Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-12 00:06:09 | 2025-06-12 00:23:49 | 1060 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,006 [root] INFO: Date set to: 20250611T16:47:15, timeout set to: 1000 2025-06-11 17:47:15,229 [root] DEBUG: Starting analyzer from: C:\tmpjeo7jmad 2025-06-11 17:47:15,229 [root] DEBUG: Storing results at: C:\QoqtHYPS 2025-06-11 17:47:15,229 [root] DEBUG: Pipe server name: \\.\PIPE\YSvIkDlxiX 2025-06-11 17:47:15,229 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 17:47:15,229 [root] INFO: analysis running as an admin 2025-06-11 17:47:15,229 [root] INFO: analysis package specified: "exe" 2025-06-11 17:47:15,229 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 17:47:16,135 [root] DEBUG: imported analysis package "exe" 2025-06-11 17:47:16,135 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 17:47:16,135 [lib.common.common] INFO: wrapping 2025-06-11 17:47:16,135 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 17:47:16,135 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGla.exe 2025-06-11 17:47:16,135 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 17:47:16,135 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 17:47:16,135 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 17:47:16,135 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 17:47:16,339 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 17:47:16,354 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 17:47:16,385 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 17:47:16,448 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 17:47:16,479 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 17:47:16,479 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 17:47:16,479 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 17:47:16,495 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 17:47:16,495 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 17:47:16,495 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 17:47:16,495 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 17:47:16,495 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 17:47:16,495 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 17:47:16,495 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 17:47:16,495 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 17:47:16,495 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 17:47:16,495 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 17:47:16,495 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 17:47:28,292 [modules.auxiliary.digisig] DEBUG: File has a valid signature 2025-06-11 17:47:28,292 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 17:47:28,292 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 17:47:28,292 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 17:47:28,292 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 17:47:28,292 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 17:47:28,292 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 17:47:28,292 [modules.auxiliary.disguise] INFO: Disguising GUID to 2264f1f3-c5f3-4a1e-9de8-039170dd75c2 2025-06-11 17:47:28,292 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 17:47:28,292 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 17:47:28,292 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 17:47:28,292 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 17:47:28,292 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 17:47:28,292 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 17:47:28,292 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 17:47:28,292 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 17:47:28,292 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 17:47:28,292 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 17:47:28,292 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 17:47:28,292 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 17:47:28,292 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 17:47:28,292 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 17:47:28,292 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 17:47:28,292 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 17:47:28,292 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 17:47:28,323 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmpjeo7jmad\dll\696.ini 2025-06-11 17:47:28,323 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 17:47:28,323 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 17:47:28,323 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 17:47:28,323 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 17:47:28,323 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 17:47:28,323 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 17:47:28,339 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpjeo7jmad\dll\fhRRXtD.dll, loader C:\tmpjeo7jmad\bin\bOYxrlQS.exe 2025-06-11 17:47:28,370 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 17:47:28,370 [root] DEBUG: Loader: Injecting process 696 with C:\tmpjeo7jmad\dll\fhRRXtD.dll. 2025-06-11 17:47:28,401 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 17:47:28,417 [root] INFO: Disabling sleep skipping. 2025-06-11 17:47:28,417 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 17:47:28,417 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 17:47:28,417 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 17:47:28,417 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 17:47:28,417 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 17:47:28,417 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 17:47:28,433 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 17:47:28,433 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 17:47:28,433 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF822670000, thread 4712, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000 2025-06-11 17:47:28,433 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 17:47:28,448 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 17:47:28,448 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 17:47:28,448 [root] DEBUG: Successfully injected DLL C:\tmpjeo7jmad\dll\fhRRXtD.dll. 2025-06-11 17:47:28,448 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06- <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-12 00:06:09 | 2025-06-12 00:23:29 | none |
File Details
| File Name |
VirtualMagnifyingGla.exe
|
|---|---|
| File Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| File Size | 1175648 bytes |
| MD5 | 368772f35fc7ba75f1e11b40fe2353c5 |
| SHA1 | 4ffc29ebcc0a96170d2402ade31a54469edccdcd |
| SHA256 | 91fa08fc4d0bde8a61ff89d9ef544dd8308ec00b3281169226c854f0545c1024 [VT] [MWDB] [Bazaar] |
| SHA3-384 | 828b056e4e889e69f09e7849f6431f9bb92945ff5060f081792661b40641f98acf4593f50805c7e7bfc1c165b5d346f5 |
| CRC32 | 1FE6A004 |
| TLSH | T121452346DFD9C1A0D4A10A3011D945473FBBBE104C32A85B7B0C7EAFB8B6D429E2D75A |
| Ssdeep | 24576:RC19DqgfFg34RPWj0QLxbnNZnnaC+nuuHM1IRidxt8:Rq9/fFS4ROjjtNZnqnuuHMNJ8 |
| PE | File Strings BinGraph Vba2Graph VirusTotal |
QTt*!v
[0f+XV
@.data
.Ows{
V*l.%Z
IsDlgButtonChecked
oE_%W
ZS<*T
_YcgF
WEgHi
T0P0(
)w\<X
{M%_e
`r#_q!
gc a,
}M'%Jf*
D{{9~
ipU8u
\Jk!@
0[d]4C/
RxlX\
yJf;{pG
_.+^N
4K):;>
(dCR@
M"=<9
`d&vF_
*,Va37o
0[3,q
}{-a!
4m8+o
Qob>;
GetTTFNameString
^t+9.+
K^j~'F
wDL+qn@
CreateBrushIndirect
MGKq9
.mQGW4
Kxn3i
[q8ec
31:pob
[RIjy
q}|)x
!XK2SfRcf
y$dGQpiq
R?RA?
.`mD1d
{-"?9/
Error registering DLL: Could not initialize OLE
=0=f=w=
`$eGo
X"(wI
3.850
HKjiZ
Zg#EA
D$4+D$,P
v)Uq$
QZ&sY
FB.0\
z`2l%
TyQ:S
I^~K$
}#*dF
-E?-<
H+-ag
vjS ,
(7s`I
Ah8*E
%u.%u%s%s
LoadLibraryW
Ux^a(
^]*y+
8J0-nWQp*V
sjC<^
'X?Q`
ASIv-x
T0/~Aw
]Qm$?E
3<qgM
C-0~"
w|`g8<
=<MgND#
BiamQ
tc"aD<
xnw$.
K8vV|X"
Yp*xp:
knxU!
`k-$d$
dBJ]0
'yv3>Y
a2<%{<O4
+0F'@
y$ru"
)TbRP
t\lr.&GZ
pEfT(\
Hm.IPk
E(+X :*
[v) r
mmG3R
2zu_u
#Kx0W
4tPMQ&%
Eb]I_
WriteRegStr: "%s\%s" "%s"="%s"
(6GbV
Eyn7ryFu#
#7g~jI
N7bj\_
;L;V;b;w;|;
`Jn3>P)
%s=%s
vM4TS
{DC$)
trCL."k
^7r.-]
l{ V'
\Temp
5e0dt
D"JP\
cA]5<Ms
Nm<\]
wNR_Tp
CompareFileTime
Rename on reboot: %s
47 9g
http://ocsp.usertrust.com0
_'Zu!
E-Y|B
`?KOs
i|s|=
cL(/y
h5EOB
;:ARH
nipGxo7!
=z}KK)
r]nYX
KZf\rQ
?R\I"j
.{dD9z]
4!hBJ
+u:)+
wuS{P
H73TFF
Vmg+&$
Vc'b{
(e0C<
Kg';y=
T0DXl\U: T
x4E`I;|
fJvR=
"m?}B
@q3:q
wV/{*
%Q9do
V_Sh'
HNP^?/
d#b<2.%P
cbAS:>ao
\3ce]
|-W6V(
e6zUz
#gTF_J
DWhlF
U'Qs_ /r
`;8QG<
#`c={
lstrcpyA
\jA;&
o5pRcgQ
hurdE
ozPwo
logging set to %d
AdjustTokenPrivileges
<&L-~;
=tF^/
bO:{8
()eG3O
MG>BJI]
FJDs$
%1>_W^
$6e"6
x/\gC
;0907
G*G9t
5Z]-K
U&B>w
_R`gs
${)*p
"gb9NH1
1@)g(
)P6]BF
5dfG]@u
;]$SW
q[D:4
9q>s9#^
;+<P<w<
Ka<WZ
f]V+@
n:w|2
zlE`jD
&}/k"h
H(eJm
oXIPf
"~,x%
:*jk
H+(F-
yBK!El8
K~ud%
NgV7'
wPg83|
g7(9i
7*fRq9
T{0Av
d"fKH*kmY
d5bAt
_w_BJ
(!kx`
D/!w@
t6tms#
+d%((\
I',CQ
$u)^@
GGg]OQ{
4>1b1
WB'/\{
lex&.
5Ie=:
&Tz5dk
L{|c.
ZtKUo
A=e5Nme
@z;/*
{uPpw
GetModuleHandleA
O"5g7
OKYiT2
RMDir: "%s"
oQF!?
s;Ua$
-)Uh)Ul3
bB9".
<j=2\*
A"_AB
.rsrc
FI$%{x
2uo_NyP
MuS/a
"'f/EH
<3<S<X<c<k<w<~<
;[`ce7
B&_Dz
7z,eRg8
}5ITK
SX/%h
</.OP
h'hDm
`Z5M9~
k!<4{Jj
Ckcu~
ZHq^j
0B>i#R
%QeM7
QHSS}
C|N)U
Ba))m
A'Tbfs
+7'nL
@/3<@
K'*3p
V5x!4R
ZaakX
GetFullPathNameW
&sjU|Jm
UfyXo
0HLJq
XT:wR
3M)r
ZOtg5
eIW4g
F"\J1
U7a0v
oQ2vL
D"QA2
4N/jL
XOv@4
)E,qT
bL}|L
.dMFNHy
vQN@r
RegEnumValueW
SeShutdownPrivilege
K0Cf|
%#*)8E
12~MOB
g#l|C
"t&#-
;BgEy
NSIS Error
".cZS
NYKR]{
6:,yq:PQJY
~bF4l
9E9V9
CreateDirectory: can't create "%s" - a file already exists
The USERTRUST Network1!0
tGJ[Ky8_j
K,??e
.text
dzh#k
MQymX
n!A 4
,+QIQ
%y@5)
aiq Ze*
iS6F}
3^fkg5
>d-{]
M&KDl
jDf]2=
T^2[=OCP
!D3"1DxIh
aYNde^RgHB6
p.y3h
R?1VC
WWYRl
}iFzm
}Bns|
pdyX;
%KQQt
CreX.
1[sN<
n#YT)
'T,=}
EK"<e
^j\PN
`&,*A
\&@Pp
QYr')
m+Bgh
M-iOO
WriteReg: error writing into "%s\%s" "%s"
v'f"D
nO^Fv
b7!n|
dQB2/O
E )Uc
{ErJkS
s}J77
A=@bwX
+Symantec Time Stamping Services Signer - G40
kaw|P
D?<JSRj
z08ej()B
<8}Mq
130215000000Z
`-=$
;!;';-;N;W;n;
h-fyI
_QS5G-
}JlUP
eLmd:Kh~
+Qnx+
6#J$5
u:ME(F
U~MjU
g4qdf<
<t"Eu
f\R.g
g?36aW
Diy<f
f|?zK
\P7F.j
^,JvO2
,?XZs
H263ZL
$M(Ss
DeleteObject
MbH81
EmptyClipboard
tSf w
1>aTyu
**>4E
T0I&uqh
/I2%M
0}wHV
(CB;a
|!Jl+_)
OG5S&'
aGa!$
n}!7e
umip.
>2g=D
pwRYm
bRl=KQ
9gK-5'
RG !/E
R'I=$@H
w<^&w,
0a1_-{
WxP:
w'7y[i\
s.62V-
EndPaint
zX$iBQ
k4Katx
J3 V<
8xsjr
Pg~4g
ECW(~
SMcCy
hH_Q8
O/b`3
` [tw
yYV}9
C[[>g
-*[5*
n1r_Q
T\0"&
e"\Jq
&L%)}
HCl?:
,uqun
jeq7'=0
jqd9-|
}lqE8
WMR*A
$^HK]hUka
d;%@=
4z$`1
AwX8i
o|xe;
VirtualMagnifyingGlassPortable
lsCgWk
VUobO
M_x*[
80858A8i8n8x8
O:S(+
@',kD
(lF5~
~d4`%
,m~}8'
In)bg*$
9{j`\
Alxr(
,/+B#
c;41d
=IO'k
n>vlj
EKR8
LegalCopyright
)nL`*
J{*C"
)}S{Y&7+
SendMessageTimeoutW
Exch: stack < %d elements
2E=6j
VLeSB'
zS17f
SetCurrentDirectoryW
D)w\&
xs0"3
?p82]xj
l(N.0?
Q|EH8
9z;[y
vnh(@h
g%oxpn>
W]?3r1'8
nMy^;
Y (9=
Sghv~^
jc7KjbH
>#SE!
\,GN-
ya<r!
!4Cbde
File: wrote %d to "%s"
GetMessagePos
RMDir: RemoveDirectory("%s")
tR{Ay
^/nD\
oF%5L
e\p'cf1
[v>nm
$8P^.
[fsmg
fbf~Ou$
vef@\
^d|k-
130924225228Z0#
:EI9\
_`}#[@
909>9c9o9
http://ocsp.thawte.com0
iZ;qR
jKcsp
f/Pov"JlVP
ImageList_Create
UW)z63
n;vp.
TL$<$
gi4blk
9!J3p
sKfOv
LNRV)
Z>]6S
^&<bf
ojactu
\67AO
e6jLL
&|nY%Kc
'-^-DT"
StnnfJ
hy:di{T
/cje>w
\m/c8G
p]@O7q>
A[<8.
000004b0
t"QAT,#
12j*<
]XFU`l
w^bee
wC,"#
Q+t2'
$tpzV!B-
,_KEJ2
e7J1g
c,8#q(@
AddTrust External TTP Network1"0
e8(_q
p7!J.
C8;S;
\^6K9(
h9#A?
HJqX.
;]S0m
/JS('A
i|V|b_
trM:t
0Y0i0n0
_q,j v
s]go`Q
YVn+.X
Ect/e
;L%|i
-xLy{HGx
hiJH91+
P7-4`
\UQ)Q
_WlE1I
|QdDH
@s)i*
\|unc
cj}3J
Bx-UT
For additional details, visit PortableApps.com
NQ3T[]
TzElTIZ
:hW2e+S
\X~F+c1*2
File: error, user cancel
rOtU/}f
V.)?`
Z5)jZu
JM/GD
q`d#7dZ
$B"77
njgi)
Z0Zk y
:[lG.Q
|>5G,-m
4DV"b
^7)Q[
FKRe0,
V{vul
1]TR'
}kYlZ
msctls_progress32
JE8g>9,3
SHELL32.dll
6B3L:
><[9G
r-, a
jh.b)*S}
&oy_gr
3}~Rm
-Kv]-
OTTx(/
I%?2Z
`ia5$K
kYRf!
RMDir: RemoveDirectory invalid input("%s")
!`7Hk?
CQXhC
kGu1@O
cvU3q
gkk84
7ah12~
Ai5#Q
40%.qh\
ShellExecuteW
$-~g=
.7(\8
FJGO
L7}*y
9E8um
gsSFY{
A-PF$
!$T"G
|=Oj6*
&c*/n
::3p@gn
AV@%|
;6-j=
9`z'W
3<xz7
/ P6pL
CreateThread
SetBkMode
2R81N
*>d]}
[fe>?
eVV5A
Lk-W4o
a9G1<h(
$Mm)h
w[;Pt%
pzfDP
Kgy*h
.1+k.
5G6Z6
^D5'i
L>m]yP-
8|qH]
7%1[Z
nG9ae
uPXg`t]
80\Q
e3}gV
!lglC
c1qNFy
Q*@W?
r.a+E
*YbDzz
ExecShell: success ("%s": file:"%s" params:"%s")
$RTBc
mQ]L.
q]ka+
-?Ww.S
wpcHyq
\#H1&
e8"=F#LK`
}W7Uv
[FuX<t
KM4QXb
M*fD7S
ERc+I
Yv*)
%;b}v~
yQxP0
GetUserDefaultUILanguage
Sv!#R%:
{Lzu5
lvsgu
http://www.usertrust.com1
HR!t-
8+WX((
t3~QZ
/-P?pR
PortableApps.comAppID
ri|:tB;
FindFirstFileW
wsprintfW
PzIQ"y
979=9
nirdG
2Fr).c
2a_jt
EE121`
% D3t
'@]"?
%#/!m
1&2U2a2g2s2
]OxMrq
{?UFY
)Mh)Mlf
m,1y+
MhP<a
y#v`[=
-C!Kaq
yqWl!0
3_M3K}
Uwhrx
D/{|h
g6"50
bB@4d
a+;k9O=
j8WUHBYs
<+<4<J<U<m<v<
lww_M
x`/!5
0y4yd
.Mc7Roa
*cV a
CO)a*
W+z~4o<
<?q,a
4:iSG
Fa5/_
4/4o4t4y4
l../-
>[G^9LV
9l<x@j
gqA9n=
p\%4o
S j|[
Sj_4r
2^]CJ
)dS!7%
IDATx
]QH$b
1W?])
,+z!%
*FTR+
[+Y>+
,(_DFWcN
c,"be
G" 4r
,U7+0=
VoUMP
.6k3RyY1
5qP^7rx
0TL`xeb
^AV,{
1%X-h64+
~$,K"
3,{%5
^K2bO
,C|gd
!c~U+
&EFPd
~>eH%
WideCharToMultiByte
8b{kw~
+^dJD=
VarFileInfo
it+j@"
272q2}2
I\A]E@
'v^p3
a.".W
Mb]9L
QS;CWt
:|Q3g
Fs,f@
GetFileVersionInfoW
#@Ksuh
detailprint: %s
(O%y?T6
CreateFileW
bliGh
SqK)P=
rt;>K(0
/|ajI
-Fh#x
hqlWV
>/FQC
]Qsmi
- _UJ
=<^[_a
p^vH[
CopyFileW
Z0V=<
UD]7~T
uja{W
ioW0K
<~qjG
i;fPAj
'IN.em
qab]MJ1
FXTS%
]m|.cp
-8$wOR
71LzG'
2qNSqe
^cU{I
aXMu0A
xOp9%
(r-jBrf
V(M{)
SHFOLDER
k>S<&
jw7PBm
mtS'0
Yc{l1]
,%!rKH
:Ls*GRY
a3q~3
18nWt
wO_7{
%!DCJ
yX{iC
fq~DA
1kS=r
Module32NextW
Mfe<'
QMQ}x
"G}i[k[A7
>8o$=u
D{^/W
Q4<:Z
'U'"D
#fn)U
aL_|F
dh"Yb
Yh7=X
\@ty`
&M z%
Ij~RlN5
W/6'9
u2?ea
Uu5!N
'==U[
GetDeviceCaps
^"J(
Oe*\%
HKEY_LOCAL_MACHINE
X\xqIy
T2gj`
c\1mU
!M:ro
TXmA,
eF0b{
Btf:&
KERNEL32
n'oKW
%yiZ2
#HH|Q
4hq9P!
&RGCb
5ZuL?
}bgTP
/(+'C
WriteINIStr: wrote [%s] %s=%s in %s
7<h%_
"oj&]
Lbj*cY
ut~rj
O1[P!
-_]9n
8}/+;
pTf^g
a+5a1
SHGetSpecialFolderLocation
wvsprintfW
(R9M<
p2CN;
]OMEg
hNh^75
A!?dp(
UWvxv
I1J9:<
QJ8AWN
`>3ov2
u$"!B
qNspRef"I
>YAbG
7]Ar+
n6AT-*
jpScr
'B0`J
,.COY
LRNUA1
"6v*l6
"<3"x
%7yon
'0k:@
63g}G
%i'&s/
CV{+#6
kt#zLf
WriteRegDWORD: "%s\%s" "%s"="0x%08x"
K:VP!
$|!{P
&yvrq
Z]e ]
{ ^!e{
I?+-\wrI\$
>!Mz.[
e\ (s
1P(AZ
l?H7U
}l%=J
olj}xyGK
f<\w4
\I[-j^
M/@s!
YjdX_]N
=FE+7s0l
a!`-A
^l<i\
Salford1
?,]VB?p
?v"-,
s%R^!
)`{zG
3A*#E
gUc1b
I95/j
zeNVQ=
U,e&f
g_?{$(dM
>Gq_M
$mz<!f
|25`4
V-L`-})
sUY9F
)y=u)
2!tM'
SetTimer
l:,&e
L*$@J
*"g#F
6q7v7
Fhr>Z
v9aJ1a
k2Sd;
dw(4s
h|~$I
SXaWx&
xY%WH
G1Y6V
:lIAt
7V?zO
H1Vfgh
New install of "%s" to "%s"
fJHIG
<kO4@
GetWindowsDirectoryW
DefWindowProcW
V%H_E/
"D?2j
0+<8xR
Sw:|Sm
0WZHBMko:.2
'(cZx
MTbqT
02FI]
m2]Kq
>&>P>^>e>}>
V[p!k
7)Kt1
GetDiskFreeSpaceW
m%bAWI
:o)B^v
,LJZ;W
yca^g
uG<Sq
SC'@{
Sleep(%d)
[*kTV
`h,QO
7\WL4
W5oEt
[$DZ\:m
@c yVP|
SIytY\<P
{D=(b-
&J';\
XR$m%
tipR'
wH4e@f
5rsA-
X%'6%
_jlvzyxb^
,;O-N
~#off
P&9)p
jNya2B
6 W_%
m|"+i
\FmT69K!
z%/!*
Q,]O5
%Qg<x
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
d~EWi
H[wPQ
D:E9A
)Fo*WD
X.Ijj
H\f:3mZ
$s7Bv#
0w[PS
l;&D5w$
!Oce#6
T6Hme
;!;2;A;T;
kU_/m*q
)q1A|>
ZVSSU
1SbG?'H5
U!L6J
GFeO@
/Q\laf
@#j5
0^c4.
h7"IV
YO#_B
MoveFileW
btiKR,
#]j4sA
7~cr.TH(b
http://nsis.sf.net/NSIS_Error
" s|M
zkpuo
G2G-7
GA:T&
z:"<^
*'=>~
y3("A
q(d:lk
qb{Qrk
7n'qZb
UJweGn
T@d]X
46PaG
XTMcl
KqHAB
IEFNlD89A4/k
oLHAo
Qi:oK
O^DvPT
=l,9&W
V(X[z
TA@0+
.nlMX
Q|MlL
)7y7{
hZHJo
4N9Q@
)]@$2c`%
<3'QU
2R"k?
)N B2#-
&M ?a
`-b33
[?$Na
+jdsek
[qux &
`U'5f
n <xDW
GDI32.dll
-3tL^
\J}Rq
Mh+S=f
Y~XPP
[|.Y;F
w`|zt
oGtIX! 4Z
ykE?<
kG|e+\8m_E?h
uYa<+
*ui:#
o@^S.
3/^It
wNrqj(2
]Qc7XB
rr-%ABH{
$d#1[
ddK7t9
omaZG
>Y(IUD
-S_tX
kUN./
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
zW/@MJ
8#4=O
'-t``
~2.~|[
6"0%gHy
9/qd2
{`{np
http://ts-ocsp.ws.symantec.com07
iLZA]T
HKEY_CURRENT_CONFIG
BringToFront
^!<#B
%}(lD
+~%hMZ
3"'\i
;Sg_?n
bWAI3_\=
u:FeV
201230235959Z0^1
i,{UD
We#v?|
w~+bT#U=63e
8G)"U
XU_^RL;
i"&EK
]I\:zE
*2D`[
'a*N0
K/!:W
@6^6D
xS(-:h/
X\8d!
[UISaYNd|sg
fp~RO
$QH>Xb
U4k+C
.~IUb
5i&Nf
T<|6p
l~1L(
@h9q+
s A`:
IEPG5
O3((F6
Qg)_v
*)wwm0
zv\*,!
Gu6:Zs@;
9*@oA
I[gji
/;1!{Ij
A}KO5
GN)YK
y}fZTM
LEAI.
5/AeBT7Pt
[/SttD
<'PE.
w[ALfe
(?IET
enI\@
(&31-
0,-,?
&`{[H
Ktawp
cWEnl!
x5}0E
]9xXegC
FG&Nn
$JpKI
!@H`3
=$fV8
/3tL*
>MYF]
ar$Aj
*%4r84Cp,#
Psc=2
t$(VV
!SE@C
+>wwwU
PortableApps.com is a registered trademark of Rare Ideas, LLC.
GetDlgItem
dnvz\
$?yBN
q:27G
'.Tv$g3
]ZJy-O?
'^nm.
2-{Y1
TI%)8
m*JpH
*qY*L
$nFCY
l{5Lmu
<4*F:5L
uY/~r7
5%J0qXy
!This program cannot be run in DOS mode.
PGCTl~aD
<ux_7lo
9+9L9Z9
Fd'LRgLZ
ao?5JX
-Y*P>`
[f^OZ31
OoED.Q
Vyvc)
{mxn*
@;>n3&
8CG9*
02jUn
CT9;6
)[/A`
eBV]9
AqP(t
[\tn.
0=q)&
y)P/b
.;Y>~
STZBy~
BJaKki\(
mahlC&
"Rr^R
JZJ!5[
_$Y"~
EEw&,
?$Y"#]
6P@0w
sP:z^v
=emI<
RegDeleteKeyExW
-[w?'$w
>`Si0
=vdqH!HZ
Z]BnK
F0}iV
I&Rw2
l9|4%
ut4Zgh
cu|X1M
[cx@W
2W f
,T`[n
CopyFiles "%s"->"%s"
wq+SA(
9hu]_
v~yme
'05`l
3x@(]
g@P{
l j8a
.#QLI
Z;6A
`=huM
RPYv5?
jc`C~
|"^_vH
$'<sw
bLZ'.
p~pEk
41yRi
Translation
vhmlF
7Eq)1m
3OjqM=9
%~LXgt
wC<|%
>UcSE
E)vy/
TMR8+
4$JKf
+^?7c
vn8Nep-
5)g%w
F*rz6bZ
cW)6$]
iA$=bm]
/4tiLa
AB[t89h
!N/.PW
.L i#s
3'd?Q
=)a&n
0o"Aaz
(i*oB/
unr6<
%BsN3L
u{U:t
Mho}p<
PD}`#Mp
OeB*?
)@~EN
'Am\8
gEcV>
rr3"e
D>Fz/*
U2(1/
8_PAz
zp*g8
([{[`
W!Ajn
_)=(e
P1U@F
1dMnU6m
dn4kz
,W:[Y
9zTuQx
8'CV<|
&>-0)8
]8SP$4(`
AUIC?
cK+=r
^eb3DX
iYe/R
B5ZKf
DU KrE~
[_ynS
*lU Z
EeSC:
^h#GW
yJ\id
4#uOG
G $:~o]
^>3L!=
OgpZh
qJvly
-2%<C
wmD$:
,ArYH
Hj\("
Y5uU4Z
)~Cv5
z&.]{H
2sY+F
QxP:RV
CNSYv+
{j>N!
mhb>U
!,AkV
wl:Ad
kUyEU
ni?)|
ijybG"6IK
Le{qE
fM}vb
\`bY
(mEJ0Q
Skipping section: "%s"
}d;9?
Jwv0[
,Acea
Z"soT&
^hwR
o2puC
Ii02#
\0,8<
o+{Lj
>q-J?G/!"~R
#}ltR
|W3;&
[#fvJ`
E\bPI
LfQ?&
&Y@
K&L2vx
{`,_`
k2MWU
884B=
bT@DQI
_Cx{r
0)my^@
L=j:I
;1&sg
install.log
-FO2#<96
Wfj>#*
b`U-cz9]
hatR6.v
8hkq+
5/qP%rQ
@Pi&S
Thawte Certification1
i.nvb
bS(^N
khuEL*
+l}7S(
}D9UY
-[j/Qi
&hm*U%5_W
+4V'b
r`23{
(?q _
]?:@O
T@u5u
\+wyH$o
G,yqy
N\k\3O9
X;?Z%
U68uQ
M;=(f
llJ96
)@8gD
EndDialog
PE2J{n
seW{pi
V:Kry
MsbPg
EhB4=
qu+n8
q(q-]
_>I>l|
Q5@40
'87R;
]OY=gK}
F+?iW'
D&q.V
On|sLO
C$?5L'
IW'gh
&"]/>l
j'U3}
0FkP?
Y9dis
m3{H&0HQU'
`QWA0@2
PE~(5t
!dz*0MF
f% X`t
vv!js
S/f$!(
58Jl96
FWCbe{
G$=]h|
File: error, user abort
t5+Wa8
:7?o
E M^E
<aFNk
hHb{w(`
&``Wj
mSr0
"@QRF
E;Vp'nL
~&`q`
obqK3
dJzTa
}_xdvp
g.*N#
1#101>1J1P1U1[1f1l1
invalid registry key
MH/7M
OB!G+x
X3B_3g
V*l+iz
Umj0i
}O++'
USPK.
w}nA+
V5|.9d
("i/M:
VU{"@f
'9"3A-$
O|W9K
?;A>#
verifying installer: %d%%
s((3"r(m
KAb^8
@3"+x
P}J8Z
:;Mu8
qDD]%
WLD=U
~70E!
uui__
f}d;1
LoadLibraryA
h*a9[y
KC]s[T)v[
bD\K}
vd4LFK
kwlr7
SetFileAttributes failed.
FNsY[~
323V3j3
l*9R>/$?
P?bc1
VlTv$
nk$'5;x
UGDSu5
SHFileOperationW
">!!C
E1O(_
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
9Acd|
F+`/.
41=jDz
8W}.UA
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
pf_dX[
c!A)z
qnj!Y&q
;EyNS
{)jEo
xX|[3
."-ij
? ?K?
~DI*L
Hb*L?
10<b"E
-D.>a
"^PS.\
Q0?u"
08*0_
`HN=NZ
1|3w6)
}jCN[
4A52[
<9aDG
GetCommandLineW
7\IE,)
'!;"00
`q!8X
Ajw5p
lnB/0
gKi~1o
M7'ce
g1Kkxb
Ed+EL;E
[Asqp
xF>Xt
KCprP$U
wfMzo
dS^rz
Bk ?],
uB_jsy
1!1*1
-MbP&
rD=Q9
$<M8/`
:/pxb'
YWV9]
5(@S%
}sa:1
NDHf}
yI'omn
CreatePopupMenu
)!iQQ
WriteRegBin: "%s\%s" "%s"="%s"
FileDescription
VGc`|
"zy*$
@&@Dy
B{/x=
j'_FtYDk
2(L2{s
mGe1!
yhOAl
o,zY"7
)K#;1@%^
.k4IP
xQdzJ
HKEY_DYN_DATA
[#NW{
>s~X%
Y|r'I
:nc H
SetWindowLongW
#B{Rin!E
jRF#t
GetFileVersionInfoSizeW
0#`PS3
cOG%kp
g%ze+
GA)Lk
16c$tf
%Q[fvlu
*?|<>/":
}S-|GOtK,J
E;CF{
m+Zeb
:$y?g
gL)IgF5
tSA1:
z*(!f@
zD~Mz
Ly*2<
4`b%)
VI3D*
nSVf!
dRTV%E
GetSysColor
CharPrevW
*'~!d
GJ.CR=)
HVIC7
8,888J8e8y8
j#NMk
fm0[~E8
-t[Q%|
;B'c$n
F/*z^N
o\Eut
WriteReg: error creating key "%s\%s"
0s;1[
$7Pu{
, '-c&
qHWh[
)5j<m
IfFileExists: file "%s" exists, jumping %d
Salt Lake City1
iZYnT;U
lH<W;
[AqF{v
us~Xa1D
SyG^`
I8?*a
Western Cape1
kc E2
"xnZ O
b3lX6
oKY&%-
zpnlwW
Jbj:i~
:tr+>F
SetFileAttributesW
v`S`M
SetDlgItemTextW
0cD)b)
@1V-Y
GetModuleHandleW
x!ZXsK
{>5{4
Rf\Hg
kQ"1d
BsoJ$gS
1%$%6
yO2obz[
cOy)9
dA&p:
M>MZI
^prQRF@>EJ7|
A/JgD
I~]/y
pYsbE
+C(a+i
WU|!K
:(:.:@:F:L:R:Y:_:g:r:x:
+]Z4E
j[^R@7R
ruW:Ba
3%@ ;
j^x(tF
:PB{Z
ER_pK*
IDBD $DQ47
j||'4
15C%9
h>tv/
>SC?y
`qUybZ
8.f+E
:`H'@>
i)u!U
$<'|z
Pop: stack empty
h10AGV+
'A[AT#
tx->_
",n?3s
!:5<~35\
$R^)"-
fZ/.Y
:&:;:6
U"9Ta
Cufs%
b&=[{
8]h]4
pTVb@
R-u.k;
x V>D
NdkI
3tjxU
D._V*M
5"0Qu
3-3:3G3T3a3n3y3
uIZ*T
<8W)@
XIDnR
U[>HL
x\9%0
*q%Yo
d&A+Y
&W\/m
f0d0<
S3_1oq
,]Mi5
TlAhZ
J(%r=c
SwJrwxp
lstrcpynW
|+I[)M
//@;xV
xN=(B
UzVj=A=
RichEdit20A
a{=qA
abbJB+
jz3G"
r;&T&
GetDlgItemTextW
0fler
Kw7_!*
4qr{}
Oej4nc
P|%BB}>
ZIbxTw
c9]/}
)acmp}s
W:M(]N
@]A,r
pw%4,
Q)|\I
xfA#p
T&V:o
Rf8TTV
"&&h$
H|{u/
sokc=S
j+DJ3
P@mUW*
qH228`2
h<N\&
<1=IY
fJ7c^
yItQN
Whh'3@
Rm'Z~s
niM48KWREBm
_Cikx
94~vd
[NO42Uj
.H?}(
:KUy^V6x
MessageBoxIndirectW
zPy=!O
YP#D`
e+aIw
MG.V8
\KS+g"
>MyBO!a
[j1VW~
5jxV-6
@:61Y
] W!8
oKwWN
DZvvc
More information at:
KyHx$m
~Va*Z
9~E4
fm'n1
l@f?B
bwFG#]Q
P<o=o
aK6eTK
eEX=M
'3Q[3f0<
W"YaJ
\2hu*
:p@UWB
\LWe:,:
1oz56
DAQf8
q-wD-3
o+92;
b;FU+
neo:D'
}[?pO
6>6J6[6z6
eni$l
'Va^v
"=!V*
P}=,}
"H i\
1+P%0
;RfbEY
mUy07
yHsRF
@YzI]
$]i,9
GetModuleBaseNameW
)^riP
SetClipboardData
(C'`o
Symantec Corporation1402
a$Du=
>RJeH
$*B!P
xF3q*a
/(bq9
e3c(hA:
_\KgG
AY+P+5
7Kq3u}y\G
BX2-
FQM4r
CreateDirectoryW
M~6[\
W{NTM
.http://crl.thawte.com/ThawteTimestampingCA.crl0
HDZ~9
*U|VM
[,dQ'=
6.6T6c6
&=p)k
lSoe]l
H WYE[
zFpsz
kpTfqB
)zRN;F
\qG-T
PoD\
pSVzl$A
\F-H:F
L=qHD
wdp95r
R2pO=
iRBxVip
#ca`l@
.D20lN
_P}wI
E&`^v
P_b+~!
g[Pjv8
p\6!K
YAHRqE
>~Ru|
+}+D%5]
sUb8t
mu}xE
8DHL`
k*S7 Oq
Ykz[h~
G@!@P
LX}~p
\xebz
NThED
gB?l5
l j;!
L_PGD
7*757@7
E`=eH
SzKyd
~8No)
)lmNx
iNEy0Q
&$RXv
yd>MJ
>`xM^
ad9W[
;A?Lo
EC^r^
A+EsPhH
zpc@O
@s0P*
9&N;AG
MT57xr
Sw_Bb
mzmN<
6pi"0
)*Ac.J
RZQ;T
O&'&C+
>~}7G
u\Jhm!{d
VP<dE
xZ](kM
8T1+cp
.DEFAULT\Control Panel\International
P\e>pS!
dMwv
?hMlV
&J7 !^0
63g@"
97(?86I
lstrlenW
nvSP@
g0e0*
H-0|M
0L"vW
JK?z&
{*I_i
Comments
zL{i1
N}1\h
{].$x
Bj 9;
0!T/%
8!828j8t8
nCSV]
rshP?
U6bHK
<n6$
`u#1\rL
0sn:_i
File: skipped: "%s" (overwriteflag=%d)
<!k1jM
SetErrorMode
4#!yx
|Z^>=
~S^N9
*IM^%
y3+.{
_A>VS*
J`fN{
;PfI"
SHGetFolderPathW
U7HK0
=I`]m
jU/scm
^TCzt
E}`2<t
h{9gh
~8+7 a
544S$
s4_vd
vnqOM
AddTrust AB1&0$
to5({
|onY9
~7H7%K
KiT*t|a^
L616~e
>kl(v#
.LC_!
_AYE/gC
lIXGK
1=Wlql
zmRy8
veLW76I
~I1q]J
6xYj.1<>
Ua2q=
uC|PAV
.{I))
8aP Sm
g#f8}
")Txm "^
l[j\.A?
+&BEFJ
0.0;0I0]0j0
S<sTu
{D6Ium
F[@7N+'
EFh\Y6
{f/N_
"_` `
+X70}
9a#wF
&`!vb
+i.R`
;P C)
l[4)E
GW@E97D
"0++$6M
jf=")
V2JO;
U(Zs}
}:.aHdo@
U]YUPG
cu=m9
2?2P2b2q2{2
-!a6o
8>Fav
?Rk^"Z;
J@6.Ms(J
tRzU-q
X(!):X
Y?ssq
installer's author to obtain a new copy.
223@3I3
5/%O1
\UxraO
E*Z4Q
%l"n
PSAPI.DLL
ADVAPI32.dll
xbJ*y
zD%*@
\c*(G
MessageBox: %d,"%s"
>"?@?Q?
Ri73q
_9~Om
1(qwx
";{Gf
;W-*bQw
Jc!c6
SHJJ~
[J[kD
?0=0;
6u={A3
ehE1d1
%^1=%
22/r@
O1z]6
Y@Hn:
j95c|
Eg6a^
5+5;5I5W5i5x5
b_R'6
xQV4A
F)t2s
Hy;-P
PW*I9
p;AY@
je_i\
hg\\.L
gSeP5
f,Tv*:
x$:+@
;1A!6
YUjS&
}fK77
0jq_.
|KEPW
}E#&Y
2AG"|:
sy0zM
uBn1g6
%R~kN
3T%g(
jTp9g
'U/#V
Je-Fg+
([_ks
okpyM
WE=$=a
i}8w|
=[6Un*
)F1DUD
*"n`6
|%{Kf>
r|4rNv
Ropv45?c!
"60QjJ
!%`tD4
a=e84'b
020T0y0
2gmu]m
$yLgR
LL$ec
.c"Lk
O'HHm
4S-D;
@Ml]V1
M6~KS
t\VGN
&Y8=+
1]lBK/`
r.T;X
-'Bb*h
IqQ_@X
2abbu"
((L0,/d
SHGetPathFromIDListW
GrJ\/
w/Xxo
[_lA$
g+dKz(
RA[YR
*tA,n_
'J94i
1.g8Z
0xBb~
JPW-P!5
$04M+
+eC`#
]{`nu2
0('ofJ|
:QpD>
6EZ`R1
#.Z'AIv
[mb%f
3z0(|
{0x&8
v%BPH
%UgaZV
30tI$
c@Rj6
W]y(%
Rare Ideas, LLC0
"x&6BQ8q
<ZnKf
+fa>>
CreateDirectory: "%s" (%d)
yrQ:[
N5'|.T-$
>jgrO
%Zg5p
K,7ZTW
lstrcmpiW
=|Q&u?
6d_X7
br^I`sf\
ADVAPI32
xqgg#]
rb6$5
9Z]R[
je`N(
GUry#
iJ(GxsnH;<mC
ONkf*
LegalTrademarks
>*jHCF
yQvQc
>x|Zq}i
Npo*9
D=,'7:e
SHAutoComplete
xvR'95?
$QLFp
ON&aN
wXG,>
'9)A<%
CreateToolhelp32Snapshot
ReadFile
zn__`
RegQueryValueExW
'Qk=Xa
*Khe4
A8Bof
#BJ`,
NulluN
DrawTextW
7'4}R
rdVL^
H7CYq
Em|DL
fnuC!
&hjrB
U#'h|U
rq~+-
>3Dy1n
j81eb
x33+Q
|AtE>
&fZD2
|,*;Z
mi?(oP
GlobalAlloc
*~3XZ
jw&om6p
yhr,;
?TMIr1
Ssv3rBB/
.OA4m
Module32FirstW
0.~2*
Fn|o;
(pF+%
*!oj&
U@m9}
iE_IW
GetTTFFontName(%s) returned %s
Z0X03
:GDjfKx
Error writing temporary file. Make sure your temp folder is valid.
-NI_]O+
f/?H>
s695
HSL)ev
=pr?<
2iOibv
z r$^
5 e,J}
"\cVPs
>/zBl
VSX\il
V.1RF
c#/5Ws#@
M=PjR]
t1XSC+
]6&zN
PNvv2A+,
4}+^\HA
/?,i!
M4q&m
72Qi?
Call: %d
pR/?3
Q>.!v`
w^ZH=b#^"
|xqPx^
wo<S
]LvtO
wx6[S
9hq@'
lstrcpyW
^!/3fEJt
QmY*E
#`]8L
Pmd$T
1e BC
"px*H`
&FQ=t
'I"p@18
efv'A
8jh'C<
)rmU{
7hiuU
lG?m#}
)rSmX
?2<H#
2;ConE
R*{/1
q]Nis
q`$M}
U5VC(
PsC`q
6Rla$
^g._w
E89E0}s
V(-B"
yy BH
"b,R2
~2[A'
>N>_>i>
j5&7x
- 90l
?G^u`
HHW#v
SnQeji
mZ^{*5U!
-e{~Y
?_#MJ?ic
$hm4l
VyFbOl
=zrn+
HZTd3^J
LY>kU
D3-ZH
SetWindowTextW
VirtualMagnifyingGlassPortable_3.6.paf.exe
4,aHA
"#C^c=
;wv<2
E89E0
wxx@o
B\%@KM
HO@DFFDD'!"
6X'D#
z8LiV
EnableMenuItem
+2OfA
rDF}e
B[2H9#
Error registering DLL: %s not found in %s
uy{Ut+
Io0Q*Q
2er?(b}T
VxaYf
*`0mwA7P
=:= ,
"2#cIpn
_v|6&
ole32.dll
Q+~c3
-}b =0~
p[~6nC
nVt[j.L
<{3r.q
Process32FirstW
S@+4f
!Kcu"Kfq
AN@Q8
GlobalUnlock
DM!2V
]l:PVEV:
$~}%1
N2\79
4}*+8`
Dk<yYcX.3
ikg>Aa
?,(.r
6NYY]
iJ<(I
c<90x
kxKZw
iWh{1e
~vrZi
ZGF'nY=
/M\c(5
%8Fd~B
767@7I7S7_7j7s7
!%r@C6
:FqxR
<<<Obsolete>>
iaCn_
483`kby
M*57S
Anf8`
203Y3
\_KcN! ::
4y2nE
N2WUIBIikK.28
2Q'Td
M,@D;
Z"-[fD
U_9{{
^<oFBSd#
Z\rMM!%
g!Czs
`Qr![
_'QZ7Qq
?PE+r
S0h]+
Fg)=-
Z7rM}
.s5]a
LJ'VqWe
u8?|P
3+GvE-
3;<0A
"37G$^
f]Kq7
"9=eF
ST?LQ
1a12B_
Nw^xY
;yuq"
lW["'
y3c|/
0hE6%4
B=#$@9
pPZ|pgqP
`z DQ
pk<qM`W ~F
e{T-'
3 `vZa
Dmv`
GetAsyncKeyState
KERNEL32.dll
UkGEvO
hnp';
?-?I?\?o?w?
!hni`a
6#616i6n6
>04{s
:/sHM
Delete: DeleteFile on Reboot("%s")
YehtF*3
{aTt.
n72qu
2x w]
+|IT%
{ae#v
0=(hL
sh7uR1_%
Nb4EX
fr{DC
yVn,|
C=1V;6+
4\x$N2
5qy|\t
K'Lmo
Y$%fm
T?|0p
W?FGR`
Lx|BV
4t!n)
acL+7>
SendMessageW
RE<ca
b0Se wm
rZ7'6
RoBex3
jT3E&
8b17ts
#+TiT8
mlk gV
;l#Hy
76p1*R
iP?#F
ER^kJ
E& q,
k:@1I
979D9L9w9
ax.{<
#~dO"
gnuEqm
{)3L"
ODkfi
P>/Qmf
=`A)+v
d*FTO$
Exec: failed createprocess ("%s")
FJVB|\
oi0A
IsWindowEnabled
zNp*h
bd$xL
O o68
V+[h>
>,>1>6>;>D>I>O>S>Y>_>v>
?(9C;
7[ZvM~
4'4CM
v)`dK
t-`gV-
K[loW
2VQ;O\Y
Y`BrW
&rIl@zS
`UMED
#{=S'
5*w"-
tzc"S
2tmS!\g
!6NA5
S0ZC"
a2b}5
m2N3=
b6d[+*R^
2?aqz
FileVersion
|~LO>
g~#6H
_/-3e
W14*5b
1A?0<_>c
Bti$k
npqq[
QNSfef
Ns>.2n
c@G0Ln9'
^H|Uk
bv{?`(
UR_tO|
w3ZyD|
UVvVbX
wIuN<OO2ha
exJ_l
kO^M7Q
e^d8f
.tq'ybUB
{>VJ77k
d,Rq]dV
bk@]c
D$$+D$
_7GA9
iV~ E
Y#b_`
I7Pz*E
qUo]l
>NgVz+y
8U>;%'
8B(<X
QH;{qI
qa9R'|
rE,[**
7#Q_%
/{)NRz
npSi[
#1n^F
U"_;/
CheckDlgButton
j82fe(
1-RZ
H|1~;
Oi@MSy
9nM603CIf9
p<f$XS
h3EMPz
D;Wg3Q
DeleteFileW
3e2t<
&yvUL
EnumProcessModules
q(6Ua!
i;3(z
+}}w3
q)-/h
Px:GD7c
InvalidateRect
2mh)}~0os
b*OZ[
Z:sKE
Sa^?k
<RBO/
T@Ex
ciHiI"
v#7WhK
O$!3,W
>,><b
v(Y6$
"o^sk
tyW9u
Hsb\}s
l%qjk
SPB70
9m'J`
S'=$U
UFuc
ksMaQ
JYspE
N9]j#UG|
z&,D,
\-hJ0
a]`_%F<
*5Z*L
A||vB
GetDC
5h\nw
yqBP4
Virtual Magnifying Glass Portable
21k|f
K@fam
<[09}
;8*wEZ
%3}0n
W}WkV
FindClose
A&>sqp
pPCA?
k]Ez<
MulDiv
@@Nu*
o4M1>
2;7:n
RegCreateKeyExW
`0+25
s'!Zf
]2>H#9A
0DJ!wu!
<w=B`
vSH@al6
o"`/u
vpw/}
(@47l
TuH*5
+LIJ]@F
0:cz9
@)=@@5>*
OA]]5w
{fN^'g
;Z<^b
a7';S
>*k24
#3eJcI
=7+1JD7cRL@
;6;;;Q;Y;^;d;j;p;~;
CharUpperW
6.O^]
WwtC'
/So~j`%
\@&|~^
Zq?'A
k:Mo%/
5@J;r
r&RkL7=V
X=97+E}$
5r_h%
0*%x5LO
CoTaskMemFree
U-'Fd8
XzT?T
!{R![j
GetShortPathNameW
/%xkrm
{J1I7
_SGaE
u,?Z5
`lm(|
C#B3|8n.
~]%y>
+CD@I
37Xv':q
4"4/4C4_4i4
Tt~>i5=:x4
SO6;.
7F_IP
=AkYq.
:K"R_
GLz%K
{Oo<K U
YY^3\7
}a_EMx
UKMG_
.KD-L
f<{_#
H`>b)
e2N]&
wSh,Qq@`
-`'8Q
CreateFontIndirectW
[3b(1
'>7>\
5_pBpgk
$9j?!
(AM0c
jYQNC
LoadImageW
7ZApzY
D68tW
/o|~6w
@M-nO
S4I3,#
u3oo~
2YM{i/
Q0{r/E'3e
8Rich
/%q8a
N"I*(
HKEY_CURRENT_USER
0`-u(6&
IfFileExists: file "%s" does not exist, jumping %d
Th7r3p
121018000000Z
ALI0y%
,/gT?Y
D$,PU
O6!hQ
djsO)
dKSYt
XjUDN
1Fs{?s
6=Im>
?}csI
:&Ei{i
j=jSg
/Eq!'b
&ND8(
&V;ZD
D|I0+
ScreenToClient
GnO?y
!ED {(
2~Z-M
d3KKy
6EHc(
1?~Tr
0tRl>h
>+D5'@
CWVWin|
FCK{YY~
6Fn-0
:6Z9,l
&cv4F/
AD"ZeL\
s=)#^
76u!R
h`X/=
:[h!Wry4
>-mds
ProductVersion
*Ms<V
[kZf-
Y;rd'
)!mci?i
E{A(A
+-]q8<t
0_Ufk
J+7lk~
OCY7Dn
RichEdit
_Hah_W
l|[_R
12Z?7b
<C[D9t
Zdn42d
ys}lH
XgzF!
>\h>3.
GkcPUU
R@/]A1y&
5F\:%
!l|]R~!
RssZV
rMm+p
tnyU6E
mBB^A
oYt0(
g2#(N
E37d!
|*e~Ua
@g 58
w>"";{
hKR=3
[8msw[
w8|NF
5M]fn
j{HBdH
7lKKR
k +nJ
#QTH4
$4/2Yd
we;aM9?hD
N.%Y^
/}j,y
ACa($
1Y(7f
S pW~
kT@=L
{T&&ymw
YD``5
]'0E)
[=K3X!
)a9k`
/9.tH
4,^-Ct2m
lA+zJe
irx Y
settings logging to %d
b,fb6C4
<$AYL
U.xv>
=/y8x
m^Zix
_xErRa
[r0s8
fJHYlCL
2EG]/
13S&^1'
5JOR54
6>?e3
s4R-T
Q?T,iX
xUvoG;
8'%WBs
pq6qdu
Unknown
) t$z
*Ujrj
O@ntBz.
;BwvsJ
GUzJc
WZ[)~6
Y$/1R
`{+4,
7naQP
A6K>e
`.rdata
hu.bZ
2dpT#
RegCloseKey
Ik\v#
*f@#`m
N/YhV
*:+d0Q
b9*vg
.l[gf
W&3{n3Wc
@I;B[
{#4:H
p8Ee-
Zw2x2
Od%Wi
Rare Ideas, LLC1
do@,k
x+{ar
^}c6G:
scGg3
-Imf8L7w9lp+I
%2VNOzn
/.Ka6
~3]#M
4FWSa{
=fw1v(
~8|KdT\n]T
J">[s
5VqXZ
FRRiV
w23iB
,5~I_
m[aYW;dr9
14~V[
Hr$dw
b204M
pRF![
Zb2u"
'Zt0+
6Uumaz
~q3Dz}AH
|VNMH
WritePrivateProfileStringW
0,H);
z^?#0
uFr L
4t.oL
3 MJ]x
Version
AwQo:
CC2[y'
^-kLh
Z|!4c
@g <~^
_ Z-i
d>YdOw
6]g9y[!
New York1
ZBye'k
,ccPj
(V}=1
m6AK:
4#]g*:
MiwHHd
aq4j"K`
.P4c#
COH3r
l,l v_
vQhq&b
1\h3k
|G'6M
rB[saV
j^HEv
seF'T?
d|~O%
SysListView32
Qnwh
$FZ7=
LWw$Bt
f+LM"-$<;(t`bC
j#EdI
`rJ0F
w(~v4
ZU2Nc
]2](L
gC2l}
_po+6oo.
RG=4M4c
RS<YT
DrfnB
)[i=~B/_4
@XnkLO
X[@<X4}n
/,feB
CQ-fKogs
g:lo.
=%4'>
RXm=h
N,l^kL?
4#464G4g4~4
unpacking data: %d%%
,*"FPceb
q^/#8
dI=6TO3Tg%j
6.646B6H6Q6d6
[<%}hR
wh?%
T@OPh
vRe{=%
@#E/P
`o>`D
MoveFileExW
[91wy
Feiyc
_Nq0m
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Ow< R
uGDAk
mAl4H
m(m`~
m/<QE
y<M4P
E>6)&=
t$(WW
5:]G!B@
r;3Kpr
u3h_,P
dQQeer
-7wG0
gT!o)
i1y|l
l@gQH
#R2xx
/DZ-n+
Ll#'%
u8gfB
+aSW;
NullsoftInst
DwCW0
h&7zCpl
:[.c5%
-blwLJ
t$,VW
=VFWJx7a
M.fWw
RMMRIB6
h1<W]
"3_|gB
U\kHC
mDyj$
m3p9/
%02x%c
P)9}+
<*u>Dd
U(_Cb
%?*|m"
^LuwE
S%ix!
1+o!A
RMDir: RemoveDirectory failed("%s")
?#?F?Y?n?z?
j=.k$
mvo=V{
%~Xpc
&Z)nIl
,ZbZ,K
#,S'Y%
t>k~1
d)?/2
F~NaX
3YWji
e=H1b
PWSVh@
9Cm7|()
N/]9)
EU}4>+
weXb c
w{B}v
/K1v{w
j`@z-9dz
;4/Qn
5]}Qg
Iku$ct
oi%%A
UTN-USERFirst-Object0
P/`J"
5yw6W
lG/p{>
BPL 8
Section: "%s"
?h@M=
cAO^C
sKtJtW
!`gW*o
P)?^8
(|Z;p
Ed`!z
Aborting: "%s"
X !Sl
Zy<{g
j6.m5
3bW~{,
gx7+JG0
_Z IZ
Greater Manchester1
p1%.$i2
lS:bM
X^'L?
l!:8c
ljEHaiV
=E{s%
c*j6w
ucrj7
,LC$g
yX,$r
rU Rb
pd)JT
-6zwX
ig$q=e"
,hkiV
[,?U5
tcsgx?
a$2f3Su
'8(fk
{_(Wh
AH_uP
@yf6-
W;+f$
%@`:9/
g&LLZr
Ez3 g:
(?p6
|y2d8
MdlF2]
{q4.c
(BR_]
Y}iO&
x9U(-
k9y!n@3
7,t"~f
@Tn>N
IWd!$
K'gze
[IKNg
SC[72
https://secure.comodo.net/CPS0A
NgL+/
B2]9wm
,>'r=8
<4/Mvr.
zk)S(
-#K~g o
a'P(QcR
d#Z[A
BWGx0(
lE5Rj|#+
8'> +
U2Ujn
GJ 3a
G 3>I
OriginalFilename
5On6C
Tr1-?
[QU9T
NBTbu
Xs-FS
qfm-n:.tB
&Zd6S
P&2>x6?V
PrMP-O
JpfaZ
Y"fO|*
4(515
0%nB9
eN4G{
^\x&kT
j^x&V
]^`"Y
{T*h70wif
bs"~J
X\+rY
a0=5R
e-g '
b,(/4
?dDfV
oU_-#k
4V4f/
(QOqp
VyM)lv
`gYW.
qNdA1M
}(+Dd
"1(MS
<rp9P
YBCe$
KzKA(
Ni&U%
A.?wH
@.reloc
gk 8)S
{,9!q
"iqE/
+h:%:k
-YTa>
%N&`A
C}6R0
w^}CB>
X{Ky/~"
<:;t54]
@se5<P
?!(TS3
7.f2M
P68,=
nyRrD$
:NfR7S
TU]USQY
CharNextW
^ypHc
E$#d$
Cfuf:r0
(cia&q
ix7i2
}M,MuJ
6Ef8'A
jer/L
Jgc\8
b`SJsq
&|d`p
P{nlmP
DeleteRegValue: "%s\%s" "%s"
CreateDirectory: can't create "%s" (err=%d)
ww7?l
SetWindowPos
AKKlJE\
Oc"!@S{
@z+>Y
=0;09
>"hcS
xH\g<-6
7-5ZH
jv8zq
a$Ac1
)s}uR
b(/u0
*N$)Q
BBp~3
~myqe
#JoRT
yG:W}
CZOq$
2B)(mt
XcS0v
ax%kd
6}*yY
5&5,5b5k5p5v5
[UHKX
Thawte Timestamping CA0
r;^b5
:0806
p6pG#
VERSION.dll
DH]}2z
}SsF4Q
@Ql$(y
=^A3+
lstrcmpA
(*^cCCk
u!7m-gyUs
klgh[bh
"k{%!
L<nm82|
.2M,t
[F6FP
3T<c)
d_6|>
kVx>6
+\R=X
[aX@\V"
/".am
QY{q"
1s1N
wE0D*\7S
rj^6/WD
Thawte1
ajh@k
%)m^U
jx<`n
%/^!k'
$ 6@`
cRBQ'y
K(HY~p
KG1Nc
=*=9=C=M=
R}mYEar
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
o>&?*
:-;[;c;l;
drRb3
,t-N<
xsJjsFl*
J!66`
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46.5-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
f<gA~
abbab]\
>%7Fzd
n)^)O
8e=$kg
=>Y;$
%n*oP
GetWindowRect
Ew!|eP
3&Cx?*
AaB_j
ZX:?@
JU.[|
!J&)l>
/s:^!
80604
(I(TQ
XvY@5
,/KPip
!d``h_]Xb
FBX*UA!v
[4s:Uy
XI5xnZq
)th1C
V?qw4k
7P*fO
g)J>n
^Pfu.-
j [f;
9,T)!
=i5j=
5[>_>c>g>k>o>s>w>{>
Z`w!n0W
iypYF
yo-j%
d L#n
zV"aa
1#>-}
nUZ0U
dDb$5.PZ{d
8>t`NP
[j0Xjxf
!qX4G
QXpNu
31}^-
m'QQhF
oPF$DX
9.HX;
&I=F
2.s=.
ht?Y@
n*it[
XOg:vpw
!3".aS
9|VrM
D-4SB0
=4jlPT
~cqA
kc|^X_
xVD@(
]7gae
efUo5e
YPHS`
f~#]8Q
8$_^\
-f\hQ"
DFBJ"
%Si%{
?wZAnCH
Ne}]E]
hOBgi
e5@B},
JEu TP
/n!+j
D'EiO
*iK2Ypi
!UF}X
@(B(V
dj359AGVWd
w6}Q7
gA?}$
Ce(#kQ
",@A>
3<rr~
^|D.Ne7
=ReLH
mOSC
cEdSQ
@m8Q,
fc2T4Y5
I*&wSY
P]wM/
_4xl&:-
yLreN
\re$#
Tx2(,
okIty
VmLV+6
67Y!G
Xb"utiH
00lM%^S
iguBz
y_9tF
$F Cc
tSh~^
hYR"V
}in)]
% 0L]
PPPPPP
RM08[gX
5"5:5]5m5s5
I4R#Vf$J
_43I7
nj\S}
"]yOj
V^'bQ
%|@c#
0h _%[l
6nh[15
mJL2y
V,w]I9
P%>[)V
("E6m
l8;x}
:>oNE
SystemParametersInfoW
{@L[or
yN0H7W
la]#f
+YzK$5
FvT}X
uDWWh
|1]fW
8^6(@
i223-
]9kFy
/;ty,
s=kha
Rename failed: %s
%s: failed opening file "%s"
HDGPC<&
p7@0p{
ECt,&
9#1?P
-1Yz_
t^!$c
QDClK
Bq8,5
0cp;A
H5I\#
TimeStamp-2048-10
>c9)E
|Ubdp
c{hdt
MSIH-
{bXtAf
ky3.G
o4^,2
8#2O(/y
Q+*]&rL~
=%=/=5=:=@=N=T=x=
D$,9-
v-$8]
q,$d|
@ ah"5
SearchPathW
>6FZ1
L:i88
F*t9l[I1R7
D<<}F
61-J>hl
SetFileAttributes: "%s":%08X
y+>Yx
GetTickCount
n~DB@$g
P4h&V
FhB"g
;-\<5U
v}|SQ5
Ct{:]s
\k+h5
0:|Dm
4^FuK
oXYc
EXL`>
$cL]"
:'47#
sQ+Qn
iVRKb
hj6lv!
MultiByteToWideChar
):bTp
&_@Hx
:`bK9G
~Dca%4u/
cK:]K
6Yu<,SF
8}UJO[
s<z?9
dfrF"
Vn2Yo|
7E-@X
4ocOY)
FZI?9
~Xy7L
]+Th3
K.)4V<ak
F<'W9;&
;x,:`w
>L#k9
vG#=d
'GS-=
y{`P3
gjU.-
jwxzb
mXC!>
^h,L+!
"z<;ft
2'QZ]
|E(4}3R)
f(%aI0CI
Kx!],
3.0.6.0
;ar9*
oVy4v
[r!)3
cE+(g
PSo|=
?O.$4
`^^^sS
CreateProcessW
y]$IY
XA.'%
B,8<\
0U:NBP9
0GK/&
... %d%%
9-54w
Ongw;
*]FcSF
-I4;|
7;`J{
xD B/
~>W5x
y*.S;5
^Wg!N
$;ahs
n7-[`W
0p-3)b
UUUUW
TrackPopupMenu
D.U9dZ
VhcmHE
F"C?N
6S1Fwp
O ,H<T(
lstrlenA
|6#?*
w%hEm
uLKG@
!e}#`
;PNZ+ YF*
Psz#q
#pA'V
Dgt%#
/Bdkl
w\l#P
-G~wB
VQm1&
0NDqx
+BPX>
p]Dm6M
EnumProcesses
yz 1y>
q4oC.
|5i?LF/
1}SII0
\^+En$
Sleep
X$-oK
HKEY_CLASSES_ROOT
`]!qs
I2JC,
o=(5G
m4m,x
GlobalFree
rMoIe
5B!<o
`~An1
oS(w0
GetDiskFreeSpaceExW
L'mhc
"$7&9
@q_X#H
'~tHR
+fxni
RegOpenKeyExW
ppzR
2+f5O
dQ{.w
4!w,K
jQk&m1
-#33^r.
)`"dwO
2"U O`v
:f-]yBKES
<Y%rL$
M )>o
{P{Kz
?@XIc
CduzE
F<R_/
iJWnTM
tPpn2NU
$`=I*
b)Z]M
7pZ"-
U"`kV
M~riC
;mr=.
v-dxJ
?yN@o
ejE",+
|n9 * `
4()E10N
?A|%U
a[>Xh
TsC+n
QIBAPe^
'N^B:
8{*7a
9W5U%
u_@3("o
md)\.@d
AppendMenuW
9k!K|
LWHjLg
i(xIV
VfJfK=
D/P6x
OpenProcess
;=e5F]
|hJy`Vj
=?0@Ua
l[iO6MX[
.DQTQ
ueE8S
Wo_k&Y
0=YRUN
rcq?lD0
c|/)gq
CornD
F+YlU
q-"#e
g/uht
]buxyubO
CAZ4t
w9]Wb
$d>#){
G;A?$=
4.f"u
gY}iR
w0q-c0
JOEPO
NH=!$&`DQS
zEhh/
f}eM5u-p
mB{84
NZL._
>+@fi
a=2U*
n"%T5
1U).S
]dP:z6n
<FBO
GetClientRect
:8<*Q
< pO.R_m
m{7@sHe
H?eF1
OZ={<
DSG]`
4_<ix>5
!h,%)zIZ
g+P/l
S&M7wd
vM-Af
=$Z 2
COMODO Code Signing CA 2
"$pfj
qD(.0
ImageList_Destroy
O/K`M
+j^$7H
lX"lm
.Cbi}w$G
9wf_e
@uFeb'
:-:8:>:C:H:S:Y:f:m:s:
a[g~o
vOI>k
kL"u^
Oig-%<E;X
6ymLX
/G3K/77
e|n-Qa
az|LY(b
83('[TH
99x&~
ExitWindowsEx
8E;g4
T*Xq\
'&a7:
'zSpT7
GJH1BE
X^DA,
z@0j;
s;,.Y
_+B^j
V&'i{w
eC60^7#
\vnO^
I@ynW
F`lqI
Ei)s>b
`F0L
zhvxb
;#::
k$C~i
'S. R
cx#,6!
Om^=m
'0VgHP
O^)h6
&h@3[
07H8/`
dFnvs
&Q7YE
*e4Nb
#x1o9p
GetFileSize
C#:55[0
1j,K@
qY-X#
|>[7+A-y
QD[{N
4vDEs\
<WA;-
$0swd
l{7D5,9S
9f*<Z,m
r(t'PN
dsQ8a
"KzQz~
mMG8
ZB&(:
Pn?C_k:>
#==id
q~|uh
u;SoH
e;ZKa
%lehK
0D{<f
}TyKf=
t#^V6b`x>
}0N?
`*Y(`
DV[zN
,SID?PC
2Q{p?
-NAhU
]\Z-c
=,Rp!Au
<p?{q
L>#-G
A\3=W
O=/Y|d
bf$%I'
H:5KV
GetVersion
=3x=un
B^sVK
tj;t$
g76j4>3I
%JLoi
y?@P|
CreateDirectory: "%s" created
iea%.
8&zJ<>
v9J#(sf
8:8C8U8\8h8
-3bj}
Gw="]Pc
]-DloXFY
LoadCursorW
>w#Od
:s49
E?5VGl,2
yA`va`
U[rDz
W8sj"
Ff*d]
P(?Ob
Ty>TY
+%%xM
gRX^=
7Hrhls
s)E]Nmf
StringFileInfo
ZZ>}s
I[.%+(
,3D)z
z1xmhg
SHBrowseForFolderW
i&.8*5
+#&k8
;\dMJe
0T|VX
o-4$4uQ
$CF 4
%V=2at
!@Girk
y{0wj
?y@]c
WLBt53RDyjz
BrIeB
1w8Yn
wWUmY
D^I1.VE
GAL41
lBaX`\8
?Z/E=
>@[!7
:'])=
#,_)E
5:RtQ
Y[an!
VpP!V
Z{%WE
.SVQG
2Ou'P
f>6#nN#
6PKFVpG
uBkCW
jyaX+
~Pq},
B&Y4D
)uaFp
n~S<Y
sDj5.
)+I\6
h:2hn&
jRRUUO
k6doI
m@l)Y
?$=w(
8P_,%
WM]i,
eBph2d
@rEmD
KaB!_s}
$PZF2C
='|[y
QSUVWh
&0o?s
w`\nu
20n2EB|6"
]jdB>
hnm=O
}}WBq
P: e_
Hc>r%'
SetClassLongW
]4;Mhr
RLVjA
~&Qd|
W|&Ld
lstrcmpW
Oe!S?u
<1j +
OleInitialize
RichEd32
{0d|%
k[8HA
'[nK-Zc
4C-PqJP
zuA.]
K^zs/
kgzqo/
9!9N9u9
+(?d*
.7fk6n
gyMvarf
DKkK,H
p;.hsa
LGGNMKg
u5!d5
GetVersionExW
9::T:e:
ND*&n
w#*OY
GetSystemDirectoryW
Nv%,P
vVe*W>
9{6't4
A$``Tf
^D<4^
lDoEq
T}MW)7
oJ <xf3
L*!|d
G"=LK
COMODO Code Signing CA 20
#PRdi
@80n)<
PostQuitMessage
93AY
Mi#bA
?X>H8
&c`r1
Ns8Ib
HD(P:
3o@)XE
biFdah
qH[=}
T!qw>
M-+@o#@
o\-6:
>ifLxC
CgE)2
Km}5o
j*_Ez
]JAe,)
ynU]3
tZ(Ps
HideWindow
sB:v41
}{I1g
x${ P
vJ~P1c
{L6jb
Bpcjh
_*]'vJ
U`?owk.u6
?4wM!
,=FF|SY
R_Jl8
I,b5wS
5{:BBz
(z%D5
@A3#RT;
u1WZ]
GetProcAddress
Y%vyn
0&DiYlB
L?OvC
ProductName
;4F?>@6.,
fN])%
/sNx,u
pUmRh:R(F
S+[dU
P`"xp
p2]&4
?<Hlk
4 3C3
@>]^Zf
nb\K=
mAi@t
J:_sW
^7qxK
qIj%
z0ClN<
? 6pAd!R
T${%"UT&2L$e
lstrcpynA
^:&u:
{`RAi
l\IoK?
S6{}
M;C:1m
Q}Uft
h|NT@HW
z&Fc8
iV\*EMA<Z0I
<m15d
N<H:/
2 2$2(2,2024282<2@2D2H2N2S2c2
~HfKr
IL2Ms
HeBb&
k("Uvsj
M$-8Ps
nS@|r
{AH,}(5
\Djmu
AliP<
y~Cd:
_n#J4
SetFilePointer
[HW*cL
?wj-,
bO.RKw
RegisterClassW
&_sEp
c'b^0
(/iTG3CJWf,+*
(["5k
:JA"<
\u!f9O
Ev^/0
.`.57
fPxA
8\|ML
F6k?j
8iDURq
r/b,8
%pC.MD<su
lstrcatW
~YHeZ`
fh#!}
;S*!a
A+N|b
)`Mdg
23Qe:?|
FknWpiB
0r0^1
HmtZL
7!$@<"ps
wp0\S
g}x@P;
vjPkA
$KyT^>Q
6oQd5$'rj.:l
4vR[@
COMODO CA Limited1!0
Vq,}6
Jvg &
"3G>A
ii2Z2
!%|k9
p`{=$5y+
Software\Microsoft\Windows\CurrentVersion
imaF~
1B>n9
2$Su\
8UEAl
so/hu
F:r2G
SetTextColor
~ZrPl
y-f&|@
YOhh$^
"6>fR
0-1R1r1~1
Ql3?y
C2csW
\\rwf
Jjp2E
94BuOj1
TxfH]
KB6p
9GWgoR.
gX`<K+e
RpG[d
GetTempPathW
2tMC,
Z23q;>I
OO@uE
2-D?]
Bzd94
ca0}-
dFLI)
P\X49
_ 9aw
PVus"
C'9u>B
`on^\
&yM-;a
]-?]q
A:[bf<"R
:$oDi-
r=YFmC
C)L$CDw
Z;z8}h
Kdpy
Gk]p{!
yxyQY
GzXz[+
djdih
[yGA8
UM.vT
-='PW
tiV@p
MS Shell Dlg
RN"Nn
u.6|5&
yvrWS
f Qf`=
|S7orN
nNYwr.t
xgUmA
"@lY#
YpvBu
8fp+12
$=#WwLD
$AGwM
H*6w*M
$Uba:
Z}?o9
Hbe*D
%o'jl
+TWKr
(iNG\4
<a~^I
fDk]eacp
@rCZ+
'o$'/
<'<3<=<G<L<W<[<a<f<l<
9MsBM
{Aj X
9-SVj
nZAX0
w_r("
Npvnut
*m'_Y
p5)L?
}}})^
!tmpH
aLE<B
3"3(30383I3P3e3n3t3|3
0P[Vm
>PkBT
wD{@"
C"[^%2
{V$|SE
8!808D8X8
z4uy@
XFteC
N;YR:\
n7+4mC^
KjQN|
G*Wu[^mf
)'6ij
[%OW8kY
ou#Ty.
Durbanville1
Exec: success ("%s")
BV[?i
A8zx?
v(^Vxw
hrC/w
Ez=q9&
t#&1d
h?,rp^
!a5ow
Li5(8
lstrcmpiA
4<-'gXX
LNFSq
*LtY3/
3.0.6
-q*~nk
pFOOHSNNSMFB&%
&a[d!g
+KD!"
SHGetFileInfoW
4a5r5z5
'$_.}
w+4|a
,t^<(+
) L#Y
@qep;
*g.>
u$9Mls
MSs34lw
leCIA
111;1D1Z1a1y1
http://ocsp.comodoca.com0
0~'N7Q
200530104838Z0{1
|=HH[
)\_/!
45['(
i%Wbf
OSHjl
-[1eE8
c$Axw
^lQub
N45tE
2'2B2d2v2
2?Ry}
GetTempFileNameW
Sp"[L
Q(2?k
,Xdjn
\,RIl
K6#hqHx
#Vhh2@
~yy;'
050607080910Z
Q kHw
$Y?i/[C
RZdBD PS
/p"q98
-3#4q'}
AHsDbh
d4uta
)@;/a1
JE@x6h6'
k4~vB
x"1`
xO<'D
File: error creating "%s"
"s+zSFF
9spLE
$,i:+
,W_YT
VC"B7
,w'Rrt
QRNCv
R)*n!Q
F}QpC
Kv?n4Vldc8
DeleteRegKey: "%s\%s"
gc%>jo
ONX}%lD>
>,L>c
T`y5h
CharNextA
121221000000Z
"1?2,1$
{QBM~
F,D-$
V;{m!
ba/:l
jvm2W[
4$)Nl
~F~!:{`
DJ:\mi
$LJ;5R'L
QsY4~
c)444
7.7q7v7
bvk2+
;-*<f"
nPKjjsUkC
kl1wJ3
f3ADg?Z
J?VqD
5J8'Xc
*4'f`N
nnLFn
1S6B(`]V
*|HH+
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
T&;):P
0's[v
c%b/n
)97D8
h6gu3
qDXCmcu
oF:<E
J{0$
-Sx80o
I0[0`0
3]ue+o
!X5Fa
-/\@E
60)gRs
99:f:{:
)xS/$
}1'd7)
$yo+H
)27G_-
Tb8mN
)$aII
^^{ q `
UY1lX
E=R(`
tgYK\
Y:v**yt'
S,R/:
]a]a]]
S1(zj
&+'G>
pERbJ
zg6:'
gL~g;
GetSystemMenu
}t!6O
?6@"yaL
<X]<t
]fF9'
>H_BE8
~t,SA
R w|@X)_i
&sXM~
'8'Y_[
Q$39e
AZ0jGX
5DU)bn
SelectObject
\xzxB
Cs*Bs
:#6xg
7'M=F
n`cD3
zuZc:
!32eJ
;jKoo0
P=Y%2U
`;vAR|
SUVWj 3
-01~8S
$}22Y
`8J-e)G
NnH"4
r>K9<
Mi8nNR
,MR=7
dF5atJ>
CreateWindowExW
/\w7CQ*C
X_XK?J
EY`y4
SetCursor
RegSetValueExW
t;l$:O
n0z1p
ZL$&a
$(nC`
7L#i:F
2X=x)6
~',ik
:}ZbWDf
jqr8z@
:*J-%
[JzSO
.l_TD
\cv9y
rV8"?t
fy1$a
"?||$
Da5V} #
B-o@mm=
Q6pFc
L7{=/
wXb}^(E
,tf5d
D;vL~
Lg.So
luxHp
LoadLibraryExW
Ptj=Ml}
%OLE1
$p,3c
!5Q!m
$03C5
jh4CItm
)8"mA
]fwp|#
100091
`!$Y#
Xd6vZNTY
E=*U]`@
b?GK}
jPOPLXmjVKKWMEA'n
yRNBg
%sqJV
8iJ@P\<
c^c7m
,z^+(
T"SQc
.Y$,J
3F+<7
h^DN-T
;cvJu
|K#M)g
{X7.C/
6ozQ{
eWLQb
Tin^6
R8M4(k
:2NL1
!\+?{
iKwG)
0Px){5x
:JuN:p
"^W&\
tx 3d
](d&'
BHp"(!
]LVvQ
u"nR]4
FillRect
AJN#R
x5e*(
Z>@JA
WN2L<
J8> e
'1l@]
"M\tL
Q~2HO
rZ1Bg
P:P5C
om2%f(
P@k7U
tiM:lJ
ENTv%-
<61W:=l
0k@}a
-MzMm
;HY+Ac
&LSv=
A8']
.dPOcZ
[oPe?
HKEY_PERFORMANCE_DATA
pD?>A="
UHp%#
'&WCfm
R6"vY
n9}<8
W%>e;
(s $_
c d,'
rIJ5CtYUg3
w1+yc
CoCreateInstance
Rename: %s
1Hg_a
7)@*g0
k4s}J6
J::Z"p
q`]nB
8-j_`
\bvv]zz`
XqgiG
GetFileAttributesW
cTQx'
PortableApps.com
1x#?s
4%444@4I4X4
' m2
%G@pn
k`zx#m
V.Hc}?8O
*Yx;&
DispatchMessageW
#fjE~
5wr]2#
%>H'b
$';}"
RaBs8
V<RE#
{X:~S
vx`5I
6?%b{D
]~u['
aU$:b
TimeStamp-2048-20
p1<+q
}VOK8
}d^E\2
P^0-/
>1iT=TkD~
BeginPaint
Ivix3
w2n@>
w[{<b<h
p0gDS
<p*7Mq}
yHYY]W
AODr[m
{'X*i
;KL-bJ
cxo@]
qu5A<'/
psAlp
TL;rb
Uf*t5
3\CnZv5
BQoJr
L1uG@l&
*l7v^h
6IXdY
y|7v\r&
2aU&k
0l'T%7&
qwfd'
OoGgq
&,3<5
u8]3W
4+pjdh~
|M,<&
tE& 1
Q,S6Z
!"F2?
olu%[wB
_-lxD
olw'z
Zx<u^gf
<-]@f
c#%Mj
vXYDd`
hR=cY
gK.A[
s|q/RB
jq-,y
)[I1
`60z7
kO&BO
>Cf=Y%B
];[Uo
%gKxah
;2YA9
#?nj:~
Ma-<F
w_]%
^p/Ip'
-Z5Y6]_
Z24TZ
ybYP|
W[|PiD
3QJJX
38bAL
BBL#%9
RkvrF`
1w9n6
\+=ih
:Qa{.
8o^,Y]
xxYzq
:4k^~
Hi"+9
C`[MD
necgQp
L_k2t
swmSq
:E%Yf2
3PqWCBT
VFuJ E
W{cYH
}2o>%=
:].4}<2
!H2n9
>/mHr
H~~X6
=zO K
T.alE
8oK40
e "fu
'~k9l
'Symantec Time Stamping Services CA - G20
M@QQ<:q}
KjJ"g
emIW.
p]ngZ
st\o`
()714%/
?n>.&
/g7'H
x:&q$Hy
4}x,x`!
MqT~x^^c
u_gEe
&,=*v
p\cOdK!1
\Z:v_
IJy!/F
+c4'2
2s>Qo}
B()Z(
7WXL=
*c&@+
Lm9oa
dj#G$.
o$O3)$
iWsC=
EnableWindow
>Y?q<
68aXE
e`8Q
4`cmU
\Microsoft\Internet Explorer\Quick Launch
";4 3
1jZrU
;:ihd
J.;d}rF
CloseHandle
Ow<o\
!;p,M
l,c,\
ZOq"'
R8Fjq
:d5=z
,BZ%F
G"mrl
5"5/5
^<va?
_\rGA2fk
|)LkP
)T7^y
((4*r
j}MjM
Nh1Tz
"DLtv1
cX-W>
lrGEP
&0$0"
]OL/x
JaN)'B
4#4*484C4O4f4m4x4
)HdL[t
5"sf[
W|w\y
nM[|<
V86Cf
C9Jni|
xEqgl
j,-K6
19j[U
N.)eco
x|M=/$3
WlyDw
*KS`+
rT(W?
+Pq&v
"Tv#4
Y#^+d
9MqB_
x_JAm
=\b*<
2?z)%
0[Z;$J
qJCB*
T~E|m
MkT@C
lEtj1
5a`C=
%y->,
*`&BSQx
created uninstaller: %d, "%s"
COMCTL32.dll
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
kUSOY
PortableApps.comInstallerVersion
200530104838Z0
1Ojs:5
[7CB)
,Pd_Lsv
?:.O[TH
9$CknT
</!"Ku'
DnW63
>O\\>n/
/Cc1Q
Av(g$
6}qc3X
RemoveDirectoryW
Lm&7t
qPWPc=T<-
n;PEUG
CIQ?-
0 0$0(0,0`0d0h0l0p0t0x0|0
^.6dudQ
zL5wC
6j;4F#
:eTo(rk
|,N (A
RegDeleteValueW
sSLN-<
eZtV
o"?w4R'j@
O1+|:o8
MN{]@>i
tM#W=
mt_lj=d
^[X]D
md$YF
;h.Zp
Tt#ER
f\8%)L
RegEnumKeyW
dBq:9
tq?=YEq&
4"4(4-42484I4]4c4i4o4w4~4
d.dF
Symantec Corporation100.
u&\D3#
CW_v]
9o]$~
IsWindow
1I(gC
WpB]G
Error registering DLL: Could not load %s
|cr6g
XYt K~>l
H0wz$
?~84@U
4sD%I
ZO8|<b
Gt4]'
JHvd0
MjM)w
PO Box 2271
BH[(h
YR jx;+O5
~hmMb
IsWindowVisible
R|+K(
AddTrust External CA Root0
9td=M
70|8}
-H#z[
z!?z4
D,mO.`
V-f81
h[>H>
`T>$O@!
5Y-C=
90c)*
#~gO[
@Gk3o#
y%ho#
#5;HWH
XX;2R
(=.\YD1
&<=p+
!1exU
uFI?z
n[T5sb
X^`77
.jPa;#
3~o]!
bmGG_:
N.Qt#
[uXo0
pPf+h
W>0sty
GBzGh
[j[b~
Idc{MN
CallWindowProcW
^H7[}
}3ii5
E~26iw9
3F^CJPm
>>\#k
THuK;\F
YO!$I
uC>Nb
`)$}b$}
7RJk\
CO35(L
&9k,d
WriteRegExpandStr: "%s\%s" "%s"="%s"
D^+x3x~
I*Y%o
]\fH3x
m'~^L
\1!;hYZ
X@ZXZo
nc'-A
Q&%dA
lVT{C
Process32NextW
Nu=U0
qSrp?
1g^uH
RegDeleteKeyW
G&^2%%'
~p7b7Y673
;DFn5S/
"i3.I
(At%4
UEk}&
2jYg$NM
6|UF[\
u}9-$.G
6)5kq
Delete: DeleteFile failed("%s")
WaitForSingleObject
?6Wki
Bk`t
0<](F
wd-8:@
9c4|o
rGE>H
<bsFT
OpenProcessToken
nRwv)4Tp
4y5gV
6Nv_y
&BdVZ
uf[FI8
f;`6&r
U){c;h
oX&jZ
Z-Gsz\
AAT_!
gFzZ3
=)|a*
uzFl9
SetForegroundWindow
Z gv\9K
4nHxp
4n~U
n!NQB
?1?<?X?t?
Zncjy;
J/oz[
w\sC}
b}9^Q
*"Ao?Xx
UIWK4
?Qo]e.
2?j2B
ExpandEnvironmentStringsW
SetFileTime
O)Z)b
msD`'
!N^N
_HZ |b
pk_K0
9vlq<e
n%\p7
]+r,3
;s>o8_
sP*Qx
_q}g4Q
ij]=Y
A-x)GJ^
Q^qu%
%"=73S
PeKS!
vvq8r!
,`TDn
B+t Y
5\Kv'R
KluMw
=tZ2z7
`9d\U
@|qnT
Mi'ls
SLC '
wA3'SW7
n&1>$
gL#9he
14,D<
rgt5ux[Du
KZ[yz
b?1uS
7ZHAw
softuW
1r*Q:
=)YI;?C:[+A
{(\GJ
8nIVku,
(fryc
EI7}^
X)]~U
tg*}RV
8ThM`
WTzzK:
~QIk`
SRka/
k_25N
'eDG4cb:=
_e:L`G
BF4HZ
buuu(
kS@I|
en}a=\
202t2
kS=TP
dJy4x8R
uhfA9
R:+qdz
&Hm6v
0H/q(
PczF~
E%wzQ
G,{UT
;5<w%&E
\g|IF
U\f$y
tzK.x
:!Ej'
QT$*f
(qAR'
2.gDzR
bh:W+
Qq<\p]
\![r;
"i8F>
>l53K
':0#U
5Nrzg
vKE,X?
50301
St"X8
_owKovH
kN(nv
g%BT&xQ
;x(7F
Z|_|q
k,O!g
H6*qZ
DialogBoxParamW
FreeLibrary
CY3j2
D$$Ph
w12,2
B_o\'}
L>jU_
K6P5$
bjIS/
<PK=+
=R"X>
CompanyName
b}<Lk
Kernel32.DLL
vgAnL9
B<1Y44V
Ru={Hq5(-
\g#RN
`G</|WU
^3U%v
yfM6}vT
ZEYAb
G}Na:
ky_iy
?t+ATf-
o~M"4
JMxV(
NA-PN
md*p
\BfF9
a>8);
XM6n@Y
?!,<u
+ITx2
\ PF[
a<;L=X
r)6hI
:8.}~5y
P;u?
ss+r,
^pM(b
:27Q6,4N
ut(bY
O5%&J
8*hlS
fHSr4
SZea/
3bvv:sT-C
rI0<8
LoadBitmapW
%=>y@
SetBkColor
GetTTFVersionString(%s) returned %s
+$*,}2
`bn`q
yHED8
"DWEk(K
ON"W.m
eAOf"
fb^;
&Ufn>R
OKgNKC
ZEemb
qu--g
XzZz^
<::v`
tw-ezo
QRcK0
qL!k'
XO z)
o2kKH
Wbdj"B
$LC 3
W4A&p
FN=36
a1@?7a
Exec: command="%s"
HnsY.
bfhit
Kt/<i
J]#^;
WOw7(!
/3Q*`
nIAGt
E.zM/
ImageList_AddMasked
^K/L!O
&KPp
$FXLJs7
.v5QE
bt^'n{
mZ"/0
P9-K;
O.Dab
Tj^xb
b[W>-
"ZRRr)!
1t}2m<
$?AP,
olq!_
prl^}
[Z5z(
NTXO]X
:7#cf1
TKdEO
Garjl2
u~Q4W[a
0]eG6
W?C*?^_F
9`4RO
)6s},
z,~oB
vTu.P
_J[X=c
jm$b&g
Zh4?bG
!KI+OF
50|dG
FindWindowExW
&.~Pu
zV@uM5'
MU~0b
aTzdL`b{
PeekMessageW
hUDx(
T^k*/E&
V3Rq00!
qeLYE
3w3l8
C,-~w
c9&tm1m
OboK`
'{Bzz
f]=u<
[a]ss
GHDtp
5tbyA/H
FE``U
/i-LkB
`YxjC
K}C[1
EAu1q
+>{W:N
wsprintfA
JMTI[
4+uvy
1Q:=Y
t$$VV
52Hj!+S
LuzF/}
YD*26
*EK?v
Delete: DeleteFile("%s")
+Q/Ew
K6!@k
,nFVRtM
A`02bx
iwKFO
E'%U7
#Zd~#
#3'p{
;dVem*Y{
Tk*HJ
4pKor
I=QN@
}CGIx
Installer integrity check has failed. Common causes include
x^z)`
n-OL(:K
1DaSmQj
?Da[+/
aqQ;'
ICCc+454
<BrOP
[<XMN8
9 $.#
OLQ]Rd
0II^K
~<&`Z
Control Panel\Desktop\ResourceLocale
L0070[
\T9:.
rizpG
|pow)
pd #$
]f1I'
[pxO'
140215235959Z0
yQmg;
i:6?)@
_sN46
0'0D0M0o0
ld]fS
GetWindowLongW
0%E^#t.3
-K@0u
M7"W_
&?qp_
lf9yq
o}d\/
A;A^8Y
}\cHh
p$$*r
yigV*
miEIS
AV|w<
ii+Qz
4]f>5
{055M
U2up2i+
<[q)K
ummOh
.:hi-
a!~yu
,%%#F
EV>?x
Error launching installer
5f*HN}%
110824000000Z
(62:_
797C7I7Y7|7
te9o&Z
~81=\
6;'Rl
WriteFile
nJ.YK
._bpv
2T2?1
67L+S
DestroyWindow
a'(#)
-fk9K
0;1A1Z1
R>\&_;
kSCo6
Ue6-~
jA?'u
,o $a
s;)l\
F%(Y*
d2lAh
9MEnh
^.E{T
T&a=%
jUx57p9
tD~8|
_A*J/
K/BP|*R}
f~wqV
VSUbOI:
!`frKm
[UU,Q
Z;K[>
y0wU)
'Symantec Time Stamping Services CA - G2
Kg^iV
Kysy%
Qb'I>
O7d:up
kH]p`
t?T;M
}+06r5
KTkwB
PpAC"c
GuR4>0oB{{
Py<7B&;
RichEd20
FllC(
y/'K*P
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
rg"9-
|y7qLt?
;aFQ+
;.xEP
PortableApps.comFormatVersion
xj<MF3
c%g?A
6B#u!S
/N`[0
.gsI+
}Fe|0
5`G-.
UtNw*(
<z[h!
LSVW3
/aD&O
t&'F
A}jNRs
PmI?vE
b/5FW
Rc&D)
v>'_.o
1@aZ/
:nBF>(
<SF,ev
E[4uh
201229235959Z0b1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
nDS {
4ur>Qu
my!bK3
&FUFa
.rQ/5
5A>08
tj^WnR
N_pHiK7f
RMDir: RemoveDirectory on Reboot("%s")
f5BK-`/
ojI4($3C6f,
XTh8&
MaCcN@
/^R*Z
n[VEMX
]iIQI
ew0xt
%4J)3
itZ\oG
QK?I^YM
x1(H`/%j.
0+xX--
1 R*Hlti
(q[E7d
eeo0z7
@0'#7
2Ug^%
?3'N!
wMAb[Qm<
VVVVj
Zlp)p$
!{B,@
34r':
)<-'<
P?'j>
vg-jZ@
=yD2Sqc
`_Nqt
1QO~KXjK
P0Ut@
z0Y.!s{
GetModuleFileNameW
"%SG,.V
G)$h\
u\A/m
8$v7I
CMfTz
1PBnan
$s&1q~%
dlT-&D
8W,9+p
g>yk3n
k.='(
d~m\nd
Gix3K
,&fU;
:W6BNtC
v\{"<
Us!Fbt
#6NR*
ry;hSh
23a${B
RC{-V"
0_/Hi
&osUG
e9\k~
V}Bvj
~~},w
h0f0=
1seRCs3$
-+-V,+O
V2"/-ezf
= =1=
[iF!]c"!
@bsm%
@Z$a(d
g)0M,
9nTgr
nHoN-
Z19>!B
1AZCp
TN(W3
e\;a'
VS_VERSION_INFO
<]9#A
baP`g|
c\DfG
wRtx_
]jxdE
tF%gi
asil<,
.w`G*
IH/;VV
Q6S5m
J/x<y
{49=Ii
Qpb<^7
O>V+6W
<?eW{
dJl53
)p>cH
OpenClipboard
)XMpy}
`.=!p
)0'0%
cD3z2
5~E/:
t(*;}
gy41c
SdV0D
SMALHB7
OP{&;
?1J,U
=ye.t
Wgj;G/:
2CpNC
dEcn?
QZWR5
zuqYq
'Nbh#
Ev <v
@i-VTU
&Q?qBUp&
94**wma
()fgD
WUQc&
3.6.0.0
Qa@UP+
H)@&/
47*u_
GDL9B@
ExitProcess
L4mrs
!?uGQe^
$c^!k^
c7$dAO
{#Aw+5A
Q5IlC
OAPw/
D$8PUh
]HQRL
[.Ess
&Gxlx
"WE4\O:oL
u8yf9
Please wait while Setup is loading...
b0cvq
\"ZG0
PPZiJ~@
i|YQ|M
9\X[4
QZOvK
/t5FJ
CreateDialogParamW
Tb)otJ7
G%01$
$'lmraH
3jbqf'
dk%tKc
-^UHV
GetExitCodeProcess
nLH(:
LGLtPPp
[Rename]
MGD`g
TT2g/
NRS]K
RyWci
\EnK;#@{
|j<^[
=M&#U
/&bEU,
_tH'G
<=aMh
QD_3<q#
eY&,fse
NJ3%8q
X`1//<
VerQueryValueW
t<~mz4q?
~yqQm
n::7'Oy
x(Rr,
zm dW^
^C/$'
d_4Vu
XYV3d
f!%By
GlobalLock
SHLWAPI
K&E&B
j'KV7b3
97eik
GetPrivateProfileStringW
R[tT$
*FdS!
!xEW]
]VkN1:
a#PHZ
>( F"
HJ~TXbt
\bdT9
_^][Y
XWM.C;
MgPJ@
#F{Q@P@
Gpo/U,
!Qt$,Y"
(6vL-
JTj|A>S|"
$3?U,d
!{6,i
0e"wl
InternalName
gunp,
4?(TEg
:N)B-4
,2n_/
Bz!])
N T=y
?Z\hR
p^jj
4FJNA
V"-wq
qR15`
".@n~h
HCIs&%
0);+b
oCD[3
FindNextFileW
je"sb
'Kyh^
hdDCHn
TiUQ1P
:U4PH
Ns/Wc
[7vDW
incomplete download and damaged media. Contact the
&p;qm
_X!T)`
C;{qh[
YF'i$
CAx!%]
A!E)oR
B<0crj]
AMcy'
*0~&@
{KD'=q
:&f>
C"^Trl
A*Ei7_
@ts<)
@EXt;
G0CjsJ
GetSystemMetrics
$n9um
6M,\I
grM<24
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
D2|U:
KS~1:
U!G[8
CloseClipboard
N`+y4K1
l.G##
a8#hI
QAONy
Qt;"Q$
4Gv-7
Z,GWy9
\{QL:"
[jiR-
^\3k@
S]/_^n
h5XD"
Z/6m<
vz/Mm
TA_gK
,/5U{I
x9_c+
l+uH;
x{3_F
i\N8M
ZuW/D
e/K&a&Z
USER32.dll
-lo'L
;y7:[
dfi4{|
*q{|F
iUm/J
lw,'.:]
ozv@JI\<
KQ{n#
u&<IG
3?GdC
`'>Ym2
,\FZ|C
#:X9B
X=RgJS
SE=L-
.^BIB
(^Btb
udO5
)D1Q\
iIB,14
(Sj>B
wE~d0H
G@+8Z
7I{5}G
5hnpQv
=6yej
GetCurrentProcess
PortableApps.com Installer Copyright 2007-2012 PortableApps.com.
@`9~|
TI2}b
QJM{I
?9rFx|
H!%q!
<Nun|
.ndata
+_CT}
GetClassInfoW
gVlUFJ
3fb2Y
Rulq#
?2?B?_?j?
GA=;KJf
*Y[d:
^ly<5
OleUninitialize
;aJ<zQ
g>Tb
yshx6>
!SA_3
3|<M""
SgtDT3D
c~@&L"Ve
lCk-8
'm2ri,T
A6NyS|
{4"=
F!F<)<
GS5m=R
$*s:L
qN7g]
g#Wp.3
Instu`
av.-{
ld05K?
ShowWindow
Ht@h@
nsaYR!
Bo~d*
lnxWE
`iURb
#]\N.}!
4;zCq
(e2&y
0*"?%%B
5L1_I
36"jw
uf#{I
qglh>
Jump: %d
File: error, user retry
~T@9"
T9S%,2M
by/1YZ
`b~J"
c0J>H75
%<0RrT
w/X`l?N
ur/p+
85HO\^
HKEY_USERS
'RV)"
mgXeH
y42elB
LookupPrivilegeValueW
XjD^+z
n;I.i
9\u+n
K`)7~
}19.f
l^w q
~nsu.tmp
;#;A;H;`;u;
vvf#z
u$9Uls
Delete: "%s"
,|:]1SJ
i6LDS
\|+"msN#?
N*wmm
fA P|
MG@.USd
~y6J,L
s>5OEV-
dwJzV
f58ksIN
6K\g@b1
9>:J7x
oNb~R
[S|@z
iE#Dc
GetLastError
FLO5 ud
gZmHbp
F5Q-6
o>CVby
T6&+T
T-Z}/
1Jm`Y
~{ <zV
$Y$\@
576@6^6k6
M}th_
nco2&
3k@d]`
jwKq&6V
+&/d,-U
7k!Y
uxC[7
Ya6uM
>3D-"qx\
)TX?#
Y%D+<
%!`%;S
pttHC
[YWtR
C?!<Ou
$P_,w
h9/#N
p=T;@j?
0G+cI
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | Compile Time | Import Hash | Icon | Icon Exact Hash | Icon Similarity Hash | Icon DHash |
|---|---|---|---|---|---|---|---|---|---|---|
| 0x00400000 | 0x000039e3 | 0x001271c3 | 0x001271c3 | 5.0 | 2012-02-24 19:19:59 | 32f3282581436269b3a75b6675fe3e08 |  |
2c09465cc979677d65781d9403176c31 | 5c00f471cce984e3b873ef9ade242aed | 71e0e4b8cccccce0 |
Version Infos
| Comments | For additional details, visit PortableApps.com |
|---|---|
| CompanyName | PortableApps.com |
| FileDescription | Virtual Magnifying Glass Portable |
| FileVersion | 3.6.0.0 |
| InternalName | Virtual Magnifying Glass Portable |
| LegalCopyright | PortableApps.com Installer Copyright 2007-2012 PortableApps.com. |
| LegalTrademarks | PortableApps.com is a registered trademark of Rare Ideas, LLC. |
| OriginalFilename | VirtualMagnifyingGlassPortable_3.6.paf.exe |
| PortableApps.comAppID | VirtualMagnifyingGlassPortable |
| PortableApps.comFormatVersion | 3.0.6 |
| PortableApps.comInstallerVersion | 3.0.6.0 |
| ProductName | Virtual Magnifying Glass Portable |
| ProductVersion | 3.6.0.0 |
| Translation | 0x0000 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x00006f10 | 0x00007000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.50 |
| .rdata | 0x00007400 | 0x00008000 | 0x00002a92 | 0x00002c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.39 |
| .data | 0x0000a000 | 0x0000b000 | 0x00067ebc | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.47 |
| .ndata | 0x00000000 | 0x00073000 | 0x000bd000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x0000a200 | 0x00130000 | 0x0001b6a8 | 0x0001b800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.29 |
| .reloc | 0x0000b400 | 0x0014c000 | 0x00000f8a | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 7.87 |
Overlay
| Offset | 0x00025a00 |
| Size | 0x000f9660 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| RT_ICON | 0x00130868 | 0x00012524 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.98 | None |
| RT_ICON | 0x00142d90 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.18 | None |
| RT_ICON | 0x00145338 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.51 | None |
| RT_ICON | 0x001463e0 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.70 | None |
| RT_ICON | 0x00147288 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.02 | None |
| RT_ICON | 0x00147b30 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.67 | None |
| RT_ICON | 0x00148098 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.84 | None |
| RT_DIALOG | 0x00148500 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | None |
| RT_DIALOG | 0x00148620 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.68 | None |
| RT_DIALOG | 0x00148820 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.91 | None |
| RT_DIALOG | 0x00148918 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.93 | None |
| RT_DIALOG | 0x00148a08 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.84 | None |
| RT_DIALOG | 0x00148b28 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x00148d28 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_DIALOG | 0x00148e20 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_DIALOG | 0x00148f10 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.84 | None |
| RT_DIALOG | 0x00149030 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x00149230 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_DIALOG | 0x00149328 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_DIALOG | 0x00149418 | 0x00000120 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.84 | None |
| RT_DIALOG | 0x00149538 | 0x00000200 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.96 | None |
| RT_DIALOG | 0x00149738 | 0x000000f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_DIALOG | 0x00149830 | 0x000000ee | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_DIALOG | 0x00149920 | 0x00000118 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.65 | None |
| RT_DIALOG | 0x00149a38 | 0x000001f8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.73 | None |
| RT_DIALOG | 0x00149c30 | 0x000000f0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.05 | None |
| RT_DIALOG | 0x00149d20 | 0x000000e6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.10 | None |
| RT_DIALOG | 0x00149e08 | 0x0000010c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.48 | None |
| RT_DIALOG | 0x00149f18 | 0x000001ec | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.62 | None |
| RT_DIALOG | 0x0014a108 | 0x000000e4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.86 | None |
| RT_DIALOG | 0x0014a1f0 | 0x000000da | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.93 | None |
| RT_DIALOG | 0x0014a2d0 | 0x0000010c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.48 | None |
| RT_DIALOG | 0x0014a3e0 | 0x000001ec | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.63 | None |
| RT_DIALOG | 0x0014a5d0 | 0x000000e4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.87 | None |
| RT_DIALOG | 0x0014a6b8 | 0x000000da | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.93 | None |
| RT_DIALOG | 0x0014a798 | 0x00000110 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.58 | None |
| RT_DIALOG | 0x0014a8a8 | 0x000001f0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.68 | None |
| RT_DIALOG | 0x0014aa98 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.97 | None |
| RT_DIALOG | 0x0014ab80 | 0x000000de | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.04 | None |
| RT_GROUP_ICON | 0x0014ac60 | 0x00000068 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.72 | None |
| RT_VERSION | 0x0014acc8 | 0x0000061c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.38 | None |
| RT_MANIFEST | 0x0014b2e8 | 0x000003bd | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.23 | None |
Imports
| Name | Address |
|---|---|
| SetBkColor | 0x40803c |
| GetDeviceCaps | 0x408040 |
| DeleteObject | 0x408044 |
| CreateBrushIndirect | 0x408048 |
| CreateFontIndirectW | 0x40804c |
| SetBkMode | 0x408050 |
| SetTextColor | 0x408054 |
| SelectObject | 0x408058 |
| Name | Address |
|---|---|
| SHBrowseForFolderW | 0x40817c |
| SHGetPathFromIDListW | 0x408180 |
| SHGetFileInfoW | 0x408184 |
| ShellExecuteW | 0x408188 |
| SHFileOperationW | 0x40818c |
| SHGetSpecialFolderLocation | 0x408190 |
| Name | Address |
|---|---|
| RegEnumKeyW | 0x408000 |
| RegOpenKeyExW | 0x408004 |
| RegCloseKey | 0x408008 |
| RegDeleteKeyW | 0x40800c |
| RegDeleteValueW | 0x408010 |
| RegCreateKeyExW | 0x408014 |
| RegSetValueExW | 0x408018 |
| RegQueryValueExW | 0x40801c |
| RegEnumValueW | 0x408020 |
| Name | Address |
|---|---|
| ImageList_AddMasked | 0x408028 |
| ImageList_Destroy | 0x40802c |
| ImageList_Create | 0x408034 |
| Name | Address |
|---|---|
| CoTaskMemFree | 0x4082bc |
| OleInitialize | 0x4082c0 |
| OleUninitialize | 0x4082c4 |
| CoCreateInstance | 0x4082c8 |
| Name | Address |
|---|---|
| GetFileVersionInfoSizeW | 0x4082ac |
| GetFileVersionInfoW | 0x4082b0 |
| VerQueryValueW | 0x4082b4 |
Usage
Processing ( 33.05 seconds )
- 32.809 ProcessMemory
- 0.224 BehaviorAnalysis
- 0.02 AnalysisInfo
- 0.001 Debug
Signatures ( 0.08 seconds )
- 0.01 ransomware_files
- 0.008 antiav_detectreg
- 0.006 antianalysis_detectfile
- 0.006 ransomware_extensions
- 0.004 antiav_detectfile
- 0.004 infostealer_ftp
- 0.003 infostealer_bitcoin
- 0.003 masquerade_process_name
- 0.003 territorial_disputes_sigs
- 0.003 ursnif_behavior
- 0.002 antianalysis_detectreg
- 0.002 antivm_vbox_files
- 0.002 infostealer_im
- 0.002 infostealer_mail
- 0.002 poullight_files
- 0.001 bot_drive
- 0.001 antidebug_devices
- 0.001 antivm_parallels_keys
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_files
- 0.001 antivm_vmware_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 qulab_files
- 0.001 revil_mutexes
- 0.001 modirat_behavior
- 0.001 recon_fingerprint
- 0.001 lokibot_mutexes
Reporting ( 0.15 seconds )
- 0.134 CAPASummary
- 0.012 JsonDump
Signatures
Queries the keyboard layout
Reads data out of its own binary image
self_read: process: VirtualMagnifyingGla.exe, pid: 4640, offset: 0x00000000, length: 0x0011d45b
self_read: process: VirtualMagnifyingGla.exe, pid: 4640, offset: 0x30785c2a6331785c, length: 0x0001c000
self_read: process: VirtualMagnifyingGla.exe, pid: 4640, offset: 0x30785c6a6331785c, length: 0x00008000
self_read: process: VirtualMagnifyingGla.exe, pid: 4640, offset: 0x31785c3464785c5b, length: 0x00000004
self_read: process: VirtualMagnifyingGla.exe, pid: 4640, offset: 0x6161785c6331785c, length: 0x00018000
self_read: process: VirtualMagnifyingGla.exe, pid: 4640, offset: 0x6165785c6331785c, length: 0x00018000
self_read: process: VirtualMagnifyingGla.exe, pid: 4640, offset: 0x785c092a6331785c, length: 0x00004000
self_read: process: VirtualMagnifyingGla.exe, pid: 4640, offset: 0x785c096a6331785c, length: 0x00086a3f
The binary likely contains encrypted or compressed data
section: {'name': '.rsrc', 'raw_address': '0x0000a200', 'virtual_address': '0x00130000', 'virtual_size': '0x0001b6a8', 'size_of_data': '0x0001b800', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x40000040', 'entropy': '7.29'}
section: {'name': '.reloc', 'raw_address': '0x0000b400', 'virtual_address': '0x0014c000', 'virtual_size': '0x00000f8a', 'size_of_data': '0x00001000', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x42000040', 'entropy': '7.87'}
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 4640 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\bcryptPrimitives.dll
\Device\CNG
C:\Users\Packager\AppData\Local\Temp\SHFOLDER.DLL
C:\Windows\System32\shfolder.dll
C:\Windows\System32\cfgmgr32.dll
\Device\DeviceApi\CMApi
\??\MountPointManager
C:\Users\Packager\AppData\Local\Temp\
C:\Users\Packager\AppData\Local\Temp
C:\Users\Packager\AppData\Local\Temp\nsb161B.tmp
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGla.exe
C:\Users\Packager\AppData\Local\Temp\nsm16A9.tmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp
C:\Users
C:\Users\Packager
C:\Users\Packager\AppData
C:\Users\Packager\AppData\Local
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\LangDLL.dll
C:\Windows\System32\msctf.dll
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGla.exe.Local\
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Users\Packager\PortableApps\*.*
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\System.dll
C:\PortableApps
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\RichEd20.DLL
C:\Windows\System32\riched20.dll
C:\Users\Packager\AppData\Local\Temp\USP10.dll
C:\Windows\System32\usp10.dll
C:\Users\Packager\AppData\Local\Temp\msls31.dll
C:\Windows\System32\msls31.dll
C:\Windows\System32\en-US\USER32.dll.mui
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\ioSpecial.ini
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\InstallOptions.dll
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable
C:\
C:\Windows\System32\shell32.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\w7tbp.dll
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\*.*
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\*.*
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\*.*
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\VirtualMagnifyingGlassPortable.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\help.html
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon.ico
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_128.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_16.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_32.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appinfo.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\Launcher
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\Launcher\VirtualMagnifyingGlassPortable.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\DefaultData
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\DefaultData\settings
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\DefaultData\settings\magnifier.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-EN.pdf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-EN.rtf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-PT.pdf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-PT.rtf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\license.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\magnifier.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\donation_button.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\favicon.ico
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_background_footer.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_background_header.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_logo_top.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\AppNamePortable.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\LauncherLicense.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\Readme.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Data
C:\Users\Packager\AppData\Local\Temp\PortableApps.com\PortableAppsPlatform.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\7zTemp\7z.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\7zTemp
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\7zTemp\7z.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\*.*
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\
C:\Windows\System32\bcryptPrimitives.dll
\Device\CNG
C:\Users\Packager\AppData\Local\Temp\SHFOLDER.DLL
C:\Windows\System32\shfolder.dll
C:\Windows\System32\cfgmgr32.dll
\Device\DeviceApi\CMApi
\??\MountPointManager
C:\Users\Packager\AppData\Local\Temp\
C:\Users\Packager\AppData\Local\Temp
C:\Users\Packager\AppData\Local\Temp\nsb161B.tmp
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGla.exe
C:\Users\Packager\AppData\Local\Temp\nsm16A9.tmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp
C:\Users
C:\Users\Packager
C:\Users\Packager\AppData
C:\Users\Packager\AppData\Local
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\LangDLL.dll
C:\Windows\System32\msctf.dll
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGla.exe.Local\
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Users\Packager\PortableApps\*.*
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\System.dll
C:\PortableApps
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\RichEd20.DLL
C:\Windows\System32\riched20.dll
C:\Users\Packager\AppData\Local\Temp\USP10.dll
C:\Windows\System32\usp10.dll
C:\Users\Packager\AppData\Local\Temp\msls31.dll
C:\Windows\System32\msls31.dll
C:\Windows\System32\en-US\USER32.dll.mui
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\ioSpecial.ini
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\InstallOptions.dll
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable
C:\
C:\Windows\System32\shell32.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\w7tbp.dll
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\*.*
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\*.*
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\*.*
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\VirtualMagnifyingGlassPortable.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\help.html
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon.ico
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_128.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_16.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_32.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appinfo.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\Launcher
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\Launcher\VirtualMagnifyingGlassPortable.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\DefaultData
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\DefaultData\settings
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\DefaultData\settings\magnifier.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-EN.pdf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-EN.rtf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-PT.pdf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-PT.rtf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\license.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\magnifier.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\donation_button.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\favicon.ico
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_background_footer.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_background_header.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_logo_top.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\AppNamePortable.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\LauncherLicense.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\Readme.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Data
C:\Users\Packager\AppData\Local\Temp\PortableApps.com\PortableAppsPlatform.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\7zTemp\7z.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\7zTemp
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\7zTemp\7z.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\*.*
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\
C:\Users\Packager\AppData\Local\Temp\nsm16A9.tmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\LangDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\System.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\ioSpecial.ini
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\InstallOptions.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\w7tbp.dll
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\VirtualMagnifyingGlassPortable.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\help.html
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon.ico
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_128.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_16.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_32.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appinfo.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\Launcher\VirtualMagnifyingGlassPortable.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\DefaultData\settings\magnifier.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-EN.pdf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-EN.rtf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-PT.pdf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-PT.rtf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\license.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\magnifier.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\donation_button.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\favicon.ico
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_background_footer.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_background_header.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_logo_top.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\AppNamePortable.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\LauncherLicense.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\Readme.txt
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\LangDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\System.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\ioSpecial.ini
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\InstallOptions.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\w7tbp.dll
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\VirtualMagnifyingGlassPortable.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\help.html
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon.ico
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_128.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_16.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appicon_32.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\appinfo.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\AppInfo\Launcher\VirtualMagnifyingGlassPortable.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\DefaultData\settings\magnifier.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-EN.pdf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-EN.rtf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-PT.pdf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\README-PT.rtf
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\license.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\App\magnifyingglass\magnifier.exe
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\donation_button.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\favicon.ico
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_background_footer.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_background_header.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Help\images\help_logo_top.png
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\AppNamePortable.ini
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\LauncherLicense.txt
C:\Users\Packager\AppData\Local\Temp\VirtualMagnifyingGlassPortable\Other\Source\Readme.txt
C:\Users\Packager\AppData\Local\Temp\nsb161B.tmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\InstallOptions.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\ioSpecial.ini
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\LangDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\System.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\w7tbp.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\FindProcDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\InstallOptions.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\ioSpecial.ini
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\LangDLL.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-header.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\modern-wizard.bmp
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\System.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\w7tbp.dll
C:\Users\Packager\AppData\Local\Temp\nsh1727.tmp\
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\VirtualMagnifyingGla.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\VirtualMagnifyingGla.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\(Default)
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
Local\SM0:4640:168:WilStaging_02
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
DefaultTabtip-MainUI
Local\SM0:4640:64:WilError_03
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
DefaultTabtip-MainUI
Local\SM0:4640:64:WilError_03
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.
Sorry! No process dumps.