Analysis Report · CAPE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Log(s)
FILE	exe	2025-11-20 14:05:27	2025-11-20 14:09:17	230 seconds	Show Analysis Log

2025-11-20 02:03:38,588 [root] INFO: Date set to: 20251120T14:05:27, timeout set to: 200
2025-11-20 14:05:27,028 [root] DEBUG: Starting analyzer from: C:\jqcvmfu1
2025-11-20 14:05:27,028 [root] DEBUG: Storing results at: C:\HCJHyl
2025-11-20 14:05:27,029 [root] DEBUG: Pipe server name: \\.\PIPE\CvSkreZch
2025-11-20 14:05:27,029 [root] DEBUG: Python path: C:\Users\Admin\AppData\Local\Programs\Python\Python313-32
2025-11-20 14:05:27,029 [root] INFO: analysis running as an admin
2025-11-20 14:05:27,029 [root] INFO: analysis package specified: "exe"
2025-11-20 14:05:27,029 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2025-11-20 14:05:27,037 [root] DEBUG: imported analysis package "exe"
2025-11-20 14:05:27,037 [root] DEBUG: initializing analysis package "exe"...
2025-11-20 14:05:27,038 [lib.common.common] INFO: wrapping
2025-11-20 14:05:27,038 [lib.core.compound] INFO: C:\Temp already exists, skipping creation
2025-11-20 14:05:27,038 [root] DEBUG: New location of moved file: C:\Temp\67f06666b122cdba28954592
2025-11-20 14:05:27,039 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2025-11-20 14:05:27,039 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2025-11-20 14:05:27,039 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2025-11-20 14:05:27,039 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2025-11-20 14:05:27,083 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-11-20 14:05:27,098 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2025-11-20 14:05:27,121 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-11-20 14:05:27,141 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-11-20 14:05:27,154 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-11-20 14:05:27,234 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2025-11-20 14:05:27,242 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2025-11-20 14:05:27,337 [lib.api.screenshot] INFO: Please upgrade Pillow to >= 5.4.1 for best performance
2025-11-20 14:05:27,337 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-11-20 14:05:27,341 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-11-20 14:05:27,342 [root] DEBUG: Initialized auxiliary module "Browser"
2025-11-20 14:05:27,342 [root] DEBUG: attempting to configure 'Browser' from data
2025-11-20 14:05:27,344 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-11-20 14:05:27,344 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-11-20 14:05:27,345 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-11-20 14:05:27,345 [root] DEBUG: Initialized auxiliary module "DigiSig"
2025-11-20 14:05:27,346 [root] DEBUG: attempting to configure 'DigiSig' from data
2025-11-20 14:05:27,346 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2025-11-20 14:05:27,346 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2025-11-20 14:05:27,346 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2025-11-20 14:05:27,991 [modules.auxiliary.digisig] DEBUG: File is not signed
2025-11-20 14:05:27,991 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2025-11-20 14:05:28,008 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2025-11-20 14:05:28,008 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-11-20 14:05:28,008 [root] DEBUG: attempting to configure 'Disguise' from data
2025-11-20 14:05:28,009 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-11-20 14:05:28,009 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-11-20 14:05:28,009 [modules.auxiliary.disguise] INFO: Disguising GUID to ab440778-a5cd-454a-8c24-7563cd179444
2025-11-20 14:05:28,010 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-11-20 14:05:28,010 [root] DEBUG: Initialized auxiliary module "Human"
2025-11-20 14:05:28,010 [root] DEBUG: attempting to configure 'Human' from data
2025-11-20 14:05:28,011 [root] DEBUG: module Human does not support data configuration, ignoring
2025-11-20 14:05:28,011 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-11-20 14:05:28,012 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-11-20 14:05:28,012 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-11-20 14:05:28,012 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-11-20 14:05:28,013 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-11-20 14:05:28,013 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-11-20 14:05:28,013 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-11-20 14:05:28,014 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-11-20 14:05:28,014 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-11-20 14:05:28,014 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-11-20 14:05:28,015 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-11-20 14:05:28,017 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 608
2025-11-20 14:05:28,254 [lib.api.process] INFO: Monitor config for <Process 608 lsass.exe>: C:\jqcvmfu1\dll\608.ini
2025-11-20 14:05:28,256 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-11-20 14:05:28,265 [lib.api.process] INFO: 64-bit DLL to inject is C:\jqcvmfu1\dll\GYprJuUV.dll, loader C:\jqcvmfu1\bin\bAhpVynL.exe
2025-11-20 14:05:28,288 [root] DEBUG: Loader: Injecting process 608 with C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:28,309 [root] DEBUG: 608: Python path set to 'C:\Users\Admin\AppData\Local\Programs\Python\Python313-32'.
2025-11-20 14:05:28,310 [root] DEBUG: 608: Disabling sleep skipping.
2025-11-20 14:05:28,310 [root] DEBUG: 608: TLS secret dump mode enabled.
2025-11-20 14:05:28,348 [root] DEBUG: 608: RtlInsertInvertedFunctionTable 0x00007FFEE348090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEE35DD4F0
2025-11-20 14:05:28,349 [root] DEBUG: 608: Monitor initialised: 64-bit capemon loaded in process 608 at 0x00007FFEB75E0000, thread 752, image base 0x00007FF60EE30000, stack from 0x000000A5F48F3000-0x000000A5F4900000
2025-11-20 14:05:28,350 [root] DEBUG: 608: Commandline: C:\Windows\system32\lsass.exe
2025-11-20 14:05:28,363 [root] DEBUG: 608: Hooked 5 out of 5 functions
2025-11-20 14:05:28,365 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-11-20 14:05:28,366 [root] DEBUG: Successfully injected DLL C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:28,369 [lib.api.process] INFO: Injected into 64-bit <Process 608 lsass.exe>
2025-11-20 14:05:28,369 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump
2025-11-20 14:05:28,465 [root] DEBUG: 608: DLL loaded at 0x00007FFEE1420000: C:\Windows\System32\cfgmgr32 (0x4e000 bytes).
2025-11-20 14:05:28,467 [root] DEBUG: 608: DLL loaded at 0x00007FFEE0870000: C:\Windows\system32\DEVOBJ (0x33000 bytes).
2025-11-20 14:05:28,468 [root] DEBUG: 608: DLL loaded at 0x00007FFEC25B0000: C:\Windows\System32\ngcpopkeysrv (0x48000 bytes).
2025-11-20 14:05:28,481 [root] DEBUG: 608: DLL loaded at 0x00007FFEB7290000: C:\Windows\system32\PCPKsp (0x118000 bytes).
2025-11-20 14:05:28,488 [root] DEBUG: 608: DLL loaded at 0x00007FFEE2C00000: C:\Windows\System32\imagehlp (0x1d000 bytes).
2025-11-20 14:05:28,489 [root] DEBUG: 608: DLL loaded at 0x00007FFED4740000: C:\Windows\system32\tbs (0x1b000 bytes).
2025-11-20 14:05:28,641 [root] DEBUG: 608: TLS 1.2 secrets logged to: C:\HCJHyl\tlsdump\tlsdump.log
2025-11-20 14:05:31,577 [root] INFO: Restarting WMI Service
2025-11-20 14:05:33,698 [root] DEBUG: package modules.packages.exe does not support configure, ignoring
2025-11-20 14:05:33,699 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages'
2025-11-20 14:05:33,700 [lib.common.common] INFO: Submitted file is missing extension, adding .exe
2025-11-20 14:05:33,701 [lib.core.compound] INFO: C:\Temp already exists, skipping creation
2025-11-20 14:05:33,723 [lib.api.process] INFO: Successfully executed process from path "C:\Temp\67f06666b122cdba28954592.exe" with arguments "" with pid 2908
2025-11-20 14:05:33,724 [lib.api.process] INFO: Monitor config for <Process 2908 67f06666b122cdba28954592.exe>: C:\jqcvmfu1\dll\2908.ini
2025-11-20 14:05:33,729 [lib.api.process] INFO: 64-bit DLL to inject is C:\jqcvmfu1\dll\GYprJuUV.dll, loader C:\jqcvmfu1\bin\bAhpVynL.exe
2025-11-20 14:05:33,740 [root] DEBUG: Loader: Injecting process 2908 (thread 1020) with C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:33,741 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-11-20 14:05:33,742 [root] DEBUG: Successfully injected DLL C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:33,745 [lib.api.process] INFO: Injected into 64-bit <Process 2908 67f06666b122cdba28954592.exe>
2025-11-20 14:05:35,752 [lib.api.process] INFO: Successfully resumed <Process 2908 67f06666b122cdba28954592.exe>
2025-11-20 14:05:35,812 [root] DEBUG: 2908: Python path set to 'C:\Users\Admin\AppData\Local\Programs\Python\Python313-32'.
2025-11-20 14:05:35,813 [root] DEBUG: 2908: Disabling sleep skipping.
2025-11-20 14:05:35,814 [root] DEBUG: 2908: Dropped file limit defaulting to 100.
2025-11-20 14:05:35,838 [root] DEBUG: 2908: YaraInit: Compiled 43 rule files
2025-11-20 14:05:35,841 [root] DEBUG: 2908: YaraInit: Compiled rules saved to file C:\jqcvmfu1\data\yara\capemon.yac
2025-11-20 14:05:35,866 [root] DEBUG: 2908: RtlInsertInvertedFunctionTable 0x00007FFEE348090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEE35DD4F0
2025-11-20 14:05:35,867 [root] DEBUG: 2908: YaraScan: Scanning 0x0000000140000000, size 0x126a57
2025-11-20 14:05:35,884 [root] DEBUG: 2908: Monitor initialised: 64-bit capemon loaded in process 2908 at 0x00007FFEB75E0000, thread 1020, image base 0x0000000140000000, stack from 0x00000000007F2000-0x0000000000800000
2025-11-20 14:05:35,885 [root] DEBUG: 2908: Commandline: "C:\Temp\67f06666b122cdba28954592.exe"
2025-11-20 14:05:35,896 [root] DEBUG: 2908: hook_api: LdrpCallInitRoutine export address 0x00007FFEE34899BC obtained via GetFunctionAddress
2025-11-20 14:05:35,947 [root] WARNING: b'Unable to place hook on LockResource'
2025-11-20 14:05:35,948 [root] DEBUG: 2908: set_hooks: Unable to hook LockResource
2025-11-20 14:05:35,961 [root] DEBUG: 2908: Hooked 619 out of 620 functions
2025-11-20 14:05:35,976 [root] DEBUG: 2908: Syscall hook installed, syscall logging level 1
2025-11-20 14:05:35,988 [root] DEBUG: 2908: RestoreHeaders: Restored original import table.
2025-11-20 14:05:35,989 [root] INFO: Loaded monitor into process with pid 2908
2025-11-20 14:05:36,006 [root] DEBUG: 2908: caller_dispatch: Added region at 0x0000000140000000 to tracked regions list (kernel32::GetSystemTimeAsFileTime returns to 0x00000001400D415D, thread 1020).
2025-11-20 14:05:36,007 [root] DEBUG: 2908: YaraScan: Scanning 0x0000000140000000, size 0x126a57
2025-11-20 14:05:36,025 [root] DEBUG: 2908: ProcessImageBase: Main module image at 0x0000000140000000 unmodified (entropy change 0.000000e+00)
2025-11-20 14:05:36,030 [root] DEBUG: 2908: set_hooks_by_export_directory: Hooked 0 out of 620 functions
2025-11-20 14:05:36,031 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDEA70000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2025-11-20 14:05:36,033 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE1390000: C:\Windows\System32\bcryptPrimitives (0x82000 bytes).
2025-11-20 14:05:36,037 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDE5B0000: C:\Windows\system32\uxtheme (0x9e000 bytes).
2025-11-20 14:05:36,052 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE21A0000: C:\Windows\System32\MSCTF (0x114000 bytes).
2025-11-20 14:05:36,090 [root] DEBUG: 2908: DLL loaded at 0x00007FFED6980000: C:\Windows\SYSTEM32\TextShaping (0xac000 bytes).
2025-11-20 14:05:36,129 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE0500000: C:\Windows\SYSTEM32\Wldp (0x2d000 bytes).
2025-11-20 14:05:36,131 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDEC70000: C:\Windows\SYSTEM32\windows.storage (0x79b000 bytes).
2025-11-20 14:05:36,246 [lib.api.process] INFO: Monitor config for <Process 740 svchost.exe>: C:\jqcvmfu1\dll\740.ini
2025-11-20 14:05:36,250 [lib.api.process] INFO: 64-bit DLL to inject is C:\jqcvmfu1\dll\GYprJuUV.dll, loader C:\jqcvmfu1\bin\bAhpVynL.exe
2025-11-20 14:05:36,261 [root] DEBUG: Loader: Injecting process 740 with C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:36,265 [root] DEBUG: 740: Python path set to 'C:\Users\Admin\AppData\Local\Programs\Python\Python313-32'.
2025-11-20 14:05:36,266 [root] DEBUG: 740: Disabling sleep skipping.
2025-11-20 14:05:36,267 [root] DEBUG: 740: Dropped file limit defaulting to 100.
2025-11-20 14:05:36,270 [root] DEBUG: 740: Services hook set enabled
2025-11-20 14:05:36,274 [root] DEBUG: 740: YaraInit: Compiled rules loaded from existing file C:\jqcvmfu1\data\yara\capemon.yac
2025-11-20 14:05:36,297 [root] DEBUG: 740: RtlInsertInvertedFunctionTable 0x00007FFEE348090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEE35DD4F0
2025-11-20 14:05:36,298 [root] DEBUG: 740: Monitor initialised: 64-bit capemon loaded in process 740 at 0x00007FFEB75E0000, thread 784, image base 0x00007FF630560000, stack from 0x000000A00B875000-0x000000A00B880000
2025-11-20 14:05:36,298 [root] DEBUG: 740: Commandline: C:\Windows\system32\svchost.exe -k DcomLaunch -p
2025-11-20 14:05:36,314 [root] DEBUG: 740: Hooked 69 out of 69 functions
2025-11-20 14:05:36,316 [root] INFO: Loaded monitor into process with pid 740
2025-11-20 14:05:36,317 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-11-20 14:05:36,318 [root] DEBUG: Successfully injected DLL C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:36,321 [lib.api.process] INFO: Injected into 64-bit <Process 740 svchost.exe>
2025-11-20 14:05:39,340 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE2C20000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2025-11-20 14:05:39,351 [root] DEBUG: 2908: DLL loaded at 0x00007FFED9570000: C:\Windows\SYSTEM32\wbemcomn (0x90000 bytes).
2025-11-20 14:05:39,352 [root] DEBUG: 2908: DLL loaded at 0x00007FFED9670000: C:\Windows\system32\wbem\wbemdisp (0x4e000 bytes).
2025-11-20 14:05:39,364 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDC220000: C:\Windows\system32\wbem\wbemprox (0x11000 bytes).
2025-11-20 14:05:39,373 [root] DEBUG: 2908: DLL loaded at 0x00007FFED9540000: C:\Windows\system32\wbem\wmiutils (0x28000 bytes).
2025-11-20 14:05:39,419 [root] DEBUG: 2908: DLL loaded at 0x00007FFED9650000: C:\Windows\system32\wbem\wbemsvc (0x14000 bytes).
2025-11-20 14:05:39,519 [root] DEBUG: 2908: hook_api: WMI_ExecQuery export address 0x00007FFED3FCD630 obtained via GetFunctionAddress
2025-11-20 14:05:39,538 [root] DEBUG: 2908: hook_api: WMI_ExecMethod export address 0x00007FFED40630C0 obtained via GetFunctionAddress
2025-11-20 14:05:39,611 [root] DEBUG: 2908: DLL loaded at 0x00007FFED3FC0000: C:\Windows\system32\wbem\fastprox (0x10b000 bytes).
2025-11-20 14:05:39,614 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDE1C0000: C:\Windows\SYSTEM32\amsi (0x1f000 bytes).
2025-11-20 14:05:39,626 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE08C0000: C:\Windows\SYSTEM32\sxs (0xa2000 bytes).
2025-11-20 14:05:39,690 [root] DEBUG: 740: CreateProcessHandler: Injection info set for new process 2628: C:\Windows\system32\wbem\wmiprvse.exe, ImageBase: 0x00007FF79AAF0000
2025-11-20 14:05:39,691 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 2628
2025-11-20 14:05:39,691 [lib.api.process] INFO: Monitor config for <Process 2628 WmiPrvSE.exe>: C:\jqcvmfu1\dll\2628.ini
2025-11-20 14:05:40,683 [lib.api.process] INFO: 64-bit DLL to inject is C:\jqcvmfu1\dll\GYprJuUV.dll, loader C:\jqcvmfu1\bin\bAhpVynL.exe
2025-11-20 14:05:40,697 [root] DEBUG: Loader: Injecting process 2628 (thread 400) with C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:40,698 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-11-20 14:05:40,699 [root] DEBUG: Successfully injected DLL C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:40,702 [lib.api.process] INFO: Injected into 64-bit <Process 2628 WmiPrvSE.exe>
2025-11-20 14:05:40,704 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 2628
2025-11-20 14:05:40,704 [lib.api.process] INFO: Monitor config for <Process 2628 WmiPrvSE.exe>: C:\jqcvmfu1\dll\2628.ini
2025-11-20 14:05:41,265 [lib.api.process] INFO: 64-bit DLL to inject is C:\jqcvmfu1\dll\GYprJuUV.dll, loader C:\jqcvmfu1\bin\bAhpVynL.exe
2025-11-20 14:05:41,278 [lib.api.process] INFO: Injected into 64-bit <Process 2628 WmiPrvSE.exe>
2025-11-20 14:05:41,291 [root] DEBUG: 2628: Python path set to 'C:\Users\Admin\AppData\Local\Programs\Python\Python313-32'.
2025-11-20 14:05:41,292 [root] DEBUG: 2628: Dropped file limit defaulting to 100.
2025-11-20 14:05:41,304 [root] DEBUG: 2628: Disabling sleep skipping.
2025-11-20 14:05:41,305 [root] DEBUG: 2628: Services hook set enabled
2025-11-20 14:05:41,310 [root] DEBUG: 2628: YaraInit: Compiled rules loaded from existing file C:\jqcvmfu1\data\yara\capemon.yac
2025-11-20 14:05:41,333 [root] DEBUG: 2628: RtlInsertInvertedFunctionTable 0x00007FFEE348090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEE35DD4F0
2025-11-20 14:05:41,334 [root] DEBUG: 2628: Monitor initialised: 64-bit capemon loaded in process 2628 at 0x00007FFEB75E0000, thread 400, image base 0x00007FF79AAF0000, stack from 0x000000A0FED40000-0x000000A0FED50000
2025-11-20 14:05:41,335 [root] DEBUG: 2628: Commandline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
2025-11-20 14:05:41,351 [root] DEBUG: 2628: Hooked 69 out of 69 functions
2025-11-20 14:05:41,358 [root] DEBUG: 2628: RestoreHeaders: Restored original import table.
2025-11-20 14:05:41,359 [root] INFO: Loaded monitor into process with pid 2628
2025-11-20 14:05:41,368 [root] DEBUG: 2628: set_hooks_by_export_directory: Hooked 0 out of 69 functions
2025-11-20 14:05:41,369 [root] DEBUG: 2628: DLL loaded at 0x00007FFEDEA70000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2025-11-20 14:05:41,370 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE1390000: C:\Windows\System32\bcryptPrimitives (0x82000 bytes).
2025-11-20 14:05:41,374 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE2C20000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2025-11-20 14:05:41,378 [lib.api.process] INFO: Monitor config for <Process 3192 svchost.exe>: C:\jqcvmfu1\dll\3192.ini
2025-11-20 14:05:41,382 [lib.api.process] INFO: 64-bit DLL to inject is C:\jqcvmfu1\dll\GYprJuUV.dll, loader C:\jqcvmfu1\bin\bAhpVynL.exe
2025-11-20 14:05:41,393 [root] DEBUG: Loader: Injecting process 3192 with C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:41,398 [root] DEBUG: 3192: Python path set to 'C:\Users\Admin\AppData\Local\Programs\Python\Python313-32'.
2025-11-20 14:05:41,399 [root] DEBUG: 3192: Disabling sleep skipping.
2025-11-20 14:05:41,399 [root] DEBUG: 3192: Dropped file limit defaulting to 100.
2025-11-20 14:05:41,401 [root] DEBUG: 3192: Services hook set enabled
2025-11-20 14:05:41,404 [root] DEBUG: 3192: YaraInit: Compiled rules loaded from existing file C:\jqcvmfu1\data\yara\capemon.yac
2025-11-20 14:05:41,430 [root] DEBUG: 3192: RtlInsertInvertedFunctionTable 0x00007FFEE348090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEE35DD4F0
2025-11-20 14:05:41,431 [root] DEBUG: 3192: Monitor initialised: 64-bit capemon loaded in process 3192 at 0x00007FFEB75E0000, thread 332, image base 0x00007FF630560000, stack from 0x0000000A8A175000-0x0000000A8A180000
2025-11-20 14:05:41,432 [root] DEBUG: 3192: Commandline: C:\Windows\system32\svchost.exe -k netsvcs -p
2025-11-20 14:05:41,447 [root] DEBUG: 3192: Hooked 69 out of 69 functions
2025-11-20 14:05:41,449 [root] INFO: Loaded monitor into process with pid 3192
2025-11-20 14:05:41,451 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-11-20 14:05:41,451 [root] DEBUG: Successfully injected DLL C:\jqcvmfu1\dll\GYprJuUV.dll.
2025-11-20 14:05:41,455 [lib.api.process] INFO: Injected into 64-bit <Process 3192 svchost.exe>
2025-11-20 14:05:43,465 [root] DEBUG: 2628: DLL loaded at 0x00007FFEDC220000: C:\Windows\system32\wbem\wbemprox (0x11000 bytes).
2025-11-20 14:05:43,473 [root] DEBUG: 2628: DLL loaded at 0x00007FFED9650000: C:\Windows\system32\wbem\wbemsvc (0x14000 bytes).
2025-11-20 14:05:43,490 [root] DEBUG: 2628: DLL loaded at 0x00007FFED9540000: C:\Windows\system32\wbem\wmiutils (0x28000 bytes).
2025-11-20 14:05:43,504 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE09F0000: C:\Windows\SYSTEM32\powrprof (0x4b000 bytes).
2025-11-20 14:05:43,505 [root] DEBUG: 2628: DLL loaded at 0x00007FFECA3F0000: C:\Windows\SYSTEM32\framedynos (0x52000 bytes).
2025-11-20 14:05:43,506 [root] DEBUG: 2628: DLL loaded at 0x00007FFEC3C00000: C:\Windows\system32\wbem\cimwin32 (0x20c000 bytes).
2025-11-20 14:05:43,507 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE09D0000: C:\Windows\SYSTEM32\UMPDC (0x12000 bytes).
2025-11-20 14:05:43,526 [root] DEBUG: 2628: DLL loaded at 0x00007FFECBDA0000: C:\Windows\SYSTEM32\winbrand (0x35000 bytes).
2025-11-20 14:05:43,531 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE0500000: C:\Windows\SYSTEM32\wldp (0x2d000 bytes).
2025-11-20 14:05:43,538 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE0500000: C:\Windows\SYSTEM32\wldp (0x2d000 bytes).
2025-11-20 14:05:43,545 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE0500000: C:\Windows\SYSTEM32\wldp (0x2d000 bytes).
2025-11-20 14:05:43,549 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE0500000: C:\Windows\SYSTEM32\wldp (0x2d000 bytes).
2025-11-20 14:05:43,550 [root] DEBUG: 2628: DLL loaded at 0x000001AC8BE00000: C:\Windows\SYSTEM32\SECURITY (0x3000 bytes).
2025-11-20 14:05:43,552 [root] DEBUG: 2628: DLL loaded at 0x00007FFED5070000: C:\Windows\SYSTEM32\SECUR32 (0xc000 bytes).
2025-11-20 14:05:43,554 [root] DEBUG: 2628: DLL loaded at 0x00007FFEDFAA0000: C:\Windows\system32\schannel (0x97000 bytes).
2025-11-20 14:05:43,604 [root] DEBUG: 2628: DLL loaded at 0x00007FFEC3A30000: C:\Windows\SYSTEM32\NETAPI32 (0x19000 bytes).
2025-11-20 14:05:43,607 [root] DEBUG: 2628: DLL loaded at 0x00007FFED5050000: C:\Windows\SYSTEM32\SAMCLI (0x19000 bytes).
2025-11-20 14:05:43,609 [root] DEBUG: 2628: DLL loaded at 0x00007FFED6E00000: C:\Windows\SYSTEM32\SRVCLI (0x28000 bytes).
2025-11-20 14:05:43,611 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE0060000: C:\Windows\SYSTEM32\NETUTILS (0xc000 bytes).
2025-11-20 14:05:43,614 [root] DEBUG: 2628: DLL loaded at 0x00007FFEE0070000: C:\Windows\SYSTEM32\LOGONCLI (0x43000 bytes).
2025-11-20 14:05:43,616 [root] DEBUG: 2628: DLL loaded at 0x00007FFEDC210000: C:\Windows\SYSTEM32\SCHEDCLI (0xc000 bytes).
2025-11-20 14:05:43,618 [root] DEBUG: 2628: DLL loaded at 0x00007FFEDFCF0000: C:\Windows\SYSTEM32\WKSCLI (0x19000 bytes).
2025-11-20 14:05:43,619 [root] DEBUG: 2628: DLL loaded at 0x00007FFEDC560000: C:\Windows\SYSTEM32\DSROLE (0xa000 bytes).
2025-11-20 14:05:43,623 [root] DEBUG: 2628: DLL loaded at 0x00007FFECE280000: C:\Windows\SYSTEM32\cscapi (0x12000 bytes).
2025-11-20 14:05:43,681 [root] DEBUG: 2908: CAPEExceptionFilter: Exception 0xc0000005 accessing 0x0 caught at RVA 0xf0418 in capemon (expected in memory scans), passing to next handler.
2025-11-20 14:05:43,693 [root] DEBUG: 2908: DLL loaded at 0x00007FFED9480000: C:\Windows\system32\winhttpcom (0x1e000 bytes).
2025-11-20 14:05:43,701 [root] DEBUG: 2908: DLL loaded at 0x00007FFED8A20000: C:\Windows\system32\WINHTTP (0x10a000 bytes).
2025-11-20 14:05:43,709 [root] DEBUG: 2908: DLL loaded at 0x00007FFECB2E0000: C:\Windows\system32\OnDemandConnRouteHelper (0x17000 bytes).
2025-11-20 14:05:43,712 [root] DEBUG: 2908: DLL loaded at 0x00007FFEC7790000: C:\Windows\system32\webio (0x98000 bytes).
2025-11-20 14:05:43,716 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE0260000: C:\Windows\system32\mswsock (0x6a000 bytes).
2025-11-20 14:05:43,720 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDFF50000: C:\Windows\system32\IPHLPAPI (0x3b000 bytes).
2025-11-20 14:05:43,723 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE2110000: C:\Windows\System32\NSI (0x8000 bytes).
2025-11-20 14:05:43,724 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDAE00000: C:\Windows\SYSTEM32\WINNSI (0xb000 bytes).
2025-11-20 14:05:43,739 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDFF90000: C:\Windows\SYSTEM32\DNSAPI (0xca000 bytes).
2025-11-20 14:05:43,745 [root] DEBUG: 2908: DLL loaded at 0x00007FFED87C0000: C:\Windows\System32\rasadhlp (0xa000 bytes).
2025-11-20 14:05:43,786 [root] DEBUG: 2908: DLL loaded at 0x00007FFED8CB0000: C:\Windows\System32\fwpuclnt (0x80000 bytes).
2025-11-20 14:05:43,842 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDFAA0000: C:\Windows\system32\schannel (0x97000 bytes).
2025-11-20 14:05:43,969 [root] DEBUG: 2908: DLL loaded at 0x00007FFECB060000: C:\Windows\SYSTEM32\mskeyprotect (0x15000 bytes).
2025-11-20 14:05:43,971 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE0530000: C:\Windows\SYSTEM32\NTASN1 (0x3b000 bytes).
2025-11-20 14:05:43,976 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE0570000: C:\Windows\SYSTEM32\ncrypt (0x27000 bytes).
2025-11-20 14:05:43,979 [root] DEBUG: 2908: DLL loaded at 0x00007FFECB1A0000: C:\Windows\system32\ncryptsslp (0x26000 bytes).
2025-11-20 14:05:43,986 [root] DEBUG: 2908: DLL loaded at 0x00007FFEE0690000: C:\Windows\SYSTEM32\MSASN1 (0x12000 bytes).
2025-11-20 14:05:44,093 [root] DEBUG: 2908: DLL loaded at 0x00007FFEC5430000: C:\Windows\system32\mlang (0x42000 bytes).
2025-11-20 14:05:44,156 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDFCB0000: C:\Windows\SYSTEM32\ntmarta (0x33000 bytes).
2025-11-20 14:05:44,157 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDE0B0000: C:\Windows\System32\CoreMessaging (0xf2000 bytes).
2025-11-20 14:05:44,158 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDC8A0000: C:\Windows\SYSTEM32\wintypes (0x155000 bytes).
2025-11-20 14:05:44,159 [root] DEBUG: 2908: DLL loaded at 0x00007FFEDDD50000: C:\Windows\System32\CoreUIComponents (0x35b000 bytes).
2025-11-20 14:05:44,160 [root] DEBUG: 2908: DLL loaded at 0x00007FFED8F50000: C:\Windows\SYSTEM32\textinputframework (0xf9000 bytes).
2025-11-20 14:08:55,932 [root] INFO: Analysis timeout hit, terminating analysis
2025-11-20 14:08:55,933 [lib.api.process] INFO: Terminate event set for <Process 2908 67f06666b122cdba28954592.exe>
2025-11-20 14:08:55,934 [root] DEBUG: 2908: Terminate Event: Attempting to dump process 2908
2025-11-20 14:08:55,937 [root] DEBUG: 2908: DoProcessDump: Skipping process dump as code is identical on disk.
2025-11-20 14:08:55,950 [lib.api.process] INFO: Termination confirmed for <Process 2908 67f06666b122cdba28954592.exe>
2025-11-20 14:08:55,951 [root] INFO: Terminate event set for process 2908
2025-11-20 14:08:55,951 [root] DEBUG: 2908: Terminate Event: monitor shutdown complete for process 2908
2025-11-20 14:08:55,951 [lib.api.process] INFO: Terminate event set for <Process 740 svchost.exe>
2025-11-20 14:08:55,953 [root] DEBUG: 740: Terminate Event: Attempting to dump process 740
2025-11-20 14:08:55,953 [root] DEBUG: 740: DoProcessDump: Skipping process dump as code is identical on disk.
2025-11-20 14:08:55,958 [lib.api.process] INFO: Termination confirmed for <Process 740 svchost.exe>
2025-11-20 14:08:55,958 [root] DEBUG: 740: Terminate Event: monitor shutdown complete for process 740
2025-11-20 14:08:55,958 [root] INFO: Terminate event set for process 740
2025-11-20 14:08:55,959 [lib.api.process] INFO: Terminate event set for <Process 2628 WmiPrvSE.exe>
2025-11-20 14:08:55,960 [root] DEBUG: 2628: Terminate Event: Attempting to dump process 2628
2025-11-20 14:08:55,961 [root] DEBUG: 2628: DoProcessDump: Skipping process dump as code is identical on disk.
2025-11-20 14:08:55,964 [root] DEBUG: 2628: Terminate Event: Shutdown complete for process 2628 but failed to inform analyzer.
2025-11-20 14:09:00,960 [lib.api.process] INFO: Termination confirmed for <Process 2628 WmiPrvSE.exe>
2025-11-20 14:09:00,960 [root] INFO: Terminate event set for process 2628
2025-11-20 14:09:00,961 [lib.api.process] INFO: Terminate event set for <Process 3192 svchost.exe>
2025-11-20 14:09:00,961 [root] DEBUG: 3192: Terminate Event: Attempting to dump process 3192
2025-11-20 14:09:00,963 [root] DEBUG: 3192: DoProcessDump: Skipping process dump as code is identical on disk.
2025-11-20 14:09:00,966 [lib.api.process] INFO: Termination confirmed for <Process 3192 svchost.exe>
2025-11-20 14:09:00,967 [root] DEBUG: 3192: Terminate Event: monitor shutdown complete for process 3192
2025-11-20 14:09:00,968 [root] INFO: Terminate event set for process 3192
2025-11-20 14:09:00,968 [root] INFO: Created shutdown mutex
2025-11-20 14:09:01,983 [root] INFO: Shutting down package
2025-11-20 14:09:01,984 [root] INFO: Stopping auxiliary modules
2025-11-20 14:09:01,984 [root] INFO: Stopping auxiliary module: Browser
2025-11-20 14:09:01,984 [root] INFO: Stopping auxiliary module: Human
2025-11-20 14:09:02,977 [root] INFO: Stopping auxiliary module: Screenshots
2025-11-20 14:09:03,916 [root] INFO: Finishing auxiliary modules
2025-11-20 14:09:03,916 [root] INFO: Shutting down pipe server and dumping dropped files
2025-11-20 14:09:03,917 [root] WARNING: Folder at path "C:\HCJHyl\debugger" does not exist, skipping
2025-11-20 14:09:03,917 [root] INFO: Uploading files at path "C:\HCJHyl\tlsdump"
2025-11-20 14:09:03,918 [lib.common.results] INFO: Uploading file C:\HCJHyl\tlsdump\tlsdump.log to tlsdump\tlsdump.log; Size is 1644; Max size: 100000000
2025-11-20 14:09:03,926 [root] INFO: Analysis completed

Machine

Name	Label	Manager	Started On	Shutdown On	Route
MalwareGuest	MalwareGuest	Proxmox	2025-11-20 14:05:27	2025-11-20 14:09:16	none

File Details

File Name	67f06666b122cdba28954592
File Type	PE32+ executable (GUI) x86-64, for MS Windows
File Size	1239040 bytes
MD5	ef6987bd5b4f3d74b8be32886b5ea6b9
SHA1	441fdcf973599dd39627e41607ea92ce2c75ff6e
SHA256	67f06666b122cdba28954592ec2c52964d0fbbc48e39974cedde8ef7a508dd9d [VT] [MWDB] [Bazaar]
SHA3-384	edc36951bf16d92485aa745abe6f9aa1bbfc41198ddf245a35c5a44ef489b92d1dd91c5e11d0bc0391317f994f09be6f
CRC32	16BB423F
TLSH	T134458D0733A6C0E8DF6790F2CA295223D7727814173897DB64E0692DDFA3EA15B3A711
Ssdeep	24576:+dofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqVUy:+dofGbSIQ177wZvYjiiRDXASat5RgsLw
Yara	INDICATOR_SUSPICIOUS_AHK_Downloader - Detects AutoHotKey binaries acting as second stage droppers - Author: ditekSHen
PE	File Strings BinGraph Vba2Graph

GetDC

Class

H!D$ D

#IfTimeout

OF>;^

t$@H3

Clipboard:=Key

user32

H9U8u

#InputLevel

PriorKey

CfD9#u

H9l$@u

Hc|$X

IsValidCodePage

AtlAxGetControl

OLEAUT32.dll

player := prread(getprocessid(), 0xB6F5F0)

D9D$`

*uzfE9e

CRLF)

)t$ A

t$(93

D$$A;

h(((( H

WinSet

StatusBar

;L$Pu7A

K0LcY

hud:=!hud

|$ L+

variable

VVVVVVVVVVVVV

RWin

<>=/|^,:*&~!()[]{}+-?

|$ Ic

%sTop

L9h8u

rp := RegExReplace(rp, "\Q$\Eday", time.d)

d$0H9K

D8L$qt

!\$0!\$(!\$ L

RtlGetVersion

\C not allowed in lookbehind assertion

H;_8s'H

settimer, arem, 1

[[[[[[[[[

RawRead

A;D$

\: (.*)_(.*)", nick)

t$LD+l$@D+t$DD

DrawTextW

gui, 5:color, black

D$pfA

SoundGetWaveVolume

Mouse

[[[[[[[[[[[[[[[[[[[[[[[[

Uppercase

9qT~EH

Process

ERROR

Invalid usage.

MapVirtualKeyW

WinHide

H;n8|

Too few parameters passed to function.

Lowercase

UVWATAUAVAWH

@UWAUH

T$XD;T$\

A\_^

?@En[vP

f9-#@

T$XLcL$HL

Hct$PH

-64OS

GuiControl, 1:, M4, % ahk[i+1]

Out of memory. The current thread will exit.

LineCount

(;k r

IfGreaterOrEqual

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

GetText

(%0.2f)

GetFileVersionInfoW

@UAVH

A_A^A]A\_

sleep 1100

Mouse hook: %s

Could not open URL https://autohotkey.com in default browser.

FormatInteger

global agun, id1, id2, remed, nick1, nick2, id2, pass, i, li, apt, arbar, hpbar, hud:=1, hp, ar

FileGetVersion

KeyDelayPlay

SetMenu

.?AVObject@@

frexp

D9P(t

d$ UH

@8|$8t

PCRE does not support \L, \l, \N{name}, \U, or \u

|$8E2

SystemTimeToFileTime

Unexpected ")"

Tt@E3

Olive

@sqrt

ComboBox

NH+D$TD

ascii

Restore

v#H;k

Myanmar

(?R or (?[+-]digits must be followed by )

IsDialogMessageW

L$`uT

[ UVWH

EndMods

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

Parent

Cursor

A_A^A]A\^][

|$ fE

Program:

fD9#t

M09u(u}H

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

GetProcAddress

OSVersion

\$ UVWAUAWH

QueryPerformanceCounter

Unhandled exception.

@8=aw

GuiControlEvent

t$ UATAUAVAWH

?JV8f

IsWindowVisible

DEFINE group contains more than one branch

StdOut

Catch

Numpad2

Yacute

A9q$~

v%H;w

WINMM.dll

KbdLayerDescriptor

KeyHistory

VerCompare

H9JHw

|$(E3

SUVWATAUH

gdi32

graph

{Blind}{%s Up}

D%0fA

oacute

L$8H3

t'H+D$`L

T$8;A

;_ r"H

9\$8t

\$ WAUAVH

SplitPath

RegRead, nick, HKEY_CURRENT_USER, Software\SAMP, PlayerName

__fastcall

#IncludeAgain

local

ntilde

D8"u%H

8\$sH

gui, 5:show, x%xap% y%yap% w250 h130 NoActivate,

Linear_B

Double

if(i==li)

AtEOF

A+C0L

uvfD9%H

t$ ATAUAV

L$hE3

T$`+T$X

#SingleInstance

Uacute

D$\A;

Gui, 3:+ToolWindow -Caption +Owner +AlwaysOnTop +E0x20

eacute

@A_A^A\_^][

CTRLDOWN

UpArrow

BackspaceIsUndo

GetBase

\$0t=H

fD9 u

if GetKeyState("ESC", "P") or GetKeyState("F6", "P") {

DeleteCol

fA9<$t

L$ UVWATAUAV

:u#fD9i

L$(I#

L$8M#

D$&8\$&t-8X

1#QNAN

mouse_event

ClientToScreen

IfWinNotExist GTA:SA:MP

RegExmatch(ar, "(.*)\.", sar)

EnableThemeDialogTexture

GetStdHandle

Bottom

SetKeyboardState

AltTabAndMenu

unmatched parentheses

Built-in variables must not be declared.

(;Y r

)t$Pf

umH9|$8t

(;~ r

t[9-h

VWATH

\$ UH

C0;C sAH

l$@fffff

L$hffff

__thiscall

getid() {

close AHK_PlayMe

Armenian

__Call

d$LIcETD

IGNORE

GetTickCount

A label must not point to an ELSE or UNTIL or CATCH.

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

uLffff

class

IsObject

punct

SetTimer, acuff, 1

yag:=A_ScreenHeight - 40

{LCtrl up}

] is an invalid data character in JavaScript compatibility mode

WinKill

v"H;w

cedil

?}u&A

\$HE3

D;D$T

u?9G,t!3

internal error: previously-checked referenced subpattern not found

Gui, launcher:Add, Text, x18 y19 w270 h30 +Center,

AElig

`vftable'

f;D$@uD

Old_Italic

Client

For %s,%s in %s

ULlTt

Compile error %d at offset %d: %hs

return object("d", A_DD, "m", A_MM, "y", A_Year, "h", A_Hour, "m", A_Min, "s", A_Sec)

EventInfo

GetWindow

SendAndMouse

SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS\VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV[[[[[[[[[[[[[[[[[[[[[VVVV

SetHandleCount

sleep 1

SetBkColor

RShift

ListBox

raquo

y,.u+

Tagbanwa

_hypot

L$ffD

v%H;{

A^A]A\_^]

FocusV

WinGetClass

|$@tE

FileInstall

Listbox

No tray mem

ATAUAVH

u+H9s

[\]^_`

(A_A]A\]

USVWAWH

ub8\$Du\

WinMinimizeAll

Random

StringSplit

v(L;g

RegDeleteKeyExW

An older instance of this script is already running. Replace it with this instance?

v%I;^

StrSplit

$+L;d$Hr*K

GetVersion

WinGet

l$ D!

Gui, launcher:Add, Text, x22 y49 w260 h20 +Center, %nick%

SUVWATAUAVAWH

<>=/|^,:.+-*&!?~

@8q#u

]/D+]'A

TimeSinceThisHotkey

fA9<$

fA9T$

T$@A;

static

WantReturn

this version of PCRE is not compiled with Unicode property support

GetOEMCP

9D$xuXH

XA_A^A]A\_^[]

t$ H;

Delete

\\.\%c:

|$xH+

SubStr

&tilde;

H9D$8ubI

VERSION.dll

StringLen

v2L;c

T$lf9

0A]A\_^]

p WATAUAVAWH

8A]A\

IfWinNotExist

FileSetAttrib

Input, input, V I M, {ENTER}{ESC}{F6}

vk%02X

u;D9%rH

Thaana

B0H9A0

D8i#u

A^A]A\_^

InsertCol

Keybd hook: %s

SetCapslockState

Numpad3

uBfA9E

l$JfD

fD91u:A

( 8PX

HICON:

icirc

Duplicate declaration.

DragFinish

QueryDosDeviceW

Default:

GuiControl, 5:+cGreen +Redraw, pstatus,

KeyUp

0A\^]

`A_A^_][

11GuiClose:

CapsLock

:?:/r::

IniRead, slots, rp.ini, settings, slots

Functions cannot contain functions.

D$$E3

Source:

f9t$0tyH

BF>^G

L0:A:

fD9+u

Invalid or nonexistent owner or parent window.

x0Du'

|$@-D

abcdefghijklmnopqrstuvwxyz

gui, 1:add, text, cGreen vM3 x0 w250 Center, % ahk[i]

SUVWATAUAVH

MenuGetHandle

HcT$P

)f9l$

*D$0f

H9|$8

0A]_]

A" upHc

L$dLc

Type Descriptor'

D8d$8t

GetMessageW

t\fA9E

GetSubMenu

SHBrowseForFolderW

SetWinDelay -1

E9,$~T3

if !RegExmatch(getchatline(findline("

PostThreadMessageW

V(N9\

|$(fD

d$PfA#

Error text not found (please report)

floor

2fD9!t

@SUVWATH

ExStyle

fD; sSH

SUVWATAUAWH

L$xfD

regular expression is too large

Numpad9

(A^A]

CoordMode

MouseDelayPlay

FileDescription

FileMoveDir

Ntilde

A]A\_

D$@?H

@SUVWAUAVAWH

Tagalog

HeapFree

C:f9C

H9\$p

gui, 3:hide

]HfA;

Throw

UWAUH

Normal

<rt4E3

L$pE3

;E s>H

D8q#u

SetTimer, patrol, 1

|$hfA

Gui, launcher:Destroy

gui, 6:add, text, cBlue varbar,

Check

I;t$0|

EnumClipboardFormats

GdipCreateBitmapFromFile

sendchat("/rem")

AutoHotkeyGUI

KeyWait

SetFileTime

Value

OpenSCManagerW

Gui, 1:Show, y%y% x%x% w250 NoActivate,

t8ffffff

@SWATAVAWH

ExtractIconW

GetModuleBaseNameW

SVWATAUAVAWH

DefDlgProcW

u4fA9D$

:;<=>?@

WebRequest.Open("GET", url, false)

SUWAVAWH

(t$`H

Not a valid property getter/setter.

GuiControl, 4:+cRed +Redraw, apt

Alnum

|$8fD

|Ln\u

Flags

agrave

D$ H;

RunWait

t-fffff

Error:

ClipWait

9uu<ffff

ControlMove

hud() {

DestroyMenu

v#H;{

VWATAUAVH

Sunday

VirtualAllocEx

D$`I9F

D$<+D$4

u)H9}

This indicates a bug in your application.

Zod(^?

DecodePointer

SendMessage

@SATAVH

UWATH

mixerGetControlDetailsW

/force

Running

Window: %s

GetDIBits

T$0E+

DetectHiddenText On

d$LE3

L$Pf91u

700WP

internal error: code overflow

#EscapeChar

NewInput

hbitmap:

Parameter #3 must not be blank in this case.

WinMaximize

@8y#u

:" nick2 ",

GetMenuItemCount

DISPLAY

ScreenDPI

White

u1D8d$xD

u%L9o@t

VirtualProtect

u1fB9D{

RegExMatch(GetChatLine(1), "

TickInterval

u"L9%Q!

SetMouseDelay -1

RawGet

System exception 0x%X.

Arrow

__restrict

CopyImage

PA^A]A\_^

GetSaveFileNameW

L$HfA9M

MessageBoxW

mscoree.dll

`virtual displacement map'

`vector destructor iterator'

Reset

LCMapStringW

UseUnsetGlobal

8D$CL

D$xfE9}

`vbtable'

BlockInput, off

SetCapacity

D$PLc

digit expected after (?+

NumpadIns

DefWindowProcW

Global

FileOpen

H+\$x

FileRecycleEmpty

_nextafter

HcL$H

kfD9~

Do you want to continue?

u9D8w#u

v4I;w

@SVWAUH

RegDeleteKeyW

FileSetTime

IfWinExist

CoordModePixel

Duplicate class definition.

Purple

H;K(u

Interrupted threads: %d%s

Target label does not exist.

GetSelection

"%s" %s

Params: <%-0.400s%s>

L$ VWH

ControlGetFocus

$Ib?s

ByRef

Critical Error

A_A^A]A\_][

|$@A_A^A]A\

Button%s

\P{Xps}

msctls_trackbar32

A(H9t8

<>H;} rzH

d?000000`?

IcF I

9uu8f

@8h#u

IsVariadic

IsCharUpperW

Buddy

.?AVCStringCharFromWChar@@

NoTimers

Description:

.?AVInputObject@@

fE9l$

T$pE3

Declaration too long.

guihide()

.?AVEnumComCompat@@

IniRead

?:kP<

?8bunz8

SHGetFolderPathW

/>58d%

GroupActivate

Parameter #2 invalid.

[[[[[Z

if allrp=ERROR

l$xE+

runtime error

Shift

WinActive

Ccedil

Parameter #1 invalid.

not found

D8c>u

Hct$pMc

D8a t

alnum

StringRight

sendchat("/id " id1)

@SVWAWH

<$)ux3

A_A^A\_^[]

d$ UAUAVH

Checked

H;l$p

GetStockObject

v$H;{

FindNextFileW

AppDataCommon

z'u%3

gfffffffH

A_A]A\_^

{All}

GetWindowLongPtrW

t'D8c#u

Uy]E3

HcT$\H

GetProcessHeap

u/@8t$2D

l$ WATAUH

return

MinSize

Cyrillic

ScreenWidth

0Lct$xL

D$p H

Gujarati

GlobalUnlock

RControl

A__^[]

HeapSetInformation

GetLastActivePopup

SetBatchLines

9wBE3

GroupDeactivate

l$(Hci0H

?R0I?

UseUnsetLocal

@.data

wTtI

Sleep

E9<$u

fD9\$`tVH

Startup

l$Hu I

@VWAUAVAWH

L$xD+\$tL

u$fA9

%02X %03X

r@8{^tB9{@vg

L;|$xrKH

PSAPI.DLL

vAL;m

x ATAUAWH

AppendMenuW

: NumGet(buf, type)

ComObjCreate("SAPI.SpVoice").Speak(text)

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="AutoHotkey" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings" xmlns:ws2="http://schemas.microsoft.com/SMI/2016/WindowsSettings"><dpiAware>true</dpiAware><ws2:longPathAware>true</ws2:longPathAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly> PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX

BatchLines

- unable to initialize heap

QD8u>t

Unknown class var.

TTTTTTTTT

v!I;z

Hotstring max abbreviation length is 40.

TimeSincePriorHotkey

ScriptName

Fuchsia

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

GetTextFaceW

PCREA

700PP

Speakers

EPH9C

FindFirstFileW

ComObj

SplashTextOn

\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number

ComputerName

delete

Pos%d

>H;l$xs#H

PA_A]A\_]

@UATAUH

@UVAUH

IniRead, rps, rp.ini, % ahk[i]

oslash

t}@8p

Flash

SSSSS

IPAddress3

H9l$@t)f

t,Hc]

#Requires

L09A:

t1L95f

D9M8vHI

ThisFunc

l$XE3

Suspend

NoMouse

GetKeyboardState

?t @7d

t$Ptu

EnvMult

v%I;}

Active

@SVWAVAWH

failed to get memory

0D8s#u

Press [F5] to refresh.

&Key history and script info

D$`H9C

MapWindowPoints

ABORT

D$`HcK

SetWindowPos

GetDlgItem

D$@I;

StartupCommon

HeapCreate

f#C"fA

IBeam

L$xH;

invalid UTF-8 string

SUVWAVH

A^_^[]

StringFromGUID2

D$HH;

ubf9E

A;\$ s

SendInput {f6}{end}+{home}{del}{esc}

Toggle

fA9l$

BitAnd

LoopRegType

9uu?H

FileCreateDir

Redraw

GetCommandLineW

B0I9B0

v'H;~

L!l$HL!l$@

#Hotstring

L9Y0u

McH,H

SetRect

)t$pE

if !remed {

;H9>&X

RemoveAt

`eh vector destructor iterator'

fD92t

RegRead

a numbered reference must not be zero

UTF-16LE

USVWAUAWH

SetParent

IfWin should be #IfWin.

(T?j?Y

A0H9C`u

with same name as a global

Osmanya

THORN

\$(E3

__Set

BringWindowToTop

SetKeyDelay

Buginese

DateTime

EndChars

Unsupported method call syntax.

Parameter default required.

H9Y u1H

(t$ f

sendchat(RP)

H;5($

Mandaic

CreateEllipticRgn

-BH>t

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

MaxIndex

settimer, password, 1

A^A\_^]

D$DIc

I)l$0

v&I;\$

@8t$`u

syntax error in subpattern name (missing terminator)

GetDateFormatW

Too many var/func refs.

Aring

[[[[[[[[[[[[[[

ffffff

EnableWindow

A^A\_

H9;u^D8c

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[VVV

D$`I9G

ot$@H

sendinput {space down}

\p{Xsp}

GetFileSizeEx

A)ETE3

D$hfA

t$pE3

\$PtAH

GetSystemTime

sendchat("

l$ WATAVH

[8H9x

FindWindowW

SendMessage, 0x50,, 0x4190419,, A

REG_MULTI_SZ

sendinput {w down}

CreateProcessWithLogonW

u0fA9l$

d$XfA

t$(M;|$(t

FileGetAttrib

YD$`f

GuiControl, 6:, arbar,

#32771

SetTextColor

%.*s.Get%s

t?="!

IniRead, allrp, rp.ini, w%id%

\$xA;

A_A\_^]

~0Au;H

FINALLY with no matching TRY or CATCH

VVVVVVVVVVVV[[[[[[[[[[[[[[[

8D$AH

WriteConsoleW

NumpadEnter

\ at end of pattern

L$@E3

A_A^A]_^

MonthCal

D8d$Ht

&Scaron;

0x%Ix

A^A\_^[]

t;fff

t$(M;

D$PfD

|$@~H

8uu?H

PA\_^

CLSIDFromProgID

L$XfA

NumPut

@UVATAUH

|5PBt5A

IcqHI

CaretY

DestroyWindow

K~Je#>!

CurrentLine

!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012QQQQQQQQ334556789999:;<;<=>=?@AB=?@ABQQQQQCDEFGHIJKLMN

ytjA+

|$ ATAUAVH

Simple

internal error: unexpected repeat

Margin

Missing "key:" in object literal.

Exception

|$0x8f

v$L;s

t1L9=

E;~$}"A

H;B0}

-------------------------------------------------------------------

D8m#u

Limbu

CreateToolhelp32Snapshot

D8h#u

{uffA

sleep 500

gui, 1:add, text, cWhite vM4 x0 w250 Center, % ahk[i+1]

%sGlobal Variables (alphabetical)%s

L$2f9

[[[[[[[[[[[[[[[[

MouseClick

IcEPD

tcf90H

{address: 0x%IX}

Missing "]"

d$ D8a<

EnvUpdate

A^A\_[

u8fD9{

GetPropW

SetWinDelay

GetTopWindow

T$"fD

)t$pff

l$0L9c

T$HH;

|$DD9d$X

sbfD;

NoDefault

GetPrev

e A_A^A]A\]

NoHide

missing )

0.0.0.0

Default

%u.%u.%u.%u

GetSystemPaletteEntries

Verb: <%s>

GetCount

Owner

ImageList_ReplaceIcon

open "%s" alias AHK_PlayMe

__New

Call to nonexistent function.

@UVAVH

8D$1H

H;D$H

@SVAUAWH

October

CallNextHookEx

uUE8|$

C$9C |(

v+L;c

@USVWH

NumpadClear

L$ SUWATAUAVAWH

HKEY_CLASSES_ROOT

Digit

WIN_2003

uSfE9M

LoopFileExt

DestroyIcon

>jtm}S

.?AVFunc@@

State

BC?>6t9^

Paused threads: %d of %d (%d layers)

f93u=

;} s-H

Invalid memory read/write.

Length

Too many tab controls.

Failed attempt to launch program or document:

(*VERB) not recognized

micro

0A_A]A\

9uu=H

nid:=WeaponId()

MapVirtualKeyExW

ecirc

u"D8w#H

RedrawWindow

R6033

LcKDH

aring

IsCharAlphaW

SUATAVH

contains

r#fA;

t!H9s

SetScrollLockState

IconFile

FileRecycle

\P{Lu}

GetStringTypeW

Single

t3ffff

.i?0@I

AUAWH

\$ Hc

{RCtrl up}

MB_GetString

v!H;s

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

ExcludeClipRect

Unexpected function

|$xD;

LoopFileTimeModified

&Refresh

;:u,H

d$XH+

L$XH3

#MaxThreads

SetWindowsHookExW

Run *RunAs %A_ScriptFullPath%

ControlDelay

GetNext

CD9C@r'H

t0D9=q

)t$`H

SendInput {f6}^a/id %nick1%_%nick2%{enter}

;D$p~SLc

SendRaw

WheelUp

FindClose

Rejang

FlashWindow

MaxParams

DefaultMouseSpeed

Full class name is too long.

LcKDL

xpxxxx

id:=WeaponId()

f97u*

RtlLookupFunctionEntry

[[[[[[[[[[[[[[[[[[[[[[[[[

\p{Xan}

H98t!

(E;~

TrackPopupMenuEx

Vr.>T

InternetOpenW

D W?{W

H+D$@H

RegRead, gtapath, HKEY_CURRENT_USER, Software\SAMP, LauncherDLL

RCtrl

Parse

;|$P|

A_A^A]A\^[]

D$@<t

OnError

x`L9gpttH

Batak

Local variables must not be declared in this function.

WinRestore

fD9#u

TitleMatchMode

FileSystem

80tVD

WheelLeft

GuiControl, 6:, hpbar,

InitializeCriticalSectionAndSpinCount

true:

Browser_Refresh

BoundFunc

The oldest are listed first. VK=Virtual Key, SC=Scan Code, Elapsed=Seconds since the previous event. Types: h=Hook Hotkey, s=Suppressed (blocked), i=Ignored because it was generated by an AHK script, a=Artificial, #=Disabled via #IfWinActive/Exist, U=Unicode character (SendInput).

arem() {

SHGetPathFromIDListW

gui, 2:color, Black

PostQuitMessage

Max window number is 10.

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

default

Tibetan

GdipDisposeImage

,HR>O

s H9k

L$HL9e

- unexpected multithread lock error

%s (in function %s)

;D$\A

%s[%Iu of %Iu]: %-1.60s%s

K SVAUAWH

8A]_^[

return false

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

`eh vector vbase constructor iterator'

UTF16)

LoadCursorW

tmE8h

*StO9>T

not between

Handle

Media_Prev

l$ VATAUAVAWH

findline(text, i:=0) {

RegView

u28D$0D

E0fD9(uAA

Imperial_Aramaic

TLOSS error

CaretX

SendInput {F6}

String too long.

fD9+t?A

fD9't

UUUUUU

global auth:=0

NumpadUp

H;T$prPLcL$xH

9_ v2

5@8{#u

?|u=H

lower

acute

BitNot

Egrave

L$&fD

Delimiter

D9d$

DesktopCommon

LoopRegKey

CreateCompatibleBitmap

pA_A^A]A\_^]

invalid UTF-16 string

t$HD;

$L9_H~WH

@UVWATAUH

GetPrivateProfileSectionW

sendinput {d down}

Escape

underline

L$PHc

iniread, fam, rp.ini, settings, fam

Ctrl+E

D$SA;

Gui, 5:Destroy

sleep 1050

A+O(H

`vector vbase constructor iterator'

Ol_Chiki

IsIconic

D$PA9

ExitProcess

gui, 5:add, text, x10 y20 w250 cRed vpstatus,

l$(E3

SUWATAUH

HcG$H

A_A]A\

TRYAGAIN

$D8q#u

.?AVComObject@@

EnvAdd

CreateWindowExW

CallWindowProcW

8ut)H

\$Pf9

global i = 1

StringLeft

|$ ;=f

Rename

IsCharLowerW

A window class is required.

Mffff

hA^A\

t$`L+

Focus

EL$0H

GetForegroundWindow

Run, Z:\Games\gtarp_crmp\samp.exe 51.83.170.116:7777,, UseErrorLevel

uDI9v

CoordMode Pixel, Screen

UVWATAVH

Visible

RP := RegExReplace(RP, "\Q$\Erank", rank)

^+!#{}

D8t$@

Timeout

[[[[[[[[[[[[[[[[[[[[

if (inveh()>0) {

T$PHc

WindowSpy.ahk

Gui, 6:+ToolWindow -Caption +Owner +AlwaysOnTop +E0x20

|$`fB9tc

DL>fD

PCSpeaker

I9L$Hw

NOPPQ

\$pE3

`vector vbase copy constructor iterator'

VisibleNonText

atilde

Lc@0J

YD$0H

T$PE3

- not enough space for arguments

ControlGetPos

D$hE;

L$Df;

number after (?C is > 255

colSettings := objWMIService.ExecQuery("Select * from Win32_OperatingSystem")._NewEnum

gui, 6:color, black

brvbar

ahk_parent

Georgian

=>?@A

PeekMessageW

Can't open clipboard for writing.

%s.%s

Space

—

The maximum number of Folder Dialogs has been reached.

;_ sKH

lid:=id

t-LcJ@H

This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.

MonitorCount

Int64

8ke?;

Len%s

USVWATAUAVAWH

E8H9E

L$08Y#u

!WheelUp::

fD9#tSH

&sbquo;

`local static guard'

WinWait

Braille

R6008

HcL$HH

@A^A\^

;7sUH

D$HfD

`copy constructor closure'

OpenClipboard

D8d$@u5D8d$Au.H

WinActivateBottom

u%L9s

CloseHandle

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

l$hE3

DeleteObject

aelig

’

AVAWH

Jumps cannot exit a FINALLY block.

SizeAll

sendchat(text) {

if not GetKeyState("%s")

Extra

CoordModeMenu

;D$0A

GetShortPathNameW

- abort() has been called

SendMode

Tray menu must not be deleted.

H9JHvufffff

Button

uacute

;k0}AH

reference to non-existent subpattern

NOTE: To disable the key history shown below, add the line "#KeyHistory 0" anywhere in the script. The same method can be used to change the size of the history buffer. For example: #KeyHistory 100 (Default is 40, Max is 500)

YWeek

v'L;f

GetWindowThreadProcessId

Pixel

GetKeyboardLayoutNameW

GroupClose

Too many menu items.

Monitor

ColClick

D$HL+

D$#A8D$"rJ

ty@85

tED8p#u

L;-{3

[[[[[[[[[[[[

j?V()

WinExist

mixerGetLineControlsW

T$4A;~

HcM H

OpenProcess

Numpad4

u@D9-

@VWAUH

@8x7u

7HcO$H

Press OK to continue.

D$hA;w

LL0t#H

@8{#t

JoyPOV

PostMessage

`h`hhh

SetMenuItemInfoW

{Raw}

!WheelDown::

mixerGetLineInfoW

:>t6k'

&File

HcB,A

SendInput

Enable

Analog

•

apt:=!apt

PA_A]A\_^][

CL:>8

.?AUIDispatch@@

gui, 1:font, s16

prread(hProccess, dwAdress, type := "Int", numBytes := 4) {

__clrcall

NumpadSub

Syntax error or too many variables in "For" statement.

f90t;H

Lydian

IntersectRect

__Delete

C f9E

: %sar1%

Gui, launcher:Add, Button, x22 y319 w270 h50 gbtnstart,

SetFormat

A^A]A\_^][

fD93t(H

Literal commas and percent signs must be escaped (e.g. `%)

Unknown exception

Too many parameters passed to function.

rp := RegExReplace(rp, "\Q$\Esec", time.s)

RAMDisk

- floating point support not loaded

ocirc

time:=gettime()

D95G1

Continue

#32768

GetClipboardData

Base Class Array'

t$ WH

rIH+D$`LcL$xE

WinWaitNotActive

`managed vector destructor iterator'

@SUVWH

T$@Hc

Egyptian_Hieroglyphs

L$ USVWH

v(H;s

~sfA;

>AUTOHOTKEY SCRIPT<

ErrorLevel

LocalFileTimeToFileTime

_cabs

egrave

GetWindowTextW

)t$P<

BitBlt

Memory limit reached (see #MaxMem in the help file).

(D;g

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

password(){

L$0H;

keybd_event

Bengali

Latin

AK>(v

T$@f;

IfInString

HasKey

USVWATAUAVH

A_A^A]A\_^[]

H9|$0t

`A^_]

A_A]_^[]

f92t H

IsLabel

9kTtB

BitShiftRight

SetKeyDelay -1, -1

Aacute

UVWATAUAWH

mixerOpen

HcL$X

vLHcB,H

u,D8m

.?AVbad_alloc@std@@

iniread, y, rp.ini, settings, y

Runic

CheckMenuItem

@UATAUAWH

return input

CONOUT$

9|$pt

D8Q#I

(;N r

0A_A^A]A\_^[

9Y vM

invalid escape sequence in character class

IfWin

Oslash

D$0H9C

ar:=GetArmour()

A^_^[

fA9\$

Submenu must not contain its parent menu.

@SATAUAVAWH

L;-V5

A^A]_][

!This program cannot be run in DOS mode.

<otA<pt=A

|$huAf

LcA<E3

LoopRegSubKey

TimeIdle

]3+]+C

LocalSameAsGlobal

Exact

tLD85

R6028

Can't load icon.

Missing close-quote

A_A]A\_[]

LoopFileShortName

SetPropW

LineNumber

Class Hierarchy Descriptor'

Object

frac14

;*uuH

ulHcGT

AutoSize

@A_A\_^]

A_A]A\

WriteFile

%u hotkeys have been received in the last %ums.

%sBottom

InputBox

fD9;u

GroupAdd

/restart

T$pI;

D$(E3

MIDDLE

t$0t#H

LCtrl

ProgramFiles

The AltTab hotkey "%s" must specify which key (L or R).

u(@8-

fE9,$t`A

v!M;e

T$PI+

@8t$`t

!<40C'S"

Invalid

[[[[[[[[[[

t$ UWATAVAWH

Translation

REG_SZ

c(>\,

Agrave

9D$@t

:?:/acuff::

&#%d;

Standard

KeyDown

ComSpec

%s.%.*s := %.*s,

Region

Too many controls.

Cannot jump from inside a function to outside.

D8o#u

SVATAUAVH

BitXOr

Launch_Mail

This hotstring is missing its abbreviation.

Canadian_Aboriginal

l$@Lc

EL$8H

Theme

`A\_]

Alpha

U(A9V

t+fE9

u D8%*

Ambiguous or invalid use of "."

SYSTEM\CurrentControlSet\Control\Keyboard Layouts\

\$ UVWATAWH

D$PHcE

&Suspend Hotkeys

@SUATH

I9L$Hve

UnhookWindowsHookEx

fD9|$0

j>>A?1

HcT$0A

l$8D8s#u

.?AVexception@std@@

(t$ H

Otilde

t1L95

Removable

D$^L;

9D$ u@

fD9'u

SetTimer, hud, 100

u-@8=@X

@"=`+

A_A^A]A\_^]

D$`E3

POSIX collating elements are not supported

GetVolumeInformationW

WHILE

v%H;O

D$0Mc

FlsGetValue

u2f9C

ImageList_Destroy

D$BE2

joypoll

Ocirc

t\D8s(tAD85@

|$@uF

.?AVComArrayEnum@@

D8c=upD8c>tjf

SetTitleMatchMode

CountClipboardFormats

SoundGet

v!L;k

u0fE9|$

A fA9

t&L+UX

Pos%s

@A\_^][

fD9<pt\D8\$Tu

NumpadPgUp

u0D8m#u

xA_A^A\_][

@UATAVH

L$$A+

D8L$zH

p WATAUH

GetWindowLongW

D$HD8s#u

GetWindowTextLengthW

gui, 2:add, text, x0 y0 w150 cGreen vStatusAC +Center , AutoCuff

IfLess

new[]

FileEncoding

D$XE3

SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS\\\\\

Invalid method name.

%sGui

u-D8=

`placement delete[] closure'

t$XL9c

H!\$ H

GetActiveWindow

0x%06X

L$THc

t*HcO

GroupBox

v}`[>

D$0E3

@8|$HtT

9\$ ~>H

SoundSetWaveVolume

WSOCK32.dll

GetOpenFileNameW

SetClipboardViewer

H9A u/H

IniWrite

Select File - %s

'L>[

L$Xu@E3

v!H;{

T$iLc

SeShutdownPrivilege

SystemParametersInfoW

[SSSSSSSSSSSSS[[[

waveOutSetVolume

(.*)\Q[\E(.*)\Q]\E") == -1

CreateDCW

sendchat("/cuff " id2)

@SUVWATAUAVH

Equalizer

u%8D$0D

number too big in {} quantifier

t$ AT

A+C0H

GetDlgCtrlID

0X8b?~

A>pP&

SetEnv

CreateDIBSection

xQfff

Parameter #2 must not be blank in this case.

IsCompiled

CreateWindow

Menu item name too long.

fD9)t

!numpad0::reload

- not enough space for environment

A#E;M

r$I+I(A

FindResourceW

E6D8u>t3;

A_A^A\_[

t$XH9A

Browser_Back

Process32NextW

D$ L;

SetWindowTheme

StartMenuCommon

d$ fE9

[[[[[[[[

Transparent

T$0H#

DropFiles

%s up::

ccedil

D8s#tY

fE9)u

4IcD$

Empty variable reference (%%).

December

closing ) for (?C expected

RaiseException

H+U(H

#MaxThreadsPerHotkey 250

sendchat("/me

A;E |

IsZoomed

(t$PH

8C4uDH

WinGetPos

@text

ScreenHeight

D8p#t

l$ VATAVH

f9l$ tWH

GetKeyState

status cdaudio mode

“

RP := A_LoopField

X_^[]

Number

IniDelete

D$,D+\$ +D$$D

GetModuleFileNameW

|# Lc

Thread

t$0E3

gui, 1:color, Black

Selected

A^A]]

Lepcha

@A^A\_

Process Exist, gta_sa.exe

SysGet

&Help

v(H;~

v'L;n

OpenProcessToken

EnvSub

gui, 5:add, text, x10 y40 w250 cWhite vpname,

tUH;N

ControlClick

VisibleText

return prread(getprocessid(), 0xBAA410)

`vector constructor iterator'

T$HE3

0A\][

&Dagger;

AhkVersion

H;D$xu

l$8t$

- CRT not initialized

VirtualFreeEx

Khmer

LcGTH

SetErrorMode

3>N;kU

:?:/apt::

JoyButtons

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

E&xit

<$:ubA

Suspend, on

HideDropDown

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

yac:=A_ScreenHeight - 40

Master

\AutoHotkey.exe

Force

DllCall

GetSystemMenu

&scaron;

HcT$4A

~ID;c

RegisterClassExW

CaseSensitive

MaxSize

LegalCopyright

unrecognized character after (?<

If WinActive("GTA:SA:MP") {

0A\_]

t$\;t$X

D$ Hc

WinMove

Nonexistent hotkey.

COMMIT

D;T$X}nH

R6024

Can't create font.

inconsistent NEWLINE options

.>PJ;I:qE>

A_A^A]A\^

shlwapi

SetFilePointer

H9k@tNH

mgun:

GetPrivateProfileSectionNamesW

u*H9\$ht#H

while i < 5

CreateCompatibleDC

atan2

menu()

NoStandard

t<<kt8H

GetProcessId

|$ ATH

9s0~.H

CoordModeMouse

u<L9f

E;N A

A+C0fA

HcD$HH

L$HD8e_

`vcall'

LoadLibraryExW

D;R(}ELcJ,H

open:=0

&OElig;

Ugrave

GetSystemWindowsDirectoryW

RegSetValueExW

u}@85

8\$8t

Old_Turkic

Loop, parse, rps, `n

RP := RegExReplace(RP, "\Q$\Ename", name)

:" nick1 ",

WinGetTitle

:L$Sr

ControlGetText

NoIcon

|$ UH

+f;F u%L9n

D$@t6L

DoubleClick

ListHotkeys

UVWATAUAVAW

This dynamically built variable name is too long. If this variable was not intended to be dynamic, remove the % symbols from it.

IDLast

SetPriorityClass

GuiControl, 1:, M2, % ahk[i-1]

D+\$pD+D$tL

parentheses nested too deeply

D8E-t

if not nid=id

&Reload Script

AlwaysOn

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

Supported only for the tray menu

NoActivate

Eject

d$,A;

UVATAUAVH

DispatchMessageW

iexcl

Inscriptional_Pahlavi

R6009

operand of unlimited repeat could match the empty string

USER32.dll

>0u&A

January

CreatePatternBrush

v'H;n

+t$X+\$\H

Numpad6

All Files (*.*)

D8{#u

character value in \x{...} sequence is too large

LoopFilePath

u$E8|$

v(H;w

EmptyClipboard

Switch

___[`[aabccccccccccccccccc[cccccccccdeeebfffffffffffffffffgfffffffffhiijklmmmnopXYXYXYXYXYqrqrqrqrqrqrqrstubvwxXYyXYbzzz{{{{{{{{{{{{{{{{||||||||||||||||||||||||||||||||}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}~~~~~~~~~~~~~~~~

Missing "]" before ":"

gui, 6:add, text, cRed vhpbar,

/fD9m

D$HD8

D8a#u

FlsSetValue

Complete Object Locator'

if A_LoopField

xotmH

SAUAVAWH

Browser_Home

} else {

BindMethod

(.*)\Q[\E(.*)\Q]\E")), "

button

l$ VWAUH

#NoEnv

AHK Mouse

9ut$H

~&I;t$0}

Samaritan

Execute() {

properties

(t$0H

WritePrivateProfileSectionW

u9fE9|$

gui, 4:hide

C;_X|

{wrapper: 0x%IX, vt: 0x%04hX, value: 0x%I64X}

A^A]A\

MaximizeBox

:L$Qw

global ahk := Array()

SendInput %pass%{enter}

id:%A_Space%

Index

TransColor

A^A]A\_[]

Microphone

f9>u!

fD9|$0t

StrLen

GetDiskFreeSpaceExW

L$ I;

fffff

SetLayeredWindowAttributes

t$@fA

RButton

Len%d

*9{@v%f

(t$PL

t ffff

@A\^[

9N v!H

f9l$ tXH

fE9&u

KeyOpt

Access violation - no RTTI data!

T$@fA9

LoadImageW

ListVars

LWin

TTTTTTTTTTTT

pA^A]A\_^][

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

SendInput /r [%tag%]

WIN_8

fD9.u"

\$`Hc

WritePrivateProfileStringW

Fixed

>ERCPH

.?AVbad_typeid@std@@

FileGetShortcut

no error

YDay0

PtrSize

IsCritical

WinDir

IsAdmin

Checkbox

C;t$P

&permil;

space

t$xE2

T$pH3

uCf9C

&rsaquo;

#NoTrayIcon

Max hotkeys.

A)ETA

~T;G ~

fD9"u

t$`fA#

TitleMatchModeSpeed

__Delete will now return.

G 9G$u

.?AV?$CKuStringT@DVCKuStringUtilA@@@@

SetUnhandledExceptionFilter

l$6t@E

SSSSSSSSSTTTTTTTTT

#InstallMouseHook

&Lines most recently executed

GetCurrentProcess

- unexpected heap error

SoundBeep

The maximum number of File Dialogs has been reached.

|L<\t

data

support for \P, \p, and \X has not been compiled

Return

Ready

@tBE3

function

L$XtRH

fD9?u4

t$@E3

fD9&tkfD9#H

rp := RegExReplace(rp, "\Q$\Emin", time.m)

ControlSend

D$BHc

Not a valid method, class or property definition.

l$@fD

.?AVbad_exception@std@@

ScreenToClient

SetBkMode

OwnerLink

NumpadLeft

if autogun

RegDelete

RIGHT

Can't delete items (in use?).

\k is not followed by a braced, angle-bracketed, or quoted name

OleInitialize

L$ UVWATAUH

_fD9#u

` AVH

UnregisterHotKey

The program is now unstable and will exit.

8Z!tX

MM/dd/yy

Warning

0A^A]A\

`default constructor closure'

octal value is greater than \377 in 8-bit non-UTF-8 mode

v%L;o

Numlock

t$ WATAUH

SplashImage

DetectHiddenText

A_A^A]A\_^][

@8x#u

D$HH+

Numpad8

global hpwarning:=0, arwarning:=0

L$$E2

D$8+D$0D+\$4D

ControlSendRaw

ThisLabel

StatusBarGetText

<>#n2

__Get

Programs

;X<}`M

PrintScreen

remed:=0

\$ VH

uMfE9M

RtlCaptureContext

R6002

Shell_TrayWnd

__Init()

strike

SVWATAUH

Phoenician

&Window Spy

InvalidateRect

- unable to open console device

CDROM

missing terminating ] for character class

if RegExmatch(getchatline(i), text)

LoopFileSizeMB

@SWATAVH

v%H;_

LockResource

fD9;t

D$`H9E

\p{L}

|$ E3

l$ VH

this version of PCRE is compiled without UTF support

H!|$ L

subpattern name is too long (maximum 32 characters)

SetLabel:

d$8L9k

False

Segoe UI

H9y0u

CoCreateInstance

D$pH;

DwmGetWindowAttribute

Expected Case/Default

Meetei_Mayek

t8L9@

Short

%i-%i

\$8L3

Disabled

A]A\_^[]

Lucida Console

HelpContext:

StringFileInfo

|$ 9;

Thursday

GetAddress

\$0D8k#u

USER32.DLL

GetMenu

CurrentCol

8A_A^A]A\_^][

FileVersion

v(M;E

L$Xf9

H;|$@rKH

EnableMenuItem

Section

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

New_Tai_Lue

ERCPu

alpha

Can't create control.

GlobalFree

@SUATAWH

Gui, 4:+ToolWindow -Caption +Owner +AlwaysOnTop +E0x20

ComObjArray.Enumerator

@WATAUAVAWH

Silver

VWAUH

JoyAxes

AutoHotkey.chm

BSR_ANYCRLF)

@WATAWH

H9.stI

Can't Open Specified Mixer

L$HH3

The script could not be reloaded.

t$0tF

8*uFH

D8|$At`

SetMouseDelay

C" uS

Cherokee

\$ WH

Missing "}"

No valid COM object!

LcL$XD

Base Class Descriptor at (

tBD9-6

Missing class name.

StringGetPos

v%I;_

uZE8h

Query

T$@E3

Break/Continue must be enclosed by a Loop.

G98G8r0

Oriya

Ecirc

D8g#u

D8e_t

FileRemoveDir

!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

Bopomofo

EnvGet

lookbehind assertion is not fixed length

SetWindowRgn

d$PMk

1.1.37.01

8D$Pt

d$0H9k

Event

gui, 6:show, x%xh% y%yh% NoActivate,

sleep 125

GetFocus

P>q_Y~

DefaultGui

HcD$HH;

E;,$|

URLDownloadToFile, https://twl.su/favicon.ico, C:\PA\Logo.ico

Maximize

R6031

Maroon

'D8\$Tu4

A\_[]

t?@8-

GetChild

I9OHr

AlwaysOnTop

JoyInfo

R6025

uKfE9|$

LoopFileLongPath

Continuation section too long.

Format

>[uFH

NumpadHome

FileDelete

j@8{#u

|$ UATAUAVAWH

`omni callsig'

IcK`I

Group

tAffff

GetCurrentProcessId

v'L;o

This control type should not have an associated subroutine.

t$<fD

CTRLUP

T$dE3

VT$pD

RegQueryValueExW

)t$0A

L;%S%

IfNotExist, C:\PA\Logo.ico

if(GetKeyState("RButton", "P"))

C>TQ

A_A^_]

.?AVbad_cast@std@@

Shutdown

D;I$}

L$x+L$ D

Submenu does not exist.

L$8H;L$@rQH+

D$PL9oXt

GetFileAttributesW

rp := RegExReplace(rp, "\Q$\Ehour", time.h)

EncodePointer

+D$ Hc

#MaxThreads 1000

u(8D$`@

D$pu;H

gui, 4:font, s16

#UseHook

ModifyCol

€

H9A8t

l$ VATAUH

frac34

if !processHandle := DllCall("OpenProcess", "Int", 24, "UInt", 0, "UInt", processID, "Ptr")

GuiWidth

9{P~93

HcC H

(A^_^[

GetComputerNameW

@SVATH

A label must not point to a function.

Iacute

WinGetText

E|$(H

\$@fD

D$(yeE3

GlobalAlloc

InsertMenuItemW

TaskbarCreated

u@D8`

Note: The hotkey %s will not be active because it does not exist in the current keyboard layout.

Invalid hotkey.

D$h+D$`E8

|$@I;

Sinhala

@SWATAUAVH

&?PPPPPPP?

(t$@I

lstrcmpiW

A]A\]

Telugu

H+T$0JcL8

Parameter #2 required

v%H;k

LoopFileShortPath

This dynamic variable is blank. If this variable was not intended to be dynamic, remove the % symbols from it.

__cdecl

H;|$p}

GetACP

@8p]t

pound

VK SC

\$0H;

TerminateProcess

while Not FileExist("C:\PA\Logo.ico")

fD9$Gt

l$xE3

9k vq3

AHK Keybd

A_A\][

L9%8\

LoopFileSizeKB

\$HA;

LcG`H

!t$(H!t$ A

InitializeCriticalSection

LongDate

v'H;}

Input

WININET.dll

Mixer Doesn't Support This Component Type

(D$@H

EnvSet

GetFullPathNameW

VerQueryValueW

v1H;s

;\$p|

ANYCRLF)

:?:/agun::

#InstallKeybdHook

`vbase destructor'

\P{Xan}

The same variable cannot be used for more than one control.

SUATAUH

ReadProcessMemory

(not the user's), because the keyboard hook isn't installed.

@8*t<

IsWindowEnabled

SB_SetIcon

`dynamic atexit destructor for '

SHFileOperationW

USWATAUH

t4f9>t/H

Too many declarations.

!>6'Y

D9%sW

IsCharAlphaNumericW

if(i==s-1)

USVWAUH

WinGetActiveTitle

RCtrl

l$ H;

Media_Next

SetEnvironmentVariableW

CATCH with no matching TRY

\P{Xsp}

Saurashtra

t$H8]

USVWH

APH+A@

L$ UATAUAVAWH

GTA RolePlay")

Duplicate label.

tBfA;

D$(+D$ fA

D$ 9h

- pure virtual function call

A+G(L

unknown option bit(s) set

ApplicationFrameWindow

GuiControl, 1:, M1, % ahk[i-2]

T$ H+

(|$PH

(null)

&circ;

AUAVH

ShortDate

D+d$xL

LoopFileSize

if RegExMatch(GetChatLine(1), "

w%fE;

8D$8t

ShiftAltTab

ControlList

WATAUAVAWH

SysTreeView32

%s: %s object

Sundanese

IcC\A

GetSystemMetrics

assertion expected after (?(

`A^_[

ProgramsCommon

xac:=A_ScreenWidth / 2 -75

A]A\_^]

[[[[[[[[[[[[[[[[[

DeviceIoControl

:T$Pr

LButton

D$`fD9'H

@UVWH

LeaveCriticalSection

BlockInput, on

InputHook

GuiControl, 5:, pstatus,

~!fffffff

NumpadRight

L# E3

`A^A]_

WorkingDir

Center

l$(A^

`local vftable'

AutoHotkey2

HKEY_CURRENT_USER

CreateThread

March

TreeView

v'H;w

RegEnumValueW

L$pA9

w4t*H

D9&tPH

Create

Bamum

D$PE3

#E8g#u

C:f9A

curren

FileCopy

VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV[[[[[[[[[[[[[[[[

DeleteAll

Can't Change Setting

NewEnum

8L$1H

Count

GetTextMetricsW

.?AUIEnumVARIANT@@

Capacity

l$`L9c

ScrollLock

Unlock

- Attempt to initialize the CRT more than once.

Parameter #1 required

D$8HcH

>-u-fA

_logb

:" id2)

SysMenu

REG_DWORD_BIG_ENDIAN

November

PixelGetColor

: %id2%

LoopRegName

HcD$@

mixerGetDevCapsW

R6026

@UVATAVH

LineFile

Volume

DefaultTreeView

D$PH9F

RegOpenKeyExW

#LTrim

#Include

Parameters must not be declared.

&Pause Script

ClipboardAll

AppsKey

SendEvent

__Init

%%%s%s%s

?UUUUUU

t$pL9c

fD9:u

DropDownList

&Open

ograve

__unaligned

REG_EXPAND_SZ

IsUnicode

GuiControl, 5:,pname,

Stopped

Mc,$E

A_A^A]A\_^]

.?AUIObjectComCompatible@@

S>$hkDh$h>[2

SetDefaultMouseSpeed 0

Choice

D9v(ua

|$DE3

Q5rHg,>

?f`Y4

ImageList_GetIconSize

"e?<<<<<<l?

msctls_hotkey32

;(tNH

|L~ u

D9uP~uI

\N is not supported in a class

[*ncd>0

SHIFTDOWN

T$0E3

fA9D$

EnumFontFamiliesExW

The leftmost character above is illegal in an expression.

SUVWATH

UWATAUAWH

While colSettings[objOSItem]

Duplicate hotkey.

A]A\^]

@VATAUAVAWH

Common

zc%C1

if RegExMatch(rps, "\Q$\Eid", out)

:?:/hud::

\P{L}

@UAUH

__Handle

Level

WinWaitClose

A_Args

u0f9C

SizeNS

T$p<"

])6M>&

Hotkey

L$PfA

@UVATH

gui, 4:add, text, x0 y0 w150 cRed vapt +Center , AutoPT

L$ E3

Atilde

sendchat("/patrul")

n03>Pu

Up/Dn

l$0fD

9uu2H

wKfffff

WriteProcessMemory

D$hE3

H;59t

if open

Missing ")"

IcqHH

AdjustTokenPrivileges

SendMessageTimeoutW

FileTimeToSystemTime

K&>.yC

Parameters of hotkey functions must be optional.

H;Y(~!H

L$xfA

D|pf9D$p

KillTimer

set cdaudio door %s wait

T$\D;

rp := RegExReplace(rp, "\Q$\Eyear", time.y)

xap:=A_ScreenWidth - 250

FileCreateShortcut

RegWrite

t>fff

|b=})>

ATAVH

D8y#u

d$`E3

@SUAVH

`eh vector vbase copy constructor iterator'

gui, 2:font, s16

)t$`L

MonitorName

ControlFocus

&Variables and their contents

C<9C8u(

InternetCloseHandle

A_A][]

.?AVEnumerator@Object@@

u'ffffff

-()[]{}:;'"/\,.?!

D8k#u

too many forward references

f#^0f

@8s#u

Unexpected "]"

VS_VERSION_INFO

N>O=I9

\$XE3

tM@8s#u

SplashTextOff

"%s" is not a valid key name.

USATAVAWH

""""&*.2666::>>>CCCCCHMMVV$

status cd mode

.?AVBoundFunc@@

FileCopyDir

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

GetClassLongPtrW

@SAVAW

xapt:=A_ScreenWidth / 2 - 225

e@A_A^A]A\_^]

D9-s}

r&D8g

malformed number or name after (?(

f98u,A

Telephone

D$ E3

open %s type cdaudio alias cd wait shareable

-----

`dynamic initializer for '

REG_RESOURCE_REQUIREMENTS_LIST

"%-1.300s"

SetCurrentDirectoryW

D9uPL

A;\$

false

WindowFromPoint

|$ ATAUAVAWI

1#SNAN

c0&>`

FileRead, file, %A_MyDocuments%\GTA San Andreas User Files\SAMP\chatlog.txt

LoopFileAttrib

L?UUUUUUU?

LcJDLcB@H

A^A]A\_^

t$ ATH

?.uI3

|$ Hc

GetDriveTypeW

Z\>z8

DOMAIN error

StartMenu

@SAUH

BSR_UNICODE)

ThenPlay

l$ VWATAUAVH

xppwpp

fD9:r

\c at end of pattern

EndKey

An exception was thrown.

SHGetDesktopFolder

Headphones

GuiControl,10:+cRed +Redraw, StatusAC

@"=cJ

fD9?u

CD;T$X

|$HfA

[[[[[[[[[[[[[[[[[[[[[[VVVVVVVVVVVVV

D$$fE

fD9t$@u

F0HcH

\$ VWATAUAWH

L$TfA

(t$pH

f9lL0u

d$X9YP~13

fA9D{

68Y#u

Deref

global

d$PE3

9E v-H

msctls_progress32

Script info will not be shown because the "Menu, Tray, MainWindow"

D$0Hc

iniread, name, rp.ini, settings, name

iniread, org, rp.ini, settings, org

E8|$(tmD8=0j

D;l$8

u*D9%a,

EnumChildWindows

D$PH#

HA^A]A\_^[

Icirc

WIN32_NT

/2GG>!B

SetTimer, omenu, 1

H;W }yA

<7H;|$xr+H

ReadOnly

WCreateProcessWithLogonW.

CreateMenu

return prread(getprocessid(), player + 0x548, "float")

return processHandle

gui, auth:Destroy

RWINUP

MonitorWorkArea

L# Hc

\P{Nd}

@8n(t5@8-

u#HcMP

WantCtrlA

#KeyHistory

Program Manager

<$iu.H

WaitClose

if(line:=findline("

StringLower

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

This local variable has the same name as a global variable.

if !apt

;^ r"H

Mb@A"

EnvDiv

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

T$8E3

OwnDialogs

E&xit (Terminate Script)

v'H;{

t$0Hc

D$`fD

?7zQ6$

|L.\u

if !RegExMatch(GetChatLine(0), "

AhkPath

Serial

Select Folder - %s

MoveDraw

if(GetKeyState("S", "P"))

if(GetKeyState("D", "P"))

#MaxThreadsBuffer

H;G8u

cmenu() {

Position

;,u-ff

t[I)l$8A

`vector copy constructor iterator'

t$`D8

GetUserNameW

A_A^A\_]

`A_A^A]A\_^]

Parameter #1 must not be blank in this case.

fD93u

D$l+D$dE8

L$xHcT$X

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

AutoHotkey v1.1.37.01

E7 %04X

DeleteFileW

FileSelectFolder

9D$XA

igrave

RegDeleteValueW

MinSendLevel

Object.Enumerator

The script was not reloaded; the old version will remain in effect.

A_A^A]A\[

FileGetTime

%s (%d) : ==> %s

Buhid

Glagolitic

)t$`tz

gui, 1:add, text, cWhite vM2 x0 w250 Center, % ahk[i-1]

Green

Gui, 2:show, x%xac% y%yac% w150 NoActivate,

<>H;|$xr+H

InternetReadFileExA

DrawIconEx

Runtime Error!

UNTIL with no matching LOOP

|$PE3

- not enough space for locale information

SUVWAUAWH

StatusAC:=!StatusAC

szlig

{ ATH

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Invalid Gui name.

@>%>b

SizeofResource

L$PfH

: %shp1%

WorkerW

return i

AppData

HeapQueryInformation

different names for subpatterns of the same number are not allowed

two named subpatterns have the same name

<>H;}

.?AVExprOpFunc@@

gui, 5:hide

rp := RegExReplace(rp, "\Q$\Ereason", reason)

The InputBox window could not be displayed.

user32.dll

EndDialog

Right

D8mju

Until

@USVWATAVAWH

SHIFTUP

Clone

\$PE3

|$@H;

C"$"<

f9*t8

Focused

DriveGet

#HotkeyInterval 1000

CreateRoundRectRgn

MsgBox,

gui, 5:add, text, x10 y80 w250 cWhite vpid,

Duplicate parameter.

GetQueueStatus

A;}$}

StringMid

A9t$

|$HE8

NoMainWindow

@8t$

Modifiers (Hook's Physical) = %s

\$ UWATH

CWD>~3

FormatMessageW

divide

[[[[[[[[[[[[[

XA_A^A]A\_^][

: %nick2%

#Delimiter

Modifiers (GetKeyState() now) = %s

Balinese

thorn

vSIc@,H

advapi32

The following %s name contains an illegal character:

ERCPt

\$8fD

A+C0fE

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

fD9t$b

CreateMutexW

#MaxHotkeysPerInterval

Function name too long.

[[[[[[[[[[[[[[[

Round

Label

|$8fA

@SVAVAWH

v%H;}

{Blind}

A9t$X~-A

A0I9B0

H+D$@E

<4H;}

H;0t,

d$0E;

pfD9f

HeapReAlloc

OnOff

vXI;\$

L9X8t

#IfWin

fffffff

NotifyNonText

&fnof;

L$0E3

`+!]?

v(H;{

VarSetCapacity(buf, numBytes, 0)

Unregistered window class.

D$ fE

ahk_default

%sLeft

:u!f9

Gui, 1:Destroy

Volume_Up

ShellExecuteExW

SB_SetText

ahk_group

%s%s%s

.?AVObjectBase@@

Ctrl+H

D9J(tVH

A control's variable must be global or static.

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

Ctrl+L

fD98u

Style

+f)>0'

v'L;g

GetCursorPos

Local

close cd wait

RegQueryInfoKeyW

Environment

IfNotExist

InsertAt

Avestan

gui, 2:hide

Integer

<$-Hc

!""#$%&'((()*+,-./0123456789:;<=>?@AABCDEFGHFIJKKALAAM

(.*)", id)

%sRight

FlsFree

Missing comma

InternalName

Locale

A_A^A]_^][

D$ H#

WinGetActiveStats

L$ Hc

PRUNE

QSoundPan

.?AVTextStream@@

(;} r

l$`tB

_oD>Kg

unrecognized character after (? or (?-

Media_Stop

The AltTab hotkey "%s" must have exactly one modifier/prefix.

.?AUIObject@@

LoopField

STILL WAITING (%0.2f):

RichC

?kxG2)

TTTTT

Custom

|$@E3

k-hook

This character is not allowed here.

ScriptHwnd

&Web Site

Line#

t$0tP

H+D$`H

bad exception

CoUninitialize

GuiControl, 3:+cRed +Redraw, agun

C!yTH

Function recursion limit exceeded.

.text

Embed Source

D$8;C s

XButton2

WinShow

ThisMenuItemPos

IconHidden

z\uZf

fD; s H

if(GetKeyState("W", "P"))

ListLines

The program will exit.

w(tBH

Menu does not exist.

v9H;s

t$ E3

0A^A]_

H+M0x

Insert

internal error: unknown opcode in find_fixedlength()

btnstart:

L$hA;

NIc{$I

RegCreateKeyExW

FileRead

yZZZ[[b

fD9%@

L$XE3

IsHungAppWindow

shHcD$XH

__stdcall

}u4fA

v!H;o

WIN_8.1

v$H;k

joyGetDevCapsW

™

unrecognized character follows \

SetBatchLines -1

Xdigit

L$xt9@

DialogBoxParamW

ComObjType

@A]A\_^]

(A]A\_^][

<$+u>I

H9\$puv

L$xE3

gui, 6:hide

f92t+H

comctl32

t#D85#T

<acos

!|$DHc

UTF-16

u6H9w

Arabic

SetImageList

spare error

frac12

GuiControl,10:+cGreen +Redraw, StatusAC

DriveSpaceFree

D8e t

@SWAVH

D8d$Pt

- not enough space for lowio initialization

GetCharABCWidthsW

KeyDuration

Bad dynamic_cast!

Invalid class variable declaration.

ahk[s] := A_LoopField

StrGet

EndKey:

NoTicks

A Goto/Gosub must not jump into a block that doesn't enclose it.

fD9d$`

&dagger;

argument is compiled in 8 bit mode

fD9(u

blank

GetModuleHandleW

SetClipboardData

L$0u8

if !StatusAC

Volume_Mute

u58D$0

xag:=A_ScreenWidth / 2 + 75

Can't Get Current Setting

Cancel

Smooth

ALTDOWN

A03>A|

NumpadDiv

not contains

PA]A\_

SHELL32.dll

m-hook

Invalid `%.

|$BM;

TranslateMessage

1#INF

Synth

OSType

USVATAUAVAWH

Cypriot

rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

sendinput {s down}

(preempted: they will resume when the current thread finishes)

@USWATH

GetFileVersionInfoSizeW

CreateProcessW

BETWEEN requires the word AND.

u.D8-

D$xH;

omenu() {

%s%c%s%cAll Files (*.*)%c*.*%c

.?AUIUnknown@@

ActivateKeyboardLayout

t$`L9c

: .......

9]X~)3

Backspace

L9+u^D8k

RWINDOWN

status AHK_PlayMe mode

Radio

Report

%u.%u.%u

if !DllCall("CloseHandle", "Ptr", processHandle, "UInt") && !result

k D9kX~,

WinMenuSelectItem

(see #MaxHotkeysPerInterval in the help file)

0A_A\_

Files

Unsupported parameter default.

remed:=1

AddClipboardFormatListener

\$ E9c

.?AVRegExMatchObject@@

Error at line %u

SetMenuInfo

Line Text: %-1.100s%s

d$PfE;

TTS(text) {

LoopFileTimeCreated

ThenEvent

base.__Init()

D$,+D$$f

ProductVersion

v/L;w

SetStoreCapslockMode

td@8o#u

EndChar

L$BfA

StringCaseSense

Prompt

L9t$8u

^RfN>

A_A]A\_^]

ugrave

xf9t$ taH

argument is not a compiled regular expression

clsid

Friday

iniread, tag, rp.ini, settings, tag

h>1my

acuff() {

an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)

ComObject

ClassOverwrite

Caret

M(H;M rFH

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

MsgBox

AltTabMenu

loop, parse, cmd, `n

(;_ r

Blank group name.

uSfE9

ffffff

L$Pffff

GetClassInfoExW

LCtrl

VScroll

d$0E3

CreateFileW

MinParams

Too many params.

D8\$1tID9

u&D95

f97t%L

A^A]A\_^[]

|$T.|BH

Gui, 1:+ToolWindow -Caption +Owner +AlwaysOnTop +E0x20

CoInitialize

Too many fonts.

TimeIdlePhysical

u,fA97u&

StereoEnh

xA_A^A]A\_^][

RemovePropW

Gui, 4:show, x%xapt% y%yapt% w150 NoActivate,

gui, 3:add, text, x0 y0 w150 cRed vagun +Center , AutoGun

Gui, 2:+ToolWindow -Caption +Owner +AlwaysOnTop +E0x20

- Attempt to use MSIL code from this assembly during native code initialization

KeyDurationPlay

if(GetKeyState("A", "P"))

u7D9-F_

Picture

Invert

%s%s:%s %-1.500s

GDI32.dll

Brahmi

`.rdata

gui, 6:Destroy

Progman

D$PM98u

t%I+WHA

L$0H+

Hct$p3

Text Documents (*.txt)

August

opengta()

Transform

Buttons

COMDLG32.dll

fD9.u

GnfA9

Write

- not enough space for _onexit/atexit table

missing ) after comment

GetSystemTimeAsFileTime

Could not create window.

y0%uT

l$`fD

|$8H+

)|$Pf

L$8A+

\$@tQ

RAlt

OutputDebug

^8U)zj

SendLevel

T$Ff;

autogun:=!autogun

fD9l$@

fD91u

Array

REG_LINK

gui, 6:show, NoActivate

u=9=`|

GetClientRect

plusmn

n]?iJ

ahk_dlg

t$H;|$P

H(H9J(u

`vector deleting destructor'

AttachThreadInput

diouxX

D$`H;

ThisMenuItem

Phags_Pa

Specifically: %-1.100s%s

|$ Hi

t0fD9

if(i==1)

D$pE3

D$hL;

v-H;n

H;B8}

ADVAPI32.dll

Choose

MinimizeBox

if RegExMatch(WebRequest.responseText, key)

F|McF|E3

gui, 3:color, Black

StatusBarWait

InternetOpenUrlW

RegisterCallback

Blank parameter

Trans

GetFileSize

Eacute

Yellow

A>l$/

t$X+L$pH

D8%aJ

Kannada

<orf<qwb

SetFilePointerEx

Ograve

H;M rAH+E(LcM

CANCEL

laquo

ProcessPath

BitOr

set cd door %s wait

global toggle:=1

.----/01/01/01

Enter

fE9|$

D$@E3

+D$4Hc

CreateIconIndirect

@UVWAUAVH

uxtheme

Process32FirstW

D$XIc

+uBE3

UTF-8

Connect

u.?Z8

Old_Persian

TickCount

LControl

msctls_updown32

?D8w#u]H

Shavian

r(+}8H

d$hfD

GetHP() {

f98u0A

CharLowerW

[[[[[[[[[[[[[[[[[[

Layout File

.?AVLabel@@

@SATH

Gui, 2:Destroy

fD9)u

t$`;p

SysListView32

t$hHc

invalid condition (?(0)

|$XfD

NumpadPgDn

@SVWAUAVH

R6017

D$L+D$D

Parameter #2 must match an existing #If expression.

explore

ta=&

Black

Critical

SendInput {end}+{home}{del}{esc}

Language

ListLines Off

#MenuMaskKey

0A]A\^

repeating a DEFINE group is not allowed

Hotstring not found.

|$`fA

1#IND

hicon:

D%HE3

Tifinagh

@8p#u

|$hH;

too many named subpatterns (maximum 10000)

VVVVVVVVVVV

zY;>u:m

U(A;F }HH

RemoveClipboardFormatListener

t(fff

GdipCreateHBITMAPFromBitmap

Launch_App1

MouseReset

oI>O7

ScriptDir

fD9<pH

V6E>`"(5

MouseGetPos

EnumDisplayMonitors

IsPaused

?)tnH

Expected ":="

@SUVWATAUAVAWH

Digital

<&H;}

PA^A]A\_^][

LoopReadLine

Ctrl+V

A]A\_

l$ VWATH

HcL$0H

D;+t1

Execute()

x_^][

Kayah_Li

ImageList_Create

rp := RegExReplace(rp, "\Q$\Emonth", time.m)

u4A;v }

ldexp

guihide() {

UseEnv

VarSetCapacity

Script lines most recently executed (oldest first). Press [F5] to refresh. The seconds elapsed between a line and the one after it is in parentheses to the right (if not 0). The bottommost line's elapsed time is the number of seconds since it executed.

gettime() {

UpDown

L9d$xu

fD9$Ou

t&D8Z

?{Q}<

UATAUAVAWH

AltSubmit

stopped

L$@;|

Process Priority, , A

NumpadDel

Unreachable

fD92t}H

Hc@\D

Tabstop

9xT~63

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

D956P

RegEx

REG_FULL_RESOURCE_DESCRIPTOR

tjD9t$DuC

TrayTip

GetKey

A_A^A\[]

L$xf92

<BqtIA

t'ffff

RemoveMenu

SetControlDelay -1

R6032

8L$2H

`string'

\$ UVWATAUAVAWH

LockServiceDatabase

AlwaysOff

D$0H;

t$fff

@A\_^

number is too big

0><[cZUg^>

mixerClose

(.*)") == -1)

.?AVCStringWCharFromChar@@

%-15s

{Blind}%s%s{%s DownR}

Local Variables for %s()%s

VVVVVVVV

ActiveX

|$xH;

SetMenuDefaultItem

GetPixel

Logoff

GetLastInputInfo

t=D8w

v(H;}

:?:/q::

GuiEvent

RegClass

NumpadMult

gfffA

@VATAVAWH

Javanese

MoveFileW

SetTitleMatchMode 2

d$XE3

D$DHc

A_A^A]A\_^[

AppStarting

v%L;g

YearMonth

if findline("

loop, parse, allrp, `n

CorExitProcess

- not enough space for thread data

*D$@f

@A]A\_

[[[[[[[[[[[[[[[[[[[[[

AltTab

Floor

MouseClickDrag

WATAVH

tN @m

FillRgn

xA_A^A][

RtlPcToFileHeader

This variable has not been assigned a value.

0A\_^

getprocessid(){

MessageBeep

An environment variable is being accessed; see #NoEnv.

M8fD9!u

FileGetSize

IsOptional

`eh vector constructor iterator'

hHmst

operator

.?AVMetaObject@@

Could not extract script from EXE.

NumpadDown

Old_South_Arabian

d$0fA9E

HcHTH

D8h(u

USVWATAVH

A]_^

Syloti_Nagri

T$hI;

D8l$0t

SendInput /me

CompanyName

%0.2f

u(I;t$0}!H

WinMinimizeAllUndo

ExitReason

tIH9=}

R6019

|$ AT

SetEndOfFile

+h->|

This DllCall requires a prior VarSetCapacity.

ObjectLink

Numpad0

\$8+\$0f

|$PM3

GetGUIThreadInfo

FD8K#u

H;L$0vR

url:="https://pastebin.com/raw/04TKQkE1"

v0H;s

RunAs

Invalid class name.

REG_QWORD

”

(.*)\Q[\E(.*)\Q]\E", id)

ThisHotkey

ToolTip

yacute

D$@D8h

index := A_Index - line

)t$0f

fE97M

ExitWindowsEx

Invalid function declaration.

GetCapacity

D9T$p

GetIconInfo

[[[[[[[

RunAs: Missing advapi32.dll.

pA]A\_^[

EnfA9

tJE8h

%s%s %s %s

Invalid single-line hotkey/hotstring.

[[[[[[VVVVVVV[[[[[[[[[

MainWindow

TabRight

open:=1

R6010

D8E=t

d$Pff

CreateDirectoryW

.xJ>Hf

H;{0}

H;}0r

FormatTime

IconNumber

A^A\]

L$ USWH

IsSuspended

\$XI;

L$P$=

:qt f

sleep 20

Rename failed (name too long?).

RawWrite

VATAUAVAWH

SetTitleMatchMode Fast

R6030

Case/Default must be enclosed by a Switch.

PtInRect

f98uPH

Class may be overwritten.

bbbbb

Unknown

L;-~3

MultiByteToWideChar

@t&Ic

USWAVH

D$XfD9 t

__pascal

t$8E3

.?AUIServiceProvider@@

|$ H;

:?:/relog::

? StrGet(&buf, numBytes)

Expression too long

SizeWE

ComEvent

Clipboard

\$XfA9m

Background

l$0E3

ReadFile

Link Source

u2D9%

u_f9E

Expand

0x%08X -

&User Manual

unrecognized character after (?P

T$0H+

NO_START_OPT)

msctls_statusbar321

Destroy

epA_A^A]A\]

81u+fA9h

The current thread will exit.

kE>fvw

Missing ")" before ":"

patrol() {

0123456789ABCDEF

MinIndex

D8|$8t

cntrl

waveOutGetVolume

SHGetMalloc

Note: To avoid this message, see #SingleInstance in the help file.

C HcC A

D8c#u

IfGreater

9IcK$H

Malayalam

Browser_Forward

Specifically: %s

iacute

Nonexistent menu item.

gdiplus

A^A\_

bad allocation

ToolWindow

u5fE9L$

value

A_A^A\_]

IcF H

rQf99t'H

l$ WH

Match

Modify

<+u-A

GetTimeFormatW

Elapsed

fD9ly

@UWAVAW

v(L;w

[[[[[[[[[[[[[[[[[[[[[[[[[[

USWATH

Browser_Search

v'H;o

v%H;s

I)l$ E

040904b0

GetMessagePos

IconTip

T$TA;

ifWinNotActive GTA:SA:MP

A^A]_^]

z?aUY

\$ VATAU

WIN_XP

PCRED

WinClose

IfLessOrEqual

group

RtlVirtualUnwind

l$ WAUAVH

` AUH

USWATAUAWH

Property

)>6{1n

@8{^tY9{@

SetDlgItemTextW

Finally

ahk_autosize

|$8H;

L$&H;

8ut H

<HIcO`I

: %nick1%

NumpadAdd

MulDiv

Ignore

if !autogun

LoopFileFullPath

Exist

BassBoost

rp := RegExReplace(rp, "!", "{!}")

|$0E3

UA>N0Wl

TimeIdleMouse

Missing "{"

9uuCL

/ErrorStdOut

u*A8|$

*.txt

;\$ |

H[><y5

A_A^[

=imb;D

Browser_Stop

|$q@8

McE I

@A_A^_^[

Syriac

LD@Hc

closed

CreateFontW

otilde

D8d$Pu

L$DD8L$R

fD90u

\$P@2

f90u'95

d$`t)f

tI@8p#u

KERNEL32.dll

L$ WATAUAVAWH

goto True

GuiControl, 1:, M5, % ahk[i+2]

LoadPicture

L;5#>

rKLcM

t$@Hc

SelectObject

TUUUU

8qux3

return prread(getprocessid(), player + 0x540, "float")

Component Doesn't Support This Control Type

uNffffff

Microsoft Visual C++ Runtime Library

fD9/H

.D8mjt

t0H95

WideCharToMultiByte

LookupPrivilegeValueW

D$@E:

t$8fA

@Qm6t

FileReadLine

ELSE with no matching IF

ImageList

LoopRegTimeModified

Multi

Y>kX>M

fD91t

0A^A]A\_^

L$ UVWATAUAVAWH

InStr

COMCTL32.dll

Hebrew

recursive call could loop indefinitely

IsByRef

fD9!t

WinDelay

MinMax

t$0H;{8|.H

EnumWindows

D$@H+

This class definition is nested too deep.

(;s r

delete[]

If !WinActive("GTA:SA:MP") {

`udt returning'

L$$fE

H;Q wwf

fJBGo

%s\%s

Syntax error in class definition.

Z HcJ`H

L$pH+

Cross

@SUAUAV

ToggleEnable

8A_A]

NowUTC

GetCursorInfo

GetCurrentThreadId

MouseMove

SetFileAttributesW

return -1

RemoveDirectoryW

fD97t

Progress

MouseDelay

extends

AddRef

CopyFileW

FormatFloat

SetTimer

Gui, 3:show, x%xag% y%yag% w150 NoActivate,

StringTrimLeft

Hotstring

u(fff

DestroyAcceleratorTable

if StatusAC

return output := RegExReplace(RegExReplace(A_LoopField, "U)^\[\d{2}:\d{2}:\d{2}\]"), "Ui)\{[a-f0-9]{6}\}")

XA_A^

gui, 4:color, Black

; <COMPILER: v1.1.37.01>

8L$0H

Tamil

D$\}D

f9lT0u%

?:u8H

l$XfE

@SVWATAUAVAWH

LoadLibraryW

SetLastError

GetMenuItemInfoW

Start

aacute

GetSysColor

@UWAT

ToUnicodeEx

?!5WOo

L$`H3

utHc]

Katakana

RShift

toM;e

ReleaseDC

:}u"A

?)uxI

H+L$(H

FlushFileBuffers

t$HA+

GetTempPathW

ImageSearch

BE;CX|

LcCxH

NumpadEnd

mciSendStringW

USWATAUAVH

tED8k

GetClipboardFormatNameW

u5fE9|$

8ERCPu

Hotkeys/hotstrings are not allowed inside functions.

Combo

"%s" is not allowed as a prefix key.

\$XL;

@SUWATAVH

@A^][

@8l$8t

A]A\^

IfWinNotActive

L$@E2

Modifiers (Hook's Logical) = %s

CreateStreamOnHGlobal

@"=c(

A_A]^[

L$XfD9!u

ImageList_AddMasked

Permit

GdiplusStartup

USVWATAUH

H;;tCH

@SUWH

t,f98t'H

l$H@8~xug

BarBreak

GuiControl, 4:+cGreen +Redraw, apt

GetChatLine(line:=0) {

u_fE9

Saturday

<7H;} r+H

D+API

)|B?d!

@A^A\]

IfNotEqual

RegExMatch

WantF2

FreeEnvironmentStringsW

Lj[;>

L$qfD9+t}H

L$099u

SendInput /r [%tag%]%A_Space%

CreateStatusWindowW

CreatePopupMenu

NumBatchLines

#HotkeyInterval

t(H+D$`L

(A_A^A\^

D$H9D$@t

.?AVEnumBase@@

HcH<H

The maximum number of InputBoxes has been reached.

+\$|A

T$@H;

global id, rank, nick, path, open:=1, name, fam, org, bstatus, id, day, month, year, hour, min

SendDlgItemMessageW

.?AVFileObject@@

&Hotkeys and their methods

April

@UVWATAUAVAWH

between

t$ u(

%s%ws

`typeof'

Devanagari

internal error: missing capturing bracket

Enabled Timers: %u of %u (%s)

@WATAUAVAW

IfNotInString

GetExitCodeThread

Lower

sendinput, {f6}/drag%A_Space%

H+K8J

joyGetPosEx

Ramdisk

H;n0|

&Yuml;

D1:Hc

H;5%l

ole32.dll

return (type = "Str")

OleUninitialize

ComObjRef

v'H;k

IfEqual

Wednesday

CfA9,$u

fD93t+L

f9t$p

yapt:=A_ScreenHeight - 40

@UVWATAV

A^A]][

USVWAVH

8&u/H

\$gm?

mixerSetControlDetails

Qffffff

NOPQRSTUVWXYZ[\F]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]^]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]_`aaaaaaaabccdefghijklmno"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""pqqqqqqqqqqqqqqqqrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr]]stuvwwxyz{|}~

Relative

GetAsyncKeyState

JoyName

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

\p{Nd}

t$0fD#

u+H9k

D$(D;l$ s

AU3_Spy.exe

LastFound

GetMenuItemID

Desktop

L$ UVWH

HcT$0L

Ic@,A

L$8+L$0

StatusCD

.?AV__non_rtti_object@std@@

L9s uX@8k:uRD8k?uL@

D$8Hc

Igrave

%0.*f

H9{8H

`local static thread guard'

?QY^&

pcre_callout

9H ~MH

…

PostMessageW

An object.

SetRegView

ProductName

9s vE3

fD9d$

fD9,Ct'H

RP := RegExReplace(RP, "\Q$\Eid", id)

GlobalSize

Il?333333c?

times

u-9s,t

t=ffffff

)t$PL

EnumResourceNamesW

@WAUAVH

GetStartupInfoW

HcD$@H

MButton

VD$pf

–

For more details, read the documentation for #Warn.

GetDeviceCaps

H;L$h

#SingleInstance, force

D9qH~uA

cmd:=RegExReplace(cmd, ogr1, "start")

Gui, 4:Destroy

H;{8}

nD$0D

CreateAcceleratorTableW

#32770

D8 t=D

IsSet

v'I;]

D$PIc

IPAddress1

GuiControl, 3:+cGreen +Redraw, agun

R6018

d$`fE;

'fD9!u

t$PHc

Message

Numpad1

#Warn

InstallDir

L$`E3

Network

GetObjectW

v-H;s

RightClick

H9i8u

D$XH;

((((( H

SetForegroundWindow

if !id:=getid()

T$pH;

Group name too long.

L9|$8I

fD9?tVH

BlockInput

LWINUP

"%s" requires that parameter #%u be non-blank.

HKEY_USERS

GetKeyboardLayout

D9|$X

0iN>/

XButton1

h`H9up

A80uII

NOTE: Only the script's own keyboard events are shown

D$PH9D$p

tgE8h

A_A^A]A\^

REG_BINARY

ListView

L9=J-

The maximum number of MsgBoxes has been reached.

bb[[bb

GetModuleFileNameExW

HScroll

HA_A^A]A\_^][

IsWindow

xh:=A_ScreenWidth - ( A_ScreenWidth / 4 )

fD93t93

Combobox

v6H;s

@80t)H

D$p@2

H;K0u

URLDownloadToFile

eEfgGaA

D9B(tBH

RtlUnwindEx

Topmost

A_A]A\^]

SetWindowLongPtrW

Numpad5

tZL;%,&

FileExist

-+0 #

Tai_Tham

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

CDRom

uNf9C

L$XIc

%04d%02d%02d%02d%02d%02d

Action: <%-0.400s%s>%s

tnLcV

D8n#u

)t$ H

WheelDown

Global variables must not be declared in this function.

PA]_]

WebRequest := ComObjCreate("WinHttp.WinHttpRequest.5.1")

|$HI;

t$t@2

A\_^][

@A^A]A\

Hc}Dt

CtrlBreak

u<E8|$

UVWATAWH

{Click

#DerefChar

ShowDropDown

ComObject.Enumerator

Submit

LShift

|$DA;

"""""/

\$ UVW

yap:=A_ScreenHeight / 2 + 75

Encoding

\$xIc

u|D9}

February

+D$0Hc

Gothic

Hffff

sendchat(A_LoopField)

if(id==lid)

@.rsrc

A_A^^[

pA^A]A\_^

t/fD9k

9{H~23

Static

|$`fD

Parameter #4 invalid.

&View

Prefix key is down: %s

kernel32.dll

A(fE9(u

@8s t

t$f9E

l$DE3

t4@8-x

WinSetTitle

~pffff

|$8E3

D$PH;D$p

fD9.u>E

EnterCriticalSection

Not allowed as an output variable.

DetectHiddenWindows

.{Enter}

L;t$xrKH

WaNd?

GetUpdateRect

t]@8k

\$HfE

Break

IPAddress2

@A_A^A]A\_

sendchat("/pt " id2)

tBffffff

T$ E3

T$(E3

CLSIDFromString

@A_A]A\_]

not in

command option was not enabled in the original script.

Limit

Range

D$@A;

GetStringTypeExW

t.fffffff

return 1

MouseMoveOff

NumpadDot

CE;cX}6L

Inscriptional_Parthian

GetLastError

u4f9E

ntdll.dll

GetConsoleCP

Inherited

SING error

AltTabMenuDismiss

RTrim

O0HcQ

IsDebuggerPresent

IfWinActive

]>)2X

if !input

LShift

CheckRadioButton

t\HcCH

UnlockServiceDatabase

\$T+t$p+\$t+t$H+\$LH

H9{0u

RegExmatch(hp, "(.*)\.", shp)

EndReason

WinMinimize

XButton1::

CIcD$`H

HH:mm:ss

\$ UATAVH

EWHcM

y\PD>!

t$ WATAUAVAWH

StringTrimRight

RegEnumKeyExW

UNICODE

LcC0H

:uu,f

@8w#u

SUVWH

D$(fD9

A9vdu

D$@Lc

t%H;s

HcD$\

tKfA;

OutputDebugStringW

+M<7>

j?{$*

gui, 1:add, text, cWhite vM1 x0 w250 Center, % ahk[i-2]

GetClipBox

First

Carian

TranslateAcceleratorW

CONTROLDOWN

GetLayeredWindowAttributes

t$ I+

CloseServiceHandle

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

SetWorkingDir

CONTROLUP

A_A^A]_]

Tai_Le

e+000

FindAnywhere

CreateIconFromResourceEx

T$H8Z#u

l$X@2

kernel32

InProgress

`A\][

Reload

SUWAUAVH

RawSet

Launch Error (possibly related to RunAs):

@SVWH

Lycian

}/+}'C

Select

0A_A^A]A\_

L9l$p

Gui, launcher:Show, w311 h381, WantedLab

HeapSize

AdjustWindowRectEx

<$0u%

ucirc

SendInput {f6}^a+{del}%text%{enter}

middot

t"E8|$&t

\p{Xwd}

LoadResource

MonitorPrimary

A "return" must be encountered prior to this "}".

\$ VATAUH

pA]A\_][

GetClipRgn

E>nEA

sleep 1000

dwmapi.dll

d$8E3

.?AVComEvent@@

uzKs@>

@UATH

POSIX named classes are supported only within a class

Invalid option.

|$pfD

t%fD9?t

<>=/|^,:

Acirc

MS Shell Dlg

A_A^A\_^][

8A^A\][

`managed vector copy constructor iterator'

9D$XufE

hp:=GetHP()

IcK$H

This parameter contains a variable name missing its ending percent sign.

A;9}+M

H ATH

SetTimer, apt, 1

sc%03X

OnMessage

#KeyHistory 0

t$pI;

Ethiopic

RegExMatch(cmd, "(.*)start", ogr)

L9|$8u

exitapp

is not

StrPut

l$pL;t$`

u@D85

inveh() {

H;WHr

('8PW

<>=/|^,:*&~!()[]{}+-?."

epA_A^A]A\_^]

Drive

D9%U6

Shell_NotifyIconW

`eh vector copy constructor iterator'

|$pE3

CoordModeToolTip

GetExitCodeProcess

Treble

d$@E3

(t$`I

D8e_ue

Gui, launcher:Add, Picture, x32 y85 w250 h220 , C:\PA\Logo.ico

GetSystemDefaultUILanguage

erroffset passed as NULL

Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.

](tfA

SizeNWSE

L$ H+

`local vftable constructor closure'

L$PfI

l$`A;E s

l$ E3

#ClipboardTimeout

VVVVVVV

OriginalFilename

REG_RESOURCE_LIST

A9G|}

0A]A\_

R6027

D8w#u

numbers out of order in {} quantifier

#ErrorStdOut

XA^[H

D9l$l

DefaultListView

MenuGetName

H9k0u

@SVWAVH

SUVATAUAVH

`h````

StringReplace

HA_A]_^][

if !RegExMatch(getchatline(0), "

t>D95

D$0H9C0

GetVersionExW

DEFINE

Media_Play_Pause

WinActivate

d$xL9k

@UAUAVH

\c must be followed by an ASCII character

<>=/|^,:*&~!()[]{}+-?.

‘

fE9<$

D$@Hc

ChooseString

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

LoadAcceleratorsW

NoTab

E9<$t

HcG H

NoSort

VWAUAVAWH

<$+u<I

Cuneiform

@WATAUH

|$<+|$4H

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~

GetLocalTime

`managed vector constructor iterator'

Menu name too long.

qS>g?h3

v'H;s

|$0-H

range out of order in character class

SetControlDelay

KeyDelay

Gosub

iniread, x, rp.ini, settings, x

\P{Xwd}

tA@8p#u

REG_DWORD

.exe.bat.com.cmd.hta

ChangeClipboardChain

SetStdHandle

CreatePolygonRgn

SetTimer, cmenu, 1

!|$XI

Error

Parameter #3 must be blank in this case.

3>fvw

__based(

__eabi

Control

H;=j@

IsFunc

Hanunoo

#Persistent

A^_^][

WeaponId() {

L$xfA9

SizeNESW

|L^\u

@8w#H

fD9tN

:uUfB

A;\$ r$H

|$@-H

L$PE3

IsWow64Process

https://autohotkey.com

L9q0u

Key := objOSItem.SerialNumber

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

A^_[]

bp(=>?g

A__^[

internal error: opcode not recognized

lic_check()

T$ L+

D8p(u

0A^A]A\_[

if !A_IsCompiled

StrReplace

} ffffff

This "For" is missing its "in".

rHH+D$`LcM

L$PI;

|$0.u

sleep 3000

?+>^m

A^A]_

t?D9

LAlt

SetBase

acirc

T$(A+

iniread, rank, rp.ini, settings, rank

ThisMenu

Disable

SHEmptyRecycleBinW

;(uBE

Coptic

RETRY

@UATAUAVAWH

@UVATAUAWH

VarFileInfo

ALTUP

G:f9C

GdiFlush

e`A_A^A]A\_^]

ComObjArray

FindString

IsMenu

%04hX

sendinput {a down}

uYfE9

--------------------------------------------------

\" $*

sendchat("/drag " id2)

D$ L+

D;P(|

FileTimeToLocalFileTime

SetWindowTextW

objWMIService := ComObjGet("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Native

H9k@@

Catan

GuiHeight

unknown POSIX class name

H;{0|+H

GetProcessWindowStation

L$8u%

Too many status bars.

.?AVComEnum@@

#MaxThreadsPerHotkey

WIN_VISTA

x ATH

Unexpected %

GetDiskFreeSpaceW

SOFTWARE\AutoHotkey

CHcB`H

GetFileType

Minimize

<^>^<!>!<+>+<#>#

|$89^

GetAncestor

StrCmpLogicalW

UpdateWindow

L$fH;

\p{Ll}

D$HE3

disallowed Unicode code point (>= 0xd800 && <= 0xdfff)

dddd, MMMM dd, yyyy

RegCloseKey

XA]A\][

Lcd$LI

HcD$T

u*8D$qt$D9{

Illegal parameter name.

..om?

FileObject

au`fE9J

WinWaitActive

WATAUH

f9D$p

StoreCapslockMode

A_A]A\_]

0A^A\[

\$ UWAVH

A_A^A]A\_

Xusf9~

WheelRight

LoopFileDir

This line does not contain a recognized action.

u&8T$LD

A8F#u

SetNumlockState

SysDateTimePick32

`RTTI

gui, launcher:font, s16

FillRect

&bdquo;

agun() {

@SVWATAUAVH

CreateDialogIndirectParamW

T$`E3

+-*&~!

GetUserObjectInformationW

Vertical

T$PD;

fE;)sKM

T$xHc

.pdata

\$\E;

%s (a %s variable%s)

Password

Failed to open file.

F>qUxv

fD;*ssI

GetMonitorInfoW

CharUpperW

D\@fA

&oelig;

|$(tc

GetProcessImageFileNameW

v'L;c

gui, 5:+ToolWindow -Caption +Owner +AlwaysOnTop +E0x20

RP := RegExReplace(RP, "\Q$\Efam", fam)

Mongolian

PriorHotkey

Ctrl+R

t0D8w#u

\$0um3

conditional group contains more than two branches

sendinput {RButton down}

Declaration conflicts with existing var.

A^A]A\^]

Key History has been disabled via #KeyHistory 0.

t$ WATAV

Launch_Media

Screen

t$ D;>u

ShowWindow

RP := RegExReplace(RP, "\Q$\Eorg", org)

D8l$x

c [1>H'

D8u:t"H;

Consolas

Missing "}" before ":"

t/f93u*

A^A\_][

!"#$

|$0E2

Out of memory.

<>=/|^,:*&~!()[]{}+-?."'\;`

H9\$Ht

N3`d?

CoordModeCaret

Unknown class.

[[VVVVVVVVVVVVVVVV

Dialog

malformed \P or \p sequence

Window

GuiControl, 5:,pfam,

ControlSetText

%0.6f

<$,u_I

MyDocuments

While

E9l$(t

RegisterHotKey

SoundPlay

#MaxMem

NotReady

LWINDOWN

Tab name doesn't exist yet.

Duplicate function definition.

9CDtJ

upper

t$ WATAVH

IsAppThemed

GetEnvironmentVariableW

f;D$@ug

if %s %s %s and %s

Caption

Nonexistent hotkey variant (IfWin).

.?AVTextFile@@

Variable name too long.

DetectHiddenWindows On

A^A]A\^[

InputThenPlay

H;D$p

tooltips_class32

"H958

GetSysColorBrush

if hud

Logical

qrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqrqr

Illegal group name.

SetDefaultMouseSpeed

WIN_7

(|$PD

%04d%02d

@8{#u

RegExReplace

SetTimer, agun, 1

<Nt4ff

nothing to repeat

AtlAxWinInit

GuiControl, 1:, M3, % ahk[i]

SUVATAUAVAWH

t$ fD

A;E$}

Slider

if !processID := ErrorLevel

E fA;

UnhandledExceptionFilter

c?FA@s}

Enabled

CDecl

(*MARK) must have an argument

internal error: overran compiling workspace

Remove

A_A^A]A\]

9P(t!H

result := DllCall("ReadProcessMemory", "Ptr", hProccess, "Ptr", dwAdress, "Ptr", &buf, "Ptr", numBytes, "PtrP", numBytesRead, "UInt")

gui, 6:font, s14

Could not launch WindowSpy.ahk or AU3_Spy.exe

\$PM94$tpE

fE9!thI

\$PH;

Parameter #3 invalid.

if not A_IsAdmin

global sec, x, y, StatusAC:=1, M1, M2, M3, M4, M5, pstatus, pname, pfam, pid, nid, lid, autogun:=0

RegisterWindowMessageW

Hangul

CoGetObject

HeapAlloc

LoopFileTimeAccessed

\P{Ll}

`placement delete closure'

GetArmour() {

SysTabControl32

Continue running the script?

fE9&t

MSDEVLineSelect

u6HcD$0H

VkKeyScanExW

t$`E3

Ucirc

Tai_Viet

ExitApp

FileSelectFile

LTrim

[[[[[[[[[[[

T$XA;

D$@I9G

HKEY_CURRENT_CONFIG

September

FlsAlloc

.?AVtype_info@@

T$xE3

nu'E3

GetClassNameW

gui, 5:add, text, x10 y60 w250 cWhite vpfam,

Launch_App2

@USAUAWH

unknown property name after \P or \p

CompareStringW

IfMsgBox

h AVL

UseErrorLevel

l$0Lc

f9>t#H

Small

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

u[D8u

UTF-8-RAW

&Edit Script

@SUWAUAVH

u"L9k

FileAppend

GetCurrentDirectoryW

!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~

@USVWATAUAVAWH

StringUpper

Monday

Deseret

MonitorFromPoint

UVWATAUH

li:=i

Could not launch AutoHotkey.chm

GetPrivateProfileStringW

L$0H3

AutoHotkey

"%s" requires at least %d parameter%s.

Status

This line will never execute, due to %s preceding it.

D$Ht?H

Missing ":"

ScriptFullPath

IsClipboardFormatAvailable

t&fff

Greek

L$ Lc

TabLeft

gui, 1:hide

[[[[[

f9\$ t,H

Upper

t#H9s

0A]_[

Hidden

Can't delete menu (in use?).

IsBuiltIn

SendMessageW

L$pH3

[[[[[[

\p{Lu}

&lsaquo;

ATAUAWH

Click

D$`I9D$

@SUAWH

GetWindowRect

>AUTOHOTKEY SCRIPT<(

A^A\^]

@USVWAUH

f;E`u

Priority

SetActiveWindow

GuiControlGet

RegConnectRegistryW

SoundSet

opengta() {

D$@fD

Unexpected "}"

digit

InitialWorkingDir

ContextMenu

.?AV?$CKuStringT@_WVCKuStringUtilW@@@@

CreateRectRgn

bbbubb

tEH;=

fA9|$

loop, Parse, file, `n, `r

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

SUVWATAVAWH

AtlAxWin

apt() {

ATAUH

t$Xffffff

-------------------------------------------------------------------------------------------------------------

A_A]_^]

<>=/|^,:*&~!()[]{}"

CONTINUE

\$@H9

yh:=5

FileMove

GetEnvironmentStringsW

A^A]A\^][

T$Hfffff

HKEY_LOCAL_MACHINE

.?AVTextMem@@

Gui, 3:Destroy

<ttk<v

SysLink

8uu8f

fA9;u'

v$L;c

D$qt&

Ugaritic

repeated subpattern is too long

Mixer Doesn't Have That Many of That Component Type

T$XIc

Release

MoveWindow

_NewEnum

A]A\_[]

PA]^]

HcO H

Could not close the previous instance of this script. Keep waiting?

#HotkeyModifierTimeout

Process, close, gta_sa.exe

in #include file "%s"

A ":" is missing its "?"

fD9!u

uCE8|$

SetVolumeLabelW

gui, 1:add, text, cWhite vM5 x0 w250 Center, % ahk[i+2]

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

t$8Hc

D$@H;

D$QE+

@8n#u

)|$ I

L$x;p |

8L$3H

- not enough space for stdio initialization

IfExist

Loudness

\$ UWATAVAWH

Hiragana

FileCreateDir, C:\PA

sjD8u?uLH;

H9x8t%@8x!u

GlobalLock

\p{Xps}

t$xHc

WantTab

Ogham

GetConsoleMode

MSDEVColumnSelect

xA\_[]

InternetReadFile

Kharoshthi

LastError

Thick

__ptr64

.?AVProperty@@

UTF-16-RAW

Gurmukhi

PixelSearch

u5H;{8|

t$XH;

if apt

+LastFoundExist

@8t$8t

Browser_Favorites

System verbs unsupported with RunAs.

SendPlay

Invalid Control Type or Component Type

;"u>H

return prread(getprocessid(), 0xBA18FC)

+D$$Hc

{Text}

@SWAUH

#WinActivateForce

Invalid value.

Kaithi

BitShiftLeft

Hc@$H

IPAddress4

Max window number is 20.

|$r:tIf9t$p

Uncheck

VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYXYTZXY[[\]]]

Color

USVWATAUAVAW

@SAWH

L$HD+L$@

CommDlgExtendedError

7fD9?

Interrupt

GuiControl

EditPaste

Check3

RegExMatch(GetChatLine(), "

subpattern name expected

if (index == A_Index)

t<fffff

SetFocus

#MaxHotkeysPerInterval 1000

%03u:

FreeLibrary

f9t$ tdH

\$ IcL$`H

|$pA;

GetMenuStringW

Float

if(GetKeyState("SPACE", "P"))

T$@u E3

DragQueryPoint

gui, 5:font, s14

@SAVH

fD93t-H

upH9|$8t

L$8E3

H;L$HrM

GuiControl, 5:,pid,

:+-*/|&^.

A]_^[]

WebRequest.Send()

8D$$u6

ControlGet

iquest

xdigit

@8{^t

D$PH;

Tuesday

H;F8t

@8t$1t@95

|$`H9C

DeleteDC

UserName

A^A]A\

log10

SB_SetParts

GdiplusShutdown

T$RHc

b?^Cy

HcC ;C$tmD

fD9;urE

SUWATAVAWH

\$0D;

GetParent

@VWATAUAVH

u%fA9l$

L$ VWATAUAVH

LoopFileName

;.tDH

|$pE9

9E v+H

H+D$PLc

italic

Resize

SetWindowLongW

OnClipboardChange

v#H;s

NumGet

L$HD;

HelpFile:

Oacute

0x%08X

#CommentFlag

@A_A^A]A\_^]

|$@fD

DPIScale

DragQueryFileW

uafE9h

SetBrushOrgEx

DeleteCriticalSection

H;D$pr+H

Border

SysMonthCal32

@8ydt

OnExit

Pause

PA_A^A]A\_^]

T$p;QT|

CloseClipboard

IniRead, cmd, rp.ini

uFfA9<$t*H

<juuH

gui, 3:font, s16

2-hooks

Is64bitOS

Quote marks are required around this key.

%GoU?*

Numpad7

Ctrl+K

play AHK_PlayMe

ToggleCheck

__Class

@A^A]_^[

L$ H;

Can't open clipboard for reading.

d$xf9

%s %s%s

t$(E3

AutoTrim

ProcessName

u$H9o

l$(L+

t$ UWAUAVAWH

\$0tN

`scalar deleting destructor'

iniread, pass, rp.ini, settings, pass

t$PA;

GetCPInfo

E8~>t

V @8x

SetThreadPriority

Volume_Down

[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[

TimeIdleKeyboard

CreateSolidBrush

%s (%d) : ==> Warning: %s

Unexpected "{"

R6016

PE Information

Image Base	Entry Point	Reported Checksum	Actual Checksum	Minimum OS Version	Compile Time	Import Hash	Icon	Icon Exact Hash	Icon Similarity Hash	Icon DHash
0x140000000	0x000cdb10	0x00000000	0x0013bc6e	5.2	2023-07-08 05:26:14	8ebf8cdff0edfb71b612fb21cbde3410		26a5a9172b6cdded5702af7b3962ed10	1a6ae092b733c43153c15fa33ea788be	fcccc4e4cccc4cbe

Version Infos

FileDescription
FileVersion	1.1.37.01
InternalName
LegalCopyright
CompanyName
OriginalFilename
ProductName
ProductVersion	1.1.37.01
Translation	0x0409 0x04b0

Sections

Name	RAW Address	Virtual Address	Virtual Size	Size of Raw Data	Characteristics	Entropy
.text	0x00000400	0x00001000	0x000de3c6	0x000de400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.55
.rdata	0x000de800	0x000e0000	0x000312de	0x00031400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.97
.data	0x0010fc00	0x00112000	0x0000c3b8	0x00005000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.31
.pdata	0x00114c00	0x0011f000	0x00007a58	0x00007c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.99
text	0x0011c800	0x00127000	0x0000258d	0x00002600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE	5.77
data	0x0011ee00	0x0012a000	0x00006ec0	0x00007000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.46
.rsrc	0x00125e00	0x00131000	0x00008918	0x00008a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.31

Name	Offset	Size	Language	Sub-language	Entropy	File type
RT_ICON	0x00131458	0x000010a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.86	None
RT_ICON	0x00132500	0x000025a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.37	None
RT_ICON	0x00134aa8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.68	None
RT_ICON	0x00134f10	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.84	None
RT_ICON	0x00135378	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.33	None
RT_ICON	0x001357e0	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.47	None
RT_ICON	0x00135c48	0x00000128	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.56	None
RT_MENU	0x00135d70	0x000002c8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.37	None
RT_DIALOG	0x00136038	0x000000e8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.82	None
RT_ACCELERATOR	0x00136120	0x00000048	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.96	None
RT_RCDATA	0x00136168	0x0000301f	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.76	None
RT_GROUP_ICON	0x00139188	0x00000030	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.46	None
RT_GROUP_ICON	0x001391b8	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	None
RT_GROUP_ICON	0x001391cc	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.98	None
RT_GROUP_ICON	0x001391e0	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.08	None
RT_GROUP_ICON	0x001391f4	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.08	None
RT_VERSION	0x00139208	0x0000021c	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.25	None
RT_MANIFEST	0x00139424	0x000004f4	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.35	None

Imports

Name	Address
gethostbyname	0x1400e0e30
inet_ntoa	0x1400e0e38
WSACleanup	0x1400e0e40
gethostname	0x1400e0e48
WSAStartup	0x1400e0e50

Name	Address
mixerGetLineInfoW	0x1400e0dc8
mixerGetDevCapsW	0x1400e0dd0
mixerOpen	0x1400e0dd8
mciSendStringW	0x1400e0de0
joyGetPosEx	0x1400e0de8
mixerGetLineControlsW	0x1400e0df0
mixerGetControlDetailsW	0x1400e0df8
mixerSetControlDetails	0x1400e0e00
waveOutGetVolume	0x1400e0e08
mixerClose	0x1400e0e10
waveOutSetVolume	0x1400e0e18
joyGetDevCapsW	0x1400e0e20

Name	Address
GetFileVersionInfoW	0x1400e0d78
VerQueryValueW	0x1400e0d80
GetFileVersionInfoSizeW	0x1400e0d88

Name	Address
ImageList_Create	0x1400e00a0
CreateStatusWindowW	0x1400e00a8
ImageList_ReplaceIcon	0x1400e00b0
ImageList_GetIconSize	0x1400e00b8
ImageList_Destroy	0x1400e00c0
ImageList_AddMasked	0x1400e00c8

Name	Address
GetProcessImageFileNameW	0x1400e0780
GetModuleBaseNameW	0x1400e0788
GetModuleFileNameExW	0x1400e0790

Name	Address
InternetOpenW	0x1400e0d98
InternetOpenUrlW	0x1400e0da0
InternetCloseHandle	0x1400e0da8
InternetReadFileExA	0x1400e0db0
InternetReadFile	0x1400e0db8

Name	Address
GetModuleFileNameW	0x1400e0210
GetSystemTimeAsFileTime	0x1400e0218
FindResourceW	0x1400e0220
SizeofResource	0x1400e0228
LoadResource	0x1400e0230
LockResource	0x1400e0238
GetFullPathNameW	0x1400e0240
GetShortPathNameW	0x1400e0248
FindFirstFileW	0x1400e0250
FindNextFileW	0x1400e0258
FindClose	0x1400e0260
FileTimeToLocalFileTime	0x1400e0268
SetEnvironmentVariableW	0x1400e0270
Beep	0x1400e0278
MoveFileW	0x1400e0280
OutputDebugStringW	0x1400e0288
CreateProcessW	0x1400e0290
GetFileAttributesW	0x1400e0298
WideCharToMultiByte	0x1400e02a0
MultiByteToWideChar	0x1400e02a8
GetExitCodeProcess	0x1400e02b0
WriteProcessMemory	0x1400e02b8
ReadProcessMemory	0x1400e02c0
GetCurrentProcessId	0x1400e02c8
OpenProcess	0x1400e02d0
TerminateProcess	0x1400e02d8
SetPriorityClass	0x1400e02e0
SetLastError	0x1400e02e8
GetEnvironmentVariableW	0x1400e02f0
GetLocalTime	0x1400e02f8
GetDateFormatW	0x1400e0300
GetTimeFormatW	0x1400e0308
GetDiskFreeSpaceExW	0x1400e0310
SetVolumeLabelW	0x1400e0318
CreateFileW	0x1400e0320
DeviceIoControl	0x1400e0328
GetDriveTypeW	0x1400e0330
GetVolumeInformationW	0x1400e0338
GetDiskFreeSpaceW	0x1400e0340
GetCurrentDirectoryW	0x1400e0348
CreateDirectoryW	0x1400e0350
ReadFile	0x1400e0358
WriteFile	0x1400e0360
DeleteFileW	0x1400e0368
SetFileAttributesW	0x1400e0370
LocalFileTimeToFileTime	0x1400e0378
SetFileTime	0x1400e0380
DeleteCriticalSection	0x1400e0388
GetSystemTime	0x1400e0390
GetSystemDefaultUILanguage	0x1400e0398
GetComputerNameW	0x1400e03a0
GetSystemWindowsDirectoryW	0x1400e03a8
GetTempPathW	0x1400e03b0
EnterCriticalSection	0x1400e03b8
LeaveCriticalSection	0x1400e03c0
VirtualProtect	0x1400e03c8
QueryDosDeviceW	0x1400e03d0
CompareStringW	0x1400e03d8
RemoveDirectoryW	0x1400e03e0
CopyFileW	0x1400e03e8
GetCurrentProcess	0x1400e03f0
CreateToolhelp32Snapshot	0x1400e03f8
Process32FirstW	0x1400e0400
Process32NextW	0x1400e0408
FormatMessageW	0x1400e0410
GetPrivateProfileStringW	0x1400e0418
GetPrivateProfileSectionW	0x1400e0420
GetPrivateProfileSectionNamesW	0x1400e0428
WritePrivateProfileStringW	0x1400e0430
WritePrivateProfileSectionW	0x1400e0438
SetEndOfFile	0x1400e0440
GetACP	0x1400e0448
GetFileType	0x1400e0450
GetStdHandle	0x1400e0458
SetFilePointerEx	0x1400e0460
SystemTimeToFileTime	0x1400e0468
FileTimeToSystemTime	0x1400e0470
GetFileSize	0x1400e0478
IsWow64Process	0x1400e0480
VirtualAllocEx	0x1400e0488
VirtualFreeEx	0x1400e0490
EnumResourceNamesW	0x1400e0498
LoadLibraryExW	0x1400e04a0
GlobalSize	0x1400e04a8
HeapReAlloc	0x1400e04b0
EncodePointer	0x1400e04b8
HeapFree	0x1400e04c0
DecodePointer	0x1400e04c8
ExitProcess	0x1400e04d0
HeapAlloc	0x1400e04d8
IsValidCodePage	0x1400e04e0
FlsGetValue	0x1400e04e8
FlsSetValue	0x1400e04f0
FlsFree	0x1400e04f8
FlsAlloc	0x1400e0500
UnhandledExceptionFilter	0x1400e0508
SetUnhandledExceptionFilter	0x1400e0510
IsDebuggerPresent	0x1400e0518
RtlVirtualUnwind	0x1400e0520
RtlLookupFunctionEntry	0x1400e0528
InitializeCriticalSection	0x1400e0530
GetCPInfo	0x1400e0538
GetVersionExW	0x1400e0540
GetModuleHandleW	0x1400e0548
FreeLibrary	0x1400e0550
GetProcAddress	0x1400e0558
LoadLibraryW	0x1400e0560
GetLastError	0x1400e0568
CreateMutexW	0x1400e0570
CloseHandle	0x1400e0578
GetExitCodeThread	0x1400e0580
SetThreadPriority	0x1400e0588
CreateThread	0x1400e0590
GetStringTypeExW	0x1400e0598
lstrcmpiW	0x1400e05a0
GetCurrentThreadId	0x1400e05a8
GlobalUnlock	0x1400e05b0
GlobalFree	0x1400e05b8
GlobalAlloc	0x1400e05c0
GlobalLock	0x1400e05c8
SetErrorMode	0x1400e05d0
SetCurrentDirectoryW	0x1400e05d8
Sleep	0x1400e05e0
GetTickCount	0x1400e05e8
MulDiv	0x1400e05f0
RtlCaptureContext	0x1400e05f8
HeapSetInformation	0x1400e0600
GetVersion	0x1400e0608
HeapCreate	0x1400e0610
InitializeCriticalSectionAndSpinCount	0x1400e0618
HeapSize	0x1400e0620
HeapQueryInformation	0x1400e0628
GetCommandLineW	0x1400e0630
GetStartupInfoW	0x1400e0638
RtlUnwindEx	0x1400e0640
GetStringTypeW	0x1400e0648
RaiseException	0x1400e0650
RtlPcToFileHeader	0x1400e0658
LCMapStringW	0x1400e0660
GetConsoleCP	0x1400e0668
GetConsoleMode	0x1400e0670
FreeEnvironmentStringsW	0x1400e0678
GetEnvironmentStringsW	0x1400e0680
SetHandleCount	0x1400e0688
QueryPerformanceCounter	0x1400e0690
GetOEMCP	0x1400e0698
SetFilePointer	0x1400e06a0
WriteConsoleW	0x1400e06a8
SetStdHandle	0x1400e06b0
FlushFileBuffers	0x1400e06b8
GetFileSizeEx	0x1400e06c0
GetProcessHeap	0x1400e06c8

Name	Address
GetDlgItem	0x1400e0810
SetDlgItemTextW	0x1400e0818
MessageBeep	0x1400e0820
GetCursorInfo	0x1400e0828
GetLastInputInfo	0x1400e0830
GetSystemMenu	0x1400e0838
GetMenuItemCount	0x1400e0840
GetMenuItemID	0x1400e0848
GetSubMenu	0x1400e0850
GetMenuStringW	0x1400e0858
ExitWindowsEx	0x1400e0860
SetMenu	0x1400e0868
FlashWindow	0x1400e0870
GetPropW	0x1400e0878
SetPropW	0x1400e0880
RemovePropW	0x1400e0888
MapWindowPoints	0x1400e0890
RedrawWindow	0x1400e0898
SetWindowLongPtrW	0x1400e08a0
SetParent	0x1400e08a8
GetClassInfoExW	0x1400e08b0
DefDlgProcW	0x1400e08b8
GetAncestor	0x1400e08c0
UpdateWindow	0x1400e08c8
GetMessagePos	0x1400e08d0
GetClassLongPtrW	0x1400e08d8
CallWindowProcW	0x1400e08e0
CheckRadioButton	0x1400e08e8
IntersectRect	0x1400e08f0
GetUpdateRect	0x1400e08f8
PtInRect	0x1400e0900
CreateDialogIndirectParamW	0x1400e0908
GetWindowLongPtrW	0x1400e0910
CreateAcceleratorTableW	0x1400e0918
DestroyAcceleratorTable	0x1400e0920
InsertMenuItemW	0x1400e0928
SetMenuDefaultItem	0x1400e0930
RemoveMenu	0x1400e0938
SetMenuItemInfoW	0x1400e0940
IsMenu	0x1400e0948
GetMenuItemInfoW	0x1400e0950
CreateMenu	0x1400e0958
CreatePopupMenu	0x1400e0960
SetMenuInfo	0x1400e0968
AppendMenuW	0x1400e0970
DestroyMenu	0x1400e0978
TrackPopupMenuEx	0x1400e0980
CopyImage	0x1400e0988
CreateIconIndirect	0x1400e0990
CreateIconFromResourceEx	0x1400e0998
EnumClipboardFormats	0x1400e09a0
GetWindow	0x1400e09a8
BringWindowToTop	0x1400e09b0
MessageBoxW	0x1400e09b8
GetTopWindow	0x1400e09c0
GetQueueStatus	0x1400e09c8
SendDlgItemMessageW	0x1400e09d0
SetClipboardViewer	0x1400e09d8
LoadAcceleratorsW	0x1400e09e0
EnableMenuItem	0x1400e09e8
GetMenu	0x1400e09f0
CreateWindowExW	0x1400e09f8
RegisterClassExW	0x1400e0a00
LoadCursorW	0x1400e0a08
DestroyWindow	0x1400e0a10
EnableWindow	0x1400e0a18
MapVirtualKeyW	0x1400e0a20
VkKeyScanExW	0x1400e0a28
MapVirtualKeyExW	0x1400e0a30
GetKeyboardLayoutNameW	0x1400e0a38
ActivateKeyboardLayout	0x1400e0a40
GetGUIThreadInfo	0x1400e0a48
GetWindowTextW	0x1400e0a50
mouse_event	0x1400e0a58
WindowFromPoint	0x1400e0a60
GetSystemMetrics	0x1400e0a68
keybd_event	0x1400e0a70
SetKeyboardState	0x1400e0a78
GetKeyboardState	0x1400e0a80
GetCursorPos	0x1400e0a88
GetAsyncKeyState	0x1400e0a90
AttachThreadInput	0x1400e0a98
SendInput	0x1400e0aa0
UnregisterHotKey	0x1400e0aa8
RegisterHotKey	0x1400e0ab0
SendMessageTimeoutW	0x1400e0ab8
UnhookWindowsHookEx	0x1400e0ac0
SetWindowsHookExW	0x1400e0ac8
PostThreadMessageW	0x1400e0ad0
IsCharAlphaNumericW	0x1400e0ad8
IsCharUpperW	0x1400e0ae0
IsCharLowerW	0x1400e0ae8
ToUnicodeEx	0x1400e0af0
GetKeyboardLayout	0x1400e0af8
CallNextHookEx	0x1400e0b00
CharLowerW	0x1400e0b08
ReleaseDC	0x1400e0b10
GetDC	0x1400e0b18
OpenClipboard	0x1400e0b20
GetClipboardData	0x1400e0b28
GetClipboardFormatNameW	0x1400e0b30
CloseClipboard	0x1400e0b38
SetClipboardData	0x1400e0b40
EmptyClipboard	0x1400e0b48
PostMessageW	0x1400e0b50
FindWindowW	0x1400e0b58
EndDialog	0x1400e0b60
IsWindow	0x1400e0b68
DispatchMessageW	0x1400e0b70
TranslateMessage	0x1400e0b78
ShowWindow	0x1400e0b80
CountClipboardFormats	0x1400e0b88
SetWindowLongW	0x1400e0b90
ScreenToClient	0x1400e0b98
IsDialogMessageW	0x1400e0ba0
DialogBoxParamW	0x1400e0ba8
SetForegroundWindow	0x1400e0bb0
DefWindowProcW	0x1400e0bb8
FillRect	0x1400e0bc0
DrawIconEx	0x1400e0bc8
GetSysColorBrush	0x1400e0bd0
GetSysColor	0x1400e0bd8
RegisterWindowMessageW	0x1400e0be0
EnumDisplayMonitors	0x1400e0be8
IsIconic	0x1400e0bf0
IsZoomed	0x1400e0bf8
EnumWindows	0x1400e0c00
ChangeClipboardChain	0x1400e0c08
GetWindowTextLengthW	0x1400e0c10
SendMessageW	0x1400e0c18
IsWindowEnabled	0x1400e0c20
GetWindowLongW	0x1400e0c28
GetKeyState	0x1400e0c30
TranslateAcceleratorW	0x1400e0c38
KillTimer	0x1400e0c40
PeekMessageW	0x1400e0c48
GetFocus	0x1400e0c50
GetClassNameW	0x1400e0c58
GetWindowThreadProcessId	0x1400e0c60
GetForegroundWindow	0x1400e0c68
InvalidateRect	0x1400e0c70
SetLayeredWindowAttributes	0x1400e0c78
SetWindowPos	0x1400e0c80
SetWindowRgn	0x1400e0c88
SetFocus	0x1400e0c90
SetActiveWindow	0x1400e0c98
ClientToScreen	0x1400e0ca0
EnumChildWindows	0x1400e0ca8
MoveWindow	0x1400e0cb0
GetWindowRect	0x1400e0cb8
GetMonitorInfoW	0x1400e0cc0
MonitorFromPoint	0x1400e0cc8
GetClientRect	0x1400e0cd0
SystemParametersInfoW	0x1400e0cd8
AdjustWindowRectEx	0x1400e0ce0
DrawTextW	0x1400e0ce8
SetRect	0x1400e0cf0
GetIconInfo	0x1400e0cf8
SetWindowTextW	0x1400e0d00
IsWindowVisible	0x1400e0d08
BlockInput	0x1400e0d10
GetMessageW	0x1400e0d18
SetTimer	0x1400e0d20
GetParent	0x1400e0d28
GetDlgCtrlID	0x1400e0d30
CharUpperW	0x1400e0d38
IsClipboardFormatAvailable	0x1400e0d40
CheckMenuItem	0x1400e0d48
PostQuitMessage	0x1400e0d50
IsCharAlphaW	0x1400e0d58
LoadImageW	0x1400e0d60
DestroyIcon	0x1400e0d68

Name	Address
GetPixel	0x1400e00f8
GetClipRgn	0x1400e0100
GetCharABCWidthsW	0x1400e0108
SetBkMode	0x1400e0110
CreatePatternBrush	0x1400e0118
SetBrushOrgEx	0x1400e0120
EnumFontFamiliesExW	0x1400e0128
CreateDIBSection	0x1400e0130
GdiFlush	0x1400e0138
SetBkColor	0x1400e0140
ExcludeClipRect	0x1400e0148
SetTextColor	0x1400e0150
GetClipBox	0x1400e0158
BitBlt	0x1400e0160
CreateCompatibleBitmap	0x1400e0168
GetSystemPaletteEntries	0x1400e0170
GetDIBits	0x1400e0178
CreateCompatibleDC	0x1400e0180
CreatePolygonRgn	0x1400e0188
CreateRectRgn	0x1400e0190
CreateRoundRectRgn	0x1400e0198
CreateEllipticRgn	0x1400e01a0
DeleteDC	0x1400e01a8
GetObjectW	0x1400e01b0
GetTextMetricsW	0x1400e01b8
GetTextFaceW	0x1400e01c0
SelectObject	0x1400e01c8
GetStockObject	0x1400e01d0
CreateDCW	0x1400e01d8
CreateSolidBrush	0x1400e01e0
CreateFontW	0x1400e01e8
FillRgn	0x1400e01f0
GetDeviceCaps	0x1400e01f8
DeleteObject	0x1400e0200

Name	Address
CommDlgExtendedError	0x1400e00d8
GetSaveFileNameW	0x1400e00e0
GetOpenFileNameW	0x1400e00e8

Name	Address
RegDeleteKeyW	0x1400e0000
RegSetValueExW	0x1400e0008
RegCreateKeyExW	0x1400e0010
RegQueryValueExW	0x1400e0018
AdjustTokenPrivileges	0x1400e0020
LookupPrivilegeValueW	0x1400e0028
OpenProcessToken	0x1400e0030
CloseServiceHandle	0x1400e0038
UnlockServiceDatabase	0x1400e0040
LockServiceDatabase	0x1400e0048
OpenSCManagerW	0x1400e0050
GetUserNameW	0x1400e0058
RegEnumKeyExW	0x1400e0060
RegEnumValueW	0x1400e0068
RegQueryInfoKeyW	0x1400e0070
RegOpenKeyExW	0x1400e0078
RegCloseKey	0x1400e0080
RegConnectRegistryW	0x1400e0088
RegDeleteValueW	0x1400e0090

Name	Address
DragQueryPoint	0x1400e07a0
SHEmptyRecycleBinW	0x1400e07a8
SHFileOperationW	0x1400e07b0
SHGetPathFromIDListW	0x1400e07b8
SHBrowseForFolderW	0x1400e07c0
SHGetDesktopFolder	0x1400e07c8
SHGetMalloc	0x1400e07d0
SHGetFolderPathW	0x1400e07d8
ShellExecuteExW	0x1400e07e0
Shell_NotifyIconW	0x1400e07e8
DragFinish	0x1400e07f0
DragQueryFileW	0x1400e07f8
ExtractIconW	0x1400e0800

Name	Address
OleInitialize	0x1400e0e60
OleUninitialize	0x1400e0e68
CoCreateInstance	0x1400e0e70
CoInitialize	0x1400e0e78
CoUninitialize	0x1400e0e80
CLSIDFromString	0x1400e0e88
CLSIDFromProgID	0x1400e0e90
CoGetObject	0x1400e0e98
StringFromGUID2	0x1400e0ea0
CreateStreamOnHGlobal	0x1400e0ea8

Name	Address
SafeArrayGetLBound	0x1400e06d8
GetActiveObject	0x1400e06e0
SysStringLen	0x1400e06e8
OleLoadPicture	0x1400e06f0
SafeArrayUnaccessData	0x1400e06f8
SafeArrayGetElemsize	0x1400e0700
SafeArrayAccessData	0x1400e0708
SafeArrayUnlock	0x1400e0710
SafeArrayPtrOfIndex	0x1400e0718
SafeArrayLock	0x1400e0720
SafeArrayGetDim	0x1400e0728
SafeArrayDestroy	0x1400e0730
SafeArrayGetUBound	0x1400e0738
VariantCopyInd	0x1400e0740
SafeArrayCopy	0x1400e0748
SysAllocString	0x1400e0750
VariantChangeType	0x1400e0758
VariantClear	0x1400e0760
SafeArrayCreate	0x1400e0768
SysFreeString	0x1400e0770

Reports: JSON

Statistics (3.35)

Processing ( 2.75 seconds )

2.394 CAPE
0.299 BehaviorAnalysis
0.05 AnalysisInfo
0.003 Debug

Signatures ( 0.60 seconds )

0.197 antiav_detectreg
0.066 infostealer_ftp
0.06 territorial_disputes_sigs
0.045 antianalysis_detectreg
0.04 infostealer_im
0.022 antivm_vbox_keys
0.014 antivm_vmware_keys
0.012 antivm_parallels_keys
0.012 infostealer_mail
0.011 antivm_generic_diskreg
0.011 ransomware_files
0.01 antivm_xen_keys
0.007 antiav_detectfile
0.007 antivm_vpc_keys
0.006 masquerade_process_name
0.005 geodo_banking_trojan
0.005 ransomware_extensions
0.004 antianalysis_detectfile
0.004 antivm_bochs_keys
0.004 antivm_generic_bios
0.004 bypass_firewall
0.004 infostealer_bitcoin
0.003 antivm_hyperv_keys
0.003 antivm_vbox_files
0.003 recon_fingerprint
0.002 ketrican_regkeys
0.002 darkcomet_regkeys
0.002 poullight_files
0.002 limerat_regkeys
0.002 remcos_regkeys
0.001 accesses_netlogon_regkey
0.001 antidebug_devices
0.001 antivm_vbox_devices
0.001 antivm_vmware_files
0.001 browser_security
0.001 checks_uac_status
0.001 registry_credential_store_access
0.001 registry_lsa_secrets_access
0.001 disables_backups
0.001 disables_browser_warn
0.001 disables_power_options
0.001 azorult_mutexes
0.001 cryptbot_files
0.001 echelon_files
0.001 qulab_files
0.001 accesses_office_username
0.001 packer_armadillo_regkey
0.001 medusalocker_regkeys
0.001 revil_mutexes
0.001 modirat_behavior
0.001 rat_pcclient
0.001 warzonerat_regkeys
0.001 removes_startmenu_defaults
0.001 tampers_etw
0.001 targeted_flame
0.001 ursnif_behavior
0.001 suspicious_command_tools
0.001 uses_windows_utilities

Reporting ( 0.01 seconds )

0.012 JsonDump

Signatures

Attempts to connect to a dead IP:Port (1 unique times)

Queries the keyboard layout

Queries the computer locale (possible geofencing)

SetUnhandledExceptionFilter detected (possible anti-debug)

Checks system language via registry key (possible geofencing)

regkey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru-RU

regkey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru-RU

Establishes an encrypted HTTPS connection

http_request: GET /raw/04TKQkE1 HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com

Connection to a legitimate domain from an unexpected process

Suspicious communication with abused trusted site

The binary contains an unknown PE section name indicative of packing

unknown section: {'name': 'text', 'raw_address': '0x0011c800', 'virtual_address': '0x00127000', 'virtual_size': '0x0000258d', 'size_of_data': '0x00002600', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE', 'characteristics_raw': '0x20000040', 'entropy': '5.77'}

unknown section: {'name': 'data', 'raw_address': '0x0011ee00', 'virtual_address': '0x0012a000', 'virtual_size': '0x00006ec0', 'size_of_data': '0x00007000', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x40000040', 'entropy': '6.46'}

Establishes an encrypted HTTPS connection to a paste site

http_request: GET /raw/04TKQkE1 HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com

Binary file triggered YARA rule

Binary triggered YARA rule: INDICATOR_SUSPICIOUS_AHK_Downloader

Installs an hook procedure to monitor for mouse events

Sniffs keystrokes

SetWindowsHookExW: Process: 67f06666b122cdba28954592.exe(2908)

Screenshots

Session Playback

No playback available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

C:\Windows\WindowsShell.Manifest
C:\Windows\System32\kernel.appcore.dll
\Device\CNG
C:\Temp
C:\Temp\67f06666b122cdba28954592.exe
C:\Windows\Fonts\staticcache.dat
C:\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\System32\windows.storage.dll
C:\Temp\Wldp.dll
C:\Windows\System32\wldp.dll
C:\Windows\System32\sxs.dll
C:\Windows\System32\wbem\wbemdisp.tlb
C:\Windows\System32\C_1252.NLS
C:\Windows\System32\stdole2.tlb
C:\Windows\System32\winhttp.dll
C:\Windows\System32\ru-RU\mswsock.dll.mui
C:\Windows\System32\ru-RU\wshqos.dll.mui
C:\Temp\ncrypt.dll
C:\Windows\System32\ncrypt.dll
C:\Windows\System32\ci.dll
C:\Windows\System32\dnsapi.dll
C:\Windows\System32\wuaueng.dll
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\NgcRecovery.dll
C:\Windows\System32\ru-RU\CRYPT32.dll.mui
\??\PhysicalDrive0
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\System32\ru-RU\USER32.dll.mui
C:\Windows\System32\rpcss.dll
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
C:\Windows\System32\winbrand.dll
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Branding\Basebrd\ru-RU\Basebrd.dll.mui
C:
C:\Windows\System32\secur32.dll
C:\Windows\System32\tzres.dll
C:\Windows\System32\ru-RU\tzres.dll.mui
C:\Windows\System32\samcli.dll
C:\Windows\System32\srvcli.dll
C:\Windows\System32\netutils.dll
C:\Windows\System32\logoncli.dll
C:\Windows\System32\schedcli.dll
C:\Windows\System32\wkscli.dll
C:\Windows\System32\dsrole.dll
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\Windows\System32\wbem\ru-RU\cimwin32.dll.mui

\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\PIPE\wkssvc
\??\PIPE\srvsvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru-RU
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\ru
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\67f06666b122cdba28954592.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444B-8957-A3773F02200E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Classes\PackagedCom
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\419
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\19
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win64
HKEY_CURRENT_USER\Software\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win64
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win64\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1252
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\AMSI\Providers
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64
HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64\(Default)
HKEY_CURRENT_USER\Software\Classes\WinHttp.WinHttpRequest.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinHttp.WinHttpRequest.5.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinHttp.WinHttpRequest.5.1\CLSID\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{2087C2F4-2CEF-4953-A8AB-66779B670495}
HKEY_CURRENT_USER\Software\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AutodialDLL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartNameResolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryNetBTFQDN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartProtocolReordering
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UdpRecvBufferSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableParallelAandAAAA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableCoalescing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterVPNTrigger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ForceQueriesOverTcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShareTcpConnections
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableServerUnreachability
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMulticast
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\NewDhcpSrvRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessPreferLocal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableIdnEncoding
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableIdnMapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShortnameProxyDefault
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutRecalculationInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\ru-RU
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.10.3.37!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.10.3.37!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.10.3.37!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\System32\ci.dll,-100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.10.3.42!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.10.3.42!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.10.3.42!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\System32\ci.dll,-101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.76.6.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.76.6.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.76.6.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\System32\wuaueng.dll,-400
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.80.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.80.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.80.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.92.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.92.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.92.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\system32\NgcRecovery.dll,-100
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\ECCParameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableSerialChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertSyncDeltaTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\AutoFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableAutoFlushProcessNameList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\AutoFlushFirstDeltaSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\AutoFlushNextDeltaSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\PinRulesLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\PinRules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\PinRulesLastSyncTime
HKEY_USERS\S-1-5-21-3318940731-3379818400-2144845357-1002
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\PinRulesEncodedCtl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\ru
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win64\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1252
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinHttp.WinHttpRequest.5.1\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AutodialDLL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartNameResolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryNetBTFQDN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartProtocolReordering
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UdpRecvBufferSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableParallelAandAAAA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableCoalescing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterVPNTrigger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ForceQueriesOverTcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShareTcpConnections
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableServerUnreachability
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMulticast
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\NewDhcpSrvRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessPreferLocal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableIdnEncoding
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableIdnMapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShortnameProxyDefault
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutRecalculationInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.10.3.37!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\System32\ci.dll,-100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.10.3.42!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\System32\ci.dll,-101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.76.6.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\System32\wuaueng.dll,-400
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.80.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.92.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\2\B1A07F78\@%SystemRoot%\system32\NgcRecovery.dll,-100
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableSerialChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertSyncDeltaTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\AutoFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableAutoFlushProcessNameList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\AutoFlushFirstDeltaSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\AutoFlushNextDeltaSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates\108FBF794E18EC5347A414E4370CC4506C297AB2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates\932BED339AA69212C89375B79304B475490B89A0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\PinRulesLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\PinRules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\PinRulesLastSyncTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\PinRulesEncodedCtl

ntdll.dll.RtlWow64GetCurrentMachine
ntdll.dll.RtlWow64IsWowGuestMachineSupported

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

Local\SM0:2908:304:WilStaging_02
AHK Keybd
AHK Mouse

No results

Sorry! No behavior.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No process dumps.