Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-11 07:59:08 | 2025-06-11 08:17:17 | 1089 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:18,741 [root] INFO: Date set to: 20250611T05:56:56, timeout set to: 1000 2025-06-11 06:56:56,605 [root] DEBUG: Starting analyzer from: C:\tmpjeo7jmad 2025-06-11 06:56:56,605 [root] DEBUG: Storing results at: C:\SLtSxJVgsX 2025-06-11 06:56:56,605 [root] DEBUG: Pipe server name: \\.\PIPE\TCjHsIkvb 2025-06-11 06:56:56,605 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 06:56:56,620 [root] INFO: analysis running as an admin 2025-06-11 06:56:56,620 [root] INFO: analysis package specified: "exe" 2025-06-11 06:56:56,620 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 06:56:57,105 [root] DEBUG: imported analysis package "exe" 2025-06-11 06:56:57,105 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 06:56:57,105 [lib.common.common] INFO: wrapping 2025-06-11 06:56:57,105 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 06:56:57,105 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\JPEGViewPortable_1.0.exe 2025-06-11 06:56:57,105 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 06:56:57,105 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 06:56:57,105 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 06:56:57,105 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 06:56:57,323 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 06:56:57,402 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 06:56:57,433 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 06:56:57,448 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 06:56:57,464 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 06:56:57,464 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 06:56:57,464 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 06:56:57,479 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 06:56:57,479 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 06:56:57,479 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 06:56:57,479 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 06:56:57,479 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 06:56:57,479 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 06:56:57,479 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 06:56:57,479 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 06:56:57,479 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 06:56:57,479 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 06:56:57,479 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 06:57:19,964 [modules.auxiliary.digisig] DEBUG: File has a valid signature 2025-06-11 06:57:19,979 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 06:57:19,979 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 06:57:19,979 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 06:57:19,979 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 06:57:19,979 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 06:57:19,979 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 06:57:19,979 [modules.auxiliary.disguise] INFO: Disguising GUID to 1b621a55-cfac-4e69-8e86-c2b86ccae11e 2025-06-11 06:57:19,979 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 06:57:19,979 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 06:57:19,979 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 06:57:19,979 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 06:57:19,979 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 06:57:19,979 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 06:57:19,979 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 06:57:19,979 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 06:57:19,979 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 06:57:19,979 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 06:57:19,979 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 06:57:19,979 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 06:57:19,979 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 06:57:19,979 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 06:57:19,979 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 06:57:19,979 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 06:57:19,979 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 06:57:20,011 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmpjeo7jmad\dll\696.ini 2025-06-11 06:57:20,011 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 06:57:20,011 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 06:57:20,011 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 06:57:20,011 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 06:57:20,011 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 06:57:20,011 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 06:57:20,027 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpjeo7jmad\dll\KhePLP.dll, loader C:\tmpjeo7jmad\bin\ktypyZOY.exe 2025-06-11 06:57:20,214 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 06:57:20,214 [root] DEBUG: Loader: Injecting process 696 with C:\tmpjeo7jmad\dll\KhePLP.dll. 2025-06-11 06:57:20,214 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 06:57:20,214 [root] INFO: Disabling sleep skipping. 2025-06-11 06:57:20,230 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 06:57:20,230 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 06:57:20,230 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 06:57:20,230 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 06:57:20,230 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 06:57:20,230 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 06:57:20,277 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 06:57:20,307 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 06:57:20,354 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF822E30000, thread 1764, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000 2025-06-11 06:57:20,354 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 06:57:20,386 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 06:57:20,386 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 06:57:20,386 [root] DEBUG: Successfully injected DLL C:\tmpjeo7jmad\dll\KhePLP.dll. 2025-06-11 06:57:20,386 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-11 <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-11 07:59:08 | 2025-06-11 08:16:57 | none |
File Details
| File Name |
JPEGViewPortable_1.0.exe
|
|---|---|
| File Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| File Size | 1467096 bytes |
| MD5 | 5cc3e78d2c056988d7bac4f2bbb6d3cd |
| SHA1 | 1e80df297bee06cd8e1684ba2bbcbf6853588fd8 |
| SHA256 | b769136c930e2a96ced9db5803b86e3fe7ed786f5236875e4ad6493463993245 [VT] [MWDB] [Bazaar] |
| SHA3-384 | 7f6264bc603eab6fea279c5913f502d3a6c16e6a81404498b9928c16842372380241ccce90886523773ca3ebac9b98d8 |
| CRC32 | 2987491A |
| TLSH | T149652301BFA0E5C1C8A28EB993F7D7D366B679690C14CA0F798C2F06BB617C1EE15542 |
| Ssdeep | 24576:NT5o9DAD/NIpsswXjZAQyhKaQr99EfAMxV8i+gv67X57DSM/WHslpujO9MII5u4F:hy9Maps5jZ+hKN9WrL8i+O6N7D+HwuaG |
| PE | File Strings BinGraph Vba2Graph VirusTotal |
&Y3&(
&ft#O9
4[.0.
@.data
^A>`1
KF5Twt
Fab|`
ImL0nY
&QL5~
gu!x^
\a&dK
RlF6z<
u.lM~<i
)bz.d
-ZFN,
)~bL%
I8TK6
Jd8S"
D{{9~
d.N?@T!(
rr~wv
ax'w7
[$u"Px
iVA7'a
svN#+
^$uU?#
n]l},
*_,:e+y
bE-1-pU
Q&8*p
4,-MJ
yV`y%PGx
Q4gv^
PN#HW'
]~GdE
BW3`m
XOM,>"
*,Va37o
sB#gI5E
%$oiT
USERENV
CreateBrushIndirect
NZCKiZ
M!|z}N
Wf7YWo
yO86E
Sa0=E
"JK:iX3
e5;ht
d6`sl
(d~v*
"4{me
,M#4+-
0>T;}EG
A>xP6w
040904b0
AikeM3
4||:qZ
PWi?n=d
kP4})
Bs(4t
d'nq}
%TCFe
_6+FK
F)P"`
Fa#je
7NC;V
1&UrC
Z>g)2
EmuF4i
N dRp
Wh4W?
2h';-A
+/0$"Wz
%S_VZ
v^hAxrh
Vnp1OT
G5KwP@%
x",f3
2J'[\
CU:I[
%u.%u%s%s
;V>O\f
x;"4#
5 b!)C
9}G6e2b
TFwab
&rtTA
Hzotd`
T0/~Aw
KG;GXI
l1aEK
e~\u9
h6O'{Y
Rx/~C^m
1X\W<
>K=a9
8?01-
$(Bn2
"lipTJ
*2(*+&II
Vx39Y
7='|zR
Sx@yk
8ZNR>
Ib56X
x%F<O8
~m`K"
;6-J[
c#Pdc
fB$fv
zq9/)
@u|FK]
)TbRP
S853*QoT
z8&x7
=-a*k:5G
@P9t$
Wy8W_
y3JfN
c_E!x7
T,^zI
Sectigo Limited1+0)
ct$4s2
EE73Z(
1ORW
Qvoll
QAUO6
|(<|I
'L_?d
3OHbWb
['4$o
zra4<
2>L*
1z.2eU
cT-mO1
">*6=
&%Pg_
Sb'D0
&U_'{pc
\Temp
LC->)
CompareFileTime
-A,n4C
sglWI
0+xW#
tRgi8
hWnXcc
~x[%H
http://ocsp.usertrust.com0
L"C*9
^>G\(
SHQ3Yx
cL(/y
2`&SmC
|nU;~t
e(x7/
pFZbh
wm%-|p
Rng*5KC
eE`J/
KLumhj
xn5[L<
%"Y@S
4!hBJ
XyH6w
W=k>N
2@'P,
RwXq%G
&|)iU3rm
8IFt1
b-2]I=0
]&K;bqNtF
TqBM'Sm
QG`,?
G#B)c
8NchOY
MhtuG
:>I)K
d)ZzK
?73>R
]{//O[;v
7[/n4
#`c={
lstrcpyA
|cU5%
7]Td"
AdjustTokenPrivileges
h##G[
X I?RM
,qfYx
HH#H\
:&4dR
MG>BJI]
K`m0z
@9sWJ
5Z]-K
${)*p
A%&e5
*::t;Hj
2,7!tb
4J*_v
0jET1
&XkY_
y/<<>
pxG>A
2I#Bf
[aXO~
-)jzD
f;*a2&
:+c+?
|_,y4
RyBQ=
vzDcw
x&dA(
6g|1c)
nRhJ37;
IH"E_5G
V|A-.G
O@8-V
4$G%/
Lm1!_
?f7D_$/
eTZf$
%&MgWn
>#AhcU
TDw^;
Z6\|~
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.08</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
n Is+
&!vQ=8
o#]wS
&mLgR
3Z# 7}
aXfrlT
@cd4JU!
D/!w@
I',CQ
GGg]OQ{
1Q7iBLE
V3Twr
bI{Ft
""<\Q
tz:Mh=
Yweio
ut~{IR
Pf.=k
SHELL32
3YjLe
$LXF>
C)D}/
GetModuleHandleA
$Rc]T
:zhiz
iA:\q
d+_J*
.;}@|
,Pef<
o3:l=
&`x6!)$
x*uT;
ka>B $
F2<G,
0NJXO
5d!ZNH
_,_r+
seOv4D
,^#sT
v|>Mz
/PSc/
m!Wg}
{E*#W
$ssgo
.7K{nK
.rsrc
6d!|A
20220313174133Z
"'f/EH
yV>Vs
>i lD1}R>
wr+\H
#fKED
kv\.U
Z c5j
^`Yytk
Ga>``}d
+JO89rt
$/JXy
[^jXG
rLp:O
F%~GUH
h'hDm
JQ;c15
~JR5mau
vyLpM
*\/a)
0B>i#R
LzLV]
K}=NF=;
QHSS}
}#w,L
zL|(Kv
yRfp2S.g
5+la`
y+&`f
$`qy>
&fpmk
Ku-dM-O
V5x!4R
GetFullPathNameW
oO5M!5
nL\:L
;fCVL
]GQG-
_AH/JS
UsTq"3
5YpJ{*D
%^<i9
+ kJ*
'8.N+
DjGTa;
oQ2vL
D"QA2
kj6L{&
#%,NOx
v^r'd
&<^[5(
$}qk(u
|cp5y
!",AV
t#SSS
i"`te
ksP.7
5t)Zw
-(saeWD
rP/hH
RegEnumValueW
jBl|P?
SeShutdownPrivilege
?P0T_
4o&P]t(>
wQzh=
a,p'$
zWU9&/`HiH
Z^8&q.t0
*Wymc-
g#l|C
G7HA3
cKh'qr8.-
TwW&vI
n)|aV
%Te1,=
e5EVe
\b0,By
NSIS Error
".cZS
_R2}O
8luJ{R}
j0h0?
}{d.e
0ZHP'nn>
MRe-{
DpT)D
5S4hj
.text
ig=O'
y(]`s
gaC%lX
u(w,H
WFdW+
Nl"-WK
$p=!,
aYNde^RgHB6
g@#QD
'`AEoR
~7I!8
c$V?,o`
m[(;~
U:dJ}
Mwho:
#' /
.[27KU%P
[~)I';zv
nYYTX
=8V91
U" n3
lY~M;q
yjJma0q[
^j\PN
jq+z$;+Tj8
S(l4'E
MM>|a#
m+Bgh
M-iOO
UA?+4
v'f"D
p*;'j
`MH$3
eX0YX4
J&C:#s
s}J77
3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
kp~se
o|1?F
D?<JSRj
>-v/=
n4k51
2w#KVB
w.%G.<
>h=8O
18z6K
``5XD
X6,n.
ie(YD6
8<msu
sG5QpX
SO7b/
={~{l+xAI1
91} 7
,Y$b0
Ck,8x
<5l(jlqN@
,<lJO
OK"|S5
+64Q[
4eP|Mz
_kmC6
SuxOg
ElX@j
ifi5X
#]$ft
HHg;<
Rn!b*I4
DeleteObject
}GK62
|GK4p
Th`Kd
EmptyClipboard
nU2 #7
x|I(wN
9XI?b
<Fzey
Dj/Y
"e4./y
;Q&4@
8tY1f
aGa!$
XZ>_%
YQ)@|
jz@]$
LF+L63E
RG !/E
n0X@&
$nBC"
faIP\
%USERTrust RSA Certification Authority0
khxahB
7+DdN!
%nf(1
/YJ>'7J&+
M6*i`
2xun8
z:5#=
x~)2$$
y 4aG
K,IS2
I5|Sz
EndPaint
/^z_CW
4hJ8X
-=DKx
psD:HSq
LT+8x
zZtlcx
SltB9
+ uAi2
6vg7GI
C[[>g
@p =F
-*[5*
NUmI3
vejr>
.c.B~
Z@Z0Z
,h3S8f
$o]lE
OHs[4
giJh/}S#
'&sJ4
-mU%
c_~qQ
xG(yY
v#28(-
]vIT1
nG_($7
Zr{+N
g\%$5
-nxi1
.FZ.b
9;pjg
&Kf)g
sg7faV
~;TLE
~},K3cd
{$`b*
P,HN[-rf%o
eL03)
vker
qD59U{^
g?pV^Ws)\8
Pekck
rAqCq}
>^eY{
Uo9$|
os^Qd
=#E [
+td#tj
r7z\j/
)^{m&
wh2wi8
))7dn
;tL7w
UNMt\
<)Q<1
p"k:-=#
KH1wj
[eO%GHVZ>
UFcP.g
&Xt*g
,/+B#
S]uni
yu>nHi
H?,sd8
xfeXZ
LegalCopyright
Cbi;lsE
}*2&"^
pa".F
SendMessageTimeoutW
#!6Z^L
m<;%Vh
c@>ZVE
?CL-\
{qo$Q
{7X{ih
p!~9,
^xCDe
SetCurrentDirectoryW
0i0T1
S0AdHXa
tiUJ_;
-B_JgH
z.X)0d
,J!0p
|?-/S
`^&5U
jmxRg
;YYp[<
gA===
|$v A'#
plM+?R
Lf}8+m
u0bXj
f#1.7
Sghv~^
++3G4
O*:q^SM
GetMessagePos
&#+8F+
Dm"+6R
WB?p@
G]o0>"CX
HX2's
I'+kw
X0|!d~
^PNJ9
X\Y14
m0!X"D
--Ob;
p0q!0~
aIH^>3YG
wi)(Q
/I^H8u]
u5fx'
DxTPXN
iZ;qR
ppnOvn!
ImageList_Create
{z,"[
PDp$oS
|47[\
qkGC<
|Dws5
$ZbM^=2
Tu||]
E6}h/
gi4blk
I+koHx
nB]Kx
ea]K]
UN2<JT?8T\
v;KUK
7kzZN.
LNRV)
m?BX'Zr
$ndU_r
mRfNo
vph]&
+-MwH:>
i1)GD
=>4:1
CGny7zc
9nKH{[
7R?.l(
^723K
hXgR-
EIApT
z!SY!
8FwBB
2:$H?
xpwlB
#"J*/
)0A{6
KD;1NNYF
R]ARwd'
.IFF1
,s+oy
hZLa+e
- |?4
Bb3nF,9
+Wj^h
kUV.7C<
ISVAsk
;\fxcIe
#Z(*<
3i/p:c
.ITs>f
O)@RS
dmbCj4k
c$&KG
I"eft
G"s$)
bu@k[u
p7!J.
MVg~w
^t7zl
IMaH6B
\P[Yp
q:k.=
o%D\Cy
VFDV*
5!K[G
nGt>@
<#s^~
s]go`Q
f4p6M
kW,wu
/QJQa
E#3%v
For additional details, visit PortableApps.com
NQ3T[]
p?htS^
h6Dih
r)s*7
:hW2e+S
Io`.q$
A2nAqV
W\)Mw
V@f6[yl
CI"oL
l`z*)P
,E"e0
B[Gi|`
3.4(_
Is3jt
r]FH*
s],av
msctls_progress32
p0Bg~@
JE8g>9,3
SHELL32.dll
_"2*k
bJSmP
&*{@J`7
#fFZHQ
\|.\f
W6z"A
h=YR/
jh.b)*S}
/xrI#n
qV+x5
k,xu5
GzatF
!q!5gk
248VF
u]>Y
t2U=C
Wnh$'
Hvs$`
]Tx3!
CUG~S
oFrnb,0
.ohz[
=viI)
#@f6>
yN2yb
ET?0*
MWSVQ
40%.qh\
,*v01
,.W#3W
`jt@i
R=9Qr
UyOwi
c!?c1
K W<?
>FV']
@:nfr
Nd@nM
f;r<WM
! Bqw
PC`,,
M![/E
^>Y3M
Slw;5[3
3NM,N9
y=&gSO
uIAG4
^:K61
Vn8CCZ?
<?2Ny
,eV2v
(\UY}
/ P6pL
CreateThread
MjB>z
SetBkMode
!hAR*k
k/0k2
)s[c[
NtCdR
kRw"&i
\ fe6
e*J#w<
wo$lhg
F7M{~"
IX09p
a9G1<h(
P+gK<
D0B0@
^zcFP
t_hx,d
k@6_L
XDsfL
$/c/4t
}74"d
:&B=E
iDc5A
kf3cM
M]:Ql
V>{a0
t?[Tv
t#j"^
UUz<j
Q*@W?
'Z,'f
:pQ%}wL
`^!46r)@
x11k
T3wZF
BRs{D
o"@7Y^
|`#Pr
=z8TR
y2WXf
g0#t]
3#!#6
Lnxhu3
8 ~sT
5Ro%9
{MuX\v
pRy@o
oJQG@1v
GetUserDefaultUILanguage
o*WGR
OAK:Q:
X0Y~X
@%m #
5VhCD
}'S:Q
b4)mMr
o<#ZH
&i<~\
Sh8|>
j_0&XA
H<Me'
29'2.~
99d(tA
lA3)T|
%Jl/
/-P?pR
PortableApps.comAppID
?5nrO
.p}x{
X#{hdc
FindFirstFileW
wsprintfW
N~Rir3g7
1+|=`-
`ZOIKF:
% D3t
ODVoX
(>2D}<
8$0b&
%;n5L
!~3l{,
y#v`[=
{J&fp
,*iy?
H<rq,
?*-+^
(0&0$
o}>?rz
PB<$d
X_}9|
'K-]mY
D/{|h
'%~e\
Xa+LB
k+HQ{
e,shcf
R]=f9
j8WUHBYs
q4B,>
$jJjp
%E\+v
https://sectigo.com/CPS0
*cV a
8WJJ_
v<.,G
N$qD\
1Nf8b"
eK[1o+aQk
2/"j6!
4:iSG
&p/gJ
&?%:1e
N:sA]
jdq??g%;H
>:&6i
sC2P5
[KMS-
8Km3K).ST
9l<x@j
=oJ_&
|E'yF
?N\gul
Ob32+
IDATx
M8{=c
g[L<<
I3bb!@q
+i2 Yt
:?,C9C
25&ax]9h
^_yE(
;wVov
`<^tdqP
XO&F =
;=Srb
s%bFl
psy c
G" 4r
^bH1\
(0d_hF
ReleaseDC
j3i0Q
0VWm~*
4VOnG
Vt665
$l)wY
'1:!j
"-F\<jC
3,{%5
+/kbkP
cwC;W
&EFPd
K+y2a
?]iM01
#mzGq
}Bf?3
&l~ua
eO5<?
go@hu
Qy?Vm
lq(2M
]"X0i
z\ZIl/
WideCharToMultiByte
I$[Nn1
8b{kw~
&Ft&nv
VarFileInfo
wkgY~
Y#T^{Q
qi}qir<
}"&lo
v$*QG=
0g6uPI
1vF.^
U=Q;f
Cjd;A
~XA.a
3z8@Ll4n
ypW<;
GetFileVersionInfoW
jo~Gx
Y/$? cJ
<A13B
=Q$?$c
GkjgC
$F6s0
^UK*J
QN[p,
CreateFileW
:I!waP
LK<|K
I]|SI
=<^[_a
aZmld;
p^vH[
.p&E6
4/?+nD
CopyFileW
7`AFu5
3Bqa1
{HOOb
f)BhZH
fdk*k&d:A
AW|>j
;+WxG
$th?$
kA%km
/2l) g!
NQu=|
SHFOLDER
2Fee|
6dgVW
/Z:d8
rBvZ>^
IM?eL
+uJyF
OpZKw3^
wO_7{
`18?Y
Z2@"c
'.EMT+
i#Ri cm?
Nrsh'
_&4S9
oGJ:fWF
ej>(F
4pG51
}bJb%
VB81nNA
*dymS@
N%f$[
7TD*\
?LnKs
90xxI
L,{_L
acWwV
O`Q'V
?8|PNH
YR=re
^U,Bcc
YAibC l
EJkht
7b@]D
GetDeviceCaps
\hZ=!NCG
@O^h.
?,M,]f\
/ejVn5
k'O{6
N-#Zi
%"qNh
GTpfz
f4)g5ck
380118235959Z0}1
dXau2
8rC0i
<";C4_
|8dt^
N+{]]
ub,g)
ffu@zh
WO/Lbz2
TXmA,
YQ<1@~
1C\uJ
T059pv
KERNEL32
zMbSr,
9L!Z R
D<_|85
W^%[g
@)P=~u
Qs"*0
x:*>\c
Gv};l
6J\RF
\|O!2f
g9Ze]
AHRFg'
#,ikK
!]5f1BgK
N#j`<
z1.b'
\v =c
9oJ+L
Q+!hMV'
KT._$
q~A;m
9JB$u}
S|<r\'
7]w2q
\u f9O
aPDf*
P)IS.
B~S>-v
j@@R0
05>Ivz
]s9Q}
SHGetSpecialFolderLocation
utzqK
f!Z/R
4w5)Z
=K7CO
O!fM~
N!<Ev
VV5'1N
Rn3'c
z61fL9
pE/B_
^1|`)
p2CN;
Lf}/c
CA1G~?<2
UWvxv
dS]Vf
`9zzj
0DGBj
.r:BT
-gr'~
rY?f?K
c~H\A
s'NY{9
/0-KjI
\C^oj
@0,xg/
df&U(
9Pv;
1gM="
gI|#B
05/9Y
Y,S:V#
0\B9mt>
Lx$hfD
ebCH*
M{Kcg
].j\H*O
8M>0f
c(mW2
4}4b
(4+G:l
Jc)T2[j
-oO9V
86oLr
L5<?)
SR(Nm
R^*C+
f/UGP2+
,tu$n
2Ugg~
Cj\=H
Zs,`B
9.HbW
4qD8H
.Of Y
wA_o0"d
"9KS&
"r$nz{L
-U\ua
!-iVma
;^4Oq
$lUyM-O
XEVjR
TJ5"[
olj}xyGK
Dx{#aS
s:ooq
"{Y{Td
K{.*v
\$gy`
#2ku^
bRov?o
Salford1
G,:5Z
i N(j
vTZe[
~[/c\
+O|#x
RlTl<
i.Sw?
,ondD{
|r(kd
>pvk0
lX(S"
]\rjf
Ik[C/
tpv*b
aRd,B#
5]04)9
A/2mD
#Kj&=
"qra>
02:"k
HQ{a`r
^~fnO
9_$pD=
-~(:L
SetTimer
]wpn8
>,%`&S
&(*I.
=7B]Wu
zByTe
m)\\/
D'wvsA
16o@6p=
@Qn;;H
O;Hy^!
73R*9U
&u>p
w.:2Ou
WVC~N|
6a-b4
%3)iZ
/g+z;
+?;;3>
eFW+$
R<9Xj
CdT8n
H1Vfgh
Vh6RQ
iAMl{
kl4=p
m0k0D
GetWindowsDirectoryW
DefWindowProcW
R5&qH
5}[jP
"D?2j
:;wY.
0WZHBMko:.2
LvvmV
>D6HWzM
^|vp"
GetDiskFreeSpaceW
<p?j^
a3Kf`
7M+dUw
9<Z+n
k3 .Z
|UApkO
p Ltm
Ad+!2\{
??wwKt
>;Kpr
fL A/j
,OQm|
3W.Ab
B<$t77
Cr_6u
&>,'Q
2@,)J
oax/9
70QX!
r]dIX
S5Tso
t~[@a
*3f8G
230216235959Z0T1
XR$m%
tZj\V
c4{j%|}
-lHn}
?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
=n&sq
L<3>M
BR2?$
@q-cy
6"70y
'~Kt9
G/,b`
50=Dg
QBMp?
;[+VL1
cR2.[
v` &8
y-c8r
C41z~4k
_jlvzyxb^
%gRi;
2#5o;
\10&7
2RZp-;FF
D,Sn^
\ b01
|g7bXc
:N-Y5
\FmT69K!
?&1nS
V/)6u
k<Or[=R
;|i(=j
1pt?:
b1^I08%
NET8W
iX6.I@z
6&OWD
^Ib>g
}!VwR
#+RcT
Vdq W
dH$Rac
0bd\X
0iqq"c
!jg?z
AnW/Dv/
%='4>
JK-Z)
U=W8l%
fvfyFd
bNzS1
DXhT{
w'w_l
GFeO@
ea||Gs
NP\Z*|_
<$pec
[~GG5
MoveFileW
http://nsis.sf.net/NSIS_Error
A=,sr)l
(+/XA
KJ\<2Ch
SN^8-
A>"?Q
,^+G_R
"rqh:
WKJl6
my^/B
R!#3J1
L)&UU
AC_/9
3XseT
lbXeO
sJ|%[-S
>\C`A
*w$x.
{"vdw
}rA@I
IEFNlD89A4/k
M5m7v|
pNH.~
P*4[`
XkLYW
Fs8K|
O%1Zw*0!O
rvu;b
%YHDX
sl2?$
kFoU+D2:
GF[+v
T)Y+f
-a/Tz
Cr_B46
Q Knx
z Z|t!
)]@$2c`%
!u4TQ
#u17d
1u:|tVQ
/%LK(
,k L#
_cy!U
wg~7Hg
9Cb<]
Br7_Js
kkW8>
9-HgE
fdt]8&
aGyL,
)`y'M0e
rR8qC
LR40](w
ua0]OF=
XhV<q
'\>k[
r=]\g
./Jkx
!1%O]R
[JN?gZl
.?Jo]r
#0='v
>*`Dg|
@D9Ic0
Xf_MM
GDI32.dll
Ckp,A|
@SKgWiuq
)'9#b
[ycHs
hJ*)j
efHrqRz>
LZCkR
TVJXj
CH0Q<
#i],XR
A^3C&
%4x)>
sd<|S=
; WP6
;ttC{
?,(u`
*zi3o
Q1$jH=
wc6n{
L<>5He
5y0_s
Gpfq'
]/w4.tn
%M.7V
gc\f-
3}pXQ
8KKaT
|u.H#
)^^1{
IHTi;V
ex*O,
_P2[5R
_`f]8+
u:FeV
>n2k.,
6Ak0\
XU_^RL;
'jD?
1lb[k2
@u!G<
{#d-'
[UISaYNd|sg
J!NyeyMz
:}&!.
1lW$|
jRa#9X
O9U@}
1uj}v
Gu6:Zs@;
(h=,9
]hz~*D
wpq|`
Vi\>(5
U/kvv
\QH:a
gN3hlR
YX%El
~(T)5
Opg"m
cWEnl!
5rL2x~
x5}0E
>!]@j
^[)}]
*%4r84Cp,#
n'DKi&
Psc=2
R=MYBe
P}[.q
`vx*F*
=c'Vg]
}/Pd#"
txq$u
PortableApps.com is a registered trademark of Rare Ideas, LLC.
)26>6
9sskwV
y#9gbw
GetDlgItem
>!|kg
Tl!+R
e^zM3
xG!"i
y~SYe
q:27G
'^nm.
2-{Y1
//G&Ijw
m*JpH
#1V*S
OVsq~
=CL`u`
<4*F:5L
Z`ZjQ
U*@\B+
n@RH@
D`xc4
!This program cannot be run in DOS mode.
PGCTl~aD
h3&hx
x1"H,
N]VK]b K
Hb0rE
Es fe
@;>n3&
8CG9*
RL)9~J
R^g!2
7<"wgB
,7,,C
cybxbq(
FhUFV
)vwVi
zZI|i
9[(MM
Lam!0$
mVF[6
Uzs)K
"Rr^R
JZJ!5[
hS7fz
%Og2fp
n0PPd}
uO5lU'C
,[>g-.
p+^^O
g)q6X/
8n*=3
RegDeleteKeyExW
T*.:u
Of"99
=vdqH!HZ
>qnTH
"v* QM
22<7$
|O$TE0
_:{(*
#Imw<e
EC@b`
fm)vK
m5flV
!Hl>\
ANrS@.c'
bpqsp
d/_8m
v~yme
00&|q
Q}L' -Gr8
Ib!U.
x:JsR
O|s'q
BuQ?#
c"xl+
kP/BU[
{uGVmDC
qya8U
LSYrr
`=NJI
0,K}o
Nakt-
>YTT1
ocE.1w
=RL(Wrb$
m"Wy*A*
Translation
qf+}W$
vhmlF
Bl%,k7
sm+|y]
5g/s&u
?5}/N
ikhYU
ccl[,,
\M&Ha
g?t%K
nF[b=/
?Cf[?0
CqOS/
SIF0i
"T\-q
4(]<M
m-REc
__EBa!
=z$),
92a6n=
ox:dKO
cp6>s"=
rRj;B7|
/Zv-D
Y=nx
=)a&n
8}}]\
_D@]t
VpP-)
Cz6BU
K0xxYt^V
zfN0aX
{~%+,Z
-dl?>
N<.M{@
u{U:t
;f^cP::
sr0D}
# ))y!
piK?:
)@~EN
Zy(dX2
D>Fz/*
@JPhn
z (j}
8Bh]HCE
=m1TH?
I1i4&
iMcqmI
_)=(e
bAa=P
VF)ctCV7i7
a: \p
W|enKK
^tqk2&w/
G`|7{
CPEYO
nuF:W
G4U}|
o!zT[
e[hML
#SiA9
H!a>A
^t)Q<lwXw^
JPEGViewPortable
qJvly
Lim4*
/+ZX9a3
@SbW#
-2%<C
Q+]j\
Hj\("
2+<.y}
B<c$XC*
EURN|
LkvYy
mq98hVIac
2sY+F
D)$I/,
PE#sS3
7(]Z-
O?cAp
EpxetC%n<;L
se~u>
`6jXXG
i\.L,
!(xd|b
o#bh#F
3Z"Cv6U
WdJHj
|FlL;
ydrM6
6c_$V\
Ktxu!
LuGg*u
:sv':
pA!r@
yLpey
_itjU5
b8SDdS
5!N!Ox
1?Nqh
J$~fm
qmP}:P
q'i|0
m%JDg
wvB4*Hc
]!r'5&
281231235959Z0V1
XCD0C/
S&;{]
gu[m;YJ
?<#@Y
8*lBL|
{"]cC#
]C"{b
o*lc.
Ig<J/
884B=
^6EV`
["RJr
u:7eru
5:xL<A|
XnGCLn
](vWkn;
3jyYE,Q
*mz6M
>RN~j
IqhWC^
azEIB
8|H78QQ
$2`]k
?kwY|
?N;jHu%
T#`r<!MW
{flL0
%USERTrust RSA Certification Authority
QQoMhi
^f*nQ
F%SyA
:b9 O
36p6:>y
O6g_h
UK+K'
a&6\O
,76hk
q)CHk
/mvkQh
_5#xg
w{x!O
}e4#_
#RFfo@6
:R&{_
4\Vi'
2Adk
&G]~/
p[O3Xl)N"
@KVx|t
z%+*T
EndDialog
$f$U(
GXq$}3
K*"BVj
Y.Wfx
$E_SCA
VFMLmq
aLs|'
~Dzatd
g9y3&
5fS8x
j*/eD
d0BzX
IW'gh
NQ`mA
Qc<|=
=CEAw
{ 'CG
z0``p6
~qTXSyF
Y7T=J
P2M^X
?z`?qk
9)|JR
:7?o
e|g:d
:3 i=
=oya p
!5u,xQ
/XS"65$
rlRVb
xjD<b
-ekDXIQ
?\x;:S6o
, IDJ
6AH`J
6jPJq
<m\QF
r_N#We
tMoRw
Gq7]"
nN2;6
H"vKn
zn8td
NL<BB
zaA.s
o{'`f"
_gO,Dh
USPK.
<,#PBN
0,[e!
LO\7n
DM,3S;
?;A>#
verifying installer: %d%%
mh=kv
U{tQV
StmIU
Lg>X`e
Fl#&\q
?Wef3
H#hY`d
GSkI<
f,MA`
Vh8(NZ
5]*<Z
<<Mn\K
21qw)
Iov-BL
}m'Am_
3Z}xwu
w'0Ty
JeIkk
/tzdP
GrQLb
ihEdg7
5"{<]C
>DX)w 5T|
R@jz?
YG,Z&
pua,(?
9go%k
nk$'5;x
SHFileOperationW
^r%2B]p
3fboN
"kP0
.X2\7Q1U$
AAkyi
7cyAr
D^QO"V
;~*/NQQ
;EyNS
kcFUg
iY=$J{yP
:w=2X(:
@P(g;
F(2 CT
;UAi2
M^>hr!:
dMb#P
9k{=i
D5B}{
4A52[
^osmZ0
&>p`9
uj[hH
sO2Hn
GetCommandLineW
7\IE,)
'!;"00
#j7Av
x"|o*(
ntQsV
Q#HIQ
/{[Dx
C*]G>7
m[D'h
bqyee&
<|m[o
2ND4ib
H(r4B
S)5Jw
%9I'6
Pds:q
>.@._k
TtQr|
>1JAz
x;h'k
]93V|
j:M-u
QD7R(
?5:.)
x"y@C
!U x(Z5
k*#>9
bwB!|
Wp1VVJ
<F3s
u37km
L2PMz
e^}ZM
CreatePopupMenu
mA5>!E
gTrFX
g3!8X
FileDescription
_GFOpu
WT^RI+
<G{;~
WqumZ
smnEO
__fJ0y
(|R+b
l8{2'&C
j'_FtYDk
70a$>
|#c{s(
J+p4M
;f89z
n7m{e
]~C0(/
K/B/gF
mGe1!
%i]<T
\[#Qo
d18xc>
k>:E)
b(Oukj
~@:K"
$iXMy
BX^bi
xM)@]
54&g<
<h2jX
7uM1b
aqOW^
z`/&9
N}6Tn
S$by5
T[Xr4
xleUQ
u!F|Gs{
ckdac
SetWindowLongW
>EP~3
H@j"-P%kU7
8a/HX@
,aoxot
GetFileVersionInfoSizeW
*`wOj
$){cy_V%bX
]czSH
9_ 7l9
#<]qD
aof9X
*?|<>/":
G:5?3y
fr1.5v
.2@$a
Nz`"5~d
zD~Mz
[IGdUV
co*O!Q
@x8zb
nky` Jp
8BE)m
GetSysColor
CharPrevW
]F[N>MN
415ML
2S?\Se
JN[;O
V&P/'K
InitiateShutdownW
IYAL\d
dv)%Qo=
wUvwm
jyx9[T
}e*]y
L,)I}
T,t,?vEY
H+ )g
->1,f}
';X_@
'/Zqs
};Kn[/
, '-c&
NdE1yc
!+UqP
dUhfWAf
I|EHX
M|<s8
^O},
rll=15
'SRxEk
$u~\fg
e[DJv
M~QmD
znIMw
W,xI8&&<
\h=;L|
heIDK
SetFileAttributesW
SetDlgItemTextW
E?Ll^
:Jgb+
gD)i+r.
tqo]p
-7kV,
GetModuleHandleW
Xg,zH
E>~"e
Rf\Hg
x#8]h
+j<1O
Wr}x+>
-z%hS
k5`6BP
:P!RQ
y,"]}
a#7E/
nO6)X
~<7V8q
S~hZG
(xY$PV
cpLCo#&7
7;!6e
L<@8V
UT8q2mM
1G*%_@
9`Far$
^6*#u
}/u w
:Ol@7
qJ~$z
<`w~G+
4t395
6]/@0
$Sk"4#
?]3gH
kqm"~kz
9Je43 @r
tFkG5
IDBD $DQ47
QO%7@)
+\.v'
@o1';
h>tv/
z>m]VUe
\QA>r;
}$xo9{Wsf
\@Kw}
]=vVZ[
Sw"h5
VIH3
Q3rPdCJ
bLn;m>
jt@pU
!:5<~35\
R[\7,~
SHWdO
b*U<;
"o8yy
Rz[$z1
gF\_v
l(0Rt
KD7pK
RO@RSp
^qs;Z
CLtQrWk
m ST]]
[;lBT
CJ.[#
@0I!u
~(|&?
sn[GLj
{Hqih
nGl9\
P;>KK
0cUVj
IB/8Yu
}l#tRT
)eZi\
scnnmmt
rEIsddX
hMi;`
C9#$U
`#9!t
H-U;B
EMd&~
%G|CW
h_yf[
}LhRk
MVo<bu
N)OLx
TlAhZ
nB2y,`
lstrcpynW
u!MNL?
[&hsAG
X]L;.
=)C%J
@Z ox
6/}'f
E}pgT
J {)&
/S\c@
'>+p%
T|al]
GetDlgItemTextW
g/YB
uO{)N
Q8S0u
aGM]?G3
duzN'+
`}\Ti
#2K)a
I+9bR
9VOhY
c9(\b9
BEGZ&
?9Py"
''+hC
k=2O>
xfA#p
~f8Z}
b>2qM
tWf="
(EEx`
gXX@U.CK
udN|fV
xdpN%/
h|:rD
-|Gpbi
v,*M,s
niM48KWREBm
0AF1)-
m@*xDx}I#y
MessageBoxIndirectW
gvH+{b
iM`5:
e+aIw
?S1"k
qX+EX
More information at:
g&/.!
AM:Z/
i>A=e s
J_!BH
_,|`w
<!I>P
jS+8'
D[lEG
&Y{C*
"~pel
DAQf8
WQ+kM
}!mCL
zN&BH
1+}/05
<fKIj
fLDmh
?uT!=||*
0A0Dv#NJ
hQ[y{
]46ak
,~JaqJ
pObwbO{
_G'}X
z^SeJ
wy[:
"4MgMg
5W8mD
99ZrAtc
Y(nqK[EB
H.[)\4e:
dCR|i
5Ayf{
W;m~v
zNTk:
9F*L4
xO-lR
,Qf7N
iSmf+2
.mU3P
=^gIMJN+
|]M+2
SetClipboardData
LXFed
9*PWk"
ed{P?
`Z#y)
2IqMm
j^"^]
]Xi9W
/(bq9
/@Va%
Vo{(-
*I@14E
R15ok\
*PBx9
L,zxq
`%MNUM
CreateDirectoryW
v`c}-@
{5UKCF
rx/*I
+%4o:
12<Z"sd
'wWhu
Sl9mhi
"Sectigo Public Code Signing CA R360
Om4ar=
F^YCgL1
C}vx%X
}4?=G
y_Xl6
2J{fI]P
p;6ak
OIp^j
:AYHC8
Aykt=
BfasEr
fG>)4
;Wno'
NZ&Ty
+ycvh
E&`^v
Sqm?>
YAHRqE
"NjT8
u,MZ]4
n9I}W
waZ>L4
@uZx'$
8DHL`
#qi~O)S
&Xo[K
V$OQn
M.Ud"]
\xebz
HC|*}
?\!HG
wk$p/
51|pJ
q,Xzl<H
-;(hQu9
i^".X0hQ;y
`DMNc
jUx<Y
.&.Ug3
VZyt&`A
tP(WzO
ga0NVGRq
WF#Jm
{1dV5
/)pd]
6DR2r>u
wUBMq
@.iX>%X
&(9<>=
jzOkT
z5SOn
~rV"]h
1*&#X
eymlk
ZS'*E
m6Lbm
RS0{QD
X{>9ap
a~NEuj
VK@4N
#EBIr;[
|c!;(5
n"*y6
M8cP'
T Fho
?!&dsJ/0&
D;Am;
O&'&C+
>~}7G
2'2+k
Mt"^:
0_Mj~
xBDP,
{}\&[
YIu&0!
O2^ !m
.DEFAULT\Control Panel\International
>J[#w
@TQ`,3%
GO/Jj(
97(?86I
=3oI.-
HU;Hr6
lstrlenW
mT_gw
}(OqSc
p7EP=
-36Y6g
Comments
#ET9G
^7m5W-l
/e%H2SVSM
l/DYJ
Qq3}U
6d^%91
Bj 9;
Yd>\_
,=M]!|
o;p\O
Tyzv\U]v\n
K8ZE=
nGSn'j<U"3
wig&S
\8:Ar
nCSV]
$;K7$
U_>fdV2
{)* AO
GaLX1
SetErrorMode
&&7a]S
<[gZH
2h#do
D=J/K
XbKZ=
4#!yx
Ak78-X
4F9&K
FB*GE
k.&@h
_A>VS*
@)*%z
&L{ 3
8qRLJ
3SL+^
SHGetFolderPathW
Q)B2_
h\TqP
4NboU
>rG,M2a
X4V=c3
=cVG6
9i;e)@
<Yh!-&=0q
LY-7#
{DXhX
544S$
b~y8O
,l*4X
KiT*t|a^
sKqE(
(vso3w
de#DC
2h_tT
JjQ(W
K8CxfN
?q\:f
PV)lGz
w/`Zl='
K933`S`e
:&%`A
Jfk5
]n+Yj@ud
Tb%RQ
?;=w$#
;4!Bol
Tw4cl
R-yX8
EsS{b
57tk4A
)9A55
c<fk_
v2yI,(
MO+R*Mg
#cB[?
{D6Ium
I=69
!YhLcP
"_` `
LA96y"
VERSION
&`!vb
K2M[^
K}ZAn
Lo~EX
{(<`H
ftVTRn
uyg6T
[P,'<
cVNu[
>m&>qj~
'zlL{
.V%n{
M0;}M
'I9vQ
>{EI(
@l5,X8
/Q<wzP
LE5 ,
D?r-#.
xtFsg
mWtJ$U
D D>vX
Tf~k4
7[>0-
uZ@Xz/9p
Yo'mIK*
m1B^R
]nbgULIU
Mkb"i
A*(a)
F7D78
4>=~|'
J@6.Ms(J
"E;<
]xmcS
Z(#Ax!.
installer's author to obtain a new copy.
L?64=
*}ON\y
7,!di
fc7Mc
|ZgG-
#&\/h
?CwCs
f7\Bf
d[t@@
Nn1NX
ADVAPI32.dll
()GN+/
$A~=Y
HMFcVG
y59 gI
pmT*Q
$6G"q
$&tf`\l
'$0K7
LuFq=&
[7{/r'
Wh;fg
qsDZvPb\C
>\@A[
=1U&aoj{9
-U5JL
e{1_3
5P/`g
k7Dp5$
JICT
P{7-y
-e-<s
rkheozW
Gg.6nD'
a(5<=
jpSbLO
"`48a
ZWqVg
yvPrV
uy|ZW
*HD8Et
'-fFe
o}=Aa
]Er)[:
ifh%"
rUIJ.
R7[YQ
VY~)q~K
|@)mj
T:o5Z
&1pf!
90u'AAf
cn!M@
^0]jP
VZ*p&
=!]L.
e~Q}m
N"C{\
d1Up\
y=Wlm
fj\67K
Dt)*}
XrA2+
9/JF/
'z7^)
k&,7{
V"GyO
ShellExecuteExW
"`>:>&
"^,&3
2Ery]
N9XGAk
>'7Ie
JjriZ
WWWWjn
>KMxVv
>PUgTv
w8AfP
)$ 2T
cHLG[
wh`YV
Y3}fpDB
D,f-mb
3iL@:b
H7S7:
3ey9_cU
0/Fm^
^&k:y
6jTP\
Y4Rtc
xmj3`
1DD4`
D$,+D$$P
++@VL
iA4)-B
JqS%<q
`TY("
A^=(?(
kLbrf
1]lBK/`
?PObE
vX7NV
ZCzhp\
gkzI'
'gn^g2
|>f$Z
((L0,/d
SHGetPathFromIDListW
w/Xxo
J2%.l
3i2T)i
m&Mb9
C5,WW
@@\p
K;E*Q
ofD$5
GRWkK
c|in+
2n=zg
9"Cg*d+y
m:(M~M
J![v[
f2_EL
0 )kw$
3|#cX
qNPQ+
CC=/3
Q]WV&
:QpD>
A5M,1,
pYGzq
b$zU|
t:]Q#7
K{?a2X
~2+#D~}
Rare Ideas, LLC0
_zq5y
9/iorU
w_|6W&H
',+T
3|L@/ekQ
@<Zgh:
i~|)]
\J;;}H
s|cGp
E]l?B]
`\+%qF
:CnlM
lstrcmpiW
^(,2Jw'
W]~Br
Q)5pV-
p;[f+
M$NRw
4c^6`1{
.$K>b
x>9_p
ADVAPI32
NGdtd
w<{ y4JU
B4@;j
K^9@RV1
LegalTrademarks
<*H8\
%0/5/IT
(8XErhIN
22{@}
+5J5k
2@S"~
~A'dLRX
D=,'7:e
SHAutoComplete
t?|HPh
kxP{r
lq)-31
29=-_6
K88%l]t
);AU3|!iJ
Q@-i%
C"-cu
w:.vtI`
FFC;]
53l+
1Gb?e
ReadFile
B;0_G
g8/qW
+8c=x@A
RegQueryValueExW
YsPgx
gcG#%
NulluN
-]u4h=
w1OR@
D`.0t
DrawTextW
rdVL^
8_0JTr
A{]-{
&hjrB
AO"Ys
d*f14
8beU7
;6qQX
_=`O5F@
y$&!+
_@NW'
\|K'K
,Eu+R
mHLu,U
=T>/caP
<uGEC
:;coAD
6]`:d
GlobalAlloc
PROPSYS
/'kfU
z.<#e
4?\2P
%bFvp*
vf(E\
PSu2{
?<!PN
6~sqB
r^^hn~^
u4e{:
2yxY%
w8;]j
HK2KK
8H)Nb
fq"O6
_Cj;6d
U&>^vGs
\dn%&
-V'$1
Error writing temporary file. Make sure your temp folder is valid.
|MI>i
SDgZV
FFlCx@
W)~F8|!
ft_5ow
=CDX%
CANHH
u]Z+z
|fGi3
v/fz`
J0M1"3
>/zBl
VSX\il
Nn S@W
@)ZVHS
_G;DT
$,l=N
of|>s
[TZ:%_L
k^W`g7tkc
&LjRt
$ou#o
6&V+(
.X>!h
OI|oR
N,(3H
sSn}y
wnwFi
\FtiV
o!':k
y:s9LL
g\2&v
HFA(6X
XAx-/
w^ZH=b#^"
~R6~|
^*1c!P
wo<S
[qNr%B
E7Q[1x
vuwYc
Aur^b
j+yAv
L^X9c!Z
PZVibB
HT4sT;
i/;PT
kb*qjL
uYN}E
7hiuU
ZLV1]
?2<H#
3^",9
me34p
U5VC(
b`hW5x
4)Jz_
O=Ltt
JP!Bz
%>$FZU
(<'VP
IB~wE
Rb`>t
g0A0|}Ewn_
`qo:G
.<%?p(
Y!R[<
0Q{M|$+
A$Z2%
4t-6\>
rV$Lp
bv|U!I
n,D'~]
^%^V"
-r( !9^
)cD&2
M-Pd\
V!gz*
+^Cia*sg
Xz)&s g
QRn`#
~D;LGY
pkXuZ
HEb%eK_{
SetWindowTextW
:z>mG
wO[@jt
/1#R7
1K(+H#]
-ou@vY
a/#fU
]q9i(QG=M
Z,a~([
HO@DFFDD'!"
{p\\P"%'
1zK}u
$h*(Mz
EnableMenuItem
@<m3K
ewEIO
Jd0bO
Nl[ud
2sSY'
3Jfx@
owgEoD.|
{7[]6
>pILR
;SG=Q'|
E"5%3t
ole32.dll
iXnr.
;Crg:
;,rn$
puCIr
/@Wd|
kwr]{c%
cfqSA
~2hk0.^]
)0x2B\J
w5'*$=
`;3YU[
[kKlo|A
-!%M5
GV%wK#
(*GdZ
fho9\Y
jdOj'
NZlWjm
GlobalUnlock
xl84N
t+a]<
YyyIl
j`Oue
hN25V
PEh<M=
"SYsS
p(J\"B
@'yobg
_=J?o:
fWI}WN")x
D?.]4
#iV`$&3
UtyOBP
tV??,Xh#
rLes}
n9k]+z
mSu@)
scpiB#]
8@9T+
D$suvR]A
UoR4u
5W8Oe>
NckNk
!%r@C6
o]nBAU
7}ij^W
483`kby
OP-(}Xf
K]8.)l
>A`;|F
+xa.U
hS*U-
N2WUIBIikK.28
3P3Yn
Z\rMM!%
`Qr![
sn0Qy
;zaN9
A94vp
wNVZg'
ml%Uva
b|ljy
n@?)u
|0{~l
~d`4F
VA:%4
xPKAFKA
SP\P@
?/&B^
q"AtV
LJ'VqWe
bc^*%
Tg)HK
Oy25j
7UO$_
3;<0A
7}I(
fj@P5J
{Q?!|
j9.fz
yeB*;
CHiQB
K&0_^N
=5"QN$
Yo~Z/
%Ehk5
51\o#
%L|A0
S8YiW
B=#$@9
9O9,D
?5GT18
P;%UDG
ttU^F
y[* u
vkYq3
hc +ML<
HeWFE
KERNEL32.dll
n`-GJ
Dp/iq
k0.{b
T@9Ac@P2
ZCc)g
R @,"
\[jY)
hw#qn
sV-.X
!hni`a
3b+{N
J1G+@2
3vYx:
:http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0{
n}B?B
%/=)Ma;0
H)2]y(E
A.f.I
L):M(Z
i$^Q%R
ev/oOG
~E2Cd
8<M[0
rVOs2
C=1V;6+
;W/Ix
4\x$N2
g&C[C
H'Nd1
&Vycp
V6V6Z
r6|kv
QGqrI
Xr+rIncj
4p\8&
O1dWj
$'@ Z
h|#Sn
kS7L^
PdgjlaR
D}3*4
"`ec(
Vj%SSS
9,$kb
$%i=X?
gB6m{
SendMessageW
6QRaSLm
_w]Jb
L4#K#
SVWj _3
`c`Jf
[/!(X
nU/qN
'gFoiW
hLh1?}
S<XCz
;HJ8lg~
lW_tk
}D3\W
,/l5a
K=g45
{E\,71
L=l9s
00;1j
Zs8]I
~HpP]
}"VlZ
lf9HH
vnv}mR
PNhUi
kuG37
yS6LA5
no*5-F
1kyJ[<
ew"",
%`l'=0t
&E8KX
"rS%B
S0ORf
IsWindowEnabled
b9>#j
*FQYGfi7-
xv}C/
sNAaJ
)4D#yT)?R
PF6e{
yxk)}
WTR+s
Wn=CW(5
/>9V"
AOTE-
Xv<ED
rDaQ'
^rP?
@,Z*7]
AT]~.
%qx."
)k=\MNZ
KboCT
`i$!,
u]\kQ[
hF:n)
!'%V[2
JSJL&Y
Db _a
FWFrj<
Vm[I(zz
4q7;o
V|HVwz
>UqI[v
FileVersion
7Nm:1
/fn&*
y!{ux
bF;!R
KT$(%?E
Rb=DK
b\k.;
LqUUS
#)i*qt
QNSfef
~tHBY
V@^>z
f(39bb^
0=HET
c@G0Ln9'
U~mYO
!+VYpAE
&>WRr
96@hr!B
@m-6\
m-^6'
}0*qc#%
f6~Y}+
^D/2|
yM.[/O
}ad`&
Q0dv"
#)"v>
D$$+D$
_7GA9
jS}Ajbt
GiEofX
)+gi9
(r'pi
m)?oW
hqS0o
`#j$z
8http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
EJ):z"
w$=~S
j=JE-
RyZ:e
~sH:_
CheckDlgButton
gvpYD
1-RZ
T)M:X
Bph+m
@i ! 8Y
9nM603CIf9
ty^31
G{BGO
l~6"z
Bz=1I
&N.H4m-
9=8gD
DeleteFileW
o`a46
i^]eB
NTMARTA
k9Z{Z
bDn@I
ozoS^
InvalidateRect
=2=\Q
jU(00
Z=mP>x\G
>dR"H
24lwT
6Z"|C
h-AXaCv
Js33p
K;HRj
[K$V6
y[mmRr$
?l Vl
b!5J#
8tZ8t
<ET%K
l%*tN
I3.{.e
c)7nM
u_TyZ
B0@0>
^@ryP4
aQiP/^F
N_Zt: ?
-(CnP
^p94Mf<
j.L@n
6T J!0
k_rj$
*p#6<
3RDqlzt
CCKD}
+Aq*%";
<-xuWi
@8?zU
JYspE
;/BqR?
Hi[FX"ES(N\
WH0&rV!=
iLG-o
GetDC
C/[_bVunA7
A&l%a
wgkLk
2vMM`?
hZhl7
K@fam
;8*wEZ
D~eR3
FindClose
f`7|Y
q#x>c
MulDiv
p+$O?
)4OQ=
hAw[:
X%Q$"
+MQd+&
e}e}}
FNxn>SZ
hm7Dk
6TMiLl1;
Jgi;*:t
*vj)@
o4M1>
c R]>
RegCreateKeyExW
f.`1[a
vX95h
dz(UL
|;6*4
s0hYBE
s495
\;o/%
DJ$ -
kQFQL
~k;-(
SETUPAPI
vSH@al6
0b>c\
vpw/}
hblhn
&LlhV
2DJ_K
,OWza
OA]]5w
<0:08
XU!?~5
qLQqT
2A&`J
=7+1JD7cRL@
;JNG)1
_OI+!$
@:l)Ti
EEu/'
WwtC'
Z3H[6Q
|4GZ|g
:m+M%
WE^y>
I9kv4
k4U2/T
(>pRj
5r_h%
6Ib?n*
CoTaskMemFree
'j]j&
61E<m
1RAfB
RV-;U
^~h{$5
z4!(S
DcGWd2g
c2Qg$
xMK|1
DKN`T`
GetShortPathNameW
M;#=cN
r#4&?
K)W/p
n]>Fz
$f"UT
N8B)8
a.Rt%C
-rD%h
@Af]WY
P[37.
y[4/-
*Yd\`
2R|8Ti
F2fUv[
"vb';
\0>vW
)l4]1<
ie51P
hPS~?l
l)3Q;=
%!R@r
6PwK
s"Q|P1
0RrBGm}gTR
s*N?q
OKJvU
,#[<r
qk`$K
g,MLCMZ
P$/^-
APPHELP
746!%%A
SVWj"
o$$)d
CreateFontIndirectW
rAYfo
`E@g[
9%|r>
u/58j
$9j?!
LoadImageW
U}7Y*
ishD\
<RuNT
}$fE7
Np#Oh
FhM=/
p;.yi
L`~%C
uG<DQ\
#H" 7
7,^v!
^/N66
kF0V$
ycFh<u;
T<)lM
Tl=}<
dKSYt
|vEQc<
(JwJ`-
@Yxnk
&R+2iNh
68[>j
6=Im>
ECC+,
)2*Oz
}>Kq-
|^UP_0
dBATm@
*6:me
}qUN[(k
ScreenToClient
uoQ:pf@
z>93(
jTryf
%s%S.dll
1zmF^
I1/w"
'>QV5`
pwD84
*w4Oo
CWVWin|
FCK{YY~
0Hq^"/
v+4mlLf6HP0
kem\_Tq
={|]y
;/Ac(
a+c*v
<~xU0
ProductVersion
x5LJO
Y<gq;
v8>@L
@V8{R
%h<OMUfA3KJ:
+-]q8<t
}; (I
9+|iA
A&B*m
LZX,L|
}Wevcqz|
RichEdit
^W^ot
m#n~,
=A9|K
GWH4BH
%Ea_{
I,#}^^
@cy8t4
N"jWag}
^iGGf
cmoVO
e)uSr
vLMm&
HJ~@L;
GkcPUU
uqrQd
q"@sJf
qSZ8V
N%J!B7i
?#0$xD
!l|]R~!
X*B*9
mmCu}
X8j_.l
!n#Il
J%`m`
5"}iB
?9/@2
9dIfE
ZK\uH
tnyU6E
BW9 D
:b2E0,
|*3iz
[,+Jt2
@g 58
e.9NZ
U$Rp]E3"
%$cA,
vQF8h
xB>By
{MkcS
|7w%o<
MiagB
-)y'XT
56$x7
j9YN
5i!#w
*vu{n
q<n \
y{iJu
kT@=L
%vY`\
N~V]+
220313174133Z0?
88bKC
*)Fj~
\]7/y#
7lx ?
Sectigo Limited1,0*
[r0s8
'&kBeRA~
6F9L^m
s4R-T
a~G??"
5fN26
0Baq#a
{bK~{$
(#toW
%Fd`B
nH(>5
HB/=?7
d'4sH
3Z<R@
Z-yMK.
*Ujrj
REP~Rcj
Hm.iz1XL
O@ntBz.
ud@&0
QO{K(
c5GpD
#G4r95
*wX]YM
j@Vp+
w@K&I
j{Nuu
q~l7Q
T{uDW
~4:1K
EYLKq)
`.rdata
+)6l!n;
ytE"J
rQ:W\
;I*1:
RegCloseKey
JAr=1W
;FhV+
m59VN
cSo&zv
kBha
OF2l*
O\fPEOS
j?;B08
zT|1(B
D`j+P
WL*8/
3(NK3
]p#ijm
9:Oi.P
@3x1
\e?8?c
:+3}(
&}}$-
Rare Ideas, LLC1
?p$1A+
mu*G)
`wPo.d
$*.fA
/.Ka6
Y|TCP
5VqXZ
ebs751
m[aYW;dr9
[B/r.
NpA=e8
K+(PT
W2/Y,
R(5L1\
Zj$fD
*$cdew
#x-Au
ic rT
/QP3W
w:'(q~
}Ths/{
Q!/$<
8http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
b.?8S
ZN=8&
9P8-0D^
WritePrivateProfileStringW
pMA5R2Bbr
3xy:k
FgmOJvb
45w7n
dW8oh4
gl~$>
ci' S
AwQo:
E}Y"ne
ZsfzXL
Fsx`O
CF|)jb
d6;_N
yz)n4
Pb/@^
H'%v_
T0(x%"
New York1
8?@&:
CYf:s
lx@-x%
aq4j"K`
KqX;
SetDefaultDllDirectories
D'38L
=lQop
?(cU"
8VB@g|6
-i~b8
B?I;@;0
Vi2"o
iP9Iv
)i+*-
22Il*+X
gDQ;U
%ls=%ls
N-B$Z
vRo6]
C0A05
gh%P0
f5y+i1
Lucida Sans Unicode
d|~O%
z7fq2r>uv
U*8BO$&g=
SysListView32
$jPs\
amu..6Ju
;2/NN
BFRsk
R(_5
7e*s!
jN(=v
k:juK
]2](L
]gQlt
r!kO,n
1[$n,x
L|Fj5XV
~^V^U/
DKr1_6
a$k9D-
Y$|*P
Kz?#j
sdx$6
CHFJBCL
d+yYN
Kk54\
B8@'kh
bj9z_
J;EuA
cPriS
Wsk-_
+l7@+
d5mbA
4iKt`C
ysP&o
A'xO^u
4ugk%
/3^;g
C;=uZ
CRGz|
lvqyY{n
4/xth
unpacking data: %d%%
D10S|6
p/XIH
dkBIP
ew/\9i
Nz:JdR
]u[-.
<*IUS
Io\J/0
]I L0
3P!IH7
;RXWc
Ng{h(
#q/To
I6u}^gY
4}B>z~p
OB.mjEi
}(s/!NX
ny%3T
;kMIx
Q:+Rn
8JMV+G
CgQD}
O.=(c
F_b?!
K[srs
W|ZH@
03PO%U`T+
MoveFileExW
WjF ;
PFPS.
f1yTupK^
)C^/;w
_J3"M
\8V1D
){D]m
m(m`~
N~pw)
LW0TU
- /wW7$L
E<'M]-U
E5BNt
bkv=t
%NKWN*
5ZNsc
2@DT1S
H$YB'
0z?^K{89
`6IMm
4<Q|z
8+x*=
rd/odl
aE.XP`CQn*
e<XLK%q6
_oy<9L
+aSW;
NullsoftInst
Mj}i@
#Jp.K
`4^$
tSAl4
4'G>eyw
'_$FO
g|60Z
S:2i}P
TF&O/Y3
V]t<X
o#A78u9
RMMRIB6
_GoO(G
{A|Jl
I0G0E
]Cv?.
n 8HDT_
]ypIg>5.
>$FV'
B /[!
2djH0
<)e+0Sx
P2.BW
|Is2\
EZBe4
^7VZ2K
siE.Hi
201023000000Z
gdll2
5VGQF
NJCjL
;rJOW{
$SNKO
-05^u
cv('(
V}d99
5TZXt
O<B>"~9
xtpXC
dOQt?
i]KN]:/~S<bN
sI/6"
#(/&~w
\U^57
Y\ vp
r~Hg6
[FBvy
M.=kO'
9'4x*
KM>Nk@
0XxgP)
S3ZiI;
w13a"
6C)59p
Ib`dw
fW16S
s("@$
;LW`@
Mvie1D
WtL"u
RNg8B
k`x>kA.
?%vps
vJ";:
:OP]x
!x=?i
U*J-x
n: DG~
zIpl*
*U~g?
{F.1~
/P4'i
JPEGViewPortable_1.0.39.1.paf.exe
{q(p7U
%;0fJ
!h_5HF
CKk6Hl3
I72$o
n~Rcs
Z$6M"
Kpce>t
Vy5(S
^mxH6<
(g6)D
{!]4m
xB8l?}
,iqS
Ed`!z
.j('z\
13a,l
-1dp0
F:x]%
c?AO8
Z"&]8
gx7+JG0
;sRUK
9)JJ/*
Bn3Os;;
ioeOn
c!xL*
o'-Go
>cL_,
Greater Manchester1
e9&F/
~7Wt4
Rnfd/
p3E!$0
#uB\.
r/>:A
`%?{o$p
t eLn
*xY.n
Hrz;&
t~E?Y
cI\v\
,LC$g
*7$=L?A
~5/w5
>\AQL
y!8+(
5I{@Q
QK~o.
7XLg>
|r/l9
E1%p?
e3p#y
*K3z|W
tcsgx?
3kF^S
a$2f3Su
+?lql
qK=WC
n~38`Z
N u/K?
:&{*6<_
1IGf^
?"SI_
-ho+v
3JS+x@
:fPl
e;%f1o=
}R6EDh
0woFA
13nL05n
YyK2C+#[
@gk`V3
Ie( (*
.CM[+=
Mb.;:*S:
".sdS
N03"]
,J]8A
r/0h[
)Zda'
8_>@x
QHhvK
7~yL@V
G$Ms'
LeWLBkK
.|xjr~
c:W61\
8'> +
OriginalFilename
5On6C
?#>m=
0_ |Lg
#*h.NH
kTLLp
R)&tPG
u0 ?[
)s|Q{o3]q
I\9m
KN@oc+
'I]/20
$CeLY
aUPDk
*z+:9W
t'Ll6
m5cED
a`92m
>tTF>
5?(DI
".yTk
\.UT)
[U$Y&3
GU^co4q
#P@p"
TDl*I
g3?BGX
zxMQ5
%YWaQ
K&O{]
APx.b_Y
vN]>}
^8Cxt/
39~2
EYg/c
YQG#X
<s=`:F=R
BD|LRS
9E|CI
LYK1YoZG
#Sectigo RSA Time Stamping Signer #20
H6KS55A<
I4VKJ
f0^8-
"iqE/
*h2=L
9T*N$
o!heWB
A|Zv(
R;pPn
N.K>)
b/&WC;
kT^\.
(UmHa
5h^K2v>
C}6R0
ZwZ8]L
v5}+]
@y|]+
w^}CB>
kysbp~0
Z+OBV
bR4"D
(WL)D
S\s':]%
jeG^i
ckR7_
USq%X
>P?eZ
<:;t54]
4P|h
w,D:c
smLCw
{Wk=0
wV8v;
-5M6 4
P68,=
bc]p"
p|HEYF
|&C}5
`:o?3
,*C.)
TU]USQY
]e{%0
CharNextW
0{E:e
D_2:[
> Q J
c3A%w
"<G&o
i%,S^
DT%<H
N7?Y9W2
*EcL-
x_K!~
m<zMD3
P{nlmP
Ywxbqzv
SetWindowPos
0E76@~
[(]Y(o
-!us+
V?mnk
P}e 5
5axLA
vp-~,
zl4@,
:vk\%YZ{
=0;09
F19su
Vk!Wv;
kIOIX
U\gTc
ohIW$
F"5-i
#tYD/
.4~7OG
E4@Z)
QR*o)l
VD/Jz
2yAad&
mv3M~
@_^[]
o9M~j1/}
QceBP
/TbCJ>h
Xj'^0
v\cb.%/
n-xA+
!gn\`
'Av&Q.P
czEO$uu
^Kz;g
F5q<6
#uw<vx
MDj^)
U._p+
(*^cCCk
3`{I^
Ht'PH
"k{%!
0Lus!
0L|.+
3K=cT
hyQ!1
F&:3`
Qa$vF
Bh83D
e'/T!e{;y
!x)5RPe
=?_Bxu3
TSfzN
^]J(&D
DCyH5ZT
'D"*?
A/>c.
)60QP
iSrTM
nmQ9NZZ:
$ 6@`
Fp]'<}
>BW'/
--Ai5,@
<({jQ[
R#oc4
~,E.ya4
URAe\
+-0~/
J<o $
)-m(j
KJa\y
Fwqxjo
$%lOo
PPzD.
-ypMj
?s"p#rM
{<FBJ/O/&
$-YHKk
abbab]\
T?q$W
(`e@xd:
I1KZCY
=>Y;$
5tw8g
xh4;u_
^ibu^>u
GetWindowRect
-M|g$
P~v,f4"
EcA;?
BhHOu
(I(TQ
1V hj
_ACEC%,
,/KPip
J_#CE
4.Lwt
?{r)D
8x@zhp=
92N3q
_n]!!
4$3(EX
r>~.F
o0m0F
L0!6F{
&s>tX+@
a!JAm
s<?OD
)/>l5
`$I@:
C'-SHG
Ol~?$
wF4-N
mx@s|
0]4~~
<Y/@k
x6><lEjL=
GzO1W
8>t`NP
6VFx^*
>YiHz-y
CW+,qg4
X%&B&
pxvn1
m'QQhF
|wxM,,`'
Ca/rm
/t*V>
ElKe*~+
0e8(4
J5@Xq
:p7`W
(=BjmV
dx`oz6
-d7WQ
Arial
dV~TY
'SG+Js
'Evw*
+OO#3Y
8$_^\
J{Ka#
I1S1J
[dxf\
2K@w"
9 (Wu
{@opd
l)J[.{
e5@B},
R/eAm
wl3jY2
>B%ak
^>f@ F
*`j??
"wTPD
^GF3J
{1!79xg
`\tS*
v^e|D
1ktTV
(!7X);]S
i3@+_E(
C^tp8
oTZy,9@"!\k
ccj<M
z%?/Dk#
gp33&
dj359AGVWd
R[T%?
)cvKG
')YTp`
JOKi@
SC+1q
bd&yy
>H)X,
bMSm5
^|D.Ne7
jZ(5bj
]PlWU
Cq\vi
QSKoCJ
rVOZ?@1H
@m8Q,
fgJQ<
6evrG4
CnEz-
PO7EP
B.@udL2}
:13H,z
Hq<|9PD
T|8gCr
sEl+#
g3g(a
>Ng+C
Nh'D|
%47Z?E
|~(}B
m9 )*=-[A
{$e/M
7jG*}
eoUzS
p<(yB
#sec5r
6nh[15
F5e6*
$<E%2
New Jersey1
PQ01P
Y-Q$T
!s)XG
Kxsgi
eR-a\
8Mw0R
mGL(<
SystemParametersInfoW
n^}V]y
iI>#&
Ys5dz
320122235959Z0
7$#6(
\5gjYUY
SHGetKnownFolderPath
@LhS5
*K@:D
hw]Dv
uDWWh
yu>5V
i223-
]InT#d?
~pQ\`
HDGPC<&
[Q~EUf
PF"g[
F':KVo
t^!$c
vLjP)
Bq8,5
190502000000Z
c{hdt
`st!R
55gCX2d
*,@#>Z
v}&\fF
GoZ7e
nZ]Rr
(2{lu,
96Mjk
)nX>BA
Z*;MS0
I?dhQ
@7t^Kt
@ ah"5
4}^e$
SearchPathW
1a6EI
&rhwx
%\PKw
ZS[E>
JHbJ`S0,#
~1a~s
n tKi
GetTickCount
DX%G}#
|Y9/u%|
}4?;3P
<_`;8
P=\}w
@h@wR
=+e>o0ER
$!S!9,2Py
Hfua@}n
*<('iw
d8;='uB
##wz8L
N-fplh
c"P]<
%naLl
bM]2E
rt?1&
MultiByteToWideChar
hcbq<
VB8tu
~ndq^
=TF2R
'i`Yzd
Xw!",AY
IvyRC
G\|(/
w^h1:
7E-@X
ZiHQ7}
4ocOY)
]+Th3
&LrC!
Zfda7
}bc~4@N
Oo"ix
d?owv
,kDcj:
;XCh%E
.:jKR
;g8Rv
UzR1!<V
Oj[\i$
YNc0`
yw[,%
AAA Certificate Services0
mXC!>
zyVqyPj
uc!zC\
HElkq
{='L[
Q)B(@
.A:sD
qE|8#[
&$Ay}
x+!BW
T+d:*
w%&xC
p75pD.
}r" Q
fgzmm
`^^^sS
JZP[~
_lDB=,
CreateProcessW
1-h2O
k!1jO
zJASE
KUpta
aeo/*
{n63q
7GiOm.M1
5O4Ji3
uE_#InTQ9
... %d%%
#j-_y
m[ipl
<\_l!
Mcg,-
u0sQedV]
pL& ;
|W'd`|
WQSPV
)2K'hJ#D
K*(gKPT2qTd
'$6PIY
:cW%+
UUUUW
KI&kr
#g@6s^
,3uo7
TrackPopupMenu
b@ty'Y
4T?oz
F"C?N
*6%aR
;lN*'
vq.,ZG
V)1ET
2_Hw*
v7s1{S
O''*?
lstrlenA
EQoi:
!I>y>X
6=J&>\
.PX?+
2Oe>7n
!Fr+\
q7yKu
Mn7,`
[:EG7
zZo'i
se"#_
]<;6H
sPYQ6
rbEwfK
:http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
0NDqx
92Ah*@
s;hBQ
y'izY
V5q//,
N2y>B
p]Dm6M
uO8C_
<[jQU
~G?8);$
Sleep
=~a$r
M_!`m
(*Qp*
MR/%|
(C)gl
aaD)o{31tq
0X0|Q
GlobalFree
$4QF'
}]O,-
>|5XC
E#2WU}t
GetDiskFreeSpaceExW
1SHcs{%
o$vZR
*)NyW
&'v-t
'o%ZR
{!,*&K
Z4i_4
RegOpenKeyExW
WUpKN
RV>-.h
mZpwD
jYVkY
yb,_p
http://ocsp.sectigo.com0
ymf0e
-AXXL
\-@\n
2{NK`
^DF6'
2MYP{
QI1r<7^
#j}8q4
,oqhA
@R ?J|
7( :+
iJWnTM
+o(gb
(mXXF
)sMba,0n
M~riC
3LzmZ
Sm+2=
8Y.-N
)qoJ7
ejE",+
@wvR:[
V]8IY4el
4()E10N
kR~=r
LbH.I
I+J+q
P6R8CPO
vM)ZS
A,%;s
skp1q7]&
'N^B:
!rG-o
~hrf,
cx|uQ
Ihl1x#
x^'.o
Zg.*4
19HmD
bE8/
AppendMenuW
?.)p!
ASax~
Mc@i6
Wkk.U
V?bYs}
+oklW
sfVw%
1g0`Q\1
.agl7xB%
=~EaM
|T_oO
}~lrbH
! {c
R'VEN
~nLHn
U<QuDx<
jLTuy
j6\,`
@ *`k
CornD
z,.4q
yU0b.
]buxyubO
[>r>^
G;.::_
1p{]/x
"L}du>,
'pKRO
uOLIgT
Y[@5P
n}8DY
WvG&=Q
dc^"_
Koj,^-
:yCze
plNO<
%3f)P
:{Y(_
P}j/eC
X+0Tq
AV{(8
oGK8"
EJgcm=
68NhJ
O5e4"
NH=!$&`DQS
TNGx'>3
9_/=
Ij=.w
CS]"r
a=2U*
q$!N<
L/kn-
D:t:}
i_2?g
GetClientRect
I]JOW
4f;Cg
B4NWQ
zi,bq
5?ejtO
D Q/=
q{| ]Ng'
zz76C
_')T}Mz
S&M7wd
OL)(F
[o^>m
<?Y`>'
*(E7}E
E!^xe
[Db.\
D%AJ$
MM/Wc
ImageList_Destroy
wfZ#\C
{&?jy<CB<8/
3l0aG
oBW$\
)8Gq^
%*pqS
8ew~iO
-l@5I
G;vUAM|d
qBXu#
RPlE"
a[g~o
kH9wA
xfe;f
|[C;6
jq_:/
_kXXN
;Glji
"^oF%L
83('[TH
99x&~
ExitWindowsEx
;V#RV
'cV@J
Cpk_R
Jersey City1
_F6-n
z}JcE
V&'i{w
am|3$
[>Z0YG
r)]Y
?g3^i
e'sGOE
}tJ%_
l)"zH
Zr%Xqt
<qHiE
1)ptJ
z.3>8A
#f"qB'
[\y"p
/2vb0~.
{?%[!
;";8*
lxRD&2R
J(`Ty.
qT8|*i
iCj^<Uo
\!^o;8
k.B&Q
HdL9'
Fy"a:8
Csr!:
B%C\.
GetFileSize
"DV+9
IHF4L
^!):l
c[IA\
vM?1.
rp3H+
.oRXY&
vk|FyG
za[va
jq7YE
%9n4$
loCcME
t}nz=
n[XMf
g'k}%
"7b"3/_
F'7%y
W-,`M
r(t'PN
0Fv-$
p1$XK
o9L.`p
=7{V8T
hft}f9
V@K`UIT
Ko}?SV
,cX}H(
lTnUX
L@QL)
a]xhBD
uo,U,B
P&eD*;
,UWs[5-
EnW{Fq
,1T6Q
Sectigo RSA Time Stamping CA
<p?{q
mR&p<G
Bw [`
VLSa^
ib]ox
L90>{
n~9wZhc
,Mi!
27sQG
8%h=)
x?*]C
g76j4>3I
7U~9}_
VmiUE
y?@P|
{&~tO^
KEOCkb
Q7~$"
PmT\#i
4E'_-
#cpKX
VnPBF
LoadCursorW
ZZ5GY
cDs5F
xGBi`
u5wwSog^
fLtgC
1GV2Kf
V?^Xq?
j[5~3b#
8;dX,=
7Hrhls
,-"]{
)]5v5
n|7Q?
StringFileInfo
{/B4O
46dg(8
SHBrowseForFolderW
3}H)._
3p@,W!
09}Rc
'l`2y
#4AVG
XCi/'
`#g^!
-PQK
BrIeB
mDwmX?
aawbe
Ej%O\
LpH{E
Y}25I
c6RuDH3
/9-vs
J['Hm
.?xJ
@#^-dH
|t4c:G!
3~C+Nv
jl*_]
.b)Tr
f2?&l
?pk.~U
/C:zG
S9`ea8
\OLQt
B8QGf
f9=HgD
<="58(
Pm|_J
zmjH6
>=qK_\
Hgjp'
S.'@r
-S5B\J
O[rl2
|!u2 #c
brP *
oH7>7
aBR[%O
OtZC
Ms|ud
&8QC9
P&>P"
g]t4x
rBd6_1+
ZsZB.
1NVR`U
mZ>)v[
|u)k+0
NFT:m
En^5|
x3BXQ
_&"Y-
20n2EB|6"
CJ!-#T!
]jdB>
[:wFDMiC
:NJ}G`
fDRHK
P: e_
SetClassLongW
E6~LY
Nsn~*
Iwx=)
v~v`
lstrcmpW
urK}geE
tN~=:
RichEd32
OleInitialize
L" hDJ
n;ILKi
T8zlR}
/FB[e
^gA}VO}
G"3j&-
v! 4`
YBi4L3
K^zs/
`y!xw
LGGNMKg
jr>9|
-<(a#gS
GetVersionExW
F]F0}!
[}3Gy
vlVI#
fy4CWXL
U\>DN<
GetSystemDirectoryW
]GimQ
:PPzn
#Sectigo RSA Time Stamping Signer #2
MPv8(
nFUb;
re|s94
Ild^Jf
^\5WS+
PostQuitMessage
V!A5M[
'5Ftb
IYoS5
AJ>C84
}"vB3b
xGgRWrG
c0'Un
Yg2Sv<
r}Qe^
$eh}E
MeZ}o
"!e'&}
rL:4Y
0"%Ua
:NNm%0?g
RV5s@
wkJ:H_@
[rQ1`
<>xew
Gu]dql'
=wn=[
.g48dz7d
]QE\$C
[W5\Rn
-`i*"g
}{I1g
+i@6TB
x4f<M&
7b>Ez
M&|n H
fOQ2>
*4o9I
tD{Cb
{qkob
>'Rsp.}
"p'![|:l
Sectigo Limited1%0#
Jgx86
_lL!C
6(W18]
meJk6`B
3x+0#t
9%,+I
<<(G'`
i%qz]
aPEvf
GetProcAddress
"t<6C
0&DiYlB
ProductName
;4F?>@6.,
qPT@*
.]8KO
4]r=&
/sNx,u
*x"hsp1
220216000000Z
;c:43
S+[dU
Bg'x`D
C|jKx
D8Lgg81
SetFileSecurityW
.|BRE
a,5r"
0b8keU
J'.69vV
2"/88
}X[.j
Ao%w`
a 4jm
1?s9b
~HT^ }
*Dp`b
AdHRg
|!-&x
v)&tt
zDCWS
]IMrV
g1VS_g
`yW?sw
X:JN|
,Dh^"v
n}cKW
H2O6f
8V]ZB
D7/OI
p;\Ly
.T%7?`
{r#ER
Q8YGP
nS@|r
qMhT=
i*'~
M`_`Rp
0Uv:G
2X7,f
+3yRl
p0Ju>
'}Dd=
IT%/2H
! vdu\
SetFilePointer
5Aukv.
o7wh6
0w:1{
n,NdZ.
j;nf&
jDXws\!
iE'\Q
2!Fn[
-D%c
1D?>
,wUpi$
Q$A"Dz
RegisterClassW
VnK.T
/aU)2
tBX1tIY
O{L`L
(/iTG3CJWf,+*
f[G'z
_XNjo
48SK&
F}VT=tWXqK
Ql0e\
6X ZO
58a~/
d<FzU
'cm*s9
1-D,
=>r[}
y0_J%
Bq+7
9GZypS
z+$[)
~ T(F5
='*&"c|
lstrcatW
Xb;!w
54XNAK1%
)-_o9
(g@DQ
P4%,:
^vGc9X
0Z#{~rw
,yMx?
nS)xz
B#l>>
81."g
l:1RH{
v/dDa
23Qe:?|
Ji7)^
=T6qU'H
2A[ACo
_.e">
D1oA%
;=d#m
859$E
JGq>X
b]NTl
v@Wi{-6
&]BddEX
9Pe\S
IqYq9
:uzFu
]Bde'
[~J^v
|{C$O
p$ve|k
YdHD,
Software\Microsoft\Windows\CurrentVersion
imaF~
cNnW=
WLm&+
w;+vh
:;o;p
TaJ (S
SetTextColor
HW,Rd
+cf<[
Q&U9[P
G<\\XG9s
iD7.}>
+z2cv-{
kq`P^
`J=.5
;Xu/U3~
T9Z+/
@'<';
/MB=*
H6t{n
vB8x0M
.CzC;
KB6p
9GWgoR.
NKju x
Se5eF
uE!zTx
GetTempPathW
fUzY}[*o,'7
Hf;)5
%Aa{>V
?|ylJ\
'o=r4
6[Ks%
trpx0!
Cq`Cz
WM7,A}
&m{LP
chy?u
)ODFF
s(:9t42X
|)iZ6
A:[bf<"R
uWt0m
g62>7
WT[yj
U!u0#
`}SHe
PxX0g
=3Qt>_
4z0iE
7YdbC
[BN<O
;ZgBh@
=dfQF
b@+xMi
UtAmd
Z;z8}h
Kdpy
?i[TB
#`2L;
;Wz}'
Mf4C_
djdih
2k{"M
MS Shell Dlg
h%dilE
f_u,:
VuB.}
%&QH:J
j.&e4z
Z'3$Z{
JOrM(
xvW7k
)V8+r
r$y!*
<!Me!
a.KT?(
5*cai^"t
oZ%pb
3F<#&
w3*TG
ib4+s
hoa'%B
YwL.e
K%7)zi'?IK=n
pld^b
aIG+XqY
=o*4q
N,6R>#t(v
g^Y>5
dE`:E
Ax7^{`&
e`LB ^L_
68J/8R
%g:'F
sD.PK
&Hc 9
E=(xc
/$6f|
Uu>>)
*=0Ye
359yz
39Yc5B
Q]pv7
HC7-|T
+V9yDU
0P[Vm
Mle4)*l
E%zB.
;De \
l]-_G|
Fx3c<VGw|
mh$?h&
z4uy@
"8)!1
'4%%v
6?PZH[
,/\iV
Q1.V3
nb8z!(r
6B:'QHF
\9y.@
A8zx?
zM-S2#
ol6hh
6=IOF r
<b_Gr
M31vF
Vc,ba
R@/;.
sy`&a
c%N.D
!`qTE
/M?RV
kdkos
lstrcmpiA
HZ}QE!k
-(Kas6
+7]i#@Rix
WJHj~
0 csY
VBXos
f[<drc
lEBiOd
:q &w
lXjq"
+SwX.
pFOOHSNNSMFB&%
$Q8mB}
vgu4_ p
SHGetFileInfoW
|_Ftx
xDge/
_#=: #
qCTx]
WRo>y
L~v7.
p4*aw
W'o<w
IBwUD
hZ!LU
>],5(
MSs34lw
Cv&A/8
g]T4LF
qY$_A!z
`]VJr
http://ocsp.comodoca.com0
Z=L0S
rFKjj
M~viL="E
7\9Y>
'B2Ep'
fq%~#
t[!x<v
:jx/]
dtGs%
^"jb.]
'V|";
UhbJn
z6#}K
6kr,T
srb-<8
=.M_V
0rctO
su_Su#
44t ,
tLdll)
7$!,rn
GetTempFileNameW
=Ki#PS-3
vWj8Tk
*XC/p;"
K6#hqHx
Hs3,#
7;&JO
~CFn/
uW] {
RZdBD PS
8NBq?
o5I%L+&$
`*EKr]
OBPv
via/B
EslPi
?AlcuZ
Y#jn4
k~30D%
gQ(Z)
SF8BZP
B_rNc
)^5'@vmO-
$WO7X
vR$55
gZzH}
C"Fn-
sEoGdaya
.Z%g['
AI!tA
h5r!&m
abMlC<
kN!Zr
`&1Oa8
v*jw=
j'c]F
N%*Zbo
9zY(j
Vw9C}
*9PWs
lJfjiR
:]IE>v)bh
CharNextA
ZE*Nc
P?+\iw
"1?2,1$
4W&vI
J]SdX
g[vIR
]VF_na
#nf9L
9[NMz:8
RtvR-
*6m,v
HZ3_@
&9E!U3
'tzr"K
Z.LPuV
y{"y9
ju]gl
c)444
&Gt|j
;-*<f"
LFJ]E
|kp{hO
AJ(qFB
*4'f`N
vZoWS`
,3<r4
P"27p!
beRNS
Ja'AS+
vp=uZ
\NR\Nd
x|wl#
`?ZGv8l
/-q11
q#,"e
E>nZ_
&g'I D
Of@ :9
jO.na
wg~_l
dcDP1z
Gs6%o
7v'Bn
6kUK'NK
pPwQ|
J~C|Ke
Pjo$U-
^5hu9
'cRlp
j+K-p
;UW3p
6mg+B
}<1Vl
$fL!X
~Vv4>
=_CVF^
>!_CSJ
h*Md2
+WZCa
6^Sw)
")<}bFrl
!rtCN
RKUkvoW
W[V&y
]a]a]]
@)mbb^"
%0*SdfW
N!}G~
QUm5.T
L<(i"
y%BtkH
[@?vF
GetSystemMenu
Xm?2<
UBfs)
M7#CNKs
]%PT*
PBl7bR
I<0jB
B5^sK
2jXsJs
TMYe!
l$K1j
\*O5Er
SelectObject
r6!U<
7Qk,$
0L*{+XX
@EG['
zpe<\
4W6GaU
Comodo CA Limited1!0
7'M=F
H/x^N
CLBCATQ
^X%S:
;jKoo0
:Tq%E
h}l|X0
/UhW:U
mC)6~
-\p_}4&
ffd_|W
*f`Hf
Nzd6&
KQdAgw
ffY=8V
CreateWindowExW
pN_.c
z=cW<v
?g]|]
SetCursor
RegSetValueExW
ZL$&a
7L#i:F
Lm{2e
qj-L\
h7Bl3
~',ik
210525000000Z
O4@U{
OY!O@
L42 Uhr/#
6Co02
V P$ft
qr&UP
".bBvjQ
9J?{E*o*
{fYbT_
Da5V} #
=@@Hv
59?>d
/XMU0
B-o@mm=
JS->R
],$62
M~o.e
3C!9H
\BY|F
oH#>:Z
R\pq2
1@PNax
LoadLibraryExW
fv2K8
\?b'P
987tOM`
$03C5
9^7g-
Mgn'y
j Zf;
ap#|>
uK{IB<
jPOPLXmjVKKWMEA'n
@|a2D
9z.>?0>F
#e<},
'9FK5
[Q8+KA
m/:6[
JPEGView Portable
d`bJx
{xgcUl
k_O3-
{X7.C/
-~JHKe
l>#;#Q
mJzMR
1qH.u\+
vAwAT
]|Rr)
(iBFZ
:2NL1
-bv6Bl
:JuN:p
E)~pf
6Qo)T
iQUYJ
Sectigo RSA Time Stamping CA0
XK|@s
{;I%@
MI()zK
T:|:E
U,"A=_
{BKiRG
6yQc8
FillRect
\M?i_
HzEj3
h>"39
B:jdC
,;Pv$
L9Cfl
'8Fi4F8
U}>-Dp
]gXEY
vUr-;B
)]mh~
zY.}|
}5Fg"
vInL4
T4xn$
K(h)d
{0f f
,q..(
`ybXOh
3z$&A
aLaWJ
5!R-j
6~'3wJ
<61W:=l
nICMT
$/=G]
^d<Wr-{
93:q\
DW(Hz<F0X
y4sD}n
i]#n|i
a$V|wO
pD?>A="
ywVe2
3>kw+
bk2X,4
9k{bq
p}@?_
"GF[w
U+{a.
0eD=/
yWm"k
c d,'
n#%|Y
CoCreateInstance
v7MYr
">#Zf61
euQ=$3
F=HJpZs
k4s}J6
"DO[Z
BQ,rv
Izt&K
\bvv]zz`
ka##Q
GetFileAttributesW
PortableApps.com
7crCH7
K~g76;>
Z$#B"
r",1Q
PGc0/
YZ=%YB
uL!eR
\Iw5$
fh:c
lM<7??>
DispatchMessageW
\]8d7
0%[<;]
e*I/v
.N3XC
et9*1LtE
ahuT}
nxEgt*W
\ZN?}~
aZY{U
)-f$k
dtTHw
BDgIr
>K2:Qnu
+3b$(
kl?%m
mLYvuP
9=OKq9
beVw<*
>1iT=TkD~
LC[;6
8Y,&<
Pv@Z`
{le}yJH
@bE*cB
Xqawg
BeginPaint
@4BR[
@i.n{
f]Jin0
caio%
yhDYj
=E4^boK
UL^PK
\_g!g
RERMZ
XOZY^
j-(p+uq
j;X0I%
5GM/r
8WEk/
i I'Gh
Mj-t_H
,AQDd
A -@&U
aNn+U
.9D'\
^/fq.
KHn@z
8vu}I
3/J/=
.>sr*
s)H<U;>^
,]@!$
yiEvl
olw'z
w=ssW
d,^1JJ
*L&_d.BZ
8{a+x
]'LY9p[M
KQH}o
A$U~F_
I/WT}
+ib|/3y
@c#%^
^1/hs<
Rn*V2
XK=?J
#upUGq
F,$qX
As/;a
9FF&+
O36bg
+<`of
^hu)+V
bwSenI
>hpL-l2
@v@fO
XWw53L]
-(&fj
mllKg
f{X]DGa
x}D~4V
AEr>T
=TAwq~
Q3KDxmn
cgM M
x8?l9
@,H+WKw
BBL#%9
8M`ti
<B:3x
Y 3@@c
Xg(blE+`
9gE73
{Z)3Z
C`[MD
0x|k"
V@vXe
am)<--
rkG[&
"_/]D
tt[!}:
D\[%bC
=${/b6
f{Y'}GU
93$l;
&PG)uaB
1?), |9
.$5T8
qffi8
B/<8\o
X7Ho,
]{RZr
[C]e=P
LsT(s
^ZfM+~
1qI"Tv
8oK40
&yo@B
d3oxW
>LuP;
eCYs'
uXtPA
Dng-*@F
d2ES^8jL
5U;7U:
fV.2H
J>itqd{5
b>SVR
b,J5FU
hd!%k
5*\,&
#z1""
H%~u>Y
#V,iG=
)1&e(6;
({&p;
u$l59
`uJhF
hV<$}
\'G?w
MqT~x^^c
.t<]F
Xb_EIC
p\cOdK!1
tZs$n
eCRi)
~7_G([4
C|=n+
mJvkI
QwI?U
dE}@]
yJlRp<
5{cnh+
iWsC=
EnableWindow
+|vF@
x(+0>
\Microsoft\Internet Explorer\Quick Launch
K]B<0
WvxjU
;:ihd
ew&d<[
B_Inb
s"\<$
CloseHandle
!;p,M
<3D7_
?v<RT
3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
j*=Q5
}E0R`2>V
XJd4h_,
[V-BK
5~G`R
"*-S*
U_4/ j$
.elhY22v
/u27S
8c9E%x?
V_(']$
# SF-
'Zg$:i
cp?`b0
"^TM?
<Xa0vc
bf@Nq[
aT}Ljs
8>cUL
_rBu~h'
Ti>%c
]OL/x
j0#@xt
Q:A%@|
_Cirw5
/-$?s\
bth}xqmW
PDX~4
6!8m={Z0
8H>5>
J!|(|
0{ )g
>T"m#i
u=.v$
V86Cf
(:p%N
[@v=?
v}=/Y
%w@lH%:
M$<53
%n*UV
+f0_3~
esTXH
;?~LIK
U7)[*
[ilc|
0`+9m
*KS`+
7Hd2x$3
ln#$
G?+qV
X0Yq$
n>^|T
-0m9z
0[Z;$J
9Z7q"
qApJ[
BQralR
QOr@AE
Qz#FJ
`tg1:
Pr_"4
> Kf>
[v7Q&
!9T[N
r{-V,B
X1l;B
T $H0
kyL[1
%M!Hm
COMCTL32.dll
>FFf;
L=;Cs
wh/`<
/ek!~
PortableApps.comInstallerVersion
8VCj~`
]|~RH=
1($n&
KTQE a+
8&=}0C
.@VNq-
?:.O[TH
HR[,L
n1G\
P[^OHb
?(u\"
me,dt
A# (Ne\8Tf
VvMi 9j?y
|<Aa}MO
%:w[,
M$-dGDw
!zys8K
X%g(+
tLo:V
i-\X!
jfT n
RemoveDirectoryW
F;E@+gy
f59NFX
7F#t?
rR7%F
$Sectigo Public Code Signing Root R460
t.N&xH=
1cjzar{+
6j;4F#
=DE}
UMt3H
9 j*B
aTw!m
P7_rz
hq`dW
RegDeleteValueW
Fe)Vk
z7-s6
h7NH_
0D=7Q
MN{]@>i
QJNQW
vti: hx3Yj
_(tm[
/k!68G
~`({>:
)Xm>,\S+
kIV bo
RegEnumKeyW
7H,(Y
r#.77&
:C?<|
S<K\Ia
hpFc0
e6x^nI
CRYPTBASE
n5Rgs
OD#9I@
ryw@0
ahp|]Zz
D:Zc|
IsWindow
K#d4
Y#?2;J
QQvPWc
^)fZL
|Y-yz`h
m-$>k
gsR\G
*+7&%jW
~0PCC
rn+d<
m/m6i
;v}93
862xq
R[A!JQ
KGd9;F
9Lo3!gF
IsWindowVisible
4ai,T
0>rk)
*D9~T
t;{Ll~:
210322000000Z
^'1?5
Rp8Ap!
-t(aR;8
G&S/vL
~4`.r
4_?O*
#~gO[
@Gk3o#
"NA*xi
>myXh
wZpta^
U]8G9
`pZd-
A*A~
m`J=S
2http://crl.comodoca.com/AAACertificateServices.crl04
<sj6'
1H`\~"
SFr)Y*
glD*c
^qr^8
Xc^}t/
\*"\8k
6S3WvX
\z-|^
Dix_ &i
f!>_^
CallWindowProcW
G PYE4
y/-4o
FeDnz
:HC`z
:TR]Q
'dcn.
?=%SX
2zP;Y/
$LE,%&t
'UQz"8vi
9N<_m
eD#-2CP
fc"&h
+IYSE
/+C%?
n9*0p
M;kx<
Zpgotx
]ZN.D
.z? MH
}bR-/:I
D^+x3x~
b7dL3
V,F(T
vYI2Rs
WPWj0
8p5<
Pdb&i
Fuys0@%Iun
s]r\l
c>J/Mp
*G6vB
%}y`<
ZVlxf
Y_ `w
QulIO'
\W5-iz
obqM;D
RegDeleteKeyW
*^Ayo
~p7b7Y673
uK({L
g[[&{
Eyh#b
uH(rW
J:HS4.
ZSF?R>
GM<@@
Ml`_C
jme)B
U8q/Z
lb]awI~
^gt5+
D@FUM
WaitForSingleObject
wd-8:@
Bhwt&
f|O^B
QZG&qqQ
v/1PPu
OpenProcessToken
x9mu+
aC`[;
oJGOx
cNi^~J
_mD;U
".-[H
SJS(~
`-nq$
$eICA@
SetForegroundWindow
4bgg$
idA^$vpx
?/3Q<!
YTNzP
_AuVA
yOW-26
RjL`{p0@N2
_^":K
GA&v@
_LLL|
cC's8
K&m94
#kz?u
TNpPN
j:f>+\
x}}hA
v}^QA
(Muuwcv
X|([P
&%B!N
3m#2gK
`mPRJZPF
aR*nD
a{%tP
zNWS^
l!8^,I
*raig
2Aq?3
ExpandEnvironmentStringsW
2*bBX
SetFileTime
nT?["@
CF[]R
KI3ef
{Kr )
|g7CK
fg?5k
~#\BU
l*YVR
*ZzgW^Le/j3
T^X w
?8-=A
$M^D,
5\Kv'R
/r6BQ
w>nphk(x
|C %]
SLC '
qF9c`8.
3LwA..[
[UE5k
sFczC
KZ[yz
X26az[
$(,1h
1pW6
?Sax<F
`b`75
softuW
dDmM6P
E=%[q
Tt(+B
2Ss<Q
f2rV=
jFYvP
Q(Uu0W
Tb-R{
_LV1M0
Tc9Wjs
9SedX"c
buuu(
Twtv!Rg]Y
3Q]b{
B~FF5
AaSr01
7b4vi
&/IvQ
`(b]F
C7-oY
v#c(&1!
o^L0'
4^97_'
PczF~
j5W9>
ZX^]1S
;5<w%&E
(:HdN
MIU6Xh
Q9Be)
tzK.x
q4CgT
;~[WDZ
"Sectigo Public Code Signing CA R36
m1rk*1q;&
S)e6D
H?1Xr
}.=zvn
$=mP&V
EE9@z@
}IJR"
HwXG|
MdDGj
g+v.;
wggA7
*R Z{
"i8F>
~=Ra<
c(&j|
90705
Z|_|q
iHEs)v9
\]-^]
I GJJW*d
DialogBoxParamW
FreeLibrary
~.Q]Y
A,ywl
'V3BN
{p[2B
oeGb)O^
`N9N9
w12,2
t$0Sh
qYjY%
+_B2*sJ
f9-&Z
.oDiy
CompanyName
B<1Y44V
3>m^F
cD%A[
^.0y9
D* XyZ
g Ndf#X
g'|OUY
o~M"4
'A%4:
h26xf(%
$\p~B
,!L&s
md*p
WB"F!
xvUFl
a>8);
_Za^%H
musQ6
`vxt]
\q;g'vUw;<
0ij>7
Hi2"
H#]2Y
HmS<~
9LpZ;b
*N!QA
y?>Pa
$^oq|U
Bwi:|
:L'UO
TeJW*
:27Q6,4N
9|.-$
https://sectigo.com/CPS0D
vV8wJ
0,>Pn
^/\\/
SetBkColor
Msv|kP/
I^9(o
~:S/>n
szjR0<
.67ll
A+E+~
*P6`$b
iwK#=
+"m:GO
2S|)g
J;lo7
vL%6yJl
FO+)Mlw
Su']z
L'gdG
OKgNKC
onZ#6
&kTo!
#hXh3j
0}pS<h1
vAoby+
?+Q<a>u3
e+QfR<)Z
tw-ezo
#p/(~
X`g_K
j/s9~V
[\giU9
W~R?V
Mwtrb(<
TM1S]
KOJ#$
)'J)G\
bfhit
gU1DX
],NC.
eDBc|
C-f-x
^A)ms
v6F}V
FV2WPiU
8'Tc3
oy2'/W
uOvTbN6
0uZk}
&JlV&
ImageList_AddMasked
uK6 M
O&$4&
Se),-
~:fdMY
eGgr5
STRym
?M/Sa
&fx]Y
bMnLO
FAK'=
u4JAgu
wf)!3:R
2>f<gk
Vr.`veA
%$xcy;
P:j^O
ZK%}:
{rRIrB9
$/Az4
>E=Gp
t.UE7
Garjl2
WiT|'
\R<-(
3WEx`
^)ve6
C _|c
QAP)~
0]fw>
BZ)@_
I<_TY8
!KI+OF
lVU$pS
u[)YB!
+gL@9
l+X'm@
FindWindowExW
V8_I~
8UswV
Y3E_h
zV@uM5'
PeekMessageW
1QOTrM
'n.U,
J?A7:
m:^hYj
cQw{ }
*#.Cey
'[W)2
_z=ei
jalO.
N%a'/
='I\O
[be!_]
KK%Fj
7`>$W
lk9c*b
v`~H$
%j(2%
Z%}3[
*ot*AF
KN)-_K
SetEnvironmentVariableW
PAp2Y0U
FE``U
y2Sg1G
.uvWK
JgG)-W
(uYa8
!y~XvX
wsprintfA
0G.xa
J6+=b
O@?Y0
9Ka"(?
kk:(0
m1P:G
CA|5s
k2is
vL4^v
>)b=>
os"'[:/
KpX_|
@59wH
-n2`}.
nf,*Z
T\9pg&
/,Tb!
[ ss>
s FcY
Cl;&W
Y"pM$
Q3L/C.
GCNV/
Ts'AP
`*S~J
Installer integrity check has failed. Common causes include
6ZLT
?Da[+/
ICCc+454
,=CgT
x'K9H
BiRN/q
jRJ%b
C^Zf-
'=FNbWV
QyM^s3cK
Control Panel\Desktop\ResourceLocale
3>lrL
P/e90
)hHeTT
d}Ch}
oqW&d
s`\*_
/#2~@
gD9'(
o.ZeR&
V\>hu
4Gvi2
i:6?)@
$vDnZ;
028Tji?
QHyXB
360321235959Z0T1
GetWindowLongW
seB-m=
j*d.E}
>bJ(5
6zjqN
<6-iW
W7sqq
,w}ra
DvA/d
m0l0M
e_`~C
"45Y}
(VYyB
t)nZG
9c+9{
QBxh(V
1Te%&
khZSn
}nnf11+
0;Bi(
p/5QER
ii+Qz
avXNU
3http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
{055M
7eIyE$a
8i=I"nd<
27TVS
72|*`
soEd!
B<K)j
)F(L7'}l
Q}eK=
kI[{xI
.xZC`
dy{)I
1nIG=
_OtD=
Error launching installer
#[={9
#WHvNa
y>||1
RBbs:
:TL0M
x72$R
[g"re
4p*sg
_C`L3G
2[9gs
yi>#L
`~g&-g|p
^U$K{?
WriteFile
!No*S\v<u31
0|29m
J1QGv
|h?vQ"X
7M@!d
DestroyWindow
%hOny
_Oo+d0m
]:g@0
`mkQ}
e)5*-
3nC@2
2Lef;A)A~
:P6x#
-W:h_
Sectigo Limited1-0+
h6?pM
~-|ynT^zE
U!8o
?;ul%
#sWIO
1jm0wo
VSUbOI:
SQWPV
r3 =KQ
:8T[_L/
-'c"Z
&{qM!
LgJe*c
3ETt_
.+nB#
$mCnPV
)H/xIz
LgG>@(
.8}cC(9
},yo3+sL
OJj"79&
O^ZOu8
S^Nh!#
DO{#>
Sr^&QffL
hfDMw
qz3e;B7+
\(A9D
v,@yA
tN2u\
RichEd20
jHjZV
|nKpC
(S-AO
u9r)9<Pk-
=Z0;L
PortableApps.comFormatVersion
}7B '\
so":B
IG !}
sCS#zCd
`6anC
eO9.(
rHLOTMrqSt{1
5cRx|Gr
s^n]C
W5d4t.J
5L5%D
InMc[P
Vc;$:
3QGiB
1@aZ/
.6m@mV
}D37I
L*|X8
nDS {
%3B_OW
ng\@VU
mt/v,
c9NCld0
k~{az
)U#.1
.VU.6i
i4 Od
"?uL~
2007-2022 PortableApps.com, PortableApps.com Installer 3.6.0.0
kebz:
ojI4($3C6f,
|/(n:
OLEACC
~ih1#
QOk"/
L^"|?g
fH#KZf
*aK,;
I#sq%YP
Lu[V!
.(omd
=xy'?
I+Lx l
CDF{wGu
t?9xL4
)&}O`h
h0f0?
QpFcG
,gJRe
j^B46
\X?aM
%4J)3
[V(T@
555;_
]X@C;
QK?I^YM
6%VEH
pFblt
1=;HC
P\f,V,
.kzZ09(
2Ug^%
Dhuk`f
Zlp)p$
?Bp5T,
65o ~O
s<0D%
HR8u}
P?'j>
/36g?
/S8xQ
M]FSW#e
$D3j"
KMutf
Y>B~"W>l
L,Q0$
u(?J>
GetModuleFileNameW
"%SG,.V
42?D%'L
+~#B,f
[g9j4,
`@XI#tk
L8~\k
VP/z@
m)K`N
.iv$)hi
>gF.Yo
w^l`5YI9
8W,9+p
od<G-
{IO;O
B5HRU
"*`-Fu
dh(!61
Uf04Zg[4
wa$-H
&8F~=
E+D6l
FLCE-
3.6.0
^B4B^7
DE7^>
\{vU_
\'T0x
pwdT}
-+-V,+O
e#6o"
h~bzE
+}E&c
";Tzu
{(*a"
g)0M,
j#k4!P
cLAD7
<Y jo
e\;a'
VS_VERSION_INFO
IHa}?<<
@HkmPp1-D
YV.k~
4\Yi~
baP`g|
J*^koK
24fKR
eGy2o
;BU4U
ND~UrW
c\DfG
nccYq
|w7/r
!pb4'n
+9bG*
H1Tn&
:P|OF
); vsz
.5PVT
6,HX;\
x|H;6
{49=Ii
<Lp9vA
1e|`^
@}IV[
$i$Br'?5|
J:y2%L
OpenClipboard
H^UIn
uFyDL
AL1V*jx-
O{9.-
ky[0+
SdV0D
H\Bo\Av
SMALHB7
OP{&;
?1J,U
E]v2M
*ku 3B
p`;}8w=
q{+@#
"ldjBcb
b\h;x
h!.X*
&<YgH
EW6PS
|drtRhw)
zuqYq
%^bcB
gbL}
94**wma
wbg?a
))woUg
WF\Pv
>=]N8
3.6.0.0
Q0@h*
grb`:~
@1}B: {
=WXJPH
HK7L5
ExitProcess
DBTb>91
vgiI;I
x3i U
(AP*"#D.R
Z4cl%G
W0r()
dI *d
9=4gD
4F^H6
wbwi%
nL4[C
hWC4W
x,o:)
03mOU
%0bHt%
*w>;r
zo^6\
q3C~M
[2"}s\y
l=M"|g
wLj?#
gC2Hr
Please wait while Setup is loading...
r!S+,
!6!]U
pr<~=
$n@zH
CreateDialogParamW
G%01$
df!CU
Ntb$w
Ds:qmV
-]y3-k
kvY|;
5BPfg
`Sc]6\
GetExitCodeProcess
eDbh2
t<jsh
#4}ud
LGLtPPp
[Rename]
\b:b5
UZM^m
!fV}`
JI<!pr
6?$`+
|&>[M
[CT{DU
(vpC#
fYIf[
\EnK;#@{
RichEdit20W
h{M~b
*FFXD
!x1C5
K+A~"
jol!h
-qfH/
ON*L><_
ex~4m
gzS:I0
.>tY4
VerQueryValueW
4Z&U?
[<+hVbx/8
,UlCF A
Wls$W
>?GA
(L!Wk-
XRG_FJ"f
d_4Vu
LuTcei[
ef#?h,
SraiRq<q
GlobalLock
SHLWAPI
f[lYA
`SO8y
V-3j!3
(U7Yd
GetPrivateProfileStringW
q(AC]
pc17D|
>cu4p
MwyesP_)
q1l_5t9
a#PHZ
TE7n)
)LLZN>G
/Q=c-%
At,r7
wMJOd
8Ykr07Y
?f+xA
Gpo/U,
ah6g)$
rE1>s
?(#P/0
X]!Ey
b3~_/Mv
$3?U,d
!{6,i
+Fd!K
3\ktF
?Z&Mu
V+YC?
ZnXN@
InternalName
fEqd6
ha:z g2~
B;I5
tCtKF
8x52~
$t<x;
g~j.]mMb
?Z\hR
(P"*q
`o<<+
pQZdV
Y<CE(
;_/A.
8_2Ji1V
sA[U#
<t#n#
!7/H4
;/x,v{
q"_m!{
qR15`
r[$A3
(j~&V
rM^aXF
HCIs&%
oCD[3
m$LW"
MZK@G
]H{J5
FindNextFileW
p+R!Bsle
i)k7,6~
e}pRJ
4X4k8U
jsuiY"k~
Q>Ft:
b88=!^
{d Si&^
r4[*P
XO>uP
SZJoN
incomplete download and damaged media. Contact the
o^B)8I
IgOk>
p[#y>
TNs`%
wD1}2
k$|sb
g&N?Y
B<0crj]
WuM%]3
K(Tj!/W
9t}@"
6I~\WW
=OxN$
<)b~doh3
|:C`k
Jbra@
AUBYRR7
*">sx;%
`sj_+{d
T~Bsl
GetSystemMetrics
z:n3|
khzG0
d7_Fg
U'/JT{
5apQvQ\
i\M}y
q0!bW
JvN;O
o6>vmW
_,\yf
CloseClipboard
QGL&m'
!]7A\
xA%s=
Hr~xv
l.G##
`Ua!2
knuOU"
j^ZGf`T
{Zwbl
CVM}%
3HHD,
kZD;%
n*Ohp
Nbc110
~fYp4!c
y_ISP
D;|@A4;8
ciiI>5
.]@Bb
N/qCe
w=guS
[9>a~X
ipmX?\hLe
W#USl,
V$q^m
Er/`U
A?}Txs
a/0c@
[o(LGy.A
UYf(&
USER32.dll
I_iVHY
cn>O|
j[uZP3R
d)t'G5
f$m5,
\dyh+!ur
2;>bH
bdu6#
Gh#C^
8!MY
.y77z
jLVFH
]wCFP
H'u@N
8?/aJ
XOFig@
5-==#C
'pXlR?
L#C,)
D*m&^
2FXfW
0z4>x
>yBQp
u:S7e
4xvi&
cv3C>*J
H=;Sjx
wE~d0H
M"O6Mn$
\3dYpT
GetCurrentProcess
n}TQ3
q#^jo
RM^(iT
5xqO12{
7U>,(
p9JV9
H!%q!
QRL,U
1oS2f
%=F2Rl
.ndata
yB$'+%?]]
CcV0r
GetClassInfoW
6e*9X"#^
gxK=$
n+@II
_4*V'i
m1TkqG%
X_?':
6C 'Pn
?9y<`
]So~/
GA=;KJf
p$K2hBgw
r`e<V
is,ia
;S .,
9#%o=
>_\Z0
OleUninitialize
E\RR$
}+<}Y
xHC]iK
+!zXR
~o({UK
cE+2w
v6X^M
$!Z\Kp
8I~<8
a(>07
!SA_3
_atO-C~
C[``cn
VtSy)
m)=FJ
F"=S8
{$B+K
J0QrK
d7<6(
]cbKO
Ig60C
2%[/y
WjD;j
hjtGe
mXlN1>@
XTW(=
8#2kG
8u+j!
Y{|n,
\7FtRG
Instu`
smSkP
7.a .
av.-{
8me|_
ShowWindow
w#vj=
The USERTRUST Network1.0,
UX|..a
9n/c=?
zs~[,"
;z~:fO
0*"?%%B
oG5[.~F
P|_p.
Y^oE]@
%8@UEA
0/*DG&
# R#)
^U=Eh
)|#{H6
A(ILz
=0"Xp*
by/1YZ
aKu[
~Zy,Q
ECN0g
,n2lXh
UXTHEME
/~YOc
85HO\^
~xyD0&H
DWMAPI
3)q7$?b
KI #
LookupPrivilegeValueW
^5rr--
77uJ54
cHs4}q
<ZA uR
h >70+
Iiy)g
Aeff
>M_J7
B>jm;
DO?*V
Hu;LXG
H/(@Bp 6
po5k{
e=j><(I+
oRK,6
fA P|
MG@.USd
/>>/#
IIDFromString
"32k2l
KVMc(
i6K33
3yd9om.
G}5hhjfXR
)OBw#_
|6?\:
f58ksIN
kx9;Pd
o`n6$
63s_|
4)$|;
yw(sbd
'Brc+
':OEgqX
iBs33
GetLastError
d5}he{
F&xePf
e1iw&
$`ylQ
!1r9[
VF)t-
X"J!Q
`l$Zv
a9sPG
H.b_"
7V?U'
kH.A(
F8/_}~
Tm5I9
D[nPm
jix@8
't$LYb
sp#0[
nx\KUq
g3SWKO
_'e76
+&/d,-U
V$EV4
^+1uw+
6wAO,
"8zIV
h@5>7
RY<b8D
}Ya=~h
:cQYV
@cJ6Q
XK8@&
7'b^/
J:\dq~
J5B&O
nI,p;
\ S6{m]{m
51zl)
XB5tU
5)xf=
~}FW>.
:FD~`.
ts7!:o
}v"W)
gB{<Ev
v13uJ
qZi5]
1.0.39.1
PVqw#
Ztn*-5.
YM><X
!X_.c
g_FmV
48K98
H]If=d
N"VwR
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | Compile Time | Import Hash | Icon | Icon Exact Hash | Icon Similarity Hash | Icon DHash |
|---|---|---|---|---|---|---|---|---|---|---|
| 0x00400000 | 0x00003640 | 0x0016e512 | 0x0016e512 | 4.0 | 2021-09-25 22:04:50 | 61259b55b8912888e90f516ca08dc514 |  |
2c09465cc979677d65781d9403176c31 | 5c00f471cce984e3b873ef9ade242aed | 71e0e4b8cccccce0 |
Version Infos
| Comments | For additional details, visit PortableApps.com |
|---|---|
| CompanyName | PortableApps.com |
| FileDescription | JPEGView Portable |
| FileVersion | 1.0.39.1 |
| InternalName | JPEGView Portable |
| LegalCopyright | 2007-2022 PortableApps.com, PortableApps.com Installer 3.6.0.0 |
| LegalTrademarks | PortableApps.com is a registered trademark of Rare Ideas, LLC. |
| OriginalFilename | JPEGViewPortable_1.0.39.1.paf.exe |
| PortableApps.comAppID | JPEGViewPortable |
| PortableApps.comFormatVersion | 3.6.0 |
| PortableApps.comInstallerVersion | 3.6.0.0 |
| ProductName | JPEGView Portable |
| ProductVersion | 1.0.39.1 |
| Translation | 0x0409 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x00006676 | 0x00006800 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.42 |
| .rdata | 0x00006c00 | 0x00008000 | 0x0000139a | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.14 |
| .data | 0x00008000 | 0x0000a000 | 0x00066378 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.11 |
| .ndata | 0x00000000 | 0x00071000 | 0x0015c000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x00008600 | 0x001cd000 | 0x0001d280 | 0x0001d400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.16 |
Overlay
| Offset | 0x00025a00 |
| Size | 0x001408d8 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| RT_ICON | 0x001cdad8 | 0x00012524 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.98 | None |
| RT_ICON | 0x001e0000 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.17 | None |
| RT_ICON | 0x001e25a8 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.51 | None |
| RT_ICON | 0x001e3650 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.70 | None |
| RT_ICON | 0x001e44f8 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.65 | None |
| RT_ICON | 0x001e4e80 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.02 | None |
| RT_ICON | 0x001e5728 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.67 | None |
| RT_ICON | 0x001e5c90 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.84 | None |
| RT_DIALOG | 0x001e60f8 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | None |
| RT_DIALOG | 0x001e6218 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.68 | None |
| RT_DIALOG | 0x001e6418 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.91 | None |
| RT_DIALOG | 0x001e6510 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.93 | None |
| RT_DIALOG | 0x001e6600 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.84 | None |
| RT_DIALOG | 0x001e6720 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x001e6920 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_DIALOG | 0x001e6a18 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | None |
| RT_DIALOG | 0x001e6b08 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.84 | None |
| RT_DIALOG | 0x001e6c28 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x001e6e28 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_DIALOG | 0x001e6f20 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | None |
| RT_DIALOG | 0x001e7010 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.84 | None |
| RT_DIALOG | 0x001e7130 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x001e7330 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_DIALOG | 0x001e7428 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | None |
| RT_DIALOG | 0x001e7518 | 0x00000118 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.65 | None |
| RT_DIALOG | 0x001e7630 | 0x000001f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.73 | None |
| RT_DIALOG | 0x001e7828 | 0x000000f0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.05 | None |
| RT_DIALOG | 0x001e7918 | 0x000000e6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.13 | None |
| RT_DIALOG | 0x001e7a00 | 0x0000010c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.48 | None |
| RT_DIALOG | 0x001e7b10 | 0x000001ec | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.62 | None |
| RT_DIALOG | 0x001e7d00 | 0x000000e4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.86 | None |
| RT_DIALOG | 0x001e7de8 | 0x000000da | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x001e7ec8 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.84 | None |
| RT_DIALOG | 0x001e7fe8 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x001e81e8 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_DIALOG | 0x001e82e0 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | None |
| RT_DIALOG | 0x001e83d0 | 0x0000010c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.48 | None |
| RT_DIALOG | 0x001e84e0 | 0x000001ec | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.63 | None |
| RT_DIALOG | 0x001e86d0 | 0x000000e4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.87 | None |
| RT_DIALOG | 0x001e87b8 | 0x000000da | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x001e8898 | 0x00000110 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.58 | None |
| RT_DIALOG | 0x001e89a8 | 0x000001f0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.68 | None |
| RT_DIALOG | 0x001e8b98 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.97 | None |
| RT_DIALOG | 0x001e8c80 | 0x000000de | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_DIALOG | 0x001e8d60 | 0x00000130 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.63 | None |
| RT_DIALOG | 0x001e8e90 | 0x00000210 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.73 | None |
| RT_DIALOG | 0x001e90a0 | 0x00000108 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.94 | None |
| RT_DIALOG | 0x001e91a8 | 0x000000fe | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x001e92a8 | 0x00000114 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.76 | None |
| RT_DIALOG | 0x001e93c0 | 0x000001f4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.90 | None |
| RT_DIALOG | 0x001e95b8 | 0x000000ec | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.03 | None |
| RT_DIALOG | 0x001e96a8 | 0x000000e2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.06 | None |
| RT_GROUP_ICON | 0x001e9790 | 0x00000076 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | None |
| RT_VERSION | 0x001e9808 | 0x00000590 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.42 | None |
| RT_MANIFEST | 0x001e9d98 | 0x000004e1 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.29 | None |
Imports
| Name | Address |
|---|---|
| RegCreateKeyExW | 0x408000 |
| RegEnumKeyW | 0x408004 |
| RegQueryValueExW | 0x408008 |
| RegSetValueExW | 0x40800c |
| RegCloseKey | 0x408010 |
| RegDeleteValueW | 0x408014 |
| RegDeleteKeyW | 0x408018 |
| AdjustTokenPrivileges | 0x40801c |
| LookupPrivilegeValueW | 0x408020 |
| OpenProcessToken | 0x408024 |
| SetFileSecurityW | 0x408028 |
| RegOpenKeyExW | 0x40802c |
| RegEnumValueW | 0x408030 |
| Name | Address |
|---|---|
| SHGetSpecialFolderLocation | 0x408178 |
| SHFileOperationW | 0x40817c |
| SHBrowseForFolderW | 0x408180 |
| SHGetPathFromIDListW | 0x408184 |
| ShellExecuteExW | 0x408188 |
| SHGetFileInfoW | 0x40818c |
| Name | Address |
|---|---|
| OleInitialize | 0x408298 |
| OleUninitialize | 0x40829c |
| CoCreateInstance | 0x4082a0 |
| IIDFromString | 0x4082a4 |
| CoTaskMemFree | 0x4082a8 |
| Name | Address |
|---|---|
| ImageList_Create | 0x40803c |
| ImageList_Destroy | 0x408040 |
| ImageList_AddMasked | 0x408044 |
| Name | Address |
|---|---|
| SetBkMode | 0x40804c |
| SetBkColor | 0x408050 |
| GetDeviceCaps | 0x408054 |
| CreateFontIndirectW | 0x408058 |
| CreateBrushIndirect | 0x40805c |
| DeleteObject | 0x408060 |
| SetTextColor | 0x408064 |
| SelectObject | 0x408068 |
Usage
Processing ( 35.90 seconds )
- 32.5 ProcessMemory
- 3.208 CAPE
- 0.182 BehaviorAnalysis
- 0.008 AnalysisInfo
- 0.001 Debug
Signatures ( 0.07 seconds )
- 0.008 ransomware_files
- 0.007 antiav_detectreg
- 0.006 antianalysis_detectfile
- 0.005 ransomware_extensions
- 0.003 antiav_detectfile
- 0.003 infostealer_ftp
- 0.003 territorial_disputes_sigs
- 0.003 ursnif_behavior
- 0.002 antianalysis_detectreg
- 0.002 infostealer_bitcoin
- 0.002 infostealer_im
- 0.002 infostealer_mail
- 0.002 poullight_files
- 0.002 masquerade_process_name
- 0.001 bot_drive
- 0.001 antidebug_devices
- 0.001 antivm_parallels_keys
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.13 seconds )
- 0.117 CAPASummary
- 0.009 JsonDump
Signatures
Queries the keyboard layout
Enumerates running processes
process: System with pid 4
process: Registry with pid 92
process: smss.exe with pid 384
process: csrss.exe with pid 476
process: wininit.exe with pid 552
process: services.exe with pid 656
process: lsass.exe with pid 696
process: fontdrvhost.exe with pid 784
process: svchost.exe with pid 808
process: svchost.exe with pid 924
process: svchost.exe with pid 976
process: svchost.exe with pid 1036
process: svchost.exe with pid 1108
process: svchost.exe with pid 1116
process: svchost.exe with pid 1204
process: svchost.exe with pid 1240
process: svchost.exe with pid 1296
process: svchost.exe with pid 1348
process: svchost.exe with pid 1392
process: svchost.exe with pid 1428
process: svchost.exe with pid 1452
process: svchost.exe with pid 1544
process: svchost.exe with pid 1552
process: svchost.exe with pid 1676
process: svchost.exe with pid 1756
process: svchost.exe with pid 1772
process: svchost.exe with pid 1788
process: Memory Compression with pid 1844
process: svchost.exe with pid 1864
process: svchost.exe with pid 1940
process: svchost.exe with pid 1964
process: svchost.exe with pid 1976
process: svchost.exe with pid 1364
process: svchost.exe with pid 2024
process: svchost.exe with pid 1692
process: svchost.exe with pid 2116
process: svchost.exe with pid 2128
process: svchost.exe with pid 2136
process: svchost.exe with pid 2144
process: svchost.exe with pid 2252
process: spoolsv.exe with pid 2340
process: svchost.exe with pid 2384
process: svchost.exe with pid 2416
process: svchost.exe with pid 2568
process: svchost.exe with pid 2580
process: svchost.exe with pid 2596
process: svchost.exe with pid 2608
process: svchost.exe with pid 2640
process: svchost.exe with pid 2736
process: svchost.exe with pid 2756
process: svchost.exe with pid 2764
process: MsMpEng.exe with pid 2772
process: svchost.exe with pid 2800
process: svchost.exe with pid 2852
process: svchost.exe with pid 3136
process: svchost.exe with pid 3772
process: svchost.exe with pid 3912
process: MicrosoftEdgeUpdate.exe with pid 3080
process: svchost.exe with pid 64
process: svchost.exe with pid 820
process: svchost.exe with pid 3692
process: SearchIndexer.exe with pid 5088
process: svchost.exe with pid 5940
process: svchost.exe with pid 6084
process: svchost.exe with pid 6092
process: svchost.exe with pid 5208
process: svchost.exe with pid 3440
process: dasHost.exe with pid 4544
process: svchost.exe with pid 4576
process: SecurityHealthService.exe with pid 4392
process: NisSrv.exe with pid 5416
process: svchost.exe with pid 6748
process: svchost.exe with pid 7040
process: svchost.exe with pid 6580
process: SgrmBroker.exe with pid 1796
process: svchost.exe with pid 6248
process: svchost.exe with pid 572
process: svchost.exe with pid 3184
process: svchost.exe with pid 3180
process: svchost.exe with pid 5236
process: svchost.exe with pid 1572
process: svchost.exe with pid 5020
process: csrss.exe with pid 6676
process: winlogon.exe with pid 780
process: fontdrvhost.exe with pid 4680
process: dwm.exe with pid 3860
process: sihost.exe with pid 2360
process: svchost.exe with pid 2216
process: svchost.exe with pid 6832
process: svchost.exe with pid 5524
process: taskhostw.exe with pid 7156
process: explorer.exe with pid 640
process: svchost.exe with pid 4968
process: StartMenuExperienceHost.exe with pid 4628
process: RuntimeBroker.exe with pid 6224
process: SearchApp.exe with pid 2060
process: RuntimeBroker.exe with pid 2732
process: SearchApp.exe with pid 952
process: ctfmon.exe with pid 5664
process: SkypeBackgroundHost.exe with pid 648
process: TextInputHost.exe with pid 676
process: smartscreen.exe with pid 5572
process: RuntimeBroker.exe with pid 6932
process: SecurityHealthSystray.exe with pid 5404
process: OneDrive.exe with pid 4508
process: SystemSettings.exe with pid 5096
process: ApplicationFrameHost.exe with pid 4160
process: UserOOBEBroker.exe with pid 5852
process: audiodg.exe with pid 5596
process: dllhost.exe with pid 1856
process: svchost.exe with pid 1632
process: ShellExperienceHost.exe with pid 5964
process: RuntimeBroker.exe with pid 6872
process: conhost.exe with pid 2892
process: upfc.exe with pid 2032
process: svchost.exe with pid 2680
process: backgroundTaskHost.exe with pid 3116
process: TrustedInstaller.exe with pid 1952
process: CompatTelRunner.exe with pid 7128
process: TiWorker.exe with pid 5924
process: MoUsoCoreWorker.exe with pid 2204
process: conhost.exe with pid 5500
process: sppsvc.exe with pid 3028
process: svchost.exe with pid 2188
process: SppExtComObj.Exe with pid 6808
process: RuntimeBroker.exe with pid 4316
process: RuntimeBroker.exe with pid 6920
process: svchost.exe with pid 8
process: svchost.exe with pid 1324
process: JPEGViewPortable_1.0.exe with pid 672
Reads data out of its own binary image
self_read: process: JPEGViewPortable_1.0.exe, pid: 672, offset: 0x00000000, length: 0x001639b5
self_read: process: JPEGViewPortable_1.0.exe, pid: 672, offset: 0x30785c5a6331785c, length: 0x00004000
self_read: process: JPEGViewPortable_1.0.exe, pid: 672, offset: 0x31785c393562785c, length: 0x00000004
self_read: process: JPEGViewPortable_1.0.exe, pid: 672, offset: 0x6139785c6331785c, length: 0x00014000
self_read: process: JPEGViewPortable_1.0.exe, pid: 672, offset: 0x6164785c6331785c, length: 0x0000c000
The binary likely contains encrypted or compressed data
section: {'name': '.rsrc', 'raw_address': '0x00008600', 'virtual_address': '0x001cd000', 'virtual_size': '0x0001d280', 'size_of_data': '0x0001d400', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x40000040', 'entropy': '7.16'}
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 672 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
C:\Windows\System32\kernel.appcore.dll
\Device\CNG
\??\MountPointManager
C:\Users\Packager\AppData\Local\Temp\
C:\Users\Packager\AppData\Local\Temp
C:\Users\Packager\AppData\Local\Temp\nsw5DF2.tmp
C:\Users\Packager\AppData\Local\Temp\JPEGViewPortable_1.0.exe
C:\Users\Packager\AppData\Local\Temp\nsr5E70.tmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp
C:\Users
C:\Users\Packager
C:\Users\Packager\AppData
C:\Users\Packager\AppData\Local
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\LangDLL.dll
C:\Users\Packager\AppData\Local\Temp\JPEGViewPortable_1.0.exe.Local\
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Windows\System32\UXTHEME.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\TextShaping.dll
C:\Users\Packager\PortableApps\*.*
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\System.dll
C:\PortableApps
C:\Windows\System32\en-US\USER32.dll.mui
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\nsDialogs.dll
C:\Windows\System32\shell32.dll
C:\Windows\System32\imageres.dll
C:\Windows\SystemResources\imageres.dll.mun
\Device\CNG
\??\MountPointManager
C:\Users\Packager\AppData\Local\Temp\
C:\Users\Packager\AppData\Local\Temp
C:\Users\Packager\AppData\Local\Temp\nsw5DF2.tmp
C:\Users\Packager\AppData\Local\Temp\JPEGViewPortable_1.0.exe
C:\Users\Packager\AppData\Local\Temp\nsr5E70.tmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp
C:\Users
C:\Users\Packager
C:\Users\Packager\AppData
C:\Users\Packager\AppData\Local
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\LangDLL.dll
C:\Users\Packager\AppData\Local\Temp\JPEGViewPortable_1.0.exe.Local\
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Windows\System32\UXTHEME.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\TextShaping.dll
C:\Users\Packager\PortableApps\*.*
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\System.dll
C:\PortableApps
C:\Windows\System32\en-US\USER32.dll.mui
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\nsDialogs.dll
C:\Windows\System32\shell32.dll
C:\Windows\System32\imageres.dll
C:\Windows\SystemResources\imageres.dll.mun
C:\Users\Packager\AppData\Local\Temp\nsr5E70.tmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\LangDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\System.dll
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\nsDialogs.dll
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\LangDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\System.dll
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp\nsDialogs.dll
C:\Users\Packager\AppData\Local\Temp\nsw5DF2.tmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp
C:\Users\Packager\AppData\Local\Temp\nsm5EEE.tmp
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\JPEGViewPortable_1.0.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\JPEGViewPortable_1.0.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
Local\SM0:672:168:WilStaging_02
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
DefaultTabtip-MainUI
Local\SM0:672:64:WilError_03
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
DefaultTabtip-MainUI
Local\SM0:672:64:WilError_03
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.
Sorry! No process dumps.