Analysis Report · CAPE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Options	Log(s)
FILE	exe	2025-06-11 22:01:51	2025-06-11 22:32:55	1864 seconds	Show Options	Show Analysis Log

procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1

2024-11-25 13:37:15,350 [root] INFO: Date set to: 20250611T16:31:36, timeout set to: 1800
2025-06-11 17:31:36,809 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8
2025-06-11 17:31:36,809 [root] DEBUG: Storing results at: C:\uyHCokWh
2025-06-11 17:31:36,809 [root] DEBUG: Pipe server name: \\.\PIPE\IpEgLKC
2025-06-11 17:31:36,809 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32
2025-06-11 17:31:36,809 [root] INFO: analysis running as an admin
2025-06-11 17:31:36,809 [root] INFO: analysis package specified: "exe"
2025-06-11 17:31:36,809 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2025-06-11 17:31:37,137 [root] DEBUG: imported analysis package "exe"
2025-06-11 17:31:37,137 [root] DEBUG: initializing analysis package "exe"...
2025-06-11 17:31:37,137 [lib.common.common] INFO: wrapping
2025-06-11 17:31:37,153 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation
2025-06-11 17:31:37,153 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPo.exe
2025-06-11 17:31:37,153 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2025-06-11 17:31:37,153 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2025-06-11 17:31:37,153 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2025-06-11 17:31:37,153 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2025-06-11 17:31:37,387 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-06-11 17:31:37,403 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2025-06-11 17:31:37,450 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-06-11 17:31:37,450 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-06-11 17:31:37,465 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-06-11 17:31:37,465 [lib.api.screenshot] ERROR: No module named 'PIL'
2025-06-11 17:31:37,465 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-06-11 17:31:37,465 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-06-11 17:31:37,465 [root] DEBUG: Initialized auxiliary module "Browser"
2025-06-11 17:31:37,465 [root] DEBUG: attempting to configure 'Browser' from data
2025-06-11 17:31:37,465 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-06-11 17:31:37,465 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-06-11 17:31:37,481 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-06-11 17:31:37,481 [root] DEBUG: Initialized auxiliary module "DigiSig"
2025-06-11 17:31:37,481 [root] DEBUG: attempting to configure 'DigiSig' from data
2025-06-11 17:31:37,481 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2025-06-11 17:31:37,481 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2025-06-11 17:31:37,481 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2025-06-11 17:31:59,841 [modules.auxiliary.digisig] DEBUG: File has a valid signature
2025-06-11 17:31:59,856 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2025-06-11 17:32:00,294 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2025-06-11 17:32:00,294 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-06-11 17:32:00,294 [root] DEBUG: attempting to configure 'Disguise' from data
2025-06-11 17:32:00,294 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-06-11 17:32:00,294 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-06-11 17:32:00,294 [modules.auxiliary.disguise] INFO: Disguising GUID to 9b7cdcea-e4d9-4c24-8a0c-bc615bd315ed
2025-06-11 17:32:00,294 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-06-11 17:32:00,294 [root] DEBUG: Initialized auxiliary module "Human"
2025-06-11 17:32:00,294 [root] DEBUG: attempting to configure 'Human' from data
2025-06-11 17:32:00,294 [root] DEBUG: module Human does not support data configuration, ignoring
2025-06-11 17:32:00,294 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-06-11 17:32:00,309 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-06-11 17:32:00,309 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-06-11 17:32:00,309 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-06-11 17:32:00,309 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-06-11 17:32:00,309 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-06-11 17:32:00,309 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2025-06-11 17:32:00,309 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-06-11 17:32:00,309 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-06-11 17:32:00,309 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-06-11 17:32:00,309 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-06-11 17:32:00,309 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-06-11 17:32:00,309 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696
2025-06-11 17:32:00,341 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini
2025-06-11 17:32:00,341 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2025-06-11 17:32:00,341 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2025-06-11 17:32:00,341 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor
2025-06-11 17:32:00,341 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor
2025-06-11 17:32:00,341 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor
2025-06-11 17:32:00,341 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-06-11 17:32:00,341 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\pQxbIz.dll, loader C:\tmp_gell1p8\bin\EPCPTrhb.exe
2025-06-11 17:32:00,387 [root] DEBUG: Loader: IAT patching disabled.
2025-06-11 17:32:00,387 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\pQxbIz.dll.
2025-06-11 17:32:00,387 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'.
2025-06-11 17:32:00,387 [root] INFO: Disabling sleep skipping.
2025-06-11 17:32:00,387 [root] DEBUG: 696: Full process memory dumps enabled.
2025-06-11 17:32:00,387 [root] DEBUG: 696: Import reconstruction of process dumps enabled.
2025-06-11 17:32:00,387 [root] DEBUG: 696: Active unpacking of payloads enabled
2025-06-11 17:32:00,387 [root] DEBUG: 696: CAPE debug - unrecognised key norefer.
2025-06-11 17:32:00,387 [root] DEBUG: 696: TLS secret dump mode enabled.
2025-06-11 17:32:00,387 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542
2025-06-11 17:32:00,403 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable
2025-06-11 17:32:00,403 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0
2025-06-11 17:32:00,403 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF822E30000, thread 2704, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000
2025-06-11 17:32:00,403 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe
2025-06-11 17:32:00,418 [root] DEBUG: 696: Hooked 5 out of 5 functions
2025-06-11 17:32:00,418 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-06-11 17:32:00,418 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\pQxbIz.dll.
2025-06-11 17:32:00,418 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe>
2025-06-11 17: <truncated>

Machine

Name	Label	Manager	Started On	Shutdown On	Route
win10-2	win10-2	KVM	2025-06-11 22:01:51	2025-06-11 22:32:39	none

File Details

File Name	UUID-GUIDGeneratorPo.exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
File Size	802696 bytes
MD5	d480b0016d88152f1e5036a96024e1a2
SHA1	f049d89b8070851be6764a609058db78ee961c60
SHA256	85b3a95732635980c9f0c522c5c5c46c051206ccdb9891188816c4bedeea4c1c [VT] [MWDB] [Bazaar]
SHA3-384	5df695e64e83698eb73dc0c62dbb260704586ed4f4ff96a8d441545a52e53b599b3f1b3bfb764dd39af6d6579af0dd04
CRC32	F97DA589
TLSH	T1D4052342E7B486B5E5F14D746BBA2D1217BCBE210C369C4B6108AD8E393C7618664F2F
Ssdeep	12288:jEDr5nOE4wrhbMYJbysO7EdgyFZzSlh4wfF0P4iMRoap+jycr+LXh+qa5w1nwN:jy9DFzTFJYh4yF0giaYjycSFtKGwN
PE	File Strings BinGraph Vba2Graph

VirusTotal (0/73)

Full Results

Engine	Result	Engine	Result	Engine	Result

NT%#c

qfbH1

RXQp6

fNVWHi

@.data

Yn~' GG

Rare Ideas, LLC1

,Kmi{

SelectObject

yW|ZX

;5Q_/`

dqCX,

Thawte Certification1

IsDlgButtonChecked

jlk!e9

/.Ka6

4?IKT

`|eJl

8A_q~

|gvd]

Me<oj

_Nd8=

V?V7B.

)-|hD

nL\^=

^IGEf,.

$i}q?

[rURk'Qt

7'M=F

8R|M

5VqXZ

;jKoo0

O)Yn.

EK2"/

D{{9~

4-('8:2

m[aYW;dr9

k,+;fa

wyG,$

SUVWj 3

*e8Q2

[LzpO

ARD*)*Z

2@PMV

$^U*C

HkGHR

l\v2^

~n'{#

pX,W8-

lqK[m

+E?J;

x)9JRe

7*Go@

8Na!]X2

CreateWindowExW

~tq7]`

WritePrivateProfileStringW

vCgJ[

H|p.?B

v^%hnM

UQN$r

ix.MWT8

EndDialog

7EhxqG#

0`B2Z

#GO=b\T_

f-6wm

1/'b1l

SetCursor

RegSetValueExW

;ri ~

Ot+Ot{v

ee~iOfR*

ZL$&a

`9|NV

Version

7L#i:F

*,Va37o

R]Ocd"

K6Gy>I

r[A]<,

[jue.

X,*p$

~',ik

AwQo:

F'iTE

Rw+L(6

9.>t[

x%^iG

^^eSi

Uao~

}VABx

/IOz3

RMjJ9S

GetTTFNameString

CreateBrushIndirect

!G"be

IW'gh

a;^nk

@%p^q

@Y^}l

New York1

iFDd#

e8I~V7

u>`l,$0

Da5V} #

bRz)9

,iCvj$

;Y]:)#

bwf}(

B-o@mm=

q(E]:

U";!\

DO>>L_h

#gC r

`.2woVO

>A,JC

aq4j"K`

bs/b}

Fvt{"

w&,k:J

q/xp4

<?8kt

6:TMk

Q`mJ%S

UHK5r

R{a;DvAY

Error registering DLL: Could not initialize OLE

6,:@d

LoadLibraryExW

File: error, user abort

=0=f=w=

Wv;Ej

W`_I-

CIoqd

:7?o

IiP31T~

g.0`c{)

To[1HC^

9]XRt

$03C5

*&!X:s

LQ;_o

100091

9%ACWZ

\F>p^R

d$M9p

~>nh5

D$4+D$,P

:e@$NR

jPOPLXmjVKKWMEA'n

d|~O%

@x1MU

XK vDus

T9Wl?

Ve!*e5

VeriSign, Inc.1+0)

SysListView32

Lx_.?

s3U);

3S;Z&

I+=j+

)"4}@c

=i/<j

H~EYv

STO*1

ood:Q7

x5csC

1#101>1J1P1U1[1f1l1

E[%]n

1r2p2

*i\=G

I1^GU

08.UW

"=9-!b

invalid registry key

%u.%u%s%s

qv{`H

+bIe4A

LoadLibraryW

O9B"Py

An4pb

{X7.C/

V(}*R{TI

]2](L

i\AZ(

{!;[r

1H/t4F

| d`5,c

`pE!DC

qX`pzI.

qPXUq

.vH)<

xy,dU|zw:

USPK.

oZIhD

@ bG2

R>,n

~'z5{

saG$3

pHy(G

?;HZo

^NsE

E-_KgUV

T0/~Aw

-aI_9

(=iMx

:2NL1

Nrh^8`

3KBG'!

?;A>#

wKvV!

:JuN:p

-qs8"y

n=(V&

"ymJff

Htj:p

verifying installer: %d%%

$>T<|

j`|FB

plx~$

_Hl5

ypYCe@~

?%?xJt

Oe_jn

Y_PDy<

m&_N/

FillRect

D6]'%

'0_9z

McKB$

I#pUL

XWZ4SD

\2FJ6

4#464G4g4~4

xGC|2f

$YMEs~!

v|xEg

unpacking data: %d%%

Fl0Bl &

.yZ @

:]"7L

3De51

4$<bz

JQ/?3ii

1?y9yW9yA:

T)L7N

YFua@~x

]\>9nn'

WQ6&8R

5G5=J

_\Fqt

D+<v&

6.646B6H6Q6d6

ZuE?p

PX:`#2Nl

LoadLibraryA

IY<c

Dl|{]

S^wM#7h

Q?t-X

=r?N9S

5n`|C

*<1zy

rswq%

<g'Ez

q=CSd

%wG9pF

*D@3hc^

<_ymS

bZW}V

OHm4B

6e1S?

SetFileAttributes failed.

&Skt#"

~QJv]N

323V3j3

67o>|

0],m4

ZVxl1

nk$'5;x

SHFileOperationW

K2e`*=a/

%@1U)8

nyKF)

)TbRP

[}8-g

Crril%

MoveFileExW

4(vCu:

v-JXt

E*{#v

GRJ]COZ

7YD>I

4%Uor

SX.RTj

<61W:=l

27uw*

t>@/5

)C|:];0T

6ywU

af*eD

@]3LR

File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"

,b{>Q

mc`SS

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d

C2xGy

U>O-]

m(m`~

;EyNS

1E?S"

5A+-M

v1n%e

7ZO,aO

e?a$"p`Bkqm

:tkkk

? ?K?

=bvZh

_+egCof

HKEY_PERFORMANCE_DATA

pD?>A="

eBjd-/

F;"Tq

>_J2&I[

{XN/f

AP3H'

WriteRegStr: "%s\%s" "%s"="%s"

K_`D]1

uHsw^

t$(WW

1.!7X^V\

xX1XA

V7Om)[

BtHj6+

(V$x8

_%hZR4x

"jCp?

2KPv>

4A52[

*$HA~V

"VeriSign Time Stamping Services CA0

WYs!p

z5, *

;L;V;b;w;|;

Y$H{p^G

UeXa*99WM

}-3-]

c d,'

em^_!

}SJu#>

CoCreateInstance

%s=%s

GetCommandLineW

XyUxf

N4'2+

(pnRu

7\IE,)

sko`K

*LpwH

,tpwC

'!;"00

Rename: %s

qUSh9

OjK|gz

AX7/E

k4s}J6

|gwC%'v

$-LpA

+aSW;

NullsoftInst

wl8xl&

\bvv]zz`

;u)dY

6B'Hh

t$,VW

GetFileAttributesW

K=X'Z<RC

:h=pf

*xa9wS?I

\*2wc

\Temp

PortableApps.com

`U!@K

4%444@4I4X4

2M]/$i'

BTf*6

}c.yM

Ed+EL;E

CompareFileTime

Q[a,@

-IgAJ

RMMRIB6

AMPr_Y

Rename on reboot: %s

ocxymD

kQt-0

C+?xt

|BfX?'Fh

Ja'X~

"x5M0

3.0.3.0

Y_[1)

FtYr$

E'v:B

gOCmO

1b[&g

http://ocsp.usertrust.com0

z[Eb){4

q*H=}

25(i.*

%02x%c

31,\O

J|XAH

}6[Dt

F +?T

RMDir: RemoveDirectory failed("%s")

cL(/y

?#?F?Y?n?z?

DispatchMessageW

r4:Y>

1!1*1

!T~L-pu5

@C'Ocw0"

",L*am

,0*0(

%.=&I

uR?iR

#lmwk

fcirVm+

YWV9]

Uv}!v0

4!hBJ

!K[<c

d<J3mm

CreatePopupMenu

@Ng7_

3O!B'1

WriteRegBin: "%s\%s" "%s"="%s"

]2`Ag

FileDescription

<|0"@

121231235959Z0b1

>,WRJ

6fii-

6(sB%t

Bl.8<

XbwI6&gy

1YS0(

75B.u

ZdLRa\

5M895?

-gIdw

d+'s5

>1iT=TkD~

j'_FtYDk

iUxsv

eOG >

}?o`P

:!I@*

BeginPaint

AQ15>_

PWSVh@

[;vVY

3-y[s

+g57,

[~\0#

k:ZxX

MCM,<d

^fVI6

+1 'H

0kfaM"f

mGe1!

Z4~~P

<S@Q9=

ig_fB

0(23y

bw$%1

6[DX<

6ylu%

X~V<>

pkg#"

,o\Ix

$CE1l

-4cSa

FZ`t$YQQ

G(v};

A}\E#

kI>Bu

zRy)L@

EwDd8

HKEY_DYN_DATA

,WbF@

#`c={

lstrcpyA

SetWindowLongW

g5|6I

'z9OW2

logging set to %d

UUID-GUIDGeneratorPortable

AdjustTokenPrivileges

a+[JY

GetFileVersionInfoSizeW

%{~D0n

B>3|

Kfiua

+P 8_

UTN-USERFirst-Object0

0c`dO

^/`Ys

Lyc}\bi%|

w0jcb

>J<+R?4

]-D0+

MG>BJI]

I'(eA

b"ec0

Section: "%s"

3[Xv^&

*?|<>/":

CF"`=

;0907

5Z]-K

e767;%peJ

$I#$1

${)*p

3c<S_

68x|}

Kbv75>

6BK`+

j?x3~'(

}JI)J_

85'RT

qj;LBZ

v\}XZ

"odJVe

zD~Mz

;?#b?

5o6K-;

Ed`!z

6fi*'

Ly9+S

@d$]y

@JWd0

@dr\q

)- bc%

kg"5Po?

Aborting: "%s"

A/^^p

olw'z

%8$JV(

&wCn]

gT(xza4[

AW89^{|

3iAq2

YjpdopO<j

gx7+JG0

_f5sfv

7{M7Fa1

GetSysColor

]31]{

CharPrevW

;+<P<w<

cgHzA

kV?]~;

(P.;E

j?JHA

"l)$<

Q))0k

M$qGD

Greater Manchester1

rC]4\h

rZZSJ

\p79EA

&$u3!

3F'ZF

8,888J8e8y8

9_y01

FLbaV

};BWH

uWejP

W-/EtY

VbY:b

!Vi;dvp

<Xk~3

5BRFV

n&L9!C

[-Ec@

/j1S*

{{$h4

V_xJ|

NT$^o

e"]l[

O D,IU

i)Vue

Z>m~#|

wKPP?

WriteReg: error creating key "%s\%s"

X?Kq6

uY->r

3_*TX

plOlM

lbg(1

6oA+h

M|b-=b

=[CR,

, '-c&

RR; ;

W`G?/#

yD&hB

r2/>WmV

`v7Fi

6&<Xa

;r=R[*

,LC$g

6Z^ad

j*WrZ

D/!w@

7Zr {

?KMC.

@;vps

IfFileExists: file "%s" exists, jumping %d

BBL#%9

'-)(X

?14>&

I',CQ

GGg]OQ{

.?>1oy)

Salt Lake City1

F%D`(

P ;e$

RN'mu

@CO&g

3CwB5z

;%2.#

`<w-`

M}!.v

4@<dj

? Cf;

tcsgx?

Y5~g*

p,l'#o

C`[MD

a$2f3Su

69#mV

Western Cape1

556hsLG

>PjXvG

e;WOKb ,}k

4VH<;

w!KiRk3n

(`Bl_

sEJLL

GetModuleHandleA

4/,5A

RMDir: "%s"

^3_d`

s6MsbG

#uky{b

m~etl

';:X<

SetFileAttributesW

6bBLrWEN

@<de9

=~nyg

SetDlgItemTextW

XCxO4

,75@X

2[B]{

iN:DbI

^-A3Uc

Iac}#qn

[Z$Mhx

JFa6o-

rVL;X

-)Uh)Ul3

's?zcrs

39uN%R[

GetModuleHandleW

gpZ$B

R;h5_*

DgaEq

GzE9`A1

7uL2i

|3oiN

8oK40

wvzPg

'w>$y

t]7a,W

WVo%#4

https://secure.comodo.net/CPS0A

Rf\Hg

[>`veW

#2&'Iv

[3eN;

aCa6A

eu)04^

AT8D}

w|5Av"u

y4Fn\

t4A4B

.rsrc

{d-4eX

!BjMI

"'f/EH

<3<S<X<c<k<w<~<

~` >o

.nS;/

);.UE

;{[(w

8RUHJ

=?mb!{.W

irB8D

R]#zDU9

bALg`q

a8!KA

z1x_6R~D

A:mIHN"

tjJ.B

"92yd

L K$sW

8'> +

OriginalFilename

]Xq#BL

5On6C

l;WIv

}"8"?.

*r_$V'

PT!Ke

D9!LU

.{ v[

^fmLr

'iG|7JN

D>E%V8a

`qgIXUz

h'hDm

KxCKE$

U1.VE

131203235959Z0S1

QB#a_

8@TtY

ri:?_J

MqT~x^^c

J%ywl

:(:.:@:F:L:R:Y:_:g:r:x:

0B>i#R

qjpZL

vU^6ix

)'G92

QHSS}

,3)N7c

/E+|gJ

4(515

p\cOdK!1

IA(}x

$rEt!x

fWgFQ

Zdd]z

-aS-%

V24mp

zZ'rL|}

n/)).j

m,+g&

IDBD $DQ47

j>t7B

+2zqQp

V5x!4R

2y,l%

*ZLHij

a ftS

;(Xm#

B{{Pq

QB{1\

h>tv/

&5.AV

GetFullPathNameW

X_r}U

KihJ@

;zhy%

#B-EG

z\<c2

Ok?O^

iWsC=

,wDqZd4/K

EnableWindow

,gLG#

4E7:W

<wvL~

7y}M"

;$ezr

\Microsoft\Internet Explorer\Quick Launch

$|Zkz

Be~iy

R~!EG

3nfZ^R7

;+EnC_

Pop: stack empty

g["tP

9Dn2a

;:ihd

B'TdP

CloseHandle

oQ2vL

WL6[e

ob%!b

D"QA2

!;p,M

@.reloc

!:5<~35\

}:+C9

y1,4!&

f`]ZA

sr$xg

#E7o(b

.!bvn

"iqE/

0?;S?

"KJpw|v|

;~lXK

^0#"UC

%s#OI1

5"5/5

y`i^TG

(e`@o

_Zkya

ZW4B}X

:mYH3x

v3B;!

C}6R0

9]Yba^}

^'U[,

I"UvN4

JeC}^

RegEnumValueW

w^}CB>

a~/}7

!@xcx

0:MoZ

G)xSz

SeShutdownPrivilege

Bt:L:

0X$o)

?@Lne

KYybU(o

\Z9<q

$hp{OO

lyOZ&

=(h3%

dfz~xk

?-0jxH,

<:;t54]

+LKIPb

*N5@M

3-3:3G3T3a3n3y3

g#l|C

enZMj~

*uL51

P68,=

c\Q!)

"qK-7

k;T"d

}5$mT~

c{:qv

NSIS Error

TU]USQY

,Aa[u

".cZS

C6uqQ

CharNextW

+R]Q%

/L,`8x

x+bIzX

-pDyv

120501000000Z

9E9V9

ld.Q@D

8A~/.

]OL/x

3FMcD%abAk

f0d0<

CreateDirectory: can't create "%s" - a file already exists

The USERTRUST Network1!0

K>>3T

8=Jgs\

lAml6

y?'lirY

(JN*=\

r$l?8

cb~|1?:W

,OHX$

z'!v$

E:7O2

4#4*484C4O4f4m4x4

RBzmo

.text

D%\n.Ftp

yR*%Q

b0<:=

TlAhZ

8>;-=

9;In<7\

I^?-c

$2wlF

lstrcpynW

c[S&-T

Z[sU9

0)#>j0!

O+)X!X$

P{nlmP

V86Cf

Wo(eO

&_!Mtm8

DeleteRegValue: "%s\%s" "%s"

gocn5U'U

} iF6

CreateDirectory: can't create "%s" (err=%d)

F&Zm*3

m_!]1

>ib@R4

SetWindowPos

KS4/

NC9SS

RichEdit20A

U0pv4z

Hdp/q

GetDlgItemTextW

aYNde^RgHB6

DC)_d

TrJ{Wc

=0;09

'=z<E

2mDd`4dm

47/LQk

NO$x[ubN

9\{g(

uk"uJc6

61.]lkY

:}Nu7

84I2WD#x

=QDD:=

LqFUn

*KS`+

&.C3g

3X2a?

fh]x*s

%`8ce

#y?-\

Y;21T

BsRur

Lj^tc

KX6fq

Z@$4c

-!H.5

u9`Ie)\

Z?@,x

ySM,~

w2Rp%

KK[@R

d'>hW

}$m+A

0[Z;$J

xfA#p

4)DO$s

5&5,5b5k5p5v5

{M(wq

>^$Mz

Thawte Timestamping CA0

^j\PN

H-yHE

K{[lB

m+Bgh

M-iOO

GiM7b

!.v0f

:0806

DW{wSR

v'f"D

!]{Hj

WriteReg: error writing into "%s\%s" "%s"

4$n2d\Jn

}Z'^5_

/ZX(8

_7bV_

^Vy)=

"http://crl.verisign.com/tss-ca.crl0

VERSION.dll

Z{x'h$

`TsS@T

x}A(5L

yL2$WH,x

lstrcmpA

s}J77

k5,TBb

=PqFC

u?wv$

vqt^0

created uninstaller: %d, "%s"

!wNpI5.J

`6Oho

"!rR#

D?<JSRj

tGRm8T

(*^cCCk

COMCTL32.dll

j]bzi

;!;';-;N;W;n;

S'\[8

fd5k2M~

aMb6k

"k{%!

9)|]1

Gw Lm

nt&fx

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d

niM48KWREBm

J(]&Pt

+q?W(

94W"{

za6&P+

PortableApps.comInstallerVersion

JD*(Q

200530104838Z0

@*^+t

6u@A2

HBQLy

T2Ra{

_JaB;

mFVU-

CSK-k

MessageBoxIndirectW

?:.O[TH

0aWEr

Q$1K{

~\|{+?

3`Zx*.

e+aIw

{{ F#++

i+Bm ;

N1-$bo$@

Q:\O ,5Y

`P0!W

{37?V?q

Thawte1

KM="F

%]cOu

+sr-&

F?}jy

qG)DbNB

More information at:

:q"r?*

e9;6W

S3:#jT

%a\GO

h}}T87]

RemoveDirectoryW

$ 6@`

t<$Td

DeleteObject

5pOlW

LZxR~N

0 0$0(0,0`0d0h0l0p0t0x0|0

P(AseW

EmptyClipboard

COus5X

KE,c?

=Z@&(

/^iSZd

Zmp_=

6j;4F#

!-'(9

Hh>4.

0%b&:E

@'|+k

FT_R0

=*=9=C=M=

#N{/V

SZF}D_

]3c~,a-

H#Ptz2N{4s

DAQf8

3http://crl.usertrust.com/AddTrustExternalCARoot.crl05

aGa!$

RegDeleteValueW

zp5R"C

oDxr],zF

7Jy%`

J"v)L

a8pJ(

:-;[;c;l;

9oCK.

n@!l!y

MN{]@>i

GvLZS@

H *j7

=f'3["H

x6_d%

$^Cx*hl

EDT1=

ReO&\

RG !/E

abbab]\

03u[0Q/

+8H7n

76?HZ

6>6J6[6z6

fz$~n

%S^f=

yG:`=-OF

CuaI7?9

=>Y;$

k_sW!

RegEnumKeyW

<^"fGB

6.%6J

45[qx

O"(+9

GetWindowRect

q5a2<Lw

k.\4s.

W3`Xi

/W)R0

4"4(4-42484I4]4c4i4o4w4~4

6}irX

mtGe-;b

N{sgz

po!$8J

?h, A2

L8%}]F

YMd)>

7G;+)

c[{aX

0jA]^

EndPaint

S_Kgrq

z_<@n

M)#o:

IsWindow

EVsIQTIF

&Z$g^b.P

(cJ~+

KY;Y,

Error registering DLL: Could not load %s

(I(TQ

uryx4

u@v<r1

@V7W2u

,/KPip

IwW|`\r

X/Y=m

pAiV\

P+$Ip

G*/8n

yNAh7

t,M`n

O:CVx`

8yAs>C

A*1O"

g$\o,l"M

!'*F3<,

-uNPC]

mnPe/j

C[[>g

7Nv$)V~j

-*[5*

%XC0uZm

GetModuleBaseNameW

8On%fm*?

h!;0-

WAHj3

M,NFe

SetClipboardData

AZ).%xi

PO Box 2271

/ktKG{

DaoTP

Qwq?8Ss

$5X-X

Symantec Corporation1402

ao@fFv

8C9bM

)W,%)

R$DXvEBY

P/j3|

j [f;

.3FKC:

Vvm-C

|hTIW

$*tcR

o[wClO

/(bq9

5[>_>c>g>k>o>s>w>{>

Z*fQ$

X<E+_\M

IsWindowVisible

OZQ`"a

"Ey@hVD

Mz(B

;,UaN

AddTrust External CA Root0

DJ}fT

CreateDirectoryW

4%RAo/~

&}:.U

bQEgW3rg

AZ8e>

/TeM!5

TsT1/

8>t`NP

1uW#3

)!?-|hA\

[j0Xjxf

xDy>$;

/Cg30

X/_-^3

N;KD_KERg

>q;SO

TQPud

#~gO[

@Gk3o#

m'QQhF

r5cJV

p5a8IF)#

6.6T6c6

m)a6;

80858A8i8n8x8

!d?bM

o-5DA

;,(K"4

mkL:C

UufI,

.%a~`V

h`lodtsj

KYBL1

$]%yv

>3JI1

dZ#PYD

gcCyp

GX.5>R

r6Csp330

xE:x|

mde?t

pVy1D<

oZ1G~

,/+B#

!8Z@FQ

y7$d`

g~9D|

DhP8z

E&`^v

%2@EQ

unXd-

\?],

LegalCopyright

&^`\-

ZZSgO

(0nr+{RT

UvZ29

YAHRqE

8$_^\

S0q!<

;KkcG

SendMessageTimeoutW

CallWindowProcW

Exch: stack < %d elements

,k?j6!

&h2=p'

N]zQe

e5@B},

[t`VI

LMD0>

'>!k=H

8DHL`

*R~k9

SetCurrentDirectoryW

0http://crl.verisign.com/ThawteTimestampingCA.crl0

/R</q{

rBco >{

0Ssroe

l{X[`

_dAC5

9,M_u

\xebz

h[+^jZ

=j~i:

)HH>6

2S/o).

l46)r

V`("M!B

7;B79`

IC.@c

P%`K}AU`'

(51g(

7*757@7

\i!1(

Sghv~^

kd8fA

!$g9=0

mR/9i

:S9+d0

dj359AGVWd

:Bik}

ags)B

YA`Hq

"k'~9

_<c'[

KN{gV

Y?nHC

eYJ-L

dWUlY5i

WriteRegExpandStr: "%s\%s" "%s"="%s"

D^+x3x~

Fi(gq

File: wrote %d to "%s"

GetMessagePos

a9wDr8

rEsnf

rZ>1G c

^|D.Ne7

efO7r

@~sB~D

RMDir: RemoveDirectory("%s")

fwt`;

GOsYwE

rXIOd

5=TLVA

@m8Q,

2B)tc#P;B

P2$(}e

0/Vh-

,k<XD2>P

uJqXI

Process32NextW

Z2@8$

>4Z}LN

'omb.

+rYX|E

b)w599"

D$uw~

RegDeleteKeyW

M/MG'9W1]

E :}r

`zH!J)

~p7b7Y673

U"}H6

Mbev_

909>9c9o9

jZ_kXf

+m>rE

5#L9<w

guamd@R+

JFe8G~

PPPPPP

8=%A_

O&'&C+

>~}7G

dp#_n3

iZ;qR

5"5:5]5m5s5

YQ,QP

ImageList_Create

u*ieN

R2k&c

u}9-$.G

!gIamR

.hu#]w

,3K:ti

p:DhW

Delete: DeleteFile failed("%s")

.DEFAULT\Control Panel\International

rm8xfe(

uyNBs

WaitForSingleObject

6nh[15

W{!}l

)K+|ACy6[

d0`M'

Va-^q

97(?86I

V'qELP

gi4blk

wd-8:@

TJCgY

/f{z<

lstrlenW

T&|hq

D-?vwUDQb|

B.\x)O

)#LJ,~

BbHj9

*3QA(

CGcnHP1

OpenProcessToken

*$"q?

LNRV)

5U*&s

e_t@l+

J}O3=4

0tAz9

ytK04c?"

pb$K(

A8}p6

Comments

RZzjd`

SystemParametersInfoW

tK;`l

J%,oT

6uM%9

.QX,C

UVPQ\#

Nbf/2

u-HRb

Bj 9;

[^C`vF

:?*a/

#cuWT

}TAs}

G7.^A

BdKU4

SetForegroundWindow

fXUTm

HW*:{F

xMB P

#!1-?

8!828j8t8

>+y`l

uDWWh

G5"r.-

aS56V

f^EEm

tTAbr

nCSV]

1_5Tp

3b`_X

B#D@\r

8Box:

i223-

vW$2]

=3p/X

y*}[yaN`

|&&m

dI5m@

t[>d1"

0v{Da

RH&W5

?7!Op1

Rename failed: %s

%s: failed opening file "%s"

File: skipped: "%s" (overwriteflag=%d)

>G]Op$=

HDGPC<&

PXI -

P?Eh;

bcpB6

SetErrorMode

EL\!+e

t^!$c

Ozw6O

4#!yx

;Y.F?

000004b0

ZWV.&n

yx^p>

vN.es

Bq8,5

Pq]{z1#=XN

No`="

$u'(w

?1?<?X?t?

>6*:f

c{hdt

2'o![

c Lg)%a&

_A>VS*

j=Ntx

/T=EI

hpe|"

;~j^~

SHGetFolderPathW

])_J?t1N

/1&WA

M.E'f

z_~5Exp

%n^Vk

%|@+Y

0g0S1

!KR3f(P

j3;s/

2YksU

=%=/=5=:=@=N=T=x=

D$,9-

ExpandEnvironmentStringsW

AddTrust External TTP Network1"0

P@~@$

@ ah"5

544S$

SearchPathW

!">:*

Je%:fyw"HZfagV

ed>?$

X%YZY

AddTrust AB1&0$

SetFileTime

wv8ihkp

<wz{7

JM?cQ{n

,j656

0=a]e

1d.7iW

|8=;9c>Y

KiT*t|a^

SetFileAttributes: "%s":%08X

[aXM/

q2([%

p7!J.

!h>;>8

R+'LV

)l=65

o~m!U

}< [W%f

|gg<|

GetTickCount

?+E3:

;hf/*

){V

8&:{J

S/=fU

@ Cw=y

wf'}I

/#<c

^_jjd

$=T>A

[&KRE

VneO|

AF<@c

K<m5

4{Z^6s q

~7&RG

5Sx*M

=3`Mx

\\+zG

0Y0i0n0

;0dXw

s]go`Q

j_?wnj2

yL:Hi>%

qHm"`QbX

_^)$gIpK~{

K2]}!3

5\Kv'R

~0_=<

Cod~+

1kzIf

7n>Q>

8b L1

K-b<L

nstHO

>+` 9

\csoF>F

USNSF

`h>A'-

a"_)8_

?2UY;

*X%I(

=9CGrS

SLC '

SuNM+P]

2u!u;

i{Ft

zVtm\8%z

rD(Z!

SI#2Qfb

/N*#f

4s\+=

IF]jG

+}&?}T

KZ[yz

A0OYd

MultiByteToWideChar

us'5>2

For additional details, visit PortableApps.com

1)_3F

NQ3T[]

oF.WV

a/i8^E

RDirJ

m^Ce7

0.0;0I0]0j0

0+/;>

:hW2e+S

File: error, user cancel

softuW

m\e}y

{D6Ium

J3Rfy

|Z.s,

&5pO/

]20/I,MJ

$^f(Xj

"_` `

2 tIip

7E-@X

&`!vb

unA-2B

4ocOY)

aioD7

SEexM

OWJ1$i

@U;7z

]+Th3

')YK@

-~JL*

:N0`-Q

B2[ja-oi

FE($o

:i*A&U

\3}eX

)O'N=F

TSA2048-1-530

>"WdN"

msctls_progress32

JE8g>9,3

SHELL32.dll

96Lqh

S[mN<

buuu(

&flBv#=

jXuHj

"VvCi*?<(.2

C;Y+e

rUcZ1

-={($4MXW

mXC!>

P%lO$

|XP8D

UUID-GUIDGeneratorPortable_1.1_English.paf.exe

s;V0E

uL}+N

H;7saL

jh.b)*S}

[kiX~0U{

H+D^c

}%B?Xm

RYDRQ

&|:]qc

*kbMY(X

:_R?p

202t2

&*6AI

Vx<0e=

%+hxI

u))F`

WI;@&j

,8q>*B4

5{WAe

E9J~H

Q}EZ@

2?2P2b2q2{2

lTh4f

RMDir: RemoveDirectory invalid input("%s")

`^^^sS

k'#F+:

CreateProcessW

bSunLr4

u]hzh

PczF~

cvWNmS

J@6.Ms(J

{s}vAX

[qqe{

0e:%z

:Z0B@

kBJs~

40%.qh\

;5<w%&E

installer's author to obtain a new copy.

ShellExecuteW

5+;::

223@3I3

-$WFOT

l6l*@

!$LJV

.'`{U

tzK.x

BW"}N

;FiZm

... %d%%

{JLxYH

f(q/&

55~}Qb

LR>3a}v

QriLF

3+Ev-d=

f%6 S

14Rux

9v/;V

sy4'i

9E8um

p? V9

^f{VB

W3$|]

b)Ucs

PvQJNv

=&dP7

PSAPI.DLL

bfv"2

b?=jak

ADVAPI32.dll

:9,fBo

nNuhP

"i8F>

z[(0u

)0JG{

g&~cg

Ic5])

8|eYur

,3SM*

UUUUW

yuJ~B

/ P6pL

CreateThread

MessageBox: %d,"%s"

SetBkMode

Z|_|q

>"?@?Q?

T9CFrO

#]>3}?x

rp2-

5<{Y:

&P%rBk

-tic.

TrackPopupMenu

nEH"A

]C(F`

S7q.g

?C,GW

Kriw0

DialogBoxParamW

FreeLibrary

'ac=*

bGv}7C

F"C?N

j TGq

"Si+e

F"_l)

+h%j1

'2>vP

+WWU^R*l

2H>(/Sj_X

ia_1m

u|b/>

J8k2c

g.1ib

D$$Ph

lstrlenA

!B1'\

a9G1<h(

]aa{_

?0=0;

w12,2

pX\@Mm

>&{@LN

vT}%nR_

FqXX\

cV&fmI

?2tCr

5G6Z6

PADcz

}o3(&uK

[S4Ak

{fF>1Z6

P_(wP

CompanyName

Q\E`]

5+5;5I5W5i5x5

Kernel32.DLL

B<1Y44V

TZH>9

pv*xM

jF`aG

pyX'!

t^{5[

%?K$N=

pVLoPZ

k#3c<>

^U6Sqg

_zj1.

-^.<{

0NDqx

6:":&u

UgV>}

ME5Y{

DO^.t

z> `-Wj

8:{[f

2clU

:M3(E`

o~M"4

1mcoyCZ

QInov

p]Dm6M

fBZk8>

EnumProcesses

,~1OU

d.+n?

N_{\~

!<JfJ|U

md*p

Q*@W?

c{&k}

r0RW;

JSRn(

/|k13

a>8);

N!#L>

-)*H$j

41V+Jx

hDy0}%

w)MlM

Tt2[iK#

Sleep

ExecShell: success ("%s": file:"%s" params:"%s")

2e^r^

EUtVso04

428+k@

sP7&z8

}\~^v

%r]-x9*

zi|.FI

HKEY_CLASSES_ROOT

S@qFxp

AL>1v

UUID-GUID Generator Portable

]l7!}

Cvh l

|9qtJ

0[u^)

GlobalFree

GetUserDefaultUILanguage

GetDiskFreeSpaceExW

:27Q6,4N

'JF]3zO

@jS{gLh

p f&&

Gd@EE

QNC4.n

#GI_m/

http://www.usertrust.com1

o\.SD

|zi'K

~'w"C8

kKt1nh

:vR\)

RegOpenKeyExW

LoadBitmapW

,@18e

/-P?pR

aehD';;

tt)uEzw]

SetBkColor

GetTTFVersionString(%s) returned %s

_iBDp

B]kBK

}?s1u

PortableApps.comAppID

Kd^t}

I+;Z7I_A

5;|Q'

FindFirstFileW

7rU Z

}CV[?(W

020T0y0

NPeze

wsprintfW

0}gZ^

{v+`UN

979=9

K^q>c

'$KEi6

}Mxnb

q^+:,0

d}Q9L

/ySc*

6HCzs

{rnuJ

+KiYq

% D3t

OKgNKC

iJWnTM

0eiJk

,|}iE

QFmFA>

t5vAvI

y-9mW

{l2!T

1&2U2a2g2s2

lR~cS

gTtTb

\-E !

)Mh)Mlf

M~riC

tw-ezo

hBzP

ox-pmu0

AN&22

y#v`[=

1]lBK/`

H(%=T

U=W!)

$zO04

LuVM^

\,K==

(0&0$

W?@P2

ejE",+

]\%Zq!

4UbVy

_k5gjX

E{`4.*

KNJq30o

K2ajt

~X9,$

4()E10N

ZXc_{

D%M9Ga

*Fh$P

D/{|h

[qXyp

>x0"o

((L0,/d

SHGetPathFromIDListW

d1;e.

w/Xxo

Exec: command="%s"

<MgqXd

qPm67

lM2tu

o^}6:H

?naZ1

jjR0c

Tabhx

'N^B:

bfhit

j8WUHBYs

<+<4<J<U<m<v<

t&3R~

^y,?;M

z9v1y

C5o@e

c^T5gNI)t

*cV a

_WG?q

}+.3Q

4:iSG

D-v!,

DnFmp

ImageList_AddMasked

L' 1o

AppendMenuW

Y6%Nf<_8

sN;{^

+4UXX

4/4o4t4y4

5m@#\

,n}6b

Cbx)8.p

OpenProcess

vwQ"<m4

Zp(g#

EB@)^t~

:QpD>

HJd& 4

XbaLG

*iM:p

59mvQ

9l<x@j

ziy"@

ILkQr

z|7R_Wk

>hWV]

V/:Wb

RG{Pm

%Cy-}

.-@9Y;

Dy_JoT

N.mCN>

Qmz@I

-3|5<

e*J*J

IDATx

Garjl2

Rare Ideas, LLC0

Gx>-|

AXrFm{

1;Bfh

]:ZF

CornD

<i8(K

3`b bG8_

*wl4Y

BIQt*f3Zs

]buxyubO

tXb",&

'tGr)X

Ql4?$G_

2p:~$

G0f;T

]-N#o!

bHQvhN.1

=t~F*$

CreateDirectory: "%s" (%d)

0Q-1e

:v[E`

l=Lp7

d]Nw8

!KI+OF

[I5ya

Idx)o5

G" 4r

lca'&;

")F\=

Xs4p\

[fJK)Lp

FindWindowExW

lstrcmpiW

T.bv#

|dQ|A

\75cy

LxtpNZ

NbCl2$

:q3-M

ADVAPI32

C(7H5

zV@uM5'

$zHW4"

wx19,

)T!okO

PeekMessageW

eaoN^

n)/T|l1

E2zUY|

&R1c_

Heoal

NH=!$&`DQS

1A!m=

5Z.&9K

<PRQM

#:@!m8

unzQG

Osv>y

LegalTrademarks

hf3!X

N<tgc

a=2U*

0L^6

3,{%5

q6pl2_

xMzA~

=qS[<

!2BYe

[oixB

!YgOG

D=,'7:e

SHAutoComplete

Kup8A

56#ML!DY]

c>"UUO

Qh3HI

GetClientRect

71()I

&EFPd

wg(k8

$(~a94

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46.4-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>

bCVC6

kwOcv*

t$g($

pu5?)

:;M;c

jKshq

]jG?Y$

@v|JS

i;\Q)

CreateToolhelp32Snapshot

ReadFile

U(h a

5ILky

`VH1i

vS!5*

FE``U

I)sO>-q

WideCharToMultiByte

RegQueryValueExW

S&M7wd

4:*5

8b{kw~

F2xnC!

hPkX~

VarFileInfo

pNMk}

wsprintfA

o6#=?'

272q2}2

NulluN

COMODO Code Signing CA 2

cws:\{

=QGn|M

DF+go

+S)!%

(;f#C

ImageList_Destroy

DrawTextW

3G <EQm

k69G5

rdVL^

5[UhX

vgYM>

&hjrB

t$$VV

u.1hA.

Z7ANzE

QwPU+

wEi1o

zEX!_

>`#lc

5\[Sv

ZY51C-c>X

ZFzrL2

_a~aa

ZM>!3

Y%kssu

eRRY5

:-:8:>:C:H:S:Y:f:m:s:

\5.|[P

a[g~o

v@!as

IZru5\

x8SLH

GetFileVersionInfoW

`l>/K

Delete: DeleteFile("%s")

t1lNznq

n#!Fc

-zi{v0

x\pc9K

detailprint: %s

nX6-_g

sRyUfV

83('[TH

CreateFileW

99x&~

ExitWindowsEx

#&fe[

!R6M>/

qh{_1N

>'K3+v`4

>GhRm

GlobalAlloc

vRz>m

DY9;[FG8

Installer integrity check has failed. Common causes include

=<^[_a

7,3'y*

AkcD.b);4b

P"1<V

p^vH[

?Da[+/

ICCc+454

'0H!y

CopyFileW

120518031646Z0#

I]+ig)

HmyY"

Module32FirstW

}21$i

rlG`;

ANbBT%/

-GB}+

dh5.2

x\j'7

FWae5

vrebD

mj2!kC

rN3Si

W?04^E

==#T6l

i@9/%

GetTTFFontName(%s) returned %s

V&'i{w

Z0X03

Control Panel\Desktop\ResourceLocale

7#UFWp{

&OCpg

Error writing temporary file. Make sure your temp folder is valid.

0G9Gi

a47"?

K5v=?

Zj4x.pCbUa

s695

bI84l

)qyF|

'0nqI

SHFOLDER

q"o D-

%plvx

;uD't

J?w&E

Lp`UU.

dVF=;

59^"t

DUAl?R

(Z*t"

uPs's

8Wp\~

i:6?)@

frmtkk!

0'0D0M0o0

NI j7

>/zBl

VSX\il

xckrCV+

\XCyo

wO_7{

brVZIO

5]lG`$

Ispe~

GetWindowLongW

d%Z=Fu

=#*BvaN

N<%RW

L:6wP

;?+96

1[9 X

U:QbR

a-wgj

Module32NextW

0i/j@A*

.[izk

=qTK\

Vf5Pr

wy0|jV

pdS^9-

VH-bb

}X2xP

]-)JAB

'\UOh\

+{Ipx

EYt$5

D<'wWv

vs{mi

oQ]f-

Call: %d

)@AV[GbW

SygKW

))VqY

8$:/W

.)h<\

GetFileSize

gR>jT"

1J-6f?{

A~xAt

H|4>Q

/bga,

F?8P3

w^ZH=b#^"

L[MJ.i

uD2L0:

f@q6O

ii+Qz

\PY<RS

wo<S

XfH3{

oS\>FQ

{HbS,;rQ

{055M

\n#9kpo

X\NA8

>WyF[

!>m;>V

sY|V0

$pELPJ

GetDeviceCaps

*mAGF

IN_G'

lstrcpyW

aHs:zD

}AcT%

zX#a?B

5bpyK

M)M\Qe

O('[&

_{u@wF

7hiuU

V<.5sv

9f*<Z,m

Error launching installer

>O+5~

GG O!

HKEY_LOCAL_MACHINE

N$;6'

110824000000Z

r(t'PN

?2<H#

FtS#^

zcxo

pL!(T

3:JZ]

ipIm_0

797C7I7Y7|7

K(yid

-+[&k

U5VC(

,/DN8

I\cd'

j8*zfIm

ANl13

W+T 7W#

<Qc~$*

b>="ej

9hr,*

E89E0}s

5+F.F

<y0MfAo

TXmA,

pd"PHY/f

~cSc,

WriteFile

X[,hH

UlqvT

n!n69

Y%tlT&

J~BLF

5sT7=X

!*:Sq

xqsgaf

Z9f%Y

Jopa42

G)z:3

A:e41

KERNEL32

RySFij(u

)kgV5

V`Nqc

izi*e>

3Eqy?

QAQ"A

wAf-D

,9.7O?4

:FDkT

DestroyWindow

3).V[

>N>_>i>

p-@W<

v':)5

0>1Mo

]'8"$

e~i8X

\s-`G

RO'z9

-N@BL`D

-7JCi

}7PuM[

<p?{q

0;1A1Z1

^.;n~

@Jy1",P

aa(F)

ut;}1

GetVersion

eq[xy'

a~=U\

-!qbP

4)<6O

w_1+XwT6

i]r/a

x^euPdm

WriteINIStr: wrote [%s] %s=%s in %s

6mT"=

|2@Rr

7Cea2

SetWindowTextW

7RkXV

tj;t$

oGxF,

zCfav

vjK<|

rL}`(

O1[P!

g76j4>3I

^GT _

:Cwv/

y?@P|

:9n,h

CreateDirectory: "%s" created

T2!7bIG

lw .=*

@/r)~

E89E0

VSUbOI:

%xAly

[mk^<

xVIF(Q

dg}Ph]

Ws"_u6

{&~#i

8:8C8U8\8h8

@`?e~Q<

HO@DFFDD'!"

. tzp

J2_gT/

ELl~a_C

f7YqI

\F6"/

6.^&FH

w4$=9

|G1!`

c>3-c

EnableMenuItem

LoadCursorW

SHGetSpecialFolderLocation

vGrBW

k @t508

VmE"qM

Wy&e&

wvsprintfW

GCQu+

9+!WD

,mhe_#

oybRrJ

RwU3|V

=$Oyj

Htw{@'

J4A5c

p2CN;

H;cf_

nF >y2

$w@3c-kK

MR;<w

xAix6

UWvxv

N`NFei

}z-pbr

(g*F6

;a4Bn

tKeFk

^'i2

Error registering DLL: %s not found in %s

Ij6)t

5Lx%T;

*kibt

"#(n[6

uB<<q

to.4S

7Hrhls

EF[U<

Xy]\,

4A}I

{y09J

RichEd20

StringFileInfo

J0~a8

{m3L(*

i6B=F

;oR^]d

pLe N

w~.u(

M*(-N

3.0.3

2qJj#

ole32.dll

JDA0B

!!46|

BGh`1

SHBrowseForFolderW

$-?m4

cq}7<8

>B\^K465)

i#C:K

tUvD#

?+[En

PortableApps.comFormatVersion

K?tg;#

XyBl``

779qh

BdP6S

|A53D#

31\+uM

5q[hL

PC,QUCb?m

)!W}k&

[V9k"

O)y.;

*if/Z

TC M]

Rb@zb

d[K+Qc

$-iMx/

fNbygo

5}#`an

LSVW3

\-?ypl

y;7J_

Process32FirstW

BrIeB

S]>;A

:m@fshE

)P9tJ-

D,QjR

9#,$&

i1'c&

Q#S{i

GlobalUnlock

WriteRegDWORD: "%s\%s" "%s"="0x%08x"

y|N.O

^Mk0

=/y;^

Jj4T2

{X+Pd

VS\M+

L0B.-

1@aZ/

'CH,nHN

iNp)u[

Awzjt

9hj=>

$^gkh

-/"P[

r0{J]

Lou]i^(

1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1

gFlx^

nDS {

fLU[n3J

:~D]V

dQpf:

"2hqW

sJQ$W

|+0En=g

RMDir: RemoveDirectory on Reboot("%s")

UK&\[Z3

*X!xH

?Z/d`)

d=Wl`

L8}/i

|:RwC

0H;@)

ojI4($3C6f,

Vq=Jq

5.v%q

sWheq

767@7I7S7_7j7s7

\;tF~NO

!%r@C6

{b:][&Tp=

Wbhj~

<<<Obsolete>>

:#l=9

"]N4<7

Tqy$q

|d'b*

:$TC+

483`kby

l:(0-

"<i=}

1g`a6DW

|2&Nb

#Cs|V

203Y3

N2WUIBIikK.28

GSRjR.

t-utMtO

AYzrI

9C3_fW

z7s?/

.=YyH

olj}xyGK

<GraQ

[1iL

Z\rMM!%

({@G#

X;m6Hy

`Qr![

/G_{!S

J=4vs

fDf\W

031204000000Z

x4m%%

EO9__

dPgJV

%"{j`9L

1+C$z;

t5!7F

%4J)3

Qpm<XK

_$GZz

$!1wG(

Vx_rJ

Z=%Y/

Salford1

=awC%

QK?I^YM

O6GA|

VV$FLc

_I")S;

|UJqi

d{]2s

9YR6J

F"J-_

X,oOR

0,[aJ

}OL|vC

9XB1Z>

>76!Z

VM9q%

2Ug^%

kK3~e

y(WQjK

VVVVj

Zlp)p$

LJ'VqWe

<s8;|

Wwb"u

9vJD'

(8e@e

@yG~Q

QSUVWh

P?'j>

3;<0A

vOfw(

rFRNz

i;(~T

|XX'Y

,IV+^

130215235959Z0

LMi/z

_OAUL#

>%8E8

<6ob$B

GetModuleFileNameW

"%SG,.V

s.1sx

bY75C

;vil9

$*yIn

Y1L,c|

20n2EB|6"

xQJ%'

}G(<T

]jdB>

B=#$@9

(TwKx

Q=+>4

w@@;7

Q!W0E

SetTimer

2;@w6NY

AtpEE#F!

P: e_

nD-5m

SetClassLongW

|`DRXzC

8%:R)

]4;Mhr

lm$x-

%j;{&

ncE7(

uyJul

$g3LX

s[Bte

=qPM;OL:>

8W,9+p

wRF5y?

;a9Vr

'I 1!

B5txU#

)Z5se

lstrcmpW

GetAsyncKeyState

6q7v7

Zx.Y7

</OQaQ

Vy5Z

KERNEL32.dll

d}+(}mgslW5

E\&%y

OleInitialize

RichEd32

AH)T2I

|T{be

.V2T9

VBze+

?-?I?\?o?w?

Bb`e{F

z6T{]

x)l1#

F&JFR

!hni`a

6#616i6n6

9PkN

z[,.o

P"jUN

Oy.^#t*;G$

4?y}Z

OS7*5%

!)hf]

0NV{Q

2}*sC

Delete: DeleteFile on Reboot("%s")

H1Vfgh

New install of "%s" to "%s"

K^zs/

`Xe53

h0f0=

g//_~&

9!9N9u9

GetWindowsDirectoryW

-+-V,+O

DefWindowProcW

&I;-E

j,TiQMe

{0vSyA

\ac*"n

= =1=

)s{k3@~iKA

LGGNMKg

ofN[j

up43E

"D?2j

PaXCtF

N@{pd

e5*(Z

v)?Hr&

6j$'Jy

3:Y||

GetVersionExW

g)0M,

0WZHBMko:.2

9::T:e:

<BM$@

0Q}**

w#*OY

{LQrX

&$;'a

kLHhJ

GetSystemDirectoryW

>&>P>^>e>}>

e\;a'

INg|i

VS_VERSION_INFO

a5]ls

Q#H-m

GetDiskFreeSpaceW

C=1V;6+

1;j$1

$vAt/

4\x$N2

K!UiI

baP`g|

O]]vY-

h#FEx

1.1.0.0

b!QTz

0H=:dq

he T}5

c\DfG

We,1Gb

0;'e1

Sleep(%d)

u_351

F$,(axT

(i~2r6E

CShn2

JP9&>

COMODO Code Signing CA 20

*u^3T

G=fq\

22~4x

"QDam9

{#jO)

PostQuitMessage

+t'7B3

.nxc el%

Q/O#}

&$`IV

}97>=

O^ &8

)~qeW

a-&8=[

Es!1d1

k-JsH

=W=;.

I=+iC

SendMessageW

@t/vW

zz UE0

\WA_8'

{49=Ii

~_J+{g

IsyiA

YYwul

%R*}'

u=R&:

y,'wu7

)XNR3

c;"v='

XR$m%

A)XIt+mob

h|4'nP

={ZX'%(

:dsp;

v[=2|

N@5ST

_\) :

HideWindow

OpenClipboard

|AI'8

f+xwl

A`dRM(H

DM86G

KYjVEU]

LM#Ee

}{I1g

t<_r|

9fw/I

"VeriSign Time Stamping Services CA

+{<#A

<\bpzM

g nbVV

979D9L9w9

s0yUY

~f|A-

e*oZ'

)0'0%

UJhQ*

_jlvzyxb^

']?-f

(3i(,

SdV0D

SMALHB7

OP{&;

?1J,U

B@D!N

tQv>]"lP

,~Lz}*

yN=Sk+

.!73{j{

#{uv3

'F_%H

n1Eu8E

&36F9

P;=#n

_!tc!

%o!CK

GetProcAddress

x?jOA

Exec: failed createprocess ("%s")

\FmT69K!

hE<!`

zuqYq

*IJlX?D}

0&DiYlB

IsWindowEnabled

J2zKN

;4F?>@6.,

ProductName

;<%WF

Tv>Ds{

*qG"6

1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%

9CR1J!

94**wma

/sNx,u

&{hY{6$q

#hc:+

:dzh1

"+Z<ym

6qY~s

;2F;IE

>,>1>6>;>D>I>O>S>Y>_>v>

%2ZtD

d\efb

#Q~uUs

|xbM?[

S+[dU

Zq|Ck

Fy\.e

]w>TX

BcH?~|F

9CK :

YP,.w

\pzK2

{[WgpL

Dh0o$

:}Y3 '

ExitProcess

BchTP

M@.W$

b~3P1R2

vd,5P

?Mhhdx>

rkw%J!

P]6Ou&

'Q8B]

;!;2;A;T;

@j,g]k

:L$(V

7Baw^

6&o16

4r5Gw

OaeT!H

{&8^D

IEkRjH5

{4&=;

<Zm]_

/A:?V*

:Mk'4

SOW6K4

9O=|o

}|N);5;

S4xzx

$j'G.C

:Wgv0

lstrcpynA

F=ZAR

!6bTh

D$8PUh

GFeO@

{={kO

%E%zj

{yS@

@ebxW

<HhZ;d

%2X#Z~

hn4h_

ONngO

0<TXj"O

Q7ND^

MoveFileW

#8Y8d

FileVersion

g_BMR^\

http://nsis.sf.net/NSIS_Error

Please wait while Setup is loading...

5(bq.''W

~YTdIb

fWb<K

5X@{\

u*-uO)7.yV

TSA1-30

!iO)qg

df/Xp

2 2$2(2,2024282<2@2D2H2N2S2c2

G1]C!

K9fQs

_Xxz#]/

=Y0Ct*P"

4!1!5 W

gTE8w

V!v'[Mk

)WXQ;

bh| 1

CreateDialogParamW

'R`Y/5

X4kwXT

QNSfef

G%01$

Tkfi5

<!E;R1

in.^E

H)_Et

8t2a2

nS@|r

c@G0Ln9'

GetExitCodeProcess

.wT^"

3s"3:

Bd`p(y

gnGEl2

IEFNlD89A4/k

uu5g"

{ 8y]

LGLtPPp

|qBO7

2(x~[

[Rename]

SetFilePointer

PrDIG$

p8$[u

2I1zt

,6^wJ

^~Hs9KrB

;;pgH%

+1lnz

RkN8)d$

D$$+D$

WMW-@

_7GA9

)l?IF&

RegisterClassW

>uN!d\

-LzTA,

=*45zMgD

nsX$Rm

EAs~f,

\EnK;#@{

Qujg&yV

|0J!`

2NQ|K

y27?/

)]@$2c`%

oLL9o

cpLmoN

7,snH

(/iTG3CJWf,+*

VbvOG\

\u!f9O

}8O\%

q8P>}

"s!el"

]8*S}DP

JZXHd

Scbmh

JSN02{

VerQueryValueW

{ED|4

CheckDlgButton

'wU8{

\C7,kl

6i3'75

/Z2j*

1-RZ

wD!TE

yE7t.

:oEQZ

9nM603CIf9

d_4Vu

rk=sMX

9,>TW

|yneb[M4

AF&qxX

!^0mB

Dd8PS

GlobalLock

SHLWAPI

(U]p[=

\L'!!

mA-,p

H4hq1_

cm%8~svT

DeleteFileW

Z}8$n

lstrcatW

q}Rnz

$4"YW

GetPrivateProfileStringW

GDI32.dll

$KW. P3]+

bi*mx

Q-xc&

0Ki)fS/

u4z=>

EnumProcessModules

\-u5^C

<:xx7w

+f94,B

mSC?S-Dh

zE.)}-

K$\{0>

OGD{XC

K:JhD

3+md[

1^#~y

2e(9ZA

=Cvpj

P2pSj

5(:YG

InvalidateRect

a#PHZ

,v%4t

SdMFO

eLJCm

vOKC

ZhH!A::(

18&>nu

}X!\Bf

GJqj~

'@5BT

hhz`zP

sZ/9&

_^][Y

:l:Fq

%[ko>W

Mj{)>9

,&_K@

HXv=h]

+j#Ra

H~tA3

WN2f\

23Qe:?|

Gpo/U,

~ib=c

,~@Zd

DB@PJ

ma4+X?N^,

x[raCD

2X;"q

"Vt!Lf

/.d/=d=

a4,FN

H;vz>

$3?U,d

KB0sW

!{6,i

2?_RE

tyW9u

1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t

&J.ca

O>*N[d

XA`]+

laY\r

kM~fe

dK#OZ

(@>B{v

InternalName

:L=_~

o!&v}

CIs2.

h"CwS

Z!,Inx

DL,P1WF

HKEY_CURRENT_CONFIG

nV,DZ^

QMp&b

BringToFront

R]-Qa

JYspE

aEM@a

#^n8@

/VbM)

a-J0P

COMODO CA Limited1!0

?Z\hR

SK;ZY

iVXK^E(tD

DCf{C

J/i`E

$#kp27V-c

Software\Microsoft\Windows\CurrentVersion

aqp:p

imaF~

EW.^ tn

7!=Fe2zY

3rc:.[

NH5hJr

88QIm

X2{fd

u:FeV

jbayw

DzBw}3a

~)CFoaUt

<CO&F#z

qR15`

9#j:?MH

yi\L.l,

;U<*B

dew7\

GetDC

ikK]n

%N~!O

6%-.O

SetTextColor

J]>:7

$&}:t

@ZQx%

XU_^RL;

KK9]C7

+Symantec Time Stamping Services Signer - G30

Bn0UV4

l-a{e

j*A}Wo

HCIs&%

QOMC&~

c%"![

c|E&az

oCD[3

(G3Eq

K@fam

SJT[Bs^[

_s([k

FindNextFileW

Y}/c*a

;8*wEZ

0-1R1r1~1

!yY^9

U5-;$

'\*72<H

kYgo\&

FindClose

&jhy.

[UISaYNd|sg

i$,W-

ztWP.

NL(Z&i

pN#W:

KB6p

9GWgoR.

c^QId

MulDiv

BjsFt?V

GetTempPathW

[5H,M

n-W1IB

^VzH!

o7K8DMy

PD0'o

k`@Wd

sjlv:

o4M1>

x(gl`

,`[LJ

D:]\;/Vz

|B)>],

RegCreateKeyExW

incomplete download and damaged media. Contact the

kRGY.N

pb`/L

.n*P"

o9IRj{O@

'v pK

Z^po;?

}!j!4

0vz%3

d]ijg

Gu6:Zs@;

$p3A6

6,K%P

yT5o3R7J

B<0crj]

r8Y&v|

*Z MD

DP$qw

:48 O

LeIoT

?&[$j

"S\vU

!<d5V

eYrNnB

3%VV7

zQ[ntM$N

Xr[=Hi

vSH@al6

A:[bf<"R

syhCv

vpw/}

C$aXK[

B]0oD

;UYzl0

'T|\C

DMd(@&S

8rLI$

k$pFjm

cWEnl!

2$uyl/o%

GetSystemMetrics

OA]]5w

tM#Da

33#^v7

J@zp<l

x5}0E

lki4B'

PKo|.0

5!({/

=NHu.?S

p[@W`

=7+1JD7cRL@

;6;;;Q;Y;^;d;j;p;~;

+jf7U

HflS$

%|u2eH

CharUpperW

l!&!j

%p%zl

WwtC'

Z;z8}h

*%4r84Cp,#

EYD-h:/

HY|zY

Psc=2

p#^q7

Kdpy

b1!}3

0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r

~f4[x_

aO,fX

t$(VV

3T`t_QD

s&zx\

mul,a

H{'uU

It)q;

0`^DE

PortableApps.com is a registered trademark of Rare Ideas, LLC.

!JQ"=

WXSRz

5r_h%

djdih

CoTaskMemFree

GetDlgItem

CloseClipboard

Q+pK9

195)Iy

MS Shell Dlg

-|=+j

q:27G

uW?#HDa?Z

'^nm.

2-{Y1

^'ZjJ

3o4$E|

De9uO

=HcUG

k61Eu`?=

1>VP7

l.G##

Oe@M|

O%3`U

m*JpH

@6_e2o

]XPDq

) =~|f

1yrIh

4up~Z

?fJ~U@

<4*F:5L

/TDNt

GetShortPathNameW

g$ A+

!This program cannot be run in DOS mode.

PGCTl~aD

vT]RLa2

"my^e

Qp,6]

+47oBx

iF(93|?

)3FJ)(

9+9L9Z9

<a~^I

IZb3As

=P/b@E

<M$>f6

CfAgu

}C3,c

{7'~:7

?#@(8$j

aO{7p

\6{pD

>o%}7

%\Pd(D

7{{=nrq

\?x+{

cUc88c

jXJr'P

(DPf\Dj

<'<3<=<G<L<W<[<a<f<l<

)>!M)

@;>n3&

8CG9*

gIGuy

9-SVj

jv"r^

X}PHn}Q

E1@$hV

7hTw%h

.'1fL

!|R?"

a+*lF

t$0AD

;'3e/-

*_mzJ(

F]$/f

4"4/4C4_4i4

&>b|!

yGKkg

Y^<Ar

6;g*o

ER$mD

USER32.dll

3: .Qx

C.X=nM

o:x8D

.6Qm8\

bM''"

<l_hU

3"3(30383I3P3e3n3t3|3

0P[Vm

/m6uf

<wkei

~-&bu

yfBvje

:`<re

8!808D8X8

)O[Eo

Ga$+d

z4uy@

"Rr^R

JZJ!5[

psWm!

1oyg$

b1Z%=

lm>NC

|ji`zV

I!oeW

EA9E1i/n

!J3,6f,(

&=U)_m

L?}(X

EKusz

)=7UY

kxh9Z

jgp*>

Durbanville1

Exec: success ("%s")

cv(]p9

u1>YZ

CreateFontIndirectW

tT71x

A8zx?

xMh{'*8

UAy<.

2lZ56

f<M9c

RegDeleteKeyExW

GJd+Z

%:'KDY

Q/{G!Y

=vdqH!HZ

$9j?!

X &mK

]6jJv*3D

N'h~hF

LoadImageW

3!w[qt

xvv4D

uEl3E

0Njx!(Y

daBz1.y i=

w*V{i

h4`P0

j9>+p

srW(D

Y)f0n

vk:Jh

KUe7n

XZQ/l

j1&#(

#l}.vZ!bc

,E,QVe

wE~d0H

"U>DHqa

*x Ru[D

lstrcmpiA

6M1Ri

C/(8H^

wmE2Z

pe:-g

u*`!e+

8Rich

7M5mOz

;l+)x

dla~4

FR?+Ah1

CopyFiles "%s"->"%s"

IfFileExists: file "%s" does not exist, jumping %d

HKEY_CURRENT_USER

;S{.<

9AR9)

GetCurrentProcess

]I07N

v~yme

c/d4"!+

0k8EE

.1vY

rbGY>

_3Ks1

D$,PU

pFOOHSNNSMFB&%

dKSYt

SHGetFileInfoW

zMiq\

t6B1b

X;rp#

H!%q!

Gm<5I

xL9w-

(|h_S@

f!WIN}

Pfs&+~

.ndata

4a5r5z5

RT0.R/

e=.ZW$

+(wm@

H~%9k

~QN$?

6=Im>

ECNX4

GetClassInfoW

pe5up

6K*#3

rAht%

u$9Mls

pZaBEGH$

1Sbt;-ARjj

.P:dD

DQKrN

k"Jo+

MSs34lw

F!mFP

?2?B?_?j?

GA=;KJf

O4aHH\,

111;1D1Z1a1y1

Translation

ScreenToClient

%y:";jn

tJbj(

http://ocsp.comodoca.com0

B:t]h

vhmlF

AdH=d

(-j~9

.JHEZ_

cay.=

y;KPj%

sdz>5

5/}G~

v7wbIi

--0=G

200530104838Z0{1

G^f~+

>4DDH

HV`jPqy

OleUninitialize

<O|dl

K6}xS

Mr{-Y

s(:Pp2W^

X<Sri

CvXgsf

t+G'-V

+Ac$2@

]Y~<x~q

&Nti:<wm<

]'lez

W@n6>

*N<C~

4|@Fw

VXX33

azqs$

CWVWin|

FCK{YY~

vZr>lm

!SA_3

:&_5^

iC<Eh

M7w@&

rok|}

0sE+

}UHo<

2'2B2d2v2

vo$,C

/TaZb

)p=xJ

GetTempFileNameW

+p'CS

G+sQn6%w

ProductVersion

aHHn?(

b3FV$Dv

HG[S]m

!{ ~S

&{%v1

%O-&,8

Fo{N:-

m28(5

F,AMU',

45q=O

j\U7

K6#hqHx

#Vhh2@

Instu`

tD[+6wA

nymS`

C?F:QP

050607080910Z

;&:g5i

&nzkv

av.-{

q2/Z)

!UhTd

+-]q8<t

uYj/n

$_UFL`

JfB1"

ShowWindow

Ht@h@

O@r8Kk0t

J.T0/{h

CuqMW

=)a&n

&LdMV

!"/!

[[S+#

jT5<'

RichEdit

3SUGB2y

0@%]h

RZdBD PS

1A[r<

x@OV2

jU5URT

3uo[Gh

ZTK+P

FWJMh

a5=Pl6

>{g+g

@|BUT

0*"?%%B

aXXb|m

i=mP+m

u{U:t

icsR"

"Qvao

3WT/=tN:

!U4BK

D^tjG

j^.m*Q

Jump: %d

6.$py

File: error, user retry

GX98&

)@~EN

File: error creating "%s"

>Rh0w'

?H19r

D>Fz/*

"ez56)

E!WaM

GkcPUU

S5$A<

48Tf5Q

(Xju/

sot> zkw-

_)=(e

by/1YZ

;ZiJr4

>]s"^}

"GQAE

-js)59

!l|]R~!

O [1Q

/d~8V/

g<nd3

}Uv$Pz

#2><R

&-/KU

U4|6`9

85HO\^

)SWn,t

L-3:x

DeleteRegKey: "%s\%s"

k'RS4

<uW`S

X=g{4

r;vM^

5@Lfr

.eyrs

z5>XI-3b

]UPwL

HKEY_USERS

Hdc`H

tnyU6E

TuJ,L

a:hg(\

UW#N/|

LookupPrivilegeValueW

)_Ye

@g 58

4P{!6U

$%0YG=

u;1+H

hlL;'D

:5ik5

`/L]`

~nsu.tmp

D}}9 b

CharNextA

mc;>X

T5S\YHa

&o: [5

;#;A;H;`;u;

\P)Nc*

6\EvM

+xt+(

Xt{?bkbxpY

"1?2,1$

g|RL)-

/T|=(<y

qJvly

KrxFZ

u$9Uls

QgkFD

/#`!H

,g\4"6

-2%<C

dNzc:

Delete: "%s"

Hj\("

]Mdnd

fA P|

MG@.USd

1**h.v

rL:)w

Hsy*$I

)4m_\

2sY+F

Fhhf\

;cB.$

1Z6v$

nA:Ed

|<Ga"

)*LS3

c)444

7.7q7v7

kT@=L

;-*<f"

pRVr{]0

f58ksIN

&NWRt

zM1m(

-j.8Ygm

*4'f`N

Z`b|}

\FLac

Ml/oW:p

CTFSh\+

3/3P[1Z

wF=:W

k}E#Fg

0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$

Bh?z\

X"xnf[^

Ns#;Rs&3

3DX&(

=J{aw

~+Nxl

settings logging to %d

GetLastError

3gsefB@i

Fxo>j

[r0s8

@h{w/X

}"TOU

:=%gH

i_<HZ

http://ocsp.verisign.com0

s4R-T

Av5Y!b

QD4jTW

I0[0`0

2YUbQ

Fom|B

576@6^6k6

Skipping section: "%s"

gFsK{[v

.jkH0n

A'>Yd

i`8-C\

<1BmR

Dp,(=

=2ct[rUYO

x9lTe&

a*Iqu

Unknown

'@ZyB

+&/d,-U

^m("

f*|!4

5(_Q{%

:CmBX

*Ujrj

99:f:{:

j:7e+

GK^_p8T

O@ntBz.

?|KB@

"M]-X>

3(haF

vY[7d

nZCv$u5

zX/}l

"5jM%HdIF;

l@pB\bs}

1WVa%

2Lv-a!G

3OMp}z

.-B#"

gP_EB

7Dod=

[]E"0

7|=w&

a\(76

(m .U

/'=E'%&

mJ_>k\%

-Kxs/

w0i~=

X'Uwo~

D6H;U

884B=

Nw3`7

120216000000Z

0>v=/

O gG<

E*@er

N_1'x

]a]a]]

`.rdata

WL'H,

z$7Ush|c

8WTHE0

n&]u^

P0|D>

1U{Mhuj

]|9p=

RegCloseKey

M4O?l6

GetSystemMenu

tNo<+:^

WM:&E

T&CBa

r_H|J-

dtpc\=

MJsoAt

install.log

sn5hK

[2r9g

%R% zI

#PzyQ

=LdvKN]

B)L[>

ySSL\

VID2D

(sLh8T

cy,G5

fCE<o

p":V4a

]=EtH

PE Information

Image Base	Entry Point	Reported Checksum	Actual Checksum	Minimum OS Version	Compile Time	Import Hash	Icon	Icon Exact Hash	Icon Similarity Hash	Icon DHash
0x00400000	0x000039e3	0x000c9f28	0x000c9f28	5.0	2012-02-24 19:19:59	32f3282581436269b3a75b6675fe3e08		2c09465cc979677d65781d9403176c31	5c00f471cce984e3b873ef9ade242aed	71e0e4b8cccccce0

Version Infos

Comments	For additional details, visit PortableApps.com
CompanyName	PortableApps.com
FileDescription	UUID-GUID Generator Portable
FileVersion	1.1.0.0
InternalName	UUID-GUID Generator Portable
LegalCopyright	PortableApps.com Installer Copyright 2007-2012 PortableApps.com.
LegalTrademarks	PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFilename	UUID-GUIDGeneratorPortable_1.1_English.paf.exe
PortableApps.comAppID	UUID-GUIDGeneratorPortable
PortableApps.comFormatVersion	3.0.3
PortableApps.comInstallerVersion	3.0.3.0
ProductName	UUID-GUID Generator Portable
ProductVersion	1.1.0.0
Translation	0x0000 0x04b0

Sections

Name	RAW Address	Virtual Address	Virtual Size	Size of Raw Data	Characteristics	Entropy
.text	0x00000400	0x00001000	0x00006f10	0x00007000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.50
.rdata	0x00007400	0x00008000	0x00002a92	0x00002c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.39
.data	0x0000a000	0x0000b000	0x00067ebc	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	1.47
.ndata	0x00000000	0x00073000	0x000bd000	0x00000000	IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.rsrc	0x0000a200	0x00130000	0x00018ef8	0x00019000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.56
.reloc	0x0000b400	0x00149000	0x00000f8a	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	7.88

Overlay

Offset	0x00023200
Size	0x000a0d88

Name	Offset	Size	Language	Sub-language	Entropy	File type
RT_ICON	0x00130328	0x00012524	LANG_ENGLISH	SUBLANG_ENGLISH_US	7.98	None
RT_ICON	0x00142850	0x000025a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.18	None
RT_ICON	0x00144df8	0x000010a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.51	None
RT_ICON	0x00145ea0	0x00000ea8	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.70	None
RT_ICON	0x00146d48	0x000008a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.02	None
RT_ICON	0x001475f0	0x00000568	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.67	None
RT_ICON	0x00147b58	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.84	None
RT_DIALOG	0x00147fc0	0x00000120	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.56	None
RT_DIALOG	0x001480e0	0x00000200	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.68	None
RT_DIALOG	0x001482e0	0x000000f8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.91	None
RT_DIALOG	0x001483d8	0x000000ee	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.93	None
RT_GROUP_ICON	0x001484c8	0x00000068	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.72	None
RT_VERSION	0x00148530	0x00000604	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.38	None
RT_MANIFEST	0x00148b38	0x000003bd	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.23	None

Imports

Name	Address
SetFileTime	0x408060
CompareFileTime	0x408064
SearchPathW	0x408068
GetShortPathNameW	0x40806c
GetFullPathNameW	0x408070
MoveFileW	0x408074
SetCurrentDirectoryW	0x408078
GetFileAttributesW	0x40807c
GetLastError	0x408080
CreateDirectoryW	0x408084
SetFileAttributesW	0x408088
Sleep	0x40808c
GetTickCount	0x408090
CreateFileW	0x408094
GetFileSize	0x408098
GetModuleFileNameW	0x40809c
GetCurrentProcess	0x4080a0
CopyFileW	0x4080a4
ExitProcess	0x4080a8
GetWindowsDirectoryW	0x4080ac
GetTempPathW	0x4080b0
GetCommandLineW	0x4080b4
SetErrorMode	0x4080b8
CloseHandle	0x4080bc
lstrlenW	0x4080c0
lstrcpynW	0x4080c4
GetDiskFreeSpaceW	0x4080c8
GlobalUnlock	0x4080cc
GlobalLock	0x4080d0
CreateThread	0x4080d4
LoadLibraryW	0x4080d8
CreateProcessW	0x4080dc
lstrcmpiA	0x4080e0
GetTempFileNameW	0x4080e4
lstrcatW	0x4080e8
GetProcAddress	0x4080ec
LoadLibraryA	0x4080f0
GetModuleHandleA	0x4080f4
OpenProcess	0x4080f8
lstrcpyW	0x4080fc
GetVersionExW	0x408100
GetSystemDirectoryW	0x408104
GetVersion	0x408108
lstrcpyA	0x40810c
RemoveDirectoryW	0x408110
lstrcmpA	0x408114
lstrcmpiW	0x408118
lstrcmpW	0x40811c
ExpandEnvironmentStringsW	0x408120
GlobalAlloc	0x408124
WaitForSingleObject	0x408128
GetExitCodeProcess	0x40812c
GlobalFree	0x408130
GetModuleHandleW	0x408134
LoadLibraryExW	0x408138
FreeLibrary	0x40813c
WritePrivateProfileStringW	0x408140
GetPrivateProfileStringW	0x408144
WideCharToMultiByte	0x408148
lstrlenA	0x40814c
MulDiv	0x408150
WriteFile	0x408154
ReadFile	0x408158
MultiByteToWideChar	0x40815c
SetFilePointer	0x408160
FindClose	0x408164
FindNextFileW	0x408168
FindFirstFileW	0x40816c
DeleteFileW	0x408170
lstrcpynA	0x408174

Name	Address
GetAsyncKeyState	0x408198
IsDlgButtonChecked	0x40819c
ScreenToClient	0x4081a0
GetMessagePos	0x4081a4
CallWindowProcW	0x4081a8
IsWindowVisible	0x4081ac
LoadBitmapW	0x4081b0
CloseClipboard	0x4081b4
SetClipboardData	0x4081b8
EmptyClipboard	0x4081bc
OpenClipboard	0x4081c0
TrackPopupMenu	0x4081c4
GetWindowRect	0x4081c8
AppendMenuW	0x4081cc
CreatePopupMenu	0x4081d0
GetSystemMetrics	0x4081d4
EndDialog	0x4081d8
EnableMenuItem	0x4081dc
GetSystemMenu	0x4081e0
SetClassLongW	0x4081e4
IsWindowEnabled	0x4081e8
SetWindowPos	0x4081ec
DialogBoxParamW	0x4081f0
CheckDlgButton	0x4081f4
CreateWindowExW	0x4081f8
SystemParametersInfoW	0x4081fc
RegisterClassW	0x408200
SetDlgItemTextW	0x408204
GetDlgItemTextW	0x408208
MessageBoxIndirectW	0x40820c
CharNextA	0x408210
CharUpperW	0x408214
CharPrevW	0x408218
wvsprintfW	0x40821c
DispatchMessageW	0x408220
PeekMessageW	0x408224
wsprintfA	0x408228
DestroyWindow	0x40822c
CreateDialogParamW	0x408230
SetTimer	0x408234
SetWindowTextW	0x408238
PostQuitMessage	0x40823c
SetForegroundWindow	0x408240
ShowWindow	0x408244
wsprintfW	0x408248
SendMessageTimeoutW	0x40824c
LoadCursorW	0x408250
SetCursor	0x408254
GetWindowLongW	0x408258
GetSysColor	0x40825c
CharNextW	0x408260
GetClassInfoW	0x408264
ExitWindowsEx	0x408268
IsWindow	0x40826c
GetDlgItem	0x408270
SetWindowLongW	0x408274
LoadImageW	0x408278
GetDC	0x40827c
EnableWindow	0x408280
InvalidateRect	0x408284
SendMessageW	0x408288
DefWindowProcW	0x40828c
BeginPaint	0x408290
GetClientRect	0x408294
FillRect	0x408298
DrawTextW	0x40829c
EndPaint	0x4082a0
FindWindowExW	0x4082a4

Name	Address
SetBkColor	0x40803c
GetDeviceCaps	0x408040
DeleteObject	0x408044
CreateBrushIndirect	0x408048
CreateFontIndirectW	0x40804c
SetBkMode	0x408050
SetTextColor	0x408054
SelectObject	0x408058

Name	Address
SHBrowseForFolderW	0x40817c
SHGetPathFromIDListW	0x408180
SHGetFileInfoW	0x408184
ShellExecuteW	0x408188
SHFileOperationW	0x40818c
SHGetSpecialFolderLocation	0x408190

Name	Address
RegEnumKeyW	0x408000
RegOpenKeyExW	0x408004
RegCloseKey	0x408008
RegDeleteKeyW	0x40800c
RegDeleteValueW	0x408010
RegCreateKeyExW	0x408014
RegSetValueExW	0x408018
RegQueryValueExW	0x40801c
RegEnumValueW	0x408020

Name	Address
ImageList_AddMasked	0x408028
ImageList_Destroy	0x40802c
ImageList_Create	0x408034

Name	Address
CoTaskMemFree	0x4082bc
OleInitialize	0x4082c0
OleUninitialize	0x4082c4
CoCreateInstance	0x4082c8

Name	Address
GetFileVersionInfoSizeW	0x4082ac
GetFileVersionInfoW	0x4082b0
VerQueryValueW	0x4082b4

Reports: JSON

Statistics (44.17)

Usage

Processing ( 43.96 seconds )

32.631 ProcessMemory
11.078 CAPE
0.238 BehaviorAnalysis
0.008 AnalysisInfo
0.001 Debug

Signatures ( 0.08 seconds )

0.009 ransomware_files
0.008 antiav_detectreg
0.006 antianalysis_detectfile
0.006 ransomware_extensions
0.004 antiav_detectfile
0.004 infostealer_ftp
0.003 masquerade_process_name
0.003 territorial_disputes_sigs
0.003 ursnif_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 infostealer_bitcoin
0.002 infostealer_im
0.002 infostealer_mail
0.002 poullight_files
0.001 bot_drive
0.001 antidebug_devices
0.001 antivm_parallels_keys
0.001 antivm_vbox_keys
0.001 antivm_vmware_keys
0.001 geodo_banking_trojan
0.001 browser_security
0.001 disables_backups
0.001 disables_browser_warn
0.001 disables_power_options
0.001 azorult_mutexes
0.001 cryptbot_files
0.001 echelon_files
0.001 qulab_files
0.001 revil_mutexes
0.001 modirat_behavior
0.001 rat_pcclient
0.001 lokibot_mutexes

Reporting ( 0.14 seconds )

0.13 CAPASummary
0.013 JsonDump

Signatures

Queries the keyboard layout

Reads data out of its own binary image

self_read: process: UUID-GUIDGeneratorPo.exe, pid: 3548, offset: 0x00000000, length: 0x000c2535

self_read: process: UUID-GUIDGeneratorPo.exe, pid: 3548, offset: 0x30785c426331785c, length: 0x0007c000

self_read: process: UUID-GUIDGeneratorPo.exe, pid: 3548, offset: 0x3230785c6331785c, length: 0x00002319

self_read: process: UUID-GUIDGeneratorPo.exe, pid: 3548, offset: 0x3230785c6331785c, length: 0x00004000

self_read: process: UUID-GUIDGeneratorPo.exe, pid: 3548, offset: 0x3238785c6331785c, length: 0x00008000

self_read: process: UUID-GUIDGeneratorPo.exe, pid: 3548, offset: 0x3263785c6331785c, length: 0x00004000

self_read: process: UUID-GUIDGeneratorPo.exe, pid: 3548, offset: 0x785c6330785c2535, length: 0x00000004

The binary likely contains encrypted or compressed data

section: {'name': '.rsrc', 'raw_address': '0x0000a200', 'virtual_address': '0x00130000', 'virtual_size': '0x00018ef8', 'size_of_data': '0x00019000', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x40000040', 'entropy': '7.56'}

section: {'name': '.reloc', 'raw_address': '0x0000b400', 'virtual_address': '0x00149000', 'virtual_size': '0x00000f8a', 'size_of_data': '0x00001000', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '7.88'}

Yara detections observed in process dumps, payloads or dropped files

Hit: PID 3548 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'

Anomalous binary characteristics

anomaly: Entrypoint of binary is located outside of any mapped sections

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\bcryptPrimitives.dll
\Device\CNG
C:\Users\Packager\AppData\Local\Temp\SHFOLDER.DLL
C:\Windows\System32\shfolder.dll
C:\Windows\System32\cfgmgr32.dll
\Device\DeviceApi\CMApi
\??\MountPointManager
C:\Users\Packager\AppData\Local\Temp\
C:\Users\Packager\AppData\Local\Temp
C:\Users\Packager\AppData\Local\Temp\nss425C.tmp
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPo.exe
C:\Users\Packager\AppData\Local\Temp\nsx42CA.tmp
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp
C:\Users
C:\Users\Packager
C:\Users\Packager\AppData
C:\Users\Packager\AppData\Local
C:\Users\Packager\PortableApps\*.*
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\System.dll
C:\PortableApps
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\RichEd20.DLL
C:\Windows\System32\riched20.dll
C:\Users\Packager\AppData\Local\Temp\USP10.dll
C:\Windows\System32\usp10.dll
C:\Users\Packager\AppData\Local\Temp\msls31.dll
C:\Windows\System32\msls31.dll
C:\Windows\System32\msctf.dll
C:\Windows\System32\en-US\USER32.dll.mui
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\ioSpecial.ini
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\modern-header.bmp
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\InstallOptions.dll
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable
C:\
C:\Windows\System32\shell32.dll
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\w7tbp.dll
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\*.*
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\*.*
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\*.*
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\UUID-GUIDGenerator.exe
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\help.html
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appicon.ico
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appicon_128.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appicon_16.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appicon_32.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appinfo.ini
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\donation_button.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\favicon.ico
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\help_background_footer.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\help_background_header.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\help_logo_top.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Source
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Source\Delphi Code - 1.1.7z
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Source\Icons.txt
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Source\License.txt
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Data
C:\Users\Packager\AppData\Local\Temp\PortableApps.com\PortableAppsPlatform.exe
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\7zTemp\7z.exe
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\7zTemp
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\7zTemp\7z.dll
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\*.*
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\

C:\Users\Packager\AppData\Local\Temp\nsx42CA.tmp
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\System.dll
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\ioSpecial.ini
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\InstallOptions.dll
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\w7tbp.dll
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\UUID-GUIDGenerator.exe
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\help.html
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appicon.ico
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appicon_128.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appicon_16.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appicon_32.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\App\AppInfo\appinfo.ini
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\donation_button.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\favicon.ico
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\help_background_footer.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\help_background_header.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Help\images\help_logo_top.png
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Source\Delphi Code - 1.1.7z
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Source\Icons.txt
C:\Users\Packager\AppData\Local\Temp\UUID-GUIDGeneratorPortable\Other\Source\License.txt

C:\Users\Packager\AppData\Local\Temp\nss425C.tmp
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\InstallOptions.dll
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\ioSpecial.ini
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\System.dll
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\w7tbp.dll
C:\Users\Packager\AppData\Local\Temp\nsc42EA.tmp\

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\UUID-GUIDGeneratorPo.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck

Local\SM0:3548:168:WilStaging_02
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
DefaultTabtip-MainUI
Local\SM0:3548:64:WilError_03

No results

Sorry! No behavior.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No process dumps.