MZ@ !L!This program cannot be run in DOS mode. $̓̓̓̓̓˅̓̓Rich̓PELTT~OPO^OtOOOOOOOP(Pt?u2;Gt.^t%VjS @G@G|$N03+ȃ[_^SVW3WWWEWV3ҋ\$% @G@G;t)9t Ћ@;u;t;tHJPPWV_^[Vt$vT$ L$+ʊ} 3 Ofh} 3 Oa} 3 Of=Mt0=|t"VP Fh^V ^! BSV3W95dA=vC3F;5dAr395hAvA3F;5hAr%dA%hA_^[**%s%s%sUSVW}?]3u<;t D>FuutlF hDdk PjM <tK>$>E ~*t?*tRWPh4E u?t G?`_^[] VW3BWWWWVhdAhChDhhAhAh EWV_^SUV3WSSSBSU39hAv At$78u6F;5hAr39dAv Ct$7u#F;5dAr\$SU_^D$ ][D$\\*** Invalid Name ****Ujhh03dPd%DSVWe}Ddk WhjӉE CVE؅L}TM! uuV3PPPPhE4@Gt E9tvjhEt(~3+}ȃWhjӋujYd}fxfFEPhVu|LjVEP|;E8t)f|}fhEPUPuW EPV3E9E Eju EPE8t=}؋3Of}؋I+PEPPuu }؋3IvEP0jXËe}t EP}؃3OjYf]e6=6uu`6Pu׃ E$09|Ƀe096uu 6Pu׃ ttE$=|͋}؋3+}ȃuh CuEi$6U؊ t\tB6Ei$09U؍93+}ȃ3+ы}Oʃuuh Cj,}t uE؅tPVKjYL}fMd _^[ Vt$F VHuv Fv$vV(^L$fAAf;Ar t$AQ,T$AHPSystemVW 3>jPh tF0r3_^Ë:%d???=|AVtJW  |At$ jQVf P3IhQ _ t$^Key: 0x%X%s OpenKey %s %s %sU`SVW CWuSvvVuu V$GE|6V Vutee}|SV]VEhP =Et1u.t%EPuPESPPhSWIE_^[ Key: 0x%X%s CreateKey %s %s %sU`SVW CWuSvvu uuuVuu V GE|6VVu tze}|/SVgVEhnPE t8u =Eu =Et1u#t%EPuPESPPhzSW>E_^[Key: 0x%X%s CloseKey %s %s %sU@SVWh C2hDdk hjuEEPEjPjVBt!}t=$tWjVVEVCۋt]|Qu=Et@V9t6uhxu uVPEWPPhu`t Wh C3}t u_^[%s FlushKey %s %s Key: 0x%XU$V CWVWjuuFEtPSuS=Et.uat"SuTPEWPPhQWV[E_^%s DeleteKey %s %s Key: 0x%XU SV CWVWju$uSDuBEt<=Et,Pt"SuPEWPcPh8WVE_^[%s DeleteValueKey %s %s U SV CWVyWu uu u,Gt9=Et)S)tSPEWPPhWVJ_^[%s SetValue %s %s %sU VWh Cu tf>u4WPuuuuuVuF|PuuutD=Et0V`t&PVOPEWPPhlLWh Cv_^%s EnumerateKey %s %s %sU V CWVWju uuuuu u(GE|hPuutD=Et4ut(PuPEWP6Ph> WVE_^%s QueryKey %s %s %sU$SVW CWQhDdk VjEujuDuuuu uB}EtZtM#| VSuu =Et0ut$SuPEuPiPh!uWtSE_^[\%s EnumerateValue %s %s %sU Sh CkSjuvuuuuu uDۉE|QVWPPuu3!OfI+PPS _^=Et4ut(PuPESPNPh!Sh CE[%s QueryValue %s %s %sU VWh Cbu tf>u4WPuZuuuuVuDtc|jPuu=Et0Vt&PVPEWPzPh"Wh C_^%s LoadKey %s %s %sU Vu WPvv}PwwVWD=Et6V7t,PV&PPEPPh#_^%s UnloadKey %s %sU VuPvvVD=Et/Vt%VPPEPYPhb$^S28`A BV5DF8u% E  B$GF5 BF8u% E  BCF5< BF8u% E! { BBF58 BF8u% E # B BDF54 BF8u% E"  BDF50 BF8u% EW  B(GF5, BF8u% E BFF5( BF8u% EU ^ BBF5$ BF8u% E % BFF5  BF8u% E B GF5 BF8u% E B,GF5 BF8u% E# z BDF5 BF8u% Eu$ A BDF`A^[S28`A! BV5DF8t) E< u$G F B5 BF8t) E< uC F B5< BF8t) E<! uBi F B58 BF8t) E< # uD, F B54 BF8t) E<" uD F B50 BF8t) EOPO^OtOOOOOOOP(PIoUnregisterShutdownNotificationIoDeleteDeviceIoDeleteSymbolicLink(IoRegisterShutdownNotificationhZwDisplayStringpKeInitializeEventGExInitializeNPagedLookasideListsKeInitializeMutexIoCreateSymbolicLinkIoCreateDeviceRtlQueryRegistryValuesmemmoventoskrnl.exeRtlUnwindDKeQueryPerformanceCounterHAL.dllMmMapLockedPagesMmBuildMdlForNonPagedPoolMmCreateMdlKeServiceDescriptorTable0 HQDD4VS_VERSION_INFO""?StringFileInfo~040904B0: CompanyNameSysinternalsl"FileDescriptionWindows NT/2K/XP Registry Monitor*FileVersion4.346 InternalNameregmon.sys7LegalCopyrightCopyright (C) M. Russinovich and B. Cogswell 1996-2002> OriginalFilenameregmon.SysXProductNameRegmon for Windows NT/2K/XP.ProductVersion4.34DVarFileInfo$Translation $34 444585H5R5X5a5g5m555556%6/6p6v6{6666666666667:7C7M7R7Y7_7o7y777777777777778#8.838E8Q8W8d8m8y888888888 999&9B9K9Q9999999: :":):V:^::::x;;;;;;;<*!>4>;>q>u>y>}>>>>>>>> ??f?m????<0/0?0N00011%1L1S1z111k2~22222222 333&3-343;3B3Q3W3^3l3v3}33334!4,444;4E4N4}4444444444444455(5655555-636C6Z6`66666 77 7C7b7777777,878h88888881999O9e999999":-:3:C:a:j:y:::;;$;P;;; <<&^>>>>>?+?O????? 0-0b0000'1C1g1111282u22222323R3}33344N44444445555'5-5;5@5N5S5`5f5t5y555555555555555 666$62676D6J6X6]6k6p6}666666666666667777(7.7<7A7O7T7a7g7u7z77777777777778 88"8+818?8F8Q8_8h8n8|88888888888888999%939:9E9S9\9b9p9w99999999999999 :::':.:9:G:P:V:d:k:v::::::::::::::;;;;;;<<$ >>>>)>*? $SG7415!$SG7443!$SG7441!$SG7470"$SG7482#$SG7491b$$T8328$SG7933/$SG7919.$SG7916~.$SG7913V.$SG79106.@comp.id$R000000Q.idata$6P.text(3G$$$0000103 $$$000043 #R333_lh_top_333.texth2=2$$$00001h2 $$$000032 "2 $")$$$000052 +0$$$000073 9>$$$00009'3 G_lu_done2,272_lu_top2_at_done&3.idata$6P@comp.idheader 9&FZz  "Fa* N t Q    $ (/ ,C 0\ 4z 8 <-@ DXH L Pl T X \ ` d hB l] p{ t x | o  , 4 IP _ t h   t Z  l     #h  6  D  VG  o7   { a J  x   & K j       U    "W  :! N" k # # u$ $ ' + &- / \2 b2 h2 2 3  03 3  3  4  4  4 ) 4 _LogFile474)445_RootKey8_MaxLog<<XAYA|\Aq`A^dAKhA_LoglApA_NumLogtAqxAt|AiAYAHB6B(BB BC CCDDDDrDgDOEDE:E&FF F F G$G(G,G@G @K!TKhKendZD_DriverEntry@8_MatchOkay@4_MatchWithPattern@8_RegmonOpenBootLog@0_RegmonCloseBootLog@4_RegmonWriteBuffer@4_RegmonWriteBootLog@4_RegmonFreeLog@0_RegmonNewLog@0_RegmonOldestLog@0_RegmonResetLog@0_LogRecord_Minimum@8_RegmonHashCleanup@0_RegmonLogHash@8_RegmonFreeHashEntry@4_ConvertToUpper@12_GetPointer@4_ReleasePointer@4_AppendKeyInformation@16_AppendRegValueType@8_AppendRegValueData@16_AppendValueInformation@16_ErrorString@4_RegmonFreeFilters@0_MakeFilterArray@12_RegmonUpdateFilters@0_ApplyFilters@4_GetFullName@12_ExAllocateFromNPagedLookasideList@4_ExFreeToNPagedLookasideList@8_GetProcessNameOffset@0_GetProcess@4_HookRegOpenKey@12_HookRegCreateKey@28_HookRegCloseKey@4_HookRegFlushKey@4_HookRegDeleteKey@4_HookRegDeleteValueKey@8_HookRegSetValueKey@24_HookRegEnumerateKey@24_HookRegQueryKey@20_HookRegEnumerateValueKey@24_HookRegQueryValueKey@24_HookRegLoadKey@8_HookRegUnloadKey@4_HookRegistry@0_UnhookRegistry@0_RegmonDeviceControl@36_RegmonDispatch@8_RegmonUnload@4_Sequence_CurrentUser_BootFilter_DefaultValue_DefaultValueString_NumExcludeFilters_NumIncludeFilters_RegHooked_BootSavedLogList_BootLogging_GUIActive_HashTable_RealRegDeleteValueKey_RealRegEnumerateKey_RealRegOpenKey_RealRegCreateKey_errstring_RealRegFlushKey_StartTime_RealRegSetValueKey_LogMutex_HashMutex_KeServiceTablePointers_FilterDef_RealRegEnumerateValueKey_BootSavedLogTail_RealRegUnloadKey_RealRegLoadKey_RealRegQueryValueKey_IncludeFilters_FullPathLookaside_RealRegCloseKey_FilterMutex_HookDescriptors_LoggingEvent_RealRegDeleteKey_RealRegQueryKey_ExcludeFilters_GUIDevice_ProcessNameOffset__imp__ZwCreateFile@44__imp__RtlInitUnicodeString@8__imp__KeSetEvent@12__imp__ZwClose@4__imp__ZwSetInformationFile@20__imp__sprintf__imp__ZwWriteFile@36__imp__ExAllocatePoolWithTag@12__imp__ExFreePool@4__imp__KeWaitForSingleObject@20__imp__ExQueueWorkItem@8__imp__KeReleaseMutex@8__imp__KeQueryPerformanceCounter@4__imp__KeQuerySystemTime@4@InterlockedIncrement@4_DbgBreakPoint@0__imp__vsprintf__imp__ObReferenceObjectByHandle@24__imp__ExGetPreviousMode@0__imp_@ObfDereferenceObject@4__imp__RtlFreeAnsiString@4__imp__RtlUnicodeStringToAnsiString@12__imp__strncat__imp__strncpy__imp__strncmp__imp__ObQueryNameString@16__except_list__except_handler3__imp_@ExInterlockedPopEntrySList@8__imp_@ExInterlockedPushEntrySList@12__imp__IoGetCurrentProcess@0_PsGetCurrentProcessId@0__imp__ZwUnloadKey@4__imp__ZwLoadKey@8__imp__ZwDeleteValueKey@8__imp__ZwCreateKey@28__imp__ZwSetValueKey@24__imp__ZwDeleteKey@4__imp__ZwFlushKey@4__imp__ZwEnumerateKey@24__imp__ZwEnumerateValueKey@24__imp__ZwQueryValueKey@24__imp__ZwQueryKey@20@InterlockedExchange@8__imp__ZwOpenKey@12_ProbeForWrite@12__imp_@IofCompleteRequest@8__imp__IoUnregisterShutdownNotification@4__imp__ExDeleteNPagedLookasideList@4_RegmonUnmapServiceTable@4__imp__IoDeleteDevice@4__imp__IoDeleteSymbolicLink@4__imp__IoRegisterShutdownNotification@4__imp__ZwDisplayString@4__imp__KeInitializeEvent@12__imp__ExInitializeNPagedLookasideList@28_RegmonMapServiceTable@4__imp__KeInitializeMutex@8__imp__IoCreateSymbolicLink@8__imp__IoCreateDevice@28__imp__RtlQueryRegistryValues@20__imp__memmove_ZwCreateFile@44__IMPORT_DESCRIPTOR_ntoskrnl_RtlInitUnicodeString@8_KeSetEvent@12_ZwClose@4_ZwSetInformationFile@20_ZwWriteFile@36_ExAllocatePoolWithTag@12_ExFreePool@4_KeWaitForSingleObject@20_ExQueueWorkItem@8_KeReleaseMutex@8_KeQuerySystemTime@4__imp_@InterlockedIncrement@4__imp__DbgBreakPoint@0_vsprintf_ObReferenceObjectByHandle@24_ExGetPreviousMode@0@ObfDereferenceObject@4_RtlFreeAnsiString@4_RtlUnicodeStringToAnsiString@12_ObQueryNameString@16_RtlUnwind@16__global_unwind2__local_unwind2__abnormal_termination__seh_longjmp_unwind@4@ExInterlockedPopEntrySList@8@ExInterlockedPushEntrySList@12_IoGetCurrentProcess@0__imp__PsGetCurrentProcessId@0_ZwUnloadKey@4_ZwLoadKey@8_ZwDeleteValueKey@8_ZwCreateKey@28_ZwSetValueKey@24_ZwDeleteKey@4_ZwFlushKey@4_ZwEnumerateKey@24_ZwEnumerateValueKey@24_ZwQueryValueKey@24_ZwQueryKey@20__imp_@InterlockedExchange@8_ZwOpenKey@12__imp__ProbeForWrite@12@IofCompleteRequest@8_IoUnregisterShutdownNotification@4_ExDeleteNPagedLookasideList@4_IoDeleteDevice@4_IoDeleteSymbolicLink@4_IoRegisterShutdownNotification@4_ZwDisplayString@4_KeInitializeEvent@12_ExInitializeNPagedLookasideList@28_KeInitializeMutex@8_IoCreateSymbolicLink@8_IoCreateDevice@28_RtlQueryRegistryValues@20__NULL_IMPORT_DESCRIPTORntoskrnl_NULL_THUNK_DATA__imp__RtlUnwind@16_KeQueryPerformanceCounter@4__IMPORT_DESCRIPTOR_HALHAL_NULL_THUNK_DATA_RegmonUnmapMem@8_RegmonMapMem@12_KeServiceTableMdl_Signature__imp__MmUnmapLockedPages@8__imp__MmMapLockedPages@8__imp__MmBuildMdlForNonPagedPool@4__imp__MmCreateMdl@12_KeServiceDescriptorTable_MmUnmapLockedPages@8_MmMapLockedPages@8_MmBuildMdlForNonPagedPool@4_MmCreateMdl@12__imp__KeServiceDescriptorTable_?diskFullError@?1??RegmonWriteBuffer@@9@9_?text@?1??LogRecord@@9@9_lh_continue_lh_dismiss_lh_return_lh_bagit_lh_unwinding_gu_return__unwind_handler_uh_return_lu_continueql@d:\nt4ddk\lib\i386\free\Regsys.sys,nP%= Ӿh%VtZ l  nh * 8 G _ 7 fҾ{[aJYxL&ӂ*.6 e Ӑ ә Ӯ  U v ӁI W I!  " #I # u$g  $'2+ &&-/BW 4