408080
CreateDirectoryW	0x408084
SetFileAttributesW	0x408088
Sleep	0x40808c
GetTickCount	0x408090
CreateFileW	0x408094
GetFileSize	0x408098
GetModuleFileNameW	0x40809c
GetCurrentProcess	0x4080a0
CopyFileW	0x4080a4
ExitProcess	0x4080a8
GetWindowsDirectoryW	0x4080ac
GetTempPathW	0x4080b0
GetCommandLineW	0x4080b4
SetErrorMode	0x4080b8
CloseHandle	0x4080bc
lstrlenW	0x4080c0
lstrcpynW	0x4080c4
GetDiskFreeSpaceW	0x4080c8
GlobalUnlock	0x4080cc
GlobalLock	0x4080d0
CreateThread	0x4080d4
LoadLibraryW	0x4080d8
CreateProcessW	0x4080dc
lstrcmpiA	0x4080e0
GetTempFileNameW	0x4080e4
lstrcatW	0x4080e8
GetProcAddress	0x4080ec
LoadLibraryA	0x4080f0
GetModuleHandleA	0x4080f4
OpenProcess	0x4080f8
lstrcpyW	0x4080fc
GetVersionExW	0x408100
GetSystemDirectoryW	0x408104
GetVersion	0x408108
lstrcpyA	0x40810c
RemoveDirectoryW	0x408110
lstrcmpA	0x408114
lstrcmpiW	0x408118
lstrcmpW	0x40811c
ExpandEnvironmentStringsW	0x408120
GlobalAlloc	0x408124
WaitForSingleObject	0x408128
GetExitCodeProcess	0x40812c
GlobalFree	0x408130
GetModuleHandleW	0x408134
LoadLibraryExW	0x408138
FreeLibrary	0x40813c
WritePrivateProfileStringW	0x408140
GetPrivateProfileStringW	0x408144
WideCharToMultiByte	0x408148
lstrlenA	0x40814c
MulDiv	0x408150
WriteFile	0x408154
ReadFile	0x408158
MultiByteToWideChar	0x40815c
SetFilePointer	0x408160
FindClose	0x408164
FindNextFileW	0x408168
FindFirstFileW	0x40816c
DeleteFileW	0x408170
lstrcpynA	0x408174

Name	Address
GetAsyncKeyState	0x408198
IsDlgButtonChecked	0x40819c
ScreenToClient	0x4081a0
GetMessagePos	0x4081a4
CallWindowProcW	0x4081a8
IsWindowVisible	0x4081ac
LoadBitmapW	0x4081b0
CloseClipboard	0x4081b4
SetClipboardData	0x4081b8
EmptyClipboard	0x4081bc
OpenClipboard	0x4081c0
TrackPopupMenu	0x4081c4
GetWindowRect	0x4081c8
AppendMenuW	0x4081cc
CreatePopupMenu	0x4081d0
GetSystemMetrics	0x4081d4
EndDialog	0x4081d8
EnableMenuItem	0x4081dc
GetSystemMenu	0x4081e0
SetClassLongW	0x4081e4
IsWindowEnabled	0x4081e8
SetWindowPos	0x4081ec
DialogBoxParamW	0x4081f0
CheckDlgButton	0x4081f4
CreateWindowExW	0x4081f8
SystemParametersInfoW	0x4081fc
RegisterClassW	0x408200
SetDlgItemTextW	0x408204
GetDlgItemTextW	0x408208
MessageBoxIndirectW	0x40820c
CharNextA	0x408210
CharUpperW	0x408214
CharPrevW	0x408218
wvsprintfW	0x40821c
DispatchMessageW	0x408220
PeekMessageW	0x408224
wsprintfA	0x408228
DestroyWindow	0x40822c
CreateDialogParamW	0x408230
SetTimer	0x408234
SetWindowTextW	0x408238
PostQuitMessage	0x40823c
SetForegroundWindow	0x408240
ShowWindow	0x408244
wsprintfW	0x408248
SendMessageTimeoutW	0x40824c
LoadCursorW	0x408250
SetCursor	0x408254
GetWindowLongW	0x408258
GetSysColor	0x40825c
CharNextW	0x408260
GetClassInfoW	0x408264
ExitWindowsEx	0x408268
IsWindow	0x40826c
GetDlgItem	0x408270
SetWindowLongW	0x408274
LoadImageW	0x408278
GetDC	0x40827c
EnableWindow	0x408280
InvalidateRect	0x408284
SendMessageW	0x408288
DefWindowProcW	0x40828c
BeginPaint	0x408290
GetClientRect	0x408294
FillRect	0x408298
DrawTextW	0x40829c
EndPaint	0x4082a0
FindWindowExW	0x4082a4

Name	Address
SetBkColor	0x40803c
GetDeviceCaps	0x408040
DeleteObject	0x408044
CreateBrushIndirect	0x408048
CreateFontIndirectW	0x40804c
SetBkMode	0x408050
SetTextColor	0x408054
SelectObject	0x408058

Name	Address
SHBrowseForFolderW	0x40817c
SHGetPathFromIDListW	0x408180
SHGetFileInfoW	0x408184
ShellExecuteW	0x408188
SHFileOperationW	0x40818c
SHGetSpecialFolderLocation	0x408190

Name	Address
RegEnumKeyW	0x408000
RegOpenKeyExW	0x408004
RegCloseKey	0x408008
RegDeleteKeyW	0x40800c
RegDeleteValueW	0x408010
RegCreateKeyExW	0x408014
RegSetValueExW	0x408018
RegQueryValueExW	0x40801c
RegEnumValueW	0x408020

Name	Address
ImageList_AddMasked	0x408028
ImageList_Destroy	0x40802c
ImageList_Create	0x408034

Name	Address
CoTaskMemFree	0x4082bc
OleInitialize	0x4082c0
OleUninitialize	0x4082c4
CoCreateInstance	0x4082c8

Name	Address
GetFileVersionInfoSizeW	0x4082ac
GetFileVersionInfoW	0x4082b0
VerQueryValueW	0x4082b4

Reports: JSON

Statistics (3.40)

Usage

Processing ( 3.30 seconds )

3.146 CAPE
0.142 BehaviorAnalysis
0.007 AnalysisInfo
0.001 Debug

Signatures ( 0.07 seconds )

0.008 ransomware_files
0.007 antiav_detectreg
0.005 antianalysis_detectfile
0.005 ransomware_extensions
0.003 antiav_detectfile
0.003 infostealer_ftp
0.003 territorial_disputes_sigs
0.003 ursnif_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 infostealer_bitcoin
0.002 infostealer_im
0.002 infostealer_mail
0.002 poullight_files
0.002 masquerade_process_name
0.001 antidebug_devices
0.001 antivm_vbox_keys
0.001 antivm_vmware_keys
0.001 geodo_banking_trojan
0.001 browser_security
0.001 disables_backups
0.001 disables_browser_warn
0.001 disables_power_options
0.001 azorult_mutexes
0.001 cryptbot_files
0.001 echelon_files
0.001 qulab_files
0.001 revil_mutexes
0.001 modirat_behavior

Reporting ( 0.04 seconds )

0.031 CAPASummary
0.007 JsonDump

Signatures

Queries the keyboard layout

Reads data out of its own binary image

self_read: process: AntRenamerPortable_2.exe, pid: 2240, offset: 0x00000000, length: 0x0014fb33

self_read: process: AntRenamerPortable_2.exe, pid: 2240, offset: 0x30785c6a6331785c, length: 0x00004000

self_read: process: AntRenamerPortable_2.exe, pid: 2240, offset: 0x31785c6266785c33, length: 0x00000004

self_read: process: AntRenamerPortable_2.exe, pid: 2240, offset: 0x6161785c6331785c, length: 0x00010000

self_read: process: AntRenamerPortable_2.exe, pid: 2240, offset: 0x6165785c6331785c, length: 0x00004000

The binary likely contains encrypted or compressed data

section: {'name': '.rsrc', 'raw_address': '0x0000a200', 'virtual_address': '0x001cc000', 'virtual_size': '0x0001b640', 'size_of_data': '0x0001b800', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x40000040', 'entropy': '7.29'}

section: {'name': '.reloc', 'raw_address': '0x0000b400', 'virtual_address': '0x001e8000', 'virtual_size': '0x00000f8a', 'size_of_data': '0x00001000', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '7.87'}

Anomalous binary characteristics

anomaly: Entrypoint of binary is located outside of any mapped sections

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\bcryptPrimitives.dll
\Device\CNG
C:\Users\Packager\AppData\Local\Temp\SHFOLDER.DLL
C:\Windows\System32\shfolder.dll
C:\Windows\System32\cfgmgr32.dll
\Device\DeviceApi\CMApi
\??\MountPointManager
C:\Users\Packager\AppData\Local\Temp\
C:\Users\Packager\AppData\Local\Temp
C:\Users\Packager\AppData\Local\Temp\nst4039.tmp
C:\Users\Packager\AppData\Local\Temp\AntRenamerPortable_2.exe
C:\Users\Packager\AppData\Local\Temp\nso40B7.tmp
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp
C:\Users
C:\Users\Packager
C:\Users\Packager\AppData
C:\Users\Packager\AppData\Local
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\LangDLL.dll
C:\Windows\System32\msctf.dll
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Packager\AppData\Local\Temp\AntRenamerPortable_2.exe.Local\
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Users\Packager\PortableApps\*.*
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\System.dll
C:\PortableApps
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\RichEd20.DLL
C:\Windows\System32\riched20.dll
C:\Users\Packager\AppData\Local\Temp\USP10.dll
C:\Windows\System32\usp10.dll
C:\Users\Packager\AppData\Local\Temp\msls31.dll
C:\Windows\System32\msls31.dll
C:\Windows\System32\en-US\USER32.dll.mui
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\nsDialogs.dll
C:\Windows\System32\shell32.dll
C:\Users\Packager\AppData\Local\Temp\imageres.dll
C:\Windows\System32\imageres.dll
C:\Windows\SystemResources\imageres.dll.mun

C:\Users\Packager\AppData\Local\Temp\nso40B7.tmp
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\LangDLL.dll
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\System.dll
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp\nsDialogs.dll

C:\Users\Packager\AppData\Local\Temp\nst4039.tmp
C:\Users\Packager\AppData\Local\Temp\nse4164.tmp

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AntRenamerPortable_2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI

Local\SM0:2240:168:WilStaging_02
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
DefaultTabtip-MainUI
Local\SM0:2240:64:WilError_03

No results

Sorry! No behavior.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No process dumps.