Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-11 16:00:53 | 2025-06-11 16:32:05 | 1872 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,303 [root] INFO: Date set to: 20250611T16:00:53, timeout set to: 1800 2025-06-11 17:00:53,666 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8 2025-06-11 17:00:53,666 [root] DEBUG: Storing results at: C:\SbKWKlSV 2025-06-11 17:00:53,666 [root] DEBUG: Pipe server name: \\.\PIPE\OVRmkbV 2025-06-11 17:00:53,666 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 17:00:53,666 [root] INFO: analysis running as an admin 2025-06-11 17:00:53,682 [root] INFO: analysis package specified: "exe" 2025-06-11 17:00:53,682 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 17:00:54,104 [root] DEBUG: imported analysis package "exe" 2025-06-11 17:00:54,120 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 17:00:54,120 [lib.common.common] INFO: wrapping 2025-06-11 17:00:54,120 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 17:00:54,120 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\TCPViewPortable_4.17.exe 2025-06-11 17:00:54,120 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 17:00:54,120 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 17:00:54,120 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 17:00:54,120 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 17:00:54,401 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 17:00:54,479 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 17:00:54,510 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 17:00:54,526 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 17:00:54,542 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 17:00:54,542 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 17:00:54,542 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 17:00:54,542 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 17:00:54,542 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 17:00:54,542 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 17:00:54,542 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 17:00:54,542 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 17:00:54,542 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 17:00:54,542 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 17:00:54,542 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 17:00:54,542 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 17:00:54,542 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 17:00:54,542 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 17:01:16,979 [modules.auxiliary.digisig] DEBUG: File has a valid signature 2025-06-11 17:01:16,995 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 17:01:16,995 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 17:01:16,995 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 17:01:16,995 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 17:01:16,995 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 17:01:16,995 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 17:01:16,995 [modules.auxiliary.disguise] INFO: Disguising GUID to 263724cb-a029-4616-878c-0cf244988355 2025-06-11 17:01:16,995 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 17:01:16,995 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 17:01:16,995 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 17:01:16,995 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 17:01:16,995 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 17:01:16,995 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 17:01:16,995 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 17:01:16,995 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 17:01:16,995 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 17:01:16,995 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 17:01:17,010 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 17:01:17,010 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 17:01:17,010 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 17:01:17,010 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 17:01:17,010 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 17:01:17,010 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 17:01:17,010 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 17:01:17,026 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini 2025-06-11 17:01:18,041 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 17:01:18,041 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 17:01:18,041 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 17:01:18,041 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 17:01:18,041 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 17:01:18,041 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 17:01:18,041 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\eJXvNnhR.dll, loader C:\tmp_gell1p8\bin\IytHUKoC.exe 2025-06-11 17:01:18,120 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 17:01:18,120 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\eJXvNnhR.dll. 2025-06-11 17:01:18,135 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 17:01:18,135 [root] INFO: Disabling sleep skipping. 2025-06-11 17:01:18,135 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 17:01:18,135 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 17:01:18,135 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 17:01:18,135 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 17:01:18,135 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 17:01:18,135 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 17:01:18,151 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 17:01:18,166 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 17:01:18,166 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF822E30000, thread 4016, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000 2025-06-11 17:01:18,166 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 17:01:18,182 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 17:01:18,182 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 17:01:18,182 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\eJXvNnhR.dll. 2025-06-11 17:01:18,182 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06- <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-11 16:00:53 | 2025-06-11 16:31:46 | none |
File Details
| File Name |
TCPViewPortable_4.17.exe
|
|---|---|
| File Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| File Size | 976376 bytes |
| MD5 | cd89bad53004c1e2634c7e9310336df2 |
| SHA1 | f15c76dfaaa654e53d0164f8e51ce333cd0485c3 |
| SHA256 | a09b8d56c2a8c50d4007296821eca42edc23c8a70c868762abff11d4668ac1bd [VT] [MWDB] [Bazaar] |
| SHA3-384 | 0c79d105b6dd3e553dbea685d18fae2c1d30300a79c8c3a350e9b0a6c66dfbf5bb9dcf5721309875cf6d47b9c9a1fdeb |
| CRC32 | E4C8D406 |
| TLSH | T1FF253359EAE4C477DD63063101B786E6AEF97A3901E42E0363817BB96E36341C21CF5B |
| Ssdeep | 24576:pT5L9DVHxzntmwM2wanNwijx3mM2SoKOo60SDdCq6nq:tR9rtvM23naGtmj/fIyCqP |
| PE | File Strings BinGraph Vba2Graph VirusTotal |
C?kUD~
rs[^.61-
!AQ5W
`t7=R~
C~ 9o'
DscyrMhjK1=
rgX@{
qEmfRv
*Rf{K
@.data
H."ir
Rare Ideas, LLC1
(>)"I
SelectObject
%USERTrust RSA Certification Authority
f'J*q
d_[6vc)
Lob!b
q}lhg8
8HQ*O
-q^2E
NG@)0
QQoMhi
g^u'r
:,Y`p
`|5i{{
/.Ka6
O(o1t
%r62n
-/}jH
PortableApps.comDownloadFileName
-SmG;
RiN~Q
*>9R}
.BK\G
I2PD)
36p6:>y
UQ;b`
"qzd^R
O{)E@
Y%9j4
^HESP
Comodo CA Limited1!0
7'M=F
%4jnScc
5VqXZ
_--mZ
CLBCATQ
Cu(jF
};N^J
;jKoo0
Z6~Q
T}%@j
;s<8B
D{{9~
N/23IT
m[aYW;dr9
F"Z{K@
$dP)W
)l*\+
K_b!xYm
zm+BZ
qIhA/^vJ%
bEh$X
ds.g)7
q{J:U
)GD,3
LXAa.
)uDEX
&u|F#Y
GlZ5xC
j3<1A
hYU[[
cwlfoUG
ZM9y<H
<Uu[PZFt
]8{`h
qsURJ
F))}#M
H|wS."
$d>%)
qx[)B
/VrRk
ojNey
1}sSv{W
6#Zh|
(}+<og
9{JrB
ss.(8
hF.RX
/_AHD
8http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
%i;/d.J4
=/"\:
k!G-=
q1p],
CreateWindowExW
*5Y7;
lk>vq
#hOz{
WritePrivateProfileStringW
i70.;
??i+-
EndDialog
(T5s;
ctsOE
2U"znt
7?*%5^
SetCursor
RegSetValueExW
J|)PJ
ZL$&a
*0>i&
Q\K:6D+-
W97u]
7L#i:F
*,Va37o
~',ik
AwQo:
+vl#h%f
210525000000Z
FN^][
amTwW
)X[Qz
EA3VA
z!=w;
&h2^%
`kq1ZIK
y1;8\
USERENV
?ga&|
FQM68
CreateBrushIndirect
x4EJo
l"U=1
V%xaHO#
IW'gh
yg~%t(R
%'Sf6
y$Xf$
!6?.k
New York1
P*r~e
=^SM9Pn=
"P*D?
tL[E$1
5iG+%T
Da5V} #
{<O 9
}_T_4!b
B-o@mm=
w<Gz@w
%DpM/z
*w9|b
`=6ygK
3TgUL|
QGjf*
<_*S]:
63on0
i|tY(
040904b0
aq4j"K`
;>_.p
SetDefaultDllDirectories
2EB='n
G<s=j
uG.vz
a{yN|
M^/R4
)$q+^
2CH0h
{r4n?
(]RF*\
pOiT7
`@y%8
)4-1+
LoadLibraryExW
bN^r:
J4F(Aq
B?I;@;0
&H!Ww
:7?o
22Il*+X
'yN{1
%ls=%ls
^:fi_{
V['KI=LTya]Z
Y&^@
t4W0n_
k |*2
$03C5
p}I+^
yQ3=G
o{~Q/`
-(5f-
C0A05
&5(9 E
QlI{#
60_+d
|Ph"#
j Zf;
w p<h
@XU)V
MrXt/n
Ig-[/
41#Ue
f1Rm?
]PZZJ
x#uC.J}
#{qGl
fKiC0
jPOPLXmjVKKWMEA'n
|FO{q]+
d|~O%
jj_ML
TxUN
~$*Pq
r~o5=
MN[5;5
2pEsi7
SysListView32
\"w!m
r ~r5#s
_i)5{
6p,Q7hxz~
92W<V
*zsUb
fO> %O
]o6<G
lSh=y
4VIO'
F3g*e6>G
,E$|X_
sxagD
k(7;/
kVDZ+
nb+>}p
uKe]v
lJpc_
B[C(RA
i`3v1
}\gPf
sCN[O
x8ry6PK
mm6.y
{(T9%v
%u.%u%s%s
\^Oee
f||v&
{X7.C/
]2](L
Xj3h}
Qw!ta
FxZ7N[
TQ']\
W;tyE(
Ln2<3{
`M|Xp
USPK.
6KDgJ|w
@d`zD-22%
sb&;d
W!-(Z
nEBr!
J?s~)M
s|s#v
T0/~Aw
1}*xL
29T+m
:2NL1
j?)&b
bx.%)nR
[}GFL!L
1oo#,
?;A>#
:JuN:p
5PVQR7
verifying installer: %d%%
@"G;f>
mUt(`
,!JnE
&CeAw
7g!'S
kt}H%
bd_\(
lQss#
Sectigo RSA Time Stamping CA0
r*/{`
x6Z<
sG6+]4:
Lg>X`e
ikt`Je
ub0-!
BO`+ey
FillRect
8ngk-
87{q0zk
=~|+n
f/9/+|'
s`}<R
6~r}j
EdhGS`
awGeSJ|
unpacking data: %d%%
1-W%m
e$6^E~
F{$mp
gz_sa
abk(I
/CkVx
M)F\+
'>Hi*
%U5%MI
;I|x!
WqexV
S&FJQ
S$cJKe
BHTD2
e+"sM
V")KW+
PortableApps.comDownloadName
b/]<=
pm^}A
D.b0/0Cn
[Fpct
rH(+)
YCo0@
Ab9AM'
U/g)$
BH0hPS
#1#;[
MDd[3
http://download.sysinternals.com/files/TCPView.zip
RVK5t
NN6joz&
Amz w
V`Gr
Q[,.Kc
c}$F[
k.-&0LX
ZkFcX%
nk$'5;x
]187n8
H+Z<E
SHFileOperationW
}!4F]
u_>*-
)TbRP
5lqR~[
FKGp"
MoveFileExW
E.#7m
>WlG?
uZO\2
_.{ZB
<61W:=l
4:F6f-
EH`Gq
19-BJ
gW%N,
,$6CkI
a`&i9
Q6,*M
m(m`~
;EyNS
Psn+d
Sectigo Limited1+0)
NyDjFBX]
yM^ZF:
z\ywP
&@+\"
N3nN_.5
W; eS
X_8nO
vlFj~
b(GbY
W}gJoeQ/U
&XR%#
pD?>A="
"G1]V
w].)`VA
l}V!c
.VC 7p
c3ya{rAW
4VlQh.
UBst>
oh+.U
iYh9
W,x:%
bS@ <C
Q"c4O
[_F-b
B!@3_.
cF*~D
.<C"\
^sy=u
)MRXD%
t/^z^a
rQy4@
6fTAL K
w44:P
RD6vr/
kbg =
4A52[
o@G_8<
F0A7i*N
I(u\/
-k ]o+v(
eZKz=
0RuW<
c~E6()
)c!C?
\vY}d
Z\sr;
c d,'
(NDAp
CoCreateInstance
Q`TYta
AZPD1
$^C_ 1j
-e'cb
GetCommandLineW
@]V&k
1QF!O
vL>Iv
X`x(6f[
7\IE,)
K(iuE
>p^S"d{946
S~1=h
'!;"00
1w\H"
~}W%t
tIS&kh
K&<D7
0XY6O
k4s}J6
V'\cp
!7,kO
+aSW;
NullsoftInst
`LfH
ZgGN{
OcHB5`
\bvv]zz`
f-OXu
_6Ojchp
GetFileAttributesW
Pr7P~
"Si~g
PO[/H-
^@jEx(
ja+mW
\Temp
Nk`Mv
PortableApps.com
T}{[;
||e*a
wvprx
'N`vF
CompareFileTime
Z0f3p
QvVb8
.=@"y
RMMRIB6
67*m,
![3#ES
G-kg[
2XEzQ
)]#QYe
I0G0E
>b)Hy*"
Auo,D
Jp hv
qQ7_31
Rw77JR
ZLvG^
h`+g4!
c.&ZC08x
5i%cep
gE}R(
](1'b
yizkB]F
http://ocsp.usertrust.com0
MBbz&Db
dEQ(F
8UyjEU'
cL(/y
&gKh
^99D=
]24#_!
DispatchMessageW
}.5KC
yF~'}i
cwoh{_d
p7LIsQ
:y'h$
$Z-Yr
Fi2Jm
201023000000Z
4iV=mWd
Z45\/
@G ["
KLumhj
|rR0\7+
ATiG]
eU@&O
ketEPI!y
7)o5f
YL}vP
e-4T_0TB
dx}]q
4!hBJ
#IR_"
X\{Hg
#H xS
CreatePopupMenu
-gs(\
FileDescription
Co,s+
mc:*j
Aln;^
KJ\"?
-^/$yK
-2|Y`
C=zN1`
U7W5+
%OgE_Z
aJjio
d-d|/K
XEbfPT
:`DD]
#2R-X
Nz-1B-
a=VSb
[70~)
VBt8K
;!q%y
$P|.'
>1iT=TkD~
|77:f
j'_FtYDk
$H@]/#
'n,5H
E/t-&
1e~`sS
Yi2AL
UMc*z
zX.%8
b0\Lz
am@G*0+P
X}>t'[
_.JH"
$Rw|QX%
BeginPaint
N<Xae
mGe1!
I&?)>
{e}P>
Po|#m`;
u\F0A
jZ5N(
CNRr
*/RM{
zEzuj
o`zK`
u,T~0d
1QHez
?%$!|
+dBKL
hGC2WT
~ZeYw2 J
[0[ q
DkF?
<@5I.*{
.~bUA _pP
{Blpe1g
:0my18
WefaE
G/Cr?)
[Tk%^
4D%OB
;X>-[
#`c={
lstrcpyA
O`4%I
Vx*Z"
<eQFhd
.i,eo
r<()C
SetWindowLongW
lPJu^_l?
AdjustTokenPrivileges
@T/^S
J:j3O
}7bEQ
lSOH3h
GetFileVersionInfoSizeW
AQtq/
s(m*\
"qn~h
egm(`
N($%3l
g7{y=R,
67eD}P
>pzyl
MG>BJI]
2 r(s#
rv |b0
*?|<>/":
=`+x~!
Cl_%?[%
P"{&_k~
5Z]-K
.HP(C9S
Ot6uyS
ING},
${)*p
[*"ZX;
o;S={f
;&mxjR
Hq57/
s`%+&
"Ie'k
&x DI
}F/@n_
(F#'=3
]j *(
JEr>+
zD~Mz
:!SO"&5
{LDu.0:d>P5/
!`Rb`
=v}:9-
4qtL9Sl
>*h*&
Ed`!z
GT,c}K
s>S<W
I2EiH
}klC}
;c@C>
n^h<4
AC9Aq1
C^Jee
olw'z
K?{:As
<<}YHO
l%G,U
Xe2ii7\`R
*UI|Uj
Gls60
7CTx_hz
[cY:c
h7mH>
jgOOY
P6zU;L
gx7+JG0
<~IvLc
GetSysColor
\0z82*ZUmhS
CharPrevW
m#bn(
K8%AG
c`D,^WHBz
[x>M(
{LqmabeA
}1pjK
f- Kv-
bTzT]
tyUIH
HUI 39
{<8 ^AO
Greater Manchester1
yB!@Ov
bD,p_J
|3dYv
]'/4wA
hpq7_
0TEb?
C,Nb>
InitiateShutdownW
h5@/_
x&h2g
U$9J-C
j=SZN
u22J{#B\
.yzH^u
ztef'0i
V'T~K
fid-"
HcC6t_
`5!FU
M=e,Q
t|j~N
N=8z%M
bp$x|
k^R"-
^9S\E
+&8E`
ytAOmTs
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.08</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
d-fToK
Diz!7
3)C4AO
jmADkb
$U9.n
U?M5:_
7Esca
` zL$*mY*
lW:vk
, '-c&
VUX-A
[+*&B
\C]e.
,LC$g
rPLs(BB
+5:-gg)J
)-n>!
{Tqx{
D/!w@
KC<mI
?Q[ph
BBL#%9
I',CQ
GGg]OQ{
nw}j6cX5q
ug9va.
9p,rh
1rg^Q3
ao?7x
&>aIZ
CNeQ4W
Yg|X/
'u+L0
|_8u8
6L-Iwv
9LM<3)
$J_FY$
&8xV!
b*mv!
tcsgx?
C`[MD
a$2f3Su
hd. ;wl
>VnZ0
SHELL32
1<{7j)
1A~BK"
sBGq!
E"GC}2Q
D~a(3
CsX>u
~(#-m<
+QEpZ'
Tb'$~S
l!P'3
p\(E.8<
nVp#/w
pf!wD
VAQ4:2S6
GetModuleHandleA
Gs%@{
g 3=w
%YYJTF|
!0Q7L
zS{ I$?p
3W9K2
ZZ\n-
.i&KM
1ucp[s=4
z_DL0@
.I|vp@
-b"a0
QLpnW
*qO<q
EFMcxG
SetFileAttributesW
DZ<FT
7E]>q
[i* s
SetDlgItemTextW
j,v6|
WN'KX
eW$.y
Crtm]pvf
\GOGmW-
'U{_gH
V#nB]
;C[)7
zV u+
13nL05n
Q6sL|
V5Z|)/
ly!Xa:
RB52!
*MstiS
CZza&
'u4]\1
GetModuleHandleW
qPf$v
zsOd+-
[C]e=P
u}}QX]
{~<nW
B)lOS
OQ+o#
H8|^K
8oK40
^t`*!
Rf\Hg
&mg?0
z7px<
.gkjf
1:Rp\[
Bn<Ec
;$D|tn
.rsrc
BZc?m
:'Y`q,
oLnv]
qMo'T
!2@|9r
E}art
9s`U0
$)oeYG<
od&9.
"'f/EH
Dr a?
m1?u>
:]@i"
~_y/(UH
m,Z"J
FfYK(
@ATTm
wx<*2P,<!rP
--Gd7O
i6t/x
q5o~%;
W+iSP<
+~=D6f
[@i Ue
E!Q=;
Ji-(Z
8'> +
\R\ppn u
z(xwQ)Xy
OriginalFilename
5On6C
)A|Po
]]kK)
eiURj
c,5B!mq
:Y:zH
8~~1j
ZM 6Z
JSvRN
ib}sM
X{P"Kp
HkKoM
R=Mlz
h'hDm
}h*V[
gnb>I
\)s|QGi
wqLMl
5^g%@
}ov\g
MqT~x^^c
\<?6zt
bE(kbIx8
L1*-_
OY6`'
0B>i#R
y}Qin
t&?/G
5v?CC
F)q|@
(<Pjk
QHSS}
Ml0nG
Et7l~
&w]i|
p\cOdK!1
k}O9M
yt~xA
Z<(72
og*?U
Df|m
[xBP\
^ZFM-
tFkG5
9m4\c
&su5#,
IDBD $DQ47
CI|:4%
vg;'G
r!J-{
V5x!4R
hULw+9
)Z$~E
R)c.l
u_bSPqvM
#bji*|p
KwldiUM+y
h>tv/
X!2S*p(v9
GetFullPathNameW
PortableApps.comDownloadURL
l^Z~Db
,@RvQ
3&yDTY
]0/Oc
iWsC=
EnableWindow
Yx4|y
U%RW?
rjF"{
[d061
\Microsoft\Internet Explorer\Quick Launch
HGn&C0
BD|LRS
v)v1}
oN<{O.
@Bq1e
c`?7$
?:b"Bn
4|UfE
#q93l
;:ihd
@b1%|
k&3:8
F>zuR6
nfN9,+
CloseHandle
pb}V]^
oQ2vL
~UWyN[o#|
D"QA2
!;p,M
)VT^}A
WZsMh
#Sectigo RSA Time Stamping Signer #20
!:5<~35\
zoQsS
Xd]}c;
t#KTq
2Uy1w
BMZDm
"iqE/
?LHFxE
]!>DA
p*r[s
5`G2p
(1\jV=
HLvTe}O
SFjCw
3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
~]4EJ$
HMc,V
F!"Gu:
XpVmC
o@sGq
Io,nu$!
&bL'r
^c!tl
9:t78\a
>]RC@
t#SSS
C}6R0
<3gi?
b,f"e3Z
I|eZ;%
]y.|u
d=<T0
"fJj.
RegEnumValueW
w^}CB>
je"|[dk<
Jcxi'.(
$u>tb
dA<M2B
SeShutdownPrivilege
r=w[b
PortableApps.comDownloadKnockURL
3c883a624409f03cb1f35b8a6d4e39ae
nyf<|
*x.ja
gJT7y
<:;t54]
0:p=:M4
2QpM#
xZgKhX6
5)I%r3
>&=>6_
wl0g|
1)ygJr
wO++0,Ls
zd;@qc
TCPViewPortable
#9:@O
g#l|C
P68,=
(dw?#
X~_ @R
aMKS)
Hf$~*
NSIS Error
TU]USQY
".cZS
OFZ-dno
fu-QM
i:lQA]kF
CharNextW
e~#0'H5x3BY
/:H50D
h/I\AGHz
=Qb6G
0JTx:,YG
KV`|N
s%8:e^
]OL/x
j0h0?
Blg+3
-*tgU
9}=m8
3*Pc[3
2"a21
&.3Y-
Y]-n-)O
_nq`EE
^/Cw{
'Uj_tn
l\U6{
*X#QF
;#wH|
B-3wo
Z PTC
v+:jW
"!7j A
>p;x\4
.text
4Dj8N
h0%( Nd B
Q%mWu/
*yW81
rTNuD
TlAhZ
>zoaQ
['AUA6I
lstrcpynW
?~BfW
n+TB\%
_>`Kj
?+Zy1
Pvz &
3^L ]x
HARR|l
VsBk.
m^p,u
CRMde
r([^}
Wq\Md
sgwdo
P{nlmP
V86Cf
Q2hLK
qN&$
b2f\X
4\-tJ
Y+}:V
8hE/T
-ChuF
SetWindowPos
00,m#\
"-e\K^
};1|rgL
*DzYC
#sAF#
k|U%{
y/" y
Hj]7N
GetDlgItemTextW
sc\yu
aYNde^RgHB6
V}>E8
}4Uh&
pa|;cL
;?~LIK
A0#T"
f6_Zu
EPf6A
S\dLzp
=0;09
]3m4On
S&C+?=0
{!e"lY
E<9WH
4.17.0.0
=|ScBZ-
ej"x|
8]0zgq
>O`Wt,0k
yO*J
UtGTd
>5L<o
*KS`+
Lv@!&
!(CGl^
_z,9=}
`pws7|
,?AMb
r@5/"
&8;qr
TdBeI2
rB>=B
fq5oS4
{;TL}
j.N:H
AGs0I
D}_~8<
0]:3Jb
uD>;`
#'%4]eH1
m_bV8
xl_V=
JK{mg
0[Z;$J
{{]q\
xfA#p
V/fnF
.?{k}
a#%[C
J$!]I
qW[/t50
^2A{!
<[Z+/
^7DO>
x]X31
0p.s=a
}Z$\x
^j\PN
@_^[]
sp7)(
%t+]'
m+Bgh
M-iOO
Or! {wx
ak`-C
}+~a
j(2Wv
v'f"D
_yP|C
$[qvs
@.+1(
a&>-N7
$d{j7
V'VBi
v$D.E
,bPk_
tWf="
%y?^n
M7wdSY
k>c\67(
s}J77
mVyEZ^
H.8"n
!iy(|
7T,~R
20MQM
:SaSdp40
pUP9(W
3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
-Yjp&e
kWUPnm
,34Z+
D?<JSRj
\.]'M
z*AI+I
C;Ondc
(*^cCCk
N,K;;z
tjfso
COMCTL32.dll
>FFf;
@SvYW
VC}{_
4aCUS
Vq3q>
"k{%!
I{&Cq
J[I#
ExJ_PP
niM48KWREBm
V,jj)
PortableApps.comInstallerVersion
#.`,G
pI=Uk
5.78M
eE(oE
v#(#7
**.HP
P*1^$
)2&M/
hCEF+q0'>
MessageBoxIndirectW
?:.O[TH
^Xrf_
=V*3
=or?7
VhD;0
~m &Z
&4/qg
v-&G.x/
9}+>&}
^I 5t
e+aIw
6VB12
O=4e)
Xes5yDJC|
vO*+P
}Di'w
_%2`r
>ig8`
GP.(}
w)hW
Q!DoQ
("Z\&
tr`b9
,gGu|
More information at:
'KEmn
jdr1r
jR[0jL
@_v"I
220224161447Z0?
p0}$1
/1ZGi
RemoveDirectoryW
+a~l%0k
$ 6@`
b5))_>)
DeleteObject
x`!!fqT
eK)ef
KE7oB'
1S?b8'~e
t9pI^
$Sectigo Public Code Signing Root R460
EmptyClipboard
a(7`j
*p5::
V8om4
6j;4F#
EQ#?&K
]tfAU
^>BC2
m|II'
{:Jlc%
\AQ!"-
.=]!G
aFa>;
p-U@`4}
\IoY& x
DAQf8
QHf/l
aGa!$
mau/!
RegDeleteValueW
$;[U_
MvHHJ
]8E(vFc
yjpPi8
dkobc
5B.&c
/&;cIjx"
s`$]2
qk].X
9V#)<Ec
MN{]@>i
wlhq|
dC\=Cr
7mk2eyk
U_M.3&!CSBvOr
t"cD?
P um;
RG !/E
0p\?P?
abbab]\
3-n:P
]#4Ne
xpK>b
OtKeTU@=^
-xSDa'
Ml4h.
>{E&a
%USERTrust RSA Certification Authority0
bgi.Eh
/c3|r
aW<dv
n]}Q\J
]N{op
Oy.[R
=>Y;$
W?zv)h
YVV[J
kAbQP
Q~t$C
3#M?;
RegEnumKeyW
JTx<0
!v(X?
GetWindowRect
/0D|i
{n:F]
]CyGik
%-hk<J
W8NP4yjK
(AX>NB
.OuSSO9
CRYPTBASE
zxRE6
d-i,lS
%gSrm
CgI[
YpQ.<
K>Xk`
IpyyG<
@(lA*
)L1?F
.[J}-
O m>.
keHJy&4P
g<9O3
3.5.27.0
>05T"
EndPaint
<]k$?
/z7k{
@Wlm,
W5+w/
IsWindow
228G.M
kfwEr
z~[3\
d6At`
Sj+6;
(I(TQ
GIIKX
,/KPip
fUvW|
<bwl!W
sv7uXj
_G}/8w
L~$k g
`zw<9
`3p(K
XVw7R
CkGj+
1j\s]m/
fBD?Z?
tUYl{?XO=T
3o,) Yj
kXip]
k9'^Ef
-Fc]r
X~r}{
C[[>g
-*[5*
SKBW`-1
o0m0F
fQB?"k9Dn
BjV{,
SetClipboardData
"l[>l
R>q|
e)8\ch
6=Dhm
OYj&=gb
#?p%A
/dQL6
*$R=VS
R=U{e
094Vk
fP:r(Ht
)F~DA
$3M8s
N1~S>Q`
<h*0w
o[%Qb
,wIZX
niLFr}
snJ8{
|/b<+
/(bq9
Nt7[8
6n4Mn
eF`t~
2R%sM
b/il[
:ON7)
IsWindowVisible
Mlit&
FSu&DY
P?GQba
*w[t9
Xl>!,
C2$X2
hS&=I
\^ wO
En2&i
i)2`0
"IB%V
CreateDirectoryW
*V2f V
YSh{z
210322000000Z
W|vb:[
Z[cRf*
p{P^-X
ne9xY
ZKfPWyy
$Ia4c
Dfh8@
8>t`NP
6X&l#
%rW=U"
U%t%qT
N1VF5
7oE~@
nkt!_
iKk:g{Q
MGYT3
#~gO[
@Gk3o#
m'QQhF
"Sectigo Public Code Signing CA R360
vO:u`i
4A8ssh
iCmt>
N d>eK
y@' $
6tmLI
Id=qb
"DQh?
Y3/]o
V*9SaU#
o=+lD2
Gzz}@
x*D/j
,[.z3
BTM97
2http://crl.comodoca.com/AAACertificateServices.crl04
-ua\3='C
y'4Z_2
/lmkQ
.k_=S
%"#{p
#~IOa`o
(9Ew
:|z^}S
K/Gs#5tF\x\
Dng]O
]=1td
>#jSv
vzbFL
,/+B#
p?_7BY
>:a|ZF
}Yj:_.y;
6C[?;m
O-LrM
O}}zq0
&_.oW
r^R[}
~S,y:
4Bb9w
E&`^v
D0B0@
LegalCopyright
0tf[q
mJHgO
f!>_^
YAHRqE
8$_^\
V2w)n~
!!y<I
SendMessageTimeoutW
CallWindowProcW
VYKz:"
uw>eS
e5@B},
o70JRAa
smIOi2
9_|h@
8DHL`
Z*%)[
SetCurrentDirectoryW
z`y?|
63ca>`
+Ge-=
0i0T1
^rFym
zW+PC
L*?/gKo:Y\]
CG{[AGC
>m'7
7]T;4
\xebz
eLeUo
)YTDE
^n3cqC
jC04'
a^eL:z
r#%+"
ZT=E-
CoCyO
)"e9W
E#</L
S>aJ$f#
}'u 4
Sghv~^
gc-67
/6<9U
dj359AGVWd
vGsAQ
L8"Nd
d8i=Y4
wDJ)J
c|F"7
$Mrfb
xR`I-`6
&|4k#I
|0:6:in
eGlzdd
c(J}Q>
jHJ7R_w$
w6;n|
gRL`t
[y 0LE}S
D^+x3x~
@]o<#z
E{vv@
`Kv.0K{
j?#!-
#T`^N
H(4!T
GetMessagePos
SrBf<|_
WPWj0
O5ew$
q6!%K
^|D.Ne7
W9U!1E
n[I<D
TJl-U
aL?mBf
xrnj~
N7T"v
{@G>X
aB4^m
6@-JW
sm^(C*
@m8Q,
ROm<n0O
J];_AJR
z7FMj
v'jSV{u
A4V&Lx|
,ZaC6
9EnT7>m
0%4zfjV
oC46!
0%Af5
Je{\`k
bBOJFr
cnIt-
RegDeleteKeyW
-O|f;
I`nxQW^Hu
r_['Rt
6g~p=
"p>gCI|
~p7b7Y673
#rqIvy
3%{]L
T6NT;
^^/AWq
7_iOr
dd$A|tw[
3G<(P
rRj,)
5SJ{&o
O&'&C+
>~}7G
&tinVT
Gvy0So
Rm1q2
t/:xe
T;[o'D
bh<Fn?j
iZ;qR
RU9e*9
ImageList_Create
|u.wZxC
s}0m.
u/CFL
.DEFAULT\Control Panel\International
p?)Dz
WaitForSingleObject
_cyaDw/
6nh[15
SSUE8yzZv
<H& 5
gj,Gc
97(?86I
gi4blk
wd-8:@
q]8p#-CJ
&(k~6
New Jersey1
lstrlenW
BzW(.
sxHv3
Jg14qD
#Z7O{
"gzKoq
wZw5r
g$!0Z
q(d}V
OpenProcessToken
Z3ogL
LNRV)
|!5c(
-![FRjfQ
lHf8\_
Taw[}
B8?g?
6>\ZUS
"^e<V
_Hso}q
+y_"W
Comments
SgrZb
xQe%h
;aJm
v_Al!
HZ>Kg
KtT[[6
!Z2{]
SystemParametersInfoW
./;rc
Uo]U]
R%_OHixy
}j\jR
OfOw@\
*X8LX
(*F/%
)!f,CJDx
"K#zMN
7J?cL
|OC9<6
+X=d6r
6+s70
g|b`5A
320122235959Z0
N4N_Q
quPGD
SHGetKnownFolderPath
Bj 9;
l(iJ'c
AK$)s
!VlN!
THA/1
/t"Zv:
I.%sx
iM6gi
@hnu^
W3MQN
SetForegroundWindow
L[%E@
Z%K8~
T3s&|
_mqP7!o
] too:*
uDWWh
|&Z4$B
nCSV]
i223-
dyi@=
A%i9y1
:66?<
fj3^BD
vE')#`
p)QMb-
HDGPC<&
P|W}B
u"^8b
('lSr&{
o,01\
d8Ui3
8U|Alu
s{*VG:
SetErrorMode
\J7+!
oB~UVt
t^!$c
4#!yx
3a0V|
}MW?^
vS;J_
C0.%;
Bq8,5
&Wmiayb
WQP#Z
)W'.oO
190502000000Z
~8C5N`q
,~>7&A
g(}0T
M[0-D
c{hdt
h@(V^
|kLp$
_A>VS*
xO5Dz/
;7m+S
3Tg^j
OWo`>
;3+hk
5AwMu
SHGetFolderPathW
vl<N2
W|/ont
UIr&|
y4Za;
Xo&,a+m
GvhuL
ER R8
KS a"
Vf54U;h"
Iib"Y&
K)9<O
ugTB*
0kH:H<
ExpandEnvironmentStringsW
&W*vP
,uCU4
aP(vd
89F$^k
s\F57
@ ah"5
544S$
SearchPathW
4*pbWg.
w:]e1H
SetFileTime
H\ohD.
<BV^Q
J~BTs
JvezP
KiT*t|a^
YHF"h
Yhs{#$B iC
8s0rR
p7!J.
O[zS>
u5J^bnTa-~g
bnkg$
ouw^^K
GetTickCount
N\w|?W
G3ARo
^_n!(
xbIQ@
UHPXF
tR,wq
x=Ar@
~.TMj"
|BjUyUu
a#oIU
Ywv%f2
:Z ==
oe|O5
1CfW9
Rea'X
\8S;g
2|asrj
5pSkl
Gv@'3
A7\4Y
k<nEn
z!Y.v
,l$m/
i&6`'
s]go`Q
i6xb!
60%ZJ
RX{1]
_\zpr
jt1O\
5\Kv'R
7=^LJ
0$q:+
T6_i:
~"^8T8
E4\75
m;-CS
Gn n\
(/u@I
haZo^
8E<L!
o^ UN]
SLC '
$Gdc=
;bJ(K
8`Iv@q
RJCQp
rHc/*
JKjV'
HpQy=
!E#.i$
x.)&K
J~*lQ
Jt D!
L8R(xB
KZ[yz
$pe53
MultiByteToWideChar
JaV/g
slENFj
vi>Tg
?Y:UN+
qy^ t2
For additional details, visit PortableApps.com
NQ3T[]
1P>_T
%<{-2
L ^$v}E`7ee#;W
SSP+{tt
:hW2e+S
softuW
~]^*%C
{D6Ium
TgY-N
HOY3O
{va+H
W_W6#$
Nguu3g
'cVPzR
Ne\-T#
,Xyd(
"_` `
a5HAlf1
PPm';
VERSION
f5} =@
vfz-}
7E-@X
&`!vb
\IE=Biq
4ocOY)
?/SK"|
]+Th3
#u;%9+|=MK
fP:6
F0%Dd
ppu,|7
R;b4q
je\pM<
eSuFE
irk 5
%s80*|o
wu\2C
UffCD&
';T09
G%Sm|I
rAgd-
FL$N5
(t_TC
q^S%hP
lcmkS
JZ@_d
ySD_\O
JE8g>9,3
)w[e"
SHELL32.dll
voJ="%~:
,iO ^
msctls_progress32
buuu(
@Eq.H
!C* )
q^,&tT?
p}H`Q(
%p>={
AAA Certificate Services0
3$UJA
7d~*_
6/K$n
N$+yq
mXC!>
|hyWA
jh.b)*S}
.U4<Q
!S?bB
{edfO
%mHf\
&+/% V
t3&`?
{\eQs
s/ci8
m_zQ_
dY`7~
7<K?;
c)9wo
'm_S)
sSk%1
6-rCh
d1Bd8_d
m5-V,
'ay}f
42^HOz
js! Ew)
ga(KH%
$ZixA
ro-bd
Q'~n$
@ma.s~i/^
)zHh;
1~A?e&p
;jLDy
56d3G
F]Q+k'
`^^^sS
*vN\t
TuV8a
@+>7B
"&,rD
sV@g1
CreateProcessW
Pmq]{
zx[Xw
U~CJF
aNm#L
?b58q
PczF~
Klm1]I
B-`%8
J@6.Ms(J
D=-8}
dx~6"{
Y^|`g
&`otW[
40%.qh\
T wDWD
;5<w%&E
?$,vm
SYvic
H^?;F
[8G4!
\HbWv
installer's author to obtain a new copy.
E2PND=
tzK.x
gFY7_N-
"Sectigo Public Code Signing CA R36
tw^GZ
... %d%%
)bIWS
T1}c}
v`\[Q[-
!Kns{x\<
9v>sb
[&){&aA
1wZC7C
!QB("}
phPL/
sB]G2
TpN#B
#=Seg$
d)9'?
)p Q`
~R,Z^
lxI#o
83?/j$H>
b85HO
N9@5+E
-%]`2G
} pC!+
^zj0DQ
y v9H'=
sh5>#
%?BHi
}o>8s
m\ej^
)b-zddL
BGJ$x
ADVAPI32.dll
WQSPV
"i8F>
t:&_W
DSdcL
gyqI?
R`6@@Xg,
5n=SG
y9(,fG>D
&W%ut
[]p;X
(4tU>
f+.?H
yUz4qB
$MnQvBe
20220224161447Z
UUUUW
/ P6pL
CreateThread
@TfXgf
SetBkMode
Z|_|q
GT^^62
90705
-xFd}
='!>N
TrackPopupMenu
,J/C|
"2{gS
DialogBoxParamW
FreeLibrary
`M<j'
F"C?N
L$L+#
vQoGY
lstrlenA
3!OboW
a9G1<h(
#6ckY
6J.M+H|3
w12,2
t$0Sh
r+-j8
R>i]8c
y,.mG
H?e{(
JHj)>
}JdC8
De7i'S
Q; ~Rw*
iCO,[
P>\8P
9s8cB
M^yiO
wo"DF
t{XaU
e6>cb
<ptew
aSz)je}a;
i!lwp
9aK+#_>
]qnE%
%zXbh{9
CompanyName
ScJJu
?u2p8
[J,(I
4o8hX
hU|dP
B<1Y44V
Uh<dH
fM_pX
3teN,W
:http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
L;:hG
; MNZ<pdRe
0NDqx
y*q0R
W7~HI
A~Uh=
JuOF>
4NZ`^
)u?krsQbDi#+
t#j"^
o~M"4
("|Vz
p]Dm6M
KQo2'?
EFU[n
A> R<[(
^>a@A
4wIsCE
,rQ7jkgU_
md*p
Q*@W?
= 'is9
:Am5<
;)JYD
a>8);
E%EZo
j'+Pl_8U5
'97.14T}
LN{oU
Sleep
wNeS6
cKM>;
}"to]3_*
90u'AAf
BJtGj1
\MI%Y^
Dp4j-
WkjM@
:CO[:
l9<%2
D al
8+)kZ
$XobS
@K-[X%
(Q1eh
$HZg,
wOs*`,
BRlUA&Z
5bZw3
H)uZJu
R]1EF
GlobalFree
+!n@j
j8AF $
cKBRN
GetUserDefaultUILanguage
YRRmX
9Q5LlJ
kmHS2{p
GetDiskFreeSpaceExW
:27Q6,4N
ShellExecuteExW
qf+P1#
$Y#Z;
:0a9)
%{1F=
MWYgV*m
B! lyG
pIT2u
0q*y|
hVw]A
JpX^L
3bolV#
gBYhJ*
{YK@Q
WWWWjn
v<qID
*uCGX
tZE-h
https://sectigo.com/CPS0D
:}]hY*
6C9Li
).Fo=
^9f6v
Prm-e
8XwlT
)X^3;;Vvr
Pq3Mqb
RegOpenKeyExW
fiN*"H
]e }/ND
\B#X[G
WUpKN
siPWh
p:+_v
u!pXw
UmYyF\
K<]Pn
Rp;w5
I>Wnv
!;vGE
/-P?pR
SetBkColor
gZ'Qc
`S/G]
http://ocsp.sectigo.com0
4W1<{[
PortableApps.comAppID
{?!;4
Ghi.g
iUyek
'mj:uw&q|
#5&:k
X.qG'
FindFirstFileW
2%qK]
qkr6U
NjGhn1
!QT{U%
;t@zE
wsprintfW
S-z X
%l03i
t1^dA
u?L%3
wv5[|
1Lp-r
}iIIMZBf~
E40*::
;]N=v
O~8cD
N6:>*
5,kY\
=tc~f
x7lgC
M<h-r
HkhXI*
_*#\ZD
%~_s[
| zDv
3,+EZUR
@KsGE
D$,+D$$P
`ZOIKF:
iR|>q
.+:r5
{_06\
% D3t
1PSmW2
OKgNKC
iJWnTM
5>{|^
?2rul
R>/*t
gMx7n
g@fe;s
3\ldQ
y]1Rv4B8T
rtb:oh
U"bj!'
HhXZ4pzz
aZ@9/,
b[ZD;U
7VrDm
D.|2@`
M~riC
vq@G=v
nWS=V>\G
tw-ezo
2w&iQ
;MK2Ij+
R_F_iL
y#v`[=
1]lBK/`
!+}b,Z
'aiaY
xaqJNd^
u0q-z
+t050&
rtA?e
Ht(%A
GeXri
%6wei
7b6?t
7<2-xr
K):f4
(0&0$
m:>{G
ejE",+
AmDm]
oQBt_W
<JQq%
"iTDz
4()E10N
=a Hy
2E~TL
[!Pe:8
D/{|h
up1:,P
BdO9EtM
RG%2(
((L0,/d
SHGetPathFromIDListW
Ry_.Z
DPP+
].R`rb-^?
w<I.+
w/Xxo
b,<h0
L{w'h
eZV+0
V\Mgz
oytBO
cKT@d
g~!gJ
>(11M
l7w{Ph
/c#Fa
'N^B:
bfhit
j8WUHBYs
h8V&*
1H1D@
3.5.27
gNUnU
X<`tG
]Sqe2
[m}}OS
~z:k6
-f{9(
+>xT%
https://sectigo.com/CPS0
Dyo;N
fsHjp"
*cV a
d:u%K
>I=S;
J0-"I
.u9n{
;ZdfG=
Gm+]4
)_$v/
7*GwD
oox`'
4:iSG
P1Y=|
^9T9*
~uPnq3
mq)ju
ImageList_AddMasked
l,7WhI 4
~D{~+
hA(]08O
Mww|j
iUGl(
AppendMenuW
Uf0dd
X/7hj*
i5sX'%.
'oIeI>
\@,@!
I*g"_`
S2> ,vg
_-g[(
~?4_V+
wL$O*
[[{Qd
lr?Ne
:QpD>
q>Bw{
AT(pa
v<5 0
vqxT!
9l<x@j
Ykd^|n
AS9a
F9%Sb
VO7Xv
>5D?JD
p`0)[
#C{-x
N]Ug2
drmyx
~ l5'>
2GmTu
"drYa2
\J8!o
[,h7j|
IDATx
Garjl2
~38D,
Rare Ideas, LLC0
iVy$5
CornD
<zF)R/
IV^ T
oyY#L
LNN}X`
F|AB8
%"#K|
/4bf2?
]buxyubO
,O_p1y
N5E@9
!*6[Y
PB'Ir
YB?vTb
9\>_(^1
bD6o~
>DUOeD
C=,G\
ZQ$_R
/T:Ots
etJh8
B}{I5
F5Nqj
{BI2$
/0#LH
ly`l@Y
!KI+OF
G" 4r
<t^`'d&
&>4lV
8RG~
FindWindowExW
<Eal[y
lstrcmpiW
ReleaseDC
${wZ$
*g\y=
t<Qa.
@URf:=
=Hb(O
P,\s5
_wz(Kz
PEPgj
w5WP`
+\^-]&E
0qyS`<\
ADVAPI32
zV@uM5'
",:&$
tMs>o
q+) ~
4{p*z
PeekMessageW
1i`3^]
|5JsL
?KQCLjW
NH=!$&`DQS
(Q:l1Rx
E>0pl
8te$u
t|ev}LgaR
Ok%h&
[X6kC
fG7ag
Ee:=t
si{ U;
Kye@*
Jp3NQ6P
LegalTrademarks
BFV"o
3E{*-h*sN
h,[fpH
a=2U*
}"3u,
3,{%5
NM{W-
>vX%D
q6E`u
"m1qV_
D@#S4
D=,'7:e
Kdn5Bs
SHAutoComplete
cyU9O
mg57W=
GetClientRect
tOs7{
&EFPd
0yFEDT<
,7E$!
rko]&
#|&v9&
-{e!'
6-q!K
)M\bH
1O$~"
9UScd4
,(jhp
BxxAU
zL{i!
W)fX*Z
,hMOp
![YT'X
SetEnvironmentVariableW
"B&c!
FFC;]
ReadFile
juBYj
MJH<"j6
Oq%L9;Q
%w|0"
2cx7;b
FE``U
Fa(Rs
ambXu9t
WideCharToMultiByte
RegQueryValueExW
S&M7wd
Ly>*_
flHqZ^
8b{kw~
^(h^m
8tl4v
,[kQ&
8f\6c
;ctV_2
VarFileInfo
mc]f,
%A8X^B
+mKNx
wsprintfA
Y/z1'~C
mf4aO
Yu7sW
NulluN
Q*NnF
JdX]m"fi
MDA4_5
zqZ>F
G1Jp$
ImageList_Destroy
DrawTextW
rdVL^
]{,;%
&hjrB
QQdGle
9`*t1
+[k,b
+.n_U
m&n=*
r3@BPjB
md-H}>#
b)7>}*g
a[g~o
|_s;"
PL\al
0z\a-V
~f$v|6
GetFileVersionInfoW
Pc~u>h
5FOlob!
TrLHa
"ouk$pF!
gEj`#I
Fd Te&
nYXvN
#;8w_
i+m8u[^
oIM^0
AF81z
tej ^
83('[TH
ph!?k
CreateFileW
99x&~
-E\{GR{
ExitWindowsEx
:;coAD
(e`tf^
F"`+9
%$ojB
GlobalAlloc
=U/,E
:oL,E
PROPSYS
u"Cj:M
m~jA>
Installer integrity check has failed. Common causes include
=<^[_a
b%Vu!
p^vH[
R[a&%
?Da[+/
)yC?)
!ay\t
ICCc+454
/{E(s
?-jij-
8f7T!r
CopyFileW
{"gkU
;u$##Wu9
mAZ\MVO
;${]7J
D(6yx
Ic9n P
Jersey City1
ChjlN
((^.W
/~bEI
z-?{9
xhN{n
.A|)`U
NT`UC-
7eEMN"
}uO`OU/[c
]%v*} |
]=u2,
QR:0f
9kB/JJ
&6s9w
V&'i{w
\"Vs#&
onV6~
FV>4v
c%z`s
xQmzIT
@Wd4s
Control Panel\Desktop\ResourceLocale
f:Wj[
Yb(OY
Error writing temporary file. Make sure your temp folder is valid.
Edh!f
$9Q+8Z
K'$U+
FFlCx@
QS\hf
[Co,(
a!"kW
SHFOLDER
ex%&9
x&$&,w
"Z)A-L
bq1V+}
hqGRj
J?9ES@b
_HdThXg
SmyW1^3T2lAr
y$HSF
LkdlG
@_=oG
i:6?)@
9>tQR
3-X0D
Aik"'
>/zBl
VSX\il
M~`H0
$U|@D
jloI2Be
wO_7{
WA]/A
360321235959Z0T1
GetWindowLongW
C'`6u
#<i2Q
7N&=<
<b6"{
FF:k>
SqoE[er
LJ0uSf
F1('t
?'1rBb
S8^\S
9S!F>;
_gK[7OWY
x't^2
Dl[$(
%Y|H3
I4Yb)
+ A5e
d$f,$
1DcND
; Ba6
L6l Vc{[
VTtl-
XBL%kX?
;`zQ~
ci ySy}
GetFileSize
NM,.L
fP/&(
w^ZH=b#^"
v$o(aI>
W,J>27DP>\[J
ab;*q
8+kA&
|_<k7lY
ii+Qz
wo<S
]O)+R
L6$Jj
3http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
{055M
0,C&{h
+#a}
\cE"`:u
BC xO
b\l<P
GetDeviceCaps
p$lfH
{p|]q
Jv;P
Mb,Hm
[[NO#J
@J$nX
'8tQ&
;?.n"b
0n8 ZV
e\7%v
94b;z
C6#TkL
-%/_Kw~vq
0^v}B
{dgHP*D
c~W5f
#4*S$
E}"lA
4l!``U
{qv=/F
:L.j
7hiuU
380118235959Z0}1
Z2e7n
Error launching installer
'u`I;
(Z$58
ik!&%
k#OHd
r(t'PN
?2<H#
l)C1_
lM<S'
zJ?1w
.:2S8
K][`'
g hRn
M"V B
.xzRF !
Lfv=\
v9,H,b
U5VC(
x"<.W!
=<XS\jAD
QRQ^c
u|6`cu
n{hT76
q4zqs_
B^+C~
X_$-(
TXmA,
4r2q$
klgR"
WriteFile
SWG[x
K |Cy_
eNPs.=
y)%8V
cJxR7Ct
|ikBK
_w ~0
XqLqF
9aoQI
V?.W/J
KERNEL32
>MD:Lj
%Eix?P
@KVY\
B,{2Dy
UsR_e
1jF1kw.
9KLr*w
DestroyWindow
H-Og5
oX@E6Z
<kcDD
dWMN6
iqFw$
PM/,-J.
4rgz![
cGxVBw
]A/xx
Zj9\$
,M%6O
$<AZn
&Yt?D
<p?{q
RDJDz#u
LdFNOY&~
BoI:A9!*
]K^in
`sb696a
sc(F@l
2}|vLf
e)5*-
D?N"*
$J$:2
pS0=e
XR)x<#s4
|r=MR
G!+tKI
kd8F$
+U#;`
/Y&pU(
%7rS`$
qK;[H
i&Nq"M
Sectigo Limited1-0+
S5K0~
)Pni_
g&_w~a
<rJ2`
{V?Vd
G}WBK
SetWindowTextW
L~H(]
YJ7Y7*
DTZb$g
g76j4>3I
)s1YD
1#bV:
kYs&G
y?@P|
'`[>lG
eo`>l
oofI4
VSUbOI:
o0h>Q
@30:g
>`MebDHvMe
3A~15
\u f9O
ksk8/
z}a< H}
K\v\T#8_k9
S>}[}oz-;
V![Og
HO@DFFDD'!"
SQWPV
%3IX54
zLOD=4
MOeyCN
z|nrY
7n`t&
[{t8e
EnableMenuItem
LoadCursorW
SHGetSpecialFolderLocation
AbJ+&
;_I=i
hE%"P.S
T^qwc
$WY_i
m%OJv
)]]vy
.&S21<Y
@xso&1
XE~Z;2ph
E4&RM
+]%*)o
,"wNf
r'5;R
{SgZ3
$o"dd
p2CN;
=rRy[
3+K:&
d" <}
$T3ae
Lf}/c
YETg_
GU?<'`
UWvxv
THih b
i,tV,
-2W1`
m5sY'[
d2P&J
y/xyh
:>a&g"
j>K>({>]
P^0WI
^$ ;xz
=r1Gv
7Hrhls
VX)>J
osOOn
RichEd20
&f7<,P
QnUQ~<b(t
StringFileInfo
Sj~?H
egx}[+
6og?(Q
)gDPH1n=
jHjZV
.2SJh
k"pPQz;
c5cGc
ole32.dll
LN DGC
P.A&.
Bh)Thl
$$i7z
G4(Q>f
SHBrowseForFolderW
^a4=X
fb!a+
:NbHZ
PortableApps.comFormatVersion
${DownloadKnockURL}
O+<*C
~SM)`y
MUemgt
$bLu9O
\a4C;
q-u#Y
)Pd1;
6lxw9
#VM}eD6
{6Cqin
QIbD"
)`RRr
{Zp4E
GdE2n
BrIeB
jv/u
iGuWO
tnLzO
dp;Mo0
2ZK*"u
Ed+,B
B!zuw
jtR|=
+&<an
]M&L4"
GlobalUnlock
34Y/e
zI.hs{t
c^:Jq
)MNn<
=NU+?
1@aZ/
Q621%(Q
EL.B<th
=+b)Z
_U2sX
^_HdH
U(SrSu
s;Y(p
[&w9+
L.z2e`
`$' e
nDS {
M58\9W
e:>xy
AyD$\
Hz(_/
>sCXs
.J`-z
VCV o
,Sg|p
Q ~Sc
4PRzL8
?R%fsHy
%<}I7
NUNZ~K
1@,a=M
JEV"q
IjM]w
3<+z^\
ojI4($3C6f,
7`$r]1m
qx;Q\
r5yry
5%"r[
W;E\P0
OLEACC
s$^19
ltfyU
yde=#
!%r@C6
,A][4
483`kby
IH+R
"Xq*F
f&Ntwhza
@'ZQK
#,UWQ=
7?#:k
ZridY
[GF^A
#~;}V
^2VJ-
N2WUIBIikK.28
|akb&
vIB2Z
^=>x{
$B9{R
Z*}}EYF
=F{j'z8
i4kUD
f9=HgD
olj}xyGK
Hov8w
Z\rMM!%
D^,AxP
U.tUQ/
}X2@r
h0f0?
`Qr![
^|$7)
Wm?oUW3
e}@tn
$+d>q]_
`t~Ee
d*#'RiH
jz7*b
hDUMl
Wkf5)1
fFziG
*lw0J{c
%4J)3
"SvKh9E
ES4Lh
/wYo],
y/6B<KEP
CTYtxW
n\t&@HJ
]|iXq
]VY)O1m
Salford1
QK?I^YM
/H rR0
OcNm-D
m-A.2
~ts2K
#1m6m
?P@+;~
BQhD;
2Ug^%
*o,Y{
]1Q1p
_l=I|]
Zlp)p$
hGujb
VD\Vp
qy.^e;
z$F=k
oEe{"
LJ'VqWe
BV!IW
fC@7e=
6KlX"s
TCPView
Ap9}9
@ob/FY
&ZBeC#E
~-:%i_
P?'j>
3;<0A
h6PG+N
(N9+o
ck_U,
,<=Uz
Y;E_S[
]hr1Y|
k@;7g
R*!]jO
rCV{R
Vpg%^U/
lU\#xdM
kl{]I
$P&0&E
'[5pr
$jCl0
/w$JM
K{g*p
7jaYL-
G;P_6
GetModuleFileNameW
"%SG,.V
F+#9'
*1YY@
f1hwVB
SvDlm
E;1|5b
42?D%'L
?U1wL
mM(H<
pWXDX
20n2EB|6"
6/Ca9;
Zj29S
]jdB>
B=#$@9
KNt8.r
`A^UK
2g*hy
)i##O
SetTimer
@&8D]s
P: e_
G:hNT
R*]{u
SetClassLongW
0nyI?R
MFR'Xq
Az+FY
)jb2!
I@0/U
Sectigo RSA Time Stamping CA
a-8Q_
jV0+cc
aTc71
8W,9+p
V9J"<
.am7=a
&|ht
fx<@$
ZE&db\
p12/<
lstrcmpW
o&<C7
rrfSe2
)WFOT3
:J9%[F
KERNEL32.dll
D9Pk[
e^4Ru
RichEd32
OleInitialize
'bzUq
7(SkWo
29~|^
^2"XjD
*6]jY
NVOk'}
H_|h0d
k{s8T
U&z9q
"cKi?
wLoENI
l]'bRs
zhUV[
!hni`a
B~H)H
<s13.
:http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0{
TCPView.zip
\v-C7
X2TsWI}ZTd
3E?euh
LKx|d
B|Wl
sKB<I
H1Vfgh
P ^#_QT
d^^Nj=}
K^zs/
|fj^ml
~|c{p
m0k0D
-a8HY
2'Mk2_
GetWindowsDirectoryW
-+-V,+O
DefWindowProcW
(U":OA
j8h|@
\0umh
>P'|]
p"( /h
JPY*0
g~-iJO0j_
LGGNMKg
-d:dK
dZ4E>
"D?2j
= mU7
WVeOw
GetVersionExW
jo 8~
6o?<E#l
g)0M,
0WZHBMko:.2
=,llbi
o_cs~6
n*aB.
0g!OAC
c1&fc
fPy:6!Y
9=Nc8t
jo6d<
7yE2<a
WzeFu
pa@aZ
#/})G
GetSystemDirectoryW
p,0*@1V
B_Mf)
e\;a'
-;t2c
s!T[Y
IHa}?<<
VS_VERSION_INFO
GetDiskFreeSpaceW
C=1V;6+
>#!SF
9[J^R+
4\x$N2
5?l+>
MOq1xg
baP`g|
W(@h<M
Te.:mz+
2)'+)
MY)2%C
bWS"flm|j
gVzDb
_X^![
3u7`"
#Sectigo RSA Time Stamping Signer #2
c\DfG
Tf@jt
Sqrk1
cXu8U
4I,43
QjGOP
of]n.
e=aE6a
#f1\c
T}E2_
E0x?}{
-]L<S
f)Ju)b<
PostQuitMessage
!vJfJxw?X
#**jB
hUh%"#YV
Qec/I
{a\ct
2^Z}j
'4{;%
{dnt7
1ev.T
5$S,!
cebSE
vmT3}
9WMsk
G6~NHp<
Vj%SSS
5}gFw.
'!z5;
;Q2`<Vz
s:]>Iq
i%<mw
pz#TT
F"W*D_
6f_O@
?Q%g+r
@`.^]
D=vfNY"
DXHR@
SendMessageW
0v|,uFzU
i yu;1
zdo}yO
{49=Ii
jm:HkP
BLB"?bZ
LxAA)+*
SVWj _3
IiD^I
QIAQh
XR$m%
230216235959Z0T1
(OV<3
tZj\V
_0J6$
r(:*y
R=?B`
%m3NZ
&J}!H
FfjJU
OpenClipboard
}J%Uy
4Ja>`Y
4b{^o
?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
I6Nhj8
BR2?$
}{I1g
3a)6?
_Qv->O
"I0o=h
G\jo[]]
L=l9s
no5 ]8d
_jlvzyxb^
hLGi~=0i
5_Qr .i
SdV0D
W'q$^
3B}{t+e
_vWe_k
A!CZ<
SMALHB7
OP{&;
?1J,U
b2aI/V
Sectigo Limited1%0#
3N4`Z
$kCYkK
>Fi`(
_4j^c
y9PX.
}(k }M
X O<Tt
pfE2vT
Fx3!E
_WQmO$
K{IFK
yq/g3
GetProcAddress
\FmT69K!
1}nGr
2OQe)
zuqYq
q8BGw
n2)gG
0&DiYlB
Z7RS05T
sHj>]
'vjHj
tp+)H<
IsWindowEnabled
zv2Bw,
;4F?>@6.,
ProductName
q<1C|
Diyi|M>
94**wma
fE8W-%XV1
/sNx,u
2007-2022 PortableApps.com, PortableApps.com Installer 3.5.27.0
sC $g
R+*"O?Ja
o5D^E
MsKP^>
o)|8H
!g@0n
yPZ( Jb,xp[
220216000000Z
Pq"h;
u@w+@cG
S+[dU
SetFileSecurityW
V^9XPA'#
0k`=5
O7%>*
})I+l:
ExitProcess
DBTb>91
+aLnUm
b@jD;v
9=4gD
$;gp-p)
>-,7`7
s* Y@hU*f8
++FjY
&4r\&{
w%qx|
7|klfa
Asc"L.
r\'P7y'
["cwX
a[g`I"]Ny
(7b@g
:]{@y
%bjQ@
KM5l@
TLBzty
-2[zE
D]Oj.
:WM3\
7GF&1
ratYd
XuDm\;
+Sw&%
,.yQr
t3 B6
J0dbn
jS2z.M
PHV%6
Dqy}d
GFeO@
b)JSw
VZ<8h
/d0L
*0c4J9
IiRQv
CKQZh
cHbX=
]IMrV
CDD}Y&C
MoveFileW
"ype_
FileVersion
http://nsis.sf.net/NSIS_Error
FL1&;TC
n1H'K4
Xq-wG
Please wait while Setup is loading...
p]PFc
d0%4C
y?]Iu
c|>Sq
byJh~n
ZCi/F
8,kJm
"CV]"
_c(&(
imGi/
x[tWd
?{e{$h
gA2w7
rFrEG
g1"pS
/~X_z
x~K?N
"J*n(
S$rpl
CreateDialogParamW
80nyUM
QNSfef
G%01$
K]a9h
cZVF%i
S)x]z
[KVu?
j"WN*|<
BKN;l
|)NQDT
1"2Q#
$uBQP
nS@|r
I-#}g
c@G0Ln9'
n1TW!
=CQ"$=
?Oq/l
GetExitCodeProcess
j?f R
puSyh
nsqsF
8G!H/
jm@ML
yde~QD
LBc`D
IEFNlD89A4/k
SEo?m
LGLtPPp
EvJ7{
Rx"5E
[Rename]
SetFilePointer
Z*6U01
^0HQ,
*bB`q
$<c;t
[H 'oA_"
1`=g7te
?QJsUTi
=S{81
;g&Tg
Jk_.(9Cd
{5S !}
c]ph&
D$$+D$
GqJ1*
r|7bj
p ]2Y6
_7GA9
mkjP8n<
RegisterClassW
r&KM|M
TCPViewPortable_4.17_English_online.paf.exe
`b$rC
#z!KF
\EnK;#@{
k<aOF@(+
xU^u?;
3\[r|
RichEdit20W
)]@$2c`%
='i2Z
iK{AN
qH,5O1
Z\a}H /&g
A1)>M
(/iTG3CJWf,+*
m3g:b
OOhmc7
8http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
}ih&l
;U+.n
tNhO5
H)jKP
9-HgE
b)3 B
e%JG/"
u~<c/
=cAb<"skr9
5=;5y]
fOJ1~
9=i0O
Gsq#V
L^\?y
PVJFw
VerQueryValueW
CheckDlgButton
X}e;L
Sx0xB
S/+.3%2
!0sjOD
1-RZ
[X_9~
DHt!b
y`v_[
$~pC>
R(TF\
*|Lo0
WkUuPP
/;@By
yH&csAb
3$7Mq
+BJZ3
9nM603CIf9
i%;fWb
d_4Vu
~tt,H%m
v[-s#=
'C*SI
wERw5D
9=8gD
PortableApps.comDownloadMD5
GlobalLock
SHLWAPI
kf4"h_
B@lr#
sbv>!=
;)H12
_:A%=SkE
Y9E58f
DeleteFileW
lstrcatW
We7dPO=
-Zw1DP
]ZC%v[
GetPrivateProfileStringW
-#-.
GDI32.dll
R^':.1
7ZN?.Z
)"IcIB
NTMARTA
0]Cc2{
V=r>~
)ewqWssr4
R@o&46
dylmD
e8}-:
5oC)-
'+Vgo
}1g&P
#Ao2q
XEN1m.
|z~&\
veg1|
p@l};
InvalidateRect
:iFFa
a#PHZ
X2]AD
`tJ\|
]4we"
)Ssy?
PN3-tr
1&w\[q1
x$)Rq6
S< -x
!@hU?
4a1W#
FLp5D
hTgx}
(j-WB)
^XygI
"3QX$O
-u;'n
23Qe:?|
Gpo/U,
1v0,F%tvk
M?)vzg"
sw0r#
ElxMMaa
j}GI],Dy
Mm,L>cW
)JJe2
cEvF(
&JK E
\8!)x`L\
>.kal
$3?U,d
Z5a:9
!{6,i
\]d"D
1x=/z
B0@0>
3r]Hh
}:S=i
^mU?v
\9NB}
InternalName
wc6n{
M},I?
_sN{R
='P][
D3'F@
`s-ge#C
+gp%&
j@xd?
)pJ8(
6kYyX9
7~.*U
FJV-M
|Nlx(&
oYE2G
JYspE
^=x8=^
_63rou
$1f2*<H^
|V~,ky
?Z\hR
ka&lr
Q>0Ws
1NKd)
-v$F#j
C1<C}rT
x%%+A
6Wc%:
imaF~
Software\Microsoft\Windows\CurrentVersion
2Lhr*]X
KSp`'
u:FeV
|,Ytv
!>a">{
e*fgO
vq,(,
qR15`
w+WRi
0;x^R3
<-41,
GetDC
gyYiS
o[va}
[/F$p
SetTextColor
EausC
!hs2d
qpDt*
XU_^RL;
J2}kf
KHN U
jbj,6
HCIs&%
oCD[3
K@fam
~_<7
FindNextFileW
5^yo7
;8*wEZ
eqrvc+F
QAjWMz
JVJx
O2o3_
{Xq>u"
A-Fy>
FindClose
osr3s
P$3?,
l/_IM$
^~j:g
[UISaYNd|sg
h8N!V
4*rpt?
ru4@O
g)Ks1
,3dT(
f-]Ul
g*-{rp7+
KB6p
M1gzM
9GWgoR.
g7(/$
MulDiv
1TEzgD
EFkPl
TCPView Portable
.Bt2+
GetTempPathW
yg`K?
|06cN
({#WF
&)IyiI
:*c{BT
[+]7O
o4M1>
*gf^5E-
;+.,a
2Gh~=u>
u{Y:1v
RegCreateKeyExW
e\D<T
-X<~@
incomplete download and damaged media. Contact the
r;>{I
U#_K&
[I4d^oE
:)lk1)
vX95h
Gu6:Zs@;
V?moe
C"e"@
Pp*+oP
B<0crj]
}/zj6
lYj>5
s495
_}>}o
xGS:d.
huM4r
@AO0}
-0:3U
;#H'h3
MtLTYw
Y\>vh%
T@s)h
Xx_D+o
un8mA
\yi?l
e..4J
SETUPAPI
;zJQ6
vSH@al6
A:[bf<"R
9Lc\'o
dUX&/
vpw/}
L7OIN
-Pp8e[;
{?-~L
iDO0.?U
E)&D3
[Hv6r
L~m7j
cWEnl!
4~mi`p
g.SK}}#
'\_=Zu#
GetSystemMetrics
OA]]5w
6Fq&-
f\Tz8E
/ O'Y:
x5}0E
<0:08
gI&?L
wjRJCOov
Czw''i
%}~?K
=7+1JD7cRL@
MJ^3+
uYlL}
Msiq2ad
u(Po5
<1e{s
d'uv0'd
U\T_.
{4+M>6
WwtC'
Z;z8}h
*%4r84Cp,#
ET*-W
Psc=2
I|x|;y
#lMJhTQ6
Kdpy
w?XG<r
ytB8jn
ffz;g
;9*0H
#_IS(>
PortableApps.com is a registered trademark of Rare Ideas, LLC.
B%VlD
5r_h%
djdih
,/Zt6
CoTaskMemFree
GetDlgItem
CloseClipboard
m64ZY[
wG@}$
I+9z1
f?vc[y
XbmBd
sJr@f
$BxhJA
U_~K'L
nqTZ<
MS Shell Dlg
2ZjnA
:FcNlw
9Z^Xf
i.Kal!
sV$43
gZLe*
q:27G
W1`1Q![
6oC+{p
Sv4SC
2EW({
onKJ
'^nm.
2-{Y1
~k4&l
qqK.v
l.G##
i"96F
m*JpH
{F,/e=
.S#!7
UYlZJ
g8K^t
stIwB
<4*F:5L
:7#Uzz
q~q":
GetShortPathNameW
tB*quL
m4!>S
!This program cannot be run in DOS mode.
PGCTl~aD
Zx`!-1
in^{w
sB1Y>Iy
#qx@r
KPmr!96
oZ%pb
j<>3|
*l1 %
FgqM; 8
xPuuA
1r6tx
zwlZV
j'0\)
5JX:H
]Eyl|
_NgaJ
5sui"1
L|5]%]
@Af]WY
"_^/RS
T_Xkd
C4Fc6A
#'yK0
Mf`a?
I;%?[4=
@;>n3&
8CG9*
S^5zkb
ipdK4
^ZJg{
'`*#h
Wt/%SPs,
41:L-
#wX45(
&4Bu"$
6=uj`d\
7*3CB
RB.le
j&=rxI>
$N1 |J
USER32.dll
A[6HWT
^ [2M.
"r(`z7
$olc[
DQ4Nh
pr5nY.FG
;X: P
T:*FrQ
V"}X"
"6Ozd
pm;MF
0P[Vm
FxRi#lo
K1T%&s
|kRn9j9'
z4uy@
"Rr^R
JZJ!5[
dw+Ksk`
PM|h3
?3Jn#
m-^Lk
eBh)ta
P3+#F
jRruj
@9e q
APPHELP
*:I|v
$MwGn.
aTAcE
RjG;F
??3`s
n0PPd}
746!%%A
2et-f
A-z+U,
SVWj"
^IawXBW
E4]:I
z2aTTc
8u5'L
KlN%/s
CreateFontIndirectW
tTJa4=M
A8zx?
#GfLi
^IlU6?
a:wtq
XS@b6
]|@ (d&
$%?NB
RegDeleteKeyExW
%Yk#SWa
~\v.N
f]_$N
z<Cal
[9MvJM
=vdqH!HZ
sRd)H
$9j?!
` k>A
LoadImageW
e7i&e
G.p'p4
|yRoR
g-0tji
IXeP/<6G
Fd\3`
S46Vv
Z];;DVm+2
/5yZ9
4<\r,F
=pePh
\23s*{
1e3;ub
wE~d0H
"/~~1LJ
lstrcmpiA
Up/R_
I~Umd2
e]"xj1
P||eT
KPZ\I9
P@_4%7
K*:y>a.
L(<xz
Ikf<#
HS9vz
f~Lz4
GetCurrentProcess
pSp./Is
v~yme
hAN-ow
l|oR3
Jd;/9
Jc6m;
u7f1^
@>F*E
7k 4E
[QwAG
pFOOHSNNSMFB&%
aRcG~
:Z%A|
dKSYt
SHGetFileInfoW
5O7sb
#(Ft}
B8X&r%
H!%q!
FIoJ_
O9zx%<
#9$0N
@Dg`|"
mQ`xN
+)_Jq
$eh@>n
.ndata
7m v2
6=Im>
bfw78
|([ze
qenlcq
GetClassInfoW
xuXl?
a.<kG
{@FQx9
!H{$\
Pxkv}
Bv}t"
_RA2V
R6br_?x
.p]q&P2
^0w2KY
&9f1X
'oveZ
o%Why7
te||++
N?@>C
e,CKJ
waq#+5
awdPy=y
cPZn(
zi\2P
371w
/Dr!s}
HOW-g
MSs34lw
dZ)Qv
s76$n
r+ H*
2%M5[
GA=;KJf
{'LPa
oZ4W?
ybZCE
ScreenToClient
{7]I`
ZU;em
g,a7)
='xYW
http://ocsp.comodoca.com0
Translation
vhmlF
X$u$!
]mMk4L}u
J-xggt
="jK-W
9B`/G
9O7(6~Q
5Z{.3
^4IIY
)w}QZ@
%s%S.dll
OleUninitialize
%EE'DP
wgkv0
0:;`H
fBUR@
pEY88
mJ zA vT
$DVvn
CWVWin|
FCK{YY~
.Tzxl}
!SA_3
oa?1uc2
GK|%b
'tC3u
N,L/!
)'+zK
sS6^Pt
bIXNw
&>%J88j
v2oc>
'gd?>
E}S/N
/[63)G
rG4T\`n
WNB![
f~QI2jO
GetTempFileNameW
ProductVersion
Yxw4`
R >);
9H\ 0d
oUbgo i
k1hAS
sz4pN
k='U+cF
\:B ~
)PXi;-2q[7
R4q L
oO"to
8u+j!
e2?o;d
K6#hqHx
y>Aau
Instu`
k]m85^
N]!0T
|^4dG
xU=E1
WPy<p
rRj;B7|
av.-{
k1UYA
+-]q8<t
="R$6>
\i83M
}{wix
@/O4Jx
;r}2\0
ShowWindow
tn\x!OTn
The USERTRUST Network1.0,
=)a&n
1-nHB
RichEdit
Q8:tU
*!=hX
-vRQ~
RZdBD PS
3.1$WR
)}6A<)
0=-]t
omM?Z[
01;*W
%5P<>_
_#2Jbw
-a.-T1
0*"?%%B
3:,cq
$asCL
y/>?%
u{U:t
px:fSs
i'7zs
.`K n
'4)|r
1rrEf_
0{F6M<
b*-aE
wP0V0
5OY}8VK
sm)>4
#LT&po
,O>q4
@)lm`=
?zGJJ
Vk-`M
<,Yvn
4;5#"
DcMzy\j
)@~EN
3G/BL
D>Fz/*
On[/|
m_&$t
As=rq
EBP~6b
*U01kx
pID7ve
GkcPUU
h9v8M
-ll_>
4<Zyy
hs$~H
lE|p7
ZE*W\
owsz0
8FuH_|
|&jhQ
jZarV
YToEso
t}nUw
_)=(e
by/1YZ
BydJ"
BV/n}
'v2dCM
uC8|[
NeC ;
?LK.'
iX&==
_oQJ@
%?R#`
m3h`~a/
llz F
!l|]R~!
>+ ::#
UXTHEME
^%)dg
R9"y9
mS&@4~
a!<FV
H@uFF
fc8?g5&
a]7LuU
<1=Gg8l
V`Lv4K
85HO\^
*Unoe
1P"H?o}
@KSU?
R"/T(
+mdFy+
R`IW:
1@i"?
DWMAPI
/"n8"
M|*%W
<'~!1#
`jc2NS4
,DsHL
$fnrA
tnyU6E
S>i!;ww
}I{<L
/j4'H
eR GL
d' J6bT
X}r l
i$w*"
~2"N?IV
6d)[m
LookupPrivilegeValueW
@g 58
;OUWP
f+2Lz|B
}r%&/
\Q_u&
zP(NP
E}gxjQH7
DX4T3i!}
2%{aI
mK3~RO<
CharNextA
C*_*y
XB}.g
"1?2,1$
qJvly
v?'b^
pCf]i
X7E5s
N0A(,Y
-2%<C
IwNl`
U9i# ^
H/(@Bp 6
Hj\("
Ff Eo
:Vv7-
7U(.X6
9pj(OM
fA P|
0/>.u
MG@.USd
+.-DKZOL
Ci3AS
IIDFromString
>`PoL
wrj'Lw
Lpz8V5
kIL;"Rf
{qEWs
2sY+F
n[g6bu
Qj$k=BG
QXI=>$O
{W7$K
/+Zi~/[%
gq]!QQ
nh'G\"
T(*_"W
iE,eV
c)444
Po0 \
C@4o}
kT@=L
;-*<f"
uoNEl
,#+mm
f58ksIN
T5S2>(
3B5?oq
Sxs4J
*4'f`N
0VyK=
l~0z^k.
HsoJ?
M,:lW
0=\5(
=7sa<K e_|/
x{g259
Yu[p")
Fy*YR
~9l\(
QLr_y
~RcS(
-cUXK4
VP {K
GetLastError
/n%=>
$$/$Y
Sectigo Limited1,0*
3&Il7
[r0s8
faH&/
#"]O6V
t,$t3
h|y=C=*
)Q,C}
{\o.#`
%owBv
[Zb>O
FML~JY
s4R-T
l0[_l*
E>nZ_
Mm.Bo
0-'zX,[P
9{`zy,
zcP*W
>^6V6?
Fh2O-
O5'nb
d20(X7
T"@epb
QNpTq
(R'dT
Et|;g+3
mfp($
z$y>w
HDFR4,
,ze[`
g6V-[
HH?Zc
d^H3M%
+&/d,-U
*~!$;
#f^Z,
aiP[+p
Mr)~:
281231235959Z0V1
XsX~R
(57jT
^5hu9
z7fK\PVy
[}FR(
*Ujrj
"|Z.k C
,<v~[
IUSl]
N!yg<
O@ntBz.
N6X7<g
y3baR
fXh'F2
VTxzM
=_Rg@
K~Rr7
RK/NJH
'(l:j
pZ*|N
'#kb=
~)3R#
ts7!:o
3d&*`Yw
NkFkb
$C{ul
KAh,/
884B=
"1F.;jQ
g6V_pJ
03,8z
MM! A
ElVXLv
/3F-?
]a]a]]
`.rdata
*v6e-
n!'BL
!2^Z@
qB;S"
8MN0Z9w
6EXn3
Fa#]E5
Cu3s@HVX
ed#>=
wtWTF
c4m6h
5:xL<A|
dQH/XUTN3'I=
n`xDF
kAZ\O
M'%?o[
4C`^M
2@Gs&
!0149<
RegCloseKey
GetSystemMenu
ud#h8
dnRt%
H 5O0
PT'/v
9c@{(W
,\:tI^
Fw/{PK
;o<"R.
+2!Zw
|.uc7
?Hw(!0Z
+LC#Uh `
ksyUAu
V@93s
Ok@#{
CT3<y8
g[Fi#A"|
X.2kb
PI/IP
=Axx4
~*{E]Ak"
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | Compile Time | Import Hash | Icon | Icon Exact Hash | Icon Similarity Hash | Icon DHash |
|---|---|---|---|---|---|---|---|---|---|---|
| 0x00400000 | 0x00003640 | 0x000ef81b | 0x000ef81b | 4.0 | 2021-09-25 22:04:50 | 61259b55b8912888e90f516ca08dc514 |  |
2c09465cc979677d65781d9403176c31 | 5c00f471cce984e3b873ef9ade242aed | 71e0e4b8cccccce0 |
Version Infos
| Comments | For additional details, visit PortableApps.com |
|---|---|
| CompanyName | PortableApps.com |
| FileDescription | TCPView Portable |
| FileVersion | 4.17.0.0 |
| InternalName | TCPView Portable |
| LegalCopyright | 2007-2022 PortableApps.com, PortableApps.com Installer 3.5.27.0 |
| LegalTrademarks | PortableApps.com is a registered trademark of Rare Ideas, LLC. |
| OriginalFilename | TCPViewPortable_4.17_English_online.paf.exe |
| PortableApps.comAppID | TCPViewPortable |
| PortableApps.comDownloadFileName | TCPView.zip |
| PortableApps.comDownloadKnockURL | ${DownloadKnockURL} |
| PortableApps.comDownloadMD5 | 3c883a624409f03cb1f35b8a6d4e39ae |
| PortableApps.comDownloadName | TCPView |
| PortableApps.comDownloadURL | http://download.sysinternals.com/files/TCPView.zip |
| PortableApps.comFormatVersion | 3.5.27 |
| PortableApps.comInstallerVersion | 3.5.27.0 |
| ProductName | TCPView Portable |
| ProductVersion | 4.17.0.0 |
| Translation | 0x0409 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x00006676 | 0x00006800 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.42 |
| .rdata | 0x00006c00 | 0x00008000 | 0x0000139a | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.14 |
| .data | 0x00008000 | 0x0000a000 | 0x00066378 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.11 |
| .ndata | 0x00000000 | 0x00071000 | 0x00194000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x00008600 | 0x00205000 | 0x00019cc0 | 0x00019e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.51 |
Overlay
| Offset | 0x00022400 |
| Size | 0x000cc1f8 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| RT_ICON | 0x00205388 | 0x00012524 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.98 | None |
| RT_ICON | 0x002178b0 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.17 | None |
| RT_ICON | 0x00219e58 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.51 | None |
| RT_ICON | 0x0021af00 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.70 | None |
| RT_ICON | 0x0021bda8 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.65 | None |
| RT_ICON | 0x0021c730 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.02 | None |
| RT_ICON | 0x0021cfd8 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.67 | None |
| RT_ICON | 0x0021d540 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.84 | None |
| RT_DIALOG | 0x0021d9a8 | 0x000000b4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.72 | None |
| RT_DIALOG | 0x0021da60 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | None |
| RT_DIALOG | 0x0021db80 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.68 | None |
| RT_DIALOG | 0x0021dd80 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.91 | None |
| RT_DIALOG | 0x0021de78 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.93 | None |
| RT_GROUP_ICON | 0x0021df68 | 0x00000076 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | None |
| RT_VERSION | 0x0021dfe0 | 0x000007f4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.48 | None |
| RT_MANIFEST | 0x0021e7d8 | 0x000004e1 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.29 | None |
Imports
| Name | Address |
|---|---|
| RegCreateKeyExW | 0x408000 |
| RegEnumKeyW | 0x408004 |
| RegQueryValueExW | 0x408008 |
| RegSetValueExW | 0x40800c |
| RegCloseKey | 0x408010 |
| RegDeleteValueW | 0x408014 |
| RegDeleteKeyW | 0x408018 |
| AdjustTokenPrivileges | 0x40801c |
| LookupPrivilegeValueW | 0x408020 |
| OpenProcessToken | 0x408024 |
| SetFileSecurityW | 0x408028 |
| RegOpenKeyExW | 0x40802c |
| RegEnumValueW | 0x408030 |
| Name | Address |
|---|---|
| SHGetSpecialFolderLocation | 0x408178 |
| SHFileOperationW | 0x40817c |
| SHBrowseForFolderW | 0x408180 |
| SHGetPathFromIDListW | 0x408184 |
| ShellExecuteExW | 0x408188 |
| SHGetFileInfoW | 0x40818c |
| Name | Address |
|---|---|
| OleInitialize | 0x408298 |
| OleUninitialize | 0x40829c |
| CoCreateInstance | 0x4082a0 |
| IIDFromString | 0x4082a4 |
| CoTaskMemFree | 0x4082a8 |
| Name | Address |
|---|---|
| ImageList_Create | 0x40803c |
| ImageList_Destroy | 0x408040 |
| ImageList_AddMasked | 0x408044 |
| Name | Address |
|---|---|
| SetBkMode | 0x40804c |
| SetBkColor | 0x408050 |
| GetDeviceCaps | 0x408054 |
| CreateFontIndirectW | 0x408058 |
| CreateBrushIndirect | 0x40805c |
| DeleteObject | 0x408060 |
| SetTextColor | 0x408064 |
| SelectObject | 0x408068 |
Usage
Processing ( 34.17 seconds )
- 33.369 ProcessMemory
- 0.715 CAPE
- 0.081 BehaviorAnalysis
- 0.009 AnalysisInfo
- 0.001 Debug
Signatures ( 0.07 seconds )
- 0.008 ransomware_files
- 0.007 antiav_detectreg
- 0.006 antianalysis_detectfile
- 0.005 ransomware_extensions
- 0.003 antiav_detectfile
- 0.003 infostealer_ftp
- 0.003 territorial_disputes_sigs
- 0.003 ursnif_behavior
- 0.002 antianalysis_detectreg
- 0.002 browser_security
- 0.002 infostealer_bitcoin
- 0.002 infostealer_im
- 0.002 poullight_files
- 0.001 bot_drive
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_keys
- 0.001 geodo_banking_trojan
- 0.001 uac_bypass_cmstpcom
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 infostealer_mail
- 0.001 qulab_files
- 0.001 masquerade_process_name
- 0.001 revil_mutexes
- 0.001 modirat_behavior
- 0.001 lokibot_mutexes
Reporting ( 0.01 seconds )
- 0.012 CAPASummary
- 0.003 JsonDump
Signatures
Queries the keyboard layout
Reads data out of its own binary image
self_read: process: TCPViewPortable_4.17.exe, pid: 2520, offset: 0x00000000, length: 0x000ebcdb
self_read: process: TCPViewPortable_4.17.exe, pid: 2520, offset: 0x30785c246331785c, length: 0x00004000
self_read: process: TCPViewPortable_4.17.exe, pid: 2520, offset: 0x30785c636636785c, length: 0x00000004
The binary likely contains encrypted or compressed data
section: {'name': '.rsrc', 'raw_address': '0x00008600', 'virtual_address': '0x00205000', 'virtual_size': '0x00019cc0', 'size_of_data': '0x00019e00', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x40000040', 'entropy': '7.51'}
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 2520 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
C:\Windows\System32\kernel.appcore.dll
\Device\CNG
\??\MountPointManager
C:\Users\Packager\AppData\Local\Temp\
C:\Users\Packager\AppData\Local\Temp
C:\Users\Packager\AppData\Local\Temp\nsj45C7.tmp
C:\Users\Packager\AppData\Local\Temp\TCPViewPortable_4.17.exe
C:\Users\Packager\AppData\Local\Temp\nso4683.tmp
C:\Windows\System32\TextShaping.dll
C:\Windows\Fonts\staticcache.dat
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\System32\imageres.dll
C:\Windows\SystemResources\imageres.dll.mun
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\WinTypes.dll
\Device\CNG
\??\MountPointManager
C:\Users\Packager\AppData\Local\Temp\
C:\Users\Packager\AppData\Local\Temp
C:\Users\Packager\AppData\Local\Temp\nsj45C7.tmp
C:\Users\Packager\AppData\Local\Temp\TCPViewPortable_4.17.exe
C:\Users\Packager\AppData\Local\Temp\nso4683.tmp
C:\Windows\System32\TextShaping.dll
C:\Windows\Fonts\staticcache.dat
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\System32\imageres.dll
C:\Windows\SystemResources\imageres.dll.mun
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\WinTypes.dll
C:\Users\Packager\AppData\Local\Temp\nso4683.tmp
C:\Users\Packager\AppData\Local\Temp\nsj45C7.tmp
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\TCPViewPortable_4.17.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\TCPViewPortable_4.17.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
Local\SM0:2520:168:WilStaging_02
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.
Sorry! No process dumps.