Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-11 05:33:45 | 2025-06-11 05:51:24 | 1059 seconds | Show Options | Show Analysis Log |
free=yes
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,287 [root] INFO: Date set to: 20250611T05:33:44, timeout set to: 1000 2025-06-11 06:33:44,360 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8 2025-06-11 06:33:44,360 [root] DEBUG: Storing results at: C:\XgITVWXU 2025-06-11 06:33:44,360 [root] DEBUG: Pipe server name: \\.\PIPE\QkIhwKCq 2025-06-11 06:33:44,360 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 06:33:44,360 [root] INFO: analysis running as an admin 2025-06-11 06:33:44,360 [root] INFO: analysis package specified: "exe" 2025-06-11 06:33:44,360 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 06:33:45,094 [root] DEBUG: imported analysis package "exe" 2025-06-11 06:33:45,094 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 06:33:45,094 [lib.common.common] INFO: wrapping 2025-06-11 06:33:45,094 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 06:33:45,094 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\DicomPortable_1.1.1.paf.exe 2025-06-11 06:33:45,094 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 06:33:45,094 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 06:33:45,094 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 06:33:45,094 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 06:33:45,313 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 06:33:45,329 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 06:33:45,360 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 06:33:45,376 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 06:33:45,391 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 06:33:45,391 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 06:33:45,391 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 06:33:45,500 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 06:33:45,500 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 06:33:45,500 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 06:33:45,500 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 06:33:45,500 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 06:33:45,500 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 06:33:45,500 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 06:33:45,500 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 06:33:45,500 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 06:33:45,500 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 06:33:45,500 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 06:33:57,141 [modules.auxiliary.digisig] DEBUG: File has a valid signature 2025-06-11 06:33:57,141 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 06:33:57,141 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 06:33:57,141 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 06:33:57,157 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 06:33:57,157 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 06:33:57,157 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 06:33:57,157 [modules.auxiliary.disguise] INFO: Disguising GUID to a12a810f-7248-49cb-b29e-38f635d4389d 2025-06-11 06:33:57,157 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 06:33:57,157 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 06:33:57,157 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 06:33:57,157 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 06:33:57,157 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 06:33:57,172 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 06:33:57,172 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 06:33:57,172 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 06:33:57,172 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 06:33:57,172 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 06:33:57,172 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 06:33:57,172 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 06:33:57,172 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 06:33:57,172 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 06:33:57,172 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 06:33:57,172 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 06:33:57,172 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 06:33:57,204 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini 2025-06-11 06:33:57,204 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 06:33:57,204 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 06:33:57,204 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 06:33:57,204 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 06:33:57,204 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 06:33:57,204 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 06:33:57,204 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\nJyNmW.dll, loader C:\tmp_gell1p8\bin\pgBxLdyq.exe 2025-06-11 06:33:57,266 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 06:33:57,266 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\nJyNmW.dll. 2025-06-11 06:33:57,313 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 06:33:57,313 [root] INFO: Disabling sleep skipping. 2025-06-11 06:33:57,313 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 06:33:57,313 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 06:33:57,313 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 06:33:57,313 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 06:33:57,313 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 06:33:57,313 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 06:33:57,328 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 06:33:57,328 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 06:33:57,328 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 1372, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000 2025-06-11 06:33:57,328 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 06:33:57,344 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 06:33:57,344 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 06:33:57,344 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\nJyNmW.dll. 2025-06-11 06:33:57,344 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-11 <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-11 05:33:45 | 2025-06-11 05:51:03 | none |
File Details
| File Name |
DicomPortable_1.1.1.paf.exe
|
|---|---|
| File Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| File Size | 1038352 bytes |
| MD5 | 10be1c1ae21791b9163e357b53bcebb3 |
| SHA1 | 1fc51a68a09a7388edc936b59225a9fea3d157d0 |
| SHA256 | 71de854321ef0bc934efcde0511b6eb9b7ac978f711cf57e5ccbfd662a1a9160 [VT] [MWDB] [Bazaar] |
| SHA3-384 | 90f740ccf69aece019aaaf094f19df3c63ef825ec7082641a0e6f0239acd4c4c68bd17e198f67e9404743cebdb091eb6 |
| CRC32 | 0E60054E |
| TLSH | T1532523834F8410B5F4E30E72D4B2A6126EF4FD10042165BF678EBACD3A75E425919B7B |
| Ssdeep | 24576:uc9D2OQSYoLrcJtjFXl9di+ZH66woVCSr5b:v9frejFVV9pwE5b |
| PE | File Strings BinGraph Vba2Graph VirusTotal |
2}+ul
@.data
IsDlgButtonChecked
y-EXz
VCp~"p
#Y\\/0
fuIJF
Kyfp<
4m=aH
i`mRr
J9%:x
D{{9~
n$-3[
\-`HDm^yt
dl!Sf
jchSjv|
kJX82,a
7wSz}
?(Sp*
Qe)Ko
IZoAc-w
--5{&v0P
wuX9Cn
_U[*k
d!\vH
*,Va37o
SzdzR}
K`_J!L
0z]EJ
pc$Zq
c|0)&
pC7\=
6&1'H
GetTTFNameString
CreateBrushIndirect
u(Imf
eCUL5
ban&o
K^2]"U_
(1>3W
QW%j-92
Error registering DLL: Could not initialize OLE
Df<~m
=0=f=w=
!Otkg
%*Dd.
89&r#kis
D$4+D$,P
L=Pc;K
VeriSign, Inc.1+0)
O\*>8\
@V73|
Na#PNT
Sl?!]
'&`X)
;o 8vy
(JC!Nt-4x
ek,v X-
D4T%/
oF[bS
Y2#Hf
W1pT.
%u.%u%s%s
Q4+14$
$/@}7
LoadLibraryW
Ep@\y
>Jl"*[
]OK\/
1Exjl
uDNzZ
T0/~Aw
=o*n//
Z&(UC
<s$qS
.l+mW
8n[:!
b`bNM
AEO|5
,2`lWOEl
~@i*pv
)<U@W
-i,zQ
gA^G:
Gfv+]A
Iuw?$#
>g]8x
>4VE5
)TbRP
J%jr6
Z1yj)Q2
)x&Ju
R;DfI
1arz>
I/Dcj
3lK[n;3
^gadQ.(
!S%N`C
liO|H(7'
WriteRegStr: "%s\%s" "%s"="%s"
nMV7_'
"VeriSign Time Stamping Services CA0
;L;V;b;w;|;
%QE*+b
(pXbA
%s=%s
dPbHE
%R4Ri(8R
1Bo@O'
dCKd
\Temp
@8P;5
xpyE#
pF#.B
CompareFileTime
sj&hT^
Rename on reboot: %s
0C-tbx@
6QsA[
http://ocsp.usertrust.com0
o{ an
wi?:5|
jn!S[Kj
cL(/y
,0*0(
4!hBJ
\8=edZX$
aSBN+
xHfZ:K
]S="u
jvo@K
QDsiiK
r):Ht
yQ5SI
-+]Pq%
lp%K7`
e+^L&
v(4WJ
6IrFKS
5sUZg
!ZAQA
pVsXS
R[$N.&t
MkKY\
fhB=|
>[C-z=
<aS1i
uFj][
SFX:j
\eKDW
#`c={
lstrcpyA
%32Jq-
logging set to %d
'/eI`
AdjustTokenPrivileges
*|E^y
I%[POs
!}4t1
j_|vBH
MG>BJI]
4c"lB
;0907
ofUO(
Z<$&D
5Z]-K
mH|\k
${)*p
zZKSZ
MA?Zs
%n-__
B`u d4Y
u{7H-2P
[G7*O
;+<P<w<
oKz`$
"Hv0[
,-la"
Cx::6
c9FE8
b~M(M
kZ%>-U
2zLJ~
:.d2+t
mDEpx
=aW)9
N otDa$
xtf3k/8
!K3ej5
Hn_[3
D/!w@
w-<!>
>%L8%
~7;Yn
I',CQ
GGg]OQ{
}F:cu
g]f+%
*}/.U
j"O-t?B
YA3VH[
&6iFC
>%.Y>.b
>Dx1Y
X#q50
oXacb
GetModuleHandleA
RMDir: "%s"
`{_A2+
_reir
^*.UvFX1
zWoU~+
pc79.
L|oY\s*
-)Uh)Ul3
.9vqerw
*B HC6
=/F(Oy
tfPXl4
Lc["[
`D't6%:H5)
.rsrc
"'f/EH
<3<S<X<c<k<w<~<
7P%YU
ruWPw
U\U@~I
pFb)%@
>-,Y3
O_j8R6
UD<.^D
h'hDm
R]yi\
z{LUp
k^o<M
0B>i#R
L^+{*
QHSS}
;d>{6
>C`>^
@@W$Uao0:
V5x!4R
GetFullPathNameW
\*q$\
THlVo"
pP>vjz
(o.uSg*
ITyt<e
CztO@
lPx(I
?hD(!
oq+2(
}w2+$
oQ2vL
D"QA2
n:,[<U
\DzZ>
:&0(l
xxUt&
!`Dj.
B"%he
Nv&w"
wMH6C
0Z+[F
I)C0z7"Z
j47v7
7(ka2
Q_YHa
hz)E}
P2xSU
dT8Sv
RegEnumValueW
>_T!ho'
SeShutdownPrivilege
+xy8A
e;n;a
g#l|C
6_>[/g
s8;w!
NSIS Error
".cZS
]=VCM
<2FD1
9E9V9
Dom(M
CreateDirectory: can't create "%s" - a file already exists
The USERTRUST Network1!0
-R'~I
B+zH9
<{@K2
.text
5<ctyh
&,9X08xo
jpd%B1
?o50r
t :bBc
KElh9
7^KB$|
hXCN)
"!wfI
9.v46
IC"@/
&M\wj
aYNde^RgHB6
sw.*,F
uldRX
W:Vo>
VZM)ID
is@m1
QVTT5
*hDLJ$
FJ~-Gk
KH9MZ{
YI+=I
3?:ep!
5T{3)
?x1{E
hlBD(K
W:Vn]/:
^j\PN
WriteReg: error writing into "%s\%s" "%s"
m+Bgh
M-iOO
7E#]m
#bEcKDO+
}AT'P
v'f"D
jYWSX
0*p@2y
Lg}+B
!6EN<
sGE%|
s}J77
*mB$j
&%~<X[
V\#z|
D?<JSRj
!yHf_
f'acY
;!;';-;N;W;n;
["-M7
-y-A0
jUH h
Pn!}e
PRxTE
)prC?;1N
m^T:/
weqY_
/XaBPd
ifAL1
Qg@'x<
!X=)He
!L[fj
DeleteObject
(s:_[
;raOM]'
a|i&iN
]jM9{
Ck,@~T
EmptyClipboard
:]] /
120729173324Z0#
yjN):-
zboKa_t
8Za1G
CnYXT
?@^lp
0IOHK
aGa!$
8/4ya
\QZkT
6HaZkx
RG !/E
*B;1*
SkODr
CN>#C
z|O!i9
_r+/K
!xj"*
EndPaint
1*2pw6c)9Y
zf-1,
^t)`5
PQWS+X[
wUo{{'
V5~lE
C[[>g
-*[5*
:k+OA
O*>Uq
5(PnB
#^w&p3
UH[llAJ
|=SJ9!
+1wLn
VMWeC
p38ic?
N|!--0
VA"v{
9EL]$
`Cq+2{
-S b;
51$H9J|
qs5nz
eS"hq
<|3+F
Wx?K4i
5 %U1
Lq4k'
rnf]fLZ
aUysj
80858A8i8n8x8
y[0`)
rCbbo
/@Ku20.
|B)[4
LpsLz
[5c*o
zXLkS
B_*9(ML'
,/+B#
;{jU~qN
LegalCopyright
[4QU@
SendMessageTimeoutW
Exch: stack < %d elements
dQTOz^
&WxT,
4z)n)
0http://crl.verisign.com/ThawteTimestampingCA.crl0
SetCurrentDirectoryW
NUSIL
(UTsd
4sSHK
&mZZ?A
Xobp^
Vubt0
!T='O
t+DEO'K@
9_qQMg];
G4n#$<}
[@%M8
YvqG;
Sghv~^
v. e]
9Rw~7
File: wrote %d to "%s"
GetMessagePos
=]ZY!
H!*HP
RMDir: RemoveDirectory("%s")
eF&lm
1Eq!u
V}$P~s
_Z.n/
z#v0;'
jG4rx
dfv~8
Lso:tS
^0Meo
909>9c9o9
?C:KS)
:$+os
"!%pA
iZ;qR
ImageList_Create
J3O}"X
O~.c$6i68
GN>,5
Q|?)U
gi4blk
eODi=
{]qH$
%^ztv
,`E7
8c@v0
j{;ky>O
LNRV)
) W{[8
Uj)uk
70Iu$rn
@(e#4?_
Kk4.\
M>]45:pX=
"!r]F
?7!Op1
xRJ/c
2B;aM[
r7uPd
000004b0
{L$o!
iRV [)
=G5v2:
D`Rf/U<h
Zz)zj
0g0S1
AddTrust External TTP Network1"0
{%!e8
{6.r<
F'<Sx
;,S):?
tJ#j02
wLm(_
Wt5!`e
Yvcm"(
0\okZ
p7!J.
([Qfo
Om\r!
Vdb}n
a/%5J
|6Hkz
b^+$j
},ITF
763VFb76
0Y0i0n0
NWIFy
qEWARF
s]go`Q
pK23LR
3}[(m
khEG8
Z+d'z
OBB;R
J8QiK
8,3aV
6:lLI:
6=66+_
For additional details, visit PortableApps.com
NQ3T[]
:hW2e+S
File: error, user cancel
]|rw4en
4u@(8w
'0qp"
's&%/
KCfS(
:'fla
2J==!3
!}kaEdT7
Efi(Pz
J*UfT
TtV_w
%%9:,
%X1y^1
HI_d1vu
msctls_progress32
%Hqj8k
JE8g>9,3
SHELL32.dll
1};)=
4,H-K[
~-|KR#
.~SeG-
i6=c7
jh.b)*S}
]-hPB55
QL4vD
;0Y}j
e(#&hM
3p6JI`
'&Z3Xu
RMDir: RemoveDirectory invalid input("%s")
\w}S:
-7W '(
t5o,4
m1Pj{|^
LM 5H&I\
40%.qh\
q:pn"
ShellExecuteW
h1hj"=
J(m{$
C5pU4
9E8um
',Wcm
TJCboc
SP/SS5
H8F&v
5ju#3
<B667
/ P6pL
CreateThread
+,O[&u
SetBkMode
)~S.*
sYNJ/v
n#PaUYDh#[_
3+Z6|
a9G1<h(
BgW\G(
5G6Z6
SR\r~
">w"`
DcZj$
V|(b(
IZvEz
V~Pu;
:Ijwb%
_#N6}
~bm9!
}:"#q
vuM.8
?v:(`Zvp
moan(T"m
:!/c9
Q*@W?
Gb|W}
(!nT.
ExecShell: success ("%s": file:"%s" params:"%s")
H4Y(Z8
'u+jY
Btkem
@6\4~
xhiFe^
\2&pf
.'#%8
yzO$a
o7mPh
6W\T(
GetUserDefaultUILanguage
Lv%{jrq
BvjnZSB
\Yu!*
q&v(&
vFe0@
BQ2h=
http://www.usertrust.com1
/-P?pR
Q5m2_z
7(Up*J
Sb8L&
}@_<X
PortableApps.comAppID
I0;&E
FindFirstFileW
Yy@3h
wsprintfW
979=9
#9knP
9{8xQ
9]*t)
Y-2dG
L&g!06
% D3t
1&2U2a2g2s2
m\ENY
)Mh)Mlf
fL0}q
\kZje
@0ij1LV
ixjL0Av+
'Sz'?
Tlu{/
y#v`[=
k,&;C
SNts-
[4tGI$
*Ho%%Mq6
B&ups
(0&0$
uk;hW
Kn;"K
#+#13
,PSjM3
D/{|h
f_<zI
gvlN5
j8WUHBYs
<+<4<J<U<m<v<
}%gXYR
*cV a
4:iSG
V)L VA
h@)mm'5}
+8PrA4Zy&W
4/4o4t4y4
w~a?|
f9!#c<
J[M},Y
9l<x@j
hk5N#
&mO73h
Yk$(KH
IDATx
jyOSn
}T)~0
+q)!?Nm
vYC!R
%W"Tr
J?>me
TMeLn
G" 4r
ewz@i
v|yyu
,!(~plr
_"/|.
Z&rt9
hxD:&
3RM4l]y
3,{%5
t7h8UJ
9qK2u9JG"@
-Itt|
&EFPd
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46.4-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
`-&f0zHC
t.:,`Y>
$=Ex!
WideCharToMultiByte
k'Fu-
8b{kw~
VarFileInfo
Dj[5F
VXx0<
272q2}2
5jatp*
7r&V6Sx
A1Ryj
z&1.sh
A&@)_
v@b@ht
GetFileVersionInfoW
.VATd
B8{EX
mjHZy#
detailprint: %s
"l_^I
CreateFileW
:YsYg
eLxv\
,YP(7
3JMh?e7
OtHej
=<^[_a
p^vH[
IvT?*}
EkscX[
{l,nqG
CopyFileW
8k;mV
E$$aW
EMmVH
~2Lar
~IVZM*
LHW~0W
Zg)s\8
o-sht
<9HE&
SHFOLDER
-7+I^
=;\yV|-E
;fuF'
wO_7{
/4{h7&
m&Pcb
v.2d#d
m=26
Module32NextW
m90rsY
5=*.=Z05
$w(1)
OJ%k<
\2HvQf
|JvA66
W@>6%
1.1.1.0
GetDeviceCaps
"PzM^
p=xyY$
6FH'I
pDnS4
3iS#P>0
MtK'&D
!fz`]6
2F|#B~GZ
@& ?N
HKEY_LOCAL_MACHINE
X5tjk
Yd=ub
Z|;Z1
TXmA,
Zz(D(
KERNEL32
]uBQS
u@46^ U
%,5XbFM
Cz3o{
l<_o'
2>U>m
n{VSNC
.8.Ef
?8xg>E
WriteINIStr: wrote [%s] %s=%s in %s
$a9kA
S|&<{
O1[P!
9,'e|
N3)DD%
R';/`
C7+@Q
uH7;8
N>tH.%
9[h)[0<dP
SHGetSpecialFolderLocation
wvsprintfW
p2CN;
6$oRLR.
!l5IaJ
UWvxv
SdF%N|c
.@K\Q
EgNo0J/
Z_\>~
|CQTI
gguY_pg
MQ!=2
D\[s6?
yT >8+
qv@p{&
WriteRegDWORD: "%s\%s" "%s"="0x%08x"
kRGyH
_*\!r
&dj#e{
\$Z;J
/%G(t
&iI{M
KFl1'
>X#63
1GuO'
G2~z1
;9$Hw
~ J9=
s(zH,.{2
G.*m3Wm
ym6zb
bstG8
olj}xyGK
'ajohn
Salford1
Dr5`q
'g9?X'
AK1S=
K=([x
@1k/8
)jOyMGN
|1$[k
~U4`z
1nM[|OWP5
`Dnmk
;#{{2
1G+'-
t/oT5
"Yp@T
a`[!T
SetTimer
vKxC{C
*eWPhEX
5cuzJ
=23EA@
)69j7A
T\Nvz
>9G>*
0a3I2
cQg(T
6q7v7
s}8A_
U'fS1
lek5!0
|lYto
H1Vfgh
New install of "%s" to "%s"
GetWindowsDirectoryW
DefWindowProcW
"D?2j
Bt-AB
_^6`S\
+sc}e1lO
0WZHBMko:.2
+CO0H
>&>P>^>e>}>
ORn6'
GetDiskFreeSpaceW
F4i3p
d#XO>N
T.VVv
5?!sxo
[!z&WLz'Q
le(jr
Fq$%A
Sleep(%d)
${^1vH!Q
v|.JcU
*kWD&
[l}~c
<#HZ',
%ay+q
>+Z]K
Gj_es
But6jq
#WwX3
t{+pM
Lkw+J3
V~-.5ag
XR$m%
0t"Wus
]*\nt
[~_b|m
.UhnZ
pbX}r
#RL]b
"VeriSign Time Stamping Services CA
^hlS0
8x/Nn
_jlvzyxb^
t8Bg2(Az4
aQljl
R*vAv
ZWSk^
rXf Y
\FmT69K!
S>o.~
MGmF^:g
<YzF>
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
MS;Y|-
RY9 '=$A1
wnHA^
NkZkg}~
[M"s1
^!r%!
FZ,2M
v(h5.
5Dv)3XK?
;!;2;A;T;
A<##~;
x!|j-
Gt6}t
c?K2l
GFeO@
$VHbk
MoveFileW
?x#|?1
http://nsis.sf.net/NSIS_Error
O(ck%
sJb:A
QXtv@
Ab~dy
.QGm=
T{v}6i
|U\~M'p
*=Xhu
!j{-~
Wp/_V:
IEFNlD89A4/k
9Ud9@
6=#4'Za
n53xLy/
`n|*)
BR@X$
3[71k
ftImi=%
)]@$2c`%
sGBBRF
QNbPl
#PQ+0g
NN6Dd
eM[FoW
rrsSM
FAYLe
v.QJ_
d;POW
d/5>oDr-
R,*la
+(!f%
dV=wK
0ex1R
K#kctK
J9lWq
,-/x}
GDI32.dll
P*GS0
a5tO%?
{-JsJ
Ej 3d
S%q>(WPa
Zth7\
{rZ!i
UL9ex7
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
<iYWx
%{~Vp
+0>.Y
dqr=)$S
HKEY_CURRENT_CONFIG
$Zb-<
BringToFront
B}TUC#
qtp*M
YC>d}
e!S8^
#7NEO
i<#;#
>~A.Ch
u:FeV
XU_^RL;
&tN\F
NVcCJ*
F8kWC
LP[/:9
%lw0_
Z_LO"
JNtNFK
&~c!+
-X)0*
[UISaYNd|sg
eLh7W
=U~Y2
iDgp#Oy
hF7A@
pyi'G
F7abcU
A{-oe
ht}^<*
{,2JQM
:FTBO
_URL0
Gu6:Zs@;
';_V]
h'2td1>
Mv]J:
VaR"6
SsoU[
&*ubF
)u31-
cWEnl!
w>BOW/
x5}0E
l_5]R
WGR~KZ
)v2O=
*%4r84Cp,#
Psc=2
q|{/~
5=9)S
t$(VV
kW[E(G
E]3:i
PortableApps.com is a registered trademark of Rare Ideas, LLC.
GetDlgItem
.P'&"
q~F2t"
)_pxu+
q:27G
'^nm.
2-{Y1
f5I#^
Vv.[^F
m*JpH
<4*F:5L
!This program cannot be run in DOS mode.
PGCTl~aD
9+9L9Z9
ewb9&L
F(Eqo
H1aUWlK
FuPts
/a|i\P7
Z-htkm:
@;>n3&
8CG9*
aKbn7
uVe$c
C-<%a
Da|p;
f<P/"R
8]uJT
d%p{=
"Rr^R
JZJ!5[
JWp$N
3.0.4
Wbe!|U3
"D\{g
=%$Z:;
3s/>,4
@DYiu<
RegDeleteKeyExW
=vdqH!HZ
"M_{@
lJ(TQ
z;E+)
JYOV12dp:
&zF9fv
Wsrni:
Nb%ow1
D+n?|
Y)xTM
I-]!s
Oo>+&
CopyFiles "%s"->"%s"
PVGv\
v~yme
ae+y]
q|`OH
5Kl8@
p;|U{
KXQ'[
JgZ@1
A0+v1#
pBn>tIX
#3%E-
J,:Hznn
EQ0Sg
-XEx,
(F'~&
Re[z~
P>O@@
0u>[.{
k_J:i
^qgn@
oITM@D
Translation
; 6\*
_:!P0
vhmlF
kkh_D
P_$BD
9=088
f8HVZ
'66.9
8d1[o
(DC@b
|m^2i"
t*IC1A4
w|/E
DR_<I
9fJ|d
AV097J
~"PyP
{$1]O
=e6T+
]L1E>
@q'Dj
?jT+~K
=)a&n
[CEd l
*C.)"
/OvHG
]XB*^
=<jO=
87/HCd
zZ:3l@
1Y;l@
u{U:t
Dw&n4.
)@~EN
itdT=
u7KV8
D>Fz/*
Fav1Dh
V+ZG)!I
}[-b6
gZ>Xtn
_)=(e
j6a+k
yys4PQO)
%`E*w
g1$/to
aD.C~
U!>#}
XA]-62
,}H1@Ip
}"3N^
x]h@eN
qJvly
-2_t(Y
a-+fiq
-2%<C
Hj\("
d-@IP"
&t|{KP@
2sY+F
%9Rb~
0@4UQ+AA
/QV^}
B2a'K
V0Pwr
~+q_c
)zD5I
Dxv-i
^\m4R3
"&jH3a
b;T W.
N#^";s
GqXL1L
http://ocsp.verisign.com0
Skipping section: "%s"
"m.rw
R!/G4
OSD*b
XbSN7l
<Zq$V
yRnD6
n-IfO
~+4ul
884B=
Zqo0cZyD0
Dj @V
%&)|S
pq">?
j5ufdQ
a._J_
1F^+;
e4/nC
|5S(;+
k{i8P
install.log
q8pT!
&tEh<
AuDIP
^#aZtk]
Z2tJ/t
LBc1@H
{a"a;g
|F{P09
Thawte Certification1
'r+S{
=Sm:MLe,
i*^AO
*Yxl`
!qw"*%&
(-S,&
p:\yB
zs!!C
D%ngCM=>
EndDialog
EK`7z
%C(7P
JJo|\{wmD
p&'-;
ovI=+f
<,].=K
y_8oc
IW'gh
Aj+z7j.\q
r+<"N
Fm$2l
HW'%o
+5#-4ex
O,>XW
rJ`C2;
_\{S{
ndYp2
jzBA!D@
File: error, user abort
:7?o
WHR|$x
$e"O^
^PdN)#
-\{c*
oj@@F
3e2-I
3C#;b~Oc
pCI,mb
5VhsoA
4TYqs
GCd1(
i/[%g
1#101>1J1P1U1[1f1l1
1Rm(]Y
']r{viC+
@^C\]IfE
invalid registry key
5X_6B
Q8&NH
JM=Rk
vblo*jT*
c,&Q9
^cT[)
USPK.
[y+?[P
?;A>#
verifying installer: %d%%
9F5*Q
jD`8S
%H]-mqr
"TSQ{#'
|`/FO
LoadLibraryA
GzM2K
m-89[
SetFileAttributes failed.
klK=G
323V3j3
UvXO<,[
nk$'5;x
p=_/oO[
SHFileOperationW
%g0#)k
-&OrM?
8,h:VP
Dicom Portable
-Sf&v
Fpy%_
@N^jJ
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
u"d`8l
;EyNS
yRd}J
? ?K?
`at\K
r6lTRo
Upr=}
hrn{
j(Bc8
)%;\,
_Tyr<
tYj.a'
4A52[
Nup;#C
k#jIS
mWk/9
U.fuO.
$gY`S
GetCommandLineW
w0(5"a
xmF-?[
7\IE,)
'!;"00
]?#jh
H)H*|[
jq[ ,
L>C0p
Ed+EL;E
h_+!I
2IzCS_
{jJ?
myzj6`
B*=X<
${PwD
,ua>Z
[U^|{
[Dd9.}
kBP!z
;WV~b
epH~J1
+XQmQ.
k=lX'
T/=?R
m*gS4*k
BJ\qr
n45GD
1!1*1
YWV9]
L!/r5
CreatePopupMenu
D9$yK
dAcD_
WriteRegBin: "%s\%s" "%s"="%s"
FileDescription
)t}ugP1t
]R7\0
m9]J#
/F#id
I>9:'
d5:Np
o"=o3!
$xa:'n
j'_FtYDk
% O|zr&
oM<F}
j@M09
z;AN#uJ
MkyN{2
&:VhdU
mGe1!
*~hCO
iow/a
~M<U*#v
HKEY_DYN_DATA
xY+g}
5a):u
&#bB~#
SetWindowLongW
27%Yv
ju^M)
GetFileVersionInfoSizeW
fRCW!Ov
*?|<>/":
$!cs3m
b!TGe
sQdq3
)$8wE
inJY]
ju3[S
zD~Mz
.!=eN
\8f=;
Drgs%
Ey7GC
f25I\v Q
ye;O~
GetSysColor
CharPrevW
90X4Dh
#qDx\
8,888J8e8y8
?RVCJ
kfFVU
QgDl,
&rxN9G
YoMX(b
#g[(A
6dGmnWf
WriteReg: error creating key "%s\%s"
N5263(
ww#4]
, '-c&
d7^p-
<2m,.;2
;hbro
V(T>[w
dpke4
IfFileExists: file "%s" exists, jumping %d
Salt Lake City1
62-475h
w9Q%oc
VJ9#"W*
Western Cape1
TTUO.
szo.l<
$n;{u
c6iD
t.O8)
Y]h$e
=Fee{
?8d=H
SetFileAttributesW
hjT_m[
SetDlgItemTextW
:~ bMni
@NC:/
rI,$]
GetModuleHandleW
G\)L)C
Rf\Hg
'<Cf>
6miA|
V/qYZ
%XBtdi
S$"W!;
##W2C
A,UP8M_
B?ZvM<
O5FP]q
131203235959Z0S1
l;J%6g
:(:.:@:F:L:R:Y:_:g:r:x:
zX=\Nd+
y>*.
HNR+^
w *9>'
d=8Rt
qn"8a.
`.#Ox
IDBD $DQ47
x%"T%
By'9>
h>tv/
g1 C&t
*.|kb
[\j2:Y
+N)(~
F:qUL
Pop: stack empty
$shbK
#F<(T
yST9^
!:5<~35\
y-*K~V
,m?~M
|j-BW.[
f{?<O>mR
:Xs2Y"
m%#QO
tE(Q?v`
`_!D]
xQQ^a
t]EvN]
3-3:3G3T3a3n3y3
7<H+C
@1wvn
R~IdV@
q*1"h1Z
e$QkV6
lC#<p
*2`h#
{gQWJD
Gl)XD
f0d0<
=nTv&
&@MG]
CXnv/
`<!_N
~iSNRP^a
~e+&J
TlAhZ
lstrcpynW
P:f*:
'$4%)CH
BiPUG
r,b=n
3O+{`
RichEdit20A
Rp>bO
?>*B9U
GetDlgItemTextW
GwyD51`
`Z81F
-Hc/M
QR=*H
xfA#p
@U>%y(
s.6o]
HsnnG
@,<<y=
\^7;#
+b+$.
~ /I&
6ktcd6>
p-`SF
rL\#]N
E p=K
#T+DX7K
0]!$'
niM48KWREBm
\|"ma)R
vc B)F4s?*Q
>NqZK
MessageBoxIndirectW
}}]AALV
+?e`%
y]*cD
e+aIw
b#xVi
x]%Po
\O~c[
5R^A]
d}-<6%2
>aeM~
mF@&6
More information at:
Hn'R4
]MB;s
DAQf8
[gL0P
jrO4|R'
6>6J6[6z6
C[yu!
w/Ka!D
:4cU~
%LxUiD%
2,,,=
kr(F]
,Mjt1
^4d]<
C}YA5
E;_#^|
MV>20
GetModuleBaseNameW
^u`45
SetClipboardData
Symantec Corporation1402
a_ag>
/(bq9
#ZKqa
f)AN>uI
{&u}G
@t,.0
CreateDirectoryW
REI}`
#789cE
%(Te0
KqauD!c
IbizX.
H&^X.'P
0[r%_
\|jtY
,$x;bV
q~&9w
6.6T6c6
M:,D,
GnSbz
mqu]M\?
~%hh2
=L_8(
;y\-f
UZ0F_
/]I:8
ABjk]
RhKfsj
8kTfpHL
'OdCm*
$ndX]
p.I+y
Z.)<y'
E9#P?
PK}DJ
E&`^v
\15Kk
YAHRqE
V n@id
GH7#v
8DHL`
ZE&^4e
\xebz
yT60+(
%3Z3d
Ap$n_
i*&(|
7*757@7
,s--1
)9WRnG$
/bx0
Yv9OA
9~FN6IA
Y)ts5
K7sNQ
eOA"6x
d4M4I
83O;
YqTA\
> [Pe
x64VCLm
u7:]H
1LP4T
?f,Kh
j#)cz@
bR[V_
uJ7M?
}#-JfuMe
O&'&C+
>~}7G
r&7:[
G=\a1
1G{1h[}y
:fBF
'[f~D
.DEFAULT\Control Panel\International
Q] w+
97(?86I
lstrlenW
[5bJK
Comments
Oo5+m
Xa*y*XS
hc8$#
`cf/4v
aeY}1L|i
Bj 9;
8!828j8t8
nCSV]
i(!u:
7Uu2[
A=;qQ^
File: skipped: "%s" (overwriteflag=%d)
Eb?r4kBt
T|*D!
wiF*P
;k|R_
>z0[ObG
SetErrorMode
4#!yx
SqvZ/
_A>VS*
SHGetFolderPathW
H_Q7V
6xc,J
6vxR"f<y
r"L[l
5~RL_
544S$
AddTrust AB1&0$
)VNW^N
KiT*t|a^
QMVuuZ
I6;j}2
3%te7
]Sa&Q
$:fb1P?
D{GEOU
2XvIJ
|Vl"k
^M9r>P
s^:#K(;
?EzbL
K*grC
)=!,c
G'IvK
|5n`K
(L:VB
s J=,
>2Ykd
-6{wJ
5~;kR
DMQN9
sw@):
E'L%F
0.0;0I0]0j0
#!g0I
rzYzYl
{D6Ium
"_` `
&`!vb
:#>DK
6Jh*9
i+%4V
A:|tNWG
sMT:;
TGUAN
G;lIz
./_[,B|
?ry~\z
#)=rC
_ElCX$
#T4C@
K_u<a
D%bL4X
Q,^zH
:6,Bz
kT|RD
AqC(+
HQ-zm
0{\fB
"1B7^
>A6Y\
2?2P2b2q2{2
7E"LiS`
|1/\'
+e< TO
cCA^x#
#ggt'
rJYR*"(
J@6.Ms(J
3LFg9
E$_[Tm*
gV/=$
installer's author to obtain a new copy.
223@3I3
*9sGa
+JENK{
zrOF7
[S$DU
o.]8+
vF\/'
coE:%
VJI.z
*u$!f
vQw%<f&
.b qhm
3#E3)./
PSAPI.DLL
ADVAPI32.dll
,DrewA
MessageBox: %d,"%s"
>"?@?Q?
XXv?5
PHyoa_I
M_X}oR
!oW4|
W1nfE
l)#e*
R4*S0
uhq1#
?0=0;
}MT<o
5+5;5I5W5i5x5
=x!N!
nkNOW
_zj1.
"(tPot<
,\$a^
`guxZK
1fGD'
3vFGO
bCYpW
r-jSb7Vl
MF_j[
7Jsxr
Y$ wE>e
3FPuI
Hftfs
5MWYD
=9-QT
j$@S[
2q=:8
?z-}\j
Wo<!48
7zNGQ
ssmK8
e$mZgS
^C8U~.
{E \)>(
#{1e"
oEUO%8
B3<F~
6<eVa
C#>i1]
CCb0|,
kv>[=*EXZ
^Jz%"
020T0y0
g@F1=3
0Z(mh
%]&e6}
ZmF`-
b+v74j
4_dsG
1]lBK/`
G>80l
5cKv/K
((L0,/d
SHGetPathFromIDListW
0{Js4K@L41
w/Xxo
w+i2AA
f0+W1
,*.d;
~HxTo3
iLwz\
^L@##YHSIxj
rPm1=y
nfZ\D
7Wj-~/
GQs,-
U[drl5x
sPjfS
#W%C }r
B>#YOy)T
EJkWh
95qr=
Q=K+Q
Lzs)>
:QpD>
Og4S_
hz`Zt
-mNYa
as1*?
>nv~r
fIfXI@
.Co4E
Rare Ideas, LLC0
t|PJ-
'=U8V/
yC+L1d
BZn|c
{yITL
#QUD5
CreateDirectory: "%s" (%d)
lstrcmpiW
M0].p
Rz|qXQ
ADVAPI32
w'W6`
m3s/=j
nFddz>
fwdBVy
^6|\MK
.#A-rHmH
lWGvl9
u$W:tR
LegalTrademarks
:#"*7
D=,'7:e
SHAutoComplete
<x[.8
#&G}C
5Q^qO" E
ms{[,
wq.yA
CreateToolhelp32Snapshot
ReadFile
7?+O@
RegQueryValueExW
K/V7X
};|^E
NulluN
Q\xPP
DrawTextW
rdVL^
&hjrB
;L,J\N
^x.H=
XC%u5
l@~n!
=F59&
L}"0D
JJ-UH
S]elb
(.L?34Lh
GlobalAlloc
>:Gxw
UO|xHR@
GQ1%9K
M$w&V
*vjN-
"BsT_
v,o+U
Module32FirstW
FgYKk
~>0^>
9=aWmY
dPH0~j
GetTTFFontName(%s) returned %s
e7!P!
Z0X03
Error writing temporary file. Make sure your temp folder is valid.
bguxj
s695
vVvnsc?!
A,I#i4J*
jO%|u
bG([!
7@`j"S?t
n_"T:
2<5-sQT
>/zBl
VSX\il
$i&;8
_6&&`Q
IM[/3
LM+3
^|a9o
2;Ofj
-._x!
L>SlTg9HCx
Call: %d
qGOwJX
0KB2OB{
w^ZH=b#^"
wo<S
t6#ZI
lstrcpyW
&fLzb
VD*+QF#O5
wfyNU
_;?k40
7hiuU
\LuC)IT
`UAKZZ
KeRM[
N?<IA[
?2<H#
u18\[
pO01xr
k9oa
U5VC(
-*^hW
2elZ-
hpo%%=
E89E0}s
?HLrT_R
8gJ^p>k$Yk
4}%X6
$|-lk?
UK=l7
@&e&i,
kRhH(
>N>_>i>
V%!Gx
E%o`8<
a9jvEO
NNS!S
SetWindowTextW
.}{`zh
_+PjQ
$8469
wj8O+
Mw7~F
ur(LQg/
a~*B48f
E89E0
<%oIt5
![~sC
HO@DFFDD'!"
;,lH'
EnableMenuItem
gGyro
,&KHo
,*9q@
v'OxC
d,g).
Y1}-wT
%x?*{2K
{UXPmr
}XQI2Q2
xZ[^u
Error registering DLL: %s not found in %s
;>. p
.W|]b
/QH`}v
EV,HE
HJkCb
W9~H`
Tx7@:
ole32.dll
|e#W<L
lA1sC
u=ri#
V@wFe}A
<>4q6r
0B&Bp}
g%W:
Process32FirstW
9r1_Y<d(
gtEh9>
JAMC
GlobalUnlock
Vm4{H
9KG,`
`Q3$9
)%/4x`
\zny`
P=6<:
7rd=Sv
Tfa3B
vj:<6c8
+zlS+]
=pU6}Z
hx?pl
,.[I*
767@7I7S7_7j7s7
!%r@C6
<<<Obsolete>>
483`kby
TG@1a
WvchS
203Y3
N2WUIBIikK.28
PO%0@[@
J$LD`
t;Hhu!
Z\rMM!%
`Qr![
W[zC4
X(Y=~F
\DY}a
LJ'VqWe
.5:ui
jQbdu
{:nFk
3;<0A
s~d{(
130215235959Z0
YZNL8
duEMa
B=#$@9
2MZaGx
<9GlJ
}q5Mz
b~2?C
PO$6t
3VIJ5@S
L7q:T
N|Rk{
D|nY.
GetAsyncKeyState
KERNEL32.dll
j979Vn
?-?I?\?o?w?
!hni`a
6#616i6n6
$p#Lk6s]
Delete: DeleteFile on Reboot("%s")
cr,Cp
mXBc<
r~ HW
}{T]<
5`~A*
C=1V;6+
u+*z"L
.!eRu
4\x$N2
YywkO
)HP\%
))K)[
Pw.qs
"+o7Ci
2nn"+R
KhE\!
"C*aw=
mI>}R
i4R}_H|Eu3E
)w9I9u
>&e5E
v"dc;
($C\g!
%CP}z
n~ 'J
SendMessageW
#nv8 ,
#j;S<
^i-0hp
,@z+a
9!Yv~H
?3Jy!
Bu[/l|d
jYR||
3,tF{
'u.$P
N){{OZg
n_X^(
C<UTc
ZuH{H
979D9L9w9
(\o[`tyjV
8{5=A
9E|:L
JI`&h%}B
bJ\[n
"LhKt
\ZBu-0
Exec: failed createprocess ("%s")
_&'u8
'%cXZ
'wNhaE-
IsWindowEnabled
Z1C:8
Q&n!5
|u,[z
:FXlw
>,>1>6>;>D>I>O>S>Y>_>v>
R4*vCb{
p&om}
-7En3}
=.)6r
^ XzJ(
u1:MO
sA{4H
==uNq
>kQD~QH
;zM]q
e_%7l
C$|dOK
^,My?
T?0l|
[WH1yt
f!eA9
FileVersion
h3To;
M3@`v|NU
.t"x]xv
pVIh\
5V{.&
/rLTJL
QNSfef
Sk~>1
c@G0Ln9'
rF]H>
;/C2:
YCnQNQ
XR?+=}1
-zkj!d
cA6@I
Y',}`
"5)Y&\
D$$+D$
_7GA9
@=~grsnz
vh95)
~kH\Ax
V5%=y
&^y*w
YcTL}? TL
k{Z]i_)
[:T\D
V,\Ed
At]0r
#7IKW
CheckDlgButton
XMpi,
1-RZ
N"HPm
1*Y;n
9nM603CIf9
WxH7qr
~bxKq
7fuECU
x478#
DeleteFileW
!_Ff^WV
P$+|qp'x
EnumProcessModules
?r; b
<Vg%e
k}.-[m
G$pdP
InvalidateRect
N{nR4
YlJmW
.Gb,ve
p0t/<
ZTqI\RXk
tyW9u
Tc>Fe\
S6v\SB
lc&"o]
VRZ<=
s'8,a
N\b"f^
/ywdC
hy;12
JYspE
elrb4>
vrp(HVc
dDBE1
y6Uz(|
T3+:10
1v~63X
;UN?|
GetDC
cXI7'
tb1gM
K@fam
H{8g;
fbbW_\*
;8*wEZ
HX_<4c@'.b9
>:(VEp
FindClose
L7"E
/d'gf
MulDiv
:&GQvV
4rBIt
<'!x![
||>"Pgw|
Fn:}V
o4M1>
RegCreateKeyExW
Y9`|`GC
ZHQ.L.B*
%s&bD
TY[Xs
A&LZg
!F0.Fn
wY63S
vSH@al6
eyyRf(
vpw/}
]<mT
XTuu-X
Aa37P
`^H_sl
tmV(;
OA]]5w
_rR!lv
we~|Q
=7+1JD7cRL@
;6;;;Q;Y;^;d;j;p;~;
RrY`DR6
CharUpperW
;Ym3j
WwtC'
;+@6?
)3fHZlT
LGYg0~FL
T7.I4:L
6A Ud#
5r_h%
CoTaskMemFree
Mg[:d
2HPA/Dl
yL(+M
^(sP,
GetShortPathNameW
!|L^D
In=1R.
\PWf"
U8$|}
]U7^j
}aSf:
9ywMU
:#)h:
VW@T\
/>zTBv
bW%`!.
of=PQ
jW6zr5
tI*|B
tC~;q
S)\`BJ
xlHz1l
mplNuF
4"4/4C4_4i4
e~dSC|
&rK!;'t
:KEoO
+4~ W
3.0.4.0
r]'vp
X='NC
lU`_M{
eqqU$
7nK\1
BOX|;6
%XXM)
}4Q*SeH
8QIMn
6<(u2
75g{f*a
CreateFontIndirectW
BOH-e
$9j?!
p3}";
LoadImageW
[p*/D
ry,z%
`4glP
zk0EC
(n!t;I
GXUG;
`rBg2
* >AG
8Rich
HKEY_CURRENT_USER
WlqIa~6
IfFileExists: file "%s" does not exist, jumping %d
,V7zH
D$,PU
dKSYt
hWMXw
enf)t
6&z;o7
6=Im>
yvd6Z
FD|TH
F)m5q
ScreenToClient
S226\
q<O[8
hKv6^
?9)Jl
"b!=b
#rIS7$Bd
l:Khh:
jP/MM2
CWVWin|
FCK{YY~
PfwRn;
Al8&m
T_7Hd
ICi{W
ProductVersion
{;C"Xa
i u!x
=A$|5
.1xFd
&2N^tw
5;az;o
+-]q8<t
_7J<?
23ET.e
RichEdit
Q[;e;
,,YFS
'AV%=T
o@S1kDd
\Y=\%Tf
kVgD]
E+`!Gt
QZdZ\
"e[$]
0|X!J
l_&#w
K$a>tSvB
w!f~6E@j=
Eb~19
GkcPUU
\`"W"
[1l3B
FmPG@
8SAha(
FitqB
<(?un
iB5VVw^
!l|]R~!
g?+o1*
:W'^N}
-7%mT
G.Xf*
=-:f
YU"$9t
tnyU6E
}1:o=
*F</w{&
+;|$[
@g 58
AF3Yu
+_;!A||
H064g07
-}`[&Ex
{Airv@
u"-f<4
J*iB8
EMv,+
\*M.n
_$*)i6
>]iU7w
PxqhMh
[lsGv
YRC6SH
Z*\V"hG6
t;t H
%><"^
kT@=L
LvO)AEw
"%Q?T
OGkJ>{
%*`-$
settings logging to %d
&A!}%eU_
*c|;J
Ne+FJ
VaSxd
[r0s8
ysN+u
qCafQ
TMJM{
<4{KV
s4R-T
V|N X
b70W+3
<}d2Q
r R#gO
Unknown
*Ujrj
W~$j`
M/Flz;w*R97
DicomPortable_1.1.1.paf.exe
O@ntBz.
v!P=5
<o=\+
6cXC{
\_<NX
5##hb
LIgBb
d4!8s
WPq6!
r:=u%,/
`.rdata
+)~v$
:2qImz
zm!D_
RegCloseKey
Hrov)
B@M33
KRK:_<"_
8pfP}
Rare Ideas, LLC1
Hl tP
i,LA[
/.Ka6
8K[!)
4:4!Z
|S"qW
N7o3a
5VqXZ
~M5g~G
m[aYW;dr9
#/T}
~n'{#
[W4};
?!def
[ `x^
sC9h-s
WritePrivateProfileStringW
Wc@R4r
qZd8P
Version
b')&R>
AwQo:
Z#rV[
K~]\bg3v
><`b @
vp Lc\
JS4xb>
/(jIs
New York1
Jo4zm
aq4j"K`
W~V%d
YM7Of
tGZsJ
3+mwn
`Uzt,
9T7J|_
in/bV<-
4J4-"
!%rv&
shJ(n
++{di=
q uc!
d|~O%
u`\Wb
SysListView32
vmuRY
:fORPJz
}l\Ug
c8|EN
]2](L
>P"s~
pe+T,U
oQEe2F\
$JIst
3Y}:;
E96&4
g<Ey`|$
X$R*k%
SFK$_r
4#464G4g4~4
lP1h@
/A`e8
unpacking data: %d%%
>xL?|
ApFoLy
R0GKQ
*Yr;7
IS1DL
`K]eEVQ
6.646B6H6Q6d6
[KD{X'
xW)e6
P6BqT
@sE/9
MoveFileExW
xgy,k?
9I;hp-
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
g{{eo
]0byJ.
m(m`~
gdUBp
nNeyq
;hxI_
E(y9$
u1/FM
~KBWN
>^NIVUR
xvR6(
[W:x/l
t$(WW
0sf/d
d`mzg
<+M>"
;cC lx'R
5IizY
>(WcY>
+aSW;
NullsoftInst
'z,-]
t$,VW
>h,9d
8t<nO
^|J,F
RMMRIB6
,mR>hd
"DaDC
WJQ*Bkz
:6dDb
qkxMQ
{llg>H
[B$_ay
:^JI7
%02x%c
V?QO_
RMDir: RemoveDirectory failed("%s")
%uH-@de
?#?F?Y?n?z?
Ux2o;
mN;]%
fc10(q
*'#0h
,jabD
7])rK
_3\;D
Yi1d|
sOT68
2Eza!
~5RTG
?psP%
XZ`Me
A`Ynxx
dGg_}
PWSVh@
iPD#}
a>N`U
k. m1~
2U)x/e
Wd~P#
y/OJ+
K]kaq
n2Aco^-
M~5|o
m}i@MF
4#_u;
V(nx+
UTN-USERFirst-Object0
I9FSwT&
?l(b6
.&LC1
8X"@{
Section: "%s"
A*14m
3iw%j
<)0bVZ
!bIYi@|
TMi@W
Bc~6`K
5" "Qgx
MMlNk
=0!L0
Ed`!z
cqc|a7
Aborting: "%s"
q>}|V
ba3Yd
4~4Ka
gx7+JG0
8K+0g;+
~v;P`
o.\%Q
Q@Z5L
Greater Manchester1
mnc@^
#ea[J[B
35J/~
wJ+X8
`Hn17
WAI,'W
fj*~-
URs"Z
z>$d,&ych
,LC$g
qJj)!/?
@fxb)H
Y/E\k
,B,6rI
RkOUw
tcsgx?
a$2f3Su
&DW&Pb
^+bjh
d7NAjK
B-&S`
U%<[8
a[dKg
https://secure.comodo.net/CPS0A
q0J`g9!
*:v_s
@6iyw|e
Q_Y;'
5r.I.
_C`{b;v"
06gBv*
~Z;38
F[4E(<@,*
zU<<3
Z02Yt
8'> +
=!4VC
OriginalFilename
5On6C
{A<k5
FrHdu
6}Hc%
7~[1^
DKVZan
@h*\7
pFj3t
SQ<=,^
4(515
Q`CYx
y,^N:
5kPA`
T4B0~
,P-`z'
fbK>"
3nfZ^R7
s5uMM
@w3oL
F[Mj_
+HAtu
@.reloc
!uR1p
2NIBJ}
"iqE/
]e\POL@{&h[
Pj3:g
U[uj3
^ xV5
C}6R0
CC;#\
K"mf8?
w^}CB>
E/d[>
sO\H> -!
rgNk<
V*w_I
<:;t54]
DC%M[
4f&KK_
P68,=
<(dt]e
>)C^Y
TU]USQY
N`"$mC
CharNextW
`zp5F
^7aRd
ff=DS
AF<Sw!q
j!oD8P
_3^_v4P\
J0trgO8
s`Oc"
P{nlmP
DeleteRegValue: "%s\%s" "%s"
+ja;&
CreateDirectory: can't create "%s" (err=%d)
O/l+.C
|oZw}
>H](0
SetWindowPos
#Ykwo
O>pJz
Ctyt!*
8 X]s#
M.h^W
Z,g>\
=0;09
|pjZw
}hNu)
-o^7q
R]Kz%
5&5,5b5k5p5v5
Thawte Timestamping CA0
:0806
+F'jJSG
"http://crl.verisign.com/tss-ca.crl0
#g/J$
VERSION.dll
lstrcmpA
3l]j"
K)[W4
A@.r;
(*^cCCk
[!@qT
PY?_R
oB|FLd
q@97MR
"k{%!
X1\i~8{
0sstw%_
UT-Fh
8@q"b`
s{;J-
Ii`00
%E)Ukq
bK_eL
wY^n%s
`&rLz
j%G9#gD
35Y45
K26^-
KM#`*
Thawte1
e+)56
clG,.
fbw#m
$ 6@`
q!_]5:<+yj
g?R3S
a[C71
Ml8:I
V1gaS
=*=9=C=M=
j%?idB
dwIYC
{j%zp
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
pv'lz
0fZI`cfU$4 036
,8D\?}KvH
:-;[;c;l;
#@LxM
`ttNx
dt$@g!iyi
abbab]\
.q6iS
=>Y;$
Dc;kW
GaA=T?Yh
GetWindowRect
Md5k#}
#A?iI:
s#XUJ
g2m~nh
Qzx'v
Xcjxa
y^o_B
Mat_I
xVBE%i7
w#5Bmk
(I(TQ
,/KPip
CAM)'
8z/2@
Ze&$-H
'".0u
m!Vz&P
=,vpHT
Ru)E'c!
A\>lM
EqxK0
j [f;
5[>_>c>g>k>o>s>w>{>
TlRnW'
;Ve<!s
o~'-*
O9wXv
}6Y{}
|`w$>1
jaQD7
8>t`NP
[j0Xjxf
@|.)I
NgJ)*
mM$pj
m'QQhF
rJ~gwj
LCW0s
\NteR
Y,3e;
}Jk,-`
{l`e23
ZLNUO
!!e,O`
50Hr6V?
rz.'>1
7qtH<
8$_^\
d8jdX
P~LT/
y!HE{
MI.TWV3
e5@B},
a_kCL\
EGpG/
~A+ks
X@qaO9
-EIn\
'|~Kh
IRn<&
RO39g
iZsSo
dj359AGVWd
W@_cU
DQJ9eN
lGu"{`
^|D.Ne7
ctRz;+
@m8Q,
<B')p
A9p&E
Pn1pQ
o/h`n
9lVKn6
7dr&H
<R5S{
PPPPPP
Oj$Wz4
5"5:5]5m5s5
Q?Q""
"6!jH^
1/E7#
J}WU(
f!'hQF
t4dj~
6nh[15
;bwFq
L)vW0
otd\y
hvf"]
2-H,X
SystemParametersInfoW
5/?`4
)~qc:
aw:ia
9rIjg
C(y.%6
HJ_+*>
r.t@U
uDWWh
i223-
0,#d<
zP!d0:
Rename failed: %s
%s: failed opening file "%s"
_okh9A
HDGPC<&
Yl*!!
t^!$c
mv:Y!~
f^=38|
Bq8,5
SqW*~[}
c{hdt
Z|A ??}
l3sQE0
t6*@I
=%=/=5=:=@=N=T=x=
D$,9-
@ ah"5
SearchPathW
pK[|+
1mx+n
YxS9'`
?D*}2L
SetFileAttributes: "%s":%08X
TV.;`
GetTickCount
/0$I$
dbI}N
v4]8I
gIIza
F'T.d
22UVJ&
]%i<i=
K]2[xT'
;jm:7
^Qvx2p
q#?n6^
Wx/!S
QokHB
MultiByteToWideChar
K3 [&
jX3PE
+2Kcj
7E-@X
4ocOY)
~65qi
~<z?%
O$x]/t^
]+Th3
_zyk_I
":^uo
-s*BG
O&/Fo
|o-5$"
_0V_|w
GJ*n(]
osre~h|K
IeT3?[a
ik6VP
mXC!>
^fO.4
Hc%{gs
l4Brn
l OP.n
{Gw-D
`^^^sS
DKQ`<
SIDoDN
CreateProcessW
3.Z5U*0n
xeKJ:
^P*ed
mU~#F$
dIFk2*
... %d%%
I/.Xc
_/o[B
9Tx7*
FDF*3
a'ab.
N6C1P
JoGc^
a6Fmo
WCu^v
l5x)$v"
EgxVx@
OgiVx
=Mls;
(Gc+U
UUUUW
\yn0Ogp
TrackPopupMenu
3 Lj]
F"C?N
@@UW2
lstrlenA
M?@SV=Mk}
?Auj
2gW#"
D@#^[
)T^M|
LE#M%
$2hFJ
6SsKt0
c_CD"
zaq,R
Io{xr2?
bX8$y
VZ6K~
0NDqx
*Xd,H
s)`.@;NL
k!WaP5
p]Dm6M
EnumProcesses
F*yO{
f;M,j6d
ms#tt
BcSJ}A
Sleep
gVw=^
HKEY_CLASSES_ROOT
R,]uF
#sLwAh}
yJ'[u
,G<SC(%
GlobalFree
HU8y-Q
3m!M,Mb
@@g>`
O^}=!
GetDiskFreeSpaceExW
}0x.BVpxG
0}EYh
;>h0h
_AR>l
S@e@fN
U{ENP
RegOpenKeyExW
f/]3U
H/%qX>6
r2Tkl
SG<lxWq
O3CR&a
yz>]
LXfM&
=:A%j
$=QkU3]
u2ag-
+?BFv:
cMr!f
n%74YU
79{sX
iJWnTM
q(\v@N
/|ob!
M~riC
?9@C`Y
$/s>w
TJ3;6]
sB%wO
HqO;Q!
Dji%/
-rT\_
iv1]$
PYL,
ejE",+
T8_4BJ0
4()E10N
0$uQf
7d,EM!
52ru`W
b:1h|
HJsuX
'N^B:
.hto?
@3!VS
uS*2x
AppendMenuW
{'Aq3o
U*#P}31%
i4\9}Sc
OpenProcess
<dCP`
%u3V?
W?s3p
]B){G
p>`jf
ULe+C2
{Os]]
f`C|&7P
7ua?;
CornD
]buxyubO
-<)!`
+L97\
wX;ew
SOm:5V
U7|Dzun
PDzNu
sxSY>
7WKTo
NH=!$&`DQS
+R/*+l
'Ri7D
F$Tw=
^qdT.L
a=2U*
l_yu
!QSC}
J=hsw
GetClientRect
IFLLy
Abj3^
YrbXgl
F@QNx
40Dz}
lSqtk i
<1Y5J
Wol{'dP
J%ywX
S&M7wd
;z_a~
8cOm"%h
COMODO Code Signing CA 2
`w<$,
ImageList_Destroy
GRyoH
gH+UC
#Jf;)
Gn3C7
H\us7*
zqGz3
S>jqc
:-:8:>:C:H:S:Y:f:m:s:
vl1IC30
a[g~o
j|WUO
fBErEJ
Dn6vl
ti^RH
9*T7P
:KHwG
83('[TH
:WH-$
99x&~
ExitWindowsEx
t^&fA
`|swv8
pu|w
5v*gO
PgruU
B"I~s
=lUfq
)Yrl@
e>Q8f*.V
oK[FAs
-1<@h/
|08wf
l>`4H
'(nOq
V&'i{w
6N!\s
fW4h|
rF.HA
*A-<]8
*=RHZ
1SR!1
4<T4zF
^.Xgd
-06hb
mwd5<e
Ul5r_Ej{
n>]D0
t?lh^
}Q(XDA
%[@'g
5l?-N
{`)}JuJ
qjTNv
z?e:V
JdS{v
_.8v)d
GetFileSize
vFE_Q
Ee|P5
~yhFK}
{|lg'
u%K]Y
vX+@>
DgNRd
pH*'{
P4pRY=
9f*<Z,m
4$Bb@
]XU\Q
r(t'PN
Jh[8!+'QB
Q&*D$
c>%Kj4
mR`c~U@L5{
mzx&BD
lj/2W
j9SGM
_iQ.#F
Eo);\
Xx>az
Z+U?MW
_ZD)(
w}|dJ
y>fc2
5A}JeLtH
?xkOI
<p?{q
mNHG6
BvK[8
GetVersion
)o}~/
^LuDO
tj;t$
]fz&u
g76j4>3I
y?@P|
CreateDirectory: "%s" created
qfh!vg
8:8C8U8\8h8
Z[<E'
^14LN3
}JmrF4Ue
?{<`y
bR8b3
LoadCursorW
W]Sqo
~j~1J
HVI&9
#oD3N?&]
],mM\z
EG>rc
:@7h$
nTAUxWfL
hOt5=
=BC@@
>bN.I
7Hrhls
StringFileInfo
0$dW=!a
p&:~SH
SHBrowseForFolderW
\,VLc}XU
{5mw%
PuhIvF
)H{cg
%}]-2RM
BrIeB
u6 Kz
w7b$^
@gah;rR
YDtR`
'>`]q
q24N}S
A`^xF
RmD#In
xog19=
R\SQ\
t3Uo@
9.;89<
qv2<L
tN!~;"
Jb'\o
Y$CY>
R]~Jr
L::3-r|
031204000000Z
Fcyws
ww7Ev'7|
2{BDb
x+KBg
RRV-6
[`Tt#
:q/6q
"&SrHw?
Dn=@y?
Z?Xh[
QSUVWh
EEM+t
&L?ZXwy
K_G{l
YLTxf
de*AOc
T3gne
Wbro;
f~1)G
%EeHs
KPAq?
20n2EB|6"
`G2KM)(
$NzFR
]jdB>
^uHwP
P: e_
SetClassLongW
L{hr?
]4;Mhr
ACm27
*p$.
V'*Tc/
:S_Cl
pD@RaUe0
lstrcmpW
OleInitialize
RichEd32
&4Ax$[
12i<R
Xm3=!5
mKKw/
GMFuV}:N
y]vnN
\vfBt
9{+5'
\%GlE
9o>F{
>KO\K
ko<Fp
?LoP*
v\Wwr
K^zs/
;6]@9
9!9N9u9
1pbKh\
sf{MQ
LGGNMKg
Z*jyV
GetVersionExW
9::T:e:
w#*OY
ZcBW1
GetSystemDirectoryW
e2Oeq)@+
qz#yK
b5?zr
opQi%)
R=aJMXB1
COMODO Code Signing CA 20
b`Q ~)%
PostQuitMessage
/weQDS
\Bo2.-P
_M>X(N
!Y=)nhy
e'L%r
.,g|[
9*HR/
w%=o"
=]3Fc
ud2Ly$
HideWindow
P/[},U`
}{I1g
Y!<D#U
H{O'5/1
b$E`T
A)E."
]~w }E
G5lkH
GetProcAddress
0&DiYlB
ProductName
;4F?>@6.,
=/P`a
:E+j)ZE
/sNx,u
>OL>,
S+[dU
eJc;|
v3F"`
1S8y{
Vv5>.I
wLo\%
d_Pur=
lstrcpynA
-Hf#p
elEYG+
&:k91n
aGQ4`
S8yy\
xKa*LK5&
Jv"zh2
iM@M<b.
2 2$2(2,2024282<2@2D2H2N2S2c2
#TP[X@!
2nh`X
Sg)C?
eF7f)
qq oe
d^6O$\
nS@|r
T_7! 7Kl
G:$OL
"!:^O
@J,S%h
kW6#ZB
SetFilePointer
.ab(-G E
Xs2osu
H?qKC
E5k{ Y*X
RegisterClassW
(6"Yrh
f3MnJ
,J!>Z
M$H+W/F
(/iTG3CJWf,+*
\u!f9O
A|+(]
I*Nb`
4#x:i
m YLkL
o4=V0kW
Bd/J|
P)EKD
4nrb0
Hl*/i
Fz|ER@
D:w>R
O\fF>
%Ha`J
<B'qm
['h#S=
lstrcatW
eIgk>
@K(7H<
UYYmM
ES).$a
23Qe:?|
ht\ai
<u]h|
P4WZ2
&9Zd(
4L1uy
&poRn
NN#?8C]
COMODO CA Limited1!0
<11|<Y
"g0=IYvI
Software\Microsoft\Windows\CurrentVersion
imaF~
laqd6
l(S~;
.#N=+
SetTextColor
+Symantec Time Stamping Services Signer - G30
e *_v<
&. N~n'
#d"nP
sSles
EX?u!
*trb|
0-1R1r1~1
u(2g<
29o%{
KB6p
JP>5jd
9GWgoR.
N&Y>!
""X3n2)ZB
twEc}3q
GetTempPathW
)M#Wo
VxhE*
7fjjp
TvdI
dC4OE
6;j|^L
;t9[h
q7*$+
1x((|
n *b}
|FW"$
6'g=b
nbkqy=
=d|)M
CUc+Z
ayYsF{u
A:[bf<"R
mWJ(k
$b@qDr
ha/?:
7\n#?
VJ#xw4O
jP:A}}
j]+$l
Z;z8}h
2x5M^
W[#$3
$zVvw
Kdpy
EUH0`
$,+ML]2=6
'}5;z
Vg$3/
djdih
+VC#<
)1}lr
MS Shell Dlg
LX)),
*};+I
k))I1
;EmX3
gpe%KN
(UU$_aFy
N6`0dFfEL
xXBLj0<eV
1xt(Z3
k8C;0
41=g-u
~ >`FW)
<a~^I
K.K s
D3ZlP
NcN;G
<'<3<=<G<L<W<[<a<f<l<
g$3$yJ
9-SVj
C*jl<
a"B2n=`
rikEU
W}K@!B
&4^n{
husg1
3"3(30383I3P3e3n3t3|3
0P[Vm
.J$6\~
.sDq9;
~1)4%
8!808D8X8
(=;8z
z4uy@
hR<8.
8`6l~r
erj5KRs
Durbanville1
Exec: success ("%s")
A8zx?
s.Zi8&C
t+6;dk
*#dIh
d:~3d
5jJ^,
03.S}
tsez!
lstrcmpiA
&bG'f
)rO7'
*[)JVz
&(mwwr$9
FH9|
&jx'r
-WCg~"
nKA=@
Q>+-C
pFOOHSNNSMFB&%
6CnVN>
Kk"wi
SHGetFileInfoW
_ePwu.{7b
4a5r5z5
4P11N
T2 o?
u$9Mls
! U!&*
MSs34lw
idU]+E
C--YM
111;1D1Z1a1y1
AN]x0\V
9yfp7&
N>uj4
a 5bF
http://ocsp.comodoca.com0
$Jjj9
Z^DFz
200530104838Z0{1
7<W@C
Dcwo>}
-UQ6?
rhs\H-
-k5LD
7|h>y
p#FW9
M#A?O
<5W*8
Ivv|A
2'2B2d2v2
GetTempFileNameW
=#Sbr
kNr~c_
Gb_Du
14L}8D
s18!b
K6#hqHx
#Vhh2@
d3q0:
050607080910Z
Coo|r&&
:^tcc
b}{fS
$A(p$
I4-tw
RZdBD PS
~>MLRb
bYqoLAu
Y>7VIe
}O33J
File: error creating "%s"
=p8s5
<d]Qdm03
6K>}Dt
EH:x_F
R)PU0/6
H?`eJd
DeleteRegKey: "%s\%s"
.X({z
Xzs $
fWG)fl
i[}f-
~wT&B0[#{}
kc!8.
CharNextA
CjTBC
r^&O$
"1?2,1$
!(*+(
]EvQ9?
5YKa4
pKL}>
iEG>Mt
bN %C.
arOF4r3,
+pwu^
DV_.B!p
Z[BJJgz
?X% B
E?d%^
c)444
7.7q7v7
\HCFnn
;-*<f"
MjwZG6S
?OR=(
*4'f`N
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
(#[EQ
U$~5ew
&%K>+`
8/ShX
bNPV[H(I`
<?I([
~u[^:
I0[0`0
YJt"/
Bj_MT
f$)L4
(\pOS
w}6DO
=+LX:w
t8#$U
99:f:{:
s30"Q*"
jSV-/
t+_v(
DZDHy
]a]a]]
s:^Zz
,yk5C
:M|0oi
u3e]w
q%=p!
XF7+A
GetSystemMenu
BaQrYu
0l8_Eo
Mk)fz
h[w-r
jkX5&_
)2tuJ!x
@xQ)F"
J(ZS/b/
cOi1U
]D]Dl
'26PG
SelectObject
)Y;0*@)m
de(Tp
L|C3;
yL@_#J
@Cj\T.Z
zvblN2
2m_U6
~E2'
7'M=F
;jKoo0
aPNw>
SUVWj 3
Tb'6H
;0ms-
WT>}N"_
}pV-g
;?[S0&
};Jp#
AP^Ic
CreateWindowExW
.`$bc
j]6p0
a[.r0
SetCursor
RegSetValueExW
ZL$&a
<QIV2
7L#i:F
~',ik
6D4~B
3 CRQ8
C K!se
\`ruI
l,|hx
+7k{p
60U[Y
Da5V} #
G?\#!
K2}nQq
Yx?n
B-o@mm=
C@h, %0
LoadLibraryExW
]q82s
$03C5
100091
@6jdz
N%:L+g
kid)
jPOPLXmjVKKWMEA'n
E:fwD[R
,-vIL&
zk#/y
"GvL9
DO\aa)p
+si'b
I2v^+G
Wi"_i
S,`D%
F>Wmk
{X7.C/
/./ 5z
B2U;z
H:I\|8
{v#5jy7L
'B[&{
:2NL1
,'Wf[
:JuN:p
Pc\C`
4~(8r
_I>,ghJ
p-{7#
x?qSE
STQ#4w
av&Z
k_E[b
FillRect
idnD8
F"ES6
@^'>@
^w.uz
_@^`{dP
<U(+p
^g;:
G^(J1
&?@&$
DKAd6
.-s/~R'
"U*BUUq
8eA-,H\
|BwF!
y+hYZP
jrtQb
gxV^lu
in~3j
.gf|=8
j#}1Eo6m
pVl>&8N
5<)[>
:#V;<
<61W:=l
^Q:&c
r Y](
!-liB
3g`e9
lSbT*+
m|cDB,
G/9wto7
:v>iQR
gaG\~uy
^fw\b
I{SgQf
6F&Vr
HKEY_PERFORMANCE_DATA
pD?>A="
`+/i(
JWQu(
k`|55
nipgr~4
c d,'
CoCreateInstance
5Fd~"'<
r.y`5
Rename: %s
k4s}J6
\bvv]zz`
GetFileAttributesW
PortableApps.com
tf|vb.q
4%444@4I4X4
\p(!$-`
0"9Ja@(
XSbY,
G~X9;yX
iV5CY.
#GG*%
}Q+SLAK+kRI
QWFp)
EV]<AL
VTT\wDNR8
9)!7C
DispatchMessageW
#Fyzf
&$j%;f
0[FM`!y
]tv3!
=B|TE<
121231235959Z0b1
"$hYdYB
H;[@[.j
n9"z&
/^-itO^jll;|
>1iT=TkD~
BeginPaint
=,b@7[
WG<|)
>{r\;d
<8V4W
ry+Oi
$fcXc
kn<:T
Y-s?_
,Q+3C
~@-uM
(n)@V$
f,8dw
8.f2U
)q'3UQ1
fZ#KU
vk<Zt
KGgP:
UtQgFAB
\m[olf
4S:]*
g-GCt
p4]T6
7v]c7E
A5-dl
R>'Z!
ymMBc
[l'L5I+
zK3T?
on!)8
1h?g*
ep24E
N*=s^U&X
S)aoS
GoQeT
XXt)"
JR4#<
olw'z
J`y77
2V>*q
yaW=&S
Y41C#
\>az,N
Ch&&W=
nzS )1q
0ndXW
/qeF|^
VD*v^
1k@]dL.7+
[Cv8^U
EcP}:L0W
APtdL
^rO#*"
` ox"a
-Y}d5v
.RYc=^A
:<@18
[bp8t
EGX|z
0Fy )
BBL#%9
iAdf.1
8m,ykw
4+AIG
;Lut%;
Ny`-g
C`[MD
DicomPortable
$U-uf
eh_$k
H<tM&
sr[IG
80PW\
8),E1
VPdCRy&
"6U46
tF&niuwe
rEcMi
KtD1+d
8{ ^Z
pd^H6
8oK40
8[O)y
iGl{drV
j1]lJ
WIJ#MT
Hpp{^{
]pF$O
YB`Rp
n$6E'6o
0eNGsD
ewf/c
U=bj%o
i2ZV?
wF 6z6
@d2)V
6_FRC@
8v@0{
Q6hABn
2Js&
bg}hLW
)p=Cn
MqT~x^^c
t./M.p
R9M@0/
qjpZL
p\cOdK!1
EX`a7
6=z0t
R.=$6
L!-9X
s{Tp:
J!.("
iWsC=
c+|eF
EnableWindow
K6V!<
e7YFQ
\Microsoft\Internet Explorer\Quick Launch
P n_&
3J-ab
z(DFw
;:ihd
CloseHandle
a. ]Y+
!;p,M
5"5/5
&\7y3
5`|;V
_8|=0
Z$n!7
Pdk21
)qO]qW
BT1YR
Q`A*!
CV3yGXc
#|l^-
aiVf+%
a5u5,
120501000000Z
]OL/x
gqJ8.
4#4*484C4O4f4m4x4
5z^|Su
w1d$B=w
*79)H
V86Cf
+Y&kU0
J}6#1w
uCs}P
MT8H<
+>3@.
'V71jEMZ
X^NK`a+
*KS`+
q{JZ'
:M'Bnr
,!/K|g
0U9m
:h4hf
^}G@X
2f[C#
hIF<m
."]S32-7f#
d_H*:
0[Z;$J
!%nc%m
#-)/3B
he0&ij
bCRlYx
{S6Nn
`1j)P
IFnkp
5dQ#/
k,%;J+
C'4VYt
created uninstaller: %d, "%s"
u(r?Y
5r|bm
FL6R8
Z9ymQ3
COMCTL32.dll
@O)Z5
``dkNq
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
PNPZ0
PortableApps.comInstallerVersion
v@z-M
Sw,7{
@g]:*
200530104838Z0
R/Uo#
?:.O[TH
4%h8j
Zj?p}p
#%,4C
s$5"eE
]?E}'
_[w1 o
RyCeP
eTA<ce
RemoveDirectoryW
+(Zk1
0 0$0(0,0`0d0h0l0p0t0x0|0
+ANl?
6j;4F#
UEI,A
o>PSNV
W5r,~bz:y
RegDeleteValueW
;e`ox
&z}a+<tn=
r4+Mo
kN, EL
MN{]@>i
kfO?e
LcsrB
ck3b4
q0/V(
a:S+H
RegEnumKeyW
$1yU~d
4"4(4-42484I4]4c4i4o4w4~4
HEaZxN
I,B_6
IsWindow
Error registering DLL: Could not load %s
"m0_@+LCG
8!f;0
7N-DZ6
d@Dt&v
X8dF:
c.l$Yu,
NlC,gr=
G5x7^3
{'rWhSTDv
2%~<)
PO Box 2271
YI1l`/
3"GZ_
$;O J
y*.] W
bf3->
IsWindowVisible
e7)U?
rR~Jp,
Rb8tG
AddTrust External CA Root0
l#Lp|
Pt\M-tb9>
\y{E{
.#jE]
(x&b$
#~gO[
@Gk3o#
yxZ}k3o
TQ'x5
#OKr')
>n@Yv
eC16K1
u%Xb]e
4Hjf|
z:~a\'s
}_g6x
~ y6E
fYfd}
jdCLS
q`-_9
r8r1G
M~8/8$
Z^wNH
CallWindowProcW
D{q)3A
bq1'I
Y?hE9
vCRbo2!|
UuIBt8a
o;N4G=
PSxD~
k#`~E^A
iPzO_
pX^'w
TQZW@
,{6;#h
" iIkVQ
V`-*D
R<QA&
WriteRegExpandStr: "%s\%s" "%s"="%s"
=E;C'
|`v5*W
'"6RE
D^+x3x~
X}BUi
mn&wJ
upk,)K
}AD+=C
?mZU}
*0ZtX
&FR)|2
_!#Np}}
Process32NextW
;T!}olj
Zymk4
?]%lY
RegDeleteKeyW
,s&|#
~p7b7Y673
UZj3N
$I7.n
LxgeH
-}eP!YJQ
u}9-$.G
*>\T>
Delete: DeleteFile failed("%s")
WaitForSingleObject
zI}|pL@
S9j3$
wd-8:@
gRA|ym
t*'^$56
1Zr5$
_+,!-
OpenProcessToken
8JWwi
00(s$C/
]`Z`e
+.|ny
|0H&3V
XsVQc
-{NHB
6Iy-e
SetForegroundWindow
W[w r
<:ADn#'
<_nhbs
cetP[O
~V~9[
A(2*gT{%
wg$SI
$C}<R
?1?<?X?t?
"Q}mb
&DaT3'
)>0ri
q <d K
mRi:]k
ExpandEnvironmentStringsW
OT.zs
[oS0D2
SetFileTime
T\1Ze+1
6-uV[a
2uZL_
e6nv>
O#9~R
%=q6->
LJ#D3
JnpR5
$zxPH
qN!#I
CRhJN
uV7gR
5\Kv'R
gnh[DI
>XLs~
*#Z'z
2`#FgG6
SLC '
^6$Z>
7'u\qc_!j
W[6W=q
KZ[yz
jOG{U
(.7>I
\h:Wx+
4RfGU
softuW
Q"!99S
8E)sa
Lt&!m
'oOU#S
kkYP;
TSA2048-1-530
$v.Iy
buuu(
pEBHG:
/PXEjF
NDw*GU
vf JQ
6)6Ie
hENwkq
l~@/Z
Oi)13
202t2
Qb,S{
cPkb*
yKp+I
RuVtv
DyMBfX
ygD@PX
U)NlK
|F&W*
PczF~
8qZ[X
p|#g[
;5<w%&E
d] b@
CU;~y
tzK.x
fWukf
Q]zrA!\
Z8/}/
ruS{2
\CU5h
HCG0*
FQ5\6~
;F<8;
^N6t>
"i8F>
8-nw[
@f^c2
Z|_|q
;7Ma"Ze
^zW@+
DialogBoxParamW
FreeLibrary
OmDJ?B
s=e
%c+ai
h)r ;
(w)('N
D$$Ph
w12,2
rn*iu
=*s{nvb
;WMTq
:xS_o;a[y
QD:pZfo
UZ'Eu
DJdQug
CompanyName
Kernel32.DLL
B<1Y44V
3lQZm
{dP3}
<e/B0
$P?"cc
/Eo4,
/8[,GZ
vA&IOvIE
o~M"4
?0NU'
h*}ta
T&6s/
ezZo[
md*p
!M$!Q
BNuQu;
a>8);
'KXvH
O}14},
Qb{Y{
=6Z4l
t0_aR
:27Q6,4N
b)~0m
fZVYlo
&O/GK
+y`a3y8
gl95j!
fypOh
Y> <1
LoadBitmapW
T<LIs
SetBkColor
GetTTFVersionString(%s) returned %s
=Aa- A
1|:V&
`d4vQR
zakiY
J;jzEr
n[x#'S
RwBo|x
u +va^~
OKgNKC
CqN@Awb
XC;B%
maJk6\_
tw-ezo
"+;=M
^Yxe7
_DeQY
Q7iq;
VON{r
W`tD7
E,vf[
Q=1:#$
L%&c=
%[VR?
3p/p;
Exec: command="%s"
k@( @
bfhit
?YesW
z2%Wv
zgy|nV
c6 ?S
yqcZ*
ImageList_AddMasked
p2P7}Rs<
-vF!X
} s>wt
[ei)D
nRc~\
Vb3E!
Garjl2
'l&mN
3sE=f
SNyM$eO
T4ewM
!KI+OF
FindWindowExW
O\6i3
#%7^`
xc +E
=]]p2P
]cq;}
hS)$W/Hz
m%Xpeu
zV@uM5'
`ccj`
PeekMessageW
HeH}1
Mbpa-
U';zIs
$\xvT
$]*W6
^W3#sd
`Xy-I
}$+<n
3|m:f
33X']
q_%=v
n1e\R
f;u"p
uO2Bmq
5wupp$
FE``U
|b+cTgu
S9<ED
R^UD$xnDv
PE"5X
wsprintfA
'|,BxV
t$$VV
J#qD_
u}:y{
v/"mC
Delete: DeleteFile("%s")
=6rnc
$.8Rwi
eWJe}4
9=dU{
yt&BLU
=$8lf
YdyU|
Installer integrity check has failed. Common causes include
=*P\l
~ed(Q
?Da[+/
ICCc+454
TSJqn
W7$IN
4e)GIA
)v^BD
t}@^#
TPFL>
/~kaY
2iqu0u
Q-.Zf
T]Po\
{(f?d
mQM^^
Control Panel\Desktop\ResourceLocale
By7EsY
i6cAEf|
)n_ka
VCYDA!
2{#Or>
"l".=
9mcXy
i:6?)@
0'0D0M0o0
TrSFU(
GetWindowLongW
h2VYN
+=W%O
4JCj,W
w;jj&V
tgg7w,
UJW*+
ii+Qz
`<02]
VL,)L
{055M
iJL/2
,sWs'i
(N$s8"
`HR{]
{;F\u
&)~00
Error launching installer
110824000000Z
797C7I7Y7|7
M2'e[
"G0/<>a
p-3M11=q
MZUm2P
??$,q
WriteFile
T'HMJl
@nKdN
&(:.4
DestroyWindow
L1$,W
?:gbVqv
BiSlI|
0;1A1Z1
kt.AS
#>=|m5
EWa G
RO*~6S>
U.#k1
VSUbOI:
'?H3=K
3.u_7
91y]c
Loh:W
t=|DO
T;ZM(U
~d.n'
(/"eg
?q&Qt]
&5`p)R
yac/u
5XeIIW
K@M_6
RichEd20
p-tw[
<sa'U
o0'"*
PortableApps.comFormatVersion
*]Qk#
!w~Whl
Z[P47
hI%s,
2~jN5
LSVW3
IAS[}'],;
|~l%a
o|G]`
9xV~1
= fot
PpL!7
1@aZ/
<)9c)z
4 %X?\r
nM:sg
mSQZ&
Q9y5 8
rL'Yf
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1hh~X
nDS {
u-YAyQ/s
4;tE%
RMDir: RemoveDirectory on Reboot("%s")
L"[l8(
*2w=<
$53\l(
!m6`u
0:a?9
ojI4($3C6f,
g20+4
\'\BE
D5gqI
zqN3Z
+[X*|!Q
o1y?f1
j{{*L
CoaV%
,"2#Cs3
:#uI[6
Y8'lYY
/U(Em.
I4]_@/
ZL7=~q
;x,q~Nb
%4J)3
s'h!et$}6^
QK?I^YM
0[Gt_]
,Fses
2Ug^%
BIamz!
VVVVj
Zlp)p$
E`@W7
UMBh?
mgVA0
Hvw:x
P?'j>
ug_:!|
5[!w>
E&<m5
eb~S/
Q+n!
$/LP-(
GetModuleFileNameW
"%SG,.V
Gj|KG
MPRcu
3xbVF
8W,9+p
8&-_;
Gp|u=3
p5"?G
":U`c
VSdE".
d$$v@c
AD?zJ
<3\:/
C9`N.
g|N4I
h0f0=
-+-V,+O
nKFJI
= =1=
|"xV3
pIT&ydn
g)0M,
;krR7"2
97F[d
e\;a'
VS_VERSION_INFO
.qOU,i
RvaIv
baP`g|
*J%pA
ev|RJ
SW+8I~
c\DfG
s*=3D
y*D/R'
c`S3dD
e@&%"
`)]x89Tw
(s~>"
{g&['~(
sfUr"
"plIl
llwim
{49=Ii
6\PA[6
q+)w)J
'&aV0
bKhJ[
OpenClipboard
]%v G
X;Y\{V
PRsMw
_6YY|\Q"
)0'0%
cE9Uv
SdV0D
'woa4
SMALHB7
OP{&;
?1J,U
`SSik
p`Vo}
{2V'=4
zuqYq
cfR+SB
94**wma
PwTIE
C?gHyuP
j2K>X #
Lq+WPH
ExitProcess
u6v+;o
=]0&6
F)dkc
D,.P!
LYsZX
}zZtC
D$8PUh
UJNMk
Mu,@_N
Please wait while Setup is loading...
kC|mJ\
ER}f7
QY e=;
TSA1-30
<`9;;
6ds!g
0S+0!*
&C<])
l&D/PN
CreateDialogParamW
G%01$
HWK;,
GetExitCodeProcess
nELdPB
qNeqkN
,$z3kU
o5}(!
LGLtPPp
z4 ]3
[Rename]
L$<O~
$hZ*L
*'>M:
\EnK;#@{
"ZN$B
Jb6em
SOW$Tr/a`
VerQueryValueW
2*'?bw
]oRBz
I5cw]
d_4Vu
GlobalLock
SHLWAPI
')hhK
.u,]&
GetPrivateProfileStringW
*a0Vv
ae!]\
-]05q+
Z\YO[
VC7k,
a#PHZ
k24HC
g!Eo\
_^][Y
Gpo/U,
6G uIb
GDA2r
$3?U,d
!{6,i
ug}Nq2
C[D5z
Ut7N[
InternalName
}S[dZ&
bWbzc+
NetiRZ
ubAS^
A'%oRA
?Z\hR
U\?[ob
$54W}D
[O>v+
=WdQ/*
q8(h-
SNTB`
Q($S<
qR15`
U=Ik,
&BkyhJ
QxsNA
HCIs&%
Pun;z
\65oZ1
oCD[3
TU,?[
FindNextFileW
n&bFB
l7%YOy
B-rpZ
IHL:2>P9
!-['<
G=%)D
~1(r#y[
sK?'i
{J7;#`
c#9pH
=L8%c
incomplete download and damaged media. Contact the
8+K!J
|a@k'9\
i-c$^
B<0crj]
\_5:n
mb538
'jzb8
@B6[Q
K3ntC8m
kk59Z
|88ZZ
hug2n
])8}Aj]Z
B|xAf
GetSystemMetrics
!R/iN
P)hc*
cjWZn
{z8Bq
/BbteH8
u BM
?fB}v
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
]|C+xr~
ID2KE
CloseClipboard
C]o]6E#
1>VP7
l.G##
1-H'&=-
4,!OceK
$e7VIPz
8"51
uWU^4
T8\kT'
`6u6I
H2,2^
#5;(z
`'nWE
2Bf-u
rM{#a~
2+on)
PIY"r=
A`Y%Xe~
?>y<r?X
USER32.dll
./]&Nu
)8bf^?
7L9z+
2v22wi
N7F1wF
*yE-X
(QYC]VO
tr_#+
[$luj!
ctT2@
?d`OH
$Apak
;/+}K
IY77G_
)cnC(
bw1EnJ
hC-\z
"o#bM
L_1IsM
BUCL'
/fI1?
tC L8
wE~d0H
4<2JI
BipTt
Gb=_7
!qs#yl F
d;7UHG
PortableApps.com Installer Copyright 2007-2012 PortableApps.com.
GetCurrentProcess
bCyq"
4!=)g]&V
H!%q!
I^*WQl
.ndata
>2OPu)
GetClassInfoW
jv-EK
}~1|]^
DqVA!
Dj*x)
nK0'O
?2?B?_?j?
GA=;KJf
{2"5Fx
%y!s+#
OleUninitialize
iFOAT
?%JK9B:
&,gl)5
J8/&s
^c~X/
Yd&p;'
*`F*P
ocw;:$
`}:1j
wz]"7
c<Os)%B
i}-[P
=c[Gj^
)lcv;bH2
?~y?U
!SA_3
dm/Gs
p2PH!V
o7_aqlv
_9U&b
MRJ28
;`5\g
Instu`
s,(UV
G/a^[S4
X6Oj{^E
8{@1,
av.-{
oU0^m
]zOzu
ShowWindow
Ht@h@
^App#
z1[~Ws
guPuWV
>+3|0I
0*"?%%B
&=Y;U
@TI]h
C<4U5
*D5Rz
Jump: %d
File: error, user retry
Go\((
CD&g<
~)@nh-^h
Apcbp09
by/1YZ
YuM)%
p7@N/
`BR=9
85HO\^
9Z`mZ
)T|(O
HKEY_USERS
U)mZ:7
LookupPrivilegeValueW
&}!ij
~nsu.tmp
;#;A;H;`;u;
u$9Uls
z^)G
`FXC}
Delete: "%s"
fA P|
X5>as
MG@.USd
Lv|xr
8#|N(!
x<R51-
<>].w
+LZypg
],R!9
f58ksIN
hgG\#
'?R.V
<fODZ
s\_X+|
%(.);
GetLastError
8jZ'l*
RKRb2
(hmfkw
w'x;_
BXtq&
GvI7A
xCq@s
576@6^6k6
.v)I0
+&/d,-U
;#<|)
;2I [
120216000000Z
WCx?7
0qjn^k
sq-mHP
du?8U2
pap^KR1
4IOVw
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | Compile Time | Import Hash | Icon | Icon Exact Hash | Icon Similarity Hash | Icon DHash |
|---|---|---|---|---|---|---|---|---|---|---|
| 0x00400000 | 0x000039e3 | 0x00103934 | 0x00103934 | 5.0 | 2012-02-24 19:19:59 | 32f3282581436269b3a75b6675fe3e08 |  |
2c09465cc979677d65781d9403176c31 | 5c00f471cce984e3b873ef9ade242aed | 71e0e4b8cccccce0 |
Version Infos
| Comments | For additional details, visit PortableApps.com |
|---|---|
| CompanyName | PortableApps.com |
| FileDescription | Dicom Portable |
| FileVersion | 1.1.1.0 |
| InternalName | Dicom Portable |
| LegalCopyright | PortableApps.com Installer Copyright 2007-2012 PortableApps.com. |
| LegalTrademarks | PortableApps.com is a registered trademark of Rare Ideas, LLC. |
| OriginalFilename | DicomPortable_1.1.1.paf.exe |
| PortableApps.comAppID | DicomPortable |
| PortableApps.comFormatVersion | 3.0.4 |
| PortableApps.comInstallerVersion | 3.0.4.0 |
| ProductName | Dicom Portable |
| ProductVersion | 1.1.1.0 |
| Translation | 0x0000 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x00006f10 | 0x00007000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.50 |
| .rdata | 0x00007400 | 0x00008000 | 0x00002a92 | 0x00002c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.39 |
| .data | 0x0000a000 | 0x0000b000 | 0x00067ebc | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.47 |
| .ndata | 0x00000000 | 0x00073000 | 0x000bd000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x0000a200 | 0x00130000 | 0x00018e60 | 0x00019000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.55 |
| .reloc | 0x0000b400 | 0x00149000 | 0x00000f8a | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 7.88 |
Overlay
| Offset | 0x00023200 |
| Size | 0x000da610 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| RT_ICON | 0x00130328 | 0x00012524 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.98 | None |
| RT_ICON | 0x00142850 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.18 | None |
| RT_ICON | 0x00144df8 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.51 | None |
| RT_ICON | 0x00145ea0 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.70 | None |
| RT_ICON | 0x00146d48 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.02 | None |
| RT_ICON | 0x001475f0 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.67 | None |
| RT_ICON | 0x00147b58 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.84 | None |
| RT_DIALOG | 0x00147fc0 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | None |
| RT_DIALOG | 0x001480e0 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.68 | None |
| RT_DIALOG | 0x001482e0 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.91 | None |
| RT_DIALOG | 0x001483d8 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.93 | None |
| RT_GROUP_ICON | 0x001484c8 | 0x00000068 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.72 | None |
| RT_VERSION | 0x00148530 | 0x0000056c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.34 | None |
| RT_MANIFEST | 0x00148aa0 | 0x000003bd | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.23 | None |
Imports
| Name | Address |
|---|---|
| SetBkColor | 0x40803c |
| GetDeviceCaps | 0x408040 |
| DeleteObject | 0x408044 |
| CreateBrushIndirect | 0x408048 |
| CreateFontIndirectW | 0x40804c |
| SetBkMode | 0x408050 |
| SetTextColor | 0x408054 |
| SelectObject | 0x408058 |
| Name | Address |
|---|---|
| SHBrowseForFolderW | 0x40817c |
| SHGetPathFromIDListW | 0x408180 |
| SHGetFileInfoW | 0x408184 |
| ShellExecuteW | 0x408188 |
| SHFileOperationW | 0x40818c |
| SHGetSpecialFolderLocation | 0x408190 |
| Name | Address |
|---|---|
| RegEnumKeyW | 0x408000 |
| RegOpenKeyExW | 0x408004 |
| RegCloseKey | 0x408008 |
| RegDeleteKeyW | 0x40800c |
| RegDeleteValueW | 0x408010 |
| RegCreateKeyExW | 0x408014 |
| RegSetValueExW | 0x408018 |
| RegQueryValueExW | 0x40801c |
| RegEnumValueW | 0x408020 |
| Name | Address |
|---|---|
| ImageList_AddMasked | 0x408028 |
| ImageList_Destroy | 0x40802c |
| ImageList_Create | 0x408034 |
| Name | Address |
|---|---|
| CoTaskMemFree | 0x4082bc |
| OleInitialize | 0x4082c0 |
| OleUninitialize | 0x4082c4 |
| CoCreateInstance | 0x4082c8 |
| Name | Address |
|---|---|
| GetFileVersionInfoSizeW | 0x4082ac |
| GetFileVersionInfoW | 0x4082b0 |
| VerQueryValueW | 0x4082b4 |
Usage
Processing ( 0.72 seconds )
- 0.711 CAPE
- 0.005 AnalysisInfo
Signatures ( 0.05 seconds )
- 0.008 ransomware_files
- 0.005 antianalysis_detectfile
- 0.005 antiav_detectreg
- 0.005 ransomware_extensions
- 0.003 ursnif_behavior
- 0.002 antiav_detectfile
- 0.002 infostealer_ftp
- 0.002 poullight_files
- 0.002 territorial_disputes_sigs
- 0.001 antianalysis_detectreg
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 infostealer_bitcoin
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 infostealer_im
- 0.001 infostealer_mail
- 0.001 masquerade_process_name
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.00 seconds )
- 0.001 CAPASummary
- 0.001 JsonDump
Signatures
The binary likely contains encrypted or compressed data
section: {'name': '.rsrc', 'raw_address': '0x0000a200', 'virtual_address': '0x00130000', 'virtual_size': '0x00018e60', 'size_of_data': '0x00019000', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x40000040', 'entropy': '7.55'}
section: {'name': '.reloc', 'raw_address': '0x0000b400', 'virtual_address': '0x00149000', 'virtual_size': '0x00000f8a', 'size_of_data': '0x00001000', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '7.88'}
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.