File PortableApps.comInstaller_3.5.11.paf.exe

Size 2.3MB Resubmit sample
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 36337697123b800dc1a3d0a4863d3512
SHA1 64cdaad6e0795114ba787ae8a4ceef02adb6b97f
SHA256 5f137b3bd927b11b0fe88d9ff0f9bc07aaa7606387843bb425b72146ffbfef6d
SHA512
38ca511d4178b05ecc31a5627ac044172fe30f8e43a8eeb4196e364dbf807df330eef267641784c68039db5b88fcbaa3ef7ff3c5ff15b56c72c0bd529f4efd8f
CRC32 9138728A
ssdeep 49152:c9d3TDpx8msuuapx831skY4qGSDHbtYW0qgTZVs:0ooxI1sk8HbtFYPs
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasDigitalSignature - DigitalSignature Check
  • HasRichSignature - Rich Signature Check
  • PEiD_00055_Alias_PIX_Vivid_IMG_Graphics_format_ - [Alias PIX/Vivid IMG Graphics format]
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -

Score

This file shows numerous signs of malicious behavior.

The score of this file is 2.0 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Category Started Completed Duration Logs
FILE Jan. 9, 2019, 9:32 a.m. Jan. 9, 2019, 9:33 a.m. 56 seconds

Machine

Name Label Started On Shutdown On
winxpsp3pro32 winxpsp3pro32 2019-01-09 09:33:08 2019-01-09 09:33:39

Analyzer Log

2019-01-09 03:11:49,000 [analyzer] DEBUG: Starting analyzer from: C:\ayrhnjg
2019-01-09 03:11:49,015 [analyzer] DEBUG: Pipe server name: \\.\PIPE\auYPwUtabMVBNaWNGdvpTftMesk
2019-01-09 03:11:49,015 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\JuOYLIwWeWsJnLMnZpxmIqEoXEVZdFCB
2019-01-09 03:11:49,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2019-01-09 03:11:49,015 [analyzer] INFO: Automatically selected analysis package "exe"
2019-01-09 03:11:50,733 [analyzer] DEBUG: Started auxiliary module Disguise
2019-01-09 03:11:50,890 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:50,890 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:50,953 [analyzer] DEBUG: Loaded monitor into process with pid 692
2019-01-09 03:11:50,953 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-01-09 03:11:50,953 [analyzer] DEBUG: Started auxiliary module Human
2019-01-09 03:11:50,953 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-01-09 03:11:50,953 [analyzer] DEBUG: Started auxiliary module Reboot
2019-01-09 03:11:51,203 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-01-09 03:11:51,203 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-01-09 03:11:51,328 [lib.api.process] INFO: Successfully executed process from path u'C:\\DOCUME~1\\zamen\\LOCALS~1\\Temp\\PortableApps.comInstaller_3.5.11.paf.exe' with arguments '' and pid 1312
2019-01-09 03:11:51,421 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:51,421 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-09 03:11:51,546 [analyzer] DEBUG: Loaded monitor into process with pid 1312
2019-01-09 03:11:51,578 [analyzer] DEBUG: Received request to inject pid=1312, but we are already injected there.
2019-01-09 03:11:51,717 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsq2.tmp
2019-01-09 03:11:51,842 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\LangDLL.dll
2019-01-09 03:11:52,108 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-09 03:11:53,140 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\System.dll
2019-01-09 03:11:53,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\FindProcDLL.dll
2019-01-09 03:11:53,500 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\modern-header.bmp
2019-01-09 03:11:53,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\modern-wizard.bmp
2019-01-09 03:11:53,671 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\nsDialogs.dll
2019-01-09 03:11:54,171 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:11:56,280 [modules.auxiliary.human] INFO: Found button "&Install", clicking it
2019-01-09 03:11:57,328 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\w7tbp.dll
2019-01-09 03:11:57,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\PortableApps.comInstaller.exe
2019-01-09 03:11:57,437 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\help.html
2019-01-09 03:11:57,592 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\7z.dll
2019-01-09 03:11:57,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\7z.exe
2019-01-09 03:11:57,750 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\License.txt
2019-01-09 03:11:57,765 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\readme.txt
2019-01-09 03:11:57,765 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon.ico
2019-01-09 03:11:57,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_128.png
2019-01-09 03:11:57,812 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_16.png
2019-01-09 03:11:57,812 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_256.png
2019-01-09 03:11:57,828 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_32.png
2019-01-09 03:11:57,842 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_75.png
2019-01-09 03:11:57,842 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appinfo.ini
2019-01-09 03:11:57,842 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\pac_installer_log.ini
2019-01-09 03:11:57,905 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\DefaultData\settings.ini
2019-01-09 03:11:58,030 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\bin\MakeHeader.exe
2019-01-09 03:11:58,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\PortableApps.comInstallerHeader.bmp
2019-01-09 03:11:58,092 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\PortableApps.comInstallerHeaderPlugin.bmp
2019-01-09 03:11:58,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\PortableApps.comInstallerHeaderPluginRTL.bmp
2019-01-09 03:11:58,125 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\PortableApps.comInstallerHeaderRTL.bmp
2019-01-09 03:11:58,125 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\appicon.ico
2019-01-09 03:11:58,140 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\appicon_16.png
2019-01-09 03:11:58,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\appicon_32.png
2019-01-09 03:11:58,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\appinfo.ini
2019-01-09 03:11:58,171 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstaller.bmp
2019-01-09 03:11:58,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstaller.ico
2019-01-09 03:11:58,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstaller.nsi
2019-01-09 03:11:58,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerConfig.nsh
2019-01-09 03:11:58,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerDriveFreeSpaceCustom.nsh
2019-01-09 03:11:58,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerDumpLogToFile.nsh
2019-01-09 03:11:58,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerMoveFiles.nsh
2019-01-09 03:11:58,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerTBProgress.nsh
2019-01-09 03:11:58,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Afrikaans.nsh
2019-01-09 03:11:58,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Albanian.nsh
2019-01-09 03:11:58,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Arabic.nsh
2019-01-09 03:11:58,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Armenian.nsh
2019-01-09 03:11:58,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Asturian.nsh
2019-01-09 03:11:58,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Basque.nsh
2019-01-09 03:11:58,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Belarusian.nsh
2019-01-09 03:11:58,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Bosnian.nsh
2019-01-09 03:11:58,328 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Breton.nsh
2019-01-09 03:11:58,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Bulgarian.nsh
2019-01-09 03:11:58,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Catalan.nsh
2019-01-09 03:11:58,358 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Cibemba.nsh
2019-01-09 03:11:58,358 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Croatian.nsh
2019-01-09 03:11:58,358 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Czech.nsh
2019-01-09 03:11:58,375 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Danish.nsh
2019-01-09 03:11:58,375 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Dutch.nsh
2019-01-09 03:11:58,390 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Efik.nsh
2019-01-09 03:11:58,390 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\English.nsh
2019-01-09 03:11:58,390 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\EnglishGB.nsh
2019-01-09 03:11:58,405 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:11:58,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Esperanto.nsh
2019-01-09 03:11:58,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Estonian.nsh
2019-01-09 03:11:58,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Farsi.nsh
2019-01-09 03:11:58,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Finnish.nsh
2019-01-09 03:11:58,437 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\French.nsh
2019-01-09 03:11:58,437 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Galician.nsh
2019-01-09 03:11:58,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Georgian.nsh
2019-01-09 03:11:58,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\German.nsh
2019-01-09 03:11:58,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Greek.nsh
2019-01-09 03:11:58,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Hebrew.nsh
2019-01-09 03:11:58,467 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Hindi.nsh
2019-01-09 03:11:58,467 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Hungarian.nsh
2019-01-09 03:11:58,467 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Icelandic.nsh
2019-01-09 03:11:58,483 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Igbo.nsh
2019-01-09 03:11:58,483 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Indonesian.nsh
2019-01-09 03:11:58,500 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Irish.nsh
2019-01-09 03:11:58,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Italian.nsh
2019-01-09 03:11:58,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Japanese.nsh
2019-01-09 03:11:58,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Khmer.nsh
2019-01-09 03:11:58,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Korean.nsh
2019-01-09 03:11:58,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Kurdish.nsh
2019-01-09 03:11:58,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Latvian.nsh
2019-01-09 03:11:58,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Lithuanian.nsh
2019-01-09 03:11:58,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Luxembourgish.nsh
2019-01-09 03:11:58,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Macedonian.nsh
2019-01-09 03:11:58,562 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Malagasy.nsh
2019-01-09 03:11:58,562 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Malay.nsh
2019-01-09 03:11:58,562 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Mongolian.nsh
2019-01-09 03:11:58,578 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Norwegian.nsh
2019-01-09 03:11:58,578 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\NorwegianNynorsk.nsh
2019-01-09 03:11:58,578 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Pashto.nsh
2019-01-09 03:11:58,592 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Polish.nsh
2019-01-09 03:11:58,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Portuguese.nsh
2019-01-09 03:11:58,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\PortugueseBR.nsh
2019-01-09 03:11:58,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Romanian.nsh
2019-01-09 03:11:58,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Russian.nsh
2019-01-09 03:11:58,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Serbian.nsh
2019-01-09 03:11:58,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\SerbianLatin.nsh
2019-01-09 03:11:58,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\SimpChinese.nsh
2019-01-09 03:11:58,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Slovak.nsh
2019-01-09 03:11:58,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Slovenian.nsh
2019-01-09 03:11:58,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Spanish.nsh
2019-01-09 03:11:58,671 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\SpanishInternational.nsh
2019-01-09 03:11:58,671 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Swahili.nsh
2019-01-09 03:11:58,671 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Swedish.nsh
2019-01-09 03:11:58,687 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Thai.nsh
2019-01-09 03:11:58,687 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\TradChinese.nsh
2019-01-09 03:11:58,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Turkish.nsh
2019-01-09 03:11:58,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Ukrainian.nsh
2019-01-09 03:11:58,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Uzbek.nsh
2019-01-09 03:11:58,717 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Valencian.nsh
2019-01-09 03:11:58,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Vietnamese.nsh
2019-01-09 03:11:58,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Welsh.nsh
2019-01-09 03:11:58,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Yoruba.nsh
2019-01-09 03:11:58,750 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\COPYING
2019-01-09 03:11:58,765 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\makensis.exe
2019-01-09 03:11:58,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\GenPat.exe
2019-01-09 03:11:58,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\LibraryLocal.exe
2019-01-09 03:11:58,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\MakeLangId.exe
2019-01-09 03:11:58,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\RegTool-x86.bin
2019-01-09 03:11:58,858 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\makensis.exe
2019-01-09 03:11:58,905 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\zip2exe.exe
2019-01-09 03:11:58,921 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\zlib1.dll
2019-01-09 03:11:58,953 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\ExDll\exdll.h
2019-01-09 03:11:58,983 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\big.bmp
2019-01-09 03:11:58,983 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\classic-cross.bmp
2019-01-09 03:11:59,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\classic.bmp
2019-01-09 03:11:59,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\colorful.bmp
2019-01-09 03:11:59,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\grey-cross.bmp
2019-01-09 03:11:59,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\grey.bmp
2019-01-09 03:11:59,092 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\modern.bmp
2019-01-09 03:11:59,092 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\red-round.bmp
2019-01-09 03:11:59,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\red.bmp
2019-01-09 03:11:59,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\simple-round.bmp
2019-01-09 03:11:59,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\simple-round2.bmp
2019-01-09 03:11:59,125 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\simple.bmp
2019-01-09 03:11:59,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis-r.bmp
2019-01-09 03:11:59,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis.bmp
2019-01-09 03:11:59,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-branding-r.bmp
2019-01-09 03:11:59,171 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-branding.bmp
2019-01-09 03:11:59,187 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-grey-right.bmp
2019-01-09 03:11:59,187 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-grey.bmp
2019-01-09 03:11:59,187 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-metro-right.bmp
2019-01-09 03:11:59,203 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-metro.bmp
2019-01-09 03:11:59,203 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-vintage-right.bmp
2019-01-09 03:11:59,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-vintage.bmp
2019-01-09 03:11:59,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-nsis.bmp
2019-01-09 03:11:59,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-r-nsis.bmp
2019-01-09 03:11:59,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-r.bmp
2019-01-09 03:11:59,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-uninstall-nsis.bmp
2019-01-09 03:11:59,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-uninstall-r-nsis.bmp
2019-01-09 03:11:59,265 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-uninstall-r.bmp
2019-01-09 03:11:59,265 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-uninstall.bmp
2019-01-09 03:11:59,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange.bmp
2019-01-09 03:11:59,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\win.bmp
2019-01-09 03:11:59,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow-install.ico
2019-01-09 03:11:59,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow-uninstall.ico
2019-01-09 03:11:59,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow2-install.ico
2019-01-09 03:11:59,328 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow2-uninstall.ico
2019-01-09 03:11:59,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\box-install.ico
2019-01-09 03:11:59,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\box-uninstall.ico
2019-01-09 03:11:59,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\classic-install.ico
2019-01-09 03:11:59,358 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\classic-uninstall.ico
2019-01-09 03:11:59,358 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\llama-blue.ico
2019-01-09 03:11:59,375 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\llama-grey.ico
2019-01-09 03:11:59,375 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install-blue-full.ico
2019-01-09 03:11:59,390 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install-blue.ico
2019-01-09 03:11:59,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install-colorful.ico
2019-01-09 03:11:59,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install-full.ico
2019-01-09 03:11:59,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install.ico
2019-01-09 03:11:59,437 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall-blue-full.ico
2019-01-09 03:11:59,437 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall-blue.ico
2019-01-09 03:11:59,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall-colorful.ico
2019-01-09 03:11:59,467 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall-full.ico
2019-01-09 03:11:59,467 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall.ico
2019-01-09 03:11:59,483 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis1-install.ico
2019-01-09 03:11:59,483 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis1-uninstall.ico
2019-01-09 03:11:59,500 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis3-install-alt.ico
2019-01-09 03:11:59,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis3-install.ico
2019-01-09 03:11:59,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis3-uninstall.ico
2019-01-09 03:11:59,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\orange-install-nsis.ico
2019-01-09 03:11:59,578 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\orange-install.ico
2019-01-09 03:11:59,592 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\orange-uninstall-nsis.ico
2019-01-09 03:11:59,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\orange-uninstall.ico
2019-01-09 03:11:59,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\pixel-install.ico
2019-01-09 03:11:59,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\pixel-uninstall.ico
2019-01-09 03:11:59,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\win-install.ico
2019-01-09 03:11:59,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\win-uninstall.ico
2019-01-09 03:11:59,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\arrow.bmp
2019-01-09 03:11:59,687 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\llama.bmp
2019-01-09 03:11:59,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis.bmp
2019-01-09 03:11:59,717 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis3-branding.bmp
2019-01-09 03:11:59,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis3-grey.bmp
2019-01-09 03:11:59,765 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis3-metro.bmp
2019-01-09 03:11:59,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis3-vintage.bmp
2019-01-09 03:11:59,812 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nullsoft.bmp
2019-01-09 03:11:59,828 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\orange-nsis.bmp
2019-01-09 03:11:59,875 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\orange-uninstall-nsis.bmp
2019-01-09 03:11:59,890 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\orange-uninstall.bmp
2019-01-09 03:11:59,890 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\orange.bmp
2019-01-09 03:11:59,905 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\win.bmp
2019-01-09 03:11:59,937 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\Example.nsi
2019-01-09 03:11:59,937 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\Readme.htm
2019-01-09 03:11:59,937 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\auth_dlg.nsi
2019-01-09 03:11:59,953 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\ftp_auth.nsi
2019-01-09 03:11:59,953 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\head.nsi
2019-01-09 03:11:59,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\headers.nsi
2019-01-09 03:11:59,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\headers.php
2019-01-09 03:11:59,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\https.nsi
2019-01-09 03:11:59,983 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc.cpp
2019-01-09 03:12:00,000 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc.dsp
2019-01-09 03:12:00,000 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc.dsw
2019-01-09 03:12:00,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc.rc
2019-01-09 03:12:00,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc_local.nsi
2019-01-09 03:12:00,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post.nsi
2019-01-09 03:12:00,030 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post.php
2019-01-09 03:12:00,030 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post_file.nsi
2019-01-09 03:12:00,046 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post_file.php
2019-01-09 03:12:00,046 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post_form.html
2019-01-09 03:12:00,046 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\put.nsi
2019-01-09 03:12:00,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\put.php
2019-01-09 03:12:00,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\recursive.nsi
2019-01-09 03:12:00,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\redirect.nsi
2019-01-09 03:12:00,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\redirect.php
2019-01-09 03:12:00,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\resource.h
2019-01-09 03:12:00,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\timeout.nsi
2019-01-09 03:12:00,125 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\translate.nsi
2019-01-09 03:12:00,140 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\wiki.txt
2019-01-09 03:12:00,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Afrikaans.nlf
2019-01-09 03:12:00,171 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Afrikaans.nsh
2019-01-09 03:12:00,171 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Albanian.nlf
2019-01-09 03:12:00,171 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Albanian.nsh
2019-01-09 03:12:00,187 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Arabic.nlf
2019-01-09 03:12:00,187 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Arabic.nsh
2019-01-09 03:12:00,203 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Armenian.nlf
2019-01-09 03:12:00,203 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Armenian.nsh
2019-01-09 03:12:00,203 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Asturian.nlf
2019-01-09 03:12:00,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Asturian.nsh
2019-01-09 03:12:00,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Basque.nlf
2019-01-09 03:12:00,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Basque.nsh
2019-01-09 03:12:00,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Belarusian.nlf
2019-01-09 03:12:00,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Belarusian.nsh
2019-01-09 03:12:00,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Bosnian.nlf
2019-01-09 03:12:00,265 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Bosnian.nsh
2019-01-09 03:12:00,265 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Breton.nlf
2019-01-09 03:12:00,265 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Breton.nsh
2019-01-09 03:12:00,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Bulgarian.nlf
2019-01-09 03:12:00,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Bulgarian.nsh
2019-01-09 03:12:00,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Catalan.nlf
2019-01-09 03:12:00,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Catalan.nsh
2019-01-09 03:12:00,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Cibemba.nlf
2019-01-09 03:12:00,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Cibemba.nsh
2019-01-09 03:12:00,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Corsican.nlf
2019-01-09 03:12:00,358 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Corsican.nsh
2019-01-09 03:12:00,358 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Croatian.nlf
2019-01-09 03:12:00,358 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Croatian.nsh
2019-01-09 03:12:00,375 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Czech.nlf
2019-01-09 03:12:00,375 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Czech.nsh
2019-01-09 03:12:00,390 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Danish.nlf
2019-01-09 03:12:00,390 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Danish.nsh
2019-01-09 03:12:00,390 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Dutch.nlf
2019-01-09 03:12:00,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Dutch.nsh
2019-01-09 03:12:00,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Efik.nlf
2019-01-09 03:12:00,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Efik.nsh
2019-01-09 03:12:00,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\English.nlf
2019-01-09 03:12:00,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\English.nsh
2019-01-09 03:12:00,437 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\EnglishGB.nlf
2019-01-09 03:12:00,437 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\EnglishGB.nsh
2019-01-09 03:12:00,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Esperanto.nlf
2019-01-09 03:12:00,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Esperanto.nsh
2019-01-09 03:12:00,467 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:00,467 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Estonian.nlf
2019-01-09 03:12:00,483 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Estonian.nsh
2019-01-09 03:12:00,483 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Farsi.nlf
2019-01-09 03:12:00,500 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Farsi.nsh
2019-01-09 03:12:00,500 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Finnish.nlf
2019-01-09 03:12:00,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Finnish.nsh
2019-01-09 03:12:00,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\French.nlf
2019-01-09 03:12:00,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\French.nsh
2019-01-09 03:12:00,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Galician.nlf
2019-01-09 03:12:00,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Galician.nsh
2019-01-09 03:12:00,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Georgian.nlf
2019-01-09 03:12:00,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Georgian.nsh
2019-01-09 03:12:00,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\German.nlf
2019-01-09 03:12:00,562 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\German.nsh
2019-01-09 03:12:00,562 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Greek.nlf
2019-01-09 03:12:00,578 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Greek.nsh
2019-01-09 03:12:00,592 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hebrew.nlf
2019-01-09 03:12:00,592 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hebrew.nsh
2019-01-09 03:12:00,592 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hindi.nlf
2019-01-09 03:12:00,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hindi.nsh
2019-01-09 03:12:00,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hungarian.nlf
2019-01-09 03:12:00,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hungarian.nsh
2019-01-09 03:12:00,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Icelandic.nlf
2019-01-09 03:12:00,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Icelandic.nsh
2019-01-09 03:12:00,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Igbo.nlf
2019-01-09 03:12:00,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Igbo.nsh
2019-01-09 03:12:00,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Indonesian.nlf
2019-01-09 03:12:00,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Indonesian.nsh
2019-01-09 03:12:00,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Irish.nlf
2019-01-09 03:12:00,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Irish.nsh
2019-01-09 03:12:00,671 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Italian.nlf
2019-01-09 03:12:00,687 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Italian.nsh
2019-01-09 03:12:00,687 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Japanese.nlf
2019-01-09 03:12:00,687 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Japanese.nsh
2019-01-09 03:12:00,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Khmer.nlf
2019-01-09 03:12:00,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Khmer.nsh
2019-01-09 03:12:00,717 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Korean.nlf
2019-01-09 03:12:00,717 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Korean.nsh
2019-01-09 03:12:00,717 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Kurdish.nlf
2019-01-09 03:12:00,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Kurdish.nsh
2019-01-09 03:12:00,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Latvian.nlf
2019-01-09 03:12:00,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Latvian.nsh
2019-01-09 03:12:00,750 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Lithuanian.nlf
2019-01-09 03:12:00,750 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Lithuanian.nsh
2019-01-09 03:12:00,765 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Luxembourgish.nlf
2019-01-09 03:12:00,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Luxembourgish.nsh
2019-01-09 03:12:00,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Macedonian.nlf
2019-01-09 03:12:00,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Macedonian.nsh
2019-01-09 03:12:00,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Malagasy.nlf
2019-01-09 03:12:00,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Malagasy.nsh
2019-01-09 03:12:00,812 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Malay.nlf
2019-01-09 03:12:00,812 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Malay.nsh
2019-01-09 03:12:00,828 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Mongolian.nlf
2019-01-09 03:12:00,842 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Mongolian.nsh
2019-01-09 03:12:00,842 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Norwegian.nlf
2019-01-09 03:12:00,858 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Norwegian.nsh
2019-01-09 03:12:00,858 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\NorwegianNynorsk.nlf
2019-01-09 03:12:00,875 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\NorwegianNynorsk.nsh
2019-01-09 03:12:00,875 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Pashto.nlf
2019-01-09 03:12:00,890 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Pashto.nsh
2019-01-09 03:12:00,890 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Polish.nlf
2019-01-09 03:12:00,905 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Polish.nsh
2019-01-09 03:12:00,905 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Portuguese.nlf
2019-01-09 03:12:00,921 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Portuguese.nsh
2019-01-09 03:12:00,921 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\PortugueseBR.nlf
2019-01-09 03:12:00,937 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\PortugueseBR.nsh
2019-01-09 03:12:00,937 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Romanian.nlf
2019-01-09 03:12:00,953 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Romanian.nsh
2019-01-09 03:12:00,953 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Russian.nlf
2019-01-09 03:12:00,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Russian.nsh
2019-01-09 03:12:00,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\ScotsGaelic.nlf
2019-01-09 03:12:00,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\ScotsGaelic.nsh
2019-01-09 03:12:00,983 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Serbian.nlf
2019-01-09 03:12:00,983 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Serbian.nsh
2019-01-09 03:12:01,000 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SerbianLatin.nlf
2019-01-09 03:12:01,000 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SerbianLatin.nsh
2019-01-09 03:12:01,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Sesotho.nlf
2019-01-09 03:12:01,030 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Sesotho.nsh
2019-01-09 03:12:01,030 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SimpChinese.nlf
2019-01-09 03:12:01,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SimpChinese.nsh
2019-01-09 03:12:01,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Slovak.nlf
2019-01-09 03:12:01,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Slovak.nsh
2019-01-09 03:12:01,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Slovenian.nlf
2019-01-09 03:12:01,092 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Slovenian.nsh
2019-01-09 03:12:01,092 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Spanish.nlf
2019-01-09 03:12:01,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Spanish.nsh
2019-01-09 03:12:01,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SpanishInternational.nlf
2019-01-09 03:12:01,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SpanishInternational.nsh
2019-01-09 03:12:01,187 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Sundanese.nlf
2019-01-09 03:12:01,203 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Sundanese.nsh
2019-01-09 03:12:01,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Swahili.nlf
2019-01-09 03:12:01,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Swahili.nsh
2019-01-09 03:12:01,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Swedish.nlf
2019-01-09 03:12:01,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Swedish.nsh
2019-01-09 03:12:01,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Tamil.nlf
2019-01-09 03:12:01,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Tamil.nsh
2019-01-09 03:12:01,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Tatar.nlf
2019-01-09 03:12:01,265 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Tatar.nsh
2019-01-09 03:12:01,265 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Thai.nlf
2019-01-09 03:12:01,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Thai.nsh
2019-01-09 03:12:01,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\TradChinese.nlf
2019-01-09 03:12:01,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\TradChinese.nsh
2019-01-09 03:12:01,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Turkish.nlf
2019-01-09 03:12:01,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Turkish.nsh
2019-01-09 03:12:01,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Twi.nlf
2019-01-09 03:12:01,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Twi.nsh
2019-01-09 03:12:01,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Ukrainian.nlf
2019-01-09 03:12:01,328 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Ukrainian.nsh
2019-01-09 03:12:01,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Uyghur.nlf
2019-01-09 03:12:01,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Uyghur.nsh
2019-01-09 03:12:01,358 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Uzbek.nlf
2019-01-09 03:12:01,375 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Uzbek.nsh
2019-01-09 03:12:01,390 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Vietnamese.nlf
2019-01-09 03:12:01,390 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Vietnamese.nsh
2019-01-09 03:12:01,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Welsh.nlf
2019-01-09 03:12:01,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Welsh.nsh
2019-01-09 03:12:01,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Yoruba.nlf
2019-01-09 03:12:01,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Yoruba.nsh
2019-01-09 03:12:01,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Zulu.nlf
2019-01-09 03:12:01,437 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Zulu.nsh
2019-01-09 03:12:01,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI\System.nsh
2019-01-09 03:12:01,467 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI\ioSpecial.ini
2019-01-09 03:12:01,483 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Deprecated.nsh
2019-01-09 03:12:01,500 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Interface.nsh
2019-01-09 03:12:01,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Localization.nsh
2019-01-09 03:12:01,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\MUI2.nsh
2019-01-09 03:12:01,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages.nsh
2019-01-09 03:12:01,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\Components.nsh
2019-01-09 03:12:01,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\Directory.nsh
2019-01-09 03:12:01,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\Finish.nsh
2019-01-09 03:12:01,562 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\InstallFiles.nsh
2019-01-09 03:12:01,562 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\License.nsh
2019-01-09 03:12:01,578 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\StartMenu.nsh
2019-01-09 03:12:01,578 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\UninstallConfirm.nsh
2019-01-09 03:12:01,578 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\Welcome.nsh
2019-01-09 03:12:01,592 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\resource.h
2019-01-09 03:12:01,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.c
2019-01-09 03:12:01,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.dsp
2019-01-09 03:12:01,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.dsw
2019-01-09 03:12:01,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.rc
2019-01-09 03:12:01,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.sln
2019-01-09 03:12:01,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.vcxproj
2019-01-09 03:12:01,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.vcxproj.filters
2019-01-09 03:12:01,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_ansi\api.h
2019-01-09 03:12:01,671 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_ansi\pluginapi.h
2019-01-09 03:12:01,671 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_ansi\pluginapi.lib
2019-01-09 03:12:01,687 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode\api.h
2019-01-09 03:12:01,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode\nsis_tchar.h
2019-01-09 03:12:01,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode\pluginapi.h
2019-01-09 03:12:01,717 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode\pluginapi.lib
2019-01-09 03:12:01,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\default.exe
2019-01-09 03:12:01,750 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern.exe
2019-01-09 03:12:01,750 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_big.exe
2019-01-09 03:12:01,750 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmp.exe
2019-01-09 03:12:01,765 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmp_big.exe
2019-01-09 03:12:01,765 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmp_original.exe
2019-01-09 03:12:01,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmpr.exe
2019-01-09 03:12:01,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmpr_big.exe
2019-01-09 03:12:01,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmpr_original.exe
2019-01-09 03:12:01,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_nodesc.exe
2019-01-09 03:12:01,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_original.exe
2019-01-09 03:12:01,812 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_smalldesc.exe
2019-01-09 03:12:01,812 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\sdbarker_tiny.exe
2019-01-09 03:12:01,828 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\switch_to_big.bat
2019-01-09 03:12:01,828 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\switch_to_original.bat
2019-01-09 03:12:01,842 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\zip2exe\Base.nsh
2019-01-09 03:12:01,858 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\zip2exe\Classic.nsh
2019-01-09 03:12:01,858 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\zip2exe\Modern.nsh
2019-01-09 03:12:01,875 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Colors.nsh
2019-01-09 03:12:01,890 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\FileFunc.nsh
2019-01-09 03:12:01,890 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\InstallOptions.nsh
2019-01-09 03:12:01,905 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\LangFile.nsh
2019-01-09 03:12:01,921 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Library.nsh
2019-01-09 03:12:01,937 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\LogicLib.nsh
2019-01-09 03:12:01,953 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\MUI.nsh
2019-01-09 03:12:01,953 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\MUI2.nsh
2019-01-09 03:12:01,953 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Memento.nsh
2019-01-09 03:12:01,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\MultiUser.nsh
2019-01-09 03:12:01,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\NewTextReplace.nsh
2019-01-09 03:12:01,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Registry.nsh
2019-01-09 03:12:01,983 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Sections.nsh
2019-01-09 03:12:01,983 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\StrFunc.nsh
2019-01-09 03:12:02,000 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\TBProgress.nsh
2019-01-09 03:12:02,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\TextFunc.nsh
2019-01-09 03:12:02,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\TextReplace.nsh
2019-01-09 03:12:02,030 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\UpgradeDLL.nsh
2019-01-09 03:12:02,030 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Util.nsh
2019-01-09 03:12:02,030 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\VB6RunTime.nsh
2019-01-09 03:12:02,046 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\VPatchLib.nsh
2019-01-09 03:12:02,046 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\WinCore.nsh
2019-01-09 03:12:02,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\WinMessages.nsh
2019-01-09 03:12:02,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\WinVer.nsh
2019-01-09 03:12:02,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\WordFunc.nsh
2019-01-09 03:12:02,092 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\dialogs.nsh
2019-01-09 03:12:02,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\nsDialogs.nsh
2019-01-09 03:12:02,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\x64.nsh
2019-01-09 03:12:02,140 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\COM.nsh
2019-01-09 03:12:02,140 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\Propkey.nsh
2019-01-09 03:12:02,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\WinDef.nsh
2019-01-09 03:12:02,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\WinError.nsh
2019-01-09 03:12:02,155 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\WinNT.nsh
2019-01-09 03:12:02,171 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\WinUser.nsh
2019-01-09 03:12:02,187 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\EmbeddedLists.dll
2019-01-09 03:12:02,203 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\Banner.dll
2019-01-09 03:12:02,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\BgImage.dll
2019-01-09 03:12:02,217 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\Dialer.dll
2019-01-09 03:12:02,233 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\DialogsA.dll
2019-01-09 03:12:02,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\ExecDos.dll
2019-01-09 03:12:02,250 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\FindProcDLL.dll
2019-01-09 03:12:02,265 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\INetC.dll
2019-01-09 03:12:02,265 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\InstallOptions.dll
2019-01-09 03:12:02,280 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\KillProc.dll
2019-01-09 03:12:02,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\KillProcDLL.dll
2019-01-09 03:12:02,296 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\LangDLL.dll
2019-01-09 03:12:02,312 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\Math.dll
2019-01-09 03:12:02,342 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\MoreInfo.dll
2019-01-09 03:12:02,375 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\StartMenu.dll
2019-01-09 03:12:02,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\System.dll
2019-01-09 03:12:02,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\TypeLib.dll
2019-01-09 03:12:02,405 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\UserInfo.dll
2019-01-09 03:12:02,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\VPatch.dll
2019-01-09 03:12:02,421 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\advsplash.dll
2019-01-09 03:12:02,437 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\libDialogsA.dll
2019-01-09 03:12:02,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\newadvsplash.dll
2019-01-09 03:12:02,453 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsDialogs.dll
2019-01-09 03:12:02,467 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsExec.dll
2019-01-09 03:12:02,467 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsisdl.dll
2019-01-09 03:12:02,483 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\registry.dll
2019-01-09 03:12:02,500 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\splash.dll
2019-01-09 03:12:02,500 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\textreplace.dll
2019-01-09 03:12:02,515 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\w7tbp.dll
2019-01-09 03:12:02,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\Banner.dll
2019-01-09 03:12:02,530 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2019-01-09 03:12:02,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\BgImage.dll
2019-01-09 03:12:02,530 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\Dialer.dll
2019-01-09 03:12:02,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\DialogsW.dll
2019-01-09 03:12:02,546 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\EmbeddedLists.dll
2019-01-09 03:12:02,562 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\EnumINI.dll
2019-01-09 03:12:02,562 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\FindProcDLL.dll
2019-01-09 03:12:02,578 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\INetC.dll
2019-01-09 03:12:02,592 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\InstallOptions.dll
2019-01-09 03:12:02,592 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\KillProcDLL.dll
2019-01-09 03:12:02,608 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\LangDLL.dll
2019-01-09 03:12:02,625 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\Math.dll
2019-01-09 03:12:02,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\MoreInfo.dll
2019-01-09 03:12:02,640 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\RealProgress.dll
2019-01-09 03:12:02,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\SelfDel.dll
2019-01-09 03:12:02,655 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\StartMenu.dll
2019-01-09 03:12:02,671 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\System.dll
2019-01-09 03:12:02,671 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\TypeLib.dll
2019-01-09 03:12:02,687 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\UserInfo.dll
2019-01-09 03:12:02,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\VPatch.dll
2019-01-09 03:12:02,703 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\advsplash.dll
2019-01-09 03:12:02,717 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\dialogsEx.dll
2019-01-09 03:12:02,717 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\execDos.dll
2019-01-09 03:12:02,733 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\libDialogsW.dll
2019-01-09 03:12:02,750 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\md5dll.dll
2019-01-09 03:12:02,765 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\newadvsplash.dll
2019-01-09 03:12:02,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\newtextreplace.dll
2019-01-09 03:12:02,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\nsDialogs.dll
2019-01-09 03:12:02,780 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\nsExec.dll
2019-01-09 03:12:02,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\nsisdl.dll
2019-01-09 03:12:02,796 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\registry.dll
2019-01-09 03:12:02,812 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\splash.dll
2019-01-09 03:12:02,828 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\w7tbp.dll
2019-01-09 03:12:02,828 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\bzip2-x86-ansi
2019-01-09 03:12:02,842 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\bzip2-x86-unicode
2019-01-09 03:12:02,858 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\bzip2_solid-x86-ansi
2019-01-09 03:12:02,858 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\bzip2_solid-x86-unicode
2019-01-09 03:12:02,890 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\lzma-x86-ansi
2019-01-09 03:12:02,890 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\lzma-x86-unicode
2019-01-09 03:12:02,905 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\lzma_solid-x86-ansi
2019-01-09 03:12:02,921 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\lzma_solid-x86-unicode
2019-01-09 03:12:02,921 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\uninst
2019-01-09 03:12:02,937 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib-x86-ansi
2019-01-09 03:12:02,937 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib-x86-unicode
2019-01-09 03:12:02,953 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib_solid-x86-ansi
2019-01-09 03:12:02,967 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib_solid-x86-unicode
2019-01-09 03:12:03,000 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\donation_button.png
2019-01-09 03:12:03,000 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\favicon.ico
2019-01-09 03:12:03,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\help_background_footer.png
2019-01-09 03:12:03,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\help_background_header.png
2019-01-09 03:12:03,015 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\help_logo_top.png
2019-01-09 03:12:03,030 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\InstallerWizard.nsi
2019-01-09 03:12:03,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\License.txt
2019-01-09 03:12:03,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\MoveFiles.nsh
2019-01-09 03:12:03,062 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\ReadINIStrWithDefault.nsh
2019-01-09 03:12:03,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\Readme.txt
2019-01-09 03:12:03,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\TBProgress.nsh
2019-01-09 03:12:03,078 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\header.bmp
2019-01-09 03:12:03,092 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\header_rtl.bmp
2019-01-09 03:12:03,108 [analyzer] INFO: Added new file to list with pid 1312 and path C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\welcomefinish.bmp
2019-01-09 03:12:04,375 [analyzer] INFO: Process with pid 1312 has terminated
2019-01-09 03:12:04,375 [analyzer] INFO: Process list is empty, terminating analysis.
2019-01-09 03:12:05,375 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-01-09 03:12:06,717 [analyzer] WARNING: File at path "u'c:\\documents and settings\\zamen\\local settings\\temp\\nsq2.tmp'" does not exist, skip.
2019-01-09 03:12:11,750 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-01-09 09:33:07,237 [lib.cuckoo.core.scheduler] INFO: Task #600: acquired machine winxpsp3pro32 (label=winxpsp3pro32)
2019-01-09 09:33:07,851 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 32665 (interface=eth2, host=192.168.128.102, pcap=/opt/cuckoo/storage/analyses/600/dump.pcap)
2019-01-09 09:33:10,978 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=winxpsp3pro32, ip=192.168.128.102)
2019-01-09 09:33:38,867 [lib.cuckoo.core.guest] INFO: winxpsp3pro32: analysis completed successfully
2019-01-09 09:34:38,230 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-01-09 09:34:40,766 [modules.processing.network] ERROR: Unable to open /opt/cuckoo/storage/analyses/600/dump_sorted.pcap
2019-01-09 09:35:55,638 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50a54950>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 09:35:55,639 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50a54410>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 09:35:55,639 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50a54290>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 09:35:55,640 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9b50a54b50>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-09 09:35:55,641 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9b50a54b50>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9b50a54b50>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

This executable is signed
The executable has PE anomalies (could be a false positive) (1 event)
section .ndata
Allocates read-write-execute memory (usually to unpack itself) (2 events)
Time & API Arguments Status Return Repeated
Jan. 9, 2019, 12:11 a.m.
NtProtectVirtualMemory
base_address: 0x10004000
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1312
process_handle: 0xffffffff
success 0 0
Jan. 9, 2019, 12:11 a.m.
NtProtectVirtualMemory
base_address: 0x10004000
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1312
process_handle: 0xffffffff
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (4 events)
Time & API Arguments Status Return Repeated
Jan. 9, 2019, 12:11 a.m.
GetDiskFreeSpaceExW
total_number_of_free_bytes: 18093906994593796
free_bytes_available: 217017207043916553
root_path: C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller
total_number_of_bytes: 563877666357248
failed 0 0
Jan. 9, 2019, 12:11 a.m.
GetDiskFreeSpaceExW
total_number_of_free_bytes: 24102490112
free_bytes_available: 24102490112
root_path: C:\Documents and Settings\zamen\Local Settings\Temp\
total_number_of_bytes: 31453437952
success 1 0
Jan. 9, 2019, 12:11 a.m.
GetDiskFreeSpaceExW
total_number_of_free_bytes: 5339348723570775
free_bytes_available: 845431476544928
root_path: C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller
total_number_of_bytes: 5340688753360896
failed 0 0
Jan. 9, 2019, 12:11 a.m.
GetDiskFreeSpaceExW
total_number_of_free_bytes: 24102490112
free_bytes_available: 24102490112
root_path: C:\Documents and Settings\zamen\Local Settings\Temp\
total_number_of_bytes: 31453437952
success 1 0
Creates executable files on the filesystem (50 out of 93 events)
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\nsisdl.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\sdbarker_tiny.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\ExecDos.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\bin\MakeHeader.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\KillProcDLL.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\makensis.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsDialogs.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_nodesc.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\EmbeddedLists.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsExec.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\MoreInfo.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\Dialer.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\zip2exe.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\Banner.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\LibraryLocal.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmp.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\KillProc.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\makensis.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\UserInfo.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\Dialer.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmp_original.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmpr.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\System.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\RealProgress.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\SelfDel.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\dialogsEx.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\DialogsW.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\newadvsplash.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\zlib1.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\GenPat.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\INetC.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\7z.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_big.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\registry.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\FindProcDLL.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\w7tbp.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\switch_to_big.bat
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\StartMenu.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\switch_to_original.bat
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmpr_big.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\w7tbp.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\VPatch.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\7z.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\LangDLL.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\TypeLib.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmpr_original.exe
file C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\nsDialogs.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\System.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\newtextreplace.dll
file C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\FindProcDLL.dll
The binary likely contains encrypted or compressed data. (2 events)
section {u'size_of_data': u'0x0001c800', u'virtual_address': u'0x001c9000', u'entropy': 7.238473101115835, u'name': u'.rsrc', u'virtual_size': u'0x0001c738'} entropy 7.23847310112 description A section with a high entropy has been found
entropy 0.780821917808 description Overall entropy of this PE file is high

Network

DNS

No domains contacted.

Hosts

No hosts contacted.

Summary

Process PortableApps.comInstaller_3.5.11.paf.exe (1312)

  • Opened files

    • C:\WINDOWS\system32\oleaccrc.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\pac_installer_log.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\bin
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\modern-header.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\ExDll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\DefaultData
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\modern-wizard.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller_3.5.11.paf.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\zip2exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc
  • Written files

    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Deprecated.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerMoveFiles.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Afrikaans.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appinfo.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode\api.h
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Slovenian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\readme.txt
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib-x86-ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Latvian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\orange-uninstall-nsis.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\Welcome.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\License.txt
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Slovenian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\makensis.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Yoruba.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\LangFile.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Malagasy.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Spanish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\LangDLL.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Arabic.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\DefaultData\settings.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\appicon_32.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\InstallFiles.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-r-nsis.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hungarian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\redirect.php
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib_solid-x86-ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\grey.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\BgImage.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Bosnian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Bosnian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\SpanishInternational.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-r.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Malay.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\EnglishGB.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\VPatchLib.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\System.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\win-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Arabic.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Sundanese.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hebrew.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Breton.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Efik.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Pashto.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Asturian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis3-grey.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Sesotho.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Welsh.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Serbian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\INetC.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Indonesian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\resource.h
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstaller.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Estonian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\registry.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\win.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode\pluginapi.lib
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\FindProcDLL.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\bzip2-x86-unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Latvian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Tamil.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Armenian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\zip2exe\Modern.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\orange-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Farsi.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Swedish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\InstallOptions.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Util.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Kurdish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\w7tbp.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\COPYING
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\VPatch.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Icelandic.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install-blue.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Catalan.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\Components.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\nsDialogs.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\recursive.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmpr_big.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Mongolian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\pixel-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\StartMenu.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\splash.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-uninstall-nsis.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\classic-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmp_big.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Irish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\Readme.htm
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-uninstall-r-nsis.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\MultiUser.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\TypeLib.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Italian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Khmer.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Indonesian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Japanese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_smalldesc.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc.cpp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\lzma-x86-unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsDialogs.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\advsplash.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\timeout.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\VPatch.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\ExDll\exdll.h
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\TBProgress.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Cibemba.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis3-metro.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Sundanese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\PortableApps.comInstaller.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\advsplash.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Welsh.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\WinNT.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Albanian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Belarusian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Kurdish.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Norwegian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\Math.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow2-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Finnish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Mongolian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Vietnamese.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsisdl.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\help_background_header.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\PortableApps.comInstallerHeader.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Khmer.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Polish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall-full.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Macedonian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\textreplace.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_16.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI\System.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\EnumINI.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Farsi.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\favicon.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_ansi\api.h
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\headers.php
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\EnglishGB.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\StartMenu.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Croatian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\help_logo_top.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\appicon_16.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Breton.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI\ioSpecial.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Asturian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Macedonian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Icelandic.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Russian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post_form.html
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Pashto.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis-r.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Igbo.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Valencian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\SimpChinese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\Dialer.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SpanishInternational.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\resource.h
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Interface.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\French.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\VB6RunTime.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\zip2exe.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\TradChinese.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Portuguese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-metro.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\Banner.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Romanian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SerbianLatin.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Slovak.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\llama.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\nsDialogs.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\Dialer.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Greek.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Uyghur.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Hungarian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\FindProcDLL.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Croatian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\https.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\FindProcDLL.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Library.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\modern-header.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\orange-install-nsis.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\dialogsEx.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\newadvsplash.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\bzip2_solid-x86-ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\LangDLL.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\TBProgress.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SimpChinese.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Bulgarian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\NorwegianNynorsk.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_75.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_big.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Memento.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-grey.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\InstallOptions.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Swahili.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Estonian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Czech.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\w7tbp.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Irish.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Catalan.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc_local.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Bulgarian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Tatar.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\switch_to_original.bat
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis3-install-alt.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Basque.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Swedish.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Russian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hebrew.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmpr_original.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\newtextreplace.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Korean.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\simple-round.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\default.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Esperanto.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Greek.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Thai.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_128.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\zip2exe\Base.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\InstallOptions.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Turkish.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Spanish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Esperanto.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\box-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_original.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Slovak.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\modern-wizard.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\German.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Catalan.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Hindi.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\FileFunc.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.c
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\header.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\NewTextReplace.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\libDialogsW.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Dutch.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\newadvsplash.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Slovak.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\English.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\llama-blue.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\libDialogsA.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Registry.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\BgImage.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\Example.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\Math.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\SelfDel.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Luxembourgish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\lzma_solid-x86-unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\License.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post.php
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\German.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\MUI.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\welcomefinish.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Korean.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Colors.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-branding-r.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\classic-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\bzip2_solid-x86-unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\MakeLangId.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Sesotho.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Tamil.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-metro-right.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\auth_dlg.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Galician.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Estonian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\md5dll.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\box-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\header_rtl.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis3-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Hebrew.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\nsisdl.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\LogicLib.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\arrow.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\NorwegianNynorsk.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\lzma-x86-ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\ExecDos.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Cibemba.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Igbo.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\PortableApps.comInstallerHeaderPluginRTL.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hindi.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Swahili.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode\nsis_tchar.h
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Italian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\UserInfo.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\StrFunc.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\ftp_auth.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\PortugueseBR.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Asturian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\EnglishGB.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsExec.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Afrikaans.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\UninstallConfirm.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hungarian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Georgian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\System.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Lithuanian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Uzbek.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\TextReplace.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis3-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Finnish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Swahili.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Korean.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\makensis.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\WinUser.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Danish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Luxembourgish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\French.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall-colorful.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Ukrainian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmp_original.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\ScotsGaelic.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmpr.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\pac_installer_log.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Twi.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Ukrainian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\StartMenu.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\red-round.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\RealProgress.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Lithuanian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Thai.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib-x86-unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Esperanto.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_32.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Bosnian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Croatian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\DialogsW.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Belarusian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\orange-uninstall-nsis.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\zlib1.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\GenPat.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow2-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode\pluginapi.h
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Galician.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Lithuanian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Norwegian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nullsoft.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\put.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SerbianLatin.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\donation_button.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Breton.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerTBProgress.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\big.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Latvian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Czech.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Malay.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\headers.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\zip2exe\Classic.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Serbian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Igbo.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.rc
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Efik.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\KillProcDLL.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\Propkey.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\red.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Yoruba.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\appicon.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Icelandic.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SpanishInternational.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\splash.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Norwegian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Belarusian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\WinMessages.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis3-branding.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall-blue-full.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib_solid-x86-unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\nsDialogs.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Malay.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Galician.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\translate.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Japanese.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\ScotsGaelic.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Swedish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\WinVer.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\nsExec.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis1-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\System.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.sln
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Danish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Arabic.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\orange.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.dsp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.dsw
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Cibemba.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\MoreInfo.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\PortugueseBR.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Vietnamese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-uninstall-r.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\TradChinese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\execDos.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Serbian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\registry.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\WinError.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\KillProcDLL.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\UpgradeDLL.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\dialogs.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.vcxproj.filters
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\LangDLL.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post_file.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\PortableApps.comInstallerHeaderRTL.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\EmbeddedLists.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\orange-uninstall.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\lzma_solid-x86-ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Spanish.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_ansi\pluginapi.h
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\wiki.txt
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\uninst
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Dutch.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\PortugueseBR.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Danish.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Georgian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc.dsw
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Czech.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\put.php
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc.dsp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Polish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\NorwegianNynorsk.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\orange-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\sdbarker_tiny.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\bzip2-x86-ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\colorful.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\simple.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Corsican.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\bin\MakeHeader.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\SerbianLatin.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Vietnamese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\English.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\WordFunc.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\TradChinese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\DialogsA.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc.rc
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\MUI2.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\WinDef.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_nodesc.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Greek.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Basque.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\MoreInfo.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Kurdish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\Finish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Zulu.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis3-vintage.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Turkish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Macedonian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_256.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Uzbek.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Yoruba.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Romanian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\LibraryLocal.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_headerbmp.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\KillProc.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Localization.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\TextFunc.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\License.txt
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\win.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-branding.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Uyghur.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Bulgarian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Welsh.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Khmer.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\redirect.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\PortableApps.comInstallerHeaderPlugin.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\classic-cross.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\grey-cross.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-uninstall.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\English.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Slovenian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\modern.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-vintage.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\head.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\MUI2.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Portuguese.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\nsis1-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\German.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\simple-round2.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\appinfo.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\TypeLib.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install-blue-full.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Thai.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\win-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Malagasy.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Malagasy.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\7z.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Tatar.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Ukrainian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Finnish.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post_file.php
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Armenian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Farsi.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Luxembourgish.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Armenian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.vcxproj
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\COM.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\x64.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\switch_to_big.bat
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerDumpLogToFile.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Twi.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_ansi\pluginapi.lib
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Pashto.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip\7z.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Portuguese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Irish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\Directory.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install-full.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\Readme.txt
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-grey-right.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Hindi.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Italian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\RegTool-x86.bin
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Japanese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\pixel-uninstall.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Romanian.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange-nsis.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstaller.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\French.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Russian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq2.tmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\w7tbp.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Efik.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Georgian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\classic.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\llama-grey.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-vintage-right.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\orange.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Indonesian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\EmbeddedLists.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Corsican.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\InstallerWizard.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Basque.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstaller.nsi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Albanian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\INetC.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\SimpChinese.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install-colorful.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Afrikaans.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\Banner.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Dutch.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\orange-nsis.bmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Uzbek.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\help.html
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Turkish.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\UserInfo.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\ReadINIStrWithDefault.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Sections.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Polish.nlf
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Zulu.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\MoveFiles.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Mongolian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images\help_background_footer.png
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\WinCore.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Albanian.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerDriveFreeSpaceCustom.nsh
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall-blue.ico
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerConfig.nsh
  • Files Read

    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\pac_installer_log.ini
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller_3.5.11.paf.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq2.tmp

Process PortableApps.comInstaller_3.5.11.paf.exe (1312)

  • Registry keys opened

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530e-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\AppLogLevels
    • HKEY_CLASSES_ROOT\Directory
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530e-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT
    • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
    • HKEY_CURRENT_USER\Control Panel\Desktop
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    • HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
    • HKEY_CLASSES_ROOT\Folder
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\PortableApps.comInstaller_3.5.11.paf.exe
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530a-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
    • HKEY_LOCAL_MACHINE\System\Setup
    • HKEY_LOCAL_MACHINE\System\WPA\PnP
    • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
    • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Debug
    • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
    • HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\(Default)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530d-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530a-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530d-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530b-636a-11e6-ba0d-806d6172696f}\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530b-636a-11e6-ba0d-806d6172696f}\
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT\UserEra
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\(Default)
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • Registry keys written

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530e-636a-11e6-ba0d-806d6172696f}\BaseClass
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530d-636a-11e6-ba0d-806d6172696f}\BaseClass
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530a-636a-11e6-ba0d-806d6172696f}\BaseClass
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d396530b-636a-11e6-ba0d-806d6172696f}\BaseClass
  • Registry keys read

    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530d-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530a-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530b-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewScrollOver
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DevicePath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Domain
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\DriverCachePath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopDebugLevel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32\(Default)
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OsLoaderPath
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewWatermark
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530e-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogPath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateProcess
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath
    • HKEY_LOCAL_MACHINE\SYSTEM\WPA\PnP\seed
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackCachePath
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopLogging
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogLevel
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Hostname
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530a-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530d-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530b-636a-11e6-ba0d-806d6172696f}\Data
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d396530e-636a-11e6-ba0d-806d6172696f}\Generation
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ProductType
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewScrollOver
    • HKEY_CURRENT_USER\Control Panel\Desktop\LameButtonText
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateObject
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local Settings
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ChkAccDebugLevel
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt

Process PortableApps.comInstaller_3.5.11.paf.exe (1312)

  • Mutexes accessed

    • oleacc-msaa-loaded
    • MSCTF.Shared.MUTEX.EFG

Process PortableApps.comInstaller_3.5.11.paf.exe (1312)

  • Directories created

    • C:\Documents and Settings
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Data
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\bin
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\7zip
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\ExDll
    • C:\Documents and Settings\zamen\Local Settings
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages
    • C:\Documents and Settings\zamen\Local Settings\Temp\
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other
    • C:\Documents and Settings\zamen\Local Settings\Temp
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\DefaultData
    • C:\Documents and Settings\zamen
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_ansi
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help\images
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Help
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\zip2exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc
  • Directories removed

    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\
  • Directories enumerated

    • C:\Documents and Settings
    • C:\Program Files\Microsoft Office\Office12
    • C:\WINDOWS\system32\ctfmon.exe
    • C:\WINDOWS\explorer.exe
    • C:\Python27\pythonw.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller
    • C:\WINDOWS\system32\lsass.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp\*.*
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\*.*
    • C:\Program Files\Java\jre7\bin\jqs.exe
    • C:\Program Files\Java\jre7
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.com\PortableAppsPlatform.exe
    • C:\WINDOWS
    • C:\PortableApps
    • C:\WINDOWS\system32\svchost.exe
    • C:\Documents and Settings\zamen\Local Settings
    • C:\Documents and Settings\zamen\PortableApps\*.*
    • C:\Documents and Settings\zamen\Local Settings\Temp\nsq3.tmp
    • C:\WINDOWS\system32
    • C:\Python27
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other
    • C:\Documents and Settings\zamen\Local Settings\Temp
    • C:\WINDOWS\system32\services.exe
    • C:\Program Files\Java
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\*.*
    • E:\PortableApps
    • C:\Documents and Settings\zamen
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App
    • C:\Program Files\Common Files\Java
    • C:\Program Files\Java\jre7\bin
    • C:\WINDOWS\system32\spoolsv.exe
    • C:\WINDOWS\system32\alg.exe
    • C:\Program Files\Common Files\Java\Java Update\jusched.exe
    • C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\*.*

Process PortableApps.comInstaller_3.5.11.paf.exe (1312)

  • DLLs Loaded

    • C:\WINDOWS\system32\APPHELP.dll
    • C:\WINDOWS\system32\USERENV.dll
    • C:\WINDOWS\system32\SHELL32.dll
    • kernel32.dll
    • UxTheme.dll
    • C:\DOCUME~1\zamen\LOCALS~1\Temp\nsq3.tmp\w7tbp.dll
    • C:\WINDOWS\system32\OLEACC.dll
    • C:\WINDOWS\system32\CRYPTBASE.dll
    • C:\DOCUME~1\zamen\LOCALS~1\Temp\nsq3.tmp\System.dll
    • C:\WINDOWS\system32\browseui.dll
    • ole32.dll
    • C:\WINDOWS\system32\UXTHEME.dll
    • C:\WINDOWS\system32\DWMAPI.dll
    • C:\WINDOWS\system32\RichEd20.dll
    • C:\DOCUME~1\zamen\LOCALS~1\Temp\nsq3.tmp\FindProcDLL.dll
    • C:\WINDOWS\system32\PROPSYS.dll
    • C:\WINDOWS\system32\SETUPAPI.dll
    • C:\DOCUME~1\zamen\LOCALS~1\Temp\nsq3.tmp\LangDLL.dll
    • C:\WINDOWS\system32\SHFOLDER.dll
    • SHELL32.dll
    • PSAPI.DLL
    • C:\WINDOWS\system32\CLBCATQ.dll
    • browseui.dll
    • C:\DOCUME~1\zamen\LOCALS~1\Temp\nsq3.tmp\nsDialogs.dll
    • shell32.dll
    • SETUPAPI.dll

PE Compile Time

2018-01-29 22:58:43

Signing Certificate

MD5 da26be9659b0132c12c0fc4d24f038c5
SHA1 c0a448b9101f48309a8e5a67c11db09da14b54bb
Serial Number f0e150c304de35f2e9086185581f4053
Common Name Rare Ideas, LLC
Country US
Locality Astoria

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00006409 0x00006600 6.40783079431
.rdata 0x00008000 0x0000138e 0x00001400 5.14383173215
.data 0x0000a000 0x00066358 0x00000600 4.00056108793
.ndata 0x00071000 0x00158000 0x00000000 0.0
.rsrc 0x001c9000 0x0001c738 0x0001c800 7.23847310112

Imports

Library KERNEL32.dll:
0x408070 ExitProcess
0x408074 SetFileAttributesW
0x408078 Sleep
0x40807c GetTickCount
0x408080 CreateFileW
0x408084 GetFileSize
0x408088 GetModuleFileNameW
0x40808c GetCurrentProcess
0x408094 GetFileAttributesW
0x4080a0 GetTempPathW
0x4080a4 GetCommandLineW
0x4080a8 GetVersion
0x4080ac SetErrorMode
0x4080b0 lstrlenW
0x4080b4 lstrcpynW
0x4080b8 CopyFileW
0x4080bc GetShortPathNameW
0x4080c0 GlobalLock
0x4080c4 CreateThread
0x4080c8 GetLastError
0x4080cc CreateDirectoryW
0x4080d0 CreateProcessW
0x4080d4 RemoveDirectoryW
0x4080d8 lstrcmpiA
0x4080dc GetTempFileNameW
0x4080e0 WriteFile
0x4080e4 lstrcpyA
0x4080e8 MoveFileExW
0x4080ec lstrcatW
0x4080f0 GetSystemDirectoryW
0x4080f4 GetProcAddress
0x4080f8 GetModuleHandleA
0x4080fc GetExitCodeProcess
0x408100 WaitForSingleObject
0x408104 lstrcmpiW
0x408108 MoveFileW
0x40810c GetFullPathNameW
0x408110 SetFileTime
0x408114 SearchPathW
0x408118 CompareFileTime
0x40811c lstrcmpW
0x408120 CloseHandle
0x408128 GlobalFree
0x40812c GlobalUnlock
0x408130 GetDiskFreeSpaceW
0x408134 GlobalAlloc
0x408138 FindFirstFileW
0x40813c FindNextFileW
0x408140 DeleteFileW
0x408144 SetFilePointer
0x408148 ReadFile
0x40814c FindClose
0x408150 lstrlenA
0x408154 MulDiv
0x408158 MultiByteToWideChar
0x40815c WideCharToMultiByte
0x408168 FreeLibrary
0x40816c LoadLibraryExW
0x408170 GetModuleHandleW
Library USER32.dll:
0x408194 GetSystemMenu
0x408198 SetClassLongW
0x40819c EnableMenuItem
0x4081a0 IsWindowEnabled
0x4081a4 SetWindowPos
0x4081a8 GetSysColor
0x4081ac GetWindowLongW
0x4081b0 SetCursor
0x4081b4 LoadCursorW
0x4081b8 CheckDlgButton
0x4081bc GetMessagePos
0x4081c0 LoadBitmapW
0x4081c4 CallWindowProcW
0x4081c8 IsWindowVisible
0x4081cc CloseClipboard
0x4081d0 SetClipboardData
0x4081d4 EmptyClipboard
0x4081d8 OpenClipboard
0x4081dc ScreenToClient
0x4081e0 GetWindowRect
0x4081e4 GetDlgItem
0x4081e8 GetSystemMetrics
0x4081ec SetDlgItemTextW
0x4081f0 GetDlgItemTextW
0x4081f4 MessageBoxIndirectW
0x4081f8 CharPrevW
0x4081fc CharNextA
0x408200 wsprintfA
0x408204 DispatchMessageW
0x408208 PeekMessageW
0x40820c ReleaseDC
0x408210 EnableWindow
0x408214 InvalidateRect
0x408218 SendMessageW
0x40821c DefWindowProcW
0x408220 BeginPaint
0x408224 GetClientRect
0x408228 FillRect
0x40822c DrawTextW
0x408230 EndDialog
0x408234 RegisterClassW
0x40823c CreateWindowExW
0x408240 GetClassInfoW
0x408244 DialogBoxParamW
0x408248 CharNextW
0x40824c ExitWindowsEx
0x408250 DestroyWindow
0x408254 GetDC
0x408258 SetTimer
0x40825c SetWindowTextW
0x408260 LoadImageW
0x408264 SetForegroundWindow
0x408268 ShowWindow
0x40826c IsWindow
0x408270 SetWindowLongW
0x408274 FindWindowExW
0x408278 TrackPopupMenu
0x40827c AppendMenuW
0x408280 CreatePopupMenu
0x408284 EndPaint
0x408288 CreateDialogParamW
0x40828c SendMessageTimeoutW
0x408290 wsprintfW
0x408294 PostQuitMessage
Library GDI32.dll:
0x40804c SelectObject
0x408050 SetBkMode
0x408054 CreateFontIndirectW
0x408058 SetTextColor
0x40805c DeleteObject
0x408060 GetDeviceCaps
0x408064 CreateBrushIndirect
0x408068 SetBkColor
Library SHELL32.dll:
0x40817c ShellExecuteExW
0x408184 SHBrowseForFolderW
0x408188 SHGetFileInfoW
0x40818c SHFileOperationW
Library ADVAPI32.dll:
0x408004 RegCreateKeyExW
0x408008 RegOpenKeyExW
0x40800c SetFileSecurityW
0x408010 OpenProcessToken
0x408018 RegEnumValueW
0x40801c RegDeleteKeyW
0x408020 RegDeleteValueW
0x408024 RegCloseKey
0x408028 RegSetValueExW
0x40802c RegQueryValueExW
0x408030 RegEnumKeyW
Library COMCTL32.dll:
0x408038 ImageList_Create
0x40803c ImageList_AddMasked
0x408040 ImageList_Destroy
0x408044 None
Library ole32.dll:
0x40829c OleUninitialize
0x4082a0 OleInitialize
0x4082a4 CoTaskMemFree
0x4082a8 CoCreateInstance

!This program cannot be run in DOS mode.
`.rdata
@.data
.ndata
Instu_
softuV
NulluM
SVWj _3
Aj"A[f
D$$SPS
Vj%SSS
f9=(gD
D$$+D$
D$,+D$$P
\u f9O
90u'AAf
UXTHEME
USERENV
SETUPAPI
APPHELP
PROPSYS
DWMAPI
CRYPTBASE
OLEACC
CLBCATQ
RichEd32
RichEd20
MulDiv
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
ReadFile
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
lstrcmpW
lstrcmpiW
CloseHandle
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
SetFileAttributesW
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
KERNEL32.dll
EndPaint
DrawTextW
FillRect
GetClientRect
BeginPaint
DefWindowProcW
SendMessageW
InvalidateRect
EnableWindow
ReleaseDC
LoadImageW
SetWindowLongW
GetDlgItem
IsWindow
FindWindowExW
SendMessageTimeoutW
wsprintfW
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
ExitWindowsEx
CharNextW
DialogBoxParamW
GetClassInfoW
CreateWindowExW
SystemParametersInfoW
RegisterClassW
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VERSION
SHGetFolderPathW
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownW
RegDeleteKeyExW
ADVAPI32
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
SetDefaultDllDirectories
KERNEL32
[Rename]
%ls=%ls
:hW2e+S
B-o@mm=
zV@uM5'
!l|]R~!
T0/~Aw
p]Dm6M
@Gk3o#
by/1YZ
s]go`Q
s}}=G
$3?U,d
Gpo/U,
OA]]5w
Garjl2
O@ntBz.
!hni`a
6nh[15
r(t'PN
ICCc+454
>1iT=TkD~
MqT~x^^c
GkcPUU
gi4blk
olj}xyGK
K6#hqHx
tw-ezo
m[aYW;dr9
"_` `
!JR6;-,
@ ah"5
4ocOY)
:JuN:p
YAHRqE
Z;z8}h
P{nlmP
6j;4F#
c{hdt
k4s}J6
NQ3T[]
CWVWin|
_A>VS*
LJ'VqWe
w^ZH=b#^"
{D6Ium
Da5V} #
aq4j"K`
BBL#%9
0[Z;$J
1]lBK/`
0B>i#R
Z\rMM!%
H1Vfgh
Zlp)p$
)]@$2c`%
A:[bf<"R
8W,9+p
wd-8:@
7Hrhls
JZJ!5[
nk$'5;x
Q#kaQ
7\IE,)
O<AO=J
m'QQhF
g76j4>3I
RZdBD PS
, '-c&
?Da[+/
"1?2,1$
RG !/E
D^+x3x~
tnyU6E
O&'&C+
;8*wEZ
w^}CB>
!KI+OF
;-*<f"
p\cOdK!1
Gu6:Zs@;
9GWgoR.
;EyNS
20n2EB|6"
yldHp
'!;"00
PGCTl~aD
*Ujrj
MSs34lw
V5x!4R
S&M7wd
qJvly
Sghv~^
j'_FtYDk
KiT*t|a^
ejE",+
y#v`[=
5\Kv'R
4\x$N2
e5@B},
V&'i{w
{X7.C/
jh.b)*S}
a$2f3Su
J@6.Ms(J
9l<x@j
OKgNKC
dj359AGVWd
i:6?)@
;jKoo0
\EnK;#@{
^|D.Ne7
=vdqH!HZ
wE~d0H
{49=Ii
/sNx,u
!%r@C6
cWEnl!
483`kby
0&DiYlB
~p7b7Y673
Hj\("XMF
vSH@al6
tcsgx?
7L#i:F
*4'f`N
_^tvAY
:27Q6,4N
;5<w%&E
HCIs&%
97(?86I
B<1Y44V
!:5<~35\
D>Fz/*
<4*F:5L
<:;t54]
@;>n3&
<61W:=l
D=,'7:e
D?<JSRj
FCK{YY~
85HO\^
8>t`NP
=<^[_a
GA=;KJf
HDGPC<&
LGLtPPp
MG>BJI]
IDBD $DQ47
((L0,/d
*,Va37o
94**wma
40%.qh\
83('[TH
B<0crj]
?:.O[TH
C=1V;6+
=7+1JD7cRL@
JE8g>9,3
*%4r84Cp,#
0*"?%%B
-+-V,+O
4()E10N
QNSfef
RMMRIB6
MG@.USd
NH=!$&`DQS
"'f/EH
LGGNMKg
VSUbOI:
23Qe:?|
+-]q8<t
MN{]@>i
"%SG,.V
QK?I^YM
SMALHB7
pD?>A="
HO@DFFDD'!"
pFOOHSNNSMFB&%
jPOPLXmjVKKWMEA'n
niM48KWREBm
f58ksIN
j8WUHBYs
0WZHBMko:.2
N2WUIBIikK.28
(/iTG3CJWf,+*
iJWnTM
9nM603CIf9
ojI4($3C6f,
gx7+JG0
]a]a]]
abbab]\
\bvv]zz`
746!%%A
IHa}?<<
42?D%'L
B?I;@;0
22Il*+X
DBTb>91
13nL05n
5:xL<A|
;?~LIK
BD|LRS
@Af]WY
QQoMhi
KLumhj
:;coAD
36p6:>y
`ZOIKF:
;4F?>@6.,
IEFNlD89A4/k
c@G0Ln9'
a9G1<h(
B=#$@9
TU]USQY
`^^^sS
\FmT69K!
8b{kw~
baP`g|
_jlvzyxb^
]buxyubO
+&/d,-U
VSX\il
XU_^RL;
GGg]OQ{
(*^cCCk
[UISaYNd|sg
aYNde^RgHB6
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.03</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
NullsoftInst
reESj4
\m&e7W
m.MM<^
9Qs]V#
Fo4?.[
jEOb;7
0*Zm@K23
uBsU*M
\/I/bn
iMzx"b
Zw|3w_
HM='$W
6gpdeOd
n~mann
m_W"d:G
i!$uYTg
@* &K7
By3T1<
]PsJCv
[LUjB~
lAY&,7
,!SH><
Y|m_,P
8e*BHk
qo*3vi
%h?j9;*
m4 hF{Q
|<{=`x
REh+DV
96B/AF
a1G{1q
ikoNqu
iGiTF!
Qd(X+_
*W0\GC
Sz]/$s
T+z4+w
\5$v!f
+Sd,el
S8?uXh6
x(,HNl
P1</e~
QXcVv~t
ht0||t
0oL2*
J$B/qv
+(I^ex
N4+ZD-
'FF<IC
s+SX^ts
c#%a<i
7wevD?
Es6^Bq
2gO9C4
4CRw>lv
aYtsZ@
11!8mH
] b&8R
d5l0**GvD=
c\VfWv!3(h
xeCmmm
prnqJ {
)hSB$
:D!RRAr
9]Sau/*
XC8b:%{
GK|>/*TERq
BGn=]^|
yyPG-e.
s"VSmy
7s-HVGZ
?w?`y|
k!BVDt
2^iV*t]
?z}r\?
j9 }7f
Uh*LOL
+#c7H1-
^W@n!3
EEH"Yk
?g8y4<
OH&`a
{XNM/{
rpT?;vR
+iQE>WD
/Y!>c_
:KD3-W
Wr$M_Y
qR=u'u(
TG=0e_
7>vzdR
%p^l ?
lgSY;c
Yt34GyYRDg
cA0;5H,0
4)(J#1t
{kz'+}
sk!p0'
Fq;mz$Lf|
(ik'4{<
@epWuM
,&Y;J'U
ej^J=5
iw$l)S
H#cy#[Ihi/
W+Q#|>J
>bkZ^e5
T2u~Lc
D`TzN
SDEf*M
-X]o\i
U}Ehd4
]jzZ#O]
T36dm8
]`{nZ`-
eUD)x;
U;N(UQ
UaW*2_.
iRT1`U
k/s`#\|9
-8b>E6P> t
9bgbuL.
%Nu{p
EuEQ$k
|ZD#?Dxf
gLMtp\
T0N}JH;
Z5(ma/
n6,$-Z+
Fsi%Id'
.`sMlJ
Ey>"O8fgA
&N<Jy<H
5(bF7"TM
]VuuIZT
jpXF5pD
~0V|qo
:RsVk
UPE}@u
5d-)#W
$zhf)N
pP>=+c
hi+AyDh
m!r@_w
H"iy0^NzD
'j\W3c
f_icX-
"/A#rH
{!VQ,s
Ux1]|~
cAqWo7
USxXZ*yN
Q*r^*k#
.9zRUB
c)o;1LF
oS:d~<&
Hs7vWvWA
X8%$nz
$k`qj9
JYw\j`
RbiE{zo
U#Q})oB
eq)L M|{
23kyk&3
E8!TN?O"p,
voF]v(
qzy5~z
fMtSgx
_i2gJYqy
g)E4rm
t\k.z.
H0iw4x1I
&}UFs#
i7YNFxT
lCTE[C
\,&#x1
DP"-vx
x=}0Y(
Z%]o?\
P1)[aq
=bCX8r
^hZ:k\
oBPV^H
Dq!u~z
'\|.a
?[Reeq
T{d(/!J
z=<e8R
6ot ?;z
_a%YS
&g6pGH
z6jISL
UN3CQN
IR5'o73
l.h1X\
hFH9iP
F,S+E&
#'Rv"E2'
n).pk&
/a=!_V}
5WPD(]
Fg4cx~
J+'CviU
wfqJ8zB
KfB]m0L
8$k)S=0q
3Y[AA,FAT_c~T
zn]8pE
(ChRSz
!\Vy.L
Ipz3a4QJd
26x8T)
I\4'#A
C4yea5
|UO^Cg^
x3@cZb(
5t48%G
lAQi$ZW
M8LhTS
w|w#.8
YIUIlM
YvH\MV
6Z&[Q~J
7p`IG{
dslT2M
]dil7l
<-s2/rm\
e/w!(q
w6~}Ha
6N]<)zr>j
]8Q&PZ*
ZLjCFT
I?8P8fi
A?lHn?
]{$\;b
sp*%,$|
4G25Qc
*H#j\Mf
NX=iq%M
+wW\HD
ocZjf#
&0rg#w
c)d|J
RJbD+*=
mlxK0G
2=uqpW
CH S2!
S^:]2c(
Y@5-~J?
DGobD#
82%z#_
anw[V6n$"d*
&+(Y39\,.
0~9'jp
Xm%/}P
w5D.|.
lz9JGc
"sOCzG
"b&AWz
nrhWH8c
.;gP{"
<SzUf-
0u]SUC
4,4c#P
U"dx2t
xEpKN27\B
$]gmoo
:TRn]W
d/kJ,+T
kR:LWZw
alxc,t+
K:-UK`
B1L=Dy
R3;tme
&Z~\et
.go+Ap
tl3<^9^
9J0vlGv
@wgtWO
>.r^k?_WxSh
"iU2xg;
Z]=X\T
cnyA hP
]53)0D
f-|n0j
+|&>AS
{\Tb%A)
^ZQD\,
T:B#x0
W?6wsIT_
5l_xIc
)>)|sE\g
T\x^&Y+
H/fwevp
cmE08U
)Z-Z.q
]xBe],J
RqN]~-
2=BZzj
1T, :N
Q:{UmU
p,\xyU
Xq(gX%=&
4%Rjf_
x<[YB%
6;5 [=-
X~=_Rs
El@`xt
xbFsHc
CP>eKg
CYa}[}3T
X/%~]R
G~tp$+
_Z8`qvW
,5#5pH
\RkH!B
3Mb>I&
4}fyu0
$z!8 m
`J3fQW
9Opmqv}
t4L+hQ
^~d/A8
dZyvAXLl
qvYpF\
c<NG+d
YvSVKA6
8ne"gg
&S[6(D
A<(L8Ik
|]x/wu
7gBF-s
.*V910
Jh`~fP
V\Tg?9
lR3rB=
]~3i79'
[u@x,#<
GZNI;_
yMty-a
eg{m/B
+:.!N?
Ai[ kB
d=~*<
ffl7-?1
^uKNc+(
OXFgs?
Y^>BLN
O=tOy.>
K []p
Rk"jI~
=|+0@<
`1IG1B
^U!+^
:PQmky
t%8\'Hu
9~Yfy"
4EQ/K7
]P5P>8
+Ns3%s
6=D6u#
%8U]Pv
/U!8V'
Aqm*;
gve<4~
Fvje;I
e}(, ?
C@+#n<
%{[3nb
x&k~h%
 4l%8p
`[Ip3D
ZZgp|
BzE9 F
r@~]ZcMx
}Wb6LL
d.w{yW
]I~s}[oSq
7|ZZMQ5
T:JD~N8
2O/bWPfI
[^]/>
@`/f|.Y
0W^p/,6
xUx*9.)
Us$U(5
q5bc7F)
~:+Uk6
LRM}ge
7`DTJJ
LZJ+sx
:zXTEu
^./]]'
0/&*1%
43`;s5
&3vwHRm
CuZd{eJ
w^`(MI,
fmhzsE
c[Gzq`N
| ko[T
15z9jF
H.sl]a
j _-/l
/=IoVF
c4J>r
8v*k08k
S6|:O~
aw{"*onf|
/zp0i.
BN#:(C'
Jb.hE(
s_85r,t3
"^NS/]
w.0ugs
zpHjw#
kFZL^_
;'zai+#
`. K.`
mBb7yh
E_iJvb
O^3[4c
"b{"bD
>s/<G&J
v*EkE
lQl7c#
(* usd
(2JX$)Pt
5acAIO!
1bIv&e
F(KzzyD8
^0AdRv)
I '6l(
;pI7V2
'yO4C
~y,Z-9
u",CPx
"qbkWC~~
o^tO~"!
sKE"B"
[6lw{8$
-oGj{;O
[]M7e4
X^7rr3
Y Ps;oFM
+$$e,kq`
$aZ4"|
^Vy+B<q<
!r'f<nm
"1>NdF
2N*?s]@
8]m7M:~
d6Ow2(
EYT+4'
L_<Aa9h
evm?2y
h4!m\!
bZ="5T
kBg'$@
mql+)!
(YuP3
6 F@mvB
kmzf/8
.}lxdU[<
RW?cofrD
H9q>_(
S-(,B;
4{bd:R
LSvOX1
wR4vEAB
/]~&^
[Oi,(0K
m4``~]
tmc1Bf
:8A@em
d.!0_lHy
3273`;~oB
d%[;5t
x|&c2N
|:W^q`N;47
xW%%qi
20^a<M
.txo_=
L#*R5$
Zl7>P'
+ur$2%
)xC9y/
B$e6=
t6CLs0'
;dDyOQM#p3
a%rp/k
Ay/r4O'
Os1$!P
5I8bt_
nZ9e7p
6dH^soFi6^
HQ|``I//
zH?\!=
eknudl
junJ=X
ia'1*|
M]w \\
r X^)r
T"*s5O
<jklh!+]
SS%?oRq
R3wK<R
(ZGr43i
?uJ<BV
mdA1~7
zBY&YQ
.'i-DQ
}wG2oW
ru6PoT
/Tt>BGL
&*uG#<
!)3~#Y
QMwBn;
5RMeO3F
:XsU([
X-/$Fh&
GBoAVvC5
-$fN]Zt
%.Qc!L
L#<PjzO
G.[I-3
w4K!|g
4,0jaB
w4Z"R<
9v1|xW+
o-4;0&
].FS|nLV
E%?7a!
swk4(V
TVUbnF
,~@X4%
gu:Oit
;<_7PJ
#ojgTeF?
=Lh5^:F
j)f[IjW
h;gB\>D
j4'GN4
ZXF?!c
,O4x~q
uP]H:#QB
e??eI
;O9A;+
jcYRi!
o.ro[e
Em'uiB
Edz^.-
m}Ss9]
~231#h
t-_"NU8
uNS3-
xhGG:@
[E7a*9
C|:Qub
b]V3"Y
8Ot,~{~
.xf24C
QG%)-
0$<+`)<
'|/0VI
0&Oe!8~
<PVOJU"]4
D\k`M7
J(s2R:e
k}|>M$
ZUzh}|
\Z`5dK/
ns1]n}
2*S}#?
BvAe[r,
pa0H+[
FW&!u;
m:^1ye
SGUba74
R37)-
n+!#A)$
q{P*^1
yF2$:h
f@)#u>
8l[vGz
hm-g__
1 V>lG
7p=<zTi
.j+i2@
J<oj%X>
E]pnb7
5+iH8C
P'[0o
sPMo1+
W{:x62
hl`Pkn
`evOtZY,
r9qk.Y
K'h0C/
';m%rO
!$AY''
J8f=p~c
0*??~#0
`;L>*EI
Mh0rX8e%
jIoD`}h
v,U\y(
h4oeq-
InXKr2]
/6h[oT2
U$>2/O
\C\P2h
fC:k"}'
yHIt(\
E[*F~7
C]d+7;
Rg@u+Q
?K></%,=
42R8e9"
c#5[l8
R}_ Fpd
n:*Mc(P
'H'rix
BNK^Y]
@s28(p
d4!v0*
iY~4O
XU2Lkn
Q<@CWQ
QA./p?
4H:r OA
;=~A(O
J2x@On
sbEbpj
~!qmGq)
q e]~Nit
&;\KVB
c*D>fHp
4MG74M^
;FO `1
<8;Kh&
i!]=ol
?ZBFa;
||m~Vz
RGa~m O
'KR,4n
jqy9\|
yV7I6$
F&i1P:Q
Rcn.`Ah
N9PlHYc
sBhYX
%N/A3&
yL/JZh
(s=~/G;
C?(:k}{UG
h%##Me
1^5Z"q[
Q0&r%,
29~/aH
bhUyU4
*CU:ar]
98tcJ6
bW_"glm
,;B1WjX
k]=;\An/
[cq,0-VG
2KNW'g,G
]:qW\\
K~n}j(
sI3?ehI
kZ0tzZ
0^*O=)
NvlT[(@
^/lC t
\>f9OG
aNflV?
&\K4VLB|
xdrO#S9
4SKSUn
<lbFN\
LCa8:5
wf4+R=}
D-UtRy=
QQq+Lg
m/v[4y&
jx?h97
bzHn3s"c{s
$%WkU(
}YHuXuW5
~VwzZ?
b+9rd>
e2Alvi
@\/v6ARJ?
Kn+cr*/v
Fz*O4!5
Ce;gnm
)&-UJr
k:>JR'
q|gR][
z[{i'/|
e@T:`_a
13p*lUW
\ri~/#
*>V5Vb
Xh6Ro|
3w$.7j
J!z>gk;
fnQ:p,)u
4IiK"m
rj#U;#
K9{U"
eo<z 4T:2DHg
;)tpc\o
v0kn<"h
7SI-!Y
]=`,u8K
yqi5@_
$)MER;G
q]<KcH_k
V=zCY!6~##
t=6PWv
%Lh^n-
.Mj|pNl
(R4>,wP<sZL
#P3xZ(
L1Vni#
iRG:XE
{>xR#]
h-<;,*
Z<K 8m
yW>1=a
|Y;MmK
l#3bq\
U.PQV=f!
%14~- BJ$
vZ{<(>%
aJ&5\X
]oZa=n
H 2iwJt
yUXtJr9
QlQXDn
q=9%R4
l1y2^=0Tm
9%.bQk
2ag:ch
qOr{0*qw
Kn]_fZ
|g\JzP
Erls=/PA
)m1jcU
&=qd7w
t=}m$`
fr-yq{
>3fW"mX
-0O6.
#6!8Q=
w<=EC@!9uT
0JO`(
--Nc./
<;9:7U
{AdH};
y'Y1mF
*Hs`Mt
dKOhYL[*9PR
2+;8;"6{T
kP;r@?
$&r70\d
O~{Ln0dxHt
yeV~VP
+L+e<a
:<Q$?k
:*g-7hr2
5jRM35
Jc?q@{;
SP2<iS
6AG) M
NK2=!3
b.Ha[t
Hk/cIz
p/j&sJ
sZda'W>x0_
YYU)"jD
#~Y[~q
KCa>@cA;W
g'*u&!
gym\(}
3s[aFI
93,6Ie_
[}\_=%
2sy"$*
PfkBDO
!&r1KZK
oJ?%iL
"v%~o*
.DkS+M7&
/gmP;|Q%
+Z1_W~
g%{GOA
K3H Y
Ll4nXs
61`530
kL`\PGX
3~mG^,
New^kcX
''[X1ey
&dNUu8
:qVA^0sK
vGz&(du
YP`Ub+
"lR$6s0
|&!@&1
bT<3|V
#w pqU
VJ%]l#
l|l=p
AP3BLy
fG^P/1x
7FW#Dv
&<P!eM
NG1.;w
bMr~9E
c8#p\5Kg
Y73jp6
g";2~j~|Z"
(`}rJM
?4_r/8
Bod_ns
C`!qP7({
`\;,,$
pKZ=nr\
'ew)2x
N|b=q:
KaDlGRD
Xk4+b,
mU`6c7l
*sT(55R
a}<a.s
3l75/qd
_xUtQtt
nl/TYxK
:pll!A
Pq0Ot5
5>^4,&#Y
z7F7oc?
^t*l/
j<|q*Ryndm
^a_FLup"
Zs52z)
k;{ys
"~(x_-1
i:1=&V)
`0'>[L'
xD+Hj!6M
}#ne,w
:E2T{g
=%{Nye
\ou*HT'I
W.dQR;
U[=N(2
Xn'1+4
Ceo\@AQ
9=^i!F
Vo%_MV
l]4rp'
CbAh+@
^)<K}$
Ra~61d
:N$+at
9TZger
*=O"Af
2gf&^I~X
{|$s$I\I
[eFDg
X^n&f0!e
xGo8X$
TxkRQL6Bem
~@+@oV'([;
[l-X:I
yy ?q/q7`
R4r1{x
%|v#P>04
Q=?PpjZ
@25HP E
4*H(mO="`\
U\+>EZ
kLVCoza3
:R%ioo
rBJc1'
Ut5#rC
`m)1BG
GNPY0m
vHs/?Bn
_MA[@?
!Np]Rm
@;@ha.
.*~C^p
W5T{lk
w&avWY
(>[F@n
omGIUEv
n`4wIwK
K=OuM!{
Pt"qI>
+U2v'd
iv|vs|
Cc=A3?L
&OKg0w
HXhD=<
.s)z+`}
b'129-pOf,
|c*?%r
[b6cdl
oVBJYFUK
))>!1F>ns[
>V^GW,U
R R!f2X
QLF"7o<w
.;)tviR
=ko3%(
&z:k!`:
'o7D0
)cF8[y
"!tTvH
CYXEzM
voMrZu
jl)9R|)
ia{PqJ6
ERG)5_z
3._"in
@Dgiw|2
$+|L-2i
kTZUjnUZ
pe!C7?f
C.iyc[
Fi!\Q"
|-bx_h
jg]IVba.{
p,<^&w
*"f%9&
<<Eudh
uJrG8(
Sld4G )
ty*x|6
DTt>t+
'No-A#a|
9 6>%J
l$N t[d
Tf[)Z6
iN5d+(^
(-xDY4
.C}H}C
OdaC5S
_bJ'=W
1b;b4;YM
/?)n}
(OCB,_t7b1
nW*%^z
}ap9d2
`4[|~m
6 G0yfCp
Vm=7zq
K~6KTT
(X0k'*
&T$'@T
]y_\\[
V77#E;h
Pw =o
hEI+M=?L
/aP;fC
]w1coW
6\mw- L
c8(zlRJW6
zj4J+Pgwh
,Vlvaj
m^#!i4
.+0%B~
xl.D^^W
@1oV|t
c8E i8
,xyVW_
?UZiR$
vVDbPL
K;+U'^
n=_mI}E"
;666SY
4c}:jc
.T*V7nj
+~Kpn'
^"/!_^
MGvOfY\V
0^PrbH
om0s&d
r}ffIs
Ey("pH
yFV+37$
2<SLJ[p
H`?N'7{
4oWn~+
d|Tyj&
:v";)r{R
O'BY@C
*%Q<Ym
8+wYla<
Q2#aiw
EH.\&&
2lNwu
);Z4Ch
*sQd!D
&^JD:$O
lBEB!(
e"u)8jN
*%7rbG
?6Q5I#
Au/_2jn
B't3Cyn
ug&G\?F
)#cW<z
Wn2U`i
In\VEX]
YUe2xD"
uDcQo;y7
N1B^!<
R;g<wa
'2$E5a
VRsIzx
B[=Ylq
Nb*)g@f
ij1t5+
7UsKvTt)Do
$}{;$p!
KRNOJ+
8om`JMn{f:>
tNKK+(-
u;B/-r
<TFr* W
l{$iUrb
V.D[pS
l2X@3~co+0
}"JWXR. I
e=[p*!0|
Ri|+)z]P
=Ofpgu
oL>MOc
x5XZ@Q
xcd34L
7LF4s?
lO;3AofviU
8q(^pN
v G7`
g1Cq%7d
VJW-o*
XtX}HJ
dL>>P)
LQiCzH
VLJgzZm
+g7fAI
d6.tKY
-,}8*W`
32b|E.
rzF;F|
},v439z
,2sa()H
)Dr:vN
L.WX^
SUWehR
vBH#i!k
yi._*J
I@zywYqv
&~qe9%
va?"$F
YrB-N
9bMop;}
Bfm|v17
xuT;;;I
ArXD.}
2![A *Gm
qYvfyp
)wgTD3
B)`pu),l^!
x@5=W]D1
bdA]"
a|9b_d
+*&sMu
.(~mhf
8k(nw*
uq-upw
>R#(wna
H`[huP
?[ldWz
[/4wv*
}W/id%<
C:S8),
;mNB|f
?`l6j<
)kpW(hz
En3""O
2iPIibX
7(QpX'n
6I_9A%
J[q" u
VIi $j
643'P2?
Y9&,=K
C2,caHU
gn{1 661u8
r5:8gU
?iuUj#,
'%F/-!
$?a6p9S
?Vk,Y6
A}tPpK
]xCRdV
:M!Q-@
.,V%]
#UeMG:
/Y>FTE%
685uA-
U}a}I4!
9F[F~4
{K^ZUcG
Mxa5=Pw
ZFE1>\
"^3BG
s4slZ=
N.B,el{-
G@{Rpp
1[|p7S
{eul;q_ka
\Ca;M'
!V7|wes
530rQDy7
E[Sq9Z
f")? ]
E4/}Mbu
u=`c8Y[)W
R9Z%CK0
+vHICY
4&4D%5By&q
4PtpjV
@rBttH
U(!nwxPN9
*cg}Gp
C/]#fuo!
,d%4f9
LcSD|Vw
;q7pS`
YC=uU1
C8*Ul|
>1Li+T
zxE|6sD|
J[5Tu
Z>4&ig *Z4
1#qR6@
v1GY!UB
U:BU|d
}{+_P$
4d&q*#
/{K}$#
#rsjRG[
RtkXnh{9
QkP6ZY
)$!%VL
6\V6ow+
(O_WpP
=<SiE!
_Cjq2*
h'7Ox;?R
0u{/fHQ
YoU8<<
Q|\VJKw,^
`)*xS0AM@
YBoDS{
O[/0G}9p
cx#<}wxn}
2*0kKO
s~5bY-]$
]!!Ns}
cWN}Ya
)cioy-AZ
:Vy1BfQ?xr
_lC2T:
<iC/l'
mqcNo]O
gVEG2
AYCb8>
mA/(w~
&|_%[C
R3^*K~
[N+{(RF
)lEI8y
jqA].`
z!pMK:
-3a3,p
a-_UuZ*+P4
,?,L{L
V_*QG+K
zZ6Hz@^
y=@-[HVE
7{Q}iyb
9rUIU#oFs7i
@nIWx;
E5IS*2
(:wc{d
1Hp"FfX
lvh7C?
Q?,m0B
a"<1EYY|
QO1o|Mhc
#S*kb2
W)YH@t
g1mdE3
q!Le9Q
r6!5LZ
NP3EW^
S~bP9y
Wb5)Ha
BF_}v4yX)
/atW@w
<wU!Z=U
x#S]pM
n8]"3(
3DP`rn
oLV3 )/a
L6:(:.
.J/zjC
-A7L7k
?Q;q5e
j'b~|v
ORE[m/|j
`@,6j'?
?5;G)##
+}x+BN
KIJ'>]f
Q;vZvY0
%4nZci
`z-,fc}"2
+B+0!-
0+Ss*
1D@,X&nM
8X\'qFW
NAMAaE
'QX41WA
&4!o_x
UyLs(r
+<5J:&8C1
yL"i[w
3TbQl9
6PE=fu
8^-QyvZz
ip#E6
{Up`Y^DY
J@Vq-M
?\ta#i
Qi$x<TF5%*
uyqv M_
nh**q*
5Np+GRC({5
;Ea9>X~Xk
WI8q8:
LaIzme
2=>?g|
exK>g
|)^S]2
R(st5%-
.88hO*l
9c1O9A
8/`~So
H`AW|@
Z+.TX?
45$jaJ
iKT,_}
J5Y(~(Gkc'
bv$wGZ
3OrP|#
/(l$^M
4|SOZ/
DUC%j78
|Rt&Fak
F((c?9
9VV3|w
7kQ/*8
@ch3s^
j&#+f@
BW}yf&
UYu-]Ze
6nhq\y>:
jm UJX
(#Q)jkA
|9OHogx{
dR@t.J
.\|G~[
8lUgU,`
ib=DmCR
(D|FHS'
4\0GFI
z`g\?K
`'\63y
LPB7td
5}@+S=
6.28<o
2&IU~5a
|G)SLL
$f~Z?}6
pSNdl+
m55v_n%
p5B;r.v
FcLW#0
!Y3p>m
@]S[`r*.XSZ
wbhj
)1,~dR
5]F|Gt
>jt&FX
q2>i6s
NmGXWAA
;_JOT:-Sm
;SMC{r
CL6`[G
Ie"c7\b
YXLNIbD
3!zSu
IT_Q\U
!V `U[Z5G
:]88vMq
o8QH`)
QveQ?%
eL6Z}$%^^
'+`yZ1
`@tQy#
FD5C r
tL7^j^f5
YY[N.R
&Qt!+.
|R]1iN
Ox*8XB
WyJpc-+8
Y_ia<f4
1KC2m
&.[VBK+9b
;#Sh#y
@(c?%{
Y6&7t!j
)\q82R
"z<Yh/T
9#`u,0
=)%KsAMxZ:^s
uM1=,[
ZepvV]
;-#.Q5
H$v#jG$
uS'B\2w/@
2dX_E
tkfH-[0I\
gDBP>#
UU9M~m
JEUqG^
r{D8nt
)L(G0\$
713sbh
wl`(P4
@Z)c#
tB`g}Xq
jF}.P$#
Q@b',H
4e=`q
k>D/B2
1yDNW
,)]%FR
Io3PjI
]]]>Ke
GXNZNs
()eWip
!6%Q503b8
u*~>do
H=m=P
TF{R<"}
\zC~#h
cnl1C~
6K|<!)
NyTudf
CXxL]er
i,0ZL)
g?9k| R
LT-/K?X
Bxk^-{
c;~XH}
_U^DD!
uNkdEbd
Iby?o6
K>x"|k
}!)siIj
_ N7i
l)Sirp
rrUocP
R!7j,e
l6YLXaj
(w{tUQ
iLC=6z
&(>t@.
8HWYa]|j
0JSS$#
X<)mfkZ*
!sOZ:'
-F:|ZJ
c".wg>;
_9J\Nb]D
X|%cSw
N=6hTKK
>\s\a%
UA[sgx
n38*{X
*EV(@8
E:*CYO
4<E_gLR
heOXqF
k!^; '
>r@hk#0
KdchTG
Dzp517ht
#W7kYU
cg`C!>
yr<rju
9Y~s;C,La
!4Xj->o
m@!z+\
N,pj
W(a:;8
2."<Y(_"
OE@VzA-:}
woIVBq
s?X7u?
ghJxZ]UXUv
34)${2
%U,/e"
U&z+$P
.t+z C
.;7\W<}
N?,,zb
cnF|A-I
,O-'i"A
sQuXW=
b"2q0:
KNtR7h
HUa&agH
zR" GXJ
~FWEo\
\O{&9
xr\crQ
V7;N=-:
CM:G.]^
bG4e9OOI
8wRU1
|p +s+
"c>Tp.
xZ"^!Q
NU0/7h
v9~k ${
21C)60
4}vx S
G61O2]
>uVP+Q
jBo+iB
D|o{jy
,\u>+\
B)?%'c
`Y47_G
jCXI8d
aYoEwn
UIH{9_D6
~~Y~$gt
3s\y.t
O0j^cv
Y5(^Ix
H)s*C_
;VgEy~
X5},@
$Nv8K&
XY]sB[Z
Bx*byM{$.
rRK,5j
.NK H3
Si;}av.
hFa@"Mh
m}8Ad!
z|PoX>
4TkU)KnH
2Aje0$e
2I,}yY
Jr4zVK
L)6X[D
*SJ9V&a
)8kcHp
h:jeyF
XZ<"KB
v6EnsB
T{-J7{9
PbS"$P
oU}Oe$
OAMj~)
'm?p{g
x<B>D_
}f0}f%U
jR/.:30
du{G'1
htsy9/`*
U|^,e#
^&<EZi
kwP(0R
~EN=n\
7x1J.(
+[dOe$be
Z!eN3D
I+)S_?G9
GG@jse
4ve4B*
[T*_0tL=>wJ
*7NK#O
CW}s6|E
Bpd>a@N/
K@kP;sv
&D:+L?
1U72Tr
,,UCYD8n
U^BoyC
+!*y)A
Dl[$=;ZC
{="d.'BI
V)`K.7n*
@AGUGw
NpIqq^
Z[&b_eI"-
CjKz]
uh[2?#
cbgRQ:*$
iVH\pDC
#Y1x@/
\"er56n
/h:0 O
@~!qu`
(a/FI(
%$a\ic1
wJ>&B`
gjv7J_h
,%~a'C
=| c?Q
Ue=WWi
3jfsJ~
:"b{eQ
7i=5s!o
W.OOu=fe
1$!C0>
,.=|H5
8+j<Q
F+g@zG+
?W\g0B}
b$fz`<
&/NLR4
ZWp]%1]?#R
%(zs+,
Q{N'ff
#,F(}u
~vE,:a
lQ:VqX
#pqap>G
^RfK(~
0,;Ydg
,24K6{
"A&JVl:
fa)1Cs
_8!9O
(*oe$>
D\ye&;nd
C=oX!,u>
ni`=aQ
s%kpjfg
MKIIxF
d/[a+RR
+dKYiOn
aqOS";Z
rc"k^`
A/h~^UR^OC
E*By)g
:}q:q!a
*,Mx]#
'EJ6^i
i}Q\;-
6b#w7
[wj?O
X.AuHl
7 |@k}
]%\FrC1V
xUW/aT
>6MDbK
?Zx?r+
eo_i]w-S}
jWTer>x
soS 9g
!fa-XA
~C7<+E
")1b/'
?yzp.Q
^!?U')k
D0qY:(l
PM:O#+
tm|"qlo
?k d3%]V?-
`gQ-Mk\
]1/Oih\
_)-%)3r
M(Ovq[
vviU_+
ONVY@zU
#%m.W/R
W 5{-Vo
</QYv
)N[g3pi
qN:3l}'
r<S3uCB=p
M=Ca47
4Y}}Jm
c<"`*{
Xl$> <
6I=N~8'9
I#f_g@
VT^&~?
|Tk[Qm
u6;w~~
8_Dh]
;)Hr,k`
q53WE0?H
Cwq>%(?
mBIQ7SV
$R,LpE
^:gNbD
+LY5v
')_&G/"
_j#`_<
VeQEFN
WJ1>r*
kppg"XfW
hy[Sc,P`n
h[&nZz?=
6eI^TK
|/)u9)vw1
$W>C5GOQ
(0W2TO
WxKU .0
?GrX1\
4Nl(j=Dg
2vC%M=
+=E1I&3
O'iY4
ss1%L|^
y{UbTb
"R)OL>
Q,}X|}
]1gXO[
vje.kX|
$Q}of6
8K[9td$q
89q,#*
-S9o.%
-!D1%=
8){N=U
YzZj^dI
6MEtTM
$M1/YB
/k~Wgo/?
$ao{+
-Np$f!S
mDDfx]d
f@B*Q:v{j
exTJQ\T7a
LkQ^%@
dcB(D]9
5yd(|,
xYiO%d
m>r*vf
tsa\sZ
3!"Hbz
6qR)|1
rue2kN
7h%+>!v
Iai,4tW
p854p;>
}rJwHp
)aRhP
"i=<OTi
M@Ts{j4D
lKJyO!
4pW~-5
.mI#@|
Yz \H:+
v;n/Vb!
UJG^94<
bBk>):
K2 vg
K6vZ>_
Q%llP#
[<l0G#
}0&U5<N
B)WUYq
`*IQEw
DPw0c{d
cz"="$
Sc1$HW
pb}tWm[
PIO9}8bb9G
h1UM@z
O)U/`k;3
uR@z3Q
AZ3yRR
1Lc_Aeg
vCJA{
h|cf$zy
b*e|Np
ezv"Sy
R+nx_u
ERqndF]
c@/sA2&
\w/ e9|
@{18]w
>o681v
T('Sit
<S)Hh0
O[6|FBQGW
t`riS[H
]:Z5g M
ZBn;:bR
LP'ddQ
JCD`]p
"Rs;PNH
#OKZ[JI
X[jCU
sD->+|
5?tFg@
n+fe0k
X+@aUN
K(s.S0G
vrdQQ
9>r2|3q{d
fGgt '
GTK3:[}
>2C?Ug
Xzy<3,
.#F1S1
px?-E
U"=t-U
s&xR3c?:
C-~~LP
0_r/Lr
b?|9I)
Di&`&b*
F[!gf9
;=;{3\
<A>:H|.
zOu3bx$W
ruBX0!
`|Cb_jN
:T+eg1
os|}S*B2K
W^nMh=
}sO]tm
Ip&1Z@m
VbGXIG
wFS^U
4f@;"E
ELNr- g=]
>.fwI>
fdI|$
!*G?7|
``;5tf
"]\$-u=
`f1sRh%j\
xn?V$p
BD[X:
P3l!bJjG
C0,?4_
?g_5{=
jj5$@j
6kd;jIZ!
Npx*,.}
~G{6+i
2:=fW5
nc}/IA
0*p.9281
W;g[Rk
<2}X{&
v7c)9#/]
Ksr*)V
~^jZ(T
k8dhKD
%"4c[&
Ru.lq~
i\\zcayr
p| 2&Nv
O~<oke
Dq2%VUc
hdJm0$
; &:y)
{OCIJ
9)<Wg@
*>S~K>
-nUzi4
8V8g-V|
5W#\]Y^
v()~kq^Bw
05c+JH
I\i[:V
:t'^XuH8
M!@_9"
03!FjD
w"688]
h02<HI
KDY$:^
,\R)3b
AY:*Es
H1_F |
/RP,MDH
w00{yx_
n]q>fl
sA:_sb"D
/`7XUf
qHMwy#
$&Sed[t
,x|C'R
&w$a5+$Y(op
DU3T c
f}1Y)W[
mCFt3q#
]oZP4ou
RBi1<s-
@J=4mz
2o@h")
UDg^gF
VdY 7z
;@q%K#R
#^r[&|
3;Bz*W
r;D*yR
_^SaU^
60@DB~Hn
XnL`iM8
s9]"9n
:,/7A8/G
=zOB*
$BG,n){
Z^+P&-
o#dl9e/
i=!z)o
MxU>jN/Kb
&}Td9M
#c{BX9
Y[VBGx
ey;Z;
KEl34NI
'aK5Waau^a
}mOxufbs%J
];#OtG
yf/uEA].
a_4%6[
K?^)~w
(AKl4Q@
]0pMZ;n
FB#6:*
D~K6'>]
@2'(2i
^Lw>mh
J9NL$x
U18,Z;)!
}{S404
me4*0d
c&rS2Rp
57|7D
BPn)a(
HU|H{,]_
,9+?Xtb({)CpZ
f1>^FP
x'nUQ|
`^9`9*
*?j^Su
H*&NyD
Ro'[2h
>@w':gfi
(t*z!X@e
pe=7cx,
HaOmbu
$y'P4y
ie%}dKa
)[CsOL}
|q(-p<
<>$B[4
bo.Wz;
}mB2Z|
0>[@E4]
&gFR<2
G%!luvp
$n(5D+
1MJR4+z
(oC?Mg
h AeThM!
\jv2Mc
~Tdj:h
E{[bnT=
Eckp?;3
g&u!+gT
0f+pS{ |" '
V'E869
n`oc0F
x,Y[j7
hSP*f\
;6OIbg
f"Xh6?&GV3
7'NmT8
C"^lC9
1*jG@>T
4_&v1o
[v<{`M
Y ]&Vn
]k-Ge!y
x>EmKv
ugrC!+M
0j@ca`U
E|O5,Ynd
F=kn Y
8AP29p
C?ALwR
MRj-ts
$$+!/o
Wa;S]sg
iyc|Db!s
VW$FRD
zJQ,7D
F$---FJG
j+Izr.
lkr|.@n
@aEqZzZ|
f+-1^L
N20fQfb
`uT?_q)@
3kS.Cf&
W9p0ef
}<-o`o
L:F2O+
j8K3RDh
CyP$v^
>=[/`-z
w/o,ST%
`jD%k3_
$JP8pje's
s1e2@@"u
,jHd?e%
{lVn7rl
AG)}/L=
K(jdPK
+lwK,e
B~#4e%4
<,UjWH
d5%_&9*
3]&:^A
J7c'0"hH
/hJ0q8
>$Eyn]p
1h>q\(
_RnOT$
O]#<K#s
zoK=.o
Cn1qnTC
-?17}4
SBHAXa
"9a!-L0'w
oHNY"X
H??=|]
u<~DzD
Qg9tjp
&MTVNR
Ir?;&e
J^-OG)
/abb|s
4.rY(i
%5h::-R
yd22fe
Bah n @
m2bY ^
x~nKPN
5Q>"+>
QJ%gQpV
XKGY>$j
w#V!lx
|nO!)!
zWDt-5t[
xh4 uk
I]#pt&
@,@$PG
!'XP$z
,GQ{[7(
0{Xr*L
+7> Fo>
58dcs,
QSURd_R
. tS;;j
n^2Nz.
6z"E)I[;fJ
+TfGI!
c[[|u9
|YSLx
|T4xG?#W2
9WVN'qR
DZ7@4~
+OBZLh
T)BX]l
dZ0)iw
c$XS_R
=K)qXy
vVW-G%
+]DI8VN
Q&+3/ 2
"`9z"M
~i_C;,
c59<k;CWv
`Hx'T9
Ar>xGS
Ns_$1i6
\giiFu
^0B>Jw
: y~[
_is$l3$
KPI=RxU
>Emr[2
{~54O1J
%P8dgz
=L]q4]
l.'+i`
BnCyyZ
#$F_+_
.VV$w@
QUNf:@
knGLNl
((S|8
LW?aZ
2_)K::
s# 3v}
inRB4HV
].j&0+X
gQ*hlV,]=
]qAPZK
%Sf *;
tVkX94
O!qK7k!a
`7Sb,p
?}vn~#M
m(+cS5
gIc\+@
#}*&\g
<;sr0F
G&5[Sg|
nXP7Z$
3keycgOeL
qHx-gM
8R)HN$
pK{*X_
T1$Y2$7V
Pa{0!1
@P2xa!
=r"Iym
~6?Wp(
"L^!(@n
%b{[+/%$
PF:$x<4r
[3EA`wv<
+Uy5Y(
(rtaB6
CEa2m>
3`6=Z(o
lE~z^pz
-:<~h+~y
S4+lCDY
BK Zi9=
:)b(0h
,#gLkX
0S:vt46
u7ZJ38i
Z,4#3"
o&K&%
De[xMB
fHsF$wSoVTzg
2[i|Er
[4w0/\y
axjkC/
hV+`4}
{$yNu~*
BLrkhM
`!N1l3
/&$uT=
2h<tP/A
t,@q]H
K+ -Ly
]lA|U
5>.6.Y
9Jl*q(@D|FhM
'myMfd
BSgCcK
/g)Z4ue
7{e)2^O
$$} wA
l78kOm
,Mx?4i
>]vk6N
h"l`?1
ZF1u9Ki4+
Y*f(lAW
HKl`t4
FFH[r&
(I.{(bx(
l.>)WFS
WvrV_%
Iv43d1A{QC
wZGp_`
u@56lrY<3K
{&bC2g
Cb6@ /
cqQB9d
ZpK\1J
|,D1@m
(r9(<Cq
,nC$mtdF>X
Owg/&
ujmtN\
(pT12tF
TmX]O[}^
WN^8N9E
juTR#e
2mtnZ\
RLF?e2Y
^Ldcv|
p@+|M_
V!B3KjRd
q`).d2
?ho;((
jF%4|G
?x&C;r
?rCWyTj
$97U ?
h&A!)[
{0tG/W>
Cz`"_m
fqn)$u^
Oi '@@AH
'-2D1<;
1A!a),
.*ACc"-
4;oc[Q
.dw1}!
,zdl_XE
$*Z8-6
-G9yjL/,
83$ql~
mb'e7-
/}Cpw?
4sAEY
~DDAu6
,x2Ij2
!)3Dwj
Hk:*Av
y91)ja
xu{UO
:x\c@P
$p%}+%
[,G<DQ
Z9JW nG
7G$&zRI
):A3`w
?;:~Ve
AKyHcN
?`CmSo
A1?qZk
*c{4\;h
c!fb_M
^nn#< p|s
$A:q}o
gS)PDt
=3[)Gq
Wm+uEcF
eP<{h/
6m6qf
*vV;N|
<'Nzmhn+
_B)n.,+
!^Yj{YG
AxmV=IP
I!9!VP
\c-%gt
n?.D63
m'iiC}w
M8 RGv
cxR@:9
,\;%6ox
p?;xJSDM
/zF'~
:FCXW6`
H1wSpu
^._o]Z
cc$AVT
JYTrT\
U{[iL8
q0O+HbQX
act^Ls
cK t?y[
,A-oC'
9vn}C`LZ
g%|X8K
/6&r_:
A;_YIR'#W
j*^(c#
pZ!B8h
W->}Yn
:;kNJF
#?K`n?
|*zpXmA
K>'AXT
")B[FT
KCae0#j
8.$E3`
S|6{/[
)_]-s/
jMmlgTS
CK$D{V8?
-9w[KE
-rLofb
<wm;:mYT
(F=j!_U
TG'8n
to{tj]
C[F4dL
@H[1mv
__:t8
;JMYf*
eW}Cs*
ub)J^.
tM^_#@
q/qP|}
0$l,o=i
4g*ex;
(jT@G8x-x
T8qZdxi
=L>I8vdI
adM9tp
nYXBs
$(q|-TQNqyp>
8Op/Op(
mU+z7a
2[C#xf
IOR'f%
#@v9l
&4/,,@
..w.~uo
$+~,"7%
eB.c0t
[DGjl$
5`hpI,
OU(Yfg<xW
HJ`isa
<?9*c!
06^1c^
tY\dA/d&g
i_w;H5
Mq=/%^P
XV[EaV
%_\[:`gL
+9+'ia0
9'kW)}
5|WGQ?p}^
1a}&YE
sn0"21
l/_gW1&;G
(u+JUD@r6
a.iK#Y
.uFT8*~
F"~iP}\>
Ezi8`|
^l%f&!
^.9B~L
LA008n
jERsxYE
8MlvGF
mE1Ve
k&yC, f
{VhKmf
:4CeYy
y''6fm_
}-7uL:p
9de<P1G
3EhN{H-u
1 >z (j?
(K_,ro
}uVk#@
eu>ixPL,3c
\aM8Hz
X0KxghT
D-LPw!Z
k1lK*o
9;N}$B
$7|D!
f'dFTS
]3v\o#
zmtsL_-
vABJ~+A N
Z_'WvO
W(s94
<!z@lf.[tz
Da_NJj
UJn0`C
lMXA`D
n:qM-^Z
&z[`nS
iPK(f
$fmazd
xkdO:>
aCxT_C
U|gT8Y
XkwdnQ
`YutL
X5&@V?
]5mP6_(
$V /Xd
LX2kNT
]8932h
\4z1Pgh
3Sp'Roq
kjj[oI*
k5#<6t
+2cv0qu
*RT1&`
1]"="S
e2GXWO
}uUe)'
t!-L,Y
qHt|wQ
Hml"Qr
eh$f><
AY$2&D RI
Tx\"~<
Wn{_T\
8@Y^r-
-x~{vP@Q
<|r^<
Z%!O*y6L
rOUq|?
6t_Lvi9:
yV'?@4]
-3FD~(|6
|#=f=Z
a*2N@G
Vjiq6
Hy1+I0
w+52CT
ttDb9(
M@x/fh
8@S(gB
:8\78W
5k>W?Q
b3lpp.6
!~Z4vP*
txa:!Lp
uV9`$`
`a\#K5
'Y{Tah
WujzEP
hF3([7g
6;5\ad
%*kG;
Yd>:gW
mM4zYi
7eGr@*6bx
]kQ^qEg
^41MQb:
HRsgk2
EHCZ a
v$$/xJ
JQ<t[`V
z{[2/'
KlO)`j
gCTX:rCm
jp[Z6$:L
3"=N|?
/c\IO
bo>U0#y
\uceYg
]B^gL^
Lp{WA$
T/NS4k@
6~Kx;s
/3`T6Y
yd^t3]J
8iz]r:
RtRrW0
4|ZQ6p
G{I+vpB
u_\#dJ&q
Q?t^d.
%Sun10
ar"*gq]
B8t__|6<
XsSsck
%FjNyT
=nBFp"
I3-=`x[
YFsL=MX
=X6zZ@
h[Cq<g0
&2&3h>
$T51Ve
u}1~9)
0FpeVXR
#J9HS5
PCen4q9
T-2={Z
&(W*)a2c
a0=g_(
s5S;^&
>7Wn>g|@
k(d(`~
j[ewfe8
9z,~'~
/Rv>iz}2lo
2 tH:|
H-#>lc
:3?i"l
CGo`4x
2_Pb6g
7k}H*o
oH3wO;
(KN;\F:
z</qFE
[m%#0[
zzQJAM\
j6 1gBx>
l8;SZy
=5aUMjj
M4Y7<X
qKp!\DI
5AFPZc
,8KKv_k
[U)NgB
1-E|cdo
29=|lz
Xiw3Xx
@HQ9&?,#E
!8VQ<A
WQt~I-8G
9JIx}i
z*9\8g
~+(er@7a),2l
&5k##O
aD".nxq
X3H,Q1
`pZJ>Y
1s35/$
Gk7MxW
M"`/X>6.
3R|jn3)
m&{;]#
N+OtGf_
0+_R<c
EPQ Y+
=ZviQDL
}At?+3
Kl*Dsv
kp)kuB9.
m/-"9s
[$#!hj
iq8(bY
?`ZSF
NH$0\~
yo|!L!nH
+6}Xz;
eE~8+dKB
Qq~g]{
KvV8|>*fy
K*\3R_c
IG#Z{U
PPfiJI
F{`Fr|
LchZKy
5u|;`z
3/sW(.
gY.2n5
bPL3!xyv
+}QcOWp>
bO7@G&<
:IIWDl
scwQ)x
3(/]5G5
l2n.fm
p8^;)Ab#
3\/I=D
Rm3`*8
E/P]-q
C.g,>)m
?u'{Y:/
N+?E4)
1]YOD0
7tD=?$
Ga`Au/
c#:I3]
BQ1%Ly=
}fK,H9
ir'@c'
Y6]n4?
S.ny,p
jjo*zP
L;$5H{b0
joicPh
E\tcnI
wl*HAc
K4@&UF
ww&-FP3
HQE3}3
40u-[J
6G#-!{
tREY[:"m
y$a$)&
w1F>YHe
\ekEC5
p*hS$$
>Wz"ob
(%c?tN
b|'Xc*
lW&JFuH
^%|i}N
t9fC_@
C^jbqqx
Z[G`pq
Nko1-+r
&l~pwYkt@-
-Kd!1FB
:3n(sb
iaM%Mz
a8<(GC
C$IifU
P)T6@!u
U**u)@
LP6'ZB
tx%o\v}
]{!!;j)@3
g4kDx){
68|Obf
|xI@mA/\ShY
slI2xY
b|W_gF
=8:0fq
Y\r-H}fuM
km=vOf
"kX<_CQ
`l]B"J
Bi7>hNPh_K
5Up{M9
]\:@`=
o-1_~D
q?J8pG
vq+he|P
&Q|Xwi
R~2mC~R
#lJ8f$
IbiQ)\[
Fw<1P7
c7r(ge
Pw:1(P
CUB/ZnSt>
a~5"8{7y
R\M]wk
Y=VS&/
Ph\d\g&
Y1>f48
sFgpS^od
1VZ:K
lWWViiJ
qW\jQ@G
|RBx;koy
@WZhl[%
yOO4jv
NmbW*
(LW\~qk@:DB
BU1:?,
SSenxf
vz8wO~
l-NeV>
:%jHoS]y?
Nj#M~q
Q}y-t&&
l`&P4"l
k8=<?"?C8
=$s:l1;
(lBi&h
.z|N6AW
;mBoto{f
%Yuf&U
^m2apM
)876of
-ZN58e
7zV\eI
6+utorU
Cf]=\!
3h)MagX_Nuz
p:jr.p6u,
>u3J2?E
>S?3'R
d`36aq8
Y@Q$59
mrA5#|e
Ev95OG@
N)N<dt
}cFRd}j
r_*JkQ7
RtNeWN
pc*9<wI
:uU=z;AE)
'(4&rV
7u,hX\
z\.aG07-
~8Jzw5
fUg;*4-
<~*wpD0b
WD/VR"
x8z[Q$
[/@*dP
pUch~@
B(G`(?
a=|q|$
#s >Us
n-EOI/
5Cb4`/
4Z0U:&.
ye4%'z
^U')5D
W~11V~
iDb(=AF4@F
byz1?L
+6@`tE
.sao+N!s
lrSCm7
0aZ7SS
ly)|)>$
|ZA,XB
,~rp:YE$<
g!&%~s
}1nquE
%8ntY-s%{
-sP/YM
l)Xp,D
l6-I}}F
25LHt-
f?.g8?
mFvb`II
l_(l(Kh
)f!{$t
]o+%q5L`
*;+U`Yw
j&.rA-
70d?8#o
g}tEhI{
voU]7y
v0u5}`
AsDz3I0bb
\=LBfd
Qc'L-{
G[]P%s
#yUEPn
v{u9W/
(i3O(:
uM~u}_
X7d4ILg
-VYNnQ
WVyA_i
8tjk>0
!HU_7H
_Jvi{P
LCLg:V
dK"h9l
-B@|"T
mP)~c1sr
t.\-n0
ZU-+@8
~[yjV`%
/o'R^1
qu.XYt"
N|@IK8k&
eLlo>Y7
_J$d?b
yKFyz55
+*#N,C
M.E|z1
|fB3dqF
8LmI2N
3@}=o!Q;!
\,^F/Ys
UbJ>4a
m{cR%L
BUPH@'?
*1&s9yl
_(FnJ^W
A4?F4azP
hqd}Ft
RBCN6y
i+Kq40
;92&:]
tp-U-nt
17QCLnM{#
WOhS_LdB
.~wfy4
!PV)-b
5V*wuB
MY U}^[
%3yVW0
n;0w;e
P=mJ~9
CDWJc(F
dRq*Lm
qS\}[a8
C%G-Pw
**kUsa
9BVX!
_xyr_
nN`~JR
09V7(k
5ac7!s
hFJv_'
+{ge2G
j7$`yQ
dwU>)4
~43h-O
K_RD4V(Ki
h<1q9_`
o9XdY2
>VE0O
9}QO|>FAK
-i7e2h
L^S=ba6
t{+PPF
V"OoW:M
xF:m\<
rfNy7A
1?Y$N~
MD,b/'
N<!BfP9
Ls{vKL?
zY";[4!
X}_4Y{1
Hf.Ad&
U2HH{>
n4@|eb
}}YJ.&
;?vs x
l'at]e
flzI)0
>+atbYK
6j`q*;
;W]&yE
i=UE'w
]g`U{lX
6S[X2$~h
CAl!i'/x
Ut%M)!
n;RAKd4
}7:S]Xmi>.
xmP\RoG
| ;U("
;x\+t
hepP)/
dxJv6~
!~_`@3
VMu<D7
J&m=!a
cYz b,D>_
cWS{NkE
+PS?k3
|6h',$w
V8&g=7T.
RAN"I!
oTAnJ<wb
I`NRvU5_
JIItEd
[XgWH2Z&q
WrJFi=
kH;$i7
;`}UK8l
6Y3YY|
B6"[DUI
d/<w`R
D?PD%B
CT>W^b
IJo[[?
yL)\ @
LSd('s
[yK'G$&
Ot%d+2
:JX%NE
7/Hvr9
M*^ ;6
T''%x6E
hzA{:!
8vdr,
,&9]HKf
}qm*Nf
s3={\3
qkAOs&
0D GDT
[$N"/E
5j-WL"
^5axZu
xVC2,GXsU
qPzY{o&
j*<cDj,
#+gO/!
5Spt$PM
NQ|30<5
B]Vm8j
mJ4tQ/+T
W8d4/7
FU`n;{
cR]?*Q
`@ub*n
T<zz+R'xd@
hvQ9L
vNs*q5
~&.0BR
b<Q5^e8t
>fE+7&@
*;c~2`
u/k]^9
rO8 SQP
owAw@P
y!&0LlaP
W\(7AXg
+QqPx<
-0Gy1p&
>+u6Sd
Phia`q
~#@D7@
f[^_^oX1
ScZ(>P
L+!k:&V
p6OkP4
z\ubfW
H@kjEA
vO~aG-tt
x-[Byi
hwS*>`k
'S=b@ SH
l/M?lH
YurHK$
}A[slC
M(RFxvg
kl,-~
<K+Seo/
!\_BOO5
$+{k8'
^Jw!2U
=kE{$g]e|
PsXEq
HxG!U+^N
Rs~\h[5
rmR; F
&yYjaZ
^<}y$D
+z4&%
8KiUzS\
!g9e6k+
{Nez`Y
P'3k72
E7:GP/
Jjw"33
W6&>}k<2
ss>N"<
LLF!3N
b(T8jW
:a8?xs)
eUH0|*
O?0<7'
\Sq&*$SnB%
I )1?}
\SMUXE
z8q{yL
+D;!>-
KE)_Jb
.8MUT&[
8tt'qV
[>@v$
U"rj}~
5=pvZk
EwXqe
Uy4xK
7P]Z(x/
G>mWKQ
&F;d3u@
@o({lA
`WS(t[
oyp-am
xb6/5ri2
sRp\ uY
y|.]{S
&QV\ l\
WbUkDj
T:DGr2.
9kO%X}\oH
;5"KUE
~q^bkt
1x.^c<
QGm8yI
mq/4qF
A/@x181(c
Z?\m{p
Li}{0@
lu9sd-
(j/N,Tt
TLXZ$<
+'O1"B
vi~f%uW
*P{4X!
R%^xp*
o?Qv7Lo
v*JCz&
K9?Q \6
\'Abzk
AM_J:5
Ot`;;$
AIJjv0
X9/fMQ
}9~rv,
VYC8?,
J76/_v
U-]vHN
(4$Ye
{y]:7$S7
#F-ot]
>VyIDT
P4o7a|
=U=;&|%
cZ9NTs
OQlR?;
,IS;hz@1
1gO5#e
`0VFvA
B`Mfxp
){Xl.(
Zr5$Ed
xX3Mc_
PO=t$~
t*d5*2u
9@|~:u
FC>UKj
rBR:WK$@
#u,b.#
/Jb2Ls`
@)q^?F
k_C*zX
n4T7O>z
gs,1)W
6p,X[>
m'W|4M(
KNS[BtU=
?w{= A
be2SKK
"X>ne0f
!);O<Z
vgEU(O_!Mr
!Vt#L3
UY{sLqIl6
5fBWz^n
VI@{j:QU4
+1#>#B
}4Tt6l|
x7K6sC{
fM|IgR
8vA^aEG
4GtkYA
rmFr@}.@
AO`&^zH
nS[iGp
D4re(l^
xN#e#t~
D6<Czw2
egS)8d
8%d=wg
0l>;jBt"3+
ctFHfN
yK`TDI
yYmnTE
nE{%$8a
*&@y{~d
MWf{(Rs
q?vyW"
r$%f"X
|f!n5D
:"DN9im
Wl>E|M
/zf)gw
x?;hm&
al^e0{
{%]9u%
F\nswt
TB)s9l
hs3g"'
_Ec}}*1Ab
>%!I)A
.Cu*XM
qHjq5(^}%
#ns+yW
&H<>%Ol9
.ENyC!q
(*-"^(
9Q&0JJ
;ss[P!
Fx($|>
@G<(;1
{}pgbqY
<<a\I}
/=2wJqBt
Jl54"S
Qa=I:=?
"k>p5oU
gE:Uc;
ur'mv$u
E;Q=}p
%\C&e'
d}ZaRA3Q
OPq/`0kB
>Z\4M4;
\/zz[%
R0<I1L
?kPe,E
~U>UR"
KwO7&p
)Fe3q^d
f'R}!/'
%E<BK[3
px6=y]
'Y3$mq`R~
BHbJ $
"6xDk{
><j(tA
xr%\2ym1
-VwA4w
-O;gxz*
_\11m]
S( %$
y!i8+{-
>!j3%M
5Xss`M<
UxqZS?
x[*JBY
-M|<o}
B"t#Zf
%k[6>9
7?GjO5
!}Tz;b
(D<\wu
M>6,yL
ceRu\!
$Kj{TbV
4OCfc
Fib&'`^
>BC2O~
@pQDmm
Fu=@i"
QnMW2l
AWhnbV4
R8JY:'
:0%AU\
z)tq
Z]v Dr
UtgR1j
M*{DlM
2QC+2
mU!"9L
U{;zYb
k|w./TP
DT{`t&
)|*p-/
f>wGhT
U$/`%$.R
j/H;)qMUl
%8,b1q
oJ/IqTa
y%Fbi"
%?t~g3
*6EvM
.mRl2=6
iIzcwdm
z_6Sa#
nvjfj%
bvAP7n>C
k2ik]N
1P1+">n
D`L*R4A
!5NZDF
*-/c(
k"B'f}XF
Jg^U,]
fDE#]R}
-S[Surv.
(:BN0Q
oI]B_T
"}8Cy-
o_%%0@
%c2A6d
jQGw(&91
OY<6m6
*+5K=j
MoUG^|
%4Ams
|@E+!n
jtYvkB
(*+d1
vcJPN>
HE{4L)4
W`|+qD
E`!g<u
Qzb4w.4
{s*u@(
G[`v5X
F<PF:_
u3v 1>@
LzMJJ
,@*iL
av5c]i
,ZF'Jr
% 'V,n
7{|U"
NTt}pD-
vt]/&!9;
@_0Lj1
i<%P*m
pA[Ut|}4
{q}d(0L
yRc`r1Q
y}&2[!
2siZ`s
q)pS>]
I:cBd1
&<y:!>
ys%S]jy
ol`[g|
Q#aq@dG
4@R.Tm>
:wSj(z
^r"sAd
<^JkI
a/iE!+A
,F[k$k
Z};&OX4
<(zjw%
k<A;\=
4H*59Q
le(n
4<%%\'N
,%\zliP
c#%'<F9
J@y*p*
S{I>z[
OM8k$d-
tJurD+
?)6@~3
@Ew&bp
HBNYmz
.@za?\xf
i|B@'x
mQ<VRBm
}V/qYhz
R@2&?|
WP.TxBaS
[JKOyu
p`#MVw
GdLT}9
Jl}u4A
:jB/zx
i2JNQa
2jJ"p
I.Nt%
%k&sbfD
G9m6$1:
omkby\
zHKi\v
/g`!'k
49=b?lt
Ftps4k
zs'j0M
p385AG
:@MLs:
RIq9tu
s2y%c'7
bu'"Ye
+~[L3
0,U]PR
3I)"()J
lKZ#d~#
A?SZw4/
V2D}>Q
S#aU)d
RcE#L;#
gT~H/d
^A-nOp
n]eX<N
'>7)Lr
e>9QkIi
8E>`7<_Lh4:;
U5c|fa
[zN_D}
@G18<a>7Y
6>:o>l
atyg(D
}D7;E_
6^!pTp
BJ?f0\\
*@}sMO
Gb$CDB.
PNNQ?D
C)N'#F
g0kvhKF$
3HjOXQ
KGLWX{
5833R?eR~
vT(5B2
$gFb1$B
pC^1V
5sEJ";v
<yq:#t~q
pGciXd
I(Smw_
^h* aa
u[}<,J
6~"j!
b!u"/9
I.qN((
fvPqoV
qi6}oww
Bj~!yi
2oD[:e
*P>jwU
b9`}-=
Ko3UD*]
cTL3O/p
[~'MG O
XoX.c+.
w@k"=
|jtlC2
l~65V*
LGOC4<)
llG7x z<>
+(_/z=
,0s$ah
h\9|D@
bsF`f\
/XV IO
*y?]nmkw
_m)/<Z
[o,I1-
S@p}\?4
)$:reZ-
ISDPf2
7[.zSJ&
h#t(Xs
2.( 'fS
B;7~8
Uj3q>Zr
\rFJh~
yKl8Af
LvJ2qx;
|QT_WS
Yi'2Pk
(t?qiV
,OiBN|
gj6wb7G
]mESmL
lH5']OS3\
a$};Y;
S'r/tj"
|]=jUg
X,iDf(5e
KK-FEu
Yj)f[vq
z3yXCk
bu9^{A?
%:22I 'ml
<F|<$.
LaX;Ul
5e<G)g
+R`zH
~?}!4F)
/=xzbj
w1d?Jm
s6(Tnw
q!)89"
rS2$FV
G=N]L"
Kts~hD
\JKEu@&
Bk2xK]
A)_VZ_
?Ks~t\d
AyR;hP?
4m4|)4=
n/1z5[
B}mod8
)pSpjP
@~.A9K
NFu0<d
RLS@8k
{RC5"R2)Y
?D#[b
1wSQqtb
zVICC_
JkjcZ[
vr[\.,2
`5#U8f
BGy1A:{
o4p<'I
VRBjI}jk
{j:1;m
\i>C6
y_/@SJ
P21'=N
Fhj1)j
vA5Op}
[At"kC
@A5z3^;
[H}m)*@
.YXPzN
IBYt 2+
Xhx4{\EbU
V@]_V@
h\s&`s
bXq'PK
?*7Bpk#
zth.3N
<c;5?$8
zm1Bde
oYaE!jy6
x*"7Ku
Ms!y\
TwR.>~
./$@/n_
H`S"0x_
AP1?*r
b3(jthq18
HK?<^uQ
V}m<JQ
(B4LZP
)kKI Y
ADR]eP
u9u1<,
)Q?em$I
?$Uan1fZ
y$'fQ;`
4PIF(d
$~Jsw%
8b\+Oo
I=:xz!<
&Y*<YG
z$z7U<
@y8?>(
%aJUI@
-k!szS
h :k*,]
==aiv2
AADy}r*_
H&5`P^l4
2VRn+=
C#SBZ'>
":Zp)e
QLmc(M
obzDS a
X\tZ8
1:naV{
+>nv+N|
zc5Vv:
Eo5K]KyP'
y|:pZ"
RU0,6ds
n;MBF_}
8(*n*}
:in8wX
! .XpDp
<fdIi9
Xp-\]a-'
m%hw)9~
O-/)_EJ
UFWdr|
Jf@ z4
z*Xqm3P
Ze"U"vn
Y9~&cSx
|*\CxC
/#CyZ"
ogI\Q_p
9s<'n
v17K+f1
=R.GFo
b6n#[2
?|j>5]
gZF-@#
{%%viB
rb+X |
1?nrxg
QAcG<_K
Zx$cZh
P.&v<P"CA
gng3YQ
Ef8e8?y
t]?lWU
H`b9Grn
8G:J.1
0Kqs.S
4YYG cF
?)Bgo
m< :)=
SW-O)x
;U})R<
vgRAS"
r_#a9_1\
C*:%*A!(
`OKr:.n
a+53)7
oy!T`4
^h>>eo
&DjrLT
k0%aS\
W0}_~d
I&~)rf
q*c=Uq
Rl80>e
%$Se"P
,Mx1Td
ZEA)s9
{DdM_R
UH#BP=1
BHIIlj
o4lJZ3
Ox0ldc
y$++];
"V,:=[lb
k4[A/5t
_djm\??7
b*D{l(
"Kpoc1a
@mcIZs
fqY*d?Zc@
/5(*F'
U$ |fuN
*<o\;2
yFbd:]
{&Okp7
D^YFcW
e-}R-i
-Axb[/tb)
>mF5.F
>kqttA
1y9"4Q
Jro'#o
kg[rn-
.D#PR}
Zof-!I
S$F+X+
5aA{IZ
Ef=pZW0J
OC/$3d
~O`OQ*6
hDAfhh
oiZB^3
E-<D}8
[`?D__
pfz92k
Dq.H/>
-a`Lx`
:1czC)
`ZV"|q
*l{/ a2
YhP,*wro8
CyWUED
OF{K:;
$"KzND9
,"6Wvx
6 79?V
Gt"2kG
=*i0f]
fM5w(0}
dn:#)N
BkIBY3
[&:.u<
p@+.c-
amh>~J
Z[C^`=O
stZ'?u
}xqo~]
UKnN4>+
[$t3V[
7Mn@B,4@ZzFkO
K[? :I)
B1Pj=`
-,uQu_?
B$pUp
*Ro'm:
Iqr!}m^
1>`x|E
g :v_c
P+>Xs_<W=*B"
^M>5>V
>lS1lv
yL4f8>
L:dPO`
-uc :]tB
~T+W'un
65 l5T
9"TfM|
8nQL]L
){->>E6G
vJC)ik
\yIf7NJ
~mkb@/
ZI`B)>
l3V\)hi-}
^S)sY$q1
Q47'zjz1
YSxXJ'':
0e*_0H%`
vdiA+OH
p`;F~F
x ~z:d
YA0ja*K
:EvesE
^NMWf G)Z
R) =P8M
n b_CK
:fWi$(]
_@u}lD
,`*F!e
?8MeQU7of
#hs]G)pK
ol!_al[.
"QC[N}f
]6 V{T
!_T@ia
-XNA@C
G|^6^p
A_%ki1
BJRp:y
r3xHn.
-w,Gh7@
8;si;U
E6H~LO
O98v*
Lte8h$p(
'k0AwIH
zQH\uJ
/IU-`k
jV@K;~
P7W@'3
KQEV^u
<%mwKO
3n3hf!R
QyQV`e
:y.!pZ
8"f,OU
~Ei>c/
(ntRK-.-
N3Lxu@
1*/o2J+s
t#ln^2
nyxJMn
]SH<!{
n;^tbc
z5tJ|O#
6Vf<C]L
dKs4=7
)Ai9<^
v\_zVR5
*(v_h7
O`wWDT
!a9^L1
9/9#_T~
wL$EQ_
)tPJF/RY
{VHk\am
6w7(D~MhL\p
j\ovx#
Q7-:#y
?2t";Ys@i
x\I!OA
!h!MkFYK
Z<[6"V
``{+F$W
#Z:}o"
\&U2(
tf_A#M
7`*L\R
bJGjz8
mR\vZO
QO Es\
69cZn%
ze?{9,
Is>IA\
]'[)C(
IT(?-~
<n3:u9
e%t5xv6^
~jtZCl[
gB,4"x
}}UOff\
OWVtb
'QCiu1
fbDHA#
{q7}iV
|~7h5g
XSd|}Hg
ZOzHQX
2/!M@,_
$k}T|P
dnQKr,
,D}qbw
s#_*K[
?@k'!1
Yd5S3<
2rBmzZ
bKd*$N
{y.!P
%k6WjK{
#I?RX/6g
E-`FSk
FYIM\l
9aS+X"1
+BE^8L
>SP$k$X
5bN>]_
>{Cnqy
T}cD@3
hLKwJ0Y
q~VU2
BN*hq^
/}5fqQ
~^q0pU
;0q`T"T-
cYv8*D`
A6:-fC
nl4 H5
)+f"mxp
8smRm'
|op|bmT!
-]f}g"
c}Z`oR(
Xt,ZWN+
I(,}&>
>K/VbTJ
mmpTd)X
&CH[,0
IHb!oI
.#cSWj
J.Y)N({66
S:k"=1
k]z;:\
Y3{Y7_
6#J9~O
PXTpcVZ
\<(89
ggz:v;m
e:b[To
b'{P9o
4~[sPe
#E$RO7
o|73`k
Wi9<3C
).{w@Flp
P8>'~Y
?Ax4Gy
Q'iv\5':VD
_Gmt>J
P?B)Uo
b[ kxN
oAk5uq
QS9yQ[r
HOk]CY
6C1\9m
78$Xrl
}$xpld
@!ZG#k~
V~n1=7
B;USuJGL'!
gpSWZ]}1
QqeT~0
,O>[K
D_0*$\v;4
<L8b.j9
=:aa_2bI
OFj+vG|
S)=Z[ypC
aR(a31
APFCi9
I[I]l7i
*R"Q"z
d~;z/>
&Jh2Q'V4'2f
?"ncE$
V8tF+>E~
~p$wK_
C'pf_$
uB}t"i
H1gC=OR
"v[<?s
GQ:j+(
jf+kN
LQ>6
,nf0`y
&G=qb^
%W%Sqx
4$26Ov
%jHWAA
PB7Q}
2\e65Z
sQ>mQm
p?U*o4f4
2xF=,>
is`rA@
xkl58o[-
m2MDXR=
YJjHmD
S=]pi'
["'cNQcN
()9b#(
0Z43%3
Zn&c)YY
j#29g\
w<x.0b
$<|Uv*
3Mpd3hW
u,qSUZ
*vri\
KJE*XH
{<o!pZW
A'o7_y
{M(,rJ
{?[00U
/H91f]%[B
wFDTGE
.A_;4v%
#l9FEY
#]#u==o
T~"$B@
MOQB6q
j!+yQb
3m.DvR
=BAV=:
K(ysA9v
_[\gU]p
K.}nL}#
UovJ^T
!++PA0k
KSLON+~[h
TUB_1-
#vj(`$yu
kb2g;w
/?S,B$?+
E(?aon
-%cPGQ
:c`,.W
U_~_()
jBVvW
K-9uC@\
sQZ_=2
h]W=GC
cHz{zG
Hr}|{6
sUmJ[]
@/9|rm
3d[+o_
B6?6bN
n'>NB5
v7osp"
Myc/%67
}rV]~i
#czB*j
2=XxkL?U>
OY nJ
!t>xGv
*bT~*D
krgAVy
M4y2U%g7j1
MwPW/"
Ympi%c
f[CkS_
n5!Hu;r
|}>-s{p
7_NPx.Zw
|Ss/^3R-
818jAO>q
gj@(WF
t|MM|HX:xr
L"6;m}]
m+D*H7XB~
K-I H:
k6iP0pK
7>9v[c_
i5N"dDe|i
Q7W?G^
}b@2,>
e #NFj
zi$y_w@
H\3DAxy
S[r>9eB
!9{D:4
gr,9'1
16aBZ>#
q4]>O
iz#RN/ ;
WB&7X9
JoQgT,
n!E]2P
f9/WEY
V:eYmM
1dIpw4
xH|!9A
hmyj8G
x\".C
n??<7r
u3PmH_@E>
$M>e~ &
BN9q"L{B
bfb0z\
WPGV4o
Vi)RX+
%UFClY
Zh,JEC
zj]>j/
PzXR=W
7.},q.
0\nla$
6L*]g2
mwtwYykL
4 rvi+2
X`sgyD
,=V2`V
<PFyLZ
$)yod5g
D3oN .L;
cU}@8F
Uz\>.nDq
0|SX13
U>&+^L
HvtVt=UL
EBwz#:
oQ"ll&c<
(nn};qC
A(QXY~y
o<30vG
.+\?#8
6V+RT!
5fi.V
HGCH@o
b%Nb|K
2d9T!D
s1J6a(w
x}i\(@b
oFKW|I
K3q+n[
HfHi|z7
Qm8NZ
&V[F?B
fPZI4L
o!~A5}`
>%E#+x
+UMV~2&Zw
z{5:q1
F0WzsA.Z
k) D1_
rA*=x2
9dymeQb
@/%iuVo
4YM,7#_|
t'h+[wy
)EjQ7m
,<Suk0z
tXa-c:
Vk?dJU
48oe4R
Bz_rqy
bE6baX
+0_IJ9
_T'JI(k
(6zgYW
LRC#K(
"U"WXj
^-dI0n
pV<m25
b%NqfNDJ
[|}VI4
O0 =PHt,
K;u7]xq
2G"^jhT4
daBCy/]
W%\bJ%@
$8<`\`
H])e9e
ywc/;+i
S3Y:NI
VvdP.,<
(SoUKhMxug
E:TAh]
! f$j
g.1**SdG`
a}z_;N
97|?I
AX|xBM
n=f,NH
QrWFj$
C"&2k.
<^!?uU
1->)[{
)aF&E?
*zV6F`
omQqh>
1bKyfO
AdS3?S
v>cvYK
BEVF&#
eRElXjjP
u?SSPn8
:~(^#P
t$qm'`,
?no6F}
P%2D9r'P
N2N^z5
&ZiS>(
x{D:I)-
/d(ayZP
@`''BrK
Yb4"1G
S>naRh
M0nTV^
uGq?P;
4".dII
JIOJ]<
Sklrs5
")+tzX
e~?_Cqr
I7dd4$
B69U6e%
VTMjgrt
OL^0Gv
fv}<:\
"lP05Ye
GwW !)
+vmY-?M
,]wUQ@
sDQ[EZ
hL}f}#
F(Cs.&#)
=GN=w}
*"I[Lp
bm%Ac;
*;<7| ;
7mIA>V
O^:Uzu
O8lB+l
N;P*dMZ
5MnzNX
RZurF`
9\fo-)4
%J%@YIR
a.;FC[C1o
oo.k06
{SF)6,.6
_ ec /^
2K\T3~a
Ay)kP6b%I
Q`*|"[
>IuD'
7eV6z]
Jf]\i"
NSY@c0q
t8HV9&
UX:|a_
L5n1th$
e!=uuv
x=KCU^
S,&|&A
H'3xl;
<tybo
O$Dt%&
X[wq(L.
*x>m#W
QJoNg6
{}[DxYZ
ieV(ru
pRG9'X=(I
A[)6+h
ou\$AN
YL"C-'
z<j`J+
3"gR`%
L-Y_".;r
)oa`,8'6%
'+d&dT
-iH4vK
IL,4KU
!FNt3^os
_N]8BF
A%jdTb
wn1Mz&8
Western Cape1
Durbanville1
Thawte1
Thawte Certification10
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
180220000000Z
190220235959Z0
111081
New York1
Astoria1!0
350 Fifth Ave Suite 52091
Rare Ideas, LLC1
Rare Ideas, LLC0
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
contact@rareideas.com0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
SN20s
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
ywD$c6Tz
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
180919172911Z0#
Wnh0hn
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
180220000000Z
190220235959Z0
111081
New York1
Astoria1!0
350 Fifth Ave Suite 52091
Rare Ideas, LLC1
Rare Ideas, LLC0
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
contact@rareideas.com0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
SN20s
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
20180919172915Z
-0+1)0'
GlobalSign TSA for Advanced - G2
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G20
180219000000Z
290318100000Z0+1)0'
GlobalSign TSA for Advanced - G20
&https://www.globalsign.com/repository/0
5http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
<http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0<
0http://ocsp2.globalsign.com/gstimestampingsha2g20
<W"=0
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
110802100000Z
290329100000Z0[1
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G20
x"6kwy
&https://www.globalsign.com/repository/06
%http://crl.globalsign.net/root-r3.crl0
=dj;^NF
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G2
180919172915Z0/
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G2
{O 9t)B
RichEdit
RichEdit20W
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
verifying installer: %d%%
unpacking data: %d%%
... %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error writing temporary file. Make sure your temp folder is valid.
Error launching installer
SeShutdownPrivilege
NSIS Error
%u.%u%s%s
*?|<>/":
%s%S.dll
/ P6pL
,/KPip
/-P?pR
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
Please wait while Setup is loading...
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
Please wait while Setup is loading...
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
Please wait while Setup is loading...
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
Please wait while Setup is loading...
msctls_progress32
SysListView32
Please wait while Setup is loading...
msctls_progress32
SysListView32
Please wait while Setup is loading...
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
Please wait while Setup is loading...
msctls_progress32
SysListView32
Please wait while Setup is loading...
msctls_progress32
SysListView32
Please wait while Setup is loading...
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
For additional details, visit PortableApps.com
CompanyName
PortableApps.com
FileDescription
PortableApps.com Installer
FileVersion
3.5.11.0
InternalName
PortableApps.com Installer
LegalCopyright
2007-2017 PortableApps.com, PortableApps.com Installer 3.5.11.0
LegalTrademarks
PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFilename
PortableApps.comInstaller_3.5.11.paf.exe
PortableApps.comAppID
PortableApps.comInstaller
PortableApps.comFormatVersion
3.5.11
PortableApps.comInstallerVersion
3.5.11.0
ProductName
PortableApps.com Installer
ProductVersion
3.5.11.0
VarFileInfo
Translation
No antivirus signatures available.

Process Tree


PortableApps.comInstaller_3.5.11.paf.exe, PID: 1312, Parent PID: 152

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

Hosts

No hosts contacted.

DNS

No domains contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name dec9f601c0a54f73_efik.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Efik.nsh
Size 10.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5 fe54c82b4151531d230d233e96119dae
SHA1 3903decc9c306bde189c44f4622327f64b2d43e3
SHA256 dec9f601c0a54f731a1b30bf40c78cc20d899beefc30b7d8790f47899bc71bd5
CRC32 2126C9A3
ssdeep 96:qNuH9/L0qWklkdlTndsUZuIFoIiHxB9BbwaB2D/+vlHlDnhm0fs0uvfHesLYUvss:/VUTnp439/nMuEjqNn7j8
Yara None matched
VirusTotal Search for analysis
Name c512dffa22218ff3_englishgb.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\EnglishGB.nsh
Size 10.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5 bf7954cf9c0156b1e87fee75e131173a
SHA1 d47156e997d249d4200f2faf4a90f3b8abdcb2eb
SHA256 c512dffa22218ff3517ba12cf110afb6b159d8b251c88886ddf5791b501d9a39
CRC32 1E62B0A3
ssdeep 96:qLuHkapq04WkTkbzTnd6UPuIFoYihf39BNwaX2Ds+5zHj1nnm0J00kvfYostuiv4:B1JTnp2v9gBEvy15Ptlk
Yara None matched
VirusTotal Search for analysis
Name ba82bb5d90262417_uninst
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\uninst
Size 766.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 1 icon
MD5 4023b710d3b47d9101c27f5da22aa5ef
SHA1 305c101062c424e728b393409ccf43d5295634a7
SHA256 ba82bb5d90262417a18cec6631bbd8b880020eb159b45f264a9145196dfb8f3a
CRC32 C6368C46
ssdeep 12:IEipHO1DpIame2f+HQ0rEuxPHx9fu7tlzlJleWOTqlWWWfm000EQItaNZ:IEi5O1Dfme2+w0rEErG7tRnfkO000EA
Yara None matched
VirusTotal Search for analysis
Name 0f3b85a4a7bd2c6b_nsis3-branding-r.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-branding-r.bmp
Size 25.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PC bitmap, Windows 3.x format, 150 x 57 x 24
MD5 be6df031317aa93b0f4eef0cc183b0b1
SHA1 78ea5619df559d3ea5dd04a4b1e0edbec88c961c
SHA256 0f3b85a4a7bd2c6baa7b2b24590ea69e656384130fa8212e944016c46ac7e7d1
CRC32 0094105B
ssdeep 24:Td47RymHD1K1utmsWMOZN1K2YDnVC9HQ5CVy/OyJfZuQV7ZxYI3ZgFW7b5r4JH5t:0Ls/KV/8VHflOYCI
Yara None matched
VirusTotal Search for analysis
Name eae2b033f0b08229_license.txt
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\License.txt
Size 17.9KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Pascal source, ASCII text, with CRLF line terminators
MD5 dfb340fbcd40576fcc15069591f30a92
SHA1 358f72786c97f5a0c5b1e591230c592c55b4ca13
SHA256 eae2b033f0b0822913c076f36d498e51450c712b3229c1c83c7d12198fa097ee
CRC32 FA343E8A
ssdeep 384:lq2PmwERb6k/iAVX/dUY2ZpEGMOZ77o6LDMj:lzun1iYWrTXo6LDMj
Yara
  • contentis_base64 - This rule finds for base64 strings
  • embedded_pe - Contains an embedded PE32 file
VirusTotal Search for analysis
Name f1ce20ab36f9fc66_vpatchlib.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\VPatchLib.nsh
Size 724.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 1d34e4a35644cb80ac48cbc2b8906f47
SHA1 e857f7c3faa5fbecadf77ccd64429c51c1f08bca
SHA256 f1ce20ab36f9fc6656a6cd95a555001e08808cf32236aa64f19ef66b290af7ff
CRC32 6C7A5A79
ssdeep 12:VvY7+1VfDkq9UwwGwLWe9pyJKUvLsQIQt1W/AOoNLM5dRxv0SQ7dvpoVx0:VvY7+1VfjjwGYWap3UTs71QpSrOSQhGs
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 062c75ad65054875_nsdialogs.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsDialogs.dll
Size 9.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 eac1c3707970fe7c71b2d760c34763fa
SHA1 f275e659ad7798994361f6ccb1481050aba30ff8
SHA256 062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3
CRC32 26D83039
ssdeep 96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
VirusTotal Search for analysis
Name e2604dd42f5d2f7a_selfdel.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\SelfDel.dll
Size 5.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 50ebefa36f8592d69b4c20e89c31883d
SHA1 9bc7fc01976caaf0b33aaa1f267ae2105e243286
SHA256 e2604dd42f5d2f7a81457a0a7dc608e635a4d964c026b7b2649c71868aeb15fd
CRC32 BC2DC4A7
ssdeep 96:UV5gAvl/4tQJ9nHqkDzsdJQSn9lTeS7s9TS:U9KQ/PcdJQS90SI9TS
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00003__EP_ExE_Pack__V1_4_lite_b2____6aHguT___g_l_u_k_ - [!EP(ExE Pack) V1.4 lite b2 -> 6aHguT & g-l-u-k]
  • PEiD_00035_ACProtect_UltraProtect_1_0X_2_0X____RiSco_ - [ACProtect/UltraProtect 1.0X-2.0X -> RiSco]
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_00516_EmbedPE_V1_00_V1_24____cyclotron_ - [EmbedPE V1.00-V1.24 -> cyclotron]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • ThreadControl__Context -
  • escalate_priv - Escalade priviledges
  • win_token - Affect system token
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 483efb524d15391f_catalan.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Catalan.nsh
Size 11.3KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 5acda8ba00a968ca2e449d53937dd75a
SHA1 5160b764df361612babaccee74448d3789479003
SHA256 483efb524d15391fbdb2037477c5d055edb20c1813fdba232b021a40391b4cde
CRC32 409F1F28
ssdeep 96:71PR2w2W49cRTmZISdywX6tx6YeEevNaZcEJfNFWHrNrQpNZ330NrQZRmgNGTx5+:7sKN3lKPRNtAGATAkWg
Yara None matched
VirusTotal Search for analysis
Name e6eebdfa823adbf6_zulu.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Zulu.nlf
Size 10.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 56a55cf1e93286f4747d8f5cdd11684c
SHA1 0189daa7b15e0fc232add55b49f7e4450ce27f5e
SHA256 e6eebdfa823adbf641dfcf1dc6435a65952039999a5d28d7c1f4bbaa4b4fd6ed
CRC32 A62D092E
ssdeep 96:bTfDwS41I2pnNswcGZUnIfRMHHlhEyL/dX3KOep5fzIv3labWaesqXGtG2qXGY8G:vjKI2TwZTzVXaOe/c02pAni+c8gGRdq
Yara None matched
VirusTotal Search for analysis
Name 51016cfd0222dadd_nsis3-grey.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Header\nsis3-grey.bmp
Size 8.7KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PC bitmap, Windows 3.x format, 150 x 57 x 8
MD5 442df79fc6a5676941f97a0236d7c60b
SHA1 1a7d63f6ba95eb64041b7a112fc15d75971ca0ca
SHA256 51016cfd0222dadd7a0ce445c9a87e51bf3593adcd669b0782a86f7c5391d4eb
CRC32 908F1961
ssdeep 48:qi6vRZZZfkjQuNucuttSSuFwu0uou/uzu/uZXu/furu4uluLpunuk6Sudxu5up2B:qi6JZZZ5tOQrYJ6S
Yara
  • contentis_base64 - This rule finds for base64 strings
  • Big_Numbers1 - Looks for big numbers 32:sized
VirusTotal Search for analysis
Name ca1c42c656e4f687_grey-cross.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\grey-cross.bmp
Size 886.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PC bitmap, Windows 3.x format, 96 x 16 x 4
MD5 a2e4650361227448ad999c3516ec3f04
SHA1 a191c70deda15502d8aba6f5eb1117ac182030a9
SHA256 ca1c42c656e4f687ed4ee54321d8f23ff4e80242b104388c1d275ad921e0e011
CRC32 F43E4B6A
ssdeep 24:U3iy444DRIII+B7QKHP7HnHzzQKHXxymIIIt444Q:8444D5L2444Q
Yara None matched
VirusTotal Search for analysis
Name a09769e39fa641ae_classic-install.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\classic-install.ico
Size 1.1KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 2 icons, 16x16, 16-colors
MD5 28151c77b90e6fbd9b194c32e9c9d405
SHA1 b273bba03dd12e2fc9a865081035fadcb9cee704
SHA256 a09769e39fa641ae88851ed5b64173a8abe0d494dc937a0c78e0255df9d2fed1
CRC32 B591CB69
ssdeep 12:QNVipiGveUUUg55KliiiiiiiicGiU0XpgUSedTpFXxMSFlhP3hdUjC9o1DY1q1qM:YVibHUYaGiUUgjUTpFySFlhP3dGQM
Yara None matched
VirusTotal Search for analysis
Name 32d9f55c914afa2d_polish.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Polish.nsh
Size 10.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 09f8e1aea1afea66b32acb5e4849e327
SHA1 1e395f4ee4588c6679bea52251160e039c318e36
SHA256 32d9f55c914afa2dd514105c14aecc022080b57fcda1833764cdf4682d28e398
CRC32 3104ACA1
ssdeep 96:4bWIxh5ZAbCWLKOZ2tWUoSlA+cWGZZzjnGAkpmDIK19eOSkFPVg3bjgtUW8RyyVX:4bWIxhnfW2WUPlBTaGOvb5PalW80yV0g
Yara None matched
VirusTotal Search for analysis
Name e3541aad03ee3d32_redirect.nsi
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\redirect.nsi
Size 540.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 cbd95882d32d540f4ee91ada5a59c223
SHA1 17e9b4930291c7b517b958ed0b3932b021534405
SHA256 e3541aad03ee3d322ecef9a21aac248bd4aa747022b54c59866cc4c1ce306a29
CRC32 160A1DE1
ssdeep 12:VEK6trNLeKZLbiYbTTXFaEnOism76XYYJSJUl:VHQFB3wIKYY8Gl
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name b22c8f676dec58be_nsexec.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\nsExec.dll
Size 6.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 1f49d8af9be9e915d54b2441c4a79adf
SHA1 1ee4f809c693e31f34bc6d8153664a6dc2c3e499
SHA256 b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782
CRC32 8CC9EC3E
ssdeep 96:67GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNo3e:kXhHR0aTQN4gRHdMqJVgNv
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name a42a6cca1d7b9396_deprecated.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Deprecated.nsh
Size 1.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 2706016ceb8799c9f8ed806480cda9fa
SHA1 a8f0dbc6408fff8e6ac589c4d1886c633ea2606b
SHA256 a42a6cca1d7b9396415e834b8547c5ec873184f4c100c650f67754f5842e37c5
CRC32 E9CA1778
ssdeep 24:4HcyreNzXrqEydMjENl5gFKImknDxNglBDjLihfIaKXgflrLHJoLi5Gi6xk4:mcyrKr8WEj5m8knUlCL+u6xk4
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 630d4c0067a1e8e7_selfdel.sln
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.sln
Size 1.1KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 689387affbfb7e78497aad0377f14f06
SHA1 c088fb79311aa23dfc955a23eab100609a11a434
SHA256 630d4c0067a1e8e76cb61400e950b35a6163330c54cf15e5cee76b4ab276f470
CRC32 14A5A6DD
ssdeep 24:pPExojFxqEMQEwW6CEwUvEwB6TEwV8/Ews6gEwe8hW:pPFjXOwvPw1wwYwKMwZ9wLM
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 04b62a3cd1b8e703_serbian.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Serbian.nlf
Size 8.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 cf1a77f27079dca8289f2c23afc94071
SHA1 54f073e2a34b878fa7733b3666bd9afd736c495b
SHA256 04b62a3cd1b8e7030545a050817200a5022f01cb423abe4c05e2ea859a9d1f20
CRC32 590C0588
ssdeep 192:kUtLHqpPupWlWZo0HWaWwWaW2WaWIWjWxWjW/WjWJn9o+X7TS0uW4FBkgSmgrevY:fKPupKdMzRz3zT6c6a6uLJN2H8revcdT
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 1af27bb146b37053_english.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\English.nlf
Size 4.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 399d548b92a50af0aef689af4f7d8c58
SHA1 15efff18f9332c553187a8c3aeec389990e06457
SHA256 1af27bb146b370531de867dc8eaabb8203504c488294b01a0980e2e6f5a84ea0
CRC32 93B2E0CA
ssdeep 96:o+ZzssPwegdgXGTc5qU7GTc3WH1+jCeP2ymhM/6AUxJLP:o+ls5dgZ5qU93WAjCeP2y4O6AUxJ7
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 63931c28792c2cf4_bzip2_solid-x86-unicode
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\bzip2_solid-x86-unicode
Size 37.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5389bfb298449b959998f304e626a7b3
SHA1 0e8f94b939c42b783aa0e3e6888940a8efd9f121
SHA256 63931c28792c2cf4210dbbf335d56a3c93463c26a08b5f1ffda12d48f59808cf
CRC32 29FD59ED
ssdeep 768:IiJmnv7e1HVdV0Pb9jXJnB1vRfS255mBbNF2ZI9UACGNSG8pyuVki:xmDe11LM9zJnB1xSBAvGB4yuP
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name f3a136155a012ffa_portableapps.cominstallerheaderplugin.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\PortableApps.comInstallerHeaderPlugin.bmp
Size 100.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PC bitmap, Windows 3.x format, 300 x 114 x 24
MD5 8afe55a922333a57f8097cee71871234
SHA1 1036816d6e0d5dd6b3925f5810a40419ddaa6ffe
SHA256 f3a136155a012ffa32341777d0a53381492a3339b98cf3bbb13803888b15aba2
CRC32 A18F2B40
ssdeep 48:4Mi4XvzlDdSRYf2eU0DtomkezZXqbhnBbtq0Bjp3cCoc+XO5Dla4Zkr+aFe/QKNQ:bDMMAbfbtq8nvhIswZ
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 1d5ffd9b69b50071_grey.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\grey.bmp
Size 886.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PC bitmap, Windows 3.x format, 96 x 16 x 4
MD5 9c4cf578eee36746421778420ddf9e8d
SHA1 ee2b79f5769062a626076b263480ea2bd167fccd
SHA256 1d5ffd9b69b50071b44603fa517230456af743b4a8abe117ceeb64104769c2ac
CRC32 B966C6EF
ssdeep 24:U3iy444DRIII+YtImMat7p8iJJ4fHchHYymIIIt444Q:8444DwGCEiMf8hZ444Q
Yara None matched
VirusTotal Search for analysis
Name 1e2848d259d52169_serbianlatin.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\SerbianLatin.nsh
Size 11.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5 7de7d3b5db0cad7902c396a61e5cd0e4
SHA1 12054365197e65092c8192931a823ea452267a44
SHA256 1e2848d259d5216920d100fb9d98e626bab636e7b9490a00caf84772bc251b56
CRC32 0DECE33F
ssdeep 96:3odb07cPxZC6O+SLNmgCXiUuIFuhAwnM9Jqw4M2D9RkGwPwcv0mC2hCfvfPh66/U:ywQPDOdoOM9/OJpbyqt3cKM
Yara None matched
VirusTotal Search for analysis
Name a90aebdc4a67373b_langfile.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\LangFile.nsh
Size 5.3KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 0ae82fcd911b9b51cfb140e555a4f7d4
SHA1 da77aea07a71685bdb5ec73744b026553571d292
SHA256 a90aebdc4a67373b2c2a1e240e3dfe6fbfcfd6c21e1b2118b157f561c492335c
CRC32 9AE8675A
ssdeep 96:qG0cVOmUq7pbTYC/lBN3rjrDKXLmuJldCqlsxuJldb2qls/CvhWHAD4iXKKL9oev:qngPpIC/lBN3r3M18X28X6v3s0fsvQb
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 5eda5103b427bb0f_readinistrwithdefault.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\ReadINIStrWithDefault.nsh
Size 1.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 8952eabf7d56341a653276f70c7e127d
SHA1 d57b31a88f84dd59cf85c7bf6feb5b45c84cf2b4
SHA256 5eda5103b427bb0f8cea17ac500854aedf4782dac5295b26db0e443c1c632215
CRC32 4308F7CB
ssdeep 24:DKIDADsGZ/5p6PYSJChzERMCuz7t9tP1LZ0Okw6H5pRTwzKcUIxTTSLm:GscsEhzSi7t9t9LZ0OKzRTwzKNASy
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name b3eb8c55e7cc7ed4_winuser.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\WinUser.nsh
Size 6.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 1f7d4a7fe82fed048b570c29c126505c
SHA1 ae489f9db2536de7cc8831b36ccbc26771776f71
SHA256 b3eb8c55e7cc7ed496e8ed192bd06900ae9781740a4dbb6e04f97340255abe47
CRC32 6B39B277
ssdeep 96:ckYtJ2FCEnxhqm0tm3A5MvN1OG4nyMssrLTzY6fQ:PEJKnAtjcrOG4nyMtrnzw
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 9a0f342930226639_wiki.txt
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\wiki.txt
Size 8.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 e151db82441026e8dcdaa7fc80953e05
SHA1 9f8da08fc11a554a2eaa0af7fef48a670e14149a
SHA256 9a0f342930226639a8349af6339bb407be3ec7752bf2b6cdbc01f0a9ccd55c9e
CRC32 56735CA6
ssdeep 192:kNjVtpQycnm8lDYqV4dtzk2Jxm6wlmlunqlDl+CIUlEh779Pz85AB/O3t:GjVtpQ1nmaYqV4dtwKmSlunURCnpCt
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name f1495ed20b9ed1c2_farsi.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Farsi.nlf
Size 6.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 f12c704928ef167441b5866a2853f313
SHA1 928546e86e0f507a5673a5e7e9e0d77651159c3a
SHA256 f1495ed20b9ed1c24ddba107f226408d737d82516288e8d905c835e6b31b95c6
CRC32 687ADE21
ssdeep 96:3JnRP6Pnp4dZd61sNlkkG7r0kGbfdb4iYfgDPOQCt6VHpZJJ/8Hll5oMH/42FGGq:5n4pJ6NlDGDGEYHpv5wWMAgGwIArqNN
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name c1cd4e5a3d2ebfdc_nsis.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Wizard\nsis.bmp
Size 25.9KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PC bitmap, Windows 3.x format, 164 x 314 x 4
MD5 e58e3b3163d1d85ce72df18b0e9c5ed4
SHA1 665bdf56ae503ca5026645954f396b8e172b4e92
SHA256 c1cd4e5a3d2ebfdc477ca00b5b8c127df149df80cf089e851369db75c61cef4b
CRC32 975441B8
ssdeep 384:dRcpG0iMIFxLHB3UDmTs7iUpKz+XPoCGKNkVIx:rVrB38lo+tgI
Yara None matched
VirusTotal Search for analysis
Name 0073337816509851_userinfo.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\UserInfo.dll
Size 4.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dada3e1836af78d5b24499da252d01e4
SHA1 d2a1c25405e3c74973cf18dec2c7138df9e96a83
SHA256 0073337816509851476c2cc154f471a3e3a1a2806b97c363870acc09a30a5ed7
CRC32 F966EE62
ssdeep 48:qK54n2rZ4vuXXqQr1wH+zL/o0o/X/3MVyjlZSg15gaoFU:5u4ZxKQruHkJwvcVyr4FU
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • win_token - Affect system token
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name a2d07ec5a2e732fe_appicon_32.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_32.png
Size 2.7KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
MD5 bf774b3440e05c3e32638c5b499069df
SHA1 02f21b7c7fe9ff1a05956c76a3d19ddc3d6c2ced
SHA256 a2d07ec5a2e732fedb364fc5499025082d5f09f144d03dab221d32f085b9148a
CRC32 5DBF59E1
ssdeep 48:O2FtEf96QmS4y5WaBuqgep+8+BUXuSkhrkVXdLSOMzd1Q8Hlry3vTmAcnRI9teQ2:O2FyfK7y5WaYqiHbQSOMzPFryInRIz9w
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 95c36884a12b4bde_modern-install.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install.ico
Size 13.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 7 icons, 16x16, 16-colors
MD5 0544fd959b81b995e8cc6f49a97cdad9
SHA1 07829bb35317df341305ec26d28dd8749760ea14
SHA256 95c36884a12b4bde8db9a3587f7bdb05e7232a4e9a095202ace4eba693412e05
CRC32 7E55724D
ssdeep 384:ntZgHoEQMp7e2BQHex/yvkKSO8SnRr96S:tZ/MZew/ig4RoS
Yara
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_03512_Xtreme_Protector_v1_05_ - [Xtreme-Protector v1.05]
VirusTotal Search for analysis
Name c9ad7122f30cc52a_resource.h
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\resource.h
Size 1.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 4a7575f1af51959a36a4b74f4933de6d
SHA1 46020f6abb7086c20ac5e85f283a272a24e8a992
SHA256 c9ad7122f30cc52a76149f5c09a71d1b341a6d3451351e93076fdf7217c4fadb
CRC32 54885C46
ssdeep 24:1ADv9HCR7e6gRYRtSm1XP6b3llO3o+yaDercPc96c22cfUcb8:1YCR1gRQSm1/6rC3maSrm8
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 4389c5d1d6bebae7_startmenu.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Modern UI 2\Pages\StartMenu.nsh
Size 7.9KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 bec34ad56e36a8fe1527b2b78c594876
SHA1 395757b3de791e7ed9211b8e3da6cd68cb0ccde0
SHA256 4389c5d1d6bebae7ebd170ebc26e989c0be278e4dc6ef62608046fa4c02f4605
CRC32 F82DEC9A
ssdeep 192:lLK/fhfPfj4M/9bQRb5bkbzFbCLeWeuky+JCnIhSrEWJejzMYNO:lLK/fhfPfZ9bQRb5bkbJbCLeSky+JCnZ
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 4ef56a6886873c6c_basque.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Basque.nlf
Size 5.1KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 418191b53ebb8bd9f12264d131424734
SHA1 99a14fa2257623cc223213f67cec7a49096cba28
SHA256 4ef56a6886873c6c847635fa474bb086b45738f13d0bf1f85ed2569c5cdb183a
CRC32 44F7CE25
ssdeep 96:Gtfk5EEUEEuERERKoLOhM3Lq/113X3d1DBJqZWEZOYzKHVXfVCOA4rBG:GtfEtUDui/NVbHn1JPCOYzKHVXfVVA4o
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 191667a929d7e478_bulgarian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Bulgarian.nsh
Size 11.1KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 d5169203463951632d870f5a13d5152b
SHA1 482b7f168fa31438056f2e5c73bf66e2ca40faff
SHA256 191667a929d7e4783a2c32716851324f62a79365c5f4f71bc2104b128a1adda7
CRC32 3B3A0CA8
ssdeep 96:/p018ZT4i/1EAF+B/TDbfZutpwIrHTsm/hyLgm/FewbpCaSfOmbdy2Mm1c61koWw:R0mZCBbU9ynjfNw+u
Yara None matched
VirusTotal Search for analysis
Name 7d3d3f75b2cee8b4_appicon_128.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_128.png
Size 24.3KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5 9c058d49bd87b6962301641420f48061
SHA1 c30b475a1bdd9cb396e8fb5aa86efdbe988e011f
SHA256 7d3d3f75b2cee8b43788395775086a96dad7794fc13ae315d8921edc4e434751
CRC32 D0D0D95F
ssdeep 768:5Dhy1CxvgdVz3UAK7iAx3HbSS1GbM0WgJUI/5:LxFAVz36iI3bSSOnUIR
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name d4aa0d517d4b0cfd_welsh.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Welsh.nlf
Size 4.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 665fedbc1b04032f3f4b75f93a1e03d3
SHA1 5a27e83c06f5705acd2de91b9f685f33fe151913
SHA256 d4aa0d517d4b0cfde3ae4aedd27d390d1eb6489bd50cffb96b07de2639cdf594
CRC32 CA84F4B0
ssdeep 96:pf5V1NBRQY4GvwJF24gmLjJzuG7b2iwPbaHA9nDrDXh2IAqM6:pf5V1NBRQbG4JF7gsdz37aVWHA9DR2IZ
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 61173c38b65c1a49_serbian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Serbian.nsh
Size 10.1KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 42b437920d6b2cabbe2c80fddb41e9ba
SHA1 19b4d30dfec9e5ac8bf92e3bbccda9ebb97022e3
SHA256 61173c38b65c1a49ae828b9b4a060190639152be40a69eac5399c6dcaf9c1179
CRC32 A0DC2155
ssdeep 192:Yd7WCsWlWtWNwWAWN+WtWN8TsW1WtWOjWAWOpWtWOPWWqZZAB2DnEWeWE+n+p6:Yd7Zsoe+wL++U+us0etjLtpUtPDQg2zv
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name c4d270ddcebd77df_makeheader.exe
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\bin\MakeHeader.exe
Size 590.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9b27b50e563579ddccbf502b34c9b939
SHA1 2cfd7a70a23973e6688f42ae08873e2ba3d37e0a
SHA256 c4d270ddcebd77df693f5cb9112cc5b5372cd1d19a3aec601320d9e982747b6d
CRC32 6158F14E
ssdeep 12288:ZglUvLaweOgCoR4h/fVSBQxTlqqt0qjqqqqqqqqqqqqqqqqq1qqqqq0MqBqqqqqf:CQPgCoR4h/fMBQxUwTP
Yara
  • GenerateTLSClientHelloPacket_Test -
  • IsPE32 -
  • IsWindowsGUI -
  • borland_delphi - Borland Delphi 2.0 - 7.0 / 2005 - 2007
  • PEiD_00810_FSG_v1_10__Eng_____dulek_xt_____Microsoft_Visual_C___6_0___7_0__ - [FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
  • PEiD_01086_Microsoft_Visual_C___8_0__MFC__ - [Microsoft Visual C++ 8.0 (MFC)]
  • PEiD_01272_Neolite_v2_0_ - [Neolite v2.0]
  • PEiD_01628_PEQuake_V0_06____forgat_ - [PEQuake V0.06 -> forgat]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_02161_Stranik_1_3_Modula_C_Pascal_ - [Stranik 1.3 Modula/C/Pascal]
  • PEiD_03512_Xtreme_Protector_v1_05_ - [Xtreme-Protector v1.05]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • anti_dbg - Checks if being debugged
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • Microsoft_Visual_Cpp_v50v60_MFC -
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • CRC32_table - Look for CRC32 table
  • Delphi_CompareCall - Look for Compare string function
  • Borland -
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 6a05cc589d3d38c9_belarusian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Belarusian.nsh
Size 11.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 027ad72a683cc02403aca439c8f96a04
SHA1 52278983b38aa5b23e26e764bf6c5dc9db4a46ab
SHA256 6a05cc589d3d38c9417c4e40697b407a40d9ccfd22ef045489463cb6772cb32e
CRC32 074F4E94
ssdeep 96:PKCdueV2ErYfVxKdhYblCQss/wzHQdmgcyZmAHtXoWwPQ+OO/t:PKCzV2ErQbKLMPvZGPNt
Yara None matched
VirusTotal Search for analysis
Name f696534ecddf1e18_appicon_256.png
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\AppInfo\appicon_256.png
Size 73.3KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
MD5 4101e7fe2d262454062666e4e181349a
SHA1 2d11959022789fb890225a7ba4b4eef5b489542d
SHA256 f696534ecddf1e182739c35ef50016755acd89c6ca949aeacac4856ffcdbd54e
CRC32 0CA60202
ssdeep 1536:5tGBUjArRuJRO8+7mp1+5Yo//iJ/hp3nDGeTi6Rl5HHMda3vBZMt5qG:SBUjX+7LY6KJphnDRigl5nMdKJZDG
Yara None matched
VirusTotal Search for analysis
Name 5627496be3f7d62a_albanian.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Albanian.nlf
Size 5.4KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 bdfcc2216e6daedd64b8cfae44ea2801
SHA1 5f71241e053ac5d2b0a72e2979427d4aa1715f77
SHA256 5627496be3f7d62adf0f8622ad380d30c1a72c5ac4147ea3309e1c86cb89c882
CRC32 8A86A879
ssdeep 96:XFYQRAm4opozVtjUfnnycoR89oRAMtOHcL+1VGlWrxEQAQTdzVQq:XFYQ+miVtjUfh9LMtSM+LrxdAQTdhZ
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 4d8c811d44032d2c_czech.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Czech.nsh
Size 10.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 43cd7ffce76580766af4269ad7f75f33
SHA1 8d31353bc6936e5df6e3008c0a20938c629589be
SHA256 4d8c811d44032d2c017c19e3559a7019292350047d5979828cc9560d28a62b6e
CRC32 C9842F0F
ssdeep 96:rwjG35+IDD+6l9p+pbfnogsweujPmWZJ6oCmTQZFa6Br2cRYMSkd+7MtVdC11ILS:raU+IOL1ZJ6rBBKMql
Yara None matched
VirusTotal Search for analysis
Name 925268315d4e26bf_georgian.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Georgian.nlf
Size 9.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 ea00851e4524237b4df46928862603ba
SHA1 8b2b562570fca3b0a39f3dfc05dfee6854e0f1b1
SHA256 925268315d4e26bf70bd87f86f0fd012ce883a2533c7e9ba3eb7e727cac3f5b0
CRC32 2C25C216
ssdeep 192:mVMEO0qi8nf6it313N1SeGI+VxwVh1F8FVB1F8FT1F8Fzy8FVay8Fsy8FE7k0xxe:3L6vseBW2HaqmGYk/mNtUry7i28toG
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 0bf5f3efc878b509_ukrainian.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Ukrainian.nlf
Size 7.9KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 d7f0e5e7c8d07a0defee05138320cf7d
SHA1 cb61e293517d1635a8c896286f2c42a5344a8dde
SHA256 0bf5f3efc878b5090d2e2103f4a391abdf95f7186de809cfe405ff35a43471a8
CRC32 6868B8C6
ssdeep 192:aUVs1WLlLQLCjLJLT+k2JP5yEMxmP/kranH/RRhnlZ34JS3YVXFkAGlOV453dW:Z61WLlLQLCjLJLTPjxUCw6S3YVXFkFcJ
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name ce9bc53b4f313d16_settings.ini
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\DefaultData\settings.ini
Size 19.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 50f60a1d51b172b952380290363b213b
SHA1 226ade01b4b296391e8df2c10f7fbd826b6ca6b1
SHA256 ce9bc53b4f313d16a72208bc0ec8adfe69154f2278d7f2f4e6efea8712393e40
CRC32 0BE68402
ssdeep 3:HWRBX3+1:H8X3+1
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 2cf4acec0b9770db_turkish.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Turkish.nlf
Size 5.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 d825b1a12fa81ab764298736058540ba
SHA1 f3b506a703ddff7d218534707911dfbcf0d5e21c
SHA256 2cf4acec0b9770db2ff1b45db830681eb26aff66c1bcb2b03045333d6bfe4f18
CRC32 B24C1297
ssdeep 96:WJhzFg9NadCQY85tndXvGndDnzY8CY5Zk3XUhA5/mKj+aIA9DWk:4hzFg9NZQPtJvGZn7lZkHUhAhmKj+aIc
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 7e9fe592389c67d3_romanian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Romanian.nsh
Size 8.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 f10e29fa1f6ad2913dce05b38f65f43c
SHA1 23b4e874c6184ef45b061fda5c34264a9e1f120c
SHA256 7e9fe592389c67d3fcd7d4444c4ec831b0e9b11f7d1d9104358b263a0aba7c1f
CRC32 28EF7562
ssdeep 96:ABx5LsRXx8lfgf7g5tgfKcwxOyY2xFUsLzL1tsPTs0CpBbLDPnN9gIyI500n1r5J:gBEIfpBPTbn00nnEAv
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name b8329f8954c7cd99_logiclib.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\LogicLib.nsh
Size 31.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 9b591177155dff0d9b6b5b0a895caab7
SHA1 6e29ffd361411404f2d4636e9b9eb7ccae94ca76
SHA256 b8329f8954c7cd99da785147371d7dc60918c2b1c4dc110a2afb0a04eb99fef0
CRC32 D82E401F
ssdeep 384:QS0lEWlBondj3vljvRlXd8v9GX88i3IRsMBgSQZP7+ofoao/oBoToNopo8GZ0z8J:QS0/BodrvlJKMit/TtpQvc59e9drbuh
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name e2c18e1bc6946174_bosnian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Bosnian.nsh
Size 7.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 aac2485e748be994df53b5c8650c31e2
SHA1 659eab54fb45dbbd3a6b552125d82356e4761671
SHA256 e2c18e1bc6946174421d3e3a9c5456daf393515b5146b3490d07c1ee979346d4
CRC32 2206980D
ssdeep 192:W9LUygLpLbk25ZhAUh96ic0FgYYYryxKcp8sJU:WetHZiUb6ideVKyM3sJU
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name c6d9e0366991a3e7_portableapps.cominstallerdrivefreespacecustom.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerDriveFreeSpaceCustom.nsh
Size 678.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 6e1d45cecd61b0095092ae3cd1815926
SHA1 b17b64a67dfd8bff827a6ec5bb4cb440486f5427
SHA256 c6d9e0366991a3e79ee92e8778141a18e02623a46bd9fd210846f9818e064148
CRC32 C22B3B40
ssdeep 12:PzXXQVuhOJuV9/gaSFqkhoX0IwjpX1QLEp6UaatEeokTU1Lq+iTU1LqXxpsv/:PjQUhJVWdFqkhW0Iwjpj6UFtPokAXiAZ
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 71572f777af5e6cb_albanian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Albanian.nsh
Size 7.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 6c28e351a8970f29263930138465ede0
SHA1 79a941868c7a1339832d63e931c63702ff5ccc6a
SHA256 71572f777af5e6cb9bbb648a9a5088b234da3892eb7f2cd5de562dccd44606d8
CRC32 59598392
ssdeep 192:lz82F0R+wU0DhiOCHE2bPJhSNTGkLIIhP:ln0O00Oc7bPJhSNTGkLIIhP
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 2e84996353100d02_simple-round.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\simple-round.bmp
Size 1.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PC bitmap, Windows 3.x format, 96 x 16 x 8
MD5 d5e694db0a5934750d1f83e5ea7763d1
SHA1 b6e9a292a70a5d5f628c37c7b2d19204dc5dbccd
SHA256 2e84996353100d025920cd81a0f21b81b3849c20fc4e4a547692d5d0afc6e17a
CRC32 385E2FFD
ssdeep 12:oSnc28u8u8u8u8HIW6t0kur3kcFR3LvE4vjt5BIWI8u8u8u8u8:oSnyppppoht0ku7NFR3LvE4vhYepppp
Yara None matched
VirusTotal Search for analysis
Name 1a631efdc5a995c7_zlib-x86-unicode
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib-x86-unicode
Size 38.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 30d7c3b6df6688a6250df7cb60860310
SHA1 16608c0fd94bd2692ffca2f2dfecf05f9cc7a040
SHA256 1a631efdc5a995c717c30fa80ca69642b1c0c43ba5e93c585190d966886facfc
CRC32 F2820950
ssdeep 768:8r+aWI+c1t64d/ZuFvg1Y9v1zZyAfdraT0KtYbe0D3iV6k/GDpautki:m+aQc1w4vuFvJhEem+be0Dy6Ltau3
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 75053d954fbce1c7_installerwizard.nsi
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\Other\Source\InstallerWizard.nsi
Size 53.7KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 5a0331938dc79e5fcde6ea14a1a0883b
SHA1 b6c1b5d5a5fed9390b0def2cd5adc4355fd536a4
SHA256 75053d954fbce1c773b5fa3c3006dd4f1826d7fbb763d8b61cca451f92adf151
CRC32 4BFAD721
ssdeep 384:LgRPQymllPuCsp/0YtHtkutJf2hTt4+P6DjI6WmKXo/bYx9For/oo/fZ6tn/Tuty:LgRPQyDMhu+INW9T1t6tyk5qibzOVmVU
Yara
  • contentis_base64 - This rule finds for base64 strings
  • embedded_pe - Contains an embedded PE32 file
VirusTotal Search for analysis
Name 5103cb01645ad2e5_makelangid.exe
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\MakeLangId.exe
Size 24.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1c949bb57f7eb200c4bf71773553373c
SHA1 2cf3000b1c55b8d9019e048a67e3e15cf690c3f9
SHA256 5103cb01645ad2e568df16ebb3b5fe3796cf5744bb80e715253938682b8c3f45
CRC32 E8A8E3B8
ssdeep 384:YB/U95r+A/N7XT2nWoPpTCylgB/0vxreVTl:YBM95Co7XTGycYH
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • Big_Numbers0 - Looks for big numbers 20:sized
  • maldoc_function_prolog_signature -
VirusTotal Search for analysis
Name e725e4c212b71d42_arrow2-uninstall.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow2-uninstall.ico
Size 4.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 4 icons, 16x16, 16-colors
MD5 0243196a60b08b1f31208ad8960879b1
SHA1 725e7261ecc3931089abc154a15c1d7b47a6fcf9
SHA256 e725e4c212b71d426cd85cb44741fb0e5fd50406c0cdca447663d3fd4003fceb
CRC32 90354397
ssdeep 24:bgw5QligUTUuylpFPVVKMjeWjfWlO229Bu8EikTUX62xM2O2U9znJ9goSEZtaQmx:FfYDdfTGbTUKMM2O2EB1qff5n42n
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name bf6a3ddb40835bde_modern_smalldesc.exe
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\modern_smalldesc.exe
Size 4.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bc57964aef908e7f11c27652c1e5c6df
SHA1 0f201867bac8c663b0555c0b4b69c47c1417a1d4
SHA256 bf6a3ddb40835bde1f8a0df2e6a8bcb6cfaff15603d0b7da6904188668f3bad1
CRC32 55B0FD7D
ssdeep 96:XSx6qaNdT7q4n7o6njCiF2Cm9moyn/d1B:XSx6qaN11n86njCiTomoynR
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00138_Armadillo_v1_71_ - [Armadillo v1.71]
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01101_Microsoft_Visual_C___v5_0_v6_0__MFC__ - [Microsoft Visual C++ v5.0/v6.0 (MFC)]
  • PEiD_01108_Microsoft_Visual_C___v6_0_ - [Microsoft Visual C++ v6.0]
  • PEiD_01125_Microsoft_Visual_C___ - [Microsoft Visual C++]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • Armadillo_v171 -
  • Microsoft_Visual_Cpp_v60 -
  • Microsoft_Visual_Cpp_v50v60_MFC_additional -
  • Microsoft_Visual_Cpp_50 -
  • Microsoft_Visual_Cpp_v50v60_MFC -
  • Armadillo_v171_additional -
  • Microsoft_Visual_Cpp -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 0c518b7cfc4680d5_dialogsw.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\DialogsW.dll
Size 59.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 d2863c5c3c61ec9b1175a339a8a47029
SHA1 7cacd2e320c742de3b4bb82ec4ffc7c683e6a130
SHA256 0c518b7cfc4680d5b0050282c45de749ba34648eb41d24e16741f9e7d679db64
CRC32 F8084F6E
ssdeep 768:n3fPePqXHaXJnRh/d72gu3F09l1Ovrer+IY5y4A0BqcSm7jE8GQ+YzK2Bn5tFcXX:n3nkq3ahDyO45s4ccSm7480sF3tF6
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01070_Microsoft_Visual_C___6_0___8_0_ - [Microsoft Visual C++ 6.0 - 8.0]
  • PEiD_01090_Microsoft_Visual_C___8_0_ - [Microsoft Visual C++ 8.0]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01247_MSVC___v_8__procedure_1_recognized___h__ - [MSVC++ v.8 (procedure 1 recognized - h)]
  • PEiD_01272_Neolite_v2_0_ - [Neolite v2.0]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_03512_Xtreme_Protector_v1_05_ - [Xtreme-Protector v1.05]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • anti_dbg - Checks if being debugged
  • screenshot - Take screenshot
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 7446a65155c7d718_arrow2-install.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\arrow2-install.ico
Size 4.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 4 icons, 16x16, 16-colors
MD5 a732b92b6262bb6a61e3b2b1ca4359c3
SHA1 4a6e8cae838ec70004ce8efb670b5bae03981b26
SHA256 7446a65155c7d71816bf6321796a3e2c004eb4a2f50717035cd96f7b21b14f1f
CRC32 0C61B7FD
ssdeep 48:StZZlsKkDZeGhTknQOp2HJ4ts/TRBCWXhT2QcoR0JX3g2n:isfg8T6YHKtYmWXhSZomJTn
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 2439634881a8c010_tatar.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Tatar.nlf
Size 7.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 c1121a6a78c72d0d772e358e106ebda7
SHA1 f362a452ee9b1f09202e48e424278aebb42ab765
SHA256 2439634881a8c010f296d9b2b0217ea9793544974b7bb348d136cd336ef96390
CRC32 BB8EC9EF
ssdeep 96:HTfXF+fgeAMuM8NNujM5VGXa55Ktn3txsSGO72xlCyHkDGcj7kAqgfSL45fv:zf1+fJjMHPKt3t3GOXMkDGcPkAqgfSLW
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 745acd94c78e5ea9_dialer.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\Dialer.dll
Size 3.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 4c225c3da808e6c95b6699c5db8c636b
SHA1 a09dd7dabea628b9e7b38720e98ad6aa1a53d0bc
SHA256 745acd94c78e5ea93268310977a83473825ad911bbea0a9ea3e4521170745adb
CRC32 AB7AE31F
ssdeep 48:6YEAGl71HRJPTP/v66v7JvDvWvGvZ8jsUXj+s:2XJ7yCZvCy8js
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 7bda3db4b7af91cb_uzbek.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Uzbek.nsh
Size 10.4KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5 d6e9c3ecd0b98d7c22953849a4d707ef
SHA1 1291290267c01b4a26d40e4d835dfcf92a550f5f
SHA256 7bda3db4b7af91cb279e21f1de55611ac29f6ea87e69a543f49f0fd275af1dbf
CRC32 CFAF5838
ssdeep 192:pnRfM+jsFCJuAEimSumVgNQ/jz6MojQWfmC8IP/hylkOiNJK06qpb3Tg6kt9jCyp:p9wVy
Yara None matched
VirusTotal Search for analysis
Name d68fa9f9c69eab2b_hungarian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Hungarian.nsh
Size 10.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 1e9efe416e18dc1beaeafb496a83dc9e
SHA1 ef251a0eefa92f4237554664d026a41231ebb159
SHA256 d68fa9f9c69eab2bece691d3b72e1080e61f8f1df7185cfa72230cd890f5fcfa
CRC32 98D22CA9
ssdeep 192:AaWVoQL9Ou6CEBNQdBpKQwV6CUIzIgvzN9:coE56dETfC/vzv
Yara None matched
VirusTotal Search for analysis
Name c3c786d4b2a350e3_appicon.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\default_bits\appicon.ico
Size 22.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 6 icons, 48x48, 256-colors
MD5 36461a786bfc6dfb96836e1583e89ab5
SHA1 ed072b5bc7f55577be21ba0fef801e81a14081a3
SHA256 c3c786d4b2a350e3653f76fbaca06c604b4d8e29bf9490a4c38b908ab18d8b7c
CRC32 6657390B
ssdeep 192:0vhYnrtDINynT+vwA+hYnrtDINynT+vPhYnrtDINynT+viIGPoBpunda0Xb6UZwn:0u8UuSuGG2unda0vZWOO5R
Yara None matched
VirusTotal Search for analysis
Name bdeb80e5077b434a_inetc.dsp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\inetc.dsp
Size 7.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 238c76c2dabbb8be217df04234e358bc
SHA1 264375cb808337b197e6879fb01050aca94d939e
SHA256 bdeb80e5077b434a76e4f1f7643dbeee144747a0fc309b77a14352f179342928
CRC32 EFA2BD05
ssdeep 192:P4BIaQvOP+fOB0LCVp0DOSbReLreQbQRQjQ27etvM6Ih:P4BIaQmiOB0LCVqOSILrt0isntvk
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 99842d64d010c83b_welsh.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Welsh.nsh
Size 6.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 a33c2d6450a8805c3d25fa45e9513c9f
SHA1 6f7c7a220af07803aa83264d9c7278e266dad86e
SHA256 99842d64d010c83bece4435b2ff59e5e3c9e8e0e78b547d9952722b389287b66
CRC32 7518959F
ssdeep 192:rTI9M/+jUWMP9khK7oxOOu1fapanzzXPinPOooFNcA:vI9M/+jUWMP9khK7EOOu1fapanzzXPi8
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name ac0ec593eff9822a_german.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\German.nsh
Size 8.7KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 bef24feaeb0075300a2d7ff986a15929
SHA1 126203e6fa45e77e913396885c85f97cc7868b69
SHA256 ac0ec593eff9822a4915e375a79fa3d9914a57b29d33de90838313ca3cf07117
CRC32 9ECE6241
ssdeep 192:SNgYK0ffRZItv5RbICtraycRej5rumTSHuKZ5juftTiWLcrhF/:SNP9UtwYe7Rej5rumTYuKZOtiWLc7
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name f7e2ec9844679f8d_corsican.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Corsican.nlf
Size 6.1KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 9a30ea4439edb626fcf5a531a1016121
SHA1 997266071f976fb7183355f5e5097e706bc156db
SHA256 f7e2ec9844679f8d9b9a93ded8ff766f1058799da36daeb795688814c1152387
CRC32 A131B7B1
ssdeep 96:BdMw09HGT7+TRyjkKv1DUsWgkcDa2oX9maOKrJ9AxNvy5Wh:BcmfyyjkKv1DxWg/DyX9rOKV9AxE5c
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 97a1767bc72e70bf_strfunc.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\StrFunc.nsh
Size 47.4KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 a535705e468c66635e372e3326b5c25e
SHA1 802eac4b1cb8b3ed4b43b5fc984d7ae76a842c74
SHA256 97a1767bc72e70bf554e3e3ac61729457a8666ef76221da437836193be4535b7
CRC32 976D0BE3
ssdeep 768:n2+oKGqN8hXwUh55Oh3u/6DhzNhwyQKrETXigo8KasTk8FMAnUOrAnUsB:2+oKGqN+kQKrEs/dM03r0/
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 55e1694f188ff8b8_german.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\German.nlf
Size 5.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 9b5e6b020ed5779760592ff7f1f6dc4a
SHA1 aac6498361f409da27f7e57ece67ef073c3e3de5
SHA256 55e1694f188ff8b821a008d751045cc83c537315dd8cfcf75d65fddb5b39ff1b
CRC32 CCC050DD
ssdeep 96:RfwnWitwDrU9W49WR9r9WGNlR9YGfkB91hiYJKiliR/jYTtbgaVD382vtAtNkWW0:RfwnWitwDgW4WRjWGNlRyGfkBjhRJK2W
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name d7a156a6b8af9bba_thai.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Thai.nsh
Size 9.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 b6abe41ce2144bbd32b2e41a26645a22
SHA1 45f449384a8217284086bce101bca5d4f830a61d
SHA256 d7a156a6b8af9bbae9af06e2b474cd787e927d2d3c03c1845cbe215baa875666
CRC32 C403FC4A
ssdeep 96:cnL7ivFd7VFibLyiWwX0jT/KTV2bfuFu3GoMmFhAFt03QWywC4HtNZ6RTrfNtFIT:0veoKYNTyMVUv4pSEre
Yara None matched
VirusTotal Search for analysis
Name a923d4b0d997ea9c_zlib_solid-x86-unicode
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib_solid-x86-unicode
Size 38.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e63b9232610f0519e3d50129d24a019d
SHA1 92c609af2aac61369374626e37994fe677fdd2c2
SHA256 a923d4b0d997ea9c127b31fd5e4ffb47bfabb8281549cde4ce94af651fd8bf47
CRC32 5092B258
ssdeep 768:QWEkjNNjbsS26JynDB6+DhDilzSAG8EpABWI5+0D34toSG8pquBki:dEINjw6JynFL1mlGvqt5+0DIt24qu7
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 2a766a15db31e4fe_modern-uninstall-blue.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-uninstall-blue.ico
Size 13.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 7 icons, 16x16, 16-colors
MD5 38bd0e74075cf1668424e48537e0d923
SHA1 d169063201a71e0504d92e8b73bd784d99753001
SHA256 2a766a15db31e4fec07226cceea64ab411854d751354a35dec2aa305fc8849f3
CRC32 D21E07BC
ssdeep 384:nE6vWJRnpEUZ0ICMOcIX7NE0JMCb8bC2xVO:E4WJRnS+k7Bpb2rO
Yara
  • PEiD_03512_Xtreme_Protector_v1_05_ - [Xtreme-Protector v1.05]
VirusTotal Search for analysis
Name 54111e06ae90c7fa_propkey.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Include\Win\Propkey.nsh
Size 1.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 9b5d1a9eb703b471673965a7dbdec6ad
SHA1 6fcf59b655b60ca434c536bd1662ffa750c0a732
SHA256 54111e06ae90c7fa297e06a992c681de18bd6b12eb76e19422f87234462a1319
CRC32 B5B91AAF
ssdeep 48:EK5UBsnznGDdAb/IFxF/c4Fs+DoZWzWoWQtFWrG:Ekx6D2W1oZCBVrl
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 77c822c2f6a32866_yoruba.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Yoruba.nsh
Size 15.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5 1e7fdf7790ad005794a69d56a4bf2231
SHA1 b10e62200c6efe704177f869cf477dae2bf9c6ba
SHA256 77c822c2f6a328664d1871455b3db924088df20b80504e5136fa1fdf8a914d77
CRC32 89B8EBCB
ssdeep 192:937Wk32xy2UVtlVtpI+mA3qhBcCowKexSr6y6Lq6PN6fv6WFZSgdkNh:FKb+tHtF9qhBcaLZ1QfSNh
Yara None matched
VirusTotal Search for analysis
Name 3a489a62651be619_latvian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Latvian.nsh
Size 7.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 98973bbea780eadb2d69898b76ad2772
SHA1 f95839ab180df43ddbe3e81c2777e163534915a8
SHA256 3a489a62651be619490073df6088af25967f04b7076dc5aebf0ef517d5648cb9
CRC32 3BF01386
ssdeep 96:pga2DJCuxarlAn+4Jg+iu+VS4Ap+hJg+1q+Vm1MspMrcRPTskpXRpPFUN9sWfIjH:pi0ZnmpbrXb2bs2/hZgHZww01cPts0n/
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name d87c9e139f92703e_irish.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Irish.nlf
Size 5.7KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 d9cf7186200235dbc7399b3446beb68d
SHA1 c511e3fab4e3bfa6a6e06ea6d8e6906fd9aab816
SHA256 d87c9e139f92703e589d83bc5a594d60eb829d7acd4c148f8623c818c8868236
CRC32 C01CB349
ssdeep 96:OfMX5APKu9LcIzgcPDBaLzoKMBaLzoGk1BLDHhazKhGvL3JAq2yxZjRWn:OfMX5APFcIscPDBozoKMBozoGk1BLQze
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 391958a49f3ceea1_igbo.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Igbo.nsh
Size 15.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5 3a35b2a72d6f9103d7fa560c687df61b
SHA1 3d2270484a75e8de32ebff40bc56d8594a1d2e90
SHA256 391958a49f3ceea1e0cde86882306d60f45f28a84bf09d9791eb34a80711543d
CRC32 15BD5256
ssdeep 192:P376ct32xy2IVtlVtpI+mA3ckMbuma90xcye6y6Lq6PN6fv6WFZ6gXgHkNh:v2/bStHtF9ckMbuma9LuZ1QfSeJh
Yara None matched
VirusTotal Search for analysis
Name 9d493e839e7a9607_efik.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Efik.nlf
Size 10.4KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5 2849705e2a427ce957dedb6d0321c276
SHA1 b0d7f4f04a1cd42da05989bbe24be784f228957a
SHA256 9d493e839e7a960750a59aeb81e4d18412b1c22847d95ab851316168018bdf2a
CRC32 29549D4A
ssdeep 192:hV+TyNuzwiyvuUDYL5bxxLTpI3EUAt5tooTwo2gnm:z+TOuEiE2hxxLTpI0hvVTm
Yara None matched
VirusTotal Search for analysis
Name 7f17ec9f401f9e91_llama-grey.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\llama-grey.ico
Size 2.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 1 icon
MD5 4594824ab309855d19ff533aadbd11d5
SHA1 37e19e7a1c2cb9b2174cf5eda70e74e5f7e9e81b
SHA256 7f17ec9f401f9e91c88c5cd4d216397d714c05c549340acccd3221abf9c92b0c
CRC32 6A10FDC5
ssdeep 48:Edy2X8UeSYbwmVZToYZnkq61IlLRErU2FmN1:EwVEmIYSq6SlLRErOn
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name b8e75b56bd61b320_galician.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Galician.nsh
Size 7.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 f7117637351e57c2c226f65b428ee89c
SHA1 ea08d6dc089b38465b5eda9c9a950f0d51627b4a
SHA256 b8e75b56bd61b320edaf55ed756e86600b37c491085cd5aa105a2237f1fd970a
CRC32 9EE08C6B
ssdeep 96:Uwmp564xGlJr4rqrPBrlyJrfr7rPyrlu5KXXsIwboPsvpqCliPmsE90INI5JWEnJ:UCJMm98Jb/GcHIwTqCqm/MJWMTWV8
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 2f995b7184a01fa2_norwegiannynorsk.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\NorwegianNynorsk.nlf
Size 4.9KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 614cf261658d0b7b772f5cf6b77c3254
SHA1 c0a237bb8396b66a6a168ba48d8ae9546c54f046
SHA256 2f995b7184a01fa2303a64c0be2c401c104e7e3c13237126638023cd7f977a65
CRC32 9C5D671A
ssdeep 96:ifBMMHascnsvAABDhy7Wb8WJGoCm48o7sE6WA/REMCSH7EME+yeA16:ifBMMHaVspyyb8sGoCm48o7sE6D5EF69
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 4fd26c60ef2e7b49_spanish.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Spanish.nsh
Size 8.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 c6a856fa784e9f58eb7a652defb14a92
SHA1 ed6befc629cf70abd393040382238ecadfa41c22
SHA256 4fd26c60ef2e7b49e6e0fbfeb1c9b4d84a1fb9bc2dd202994b20adf8d61186c7
CRC32 E6911C6C
ssdeep 96:obYDKOExdlbLwa4WZ+sKnrsLnptMCiPsL9pIdI5g29X54mdVpVl1aeRkkV8t6wI7:ovPlRKA6/Wvg2rfCeZ
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 6e660232f84823ef_libdialogsw.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\libDialogsW.dll
Size 76.1KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 8669f27a3578c6bfc2732a1bde070ee8
SHA1 6e315651d67e44671cc80a4befb02ca79cc15c10
SHA256 6e660232f84823ef1db10ca4e7ae458d7855b56311898f321f80a344bb06ecad
CRC32 FB578070
ssdeep 1536:TVgzHc+2aRYdi1fb1dwdUP1MsoSR6Ls1Z:TVgYEb1dmw1MsXR6Y1Z
Yara
  • IsPE32 -
  • IsDLL -
  • IsConsole -
  • HasOverlay - Overlay Check
  • MinGW_1 -
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • PEiD_03512_Xtreme_Protector_v1_05_ - [Xtreme-Protector v1.05]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • screenshot - Take screenshot
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
  • spyeye - SpyEye X.Y memory
VirusTotal Search for analysis
Name 4aeb2f68a1465407_findprocdll.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-ansi\FindProcDLL.dll
Size 4.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ca3471f7ceaeeebdb49f902e2254d9c2
SHA1 d2392d3856225b7008fc00c3bed900cc1c271931
SHA256 4aeb2f68a14654077a21108eb97f6abc590262140acde0108965c6a1e0b18af8
CRC32 8F2D2C6D
ssdeep 48:qv1AByUbXUuz8nAyFHcOJqwU35B3y3MbO0hUSWeSfxNQag3HZT2:aAzOAymOJf8D6z0hQeiUHZT
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name 5c04a6b8f0d457ab_switch_to_big.bat
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\UIs\switch_to_big.bat
Size 304.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type ASCII text, with CRLF line terminators
MD5 840152d5ac0bc3c10e3479a428bd4e76
SHA1 22879e1a026f5cfe2a46053f1bb08a1189262c7c
SHA256 5c04a6b8f0d457abec443589857a51b7551b058e15a9a526145d603f8372f0a7
CRC32 283CAB79
ssdeep 6:/QFMROVYEQ4pVqRJRdRpg6UPACg2ofEJ2p7fI6V2pbIPACn:cMEsg6UVg2ofEJ2p7fI6V2pbIVn
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 800f5af00499c92f_slovak.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Slovak.nlf
Size 6.3KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 2ab7ab2e681d6178adabfde4125b3e2c
SHA1 7ba8daa2d3caf58111d1213884816c8aa49184f7
SHA256 800f5af00499c92fdedd42c5f3d2236d362b7a4f8aca028efe539d35365a56a2
CRC32 838B9A27
ssdeep 192:gQQ+BS2GDGvG1GWGOGtTzeAVg7sdCntjAZdT:u+Q2GDGvG1GWGOGtyntjGdT
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 43f0cc738fe8ba0b_igbo.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Igbo.nsh
Size 9.9KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 0117fd76be550c36a2c7989959d3ae56
SHA1 0992f6d7f83c214f1f3528e872527719b009d2c4
SHA256 43f0cc738fe8ba0bb2299964d34a804373fc0041227e1e19efff395ed7477582
CRC32 A12E4148
ssdeep 96:XzAchzKSxunxCoiO1kKNGwug8HZ4m5Xy889uWzWwbg9KlPStkOfWrXoSgZD:XUOZoV/NV889Yw9lkers
Yara None matched
VirusTotal Search for analysis
Name 875c4cdbd9644ab8_malay.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Malay.nsh
Size 6.8KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 5d425034997a151879bc6271ee5c8e81
SHA1 11aa9a4a09ccf63982192a0765ec49d0ea0e14e9
SHA256 875c4cdbd9644ab81943477041fdbe45e4c6da6859624132cb115631646a38a5
CRC32 C91A83E0
ssdeep 96:ufTU4KhxsFlboPhsYmhwqVssxpaQ4EPQrRfh9fIMI5tQrKgI59brrEE5bJRh4V8V:ug7YbVYmhwEhvQrRPitQrKRxQnBfk
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 8a221bfda955710f_luxembourgish.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Luxembourgish.nsh
Size 7.7KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 c18042293c0a77c3728a537d7a302e79
SHA1 39a27f88949276839aaa9e0b5a67b64138f2d545
SHA256 8a221bfda955710f60e5bb845b2df0349b02661ddeefb4b2c10d3840698e0d7d
CRC32 1AB63D1A
ssdeep 192:VsOIgsHVZsAN0NYdTEQ3cdq+07Z4SJUvcN2:VsOIg0d9E8cg+0d4SqUN2
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 6111a469690cc5a3_lzma_solid-x86-ansi
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\lzma_solid-x86-ansi
Size 36.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fd3b0a4cf1582abcb760d1bc981954dc
SHA1 71132ad2d1c168e93297321f26131c6f0fbf4c18
SHA256 6111a469690cc5a3dc3c27d46a6b2bf53f74af65a86824e555b79f91c392a550
CRC32 60A21C90
ssdeep 768:5LFB/DhQ7iSeGhlL94RiXxRJuMvmbdQc/ai:FT/VQ7lLWRihsbycD
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_private_profile - Affect private profile
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name f5681d2ed2efef52_modern-install-colorful.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\modern-install-colorful.ico
Size 23.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 8 icons, 16x16, 16-colors
MD5 795dfadd194c56269bfb0b45cd7fd05f
SHA1 0b72ad719bdfdaa4163ffc2755aa7ce88873bda9
SHA256 f5681d2ed2efef52faf7fbcecc9da2e07ba6f8eefde7dc89cb33abecccfc1d3f
CRC32 998DE26F
ssdeep 384:NSiHohWPdKi8+LEz9G/iqk/azinKRiZel4FzfvWKW:Nx8dG/iXazioSe4bQ
Yara
  • PEiD_01021_MEW_11_SE_1_1____Northfox_ - [MEW 11 SE 1.1 -> Northfox]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 77ea690fd994efa6_khmer.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Khmer.nsh
Size 15.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 0066aa3ed0f23c9bb206046b0972f898
SHA1 5d65a59f65ceefef1a326c7b2322b6bfba2b0a2b
SHA256 77ea690fd994efa6bf61b460052da3e8773b6104be588adc43716e9094cb6b3f
CRC32 FFB4397D
ssdeep 384:BxkuxZh2/RghQ5ALkLhXM0R4Lg4mkLh+z4LgRkLhLU4LgcgAQ5AFkLhX84LgxkLw:Muxm/RgiCLkLhXXR4Lg4mkLh+z4LgRkp
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 59830444f2ded7c4_selfdel.vcxproj.filters
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\selfdel.vcxproj.filters
Size 361.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 85a96282ce51a457b5070dcfa7a75029
SHA1 7fb445053e486df814c95a17904fdd9870532c33
SHA256 59830444f2ded7c4c31cbafa8a923a33abe63102916330f236c15ab1c4470b28
CRC32 F0009BD7
ssdeep 6:JiMVBdDJJWSRR4mUA+D2T2rV8kuI4jifDn8kEPy4LWQBn8cMqjis46Uj9:MMHdjWim4+D02h85i78RPj89Sis9Uj9
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 13f54a14d44cb9b3_dutch.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Dutch.nsh
Size 7.7KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 fcb651f20c6066d1aae13b6b84b0b255
SHA1 2e9ad1f0e0f97fd894504138c0accb10d3ad61d3
SHA256 13f54a14d44cb9b3c24d9329663315003ebcc63fe1da166fc405c15012615b1a
CRC32 ABCE7DC6
ssdeep 192:9/LmgVUfpI4qlf8QUl+ye0Zk2Ih8QzxIppgMitH82st:9/LT+t5r6Jh8QNIpSMiZGt
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 7cd9064dd4615268_khmer.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Khmer.nsh
Size 9.9KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 2c9807c007eba855761c021d46608bc1
SHA1 cefd01e0a04ca2443bfdb77636319803133208dd
SHA256 7cd9064dd4615268b9152b3ad81620652313abb0762ba03187881f9589ce650a
CRC32 F5D7B80F
ssdeep 96:TIKMTsZMiIOOij3eXrJOeXT4fZoTZKwifhJ1CZmcHN+l4wP1ECqZFQFF7R6qWait:Tc8DKOXZsZ4mRNGYQr4fpj
Yara None matched
VirusTotal Search for analysis
Name 069f87bbdf48b266_estonian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Estonian.nsh
Size 6.7KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 e5404ff5216628cc9e68d42f8e44c482
SHA1 e13ea45a5231ebf1e4c21116cfa3cb1e41c34041
SHA256 069f87bbdf48b266d422c9fe46e3d420377a2b8d8cb4724316423bba4ef4e294
CRC32 B06F895A
ssdeep 96:rK4hzDx3lcaAIcUHVXkssws3sIpsgoP5K9JzIhYI5QyUO9HcP65H21fJJWC45rag:+2cMcYswsDsXAKpUO9HGQH2o+1Hl7S
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 746c88b0a2cb7db1_put.php
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\put.php
Size 437.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PHP script, ASCII text, with CRLF line terminators
MD5 26c2fd07d25f2407ed49a01a93a83ba2
SHA1 a9e292725426d771b36cfbe39840db2a2e6ed1f0
SHA256 746c88b0a2cb7db19c234a3044074c11e8e286fc0eda06086b637e6f36a6bdc4
CRC32 FB44A62C
ssdeep 12:ebLwXhnW+LZb114mi0x1OOHZg/Ao7LDOVZE6Jk2n:evwI+NoUe3D+hn
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name b62432d5c93b1e67_zlib-x86-ansi
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Stubs\zlib-x86-ansi
Size 37.0KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5463d2f1b1d234e96438599d8b9c2686
SHA1 bd558d13b7ded2c10bfdeaf840475e025c164f12
SHA256 b62432d5c93b1e676922be2bb96911bacac59adfd7b5bfdb514c3d1fe29347d3
CRC32 14C4556A
ssdeep 768:HhDVX3CcajZNVpAMfYhTTUPwwMZ0D3suInmhd0cTai:BDNyf9NV0TAwwMZ0DJhec/
Yara
  • IsPE32 -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01091_Microsoft_Visual_C___8_ - [Microsoft Visual C++ 8]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_private_profile - Affect private profile
  • win_files_operation - Affect private profile
  • contentis_base64 - This rule finds for base64 strings
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name a23625928bdbecf7_dutch.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Dutch.nlf
Size 5.2KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 555485e562f85ab2b40e363d67a5e2ef
SHA1 dbb881972c19e7ebd5235a734174466f5372d548
SHA256 a23625928bdbecf724dfb31e313dea70ab4d37c1829234d6b9ada8451a5d2295
CRC32 4ABD9FC2
ssdeep 96:Zf8FtgMXjPHzVbNyAMAGE2VNA9Hl3yeHihptco85jLVOMgd51UVAfpFr39:ZfbSjPRhFx2zql3yoWptcFRHgX1UVAfB
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name ab451de8bb232bcc_pluginapi.lib
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_unicode\pluginapi.lib
Size 6.7KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type current ar archive
MD5 8260932e58c9c5869c24c0bc9141e280
SHA1 79c1e149738ff2f6e8f96a52fa70ceb4d2c43dbf
SHA256 ab451de8bb232bcc035cac13a4506040687f0271a4b13b878439f20cc7830e22
CRC32 67424E2D
ssdeep 96:G9MCH9MC6YQ5KQOLJaoXsJSClFyKgHVT98I6Hxw49NU+eTS1vSrI:G9MCH9MCzooXsJSCuKgH598IOBeTySrI
Yara
  • PEiD_00055_Alias_PIX_Vivid_IMG_Graphics_format_ - [Alias PIX/Vivid IMG Graphics format]
  • contentis_base64 - This rule finds for base64 strings
  • shellcode - Matched shellcode byte patterns
  • maldoc_function_prolog_signature -
VirusTotal Search for analysis
Name e10bc6ac1f65450f_genpat.exe
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Bin\GenPat.exe
Size 24.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 31299d54e397b52a42867c81e5ce3522
SHA1 f3e16f5642a80205c30ba4ac2729573c08983d8b
SHA256 e10bc6ac1f65450f6fbd98b0fc6b7cbe4deb228e804c98b14724c4ff702baf46
CRC32 B8B719CE
ssdeep 768:CDsRkFd02N3+hVWrP7EUUlyXcoy7VeCoT:CDCU02N+hVWrPAUZry7VMT
Yara
  • IsPE32 -
  • IsConsole -
  • HasRichSignature - Rich Signature Check
  • PEiD_00138_Armadillo_v1_71_ - [Armadillo v1.71]
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01070_Microsoft_Visual_C___6_0___8_0_ - [Microsoft Visual C++ 6.0 - 8.0]
  • PEiD_01086_Microsoft_Visual_C___8_0__MFC__ - [Microsoft Visual C++ 8.0 (MFC)]
  • PEiD_01101_Microsoft_Visual_C___v5_0_v6_0__MFC__ - [Microsoft Visual C++ v5.0/v6.0 (MFC)]
  • PEiD_01108_Microsoft_Visual_C___v6_0_ - [Microsoft Visual C++ v6.0]
  • PEiD_01125_Microsoft_Visual_C___ - [Microsoft Visual C++]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02191_tElock_0_99___1_0_private____tE__ - [tElock 0.99 - 1.0 private -> tE!]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • Armadillo_v171 -
  • Microsoft_Visual_Cpp_v60 -
  • Microsoft_Visual_Cpp_v50v60_MFC_additional -
  • Microsoft_Visual_Cpp_50 -
  • Microsoft_Visual_Cpp_v50v60_MFC -
  • Armadillo_v171_additional -
  • Microsoft_Visual_Cpp -
  • CRC32_poly_Constant - Look for CRC32 [poly]
  • MD5_Constants - Look for MD5 constants
  • maldoc_function_prolog_signature -
  • maldoc_structured_exception_handling -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name b22aca4a5b82422a_simple.bmp
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Checks\simple.bmp
Size 1.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PC bitmap, Windows 3.x format, 96 x 16 x 8
MD5 bcd206077c42dc63c334543546eae1b5
SHA1 539f6395f6df6737179a85dcd25f253ff090834b
SHA256 b22aca4a5b82422a009b91a046176df6cd7265050b7c9d4950c71b1b93f4c78f
CRC32 38012FC5
ssdeep 24:oSn+UGUGUGUG+t0ku7NFR3LvE4vhDUGUGUGUG:nP0Tx7vE4p
Yara None matched
VirusTotal Search for analysis
Name 06bc02413e4bdd73_polish.nlf
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Polish.nlf
Size 5.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text
MD5 fd3020d9b272ec3f65b7b4872abfd4e4
SHA1 66ad0b84eb36374c7d65c5f18e64382695c1e8ab
SHA256 06bc02413e4bdd73b5169b35aa668459cf52d028aeca5f7adcb03b777fc3608f
CRC32 3FEFB21C
ssdeep 96:1JFN6KNGHtmcRLp3RbOJheD/JtePqZXcqb5ZUer318B0Wv/OKX6MKdH6bAwL+8Kg:TF4gGHwU5RbOJhs/Jt8qZXJdZUUg9/O8
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 81defbfdbeec0f43_macedonian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Language files\Macedonian.nsh
Size 10.1KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 b2a7a99086390ec3eaabcbdd6d57b6ba
SHA1 53c544cc429e97444573087286127425f75652d8
SHA256 81defbfdbeec0f43a8281c97f7cedc7db1777aae8958724dc1553e4c1edeebb3
CRC32 2AF30027
ssdeep 192:of+0vWcWZWKOWBWFWAZZWcWjWKOWnWFWqW3cEm7E2UAf86EPQEmGdiW1iWNKjFox:ofpv3sKCmlZ3OKsmLF9dJf+shEKjoFqQ
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 316c839f270e5023_post.php
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Inetc\post.php
Size 226.0B
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 2bbf288fbc664ba1e6fa3e3aa197075d
SHA1 b751419cc46e33d6bf56746bd3cc7ae3b66af52c
SHA256 316c839f270e50236c73641129f764c0bcf99d08e09d5c7fa50dd0ff87ac7fde
CRC32 1B78FF79
ssdeep 6:q43td0M0qAbwu3AZMrMoM3AF9JAtH118XncGu:TPL0qEt3AZPoAAF9JA31ZGu
Yara None matched
VirusTotal Search for analysis
Name 0a70cc4b93d87ecd_newadvsplash.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\newadvsplash.dll
Size 8.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 55a723e125afbc9b3a41d46f41749068
SHA1 01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c
SHA256 0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
CRC32 63A6BDD3
ssdeep 96:/VV0Rwtvrm2nQujIvP9dir3UniV/zRzVR3rN3k8Jd18tsPcaqhx:/VV0KtC2yH9d83BzVR53kEQFaq
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
  • maldoc_suspicious_strings -
VirusTotal Search for analysis
Name d9673909834dcedf_classic-uninstall.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\classic-uninstall.ico
Size 1.1KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 2 icons, 16x16, 16-colors
MD5 9994a299bf19e1260b0be53af4675ed2
SHA1 56355a144cb48233865d920d00830e441a8c767a
SHA256 d9673909834dcedf34932d59a80eb6ae19210afdfa054241959ac226bf504a27
CRC32 B7DC245F
ssdeep 24:YViL3MlEi5O1Dfme2+w0rEErG7tRnfkO000EA:YscfSDfme2LWGJRnfA
Yara None matched
VirusTotal Search for analysis
Name 1898ca475e02f4d6_typelib.dll
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Plugins\x86-unicode\TypeLib.dll
Size 3.5KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 4caef56a8e202c344ae7319ada66cf5d
SHA1 62f0f0fe03910be80c847e22464ab7c4a7c0e909
SHA256 1898ca475e02f4d668a87d2a1facf0d32425189d9d98e2c098a436052e14dcc0
CRC32 21C73928
ssdeep 24:eFGS+LA3jbKBBf/OBBfU6sMLGHqxsPq0FK7jpnz6kmxVXLX:i+LA3XiaU6shqeK71sx9j
Yara
  • IsPE32 -
  • IsDLL -
  • IsWindowsGUI -
  • HasRichSignature - Rich Signature Check
  • PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_ - [dUP v2.x Patcher --> www.diablo2oo2.cjb.net]
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • Contains_PE_File - Detect a PE file inside a byte sequence
  • contentis_base64 - This rule finds for base64 strings
  • maldoc_function_prolog_signature -
VirusTotal Search for analysis
Name 7074436c8deec55a_pluginapi.lib
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\SelfDel\nsis_ansi\pluginapi.lib
Size 4.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type current ar archive
MD5 ac1fca6abb793ee5ef3257b3b20005d3
SHA1 5043284f82131ff3b5906eab40080ad390493946
SHA256 7074436c8deec55a2af7781ccf655747a6bb4c991079bc788e542236c6a87256
CRC32 5C3544ED
ssdeep 96:qGtIMClOIMC0kbKKQNTmDfhFGEdFoQSfSGB:RtIMCUIMCrqVEktfSGB
Yara
  • contentis_base64 - This rule finds for base64 strings
  • shellcode - Matched shellcode byte patterns
  • maldoc_function_prolog_signature -
VirusTotal Search for analysis
Name 187a85f17e475593_macedonian.nsh
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\installer\PortableApps.comInstallerLanguages\Macedonian.nsh
Size 11.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 3ecf5153ec38d081f46221193ef9c209
SHA1 ce0f202a0df3420edc82e4d614bfeefe8be6f4aa
SHA256 187a85f17e475593adc9b484d743a440575b8a6129527f0f948a5b5128c8415b
CRC32 36A9C0EC
ssdeep 96:fht06CD6+I2CCOiw1TcR7mE3Xy0eCzeCkAgMOQJY0KtszL:fY6CTCY7Dw6
Yara None matched
VirusTotal Search for analysis
Name 797f66b21534d429_box-uninstall.ico
Filepath C:\Documents and Settings\zamen\Local Settings\Temp\PortableApps.comInstaller\App\nsis\Contrib\Graphics\Icons\box-uninstall.ico
Size 4.6KB
Processes 1312 (PortableApps.comInstaller_3.5.11.paf.exe)
Type MS Windows icon resource - 4 icons, 16x16, 16-colors
MD5 4c21bb2d1c41488bcb614d49fa69b20a
SHA1 ba4ef6e3c62e7d791bd318763fcb5a94b41cae8c
SHA256